ronin-scanners 0.1.4 → 1.0.0.pre1

data/lib/ronin/scanners/{nikto/nikto.rb → proxies.rb}

@@ -1,9 +1,8 @@
 #
-#--
 # Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
 # various third-party security scanners.
 #
-# Copyright (c) 2008-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
+# Copyright (c) 2008-2012 Hal Brodigan (postmodern.mod3 at gmail.com)
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,37 +17,23 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#++
 #
 
-require 'ronin/scanners/nikto/nikto_task'
-
-require 'rprogram/program'
+require 'ronin/scanners/nmap'
 
 module Ronin
   module Scanners
-    class Nikto < RProgram::Program
-      
-      name_program 'nikto'
-      alias_program 'nikto.pl'
+    #
+    # The {Proxies} scanner scans known proxy ports.
+    #
+    class Proxies < Nmap
 
-      #
-      # Perform a Nikto scan using the given _options_ and _block_.
-      # If a _block_ is given, it will be passed a newly created
-      # NiktoTask object.
-      #
-      def self.scan(options={},&block)
-        self.find.scan(options,&block)
-      end
+      parameter :ports, :description => 'The ports to scan for proxies',
+                        :default => [
+                          80, 280, 443, 591, 593, 808, 3128, 5800..5803,
+                          8008, 8080, 8888, 8443, 9050, 9999
+                        ]
 
-      #
-      # Perform a Nikto scan using the given _options_ and _block_.
-      # If a _block_ is given, it will be passed a newly created
-      # NiktoTask object.
-      #
-      def scan(options={},&block)
-        run_task(NiktoTask.new(options,&block))
-      end
     end
   end
 end

data/lib/ronin/scanners/resolv_scanner.rb

@@ -0,0 +1,73 @@
+#
+# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
+# various third-party security scanners.
+#
+# Copyright (c) 2008-2012 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+require 'ronin/scanners/ip_scanner'
+
+require 'resolv'
+
+module Ronin
+  module Scanners
+    #
+    # The {ResolvScanner} scans the IP addresses associated with a
+    # host-name.
+    #
+    class ResolvScanner < IPScanner
+
+      parameter :host, :description => 'The host to resolv'
+
+      protected
+
+      #
+      # Resolvs the IP addresses for the host.
+      #
+      # @yield [ip]
+      #   The given block will be passed each IP address associated with the
+      #   host.
+      #
+      # @yieldparam [String] ip
+      #   An IP address of the host.
+      #
+      def scan(&block)
+        Resolv.getaddresses(self.host).each(&block)
+      end
+
+      #
+      # Queries or creates a new IPAddress resource for the given result.
+      #
+      # @param [IPAddr] result
+      #   The ip address.
+      #
+      # @return [IPAddress]
+      #   The IPAddress resource from the Database.
+      #
+      def new_resource(result)
+        # get an IP address
+        ip = IPAddress.first_or_new(:address => result)
+
+        # associate the IP address with the host we are resolving
+        ip.host_names.first_or_new(:address => self.host.to_s)
+
+        return ip
+      end
+
+    end
+  end
+end

data/lib/ronin/scanners/reverse_lookup_scanner.rb

@@ -0,0 +1,76 @@
+#
+# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
+# various third-party security scanners.
+#
+# Copyright (c) 2008-2012 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+require 'ronin/scanners/host_name_scanner'
+
+require 'resolv'
+
+module Ronin
+  module Scanners
+    #
+    # The {ReverseLookupScanner} scans the host-name(s) associated with
+    # an IP address.
+    #
+    class ReverseLookupScanner < HostNameScanner
+
+      parameter :host, :description => 'The IP address to reverse lookup'
+
+      protected
+
+      #
+      # Performs a reverse lookup on an IP address.
+      #
+      # @yield [host]
+      #   The host name associated with the IP address.
+      #
+      # @yieldparam [String] host
+      #   A host name associated with the IP address.
+      #
+      # @since 1.0.0
+      #
+      def scan(&block)
+        Resolv.getnames(self.host).each(&block)
+      end
+
+      #
+      # Queries or creates a new HostName resource for the result.
+      #
+      # @param [String] result
+      #   The host name.
+      #
+      # @return [HostName]
+      #   The HostName resource from the Database.
+      #
+      # @since 1.0.0
+      #
+      def new_resource(result)
+        # get a host name
+        host_name = HostName.first_or_new(:address => result)
+
+        # associate the host name with the IP address we are looking up
+        host_name.ip_addresses.first_or_new(:address => self.host.to_s)
+
+        return host_name
+      end
+
+    end
+  end
+end

data/lib/ronin/scanners/scanner.rb

@@ -0,0 +1,371 @@
+#
+# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
+# various third-party security scanners.
+#
+# Copyright (c) 2008-2012 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+require 'ronin/script'
+
+module Ronin
+  module Scanners
+    #
+    # The {Scanner} base class allows for defining various types of
+    # scanners. All scanners are Enumerable, have Parameters and are
+    # Cacheable.
+    #
+    # # Metadata
+    #
+    # A {Scanner} can be described by metadata, which is cached into the
+    # Ronin Database. The cacheable metadata must be defined within a
+    # `cache` block, so that the metadata is set only before the scanner
+    # is cached:
+    #
+    #     cache do
+    #       self.name = 'ZIP Scanner'
+    #       self.description = %{
+    #         A scanner which finds ZIP files on a system.
+    #       }
+    #     end
+    #
+    # ## License
+    #
+    # A {Scanner} may be associated with a specific software license using
+    # the `license!` method:
+    # 
+    #     cache do
+    #       # ...
+    #
+    #       self.license! :mit
+    #     end
+    #
+    # # Methods
+    #
+    # The primary method which will perform the scanning and yielding back
+    # of results is {#scan}.
+    #
+    # The {Scanner} class defines three other methods for enumerating
+    # results using {#scan}:
+    #
+    # * {#each} - enumerates over the normalized results, using
+    #   {#normalize_result} to normalize the results.
+    # * {#each_resource} - enumerates over resources that were
+    #   created from the results, using {#new_resource}.
+    # * {#import} - saves the resources into the Database, while
+    #   enumerating over the resources.
+    #
+    # # Scanner Base Classes
+    #
+    # * {IPScanner}
+    # * {HostNameScanner}
+    # * {TCPPortScanner}
+    # * {UDPPortScanner}
+    # * {URLScanner}
+    #
+    # # Specialized Scanner Classes
+    #
+    # * {ResolvScanner}
+    # * {ReverseLookupScanner}
+    # * {SiteMap}
+    # * {Spider}
+    # * {Nmap}
+    # * {Proxies}
+    #
+    class Scanner
+
+      include Script
+      include Enumerable
+
+      # The primary-key of the scanner
+      property :id, Serial
+
+      #
+      # Creates a new {Scanner} object.
+      #
+      # @param [Hash] options
+      #   Additional options for the scanner.
+      #
+      # @since 1.0.0
+      #
+      # @api public
+      #
+      def initialize(options={})
+        super(options)
+
+        initialize_params(options)
+      end
+
+      #
+      # Initializes the scanner and imports the scan results.
+      #
+      # @param [Hash] options
+      #   Options for the scanner.
+      #
+      # @yield [result]
+      #   The given block will be passed each "result" from the scan.
+      #
+      # @yieldparam [Object] result
+      #   A "result" from the scan.
+      #
+      # @return [Enumerator]
+      #   If no block is given, an Enumerator will be returned.
+      #
+      # @see #each
+      #
+      # @since 1.0.0
+      #
+      # @api public
+      #
+      def self.each(options={},&block)
+        new(options).each(&block)
+      end
+
+      #
+      # Initializes the scanner and performs a scan.
+      #
+      # @param [Hash] options
+      #   Options for the scanner.
+      #
+      # @yield [resource]
+      #   The given block will be passed every scanned resource.
+      #
+      # @yieldparam [DataMapper::Resource] resource
+      #   A resource found by the scanner.
+      #
+      # @return [Array<DataMapper::Resource>]
+      #   If no block is given, an Array of scanned resources will be returned.
+      #
+      # @see #each_resource
+      #
+      # @since 1.0.0
+      #
+      # @api public
+      #
+      def self.scan(options={},&block)
+        scanner = new(options)
+
+        if block then scanner.each_resource(&block)
+        else          scanner.each_resource.to_a
+        end
+      end
+
+      #
+      # Initializes the scanner and imports the scan results.
+      #
+      # @param [Hash] options
+      #   Options for the scanner.
+      #
+      # @yield [resource]
+      #   The given block will be passed every saved scanner result.
+      #
+      # @yieldparam [DataMapper::Resource] resource
+      #   A resource saved by the scanner.
+      #
+      # @return [Array<DataMapper::Resource>]
+      #   If no block is given, an Array of saved scanner resources will be
+      #   returned.
+      #
+      # @see #import
+      #
+      # @since 1.0.0
+      #
+      # @api public
+      #
+      def self.import(options={},&block)
+        scanner = new(options)
+
+        if block then scanner.import(&block)
+        else          scanner.import.to_a
+        end
+      end
+
+      #
+      # Performs the scan.
+      #
+      # @yield [result]
+      #   The given block will be passed each "result" from the scan.
+      #
+      # @yieldparam [Object] result
+      #   A "result" from the scan.
+      #
+      # @return [Scanner, Enumerator]
+      #   If no block was given, an `Enumerator` object will be returned.
+      #
+      # @since 1.0.0
+      #
+      # @api public
+      #
+      def each
+        return enum_for(__method__) unless block_given?
+
+        scan do |result|
+          if result
+            if (result = normalize_result(result))
+              yield result
+            end
+          end
+        end
+
+        return self
+      end
+
+      #
+      # Creates new resource objects from the scan results.
+      #
+      # @yield [resource]
+      #   The given block will be passed each resource.
+      #
+      # @yieldparam [DataMapper::Resource] resource
+      #   A new or pre-existing resource.
+      #
+      # @return [Scanner, Enumerator]
+      #   If no block was given, an `Enumerator` object will be returned.
+      #
+      # @since 1.0.0
+      #
+      # @api public
+      #
+      def each_resource
+        return enum_for(__method__) unless block_given?
+
+        scan do |result|
+          if result
+            if (result = normalize_result(result))
+              if (resource = new_resource(result))
+                yield resource
+              end
+            end
+          end
+        end
+      end
+
+      #
+      # Imports the scan results into the Database.
+      #
+      # @yield [resource]
+      #   The given block will be passed each resource, after it has
+      #   been saved into the Database.
+      #
+      # @yieldparam [DataMapper::Resource] resource
+      #   A resource that exists in the Database.
+      #
+      # @return [Scanner, Enumerator]
+      #   If no block was given, an `Enumerator` object will be returned.
+      #
+      # @since 1.0.0
+      #
+      # @api public
+      #
+      def import
+        return enum_for(__method__) unless block_given?
+
+        each_resource do |resource|
+          yield resource if resource.save
+        end
+      end
+
+      #
+      # Runs the scanner.
+      #
+      # @param [Hash] options
+      #   Additional options to run the scanner with.
+      #
+      # @option options [Integer] :first
+      #   Only print the first n results.
+      #
+      # @option options [Boolean] :import
+      #   Specifies whether to save the results in the Database.
+      #
+      # @see #each
+      # @see #import
+      #
+      # @since 1.0.0
+      #
+      # @api public
+      #
+      def run(options={})
+        first_n = options.fetch(:first,Float::INFINITY)
+        enum    = if options[:import] then import
+                  else                     each
+                  end
+
+        print_info "[#{self}] Scanning ..."
+
+        count = 0
+
+        enum.each_with_index do |result|
+          count += 1
+
+          puts result
+          yield result if block_given?
+
+          break if count >= first_n
+        end
+
+        print_info "[#{self}] Scan complete."
+      end
+
+      protected
+
+      #
+      # The default method which normalizes results.
+      #
+      # @param [Object] result
+      #   The incoming result.
+      #
+      # @return [Object]
+      #   The normalized result.
+      #
+      # @since 1.0.0
+      #
+      # @api semipublic
+      #
+      def normalize_result(result)
+        result
+      end
+
+      #
+      # Creates a new Database resource.
+      #
+      # @param [Object] result
+      #   A result from the scan.
+      #
+      # @return [DataMapper::Resource, nil]
+      #   The resource created from the result, or `nil` if a resource
+      #   could not be created from the result.
+      #
+      # @since 1.0.0
+      #
+      # @api semipublic
+      #
+      def new_resource(result)
+        nil
+      end
+
+      #
+      # The default method which will actually perform the scanning.
+      #
+      # @since 1.0.0
+      #
+      # @api semipublic
+      #
+      def scan(&block)
+      end
+
+    end
+  end
+end