yawast 0.4.0.beta3 → 0.4.0.beta4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/scanner/cert.rb +1 -1
- data/lib/scanner/core.rb +2 -9
- data/lib/scanner/plugins/http/file_presence.rb +90 -0
- data/lib/scanner/ssl.rb +8 -2
- data/lib/shared/uri.rb +10 -1
- data/lib/version.rb +1 -1
- data/test/test_object_presence.rb +2 -2
- data/yawast.gemspec +1 -0
- metadata +17 -3
- data/lib/scanner/obj_presence.rb +0 -63
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 578aea8ce34d6fd6603ffcffb70f4dfbee7a911d
|
|
4
|
+
data.tar.gz: 09ee59b7fbdd5fd51d222d92fd67752086eed664
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 03ef71cdaf26cc2845c29c8667ec51af7a04ec77abfa6be96a91afb987b022eebc07d36b159b42f2ad69dfdb09c6c749a3f88d6158cf6ca1a29de3b094f374e5
|
|
7
|
+
data.tar.gz: 01e4313f8ee9d155d9c5a0470dbe956e5c6f83ae986fa6762a73d19462f3ba76fc997b91f72b7c59e76366ed840f00e7872871c6f24ff29d9f7cbed6a8cd180a
|
data/CHANGELOG.md
CHANGED
|
@@ -2,7 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
* [#66](https://github.com/adamcaudill/yawast/issues/66) - Thread directory search for better performance
|
|
4
4
|
* [#67](https://github.com/adamcaudill/yawast/issues/67) - Make "Found Redirect" optional
|
|
5
|
+
* [#69](https://github.com/adamcaudill/yawast/issues/69) - False positives on non-standard 404 handling
|
|
6
|
+
* [#73](https://github.com/adamcaudill/yawast/issues/73) - Use `--internalssl` when host is an IP address
|
|
5
7
|
* [#65](https://github.com/adamcaudill/yawast/issues/65) - Bug: Output redirection doesn't work correctly
|
|
8
|
+
* [#70](https://github.com/adamcaudill/yawast/issues/70) - Bug: Handle scans of IP addresses
|
|
9
|
+
* [#72](https://github.com/adamcaudill/yawast/issues/72) - Bug: internalssl & Scanning IPs Fails
|
|
6
10
|
|
|
7
11
|
## 0.3.0 - 2016-09-15
|
|
8
12
|
|
data/lib/scanner/cert.rb
CHANGED
|
@@ -83,7 +83,7 @@ module Yawast
|
|
|
83
83
|
if cert.nil?
|
|
84
84
|
raise 'No certificate received.'
|
|
85
85
|
else
|
|
86
|
-
@results.push "#{domain}: Issuer: '#{cert.issuer.common_name}' / '#{cert.issuer.organization}' Serial: #{cert.serial}"
|
|
86
|
+
@results.push "#{domain}: Issuer: '#{cert.issuer.common_name}' / '#{cert.issuer.organization}' Subject: '#{cert.subject}' Serial: #{cert.serial}"
|
|
87
87
|
end
|
|
88
88
|
rescue
|
|
89
89
|
unless domain.start_with? 'www.'
|
data/lib/scanner/core.rb
CHANGED
|
@@ -48,14 +48,7 @@ module Yawast
|
|
|
48
48
|
Yawast::Scanner::Apache.check_all(@uri, head)
|
|
49
49
|
Yawast::Scanner::Iis.check_all(@uri, head)
|
|
50
50
|
|
|
51
|
-
Yawast::Scanner::
|
|
52
|
-
Yawast::Scanner::ObjectPresence.check_sitemap(@uri)
|
|
53
|
-
Yawast::Scanner::ObjectPresence.check_cross_domain(@uri)
|
|
54
|
-
Yawast::Scanner::ObjectPresence.check_wsftp_log(@uri)
|
|
55
|
-
Yawast::Scanner::ObjectPresence.check_trace_axd(@uri)
|
|
56
|
-
Yawast::Scanner::ObjectPresence.check_elmah_axd(@uri)
|
|
57
|
-
Yawast::Scanner::ObjectPresence.check_readme_html(@uri)
|
|
58
|
-
Yawast::Scanner::ObjectPresence.check_release_notes_txt(@uri)
|
|
51
|
+
Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri
|
|
59
52
|
|
|
60
53
|
Yawast::Scanner::Generic.check_propfind(@uri)
|
|
61
54
|
Yawast::Scanner::Generic.check_options(@uri)
|
|
@@ -110,7 +103,7 @@ module Yawast
|
|
|
110
103
|
if @uri.scheme == 'https' && !options.nossl
|
|
111
104
|
head = Yawast::Shared::Http.head(@uri) if head == nil
|
|
112
105
|
|
|
113
|
-
if options.internalssl
|
|
106
|
+
if options.internalssl || IPAddress.valid?(uri.host)
|
|
114
107
|
Yawast::Scanner::Ssl.info(uri, !options.nociphers, options.tdessessioncount)
|
|
115
108
|
else
|
|
116
109
|
Yawast::Scanner::SslLabs.info(@uri, options.tdessessioncount)
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
require 'securerandom'
|
|
2
|
+
|
|
3
|
+
module Yawast
|
|
4
|
+
module Scanner
|
|
5
|
+
module Plugins
|
|
6
|
+
module Http
|
|
7
|
+
class FilePresence
|
|
8
|
+
def self.check_path(uri, path, vuln)
|
|
9
|
+
#note: this only checks directly at the root, I'm not sure if this is what we want
|
|
10
|
+
# should probably be relative to what's passed in, instead of overriding the path.
|
|
11
|
+
check = uri.copy
|
|
12
|
+
check.path = "#{path}"
|
|
13
|
+
code = Yawast::Shared::Http.get_status_code(check)
|
|
14
|
+
|
|
15
|
+
if code == "200"
|
|
16
|
+
msg = "'#{path}' found: #{check}"
|
|
17
|
+
|
|
18
|
+
if vuln
|
|
19
|
+
Yawast::Utilities.puts_vuln msg
|
|
20
|
+
else
|
|
21
|
+
Yawast::Utilities.puts_warn msg
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
puts ''
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def self.check_all(uri)
|
|
29
|
+
#first, we need to see if the site responds to 404 in a reasonable way
|
|
30
|
+
fake_uri = uri.copy
|
|
31
|
+
fake_uri.path = "/#{SecureRandom.hex}/"
|
|
32
|
+
if Yawast::Shared::Http.get_status_code(fake_uri) != '404'
|
|
33
|
+
#crazy 404 handling
|
|
34
|
+
puts 'Site does not respond properly to non-existent file requests; skipping some checks.'
|
|
35
|
+
|
|
36
|
+
return
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
check_source_control uri
|
|
40
|
+
check_cross_domain uri
|
|
41
|
+
check_sitemap uri
|
|
42
|
+
check_wsftp_log uri
|
|
43
|
+
check_trace_axd uri
|
|
44
|
+
check_elmah_axd uri
|
|
45
|
+
check_readme_html uri
|
|
46
|
+
check_release_notes_txt uri
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def self.check_source_control(uri)
|
|
50
|
+
check_path(uri, '/.git/', true)
|
|
51
|
+
check_path(uri, '/.hg/', true)
|
|
52
|
+
check_path(uri, '/.svn/', true)
|
|
53
|
+
check_path(uri, '/.bzr/', true)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def self.check_cross_domain(uri)
|
|
57
|
+
check_path(uri, '/crossdomain.xml', false)
|
|
58
|
+
check_path(uri, '/clientaccesspolicy.xml', false)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def self.check_sitemap(uri)
|
|
62
|
+
check_path(uri, '/sitemap.xml', false)
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def self.check_wsftp_log(uri)
|
|
66
|
+
#check both upper and lower, as they are both seen in the wild
|
|
67
|
+
check_path(uri, '/WS_FTP.LOG', false)
|
|
68
|
+
check_path(uri, '/ws_ftp.log', false)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def self.check_trace_axd(uri)
|
|
72
|
+
check_path(uri, '/Trace.axd', false)
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
def self.check_elmah_axd(uri)
|
|
76
|
+
check_path(uri, '/elmah.axd', false)
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def self.check_readme_html(uri)
|
|
80
|
+
check_path(uri, '/readme.html', false)
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def self.check_release_notes_txt(uri)
|
|
84
|
+
check_path(uri, '/RELEASE-NOTES.txt', false)
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
end
|
data/lib/scanner/ssl.rb
CHANGED
|
@@ -108,7 +108,12 @@ module Yawast
|
|
|
108
108
|
puts 'Supported Ciphers (based on your OpenSSL version):'
|
|
109
109
|
|
|
110
110
|
dns = Resolv::DNS.new()
|
|
111
|
-
|
|
111
|
+
|
|
112
|
+
if IPAddress.valid? uri.host
|
|
113
|
+
ip = IPAddress.parse uri.host
|
|
114
|
+
else
|
|
115
|
+
ip = dns.getaddresses(uri.host)[0]
|
|
116
|
+
end
|
|
112
117
|
|
|
113
118
|
#find all versions that don't include '_server' or '_client'
|
|
114
119
|
versions = OpenSSL::SSL::SSLContext::METHODS.find_all { |v| !v.to_s.include?('_client') && !v.to_s.include?('_server')}
|
|
@@ -145,7 +150,8 @@ module Yawast
|
|
|
145
150
|
rescue OpenSSL::SSL::SSLError => e
|
|
146
151
|
unless e.message.include?('alert handshake failure') ||
|
|
147
152
|
e.message.include?('no ciphers available') ||
|
|
148
|
-
e.message.include?('wrong version number')
|
|
153
|
+
e.message.include?('wrong version number') ||
|
|
154
|
+
e.message.include?('alert protocol version')
|
|
149
155
|
Yawast::Utilities.puts_error "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(Supported But Failed)"
|
|
150
156
|
end
|
|
151
157
|
rescue => e
|
data/lib/shared/uri.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require 'ipaddress'
|
|
2
|
+
|
|
1
3
|
module Yawast
|
|
2
4
|
module Shared
|
|
3
5
|
class Uri
|
|
@@ -21,7 +23,14 @@ module Yawast
|
|
|
21
23
|
dns = Resolv::DNS.new
|
|
22
24
|
dns.getaddress(uri.host)
|
|
23
25
|
rescue => e
|
|
24
|
-
|
|
26
|
+
if uri.host == 'localhost'
|
|
27
|
+
#do nothing, in this case, we just don't care.
|
|
28
|
+
elsif IPAddress.valid? uri.host
|
|
29
|
+
#in this case the host name is actually a IP, let it go through.
|
|
30
|
+
else
|
|
31
|
+
#we've passed all the exceptions, if we are here, it's a problem
|
|
32
|
+
raise ArgumentError.new("Invalid URL (#{e.message})")
|
|
33
|
+
end
|
|
25
34
|
end
|
|
26
35
|
|
|
27
36
|
return uri
|
data/lib/version.rb
CHANGED
|
@@ -12,7 +12,7 @@ class TestScannerApacheServerStatus < Minitest::Test
|
|
|
12
12
|
|
|
13
13
|
override_stdout
|
|
14
14
|
uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
|
|
15
|
-
Yawast::Scanner::
|
|
15
|
+
Yawast::Scanner::Plugins::Http::FilePresence.check_readme_html uri
|
|
16
16
|
|
|
17
17
|
assert stdout_value.include?('\'/readme.html\' found:'), 'readme.html page warning not found'
|
|
18
18
|
|
|
@@ -26,7 +26,7 @@ class TestScannerApacheServerStatus < Minitest::Test
|
|
|
26
26
|
|
|
27
27
|
override_stdout
|
|
28
28
|
uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
|
|
29
|
-
Yawast::Scanner::
|
|
29
|
+
Yawast::Scanner::Plugins::Http::FilePresence.check_release_notes_txt uri
|
|
30
30
|
|
|
31
31
|
assert stdout_value.include?('\'/RELEASE-NOTES.txt\' found:'), 'RELEASE-NOTES.txt page warning not found'
|
|
32
32
|
|
data/yawast.gemspec
CHANGED
|
@@ -19,6 +19,7 @@ Gem::Specification.new do |s|
|
|
|
19
19
|
s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
|
|
20
20
|
s.add_runtime_dependency 'colorize', '~> 0.8'
|
|
21
21
|
s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
|
|
22
|
+
s.add_runtime_dependency 'ipaddress', '~> 0.8'
|
|
22
23
|
|
|
23
24
|
s.bindir = 'bin'
|
|
24
25
|
s.files = `git ls-files`.split("\n")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: yawast
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.0.
|
|
4
|
+
version: 0.4.0.beta4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Caudill
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-09
|
|
11
|
+
date: 2016-10-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ssllabs
|
|
@@ -94,6 +94,20 @@ dependencies:
|
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '1.0'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: ipaddress
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - "~>"
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: '0.8'
|
|
104
|
+
type: :runtime
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - "~>"
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '0.8'
|
|
97
111
|
description: YAWAST is an application meant to simplify initial analysis and information
|
|
98
112
|
gathering for penetration testers and security auditors.
|
|
99
113
|
email: adam@adamcaudill.com
|
|
@@ -124,9 +138,9 @@ files:
|
|
|
124
138
|
- lib/scanner/generic.rb
|
|
125
139
|
- lib/scanner/iis.rb
|
|
126
140
|
- lib/scanner/nginx.rb
|
|
127
|
-
- lib/scanner/obj_presence.rb
|
|
128
141
|
- lib/scanner/php.rb
|
|
129
142
|
- lib/scanner/plugins/http/directory_search.rb
|
|
143
|
+
- lib/scanner/plugins/http/file_presence.rb
|
|
130
144
|
- lib/scanner/ssl.rb
|
|
131
145
|
- lib/scanner/ssl_labs.rb
|
|
132
146
|
- lib/shared/http.rb
|
data/lib/scanner/obj_presence.rb
DELETED
|
@@ -1,63 +0,0 @@
|
|
|
1
|
-
module Yawast
|
|
2
|
-
module Scanner
|
|
3
|
-
class ObjectPresence
|
|
4
|
-
def self.check_source_control(uri)
|
|
5
|
-
check_path(uri, '/.git/', true)
|
|
6
|
-
check_path(uri, '/.hg/', true)
|
|
7
|
-
check_path(uri, '/.svn/', true)
|
|
8
|
-
check_path(uri, '/.bzr/', true)
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
def self.check_cross_domain(uri)
|
|
12
|
-
check_path(uri, '/crossdomain.xml', false)
|
|
13
|
-
check_path(uri, '/clientaccesspolicy.xml', false)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def self.check_sitemap(uri)
|
|
17
|
-
check_path(uri, '/sitemap.xml', false)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def self.check_wsftp_log(uri)
|
|
21
|
-
#check both upper and lower, as they are both seen in the wild
|
|
22
|
-
check_path(uri, '/WS_FTP.LOG', false)
|
|
23
|
-
check_path(uri, '/ws_ftp.log', false)
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
def self.check_trace_axd(uri)
|
|
27
|
-
check_path(uri, '/Trace.axd', false)
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
def self.check_elmah_axd(uri)
|
|
31
|
-
check_path(uri, '/elmah.axd', false)
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
def self.check_readme_html(uri)
|
|
35
|
-
check_path(uri, '/readme.html', false)
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def self.check_release_notes_txt(uri)
|
|
39
|
-
check_path(uri, '/RELEASE-NOTES.txt', false)
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def self.check_path(uri, path, vuln)
|
|
43
|
-
#note: this only checks directly at the root, I'm not sure if this is what we want
|
|
44
|
-
# should probably be relative to what's passed in, instead of overriding the path.
|
|
45
|
-
check = uri.copy
|
|
46
|
-
check.path = "#{path}"
|
|
47
|
-
code = Yawast::Shared::Http.get_status_code(check)
|
|
48
|
-
|
|
49
|
-
if code == "200"
|
|
50
|
-
msg = "'#{path}' found: #{check}"
|
|
51
|
-
|
|
52
|
-
if vuln
|
|
53
|
-
Yawast::Utilities.puts_vuln msg
|
|
54
|
-
else
|
|
55
|
-
Yawast::Utilities.puts_warn msg
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
puts ''
|
|
59
|
-
end
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
end
|
|
63
|
-
end
|