RubyGems - cms_scanner - Versions diffs - 0.0.40.3 → 0.0.41.0 - Mend

cms_scanner 0.0.40.3 → 0.0.41.0

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/cms_scanner.rb +5 -2
data/lib/cms_scanner/exit_code.rb +6 -3
data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb +11 -5
data/lib/cms_scanner/helper.rb +0 -1
data/lib/cms_scanner/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 01e63c37ec8c7413a1b6126e934cdd523cb6fd54
-  data.tar.gz: b50738731d6a0c9886d304c56c716760f6602dc4
+  metadata.gz: f053017d2b3503063c8f2de1e5668227490b0972
+  data.tar.gz: d66e1ac7019b9fa5fb54b2a335030aafb8874692
 SHA512:
-  metadata.gz: 01fe765af31f1c9eda786feca8898c7c852e65666a667582a842e516b9dbfa4d1494137708bd0893c83cd13d356599daaa6d1ec9496494348ad3424df42fd7b5
-  data.tar.gz: c9a9a25b7ae82f9d21fa526f0206f330d697e0390e1de70ed443f228b9edb96f5ea96ca69a6317b34fedb7675d7ad843c6a967c90bd70f584be41ee9a1aa1f15
+  metadata.gz: 74ec18f3e50f25bf25940d9f76aa53e7544a75eae13fe4f2a498cfdffc11b6fe2c0f0f9f25fc16565b6ed400f6b77fb6000c31593685d0304e7ca607ab32f674
+  data.tar.gz: '084b94da489240b2757dd990e8b3371186ef2023d5b37bbc9f5e4863dc81d70f7d86af7f872e6b2f19995a0aa9061c320fca72f12a29e31fb28fc572d22a68b3'

data/lib/cms_scanner.rb CHANGED Viewed

@@ -145,7 +145,8 @@ module CMSScanner
       formatter.output('@scan_aborted',
                        reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
                        trace: e.backtrace,
-                       verbose: controllers.first.parsed_options[:verbose])
+                       verbose: controllers.first.parsed_options[:verbose] ||
+                                run_error_exit_code == NS::ExitCode::EXCEPTION)
     ensure
       Browser.instance.hydra.abort
@@ -184,7 +185,9 @@ module CMSScanner
       return NS::ExitCode::INTERRUPTED if run_error.is_a?(Interrupt)
-      NS::ExitCode::ERROR
+      return NS::ExitCode::ERROR if run_error.is_a?(NS::Error)
+      NS::ExitCode::EXCEPTION
     end
   end
 end

data/lib/cms_scanner/exit_code.rb CHANGED Viewed

@@ -10,11 +10,14 @@ module CMSScanner
     # Interrupt received
     INTERRUPTED      = 2
-    # Exceptions
-    ERROR            = 3
+    # Unhandled/unexpected Exception occured
+    EXCEPTION        = 3
+    # Error, scan did not finish
+    ERROR            = 4
     # The target has at least one vulnerability.
     # Currently, the interesting findings do not count as vulnerable things
-    VULNERABLE       = 4
+    VULNERABLE       = 5
   end
 end

data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb CHANGED Viewed

@@ -15,9 +15,15 @@ module CMSScanner
         # rubocop:disable all
         def attack(users, passwords, opts = {})
           create_progress_bar(total: users.size * passwords.size, show_progression: opts[:show_progression])
-          queue_count = 0
-          passwords.each_with_index do |password, password_index|
+          queue_count         = 0
+          # Keep the number of requests sent for each users
+          # to be able to correctly update the progress when a password is found
+          user_requests_count = {}
+          users.each { |u| user_requests_count[u.username] = 0 }
+          passwords.each do |password|
             remaining_users = users.select { |u| u.password.nil? }
             break if remaining_users.empty?
@@ -25,6 +31,8 @@ module CMSScanner
             remaining_users.each do |user|
               request = login_request(user.username, password)
+              user_requests_count[user.username] += 1
               request.on_complete do |res|
                 progress_bar.title = "Trying #{user.username} / #{password}"
                 progress_bar.increment
@@ -34,9 +42,7 @@ module CMSScanner
                   yield user
-                  offset = progress_bar.total - progress_bar.progress < hydra.max_concurrency ? 2 : 1
-                  progress_bar.total -= passwords.size - password_index - offset
+                  progress_bar.total -= passwords.size - user_requests_count[user.username]
                 elsif errored_response?(res)
                   output_error(res)
                 end

data/lib/cms_scanner/helper.rb CHANGED Viewed

@@ -2,7 +2,6 @@
 def redirect_output_to_file(file)
   $stdout.reopen(file, 'w')
   $stdout.sync = true
-  $stderr.reopen($stdout) # Not sure if this is needed
 end
 # @return [ Integer ] The memory of the current process in Bytes

data/lib/cms_scanner/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.40.3'.freeze
+  VERSION = '0.0.41.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.40.3
+  version: 0.0.41.0
 platform: ruby
 authors:
 - WPScanTeam
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-11-02 00:00:00.000000000 Z
+date: 2018-11-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri