cms_scanner 0.0.40.1 → 0.0.40.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +19 -0
- data/README.md +27 -0
- data/app/controllers/core.rb +3 -2
- data/app/controllers/core/cli_options.rb +15 -11
- data/app/controllers/interesting_findings.rb +1 -2
- data/app/views/cli/core/help.erb +3 -0
- data/app/views/json/core/help.erb +4 -1
- data/lib/cms_scanner/version.rb +1 -1
- metadata +6 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3835b59c723b4b5f73240e16295345892c5945cf
|
4
|
+
data.tar.gz: 7dee21423e396897ab18747d271889f957a48ae5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d5ea0f55099c3e1b8657921c60ace4f0c1588c8e9edeb634842796028df1b22da2e63516b7e90b48ef5739b2a93fe723a9786aed7aebc21747e9649b4775a8c5
|
7
|
+
data.tar.gz: 42740280effe12021ae733597f850229d06d6204df5ce1582b088e247f34c61821e4b857a207d98bda81618ab0f5e0798864882f21a1bd5d52fc531e038afeca
|
data/LICENSE
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
Copyright (C) 2014-2015 - WPScanTeam
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
of this software and associated documentation files (the "Software"), to deal
|
5
|
+
in the Software without restriction, including without limitation the rights
|
6
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
copies of the Software, and to permit persons to whom the Software is
|
8
|
+
furnished to do so, subject to the following conditions:
|
9
|
+
|
10
|
+
The above copyright notice and this permission notice shall be included in all
|
11
|
+
copies or substantial portions of the Software.
|
12
|
+
|
13
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
19
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
# CMSScanner
|
2
|
+
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/cms_scanner.svg)](https://badge.fury.io/rb/cms_scanner)
|
4
|
+
[![Build Status](https://img.shields.io/travis/wpscanteam/CMSScanner.svg)](https://travis-ci.org/wpscanteam/CMSScanner)
|
5
|
+
[![Coverage Status](https://img.shields.io/coveralls/wpscanteam/CMSScanner.svg)](https://coveralls.io/r/wpscanteam/CMSScanner)
|
6
|
+
[![Code Climate](https://api.codeclimate.com/v1/badges/b90b7f9f6982792ef8d6/maintainability)](https://codeclimate.com/github/wpscanteam/CMSScanner/maintainability)
|
7
|
+
[![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/CMSScanner.svg)](https://gemnasium.com/wpscanteam/CMSScanner)
|
8
|
+
|
9
|
+
The goal of this gem is to provide a quick and easy way to create a CMS/WebSite Scanner by acting like a Framework and providing classes, formatters etc.
|
10
|
+
|
11
|
+
## /!\ This gem is currently Experimental /!\
|
12
|
+
|
13
|
+
## A basic implementation example is available in the example folder.
|
14
|
+
|
15
|
+
To start to play with it, copy all its files and folders into a new git repository and run `bundle install && rake install` inside it.
|
16
|
+
It will create a `cmsscan` command that you can run against a target, ie `cmsscan --url https://www.google.com`
|
17
|
+
|
18
|
+
|
19
|
+
Install Dependencies: `bundle install`
|
20
|
+
|
21
|
+
## Contributing
|
22
|
+
|
23
|
+
1. Fork it ( https://github.com/wpscanteam/CMSScanner/fork )
|
24
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
25
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
26
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
27
|
+
5. Create new Pull Request
|
data/app/controllers/core.rb
CHANGED
@@ -22,10 +22,11 @@ module CMSScanner
|
|
22
22
|
|
23
23
|
def maybe_output_banner_help_and_version
|
24
24
|
output('banner') if parsed_options[:banner]
|
25
|
-
output('help', help: option_parser.
|
25
|
+
output('help', help: option_parser.simple_help, simple: true) if parsed_options[:help]
|
26
|
+
output('help', help: option_parser.full_help, simple: false) if parsed_options[:hh]
|
26
27
|
output('version') if parsed_options[:version]
|
27
28
|
|
28
|
-
exit(NS::ExitCode::OK) if parsed_options[:help] || parsed_options[:version]
|
29
|
+
exit(NS::ExitCode::OK) if parsed_options[:help] || parsed_options[:hh] || parsed_options[:version]
|
29
30
|
end
|
30
31
|
|
31
32
|
# Checks that the target is accessible, raises related errors otherwise
|
@@ -7,7 +7,7 @@ module CMSScanner
|
|
7
7
|
|
8
8
|
[
|
9
9
|
OptURL.new(['-u', '--url URL', 'The URL to scan'],
|
10
|
-
required_unless: %i[help version],
|
10
|
+
required_unless: %i[help hh version],
|
11
11
|
default_protocol: 'http')
|
12
12
|
] + mixed_cli_options + [
|
13
13
|
OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
|
@@ -19,15 +19,17 @@ module CMSScanner
|
|
19
19
|
default: :mixed),
|
20
20
|
OptArray.new(['--scope DOMAINS',
|
21
21
|
'Comma separated (sub-)domains to consider in scope. ',
|
22
|
-
'Wildcard(s) allowed in the trd of valid domains, e.g: *.target.tld'])
|
22
|
+
'Wildcard(s) allowed in the trd of valid domains, e.g: *.target.tld'], advanced: true)
|
23
23
|
] + cli_browser_options
|
24
24
|
end
|
25
25
|
|
26
26
|
def mixed_cli_options
|
27
27
|
[
|
28
|
-
OptBoolean.new(['-h', '--help', 'Display the help and exit']),
|
28
|
+
OptBoolean.new(['-h', '--help', 'Display the simple help and exit']),
|
29
|
+
OptBoolean.new(['--hh', 'Display the full help and exit']),
|
29
30
|
OptBoolean.new(['--version', 'Display the version and exit']),
|
30
|
-
OptBoolean.new(['--ignore-main-redirect', 'Ignore the main redirect (if any) and scan the target url']
|
31
|
+
OptBoolean.new(['--ignore-main-redirect', 'Ignore the main redirect (if any) and scan the target url'],
|
32
|
+
advanced: true),
|
31
33
|
OptBoolean.new(['-v', '--verbose', 'Verbose mode']),
|
32
34
|
OptBoolean.new(['--[no-]banner', 'Whether or not to display the banner'], default: true)
|
33
35
|
]
|
@@ -39,9 +41,9 @@ module CMSScanner
|
|
39
41
|
OptBoolean.new(['--random-user-agent', '--rua',
|
40
42
|
'Use a random user-agent for each scan']),
|
41
43
|
OptFilePath.new(['--user-agents-list FILE-PATH',
|
42
|
-
'List of agents to use with --random-user-agent'], exists: true),
|
44
|
+
'List of agents to use with --random-user-agent'], exists: true, advanced: true),
|
43
45
|
OptCredentials.new(['--http-auth login:password']),
|
44
|
-
OptPositiveInteger.new(['--max-threads VALUE', '
|
46
|
+
OptPositiveInteger.new(['-t', '--max-threads VALUE', 'The max threads to use'],
|
45
47
|
default: 5),
|
46
48
|
OptPositiveInteger.new(['--throttle MilliSeconds', 'Milliseconds to wait before doing another web request. ' \
|
47
49
|
'If used, the max threads will be set to 1.']),
|
@@ -57,8 +59,8 @@ module CMSScanner
|
|
57
59
|
def cli_browser_headers_options
|
58
60
|
[
|
59
61
|
OptString.new(['--user-agent VALUE', '--ua']),
|
60
|
-
OptHeaders.new(['--headers HEADERS', 'Additional headers to append in requests']),
|
61
|
-
OptString.new(['--vhost VALUE', 'The virtual host (Host header) to use in requests'])
|
62
|
+
OptHeaders.new(['--headers HEADERS', 'Additional headers to append in requests'], advanced: true),
|
63
|
+
OptString.new(['--vhost VALUE', 'The virtual host (Host header) to use in requests'], advanced: true)
|
62
64
|
]
|
63
65
|
end
|
64
66
|
|
@@ -88,13 +90,15 @@ module CMSScanner
|
|
88
90
|
# @return [ Array<OptParseValidator::OptBase> ]
|
89
91
|
def cli_browser_cache_options
|
90
92
|
[
|
91
|
-
OptInteger.new(['--cache-ttl TIME_TO_LIVE', 'The cache time to live in seconds'],
|
92
|
-
|
93
|
+
OptInteger.new(['--cache-ttl TIME_TO_LIVE', 'The cache time to live in seconds'],
|
94
|
+
default: 600, advanced: true),
|
95
|
+
OptBoolean.new(['--clear-cache', 'Clear the cache before the scan'], advanced: true),
|
93
96
|
OptDirectoryPath.new(['--cache-dir PATH'],
|
94
97
|
readable: true,
|
95
98
|
writable: true,
|
96
99
|
create: true,
|
97
|
-
default: File.join(tmp_directory, 'cache')
|
100
|
+
default: File.join(tmp_directory, 'cache'),
|
101
|
+
advanced: true)
|
98
102
|
]
|
99
103
|
end
|
100
104
|
end
|
@@ -7,8 +7,7 @@ module CMSScanner
|
|
7
7
|
OptChoice.new(
|
8
8
|
['--interesting-findings-detection MODE',
|
9
9
|
'Use the supplied mode for the interesting findings detection. '],
|
10
|
-
choices: %w[mixed passive aggressive],
|
11
|
-
normalize: :to_sym
|
10
|
+
choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
|
12
11
|
)
|
13
12
|
]
|
14
13
|
end
|
data/app/views/cli/core/help.erb
CHANGED
data/lib/cms_scanner/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.40.
|
4
|
+
version: 0.0.40.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-10-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.0.16.
|
33
|
+
version: 0.0.16.4
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 0.0.16.
|
40
|
+
version: 0.0.16.4
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: public_suffix
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -255,6 +255,8 @@ executables: []
|
|
255
255
|
extensions: []
|
256
256
|
extra_rdoc_files: []
|
257
257
|
files:
|
258
|
+
- LICENSE
|
259
|
+
- README.md
|
258
260
|
- app/app.rb
|
259
261
|
- app/controllers.rb
|
260
262
|
- app/controllers/core.rb
|