yawast 0.4.0.beta3 → 0.4.0.beta4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/scanner/cert.rb +1 -1
- data/lib/scanner/core.rb +2 -9
- data/lib/scanner/plugins/http/file_presence.rb +90 -0
- data/lib/scanner/ssl.rb +8 -2
- data/lib/shared/uri.rb +10 -1
- data/lib/version.rb +1 -1
- data/test/test_object_presence.rb +2 -2
- data/yawast.gemspec +1 -0
- metadata +17 -3
- data/lib/scanner/obj_presence.rb +0 -63
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 578aea8ce34d6fd6603ffcffb70f4dfbee7a911d
|
|
4
|
+
data.tar.gz: 09ee59b7fbdd5fd51d222d92fd67752086eed664
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 03ef71cdaf26cc2845c29c8667ec51af7a04ec77abfa6be96a91afb987b022eebc07d36b159b42f2ad69dfdb09c6c749a3f88d6158cf6ca1a29de3b094f374e5
|
|
7
|
+
data.tar.gz: 01e4313f8ee9d155d9c5a0470dbe956e5c6f83ae986fa6762a73d19462f3ba76fc997b91f72b7c59e76366ed840f00e7872871c6f24ff29d9f7cbed6a8cd180a
|
data/CHANGELOG.md
CHANGED
|
@@ -2,7 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
* [#66](https://github.com/adamcaudill/yawast/issues/66) - Thread directory search for better performance
|
|
4
4
|
* [#67](https://github.com/adamcaudill/yawast/issues/67) - Make "Found Redirect" optional
|
|
5
|
+
* [#69](https://github.com/adamcaudill/yawast/issues/69) - False positives on non-standard 404 handling
|
|
6
|
+
* [#73](https://github.com/adamcaudill/yawast/issues/73) - Use `--internalssl` when host is an IP address
|
|
5
7
|
* [#65](https://github.com/adamcaudill/yawast/issues/65) - Bug: Output redirection doesn't work correctly
|
|
8
|
+
* [#70](https://github.com/adamcaudill/yawast/issues/70) - Bug: Handle scans of IP addresses
|
|
9
|
+
* [#72](https://github.com/adamcaudill/yawast/issues/72) - Bug: internalssl & Scanning IPs Fails
|
|
6
10
|
|
|
7
11
|
## 0.3.0 - 2016-09-15
|
|
8
12
|
|
data/lib/scanner/cert.rb
CHANGED
|
@@ -83,7 +83,7 @@ module Yawast
|
|
|
83
83
|
if cert.nil?
|
|
84
84
|
raise 'No certificate received.'
|
|
85
85
|
else
|
|
86
|
-
@results.push "#{domain}: Issuer: '#{cert.issuer.common_name}' / '#{cert.issuer.organization}' Serial: #{cert.serial}"
|
|
86
|
+
@results.push "#{domain}: Issuer: '#{cert.issuer.common_name}' / '#{cert.issuer.organization}' Subject: '#{cert.subject}' Serial: #{cert.serial}"
|
|
87
87
|
end
|
|
88
88
|
rescue
|
|
89
89
|
unless domain.start_with? 'www.'
|
data/lib/scanner/core.rb
CHANGED
|
@@ -48,14 +48,7 @@ module Yawast
|
|
|
48
48
|
Yawast::Scanner::Apache.check_all(@uri, head)
|
|
49
49
|
Yawast::Scanner::Iis.check_all(@uri, head)
|
|
50
50
|
|
|
51
|
-
Yawast::Scanner::
|
|
52
|
-
Yawast::Scanner::ObjectPresence.check_sitemap(@uri)
|
|
53
|
-
Yawast::Scanner::ObjectPresence.check_cross_domain(@uri)
|
|
54
|
-
Yawast::Scanner::ObjectPresence.check_wsftp_log(@uri)
|
|
55
|
-
Yawast::Scanner::ObjectPresence.check_trace_axd(@uri)
|
|
56
|
-
Yawast::Scanner::ObjectPresence.check_elmah_axd(@uri)
|
|
57
|
-
Yawast::Scanner::ObjectPresence.check_readme_html(@uri)
|
|
58
|
-
Yawast::Scanner::ObjectPresence.check_release_notes_txt(@uri)
|
|
51
|
+
Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri
|
|
59
52
|
|
|
60
53
|
Yawast::Scanner::Generic.check_propfind(@uri)
|
|
61
54
|
Yawast::Scanner::Generic.check_options(@uri)
|
|
@@ -110,7 +103,7 @@ module Yawast
|
|
|
110
103
|
if @uri.scheme == 'https' && !options.nossl
|
|
111
104
|
head = Yawast::Shared::Http.head(@uri) if head == nil
|
|
112
105
|
|
|
113
|
-
if options.internalssl
|
|
106
|
+
if options.internalssl || IPAddress.valid?(uri.host)
|
|
114
107
|
Yawast::Scanner::Ssl.info(uri, !options.nociphers, options.tdessessioncount)
|
|
115
108
|
else
|
|
116
109
|
Yawast::Scanner::SslLabs.info(@uri, options.tdessessioncount)
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
require 'securerandom'
|
|
2
|
+
|
|
3
|
+
module Yawast
|
|
4
|
+
module Scanner
|
|
5
|
+
module Plugins
|
|
6
|
+
module Http
|
|
7
|
+
class FilePresence
|
|
8
|
+
def self.check_path(uri, path, vuln)
|
|
9
|
+
#note: this only checks directly at the root, I'm not sure if this is what we want
|
|
10
|
+
# should probably be relative to what's passed in, instead of overriding the path.
|
|
11
|
+
check = uri.copy
|
|
12
|
+
check.path = "#{path}"
|
|
13
|
+
code = Yawast::Shared::Http.get_status_code(check)
|
|
14
|
+
|
|
15
|
+
if code == "200"
|
|
16
|
+
msg = "'#{path}' found: #{check}"
|
|
17
|
+
|
|
18
|
+
if vuln
|
|
19
|
+
Yawast::Utilities.puts_vuln msg
|
|
20
|
+
else
|
|
21
|
+
Yawast::Utilities.puts_warn msg
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
puts ''
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def self.check_all(uri)
|
|
29
|
+
#first, we need to see if the site responds to 404 in a reasonable way
|
|
30
|
+
fake_uri = uri.copy
|
|
31
|
+
fake_uri.path = "/#{SecureRandom.hex}/"
|
|
32
|
+
if Yawast::Shared::Http.get_status_code(fake_uri) != '404'
|
|
33
|
+
#crazy 404 handling
|
|
34
|
+
puts 'Site does not respond properly to non-existent file requests; skipping some checks.'
|
|
35
|
+
|
|
36
|
+
return
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
check_source_control uri
|
|
40
|
+
check_cross_domain uri
|
|
41
|
+
check_sitemap uri
|
|
42
|
+
check_wsftp_log uri
|
|
43
|
+
check_trace_axd uri
|
|
44
|
+
check_elmah_axd uri
|
|
45
|
+
check_readme_html uri
|
|
46
|
+
check_release_notes_txt uri
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def self.check_source_control(uri)
|
|
50
|
+
check_path(uri, '/.git/', true)
|
|
51
|
+
check_path(uri, '/.hg/', true)
|
|
52
|
+
check_path(uri, '/.svn/', true)
|
|
53
|
+
check_path(uri, '/.bzr/', true)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def self.check_cross_domain(uri)
|
|
57
|
+
check_path(uri, '/crossdomain.xml', false)
|
|
58
|
+
check_path(uri, '/clientaccesspolicy.xml', false)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def self.check_sitemap(uri)
|
|
62
|
+
check_path(uri, '/sitemap.xml', false)
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def self.check_wsftp_log(uri)
|
|
66
|
+
#check both upper and lower, as they are both seen in the wild
|
|
67
|
+
check_path(uri, '/WS_FTP.LOG', false)
|
|
68
|
+
check_path(uri, '/ws_ftp.log', false)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def self.check_trace_axd(uri)
|
|
72
|
+
check_path(uri, '/Trace.axd', false)
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
def self.check_elmah_axd(uri)
|
|
76
|
+
check_path(uri, '/elmah.axd', false)
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def self.check_readme_html(uri)
|
|
80
|
+
check_path(uri, '/readme.html', false)
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def self.check_release_notes_txt(uri)
|
|
84
|
+
check_path(uri, '/RELEASE-NOTES.txt', false)
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
end
|
data/lib/scanner/ssl.rb
CHANGED
|
@@ -108,7 +108,12 @@ module Yawast
|
|
|
108
108
|
puts 'Supported Ciphers (based on your OpenSSL version):'
|
|
109
109
|
|
|
110
110
|
dns = Resolv::DNS.new()
|
|
111
|
-
|
|
111
|
+
|
|
112
|
+
if IPAddress.valid? uri.host
|
|
113
|
+
ip = IPAddress.parse uri.host
|
|
114
|
+
else
|
|
115
|
+
ip = dns.getaddresses(uri.host)[0]
|
|
116
|
+
end
|
|
112
117
|
|
|
113
118
|
#find all versions that don't include '_server' or '_client'
|
|
114
119
|
versions = OpenSSL::SSL::SSLContext::METHODS.find_all { |v| !v.to_s.include?('_client') && !v.to_s.include?('_server')}
|
|
@@ -145,7 +150,8 @@ module Yawast
|
|
|
145
150
|
rescue OpenSSL::SSL::SSLError => e
|
|
146
151
|
unless e.message.include?('alert handshake failure') ||
|
|
147
152
|
e.message.include?('no ciphers available') ||
|
|
148
|
-
e.message.include?('wrong version number')
|
|
153
|
+
e.message.include?('wrong version number') ||
|
|
154
|
+
e.message.include?('alert protocol version')
|
|
149
155
|
Yawast::Utilities.puts_error "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(Supported But Failed)"
|
|
150
156
|
end
|
|
151
157
|
rescue => e
|
data/lib/shared/uri.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require 'ipaddress'
|
|
2
|
+
|
|
1
3
|
module Yawast
|
|
2
4
|
module Shared
|
|
3
5
|
class Uri
|
|
@@ -21,7 +23,14 @@ module Yawast
|
|
|
21
23
|
dns = Resolv::DNS.new
|
|
22
24
|
dns.getaddress(uri.host)
|
|
23
25
|
rescue => e
|
|
24
|
-
|
|
26
|
+
if uri.host == 'localhost'
|
|
27
|
+
#do nothing, in this case, we just don't care.
|
|
28
|
+
elsif IPAddress.valid? uri.host
|
|
29
|
+
#in this case the host name is actually a IP, let it go through.
|
|
30
|
+
else
|
|
31
|
+
#we've passed all the exceptions, if we are here, it's a problem
|
|
32
|
+
raise ArgumentError.new("Invalid URL (#{e.message})")
|
|
33
|
+
end
|
|
25
34
|
end
|
|
26
35
|
|
|
27
36
|
return uri
|
data/lib/version.rb
CHANGED
|
@@ -12,7 +12,7 @@ class TestScannerApacheServerStatus < Minitest::Test
|
|
|
12
12
|
|
|
13
13
|
override_stdout
|
|
14
14
|
uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
|
|
15
|
-
Yawast::Scanner::
|
|
15
|
+
Yawast::Scanner::Plugins::Http::FilePresence.check_readme_html uri
|
|
16
16
|
|
|
17
17
|
assert stdout_value.include?('\'/readme.html\' found:'), 'readme.html page warning not found'
|
|
18
18
|
|
|
@@ -26,7 +26,7 @@ class TestScannerApacheServerStatus < Minitest::Test
|
|
|
26
26
|
|
|
27
27
|
override_stdout
|
|
28
28
|
uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
|
|
29
|
-
Yawast::Scanner::
|
|
29
|
+
Yawast::Scanner::Plugins::Http::FilePresence.check_release_notes_txt uri
|
|
30
30
|
|
|
31
31
|
assert stdout_value.include?('\'/RELEASE-NOTES.txt\' found:'), 'RELEASE-NOTES.txt page warning not found'
|
|
32
32
|
|
data/yawast.gemspec
CHANGED
|
@@ -19,6 +19,7 @@ Gem::Specification.new do |s|
|
|
|
19
19
|
s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
|
|
20
20
|
s.add_runtime_dependency 'colorize', '~> 0.8'
|
|
21
21
|
s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
|
|
22
|
+
s.add_runtime_dependency 'ipaddress', '~> 0.8'
|
|
22
23
|
|
|
23
24
|
s.bindir = 'bin'
|
|
24
25
|
s.files = `git ls-files`.split("\n")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: yawast
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.0.
|
|
4
|
+
version: 0.4.0.beta4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Caudill
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-09
|
|
11
|
+
date: 2016-10-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ssllabs
|
|
@@ -94,6 +94,20 @@ dependencies:
|
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '1.0'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: ipaddress
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - "~>"
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: '0.8'
|
|
104
|
+
type: :runtime
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - "~>"
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '0.8'
|
|
97
111
|
description: YAWAST is an application meant to simplify initial analysis and information
|
|
98
112
|
gathering for penetration testers and security auditors.
|
|
99
113
|
email: adam@adamcaudill.com
|
|
@@ -124,9 +138,9 @@ files:
|
|
|
124
138
|
- lib/scanner/generic.rb
|
|
125
139
|
- lib/scanner/iis.rb
|
|
126
140
|
- lib/scanner/nginx.rb
|
|
127
|
-
- lib/scanner/obj_presence.rb
|
|
128
141
|
- lib/scanner/php.rb
|
|
129
142
|
- lib/scanner/plugins/http/directory_search.rb
|
|
143
|
+
- lib/scanner/plugins/http/file_presence.rb
|
|
130
144
|
- lib/scanner/ssl.rb
|
|
131
145
|
- lib/scanner/ssl_labs.rb
|
|
132
146
|
- lib/shared/http.rb
|
data/lib/scanner/obj_presence.rb
DELETED
|
@@ -1,63 +0,0 @@
|
|
|
1
|
-
module Yawast
|
|
2
|
-
module Scanner
|
|
3
|
-
class ObjectPresence
|
|
4
|
-
def self.check_source_control(uri)
|
|
5
|
-
check_path(uri, '/.git/', true)
|
|
6
|
-
check_path(uri, '/.hg/', true)
|
|
7
|
-
check_path(uri, '/.svn/', true)
|
|
8
|
-
check_path(uri, '/.bzr/', true)
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
def self.check_cross_domain(uri)
|
|
12
|
-
check_path(uri, '/crossdomain.xml', false)
|
|
13
|
-
check_path(uri, '/clientaccesspolicy.xml', false)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def self.check_sitemap(uri)
|
|
17
|
-
check_path(uri, '/sitemap.xml', false)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def self.check_wsftp_log(uri)
|
|
21
|
-
#check both upper and lower, as they are both seen in the wild
|
|
22
|
-
check_path(uri, '/WS_FTP.LOG', false)
|
|
23
|
-
check_path(uri, '/ws_ftp.log', false)
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
def self.check_trace_axd(uri)
|
|
27
|
-
check_path(uri, '/Trace.axd', false)
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
def self.check_elmah_axd(uri)
|
|
31
|
-
check_path(uri, '/elmah.axd', false)
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
def self.check_readme_html(uri)
|
|
35
|
-
check_path(uri, '/readme.html', false)
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def self.check_release_notes_txt(uri)
|
|
39
|
-
check_path(uri, '/RELEASE-NOTES.txt', false)
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def self.check_path(uri, path, vuln)
|
|
43
|
-
#note: this only checks directly at the root, I'm not sure if this is what we want
|
|
44
|
-
# should probably be relative to what's passed in, instead of overriding the path.
|
|
45
|
-
check = uri.copy
|
|
46
|
-
check.path = "#{path}"
|
|
47
|
-
code = Yawast::Shared::Http.get_status_code(check)
|
|
48
|
-
|
|
49
|
-
if code == "200"
|
|
50
|
-
msg = "'#{path}' found: #{check}"
|
|
51
|
-
|
|
52
|
-
if vuln
|
|
53
|
-
Yawast::Utilities.puts_vuln msg
|
|
54
|
-
else
|
|
55
|
-
Yawast::Utilities.puts_warn msg
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
puts ''
|
|
59
|
-
end
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
end
|
|
63
|
-
end
|