yawast 0.5.0.beta1 → 0.5.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 65106d07977f1c60a5f68f2506cfe81746c22c13
-  data.tar.gz: 6997ee2700653653651dd21a421d95cf0873a8a6
+  metadata.gz: 75ec2f46c0f9998affc625ef2c5513b99bb75ffc
+  data.tar.gz: d22f11e04d791c348243d994a02f6bef8762d926
 SHA512:
-  metadata.gz: 043435f7f05f23da628a61ad534110f2c2abf9bc0e94d562905614cb19add99cd2c528fc8e3079c4ea68ed01f80a9700cf79de5c76f9c1df5faabc812f371300
-  data.tar.gz: 916d107d840cfc78635193f88ca604588669f3b22706a5b4389e4932eef9f032dfa47b8b01ea98f18e4eab79234f3dfc72c5e2b2726f2feda2731059c49eb091
+  metadata.gz: e0d9f54ba2687801aac27fac90c9daab18504f45b64699ef045618a155b96eeb83536074c28c5835bbcef42791d77f54f6e1e8f867e8fdb55220d66fb7275a73
+  data.tar.gz: 8beddf3db6353a8124ce3648ea4f25a1407ce7be57c78e4f9e4ee8c4e5701e8066c0d333f45b2b75257bf11ada17a1720875866d0cbe619d4711d50e07d7c430

data/.travis.yml

@@ -2,11 +2,13 @@ language: ruby
 rvm:
   - 2.2.4
   - 2.3.1
+script:
+  - bundle exec rake
+  - bundle exec rake submitcodeclimate
 notifications:
   email:
     on_success: never
     on_failure: never
-
 addons:
     code_climate:
         repo_token: 6fd9c710b9a6e0da2011c62b81075b9bd620200a2a400f4dbeab9c88829f4cb6

data/CHANGELOG.md

@@ -1,7 +1,15 @@
 ## 0.5.0 - In Development
 
 * [#75](https://github.com/adamcaudill/yawast/issues/75) - Use internal SSL scanner for non-standard ports
+* [#84](https://github.com/adamcaudill/yawast/issues/84) - Improve the display of ct_precert_scts
+* [#86](https://github.com/adamcaudill/yawast/issues/86) - Add check for Tomcat Manager & common passwords
+* [#87](https://github.com/adamcaudill/yawast/issues/87) - Tomcat version detection via invalid HTTP verb
+* [#88](https://github.com/adamcaudill/yawast/issues/88) - Add IP Network Info via [api.iptoasn.com](https://api.iptoasn.com/)
+* [#89](https://github.com/adamcaudill/yawast/issues/89) - Add IP Location Info
+* [#90](https://github.com/adamcaudill/yawast/issues/90) - Add HSTS Preload check via [HSTSPreload.com](https://hstspreload.com/)
+* [#91](https://github.com/adamcaudill/yawast/issues/91) - Enhanced file search
 * [#76](https://github.com/adamcaudill/yawast/issues/76) - Bug: Handle error for OpenSSL version support error
+* Various code and other improvements.
 
 ## 0.4.0 - 2016-11-03
 

data/LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2013-2017, Adam Caudill <adam@adamcaudill.com>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -20,7 +20,7 @@ The simplest method to install is to use the RubyGem installer:
 
 This allows for simple updates (`gem update yawast`) and makes it easy to ensure that you are always using the latest version.
 
-YAWAST requires Ruby 2.2+, and is tested on Mac OSX and Linux (Windows should work; please open a ticket if you have issues).
+YAWAST requires Ruby 2.2+, and is tested on Mac OSX, Linux, and Windows.
 
 **Kali Rolling**
 
@@ -48,6 +48,10 @@ rvm use 2.2 --default
 gem install yawast
 ```
 
+**Windows**
+
+To install on Windows, you need to first install Ruby; this can be done easily with the latest version of [RubyInstaller](https://rubyinstaller.org/downloads/). Once Ruby is installed, YAWAST can be installed via `gem install yawast` as normal.
+
 ### Tests
 
 The following tests are performed:
@@ -72,12 +76,17 @@ The following tests are performed:
 * *(Generic)* Presence of RELEASE-NOTES.txt
 * *(Generic)* Presence of readme.html
 * *(Generic)* Missing cookie flags (Secure & HttpOnly)
-* *(Generic)* Search for common directories
+* *(Generic)* Search for files & common directories
 * *(Apache)* Info Disclosure: Module listing enabled
 * *(Apache)* Info Disclosure: Server version
 * *(Apache)* Info Disclosure: OpenSSL module version
 * *(Apache)* Presence of /server-status
 * *(Apache)* Presence of /server-info
+* *(Apache Tomcat)* Presence of Tomcat Manager
+* *(Apache Tomcat)* Presence of Tomcat Host Manager
+* *(Apache Tomcat)* Tomcat Manager Weak Password
+* *(Apache Tomcat)* Tomcat Host Manager Weak Password
+* *(Apache Tomcat)* Tomcat version detection via invalid HTTP verb
 * *(IIS)* Info Disclosure: Server version
 * *(ASP.NET)* Info Disclosure: ASP.NET version
 * *(ASP.NET)* Info Disclosure: ASP.NET MVC version
@@ -110,101 +119,6 @@ Checks for the following SSL issues are performed:
 
 In addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), HTTP HEAD request, and others.
 
-### TLS / SSL Testing
-
-YAWAST offers two modes for testing TLS / SSL - one is custom, and most useful for internal systems, and the other uses the [SSL Labs](https://www.ssllabs.com/) API.
-
-#### Internal Mode
-
-To use the custom internal TLS / SSL scanner (which uses your copy of OpenSSL), simply pass `--internalssl` on the command line. Here is a sample of the output generated by this tester.
-
-```
-[I] Found X509 Certificate:
-[I] 		Issued To: sni67677.cloudflaressl.com / 
-[I] 		Issuer: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
-[I] 		Version: 2
-[I] 		Serial: 14171089194524384184707003668844347326
-[I] 		Subject: /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni67677.cloudflaressl.com
-[I] 		Expires: 2016-09-11 23:59:59 UTC
-[I] 		Signature Algorithm: ecdsa-with-SHA256
-[I] 		Key: EC-prime256v1
-[I] 			Key Hash: 1a23d84441f9b811dc188bab42b2375873c42ba2
-[I] 		Extensions:
-[I] 			authorityKeyIdentifier = keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96, 
-[I] 			subjectKeyIdentifier = D0:F8:D6:82:36:B5:5C:AC:2D:9A:8E:7B:D9:D5:E6:99:38:B6:8C:FE
-[I] 			keyUsage = critical, Digital Signature
-[I] 			basicConstraints = critical, CA:FALSE
-[I] 			extendedKeyUsage = TLS Web Server Authentication, TLS Web Client Authentication
-[I] 			certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7,   CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1, 
-[I] 			crlDistributionPoints = , Full Name:,   URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl, 
-[I] 			authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com, 
-[I] 		Alternate Names:
-[I] 			sni67677.cloudflaressl.com
-[I] 			*.adamcaudill.com
-[I] 			*.bsidesknoxville.com
-[I] 			*.secrypto.com
-[I] 			*.smimp.org
-[I] 			*.underhandedcrypto.com
-[I] 			adamcaudill.com
-[I] 			bsidesknoxville.com
-[I] 			secrypto.com
-[I] 			smimp.org
-[I] 			underhandedcrypto.com
-[I] 		Hash: 9be2091903a01bcff3ec4049ed1d037a8c611010
-
-[I] Certificate: Chain
-[I] 		Issued To: sni67677.cloudflaressl.com / 
-[I] 			Issuer: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
-[I] 			Expires: 2016-09-11 23:59:59 UTC
-[I] 			Key: EC-prime256v1
-[I] 			Signature Algorithm: ecdsa-with-SHA256
-[I] 			Hash: 9be2091903a01bcff3ec4049ed1d037a8c611010
-
-[I] 		Issued To: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
-[I] 			Issuer: COMODO ECC Certification Authority / COMODO CA Limited
-[I] 			Expires: 2029-09-24 23:59:59 UTC
-[I] 			Key: EC-prime256v1
-[I] 			Signature Algorithm: ecdsa-with-SHA384
-[I] 			Hash: 75cfd9bc5cefa104ecc1082d77e63392ccba5291
-
-[I] 		Issued To: COMODO ECC Certification Authority / COMODO CA Limited
-[I] 			Issuer: AddTrust External CA Root / AddTrust AB
-[I] 			Expires: 2020-05-30 10:48:38 UTC
-[I] 			Key: EC-secp384r1
-[I] 			Signature Algorithm: sha384WithRSAEncryption
-[I] 			Hash: ae223cbf20191b40d7ffb4ea5701b65fdc68a1ca
-
-
-		Qualys SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
-
-Supported Ciphers (based on your OpenSSL version):
-	Checking for TLSv1 suites (98 possible suites)
-[I] 		Version: TLSv1  	Bits: 256	Cipher: ECDHE-ECDSA-AES256-SHA
-[I] 		Version: TLSv1  	Bits: 128	Cipher: ECDHE-ECDSA-AES128-SHA
-[W] 		Version: TLSv1  	Bits: 112	Cipher: ECDHE-ECDSA-DES-CBC3-SHA
-	Checking for TLSv1_2 suites (98 possible suites)
-[I] 		Version: TLSv1.2	Bits: 256	Cipher: ECDHE-ECDSA-AES256-GCM-SHA384
-[I] 		Version: TLSv1.2	Bits: 256	Cipher: ECDHE-ECDSA-AES256-SHA384
-[I] 		Version: TLSv1.2	Bits: 256	Cipher: ECDHE-ECDSA-AES256-SHA
-[I] 		Version: TLSv1.2	Bits: 128	Cipher: ECDHE-ECDSA-AES128-GCM-SHA256
-[I] 		Version: TLSv1.2	Bits: 128	Cipher: ECDHE-ECDSA-AES128-SHA256
-[I] 		Version: TLSv1.2	Bits: 128	Cipher: ECDHE-ECDSA-AES128-SHA
-[W] 		Version: TLSv1.2	Bits: 112	Cipher: ECDHE-ECDSA-DES-CBC3-SHA
-	Checking for TLSv1_1 suites (98 possible suites)
-[I] 		Version: TLSv1.1	Bits: 256	Cipher: ECDHE-ECDSA-AES256-SHA
-[I] 		Version: TLSv1.1	Bits: 128	Cipher: ECDHE-ECDSA-AES128-SHA
-[W] 		Version: TLSv1.1	Bits: 112	Cipher: ECDHE-ECDSA-DES-CBC3-SHA
-	Checking for SSLv3 suites (98 possible suites)
-```
-
-This version is more limited than the SSL Labs option, though will work in cases where SSL Labs is unable to connect to the target server.
-
-#### SSL Labs Mode
-
-The default mode is to use the SSL Labs API, which makes all users bound by their [terms and conditions](https://www.ssllabs.com/downloads/Qualys_SSL_Labs_Terms_of_Use.pdf), and obviously results in the domain you are scanning being sent to them.
-
-This mode is the most comprehensive, and contains far more data than the Internal Mode. Unless there is a good reason to use the Internal Mode, this is what you should use.
-
 ### Usage
 
 * Standard scan: `./yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
@@ -231,7 +145,7 @@ For authenticated testing, YAWAST allows you to specify a cookie to be passed vi
 Using `scan` - the normal go-to option, here's what you get when scanning my website:
 
 ```
-$yawast scan https://adamcaudill.com --tdessessioncount --dir
+$ yawast scan https://adamcaudill.com --dir --tdessessioncount
  __   _____  _    _  ___   _____ _____ 
  \ \ / / _ \| |  | |/ _ \ /  ___|_   _|
   \ V / /_\ \ |  | / /_\ \\ `--.  | |  
@@ -239,54 +153,62 @@ $yawast scan https://adamcaudill.com --tdessessioncount --dir
    | || | | \  /\  / | | |/\__/ / | |  
    \_/\_| |_/\/  \/\_| |_/\____/  \_/  
  
- YAWAST v0.4.0 - The YAWAST Antecedent Web Application Security Toolkit
-  Copyright (c) 2013-2016 Adam Caudill <adam@adamcaudill.com>
+ YAWAST v0.5.0.beta2 - The YAWAST Antecedent Web Application Security Toolkit
+  Copyright (c) 2013-2017 Adam Caudill <adam@adamcaudill.com>
   Support & Documentation: https://github.com/adamcaudill/yawast
   Ruby 2.2.4-p230; OpenSSL 1.0.2f  28 Jan 2016 (x86_64-darwin15)
  
  Scanning: https://adamcaudill.com/
  
  DNS Information:
- [I] 		104.28.27.55 (N/A)
- 				https://www.shodan.io/host/104.28.27.55
- 				https://censys.io/ipv4/104.28.27.55
  [I] 		104.28.26.55 (N/A)
- 				https://www.shodan.io/host/104.28.26.55
- 				https://censys.io/ipv4/104.28.26.55
- [I] 		2400:CB00:2048:1::681C:1B37 (N/A)
- 				https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
+ [I] 			US - CLOUDFLARENET - CloudFlare, Inc.
+ [I] 			San Francisco, California, US
+ 			https://www.shodan.io/host/104.28.26.55
+ 			https://censys.io/ipv4/104.28.26.55
+ [I] 		104.28.27.55 (N/A)
+ [I] 			US - CLOUDFLARENET - CloudFlare, Inc.
+ [I] 			San Francisco, California, US
+ 			https://www.shodan.io/host/104.28.27.55
+ 			https://censys.io/ipv4/104.28.27.55
  [I] 		2400:CB00:2048:1::681C:1A37 (N/A)
- 				https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37
+ [I] 			US - CLOUDFLARENET - CloudFlare, Inc.
+ [I] 			US
+ 			https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37
+ [I] 		2400:CB00:2048:1::681C:1B37 (N/A)
+ [I] 			US - CLOUDFLARENET - CloudFlare, Inc.
+ [I] 			US
+ 			https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
  [I] 		TXT: v=spf1 mx a ptr include:_spf.google.com ~all
  [I] 		TXT: google-site-verification=QTO_7Q7UXmrUIwieJliLTXV3XuQdqNvTPVcug_TwH0w
+ [I] 		MX: aspmx4.googlemail.com (30)
+ [I] 		MX: aspmx.l.google.com (10)
  [I] 		MX: alt1.aspmx.l.google.com (20)
  [I] 		MX: aspmx2.googlemail.com (30)
  [I] 		MX: alt2.aspmx.l.google.com (20)
  [I] 		MX: aspmx3.googlemail.com (30)
  [I] 		MX: aspmx5.googlemail.com (30)
- [I] 		MX: aspmx4.googlemail.com (30)
- [I] 		MX: aspmx.l.google.com (10)
  [I] 		NS: vera.ns.cloudflare.com
  [I] 		NS: hal.ns.cloudflare.com
  
  [I] HEAD:
- [I] 		date: Thu, 03 Nov 2016 16:01:17 GMT
+ [I] 		date: Tue, 03 Jan 2017 03:05:26 GMT
  [I] 		content-type: text/html; charset=UTF-8
  [I] 		connection: close
- [I] 		set-cookie: __cfduid=1; expires=Fri, 03-Nov-17 16:01:17 GMT; path=/; domain=.adamcaudill.com; HttpOnly
+ [I] 		set-cookie: __cfduid=a; expires=Wed, 03-Jan-18 03:05:26 GMT; path=/; domain=.adamcaudill.com; HttpOnly
  [I] 		x-xss-protection: 1; mode=block
  [I] 		content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com ajax.cloudflare.com platform.twitter.com s0.wp.com ssl.google-analytics.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twimg.com platform.twitter.com s0.wp.com; img-src 'self' data: *.wp.com static.flickr.com *.ted.com *.w.org *.gravatar.com *.twimg.com ssl.google-analytics.com *.twitter.com *.staticflickr.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com public.slidesharecdn.com; media-src 'self' *.ted.com; child-src 'self' www.slideshare.net www.youtube.com *.twitter.com; frame-ancestors 'self'; reflected-xss block; referrer no-referrer-when-downgrade; report-uri https://adamcaudill.report-uri.io/r/default/csp/reportOnly;
  [I] 		vary: Accept-Encoding,Cookie
- [I] 		last-modified: Thu, 03 Nov 2016 14:48:39 GMT
+ [I] 		last-modified: Tue, 03 Jan 2017 01:49:31 GMT
  [I] 		cache-control: public, max-age=86400
- [I] 		expires: Fri, 04 Nov 2016 16:01:17 GMT
+ [I] 		expires: Wed, 04 Jan 2017 03:05:26 GMT
  [I] 		x-frame-options: sameorigin
  [I] 		pragma: public
  [I] 		cf-cache-status: REVALIDATED
  [I] 		strict-transport-security: max-age=15552000; preload
  [I] 		x-content-type-options: nosniff
  [I] 		server: cloudflare-nginx
- [I] 		cf-ray: 2fc10b441b1d2ebd-MIA
+ [I] 		cf-ray: a-MIA
  
  [I] NOTE: Server appears to be Cloudflare; WAF may be in place.
  
@@ -296,13 +218,13 @@ $yawast scan https://adamcaudill.com --tdessessioncount --dir
  [W] Public-Key-Pins Header Not Present
  
  [I] Cookies:
- [I] 		__cfduid=1; expires=Fri, 03-Nov-17 16:01:17 GMT; path=/; domain=.adamcaudill.com; HttpOnly
+ [I] 		__cfduid=a; expires=Wed, 03-Jan-18 03:05:26 GMT; path=/; domain=.adamcaudill.com; HttpOnly
  [W] 			Cookie missing Secure flag
  
  
  Beginning SSL Labs scan (this could take a minute or two)
  [SSL Labs] This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html
- ............................................
+ .............................................
  
  	SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
  
@@ -315,12 +237,12 @@ $yawast scan https://adamcaudill.com --tdessessioncount --dir
  [I] 			sni67677.cloudflaressl.com
  [I] 			*.adamcaudill.com
  [I] 			adamcaudill.com
- [I] 		Not Before: 2016-10-25T00:00:00+00:00
- [I] 		Not After: 2017-04-30T23:59:59+00:00
+ [I] 		Not Before: 2016-12-29T00:00:00+00:00
+ [I] 		Not After: 2017-07-02T23:59:59+00:00
  [I] 		Key: EC 256 (RSA equivalent: 3072)
- [I] 		Public Key Hash: 228dcb22953a406066147ee04d853f921431677a
+ [I] 		Public Key Hash: a2e0276e6a44138fea0f4afc01a4e6a3e165d15e
  [I] 		Version: 2
- [I] 		Serial: 218453950133730970752982267078511306496
+ [I] 		Serial: 167670175484361448885961646389808341945
  [I] 		Issuer: COMODO ECC Domain Validation Secure Server CA 2
  [I] 		Signature algorithm: SHA256withECDSA
  [I] 		Extended Validation: No (Domain Control)
@@ -338,9 +260,9 @@ $yawast scan https://adamcaudill.com --tdessessioncount --dir
  [I] 			certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7,   CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1, 
  [I] 			crlDistributionPoints = , Full Name:,   URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl, 
  [I] 			authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com, 
- [I] 		Hash: fad37c378e602154ca707cfda874b0c21e9fc144
- 			https://censys.io/certificates?q=fad37c378e602154ca707cfda874b0c21e9fc144
- 			https://crt.sh/?q=fad37c378e602154ca707cfda874b0c21e9fc144
+ [I] 		Hash: 06746b606927dab24f9b339329639151112c9363
+ 			https://censys.io/certificates?q=06746b606927dab24f9b339329639151112c9363
+ 			https://crt.sh/?q=06746b606927dab24f9b339329639151112c9363
  
  	Configuration Information:
  		Protocol Support:
@@ -436,33 +358,34 @@ $yawast scan https://adamcaudill.com --tdessessioncount --dir
  [W] '/readme.html' found: https://adamcaudill.com/readme.html
  
  Searching for common directories...
+ [I] 	Found: 'https://adamcaudill.com/2005/'
+ [I] 	Found: 'https://adamcaudill.com/2006/'
  [I] 	Found: 'https://adamcaudill.com/2004/'
  [I] 	Found: 'https://adamcaudill.com/2003/'
- [I] 	Found: 'https://adamcaudill.com/2011/'
- [I] 	Found: 'https://adamcaudill.com/2005/'
  [I] 	Found: 'https://adamcaudill.com/2008/'
- [I] 	Found: 'https://adamcaudill.com/2006/'
  [I] 	Found: 'https://adamcaudill.com/2007/'
- [I] 	Found: 'https://adamcaudill.com/2013/'
- [I] 	Found: 'https://adamcaudill.com/2016/'
- [I] 	Found: 'https://adamcaudill.com/2015/'
  [I] 	Found: 'https://adamcaudill.com/2010/'
+ [I] 	Found: 'https://adamcaudill.com/2011/'
+ [I] 	Found: 'https://adamcaudill.com/2013/'
  [I] 	Found: 'https://adamcaudill.com/2014/'
  [I] 	Found: 'https://adamcaudill.com/2009/'
+ [I] 	Found: 'https://adamcaudill.com/2016/'
+ [I] 	Found: 'https://adamcaudill.com/2015/'
  [I] 	Found: 'https://adamcaudill.com/About/'
  [I] 	Found: 'https://adamcaudill.com/Blog/'
  [I] 	Found: 'https://adamcaudill.com/about/'
  [I] 	Found: 'https://adamcaudill.com/archives/'
  [I] 	Found: 'https://adamcaudill.com/blog/'
  [I] 	Found: 'https://adamcaudill.com/feed/'
- [I] 	Found: 'https://adamcaudill.com/photo/'
+ [I] 	Found: 'https://adamcaudill.com/files/'
  [I] 	Found: 'https://adamcaudill.com/pgp/'
+ [I] 	Found: 'https://adamcaudill.com/photo/'
  [I] 	Found: 'https://adamcaudill.com/resume/'
  [I] 	Found: 'https://adamcaudill.com/tools/'
  [I] 	Found: 'https://adamcaudill.com/wp-content/'
  [I] 	Found: 'https://adamcaudill.com/wp-includes/'
  
- [I] Meta Generator: WordPress 4.6.1
+ [I] Meta Generator: WordPress 4.7
  Scan complete.
 ```
 
@@ -477,25 +400,100 @@ You'll notice that most lines begin with a letter in a bracket, this is to tell
 
 The indicator used may change over time based on new research or better detection techniques. In all cases, results should be carefully evaluated within the context of the application, how it's used, and what threats apply. The indicator is guidance, a hint if you will, it's up to you to determine the real impact.
 
-### About The Name
+### TLS / SSL Testing
 
-When this project was started, the original name was "Yet Another Web Application Security Tool" - as the project became more serious, the name was changed. The current name better reflects the role of the tool, and its place in the penetration tester's workflow. It's meant to be a first step, to come before the serious manual work, and provide information to allow a tester to be up and running quicker. The tests that are performed are based on that goal, as well as the availability and complexity of tests in other tools. If another common tool can do a given task better, it won't be done here.
+YAWAST offers two modes for testing TLS / SSL - one is custom, and most useful for internal systems, and the other uses the [SSL Labs](https://www.ssllabs.com/) API.
 
-### Special Thanks
+#### Internal Mode
 
-[dirbuster-ng](https://github.com/digination/dirbuster-ng) For the use of their `common.txt` directoty list. This list was the foundation of the list used by YAWAST.
-[Shopify](https://www.shopify.com/) for [ssllabs.rb](https://github.com/Shopify/ssllabs.rb), which provides the Qualsys SSL Labs integration.
+To use the custom internal TLS / SSL scanner (which uses your copy of OpenSSL), simply pass `--internalssl` on the command line. Here is a sample of the output generated by this tester.
 
-### License
+```
+[I] Found X509 Certificate:
+[I] 		Issued To: sni67677.cloudflaressl.com / 
+[I] 		Issuer: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
+[I] 		Version: 2
+[I] 		Serial: 167670175484361448885961646389808341945
+[I] 		Subject: /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni67677.cloudflaressl.com
+[I] 		Expires: 2017-07-02 23:59:59 UTC
+[I] 		Signature Algorithm: ecdsa-with-SHA256
+[I] 		Key: EC-prime256v1
+[I] 			Key Hash: 26c91946d32c2e664dd4c131ffd2b11bd6270331
+[I] 		Extensions:
+[I] 			authorityKeyIdentifier = keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96, 
+[I] 			subjectKeyIdentifier = D0:F8:D6:82:36:B5:5C:AC:2D:9A:8E:7B:D9:D5:E6:99:38:B6:8C:FE
+[I] 			keyUsage = critical, Digital Signature
+[I] 			basicConstraints = critical, CA:FALSE
+[I] 			extendedKeyUsage = TLS Web Server Authentication, TLS Web Client Authentication
+[I] 			certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7,   CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1, 
+[I] 			crlDistributionPoints = , Full Name:,   URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl, 
+[I] 			authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com, 
+[I] 		Alternate Names:
+[I] 			sni67677.cloudflaressl.com
+[I] 			*.adamcaudill.com
+[I] 			adamcaudill.com
+[I] 		Hash: 06746b606927dab24f9b339329639151112c9363
+			https://censys.io/certificates?q=06746b606927dab24f9b339329639151112c9363
+			https://crt.sh/?q=06746b606927dab24f9b339329639151112c9363
 
-Copyright (c) 2013 - 2016, Adam Caudill (adam@adamcaudill.com)
+[I] Certificate: Chain
+[I] 		Issued To: sni67677.cloudflaressl.com / 
+[I] 			Issuer: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
+[I] 			Expires: 2017-07-02 23:59:59 UTC
+[I] 			Key: EC-prime256v1
+[I] 			Signature Algorithm: ecdsa-with-SHA256
+[I] 			Hash: 06746b606927dab24f9b339329639151112c9363
 
-All rights reserved.
+[I] 		Issued To: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
+[I] 			Issuer: COMODO ECC Certification Authority / COMODO CA Limited
+[I] 			Expires: 2029-09-24 23:59:59 UTC
+[I] 			Key: EC-prime256v1
+[I] 			Signature Algorithm: ecdsa-with-SHA384
+[I] 			Hash: 75cfd9bc5cefa104ecc1082d77e63392ccba5291
 
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+[I] 		Issued To: COMODO ECC Certification Authority / COMODO CA Limited
+[I] 			Issuer: AddTrust External CA Root / AddTrust AB
+[I] 			Expires: 2020-05-30 10:48:38 UTC
+[I] 			Key: EC-secp384r1
+[I] 			Signature Algorithm: sha384WithRSAEncryption
+[I] 			Hash: ae223cbf20191b40d7ffb4ea5701b65fdc68a1ca
 
-Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
 
-Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+		Qualys SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
+
+Supported Ciphers (based on your OpenSSL version):
+	Checking for TLSv1 suites (98 possible suites)
+[I] 		Version: TLSv1  	Bits: 256	Cipher: ECDHE-ECDSA-AES256-SHA
+[I] 		Version: TLSv1  	Bits: 128	Cipher: ECDHE-ECDSA-AES128-SHA
+[W] 		Version: TLSv1  	Bits: 112	Cipher: ECDHE-ECDSA-DES-CBC3-SHA
+	Checking for TLSv1_2 suites (98 possible suites)
+[I] 		Version: TLSv1.2	Bits: 256	Cipher: ECDHE-ECDSA-AES256-GCM-SHA384
+[I] 		Version: TLSv1.2	Bits: 256	Cipher: ECDHE-ECDSA-AES256-SHA384
+[I] 		Version: TLSv1.2	Bits: 256	Cipher: ECDHE-ECDSA-AES256-SHA
+[I] 		Version: TLSv1.2	Bits: 128	Cipher: ECDHE-ECDSA-AES128-GCM-SHA256
+[I] 		Version: TLSv1.2	Bits: 128	Cipher: ECDHE-ECDSA-AES128-SHA256
+[I] 		Version: TLSv1.2	Bits: 128	Cipher: ECDHE-ECDSA-AES128-SHA
+	Checking for TLSv1_1 suites (98 possible suites)
+[I] 		Version: TLSv1.1	Bits: 256	Cipher: ECDHE-ECDSA-AES256-SHA
+[I] 		Version: TLSv1.1	Bits: 128	Cipher: ECDHE-ECDSA-AES128-SHA
+	Checking for SSLv3 suites (98 possible suites)
+
+[I] HSTS: Enabled (strict-transport-security: max-age=15552000; preload)
+```
+
+This version is more limited than the SSL Labs option, though will work in cases where SSL Labs is unable to connect to the target server.
+
+#### SSL Labs Mode
+
+The default mode is to use the SSL Labs API, which makes all users bound by their [terms and conditions](https://www.ssllabs.com/downloads/Qualys_SSL_Labs_Terms_of_Use.pdf), and obviously results in the domain you are scanning being sent to them.
+
+This mode is the most comprehensive, and contains far more data than the Internal Mode. Unless there is a good reason to use the Internal Mode, this is what you should use.
+
+### About The Name
+
+When this project was started, the original name was "Yet Another Web Application Security Tool" - as the project became more serious, the name was changed. The current name better reflects the role of the tool, and its place in the penetration tester's workflow. It's meant to be a first step, to come before the serious manual work, and provide information to allow a tester to be up and running quicker. The tests that are performed are based on that goal, as well as the availability and complexity of tests in other tools. If another common tool can do a given task better, it won't be done here.
+
+### Special Thanks
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+* [SecLists](https://github.com/danielmiessler/SecLists) - Various lists are based on the resources collected by this project.
+* [Shopify](https://www.shopify.com/) for [ssllabs.rb](https://github.com/Shopify/ssllabs.rb), which provides the Qualsys SSL Labs integration.

data/Rakefile

@@ -18,13 +18,10 @@ task :codeclimate do
 
   require 'simplecov'
   require 'codeclimate-test-reporter'
+end
 
+task :submitcodeclimate do
   ENV['CODECLIMATE_REPO_TOKEN'] ='6fd9c710b9a6e0da2011c62b81075b9bd620200a2a400f4dbeab9c88829f4cb6'
 
-  SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new([
-    SimpleCov::Formatter::HTMLFormatter,
-    CodeClimate::TestReporter::Formatter
-  ])
-
-  CodeClimate::TestReporter::Formatter.new.format(SimpleCov.result)
+  system 'codeclimate-test-reporter'
 end

data/bin/yawast

@@ -20,6 +20,7 @@ command :scan do |c|
   c.option '--dir', 'Enables directory search'
   c.option '--dirrecursive', 'Recursive directory search (only with --dir)'
   c.option '--dirlistredir', 'Show 301 redirects (only with --dir)'
+  c.option '--files', 'Performs a search for a large list of common files'
   c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
   c.option '--cookie STRING', String, 'Session cookie'