yawast 0.5.0.beta2 → 0.5.0.beta3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/README.md +312 -244
  4. data/bin/yawast +2 -0
  5. data/lib/resources/common_file.txt +29 -0
  6. data/lib/resources/srv_list.txt +775 -0
  7. data/lib/resources/subdomain_list.txt +2354 -0
  8. data/lib/scanner/core.rb +1 -1
  9. data/lib/scanner/generic.rb +6 -107
  10. data/lib/scanner/plugins/dns/generic.rb +195 -0
  11. data/lib/scanner/plugins/ssl/sweet32.rb +85 -0
  12. data/lib/scanner/ssl.rb +18 -50
  13. data/lib/scanner/ssl_labs.rb +1 -1
  14. data/lib/version.rb +1 -1
  15. data/yawast.gemspec +1 -0
  16. metadata +20 -2
data/README.md CHANGED
@@ -121,12 +121,52 @@ In addition to these tests, certain basic information is also displayed, such as
121
121
 
122
122
  ### Usage
123
123
 
124
- * Standard scan: `./yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
124
+ * Standard scan: `./yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--files] [--srv [--subdomains] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
125
125
  * HEAD-only scan: `./yawast head <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
126
126
  * SSL information: `./yawast ssl <url> [--internalssl] [--tdessessioncount] [--nociphers]`
127
127
  * CMS detection: `./yawast cms <url> [--proxy localhost:8080] [--cookie SESSIONID=12345]`
128
128
 
129
- For detailed information, just call `./yawast -h` to see the help page. To see information for a specific command, call `./yawast -h <command>` for full details.
129
+ For detailed information, just call `./yawast -h` to see the help page. To see information for a specific command, call `./yawast -h <command>` for full details. Here is an example, the details for the options to the `scan` command:
130
+
131
+ ```
132
+ OPTIONS:
133
+
134
+ --nossl
135
+ Disables SSL checks
136
+
137
+ --nociphers
138
+ Disables check for supported ciphers (only with --internalssl)
139
+
140
+ --internalssl
141
+ Disable SSL Labs integration
142
+
143
+ --tdessessioncount
144
+ Counts the number of messages that can be sent in a single session
145
+
146
+ --dir
147
+ Enables directory search
148
+
149
+ --dirrecursive
150
+ Recursive directory search (only with --dir)
151
+
152
+ --dirlistredir
153
+ Show 301 redirects (only with --dir)
154
+
155
+ --files
156
+ Performs a search for a large list of common files
157
+
158
+ --srv
159
+ Scan for known SRV DNS Records
160
+
161
+ --subdomains
162
+ Search for Common Subdomains
163
+
164
+ --proxy STRING
165
+ HTTP Proxy Server (such as Burp Suite)
166
+
167
+ --cookie STRING
168
+ Session cookie
169
+ ```
130
170
 
131
171
  ### Using with Burp Suite
132
172
 
@@ -145,248 +185,276 @@ For authenticated testing, YAWAST allows you to specify a cookie to be passed vi
145
185
  Using `scan` - the normal go-to option, here's what you get when scanning my website:
146
186
 
147
187
  ```
148
- $ yawast scan https://adamcaudill.com --dir --tdessessioncount
149
- __ _____ _ _ ___ _____ _____
150
- \ \ / / _ \| | | |/ _ \ / ___|_ _|
151
- \ V / /_\ \ | | / /_\ \\ `--. | |
152
- \ /| _ | |/\| | _ | `--. \ | |
153
- | || | | \ /\ / | | |/\__/ / | |
154
- \_/\_| |_/\/ \/\_| |_/\____/ \_/
155
-
156
- YAWAST v0.5.0.beta2 - The YAWAST Antecedent Web Application Security Toolkit
157
- Copyright (c) 2013-2017 Adam Caudill <adam@adamcaudill.com>
158
- Support & Documentation: https://github.com/adamcaudill/yawast
159
- Ruby 2.2.4-p230; OpenSSL 1.0.2f 28 Jan 2016 (x86_64-darwin15)
160
-
161
- Scanning: https://adamcaudill.com/
162
-
163
- DNS Information:
164
- [I] 104.28.26.55 (N/A)
165
- [I] US - CLOUDFLARENET - CloudFlare, Inc.
166
- [I] San Francisco, California, US
167
- https://www.shodan.io/host/104.28.26.55
168
- https://censys.io/ipv4/104.28.26.55
169
- [I] 104.28.27.55 (N/A)
170
- [I] US - CLOUDFLARENET - CloudFlare, Inc.
171
- [I] San Francisco, California, US
172
- https://www.shodan.io/host/104.28.27.55
173
- https://censys.io/ipv4/104.28.27.55
174
- [I] 2400:CB00:2048:1::681C:1A37 (N/A)
175
- [I] US - CLOUDFLARENET - CloudFlare, Inc.
176
- [I] US
177
- https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37
178
- [I] 2400:CB00:2048:1::681C:1B37 (N/A)
179
- [I] US - CLOUDFLARENET - CloudFlare, Inc.
180
- [I] US
181
- https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
182
- [I] TXT: v=spf1 mx a ptr include:_spf.google.com ~all
183
- [I] TXT: google-site-verification=QTO_7Q7UXmrUIwieJliLTXV3XuQdqNvTPVcug_TwH0w
184
- [I] MX: aspmx4.googlemail.com (30)
185
- [I] MX: aspmx.l.google.com (10)
186
- [I] MX: alt1.aspmx.l.google.com (20)
187
- [I] MX: aspmx2.googlemail.com (30)
188
- [I] MX: alt2.aspmx.l.google.com (20)
189
- [I] MX: aspmx3.googlemail.com (30)
190
- [I] MX: aspmx5.googlemail.com (30)
191
- [I] NS: vera.ns.cloudflare.com
192
- [I] NS: hal.ns.cloudflare.com
193
-
194
- [I] HEAD:
195
- [I] date: Tue, 03 Jan 2017 03:05:26 GMT
196
- [I] content-type: text/html; charset=UTF-8
197
- [I] connection: close
198
- [I] set-cookie: __cfduid=a; expires=Wed, 03-Jan-18 03:05:26 GMT; path=/; domain=.adamcaudill.com; HttpOnly
199
- [I] x-xss-protection: 1; mode=block
200
- [I] content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com ajax.cloudflare.com platform.twitter.com s0.wp.com ssl.google-analytics.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twimg.com platform.twitter.com s0.wp.com; img-src 'self' data: *.wp.com static.flickr.com *.ted.com *.w.org *.gravatar.com *.twimg.com ssl.google-analytics.com *.twitter.com *.staticflickr.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com public.slidesharecdn.com; media-src 'self' *.ted.com; child-src 'self' www.slideshare.net www.youtube.com *.twitter.com; frame-ancestors 'self'; reflected-xss block; referrer no-referrer-when-downgrade; report-uri https://adamcaudill.report-uri.io/r/default/csp/reportOnly;
201
- [I] vary: Accept-Encoding,Cookie
202
- [I] last-modified: Tue, 03 Jan 2017 01:49:31 GMT
203
- [I] cache-control: public, max-age=86400
204
- [I] expires: Wed, 04 Jan 2017 03:05:26 GMT
205
- [I] x-frame-options: sameorigin
206
- [I] pragma: public
207
- [I] cf-cache-status: REVALIDATED
208
- [I] strict-transport-security: max-age=15552000; preload
209
- [I] x-content-type-options: nosniff
210
- [I] server: cloudflare-nginx
211
- [I] cf-ray: a-MIA
212
-
213
- [I] NOTE: Server appears to be Cloudflare; WAF may be in place.
214
-
215
- [I] X-Frame-Options Header: sameorigin
216
- [I] X-Content-Type-Options Header: nosniff
217
- [W] Content-Security-Policy Header Not Present
218
- [W] Public-Key-Pins Header Not Present
219
-
220
- [I] Cookies:
221
- [I] __cfduid=a; expires=Wed, 03-Jan-18 03:05:26 GMT; path=/; domain=.adamcaudill.com; HttpOnly
222
- [W] Cookie missing Secure flag
223
-
224
-
225
- Beginning SSL Labs scan (this could take a minute or two)
226
- [SSL Labs] This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html
227
- .............................................
228
-
229
- SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
230
-
231
- [I] IP: 104.28.27.55 - Grade: A+
232
-
233
- Certificate Information:
234
- [I] Subject: CN=sni67677.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated
235
- [I] Common Names: ["sni67677.cloudflaressl.com"]
236
- [I] Alternative names:
237
- [I] sni67677.cloudflaressl.com
238
- [I] *.adamcaudill.com
239
- [I] adamcaudill.com
240
- [I] Not Before: 2016-12-29T00:00:00+00:00
241
- [I] Not After: 2017-07-02T23:59:59+00:00
242
- [I] Key: EC 256 (RSA equivalent: 3072)
243
- [I] Public Key Hash: a2e0276e6a44138fea0f4afc01a4e6a3e165d15e
244
- [I] Version: 2
245
- [I] Serial: 167670175484361448885961646389808341945
246
- [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2
247
- [I] Signature algorithm: SHA256withECDSA
248
- [I] Extended Validation: No (Domain Control)
249
- [I] Certificate Transparency: No
250
- [I] OCSP Must Staple: No
251
- [I] Revocation information: CRL information available
252
- [I] Revocation information: OCSP information available
253
- [I] Revocation status: certificate not revoked
254
- [I] Extensions:
255
- [I] authorityKeyIdentifier = keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96,
256
- [I] subjectKeyIdentifier = D0:F8:D6:82:36:B5:5C:AC:2D:9A:8E:7B:D9:D5:E6:99:38:B6:8C:FE
257
- [I] keyUsage = critical, Digital Signature
258
- [I] basicConstraints = critical, CA:FALSE
259
- [I] extendedKeyUsage = TLS Web Server Authentication, TLS Web Client Authentication
260
- [I] certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7, CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1,
261
- [I] crlDistributionPoints = , Full Name:, URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl,
262
- [I] authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com,
263
- [I] Hash: 06746b606927dab24f9b339329639151112c9363
264
- https://censys.io/certificates?q=06746b606927dab24f9b339329639151112c9363
265
- https://crt.sh/?q=06746b606927dab24f9b339329639151112c9363
266
-
267
- Configuration Information:
268
- Protocol Support:
269
- [I] TLS 1.0
270
- [I] TLS 1.1
271
- [I] TLS 1.2
272
-
273
- Cipher Suite Support:
274
- [I] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - 128-bits - ECDHE-256-bits
275
- [I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - 128-bits - ECDHE-256-bits
276
- [I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - 128-bits - ECDHE-256-bits
277
- [I] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - 256-bits - ECDHE-256-bits
278
- [I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - 256-bits - ECDHE-256-bits
279
- [I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - 256-bits - ECDHE-256-bits
280
- [I] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
281
- [I] OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
282
-
283
- Handshake Simulation:
284
- [E] Android 2.3.7 - Simulation Failed
285
- [I] Android 4.0.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
286
- [I] Android 4.1.1 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
287
- [I] Android 4.2.2 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
288
- [I] Android 4.3 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
289
- [I] Android 4.4.2 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
290
- [I] Android 5.0.0 - TLS 1.2 - OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
291
- [I] Android 6.0 - TLS 1.2 - OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
292
- [I] Android 7.0 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
293
- [I] Baidu Jan 2015 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
294
- [I] BingPreview Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
295
- [E] Chrome 49 / XP SP3 - Simulation Failed
296
- [I] Chrome 51 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
297
- [I] Firefox 31.3.0 ESR / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
298
- [I] Firefox 47 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
299
- [I] Firefox 49 / XP SP3 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
300
- [I] Firefox 49 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
301
- [I] Googlebot Feb 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
302
- [E] IE 6 / XP - Simulation Failed
303
- [I] IE 7 / Vista - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
304
- [E] IE 8 / XP - Simulation Failed
305
- [I] IE 8-10 / Win 7 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
306
- [I] IE 11 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
307
- [I] IE 11 / Win 8.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
308
- [I] IE 10 / Win Phone 8.0 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
309
- [I] IE 11 / Win Phone 8.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
310
- [I] IE 11 / Win Phone 8.1 Update - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
311
- [I] IE 11 / Win 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
312
- [I] Edge 13 / Win 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
313
- [I] Edge 13 / Win Phone 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
314
- [E] Java 6u45 - Simulation Failed
315
- [I] Java 7u25 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
316
- [I] Java 8u31 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
317
- [E] OpenSSL 0.9.8y - Simulation Failed
318
- [I] OpenSSL 1.0.1l - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
319
- [I] OpenSSL 1.0.2e - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
320
- [I] Safari 5.1.9 / OS X 10.6.8 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
321
- [I] Safari 6 / iOS 6.0.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
322
- [I] Safari 6.0.4 / OS X 10.8.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
323
- [I] Safari 7 / iOS 7.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
324
- [I] Safari 7 / OS X 10.9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
325
- [I] Safari 8 / iOS 8.4 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
326
- [I] Safari 8 / OS X 10.10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
327
- [I] Safari 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
328
- [I] Safari 9 / OS X 10.11 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
329
- [I] Safari 10 / iOS 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
330
- [I] Safari 10 / OS X 10.12 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
331
- [I] Apple ATS 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
332
- [I] Yahoo Slurp Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
333
- [I] YandexBot Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
334
-
335
- Protocol & Vulnerability Information:
336
- [I] DROWN: No
337
- [I] Secure Renegotiation: secure renegotiation supported
338
- [I] POODLE (SSL): No
339
- [I] POODLE (TLS): No
340
- [I] Downgrade Prevention: Yes
341
- [I] Compression: No
342
- [I] Heartbleed: No
343
- [I] OpenSSL CCS (CVE-2014-0224): No
344
- [I] OpenSSL Padding Oracle (CVE-2016-2107): No
345
- [I] Forward Secrecy: Yes (all simulated clients)
346
- [W] OCSP Stapling: No
347
- [I] FREAK: No
348
- [I] Logjam: No
349
- [I] DH public server param (Ys) reuse: No
350
- [I] Protocol Intolerance: No
351
-
352
- TLS Session Request Limit: Checking number of requests accepted using 3DES suites...
353
-
354
- [I] TLS Session Request Limit: Server does not support 3DES cipher suites
355
-
356
- [I] HSTS: Enabled (strict-transport-security: max-age=15552000; preload)
357
-
358
- [W] '/readme.html' found: https://adamcaudill.com/readme.html
359
-
360
- Searching for common directories...
361
- [I] Found: 'https://adamcaudill.com/2005/'
362
- [I] Found: 'https://adamcaudill.com/2006/'
363
- [I] Found: 'https://adamcaudill.com/2004/'
364
- [I] Found: 'https://adamcaudill.com/2003/'
365
- [I] Found: 'https://adamcaudill.com/2008/'
366
- [I] Found: 'https://adamcaudill.com/2007/'
367
- [I] Found: 'https://adamcaudill.com/2010/'
368
- [I] Found: 'https://adamcaudill.com/2011/'
369
- [I] Found: 'https://adamcaudill.com/2013/'
370
- [I] Found: 'https://adamcaudill.com/2014/'
371
- [I] Found: 'https://adamcaudill.com/2009/'
372
- [I] Found: 'https://adamcaudill.com/2016/'
373
- [I] Found: 'https://adamcaudill.com/2015/'
374
- [I] Found: 'https://adamcaudill.com/About/'
375
- [I] Found: 'https://adamcaudill.com/Blog/'
376
- [I] Found: 'https://adamcaudill.com/about/'
377
- [I] Found: 'https://adamcaudill.com/archives/'
378
- [I] Found: 'https://adamcaudill.com/blog/'
379
- [I] Found: 'https://adamcaudill.com/feed/'
380
- [I] Found: 'https://adamcaudill.com/files/'
381
- [I] Found: 'https://adamcaudill.com/pgp/'
382
- [I] Found: 'https://adamcaudill.com/photo/'
383
- [I] Found: 'https://adamcaudill.com/resume/'
384
- [I] Found: 'https://adamcaudill.com/tools/'
385
- [I] Found: 'https://adamcaudill.com/wp-content/'
386
- [I] Found: 'https://adamcaudill.com/wp-includes/'
387
-
388
- [I] Meta Generator: WordPress 4.7
389
- Scan complete.
188
+ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --subdomains
189
+ __ _____ _ _ ___ _____ _____
190
+ \ \ / / _ \| | | |/ _ \ / ___|_ _|
191
+ \ V / /_\ \ | | / /_\ \\ `--. | |
192
+ \ /| _ | |/\| | _ | `--. \ | |
193
+ | || | | \ /\ / | | |/\__/ / | |
194
+ \_/\_| |_/\/ \/\_| |_/\____/ \_/
195
+
196
+ YAWAST v0.5.0.beta3 - The YAWAST Antecedent Web Application Security Toolkit
197
+ Copyright (c) 2013-2017 Adam Caudill <adam@adamcaudill.com>
198
+ Support & Documentation: https://github.com/adamcaudill/yawast
199
+ Ruby 2.2.4-p230; OpenSSL 1.0.2j 26 Sep 2016 (x86_64-darwin16)
200
+
201
+ Scanning: https://adamcaudill.com/
202
+
203
+ DNS Information:
204
+ [I] 104.28.27.55 (N/A)
205
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
206
+ [I] San Francisco, California, US
207
+ https://www.shodan.io/host/104.28.27.55
208
+ https://censys.io/ipv4/104.28.27.55
209
+ [I] 104.28.26.55 (N/A)
210
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
211
+ [I] San Francisco, California, US
212
+ https://www.shodan.io/host/104.28.26.55
213
+ https://censys.io/ipv4/104.28.26.55
214
+ [I] 2400:CB00:2048:1::681C:1B37 (N/A)
215
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
216
+ [I] US
217
+ https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
218
+ [I] 2400:CB00:2048:1::681C:1A37 (N/A)
219
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
220
+ [I] US
221
+ https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37
222
+ [I] TXT: google-site-verification=QTO_7Q7UXmrUIwieJliLTXV3XuQdqNvTPVcug_TwH0w
223
+ [I] TXT: v=spf1 mx a ptr include:_spf.google.com ~all
224
+ [I] TXT: brave-ledger-verification=1
225
+ [I] MX: aspmx5.googlemail.com (30) - 64.233.161.27 (US - GOOGLE - Google Inc.)
226
+ [I] MX: aspmx4.googlemail.com (30) - 74.125.143.26 (US - GOOGLE - Google Inc.)
227
+ [I] MX: aspmx3.googlemail.com (30) - 64.233.186.27 (US - GOOGLE - Google Inc.)
228
+ [I] MX: alt2.aspmx.l.google.com (20) - 74.125.133.26 (US - GOOGLE - Google Inc.)
229
+ [I] MX: aspmx2.googlemail.com (30) - 209.85.202.26 (US - GOOGLE - Google Inc.)
230
+ [I] MX: alt1.aspmx.l.google.com (20) - 209.85.202.27 (US - GOOGLE - Google Inc.)
231
+ [I] MX: aspmx.l.google.com (10) - 108.177.12.27 (US - GOOGLE - Google Inc.)
232
+ [I] NS: hal.ns.cloudflare.com - 173.245.59.174 (US - CLOUDFLARENET - CloudFlare, Inc.)
233
+ [I] NS: vera.ns.cloudflare.com - 173.245.58.147 (US - CLOUDFLARENET - CloudFlare, Inc.)
234
+ [I] SRV: _bittorrent._tcp.adamcaudill.com: example.com:1 - 93.184.216.34 (US - EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business)
235
+ [I] A: www.adamcaudill.com: 104.28.27.55 (US - CLOUDFLARENET - CloudFlare, Inc.)
236
+ [I] A: www.adamcaudill.com: 104.28.26.55 (US - CLOUDFLARENET - CloudFlare, Inc.)
237
+
238
+ [I] HEAD:
239
+ [I] date: Sat, 11 Mar 2017 20:25:53 GMT
240
+ [I] content-type: text/html; charset=UTF-8
241
+ [I] connection: close
242
+ [I] set-cookie: __cfduid=1; expires=Sun, 11-Mar-18 20:25:53 GMT; path=/; domain=.adamcaudill.com; HttpOnly
243
+ [I] vary: Accept-Encoding,Cookie
244
+ [I] last-modified: Sun, 05 Mar 2017 16:55:57 GMT
245
+ [I] x-content-type-options: nosniff
246
+ [I] x-frame-options: sameorigin
247
+ [I] pragma: public
248
+ [I] cache-control: public, max-age=86400
249
+ [I] cf-cache-status: HIT
250
+ [I] expires: Sun, 12 Mar 2017 20:25:53 GMT
251
+ [I] strict-transport-security: max-age=15552000; preload
252
+ [I] server: cloudflare-nginx
253
+ [I] cf-ray: 1-MIA
254
+
255
+ [I] NOTE: Server appears to be Cloudflare; WAF may be in place.
256
+
257
+ [I] X-Frame-Options Header: sameorigin
258
+ [I] X-Content-Type-Options Header: nosniff
259
+ [W] Content-Security-Policy Header Not Present
260
+ [W] Public-Key-Pins Header Not Present
261
+
262
+ [I] Cookies:
263
+ [I] __cfduid=1; expires=Sun, 11-Mar-18 20:25:53 GMT; path=/; domain=.adamcaudill.com; HttpOnly
264
+ [W] Cookie missing Secure flag
265
+ [W] Cookie missing SameSite flag
266
+
267
+
268
+ Beginning SSL Labs scan (this could take a minute or two)
269
+ [SSL Labs] This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html
270
+ ............................
271
+
272
+ SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
273
+
274
+ [I] IP: 104.28.27.55 - Grade: A+
275
+
276
+ Certificate Information:
277
+ [I] Subject: CN=sni67677.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated
278
+ [I] Common Names: ["sni67677.cloudflaressl.com"]
279
+ [I] Alternative names:
280
+ [I] sni67677.cloudflaressl.com
281
+ [I] *.adamcaudill.com
282
+ [I] adamcaudill.com
283
+ [I] Not Before: 2017-02-23T00:00:00+00:00
284
+ [I] Not After: 2017-08-06T23:59:59+00:00
285
+ [I] Key: EC 256 (RSA equivalent: 3072)
286
+ [I] Public Key Hash: c19ebb18e1bb524f684f89cd90f8c6365277f678
287
+ [I] Version: 2
288
+ [I] Serial: 220844199202016449134238880152306048120
289
+ [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2
290
+ [I] Signature algorithm: SHA256withECDSA
291
+ [I] Extended Validation: No (Domain Control)
292
+ [I] Certificate Transparency: No
293
+ [I] OCSP Must Staple: No
294
+ [I] Revocation information: CRL information available
295
+ [I] Revocation information: OCSP information available
296
+ [I] Revocation status: certificate not revoked
297
+ [I] Extensions:
298
+ [I] authorityKeyIdentifier = keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96,
299
+ [I] subjectKeyIdentifier = D0:F8:D6:82:36:B5:5C:AC:2D:9A:8E:7B:D9:D5:E6:99:38:B6:8C:FE
300
+ [I] keyUsage = critical, Digital Signature
301
+ [I] basicConstraints = critical, CA:FALSE
302
+ [I] extendedKeyUsage = TLS Web Server Authentication, TLS Web Client Authentication
303
+ [I] certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7, CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1,
304
+ [I] crlDistributionPoints = , Full Name:, URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl,
305
+ [I] authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com,
306
+ [I] Hash: 9f911f4c6f6b58bb239c526ad8eb8cc5ef641947
307
+ https://censys.io/certificates?q=9f911f4c6f6b58bb239c526ad8eb8cc5ef641947
308
+ https://crt.sh/?q=9f911f4c6f6b58bb239c526ad8eb8cc5ef641947
309
+
310
+ Configuration Information:
311
+ Protocol Support:
312
+ [I] TLS 1.0
313
+ [I] TLS 1.1
314
+ [I] TLS 1.2
315
+
316
+ Cipher Suite Support:
317
+ [I] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - 128-bits - ECDHE-256-bits
318
+ [I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - 128-bits - ECDHE-256-bits
319
+ [I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - 128-bits - ECDHE-256-bits
320
+ [I] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - 256-bits - ECDHE-256-bits
321
+ [I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - 256-bits - ECDHE-256-bits
322
+ [I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - 256-bits - ECDHE-256-bits
323
+ [I] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
324
+ [I] OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
325
+ [W] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - 112-bits - ECDHE-256-bits
326
+
327
+ Handshake Simulation:
328
+ [E] Android 2.3.7 - Simulation Failed
329
+ [I] Android 4.0.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
330
+ [I] Android 4.1.1 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
331
+ [I] Android 4.2.2 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
332
+ [I] Android 4.3 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
333
+ [I] Android 4.4.2 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
334
+ [I] Android 5.0.0 - TLS 1.2 - OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
335
+ [I] Android 6.0 - TLS 1.2 - OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
336
+ [I] Android 7.0 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
337
+ [I] Baidu Jan 2015 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
338
+ [I] BingPreview Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
339
+ [E] Chrome 49 / XP SP3 - Simulation Failed
340
+ [I] Chrome 51 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
341
+ [I] Firefox 31.3.0 ESR / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
342
+ [I] Firefox 47 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
343
+ [I] Firefox 49 / XP SP3 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
344
+ [I] Firefox 49 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
345
+ [I] Googlebot Feb 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
346
+ [E] IE 6 / XP - Simulation Failed
347
+ [I] IE 7 / Vista - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
348
+ [E] IE 8 / XP - Simulation Failed
349
+ [I] IE 8-10 / Win 7 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
350
+ [I] IE 11 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
351
+ [I] IE 11 / Win 8.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
352
+ [I] IE 10 / Win Phone 8.0 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
353
+ [I] IE 11 / Win Phone 8.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
354
+ [I] IE 11 / Win Phone 8.1 Update - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
355
+ [I] IE 11 / Win 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
356
+ [I] Edge 13 / Win 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
357
+ [I] Edge 13 / Win Phone 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
358
+ [E] Java 6u45 - Simulation Failed
359
+ [I] Java 7u25 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
360
+ [I] Java 8u31 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
361
+ [E] OpenSSL 0.9.8y - Simulation Failed
362
+ [I] OpenSSL 1.0.1l - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
363
+ [I] OpenSSL 1.0.2e - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
364
+ [I] Safari 5.1.9 / OS X 10.6.8 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
365
+ [I] Safari 6 / iOS 6.0.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
366
+ [I] Safari 6.0.4 / OS X 10.8.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
367
+ [I] Safari 7 / iOS 7.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
368
+ [I] Safari 7 / OS X 10.9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
369
+ [I] Safari 8 / iOS 8.4 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
370
+ [I] Safari 8 / OS X 10.10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
371
+ [I] Safari 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
372
+ [I] Safari 9 / OS X 10.11 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
373
+ [I] Safari 10 / iOS 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
374
+ [I] Safari 10 / OS X 10.12 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
375
+ [I] Apple ATS 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
376
+ [I] Yahoo Slurp Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
377
+ [I] YandexBot Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
378
+
379
+ Protocol & Vulnerability Information:
380
+ [I] DROWN: No
381
+ [I] Secure Renegotiation: secure renegotiation supported
382
+ [I] POODLE (SSL): No
383
+ [I] POODLE (TLS): No
384
+ [I] Downgrade Prevention: Yes
385
+ [I] Compression: No
386
+ [I] Heartbleed: No
387
+ [I] OpenSSL CCS (CVE-2014-0224): No
388
+ [I] OpenSSL Padding Oracle (CVE-2016-2107): No
389
+ [I] Forward Secrecy: Yes (all simulated clients)
390
+ [I] OCSP Stapling: Yes
391
+ [I] FREAK: No
392
+ [I] Logjam: No
393
+ [I] DH public server param (Ys) reuse: No
394
+ [I] Protocol Intolerance: No
395
+
396
+ TLS Session Request Limit: Checking number of requests accepted using 3DES suites...
397
+ Cloudflare server found: SWEET32 mitigated: https://support.cloudflare.com/hc/en-us/articles/231510928
398
+
399
+ [I] HSTS: Enabled (strict-transport-security: max-age=15552000; preload)
400
+ [I] HSTS Preload: Chrome - false; Firefox - false; Tor - false
401
+ [W] '/readme.html' found: https://adamcaudill.com/readme.html
402
+
403
+
404
+ Checking for common files (this will take a few minutes)...
405
+ [I] '/favicon.ico' found: https://adamcaudill.com/favicon.ico
406
+ [I] '/license.txt' found: https://adamcaudill.com/license.txt
407
+ [I] '/robots.txt' found: https://adamcaudill.com/robots.txt
408
+ [I] '/sitemap_index.xml' found: https://adamcaudill.com/sitemap_index.xml
409
+ [I] '/tools' found: https://adamcaudill.com/tools
410
+ [I] '/wp-config.php' found: https://adamcaudill.com/wp-config.php
411
+ [I] '/wp-cron.php' found: https://adamcaudill.com/wp-cron.php
412
+ [I] '/wp-links-opml.php' found: https://adamcaudill.com/wp-links-opml.php
413
+ [I] '/wp-load.php' found: https://adamcaudill.com/wp-load.php
414
+ [I] '/wp-login.php' found: https://adamcaudill.com/wp-login.php
415
+ [I] '/keybase.txt' found: https://adamcaudill.com/keybase.txt
416
+
417
+ Searching for common directories...
418
+ [I] Found: 'https://adamcaudill.com//'
419
+ [I] Found: 'https://adamcaudill.com/0000/'
420
+ [I] Found: 'https://adamcaudill.com/2004/'
421
+ [I] Found: 'https://adamcaudill.com/2003/'
422
+ [I] Found: 'https://adamcaudill.com/2005/'
423
+ [I] Found: 'https://adamcaudill.com/2006/'
424
+ [I] Found: 'https://adamcaudill.com/2007/'
425
+ [I] Found: 'https://adamcaudill.com/2008/'
426
+ [I] Found: 'https://adamcaudill.com/2011/'
427
+ [I] Found: 'https://adamcaudill.com/2009/'
428
+ [I] Found: 'https://adamcaudill.com/2010/'
429
+ [I] Found: 'https://adamcaudill.com/2012/'
430
+ [I] Found: 'https://adamcaudill.com/2013/'
431
+ [I] Found: 'https://adamcaudill.com/2015/'
432
+ [I] Found: 'https://adamcaudill.com/2014/'
433
+ [I] Found: 'https://adamcaudill.com/2016/'
434
+ [I] Found: 'https://adamcaudill.com/ABOUT/'
435
+ [I] Found: 'https://adamcaudill.com/ARCHIVES/'
436
+ [I] Found: 'https://adamcaudill.com/About/'
437
+ [I] Found: 'https://adamcaudill.com/Archives/'
438
+ [I] Found: 'https://adamcaudill.com/BLOG/'
439
+ [I] Found: 'https://adamcaudill.com/Blog/'
440
+ [I] Found: 'https://adamcaudill.com/Photo/'
441
+ [I] Found: 'https://adamcaudill.com/Resume/'
442
+ [I] Found: 'https://adamcaudill.com/TOOLS/'
443
+ [I] Found: 'https://adamcaudill.com/Tools/'
444
+ [I] Found: 'https://adamcaudill.com/about/'
445
+ [I] Found: 'https://adamcaudill.com/archives/'
446
+ [I] Found: 'https://adamcaudill.com/blog/'
447
+ [I] Found: 'https://adamcaudill.com/feed/'
448
+ [I] Found: 'https://adamcaudill.com/pgp/'
449
+ [I] Found: 'https://adamcaudill.com/photo/'
450
+ [I] Found: 'https://adamcaudill.com/reading/'
451
+ [I] Found: 'https://adamcaudill.com/resume/'
452
+ [I] Found: 'https://adamcaudill.com/speaking/'
453
+ [I] Found: 'https://adamcaudill.com/tools/'
454
+ [I] Found: 'https://adamcaudill.com/wp-content/'
455
+
456
+ [I] Meta Generator: WordPress 4.7.2
457
+ Scan complete.
390
458
  ```
391
459
 
392
460
  ### About The Output
data/bin/yawast CHANGED
@@ -21,6 +21,8 @@ command :scan do |c|
21
21
  c.option '--dirrecursive', 'Recursive directory search (only with --dir)'
22
22
  c.option '--dirlistredir', 'Show 301 redirects (only with --dir)'
23
23
  c.option '--files', 'Performs a search for a large list of common files'
24
+ c.option '--srv', 'Scan for known SRV DNS Records'
25
+ c.option '--subdomains', 'Search for Common Subdomains'
24
26
  c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
25
27
  c.option '--cookie STRING', String, 'Session cookie'
26
28