wmap 2.8.1 → 2.8.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/wmap +5 -1
- data/lib/wmap/url_crawler.rb +1 -1
- data/version.txt +2 -2
- data/wmap.gemspec +1 -1
- metadata +5 -9
- data/bin/RHPG +0 -107
- data/bin/wmaps +0 -23
- data/settings/tag_signatures +0 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2dee2577809daef8231ddc3d97a7e0abab5312700f36ab2233366ff6729ae388
|
|
4
|
+
data.tar.gz: 5dee805b28f88e2ae320e6afd9b4ef7d6f25bff99a34cf46b42c32249bf7eaad
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c78742dad1d356b88d2b45a0773527fd8f4e54cbff13c0ccb5f9fd9a228fac56cc2c26a705e8c5ce068b4d2bdf50d1fd190060501a1fc17e0a1040e583080db6
|
|
7
|
+
data.tar.gz: 7eea2eaa6ee45e9ac7857eaa603177b00424a6842cdd89a200062bdcd737c1a66fa2310645e80272fce71d0193fb9ca8044f232e0dabdf20c2da453e436c84cc
|
data/bin/wmap
CHANGED
|
@@ -13,7 +13,7 @@ parser = OptionParser.new do|opts|
|
|
|
13
13
|
opts.on('-d', '--data_dir data_dir', 'Web Mapper local cache data directory') do |data_dir|
|
|
14
14
|
options[:data_dir] = data_dir;
|
|
15
15
|
end
|
|
16
|
-
opts.on('-t', '--target target', 'Web Mapper target') do |target|
|
|
16
|
+
opts.on('-t', '--target target', 'Web Mapper target / seed for discovery') do |target|
|
|
17
17
|
options[:target] = target;
|
|
18
18
|
end
|
|
19
19
|
opts.on("-v", "--[no-]verbose", "Run verbosely") do |v|
|
|
@@ -133,6 +133,10 @@ Wmap.wlog(dis_urls.keys, "wmap", Log_dir+"discovered_urls.log") unless dis_urls.
|
|
|
133
133
|
Wmap.wlog(dis_sites.keys, "wmap", Log_dir+"discovered_sites.log") unless dis_sites.empty?
|
|
134
134
|
#crawler.wlog(c_start.keys,Log_dir+"crawler.log")
|
|
135
135
|
#crawler.wlog(c_done.keys,Log_dir+"crawler.log")
|
|
136
|
+
|
|
137
|
+
|
|
138
|
+
# Save the current disovery urls only to a specific file, patched 07/23/2021
|
|
139
|
+
crawler.save_discovered_urls(Log_dir+"cur_urls.log")
|
|
136
140
|
crawler=nil
|
|
137
141
|
|
|
138
142
|
|
data/lib/wmap/url_crawler.rb
CHANGED
|
@@ -43,7 +43,7 @@ class Wmap::UrlCrawler
|
|
|
43
43
|
@crawl_start=Hash.new
|
|
44
44
|
@crawl_done=Hash.new
|
|
45
45
|
Dir.mkdir(@data_dir) unless Dir.exist?(@data_dir)
|
|
46
|
-
@log_dir=@data_dir + "
|
|
46
|
+
@log_dir=@data_dir + "/logs/"
|
|
47
47
|
Dir.mkdir(@log_dir) unless Dir.exist?(@log_dir)
|
|
48
48
|
@log_file=@log_dir + "crawler.log"
|
|
49
49
|
end
|
data/version.txt
CHANGED
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
###############################################################################
|
|
4
4
|
package = wmap
|
|
5
5
|
# wmap version 2.0 == web_discovery version 1.5.3
|
|
6
|
-
version = 2.8.
|
|
7
|
-
date =
|
|
6
|
+
version = 2.8.2
|
|
7
|
+
date = 2021-07-23
|
|
8
8
|
|
|
9
9
|
author = Sam (Yang) Li
|
|
10
10
|
email = yang.li@owasp.org
|
data/wmap.gemspec
CHANGED
|
@@ -36,7 +36,7 @@ Gem::Specification.new do |s|
|
|
|
36
36
|
s.description = "wmap is written to perform Internet web application / service discovery. The discovery results are designed to be automatically tracked by the software."
|
|
37
37
|
s.email = info["email"]
|
|
38
38
|
s.executables = ["wmap","wscan","wadd","wadds","wdel","wcheck","wdump","spiderBot","googleBot","updateAll","prime","deprime","refresh","trust","trusts","distrust","run_tests"]
|
|
39
|
-
s.files = ["CHANGELOG.md", "TODO", "settings/discovery_ports","
|
|
39
|
+
s.files = ["CHANGELOG.md", "TODO", "settings/discovery_ports", "LICENSE.txt",
|
|
40
40
|
"version.txt","README.md", "wmap.gemspec"]
|
|
41
41
|
s.files += Dir['lib/*.rb'] + Dir['lib/wmap/*.rb'] + Dir['lib/wmap/**/*'] + Dir['bin/*'] + Dir['settings/*'] + Dir['demos/*'] + Dir['test/*'] + Dir['dicts/*']
|
|
42
42
|
#s.homepage = "none"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wmap
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.8.
|
|
4
|
+
version: 2.8.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sam (Yang) Li
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-07-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dnsruby
|
|
@@ -234,7 +234,6 @@ files:
|
|
|
234
234
|
- LICENSE.txt
|
|
235
235
|
- README.md
|
|
236
236
|
- TODO
|
|
237
|
-
- bin/RHPG
|
|
238
237
|
- bin/deprime
|
|
239
238
|
- bin/distrust
|
|
240
239
|
- bin/googleBot
|
|
@@ -251,7 +250,6 @@ files:
|
|
|
251
250
|
- bin/wdel
|
|
252
251
|
- bin/wdump
|
|
253
252
|
- bin/wmap
|
|
254
|
-
- bin/wmaps
|
|
255
253
|
- bin/wscan
|
|
256
254
|
- demos/bruter.rb
|
|
257
255
|
- demos/dns_brutes.rb
|
|
@@ -308,7 +306,6 @@ files:
|
|
|
308
306
|
- settings/discovery_ports
|
|
309
307
|
- settings/google_keywords.txt
|
|
310
308
|
- settings/google_locator.txt
|
|
311
|
-
- settings/tag_signatures
|
|
312
309
|
- test/cidr_tracker_test.rb
|
|
313
310
|
- test/domain_tracker_test.rb
|
|
314
311
|
- test/utils_test.rb
|
|
@@ -336,9 +333,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
336
333
|
- !ruby/object:Gem::Version
|
|
337
334
|
version: '0'
|
|
338
335
|
requirements: []
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
signing_key:
|
|
336
|
+
rubygems_version: 3.0.9
|
|
337
|
+
signing_key:
|
|
342
338
|
specification_version: 4
|
|
343
339
|
summary: A pure Ruby web application and service discovery API.
|
|
344
340
|
test_files: []
|
data/bin/RHPG
DELETED
|
@@ -1,107 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env ruby
|
|
2
|
-
# Executable to lookup then merge site tech details into the RHPG asset spreadsheet in CSV format only
|
|
3
|
-
#
|
|
4
|
-
## Usage: RHPG [RHPG.csv]
|
|
5
|
-
require "wmap"
|
|
6
|
-
require "csv"
|
|
7
|
-
include Wmap::Utils
|
|
8
|
-
|
|
9
|
-
def print_usage
|
|
10
|
-
puts "Program to lookup then merge the site details into RHPG asset spreadsheet. \nUsage: RHPG [RHPG.csv]"
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
# Lookup the site store for a domain; then return the fingger print info of the site
|
|
14
|
-
def site_tracker_lookup(domain)
|
|
15
|
-
tracker=Wmap::SiteTracker.instance
|
|
16
|
-
tracker.verbose=false
|
|
17
|
-
#first order search
|
|
18
|
-
tracker.known_sites.each do |key,val|
|
|
19
|
-
if key.include?(domain.strip.downcase) && key.include?("https")
|
|
20
|
-
tracker=nil
|
|
21
|
-
return [key] + val.values
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
#second order search
|
|
25
|
-
tracker.known_sites.each do |key,val|
|
|
26
|
-
if key.include?(domain.strip.downcase)
|
|
27
|
-
tracker=nil
|
|
28
|
-
return [key] + val.values
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
tracker=nil
|
|
32
|
-
return [nil]*9
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
# look up the wp site data store for a domain; then return the wp finger print info: [is_wp?,wp_ver]
|
|
36
|
-
def wp_tracker_lookup(domain)
|
|
37
|
-
tracker=Wmap::WpTracker.new(:verbose=>false)
|
|
38
|
-
# first order
|
|
39
|
-
tracker.known_wp_sites.each do |key,val|
|
|
40
|
-
if key.include?(domain.strip.downcase) && val
|
|
41
|
-
ver=tracker.wp_ver(key)
|
|
42
|
-
tracker=nil
|
|
43
|
-
return [val,ver]
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
# second order
|
|
47
|
-
tracker.known_wp_sites.each do |key,val|
|
|
48
|
-
if key.include?(domain.strip.downcase) && key.include?("https") && val
|
|
49
|
-
tracker=nil
|
|
50
|
-
return [val,nil]
|
|
51
|
-
end
|
|
52
|
-
end
|
|
53
|
-
# third order
|
|
54
|
-
tracker.known_wp_sites.each do |key,val|
|
|
55
|
-
if key.include?(domain.strip.downcase)
|
|
56
|
-
tracker=nil
|
|
57
|
-
return [val,nil]
|
|
58
|
-
end
|
|
59
|
-
end
|
|
60
|
-
tracker=nil
|
|
61
|
-
return [nil,nil]
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
# perform the wpscan on a site
|
|
65
|
-
def wpscan(domain)
|
|
66
|
-
url=site_tracker_lookup(domain)[0]
|
|
67
|
-
return nil if url.nil?
|
|
68
|
-
if url.include?("https")
|
|
69
|
-
command="wpscan --disable-tls-checks --ignore-main-redirect --url=" + url + " -o " + domain + ".wpscan"
|
|
70
|
-
else
|
|
71
|
-
command="wpscan --ignore-main-redirect --url=" + url + " -o " + domain + ".wpscan"
|
|
72
|
-
end
|
|
73
|
-
system(command)
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
puts Wmap.banner
|
|
77
|
-
print_usage
|
|
78
|
-
|
|
79
|
-
# open output file to write
|
|
80
|
-
CSV.open("output.csv", "wb") do |csv|
|
|
81
|
-
cnt=1
|
|
82
|
-
# open RHPG input file to read
|
|
83
|
-
CSV.foreach(ARGV[0]) do |row|
|
|
84
|
-
puts "Processing row #{cnt}"
|
|
85
|
-
#puts row.inspect
|
|
86
|
-
my_row=Array.new
|
|
87
|
-
if cnt > 1
|
|
88
|
-
if is_domain?(row[0])
|
|
89
|
-
=begin
|
|
90
|
-
if row[3] =~ /Keep/i && row[3] != /Redirect/i
|
|
91
|
-
unless File.exist?(row[0]+".wpscan")
|
|
92
|
-
wpscan(row[0])
|
|
93
|
-
end
|
|
94
|
-
end
|
|
95
|
-
=end
|
|
96
|
-
my_row = row + site_tracker_lookup(row[0]) + wp_tracker_lookup(row[0])
|
|
97
|
-
else
|
|
98
|
-
my_row = row + [nil]*10
|
|
99
|
-
end
|
|
100
|
-
else
|
|
101
|
-
my_row = row + ["Website","Primary IP","Port","Hosting Status","Server","Response Code","MD5 Finger-print","Redirection","Timestamp", "WordPress", "WordPress Version"]
|
|
102
|
-
end
|
|
103
|
-
cnt+=1
|
|
104
|
-
csv << my_row
|
|
105
|
-
end
|
|
106
|
-
puts "All done. "
|
|
107
|
-
end
|
data/bin/wmaps
DELETED
|
@@ -1,23 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env ruby
|
|
2
|
-
# script to automate the new site discovery through by crawling all unique sites in the site store
|
|
3
|
-
require "wmap"
|
|
4
|
-
require "parallel"
|
|
5
|
-
|
|
6
|
-
def wmap_worker(domain)
|
|
7
|
-
cmd = "wmap " + domain
|
|
8
|
-
puts "wmap discovery on domain: ", domain
|
|
9
|
-
system(cmd)
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
tracker=Wmap::DomainTracker.instance
|
|
14
|
-
Parallel.map(tracker.known_internet_domains.keys, :in_processes => 10) { |target|
|
|
15
|
-
puts "Working on #{target} ..." if @verbose
|
|
16
|
-
wmap_worker(target)
|
|
17
|
-
}
|
|
18
|
-
=begin
|
|
19
|
-
tracker.known_internet_domains.keys.map do |domain|
|
|
20
|
-
wmap_worker(domain)
|
|
21
|
-
end
|
|
22
|
-
=end
|
|
23
|
-
tracker=nil
|