cms_scanner 0.0.43.2 → 0.0.44.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c08759ffe67a08d3d1d2a605b909e2005b2236fcb64d2cb5d676a5285b518e47
-  data.tar.gz: 628124941d9ebde290372e860b36b4f38df9fd860ce54edebe2deb92e6faa3e8
+  metadata.gz: 36cf3a147ed137b39e8b2d7f1663bfd454639cce4b8d0f45764af3e3ab0b4b48
+  data.tar.gz: a4e4d72d4b8951a04c4f619cc20d1e1293eba77b15533e668738a2e0e62d3306
 SHA512:
-  metadata.gz: 39ecc93cb5446fc7d8223c9a397b21e5ff30728c85c5808e47c8a7600c1efe658e4b68dfb8d6f30b916fb7f2103a00af6d752cc0f8e3010c8f3e88ab768e8a46
-  data.tar.gz: 643282fcf51cab0b08cf09741113fb53ca11f4fdd982bb162d0bd56ad039b4cfe411620ab6a25de2862a9d68d4d4cd23e8681e9416a70820a9dd8f8ab9004b0a
+  metadata.gz: cadfdee997e1ef6c7f10ce9f7b8b841acdb1fd5818b5682070f3a07dd5ea34658d55ffd9d86055ac6b7ccf60b5fd965213ba61f22f138873fc6852e137997f0f
+  data.tar.gz: 4a37dc5d1eae53a72894f6317cb72132dc07541f76d48ce9067d15fdf4e89d026b074cc4314163883dce3d2006305ff7c607831d8d0cb9c1c4d22e4978b53a91

data/app/controllers/core.rb

@@ -7,12 +7,12 @@ module CMSScanner
     # Core Controller
     class Core < Base
       def setup_cache
-        return unless parsed_options[:cache_dir]
+        return unless NS::ParsedCli.cache_dir
 
-        storage_path = File.join(parsed_options[:cache_dir], Digest::MD5.hexdigest(target.url))
+        storage_path = File.join(NS::ParsedCli.cache_dir, Digest::MD5.hexdigest(target.url))
 
         Typhoeus::Config.cache = Cache::Typhoeus.new(storage_path)
-        Typhoeus::Config.cache.clean if parsed_options[:clear_cache]
+        Typhoeus::Config.cache.clean if NS::ParsedCli.clear_cache
       end
 
       def before_scan
@@ -23,12 +23,12 @@ module CMSScanner
       end
 
       def maybe_output_banner_help_and_version
-        output('banner') if parsed_options[:banner]
-        output('help', help: option_parser.simple_help, simple: true) if parsed_options[:help]
-        output('help', help: option_parser.full_help, simple: false) if parsed_options[:hh]
-        output('version') if parsed_options[:version]
+        output('banner') if NS::ParsedCli.banner
+        output('help', help: option_parser.simple_help, simple: true) if NS::ParsedCli.help
+        output('help', help: option_parser.full_help, simple: false) if NS::ParsedCli.hh
+        output('version') if NS::ParsedCli.version
 
-        exit(NS::ExitCode::OK) if parsed_options[:help] || parsed_options[:hh] || parsed_options[:version]
+        exit(NS::ExitCode::OK) if NS::ParsedCli.help || NS::ParsedCli.hh || NS::ParsedCli.version
       end
 
       # Checks that the target is accessible, raises related errors otherwise
@@ -43,7 +43,7 @@ module CMSScanner
         when 401
           raise Error::HTTPAuthRequired
         when 403
-          raise Error::AccessForbidden, parsed_options[:random_user_agent]
+          raise Error::AccessForbidden, NS::ParsedCli.random_user_agent
         when 407
           raise Error::ProxyAuthRequired
         end
@@ -54,7 +54,7 @@ module CMSScanner
 
         return if target.in_scope?(effective_url)
 
-        raise Error::HTTPRedirect, effective_url unless parsed_options[:ignore_main_redirect]
+        raise Error::HTTPRedirect, effective_url unless NS::ParsedCli.ignore_main_redirect
 
         target.homepage_res = res
       end

data/app/controllers/core/cli_options.rb

@@ -46,7 +46,10 @@ module CMSScanner
           OptBoolean.new(['--random-user-agent', '--rua',
                           'Use a random user-agent for each scan']),
           OptFilePath.new(['--user-agents-list FILE-PATH',
-                           'List of agents to use with --random-user-agent'], exists: true, advanced: true),
+                           'List of agents to use with --random-user-agent'],
+                          exists: true,
+                          advanced: true,
+                          default: APP_DIR.join('user_agents.txt')),
           OptCredentials.new(['--http-auth login:password']),
           OptPositiveInteger.new(['-t', '--max-threads VALUE', 'The max threads to use'],
                                  default: 5),

data/app/controllers/interesting_findings.rb

@@ -15,7 +15,7 @@ module CMSScanner
       end
 
       def run
-        mode = parsed_options[:interesting_findings_detection] || parsed_options[:detection_mode]
+        mode = NS::ParsedCli.interesting_findings_detection || NS::ParsedCli.detection_mode
         findings = target.interesting_findings(mode: mode)
 
         output('findings', findings: findings) unless findings.empty?

data/lib/cms_scanner.rb

@@ -24,6 +24,7 @@ require 'cms_scanner/public_suffix/domain' # Adds a Domain#match method and logi
 require 'cms_scanner/numeric' # Adds a Numeric#bytes_to_human
 # Custom Libs
 require 'cms_scanner/scan'
+require 'cms_scanner/parsed_cli'
 require 'cms_scanner/helper'
 require 'cms_scanner/exit_code'
 require 'cms_scanner/errors'

data/lib/cms_scanner/browser.rb

@@ -14,7 +14,7 @@ module CMSScanner
     def initialize(parsed_options = {})
       self.throttle = 0
 
-      load_options(parsed_options)
+      load_options(parsed_options.dup)
     end
 
     private_class_method :new

data/lib/cms_scanner/browser/options.rb

@@ -62,6 +62,8 @@ module CMSScanner
 
       @user_agents = []
 
+      # The user_agents_list is managed by the CLI options, with the default being
+      # APP_DIR/user_agents.txt
       File.open(user_agents_list).each do |line|
         next if line == "\n" || line[0, 1] == '#'
 
@@ -71,11 +73,6 @@ module CMSScanner
       @user_agents
     end
 
-    # @return [ String ] The path to the user agents list
-    def user_agents_list
-      @user_agents_list ||= File.join(APP_DIR, 'user_agents.txt')
-    end
-
     # @param [ value ] The throttle time in milliseconds
     #
     # if value > 0, the max_threads will be set to 1

data/lib/cms_scanner/controller.rb

@@ -22,15 +22,14 @@ module CMSScanner
       # Reset all the class attibutes
       # Currently only used in specs
       def self.reset
-        @@target         = nil
-        @@parsed_options = nil
-        @@datastore      = nil
-        @@formatter      = nil
+        @@target    = nil
+        @@datastore = nil
+        @@formatter = nil
       end
 
       # @return [ Target ]
       def target
-        @@target ||= NS::Target.new(parsed_options[:url], parsed_options)
+        @@target ||= NS::Target.new(NS::ParsedCli.url, NS::ParsedCli.options)
       end
 
       # @param [ OptParsevalidator::OptParser ] parser
@@ -43,21 +42,6 @@ module CMSScanner
         @@option_parser
       end
 
-      # Set the parsed options and initialize the browser
-      # with them
-      #
-      # @param [ Hash ] options
-      def self.parsed_options=(options)
-        @@parsed_options = options
-
-        NS::Browser.instance(options)
-      end
-
-      # @return [ Hash ]
-      def parsed_options
-        @@parsed_options ||= {}
-      end
-
       # @return [ Hash ]
       def datastore
         @@datastore ||= {}
@@ -65,7 +49,7 @@ module CMSScanner
 
       # @return [ Formatter::Base ]
       def formatter
-        @@formatter ||= NS::Formatter.load(parsed_options[:format], datastore[:views])
+        @@formatter ||= NS::Formatter.load(NS::ParsedCli.format, datastore[:views])
       end
 
       # @see Formatter#output
@@ -84,7 +68,7 @@ module CMSScanner
 
       # @return [ Boolean ]
       def user_interaction?
-        formatter.user_interaction? && !parsed_options[:output]
+        formatter.user_interaction? && !NS::ParsedCli.output
       end
 
       # @return [ String ]
@@ -108,7 +92,7 @@ module CMSScanner
 
       # @return [ Hash ] All the instance variable keys (and their values) and the verbose value
       def instance_variable_values
-        h = { verbose: parsed_options[:verbose] }
+        h = { verbose: NS::ParsedCli.verbose }
         instance_variables.each do |a|
           s    = a.to_s
           n    = s[1..s.size]

data/lib/cms_scanner/controllers.rb

@@ -35,13 +35,12 @@ module CMSScanner
     end
 
     def run
-      parsed_options             = option_parser.results
-      first.class.option_parser  = option_parser
-      first.class.parsed_options = parsed_options
+      NS::ParsedCli.options     = option_parser.results
+      first.class.option_parser = option_parser # To be able to output the help when -h/--hh
 
-      redirect_output_to_file(parsed_options[:output]) if parsed_options[:output]
+      redirect_output_to_file(NS::ParsedCli.output) if NS::ParsedCli.output
 
-      Timeout.timeout(parsed_options[:max_scan_duration], NS::Error::MaxScanDurationReached) do
+      Timeout.timeout(NS::ParsedCli.max_scan_duration, NS::Error::MaxScanDurationReached) do
         each(&:before_scan)
 
         @running = true
@@ -49,7 +48,7 @@ module CMSScanner
         each(&:run)
       end
     ensure
-      Browser.instance.hydra.abort
+      NS::Browser.instance.hydra.abort
 
       # Reverse is used here as the app/controllers/core#after_scan finishes the output
       # and must be the last one to be executed. It also guarantee that stats will be output

data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb

@@ -103,7 +103,7 @@ module CMSScanner
                     'Request timed out.'
                   elsif response.code.zero?
                     "No response from remote server. WAF/IPS? (#{response.return_message})"
-                  elsif response.code.to_s =~ /^50/
+                  elsif /^50/.match?(response.code.to_s)
                     'Server error, try reducing the number of threads.'
                   else
                     "Unknown response received Code: #{response.code}\nBody: #{response.body}"

data/lib/cms_scanner/parsed_cli.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module CMSScanner
+  # Class to hold the parsed CLI options and have them available via
+  # methods, such as #verbose?, rather than from the hash.
+  # This is similar to an OpenStruct, but class wise (rather than instance), and with
+  # the logic to update the Browser options accordinly
+  class ParsedCli
+    @options = {}
+
+    class << self
+      attr_reader :options
+    end
+
+    # Sets the CLI options, and put them into the Browser as well
+    # @param [ Hash ] options
+    def self.options=(options)
+      @options = options.dup
+
+      NS::Browser.reset
+      NS::Browser.instance(@options)
+    end
+
+    # @return [ Boolean ]
+    def self.verbose?
+      options[:verbose] ? true : false
+    end
+
+    # Unknown methods will return nil, this is the expected behaviour
+    # rubocop:disable Style/MissingRespondToMissing
+    def self.method_missing(method_name, *_args, &_block)
+      super if method_name == :new
+
+      options[method_name.to_sym]
+    end
+    # rubocop:enable Style/MissingRespondToMissing
+  end
+end

data/lib/cms_scanner/scan.rb

@@ -32,7 +32,7 @@ module CMSScanner
       formatter.output('@scan_aborted',
                        reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
                        trace: e.backtrace,
-                       verbose: controllers.first.parsed_options[:verbose] ||
+                       verbose: NS::ParsedCli.verbose ||
                                 run_error_exit_code == NS::ExitCode::EXCEPTION)
     ensure
       formatter.beautify
@@ -61,10 +61,8 @@ module CMSScanner
       at_exit do
         exit(run_error_exit_code) if run_error
 
-        controller = controllers.first
-
         # The parsed_option[:url] must be checked to avoid raising erros when only -h/-v are given
-        exit(NS::ExitCode::VULNERABLE) if controller.parsed_options[:url] && controller.target.vulnerable?
+        exit(NS::ExitCode::VULNERABLE) if NS::ParsedCli.url && controllers.first.target.vulnerable?
         exit(NS::ExitCode::OK)
       end
     end

data/lib/cms_scanner/target/platform/php.rb

@@ -20,7 +20,7 @@ module CMSScanner
           # which can be huge (~ 2Go)
           res = head_and_get(path, [200], get: params.merge(headers: { 'Range' => 'bytes=0-700' }))
 
-          res.body =~ pattern ? true : false
+          res.body&.match?(pattern) ? true : false
         end
 
         # @param [ String ] path

data/lib/cms_scanner/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module CMSScanner
-  VERSION = '0.0.43.2'
+  VERSION = '0.0.44.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.43.2
+  version: 0.0.44.0
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-04-03 00:00:00.000000000 Z
+date: 2019-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -184,14 +184,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.66.0
+        version: 0.67.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.66.0
+        version: 0.67.1
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -299,6 +299,7 @@ files:
 - lib/cms_scanner/formatter/buffer.rb
 - lib/cms_scanner/helper.rb
 - lib/cms_scanner/numeric.rb
+- lib/cms_scanner/parsed_cli.rb
 - lib/cms_scanner/progressbar_null_output.rb
 - lib/cms_scanner/public_suffix/domain.rb
 - lib/cms_scanner/references.rb
@@ -330,7 +331,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="