cms_scanner 0.0.41.10 → 0.0.42.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7e47006d4ef6041b74990ece7fb987edbe92e4ac12640d12b601cb917fd07384
-  data.tar.gz: 5c36f333c1a404df5e7a373be1d06dd874d662515ac33171babab21a497161b0
+  metadata.gz: 19ca3bad75160815e98141684a64b01032d20ab64b6ad9820bad8ee8312efa6a
+  data.tar.gz: 0b26c2137534fea2e6ea40c79944a6db999819c93709239ae3a9786b8358d51e
 SHA512:
-  metadata.gz: a9ec0fc35cc97167ff34deccd9f2ecdb20d7be1499ce9e77ec56f2b1f05568a82c5870036cdb54d9faf5a6a1639242f9be27449a927c7b60c605bbcd1c9374c3
-  data.tar.gz: 61bf5514e607909b1fe92a7afe114f813e2f7ff08cdbf89ba64d27881eb997e6f790fa80fa0050dea4df6aa6f698ae292561bb8b8136c2bbf2e219053f9bae7c
+  metadata.gz: 89b98c3e832204d8cf90c6ae034a73c7478bfdd0a25722275f3d131bc578101257a8c471d070a5f3791ac50741579271940bd234ee5e2d0eb24e7eaa497d01be
+  data.tar.gz: 4bde15301bb4262dfb0fc6029ad42c0f6ef4617895b84a8e3ef197f6cde7f79196f85264ca840f535b2eedf58c3fb0a55ac75e6e5695ff0893b84c557a4e56b5

data/app/app.rb

@@ -1,4 +1,23 @@
-require_relative 'formatters'
-require_relative 'controllers'
-require_relative 'models'
-require_relative 'finders'
+# frozen_string_literal: true
+
+# Formatters
+require_relative 'formatters/cli'
+require_relative 'formatters/cli_no_colour'
+require_relative 'formatters/cli_no_color'
+require_relative 'formatters/json'
+
+# Controllers
+require_relative 'controllers/core'
+require_relative 'controllers/interesting_findings'
+
+# Models
+require_relative 'models/interesting_finding'
+require_relative 'models/robots_txt'
+require_relative 'models/fantastico_fileslist'
+require_relative 'models/headers'
+require_relative 'models/xml_rpc'
+require_relative 'models/version'
+require_relative 'models/user'
+
+# Finders
+require_relative 'finders/interesting_findings'

data/app/controllers/core.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'core/cli_options'
 
 module CMSScanner
@@ -37,22 +39,22 @@ module CMSScanner
 
         case res.code
         when 0
-          raise TargetDownError, res
+          raise Error::TargetDown, res
         when 401
-          raise HTTPAuthRequiredError
+          raise Error::HTTPAuthRequired
         when 403
-          raise AccessForbiddenError, parsed_options[:random_user_agent]
+          raise Error::AccessForbidden, parsed_options[:random_user_agent]
         when 407
-          raise ProxyAuthRequiredError
+          raise Error::ProxyAuthRequired
         end
 
         # Checks for redirects
-        # An out of scope redirect will raise an HTTPRedirectError
+        # An out of scope redirect will raise an Error::HTTPRedirect
         effective_url = target.homepage_res.effective_url
 
         return if target.in_scope?(effective_url)
 
-        raise HTTPRedirectError, effective_url unless parsed_options[:ignore_main_redirect]
+        raise Error::HTTPRedirect, effective_url unless parsed_options[:ignore_main_redirect]
 
         target.homepage_res = res
       end

data/app/controllers/core/cli_options.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Controller
     # CLI Options for the Core Controller

data/app/controllers/interesting_findings.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Controller
     # InterestingFindings Controller

data/app/finders/interesting_findings.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'interesting_findings/headers'
 require_relative 'interesting_findings/robots_txt'
 require_relative 'interesting_findings/fantastico_fileslist'

data/app/finders/interesting_findings/fantastico_fileslist.rb

@@ -1,21 +1,19 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Finders
     module InterestingFindings
       # FantasticoFileslist finder
       class FantasticoFileslist < Finder
-        # @return [ String ] The url of the fantastico_fileslist.txt file
-        def url
-          target.url('fantastico_fileslist.txt')
-        end
-
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          res = NS::Browser.get(url)
+          path = 'fantastico_fileslist.txt'
+          res  = target.head_and_get(path)
 
-          return unless res&.code == 200 && !res.body.empty?
+          return if res.body.strip.empty?
           return unless res.headers && res.headers['Content-Type'] =~ %r{\Atext/plain}
 
-          NS::FantasticoFileslist.new(url, confidence: 70, found_by: found_by)
+          NS::Model::FantasticoFileslist.new(target.url(path), confidence: 70, found_by: found_by)
         end
       end
     end

data/app/finders/interesting_findings/headers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Finders
     module InterestingFindings
@@ -5,7 +7,7 @@ module CMSScanner
       class Headers < Finder
         # @return [ InterestingFinding ]
         def passive(_opts = {})
-          r = NS::Headers.new(target.homepage_url, confidence: 100, found_by: found_by)
+          r = NS::Model::Headers.new(target.homepage_url, confidence: 100, found_by: found_by)
 
           r.interesting_entries.empty? ? nil : r
         end

data/app/finders/interesting_findings/robots_txt.rb

@@ -1,20 +1,18 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Finders
     module InterestingFindings
       # Robots.txt finder
       class RobotsTxt < Finder
-        # @return [ String ] The url of the robots.txt file
-        def url
-          target.url('robots.txt')
-        end
-
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          res = NS::Browser.get(url)
+          path = 'robots.txt'
+          res  = target.head_and_get(path)
 
           return unless res&.code == 200 && res.body =~ /(?:user-agent|(?:dis)?allow):/i
 
-          NS::RobotsTxt.new(url, confidence: 100, found_by: found_by)
+          NS::Model::RobotsTxt.new(target.url(path), confidence: 100, found_by: found_by)
         end
       end
     end

data/app/finders/interesting_findings/search_replace_db_2.rb

@@ -1,22 +1,20 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Finders
     module InterestingFindings
       # SearchReplaceDB2 finder
       class SearchReplaceDB2 < Finder
-        # @return [ String ] The url to the searchreplacedb2 PHP file
-        def url
-          target.url('searchreplacedb2.php')
-        end
-
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          res = NS::Browser.get(url)
+          path = 'searchreplacedb2.php'
 
-          return unless res&.code == 200 && res.body =~ /by interconnect/i
+          return unless target.head_and_get(path).body =~ /by interconnect/i
 
-          NS::InterestingFinding.new(url, confidence: 100,
-                                          found_by: found_by,
-                                          references: references)
+          NS::Model::InterestingFinding.new(target.url(path),
+                                            confidence: 100,
+                                            found_by: found_by,
+                                            references: references)
         end
 
         def references

data/app/finders/interesting_findings/xml_rpc.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Finders
     module InterestingFindings
@@ -21,7 +23,7 @@ module CMSScanner
 
           potential_urls << url
 
-          NS::XMLRPC.new(url, confidence: 30, found_by: 'Headers (Passive Detection)')
+          NS::Model::XMLRPC.new(url, confidence: 30, found_by: 'Headers (Passive Detection)')
         end
 
         # @return [ XMLRPC ]
@@ -33,8 +35,8 @@ module CMSScanner
 
             potential_urls << url
 
-            return NS::XMLRPC.new(url, confidence: 30,
-                                       found_by: 'Link Tag (Passive Detection)')
+            return NS::Model::XMLRPC.new(url, confidence: 30,
+                                              found_by: 'Link Tag (Passive Detection)')
           end
           nil
         end
@@ -50,9 +52,9 @@ module CMSScanner
 
             next unless res&.body =~ /<methodResponse>/i
 
-            return NS::XMLRPC.new(potential_url,
-                                  confidence: 100,
-                                  found_by: DIRECT_ACCESS)
+            return NS::Model::XMLRPC.new(potential_url,
+                                         confidence: 100,
+                                         found_by: DIRECT_ACCESS)
           end
           nil
         end

data/app/formatters/cli.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Formatter
     # CLI Formatter

data/app/formatters/cli_no_color.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Formatter
     # Because Reason https://github.com/wpscanteam/CMSScanner/issues/56

data/app/formatters/cli_no_colour.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Formatter
     # CLI No Colour Formatter

data/app/formatters/json.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module CMSScanner
   module Formatter
     # JSON Formatter

data/app/models/fantastico_fileslist.rb

@@ -1,20 +1,24 @@
+# frozen_string_literal: true
+
 module CMSScanner
-  # FantasticoFileslist
-  class FantasticoFileslist < InterestingFinding
-    # @return [ Array<String> ] The interesting files/dirs detected
-    def interesting_entries
-      results = []
+  module Model
+    # FantasticoFileslist
+    class FantasticoFileslist < InterestingFinding
+      # @return [ Array<String> ] The interesting files/dirs detected
+      def interesting_entries
+        results = []
 
-      entries.each do |entry|
-        next unless entry =~ /(?:admin|\.log|\.sql|\.db)/i
+        entries.each do |entry|
+          next unless entry =~ /(?:admin|\.log|\.sql|\.db)/i
 
-        results << entry
+          results << entry
+        end
+        results
       end
-      results
-    end
 
-    def references
-      { url: ['http://www.acunetix.com/vulnerabilities/fantastico-fileslist/'] }
+      def references
+        { url: ['http://www.acunetix.com/vulnerabilities/fantastico-fileslist/'] }
+      end
     end
   end
 end

data/app/models/headers.rb

@@ -1,35 +1,39 @@
+# frozen_string_literal: true
+
 module CMSScanner
-  # Interesting Headers
-  class Headers < InterestingFinding
-    # @return [ Hash ] The headers
-    def entries
-      res = NS::Browser.get(url)
-      return [] unless res&.headers
+  module Model
+    # Interesting Headers
+    class Headers < InterestingFinding
+      # @return [ Hash ] The headers
+      def entries
+        res = NS::Browser.get(url)
+        return [] unless res&.headers
 
-      res.headers
-    end
+        res.headers
+      end
 
-    # @return [ Array<String> ] The interesting headers detected
-    def interesting_entries
-      results = []
+      # @return [ Array<String> ] The interesting headers detected
+      def interesting_entries
+        results = []
 
-      entries.each do |header, value|
-        next if known_headers.include?(header.downcase)
+        entries.each do |header, value|
+          next if known_headers.include?(header.downcase)
 
-        results << "#{header}: #{[*value].join(', ')}"
+          results << "#{header}: #{[*value].join(', ')}"
+        end
+        results
       end
-      results
-    end
 
-    # @return [ Array<String> ] Downcased known headers
-    def known_headers
-      %w[
-        age accept-ranges cache-control content-encoding content-length content-type connection date
-        etag expires keep-alive location last-modified link pragma set-cookie strict-transport-security
-        transfer-encoding vary x-cache x-content-security-policy x-content-type-options
-        x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
-        x-webkit-csp x-xss-protection
-      ]
+      # @return [ Array<String> ] Downcased known headers
+      def known_headers
+        %w[
+          age accept-ranges cache-control content-encoding content-length content-type connection date
+          etag expires keep-alive location last-modified link pragma set-cookie strict-transport-security
+          transfer-encoding vary x-cache x-content-security-policy x-content-type-options
+          x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
+          x-webkit-csp x-xss-protection
+        ]
+      end
     end
   end
 end

data/app/models/interesting_finding.rb

@@ -1,44 +1,48 @@
-module CMSScanner
-  # Interesting Finding
-  class InterestingFinding
-    include Finders::Finding
-
-    attr_reader :url
-    attr_writer :to_s
-
-    # @param [ String ] url
-    # @param [ Hash ] opts
-    #   :to_s (override the to_s method)
-    #   See Finders::Finding for other available options
-    def initialize(url, opts = {})
-      @url  = url
-      @to_s = opts[:to_s]
-
-      parse_finding_options(opts)
-    end
-
-    # @return [ Array<String> ]
-    def entries
-      res = NS::Browser.get(url)
-
-      return [] unless res && res.headers['Content-Type'] =~ %r{\Atext/plain;}i
-
-      res.body.split("\n").reject { |s| s.strip.empty? }
-    end
+# frozen_string_literal: true
 
-    # @return [ String ]
-    def to_s
-      @to_s || url
-    end
-
-    # @return [ String ]
-    def type
-      @type ||= self.class.to_s.demodulize.underscore
-    end
-
-    # @return [ Boolean ]
-    def ==(other)
-      self.class == other.class && to_s == other.to_s
+module CMSScanner
+  module Model
+    # Interesting Finding
+    class InterestingFinding
+      include Finders::Finding
+
+      attr_reader :url
+      attr_writer :to_s
+
+      # @param [ String ] url
+      # @param [ Hash ] opts
+      #   :to_s (override the to_s method)
+      #   See Finders::Finding for other available options
+      def initialize(url, opts = {})
+        @url  = url
+        @to_s = opts[:to_s]
+
+        parse_finding_options(opts)
+      end
+
+      # @return [ Array<String> ]
+      def entries
+        res = NS::Browser.get(url)
+
+        return [] unless res && res.headers['Content-Type'] =~ %r{\Atext/plain;}i
+
+        res.body.split("\n").reject { |s| s.strip.empty? }
+      end
+
+      # @return [ String ]
+      def to_s
+        @to_s || url
+      end
+
+      # @return [ String ]
+      def type
+        @type ||= self.class.to_s.demodulize.underscore
+      end
+
+      # @return [ Boolean ]
+      def ==(other)
+        self.class == other.class && to_s == other.to_s
+      end
     end
   end
 end