cms_scanner 0.0.40.3 → 0.0.41.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f053017d2b3503063c8f2de1e5668227490b0972
|
4
|
+
data.tar.gz: d66e1ac7019b9fa5fb54b2a335030aafb8874692
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 74ec18f3e50f25bf25940d9f76aa53e7544a75eae13fe4f2a498cfdffc11b6fe2c0f0f9f25fc16565b6ed400f6b77fb6000c31593685d0304e7ca607ab32f674
|
7
|
+
data.tar.gz: '084b94da489240b2757dd990e8b3371186ef2023d5b37bbc9f5e4863dc81d70f7d86af7f872e6b2f19995a0aa9061c320fca72f12a29e31fb28fc572d22a68b3'
|
data/lib/cms_scanner.rb
CHANGED
@@ -145,7 +145,8 @@ module CMSScanner
|
|
145
145
|
formatter.output('@scan_aborted',
|
146
146
|
reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
|
147
147
|
trace: e.backtrace,
|
148
|
-
verbose: controllers.first.parsed_options[:verbose]
|
148
|
+
verbose: controllers.first.parsed_options[:verbose] ||
|
149
|
+
run_error_exit_code == NS::ExitCode::EXCEPTION)
|
149
150
|
ensure
|
150
151
|
Browser.instance.hydra.abort
|
151
152
|
|
@@ -184,7 +185,9 @@ module CMSScanner
|
|
184
185
|
|
185
186
|
return NS::ExitCode::INTERRUPTED if run_error.is_a?(Interrupt)
|
186
187
|
|
187
|
-
NS::ExitCode::ERROR
|
188
|
+
return NS::ExitCode::ERROR if run_error.is_a?(NS::Error)
|
189
|
+
|
190
|
+
NS::ExitCode::EXCEPTION
|
188
191
|
end
|
189
192
|
end
|
190
193
|
end
|
@@ -10,11 +10,14 @@ module CMSScanner
|
|
10
10
|
# Interrupt received
|
11
11
|
INTERRUPTED = 2
|
12
12
|
|
13
|
-
#
|
14
|
-
|
13
|
+
# Unhandled/unexpected Exception occured
|
14
|
+
EXCEPTION = 3
|
15
|
+
|
16
|
+
# Error, scan did not finish
|
17
|
+
ERROR = 4
|
15
18
|
|
16
19
|
# The target has at least one vulnerability.
|
17
20
|
# Currently, the interesting findings do not count as vulnerable things
|
18
|
-
VULNERABLE =
|
21
|
+
VULNERABLE = 5
|
19
22
|
end
|
20
23
|
end
|
@@ -15,9 +15,15 @@ module CMSScanner
|
|
15
15
|
# rubocop:disable all
|
16
16
|
def attack(users, passwords, opts = {})
|
17
17
|
create_progress_bar(total: users.size * passwords.size, show_progression: opts[:show_progression])
|
18
|
-
queue_count = 0
|
19
18
|
|
20
|
-
|
19
|
+
queue_count = 0
|
20
|
+
# Keep the number of requests sent for each users
|
21
|
+
# to be able to correctly update the progress when a password is found
|
22
|
+
user_requests_count = {}
|
23
|
+
|
24
|
+
users.each { |u| user_requests_count[u.username] = 0 }
|
25
|
+
|
26
|
+
passwords.each do |password|
|
21
27
|
remaining_users = users.select { |u| u.password.nil? }
|
22
28
|
|
23
29
|
break if remaining_users.empty?
|
@@ -25,6 +31,8 @@ module CMSScanner
|
|
25
31
|
remaining_users.each do |user|
|
26
32
|
request = login_request(user.username, password)
|
27
33
|
|
34
|
+
user_requests_count[user.username] += 1
|
35
|
+
|
28
36
|
request.on_complete do |res|
|
29
37
|
progress_bar.title = "Trying #{user.username} / #{password}"
|
30
38
|
progress_bar.increment
|
@@ -34,9 +42,7 @@ module CMSScanner
|
|
34
42
|
|
35
43
|
yield user
|
36
44
|
|
37
|
-
|
38
|
-
|
39
|
-
progress_bar.total -= passwords.size - password_index - offset
|
45
|
+
progress_bar.total -= passwords.size - user_requests_count[user.username]
|
40
46
|
elsif errored_response?(res)
|
41
47
|
output_error(res)
|
42
48
|
end
|
data/lib/cms_scanner/helper.rb
CHANGED
data/lib/cms_scanner/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cms_scanner
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.41.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-11-
|
11
|
+
date: 2018-11-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|