yawast 0.6.0.beta4 → 0.6.0.beta5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +3 -2
- data/CHANGELOG.md +1 -0
- data/README.md +2 -1
- data/lib/resources/common_file.txt +214 -29
- data/lib/scanner/core.rb +3 -3
- data/lib/scanner/plugins/dns/generic.rb +48 -40
- data/lib/scanner/plugins/servers/apache.rb +22 -0
- data/lib/scanner/plugins/ssl/ssl.rb +55 -0
- data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +38 -3
- data/lib/scanner/plugins/ssl/sweet32.rb +7 -13
- data/lib/scanner/ssl.rb +5 -41
- data/lib/scanner/ssl_labs.rb +93 -37
- data/lib/shared/http.rb +16 -0
- data/lib/version.rb +1 -1
- data/lib/yawast.rb +2 -2
- data/test/data/hsts_disabled_server_header.txt +16 -0
- data/test/data/hsts_server_header.txt +17 -0
- data/test/data/ssl_labs_analyze_data_file_zetlab_com.json +3851 -0
- data/test/data/ssl_labs_analyze_data_parivahan_gov_in.json +1440 -0
- data/test/test_scan_apache.rb +50 -0
- data/test/test_scan_dns.rb +23 -0
- data/test/test_ssl.rb +43 -0
- data/test/test_ssl_labs_analyze.rb +29 -0
- data/test/test_ssl_sweet32.rb +29 -0
- data/test/test_yawast.rb +2 -1
- metadata +19 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 92439c2e610dc00a65cde05a4bed122f100d81fc
|
|
4
|
+
data.tar.gz: 62a8283127dcd7d69b159beccf215af178156168
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 89af74f2d41086e71b410a9daed6c2f3fb219e0629f20fa362503c25f5080184fb91620aeaedfa099ad894b500a05d77023ec456a7a323e4640c92a7484ead09
|
|
7
|
+
data.tar.gz: 07f65aa6e69696ee154d88cb6e36c3cf0492e9168b62405b61328186d549a3a8561cd5146f1c85b07f46dd1a7f21d123cf8529327c6a2f325b2bc062d4f0969c
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -10,6 +10,7 @@
|
|
|
10
10
|
* [#118](https://github.com/adamcaudill/yawast/issues/118) - Add check for CVE-2017-12617 - Apache Tomcat PUT RCE
|
|
11
11
|
* [#120](https://github.com/adamcaudill/yawast/issues/120) - Add Docker support
|
|
12
12
|
* [#122](https://github.com/adamcaudill/yawast/issues/122) - SSL Labs API v3
|
|
13
|
+
* [#125](https://github.com/adamcaudill/yawast/issues/125) - Add new search paths for Struts Sample Files
|
|
13
14
|
|
|
14
15
|
## 0.5.2 - 2017-07-13
|
|
15
16
|
|
data/README.md
CHANGED
|
@@ -50,7 +50,7 @@ The following tests are performed:
|
|
|
50
50
|
* *(Generic)* Presence of RELEASE-NOTES.txt
|
|
51
51
|
* *(Generic)* Presence of readme.html
|
|
52
52
|
* *(Generic)* Missing cookie flags (Secure, HttpOnly, and SameSite)
|
|
53
|
-
* *(Generic)* Search for files (14,
|
|
53
|
+
* *(Generic)* Search for files (14,169) & common directories (21,332)
|
|
54
54
|
* *(Apache)* Info Disclosure: Module listing enabled
|
|
55
55
|
* *(Apache)* Info Disclosure: Server version
|
|
56
56
|
* *(Apache)* Info Disclosure: OpenSSL module version
|
|
@@ -62,6 +62,7 @@ The following tests are performed:
|
|
|
62
62
|
* *(Apache Tomcat)* Tomcat Host Manager Weak Password
|
|
63
63
|
* *(Apache Tomcat)* Tomcat version detection via invalid HTTP verb
|
|
64
64
|
* *(Apache Tomcat)* Tomcat PUT RCE (CVE-2017-12617)
|
|
65
|
+
* *(Apache Struts)* Sample files which may be vulnerable
|
|
65
66
|
* *(IIS)* Info Disclosure: Server version
|
|
66
67
|
* *(ASP.NET)* Info Disclosure: ASP.NET version
|
|
67
68
|
* *(ASP.NET)* Info Disclosure: ASP.NET MVC version
|