RubyGems - new_cms_scanner - Versions diffs - 0.13.7 - Mend

new_cms_scanner 0.13.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (95) hide show

checksums.yaml +7 -0
data/LICENSE +19 -0
data/README.md +26 -0
data/app/app.rb +24 -0
data/app/controllers/core/cli_options.rb +117 -0
data/app/controllers/core.rb +82 -0
data/app/controllers/interesting_findings.rb +25 -0
data/app/finders/interesting_findings/fantastico_fileslist.rb +21 -0
data/app/finders/interesting_findings/headers.rb +17 -0
data/app/finders/interesting_findings/robots_txt.rb +20 -0
data/app/finders/interesting_findings/search_replace_db_2.rb +19 -0
data/app/finders/interesting_findings/xml_rpc.rb +61 -0
data/app/finders/interesting_findings.rb +25 -0
data/app/formatters/cli.rb +65 -0
data/app/formatters/cli_no_color.rb +9 -0
data/app/formatters/cli_no_colour.rb +17 -0
data/app/formatters/json.rb +14 -0
data/app/models/fantastico_fileslist.rb +34 -0
data/app/models/headers.rb +44 -0
data/app/models/interesting_finding.rb +48 -0
data/app/models/robots_txt.rb +31 -0
data/app/models/search_replace_db_2.rb +17 -0
data/app/models/user.rb +35 -0
data/app/models/version.rb +49 -0
data/app/models/xml_rpc.rb +78 -0
data/app/user_agents.txt +46 -0
data/app/views/cli/core/banner.erb +1 -0
data/app/views/cli/core/finished.erb +8 -0
data/app/views/cli/core/help.erb +4 -0
data/app/views/cli/core/started.erb +6 -0
data/app/views/cli/core/version.erb +1 -0
data/app/views/cli/interesting_findings/_array.erb +10 -0
data/app/views/cli/interesting_findings/findings.erb +23 -0
data/app/views/cli/scan_aborted.erb +5 -0
data/app/views/cli/usage.erb +3 -0
data/app/views/json/core/banner.erb +1 -0
data/app/views/json/core/finished.erb +10 -0
data/app/views/json/core/help.erb +4 -0
data/app/views/json/core/started.erb +5 -0
data/app/views/json/core/version.erb +1 -0
data/app/views/json/interesting_findings/findings.erb +24 -0
data/app/views/json/scan_aborted.erb +5 -0
data/lib/cms_scanner/browser/actions.rb +48 -0
data/lib/cms_scanner/browser/options.rb +90 -0
data/lib/cms_scanner/browser.rb +96 -0
data/lib/cms_scanner/cache/file_store.rb +77 -0
data/lib/cms_scanner/cache/typhoeus.rb +25 -0
data/lib/cms_scanner/controller.rb +105 -0
data/lib/cms_scanner/controllers.rb +67 -0
data/lib/cms_scanner/errors/http.rb +72 -0
data/lib/cms_scanner/errors/scan.rb +14 -0
data/lib/cms_scanner/errors.rb +11 -0
data/lib/cms_scanner/exit_code.rb +25 -0
data/lib/cms_scanner/finders/base_finders.rb +45 -0
data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb +121 -0
data/lib/cms_scanner/finders/finder/enumerator.rb +77 -0
data/lib/cms_scanner/finders/finder/fingerprinter.rb +48 -0
data/lib/cms_scanner/finders/finder/smart_url_checker/findings.rb +33 -0
data/lib/cms_scanner/finders/finder/smart_url_checker.rb +60 -0
data/lib/cms_scanner/finders/finder.rb +75 -0
data/lib/cms_scanner/finders/finding.rb +54 -0
data/lib/cms_scanner/finders/findings.rb +26 -0
data/lib/cms_scanner/finders/independent_finder.rb +30 -0
data/lib/cms_scanner/finders/independent_finders.rb +26 -0
data/lib/cms_scanner/finders/same_type_finder.rb +19 -0
data/lib/cms_scanner/finders/same_type_finders.rb +26 -0
data/lib/cms_scanner/finders/unique_finder.rb +19 -0
data/lib/cms_scanner/finders/unique_finders.rb +47 -0
data/lib/cms_scanner/finders.rb +12 -0
data/lib/cms_scanner/formatter/buffer.rb +17 -0
data/lib/cms_scanner/formatter.rb +149 -0
data/lib/cms_scanner/helper.rb +7 -0
data/lib/cms_scanner/numeric.rb +13 -0
data/lib/cms_scanner/parsed_cli.rb +37 -0
data/lib/cms_scanner/progressbar_null_output.rb +23 -0
data/lib/cms_scanner/public_suffix/domain.rb +42 -0
data/lib/cms_scanner/references.rb +132 -0
data/lib/cms_scanner/scan.rb +88 -0
data/lib/cms_scanner/target/hashes.rb +45 -0
data/lib/cms_scanner/target/platform/php.rb +62 -0
data/lib/cms_scanner/target/platform.rb +3 -0
data/lib/cms_scanner/target/scope.rb +103 -0
data/lib/cms_scanner/target/server/apache.rb +27 -0
data/lib/cms_scanner/target/server/generic.rb +72 -0
data/lib/cms_scanner/target/server/iis.rb +29 -0
data/lib/cms_scanner/target/server/nginx.rb +27 -0
data/lib/cms_scanner/target/server.rb +6 -0
data/lib/cms_scanner/target.rb +124 -0
data/lib/cms_scanner/typhoeus/hydra.rb +12 -0
data/lib/cms_scanner/typhoeus/response.rb +27 -0
data/lib/cms_scanner/version.rb +6 -0
data/lib/cms_scanner/vulnerability.rb +46 -0
data/lib/cms_scanner/web_site.rb +145 -0
data/lib/cms_scanner.rb +141 -0
metadata +426 -0

data/app/models/interesting_finding.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # Interesting Finding
+    class InterestingFinding
+      include Finders::Finding
+      attr_reader :url
+      attr_writer :to_s
+      # @param [ String ] url
+      # @param [ Hash ] opts
+      #   :to_s (override the to_s method)
+      #   See Finders::Finding for other available options
+      def initialize(url, opts = {})
+        @url  = url
+        @to_s = opts[:to_s]
+        parse_finding_options(opts)
+      end
+      # @return [ Array<String> ]
+      def entries
+        res = NS::Browser.get(url)
+        return [] unless res && res.headers['Content-Type'] =~ %r{\Atext/plain;}i
+        res.body.split("\n").reject { |s| s.strip.empty? }
+      end
+      # @return [ String ]
+      def to_s
+        @to_s || url
+      end
+      # @return [ String ]
+      def type
+        @type ||= self.class.to_s.demodulize.underscore
+      end
+      # @return [ Boolean ]
+      def ==(other)
+        self.class == other.class && to_s == other.to_s
+      end
+    end
+  end
+end

data/app/models/robots_txt.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # Robots.txt
+    class RobotsTxt < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "robots.txt found: #{url}"
+      end
+      # @todo Better detection, currently everything not empty or / is returned
+      #
+      # @return [ Array<String> ] The interesting Allow/Disallow rules detected
+      def interesting_entries
+        results = []
+        entries.each do |entry|
+          next unless entry =~ /\A(?:dis)?allow:\s*(.+)\z/i
+          match = Regexp.last_match(1)
+          next if match == '/'
+          results << match
+        end
+        results.uniq
+      end
+    end
+  end
+end

data/app/models/search_replace_db_2.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # SearchReplaceDB2
+    class SearchReplaceDB2 < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Search Replace DB script found: #{url}"
+      end
+      def references
+        @references ||= { url: ['https://interconnectit.com/products/search-and-replace-for-wordpress-databases/'] }
+      end
+    end
+  end
+end

data/app/models/user.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # User
+    class User
+      include Finders::Finding
+      attr_accessor :password
+      attr_reader :id, :username
+      # @param [ String ] username
+      # @param [ Hash ] opts
+      # @option opts [ Integer ] :id
+      # @option opts [ String ] :password
+      def initialize(username, opts = {})
+        @username = username
+        @password = opts[:password]
+        @id       = opts[:id]
+        parse_finding_options(opts)
+      end
+      def ==(other)
+        return false unless self.class == other.class
+        username == other.username && password == other.password
+      end
+      def to_s
+        username
+      end
+    end
+  end
+end

data/app/models/version.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # Version
+    class Version
+      include Finders::Finding
+      attr_reader :number
+      def initialize(number, opts = {})
+        @number = number.to_s
+        @number = "0#{number}" if @number[0, 1] == '.'
+        parse_finding_options(opts)
+      end
+      # @param [ Version, String ] other
+      # rubocop:disable Style/NumericPredicate
+      def ==(other)
+        (self <=> other) == 0
+      end
+      # rubocop:enable all
+      # @param [ Version, String ] other
+      def <(other)
+        (self <=> other) == -1
+      end
+      # @param [ Version, String ] other
+      def >(other)
+        (self <=> other) == 1
+      end
+      # @param [ Version, String ] other
+      def <=>(other)
+        other = self.class.new(other) unless other.is_a?(self.class) # handle potential '.1' version
+        Gem::Version.new(number) <=> Gem::Version.new(other.number)
+      rescue ArgumentError
+        false
+      end
+      def to_s
+        number
+      end
+    end
+  end
+end

data/app/models/xml_rpc.rb ADDED Viewed

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+module CMSScanner
+  module Model
+    # XML RPC
+    class XMLRPC < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "XML-RPC seems to be enabled: #{url}"
+      end
+      # @return [ Browser ]
+      def browser
+        @browser ||= NS::Browser.instance
+      end
+      # @return [ Array<String> ]
+      def available_methods
+        return @available_methods if @available_methods
+        @available_methods = []
+        res = method_call('system.listMethods').run
+        doc = Nokogiri::XML.parse(res.body)
+        doc.search('methodResponse params param value array data value string').each do |s|
+          @available_methods << s.text
+        end
+        @available_methods
+      end
+      # @return [ Boolean ] Whether or not the XMLRPC is enabled
+      def enabled?
+        !available_methods.empty?
+      end
+      # @param [ String ] method_name
+      # @param [ Array ] method_params
+      # @param [ Hash ] request_params
+      #
+      # @return [ Typhoeus::Request ]
+      def method_call(method_name, method_params = [], request_params = {})
+        browser.forge_request(
+          url,
+          request_params.merge(
+            method: :post,
+            body: ::XMLRPC::Create.new.methodCall(method_name, *method_params)
+          )
+        )
+      end
+      # @param [ Array<Array> ] methods_and_params
+      # @param [ Hash ] request_params
+      #
+      # Example of methods_and_params:
+      # [
+      #   [method1, param1, param2],
+      #   [method2, param1],
+      #   [method3]
+      # ]
+      #
+      # @return [ Typhoeus::Request ]
+      def multi_call(methods_and_params = [], request_params = {})
+        browser.forge_request(
+          url,
+          request_params.merge(
+            method: :post,
+            body: ::XMLRPC::Create.new.methodCall(
+              'system.multicall',
+              methods_and_params.collect { |m| { methodName: m[0], params: m[1..-1] } }
+            )
+          )
+        )
+      end
+    end
+  end
+end

data/app/user_agents.txt ADDED Viewed

@@ -0,0 +1,46 @@
+# Windows
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5
+Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1
+Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)
+Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1
+Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
+Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
+Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)
+Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
+# MAC
+Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
+# Linux
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24
+Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9
+Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0
+Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
+Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00
+Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0
+# iPad
+Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53
+Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53
+Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25
+# iPhone
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_3 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B511 Safari/9537.53
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53

data/app/views/cli/core/banner.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <% # Empty file, the banner should be implemented in each scanner %>

data/app/views/cli/core/finished.erb ADDED Viewed

@@ -0,0 +1,8 @@
+<%= info_icon %> Finished: <%= @stop_time.asctime %>
+<%= info_icon %> Requests Done: <%= @requests_done %>
+<%= info_icon %> Cached Requests: <%= @cached_requests %>
+<%= info_icon %> Data Sent: <%= @data_sent.bytes_to_human %>
+<%= info_icon %> Data Received: <%= @data_received.bytes_to_human %>
+<%= info_icon %> Memory used: <%= @used_memory.bytes_to_human %>
+<%= info_icon %> Elapsed time: <%= Time.at(@elapsed).utc.strftime('%H:%M:%S') %>

data/app/views/cli/core/help.erb ADDED Viewed

@@ -0,0 +1,4 @@
+<%= @help %>
+<% if @simple -%>
+[!] To see full list of options use --hh.
+<% end -%>

data/app/views/cli/core/started.erb ADDED Viewed

@@ -0,0 +1,6 @@
+<%= info_icon %> URL: <%= @url %> [<%= @ip %>]
+<% if @url != @effective_url -%>
+<%= info_icon %> Effective URL: <%= @effective_url %>
+<% end -%>
+<%= info_icon %> Started: <%= @start_time.asctime %>

data/app/views/cli/core/version.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ Version: <%= NS::VERSION %>

data/app/views/cli/interesting_findings/_array.erb ADDED Viewed

@@ -0,0 +1,10 @@
+<% unless @a.empty? -%>
+<% if @a.size == 1 -%>
+ | <%= @s %>: <%= @a.first %>
+<% else -%>
+ | <%= @p %>:
+<% @a.each do |line| -%>
+ |  - <%= line %>
+<% end -%>
+<% end -%>
+<% end -%>

data/app/views/cli/interesting_findings/findings.erb ADDED Viewed

@@ -0,0 +1,23 @@
+<% unless @findings.empty? -%>
+Interesting Finding(s):
+<% @findings.each do |finding| -%>
+<%= info_icon %> <%= finding %>
+<%= render('_array', a: finding.interesting_entries, s: 'Interesting Entry', p: 'Interesting Entries') -%>
+ | Found By: <%= finding.found_by %>
+<% if finding.confidence > 0 -%>
+ | Confidence: <%= finding.confidence %>%
+<% end -%>
+<% unless (confirmed = finding.confirmed_by).empty? -%>
+<% if confirmed.size == 1 -%>
+ | Confirmed By: <%= confirmed.first.found_by %><% if confirmed.first.confidence > 0 %>, <%= confirmed.first.confidence %>% confidence<% end %>
+<% else -%>
+ | Confirmed By:
+<% confirmed.each do |c| -%>
+ |  - <%= c.found_by %><% if c.confidence > 0 %>, <%= c.confidence %>% confidence<% end %>
+<% end -%>
+<% end -%>
+<% end -%>
+<%= render('_array', a: finding.references_urls, s: 'Reference', p: 'References') -%>
+<% end -%>
+<% end %>

data/app/views/cli/scan_aborted.erb ADDED Viewed

@@ -0,0 +1,5 @@
+Scan Aborted: <%= @reason %>
+<% if @verbose -%>
+Trace: <%= @trace.join("\n") %>
+<% end %>

data/app/views/cli/usage.erb ADDED Viewed

@@ -0,0 +1,3 @@
+<%= @msg %>
+Please use --help/-h for the list of available options.

data/app/views/json/core/banner.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ <% # Empty file, the banner should be implemented in each scanner %>

data/app/views/json/core/finished.erb ADDED Viewed

@@ -0,0 +1,10 @@
+"stop_time": <%= @stop_time.to_i %>,
+"elapsed": <%= @elapsed.to_i %>,
+"requests_done": <%= @requests_done.to_i %>,
+"cached_requests": <%= @cached_requests.to_i %>,
+"data_sent": <%= @data_sent.to_i %>,
+"data_sent_humanised": <%= @data_sent.bytes_to_human.to_json %>,
+"data_received": <%= @data_received.to_i %>,
+"data_received_humanised": <%= @data_received.bytes_to_human.to_json %>,
+"used_memory": <%= @used_memory.to_i %>,
+"used_memory_humanised": <%= @used_memory.bytes_to_human.to_json %>,

data/app/views/json/core/help.erb ADDED Viewed

@@ -0,0 +1,4 @@
+"help": <%= @help.to_s.to_json %>,
+<% if @simple -%>
+"full_help": "To see full list of options use --hh.",
+<% end -%>

data/app/views/json/core/started.erb ADDED Viewed

@@ -0,0 +1,5 @@
+"start_time": <%= @start_time.to_i %>,
+"start_memory": <%= @start_memory.to_i %>,
+"target_url": <%= @url.to_s.to_json %>,
+"target_ip": <%= @ip.to_s.to_json %>,
+"effective_url": <%= @effective_url.to_s.to_json %>,

data/app/views/json/core/version.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ "version": <%= NS::VERSION.to_s.to_json %>,

data/app/views/json/interesting_findings/findings.erb ADDED Viewed

@@ -0,0 +1,24 @@
+"interesting_findings": [
+<% unless @findings.empty? -%>
+  <% last_index = @findings.size - 1 %>
+  <% @findings.each.with_index do |finding, index| -%>
+    {
+      "url": <%= finding.url.to_s.to_json %>,
+      "to_s": <%= finding.to_s.to_json %>,
+      "type": <%= finding.type.to_json %>,
+      "found_by": <%= finding.found_by.to_s.to_json %>,
+      "confidence": <%= finding.confidence.to_json %>,
+      "confirmed_by": {
+      <% unless (confirmed = finding.confirmed_by).empty? -%>
+      <% c_last_index = confirmed.size - 1 %>
+        <% confirmed.each.with_index do |c, i| -%>
+          <%= c.found_by.to_s.to_json %>: { "confidence": <%= c.confidence.to_json %> }<% unless i == c_last_index %>,<% end %>
+        <% end -%>
+      <% end -%>
+      },
+      "references": <%= finding.references.to_json %>,
+      "interesting_entries": <%= finding.interesting_entries.to_json %>
+    }<% unless index == last_index %>,<% end %>
+  <% end -%>
+<% end -%>
+],

data/app/views/json/scan_aborted.erb ADDED Viewed

@@ -0,0 +1,5 @@
+"scan_aborted": <%= @reason.to_json %>,
+"target_url": <%= @url.to_json %>,
+<% if @verbose -%>
+"trace": <%= @trace.to_json %>,
+<% end %>

data/lib/cms_scanner/browser/actions.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+module CMSScanner
+  class Browser
+    # Browser Actions (get, post etc)
+    module Actions
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Request ]
+      def forge_request(url, params = {})
+        NS::Browser.instance.forge_request(url, params)
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def get(url, params = {})
+        forge_request(url, params.merge(method: :get)).run
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def post(url, params = {})
+        forge_request(url, params.merge(method: :post)).run
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def head(url, params = {})
+        forge_request(url, params.merge(method: :head)).run
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def get_and_follow_location(url, params = {})
+        get(url, { followlocation: true, maxredirs: 3 }.merge(params))
+      end
+    end
+  end
+end

data/lib/cms_scanner/browser/options.rb ADDED Viewed

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+module CMSScanner
+  # Options available in the Browser
+  class Browser
+    OPTIONS = %i[
+      cache_ttl
+      cookie_jar
+      cookie_string
+      connect_timeout
+      disable_tls_checks
+      headers
+      http_auth
+      max_threads
+      proxy
+      proxy_auth
+      random_user_agent
+      request_timeout
+      throttle
+      url
+      user_agent
+      user_agents_list
+      vhost
+    ].freeze
+    attr_accessor(*OPTIONS)
+    # @return [ String ]
+    def default_user_agent
+      "#{NS} v#{NS::VERSION}"
+    end
+    # @return [ Typhoeus::Hydra ]
+    def hydra
+      @hydra ||= Typhoeus::Hydra.new(max_concurrency: max_threads || 1)
+    end
+    # @param [ Hash ] options
+    def load_options(options = {})
+      OPTIONS.each do |sym|
+        send("#{sym}=", options[sym]) if options.key?(sym)
+      end
+    end
+    # Set the threads attribute and update hydra accordinly
+    # If the throttle attribute is > 0, max_threads will be forced to 1
+    #
+    # @param [ Integer ] number
+    def max_threads=(number)
+      @max_threads = number.to_i.positive? && throttle.zero? ? number.to_i : 1
+      hydra.max_concurrency = @max_threads
+    end
+    # @return [ String ] The user agent
+    def user_agent
+      @user_agent ||= random_user_agent ? user_agents.sample : default_user_agent
+    end
+    # @return [ Array<String> ]
+    def user_agents
+      return @user_agents if @user_agents
+      @user_agents = []
+      # The user_agents_list is managed by the CLI options, with the default being
+      # APP_DIR/user_agents.txt
+      File.open(user_agents_list).each do |line|
+        next if line == "\n" || line[0, 1] == '#'
+        @user_agents << line.chomp
+      end
+      @user_agents
+    end
+    # @param [ value ] The throttle time in milliseconds
+    #
+    # if value > 0, the max_threads will be set to 1
+    def throttle=(value)
+      @throttle = value.to_i.abs / 1000.0
+      self.max_threads = 1 if @throttle.positive?
+    end
+    def trottle!
+      sleep(throttle) if throttle.positive?
+    end
+  end
+end