yawast 0.6.0.beta4 → 0.6.0.beta5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +3 -2
- data/CHANGELOG.md +1 -0
- data/README.md +2 -1
- data/lib/resources/common_file.txt +214 -29
- data/lib/scanner/core.rb +3 -3
- data/lib/scanner/plugins/dns/generic.rb +48 -40
- data/lib/scanner/plugins/servers/apache.rb +22 -0
- data/lib/scanner/plugins/ssl/ssl.rb +55 -0
- data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +38 -3
- data/lib/scanner/plugins/ssl/sweet32.rb +7 -13
- data/lib/scanner/ssl.rb +5 -41
- data/lib/scanner/ssl_labs.rb +93 -37
- data/lib/shared/http.rb +16 -0
- data/lib/version.rb +1 -1
- data/lib/yawast.rb +2 -2
- data/test/data/hsts_disabled_server_header.txt +16 -0
- data/test/data/hsts_server_header.txt +17 -0
- data/test/data/ssl_labs_analyze_data_file_zetlab_com.json +3851 -0
- data/test/data/ssl_labs_analyze_data_parivahan_gov_in.json +1440 -0
- data/test/test_scan_apache.rb +50 -0
- data/test/test_scan_dns.rb +23 -0
- data/test/test_ssl.rb +43 -0
- data/test/test_ssl_labs_analyze.rb +29 -0
- data/test/test_ssl_sweet32.rb +29 -0
- data/test/test_yawast.rb +2 -1
- metadata +19 -2
@@ -407,6 +407,10 @@
|
|
407
407
|
.ssh.asp
|
408
408
|
.ssh.php
|
409
409
|
.ssh/authorized_keys
|
410
|
+
.ssh/github_rsa
|
411
|
+
.ssh/id_dsa
|
412
|
+
.ssh/id_ecdsa
|
413
|
+
.ssh/id_ed25519
|
410
414
|
.ssh/id_rsa
|
411
415
|
.ssh/id_rsa.key
|
412
416
|
.ssh/id_rsa.key~
|
@@ -469,6 +473,35 @@
|
|
469
473
|
.vimrc
|
470
474
|
.wav
|
471
475
|
.web
|
476
|
+
.well-known/acme-challenge
|
477
|
+
.well-known/apple-app-site-association
|
478
|
+
.well-known/ashrae
|
479
|
+
.well-known/assetlinks.json
|
480
|
+
.well-known/caldav
|
481
|
+
.well-known/carddav
|
482
|
+
.well-known/core
|
483
|
+
.well-known/csvm
|
484
|
+
.well-known/dnt
|
485
|
+
.well-known/dnt-policy.txt
|
486
|
+
.well-known/est
|
487
|
+
.well-known/genid
|
488
|
+
.well-known/hoba
|
489
|
+
.well-known/host-meta
|
490
|
+
.well-known/host-meta.json
|
491
|
+
.well-known/keybase.txt
|
492
|
+
.well-known/mud
|
493
|
+
.well-known/ni
|
494
|
+
.well-known/openid-configuration
|
495
|
+
.well-known/openorg
|
496
|
+
.well-known/pki-validation
|
497
|
+
.well-known/posh
|
498
|
+
.well-known/reload-config
|
499
|
+
.well-known/repute-template
|
500
|
+
.well-known/stun-key
|
501
|
+
.well-known/time
|
502
|
+
.well-known/timezone
|
503
|
+
.well-known/void
|
504
|
+
.well-known/webfinger
|
472
505
|
.wm
|
473
506
|
.wma
|
474
507
|
.wmv
|
@@ -825,6 +858,7 @@
|
|
825
858
|
2c_notify.asp
|
826
859
|
2c_payment.asp
|
827
860
|
2c_return.asp
|
861
|
+
2phpmyadmin/
|
828
862
|
3.0
|
829
863
|
3.50
|
830
864
|
3.htm
|
@@ -1184,6 +1218,7 @@ AGB.html
|
|
1184
1218
|
AGB.pdf
|
1185
1219
|
ASHICodeofEthics.x
|
1186
1220
|
ASpy.asp
|
1221
|
+
Abbrevsprl.php
|
1187
1222
|
About-Us.html
|
1188
1223
|
About.asp
|
1189
1224
|
About.aspx
|
@@ -1817,6 +1852,7 @@ MoldInspector.x
|
|
1817
1852
|
MyAccount.asp
|
1818
1853
|
MyAccount.aspx
|
1819
1854
|
MyAdmin/
|
1855
|
+
MyAdmin/scripts/setup.php
|
1820
1856
|
MyCart.aspx
|
1821
1857
|
MyFavorites.aspx
|
1822
1858
|
MyHome.aspx
|
@@ -1824,6 +1860,7 @@ MyOrders.aspx
|
|
1824
1860
|
MyPage.aspx
|
1825
1861
|
MyProfile.aspx
|
1826
1862
|
MyReports.aspx
|
1863
|
+
MySQLDumper
|
1827
1864
|
N.html
|
1828
1865
|
NACHICodeofEthics.x
|
1829
1866
|
NACHIMembership.x
|
@@ -1886,6 +1923,16 @@ PEAR.php
|
|
1886
1923
|
PI.pdf
|
1887
1924
|
PMA/
|
1888
1925
|
PMA2005/
|
1926
|
+
PMA2011/
|
1927
|
+
PMA2012/
|
1928
|
+
PMA2013/
|
1929
|
+
PMA2014/
|
1930
|
+
PMA2015/
|
1931
|
+
PMA2016/
|
1932
|
+
PMA2017/
|
1933
|
+
PMA2018/
|
1934
|
+
PMA2019/
|
1935
|
+
PMA2020/
|
1889
1936
|
Page-2.html
|
1890
1937
|
Page-4.html
|
1891
1938
|
Page-5.html
|
@@ -2057,6 +2104,7 @@ ReviewsList.asp
|
|
2057
2104
|
Robots.txt
|
2058
2105
|
RoofingIssues.x
|
2059
2106
|
RootCA.crt
|
2107
|
+
RoseLeif.php
|
2060
2108
|
Rss.aspx
|
2061
2109
|
RssFeedHandler.c
|
2062
2110
|
S.html
|
@@ -2102,6 +2150,7 @@ Service.bok
|
|
2102
2150
|
Service.html
|
2103
2151
|
Services.aspx
|
2104
2152
|
Services.html
|
2153
|
+
SessionController.php
|
2105
2154
|
SetLanguage.aspx
|
2106
2155
|
Settings.aspx
|
2107
2156
|
Settings.php
|
@@ -2765,6 +2814,7 @@ admin/lib/spaw2/dialogs/dialog.php
|
|
2765
2814
|
admin/log
|
2766
2815
|
admin/logs/
|
2767
2816
|
admin/logs/login.txt
|
2817
|
+
admin/pMA/
|
2768
2818
|
admin/phpMyAdmin/
|
2769
2819
|
admin/phpmyadmin/
|
2770
2820
|
admin/phpmyadmin/scripts/setup.php
|
@@ -2773,11 +2823,14 @@ admin/pma/scripts/setup.php
|
|
2773
2823
|
admin/pol_log.txt
|
2774
2824
|
admin/private/logs
|
2775
2825
|
admin/scripts/setup.php
|
2826
|
+
admin/sqladmin/
|
2776
2827
|
admin/sxd/
|
2828
|
+
admin/sysadmin/
|
2777
2829
|
admin/test/
|
2778
2830
|
admin/upload.php
|
2779
2831
|
admin/uploadarticles/uploadTester.asp
|
2780
2832
|
admin/user_count.txt
|
2833
|
+
admin/web/
|
2781
2834
|
admin0
|
2782
2835
|
admin1
|
2783
2836
|
admin1.php
|
@@ -2894,8 +2947,20 @@ administrative/login_history
|
|
2894
2947
|
administrator.php
|
2895
2948
|
administrator/
|
2896
2949
|
administrator/.htaccess
|
2950
|
+
administrator/PMA/
|
2951
|
+
administrator/admin/
|
2952
|
+
administrator/administrator.php
|
2897
2953
|
administrator/components/com_joommyadmin/phpmyadmin/
|
2954
|
+
administrator/db/
|
2955
|
+
administrator/dbconfig.php
|
2956
|
+
administrator/includes/readmy.php
|
2957
|
+
administrator/index.php
|
2898
2958
|
administrator/logs
|
2959
|
+
administrator/phpMyAdmin/
|
2960
|
+
administrator/phpmyadmin/
|
2961
|
+
administrator/pma/
|
2962
|
+
administrator/web/
|
2963
|
+
administrator/webconfig.txt.php
|
2899
2964
|
administrators.pwd
|
2900
2965
|
adminka.php
|
2901
2966
|
adminlogin.aspx
|
@@ -3052,6 +3117,7 @@ ajout.php
|
|
3052
3117
|
ajoutcat.php
|
3053
3118
|
ajoutsite.php
|
3054
3119
|
al.php
|
3120
|
+
al277.php
|
3055
3121
|
alawar.html
|
3056
3122
|
albmgr.php
|
3057
3123
|
album.htm
|
@@ -3368,6 +3434,7 @@ auth_user_file.txt
|
|
3368
3434
|
authconfig.php
|
3369
3435
|
authenticate.cfm
|
3370
3436
|
authenticate.php
|
3437
|
+
authenticating.php
|
3371
3438
|
authentication.php
|
3372
3439
|
authnetpost.aspx
|
3373
3440
|
author.asp
|
@@ -3703,6 +3770,7 @@ blog.htm
|
|
3703
3770
|
blog.html
|
3704
3771
|
blog.old
|
3705
3772
|
blog.php
|
3773
|
+
blog/administrator/index.php
|
3706
3774
|
blog/error_log
|
3707
3775
|
blog/phpmyadmin/
|
3708
3776
|
blog/wp-content/backup-db/
|
@@ -3906,7 +3974,13 @@ cache.aspx
|
|
3906
3974
|
cache.old
|
3907
3975
|
cache.php
|
3908
3976
|
cache/
|
3977
|
+
cache/cache_aqbmkwwx.php
|
3978
|
+
cache/cachee.php
|
3979
|
+
cache/defau1t.php
|
3980
|
+
cache/list.php
|
3981
|
+
cache/news.php
|
3909
3982
|
cache/sql_error_latest.cgi
|
3983
|
+
cache/support.php
|
3910
3984
|
cadastro.php
|
3911
3985
|
caddie.php
|
3912
3986
|
cai.asp
|
@@ -4288,6 +4362,7 @@ clear_cache.cfm
|
|
4288
4362
|
clearcache.aspx
|
4289
4363
|
clearcache.php
|
4290
4364
|
clearcookies.aspx
|
4365
|
+
cli/40dd1d.php
|
4291
4366
|
clic.asp
|
4292
4367
|
clic.php
|
4293
4368
|
click-n-vote.aspx
|
@@ -4584,6 +4659,7 @@ config2.php
|
|
4584
4659
|
config_db.php
|
4585
4660
|
config_feed.php
|
4586
4661
|
config_site.php
|
4662
|
+
configbak.php
|
4587
4663
|
configs/conf_bdd.ini
|
4588
4664
|
configs/conf_zepass.ini
|
4589
4665
|
configuracion.php
|
@@ -4598,6 +4674,7 @@ configuration.php.templ
|
|
4598
4674
|
configuration.php.txt
|
4599
4675
|
configuration.php~
|
4600
4676
|
configuration/
|
4677
|
+
configurationbak.php
|
4601
4678
|
configure.php
|
4602
4679
|
confirm.asp
|
4603
4680
|
confirm.aspx
|
@@ -5109,8 +5186,20 @@ db.tar.gzip
|
|
5109
5186
|
db.tgz
|
5110
5187
|
db.zip
|
5111
5188
|
db/
|
5189
|
+
db/db-admin/
|
5190
|
+
db/dbadmin/
|
5191
|
+
db/dbweb/
|
5112
5192
|
db/main.mdb
|
5193
|
+
db/myadmin/
|
5194
|
+
db/phpMyAdmin-3/
|
5195
|
+
db/phpMyAdmin/
|
5196
|
+
db/phpMyAdmin3/
|
5197
|
+
db/phpmyadmin/
|
5198
|
+
db/phpmyadmin3/
|
5113
5199
|
db/seeds.rb
|
5200
|
+
db/webadmin/
|
5201
|
+
db/webdb/
|
5202
|
+
db/websql/
|
5114
5203
|
db1.mdb
|
5115
5204
|
db1.sqlite
|
5116
5205
|
db2
|
@@ -5538,6 +5627,7 @@ drucken.html
|
|
5538
5627
|
drucken.php
|
5539
5628
|
druckversion.php
|
5540
5629
|
drukuj.html
|
5630
|
+
dswat.org/wsdl.php
|
5541
5631
|
dt.php
|
5542
5632
|
dummy
|
5543
5633
|
dummy.htm
|
@@ -5680,6 +5770,7 @@ ehosting.php
|
|
5680
5770
|
ehthumbs.db
|
5681
5771
|
eintragen.php
|
5682
5772
|
element.php
|
5773
|
+
elements.php
|
5683
5774
|
elenco_img.asp
|
5684
5775
|
elfinder/elfinder.php
|
5685
5776
|
elim/blist.xml
|
@@ -5854,6 +5945,7 @@ error-404.php
|
|
5854
5945
|
error-404.tpl.php
|
5855
5946
|
error-500.tpl.php
|
5856
5947
|
error-log
|
5948
|
+
error-log.php
|
5857
5949
|
error-log.txt
|
5858
5950
|
error-notfound.aspx
|
5859
5951
|
error-send.html
|
@@ -6379,6 +6471,7 @@ forum.tar
|
|
6379
6471
|
forum.tar.gz
|
6380
6472
|
forum.zip
|
6381
6473
|
forum/install/install.php
|
6474
|
+
forum/install/upgrade.php
|
6382
6475
|
forum/phpmyadmin/
|
6383
6476
|
forum1.php
|
6384
6477
|
forum2.php
|
@@ -6639,6 +6732,7 @@ giftwrap.cfm
|
|
6639
6732
|
giris.php
|
6640
6733
|
git-service
|
6641
6734
|
git.php
|
6735
|
+
github_rsa
|
6642
6736
|
gitlog
|
6643
6737
|
glance.php
|
6644
6738
|
glance_config.php
|
@@ -6700,6 +6794,8 @@ golf.php
|
|
6700
6794
|
golos.php
|
6701
6795
|
goods.php
|
6702
6796
|
goods_script.php
|
6797
|
+
goog1es.php
|
6798
|
+
google-assist.php
|
6703
6799
|
google.asp
|
6704
6800
|
google.htm
|
6705
6801
|
google.html
|
@@ -7034,6 +7130,8 @@ id.html
|
|
7034
7130
|
id.php
|
7035
7131
|
id_dsa
|
7036
7132
|
id_dsa.ppk
|
7133
|
+
id_ecdsa
|
7134
|
+
id_ed25519
|
7037
7135
|
id_rsa
|
7038
7136
|
idaho.html
|
7039
7137
|
idealnotify.aspx
|
@@ -7098,8 +7196,18 @@ images.inc.php
|
|
7098
7196
|
images.old
|
7099
7197
|
images.php
|
7100
7198
|
images.xml
|
7199
|
+
images/1ndex.php
|
7200
|
+
images/404.php
|
7101
7201
|
images/Sym.php
|
7202
|
+
images/al277.php
|
7102
7203
|
images/c99.php
|
7204
|
+
images/defau1t.php
|
7205
|
+
images/google-assist.php
|
7206
|
+
images/head.php
|
7207
|
+
images/laj.php
|
7208
|
+
images/robots.txt.php
|
7209
|
+
images/stories/0day.php
|
7210
|
+
images/xxx.php
|
7103
7211
|
imagesrc.aspx
|
7104
7212
|
imageview.aspx
|
7105
7213
|
imagezoom.php
|
@@ -7148,6 +7256,7 @@ include.php
|
|
7148
7256
|
include/fckeditor/
|
7149
7257
|
include/spaw2/dialogs/dialog.php
|
7150
7258
|
include_files.php
|
7259
|
+
includes.php
|
7151
7260
|
includes/adovbs.inc
|
7152
7261
|
includes/configure.php~
|
7153
7262
|
includes/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
|
@@ -7167,6 +7276,7 @@ includes/swfupload/swfupload.swf
|
|
7167
7276
|
includes/swfupload/swfupload_f9.swf
|
7168
7277
|
includes/tiny_mce/
|
7169
7278
|
includes/tinymce/
|
7279
|
+
includes/u2p.php
|
7170
7280
|
index-1.htm
|
7171
7281
|
index-1.html
|
7172
7282
|
index-1.php
|
@@ -7474,6 +7584,7 @@ install.sql
|
|
7474
7584
|
install.txt
|
7475
7585
|
install/
|
7476
7586
|
install/update.log
|
7587
|
+
install/upgrade.php
|
7477
7588
|
install1/
|
7478
7589
|
install2/
|
7479
7590
|
install_
|
@@ -7603,8 +7714,10 @@ javascript.php
|
|
7603
7714
|
javascripts.asp
|
7604
7715
|
javax.faces.resource.../WEB-INF/web.xml.jsf
|
7605
7716
|
jcap.js
|
7717
|
+
jconfig.php
|
7606
7718
|
jcss.php
|
7607
7719
|
jdbc
|
7720
|
+
jenkins/script
|
7608
7721
|
jira/
|
7609
7722
|
jmx-console
|
7610
7723
|
jmx-console/
|
@@ -7639,6 +7752,7 @@ jokes.html
|
|
7639
7752
|
joomla.rar
|
7640
7753
|
joomla.xml
|
7641
7754
|
joomla.zip
|
7755
|
+
joomla/administrator/index.php
|
7642
7756
|
journal.php
|
7643
7757
|
jp.php
|
7644
7758
|
jquery-1.3.2.min.js
|
@@ -7698,6 +7812,7 @@ keen.php
|
|
7698
7812
|
keepalive.php
|
7699
7813
|
key.htm
|
7700
7814
|
key.php
|
7815
|
+
keybase.txt
|
7701
7816
|
keyword.asp
|
7702
7817
|
keyword.aspx
|
7703
7818
|
keyword.php
|
@@ -8081,6 +8196,7 @@ loggedin.php
|
|
8081
8196
|
loggedout.php
|
8082
8197
|
logger.php
|
8083
8198
|
logging.php
|
8199
|
+
login
|
8084
8200
|
login.
|
8085
8201
|
login.action
|
8086
8202
|
login.asp
|
@@ -8338,6 +8454,7 @@ mailfriend.asp
|
|
8338
8454
|
mailing.php
|
8339
8455
|
mailinglist.asp
|
8340
8456
|
mailinglist.php
|
8457
|
+
maill.php
|
8341
8458
|
maillist.php
|
8342
8459
|
maillist_proc.php
|
8343
8460
|
mailmessages.php
|
@@ -8479,7 +8596,11 @@ media.asp
|
|
8479
8596
|
media.htm
|
8480
8597
|
media.html
|
8481
8598
|
media.php
|
8599
|
+
media/1ndex.php
|
8600
|
+
media/404.php
|
8482
8601
|
media/export-criteo.xml
|
8602
|
+
media/reads.php
|
8603
|
+
media/tmp.php
|
8483
8604
|
media_content.php
|
8484
8605
|
media_get.php
|
8485
8606
|
mediainfo.html
|
@@ -8725,6 +8846,9 @@ mpay24_error.php
|
|
8725
8846
|
mpay24_success.php
|
8726
8847
|
mpu.html
|
8727
8848
|
mrtg.cfg
|
8849
|
+
msd
|
8850
|
+
msd1.24.4
|
8851
|
+
msd1.24stable
|
8728
8852
|
msg.
|
8729
8853
|
msg.asp
|
8730
8854
|
msg.php
|
@@ -8760,6 +8884,7 @@ myAccount.aspx
|
|
8760
8884
|
myAccount.php
|
8761
8885
|
myFavorites.php
|
8762
8886
|
myInfo.cfm
|
8887
|
+
mySqlDumper
|
8763
8888
|
my_account.asp
|
8764
8889
|
my_account.html
|
8765
8890
|
my_account.php
|
@@ -8825,6 +8950,7 @@ myprofile.asp
|
|
8825
8950
|
myprofile.php
|
8826
8951
|
myship.php
|
8827
8952
|
myshop.php
|
8953
|
+
mysql
|
8828
8954
|
mysql-admin/
|
8829
8955
|
mysql.7z
|
8830
8956
|
mysql.bz2
|
@@ -8853,13 +8979,22 @@ mysql.tar.gzip
|
|
8853
8979
|
mysql.tgz
|
8854
8980
|
mysql.zip
|
8855
8981
|
mysql/
|
8982
|
+
mysql/admin/
|
8856
8983
|
mysql/adminer.php
|
8984
|
+
mysql/db/
|
8985
|
+
mysql/dbadmin/
|
8986
|
+
mysql/mysqlmanager/
|
8987
|
+
mysql/pMA/
|
8988
|
+
mysql/pma/
|
8857
8989
|
mysql/scripts/setup.php
|
8990
|
+
mysql/sqlmanager/
|
8991
|
+
mysql/web/
|
8858
8992
|
mysql_backups/
|
8859
8993
|
mysql_debug.sql
|
8860
8994
|
mysqladmin/
|
8861
8995
|
mysqladmin/scripts/setup.php
|
8862
8996
|
mysqlcron.php
|
8997
|
+
mysqldumper
|
8863
8998
|
mysqldumper/
|
8864
8999
|
mysqlitedb.db
|
8865
9000
|
mysqlmanager/
|
@@ -9767,6 +9902,7 @@ phpMyAdmin-3.1.2.0-all-languages/
|
|
9767
9902
|
phpMyAdmin-3.1.2.0-english/
|
9768
9903
|
phpMyAdmin-3.1.2.0/
|
9769
9904
|
phpMyAdmin-3.4.3.1/
|
9905
|
+
phpMyAdmin-3/
|
9770
9906
|
phpMyAdmin-4.0.10.10-all-languages/
|
9771
9907
|
phpMyAdmin-4.0.10.10-english/
|
9772
9908
|
phpMyAdmin-4.3.13.3-all-languages/
|
@@ -9776,6 +9912,7 @@ phpMyAdmin-4.4.14.1-english/
|
|
9776
9912
|
phpMyAdmin-4.5.0-rc1-all-languages/
|
9777
9913
|
phpMyAdmin-4.5.0-rc1-english/
|
9778
9914
|
phpMyAdmin/
|
9915
|
+
phpMyAdmin/scripts.setup.php
|
9779
9916
|
phpMyAdmin/scripts/setup.php
|
9780
9917
|
phpMyAdmin0/
|
9781
9918
|
phpMyAdmin1/
|
@@ -9783,6 +9920,7 @@ phpMyAdmin2/
|
|
9783
9920
|
phpMyAdmin3/
|
9784
9921
|
phpMyAdmin4/
|
9785
9922
|
phpMyAdminBackup/
|
9923
|
+
phpMyadmin/
|
9786
9924
|
phpPgAdmin/
|
9787
9925
|
phpRedisAdmin/
|
9788
9926
|
phpThumb.php
|
@@ -9813,6 +9951,7 @@ phpmem/
|
|
9813
9951
|
phpmemcachedadmin/
|
9814
9952
|
phpmy-admin/
|
9815
9953
|
phpmy/
|
9954
|
+
phpmyAdmin/
|
9816
9955
|
phpmyad/
|
9817
9956
|
phpmyadmin.backup/
|
9818
9957
|
phpmyadmin/
|
@@ -9820,9 +9959,20 @@ phpmyadmin/scripts/setup.php
|
|
9820
9959
|
phpmyadmin0/
|
9821
9960
|
phpmyadmin1/
|
9822
9961
|
phpmyadmin2/
|
9962
|
+
phpmyadmin2011/
|
9963
|
+
phpmyadmin2012/
|
9964
|
+
phpmyadmin2013/
|
9965
|
+
phpmyadmin2014/
|
9966
|
+
phpmyadmin2015/
|
9967
|
+
phpmyadmin2017/
|
9968
|
+
phpmyadmin2018/
|
9969
|
+
phpmyadmin2019/
|
9970
|
+
phpmyadmin2020/
|
9823
9971
|
phpmyadmin3/
|
9972
|
+
phpmyadmin4/
|
9824
9973
|
phpmyvisites.php
|
9825
9974
|
phppgadmin/
|
9975
|
+
phppma/
|
9826
9976
|
phpredmin/
|
9827
9977
|
phprint.php
|
9828
9978
|
phpsecinfo/
|
@@ -9932,6 +10082,16 @@ pma/
|
|
9932
10082
|
pma/index.php
|
9933
10083
|
pma/scripts/setup.php
|
9934
10084
|
pma2005/
|
10085
|
+
pma2011/
|
10086
|
+
pma2012/
|
10087
|
+
pma2013/
|
10088
|
+
pma2014/
|
10089
|
+
pma2015/
|
10090
|
+
pma2016/
|
10091
|
+
pma2017/
|
10092
|
+
pma2018/
|
10093
|
+
pma2019/
|
10094
|
+
pma2020/
|
9935
10095
|
pma4/
|
9936
10096
|
pmadmin/
|
9937
10097
|
pmlite.php
|
@@ -10443,6 +10603,7 @@ profiles.php
|
|
10443
10603
|
profilo.asp
|
10444
10604
|
proftpdpasswd
|
10445
10605
|
program.php
|
10606
|
+
program/
|
10446
10607
|
programs.html
|
10447
10608
|
progress.html
|
10448
10609
|
progress.php
|
@@ -10569,6 +10730,7 @@ r.cgi
|
|
10569
10730
|
r.html
|
10570
10731
|
r.php
|
10571
10732
|
r00t.php
|
10733
|
+
r3x.php
|
10572
10734
|
r57.php
|
10573
10735
|
r57eng.php
|
10574
10736
|
r57shell.php
|
@@ -11076,12 +11238,18 @@ robot.txt
|
|
11076
11238
|
robots-old.txt
|
11077
11239
|
robots.php
|
11078
11240
|
robots.txt
|
11241
|
+
robots.txt.php
|
11079
11242
|
robox.php
|
11080
11243
|
rodape.php
|
11081
11244
|
rollover.js
|
11082
11245
|
roof.html
|
11083
11246
|
rooms.php
|
11084
11247
|
root.php
|
11248
|
+
root/.ssh/github_rsa
|
11249
|
+
root/.ssh/id_dsa
|
11250
|
+
root/.ssh/id_ecdsa
|
11251
|
+
root/.ssh/id_ed25519
|
11252
|
+
root/.ssh/id_rsa
|
11085
11253
|
ror.xml
|
11086
11254
|
rorentity.aspx
|
11087
11255
|
rorindex.aspx
|
@@ -11260,6 +11428,7 @@ screen.css
|
|
11260
11428
|
screen.php
|
11261
11429
|
screenshot.php
|
11262
11430
|
screenshots.php
|
11431
|
+
script
|
11263
11432
|
script.js
|
11264
11433
|
script.php
|
11265
11434
|
scriptaculous.js
|
@@ -11664,6 +11833,7 @@ shipquote.asp
|
|
11664
11833
|
shipworks.php
|
11665
11834
|
shipworks2.php
|
11666
11835
|
shipworksblp.php
|
11836
|
+
shootme.php
|
11667
11837
|
shop-checkout.html
|
11668
11838
|
shop.asp
|
11669
11839
|
shop.aspx
|
@@ -11691,6 +11861,7 @@ shopcurrency.asp
|
|
11691
11861
|
shopcustadmin.asp
|
11692
11862
|
shopcustcontact.asp
|
11693
11863
|
shopcustomer.asp
|
11864
|
+
shopdb/
|
11694
11865
|
shopemptycart.asp
|
11695
11866
|
shoperror.asp
|
11696
11867
|
shopex.php
|
@@ -11898,6 +12069,7 @@ site.sql.zip
|
|
11898
12069
|
site.tar.gz
|
11899
12070
|
site.txt
|
11900
12071
|
site/common.xml
|
12072
|
+
site/tmp/cTivrC.php
|
11901
12073
|
site_admin
|
11902
12074
|
site_down.html
|
11903
12075
|
site_hist.php
|
@@ -12096,6 +12268,7 @@ spread.php
|
|
12096
12268
|
spwd.db
|
12097
12269
|
spy.aspx
|
12098
12270
|
spy.php
|
12271
|
+
sql
|
12099
12272
|
sql.7z
|
12100
12273
|
sql.aspx
|
12101
12274
|
sql.bz2
|
@@ -12126,10 +12299,26 @@ sql.zip
|
|
12126
12299
|
sql/
|
12127
12300
|
sql/db.sql
|
12128
12301
|
sql/index.php
|
12302
|
+
sql/myadmin/
|
12303
|
+
sql/php-myadmin/
|
12304
|
+
sql/phpMyAdmin/
|
12305
|
+
sql/phpMyAdmin2/
|
12306
|
+
sql/phpmanager/
|
12307
|
+
sql/phpmy-admin/
|
12308
|
+
sql/phpmyadmin2/
|
12309
|
+
sql/sql-admin/
|
12310
|
+
sql/sql/
|
12311
|
+
sql/sqladmin/
|
12312
|
+
sql/sqlweb/
|
12313
|
+
sql/webadmin/
|
12314
|
+
sql/webdb/
|
12315
|
+
sql/websql/
|
12316
|
+
sql_dump.php
|
12129
12317
|
sql_dumps
|
12130
12318
|
sql_error.log
|
12131
12319
|
sqladm
|
12132
12320
|
sqladmin
|
12321
|
+
sqlbak.php
|
12133
12322
|
sqlbuddy
|
12134
12323
|
sqlbuddy/login.php
|
12135
12324
|
sqlmanager/
|
@@ -12798,6 +12987,7 @@ tld.txt
|
|
12798
12987
|
tm.asp
|
12799
12988
|
tm.php
|
12800
12989
|
tmp
|
12990
|
+
tmp.php
|
12801
12991
|
tmp/
|
12802
12992
|
tmp/2.php
|
12803
12993
|
tmp/Cgishell.pl
|
@@ -13587,6 +13777,7 @@ webcam.php
|
|
13587
13777
|
webcast.asp
|
13588
13778
|
webcast.php
|
13589
13779
|
webceo.js
|
13780
|
+
webconfig.txt.php
|
13590
13781
|
webdav
|
13591
13782
|
webdav/
|
13592
13783
|
webdav/index.html
|
@@ -13737,6 +13928,7 @@ wp-atom.php
|
|
13737
13928
|
wp-blog-header.php
|
13738
13929
|
wp-cache-config.php
|
13739
13930
|
wp-cache-phase1.php
|
13931
|
+
wp-cache.php
|
13740
13932
|
wp-command.php
|
13741
13933
|
wp-comments.php
|
13742
13934
|
wp-commentsrss2.php
|
@@ -13747,6 +13939,7 @@ wp-config.old
|
|
13747
13939
|
wp-config.orig
|
13748
13940
|
wp-config.original
|
13749
13941
|
wp-config.php
|
13942
|
+
wp-config.php-
|
13750
13943
|
wp-config.php.bak
|
13751
13944
|
wp-config.php.dist
|
13752
13945
|
wp-config.php.inc
|
@@ -13765,25 +13958,44 @@ wp-config.php~
|
|
13765
13958
|
wp-config.save
|
13766
13959
|
wp-config.swp
|
13767
13960
|
wp-config.txt
|
13961
|
+
wp-config_bak.php
|
13768
13962
|
wp-content/backup-db/
|
13769
13963
|
wp-content/backups/
|
13770
13964
|
wp-content/debug.log
|
13965
|
+
wp-content/plugins/Analyser.php
|
13966
|
+
wp-content/plugins/Fbrrchive.php
|
13967
|
+
wp-content/plugins/SocketIasrgasfontrol.php
|
13968
|
+
wp-content/plugins/SocketIontrol.php
|
13771
13969
|
wp-content/plugins/akismet/admin.php
|
13772
13970
|
wp-content/plugins/akismet/akismet.php
|
13773
13971
|
wp-content/plugins/count-per-day/js/yc/d00.php
|
13774
13972
|
wp-content/plugins/disqus-comment-system/disqus.php
|
13775
13973
|
wp-content/plugins/google-sitemap-generator/sitemap-core.php
|
13974
|
+
wp-content/plugins/myshe.php
|
13975
|
+
wp-content/plugins/sql_dump.php
|
13976
|
+
wp-content/plugins/wp-cache.php
|
13977
|
+
wp-content/plugins/wp-footers.php
|
13978
|
+
wp-content/plugins/wpfootes.php
|
13979
|
+
wp-content/uploader.php
|
13776
13980
|
wp-content/uploads/
|
13981
|
+
wp-content/uploads/Fbrrchive.php
|
13777
13982
|
wp-cron.php
|
13983
|
+
wp-cros.php
|
13984
|
+
wp-data.php
|
13778
13985
|
wp-db-backup.php
|
13779
13986
|
wp-email.php
|
13780
13987
|
wp-fbuser.php
|
13781
13988
|
wp-feed.php
|
13782
13989
|
wp-forum.phps
|
13990
|
+
wp-includes/js/tinymce/plugins/wpview/diff.php
|
13991
|
+
wp-json
|
13992
|
+
wp-json/wp/v2/posts
|
13993
|
+
wp-json/wp/v2/users
|
13783
13994
|
wp-links-opml.php
|
13784
13995
|
wp-load.php
|
13785
13996
|
wp-login.php
|
13786
13997
|
wp-mail.php
|
13998
|
+
wp-main.php
|
13787
13999
|
wp-mobile.php
|
13788
14000
|
wp-pass.php
|
13789
14001
|
wp-postviews.php
|
@@ -13824,6 +14036,7 @@ ws/api_test.php
|
|
13824
14036
|
ws_ftp.ini
|
13825
14037
|
ws_ftp.log
|
13826
14038
|
wsaffil.cgi
|
14039
|
+
wsdl.php
|
13827
14040
|
wso.html
|
13828
14041
|
wso.php
|
13829
14042
|
wso2.5.1.php
|
@@ -13884,6 +14097,7 @@ xmlrpc-2.0
|
|
13884
14097
|
xmlrpc.php
|
13885
14098
|
xmlrpc_server.php
|
13886
14099
|
xmlsitemap.php
|
14100
|
+
xmlsrpc.php
|
13887
14101
|
xoport.php
|
13888
14102
|
xp_publish.php
|
13889
14103
|
xpathTest2.php
|
@@ -13980,32 +14194,3 @@ zz-error.php
|
|
13980
14194
|
~.vcf
|
13981
14195
|
~.wav
|
13982
14196
|
~install/
|
13983
|
-
keybase.txt
|
13984
|
-
.well-known/acme-challenge
|
13985
|
-
.well-known/ashrae
|
13986
|
-
.well-known/assetlinks.json
|
13987
|
-
.well-known/caldav
|
13988
|
-
.well-known/carddav
|
13989
|
-
.well-known/core
|
13990
|
-
.well-known/csvm
|
13991
|
-
.well-known/dnt
|
13992
|
-
.well-known/dnt-policy.txt
|
13993
|
-
.well-known/est
|
13994
|
-
.well-known/genid
|
13995
|
-
.well-known/hoba
|
13996
|
-
.well-known/host-meta
|
13997
|
-
.well-known/host-meta.json
|
13998
|
-
.well-known/keybase.txt
|
13999
|
-
.well-known/mud
|
14000
|
-
.well-known/ni
|
14001
|
-
.well-known/openid-configuration
|
14002
|
-
.well-known/openorg
|
14003
|
-
.well-known/pki-validation
|
14004
|
-
.well-known/posh
|
14005
|
-
.well-known/reload-config
|
14006
|
-
.well-known/repute-template
|
14007
|
-
.well-known/stun-key
|
14008
|
-
.well-known/time
|
14009
|
-
.well-known/timezone
|
14010
|
-
.well-known/void
|
14011
|
-
.well-known/webfinger
|
data/lib/scanner/core.rb
CHANGED
@@ -75,7 +75,7 @@ module Yawast
|
|
75
75
|
# less than 24 hours. if a scan is that long, we have bigger problems
|
76
76
|
elapsed_time = Time.at(Time.now - start_time).utc.strftime('%H:%M:%S')
|
77
77
|
|
78
|
-
puts "Scan complete (#{elapsed_time}
|
78
|
+
puts "Scan complete (#{elapsed_time})."
|
79
79
|
rescue => e
|
80
80
|
Yawast::Utilities.puts_error "Fatal Error: Can not continue. (#{e.class}: #{e.message})"
|
81
81
|
end
|
@@ -122,8 +122,8 @@ module Yawast
|
|
122
122
|
Yawast::Scanner::SslLabs.info(@uri, options.tdessessioncount)
|
123
123
|
end
|
124
124
|
|
125
|
-
Yawast::Scanner::
|
126
|
-
Yawast::Scanner::
|
125
|
+
Yawast::Scanner::Plugins::SSL::SSL.check_hsts(head)
|
126
|
+
Yawast::Scanner::Plugins::SSL::SSL.check_hsts_preload @uri
|
127
127
|
elsif @uri.scheme == 'http'
|
128
128
|
puts 'Skipping TLS checks; URL is not HTTPS'
|
129
129
|
end
|