simple_whatweb 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b26c444e4ee7222cbb6eaa591cf2d42a5d660b925b3b2d799748dd35df772415
-  data.tar.gz: 2820aeabc58670b9366ec682418d526f9c55b4612a926e0462869da8e5057d3b
+  metadata.gz: 74949bba132a54310d0734e532ea57ea10df193d42748826bb1ec8f0a94ce704
+  data.tar.gz: dff1cb823b0c7f36e38524eeba7433267d06120f23bd7c64df696d917b93a6a6
 SHA512:
-  metadata.gz: cceb40628b9e2523303ec38d96ca21306e19dfdddc94a8ae8f64650c4fca7a3e2826e2c7255ad3c1a4e02611dcbbc25f8064d404bc91ef4c1f0ca3c419668337
-  data.tar.gz: 8801947ff6d7582629b1db2d049b8c1a75d350e5e7c3419bed534fb7a5caf565469c6f936d27dbd82a8991b85e1edaf858f3a945094ff6c0c8be5bb3553f5d10
+  metadata.gz: 78c15492948ebae1399a703f0e57072881e0fbf57451f4f8ac79ef350ca2f325108618207724f0eee36db8479a3c91b3effaeab7b4e66b051d7f8e54aad14cf3
+  data.tar.gz: a3e404817a1d41a34b54972bc534a4ffc86cdb6b4112c6ab23468b1f4410da5fa9e1db26713f05ddcdc64ac5540422530cfb8a4b9bd0a9d5441101fd4e7c4669

data/.rubocop.yml

@@ -0,0 +1,172 @@
+# Relaxed.Ruby.Style
+## Version 2.2
+
+AllCops:
+  TargetRubyVersion: 2.5
+
+Style/Alias:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylealias
+
+Style/AsciiComments:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styleasciicomments
+
+Style/BeginBlock:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylebeginblock
+
+Style/BlockDelimiters:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styleblockdelimiters
+
+Style/CommentAnnotation:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylecommentannotation
+
+Style/Documentation:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styledocumentation
+
+Layout/DotPosition:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#layoutdotposition
+
+Style/DoubleNegation:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styledoublenegation
+
+Style/EndBlock:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styleendblock
+
+Style/FormatString:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styleformatstring
+
+Style/IfUnlessModifier:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styleifunlessmodifier
+
+Style/Lambda:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylelambda
+
+Style/ModuleFunction:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylemodulefunction
+
+Style/MultilineBlockChain:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylemultilineblockchain
+
+Style/NegatedIf:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylenegatedif
+
+Style/NegatedWhile:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylenegatedwhile
+
+Style/ParallelAssignment:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styleparallelassignment
+
+Style/PercentLiteralDelimiters:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylepercentliteraldelimiters
+
+Style/PerlBackrefs:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styleperlbackrefs
+
+Style/Semicolon:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylesemicolon
+
+Style/SignalException:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylesignalexception
+
+Style/SingleLineBlockParams:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylesinglelineblockparams
+
+Style/SingleLineMethods:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylesinglelinemethods
+
+Layout/SpaceBeforeBlockBraces:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#layoutspacebeforeblockbraces
+
+Layout/SpaceInsideParens:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#layoutspaceinsideparens
+
+Style/SpecialGlobalVars:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylespecialglobalvars
+
+Style/StringLiterals:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylestringliterals
+
+Style/TrailingCommaInArguments:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styletrailingcommainarguments
+
+Style/TrailingCommaInArrayLiteral:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styletrailingcommainarrayliteral
+
+Style/TrailingCommaInHashLiteral:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#styletrailingcommainhashliteral
+
+Style/SymbolArray:
+  Enabled: false
+  StyleGuide: http://relaxed.ruby.style/#stylesymbolarray
+
+Style/WhileUntilModifier:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylewhileuntilmodifier
+
+Style/WordArray:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#stylewordarray
+
+Lint/AmbiguousRegexpLiteral:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#lintambiguousregexpliteral
+
+Lint/AssignmentInCondition:
+  Enabled: false
+  StyleGuide: https://relaxed.ruby.style/#lintassignmentincondition
+
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/BlockNesting:
+  Enabled: false
+
+Metrics/ClassLength:
+  Enabled: false
+
+Metrics/ModuleLength:
+  Enabled: false
+
+Metrics/CyclomaticComplexity:
+  Enabled: false
+
+Metrics/LineLength:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false
+
+Metrics/ParameterLists:
+  Enabled: false
+
+Metrics/PerceivedComplexity:
+  Enabled: false

data/README.md

@@ -34,21 +34,19 @@ Or install it yourself as:
 
 ### As a CLI
 
-```
-Usage:
-  whatweb scan URL
-
-Options:
-  [--aggressive], [--no-aggressive]
-  [--default], [--no-default]
+#### Commands
 
-Scan against a given URL
+```
+Commands:
+  whatweb help [COMMAND]  # Describe available commands or one specific command
+  whatweb list_plugins    # List all plugins
+  whatweb scan URL        # Scan against a given URL
 ```
 
-**Example**
+#### Example
 
 ```bash
-whatweb scan http://localhost:8000 | jq .
+$ whatweb scan http://localhost:8000 | jq .
 ```
 
 ```json

data/lib/whatweb/cli.rb

@@ -15,6 +15,13 @@ module WhatWeb
       end
     end
 
+    desc "list_plugins", "List all plugins"
+    def list_plugins
+      with_error_handling do
+        puts plugin_names.to_json
+      end
+    end
+
     no_commands do
       def execute_plugins(url, is_aggressive = false)
         plugins = PluginManager.instance.load_plugins
@@ -28,6 +35,19 @@ module WhatWeb
         results
       end
 
+      def plugin_names
+        plugins = PluginManager.instance.load_plugins
+        plugins.map do |name, plugin|
+          {
+            name: name,
+            author: plugin.author.encode("UTF-8"),
+            description: plugin.description.encode("UTF-8"),
+            website: plugin.website,
+            version: plugin.version
+          }
+        end
+      end
+
       def with_error_handling
         yield
       rescue StandardError => e

data/lib/whatweb/helper.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require "digest/md5"
 require "sanitize"
 

data/lib/whatweb/matcher.rb

@@ -10,4 +10,3 @@ require_relative "matcher/tag_pattern"
 require_relative "matcher/text"
 require_relative "matcher/url"
 require_relative "matcher/version"
-

data/lib/whatweb/matcher/status.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WhatWeb
   module Matcher
     class Status < Base
@@ -12,4 +14,4 @@ module WhatWeb
       end
     end
   end
-end
+end

data/lib/whatweb/matcher/url.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WhatWeb
   module Matcher
     class URL < Base
@@ -21,7 +23,7 @@ module WhatWeb
         elsif is_relative? && has_query?
           "#{target.uri.path}?#{target.uri.query}".match? /#{url}$/
         elsif !is_relative? && has_query?
-          "#{target.uri.path}?#{target.uri.query}" == url
+          url == "#{target.uri.path}?#{target.uri.query}"
         else
           # !is_relative? && !has_query?
           target.uri.path == url
@@ -29,4 +31,4 @@ module WhatWeb
       end
     end
   end
-end
+end

data/lib/whatweb/matcher/version.rb

@@ -3,6 +3,7 @@
 module WhatWeb
   module Matcher
     class Version
+      attr_reader :name, :versions, :files, :url, :best_versions
       def initialize(name_product = nil, versions = nil, url = nil)
         raise ArgumentError, 'You must specify the name of the product' if name_product.nil?
         raise ArgumentError, 'You must specify the available versions of the product' if versions.nil?
@@ -10,51 +11,34 @@ module WhatWeb
 
         @name = name_product
         @versions = versions
-        @files = Hash['filenames' => [], 'files' => [], 'md5' => []]
+        @files = { 'filenames' => [], 'files' => [], 'md5' => [] }
         @url = url
-        @got_best_versions = false
         @best_versions = []
 
-        versions.each do |version|
-          version[1].each do |file|
-            next if @files['filenames'].include? file[0]
-            @files['filenames'].push(file[0])
-            @files['files'].push(URI.join(@url.to_s, file[0]).to_s)
-            target = Target.new(@files['files'].last)
-            @files['md5'].push(target.md5sum)
-          end
-        end
-      end
+        versions.each do |_version, value|
+          # e.g. key => "5.0.0"
+          # e.g. value => [["login.php", "59a69886a8c006d607369865f1b4a28c"]]]
+          value.each do |filename, _md5|
+            next if @files['filenames'].include? filename
+            @files['filenames'] << filename
 
-      def best_matches
-        return @best_versions if @got_best_versions == true
+            url = URI.join(@url.to_s, filename.to_s)
+            @files['files'] << url
 
-        @versions.each do |version|
-          count = 0
-          version[1].each do |file|
-            i = @files['filenames'].index(file[0])
-            count += 1 if @files['md5'][i] == file[1]
-          end
-          while !@best_versions.empty? && @best_versions[0][1] < count
-            @best_versions.delete_at(0)
-          end
-          if count > 0 && (@best_versions.empty? || @best_versions[0][1] == count) && \
-             !@best_versions.include?([version[0], count])
-            @best_versions.insert(0, [version[0], count])
+            target = Target.new(url)
+            @files['md5'] << target.md5sum
           end
         end
+      end
 
-        @got_best_versions = true
-        @best_versions.flatten!
-
-        @best_versions.each_index { |i| @best_versions.delete_at(i + 1) }.sort!
-
-        @best_versions
+      def best_match
+        versions.max { |x, y| x[1].length <=> y[1].length }
       end
 
       def matches_format
-        best_matches if @got_best_versions == false
-        @best_versions
+        return [] if versions.empty?
+        version, _files = best_match
+        [version]
       end
     end
   end

data/lib/whatweb/plugins/achecker.rb

@@ -35,9 +35,8 @@ WhatWeb::Plugin.define "AChecker" do
       if /	<\/td><td><span> Version: ([\d\.]+)<\/span><\/td>/.match?(target.body)
         version = target.body.scan(/	<\/td><td><span> Version: ([\d\.]+)<\/span><\/td>/)[0][0]
         m << { version: version }
-             end
+      end
     end
-
     m
   end
 end

data/lib/whatweb/plugins/amxmodx.rb

@@ -35,8 +35,7 @@ WhatWeb::Plugin.define "AMX-Mod-X" do
     if target.body =~ /amx_sql_host[\s]+"([^\"]*)"/ && target.body =~ /amx_sql_user[\s]+"([^\"]+)"/ && target.body =~ /amx_sql_pass[\s]+"([^\"]*)"/
       version = target.body.scan(/amx_sql_user[\s]+"([^\"]+)"/)[0][0] + ":" + target.body.scan(/amx_sql_pass[\s]+"([^\"]*)"/)[0][0] + "@" + target.body.scan(/amx_sql_host[\s]+"([^\"]+)"/)[0][0]
       m << { version: version }
-          end
-
+    end
     m
   end
 end

data/lib/whatweb/plugins/apache-tomcat.rb

@@ -39,40 +39,30 @@ WhatWeb::Plugin.define "Apache-Tomcat" do
 
   ]
 
-  def random_string(length = 32)
-    # should probably be moved somewhere else to be used in other plugins
-    (1..length).map{ |_i| ('a'..'z').to_a[rand(26)] }.join
-  end
-
   ##
   # get a random page to check for default 404 tomcat page
   ##
   def version_from_404(target)
-    new_url = "http://#{target.uri.host}:#{target.uri.port}/#{random_string}"
+    new_url = "#{target.uri.scheme}://#{target.uri.host}:#{target.uri.port}/#{randstr}"
     info = []
-    begin
-      new_target = WhatWeb::Target.new(new_url)
-
-      if new_target.status == 404
-        v = new_target.body.scan(/Apache Tomcat\/([456]\.\d+\.\d+)/)[0]
-        unless v.nil?
-          info << { name: "Tomcat version", certainty: 100, version: v }
-        end
+    new_target = WhatWeb::Target.new(new_url)
+    if new_target.status == 404
+      v = new_target.body.scan(/Apache Tomcat\/([456]\.\d+\.\d+)/)[0]
+      unless v.nil?
+        info << { name: "Tomcat version", certainty: 100, version: v }
       end
-    rescue StandardError => _
-      # do nothing
     end
     info
   end
 
   def aggressive(target)
-    info = version_from_404(target)
-
-    if info.empty?
+    begin
+      info = version_from_404(target)
+    rescue StandardError => e
+      p e
       []
-    else
-      info
-     end
+    end
+    info
     # TODO version can also be retrieve from 500 error page
   end
 end

data/lib/whatweb/plugins/contao.rb

@@ -66,7 +66,6 @@ WhatWeb::Plugin.define "Contao" do
     to_download = files.map { |x| x[:path] }.sort.uniq
     downloads = {}
     to_download.each do |d|
-
       url = URI.join(target.uri.to_s, d).to_s
       new_target = WhatWeb::Target.new(url)
       downloads[d] = { md5sum: new_target.md5sum }

data/lib/whatweb/plugins/country.rb

@@ -43,7 +43,7 @@ WhatWeb::Plugin.define "Country" do
         File.open(whatweb_folder + "/country-ips.dat", "wb") do |wfile|
           IO.foreach(whatweb_folder + "/IpToCountry.csv") do |line|
             next if line !~ /^"/
-            s, e, d1, d2, co = line.delete!("\"").split(",")
+            s, e, _d1, _d2, co = line.delete!("\"").split(",")
             s, e = s.to_i, e.to_i
             if !last_start
               # initialize with first entry

data/lib/whatweb/plugins/episerver.rb

@@ -1,4 +1,3 @@
-# coding: ascii-8bit
 # frozen_string_literal: true
 
 ##

data/lib/whatweb/plugins/escenic.rb

@@ -1,4 +1,3 @@
-# coding: ascii-8bit
 # frozen_string_literal: true
 
 ##

data/lib/whatweb/plugins/google-hack-honeypot.rb

@@ -92,8 +92,8 @@ WhatWeb::Plugin.define "Google-Hack-Honeypot" do
     # Password format: WebAdmin:ae[11-random-characters]
     # Refresh URL and see if the password changed
     if target.uri.to_s =~ /\/passwd\.txt$/ && target.body =~ /^WebAdmin:ae[\w]{11}$/
-      status, url, ip, body, headers = open_target(target.uri.to_s)
-      if body != target.body
+      new_target = WhatWeb::Target.new(target.uri.to_s)
+      if new_target.body != target.body
         m << { module: "wwwboard passwd.txt" }
       end
 

data/lib/whatweb/plugins/htpasswd.rb

@@ -73,16 +73,13 @@ WhatWeb::Plugin.define "htpasswd" do
                # Display hash if unknown
                else
                  { account: line.to_s }
-                    end
-
+               end
              # Display hash if user is not "admin"
              else
                { account: line.to_s }
              end
       end
-
     end
-
     m
   end
 end

data/lib/whatweb/plugins/mac-osx-server.rb

@@ -1,4 +1,3 @@
-# coding: ascii-8bit
 # frozen_string_literal: true
 
 ##

data/lib/whatweb/plugins/magento.rb

@@ -13,7 +13,7 @@ WhatWeb::Plugin.define "Magento" do
   @website = "http://www.magentocommerce.com"
 
   @dorks = [
-    "Magento is a trademark of Magento Inc. Copyright" "admin",
+    'Magento is a trademark of Magento Inc. Copyright" "admin"',
     'intitle:"Magento Downloader" "Report All Bugs"'
   ]
 

data/lib/whatweb/plugins/mysource-matrix.rb

@@ -41,14 +41,13 @@ WhatWeb::Plugin.define "MySource-Matrix" do
         version = target.body.scan(/MySource Matrix ([\d\.]+)/)[0][0]
         m << { version: version }
       end
-          end
+    end
 
     # HTML comment
     if /	Running Squiz MySource v([\d\.]+) \(Matrix\) - http:\/\/matrix.squiz.net\//.match?(target.body)
       version = target.body.scan(/	Running Squiz MySource v([\d\.]+) \(Matrix\) - http:\/\/matrix.squiz.net\//)[0][0]
       m << { version: version }
     end
-
     m
   end
 end

data/lib/whatweb/plugins/phpwcms.rb

@@ -27,12 +27,11 @@ WhatWeb::Plugin.define "phpwcms" do
     m = []
 
     if /phpwcms \| open source web content management system/.match?(target.body)
-      if /          Release: ([\d\.\-A-Z]+) [\d\-]+\/\/-->/.match?(target.body)
-        version = target.body.scan(/          Release: ([\d\.\-A-Z]+) [\d\-]+\/\/-->/)[0][0]
+      if /Release: ([\d\.\-A-Z]+) [\d\-]+\/\/-->/.match?(target.body)
+        version = target.body.scan(/Release: ([\d\.\-A-Z]+) [\d\-]+\/\/-->/)[0][0]
         m << { version: version }
-            end
+      end
     end
-
     m
   end
 end

data/lib/whatweb/plugins/title.rb

@@ -26,12 +26,10 @@ WhatWeb::Plugin.define "Title" do
     title = html.css("title")
     if title
       # Give warining if title element contains newline(s)
-      if title.text.include? "\n"
-        m << { name: "WARNING", module: "Title element contains newline(s)!" }
-      end
+      m << { name: "WARNING", module: "Title element contains newline(s)!" } if title.text.include? "\n"
       # Strip all newlines in title string (for better output)
       m << { name: "page title", string: title.text.strip }
-     end
+    end
     m
   end
 end

data/lib/whatweb/plugins/vulnerable-to-xss.rb

@@ -18,12 +18,11 @@ WhatWeb::Plugin.define "Vulnerable-To-XSS" do
     m = []
     result = ""
     if /<script>([\s]*)(alert\([a-zA-Z0-9\/\'\"]+\))([\s]*[\;]?[\s]*)<\/script>/i.match?(target.body)
-      version = target.body.scan(/<script>([\s]*)(alert\([a-zA-Z0-9\/\'\"]+\))[\s]*[\;]?[\s]*<\/script>/i) { |match|
+      target.body.scan(/<script>([\s]*)(alert\([a-zA-Z0-9\/\'\"]+\))[\s]*[\;]?[\s]*<\/script>/i) { |match|
         result << "#{match} "
       }
       m << { version: result, certainty: 25 }
     end
-
     m
   end
 end

data/lib/whatweb/target.rb

@@ -8,7 +8,7 @@ module WhatWeb
     attr_reader :url, :body, :headers, :raw_headers, :raw_response, :status, :uri
 
     def initialize(url, response = nil)
-      @url = url
+      @url = url.to_s
       @response = response || open_url
       build
     end

data/lib/whatweb/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WhatWeb
-  VERSION = "0.1.0"
+  VERSION = "0.2.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: simple_whatweb
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-08-18 00:00:00.000000000 Z
+date: 2018-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -160,6 +160,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".travis.yml"
 - Gemfile
 - LICENSE.txt