wmap 2.6.1 → 2.6.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 95c2c76419e96f7f434f261801b4ba899b1525fd4b9a152f560ab8714cbb8318
4
- data.tar.gz: f615e594057de328bd7cafac11b1f8a167d59b8302aeedb77bfa41745aa48590
3
+ metadata.gz: d327a4a120e75079faa038125baf0f4e39ec784129cd4886a5a81672f0ecf8da
4
+ data.tar.gz: 8911764a184f1c0f73048433cae9c6848725f3fec470b5d37aab5ce83a0e2789
5
5
  SHA512:
6
- metadata.gz: 56329a4b3379cf5f79b12521fa5622416bbdc1077a84057f0110ddc6b4a85c6591219221c304b3f69b1cc19ecca291a6312967d66b63702068b991d11c842495
7
- data.tar.gz: 308783d83de9ede46f143f9e622f46de6978ad3ef01b8a2047172e21a839e00b18b9286220c6fbd08f623fdc58402f07a961499974c38ae6ed26aaf2cd73aa4c
6
+ metadata.gz: 25beef23e9ce2771603b4915454e0c40ee6e5b28dc2897c583aecd9e7fbeba2dc07363209f84ec8e596eca36b06222591e197d4a35d187b8140dccee0e16c4c7
7
+ data.tar.gz: 1a223d84f04fcb1c77f8e2bbb72fa452fd1b3cef076ccce0e80dead367284ce65992125018cf87d9965893d8b418ef3b954898b1244a023305ce75639e447016
data/README.md CHANGED
@@ -78,7 +78,7 @@ To add your public network block into the scope (note current support of IPv4 on
78
78
 
79
79
  ### Automatic Discovery and Tracking
80
80
  ```sh
81
- wmap <seed file | target host | target url | target IP or network cidr>
81
+ wmap -t <seed file | target host | target url | target IP or network cidr>
82
82
  ```
83
83
  The above utility is intelligent enough to take argument as either a seed file, or a string such as a host, an IP, a network block, or a URL. The new discoveries will be automatically tracked in the data file 'lib/wmap/data/target_sites'.
84
84
  Note: seed file - mix of url, cidr and domain seed, one entry per line.
data/bin/trusts CHANGED
@@ -12,7 +12,7 @@ Log_dir=File.dirname(__FILE__)+'/../logs/'
12
12
  Wmap.wlog("Execute the command: trust #{ARGV[0]}","trust",Log_dir+"wmap.log")
13
13
 
14
14
  dt=Wmap::DomainTracker.instance
15
- ct=Wmap::CidrTracker.new(:verbose=>true)
15
+ ct=Wmap::CidrTracker.new(:verbose=>false)
16
16
  abort "Incorrect program argument! Proper usage: trust [domain | netblock]" unless ARGV.length==1 && (File.exist?(ARGV[0]))
17
17
 
18
18
  puts "Start the baptizing process ..."
data/bin/wmap CHANGED
@@ -2,20 +2,42 @@
2
2
  # Wmap main executable - intelligent enough to handle most command argument inputs from the user.
3
3
  # The discovery result is automatically compared and saved into the the tracking data repository.
4
4
  #
5
- # Usage: wmap <Target Host | URL | IP | CIDR | or a seed file with any of the above combo> <Optional Discovery Result Directory>
5
+ # Usage: wmap -t <Target Host | URL | IP | CIDR | or a seed file with any of the above combo> -d <Optional Discovery Result Directory>
6
6
  require "wmap"
7
+ require "optparse"
7
8
 
8
9
  # program helper
9
10
  def print_usage
10
- abort "Program to perform website asset discovery and tracking. \nUsage: wmap <Target Host | URL | IP | CIDR | or a seed file with any of the above combo> <Optional Discovery Result Directory>"
11
+ abort "Program to perform website asset discovery and tracking. \nUsage: wmap -t <Target Host | URL | IP | CIDR | or a seed file with any of the above combo> -d <Optional Discovery Result Directory>"
11
12
  end
13
+ options = {:data_dir => nil, :target => nil}
14
+
15
+ parser = OptionParser.new do|opts|
16
+ opts.banner = Wmap.banner
17
+ opts.on('-d', '--data_dir data_dir', 'Web Mapper local cache data directory') do |data_dir|
18
+ options[:data_dir] = data_dir;
19
+ end
20
+
21
+ opts.on('-t', '--target target', 'Web Mapper target') do |target|
22
+ options[:target] = target;
23
+ end
24
+
25
+ opts.on('-h', '--help', 'Displays Help') do
26
+ Wmap.banner
27
+ print_usage
28
+ end
29
+ end
30
+
31
+ parser.parse!
32
+
12
33
  # print program banner
13
34
  puts Wmap.banner
35
+ print_usage unless options[:target]
14
36
 
15
37
  # Preparing - check out the working logs directory
16
- if ARGV.length == 2
38
+ if options[:data_dir]
17
39
  # Log to the instance running directory
18
- Log_dir = Pathname.new(ARGV[1]).join('logs')
40
+ Log_dir = Pathname.new(options[:data_dir]).join('logs')
19
41
  else
20
42
  # Log the command entry
21
43
  Log_dir=Pathname.new(Gem.loaded_specs['wmap'].full_gem_path).join('logs')
@@ -23,15 +45,14 @@ end
23
45
  Dir.mkdir(Log_dir) unless Dir.exist?(Log_dir)
24
46
 
25
47
  # Start wmap logging
26
- Wmap.wlog("Execute the command: wmap #{ARGV[0]}","wmap",Log_dir.join("wmap.log").to_s)
27
- print_usage unless (ARGV.length==1 or ARGV.length==2)
48
+ Wmap.wlog("Execute the command: wmap -t #{options[:target]}","wmap",Log_dir.join("wmap.log").to_s)
28
49
  urls = Array.new
29
50
  # first step - construct the host list
30
51
  scanner = Wmap::PortScanner.new(:verbose=>false, :socket_timeout=>600) # default time-out of 600 milliseconds
31
52
  hosts=Array.new
32
- if File.exist?(ARGV[0])
33
- puts "Parsing the discovery seed file: \"#{ARGV[0]}\" "
34
- seeds=scanner.file_2_list(ARGV[0])-[nil,""]
53
+ if File.exist?(options[:target])
54
+ puts "Parsing the discovery seed file: \"#{options[:target]}\" "
55
+ seeds=scanner.file_2_list(options[:target])-[nil,""]
35
56
  domains=Array.new
36
57
  cidrs=Array.new
37
58
  raise "Error: empty seed file or no legal entry found!" if seeds.nil? or seeds.empty?
@@ -47,22 +68,22 @@ if File.exist?(ARGV[0])
47
68
  puts "Parsing done. "
48
69
  hosts+=Wmap::DnsBruter.new(:verbose=>false).dns_brute_workers(domains.uniq).values.flatten if domains.size > 0
49
70
  cidrs.map { |x| hosts+= scanner.cidr_2_ips(x) } if cidrs.size > 0
50
- elsif scanner.is_url?(ARGV[0])
51
- puts "Processing the URL: #{ARGV[0]}"
52
- urls.push(ARGV[0])
53
- elsif Wmap.domain_known?(ARGV[0]) or Wmap.sub_domain_known?(ARGV[0])
54
- puts "Processing the domain: #{ARGV[0]}"
55
- hosts+=Wmap::DnsBruter.new(:verbose=>false).dns_brute_worker(ARGV[0]).values.flatten
56
- elsif scanner.is_fqdn?(ARGV[0])
57
- puts "Processing the host: #{ARGV[0]}"
58
- hosts.push(ARGV[0])
59
- my_hosts=Wmap::DnsBruter.new(:verbose=>false).dns_brute_worker(ARGV[0]).values.flatten if (ARGV[0].split('.')[0] =~ /\d+/)
71
+ elsif scanner.is_url?(options[:target])
72
+ puts "Processing the URL: #{options[:target]}"
73
+ urls.push(options[:target])
74
+ elsif Wmap.domain_known?(options[:target]) or Wmap.sub_domain_known?(options[:target])
75
+ puts "Processing the domain: #{options[:target]}"
76
+ hosts+=Wmap::DnsBruter.new(:verbose=>false).dns_brute_worker(options[:target]).values.flatten
77
+ elsif scanner.is_fqdn?(options[:target])
78
+ puts "Processing the host: #{options[:target]}"
79
+ hosts.push(options[:target])
80
+ my_hosts=Wmap::DnsBruter.new(:verbose=>false).dns_brute_worker(options[:target]).values.flatten if (options[:target].split('.')[0] =~ /\d+/)
60
81
  hosts+=my_hosts unless my_hosts.nil?
61
- elsif scanner.is_cidr?(ARGV[0])
62
- puts "Processing the network block: #{ARGV[0]}"
63
- hosts+=scanner.cidr_2_ips(ARGV[0])
64
- elsif scanner.is_ip?(ARGV[0])
65
- hosts.push(ARGV[0])
82
+ elsif scanner.is_cidr?(options[:target])
83
+ puts "Processing the network block: #{options[:target]}"
84
+ hosts+=scanner.cidr_2_ips(options[:target])
85
+ elsif scanner.is_ip?(options[:target])
86
+ hosts.push(options[:target])
66
87
  else
67
88
  print_usage
68
89
  end
@@ -77,14 +98,14 @@ scanner=nil
77
98
 
78
99
 
79
100
  # third step - crawling on the URL seeds
80
- if ARGV.length == 1
101
+ if options[:target] && options[:data_dir]
102
+ puts "Fire up the crawler with the optional directory setter."
103
+ crawler = Wmap::UrlCrawler.new(:data_dir => options[:data_dir])
104
+ elsif options[:target]
81
105
  puts "Fire up the crawler."
82
106
  crawler = Wmap::UrlCrawler.new(:verbose=>false)
83
- elsif ARGV.length == 2
84
- puts "Fire up the crawler with the optional directory setter."
85
- crawler = Wmap::UrlCrawler.new(:data_dir => ARGV[1])
86
107
  else
87
- aborts "Error firing up UrlCrawler instance!"
108
+ abort "Error firing up UrlCrawler instance!"
88
109
  end
89
110
  Wmap.wlog(urls, "wmap", Log_dir+"url_seeds.log") if urls.size > 0 # save port scan results for debugging
90
111
  crawler.crawls(urls) if urls.size>0
@@ -121,17 +142,17 @@ when nil,[]
121
142
  puts "No new site found. There is no change to the site tracking data repository. "
122
143
  else
123
144
  puts "Automatically save the discovery results into the site tracking data repository: "
124
- if ARGV.length == 1
125
- puts "Start the SiteTracker. "
126
- inventory=Wmap::SiteTracker.instance
127
- elsif ARGV.length == 2
145
+ if options[:target] && options[:data_dir]
128
146
  puts "Start the SiteTracker with the optional directory setter. "
129
147
  inventory=Wmap::SiteTracker.instance
130
- inventory.data_dir = ARGV[1]
148
+ inventory.data_dir = options[:data_dir]
131
149
  inventory.sites_file = inventory.data_dir + "/" + "sites"
132
150
  inventory.load_site_stores_from_file(inventory.sites_file)
151
+ elsif options[:target]
152
+ puts "Start the SiteTracker. "
153
+ inventory=Wmap::SiteTracker.instance
133
154
  else
134
- aborts "Error firing up SiteTracker instance!"
155
+ abort "Error firing up SiteTracker instance!"
135
156
  end
136
157
  new_sites=inventory.adds(dis_sites.keys)
137
158
  inventory.save! if new_sites.size>0
@@ -141,19 +162,19 @@ end
141
162
 
142
163
 
143
164
  # seventh step - update the hosts repository
144
- if ARGV.length == 1
145
- puts puts "Invoke the HostTracker."
146
- host_tracker = Wmap::HostTracker.instance
147
- host_tracker.verbose=true
148
- elsif ARGV.length == 2
165
+ if options[:target] && options[:data_dir]
149
166
  puts "Invoke the HostTracker with optional directory setter."
150
167
  host_tracker = Wmap::HostTracker.instance
151
- host_tracker.verbose=true
152
- host_tracker.data_dir = ARGV[1]
168
+ host_tracker.verbose=false
169
+ host_tracker.data_dir = options[:data_dir]
153
170
  host_tracker.hosts_file = host_tracker.data_dir + "/" + "hosts"
154
171
  host_tracker.load_known_hosts_from_file(host_tracker.hosts_file)
172
+ elsif options[:target]
173
+ puts puts "Invoke the HostTracker."
174
+ host_tracker = Wmap::HostTracker.instance
175
+ host_tracker.verbose=false
155
176
  else
156
- aborts "Error firing up HostTracker instance!"
177
+ abort "Error firing up HostTracker instance!"
157
178
  end
158
179
  new_hosts = dis_sites.keys.map {|x| host_tracker.url_2_host(x)}
159
180
  hosts += new_hosts
@@ -112,7 +112,7 @@ class Wmap::SiteTracker
112
112
  ip=host_2_ip(host)
113
113
  # Additional logic to refresh deactivated site, 02/12/2014
114
114
  deact=Wmap::SiteTracker::DeactivatedSite.instance
115
- deact.sites_file=@data_dir + 'deactivated_sites'
115
+ deact.sites_file=@data_dir + "/" + "deactivated_sites"
116
116
  File.write(deact.sites_file, "") unless File.exist?(deact.sites_file)
117
117
  deact.load_site_stores_from_file
118
118
  # only trust either the domain or IP we know
data/lib/wmap.rb CHANGED
@@ -181,7 +181,7 @@ module Wmap
181
181
  # Dump out the unique sites into a plain file
182
182
  def dump(file)
183
183
  store=Wmap::SiteTracker.instance
184
- store.verbose=true
184
+ store.verbose=false
185
185
  store.save_uniq_sites(file)
186
186
  end
187
187
 
data/version.txt CHANGED
@@ -3,8 +3,8 @@
3
3
  ###############################################################################
4
4
  package = wmap
5
5
  # wmap version 2.0 == web_discovery version 1.5.3
6
- version = 2.6.1
7
- date = 2019-09-25
6
+ version = 2.6.2
7
+ date = 2019-11-05
8
8
 
9
9
  author = Sam (Yang) Li
10
10
  email = yang.li@owasp.org
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wmap
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.6.1
4
+ version: 2.6.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sam (Yang) Li
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-09-25 00:00:00.000000000 Z
11
+ date: 2019-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dnsruby