easywins 0.1.0 → 0.2.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    YjE1OGI0OWQ5Y2Q2NWUzMzQ1ZjQ3MzI5NTlhNzAzYmVlYjNiNmM4MQ==
+  data.tar.gz: !binary |-
+    Y2Q3OGQwYTI4ODM3MzNlNTYxNTdhZDNmYmQ3NzlhMmU4OTg1ZGJlNQ==
+SHA512:
+  metadata.gz: !binary |-
+    NDc1MjQ3Y2Y2MmJmM2QxZTc4MTZiM2JhN2VmYzViMmRmODY0MjlkNjUxOGU0
+    YjZlZGUzM2Y5MGRhNDI4MGIxZjU0NzMyZDMyMjJlMjFmOWU4YTI1N2I2ZDA5
+    NjhlM2E3ZDhhMWI3YmJjZmRhOThhNGE5YzFiNGVkNWYxYjFjYWY=
+  data.tar.gz: !binary |-
+    Yzc5ZTMzMDU2NzA2MmY4ZDAwZmRiMGRkYWIwYTZlZjRjMDU5NjQxNTgyYjk0
+    M2JlNTI1NDY1ZjcyZjUxODg5NDQxMGRiMzRiNDE1ZWU4ZmQ4ZDdjNTIyMDk5
+    NDJlZGRiYzNjZWI4ZDA2ZWYyNzU4N2UzY2FjYTU2OTM4NzhlYmU=

data/README.md

@@ -19,13 +19,14 @@ list of common *easy win* paths: https://github.com/pwnwiki/webappurls
 
     Probe a web server for common files and endpoints that are useful for gathering information or gaining a foothold.
 
-    v0.1.0
+    v0.2.1
 
     Options:
         -h, --help                       Show command line help
         -g, --get                        Use GET requests instead of HEAD (slower but stealthier)
         -s, --sleep                      Sleep between 0 and 10 seconds before each request
         -x, --spoof                      Spoof X-Forwarded-For header with random IP addresses
+        -u, --update                     Update list of paths from GitHub
             --timeout SECONDS            Request timeout in seconds
                                          (default: 2.5)
         -r, --retries RETRIES            Number of retries on failed requests

data/bin/easywins

@@ -20,7 +20,21 @@ class App
 
       not_found_codes = [404]
 
-      print "\n [*] Checking to see if the server is alive... "
+      print "\n"
+
+      if !Easywins::ListManager.file_exists? || options.include?('update')
+        print " [*] Downloading latest list of paths from GitHub... "
+        begin
+          Easywins::ListManager.update_file!
+          print Paint["done.\n", :green]
+        rescue Easywins::ListManager::UpdateError => e
+          print Paint["FAILED!\n", :red]
+          puts " [*] e.message; exiting."
+          exit!
+        end
+      end
+
+      print " [*] Checking to see if the server is alive... "
       if target.alive?
         print Paint["yes, good.\n", :green]
       else
@@ -55,12 +69,13 @@ class App
         end
       end
 
-      puts " [*] Checking the server for #{Easywins::PATHS.count} interesting paths...\n\n"
-
+      list         = Easywins::ListManager.get_list
       thread_pool  = Thread.pool(options[:threads].to_i)
-      column_width = Easywins::PATHS.max { |a, b| a.length <=> b.length }.length + target.base_url.length
+      column_width = list.max { |a, b| a.length <=> b.length }.length + target.base_url.length
+
+      puts " [*] Checking the server for #{list.count} interesting paths...\n\n"
 
-      Easywins::PATHS.shuffle.each do |path|
+      list.shuffle.each do |path|
         thread_pool.process do
           sleep Random.rand(10) if options.include?('sleep')
           begin
@@ -105,6 +120,7 @@ class App
   on('-g', '--get', "Use GET requests instead of HEAD (slower but stealthier)")
   on('-s', '--sleep', "Sleep between 0 and 10 seconds before each request")
   on('-x', '--spoof', "Spoof X-Forwarded-For header with random IP addresses")
+  on('-u', '--update', "Update list of paths from GitHub")
   on('-t', '--timeout SECONDS', "Request timeout in seconds")
   on('-r', '--retries RETRIES', "Number of retries on failed requests")
   on('-t THREADS', '--threads', "Number of threads to use")

data/lib/easywins.rb

@@ -7,93 +7,8 @@ require 'thread/pool'
 
 require 'easywins/version'
 require 'easywins/http_client'
+require 'easywins/list_manager'
 require 'easywins/target'
 
 module Easywins
-  PATHS = [
-    '/.bzr/README',
-    '/.git/config',
-    '/.hg/requires',
-    '/.htaccess',
-    '/.htpasswd',
-    '/.svn/wc.db',
-    '/_layouts/groups.aspx',
-    '/_layouts/people.aspx',
-    '/access.log',
-    '/admin',
-    '/admin.nsf',
-    '/administration/index.php',
-    '/administrator/',
-    '/apc.php',
-    '/awstats/',
-    '/axis2/axis2-web/HappyAxis.jsp',
-    '/backup.tar.gz',
-    '/backup/',
-    '/backups/',
-    '/bb-admin',
-    '/c99.php',
-    '/cacti',
-    '/CFIDE/adminapi/administrator.cfc',
-    '/CFIDE/administrator/enter.cfm',
-    '/CFIDE/administrator/index.cfm',
-    '/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm',
-    '/cgi-bin/cvsweb',
-    '/cgi-bin/php',
-    '/cgi-bin/php5',
-    '/CHANGELOG.txt',
-    '/console/',
-    '/crossdomain.xml',
-    '/data',
-    '/dev/',
-    '/elmah.axd',
-    '/error.log',
-    '/exchange/',
-    '/files',
-    '/ghost',
-    '/include/',
-    '/includes/',
-    '/index.php?-s',
-    '/index.php?url=admin',
-    '/info.php',
-    '/install',
-    '/INSTALL.txt',
-    '/install/upgrade.php',
-    '/jmx-console/',
-    '/login',
-    '/logon',
-    '/logs/',
-    '/manager',
-    '/manager/html',
-    '/manual/',
-    '/na_admin/ataglance.html',
-    '/owa',
-    '/pgmyadmin/',
-    '/phpinfo.php',
-    '/phpmyadmin/',
-    '/plesk',
-    '/pls/admin',
-    '/private',
-    '/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx',
-    '/README.txt',
-    '/robots.txt',
-    '/rockmongo/index.php',
-    '/server-status',
-    '/sitemap.xml',
-    '/sites/default/files/backup_migrate/',
-    '/temp',
-    '/test.php',
-    '/test/',
-    '/tmp',
-    '/trace.axd',
-    '/upload/',
-    '/uploads/',
-    '/user.php',
-    '/webalizer/',
-    '/webdav/',
-    '/webmin',
-    '/WorkArea/version.xml',
-    '/wp-admin/',
-    '/wsman',
-    '/xampp/'
-  ]
 end

data/lib/easywins/list_manager.rb

@@ -0,0 +1,44 @@
+module Easywins
+  class ListManager
+    LIST_LOCATION = "#{File.dirname(__FILE__)}/../../paths.txt"
+    DOWNLOAD_URL  = 'https://raw.githubusercontent.com/pwnwiki/webappurls/master/webappurls.txt'
+
+    class UpdateError < StandardError; end
+
+    def self.file_exists?
+      File.exists?(LIST_LOCATION)
+    end
+
+    def self.update_file!
+      download = download_file!
+      if download.code != 200 || download.body.size.zero?
+        raise UpdateError.new("Unable to download list from #{DOWNLOAD_URL}")
+      end
+      write_to_file!(download.body)
+    end
+
+    def self.get_list
+      sanitize_list(File.read(LIST_LOCATION))
+    end
+
+  private
+
+    def self.download_file!
+      http_client.do_get(DOWNLOAD_URL)
+    end
+
+    def self.write_to_file!(content)
+      open(LIST_LOCATION, 'w') do |f|
+        f.puts(sanitize_list(content).join("\n"))
+      end
+    end
+
+    def self.sanitize_list(list)
+      list.split("\n").map { |l| l.strip }.delete_if { |l| l.empty? || !l.start_with?('/') }
+    end
+
+    def self.http_client
+      @http_client ||= Easywins::HttpClient.new
+    end
+  end
+end

data/lib/easywins/target.rb

@@ -48,9 +48,9 @@ module Easywins
       raise InvalidBaseUrlError.new("#{url} is an invalid URL") unless valid_url?(url)
       normalized_url = url.dup
       use_ssl = (normalized_url =~ /^https/) || (normalized_url =~ /:443\b/)
-      ends_with_slash = normalized_url =~ /\/$/
 
-      normalized_url.chop! if ends_with_slash
+      normalized_url.chop! if normalized_url.end_with?('?')
+      normalized_url.chop! if normalized_url.end_with?('/')
       normalized_url.gsub!(/^https?:\/\//i, '')
 
       "http#{'s' if use_ssl}://#{normalized_url}".downcase

data/lib/easywins/version.rb

@@ -1,3 +1,3 @@
 module Easywins
-  VERSION = "0.1.0"
+  VERSION = "0.2.1"
 end

metadata

@@ -1,20 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: easywins
 version: !ruby/object:Gem::Version
-  version: 0.1.0
-  prerelease: 
+  version: 0.2.1
 platform: ruby
 authors:
 - Michael Henriksen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-10 00:00:00.000000000 Z
+date: 2014-05-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -22,7 +20,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -30,7 +27,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: methadone
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -38,7 +34,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -46,7 +41,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: paint
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -54,7 +48,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -62,7 +55,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: thread
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -70,7 +62,6 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -78,7 +69,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -86,7 +76,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -94,7 +83,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -102,7 +90,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -125,32 +112,32 @@ files:
 - easywins.gemspec
 - lib/easywins.rb
 - lib/easywins/http_client.rb
+- lib/easywins/list_manager.rb
 - lib/easywins/target.rb
 - lib/easywins/version.rb
 homepage: https://github.com/michenriksen/easywins
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Probe a web server for common files and endpoints that are useful for gathering
   information or gaining a foothold.
 test_files: []