yawast 0.7.0.beta1 → 0.7.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1a0010955fcbfb843d4eaf927682a22df138b4a6
-  data.tar.gz: df672ffa6576e142c62fe0904f07ef90cc54c612
+  metadata.gz: 449a14e8b574b57874cdbb8fff80b11b667b1d81
+  data.tar.gz: 7a724b743c8d27f5a92b0e477d27adf06e5b837f
 SHA512:
-  metadata.gz: d1152a1e138492093e18834d8d542b4438a3904703a9449e6092857212db4d04048afeb9329e49bb591e217c1be82d06c1451a986a5e3cd517b66933dbacf018
-  data.tar.gz: 6ab13462bab4524b4e8c0347d0065b7947799ad6ab4ef6bed5bf38dadf090ad2d85e9bc1384a73247d302820ce034ea949824565960b93fedeaabc52797cbea1
+  metadata.gz: 8e692349d710ad580cb80b027e7bd1da180e954a3dad1f9d4f493802c9c4f4cd5a0909ad2afd62429d6c2c7b61711ef24f3e887262b5fe899dcde3e316feb09f
+  data.tar.gz: 68f55b6ff5fd2e62d0b608ac3c6afa981f9cd59d69cc2de34878b7e9d60e929232043d022d3549b5a8ad0d3f29a0a22fbdb4e502b6c48b6a0570a6db34da4b3b

data/.rubocop.yml

@@ -15,3 +15,15 @@ Metrics/MethodLength:
 
 Layout/CaseIndentation:
   IndentOneStep: true
+
+Layout/SpaceInsideHashLiteralBraces:
+  EnforcedStyle: no_space
+
+Style/BracesAroundHashParameters:
+  EnforcedStyle: braces
+
+Style/RedundantBegin:
+  Enabled: false
+
+Style/SafeNavigation:
+  Enabled: false

data/CHANGELOG.md

@@ -1,6 +1,6 @@
 ## 0.7.0 - In Development
 
-* [#38](https://github.com/adamcaudill/yawast/issues/38) - Report Generation Mode (work in progress)
+* [#38](https://github.com/adamcaudill/yawast/issues/38) - JSON Output Option via `--output=` (work in progress)
 * [#133](https://github.com/adamcaudill/yawast/issues/133) - Include a Timestamp In Output
 * [#134](https://github.com/adamcaudill/yawast/issues/134) - Add options to DNS command
 * [#135](https://github.com/adamcaudill/yawast/issues/135) - Incomplete Certificate Chain Warning
@@ -9,6 +9,10 @@
 * [#139](https://github.com/adamcaudill/yawast/issues/139) - Add Spider Option
 * [#140](https://github.com/adamcaudill/yawast/issues/140) - Save output on cancel
 * [#141](https://github.com/adamcaudill/yawast/issues/141) - Flag --internalssl as Deprecated
+* [#147](https://github.com/adamcaudill/yawast/issues/147) - User Enumeration via Password Reset Form
+* [#148](https://github.com/adamcaudill/yawast/issues/148) - Added `--vuln_scan` option to enable new vulnerability scanner
+* [#151](https://github.com/adamcaudill/yawast/issues/151) - User Enumeration via Password Reset Form Timing Differences
+* [#152](https://github.com/adamcaudill/yawast/issues/152) - Add check for 64bit TLS Cert Serial Numbers
 * [#130](https://github.com/adamcaudill/yawast/issues/130) - Bug: HSTS Error leads to printing HTML
 * [#132](https://github.com/adamcaudill/yawast/issues/132) - Bug: Typo in SSL Output
 * [#142](https://github.com/adamcaudill/yawast/issues/142) - Bug: Error In Collecting DNS Information

data/Gemfile

@@ -3,10 +3,10 @@ source 'https://rubygems.org'
 gemspec
 
 group :test do
-  gem 'rake'
+  gem 'codeclimate-test-reporter', {require: nil}
   gem 'minitest'
   gem 'minitest-reporters'
+  gem 'rake'
   gem 'simplecov'
   gem 'webrick'
-  gem 'codeclimate-test-reporter', require: nil
 end

data/README.md

@@ -30,6 +30,8 @@ It's strongly recommended that you review the [installation](https://github.com/
 
 The following tests are performed:
 
+* *(Generic)* User Enumeration via Password Reset Form Response Differences
+* *(Generic)* User Enumeration via Password Reset Form Timing Differences
 * *(Generic)* Info Disclosure: X-Powered-By header present
 * *(Generic)* Info Disclosure: X-Pingback header present
 * *(Generic)* Info Disclosure: X-Backend-Server header present
@@ -49,8 +51,9 @@ The following tests are performed:
 * *(Generic)* Presence of WS_FTP.LOG
 * *(Generic)* Presence of RELEASE-NOTES.txt
 * *(Generic)* Presence of readme.html
+* *(Generic)* Presence of CHANGELOG.txt
 * *(Generic)* Missing cookie flags (Secure, HttpOnly, and SameSite)
-* *(Generic)* Search for files (14,169) & common directories (21,332)
+* *(Generic)* Search for 14,169 common files (via `--files`) & 21,332 common directories (via `--dir`)
 * *(Apache)* Info Disclosure: Module listing enabled
 * *(Apache)* Info Disclosure: Server version
 * *(Apache)* Info Disclosure: OpenSSL module version
@@ -86,6 +89,8 @@ SSL Information:
 
 Checks for the following SSL issues are performed:
 
+*Note: By default, YAWAST uses SSL Labs, meaning this is a small subset of issues detected.*
+
 * Expired Certificate
 * Self-Signed Certificate
 * MD5 Signature
@@ -93,6 +98,7 @@ Checks for the following SSL issues are performed:
 * RC4 Cipher Suites
 * Weak (< 128 bit) Cipher Suites
 * SWEET32
+* 64-bit Serial Numbers ([details](https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/))
 
 Certain DNS information is collected:
 
@@ -121,4 +127,5 @@ Sample output for a [scan](https://github.com/adamcaudill/yawast/wiki/Sample-Out
 
 ### Special Thanks
 
+* [AppSec Consulting](https://www.appsecconsulting.com/) - Generously providing time to improve this tool.
 * [SecLists](https://github.com/danielmiessler/SecLists) - Various lists are based on the resources collected by this project.

data/Rakefile

@@ -3,7 +3,7 @@ require 'rake/testtask'
 task :default => [:codeclimate]
 
 task :test do
-  #set this, so that we can modify behavior based on where's it's ran from
+  # set this, so that we can modify behavior based on where's it's ran from
   ENV['FROM_RAKE'] = 'true'
 
   require File.join(File.dirname(__FILE__), 'test/test_helper')

data/bin/yawast

@@ -29,8 +29,12 @@ command :scan do |c|
   c.option '--nodns', 'Disable DNS checks'
   c.option '--spider', 'Spider the site'
   c.option '--output STRING', String, 'Output JSON file'
+  c.option '--vuln_scan', 'Use new vulnerability scanner (BETA)'
+  c.option '--user STRING', String, 'Valid username for the application (will prompt if not provided)'
+  c.option '--pass_reset_page STRING', String, 'Password reset page (will prompt if not provided)'
 
   c.action do |args, options|
+    Yawast.options = options
     Yawast::Commands::Scan.process(args, options)
   end
 end
@@ -49,6 +53,7 @@ command :head do |c|
   c.option '--output STRING', String, 'Output JSON file'
 
   c.action do |args, options|
+    Yawast.options = options
     Yawast::Commands::Head.process(args, options)
   end
 end
@@ -63,6 +68,7 @@ command :ssl do |c|
   c.option '--nodns', 'Disable DNS checks'
 
   c.action do |args, options|
+    Yawast.options = options
     Yawast::Commands::Ssl.process(args, options)
   end
 end
@@ -75,6 +81,7 @@ command :cms do |c|
   c.option '--cookie STRING', String, 'Session cookie'
 
   c.action do |args, options|
+    Yawast.options = options
     Yawast::Commands::Cms.process(args, options)
   end
 end
@@ -88,6 +95,7 @@ command :dns do |c|
   c.option '--output STRING', String, 'Output JSON file'
 
   c.action do |args, options|
+    Yawast.options = options
     Yawast::Commands::DNS.process(args, options)
   end
 end

data/lib/commands/cms.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Yawast
   module Commands
     class Cms

data/lib/commands/dns.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Yawast
   module Commands
     class DNS
@@ -6,9 +8,7 @@ module Yawast
 
         Yawast.header
 
-        if options.output != nil
-          Yawast::Shared::Output.setup uri, options
-        end
+        Yawast::Shared::Output.setup uri, options unless options.output.nil?
 
         puts "Scanning: #{uri}"
         puts

data/lib/commands/head.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Yawast
   module Commands
     class Head

data/lib/commands/scan.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Yawast
   module Commands
     class Scan

data/lib/commands/ssl.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Yawast
   module Commands
     class Ssl

data/lib/commands/utils.rb

@@ -1,13 +1,15 @@
+# frozen_string_literal: true
+
 module Yawast
   module Commands
     class Utils
       def self.extract_uri(args)
-        raise ArgumentError.new('You must specify a URL.') if args.empty?
+        raise ArgumentError, 'You must specify a URL.' if args.empty?
 
-        #this might be a bad assumption
+        # this might be a bad assumption
         url = args[0]
 
-        return Yawast::Shared::Uri.extract_uri url
+        Yawast::Shared::Uri.extract_uri url
       end
     end
   end

data/lib/scanner/core.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Yawast
   module Scanner
     class Core
@@ -14,9 +16,7 @@ module Yawast
 
           print_header
 
-          if options.output != nil
-            Yawast::Shared::Output.setup @uri, options
-          end
+          Yawast::Shared::Output.setup @uri, options if options.output != nil
 
           ssl_redirect = Yawast::Scanner::Plugins::SSL::SSL.check_for_ssl_redirect @uri
           if ssl_redirect
@@ -27,9 +27,7 @@ module Yawast
 
           Yawast::Scanner::Plugins::SSL::SSL.set_openssl_options
 
-          unless options.nodns
-            Yawast::Scanner::Plugins::DNS::Generic.dns_info @uri, options
-          end
+          Yawast::Scanner::Plugins::DNS::Generic.dns_info @uri, options unless options.nodns
         end
 
         @setup = true
@@ -42,38 +40,48 @@ module Yawast
         setup(uri, options)
 
         begin
-          #setup the proxy
+          # setup the proxy
           Yawast::Shared::Http.setup(options.proxy, options.cookie)
 
-          #cache the HEAD result, so that we can minimize hits
+          # cache the HEAD result, so that we can minimize hits
           head = get_head
           Yawast::Shared::Output.log_hash 'http', 'head', 'raw', head.to_hash
           Yawast::Scanner::Generic.head_info(head, @uri)
 
-          #perfom SSL checks
+          # perform SSL checks
           check_ssl(@uri, options, head)
 
-          #process the 'scan' stuff that goes beyond 'head'
+          # process the 'scan' stuff that goes beyond 'head'
           unless options.head
             # connection details for SSL
             Yawast::Scanner::Plugins::SSL::SSL.ssl_connection_info @uri
 
-            # server specific checks
-            Yawast::Scanner::Plugins::Servers::Apache.check_all(@uri)
-            Yawast::Scanner::Plugins::Servers::Iis.check_all(@uri, head)
+            if Yawast.options.vuln_scan
+              # new scanner-----------------------------------------------------
+              # this is the new model, that will eventually become the default--
+              # ----------------------------------------------------------------
 
-            Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri, options.files
+              Yawast::Scanner::VulnScan.scan(@uri, options, head)
+            else
+              # legacy checks --------------------------------------------------
+              # try not to break these, until the old scanner model is removed--
+              # ----------------------------------------------------------------
 
-            # generic header checks
-            Yawast::Scanner::Generic.check_propfind(@uri)
-            Yawast::Scanner::Generic.check_options(@uri)
-            Yawast::Scanner::Generic.check_trace(@uri)
+              # server specific checks
+              Yawast::Scanner::Plugins::Servers::Apache.check_all(@uri)
+              Yawast::Scanner::Plugins::Servers::Iis.check_all(@uri, head)
 
-            if options.spider
-              Yawast::Scanner::Plugins::Spider::Spider.spider(@uri)
+              Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri, options.files
+
+              # generic header checks
+              Yawast::Scanner::Plugins::Http::Generic.check_propfind(@uri)
+              Yawast::Scanner::Plugins::Http::Generic.check_options(@uri)
+              Yawast::Scanner::Plugins::Http::Generic.check_trace(@uri)
             end
 
-            #check for common directories
+            Yawast::Scanner::Plugins::Spider::Spider.spider(@uri) if options.spider
+
+            # check for common directories
             if options.dir
               Yawast::Scanner::Plugins::Http::DirectorySearch.search @uri, options.dirrecursive, options.dirlistredir
             end
@@ -87,7 +95,7 @@ module Yawast
 
           Yawast::Shared::Output.write_file
           puts "Scan complete (#{elapsed_time})."
-        rescue => e
+        rescue => e # rubocop:disable Style/RescueStandardError
           Yawast::Utilities.puts_error "Fatal Error: Can not continue. (#{e.class}: #{e.message})"
         end
       end
@@ -96,14 +104,14 @@ module Yawast
         setup(uri, options)
 
         body = Yawast::Shared::Http.get(uri)
-        Yawast::Scanner::Cms.get_generator(body)
+        Yawast::Scanner::Plugins::Applications::CMS::Generic.get_generator(body)
       end
 
       def self.check_ssl(uri, options, head)
         setup(uri, options)
 
         if @uri.scheme == 'https' && !options.nossl
-          head = get_head if head == nil
+          head = get_head if head.nil?
 
           if options.internalssl || IPAddress.valid?(@uri.host) || @uri.port != 443
             Yawast::Scanner::Ssl.info(@uri, !options.nociphers, options.tdessessioncount)
@@ -118,10 +126,10 @@ module Yawast
         end
       end
 
-      def self.get_head()
+      def self.get_head
         begin
           Yawast::Shared::Http.head(@uri)
-        rescue => e
+        rescue => e # rubocop:disable Style/RescueStandardError
           Yawast::Utilities.puts_error "Fatal Connection Error: Unable to complete HEAD request from '#{@uri}' (#{e.class}: #{e.message})"
           exit 1
         end

data/lib/scanner/generic.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'ipaddr_extensions'
 require 'json'
 require 'public_suffix'
@@ -9,7 +11,7 @@ module Yawast
         begin
           server = ''
           powered_by = ''
-          cookies = Array.new
+          cookies = []
           pingback = ''
           frame_options = ''
           content_options = ''
@@ -26,21 +28,21 @@ module Yawast
             Yawast::Utilities.puts_info "\t\t#{k}: #{v}"
             Yawast::Shared::Output.log_value 'http', 'head', k, v
 
-            server = v if k.downcase == 'server'
-            powered_by = v if k.downcase == 'x-powered-by'
-            pingback = v if k.downcase == 'x-pingback'
-            frame_options = v if k.downcase == 'x-frame-options'
-            content_options = v if k.downcase == 'x-content-type-options'
-            csp = v if k.downcase == 'content-security-policy'
-            backend_server = v if k.downcase == 'x-backend-server'
-            runtime = v if k.downcase == 'x-runtime'
-            xss_protection = v if k.downcase == 'x-xss-protection'
-            via = v if k.downcase == 'via'
-            hpkp = v if k.downcase == 'public-key-pins'
-            acao = v if k.downcase == 'access-control-allow-origin'
-
-            if k.downcase == 'set-cookie'
-              #this chunk of magic manages to properly split cookies, when multiple are sent together
+            server = v if k.casecmp('server').zero?
+            powered_by = v if k.casecmp('x-powered-by').zero?
+            pingback = v if k.casecmp('x-pingback').zero?
+            frame_options = v if k.casecmp('x-frame-options').zero?
+            content_options = v if k.casecmp('x-content-type-options').zero?
+            csp = v if k.casecmp('content-security-policy').zero?
+            backend_server = v if k.casecmp('x-backend-server').zero?
+            runtime = v if k.casecmp('x-runtime').zero?
+            xss_protection = v if k.casecmp('x-xss-protection').zero?
+            via = v if k.casecmp('via').zero?
+            hpkp = v if k.casecmp('public-key-pins').zero?
+            acao = v if k.casecmp('access-control-allow-origin').zero?
+
+            if k.casecmp('set-cookie').zero?
+              # this chunk of magic manages to properly split cookies, when multiple are sent together
               v.gsub(/(,([^;,]*=)|,$)/) { "\r\n#{$2}" }.split(/\r\n/).each do |c|
                 cookies.push(c)
 
@@ -52,28 +54,22 @@ module Yawast
 
           if server != ''
             Yawast::Scanner::Plugins::Servers::Apache.check_banner(server)
-            Yawast::Scanner::Php.check_banner(server)
+            Yawast::Scanner::Plugins::Servers::Generic.check_banner_php(server)
             Yawast::Scanner::Plugins::Servers::Iis.check_banner(server)
             Yawast::Scanner::Plugins::Servers::Nginx.check_banner(server)
             Yawast::Scanner::Plugins::Servers::Python.check_banner(server)
 
-            if server == 'cloudflare-nginx'
+            if server == 'cloudflare'
               Yawast::Utilities.puts_info 'NOTE: Server appears to be Cloudflare; WAF may be in place.'
               puts
             end
           end
 
-          if powered_by != ''
-            Yawast::Utilities.puts_warn "X-Powered-By Header Present: #{powered_by}"
-          end
+          Yawast::Utilities.puts_warn "X-Powered-By Header Present: #{powered_by}" if powered_by != ''
 
-          if xss_protection == '0'
-            Yawast::Utilities.puts_warn 'X-XSS-Protection Disabled Header Present'
-          end
+          Yawast::Utilities.puts_warn 'X-XSS-Protection Disabled Header Present' if xss_protection == '0'
 
-          unless pingback == ''
-            Yawast::Utilities.puts_info "X-Pingback Header Present: #{pingback}"
-          end
+          Yawast::Utilities.puts_info "X-Pingback Header Present: #{pingback}" unless pingback == ''
 
           unless runtime == ''
             if runtime.is_number?
@@ -83,18 +79,14 @@ module Yawast
             end
           end
 
-          unless backend_server == ''
-            Yawast::Utilities.puts_warn "X-Backend-Server Header Present: #{backend_server}"
-          end
+          Yawast::Utilities.puts_warn "X-Backend-Server Header Present: #{backend_server}" unless backend_server == ''
 
-          unless via == ''
-            Yawast::Utilities.puts_warn "Via Header Present: #{via}"
-          end
+          Yawast::Utilities.puts_warn "Via Header Present: #{via}" unless via == ''
 
           if frame_options == ''
             Yawast::Utilities.puts_warn 'X-Frame-Options Header Not Present'
           else
-            if frame_options.downcase == 'allow'
+            if frame_options.casecmp('allow').zero?
               Yawast::Utilities.puts_vuln "X-Frame-Options Header: #{frame_options}"
             else
               Yawast::Utilities.puts_info "X-Frame-Options Header: #{frame_options}"
@@ -107,17 +99,11 @@ module Yawast
             Yawast::Utilities.puts_info "X-Content-Type-Options Header: #{content_options}"
           end
 
-          if csp == ''
-            Yawast::Utilities.puts_warn 'Content-Security-Policy Header Not Present'
-          end
+          Yawast::Utilities.puts_warn 'Content-Security-Policy Header Not Present' if csp == ''
 
-          if hpkp == ''
-            Yawast::Utilities.puts_warn 'Public-Key-Pins Header Not Present'
-          end
+          Yawast::Utilities.puts_warn 'Public-Key-Pins Header Not Present' if hpkp == ''
 
-          if acao == '*'
-            Yawast::Utilities.puts_warn 'Access-Control-Allow-Origin: Unrestricted'
-          end
+          Yawast::Utilities.puts_warn 'Access-Control-Allow-Origin: Unrestricted' if acao == '*'
 
           puts ''
 
@@ -129,7 +115,7 @@ module Yawast
 
               elements = val.strip.split(';')
 
-              #check for secure cookies
+              # check for secure cookies
               if elements.include?(' Secure') || elements.include?(' secure')
                 if uri.scheme != 'https'
                   Yawast::Utilities.puts_warn "\t\t\tCookie with Secure flag sent over non-HTTPS connection"
@@ -138,12 +124,12 @@ module Yawast
                 Yawast::Utilities.puts_warn "\t\t\tCookie missing Secure flag"
               end
 
-              #check for HttpOnly cookies
+              # check for HttpOnly cookies
               unless elements.include?(' HttpOnly') || elements.include?(' httponly')
                 Yawast::Utilities.puts_warn "\t\t\tCookie missing HttpOnly flag"
               end
 
-              #check for SameSite cookies
+              # check for SameSite cookies
               unless elements.include?(' SameSite') || elements.include?(' samesite')
                 Yawast::Utilities.puts_warn "\t\t\tCookie missing SameSite flag"
               end
@@ -153,94 +139,11 @@ module Yawast
           end
 
           puts ''
-        rescue => e
+        rescue => e # rubocop:disable Style/RescueStandardError
           Yawast::Utilities.puts_error "Error getting head information: #{e.message}"
           raise
         end
       end
-
-      def self.check_options(uri)
-        begin
-          req = Yawast::Shared::Http.get_http(uri)
-          req.use_ssl = uri.scheme == 'https'
-          headers = Yawast::Shared::Http.get_headers
-          res = req.request(Options.new('/', headers))
-
-          if res['Public'] != nil
-            Yawast::Utilities.puts_info "Public HTTP Verbs (OPTIONS): #{res['Public']}"
-            Yawast::Shared::Output.log_value 'http', 'options', 'public', res['Public']
-
-            puts ''
-          end
-          if res['Allow'] != nil
-            Yawast::Utilities.puts_info "Allow HTTP Verbs (OPTIONS): #{res['Allow']}"
-            Yawast::Shared::Output.log_value 'http', 'options', 'allow', res['Allow']
-
-            puts ''
-          end
-        end
-      end
-
-      def self.check_trace(uri)
-        begin
-          req = Yawast::Shared::Http.get_http(uri)
-          req.use_ssl = uri.scheme == 'https'
-          headers = Yawast::Shared::Http.get_headers
-          res = req.request(Trace.new('/', headers))
-
-          if res.body.include?('TRACE / HTTP/1.1') && res.code == '200'
-            Yawast::Utilities.puts_warn 'HTTP TRACE Enabled'
-            puts "\t\t\"curl -X TRACE #{uri}\""
-
-            puts ''
-          end
-
-          Yawast::Shared::Output.log_value 'http', 'trace', 'raw', res.body
-          Yawast::Shared::Output.log_value 'http', 'trace', 'code', res.code
-        end
-      end
-
-      def self.check_propfind(uri)
-        begin
-          req = Yawast::Shared::Http.get_http(uri)
-          req.use_ssl = uri.scheme == 'https'
-          headers = Yawast::Shared::Http.get_headers
-          res = req.request(Propfind.new('/', headers))
-
-          if res.code.to_i <= 400 && res.body.length > 0 && res['Content-Type'] == 'text/xml'
-            Yawast::Utilities.puts_warn 'Possible Info Disclosure: PROPFIND Enabled'
-            puts "\t\t\"curl -X PROPFIND #{uri}\""
-
-            puts ''
-          end
-
-          Yawast::Shared::Output.log_value 'http', 'propfind', 'raw', res.body
-          Yawast::Shared::Output.log_value 'http', 'propfind', 'code', res.code
-          Yawast::Shared::Output.log_value 'http', 'propfind', 'content-type', res['Content-Type']
-          Yawast::Shared::Output.log_value 'http', 'propfind', 'length', res.body.length
-        end
-      end
-    end
-
-    #Custom class to allow using the PROPFIND verb
-    class Propfind < Net::HTTPRequest
-      METHOD = 'PROPFIND'
-      REQUEST_HAS_BODY = false
-      RESPONSE_HAS_BODY = true
-    end
-
-    #Custom class to allow using the OPTIONS verb
-    class Options < Net::HTTPRequest
-      METHOD = 'OPTIONS'
-      REQUEST_HAS_BODY = false
-      RESPONSE_HAS_BODY = true
-    end
-
-    #Custom class to allow using the TRACE verb
-    class Trace < Net::HTTPRequest
-      METHOD = 'TRACE'
-      REQUEST_HAS_BODY = false
-      RESPONSE_HAS_BODY = true
     end
   end
 end