site-inspector 0.1.2 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7ba79a277c6611844c2628263b41f8953274bd7a
4
- data.tar.gz: bf7e16d237c56018c62977ea0c4aed2df751b83b
3
+ metadata.gz: 4942c0885c9e08824ecde08d6b29864ef028f94f
4
+ data.tar.gz: 95b45f2c948946eca91f1d37c46b9c868afb6aa3
5
5
  SHA512:
6
- metadata.gz: ff18940993447863687a4c0fb5815f753f8cc6d176df67d005f46d30758cfac4e446c099e058544faf6e792a1c378f9c36526e66212c97910039f109a022b9b2
7
- data.tar.gz: f756567dc72bff09822b3d9da45d85d9143ff8eeb5bc86a60ca091da29a286a4ce6d06c35154bfc02010154da0950d5255dc9865917abcbdd6a00847639e83ee
6
+ metadata.gz: 5a953be1f1a17923acfd4b1565ca3ceca28a0b06dc64bf4e9caa9308865496134de31fcde53b1562263dd77ebf7c3aabba3c421ee965040f08d145e2a344093e
7
+ data.tar.gz: 7e9af2ba7bc62fb0bc4895acb5d99c500673cbb664ba457cd7f00d9a5c90102fbb16bba960fff7d3df6ffa62b0c61312f418058e008e96df8bbc77ae6b25418a
@@ -0,0 +1,15 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require_relative "../lib/site-inspector"
4
+ require "json"
5
+
6
+ domain = ARGV[0]
7
+
8
+ if domain.to_s.empty?
9
+ puts "Usage: site-inspector [DOMAIN]"
10
+ exit 1
11
+ end
12
+
13
+ details = SiteInspector.new(domain).to_hash
14
+
15
+ puts JSON.pretty_generate(details)
@@ -15,7 +15,7 @@ class SiteInspector
15
15
  end
16
16
 
17
17
  def dnssec?
18
- @dnssec ||= dns.any? { |record| record.type == "DNSKEY" }
18
+ @dnssec ||= query("DNSKEY").count != 0
19
19
  end
20
20
 
21
21
  def ipv6?
@@ -1,8 +1,9 @@
1
1
  class SiteInspector
2
2
 
3
- # the ? versions could maybe just be dropped
3
+ # cookies can have multiple set-cookie headers, so this detects
4
+ # whether cookies are set, but not all their values.
4
5
  def has_cookies?
5
- !!has_cookies
6
+ !!headers["set-cookie"]
6
7
  end
7
8
 
8
9
  def strict_transport_security?
@@ -19,28 +20,24 @@ class SiteInspector
19
20
 
20
21
  # return the found header value
21
22
 
22
- def has_cookies
23
- header_from("Set-Cookie")
24
- end
25
-
26
23
  def strict_transport_security
27
- header_from("Strict-Transport-Security")
24
+ headers["strict-transport-security"]
28
25
  end
29
26
 
30
27
  def content_security_policy
31
- header_from("Content-Security-Policy")
28
+ headers["content-security-policy"]
32
29
  end
33
30
 
34
31
  def click_jacking_protection
35
- header_from("X-Frame-Options")
32
+ headers["x-frame-options"]
36
33
  end
37
34
 
38
35
  def server
39
- header_from("Server")
36
+ headers["server"]
40
37
  end
41
38
 
42
39
  def xss_protection
43
- header_from("X-XSS-Protection")
40
+ headers["x-xss-protection"]
44
41
  end
45
42
 
46
43
  # more specific checks than presence of headers
@@ -49,19 +46,14 @@ class SiteInspector
49
46
  end
50
47
 
51
48
  def secure_cookies?
52
- return nil if !response || !has_cookies?
53
- cookie = header_from("Set-Cookie")
49
+ return nil if !has_cookies?
50
+ cookie = headers["set-cookie"]
54
51
  cookie = cookie.first if cookie.is_a?(Array)
55
- marked_secure = !!(cookie.downcase =~ /secure/)
56
- marked_http_only = !!(cookie.downcase =~ /httponly/)
57
- marked_secure and marked_http_only
52
+ !!(cookie =~ /(; secure.*; httponly|; httponly.*; secure)/i)
58
53
  end
59
54
 
60
- # helper function: case-insensitive sweep for header, return value
61
- def header_from(header)
62
- return nil unless response
63
-
64
- the_header = response.headers.keys.find {|h| h.downcase =~ /^#{header.downcase}/}
65
- response.headers[the_header]
55
+ # Returns an array of hashes of downcased key/value header pairs (or nil)
56
+ def headers
57
+ @headers ||= Hash[response.headers.map{ |k,v| [k.downcase,v] }] if response
66
58
  end
67
59
  end
@@ -124,10 +124,10 @@ class SiteInspector
124
124
  end
125
125
 
126
126
  def to_json
127
- as_json.to_json
127
+ to_hash.to_json
128
128
  end
129
129
 
130
- def as_json
130
+ def to_hash
131
131
  {
132
132
  :domain => domain.to_s,
133
133
  :uri => uri.to_s,
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: site-inspector
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ben Balter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-12-03 00:00:00.000000000 Z
11
+ date: 2015-02-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -222,11 +222,13 @@ dependencies:
222
222
  version: '1.0'
223
223
  description: Returns information about a domain's technology and capabilities
224
224
  email: ben@balter.com
225
- executables: []
225
+ executables:
226
+ - site-inspector
226
227
  extensions: []
227
228
  extra_rdoc_files: []
228
229
  files:
229
230
  - LICENSE
231
+ - bin/site-inspector
230
232
  - lib/data/cdn.yml
231
233
  - lib/data/cloud.yml
232
234
  - lib/site-inspector.rb