yawast 0.5.0.beta2 → 0.5.0.beta3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/README.md +312 -244
  4. data/bin/yawast +2 -0
  5. data/lib/resources/common_file.txt +29 -0
  6. data/lib/resources/srv_list.txt +775 -0
  7. data/lib/resources/subdomain_list.txt +2354 -0
  8. data/lib/scanner/core.rb +1 -1
  9. data/lib/scanner/generic.rb +6 -107
  10. data/lib/scanner/plugins/dns/generic.rb +195 -0
  11. data/lib/scanner/plugins/ssl/sweet32.rb +85 -0
  12. data/lib/scanner/ssl.rb +18 -50
  13. data/lib/scanner/ssl_labs.rb +1 -1
  14. data/lib/version.rb +1 -1
  15. data/yawast.gemspec +1 -0
  16. metadata +20 -2
data/README.md CHANGED
@@ -121,12 +121,52 @@ In addition to these tests, certain basic information is also displayed, such as
121
121
 
122
122
  ### Usage
123
123
 
124
- * Standard scan: `./yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
124
+ * Standard scan: `./yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--files] [--srv [--subdomains] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
125
125
  * HEAD-only scan: `./yawast head <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
126
126
  * SSL information: `./yawast ssl <url> [--internalssl] [--tdessessioncount] [--nociphers]`
127
127
  * CMS detection: `./yawast cms <url> [--proxy localhost:8080] [--cookie SESSIONID=12345]`
128
128
 
129
- For detailed information, just call `./yawast -h` to see the help page. To see information for a specific command, call `./yawast -h <command>` for full details.
129
+ For detailed information, just call `./yawast -h` to see the help page. To see information for a specific command, call `./yawast -h <command>` for full details. Here is an example, the details for the options to the `scan` command:
130
+
131
+ ```
132
+ OPTIONS:
133
+
134
+ --nossl
135
+ Disables SSL checks
136
+
137
+ --nociphers
138
+ Disables check for supported ciphers (only with --internalssl)
139
+
140
+ --internalssl
141
+ Disable SSL Labs integration
142
+
143
+ --tdessessioncount
144
+ Counts the number of messages that can be sent in a single session
145
+
146
+ --dir
147
+ Enables directory search
148
+
149
+ --dirrecursive
150
+ Recursive directory search (only with --dir)
151
+
152
+ --dirlistredir
153
+ Show 301 redirects (only with --dir)
154
+
155
+ --files
156
+ Performs a search for a large list of common files
157
+
158
+ --srv
159
+ Scan for known SRV DNS Records
160
+
161
+ --subdomains
162
+ Search for Common Subdomains
163
+
164
+ --proxy STRING
165
+ HTTP Proxy Server (such as Burp Suite)
166
+
167
+ --cookie STRING
168
+ Session cookie
169
+ ```
130
170
 
131
171
  ### Using with Burp Suite
132
172
 
@@ -145,248 +185,276 @@ For authenticated testing, YAWAST allows you to specify a cookie to be passed vi
145
185
  Using `scan` - the normal go-to option, here's what you get when scanning my website:
146
186
 
147
187
  ```
148
- $ yawast scan https://adamcaudill.com --dir --tdessessioncount
149
- __ _____ _ _ ___ _____ _____
150
- \ \ / / _ \| | | |/ _ \ / ___|_ _|
151
- \ V / /_\ \ | | / /_\ \\ `--. | |
152
- \ /| _ | |/\| | _ | `--. \ | |
153
- | || | | \ /\ / | | |/\__/ / | |
154
- \_/\_| |_/\/ \/\_| |_/\____/ \_/
155
-
156
- YAWAST v0.5.0.beta2 - The YAWAST Antecedent Web Application Security Toolkit
157
- Copyright (c) 2013-2017 Adam Caudill <adam@adamcaudill.com>
158
- Support & Documentation: https://github.com/adamcaudill/yawast
159
- Ruby 2.2.4-p230; OpenSSL 1.0.2f 28 Jan 2016 (x86_64-darwin15)
160
-
161
- Scanning: https://adamcaudill.com/
162
-
163
- DNS Information:
164
- [I] 104.28.26.55 (N/A)
165
- [I] US - CLOUDFLARENET - CloudFlare, Inc.
166
- [I] San Francisco, California, US
167
- https://www.shodan.io/host/104.28.26.55
168
- https://censys.io/ipv4/104.28.26.55
169
- [I] 104.28.27.55 (N/A)
170
- [I] US - CLOUDFLARENET - CloudFlare, Inc.
171
- [I] San Francisco, California, US
172
- https://www.shodan.io/host/104.28.27.55
173
- https://censys.io/ipv4/104.28.27.55
174
- [I] 2400:CB00:2048:1::681C:1A37 (N/A)
175
- [I] US - CLOUDFLARENET - CloudFlare, Inc.
176
- [I] US
177
- https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37
178
- [I] 2400:CB00:2048:1::681C:1B37 (N/A)
179
- [I] US - CLOUDFLARENET - CloudFlare, Inc.
180
- [I] US
181
- https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
182
- [I] TXT: v=spf1 mx a ptr include:_spf.google.com ~all
183
- [I] TXT: google-site-verification=QTO_7Q7UXmrUIwieJliLTXV3XuQdqNvTPVcug_TwH0w
184
- [I] MX: aspmx4.googlemail.com (30)
185
- [I] MX: aspmx.l.google.com (10)
186
- [I] MX: alt1.aspmx.l.google.com (20)
187
- [I] MX: aspmx2.googlemail.com (30)
188
- [I] MX: alt2.aspmx.l.google.com (20)
189
- [I] MX: aspmx3.googlemail.com (30)
190
- [I] MX: aspmx5.googlemail.com (30)
191
- [I] NS: vera.ns.cloudflare.com
192
- [I] NS: hal.ns.cloudflare.com
193
-
194
- [I] HEAD:
195
- [I] date: Tue, 03 Jan 2017 03:05:26 GMT
196
- [I] content-type: text/html; charset=UTF-8
197
- [I] connection: close
198
- [I] set-cookie: __cfduid=a; expires=Wed, 03-Jan-18 03:05:26 GMT; path=/; domain=.adamcaudill.com; HttpOnly
199
- [I] x-xss-protection: 1; mode=block
200
- [I] content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com ajax.cloudflare.com platform.twitter.com s0.wp.com ssl.google-analytics.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twimg.com platform.twitter.com s0.wp.com; img-src 'self' data: *.wp.com static.flickr.com *.ted.com *.w.org *.gravatar.com *.twimg.com ssl.google-analytics.com *.twitter.com *.staticflickr.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com public.slidesharecdn.com; media-src 'self' *.ted.com; child-src 'self' www.slideshare.net www.youtube.com *.twitter.com; frame-ancestors 'self'; reflected-xss block; referrer no-referrer-when-downgrade; report-uri https://adamcaudill.report-uri.io/r/default/csp/reportOnly;
201
- [I] vary: Accept-Encoding,Cookie
202
- [I] last-modified: Tue, 03 Jan 2017 01:49:31 GMT
203
- [I] cache-control: public, max-age=86400
204
- [I] expires: Wed, 04 Jan 2017 03:05:26 GMT
205
- [I] x-frame-options: sameorigin
206
- [I] pragma: public
207
- [I] cf-cache-status: REVALIDATED
208
- [I] strict-transport-security: max-age=15552000; preload
209
- [I] x-content-type-options: nosniff
210
- [I] server: cloudflare-nginx
211
- [I] cf-ray: a-MIA
212
-
213
- [I] NOTE: Server appears to be Cloudflare; WAF may be in place.
214
-
215
- [I] X-Frame-Options Header: sameorigin
216
- [I] X-Content-Type-Options Header: nosniff
217
- [W] Content-Security-Policy Header Not Present
218
- [W] Public-Key-Pins Header Not Present
219
-
220
- [I] Cookies:
221
- [I] __cfduid=a; expires=Wed, 03-Jan-18 03:05:26 GMT; path=/; domain=.adamcaudill.com; HttpOnly
222
- [W] Cookie missing Secure flag
223
-
224
-
225
- Beginning SSL Labs scan (this could take a minute or two)
226
- [SSL Labs] This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html
227
- .............................................
228
-
229
- SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
230
-
231
- [I] IP: 104.28.27.55 - Grade: A+
232
-
233
- Certificate Information:
234
- [I] Subject: CN=sni67677.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated
235
- [I] Common Names: ["sni67677.cloudflaressl.com"]
236
- [I] Alternative names:
237
- [I] sni67677.cloudflaressl.com
238
- [I] *.adamcaudill.com
239
- [I] adamcaudill.com
240
- [I] Not Before: 2016-12-29T00:00:00+00:00
241
- [I] Not After: 2017-07-02T23:59:59+00:00
242
- [I] Key: EC 256 (RSA equivalent: 3072)
243
- [I] Public Key Hash: a2e0276e6a44138fea0f4afc01a4e6a3e165d15e
244
- [I] Version: 2
245
- [I] Serial: 167670175484361448885961646389808341945
246
- [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2
247
- [I] Signature algorithm: SHA256withECDSA
248
- [I] Extended Validation: No (Domain Control)
249
- [I] Certificate Transparency: No
250
- [I] OCSP Must Staple: No
251
- [I] Revocation information: CRL information available
252
- [I] Revocation information: OCSP information available
253
- [I] Revocation status: certificate not revoked
254
- [I] Extensions:
255
- [I] authorityKeyIdentifier = keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96,
256
- [I] subjectKeyIdentifier = D0:F8:D6:82:36:B5:5C:AC:2D:9A:8E:7B:D9:D5:E6:99:38:B6:8C:FE
257
- [I] keyUsage = critical, Digital Signature
258
- [I] basicConstraints = critical, CA:FALSE
259
- [I] extendedKeyUsage = TLS Web Server Authentication, TLS Web Client Authentication
260
- [I] certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7, CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1,
261
- [I] crlDistributionPoints = , Full Name:, URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl,
262
- [I] authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com,
263
- [I] Hash: 06746b606927dab24f9b339329639151112c9363
264
- https://censys.io/certificates?q=06746b606927dab24f9b339329639151112c9363
265
- https://crt.sh/?q=06746b606927dab24f9b339329639151112c9363
266
-
267
- Configuration Information:
268
- Protocol Support:
269
- [I] TLS 1.0
270
- [I] TLS 1.1
271
- [I] TLS 1.2
272
-
273
- Cipher Suite Support:
274
- [I] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - 128-bits - ECDHE-256-bits
275
- [I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - 128-bits - ECDHE-256-bits
276
- [I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - 128-bits - ECDHE-256-bits
277
- [I] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - 256-bits - ECDHE-256-bits
278
- [I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - 256-bits - ECDHE-256-bits
279
- [I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - 256-bits - ECDHE-256-bits
280
- [I] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
281
- [I] OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
282
-
283
- Handshake Simulation:
284
- [E] Android 2.3.7 - Simulation Failed
285
- [I] Android 4.0.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
286
- [I] Android 4.1.1 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
287
- [I] Android 4.2.2 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
288
- [I] Android 4.3 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
289
- [I] Android 4.4.2 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
290
- [I] Android 5.0.0 - TLS 1.2 - OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
291
- [I] Android 6.0 - TLS 1.2 - OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
292
- [I] Android 7.0 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
293
- [I] Baidu Jan 2015 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
294
- [I] BingPreview Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
295
- [E] Chrome 49 / XP SP3 - Simulation Failed
296
- [I] Chrome 51 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
297
- [I] Firefox 31.3.0 ESR / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
298
- [I] Firefox 47 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
299
- [I] Firefox 49 / XP SP3 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
300
- [I] Firefox 49 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
301
- [I] Googlebot Feb 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
302
- [E] IE 6 / XP - Simulation Failed
303
- [I] IE 7 / Vista - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
304
- [E] IE 8 / XP - Simulation Failed
305
- [I] IE 8-10 / Win 7 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
306
- [I] IE 11 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
307
- [I] IE 11 / Win 8.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
308
- [I] IE 10 / Win Phone 8.0 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
309
- [I] IE 11 / Win Phone 8.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
310
- [I] IE 11 / Win Phone 8.1 Update - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
311
- [I] IE 11 / Win 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
312
- [I] Edge 13 / Win 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
313
- [I] Edge 13 / Win Phone 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
314
- [E] Java 6u45 - Simulation Failed
315
- [I] Java 7u25 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
316
- [I] Java 8u31 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
317
- [E] OpenSSL 0.9.8y - Simulation Failed
318
- [I] OpenSSL 1.0.1l - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
319
- [I] OpenSSL 1.0.2e - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
320
- [I] Safari 5.1.9 / OS X 10.6.8 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
321
- [I] Safari 6 / iOS 6.0.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
322
- [I] Safari 6.0.4 / OS X 10.8.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
323
- [I] Safari 7 / iOS 7.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
324
- [I] Safari 7 / OS X 10.9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
325
- [I] Safari 8 / iOS 8.4 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
326
- [I] Safari 8 / OS X 10.10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
327
- [I] Safari 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
328
- [I] Safari 9 / OS X 10.11 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
329
- [I] Safari 10 / iOS 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
330
- [I] Safari 10 / OS X 10.12 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
331
- [I] Apple ATS 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
332
- [I] Yahoo Slurp Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
333
- [I] YandexBot Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
334
-
335
- Protocol & Vulnerability Information:
336
- [I] DROWN: No
337
- [I] Secure Renegotiation: secure renegotiation supported
338
- [I] POODLE (SSL): No
339
- [I] POODLE (TLS): No
340
- [I] Downgrade Prevention: Yes
341
- [I] Compression: No
342
- [I] Heartbleed: No
343
- [I] OpenSSL CCS (CVE-2014-0224): No
344
- [I] OpenSSL Padding Oracle (CVE-2016-2107): No
345
- [I] Forward Secrecy: Yes (all simulated clients)
346
- [W] OCSP Stapling: No
347
- [I] FREAK: No
348
- [I] Logjam: No
349
- [I] DH public server param (Ys) reuse: No
350
- [I] Protocol Intolerance: No
351
-
352
- TLS Session Request Limit: Checking number of requests accepted using 3DES suites...
353
-
354
- [I] TLS Session Request Limit: Server does not support 3DES cipher suites
355
-
356
- [I] HSTS: Enabled (strict-transport-security: max-age=15552000; preload)
357
-
358
- [W] '/readme.html' found: https://adamcaudill.com/readme.html
359
-
360
- Searching for common directories...
361
- [I] Found: 'https://adamcaudill.com/2005/'
362
- [I] Found: 'https://adamcaudill.com/2006/'
363
- [I] Found: 'https://adamcaudill.com/2004/'
364
- [I] Found: 'https://adamcaudill.com/2003/'
365
- [I] Found: 'https://adamcaudill.com/2008/'
366
- [I] Found: 'https://adamcaudill.com/2007/'
367
- [I] Found: 'https://adamcaudill.com/2010/'
368
- [I] Found: 'https://adamcaudill.com/2011/'
369
- [I] Found: 'https://adamcaudill.com/2013/'
370
- [I] Found: 'https://adamcaudill.com/2014/'
371
- [I] Found: 'https://adamcaudill.com/2009/'
372
- [I] Found: 'https://adamcaudill.com/2016/'
373
- [I] Found: 'https://adamcaudill.com/2015/'
374
- [I] Found: 'https://adamcaudill.com/About/'
375
- [I] Found: 'https://adamcaudill.com/Blog/'
376
- [I] Found: 'https://adamcaudill.com/about/'
377
- [I] Found: 'https://adamcaudill.com/archives/'
378
- [I] Found: 'https://adamcaudill.com/blog/'
379
- [I] Found: 'https://adamcaudill.com/feed/'
380
- [I] Found: 'https://adamcaudill.com/files/'
381
- [I] Found: 'https://adamcaudill.com/pgp/'
382
- [I] Found: 'https://adamcaudill.com/photo/'
383
- [I] Found: 'https://adamcaudill.com/resume/'
384
- [I] Found: 'https://adamcaudill.com/tools/'
385
- [I] Found: 'https://adamcaudill.com/wp-content/'
386
- [I] Found: 'https://adamcaudill.com/wp-includes/'
387
-
388
- [I] Meta Generator: WordPress 4.7
389
- Scan complete.
188
+ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --subdomains
189
+ __ _____ _ _ ___ _____ _____
190
+ \ \ / / _ \| | | |/ _ \ / ___|_ _|
191
+ \ V / /_\ \ | | / /_\ \\ `--. | |
192
+ \ /| _ | |/\| | _ | `--. \ | |
193
+ | || | | \ /\ / | | |/\__/ / | |
194
+ \_/\_| |_/\/ \/\_| |_/\____/ \_/
195
+
196
+ YAWAST v0.5.0.beta3 - The YAWAST Antecedent Web Application Security Toolkit
197
+ Copyright (c) 2013-2017 Adam Caudill <adam@adamcaudill.com>
198
+ Support & Documentation: https://github.com/adamcaudill/yawast
199
+ Ruby 2.2.4-p230; OpenSSL 1.0.2j 26 Sep 2016 (x86_64-darwin16)
200
+
201
+ Scanning: https://adamcaudill.com/
202
+
203
+ DNS Information:
204
+ [I] 104.28.27.55 (N/A)
205
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
206
+ [I] San Francisco, California, US
207
+ https://www.shodan.io/host/104.28.27.55
208
+ https://censys.io/ipv4/104.28.27.55
209
+ [I] 104.28.26.55 (N/A)
210
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
211
+ [I] San Francisco, California, US
212
+ https://www.shodan.io/host/104.28.26.55
213
+ https://censys.io/ipv4/104.28.26.55
214
+ [I] 2400:CB00:2048:1::681C:1B37 (N/A)
215
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
216
+ [I] US
217
+ https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
218
+ [I] 2400:CB00:2048:1::681C:1A37 (N/A)
219
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
220
+ [I] US
221
+ https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37
222
+ [I] TXT: google-site-verification=QTO_7Q7UXmrUIwieJliLTXV3XuQdqNvTPVcug_TwH0w
223
+ [I] TXT: v=spf1 mx a ptr include:_spf.google.com ~all
224
+ [I] TXT: brave-ledger-verification=1
225
+ [I] MX: aspmx5.googlemail.com (30) - 64.233.161.27 (US - GOOGLE - Google Inc.)
226
+ [I] MX: aspmx4.googlemail.com (30) - 74.125.143.26 (US - GOOGLE - Google Inc.)
227
+ [I] MX: aspmx3.googlemail.com (30) - 64.233.186.27 (US - GOOGLE - Google Inc.)
228
+ [I] MX: alt2.aspmx.l.google.com (20) - 74.125.133.26 (US - GOOGLE - Google Inc.)
229
+ [I] MX: aspmx2.googlemail.com (30) - 209.85.202.26 (US - GOOGLE - Google Inc.)
230
+ [I] MX: alt1.aspmx.l.google.com (20) - 209.85.202.27 (US - GOOGLE - Google Inc.)
231
+ [I] MX: aspmx.l.google.com (10) - 108.177.12.27 (US - GOOGLE - Google Inc.)
232
+ [I] NS: hal.ns.cloudflare.com - 173.245.59.174 (US - CLOUDFLARENET - CloudFlare, Inc.)
233
+ [I] NS: vera.ns.cloudflare.com - 173.245.58.147 (US - CLOUDFLARENET - CloudFlare, Inc.)
234
+ [I] SRV: _bittorrent._tcp.adamcaudill.com: example.com:1 - 93.184.216.34 (US - EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business)
235
+ [I] A: www.adamcaudill.com: 104.28.27.55 (US - CLOUDFLARENET - CloudFlare, Inc.)
236
+ [I] A: www.adamcaudill.com: 104.28.26.55 (US - CLOUDFLARENET - CloudFlare, Inc.)
237
+
238
+ [I] HEAD:
239
+ [I] date: Sat, 11 Mar 2017 20:25:53 GMT
240
+ [I] content-type: text/html; charset=UTF-8
241
+ [I] connection: close
242
+ [I] set-cookie: __cfduid=1; expires=Sun, 11-Mar-18 20:25:53 GMT; path=/; domain=.adamcaudill.com; HttpOnly
243
+ [I] vary: Accept-Encoding,Cookie
244
+ [I] last-modified: Sun, 05 Mar 2017 16:55:57 GMT
245
+ [I] x-content-type-options: nosniff
246
+ [I] x-frame-options: sameorigin
247
+ [I] pragma: public
248
+ [I] cache-control: public, max-age=86400
249
+ [I] cf-cache-status: HIT
250
+ [I] expires: Sun, 12 Mar 2017 20:25:53 GMT
251
+ [I] strict-transport-security: max-age=15552000; preload
252
+ [I] server: cloudflare-nginx
253
+ [I] cf-ray: 1-MIA
254
+
255
+ [I] NOTE: Server appears to be Cloudflare; WAF may be in place.
256
+
257
+ [I] X-Frame-Options Header: sameorigin
258
+ [I] X-Content-Type-Options Header: nosniff
259
+ [W] Content-Security-Policy Header Not Present
260
+ [W] Public-Key-Pins Header Not Present
261
+
262
+ [I] Cookies:
263
+ [I] __cfduid=1; expires=Sun, 11-Mar-18 20:25:53 GMT; path=/; domain=.adamcaudill.com; HttpOnly
264
+ [W] Cookie missing Secure flag
265
+ [W] Cookie missing SameSite flag
266
+
267
+
268
+ Beginning SSL Labs scan (this could take a minute or two)
269
+ [SSL Labs] This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html
270
+ ............................
271
+
272
+ SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
273
+
274
+ [I] IP: 104.28.27.55 - Grade: A+
275
+
276
+ Certificate Information:
277
+ [I] Subject: CN=sni67677.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated
278
+ [I] Common Names: ["sni67677.cloudflaressl.com"]
279
+ [I] Alternative names:
280
+ [I] sni67677.cloudflaressl.com
281
+ [I] *.adamcaudill.com
282
+ [I] adamcaudill.com
283
+ [I] Not Before: 2017-02-23T00:00:00+00:00
284
+ [I] Not After: 2017-08-06T23:59:59+00:00
285
+ [I] Key: EC 256 (RSA equivalent: 3072)
286
+ [I] Public Key Hash: c19ebb18e1bb524f684f89cd90f8c6365277f678
287
+ [I] Version: 2
288
+ [I] Serial: 220844199202016449134238880152306048120
289
+ [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2
290
+ [I] Signature algorithm: SHA256withECDSA
291
+ [I] Extended Validation: No (Domain Control)
292
+ [I] Certificate Transparency: No
293
+ [I] OCSP Must Staple: No
294
+ [I] Revocation information: CRL information available
295
+ [I] Revocation information: OCSP information available
296
+ [I] Revocation status: certificate not revoked
297
+ [I] Extensions:
298
+ [I] authorityKeyIdentifier = keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96,
299
+ [I] subjectKeyIdentifier = D0:F8:D6:82:36:B5:5C:AC:2D:9A:8E:7B:D9:D5:E6:99:38:B6:8C:FE
300
+ [I] keyUsage = critical, Digital Signature
301
+ [I] basicConstraints = critical, CA:FALSE
302
+ [I] extendedKeyUsage = TLS Web Server Authentication, TLS Web Client Authentication
303
+ [I] certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7, CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1,
304
+ [I] crlDistributionPoints = , Full Name:, URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl,
305
+ [I] authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com,
306
+ [I] Hash: 9f911f4c6f6b58bb239c526ad8eb8cc5ef641947
307
+ https://censys.io/certificates?q=9f911f4c6f6b58bb239c526ad8eb8cc5ef641947
308
+ https://crt.sh/?q=9f911f4c6f6b58bb239c526ad8eb8cc5ef641947
309
+
310
+ Configuration Information:
311
+ Protocol Support:
312
+ [I] TLS 1.0
313
+ [I] TLS 1.1
314
+ [I] TLS 1.2
315
+
316
+ Cipher Suite Support:
317
+ [I] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - 128-bits - ECDHE-256-bits
318
+ [I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - 128-bits - ECDHE-256-bits
319
+ [I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - 128-bits - ECDHE-256-bits
320
+ [I] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - 256-bits - ECDHE-256-bits
321
+ [I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - 256-bits - ECDHE-256-bits
322
+ [I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - 256-bits - ECDHE-256-bits
323
+ [I] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
324
+ [I] OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
325
+ [W] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - 112-bits - ECDHE-256-bits
326
+
327
+ Handshake Simulation:
328
+ [E] Android 2.3.7 - Simulation Failed
329
+ [I] Android 4.0.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
330
+ [I] Android 4.1.1 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
331
+ [I] Android 4.2.2 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
332
+ [I] Android 4.3 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
333
+ [I] Android 4.4.2 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
334
+ [I] Android 5.0.0 - TLS 1.2 - OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
335
+ [I] Android 6.0 - TLS 1.2 - OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
336
+ [I] Android 7.0 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
337
+ [I] Baidu Jan 2015 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
338
+ [I] BingPreview Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
339
+ [E] Chrome 49 / XP SP3 - Simulation Failed
340
+ [I] Chrome 51 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
341
+ [I] Firefox 31.3.0 ESR / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
342
+ [I] Firefox 47 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
343
+ [I] Firefox 49 / XP SP3 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
344
+ [I] Firefox 49 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
345
+ [I] Googlebot Feb 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
346
+ [E] IE 6 / XP - Simulation Failed
347
+ [I] IE 7 / Vista - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
348
+ [E] IE 8 / XP - Simulation Failed
349
+ [I] IE 8-10 / Win 7 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
350
+ [I] IE 11 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
351
+ [I] IE 11 / Win 8.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
352
+ [I] IE 10 / Win Phone 8.0 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
353
+ [I] IE 11 / Win Phone 8.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
354
+ [I] IE 11 / Win Phone 8.1 Update - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
355
+ [I] IE 11 / Win 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
356
+ [I] Edge 13 / Win 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
357
+ [I] Edge 13 / Win Phone 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
358
+ [E] Java 6u45 - Simulation Failed
359
+ [I] Java 7u25 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
360
+ [I] Java 8u31 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
361
+ [E] OpenSSL 0.9.8y - Simulation Failed
362
+ [I] OpenSSL 1.0.1l - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
363
+ [I] OpenSSL 1.0.2e - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
364
+ [I] Safari 5.1.9 / OS X 10.6.8 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
365
+ [I] Safari 6 / iOS 6.0.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
366
+ [I] Safari 6.0.4 / OS X 10.8.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
367
+ [I] Safari 7 / iOS 7.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
368
+ [I] Safari 7 / OS X 10.9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
369
+ [I] Safari 8 / iOS 8.4 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
370
+ [I] Safari 8 / OS X 10.10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
371
+ [I] Safari 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
372
+ [I] Safari 9 / OS X 10.11 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
373
+ [I] Safari 10 / iOS 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
374
+ [I] Safari 10 / OS X 10.12 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
375
+ [I] Apple ATS 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
376
+ [I] Yahoo Slurp Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
377
+ [I] YandexBot Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
378
+
379
+ Protocol & Vulnerability Information:
380
+ [I] DROWN: No
381
+ [I] Secure Renegotiation: secure renegotiation supported
382
+ [I] POODLE (SSL): No
383
+ [I] POODLE (TLS): No
384
+ [I] Downgrade Prevention: Yes
385
+ [I] Compression: No
386
+ [I] Heartbleed: No
387
+ [I] OpenSSL CCS (CVE-2014-0224): No
388
+ [I] OpenSSL Padding Oracle (CVE-2016-2107): No
389
+ [I] Forward Secrecy: Yes (all simulated clients)
390
+ [I] OCSP Stapling: Yes
391
+ [I] FREAK: No
392
+ [I] Logjam: No
393
+ [I] DH public server param (Ys) reuse: No
394
+ [I] Protocol Intolerance: No
395
+
396
+ TLS Session Request Limit: Checking number of requests accepted using 3DES suites...
397
+ Cloudflare server found: SWEET32 mitigated: https://support.cloudflare.com/hc/en-us/articles/231510928
398
+
399
+ [I] HSTS: Enabled (strict-transport-security: max-age=15552000; preload)
400
+ [I] HSTS Preload: Chrome - false; Firefox - false; Tor - false
401
+ [W] '/readme.html' found: https://adamcaudill.com/readme.html
402
+
403
+
404
+ Checking for common files (this will take a few minutes)...
405
+ [I] '/favicon.ico' found: https://adamcaudill.com/favicon.ico
406
+ [I] '/license.txt' found: https://adamcaudill.com/license.txt
407
+ [I] '/robots.txt' found: https://adamcaudill.com/robots.txt
408
+ [I] '/sitemap_index.xml' found: https://adamcaudill.com/sitemap_index.xml
409
+ [I] '/tools' found: https://adamcaudill.com/tools
410
+ [I] '/wp-config.php' found: https://adamcaudill.com/wp-config.php
411
+ [I] '/wp-cron.php' found: https://adamcaudill.com/wp-cron.php
412
+ [I] '/wp-links-opml.php' found: https://adamcaudill.com/wp-links-opml.php
413
+ [I] '/wp-load.php' found: https://adamcaudill.com/wp-load.php
414
+ [I] '/wp-login.php' found: https://adamcaudill.com/wp-login.php
415
+ [I] '/keybase.txt' found: https://adamcaudill.com/keybase.txt
416
+
417
+ Searching for common directories...
418
+ [I] Found: 'https://adamcaudill.com//'
419
+ [I] Found: 'https://adamcaudill.com/0000/'
420
+ [I] Found: 'https://adamcaudill.com/2004/'
421
+ [I] Found: 'https://adamcaudill.com/2003/'
422
+ [I] Found: 'https://adamcaudill.com/2005/'
423
+ [I] Found: 'https://adamcaudill.com/2006/'
424
+ [I] Found: 'https://adamcaudill.com/2007/'
425
+ [I] Found: 'https://adamcaudill.com/2008/'
426
+ [I] Found: 'https://adamcaudill.com/2011/'
427
+ [I] Found: 'https://adamcaudill.com/2009/'
428
+ [I] Found: 'https://adamcaudill.com/2010/'
429
+ [I] Found: 'https://adamcaudill.com/2012/'
430
+ [I] Found: 'https://adamcaudill.com/2013/'
431
+ [I] Found: 'https://adamcaudill.com/2015/'
432
+ [I] Found: 'https://adamcaudill.com/2014/'
433
+ [I] Found: 'https://adamcaudill.com/2016/'
434
+ [I] Found: 'https://adamcaudill.com/ABOUT/'
435
+ [I] Found: 'https://adamcaudill.com/ARCHIVES/'
436
+ [I] Found: 'https://adamcaudill.com/About/'
437
+ [I] Found: 'https://adamcaudill.com/Archives/'
438
+ [I] Found: 'https://adamcaudill.com/BLOG/'
439
+ [I] Found: 'https://adamcaudill.com/Blog/'
440
+ [I] Found: 'https://adamcaudill.com/Photo/'
441
+ [I] Found: 'https://adamcaudill.com/Resume/'
442
+ [I] Found: 'https://adamcaudill.com/TOOLS/'
443
+ [I] Found: 'https://adamcaudill.com/Tools/'
444
+ [I] Found: 'https://adamcaudill.com/about/'
445
+ [I] Found: 'https://adamcaudill.com/archives/'
446
+ [I] Found: 'https://adamcaudill.com/blog/'
447
+ [I] Found: 'https://adamcaudill.com/feed/'
448
+ [I] Found: 'https://adamcaudill.com/pgp/'
449
+ [I] Found: 'https://adamcaudill.com/photo/'
450
+ [I] Found: 'https://adamcaudill.com/reading/'
451
+ [I] Found: 'https://adamcaudill.com/resume/'
452
+ [I] Found: 'https://adamcaudill.com/speaking/'
453
+ [I] Found: 'https://adamcaudill.com/tools/'
454
+ [I] Found: 'https://adamcaudill.com/wp-content/'
455
+
456
+ [I] Meta Generator: WordPress 4.7.2
457
+ Scan complete.
390
458
  ```
391
459
 
392
460
  ### About The Output
data/bin/yawast CHANGED
@@ -21,6 +21,8 @@ command :scan do |c|
21
21
  c.option '--dirrecursive', 'Recursive directory search (only with --dir)'
22
22
  c.option '--dirlistredir', 'Show 301 redirects (only with --dir)'
23
23
  c.option '--files', 'Performs a search for a large list of common files'
24
+ c.option '--srv', 'Scan for known SRV DNS Records'
25
+ c.option '--subdomains', 'Search for Common Subdomains'
24
26
  c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
25
27
  c.option '--cookie STRING', String, 'Session cookie'
26
28