wmap 2.4.5 → 2.4.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 781e42205ee21710dc610778284fb6ab3fc4644598632d204db6bdc291af216f
4
- data.tar.gz: c2c1c527be70b2452b1aa66ea2138af78a094ae82eb8ddfde15a2ec09df30700
3
+ metadata.gz: 7fd34fa6e6a86b6d7a4f2eb0d232023832473ed436870ddab082aa9768cb4bc2
4
+ data.tar.gz: 7a8e8d44eae5cf2a7c51077cfd7dcfa73a49048833758814d35378438c546195
5
5
  SHA512:
6
- metadata.gz: ab3231e48a2d65f777afa36a9efb28bc741dfe79f0a10aae64d18ad6861206ca209984635b57ffe863bfa4a602d07cc79ad472561c3eccf1fb527973ef15bd0b
7
- data.tar.gz: 55ead86d6498b73e0b2511518dcd3cdc69468456fc3525ff523b03a38b31bbadd18185e94c8afea777c3dd3f0d943b7ee1868482bbd2badecb4b339ad14eb6f5
6
+ metadata.gz: 80071d5b153195da339981c4abdc175d4b4368870dd85da822ab2b84fdc66b32e0e7fafcb4b99ab909309f2b90bf671dffb1b5da0a282ea35cc01851c4cf2430
7
+ data.tar.gz: d8fa25c38b2a147863184a6feca7b94e0588798394046d574030d394b34d9c26ddc5e851539b7ec154de5aa6467660b2eb65cc72137c61d01888d72d23af481d
data/CHANGELOG.md CHANGED
@@ -11,6 +11,7 @@
11
11
 
12
12
  ## Mile-stones
13
13
 
14
+ - November 2018: Pick up the maintenances.
14
15
  - July 2015: Move the project under OWASP
15
16
  - November 2014: Re-name from web_discovery to wmap, re-factor the code base to better scale up
16
17
  across the board
data/README.rdoc CHANGED
@@ -6,12 +6,12 @@ This program is designed for the web application asset discovery and tracking. I
6
6
  to cover the gaps of a similar commercial product. Over the time it grows to be a more capable and complete replacement (IMHO).
7
7
 
8
8
 
9
- == Wmap in Motion
10
- Use the demo web app build on top of wmap gem: http://wmap.io/
9
+ == WMAP in Motion
10
+ Use the demo web app build on top of wmap gem: http://wmap.io
11
11
 
12
12
 
13
13
  == Program Version
14
- The latest release is Beta version 1.5.x as of fall 2014. Please refer to the CHANGELOG.md for the program's history information.
14
+ The latest release is version 2.4.5. as of fall 2018. Please refer to the CHANGELOG.md for the program's history information.
15
15
 
16
16
 
17
17
  == Author Contact
@@ -19,15 +19,15 @@ This program is designed and developed by Yang Li. You can reach him by Email: <
19
19
 
20
20
 
21
21
  == Installation
22
- To take full power of this program, you would need an *nix flavor machine with direct Internet access. I have installed it successfully on both Mac and Linux machines. You'll also need the Ruby environment being setup properly. The easiest way to install OWASP Web Mapper is by using Ruby Gems. Download the latest gem 'wmap-x.x.x.gem' into the local file system. Then install it from command line there:
22
+ To take full power of this program, you would need an *nix flavor machine with direct Internet access. I have installed it successfully on both Mac and Linux machines. You'll also need the Ruby environment being setup properly. The easiest way to install OWASP Web Mapper is by using Ruby Gems. You can install it from command line:
23
23
 
24
- gem install wmap-x.x.x.gem --no-rdoc
24
+ gem install wmap
25
25
 
26
26
  == Specific Installation Problem with Nokogiri
27
27
  Nokogiri is a native xml/html parser used by the project. It's fast and powerful. However, it comes with pitfall of installation problem around building native extension for your environment. Please refer to this page for trouble-shooting tip (http://www.nokogiri.org/tutorials/installing_nokogiri.html).
28
28
 
29
29
  == Dependency
30
- You need the Ruby 1.9.2 or above in order to use this program. In my test environment, I was able to set it up with RVM. Please refer to this page for more installation information: http://www.ruby-lang.org/en/downloads/
30
+ You need the Ruby 2.1.0 or above in order to use this program. In my test environment, I was able to set it up with <a href="https://rvm.io/">RVM</a>. Please refer to this page for more installation information: https://www.ruby-lang.org/en/documentation/installation/
31
31
 
32
32
  In addition, the following Ruby GEM dependency are needed by different components of this software. The should be installed automatically:
33
33
  require "dnsruby"
data/lib/wmap.rb ADDED
@@ -0,0 +1,228 @@
1
+ #--
2
+ # Wmap
3
+ #
4
+ # A pure Ruby library for the Internet web application discovery and tracking.
5
+ #
6
+ # Copyright (c) 2012-2015 Yang Li <yang.li@owasp.org>
7
+ #++
8
+ require 'wmap/utils/domain_root'
9
+ require 'wmap/utils/url_magic'
10
+ require 'wmap/utils/logger'
11
+ require 'wmap/utils/utils'
12
+ require 'wmap/cidr_tracker'
13
+ require 'wmap/domain_tracker'
14
+ require 'wmap/domain_tracker/sub_domain'
15
+ require 'wmap/host_tracker'
16
+ require 'wmap/host_tracker/primary_host'
17
+ require 'wmap/whois'
18
+ require 'wmap/url_checker'
19
+ require 'wmap/wp_tracker'
20
+ require 'wmap/network_profiler'
21
+ require 'wmap/port_scanner'
22
+ require 'wmap/url_crawler'
23
+ require 'wmap/dns_bruter'
24
+ require 'wmap/site_tracker'
25
+ require 'wmap/site_tracker/deactivated_site'
26
+ require 'wmap/geoip_tracker'
27
+ require 'wmap/google_search_scraper'
28
+
29
+ module Wmap
30
+
31
+ NAME = "Wmap"
32
+ GEM = "wmap"
33
+ VERSION = File.dirname(__FILE__) + "/../version.txt"
34
+
35
+ class << self
36
+ attr_accessor :known_internet_domains
37
+ attr_writer :verbose
38
+
39
+ # Simple parser for the project version file
40
+ def read_ver
41
+ ver=Hash.new
42
+ f=File.open(VERSION,'r')
43
+ f.each do |line|
44
+ line.chomp!
45
+ case line
46
+ when /^(\s)*#/
47
+ next
48
+ when /\=/
49
+ entry=line.split("=").map! {|x| x.strip}
50
+ ver[entry[0]]=entry[1]
51
+ end
52
+ end
53
+ f.close
54
+ return ver
55
+ end
56
+
57
+ # Project banner in ASCII Art 'soft' format, courtesy to http://patorjk.com/software/taag/
58
+ def banner
59
+ ver=read_ver
60
+ art=",--. ,--. ,--. ,--. ,--.
61
+ | | | | ,---. | |-. | `.' | ,--,--. ,---. ,---. ,---. ,--.--.
62
+ | |.'.| || .-. :| .-. ' | |'.'| |' ,-. || .-. || .-. || .-. :| .--'
63
+ | ,'. |\ --.| `-' | | | | |\ '-' || '-' '| '-' '\ --.| |
64
+ '--' '--' `----' `---' `--' `--' `--`--'| |-' | |-' `----'`--'
65
+ `--' `--' "
66
+ string = "-"*80 + "\n" + art + "\n" + "Version: " + ver["version"] + "\tRelease Date: " + ver["date"] + "\nDesigned and developed by: " + ver["author"] + "\nEmail: " + ver["email"] + "\tLinkedIn: " + ver["linkedin"] + "\n" + "-"*80
67
+ end
68
+
69
+ # Explorer to discover and inventory web application / service automatically
70
+ def wmap(seed)
71
+ cmd="bin/wmap" + " " + seed
72
+ system(cmd)
73
+ end
74
+
75
+ # Crawler to search url contents for new sites
76
+ def crawl(url)
77
+ crawler=Wmap::UrlCrawler.new
78
+ crawler.crawl(url)
79
+ end
80
+
81
+ # whois query and sort the result into structured data
82
+ def whois(domain)
83
+ whois=Wmap::Whois.new(:verbose=>false)
84
+ whois.query(domain)
85
+ end
86
+
87
+ # Fast tcp port scanner on a single host or IP
88
+ def scan(host)
89
+ scanner=Wmap::PortScanner.new
90
+ scanner.scan(host)
91
+ end
92
+
93
+ # Fast multi-processes tcp port scanner on a list of targets
94
+ def scans(target_list)
95
+ scanner=Wmap::PortScanner.new
96
+ scanner.scans(target_list)
97
+ end
98
+
99
+ # CIDR Tracking - check the host against the local CIDR seed file, return the CIDR tracking path if found
100
+ def track(host)
101
+ tracker=Wmap::CidrTracker.new
102
+ tracker.cidr_worker(host)
103
+ end
104
+
105
+ # GeoIP Tracking - check the host / IP against the GeoIP data repository, return the Geographic information if found
106
+ def geoip(host)
107
+ tracker=Wmap::GeoIPTracker.new
108
+ tracker.query(host)
109
+ end
110
+
111
+ # URL checker - check the status of the remote URL
112
+ def check(url)
113
+ checker=Wmap::UrlChecker.new(:verbose=>false)
114
+ checker.url_worker(url)
115
+ end
116
+
117
+ # Check if the IP is within the range of the known CIDR blocks
118
+ def ip_trusted?(ip)
119
+ tracker=Wmap::CidrTracker.new
120
+ tracker.ip_trusted?(ip)
121
+ end
122
+
123
+ # Domain Tracking - check with the trust domain seed file locally, to determine if it's a new internet domain
124
+ # NOT to confuse with the Internet 'whois' lookup
125
+ def domain_known?(domain)
126
+ tracker=Wmap::DomainTracker.new
127
+ tracker.domain_known?(domain)
128
+ end
129
+
130
+ # Host Tracking - check local hosts file to see if this is a hostname known from the host seed file
131
+ # NOT to confuse with a regular DNS lookup over the internet
132
+ def host_known?(host)
133
+ tracker=Wmap::HostTracker.new.host_known?(host)
134
+ end
135
+
136
+ # Sub-domain tracking - check local hosts file to see if the sub-domain is already known
137
+ def sub_domain_known?(host)
138
+ tracker=Wmap::HostTracker.new.sub_domain_known?(host)
139
+ end
140
+
141
+ # IP Tracking - check local hosts file to see if this is an IP known from the seed file
142
+ # NOT to confuse with a regular reverse DNS lookup over the internet
143
+ def ip_known?(ip)
144
+ tracker=Wmap::HostTracker.new.ip_known?(ip)
145
+ end
146
+
147
+ # DNS Brute Forcer
148
+ def dns_brute(domain)
149
+ bruter=Wmap::DnsBruter.new
150
+ bruter.query(domain)
151
+ end
152
+
153
+ # Retrieve root domain from a host
154
+ def domain_root(host)
155
+ Wmap::Utils.get_domain_root(host)
156
+ end
157
+
158
+ # Log the information into file
159
+ def wlog(msg,agent,log_file)
160
+ Wmap::Utils.wlog(msg,agent,log_file)
161
+ end
162
+
163
+ # Host-name mutation for catch easily guessable hostname, i.e. "ww1.example.com" => ["ww1,example.com","ww2.example.com",...]
164
+ def mutation (host)
165
+ Wmap::DnsBruter.new.hostname_mutation(host)
166
+ end
167
+
168
+ # Check URL/Site response code
169
+ def response_code(url)
170
+ checker=Wmap::UrlChecker.new
171
+ checker.response_code(url)
172
+ end
173
+
174
+ # Search the site repository for all entries that match the pattern
175
+ def search(pattern)
176
+ searcher=Wmap::SiteTracker.new
177
+ searcher.search(pattern)
178
+ end
179
+
180
+ # Dump out the unique sites into a plain file
181
+ def dump(file)
182
+ store=Wmap::SiteTracker.new(:verbose=>true)
183
+ store.save_uniq_sites(file)
184
+ end
185
+
186
+ # Dump out the unique sites into a XML file
187
+ def dump_xml(file)
188
+ store=Wmap::SiteTracker.new
189
+ store.save_uniq_sites_xml(file)
190
+ end
191
+
192
+ # Refresh the site information in the local data repository
193
+ def refresh(site)
194
+ store=Wmap::SiteTracker.new
195
+ store.refresh(site)
196
+ store.save!
197
+ end
198
+
199
+ # Refresh the site information in the local data repository
200
+ def refresh_all
201
+ store=Wmap::SiteTracker.new
202
+ store.refresh_all
203
+ store.save!
204
+ end
205
+
206
+ # Search the Google engines and sort out sites known by Google
207
+ def google
208
+ sites=Wmap::GoogleSearchScraper.new.workers.keys
209
+ end
210
+
211
+ # Print a site's full information from the repository
212
+ def print(site)
213
+ searcher=Wmap::SiteTracker.new
214
+ searcher.print_site(site)
215
+ end
216
+
217
+ # Print a site's full information from the repository
218
+ def print_all
219
+ searcher=Wmap::SiteTracker.new
220
+ searcher.print_all_sites
221
+ end
222
+
223
+ private
224
+
225
+
226
+
227
+ end
228
+ end
@@ -17,6 +17,7 @@ class Wmap::CidrTracker
17
17
  def initialize (params = {})
18
18
  @verbose=params.fetch(:verbose, false)
19
19
  @data_dir=params.fetch(:data_dir, File.dirname(__FILE__)+'/../../data/')
20
+ Dir.mkdir(@data_dir) unless Dir.exist?(@data_dir)
20
21
  @file_cidr_seeds=params.fetch(:cidr_seeds, @data_dir + 'cidrs')
21
22
  @known_cidr_blks={}
22
23
  @known_cidr_blks_desc_index=[]
@@ -20,6 +20,7 @@ class Wmap::DnsBruter
20
20
  def initialize (params = {})
21
21
  # Change to your brute-force dictionary file here if necessary
22
22
  @data_dir=params.fetch(:data_dir, File.dirname(__FILE__)+'/../../data/')
23
+ Dir.mkdir(@data_dir) unless Dir.exist?(@data_dir)
23
24
  @file_hosts = @data_dir + 'hosts'
24
25
  @file_hosts_dict = File.dirname(__FILE__)+'/../../dicts/hostnames-dict.txt'
25
26
 
@@ -23,6 +23,7 @@ class Wmap::DomainTracker
23
23
  # Initialize the instance variables
24
24
  @verbose=params.fetch(:verbose, false)
25
25
  @data_dir=params.fetch(:data_dir, File.dirname(__FILE__)+'/../../data/')
26
+ Dir.mkdir(@data_dir) unless Dir.exist?(@data_dir)
26
27
  @file_domains=params.fetch(:domains_file, @data_dir+'domains')
27
28
  @max_parallel=params.fetch(:max_parallel, 40)
28
29
  # Hash table to hold the trusted domains
@@ -21,6 +21,7 @@ class Wmap::HostTracker
21
21
  def initialize (params = {})
22
22
  @verbose=params.fetch(:verbose, false)
23
23
  @data_dir=params.fetch(:data_dir, File.dirname(__FILE__)+'/../../data/')
24
+ Dir.mkdir(@data_dir) unless Dir.exist?(@data_dir)
24
25
  # Set default instance variables
25
26
  @file_hosts=@data_dir + 'hosts'
26
27
  file=params.fetch(:hosts_file, @file_hosts)
@@ -22,6 +22,7 @@ class Wmap::SiteTracker
22
22
  def initialize (params = {})
23
23
  # Initialize the instance variables
24
24
  @data_dir=params.fetch(:data_dir, File.dirname(__FILE__)+'/../../data/')
25
+ Dir.mkdir(@data_dir) unless Dir.exist?(@data_dir)
25
26
  @file_sites=@data_dir+'sites'
26
27
  @file_stores=params.fetch(:sites_file, @file_sites)
27
28
  @verbose=params.fetch(:verbose, false)
@@ -27,6 +27,7 @@ class Wmap::WpTracker
27
27
  def initialize (params = {})
28
28
  @verbose=params.fetch(:verbose, false)
29
29
  @data_dir=params.fetch(:data_dir, File.dirname(__FILE__)+'/../../data/')
30
+ Dir.mkdir(@data_dir) unless Dir.exist?(@data_dir)
30
31
  wp_sites=@data_dir+'wp_sites'
31
32
  @file_wps=params.fetch(:sites_wp, wp_sites)
32
33
  @http_timeout=params.fetch(:http_timeout, 5000)
data/version.txt CHANGED
@@ -3,8 +3,8 @@
3
3
  ###############################################################################
4
4
  package = wmap
5
5
  # wmap version 2.0 == web_discovery version 1.5.3
6
- version = 2.4.5
7
- date = 2018-11-06
6
+ version = 2.4.6
7
+ date = 2018-11-19
8
8
 
9
9
  author = Sam (Yang) Li
10
10
  email = yang.li@owasp.org
data/wmap.gemspec CHANGED
@@ -38,7 +38,7 @@ Gem::Specification.new do |s|
38
38
  s.executables = ["wmap","wscan","wadd","wadds","wdel","wcheck","wdump","spiderBot","googleBot","updateAll","prime","deprime","refresh","trust","distrust","run_tests"]
39
39
  s.files = ["CHANGELOG.md", "TODO", "settings/discovery_ports","settings/google_keywords.txt","settings/google_locator.txt","data/","LICENSE.txt",
40
40
  "version.txt","README.rdoc", "wmap.gemspec"]
41
- s.files += Dir['lib/wmap/*.rb'] + Dir['lib/wmap/**/*.rb'] + Dir['bin/*'] + Dir['demos/*'] + Dir['test/*'] + Dir['ruby_whois_patches/*'] + Dir['dicts/*'] + Dir['logs/wmap.log']
41
+ s.files += Dir['lib/*.rb'] + Dir['lib/wmap/*.rb'] + Dir['lib/wmap/**/*.rb'] + Dir['bin/*'] + Dir['demos/*'] + Dir['test/*'] + Dir['ruby_whois_patches/*'] + Dir['dicts/*'] + Dir['logs/wmap.log']
42
42
  #s.homepage = "none"
43
43
  s.post_install_message = "*"*80 + "\n\nThank you for installing the wmap gem - a pure Ruby library for Internet web application discovery and tracking. Please refer to the README.rdoc for more information of using this gem. \n\n" + "*"*80 + "\n"
44
44
  s.require_paths = ["lib"]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wmap
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.5
4
+ version: 2.4.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam (Yang) Li
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-11-06 00:00:00.000000000 Z
11
+ date: 2018-11-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dnsruby
@@ -253,6 +253,7 @@ files:
253
253
  - dicts/hostnames-dict.big
254
254
  - dicts/hostnames-dict.txt
255
255
  - dicts/tlds.txt
256
+ - lib/wmap.rb
256
257
  - lib/wmap/cidr_tracker.rb
257
258
  - lib/wmap/dns_bruter.rb
258
259
  - lib/wmap/domain_tracker.rb
@@ -360,7 +361,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
360
361
  version: '0'
361
362
  requirements: []
362
363
  rubyforge_project: wmap
363
- rubygems_version: 2.7.7
364
+ rubygems_version: 2.7.8
364
365
  signing_key:
365
366
  specification_version: 4
366
367
  summary: A pure Ruby web application and service discovery API.