sekureco 0.0.4 → 0.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 49e51c0ad090d65782fec8ffce7734f9af7d8208
-  data.tar.gz: ce0d217464dd29bd936dd1bf4d2c44489605820b
+  metadata.gz: 27cb92f9e36843229fcb3f9f80afb45af8849330
+  data.tar.gz: a004e79563b2fdcaab2b2245a695d50f6fe59ea4
 SHA512:
-  metadata.gz: 4bb51a8f4674f6a39497b8e815011a4b2df0abc76bf9713d79703231dc153d1ab326ab871dcc6d40f6f4ca2cc35e02d7ccee0bf7bf342d22d0f164b437de5366
-  data.tar.gz: 4d839eb87ccbc0d2ebbf2aa0ff95f2386f830a4e83f9ffea1b8e01c591eda446c98099dde1397c3ca7604c37aa938bc4dd83b1c4738f6be94607759c0935c84b
+  metadata.gz: 2792fd89554ca20c9fefbfb878e9f6c74291d61e69ff6c3a6b9603948245590bfab7cce710ec87cfe8252215f23b7237dff68f768c5b90f26c634b46b96562f1
+  data.tar.gz: 9a963fb006ebbaf876341b34188b357cf679827d5e0b026ffafb026b4f77fdd46e15bdbb94b340881f9ccbc4c157dfb0179cdd08b90ddd67ff20f4b483a91a6d

data/lib/sekureco/web_crawler.rb

@@ -2,17 +2,21 @@ require_relative 'html_page'
 require_relative 'http_client'
 
 require 'logger'
-require 'launchy'
 
 module Sekureco
 
   def self.logger
-    @logger ||= Logger.new(File.new("sekureco.log", "w"))
+    create_log_directory
+    @logger ||= Logger.new(File.new("log/sekureco.log", "w"))
+  end
+
+  def self.create_log_directory
+    Dir.mkdir("log") unless File.exists?("log")
   end
 
   class WebCrawler
 
-    MAX_DIST = 4
+    MAX_DIST_FROM_SOURCE_PAGE = 4
 
     def initialize url, username = nil, password = nil, app_token = 'foo'
       @uri = URI url
@@ -56,9 +60,9 @@ module Sekureco
             end
           end
         end
-        @vulnerabilities = true if detect_embedded_scripts_in(@current_page)
-        if @vulnerabilities
+        if detect_embedded_scripts_in(@current_page)
           Sekureco.logger.info "Successfully applied XSS attack"
+          @vulnerabilities_found = true
           confirm_attack
         end
       end
@@ -92,7 +96,8 @@ module Sekureco
 
     def test_application
       2.times { self.crawl }
-      @vulnerabilities
+      clear_temporary_files
+      @vulnerabilities_found
     end
 
     private
@@ -114,7 +119,7 @@ module Sekureco
       end
 
       def too_deep? page
-        @distance[page] >= MAX_DIST
+        @distance[page] >= MAX_DIST_FROM_SOURCE_PAGE
       end
 
       def possible_login_fields
@@ -137,8 +142,8 @@ module Sekureco
       end
 
       def confirm_attack
-        File.open("current_page.html", "w+") { |f| f.write(@current_page) }
-        Launchy.open("#{Dir.pwd}/current_page.html")
+        File.open(current_page_file_path, "w+") { |f| f.write(@current_page) }
+        system "xdg-open #{current_page_file_path}"
       end
 
       def detect_embedded_scripts_in html_page
@@ -153,6 +158,14 @@ module Sekureco
           uri.path
         end
       end
+
+      def current_page_file_path
+        "#{Dir.pwd}/log/current_page_#{@app_token}.html"
+      end
+
+      def clear_temporary_files
+        system "fuser -k -TERM #{current_page_file_path}"
+      end
   end
 
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sekureco
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Pedro de Lyra
@@ -9,21 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 date: 2017-10-17 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: launchy
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0'
+dependencies: []
 description: A tool to perform penetration tests on web applications
 email: pedrodelyra@gmail.com
 executables: []