cms_scanner 0.0.37.4 → 0.0.37.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e04805ab5723d3ae5e801aa89a44ba26ace6d5ae
-  data.tar.gz: 3ac81f2e34eb15b2e84425dcb0d4ca4660f4943e
+  metadata.gz: 47d1a0b7f0276e308175ef18ae1b81b82adce2ab
+  data.tar.gz: a4ea66a54e4ff800caf8f00347fe57074a2ae0eb
 SHA512:
-  metadata.gz: 9ebcc6de35ad7dae9fe5493934b9af944fd97585ce82d34a5fe542c19475990797f5f78cdd6168b0140f11ac1848df005df598be14b387fd8290ede6b2b2871b
-  data.tar.gz: 8a23c4cdd05345e60f629858b5988490fb60c52e9f448a6349c94b4d7e9ef754c1560139e70a1286e01ffc1f7484e7e440a4f416b2169ec25f4d8534bbc864d2
+  metadata.gz: 1462e16abe07489a5a018b7e3190838c24053ac1a2ce77346d865e179c7eb273b6d2e0360f9721a62a143f9cc579ecd3499bfbec4fd7ba68ffc52c6158cb362e
+  data.tar.gz: 052528fc8276c8d4396e7a833164047cf67978d7c10d794b1e7f12fc91faf9053dbbba4cf4aa9d26a5431d9e32b2ea47be91d7f9b78d775e9758ab7acac0c8b0

data/README.md

@@ -9,6 +9,12 @@ The goal of this gem is to provide a quick and easy way to create a CMS/WebSite
 
 ## /!\ This gem is currently Experimental /!\
 
+## A basic implementation example is available in the example folder.
+
+To start to play with it, copy all its files and folders into a new git repository and run ```bundle install && rake install`` inside it.
+It will create a ```cmsscan``` command that you can run against a target, ie ```cmsscan --url https://www.google.com```
+
+
 Install Dependencies: ```bundle install```
 
 ## Contributing

data/cms_scanner.gemspec

@@ -27,16 +27,17 @@ Gem::Specification.new do |s|
       |\.travis.yml
       )$}x
   end
+
   s.test_files            = []
   s.executables           = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
   s.require_path          = 'lib'
 
   s.add_dependency 'typhoeus', '~> 1.1.0'
   s.add_dependency 'nokogiri', '~> 1.6.8.1'
-  s.add_dependency 'yajl-ruby', '~> 1.2.1' # Better JSON parser regarding memory usage
-  s.add_dependency 'addressable', '~> 2.4.0'
+  s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
+  s.add_dependency 'addressable', '~> 2.5.0'
   s.add_dependency 'activesupport', '~> 5.0.0.1'
-  s.add_dependency 'public_suffix', '~> 1.5'
+  s.add_dependency 'public_suffix', '~> 2.0.3' # Need to look at changes in the v2
   s.add_dependency 'ruby-progressbar', '~> 1.8.1'
   s.add_dependency 'opt_parse_validator', '~> 0.0.13.3'
 
@@ -44,7 +45,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rspec', '~> 3.5.0'
   s.add_development_dependency 'rspec-its', '~> 1.2.0'
   s.add_development_dependency 'bundler', '~> 1.6'
-  s.add_development_dependency 'rubocop', '~> 0.43.0'
-  s.add_development_dependency 'webmock', '~> 1.22'
+  s.add_development_dependency 'rubocop', '~> 0.45.0'
+  s.add_development_dependency 'webmock', '~> 1.22.0'
   s.add_development_dependency 'simplecov', '~> 0.12.0'
 end

data/example/.gitignore

@@ -0,0 +1,13 @@
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+pkg
+rdoc
+Gemfile.lock
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/

data/example/.rspec

@@ -0,0 +1,2 @@
+--color
+--fail-fast

data/example/.rubocop.yml

@@ -0,0 +1,20 @@
+AllCops:
+  Exclude:
+    - '*.gemspec'
+    - 'vendor/**/*'
+LineLength:
+  Max: 120
+ClassVars:
+  Enabled: false
+Style/RescueModifier:
+  Enabled: false
+Style/SignalException:
+  EnforcedStyle: semantic
+MethodLength:
+  Max: 17
+Metrics/AbcSize:
+  Max: 25
+Metrics/CyclomaticComplexity:
+  Max: 10
+Metrics/PerceivedComplexity:
+  Max: 9

data/example/.travis.yml

@@ -0,0 +1,25 @@
+# Not setup yet
+language: ruby
+sudo: false
+cache: bundler
+rvm:
+  - 2.1.0
+  - 2.1.1
+  - 2.1.2
+  - 2.1.3
+  - 2.1.4
+  - 2.1.5
+  - 2.1.6
+  - 2.2.0
+  - 2.2.1
+  - 2.2.2
+  - 2.2.3
+  - ruby-head
+before_install:
+  - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+script:
+  - bundle exec rspec
+  - bundle exec rubocop

data/example/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+gemspec
+
+group :test do
+  gem 'coveralls', '~> 0.8.0', require: false
+end

data/example/Rakefile

@@ -0,0 +1,9 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+RSpec::Core::RakeTask.new(:spec)
+
+# Run rubocop & rspec before the build
+task build: [:rubocop, :spec]

data/example/app/app.rb

@@ -0,0 +1 @@
+require_relative 'controllers'

data/example/app/controllers.rb

@@ -0,0 +1 @@
+require_relative 'controllers/example'

data/example/app/controllers/example.rb

@@ -0,0 +1,36 @@
+module CMSScan
+  module Controller
+    # Example Controller
+    class Example < CMSScanner::Controller::Core
+      # @return [ Array<OptParseValidator::Opt> ]
+      def cli_options
+        [
+          OptString.new(['--dummy VALUE', 'Dummy CLI Option'])
+        ]
+      end
+
+      def before_scan
+        # Anything to do before ?
+      end
+
+      def run
+        # Let's check and display whether or not the word 'scan' is present in the homepage of the target
+
+        is_present = target.homepage_res.body =~ /scan/ ? true : false
+
+        output('scan_word', is_present: is_present)
+      end
+
+      # Alternative way of doing it
+      def run2
+        @is_present = Browser.get(target.homepage_url).body =~ /scan/ ? true : false
+
+        output('scan_word')
+      end
+
+      def after_scan
+        # Anything after ?
+      end
+    end
+  end
+end

data/example/app/views/cli/core/banner.erb

@@ -0,0 +1,3 @@
+
+CMS Scanner Example <%= CMSScan::VERSION %>
+

data/example/app/views/cli/example/scan_word.erb

@@ -0,0 +1,5 @@
+<% if @is_present -%>
+<%= warning_icon %> The word 'scan' is present in the homepage
+<% else -%>
+<%= notice_icon %> The word 'scan' was not detected in the homepage
+<% end %>

data/example/app/views/json/core/banner.erb

@@ -0,0 +1,3 @@
+"banner": {
+  "version": <%= CMSScan::VERSION.to_json %>
+},

data/example/app/views/json/example/scan_word.erb

@@ -0,0 +1 @@
+"scan_word_present": <%= @is_present.to_json %>,

data/example/bin/cmsscan

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+
+require 'cmsscan'
+
+CMSScan::Scan.new do |s|
+  s.controllers << CMSScan::Controller::Example.new
+
+  s.run
+end

data/example/cmsscan.gemspec

@@ -0,0 +1,52 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require 'cmsscan/version'
+
+Gem::Specification.new do |s|
+  s.name                  = 'cmsscan'
+  s.version               = CMSScan::VERSION
+  s.platform              = Gem::Platform::RUBY
+  s.required_ruby_version = '>= 2.1.0'
+  s.authors               = ['WPScanTeam']
+  s.date                  = Time.now.utc.strftime('%Y-%m-%d')
+  s.email                 = ['team@wpscan.org']
+  s.summary               = 'CMSScan Gem Example'
+  s.description           = 'CMSScanner Implementation Example'
+  s.homepage              = 'https://github.com/wpscanteam/CMSScanner'
+  s.license               = 'MIT'
+
+  s.files                 = `git ls-files -z`.split("\x0").reject do |file|
+    file =~ %r{^(?:
+      spec\/.*
+      |Gemfile
+      |Rakefile
+      |\.rspec
+      |\.gitignore
+      |\.rubocop.yml
+      |\.travis.yml
+      )$}x
+  end
+
+  s.test_files            = []
+  s.executables           = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  s.require_path          = 'lib'
+
+  s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
+  s.add_dependency 'cms_scanner', '~> 0.0.37.5'
+  s.add_dependency 'activesupport', '~> 5.0.0.1' # Not sure if needed there as already needed in the CMSScanner
+  # DB dependencies
+  s.add_dependency 'dm-core', '~> 1.2.0'
+  s.add_dependency 'dm-migrations', '~> 1.2.0'
+  s.add_dependency 'dm-constraints', '~> 1.2.0'
+  s.add_dependency 'dm-sqlite-adapter', '~> 1.2.0'
+
+  s.add_development_dependency 'rake', '~> 11.3.0'
+  s.add_development_dependency 'rspec', '~> 3.5.0'
+  s.add_development_dependency 'rspec-its', '~> 1.2.0'
+  s.add_development_dependency 'bundler', '~> 1.6'
+  s.add_development_dependency 'rubocop', '~> 0.45.0'
+  s.add_development_dependency 'webmock', '~> 1.22.0'
+  s.add_development_dependency 'simplecov', '~> 0.12.0'
+end

data/example/lib/cmsscan.rb

@@ -0,0 +1,35 @@
+# Gems
+require 'cms_scanner'
+require 'yajl/json_gem'
+require 'addressable/uri'
+require 'active_support/all'
+# Standard Lib
+require 'uri'
+require 'time'
+require 'readline'
+require 'securerandom'
+# Custom Libs
+require 'cmsscan/target'
+require 'cmsscan/version'
+require 'cmsscan/controller'
+
+Encoding.default_external = Encoding::UTF_8
+
+# CMSScan
+module CMSScan
+  include CMSScanner
+
+  APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
+  # Not needed in this example
+  # DB_DIR  = File.join(Dir.home, '.cmsscan', 'db')
+
+  # Override, otherwise it would be returned as 'cms_scan'
+  # doesn't really matter in this example.
+  #
+  # @return [ String ]
+  def self.app_name
+    'cmsscan'
+  end
+end
+
+require "#{CMSScan::APP_DIR}/app"

data/example/lib/cmsscan/controller.rb

@@ -0,0 +1,8 @@
+module CMSScan
+  # Needed to load at least the Core controller
+  # Otherwise, the following error will be raised:
+  # `initialize': uninitialized constant CMSScan::Controller::Core (NameError)
+  module Controller
+    include CMSScanner::Controller
+  end
+end

data/example/lib/cmsscan/target.rb

@@ -0,0 +1,6 @@
+module CMSScan
+  # Custom Target Class
+  class Target < CMSScanner::Target
+    # Put your own methods there
+  end
+end

data/example/lib/cmsscan/version.rb

@@ -0,0 +1,4 @@
+# Version
+module CMSScan
+  VERSION = '1.0'.freeze
+end

data/lib/cms_scanner/controllers.rb

@@ -40,6 +40,8 @@ module CMSScanner
 
       each(&:before_scan)
       each(&:run)
+      # Reverse is used here as the app/controllers/core#after_scan finishes the output
+      # and must be the last one to be executed
       reverse_each(&:after_scan)
     end
   end

data/lib/cms_scanner/formatter.rb

@@ -131,7 +131,7 @@ module CMSScanner
         @views_directories ||= [
           APP_DIR, NS::APP_DIR,
           File.join(Dir.home, ".#{NS.app_name}"), File.join(Dir.pwd, ".#{NS.app_name}")
-        ].uniq.reduce([]) { |a, e| a << Pathname.new(e).join('views').to_s }
+        ].uniq.reduce([]) { |acc, elem| acc << Pathname.new(elem).join('views').to_s }
       end
     end
   end

data/lib/cms_scanner/numeric.rb

@@ -3,7 +3,7 @@ class Numeric
   # @return [ String ] A human readable string of the value
   def bytes_to_human
     units = %w(B KB MB GB TB)
-    e     = (Math.log(abs) / Math.log(1024)).floor
+    e     = abs.zero? ? abs : (Math.log(abs) / Math.log(1024)).floor
     s     = format('%.3f', (abs.to_f / 1024**e))
 
     s.sub(/\.?0*$/, ' ' + units[e])

data/lib/cms_scanner/references.rb

@@ -38,7 +38,7 @@ module CMSScanner
 
     # @return [ Array<String> ]
     def cve_urls
-      cves.reduce([]) { |a, e| a << cve_url(e) }
+      cves.reduce([]) { |acc, elem| acc << cve_url(elem) }
     end
 
     # @return [ String ] The URL to the CVE
@@ -53,7 +53,7 @@ module CMSScanner
 
     # @return [ Array<String> ]
     def secunia_urls
-      secunia_ids.reduce([]) { |a, e| a << secunia_url(e) }
+      secunia_ids.reduce([]) { |acc, elem| acc << secunia_url(elem) }
     end
 
     # @return [ String ] The URL to the Secunia advisory
@@ -68,7 +68,7 @@ module CMSScanner
 
     # @return [ Array<String> ]
     def osvdb_urls
-      osvdb_ids.reduce([]) { |a, e| a << osvdb_url(e) }
+      osvdb_ids.reduce([]) { |acc, elem| acc << osvdb_url(elem) }
     end
 
     # @return [ String ] The URL to the ExploitDB advisory
@@ -83,7 +83,7 @@ module CMSScanner
 
     # @return [ Array<String> ]
     def exploitdb_urls
-      exploitdb_ids.reduce([]) { |a, e| a << exploitdb_url(e) }
+      exploitdb_ids.reduce([]) { |acc, elem| acc << exploitdb_url(elem) }
     end
 
     # @return [ String ]
@@ -103,7 +103,7 @@ module CMSScanner
 
     # @return [ Array<String> ]
     def msf_urls
-      msf_modules.reduce([]) { |a, e| a << msf_url(e) }
+      msf_modules.reduce([]) { |acc, elem| acc << msf_url(elem) }
     end
 
     # @return [ String ] The URL to the metasploit module page
@@ -118,7 +118,7 @@ module CMSScanner
 
     # @return [ Array<String> ]
     def packetstorm_urls
-      packetstorm_ids.reduce([]) { |a, e| a << packetstorm_url(e) }
+      packetstorm_ids.reduce([]) { |acc, elem| acc << packetstorm_url(elem) }
     end
 
     # @return [ String ]
@@ -133,7 +133,7 @@ module CMSScanner
 
     # @return [ Array<String> ]
     def securityfocus_urls
-      securityfocus_ids.reduce([]) { |a, e| a << securityfocus_url(e) }
+      securityfocus_ids.reduce([]) { |acc, elem| acc << securityfocus_url(elem) }
     end
 
     # @return [ String ]

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.37.4'.freeze
+  VERSION = '0.0.37.5'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.37.4
+  version: 0.0.37.5
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-05 00:00:00.000000000 Z
+date: 2016-11-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: typhoeus
@@ -44,28 +44,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.0
+        version: 2.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.4.0
+        version: 2.5.0
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: 2.0.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: 2.0.3
 - !ruby/object:Gem::Dependency
   name: ruby-progressbar
   requirement: !ruby/object:Gem::Requirement
@@ -184,28 +184,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.43.0
+        version: 0.45.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.43.0
+        version: 0.45.0
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: 1.22.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.22'
+        version: 1.22.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -266,6 +266,25 @@ files:
 - app/views/json/interesting_findings/findings.erb
 - app/views/json/scan_aborted.erb
 - cms_scanner.gemspec
+- example/.gitignore
+- example/.rspec
+- example/.rubocop.yml
+- example/.travis.yml
+- example/Gemfile
+- example/Rakefile
+- example/app/app.rb
+- example/app/controllers.rb
+- example/app/controllers/example.rb
+- example/app/views/cli/core/banner.erb
+- example/app/views/cli/example/scan_word.erb
+- example/app/views/json/core/banner.erb
+- example/app/views/json/example/scan_word.erb
+- example/bin/cmsscan
+- example/cmsscan.gemspec
+- example/lib/cmsscan.rb
+- example/lib/cmsscan/controller.rb
+- example/lib/cmsscan/target.rb
+- example/lib/cmsscan/version.rb
 - lib/cms_scanner.rb
 - lib/cms_scanner/browser.rb
 - lib/cms_scanner/browser/actions.rb