RubyGems - cms_scanner - Versions diffs - 0.0.41.4 → 0.0.41.5 - Mend

cms_scanner 0.0.41.4 → 0.0.41.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/app/controllers/core.rb +1 -1
data/app/models/user.rb +1 -1
data/lib/cms_scanner/errors/http.rb +14 -4
data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb +7 -3
data/lib/cms_scanner/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ad670b5c5ef2beb079b31d7b8429c4c38cc60176
-  data.tar.gz: 0bd37bd414a72e1295c5662ff17485d27b6cc121
+  metadata.gz: 9e1ce07cd91015afc42d0501750a05cb073e81d4
+  data.tar.gz: 22763ad0ec70df77f32a99cffa827546f916fa2b
 SHA512:
-  metadata.gz: cf9ce7cafd23dfa33e69c1d2ad62f75ac3c12f27087a62e35876387aabb198351ca5e40dcbd81e9692b41f4043dea2dab629a8a9680d0a4ec607535575234f49
-  data.tar.gz: f5331e465aefb61ecf865d2407ee91f63800ecf74b1119cb7c9e807b878fbb809c0ae2c4f331f527c57730364e32bbc295ab2b13828a55f816e553e4db4cc928
+  metadata.gz: 13a0de39162442d470bcf1b6eb810218903bccfcf6cb323a229ec1c723ee53ffd0c6601117f86912f97747c6be750378244a8233995862b0dc29a167a6baaaa3
+  data.tar.gz: a7d65db216a38b241cbee7150a390ae4a7fe09e14d876c6725b2094a771c9d893153b45c7c3842451a9dbf11d916b6ea5e25913a823ade2586ea98b701472cd8

data/app/controllers/core.rb CHANGED

@@ -41,7 +41,7 @@ module CMSScanner
         when 401
           raise HTTPAuthRequiredError
         when 403
-          raise AccessForbiddenError
+          raise AccessForbiddenError, parsed_options[:random_user_agent]
         when 407
           raise ProxyAuthRequiredError
         end

data/app/models/user.rb CHANGED

@@ -21,7 +21,7 @@ module CMSScanner
     def ==(other)
       return false unless self.class == other.class
-      username == other.username
+      username == other.username && password == other.password
     end
     def to_s

data/lib/cms_scanner/errors/http.rb CHANGED

@@ -35,12 +35,22 @@ module CMSScanner
   # Access Forbidden Error
   class AccessForbiddenError < Error
-    # :nocov:
+    attr_reader :random_user_agent_used
+    # @param [ Boolean ] random_user_agent_used
+    def initialize(random_user_agent_used)
+      @random_user_agent_used = random_user_agent_used
+    end
     def to_s
-      'The target is responding with a 403, this might be due to a WAF. ' \
-      'Please re-try with --random-user-agent'
+      msg = if random_user_agent_used
+              'Well... --random-user-agent didn\'t work, you\'re on your own now!'
+            else
+              'Please re-try with --random-user-agent'
+            end
+      "The target is responding with a 403, this might be due to a WAF. #{msg}"
     end
-    # :nocov:
   end
   # HTTP Redirect Error

data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb CHANGED

@@ -10,6 +10,9 @@ module CMSScanner
         #
         # @yield [ CMSScanner::User ] When a valid combination is found
         #
+        # Due to Typhoeus threads shenanigans, in rare cases the progress-bar might
+        # be incorrect updated, hence the 'rescue ProgressBar::InvalidProgressError'
+        #
         # TODO: Make rubocop happy about metrics etc
         #
         # rubocop:disable all
@@ -35,14 +38,15 @@ module CMSScanner
               request.on_complete do |res|
                 progress_bar.title = "Trying #{user.username} / #{password}"
-                progress_bar.increment
+                progress_bar.increment rescue ProgressBar::InvalidProgressError
                 if valid_credentials?(res)
                   user.password = password
-                  yield user
+                  progress_bar.total -= passwords.size - user_requests_count[user.username] rescue ProgressBar::InvalidProgressError
-                  progress_bar.total -= passwords.size - user_requests_count[user.username]
+                  yield user
                 elsif errored_response?(res)
                   output_error(res)
                 end

data/lib/cms_scanner/version.rb CHANGED

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.41.4'.freeze
+  VERSION = '0.0.41.5'.freeze
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.41.4
+  version: 0.0.41.5
 platform: ruby
 authors:
 - WPScanTeam
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-03-07 00:00:00.000000000 Z
+date: 2019-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri