enchant 0.99.0 → 1.0.0.pre1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (17) hide show
  1. data/Gemfile +1 -2
  2. data/Gemfile.lock +2 -3
  3. data/LICENSE.txt +20 -0
  4. data/README.md +71 -0
  5. data/Rakefile +61 -15
  6. data/VERSION +1 -1
  7. data/bin/enchant +26 -127
  8. data/db/directory-list-1.0.txt +141708 -0
  9. data/db/directory-list-2.3-medium.txt +220560 -0
  10. data/db/directory-list-2.3-small.txt +87664 -0
  11. data/lib/enchant/engine.rb +106 -46
  12. data/lib/enchant/version.rb +9 -85
  13. data/spec/enchant_spec.rb +8 -0
  14. data/spec/spec_helper.rb +12 -0
  15. metadata +53 -47
  16. data/README.textile +0 -93
  17. data/enchant.gemspec +0 -81
data/lib/enchant/engine.rb CHANGED
@@ -1,68 +1,128 @@
1
1
  require 'net/http'
2
+ require 'httpclient'
2
3
  require 'uri'
4
+ require 'progressbar'
3
5
 
4
6
  module Enchant
5
-
6
7
  class Engine
7
- attr_reader :server, :code
8
- attr_accessor :host, :port, :domain
8
+ attr_reader :urls_open
9
+ attr_reader :urls_internal_error
10
+ attr_reader :urls_private
9
11
 
10
- def initialize(*urls)
11
- url = urls.pop || ""
12
+ def initialize(options={})
13
+ @host = options[:host]
14
+ @port = options[:port]
15
+ @wordlist = options[:wordlist]
16
+ @verbose = options[:verbose]
17
+ end
18
+ def self.help
19
+ puts "usage: enchant -wVvh target"
20
+ puts " -w file: specifiy the text file to be used as dictionary"
21
+ puts " -V: be verbose"
22
+ puts " -v: shows version"
23
+ puts " -h: this help"
24
+ end
12
25
 
13
- if url != ""
14
- tmp = URI.parse(url)
15
- @host = tmp.host
16
- @port = tmp.port
26
+
27
+ def fuzz(*)
28
+ # in future some perturbation will be done here
29
+ get_list
30
+ end
17
31
 
18
- if @host == nil && @port == nil
19
- @sane = nil
20
- else
21
- @sane = 1
22
- end
23
- else
24
- @sane = 1
32
+ def scan
33
+ http = Net::HTTP.new(@host, @port)
34
+ list = get_list
35
+ if list.empty?
36
+ return 0
25
37
  end
26
- end
27
38
 
28
- def is_sane?
29
- @sane
39
+ refused=0
40
+ @urls_open=[]
41
+ @urls_internal_error=[]
42
+ @urls_private=[]
43
+
44
+
45
+ pbar = ProgressBar.new("urls", list.size)
46
+ list.each do |path|
47
+ pbar.inc
48
+ if ! path.start_with? '#'
49
+ begin
50
+ response = http.get('/'+path.chop)
51
+ c = response.code.to_i
52
+ refused = 0
53
+ if c == 200
54
+ @urls_open << path
55
+ end
56
+ if c == 401
57
+ @urls_private << path
58
+ end
59
+ if c >= 500
60
+ @urls_internal_error << path
61
+ end
62
+ rescue Errno::ECONNREFUSED
63
+ refused += 1
64
+ if refused > 5
65
+ pbar.finish
66
+ puts "received 5 connection refused. #{@host} went down".color(:red)
67
+ return @urls_open.count
68
+ else
69
+ puts "[WARNING] connection refused".color(:yellow)
70
+ sleep 2 * refused
71
+ end
72
+
73
+ rescue Net::HTTPBadResponse
74
+ refused = 0
75
+ if @verbose
76
+ puts "#{$!}".color(:red)
77
+ end
78
+ rescue Errno::ETIMEDOUT
79
+ refused = 0
80
+ if @verbose
81
+ puts "#{$!}".color(:red)
82
+ end
83
+ end
84
+ end
85
+ end
86
+ pbar.finish
87
+ @urls_open.count
30
88
  end
31
89
 
32
- def list(wordlist)
90
+ def up?
33
91
  begin
34
- File.open(wordlist, 'r') { |f|
35
- @list = f.readlines
36
- }
37
- rescue Errno::ENOENT
38
- puts "It seems the wordlist file is not present (#{wordlist})"
39
- @list = nil
92
+ Net::HTTP.new(@host, @port).get('/')
93
+ return true
94
+ rescue Errno::ECONNREFUSED
95
+ return false
96
+ rescue Errno::ETIMEDOUT
97
+ return false
40
98
  end
41
- end
99
+ end
42
100
 
43
- def fuzz(*)
44
- # in future some perturbation will be done here
45
- @list
46
- end
47
101
 
48
- def get(path)
49
- http = Net::HTTP.new(host, port)
102
+ private
103
+ def get_list
104
+
105
+ if @wordlist.nil?
106
+ if File.exists?('../../db/directory-list-2.3-small.txt')
107
+ @wordlist='../../db/directory-list-2.3-small.txt'
108
+ end
109
+ if File.exists?('./db/directory-list-2.3-small.txt')
110
+ @wordlist='./db/directory-list-2.3-small.txt'
111
+ else
112
+ @list = {}
113
+ end
114
+
115
+ end
116
+
50
117
  begin
51
- response = http.get(path)
52
- @code = response.code
53
- rescue Net::HTTPBadResponse
54
- puts #{$!}
55
- @code=-1
56
- rescue Errno::ETIMEDOUT
57
- puts #{$!}
58
- @code=-1
118
+ File.open(@wordlist, 'r') { |f|
119
+ @list = f.readlines
120
+ }
121
+ rescue Errno::ENOENT
122
+ puts "it seems the wordlist file is not present (#{@wordlist})".color(:red)
123
+ @list = {}
59
124
  end
60
- @code
61
125
  end
62
126
 
63
- def up?(site)
64
- Net::HTTP.new(site).head('/').kind_of? Net::HTTPOK
65
- end
66
-
67
127
  end
68
128
  end
data/lib/enchant/version.rb CHANGED
@@ -1,92 +1,16 @@
1
1
  module Enchant
2
- # Handles enchant version number taken from VERSION file.
3
- # The way Haml gem handles it's version.rb inspired me for creating this
4
- # file.
5
- class Version
2
+ module Version
3
+ MAJOR = 1
4
+ MINOR = 0
5
+ PATCH = 0
6
+ BUILD = 'pre1'
6
7
 
7
- # Returns a hash representing the version of enchant.
8
- # The `:major`, `:minor`, and `:patch` keys have their respective numbers as Fixnums.
9
- # The `:name` key has the name of the version.
10
- # The `:string` key contains a human-readable string representation of the version.
11
- # The `:number` key is the major, minor, and patch keys separated by periods.
12
- # If enchant is checked out from Git, the `:rev` key will have the revision hash.
13
- #
14
- # For example:
15
- #
16
- # {
17
- # :string => "0.1.4.160676a",
18
- # :rev => "160676ab8924ef36639c7e82aa88a51a24d16949",
19
- # :number => "0.1.4",
20
- # :major => 0, :minor => 1, :patch => 4
21
- # }
22
- #
23
- # If a prerelease version of enchant is being used,
24
- # the `:string` and `:number` fields will reflect the full version
25
- # (e.g. `"1.0.beta.1"`), and the `:patch` field will be `-1`.
26
- #
27
- # A `:prerelease` key will contain the name of the prerelease (e.g. `"beta"`),
28
- # and a `:prerelease_number` key will contain the rerelease number.
29
- #
30
- # For example:
31
- #
32
- # {
33
- # :string => "1.0.beta.1",
34
- # :number => "1.0.beta.1",
35
- # :major => 1, :minor => 0, :patch => -1,
36
- # :prerelease => "beta",
37
- # :prerelease_number => 1
38
- # }
39
- #
40
- # @return [{Symbol => String/Fixnum}] The version hash
41
8
  def self.version
42
- return @@version if defined?(@@version)
43
- numbers = File.read('VERSION').strip.split('.').map {|n| n =~ /^[0-9]+$/ ? n.to_i : n}
44
- @@version = {
45
- :major => numbers[0],
46
- :minor => numbers[1],
47
- :patch => numbers[2]
48
- }
49
- if numbers[3].is_a?(String)
50
- @@version[:patch] = -1
51
- @@version[:prerelease] = numbers[3]
52
- @@version[:prerelease_number] = numbers[4]
9
+ if BUILD.empty?
10
+ return [MAJOR, MINOR, PATCH].compact.join('.')
11
+ else
12
+ return [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
53
13
  end
54
- @@version[:number] = numbers.join('.')
55
- @@version[:string] = @@version[:number].dup
56
-
57
- rev = revision_number
58
- @@version[:rev] = rev
59
- unless rev[0] == ?(
60
- @@version[:string] << "." << rev[0...7]
61
- end
62
-
63
- @@version
64
- end
65
-
66
- def self.revision_number
67
- if File.exists?('REVISION')
68
- rev = File.read('REVISION').strip
69
- return rev unless rev =~ /^([a-f0-9]+|\(.*\))$/ || rev == '(unknown)'
70
- end
71
-
72
- return unless File.exists?('.git/HEAD')
73
- rev = File.read('.git/HEAD').strip
74
- return rev unless rev =~ /^ref: (.*)$/
75
-
76
- ref_name = $1
77
- ref_file = "./.git/#{ref_name}"
78
- info_file = "./.git/info/refs"
79
- return File.read(ref_file).strip if File.exists?(ref_file)
80
- return unless File.exists?(info_file)
81
- File.open(info_file) do |f|
82
- f.each do |l|
83
- sha, ref = l.strip.split("\t", 2)
84
- next unless ref == ref_name
85
- return sha
86
- end
87
- end
88
- return nil
89
14
  end
90
-
91
15
  end
92
16
  end
data/spec/enchant_spec.rb ADDED
@@ -0,0 +1,8 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
2
+
3
+ describe "enchant " do
4
+ it "must fail" do
5
+ fail
6
+ end
7
+
8
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,12 @@
1
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
2
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
3
+ require 'rspec'
4
+ require 'enchant'
5
+
6
+ # Requires supporting files with custom matchers and macros, etc,
7
+ # in ./support/ and its subdirectories.
8
+ Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
9
+
10
+ RSpec.configure do |config|
11
+
12
+ end
metadata CHANGED
@@ -1,19 +1,19 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: enchant
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.99.0
5
- prerelease:
4
+ version: 1.0.0.pre1
5
+ prerelease: 6
6
6
  platform: ruby
7
7
  authors:
8
8
  - Paolo Perego
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-01-08 00:00:00.000000000Z
12
+ date: 2012-02-16 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rainbow
16
- requirement: &74330310 !ruby/object:Gem::Requirement
16
+ requirement: &70223617410300 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *74330310
24
+ version_requirements: *70223617410300
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: progressbar
27
- requirement: &74329910 !ruby/object:Gem::Requirement
27
+ requirement: &70223617407820 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: '0'
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *74329910
35
+ version_requirements: *70223617407820
36
36
  - !ruby/object:Gem::Dependency
37
- name: awesome_print
38
- requirement: &74329590 !ruby/object:Gem::Requirement
37
+ name: httpclient
38
+ requirement: &70223617405260 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ! '>='
@@ -43,21 +43,10 @@ dependencies:
43
43
  version: '0'
44
44
  type: :runtime
45
45
  prerelease: false
46
- version_requirements: *74329590
47
- - !ruby/object:Gem::Dependency
48
- name: rake
49
- requirement: &73873170 !ruby/object:Gem::Requirement
50
- none: false
51
- requirements:
52
- - - ! '>='
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
- type: :runtime
56
- prerelease: false
57
- version_requirements: *73873170
46
+ version_requirements: *70223617405260
58
47
  - !ruby/object:Gem::Dependency
59
48
  name: rspec
60
- requirement: &73872830 !ruby/object:Gem::Requirement
49
+ requirement: &70223617401900 !ruby/object:Gem::Requirement
61
50
  none: false
62
51
  requirements:
63
52
  - - ~>
@@ -65,10 +54,10 @@ dependencies:
65
54
  version: 2.3.0
66
55
  type: :development
67
56
  prerelease: false
68
- version_requirements: *73872830
57
+ version_requirements: *70223617401900
69
58
  - !ruby/object:Gem::Dependency
70
59
  name: yard
71
- requirement: &73872380 !ruby/object:Gem::Requirement
60
+ requirement: &70223617399720 !ruby/object:Gem::Requirement
72
61
  none: false
73
62
  requirements:
74
63
  - - ~>
@@ -76,10 +65,10 @@ dependencies:
76
65
  version: 0.6.0
77
66
  type: :development
78
67
  prerelease: false
79
- version_requirements: *73872380
68
+ version_requirements: *70223617399720
80
69
  - !ruby/object:Gem::Dependency
81
70
  name: bundler
82
- requirement: &73872100 !ruby/object:Gem::Requirement
71
+ requirement: &70223617383320 !ruby/object:Gem::Requirement
83
72
  none: false
84
73
  requirements:
85
74
  - - ~>
@@ -87,10 +76,10 @@ dependencies:
87
76
  version: 1.0.0
88
77
  type: :development
89
78
  prerelease: false
90
- version_requirements: *73872100
79
+ version_requirements: *70223617383320
91
80
  - !ruby/object:Gem::Dependency
92
81
  name: jeweler
93
- requirement: &73871830 !ruby/object:Gem::Requirement
82
+ requirement: &70223617381780 !ruby/object:Gem::Requirement
94
83
  none: false
95
84
  requirements:
96
85
  - - ~>
@@ -98,10 +87,10 @@ dependencies:
98
87
  version: 1.6.0
99
88
  type: :development
100
89
  prerelease: false
101
- version_requirements: *73871830
90
+ version_requirements: *70223617381780
102
91
  - !ruby/object:Gem::Dependency
103
92
  name: rcov
104
- requirement: &73871490 !ruby/object:Gem::Requirement
93
+ requirement: &70223617380060 !ruby/object:Gem::Requirement
105
94
  none: false
106
95
  requirements:
107
96
  - - ! '>='
@@ -109,10 +98,10 @@ dependencies:
109
98
  version: '0'
110
99
  type: :development
111
100
  prerelease: false
112
- version_requirements: *73871490
101
+ version_requirements: *70223617380060
113
102
  - !ruby/object:Gem::Dependency
114
- name: ruby-progressbar
115
- requirement: &73871190 !ruby/object:Gem::Requirement
103
+ name: progressbar
104
+ requirement: &70223617378300 !ruby/object:Gem::Requirement
116
105
  none: false
117
106
  requirements:
118
107
  - - ! '>='
@@ -120,10 +109,10 @@ dependencies:
120
109
  version: '0'
121
110
  type: :runtime
122
111
  prerelease: false
123
- version_requirements: *73871190
112
+ version_requirements: *70223617378300
124
113
  - !ruby/object:Gem::Dependency
125
114
  name: rainbow
126
- requirement: &73870930 !ruby/object:Gem::Requirement
115
+ requirement: &70223617376540 !ruby/object:Gem::Requirement
127
116
  none: false
128
117
  requirements:
129
118
  - - ! '>='
@@ -131,31 +120,48 @@ dependencies:
131
120
  version: '0'
132
121
  type: :runtime
133
122
  prerelease: false
134
- version_requirements: *73870930
135
- description: Enchant is tool aimed to discover web application directory and pages
136
- by fuzzing the requests using a dictionary approach
137
- email: paolo@armoredcode.com
123
+ version_requirements: *70223617376540
124
+ - !ruby/object:Gem::Dependency
125
+ name: httpclient
126
+ requirement: &70223617336360 !ruby/object:Gem::Requirement
127
+ none: false
128
+ requirements:
129
+ - - ! '>='
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ type: :runtime
133
+ prerelease: false
134
+ version_requirements: *70223617336360
135
+ description: ciphersurfer is a security tool that evaluates web server SSL configuration
136
+ email: thesp0nge@gmail.com
138
137
  executables:
139
138
  - enchant
140
139
  extensions: []
141
140
  extra_rdoc_files:
142
141
  - ChangeLog
143
- - README.textile
142
+ - LICENSE.txt
143
+ - README.md
144
144
  files:
145
145
  - COPYING
146
146
  - ChangeLog
147
147
  - Gemfile
148
148
  - Gemfile.lock
149
- - README.textile
149
+ - LICENSE.txt
150
+ - README.md
150
151
  - Rakefile
151
152
  - VERSION
152
153
  - bin/enchant
153
- - enchant.gemspec
154
+ - db/directory-list-1.0.txt
155
+ - db/directory-list-2.3-medium.txt
156
+ - db/directory-list-2.3-small.txt
154
157
  - lib/enchant.rb
155
158
  - lib/enchant/engine.rb
156
159
  - lib/enchant/version.rb
160
+ - spec/enchant_spec.rb
161
+ - spec/spec_helper.rb
157
162
  homepage: http://github.com/thesp0nge/enchant
158
- licenses: []
163
+ licenses:
164
+ - BSD
159
165
  post_install_message:
160
166
  rdoc_options: []
161
167
  require_paths:
@@ -165,17 +171,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
165
171
  requirements:
166
172
  - - ! '>='
167
173
  - !ruby/object:Gem::Version
168
- version: '0'
174
+ version: 1.8.7
169
175
  required_rubygems_version: !ruby/object:Gem::Requirement
170
176
  none: false
171
177
  requirements:
172
- - - ! '>='
178
+ - - ! '>'
173
179
  - !ruby/object:Gem::Version
174
- version: '0'
180
+ version: 1.3.1
175
181
  requirements: []
176
182
  rubyforge_project:
177
183
  rubygems_version: 1.8.10
178
184
  signing_key:
179
185
  specification_version: 3
180
- summary: Your magical web application fuzzer
186
+ summary: evaluates web server SSL configuration
181
187
  test_files: []