RubyGems - new_cms_scanner - Versions diffs - 0.13.7 - Mend

new_cms_scanner 0.13.7

Files changed (95) hide show

checksums.yaml +7 -0
data/LICENSE +19 -0
data/README.md +26 -0
data/app/app.rb +24 -0
data/app/controllers/core/cli_options.rb +117 -0
data/app/controllers/core.rb +82 -0
data/app/controllers/interesting_findings.rb +25 -0
data/app/finders/interesting_findings/fantastico_fileslist.rb +21 -0
data/app/finders/interesting_findings/headers.rb +17 -0
data/app/finders/interesting_findings/robots_txt.rb +20 -0
data/app/finders/interesting_findings/search_replace_db_2.rb +19 -0
data/app/finders/interesting_findings/xml_rpc.rb +61 -0
data/app/finders/interesting_findings.rb +25 -0
data/app/formatters/cli.rb +65 -0
data/app/formatters/cli_no_color.rb +9 -0
data/app/formatters/cli_no_colour.rb +17 -0
data/app/formatters/json.rb +14 -0
data/app/models/fantastico_fileslist.rb +34 -0
data/app/models/headers.rb +44 -0
data/app/models/interesting_finding.rb +48 -0
data/app/models/robots_txt.rb +31 -0
data/app/models/search_replace_db_2.rb +17 -0
data/app/models/user.rb +35 -0
data/app/models/version.rb +49 -0
data/app/models/xml_rpc.rb +78 -0
data/app/user_agents.txt +46 -0
data/app/views/cli/core/banner.erb +1 -0
data/app/views/cli/core/finished.erb +8 -0
data/app/views/cli/core/help.erb +4 -0
data/app/views/cli/core/started.erb +6 -0
data/app/views/cli/core/version.erb +1 -0
data/app/views/cli/interesting_findings/_array.erb +10 -0
data/app/views/cli/interesting_findings/findings.erb +23 -0
data/app/views/cli/scan_aborted.erb +5 -0
data/app/views/cli/usage.erb +3 -0
data/app/views/json/core/banner.erb +1 -0
data/app/views/json/core/finished.erb +10 -0
data/app/views/json/core/help.erb +4 -0
data/app/views/json/core/started.erb +5 -0
data/app/views/json/core/version.erb +1 -0
data/app/views/json/interesting_findings/findings.erb +24 -0
data/app/views/json/scan_aborted.erb +5 -0
data/lib/cms_scanner/browser/actions.rb +48 -0
data/lib/cms_scanner/browser/options.rb +90 -0
data/lib/cms_scanner/browser.rb +96 -0
data/lib/cms_scanner/cache/file_store.rb +77 -0
data/lib/cms_scanner/cache/typhoeus.rb +25 -0
data/lib/cms_scanner/controller.rb +105 -0
data/lib/cms_scanner/controllers.rb +67 -0
data/lib/cms_scanner/errors/http.rb +72 -0
data/lib/cms_scanner/errors/scan.rb +14 -0
data/lib/cms_scanner/errors.rb +11 -0
data/lib/cms_scanner/exit_code.rb +25 -0
data/lib/cms_scanner/finders/base_finders.rb +45 -0
data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb +121 -0
data/lib/cms_scanner/finders/finder/enumerator.rb +77 -0
data/lib/cms_scanner/finders/finder/fingerprinter.rb +48 -0
data/lib/cms_scanner/finders/finder/smart_url_checker/findings.rb +33 -0
data/lib/cms_scanner/finders/finder/smart_url_checker.rb +60 -0
data/lib/cms_scanner/finders/finder.rb +75 -0
data/lib/cms_scanner/finders/finding.rb +54 -0
data/lib/cms_scanner/finders/findings.rb +26 -0
data/lib/cms_scanner/finders/independent_finder.rb +30 -0
data/lib/cms_scanner/finders/independent_finders.rb +26 -0
data/lib/cms_scanner/finders/same_type_finder.rb +19 -0
data/lib/cms_scanner/finders/same_type_finders.rb +26 -0
data/lib/cms_scanner/finders/unique_finder.rb +19 -0
data/lib/cms_scanner/finders/unique_finders.rb +47 -0
data/lib/cms_scanner/finders.rb +12 -0
data/lib/cms_scanner/formatter/buffer.rb +17 -0
data/lib/cms_scanner/formatter.rb +149 -0
data/lib/cms_scanner/helper.rb +7 -0
data/lib/cms_scanner/numeric.rb +13 -0
data/lib/cms_scanner/parsed_cli.rb +37 -0
data/lib/cms_scanner/progressbar_null_output.rb +23 -0
data/lib/cms_scanner/public_suffix/domain.rb +42 -0
data/lib/cms_scanner/references.rb +132 -0
data/lib/cms_scanner/scan.rb +88 -0
data/lib/cms_scanner/target/hashes.rb +45 -0
data/lib/cms_scanner/target/platform/php.rb +62 -0
data/lib/cms_scanner/target/platform.rb +3 -0
data/lib/cms_scanner/target/scope.rb +103 -0
data/lib/cms_scanner/target/server/apache.rb +27 -0
data/lib/cms_scanner/target/server/generic.rb +72 -0
data/lib/cms_scanner/target/server/iis.rb +29 -0
data/lib/cms_scanner/target/server/nginx.rb +27 -0
data/lib/cms_scanner/target/server.rb +6 -0
data/lib/cms_scanner/target.rb +124 -0
data/lib/cms_scanner/typhoeus/hydra.rb +12 -0
data/lib/cms_scanner/typhoeus/response.rb +27 -0
data/lib/cms_scanner/version.rb +6 -0
data/lib/cms_scanner/vulnerability.rb +46 -0
data/lib/cms_scanner/web_site.rb +145 -0
data/lib/cms_scanner.rb +141 -0
metadata +426 -0

data/app/models/interesting_finding.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # Interesting Finding
+    class InterestingFinding
+      include Finders::Finding
+      attr_reader :url
+      attr_writer :to_s
+      # @param [ String ] url
+      # @param [ Hash ] opts
+      #   :to_s (override the to_s method)
+      #   See Finders::Finding for other available options
+      def initialize(url, opts = {})
+        @url  = url
+        @to_s = opts[:to_s]
+        parse_finding_options(opts)
+      end
+      # @return [ Array<String> ]
+      def entries
+        res = NS::Browser.get(url)
+        return [] unless res && res.headers['Content-Type'] =~ %r{\Atext/plain;}i
+        res.body.split("\n").reject { |s| s.strip.empty? }
+      end
+      # @return [ String ]
+      def to_s
+        @to_s || url
+      end
+      # @return [ String ]
+      def type
+        @type ||= self.class.to_s.demodulize.underscore
+      end
+      # @return [ Boolean ]
+      def ==(other)
+        self.class == other.class && to_s == other.to_s
+      end
+    end
+  end
+end

data/app/models/robots_txt.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # Robots.txt
+    class RobotsTxt < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "robots.txt found: #{url}"
+      end
+      # @todo Better detection, currently everything not empty or / is returned
+      #
+      # @return [ Array<String> ] The interesting Allow/Disallow rules detected
+      def interesting_entries
+        results = []
+        entries.each do |entry|
+          next unless entry =~ /\A(?:dis)?allow:\s*(.+)\z/i
+          match = Regexp.last_match(1)
+          next if match == '/'
+          results << match
+        end
+        results.uniq
+      end
+    end
+  end
+end

data/app/models/search_replace_db_2.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # SearchReplaceDB2
+    class SearchReplaceDB2 < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Search Replace DB script found: #{url}"
+      end
+      def references
+        @references ||= { url: ['https://interconnectit.com/products/search-and-replace-for-wordpress-databases/'] }
+      end
+    end
+  end
+end

data/app/models/user.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # User
+    class User
+      include Finders::Finding
+      attr_accessor :password
+      attr_reader :id, :username
+      # @param [ String ] username
+      # @param [ Hash ] opts
+      # @option opts [ Integer ] :id
+      # @option opts [ String ] :password
+      def initialize(username, opts = {})
+        @username = username
+        @password = opts[:password]
+        @id       = opts[:id]
+        parse_finding_options(opts)
+      end
+      def ==(other)
+        return false unless self.class == other.class
+        username == other.username && password == other.password
+      end
+      def to_s
+        username
+      end
+    end
+  end
+end

data/app/models/version.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # Version
+    class Version
+      include Finders::Finding
+      attr_reader :number
+      def initialize(number, opts = {})
+        @number = number.to_s
+        @number = "0#{number}" if @number[0, 1] == '.'
+        parse_finding_options(opts)
+      end
+      # @param [ Version, String ] other
+      # rubocop:disable Style/NumericPredicate
+      def ==(other)
+        (self <=> other) == 0
+      end
+      # rubocop:enable all
+      # @param [ Version, String ] other
+      def <(other)
+        (self <=> other) == -1
+      end
+      # @param [ Version, String ] other
+      def >(other)
+        (self <=> other) == 1
+      end
+      # @param [ Version, String ] other
+      def <=>(other)
+        other = self.class.new(other) unless other.is_a?(self.class) # handle potential '.1' version
+        Gem::Version.new(number) <=> Gem::Version.new(other.number)
+      rescue ArgumentError
+        false
+      end
+      def to_s
+        number
+      end
+    end
+  end
+end

data/app/models/xml_rpc.rb ADDED Viewed

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # XML RPC
+    class XMLRPC < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "XML-RPC seems to be enabled: #{url}"
+      end
+      # @return [ Browser ]
+      def browser
+        @browser ||= NS::Browser.instance
+      end
+      # @return [ Array<String> ]
+      def available_methods
+        return @available_methods if @available_methods
+        @available_methods = []
+        res = method_call('system.listMethods').run
+        doc = Nokogiri::XML.parse(res.body)
+        doc.search('methodResponse params param value array data value string').each do |s|
+          @available_methods << s.text
+        end
+        @available_methods
+      end
+      # @return [ Boolean ] Whether or not the XMLRPC is enabled
+      def enabled?
+        !available_methods.empty?
+      end
+      # @param [ String ] method_name
+      # @param [ Array ] method_params
+      # @param [ Hash ] request_params
+      #
+      # @return [ Typhoeus::Request ]
+      def method_call(method_name, method_params = [], request_params = {})
+        browser.forge_request(
+          url,
+          request_params.merge(
+            method: :post,
+            body: ::XMLRPC::Create.new.methodCall(method_name, *method_params)
+          )
+        )
+      end
+      # @param [ Array<Array> ] methods_and_params
+      # @param [ Hash ] request_params
+      #
+      # Example of methods_and_params:
+      # [
+      #   [method1, param1, param2],
+      #   [method2, param1],
+      #   [method3]
+      # ]
+      #
+      # @return [ Typhoeus::Request ]
+      def multi_call(methods_and_params = [], request_params = {})
+        browser.forge_request(
+          url,
+          request_params.merge(
+            method: :post,
+            body: ::XMLRPC::Create.new.methodCall(
+              'system.multicall',
+              methods_and_params.collect { |m| { methodName: m[0], params: m[1..-1] } }
+            )
+          )
+        )
+      end
+    end
+  end
+end

data/app/user_agents.txt ADDED Viewed

@@ -0,0 +1,46 @@
+# Windows
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5
+Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1
+Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)
+Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1
+Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
+Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
+Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)
+Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
+# MAC
+Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
+# Linux
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24
+Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9
+Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0
+Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
+Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00
+Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0
+# iPad
+Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53
+Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53
+Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25
+# iPhone
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_3 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B511 Safari/9537.53
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53

data/app/views/cli/core/banner.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <% # Empty file, the banner should be implemented in each scanner %>

data/app/views/cli/core/finished.erb ADDED Viewed

@@ -0,0 +1,8 @@
+<%= info_icon %> Finished: <%= @stop_time.asctime %>
+<%= info_icon %> Requests Done: <%= @requests_done %>
+<%= info_icon %> Cached Requests: <%= @cached_requests %>
+<%= info_icon %> Data Sent: <%= @data_sent.bytes_to_human %>
+<%= info_icon %> Data Received: <%= @data_received.bytes_to_human %>
+<%= info_icon %> Memory used: <%= @used_memory.bytes_to_human %>
+<%= info_icon %> Elapsed time: <%= Time.at(@elapsed).utc.strftime('%H:%M:%S') %>

data/app/views/cli/core/help.erb ADDED Viewed

@@ -0,0 +1,4 @@
+<%= @help %>
+<% if @simple -%>
+[!] To see full list of options use --hh.
+<% end -%>

data/app/views/cli/core/started.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<%= info_icon %> URL: <%= @url %> [<%= @ip %>]
+<% if @url != @effective_url -%>
+<%= info_icon %> Effective URL: <%= @effective_url %>
+<% end -%>
+<%= info_icon %> Started: <%= @start_time.asctime %>

data/app/views/cli/core/version.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ Version: <%= NS::VERSION %>

data/app/views/cli/interesting_findings/_array.erb ADDED Viewed

@@ -0,0 +1,10 @@
+<% unless @a.empty? -%>
+<% if @a.size == 1 -%>
+ | <%= @s %>: <%= @a.first %>
+<% else -%>
+ | <%= @p %>:
+<% @a.each do |line| -%>
+ |  - <%= line %>
+<% end -%>
+<% end -%>
+<% end -%>

data/app/views/cli/interesting_findings/findings.erb ADDED Viewed

@@ -0,0 +1,23 @@
+<% unless @findings.empty? -%>
+Interesting Finding(s):
+<% @findings.each do |finding| -%>
+<%= info_icon %> <%= finding %>
+<%= render('_array', a: finding.interesting_entries, s: 'Interesting Entry', p: 'Interesting Entries') -%>
+ | Found By: <%= finding.found_by %>
+<% if finding.confidence > 0 -%>
+ | Confidence: <%= finding.confidence %>%
+<% end -%>
+<% unless (confirmed = finding.confirmed_by).empty? -%>
+<% if confirmed.size == 1 -%>
+ | Confirmed By: <%= confirmed.first.found_by %><% if confirmed.first.confidence > 0 %>, <%= confirmed.first.confidence %>% confidence<% end %>
+<% else -%>
+ | Confirmed By:
+<% confirmed.each do |c| -%>
+ |  - <%= c.found_by %><% if c.confidence > 0 %>, <%= c.confidence %>% confidence<% end %>
+<% end -%>
+<% end -%>
+<% end -%>
+<%= render('_array', a: finding.references_urls, s: 'Reference', p: 'References') -%>
+<% end -%>
+<% end %>

data/app/views/cli/scan_aborted.erb ADDED Viewed

@@ -0,0 +1,5 @@
+Scan Aborted: <%= @reason %>
+<% if @verbose -%>
+Trace: <%= @trace.join("\n") %>
+<% end %>

data/app/views/cli/usage.erb ADDED Viewed

@@ -0,0 +1,3 @@
+<%= @msg %>
+Please use --help/-h for the list of available options.

data/app/views/json/core/banner.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <% # Empty file, the banner should be implemented in each scanner %>

data/app/views/json/core/finished.erb ADDED Viewed

@@ -0,0 +1,10 @@
+"stop_time": <%= @stop_time.to_i %>,
+"elapsed": <%= @elapsed.to_i %>,
+"requests_done": <%= @requests_done.to_i %>,
+"cached_requests": <%= @cached_requests.to_i %>,
+"data_sent": <%= @data_sent.to_i %>,
+"data_sent_humanised": <%= @data_sent.bytes_to_human.to_json %>,
+"data_received": <%= @data_received.to_i %>,
+"data_received_humanised": <%= @data_received.bytes_to_human.to_json %>,
+"used_memory": <%= @used_memory.to_i %>,
+"used_memory_humanised": <%= @used_memory.bytes_to_human.to_json %>,

data/app/views/json/core/help.erb ADDED Viewed

@@ -0,0 +1,4 @@
+"help": <%= @help.to_s.to_json %>,
+<% if @simple -%>
+"full_help": "To see full list of options use --hh.",
+<% end -%>

data/app/views/json/core/started.erb ADDED Viewed

@@ -0,0 +1,5 @@
+"start_time": <%= @start_time.to_i %>,
+"start_memory": <%= @start_memory.to_i %>,
+"target_url": <%= @url.to_s.to_json %>,
+"target_ip": <%= @ip.to_s.to_json %>,
+"effective_url": <%= @effective_url.to_s.to_json %>,

data/app/views/json/core/version.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ "version": <%= NS::VERSION.to_s.to_json %>,

data/app/views/json/interesting_findings/findings.erb ADDED Viewed

@@ -0,0 +1,24 @@
+"interesting_findings": [
+<% unless @findings.empty? -%>
+  <% last_index = @findings.size - 1 %>
+  <% @findings.each.with_index do |finding, index| -%>
+    {
+      "url": <%= finding.url.to_s.to_json %>,
+      "to_s": <%= finding.to_s.to_json %>,
+      "type": <%= finding.type.to_json %>,
+      "found_by": <%= finding.found_by.to_s.to_json %>,
+      "confidence": <%= finding.confidence.to_json %>,
+      "confirmed_by": {
+      <% unless (confirmed = finding.confirmed_by).empty? -%>
+      <% c_last_index = confirmed.size - 1 %>
+        <% confirmed.each.with_index do |c, i| -%>
+          <%= c.found_by.to_s.to_json %>: { "confidence": <%= c.confidence.to_json %> }<% unless i == c_last_index %>,<% end %>
+        <% end -%>
+      <% end -%>
+      },
+      "references": <%= finding.references.to_json %>,
+      "interesting_entries": <%= finding.interesting_entries.to_json %>
+    }<% unless index == last_index %>,<% end %>
+  <% end -%>
+<% end -%>
+],

data/app/views/json/scan_aborted.erb ADDED Viewed

@@ -0,0 +1,5 @@
+"scan_aborted": <%= @reason.to_json %>,
+"target_url": <%= @url.to_json %>,
+<% if @verbose -%>
+"trace": <%= @trace.to_json %>,
+<% end %>

data/lib/cms_scanner/browser/actions.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+module CMSScanner
+  class Browser
+    # Browser Actions (get, post etc)
+    module Actions
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Request ]
+      def forge_request(url, params = {})
+        NS::Browser.instance.forge_request(url, params)
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def get(url, params = {})
+        forge_request(url, params.merge(method: :get)).run
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def post(url, params = {})
+        forge_request(url, params.merge(method: :post)).run
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def head(url, params = {})
+        forge_request(url, params.merge(method: :head)).run
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def get_and_follow_location(url, params = {})
+        get(url, { followlocation: true, maxredirs: 3 }.merge(params))
+      end
+    end
+  end
+end

data/lib/cms_scanner/browser/options.rb ADDED Viewed

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+module CMSScanner
+  # Options available in the Browser
+  class Browser
+    OPTIONS = %i[
+      cache_ttl
+      cookie_jar
+      cookie_string
+      connect_timeout
+      disable_tls_checks
+      headers
+      http_auth
+      max_threads
+      proxy
+      proxy_auth
+      random_user_agent
+      request_timeout
+      throttle
+      url
+      user_agent
+      user_agents_list
+      vhost
+    ].freeze
+    attr_accessor(*OPTIONS)
+    # @return [ String ]
+    def default_user_agent
+      "#{NS} v#{NS::VERSION}"
+    end
+    # @return [ Typhoeus::Hydra ]
+    def hydra
+      @hydra ||= Typhoeus::Hydra.new(max_concurrency: max_threads || 1)
+    end
+    # @param [ Hash ] options
+    def load_options(options = {})
+      OPTIONS.each do |sym|
+        send("#{sym}=", options[sym]) if options.key?(sym)
+      end
+    end
+    # Set the threads attribute and update hydra accordinly
+    # If the throttle attribute is > 0, max_threads will be forced to 1
+    #
+    # @param [ Integer ] number
+    def max_threads=(number)
+      @max_threads = number.to_i.positive? && throttle.zero? ? number.to_i : 1
+      hydra.max_concurrency = @max_threads
+    end
+    # @return [ String ] The user agent
+    def user_agent
+      @user_agent ||= random_user_agent ? user_agents.sample : default_user_agent
+    end
+    # @return [ Array<String> ]
+    def user_agents
+      return @user_agents if @user_agents
+      @user_agents = []
+      # The user_agents_list is managed by the CLI options, with the default being
+      # APP_DIR/user_agents.txt
+      File.open(user_agents_list).each do |line|
+        next if line == "\n" || line[0, 1] == '#'
+        @user_agents << line.chomp
+      end
+      @user_agents
+    end
+    # @param [ value ] The throttle time in milliseconds
+    #
+    # if value > 0, the max_threads will be set to 1
+    def throttle=(value)
+      @throttle = value.to_i.abs / 1000.0
+      self.max_threads = 1 if @throttle.positive?
+    end
+    def trottle!
+      sleep(throttle) if throttle.positive?
+    end
+  end
+end