yawast 0.6.0.beta2 → 0.6.0.beta3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Dockerfile +12 -0
- data/README.md +122 -67
- data/bin/yawast +11 -0
- data/lib/commands/dns.rb +16 -0
- data/lib/scanner/core.rb +18 -5
- data/lib/scanner/generic.rb +34 -3
- data/lib/scanner/plugins/dns/caa.rb +44 -45
- data/lib/scanner/plugins/servers/apache.rb +171 -0
- data/lib/scanner/plugins/servers/iis.rb +64 -0
- data/lib/scanner/plugins/servers/nginx.rb +17 -0
- data/lib/scanner/plugins/servers/python.rb +17 -0
- data/lib/shared/http.rb +12 -0
- data/lib/version.rb +1 -1
- data/test/test_scan_apache_banner.rb +5 -5
- data/test/test_scan_apache_server_info.rb +1 -1
- data/test/test_scan_apache_server_status.rb +1 -1
- data/test/test_scan_iis_headers.rb +3 -3
- data/test/test_scan_nginx_banner.rb +1 -1
- metadata +8 -5
- data/lib/scanner/apache.rb +0 -146
- data/lib/scanner/iis.rb +0 -60
- data/lib/scanner/nginx.rb +0 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 22035a8dee3ff0cb29da78d15ae0e664c3ec3246
|
4
|
+
data.tar.gz: 02e2880f7d8569b17bc11d1b88481895dcd1b992
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dab8b3cc377e7d2d8b5a33ceea9e0b62dc0e43d732c39fd4daaa32bd4f0a410057ba45a219a9fb65ea32a6cd91b0ea6be7d0cbb7db61fcb4f70b58f6c34d4bd1
|
7
|
+
data.tar.gz: 32a6f3f8486aa9c9a597b1ad3d546a63def8ae650e0555e62e440c378b54c95c4bd09f0d891828f4d66ca10992274d74336fa684af765d34b7f1aa018a1cf657
|
data/CHANGELOG.md
CHANGED
@@ -1,7 +1,13 @@
|
|
1
1
|
## 0.6.0 - In Development
|
2
2
|
|
3
|
+
* [#54](https://github.com/adamcaudill/yawast/issues/54) - Check for Python version in Server header
|
3
4
|
* [#109](https://github.com/adamcaudill/yawast/issues/109) - DNS CAA Support
|
4
5
|
* [#113](https://github.com/adamcaudill/yawast/issues/113) - Better False Positive Detection For Directory Search
|
6
|
+
* [#115](https://github.com/adamcaudill/yawast/issues/115) - Add dns Command
|
7
|
+
* [#116](https://github.com/adamcaudill/yawast/issues/116) - Add option '--nodns' to skip DNS checks
|
8
|
+
* [#117](https://github.com/adamcaudill/yawast/issues/117) - Show additional information about the TLS connection
|
9
|
+
* [#118](https://github.com/adamcaudill/yawast/issues/118) - Add check for CVE-2017-12617 - Apache Tomcat PUT RCE
|
10
|
+
* [#120](https://github.com/adamcaudill/yawast/issues/120) - Add Docker support
|
5
11
|
|
6
12
|
## 0.5.2 - 2017-07-13
|
7
13
|
|
data/Dockerfile
ADDED
data/README.md
CHANGED
@@ -22,11 +22,21 @@ This allows for simple updates (`gem update yawast`) and makes it easy to ensure
|
|
22
22
|
|
23
23
|
YAWAST requires Ruby 2.2+, and is tested on Mac OSX, Linux, and Windows.
|
24
24
|
|
25
|
-
|
25
|
+
#### Docker
|
26
26
|
|
27
|
-
|
27
|
+
YAWAST can be run inside a docker container.
|
28
28
|
|
29
|
-
|
29
|
+
```
|
30
|
+
docker pull adamcaudill/yawast && docker run --rm adamcaudill/yawast scan <url> ...
|
31
|
+
```
|
32
|
+
|
33
|
+
This is the recommended option, especially if you need to perform the SWEET32 test (`--tdessessioncount`), due to OpenSSL dropping support for the 3DES cipher suites.
|
34
|
+
|
35
|
+
#### Kali Rolling
|
36
|
+
|
37
|
+
To install on Kali, just run `gem install yawast` - all of the dependencies are already installed. *Note:* The version of OpenSSL used with Kali doesn't support 3DES cipher suites, so some tests, such as SWEET32 do not work. If you need these tests to work, using the Docker image is the recommended solution.
|
38
|
+
|
39
|
+
#### Ubuntu 16.04
|
30
40
|
|
31
41
|
To install YAWAST, you first need to install a couple packages via `apt-get`:
|
32
42
|
|
@@ -35,7 +45,7 @@ sudo apt-get install ruby ruby-dev
|
|
35
45
|
sudo gem install yawast
|
36
46
|
```
|
37
47
|
|
38
|
-
|
48
|
+
#### Mac OSX
|
39
49
|
|
40
50
|
The version of Ruby shipped with Mac OSX 10.11 is too old, so the recommended solution is to use RVM:
|
41
51
|
|
@@ -43,14 +53,14 @@ The version of Ruby shipped with Mac OSX 10.11 is too old, so the recommended so
|
|
43
53
|
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
|
44
54
|
\curl -sSL https://get.rvm.io | bash -s stable
|
45
55
|
source ~/.rvm/scripts/rvm
|
46
|
-
rvm install 2.
|
47
|
-
rvm use 2.
|
56
|
+
rvm install 2.4
|
57
|
+
rvm use 2.4 --default
|
48
58
|
gem install yawast
|
49
59
|
```
|
50
60
|
|
51
|
-
|
61
|
+
#### Windows
|
52
62
|
|
53
|
-
To install on Windows, you need to first install Ruby
|
63
|
+
To install on Windows, you need to first install Ruby. This can be done easily with the latest version of [RubyInstaller](https://rubyinstaller.org/downloads/). Once Ruby is installed, YAWAST can be installed via `gem install yawast` as normal.
|
54
64
|
|
55
65
|
### Tests
|
56
66
|
|
@@ -87,6 +97,7 @@ The following tests are performed:
|
|
87
97
|
* *(Apache Tomcat)* Tomcat Manager Weak Password
|
88
98
|
* *(Apache Tomcat)* Tomcat Host Manager Weak Password
|
89
99
|
* *(Apache Tomcat)* Tomcat version detection via invalid HTTP verb
|
100
|
+
* *(Apache Tomcat)* Tomcat PUT RCE (CVE-2017-12617)
|
90
101
|
* *(IIS)* Info Disclosure: Server version
|
91
102
|
* *(ASP.NET)* Info Disclosure: ASP.NET version
|
92
103
|
* *(ASP.NET)* Info Disclosure: ASP.NET MVC version
|
@@ -105,7 +116,8 @@ SSL Information:
|
|
105
116
|
* Certificate details
|
106
117
|
* Certificate chain
|
107
118
|
* Supported ciphers
|
108
|
-
* Maximum requests in a single connection
|
119
|
+
* Maximum requests using 3DES in a single connection
|
120
|
+
* DNS CAA records
|
109
121
|
|
110
122
|
Checks for the following SSL issues are performed:
|
111
123
|
|
@@ -121,12 +133,12 @@ In addition to these tests, certain basic information is also displayed, such as
|
|
121
133
|
|
122
134
|
### Usage
|
123
135
|
|
124
|
-
* Standard scan:
|
125
|
-
* HEAD-only scan:
|
126
|
-
* SSL information:
|
127
|
-
* CMS detection:
|
136
|
+
* Standard scan: `yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--files] [--srv] [--subdomains] [--proxy localhost:8080] [--cookie SESSIONID=12345] [--nodns]`
|
137
|
+
* HEAD-only scan: `yawast head <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
|
138
|
+
* SSL information: `yawast ssl <url> [--internalssl] [--tdessessioncount] [--nociphers]`
|
139
|
+
* CMS detection: `yawast cms <url> [--proxy localhost:8080] [--cookie SESSIONID=12345]`
|
128
140
|
|
129
|
-
For detailed information, just call
|
141
|
+
For detailed information, just call `yawast -h` to see the help page. To see information for a specific command, call `yawast -h <command>` for full details. Here is an example, the details for the options to the `scan` command:
|
130
142
|
|
131
143
|
```
|
132
144
|
OPTIONS:
|
@@ -166,9 +178,12 @@ For detailed information, just call `./yawast -h` to see the help page. To see i
|
|
166
178
|
|
167
179
|
--cookie STRING
|
168
180
|
Session cookie
|
181
|
+
|
182
|
+
--nodns
|
183
|
+
Disable DNS checks
|
169
184
|
```
|
170
185
|
|
171
|
-
### Using with Burp Suite
|
186
|
+
### Using with Zap / Burp Suite
|
172
187
|
|
173
188
|
By default, Burp Suite's proxy listens on localhost at port 8080, to use YAWAST with Burp Suite (or any proxy for that matter), just add this to the command line:
|
174
189
|
|
@@ -193,64 +208,67 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
|
|
193
208
|
| || | | \ /\ / | | |/\__/ / | |
|
194
209
|
\_/\_| |_/\/ \/\_| |_/\____/ \_/
|
195
210
|
|
196
|
-
YAWAST v0.
|
211
|
+
YAWAST v0.6.0.beta3 - The YAWAST Antecedent Web Application Security Toolkit
|
197
212
|
Copyright (c) 2013-2017 Adam Caudill <adam@adamcaudill.com>
|
198
213
|
Support & Documentation: https://github.com/adamcaudill/yawast
|
199
214
|
Ruby 2.2.4-p230; OpenSSL 1.0.2j 26 Sep 2016 (x86_64-darwin16)
|
215
|
+
Latest Version: YAWAST v0.5.2 is the officially supported version, please update.
|
200
216
|
|
201
217
|
Scanning: https://adamcaudill.com/
|
202
218
|
|
203
219
|
DNS Information:
|
204
220
|
[I] 104.28.27.55 (N/A)
|
205
221
|
[I] US - CLOUDFLARENET - CloudFlare, Inc.
|
206
|
-
[I] San Francisco, California, US
|
207
222
|
https://www.shodan.io/host/104.28.27.55
|
208
223
|
https://censys.io/ipv4/104.28.27.55
|
209
224
|
[I] 104.28.26.55 (N/A)
|
210
225
|
[I] US - CLOUDFLARENET - CloudFlare, Inc.
|
211
|
-
[I] San Francisco, California, US
|
212
226
|
https://www.shodan.io/host/104.28.26.55
|
213
227
|
https://censys.io/ipv4/104.28.26.55
|
214
|
-
[I] 2400:CB00:2048:1::681C:1B37 (N/A)
|
215
|
-
[I] US - CLOUDFLARENET - CloudFlare, Inc.
|
216
|
-
[I] US
|
217
|
-
https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
|
218
228
|
[I] 2400:CB00:2048:1::681C:1A37 (N/A)
|
219
229
|
[I] US - CLOUDFLARENET - CloudFlare, Inc.
|
220
|
-
[I] US
|
221
230
|
https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37
|
222
|
-
[I]
|
231
|
+
[I] 2400:CB00:2048:1::681C:1B37 (N/A)
|
232
|
+
[I] US - CLOUDFLARENET - CloudFlare, Inc.
|
233
|
+
https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
|
223
234
|
[I] TXT: v=spf1 mx a ptr include:_spf.google.com ~all
|
224
|
-
[I] TXT: brave-ledger-verification=
|
225
|
-
[I]
|
226
|
-
[I] MX:
|
227
|
-
[I] MX:
|
228
|
-
[I] MX:
|
229
|
-
[I] MX:
|
230
|
-
[I] MX:
|
231
|
-
[I] MX: aspmx.l.google.com (
|
235
|
+
[I] TXT: brave-ledger-verification=0262b8f382f60074e0131f65243fa7caba48b15eb664ec8d0d3e0b3a26a45b47
|
236
|
+
[I] TXT: google-site-verification=QTO_7Q7UXmrUIwieJliLTXV3XuQdqNvTPVcug_TwH0w
|
237
|
+
[I] MX: aspmx5.googlemail.com (30) - 64.233.165.27 (US - GOOGLE - Google Inc.)
|
238
|
+
[I] MX: aspmx4.googlemail.com (30) - 173.194.69.27 (US - GOOGLE - Google Inc.)
|
239
|
+
[I] MX: aspmx3.googlemail.com (30) - 74.125.140.26 (US - GOOGLE - Google Inc.)
|
240
|
+
[I] MX: alt2.aspmx.l.google.com (20) - 74.125.140.27 (US - GOOGLE - Google Inc.)
|
241
|
+
[I] MX: aspmx2.googlemail.com (30) - 209.85.202.27 (US - GOOGLE - Google Inc.)
|
242
|
+
[I] MX: alt1.aspmx.l.google.com (20) - 209.85.202.26 (US - GOOGLE - Google Inc.)
|
243
|
+
[I] MX: aspmx.l.google.com (10) - 74.125.31.27 (US - GOOGLE - Google Inc.)
|
232
244
|
[I] NS: hal.ns.cloudflare.com - 173.245.59.174 (US - CLOUDFLARENET - CloudFlare, Inc.)
|
233
245
|
[I] NS: vera.ns.cloudflare.com - 173.245.58.147 (US - CLOUDFLARENET - CloudFlare, Inc.)
|
234
246
|
[I] SRV: _bittorrent._tcp.adamcaudill.com: example.com:1 - 93.184.216.34 (US - EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business)
|
235
247
|
[I] A: www.adamcaudill.com: 104.28.27.55 (US - CLOUDFLARENET - CloudFlare, Inc.)
|
236
248
|
[I] A: www.adamcaudill.com: 104.28.26.55 (US - CLOUDFLARENET - CloudFlare, Inc.)
|
249
|
+
[I] CAA (adamcaudill.com): 0 iodef "mailto:adam@adamcaudill.com"
|
250
|
+
[I] CAA (adamcaudill.com): 0 issue "digicert.com"
|
251
|
+
[I] CAA (adamcaudill.com): 0 issue "comodoca.com"
|
252
|
+
[I] CAA (adamcaudill.com): 0 issue "globalsign.com"
|
253
|
+
[I] CAA (adamcaudill.com): 0 issue "letsencrypt.org"
|
254
|
+
[I] CAA (com): No Records Found
|
237
255
|
|
238
256
|
[I] HEAD:
|
239
|
-
[I] date:
|
257
|
+
[I] date: Wed, 11 Oct 2017 16:08:38 GMT
|
240
258
|
[I] content-type: text/html; charset=UTF-8
|
241
259
|
[I] connection: close
|
242
|
-
[I] set-cookie: __cfduid=
|
260
|
+
[I] set-cookie: __cfduid=0123456789abcdef; expires=Thu, 11-Oct-18 16:08:38 GMT; path=/; domain=.adamcaudill.com; HttpOnly
|
243
261
|
[I] vary: Accept-Encoding,Cookie
|
244
|
-
[I] last-modified:
|
262
|
+
[I] last-modified: Wed, 04 Oct 2017 18:55:34 GMT
|
245
263
|
[I] x-content-type-options: nosniff
|
246
264
|
[I] x-frame-options: sameorigin
|
247
265
|
[I] pragma: public
|
248
266
|
[I] cache-control: public, max-age=86400
|
249
267
|
[I] cf-cache-status: HIT
|
250
|
-
[I] expires:
|
268
|
+
[I] expires: Thu, 12 Oct 2017 16:08:38 GMT
|
251
269
|
[I] strict-transport-security: max-age=15552000; preload
|
252
270
|
[I] server: cloudflare-nginx
|
253
|
-
[I] cf-ray:
|
271
|
+
[I] cf-ray: 3ac31446ce295308-MIA
|
254
272
|
|
255
273
|
[I] NOTE: Server appears to be Cloudflare; WAF may be in place.
|
256
274
|
|
@@ -260,32 +278,32 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
|
|
260
278
|
[W] Public-Key-Pins Header Not Present
|
261
279
|
|
262
280
|
[I] Cookies:
|
263
|
-
[I] __cfduid=
|
281
|
+
[I] __cfduid=0123456789abcdef; expires=Thu, 11-Oct-18 16:08:38 GMT; path=/; domain=.adamcaudill.com; HttpOnly
|
264
282
|
[W] Cookie missing Secure flag
|
265
283
|
[W] Cookie missing SameSite flag
|
266
284
|
|
267
285
|
|
268
286
|
Beginning SSL Labs scan (this could take a minute or two)
|
269
287
|
[SSL Labs] This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html
|
270
|
-
|
288
|
+
.............................
|
271
289
|
|
272
290
|
SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
|
273
291
|
|
274
292
|
[I] IP: 104.28.27.55 - Grade: A+
|
275
293
|
|
276
294
|
Certificate Information:
|
277
|
-
[I] Subject: CN=sni67677.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated
|
295
|
+
[I] Subject: CN=sni67677.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
|
278
296
|
[I] Common Names: ["sni67677.cloudflaressl.com"]
|
279
297
|
[I] Alternative names:
|
280
298
|
[I] sni67677.cloudflaressl.com
|
281
299
|
[I] *.adamcaudill.com
|
282
300
|
[I] adamcaudill.com
|
283
|
-
[I] Not Before: 2017-
|
284
|
-
[I] Not After:
|
301
|
+
[I] Not Before: 2017-07-26T00:00:00+00:00
|
302
|
+
[I] Not After: 2018-02-01T23:59:59+00:00
|
285
303
|
[I] Key: EC 256 (RSA equivalent: 3072)
|
286
|
-
[I] Public Key Hash:
|
304
|
+
[I] Public Key Hash: c4c5ab4bd6d16a18d32437ae35f2b5d22fa0a59b
|
287
305
|
[I] Version: 2
|
288
|
-
[I] Serial:
|
306
|
+
[I] Serial: 77574794376740264441751965250081500687
|
289
307
|
[I] Issuer: COMODO ECC Domain Validation Secure Server CA 2
|
290
308
|
[I] Signature algorithm: SHA256withECDSA
|
291
309
|
[I] Extended Validation: No (Domain Control)
|
@@ -303,9 +321,9 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
|
|
303
321
|
[I] certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7, CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1,
|
304
322
|
[I] crlDistributionPoints = , Full Name:, URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl,
|
305
323
|
[I] authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com,
|
306
|
-
[I] Hash:
|
307
|
-
https://censys.io/certificates?q=
|
308
|
-
https://crt.sh/?q=
|
324
|
+
[I] Hash: 2cf22bbb21e5a3eaa042feadc8fbc86ff0d3b1e1
|
325
|
+
https://censys.io/certificates?q=2cf22bbb21e5a3eaa042feadc8fbc86ff0d3b1e1
|
326
|
+
https://crt.sh/?q=2cf22bbb21e5a3eaa042feadc8fbc86ff0d3b1e1
|
309
327
|
|
310
328
|
Configuration Information:
|
311
329
|
Protocol Support:
|
@@ -314,15 +332,17 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
|
|
314
332
|
[I] TLS 1.2
|
315
333
|
|
316
334
|
Cipher Suite Support:
|
335
|
+
[I] TLS_AES_128_GCM_SHA256 - 128-bits
|
317
336
|
[I] TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - 128-bits - ECDHE-256-bits
|
318
|
-
[I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - 128-bits - ECDHE-256-bits
|
319
337
|
[I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - 128-bits - ECDHE-256-bits
|
338
|
+
[I] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - 128-bits - ECDHE-256-bits
|
339
|
+
[I] TLS_AES_256_GCM_SHA384 - 256-bits
|
340
|
+
[I] TLS_CHACHA20_POLY1305_SHA256 - 256-bits
|
341
|
+
[I] OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
|
342
|
+
[I] TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
|
320
343
|
[I] TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - 256-bits - ECDHE-256-bits
|
321
|
-
[I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - 256-bits - ECDHE-256-bits
|
322
344
|
[I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - 256-bits - ECDHE-256-bits
|
323
|
-
[I]
|
324
|
-
[I] OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - 256-bits - ECDHE-256-bits
|
325
|
-
[W] TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - 112-bits - ECDHE-256-bits
|
345
|
+
[I] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - 256-bits - ECDHE-256-bits
|
326
346
|
|
327
347
|
Handshake Simulation:
|
328
348
|
[E] Android 2.3.7 - Simulation Failed
|
@@ -337,11 +357,11 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
|
|
337
357
|
[I] Baidu Jan 2015 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
338
358
|
[I] BingPreview Jan 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
339
359
|
[E] Chrome 49 / XP SP3 - Simulation Failed
|
340
|
-
[I] Chrome
|
360
|
+
[I] Chrome 57 / Win 7 - - TLS_AES_128_GCM_SHA256
|
341
361
|
[I] Firefox 31.3.0 ESR / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
342
362
|
[I] Firefox 47 / Win 7 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
343
363
|
[I] Firefox 49 / XP SP3 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
344
|
-
[I] Firefox
|
364
|
+
[I] Firefox 53 / Win 7 - - TLS_AES_128_GCM_SHA256
|
345
365
|
[I] Googlebot Feb 2015 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
346
366
|
[E] IE 6 / XP - Simulation Failed
|
347
367
|
[I] IE 7 / Vista - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
@@ -362,12 +382,12 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
|
|
362
382
|
[I] OpenSSL 1.0.1l - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
363
383
|
[I] OpenSSL 1.0.2e - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
364
384
|
[I] Safari 5.1.9 / OS X 10.6.8 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
365
|
-
[I] Safari 6 / iOS 6.0.1 - TLS 1.2 -
|
385
|
+
[I] Safari 6 / iOS 6.0.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
366
386
|
[I] Safari 6.0.4 / OS X 10.8.4 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
367
|
-
[I] Safari 7 / iOS 7.1 - TLS 1.2 -
|
368
|
-
[I] Safari 7 / OS X 10.9 - TLS 1.2 -
|
369
|
-
[I] Safari 8 / iOS 8.4 - TLS 1.2 -
|
370
|
-
[I] Safari 8 / OS X 10.10 - TLS 1.2 -
|
387
|
+
[I] Safari 7 / iOS 7.1 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
388
|
+
[I] Safari 7 / OS X 10.9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
389
|
+
[I] Safari 8 / iOS 8.4 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
390
|
+
[I] Safari 8 / OS X 10.10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
|
371
391
|
[I] Safari 9 / iOS 9 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
372
392
|
[I] Safari 9 / OS X 10.11 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
373
393
|
[I] Safari 10 / iOS 10 - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
@@ -393,11 +413,43 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
|
|
393
413
|
[I] DH public server param (Ys) reuse: No
|
394
414
|
[I] Protocol Intolerance: No
|
395
415
|
|
416
|
+
Confirming your OpenSSL supports 3DES cipher suites...
|
396
417
|
TLS Session Request Limit: Checking number of requests accepted using 3DES suites...
|
397
|
-
|
418
|
+
|
419
|
+
[I] TLS Session Request Limit: Server does not support 3DES cipher suites
|
398
420
|
|
399
421
|
[I] HSTS: Enabled (strict-transport-security: max-age=15552000; preload)
|
400
422
|
[I] HSTS Preload: Chrome - false; Firefox - false; Tor - false
|
423
|
+
SSL-Session:
|
424
|
+
Protocol : TLSv1.2
|
425
|
+
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
|
426
|
+
Session-ID: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
|
427
|
+
Session-ID-ctx:
|
428
|
+
Master-Key: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
|
429
|
+
Key-Arg : None
|
430
|
+
PSK identity: None
|
431
|
+
PSK identity hint: None
|
432
|
+
SRP username: None
|
433
|
+
TLS session ticket lifetime hint: 64800 (seconds)
|
434
|
+
TLS session ticket:
|
435
|
+
0000 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
436
|
+
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
437
|
+
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
438
|
+
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
439
|
+
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
440
|
+
0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
441
|
+
0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
442
|
+
0070 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
443
|
+
0080 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
444
|
+
0090 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
445
|
+
00a0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
446
|
+
00b0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
447
|
+
00c0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
|
448
|
+
|
449
|
+
Start Time: 1507738278
|
450
|
+
Timeout : 300 (sec)
|
451
|
+
Verify return code: 20 (unable to get local issuer certificate)
|
452
|
+
|
401
453
|
[W] '/readme.html' found: https://adamcaudill.com/readme.html
|
402
454
|
|
403
455
|
|
@@ -408,29 +460,32 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
|
|
408
460
|
[I] '/sitemap_index.xml' found: https://adamcaudill.com/sitemap_index.xml
|
409
461
|
[I] '/tools' found: https://adamcaudill.com/tools
|
410
462
|
[I] '/wp-config.php' found: https://adamcaudill.com/wp-config.php
|
411
|
-
[I] '/wp-cron.php' found: https://adamcaudill.com/wp-cron.php
|
412
463
|
[I] '/wp-links-opml.php' found: https://adamcaudill.com/wp-links-opml.php
|
464
|
+
[I] '/wp-cron.php' found: https://adamcaudill.com/wp-cron.php
|
413
465
|
[I] '/wp-load.php' found: https://adamcaudill.com/wp-load.php
|
414
466
|
[I] '/wp-login.php' found: https://adamcaudill.com/wp-login.php
|
415
467
|
[I] '/keybase.txt' found: https://adamcaudill.com/keybase.txt
|
416
468
|
|
469
|
+
[I] Allow HTTP Verbs (OPTIONS): OPTIONS,GET,HEAD,POST
|
470
|
+
|
417
471
|
Searching for common directories...
|
418
472
|
[I] Found: 'https://adamcaudill.com//'
|
419
473
|
[I] Found: 'https://adamcaudill.com/0000/'
|
420
|
-
[I] Found: 'https://adamcaudill.com/2004/'
|
421
474
|
[I] Found: 'https://adamcaudill.com/2003/'
|
475
|
+
[I] Found: 'https://adamcaudill.com/2008/'
|
422
476
|
[I] Found: 'https://adamcaudill.com/2005/'
|
477
|
+
[I] Found: 'https://adamcaudill.com/2004/'
|
423
478
|
[I] Found: 'https://adamcaudill.com/2006/'
|
479
|
+
[I] Found: 'https://adamcaudill.com/2009/'
|
424
480
|
[I] Found: 'https://adamcaudill.com/2007/'
|
425
|
-
[I] Found: 'https://adamcaudill.com/
|
481
|
+
[I] Found: 'https://adamcaudill.com/2015/'
|
426
482
|
[I] Found: 'https://adamcaudill.com/2011/'
|
427
|
-
[I] Found: 'https://adamcaudill.com/2009/'
|
428
|
-
[I] Found: 'https://adamcaudill.com/2010/'
|
429
483
|
[I] Found: 'https://adamcaudill.com/2012/'
|
484
|
+
[I] Found: 'https://adamcaudill.com/2010/'
|
430
485
|
[I] Found: 'https://adamcaudill.com/2013/'
|
431
|
-
[I] Found: 'https://adamcaudill.com/2015/'
|
432
486
|
[I] Found: 'https://adamcaudill.com/2014/'
|
433
487
|
[I] Found: 'https://adamcaudill.com/2016/'
|
488
|
+
[I] Found: 'https://adamcaudill.com/2017/'
|
434
489
|
[I] Found: 'https://adamcaudill.com/ABOUT/'
|
435
490
|
[I] Found: 'https://adamcaudill.com/ARCHIVES/'
|
436
491
|
[I] Found: 'https://adamcaudill.com/About/'
|
@@ -453,7 +508,7 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
|
|
453
508
|
[I] Found: 'https://adamcaudill.com/tools/'
|
454
509
|
[I] Found: 'https://adamcaudill.com/wp-content/'
|
455
510
|
|
456
|
-
[I] Meta Generator: WordPress 4.
|
511
|
+
[I] Meta Generator: WordPress 4.8.2
|
457
512
|
Scan complete.
|
458
513
|
```
|
459
514
|
|
data/bin/yawast
CHANGED
@@ -25,6 +25,7 @@ command :scan do |c|
|
|
25
25
|
c.option '--subdomains', 'Search for Common Subdomains'
|
26
26
|
c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
|
27
27
|
c.option '--cookie STRING', String, 'Session cookie'
|
28
|
+
c.option '--nodns', 'Disable DNS checks'
|
28
29
|
|
29
30
|
c.action do |args, options|
|
30
31
|
Yawast::Commands::Scan.process(args, options)
|
@@ -41,6 +42,7 @@ command :head do |c|
|
|
41
42
|
c.option '--tdessessioncount', 'Counts the number of messages that can be sent in a single session'
|
42
43
|
c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
|
43
44
|
c.option '--cookie STRING', String, 'Session cookie'
|
45
|
+
c.option '--nodns', 'Disable DNS checks'
|
44
46
|
|
45
47
|
c.action do |args, options|
|
46
48
|
Yawast::Commands::Head.process(args, options)
|
@@ -72,6 +74,15 @@ command :cms do |c|
|
|
72
74
|
end
|
73
75
|
end
|
74
76
|
|
77
|
+
command :dns do |c|
|
78
|
+
c.syntax = './yawast dns URL'
|
79
|
+
c.description = 'Gets information about the server DNS configuration'
|
80
|
+
|
81
|
+
c.action do |args, options|
|
82
|
+
Yawast::Commands::DNS.process(args, options)
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
75
86
|
command :cert do |c|
|
76
87
|
c.syntax = './yawast cert --input <file>'
|
77
88
|
c.description = 'Gets information about the certificates used'
|
data/lib/commands/dns.rb
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
module Yawast
|
2
|
+
module Commands
|
3
|
+
class DNS
|
4
|
+
def self.process(args, options)
|
5
|
+
uri = Yawast::Commands::Utils.extract_uri(args)
|
6
|
+
|
7
|
+
Yawast.header
|
8
|
+
|
9
|
+
puts "Scanning: #{@uri}"
|
10
|
+
puts
|
11
|
+
|
12
|
+
Yawast::Scanner::Plugins::DNS::Generic.dns_info uri, options
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
data/lib/scanner/core.rb
CHANGED
@@ -22,13 +22,18 @@ module Yawast
|
|
22
22
|
|
23
23
|
Yawast.set_openssl_options
|
24
24
|
|
25
|
-
|
25
|
+
unless options.nodns
|
26
|
+
Yawast::Scanner::Plugins::DNS::Generic.dns_info @uri, options
|
27
|
+
end
|
26
28
|
end
|
27
29
|
|
28
30
|
@setup = true
|
29
31
|
end
|
30
32
|
|
31
33
|
def self.process(uri, options)
|
34
|
+
# get the start time, so we can display elapsed time
|
35
|
+
start_time = Time.now
|
36
|
+
|
32
37
|
setup(uri, options)
|
33
38
|
|
34
39
|
begin
|
@@ -44,12 +49,16 @@ module Yawast
|
|
44
49
|
|
45
50
|
#process the 'scan' stuff that goes beyond 'head'
|
46
51
|
unless options.head
|
47
|
-
#
|
48
|
-
Yawast::Scanner::
|
49
|
-
|
52
|
+
# connection details for SSL
|
53
|
+
Yawast::Scanner::Generic.ssl_connection_info @uri
|
54
|
+
|
55
|
+
# server specific checks
|
56
|
+
Yawast::Scanner::Plugins::Servers::Apache.check_all(@uri)
|
57
|
+
Yawast::Scanner::Plugins::Servers::Iis.check_all(@uri, head)
|
50
58
|
|
51
59
|
Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri, options.files
|
52
60
|
|
61
|
+
# generic header checks
|
53
62
|
Yawast::Scanner::Generic.check_propfind(@uri)
|
54
63
|
Yawast::Scanner::Generic.check_options(@uri)
|
55
64
|
Yawast::Scanner::Generic.check_trace(@uri)
|
@@ -62,7 +71,11 @@ module Yawast
|
|
62
71
|
get_cms(@uri, options)
|
63
72
|
end
|
64
73
|
|
65
|
-
|
74
|
+
# get the total time to complete the scan. this works as long as the scan take
|
75
|
+
# less than 24 hours. if a scan is that long, we have bigger problems
|
76
|
+
elapsed_time = Time.at(Time.now - start_time).utc.strftime('%H:%M:%S')
|
77
|
+
|
78
|
+
puts "Scan complete (#{elapsed_time} seconds)."
|
66
79
|
rescue => e
|
67
80
|
Yawast::Utilities.puts_error "Fatal Error: Can not continue. (#{e.class}: #{e.message})"
|
68
81
|
end
|
data/lib/scanner/generic.rb
CHANGED
@@ -46,10 +46,11 @@ module Yawast
|
|
46
46
|
puts ''
|
47
47
|
|
48
48
|
if server != ''
|
49
|
-
Yawast::Scanner::Apache.check_banner(server)
|
49
|
+
Yawast::Scanner::Plugins::Servers::Apache.check_banner(server)
|
50
50
|
Yawast::Scanner::Php.check_banner(server)
|
51
|
-
Yawast::Scanner::Iis.check_banner(server)
|
52
|
-
Yawast::Scanner::Nginx.check_banner(server)
|
51
|
+
Yawast::Scanner::Plugins::Servers::Iis.check_banner(server)
|
52
|
+
Yawast::Scanner::Plugins::Servers::Nginx.check_banner(server)
|
53
|
+
Yawast::Scanner::Plugins::Servers::Python.check_banner(server)
|
53
54
|
|
54
55
|
if server == 'cloudflare-nginx'
|
55
56
|
Yawast::Utilities.puts_info 'NOTE: Server appears to be Cloudflare; WAF may be in place.'
|
@@ -163,6 +164,11 @@ module Yawast
|
|
163
164
|
if res['Public'] != nil
|
164
165
|
Yawast::Utilities.puts_info "Public HTTP Verbs (OPTIONS): #{res['Public']}"
|
165
166
|
|
167
|
+
puts ''
|
168
|
+
end
|
169
|
+
if res['Allow'] != nil
|
170
|
+
Yawast::Utilities.puts_info "Allow HTTP Verbs (OPTIONS): #{res['Allow']}"
|
171
|
+
|
166
172
|
puts ''
|
167
173
|
end
|
168
174
|
end
|
@@ -199,6 +205,31 @@ module Yawast
|
|
199
205
|
end
|
200
206
|
end
|
201
207
|
end
|
208
|
+
|
209
|
+
def self.ssl_connection_info(uri)
|
210
|
+
begin
|
211
|
+
# we only care if this is https
|
212
|
+
if uri.scheme == 'https'
|
213
|
+
# setup the connection
|
214
|
+
socket = TCPSocket.new(uri.host, uri.port)
|
215
|
+
|
216
|
+
ctx = OpenSSL::SSL::SSLContext.new
|
217
|
+
ctx.ciphers = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers]
|
218
|
+
|
219
|
+
ssl = OpenSSL::SSL::SSLSocket.new(socket, ctx)
|
220
|
+
ssl.hostname = uri.host
|
221
|
+
ssl.connect
|
222
|
+
|
223
|
+
# this provides a bunch of useful info, that's already formatted
|
224
|
+
# instead of building this manually, we'll let OpenSSL do the work
|
225
|
+
puts ssl.session.to_text
|
226
|
+
|
227
|
+
puts
|
228
|
+
end
|
229
|
+
rescue => e
|
230
|
+
Yawast::Utilities.puts_error "SSL Information: Error Getting Details: #{e.message}"
|
231
|
+
end
|
232
|
+
end
|
202
233
|
end
|
203
234
|
|
204
235
|
#Custom class to allow using the PROPFIND verb
|