new_cms_scanner 0.13.7

data/lib/cms_scanner.rb

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+
+# Gems
+require 'typhoeus'
+require 'nokogiri'
+require 'yajl/json_gem'
+require 'public_suffix'
+require 'addressable/uri'
+require 'get_process_mem'
+require 'ruby-progressbar'
+require 'opt_parse_validator'
+require 'active_support/concern'
+require 'active_support/inflector'
+# Standard Libs
+require 'erb'
+require 'uri'
+require 'fileutils'
+require 'pathname'
+require 'socket'
+require 'timeout'
+require 'xmlrpc/client'
+# Monkey Patches/Fixes
+require 'cms_scanner/typhoeus/response' # Adds a Response#html using Nokogiri to parse the body
+require 'cms_scanner/typhoeus/hydra' # https://github.com/typhoeus/typhoeus/issues/439
+require 'cms_scanner/public_suffix/domain' # Adds a Domain#match method and logic, used in scope stuff
+require 'cms_scanner/numeric' # Adds a Numeric#bytes_to_human
+# Custom Libs
+require 'cms_scanner/scan'
+require 'cms_scanner/parsed_cli'
+require 'cms_scanner/helper'
+require 'cms_scanner/exit_code'
+require 'cms_scanner/errors'
+require 'cms_scanner/cache/typhoeus'
+require 'cms_scanner/target'
+require 'cms_scanner/browser'
+require 'cms_scanner/version'
+require 'cms_scanner/controller'
+require 'cms_scanner/controllers'
+require 'cms_scanner/formatter'
+require 'cms_scanner/references'
+require 'cms_scanner/finders'
+require 'cms_scanner/vulnerability'
+require 'cms_scanner/progressbar_null_output'
+
+# Module
+module CMSScanner
+  APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
+  NS      = self
+
+  # Avoid memory leak when using Hydra, see https://github.com/typhoeus/typhoeus/issues/562
+  # Requests are still cached via the provided Cache system
+  Typhoeus::Config.memoize = false
+
+  # Number of requests performed and data sent/received to display at the end of the scan
+  Typhoeus.on_complete do |response|
+    self.cached_requests += 1 if response.cached?
+
+    next if response.cached?
+
+    self.total_requests += 1
+    self.total_data_sent += response.request_size
+    self.total_data_received += response.size
+
+    NS::Browser.instance.trottle!
+  end
+
+  # Module to be able to use these class methods when the CMSScanner
+  # is included in another module
+  module ClassMethods
+    # @return [ Integer ]
+    def cached_requests
+      @@cached_requests ||= 0
+    end
+
+    # @param [ Integer ] value
+    def cached_requests=(value)
+      @@cached_requests = value
+    end
+
+    # @return [ Integer ]
+    def total_requests
+      @@total_requests ||= 0
+    end
+
+    # @param [ Integer ] value
+    def total_requests=(value)
+      @@total_requests = value
+    end
+
+    # @return [ Integer ]
+    def total_data_sent
+      @@total_data_sent ||= 0
+    end
+
+    # @param [ Integer ] value
+    def total_data_sent=(value)
+      @@total_data_sent = value
+    end
+
+    # @return [ Integer ]
+    def total_data_received
+      @@total_data_received ||= 0
+    end
+
+    # @param [ Integer ] value
+    def total_data_received=(value)
+      @@total_data_received = value
+    end
+
+    # @return [ Integer ] The memory at the start of the scan (when Scan.new), in B
+    def start_memory
+      @@start_memory ||= 0
+    end
+
+    # @param [ Integer ] value
+    def start_memory=(value)
+      @@start_memory = value
+    end
+
+    # The lowercase name of the scanner
+    # Mainly used in directory paths like the default cookie-jar file and
+    # path to load the cli options from files
+    #
+    # @return [ String ]
+    def app_name
+      to_s.underscore
+    end
+  end
+
+  extend ClassMethods
+
+  def self.included(base)
+    remove_const(:NS)
+    const_set(:NS, base)
+
+    base.extend(ClassMethods)
+    super(base)
+  end
+end
+
+require "#{CMSScanner::APP_DIR}/app"

metadata

@@ -0,0 +1,426 @@
+--- !ruby/object:Gem::Specification
+name: new_cms_scanner
+version: !ruby/object:Gem::Version
+  version: 0.13.7
+platform: ruby
+authors:
+- hehe
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2022-04-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ethon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.14'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.14'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: get_process_mem
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.5
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.11.4
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.14.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.11.4
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.14.0
+- !ruby/object:Gem::Dependency
+  name: opt_parse_validator
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.5
+- !ruby/object:Gem::Dependency
+  name: public_suffix
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.3
+- !ruby/object:Gem::Dependency
+  name: ruby-progressbar
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.10'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.10'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: typhoeus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.3'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: xmlrpc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+- !ruby/object:Gem::Dependency
+  name: yajl-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.4.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.4.1
+- !ruby/object:Gem::Dependency
+  name: sys-proctable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.2
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.11.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.11.0
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.26.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.26.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.13.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.13.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.21.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.21.0
+- !ruby/object:Gem::Dependency
+  name: simplecov-lcov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.8.0
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.14.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.14.0
+description: Framework to provide an easy way to implement CMS Scanners
+email:
+- huong.kieu@tiki.vn
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- app/app.rb
+- app/controllers/core.rb
+- app/controllers/core/cli_options.rb
+- app/controllers/interesting_findings.rb
+- app/finders/interesting_findings.rb
+- app/finders/interesting_findings/fantastico_fileslist.rb
+- app/finders/interesting_findings/headers.rb
+- app/finders/interesting_findings/robots_txt.rb
+- app/finders/interesting_findings/search_replace_db_2.rb
+- app/finders/interesting_findings/xml_rpc.rb
+- app/formatters/cli.rb
+- app/formatters/cli_no_color.rb
+- app/formatters/cli_no_colour.rb
+- app/formatters/json.rb
+- app/models/fantastico_fileslist.rb
+- app/models/headers.rb
+- app/models/interesting_finding.rb
+- app/models/robots_txt.rb
+- app/models/search_replace_db_2.rb
+- app/models/user.rb
+- app/models/version.rb
+- app/models/xml_rpc.rb
+- app/user_agents.txt
+- app/views/cli/core/banner.erb
+- app/views/cli/core/finished.erb
+- app/views/cli/core/help.erb
+- app/views/cli/core/started.erb
+- app/views/cli/core/version.erb
+- app/views/cli/interesting_findings/_array.erb
+- app/views/cli/interesting_findings/findings.erb
+- app/views/cli/scan_aborted.erb
+- app/views/cli/usage.erb
+- app/views/json/core/banner.erb
+- app/views/json/core/finished.erb
+- app/views/json/core/help.erb
+- app/views/json/core/started.erb
+- app/views/json/core/version.erb
+- app/views/json/interesting_findings/findings.erb
+- app/views/json/scan_aborted.erb
+- lib/cms_scanner.rb
+- lib/cms_scanner/browser.rb
+- lib/cms_scanner/browser/actions.rb
+- lib/cms_scanner/browser/options.rb
+- lib/cms_scanner/cache/file_store.rb
+- lib/cms_scanner/cache/typhoeus.rb
+- lib/cms_scanner/controller.rb
+- lib/cms_scanner/controllers.rb
+- lib/cms_scanner/errors.rb
+- lib/cms_scanner/errors/http.rb
+- lib/cms_scanner/errors/scan.rb
+- lib/cms_scanner/exit_code.rb
+- lib/cms_scanner/finders.rb
+- lib/cms_scanner/finders/base_finders.rb
+- lib/cms_scanner/finders/finder.rb
+- lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb
+- lib/cms_scanner/finders/finder/enumerator.rb
+- lib/cms_scanner/finders/finder/fingerprinter.rb
+- lib/cms_scanner/finders/finder/smart_url_checker.rb
+- lib/cms_scanner/finders/finder/smart_url_checker/findings.rb
+- lib/cms_scanner/finders/finding.rb
+- lib/cms_scanner/finders/findings.rb
+- lib/cms_scanner/finders/independent_finder.rb
+- lib/cms_scanner/finders/independent_finders.rb
+- lib/cms_scanner/finders/same_type_finder.rb
+- lib/cms_scanner/finders/same_type_finders.rb
+- lib/cms_scanner/finders/unique_finder.rb
+- lib/cms_scanner/finders/unique_finders.rb
+- lib/cms_scanner/formatter.rb
+- lib/cms_scanner/formatter/buffer.rb
+- lib/cms_scanner/helper.rb
+- lib/cms_scanner/numeric.rb
+- lib/cms_scanner/parsed_cli.rb
+- lib/cms_scanner/progressbar_null_output.rb
+- lib/cms_scanner/public_suffix/domain.rb
+- lib/cms_scanner/references.rb
+- lib/cms_scanner/scan.rb
+- lib/cms_scanner/target.rb
+- lib/cms_scanner/target/hashes.rb
+- lib/cms_scanner/target/platform.rb
+- lib/cms_scanner/target/platform/php.rb
+- lib/cms_scanner/target/scope.rb
+- lib/cms_scanner/target/server.rb
+- lib/cms_scanner/target/server/apache.rb
+- lib/cms_scanner/target/server/generic.rb
+- lib/cms_scanner/target/server/iis.rb
+- lib/cms_scanner/target/server/nginx.rb
+- lib/cms_scanner/typhoeus/hydra.rb
+- lib/cms_scanner/typhoeus/response.rb
+- lib/cms_scanner/version.rb
+- lib/cms_scanner/vulnerability.rb
+- lib/cms_scanner/web_site.rb
+homepage: https://github.com/huongit3bk/CMSScanner
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.5'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.9
+signing_key: 
+specification_version: 4
+summary: CMS Scanner Framework Fixed
+test_files: []