yawast 0.6.0.beta4 → 0.6.0.beta5

data/lib/resources/common_file.txt

@@ -407,6 +407,10 @@
 .ssh.asp
 .ssh.php
 .ssh/authorized_keys
+.ssh/github_rsa
+.ssh/id_dsa
+.ssh/id_ecdsa
+.ssh/id_ed25519
 .ssh/id_rsa
 .ssh/id_rsa.key
 .ssh/id_rsa.key~
@@ -469,6 +473,35 @@
 .vimrc
 .wav
 .web
+.well-known/acme-challenge
+.well-known/apple-app-site-association
+.well-known/ashrae
+.well-known/assetlinks.json
+.well-known/caldav
+.well-known/carddav
+.well-known/core
+.well-known/csvm
+.well-known/dnt
+.well-known/dnt-policy.txt
+.well-known/est
+.well-known/genid
+.well-known/hoba
+.well-known/host-meta
+.well-known/host-meta.json
+.well-known/keybase.txt
+.well-known/mud
+.well-known/ni
+.well-known/openid-configuration
+.well-known/openorg
+.well-known/pki-validation
+.well-known/posh
+.well-known/reload-config
+.well-known/repute-template
+.well-known/stun-key
+.well-known/time
+.well-known/timezone
+.well-known/void
+.well-known/webfinger
 .wm
 .wma
 .wmv
@@ -825,6 +858,7 @@
 2c_notify.asp
 2c_payment.asp
 2c_return.asp
+2phpmyadmin/
 3.0
 3.50
 3.htm
@@ -1184,6 +1218,7 @@ AGB.html
 AGB.pdf
 ASHICodeofEthics.x
 ASpy.asp
+Abbrevsprl.php
 About-Us.html
 About.asp
 About.aspx
@@ -1817,6 +1852,7 @@ MoldInspector.x
 MyAccount.asp
 MyAccount.aspx
 MyAdmin/
+MyAdmin/scripts/setup.php
 MyCart.aspx
 MyFavorites.aspx
 MyHome.aspx
@@ -1824,6 +1860,7 @@ MyOrders.aspx
 MyPage.aspx
 MyProfile.aspx
 MyReports.aspx
+MySQLDumper
 N.html
 NACHICodeofEthics.x
 NACHIMembership.x
@@ -1886,6 +1923,16 @@ PEAR.php
 PI.pdf
 PMA/
 PMA2005/
+PMA2011/
+PMA2012/
+PMA2013/
+PMA2014/
+PMA2015/
+PMA2016/
+PMA2017/
+PMA2018/
+PMA2019/
+PMA2020/
 Page-2.html
 Page-4.html
 Page-5.html
@@ -2057,6 +2104,7 @@ ReviewsList.asp
 Robots.txt
 RoofingIssues.x
 RootCA.crt
+RoseLeif.php
 Rss.aspx
 RssFeedHandler.c
 S.html
@@ -2102,6 +2150,7 @@ Service.bok
 Service.html
 Services.aspx
 Services.html
+SessionController.php
 SetLanguage.aspx
 Settings.aspx
 Settings.php
@@ -2765,6 +2814,7 @@ admin/lib/spaw2/dialogs/dialog.php
 admin/log
 admin/logs/
 admin/logs/login.txt
+admin/pMA/
 admin/phpMyAdmin/
 admin/phpmyadmin/
 admin/phpmyadmin/scripts/setup.php
@@ -2773,11 +2823,14 @@ admin/pma/scripts/setup.php
 admin/pol_log.txt
 admin/private/logs
 admin/scripts/setup.php
+admin/sqladmin/
 admin/sxd/
+admin/sysadmin/
 admin/test/
 admin/upload.php
 admin/uploadarticles/uploadTester.asp
 admin/user_count.txt
+admin/web/
 admin0
 admin1
 admin1.php
@@ -2894,8 +2947,20 @@ administrative/login_history
 administrator.php
 administrator/
 administrator/.htaccess
+administrator/PMA/
+administrator/admin/
+administrator/administrator.php
 administrator/components/com_joommyadmin/phpmyadmin/
+administrator/db/
+administrator/dbconfig.php
+administrator/includes/readmy.php
+administrator/index.php
 administrator/logs
+administrator/phpMyAdmin/
+administrator/phpmyadmin/
+administrator/pma/
+administrator/web/
+administrator/webconfig.txt.php
 administrators.pwd
 adminka.php
 adminlogin.aspx
@@ -3052,6 +3117,7 @@ ajout.php
 ajoutcat.php
 ajoutsite.php
 al.php
+al277.php
 alawar.html
 albmgr.php
 album.htm
@@ -3368,6 +3434,7 @@ auth_user_file.txt
 authconfig.php
 authenticate.cfm
 authenticate.php
+authenticating.php
 authentication.php
 authnetpost.aspx
 author.asp
@@ -3703,6 +3770,7 @@ blog.htm
 blog.html
 blog.old
 blog.php
+blog/administrator/index.php
 blog/error_log
 blog/phpmyadmin/
 blog/wp-content/backup-db/
@@ -3906,7 +3974,13 @@ cache.aspx
 cache.old
 cache.php
 cache/
+cache/cache_aqbmkwwx.php
+cache/cachee.php
+cache/defau1t.php
+cache/list.php
+cache/news.php
 cache/sql_error_latest.cgi
+cache/support.php
 cadastro.php
 caddie.php
 cai.asp
@@ -4288,6 +4362,7 @@ clear_cache.cfm
 clearcache.aspx
 clearcache.php
 clearcookies.aspx
+cli/40dd1d.php
 clic.asp
 clic.php
 click-n-vote.aspx
@@ -4584,6 +4659,7 @@ config2.php
 config_db.php
 config_feed.php
 config_site.php
+configbak.php
 configs/conf_bdd.ini
 configs/conf_zepass.ini
 configuracion.php
@@ -4598,6 +4674,7 @@ configuration.php.templ
 configuration.php.txt
 configuration.php~
 configuration/
+configurationbak.php
 configure.php
 confirm.asp
 confirm.aspx
@@ -5109,8 +5186,20 @@ db.tar.gzip
 db.tgz
 db.zip
 db/
+db/db-admin/
+db/dbadmin/
+db/dbweb/
 db/main.mdb
+db/myadmin/
+db/phpMyAdmin-3/
+db/phpMyAdmin/
+db/phpMyAdmin3/
+db/phpmyadmin/
+db/phpmyadmin3/
 db/seeds.rb
+db/webadmin/
+db/webdb/
+db/websql/
 db1.mdb
 db1.sqlite
 db2
@@ -5538,6 +5627,7 @@ drucken.html
 drucken.php
 druckversion.php
 drukuj.html
+dswat.org/wsdl.php
 dt.php
 dummy
 dummy.htm
@@ -5680,6 +5770,7 @@ ehosting.php
 ehthumbs.db
 eintragen.php
 element.php
+elements.php
 elenco_img.asp
 elfinder/elfinder.php
 elim/blist.xml
@@ -5854,6 +5945,7 @@ error-404.php
 error-404.tpl.php
 error-500.tpl.php
 error-log
+error-log.php
 error-log.txt
 error-notfound.aspx
 error-send.html
@@ -6379,6 +6471,7 @@ forum.tar
 forum.tar.gz
 forum.zip
 forum/install/install.php
+forum/install/upgrade.php
 forum/phpmyadmin/
 forum1.php
 forum2.php
@@ -6639,6 +6732,7 @@ giftwrap.cfm
 giris.php
 git-service
 git.php
+github_rsa
 gitlog
 glance.php
 glance_config.php
@@ -6700,6 +6794,8 @@ golf.php
 golos.php
 goods.php
 goods_script.php
+goog1es.php
+google-assist.php
 google.asp
 google.htm
 google.html
@@ -7034,6 +7130,8 @@ id.html
 id.php
 id_dsa
 id_dsa.ppk
+id_ecdsa
+id_ed25519
 id_rsa
 idaho.html
 idealnotify.aspx
@@ -7098,8 +7196,18 @@ images.inc.php
 images.old
 images.php
 images.xml
+images/1ndex.php
+images/404.php
 images/Sym.php
+images/al277.php
 images/c99.php
+images/defau1t.php
+images/google-assist.php
+images/head.php
+images/laj.php
+images/robots.txt.php
+images/stories/0day.php
+images/xxx.php
 imagesrc.aspx
 imageview.aspx
 imagezoom.php
@@ -7148,6 +7256,7 @@ include.php
 include/fckeditor/
 include/spaw2/dialogs/dialog.php
 include_files.php
+includes.php
 includes/adovbs.inc
 includes/configure.php~
 includes/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
@@ -7167,6 +7276,7 @@ includes/swfupload/swfupload.swf
 includes/swfupload/swfupload_f9.swf
 includes/tiny_mce/
 includes/tinymce/
+includes/u2p.php
 index-1.htm
 index-1.html
 index-1.php
@@ -7474,6 +7584,7 @@ install.sql
 install.txt
 install/
 install/update.log
+install/upgrade.php
 install1/
 install2/
 install_
@@ -7603,8 +7714,10 @@ javascript.php
 javascripts.asp
 javax.faces.resource.../WEB-INF/web.xml.jsf
 jcap.js
+jconfig.php
 jcss.php
 jdbc
+jenkins/script
 jira/
 jmx-console
 jmx-console/
@@ -7639,6 +7752,7 @@ jokes.html
 joomla.rar
 joomla.xml
 joomla.zip
+joomla/administrator/index.php
 journal.php
 jp.php
 jquery-1.3.2.min.js
@@ -7698,6 +7812,7 @@ keen.php
 keepalive.php
 key.htm
 key.php
+keybase.txt
 keyword.asp
 keyword.aspx
 keyword.php
@@ -8081,6 +8196,7 @@ loggedin.php
 loggedout.php
 logger.php
 logging.php
+login
 login.
 login.action
 login.asp
@@ -8338,6 +8454,7 @@ mailfriend.asp
 mailing.php
 mailinglist.asp
 mailinglist.php
+maill.php
 maillist.php
 maillist_proc.php
 mailmessages.php
@@ -8479,7 +8596,11 @@ media.asp
 media.htm
 media.html
 media.php
+media/1ndex.php
+media/404.php
 media/export-criteo.xml
+media/reads.php
+media/tmp.php
 media_content.php
 media_get.php
 mediainfo.html
@@ -8725,6 +8846,9 @@ mpay24_error.php
 mpay24_success.php
 mpu.html
 mrtg.cfg
+msd
+msd1.24.4
+msd1.24stable
 msg.
 msg.asp
 msg.php
@@ -8760,6 +8884,7 @@ myAccount.aspx
 myAccount.php
 myFavorites.php
 myInfo.cfm
+mySqlDumper
 my_account.asp
 my_account.html
 my_account.php
@@ -8825,6 +8950,7 @@ myprofile.asp
 myprofile.php
 myship.php
 myshop.php
+mysql
 mysql-admin/
 mysql.7z
 mysql.bz2
@@ -8853,13 +8979,22 @@ mysql.tar.gzip
 mysql.tgz
 mysql.zip
 mysql/
+mysql/admin/
 mysql/adminer.php
+mysql/db/
+mysql/dbadmin/
+mysql/mysqlmanager/
+mysql/pMA/
+mysql/pma/
 mysql/scripts/setup.php
+mysql/sqlmanager/
+mysql/web/
 mysql_backups/
 mysql_debug.sql
 mysqladmin/
 mysqladmin/scripts/setup.php
 mysqlcron.php
+mysqldumper
 mysqldumper/
 mysqlitedb.db
 mysqlmanager/
@@ -9767,6 +9902,7 @@ phpMyAdmin-3.1.2.0-all-languages/
 phpMyAdmin-3.1.2.0-english/
 phpMyAdmin-3.1.2.0/
 phpMyAdmin-3.4.3.1/
+phpMyAdmin-3/
 phpMyAdmin-4.0.10.10-all-languages/
 phpMyAdmin-4.0.10.10-english/
 phpMyAdmin-4.3.13.3-all-languages/
@@ -9776,6 +9912,7 @@ phpMyAdmin-4.4.14.1-english/
 phpMyAdmin-4.5.0-rc1-all-languages/
 phpMyAdmin-4.5.0-rc1-english/
 phpMyAdmin/
+phpMyAdmin/scripts.setup.php
 phpMyAdmin/scripts/setup.php
 phpMyAdmin0/
 phpMyAdmin1/
@@ -9783,6 +9920,7 @@ phpMyAdmin2/
 phpMyAdmin3/
 phpMyAdmin4/
 phpMyAdminBackup/
+phpMyadmin/
 phpPgAdmin/
 phpRedisAdmin/
 phpThumb.php
@@ -9813,6 +9951,7 @@ phpmem/
 phpmemcachedadmin/
 phpmy-admin/
 phpmy/
+phpmyAdmin/
 phpmyad/
 phpmyadmin.backup/
 phpmyadmin/
@@ -9820,9 +9959,20 @@ phpmyadmin/scripts/setup.php
 phpmyadmin0/
 phpmyadmin1/
 phpmyadmin2/
+phpmyadmin2011/
+phpmyadmin2012/
+phpmyadmin2013/
+phpmyadmin2014/
+phpmyadmin2015/
+phpmyadmin2017/
+phpmyadmin2018/
+phpmyadmin2019/
+phpmyadmin2020/
 phpmyadmin3/
+phpmyadmin4/
 phpmyvisites.php
 phppgadmin/
+phppma/
 phpredmin/
 phprint.php
 phpsecinfo/
@@ -9932,6 +10082,16 @@ pma/
 pma/index.php
 pma/scripts/setup.php
 pma2005/
+pma2011/
+pma2012/
+pma2013/
+pma2014/
+pma2015/
+pma2016/
+pma2017/
+pma2018/
+pma2019/
+pma2020/
 pma4/
 pmadmin/
 pmlite.php
@@ -10443,6 +10603,7 @@ profiles.php
 profilo.asp
 proftpdpasswd
 program.php
+program/
 programs.html
 progress.html
 progress.php
@@ -10569,6 +10730,7 @@ r.cgi
 r.html
 r.php
 r00t.php
+r3x.php
 r57.php
 r57eng.php
 r57shell.php
@@ -11076,12 +11238,18 @@ robot.txt
 robots-old.txt
 robots.php
 robots.txt
+robots.txt.php
 robox.php
 rodape.php
 rollover.js
 roof.html
 rooms.php
 root.php
+root/.ssh/github_rsa
+root/.ssh/id_dsa
+root/.ssh/id_ecdsa
+root/.ssh/id_ed25519
+root/.ssh/id_rsa
 ror.xml
 rorentity.aspx
 rorindex.aspx
@@ -11260,6 +11428,7 @@ screen.css
 screen.php
 screenshot.php
 screenshots.php
+script
 script.js
 script.php
 scriptaculous.js
@@ -11664,6 +11833,7 @@ shipquote.asp
 shipworks.php
 shipworks2.php
 shipworksblp.php
+shootme.php
 shop-checkout.html
 shop.asp
 shop.aspx
@@ -11691,6 +11861,7 @@ shopcurrency.asp
 shopcustadmin.asp
 shopcustcontact.asp
 shopcustomer.asp
+shopdb/
 shopemptycart.asp
 shoperror.asp
 shopex.php
@@ -11898,6 +12069,7 @@ site.sql.zip
 site.tar.gz
 site.txt
 site/common.xml
+site/tmp/cTivrC.php
 site_admin
 site_down.html
 site_hist.php
@@ -12096,6 +12268,7 @@ spread.php
 spwd.db
 spy.aspx
 spy.php
+sql
 sql.7z
 sql.aspx
 sql.bz2
@@ -12126,10 +12299,26 @@ sql.zip
 sql/
 sql/db.sql
 sql/index.php
+sql/myadmin/
+sql/php-myadmin/
+sql/phpMyAdmin/
+sql/phpMyAdmin2/
+sql/phpmanager/
+sql/phpmy-admin/
+sql/phpmyadmin2/
+sql/sql-admin/
+sql/sql/
+sql/sqladmin/
+sql/sqlweb/
+sql/webadmin/
+sql/webdb/
+sql/websql/
+sql_dump.php
 sql_dumps
 sql_error.log
 sqladm
 sqladmin
+sqlbak.php
 sqlbuddy
 sqlbuddy/login.php
 sqlmanager/
@@ -12798,6 +12987,7 @@ tld.txt
 tm.asp
 tm.php
 tmp
+tmp.php
 tmp/
 tmp/2.php
 tmp/Cgishell.pl
@@ -13587,6 +13777,7 @@ webcam.php
 webcast.asp
 webcast.php
 webceo.js
+webconfig.txt.php
 webdav
 webdav/
 webdav/index.html
@@ -13737,6 +13928,7 @@ wp-atom.php
 wp-blog-header.php
 wp-cache-config.php
 wp-cache-phase1.php
+wp-cache.php
 wp-command.php
 wp-comments.php
 wp-commentsrss2.php
@@ -13747,6 +13939,7 @@ wp-config.old
 wp-config.orig
 wp-config.original
 wp-config.php
+wp-config.php-
 wp-config.php.bak
 wp-config.php.dist
 wp-config.php.inc
@@ -13765,25 +13958,44 @@ wp-config.php~
 wp-config.save
 wp-config.swp
 wp-config.txt
+wp-config_bak.php
 wp-content/backup-db/
 wp-content/backups/
 wp-content/debug.log
+wp-content/plugins/Analyser.php
+wp-content/plugins/Fbrrchive.php
+wp-content/plugins/SocketIasrgasfontrol.php
+wp-content/plugins/SocketIontrol.php
 wp-content/plugins/akismet/admin.php
 wp-content/plugins/akismet/akismet.php
 wp-content/plugins/count-per-day/js/yc/d00.php
 wp-content/plugins/disqus-comment-system/disqus.php
 wp-content/plugins/google-sitemap-generator/sitemap-core.php
+wp-content/plugins/myshe.php
+wp-content/plugins/sql_dump.php
+wp-content/plugins/wp-cache.php
+wp-content/plugins/wp-footers.php
+wp-content/plugins/wpfootes.php
+wp-content/uploader.php
 wp-content/uploads/
+wp-content/uploads/Fbrrchive.php
 wp-cron.php
+wp-cros.php
+wp-data.php
 wp-db-backup.php
 wp-email.php
 wp-fbuser.php
 wp-feed.php
 wp-forum.phps
+wp-includes/js/tinymce/plugins/wpview/diff.php
+wp-json
+wp-json/wp/v2/posts
+wp-json/wp/v2/users
 wp-links-opml.php
 wp-load.php
 wp-login.php
 wp-mail.php
+wp-main.php
 wp-mobile.php
 wp-pass.php
 wp-postviews.php
@@ -13824,6 +14036,7 @@ ws/api_test.php
 ws_ftp.ini
 ws_ftp.log
 wsaffil.cgi
+wsdl.php
 wso.html
 wso.php
 wso2.5.1.php
@@ -13884,6 +14097,7 @@ xmlrpc-2.0
 xmlrpc.php
 xmlrpc_server.php
 xmlsitemap.php
+xmlsrpc.php
 xoport.php
 xp_publish.php
 xpathTest2.php
@@ -13980,32 +14194,3 @@ zz-error.php
 ~.vcf
 ~.wav
 ~install/
-keybase.txt
-.well-known/acme-challenge
-.well-known/ashrae
-.well-known/assetlinks.json
-.well-known/caldav
-.well-known/carddav
-.well-known/core
-.well-known/csvm
-.well-known/dnt
-.well-known/dnt-policy.txt
-.well-known/est
-.well-known/genid
-.well-known/hoba
-.well-known/host-meta
-.well-known/host-meta.json
-.well-known/keybase.txt
-.well-known/mud
-.well-known/ni
-.well-known/openid-configuration
-.well-known/openorg
-.well-known/pki-validation
-.well-known/posh
-.well-known/reload-config
-.well-known/repute-template
-.well-known/stun-key
-.well-known/time
-.well-known/timezone
-.well-known/void
-.well-known/webfinger

data/lib/scanner/core.rb

@@ -75,7 +75,7 @@ module Yawast
           # less than 24 hours. if a scan is that long, we have bigger problems
           elapsed_time = Time.at(Time.now - start_time).utc.strftime('%H:%M:%S')
 
-          puts "Scan complete (#{elapsed_time} seconds)."
+          puts "Scan complete (#{elapsed_time})."
         rescue => e
           Yawast::Utilities.puts_error "Fatal Error: Can not continue. (#{e.class}: #{e.message})"
         end
@@ -122,8 +122,8 @@ module Yawast
             Yawast::Scanner::SslLabs.info(@uri, options.tdessessioncount)
           end
 
-          Yawast::Scanner::Ssl.check_hsts(head)
-          Yawast::Scanner::Ssl.check_hsts_preload @uri
+          Yawast::Scanner::Plugins::SSL::SSL.check_hsts(head)
+          Yawast::Scanner::Plugins::SSL::SSL.check_hsts_preload @uri
         elsif @uri.scheme == 'http'
           puts 'Skipping TLS checks; URL is not HTTPS'
         end