cms_scanner 0.12.0 → 0.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4bd03cf29a3233e11bb14e25cc34876158525f2c6fb5c1ab52319c169e4de474
|
|
4
|
+
data.tar.gz: b3488745cffc83aea82ea33d6f44c6c52fc5da794d2b2d7d8e0176fe0a9a7a32
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3029e64fb9f68e040a01a894065b44fb71c15f0e14097fce7534eeeceb09162b4ee836dac56eb6887f2c7bb5fb947e29b59c84b11e82d52494c9de612d59d8d6
|
|
7
|
+
data.tar.gz: c182f889010dfa7fd9536d560adae2b23cc479dae31dbe20127b51c79e2f30bd88f3c8c77006341ad0a872f3871826eb9a1e04c4314fbab142f7afed2ff68fab
|
|
@@ -2,8 +2,16 @@
|
|
|
2
2
|
|
|
3
3
|
module CMSScanner
|
|
4
4
|
module Model
|
|
5
|
-
#
|
|
5
|
+
# Fantastico is a commercial script library that automates the installation of web applications to a website.
|
|
6
|
+
# Fantastico scripts are executed from the administration area of a website control panel such as cPanel.
|
|
7
|
+
# It creates a file named fantastico_fileslist.txt that is publicly available and contains a list of all the
|
|
8
|
+
# files from the current directory. The contents of this file may expose sensitive information to an attacker.
|
|
6
9
|
class FantasticoFileslist < InterestingFinding
|
|
10
|
+
# @return [ String ]
|
|
11
|
+
def to_s
|
|
12
|
+
@to_s ||= "Fantastico list found: #{url}"
|
|
13
|
+
end
|
|
14
|
+
|
|
7
15
|
# @return [ Array<String> ] The interesting files/dirs detected
|
|
8
16
|
def interesting_entries
|
|
9
17
|
results = []
|
|
@@ -17,7 +25,9 @@ module CMSScanner
|
|
|
17
25
|
end
|
|
18
26
|
|
|
19
27
|
def references
|
|
20
|
-
@references ||= {
|
|
28
|
+
@references ||= {
|
|
29
|
+
url: ['https://web.archive.org/web/20140518040021/http://www.acunetix.com/vulnerabilities/fantastico-fileslist/']
|
|
30
|
+
}
|
|
21
31
|
end
|
|
22
32
|
end
|
|
23
33
|
end
|
data/app/models/robots_txt.rb
CHANGED
|
@@ -4,6 +4,11 @@ module CMSScanner
|
|
|
4
4
|
module Model
|
|
5
5
|
# Robots.txt
|
|
6
6
|
class RobotsTxt < InterestingFinding
|
|
7
|
+
# @return [ String ]
|
|
8
|
+
def to_s
|
|
9
|
+
@to_s ||= "robots.txt found: #{url}"
|
|
10
|
+
end
|
|
11
|
+
|
|
7
12
|
# @todo Better detection, currently everything not empty or / is returned
|
|
8
13
|
#
|
|
9
14
|
# @return [ Array<String> ] The interesting Allow/Disallow rules detected
|
|
@@ -4,6 +4,11 @@ module CMSScanner
|
|
|
4
4
|
module Model
|
|
5
5
|
# SearchReplaceDB2
|
|
6
6
|
class SearchReplaceDB2 < InterestingFinding
|
|
7
|
+
# @return [ String ]
|
|
8
|
+
def to_s
|
|
9
|
+
@to_s ||= "Search Replace DB script found: #{url}"
|
|
10
|
+
end
|
|
11
|
+
|
|
7
12
|
def references
|
|
8
13
|
@references ||= { url: ['https://interconnectit.com/products/search-and-replace-for-wordpress-databases/'] }
|
|
9
14
|
end
|
|
@@ -30,8 +30,7 @@ module CMSScanner
|
|
|
30
30
|
|
|
31
31
|
users.each { |u| user_requests_count[u.username] = 0 }
|
|
32
32
|
|
|
33
|
-
File.foreach(wordlist) do |password|
|
|
34
|
-
password.chomp!
|
|
33
|
+
File.foreach(wordlist, chomp: true) do |password|
|
|
35
34
|
remaining_users = users.select { |u| u.password.nil? }
|
|
36
35
|
|
|
37
36
|
break if remaining_users.empty?
|
data/lib/cms_scanner/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cms_scanner
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.12.
|
|
4
|
+
version: 0.12.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-07-
|
|
11
|
+
date: 2020-07-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: get_process_mem
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 1.9.
|
|
47
|
+
version: 1.9.2
|
|
48
48
|
type: :runtime
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 1.9.
|
|
54
|
+
version: 1.9.2
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: public_suffix
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|