yawast 0.7.0.beta1 → 0.7.0.beta2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +12 -0
- data/CHANGELOG.md +5 -1
- data/Gemfile +2 -2
- data/README.md +8 -1
- data/Rakefile +1 -1
- data/bin/yawast +8 -0
- data/lib/commands/cms.rb +2 -0
- data/lib/commands/dns.rb +3 -3
- data/lib/commands/head.rb +2 -0
- data/lib/commands/scan.rb +2 -0
- data/lib/commands/ssl.rb +2 -0
- data/lib/commands/utils.rb +5 -3
- data/lib/scanner/core.rb +34 -26
- data/lib/scanner/generic.rb +33 -130
- data/lib/scanner/plugins/applications/cms/generic.rb +20 -0
- data/lib/scanner/plugins/applications/generic/password_reset.rb +180 -0
- data/lib/scanner/plugins/dns/caa.rb +30 -12
- data/lib/scanner/plugins/dns/generic.rb +38 -1
- data/lib/scanner/plugins/http/directory_search.rb +14 -12
- data/lib/scanner/plugins/http/file_presence.rb +21 -13
- data/lib/scanner/plugins/http/generic.rb +95 -0
- data/lib/scanner/plugins/servers/apache.rb +23 -23
- data/lib/scanner/plugins/servers/generic.rb +25 -0
- data/lib/scanner/plugins/servers/iis.rb +6 -6
- data/lib/scanner/plugins/servers/nginx.rb +3 -1
- data/lib/scanner/plugins/servers/python.rb +3 -1
- data/lib/scanner/plugins/spider/spider.rb +7 -7
- data/lib/scanner/plugins/ssl/ssl.rb +14 -14
- data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +14 -13
- data/lib/scanner/plugins/ssl/ssl_labs/info.rb +6 -4
- data/lib/scanner/plugins/ssl/sweet32.rb +68 -63
- data/lib/scanner/ssl.rb +33 -36
- data/lib/scanner/ssl_labs.rb +373 -110
- data/lib/scanner/vuln_scan.rb +27 -0
- data/lib/shared/http.rb +31 -27
- data/lib/shared/output.rb +7 -15
- data/lib/shared/uri.rb +14 -14
- data/lib/string_ext.rb +10 -4
- data/lib/uri_ext.rb +1 -1
- data/lib/util.rb +28 -0
- data/lib/version.rb +3 -1
- data/lib/yawast.rb +12 -2
- data/test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json +1933 -0
- data/test/test_scan_cms.rb +2 -2
- data/test/test_ssl_labs_analyze.rb +15 -0
- data/yawast.gemspec +8 -5
- metadata +75 -28
- data/lib/scanner/cms.rb +0 -14
- data/lib/scanner/php.rb +0 -19
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'securerandom'
|
2
4
|
|
3
5
|
module Yawast
|
@@ -6,10 +8,10 @@ module Yawast
|
|
6
8
|
module Http
|
7
9
|
class FilePresence
|
8
10
|
def self.check_path(uri, path, vuln)
|
9
|
-
#note: this only checks directly at the root, I'm not sure if this is what we want
|
11
|
+
# note: this only checks directly at the root, I'm not sure if this is what we want
|
10
12
|
# should probably be relative to what's passed in, instead of overriding the path.
|
11
13
|
check = uri.copy
|
12
|
-
check.path =
|
14
|
+
check.path = path.to_s
|
13
15
|
code = Yawast::Shared::Http.get_status_code(check)
|
14
16
|
|
15
17
|
if code == '200'
|
@@ -26,7 +28,7 @@ module Yawast
|
|
26
28
|
end
|
27
29
|
|
28
30
|
def self.check_all(uri, common_files)
|
29
|
-
#first, we need to see if the site responds to 404 in a reasonable way
|
31
|
+
# first, we need to see if the site responds to 404 in a reasonable way
|
30
32
|
unless Yawast::Shared::Http.check_not_found(uri, true)
|
31
33
|
puts 'Site does not respond properly to non-existent file requests; skipping some checks.'
|
32
34
|
|
@@ -41,6 +43,7 @@ module Yawast
|
|
41
43
|
check_elmah_axd uri
|
42
44
|
check_readme_html uri
|
43
45
|
check_release_notes_txt uri
|
46
|
+
check_change_log_txt uri
|
44
47
|
|
45
48
|
if common_files
|
46
49
|
puts ''
|
@@ -69,7 +72,7 @@ module Yawast
|
|
69
72
|
end
|
70
73
|
|
71
74
|
def self.check_wsftp_log(uri)
|
72
|
-
#check both upper and lower, as they are both seen in the wild
|
75
|
+
# check both upper and lower, as they are both seen in the wild
|
73
76
|
check_path(uri, '/WS_FTP.LOG', false)
|
74
77
|
check_path(uri, '/ws_ftp.log', false)
|
75
78
|
end
|
@@ -91,6 +94,11 @@ module Yawast
|
|
91
94
|
check_path(uri, '/docs/RELEASE-NOTES.txt', false)
|
92
95
|
end
|
93
96
|
|
97
|
+
def self.check_change_log_txt(uri)
|
98
|
+
check_path(uri, '/CHANGELOG.txt', false)
|
99
|
+
check_path(uri, '/core/CHANGELOG.txt', false)
|
100
|
+
end
|
101
|
+
|
94
102
|
def self.check_common(uri)
|
95
103
|
begin
|
96
104
|
@search_list = []
|
@@ -105,7 +113,7 @@ module Yawast
|
|
105
113
|
@jobs = Queue.new
|
106
114
|
@results = Queue.new
|
107
115
|
|
108
|
-
#load the queue, starting at /
|
116
|
+
# load the queue, starting at /
|
109
117
|
base = uri.copy
|
110
118
|
base.path = '/'
|
111
119
|
load_queue base
|
@@ -125,19 +133,19 @@ module Yawast
|
|
125
133
|
results = Thread.new do
|
126
134
|
begin
|
127
135
|
while true
|
128
|
-
if @results.length
|
136
|
+
if @results.length.positive?
|
129
137
|
out = @results.pop(true)
|
130
138
|
Yawast::Utilities.puts_info out
|
131
139
|
end
|
132
140
|
end
|
133
|
-
rescue ThreadError
|
134
|
-
#do nothing
|
141
|
+
rescue ThreadError # rubocop:disable Lint/HandleExceptions
|
142
|
+
# do nothing
|
135
143
|
end
|
136
144
|
end
|
137
145
|
|
138
146
|
workers.map(&:join)
|
139
147
|
results.terminate
|
140
|
-
rescue => e
|
148
|
+
rescue => e # rubocop:disable Style/RescueStandardError
|
141
149
|
Yawast::Utilities.puts_error "Error searching for files (#{e.message})"
|
142
150
|
end
|
143
151
|
end
|
@@ -149,10 +157,10 @@ module Yawast
|
|
149
157
|
begin
|
150
158
|
check.path = "/#{line}"
|
151
159
|
|
152
|
-
#add the job to the queue
|
160
|
+
# add the job to the queue
|
153
161
|
@jobs.push check
|
154
|
-
rescue
|
155
|
-
#who cares
|
162
|
+
rescue # rubocop:disable Lint/HandleExceptions
|
163
|
+
# who cares
|
156
164
|
end
|
157
165
|
end
|
158
166
|
end
|
@@ -165,7 +173,7 @@ module Yawast
|
|
165
173
|
@results.push "'#{uri.path}' found: #{uri}"
|
166
174
|
Yawast::Shared::Output.log_append_value 'http', 'http_file', uri
|
167
175
|
end
|
168
|
-
rescue => e
|
176
|
+
rescue => e # rubocop:disable Style/RescueStandardError
|
169
177
|
unless e.message.include?('end of file') || e.message.include?('getaddrinfo')
|
170
178
|
Yawast::Utilities.puts_error "Error searching for file '#{uri.path}' (#{e.message})"
|
171
179
|
end
|
@@ -0,0 +1,95 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Yawast
|
4
|
+
module Scanner
|
5
|
+
module Plugins
|
6
|
+
module Http
|
7
|
+
class Generic
|
8
|
+
def self.check_propfind(uri)
|
9
|
+
begin
|
10
|
+
req = Yawast::Shared::Http.get_http(uri)
|
11
|
+
req.use_ssl = uri.scheme == 'https'
|
12
|
+
headers = Yawast::Shared::Http.get_headers
|
13
|
+
res = req.request(Propfind.new('/', headers))
|
14
|
+
|
15
|
+
if res.code.to_i <= 400 && res.body.length.positive? && res['Content-Type'] == 'text/xml'
|
16
|
+
Yawast::Utilities.puts_warn 'Possible Info Disclosure: PROPFIND Enabled'
|
17
|
+
puts "\t\t\"curl -X PROPFIND #{uri}\""
|
18
|
+
|
19
|
+
puts ''
|
20
|
+
end
|
21
|
+
|
22
|
+
Yawast::Shared::Output.log_value 'http', 'propfind', 'raw', res.body
|
23
|
+
Yawast::Shared::Output.log_value 'http', 'propfind', 'code', res.code
|
24
|
+
Yawast::Shared::Output.log_value 'http', 'propfind', 'content-type', res['Content-Type']
|
25
|
+
Yawast::Shared::Output.log_value 'http', 'propfind', 'length', res.body.length
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
def self.check_trace(uri)
|
30
|
+
begin
|
31
|
+
req = Yawast::Shared::Http.get_http(uri)
|
32
|
+
req.use_ssl = uri.scheme == 'https'
|
33
|
+
headers = Yawast::Shared::Http.get_headers
|
34
|
+
res = req.request(Trace.new('/', headers))
|
35
|
+
|
36
|
+
if res.body.include?('TRACE / HTTP/1.1') && res.code == '200'
|
37
|
+
Yawast::Utilities.puts_warn 'HTTP TRACE Enabled'
|
38
|
+
puts "\t\t\"curl -X TRACE #{uri}\""
|
39
|
+
|
40
|
+
puts ''
|
41
|
+
end
|
42
|
+
|
43
|
+
Yawast::Shared::Output.log_value 'http', 'trace', 'raw', res.body
|
44
|
+
Yawast::Shared::Output.log_value 'http', 'trace', 'code', res.code
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
def self.check_options(uri)
|
49
|
+
begin
|
50
|
+
req = Yawast::Shared::Http.get_http(uri)
|
51
|
+
req.use_ssl = uri.scheme == 'https'
|
52
|
+
headers = Yawast::Shared::Http.get_headers
|
53
|
+
res = req.request(Options.new('/', headers))
|
54
|
+
|
55
|
+
unless res['Public'].nil?
|
56
|
+
Yawast::Utilities.puts_info "Public HTTP Verbs (OPTIONS): #{res['Public']}"
|
57
|
+
Yawast::Shared::Output.log_value 'http', 'options', 'public', res['Public']
|
58
|
+
|
59
|
+
puts ''
|
60
|
+
end
|
61
|
+
|
62
|
+
unless res['Allow'].nil?
|
63
|
+
Yawast::Utilities.puts_info "Allow HTTP Verbs (OPTIONS): #{res['Allow']}"
|
64
|
+
Yawast::Shared::Output.log_value 'http', 'options', 'allow', res['Allow']
|
65
|
+
|
66
|
+
puts ''
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
# Custom class to allow using the PROPFIND verb
|
73
|
+
class Propfind < Net::HTTPRequest
|
74
|
+
METHOD = 'PROPFIND'
|
75
|
+
REQUEST_HAS_BODY = false
|
76
|
+
RESPONSE_HAS_BODY = true
|
77
|
+
end
|
78
|
+
|
79
|
+
# Custom class to allow using the TRACE verb
|
80
|
+
class Trace < Net::HTTPRequest
|
81
|
+
METHOD = 'TRACE'
|
82
|
+
REQUEST_HAS_BODY = false
|
83
|
+
RESPONSE_HAS_BODY = true
|
84
|
+
end
|
85
|
+
|
86
|
+
# Custom class to allow using the OPTIONS verb
|
87
|
+
class Options < Net::HTTPRequest
|
88
|
+
METHOD = 'OPTIONS'
|
89
|
+
REQUEST_HAS_BODY = false
|
90
|
+
RESPONSE_HAS_BODY = true
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'base64'
|
2
4
|
require 'securerandom'
|
3
5
|
|
@@ -7,30 +9,30 @@ module Yawast
|
|
7
9
|
module Servers
|
8
10
|
class Apache
|
9
11
|
def self.check_banner(banner)
|
10
|
-
#don't bother if this doesn't look like Apache
|
12
|
+
# don't bother if this doesn't look like Apache
|
11
13
|
return unless banner.include? 'Apache'
|
12
14
|
@apache = true
|
13
15
|
|
14
16
|
modules = banner.split(' ')
|
15
17
|
server = modules[0]
|
16
18
|
|
17
|
-
#fix '(distro)' issue, such as with 'Apache/2.2.22 (Ubuntu)'
|
19
|
+
# fix '(distro)' issue, such as with 'Apache/2.2.22 (Ubuntu)'
|
18
20
|
# if we don't do this, it triggers a false positive on the module check
|
19
|
-
if /\(\w*\)/.match modules[1]
|
21
|
+
if /\(\w*\)/.match? modules[1]
|
20
22
|
server += " #{modules[1]}"
|
21
23
|
modules.delete_at 1
|
22
24
|
end
|
23
25
|
|
24
|
-
#print the server info no matter what we do next
|
26
|
+
# print the server info no matter what we do next
|
25
27
|
Yawast::Utilities.puts_info "Apache Server: #{server}"
|
26
28
|
modules.delete_at 0
|
27
29
|
|
28
|
-
if modules.count
|
30
|
+
if modules.count.positive?
|
29
31
|
Yawast::Utilities.puts_warn 'Apache Server: Module listing enabled'
|
30
32
|
modules.each { |mod| Yawast::Utilities.puts_warn "\t\t#{mod}" }
|
31
33
|
puts ''
|
32
34
|
|
33
|
-
#check for special items
|
35
|
+
# check for special items
|
34
36
|
modules.each do |mod|
|
35
37
|
if mod.include? 'OpenSSL'
|
36
38
|
Yawast::Utilities.puts_warn "OpenSSL Version Disclosure: #{mod}"
|
@@ -41,7 +43,7 @@ module Yawast
|
|
41
43
|
end
|
42
44
|
|
43
45
|
def self.check_all(uri)
|
44
|
-
#run all the defined checks
|
46
|
+
# run all the defined checks
|
45
47
|
check_server_status(uri.copy)
|
46
48
|
check_server_info(uri.copy)
|
47
49
|
check_tomcat_manager(uri.copy)
|
@@ -65,14 +67,14 @@ module Yawast
|
|
65
67
|
headers = Yawast::Shared::Http.get_headers
|
66
68
|
res = req.request(Xyz.new('/', headers))
|
67
69
|
|
68
|
-
if res.body
|
69
|
-
#check to see if there's a version number
|
70
|
+
if !res.body.nil? && res.body.include?('Apache Tomcat') && res.code == '501'
|
71
|
+
# check to see if there's a version number
|
70
72
|
version = /Apache Tomcat\/\d*.\d*.\d*\b/.match res.body
|
71
73
|
|
72
|
-
if version
|
74
|
+
if !version.nil? && !version[0].nil?
|
73
75
|
Yawast::Utilities.puts_warn "Apache Tomcat Version Found: #{version[0]}"
|
74
76
|
Yawast::Shared::Output.log_value 'apache', 'tomcat_version', version[0]
|
75
|
-
|
77
|
+
|
76
78
|
puts "\t\t\"curl -X XYZ #{uri}\""
|
77
79
|
|
78
80
|
puts ''
|
@@ -88,19 +90,19 @@ module Yawast
|
|
88
90
|
|
89
91
|
def self.check_tomcat_manager_paths(uri, base_path, manager)
|
90
92
|
uri.path = "/#{base_path}/html"
|
91
|
-
uri.query = ''
|
93
|
+
uri.query = '' unless uri.query.nil?
|
92
94
|
|
93
95
|
ret = Yawast::Shared::Http.get(uri)
|
94
96
|
|
95
97
|
if ret.include? '<tt>conf/tomcat-users.xml</tt>'
|
96
|
-
#this will get Tomcat 7+
|
98
|
+
# this will get Tomcat 7+
|
97
99
|
Yawast::Utilities.puts_warn "Apache Tomcat #{manager} page found: #{uri}"
|
98
100
|
Yawast::Shared::Output.log_value 'apache', 'tomcat_mgr', manager, uri
|
99
101
|
check_tomcat_manager_passwords uri, manager
|
100
102
|
|
101
103
|
puts ''
|
102
104
|
else
|
103
|
-
#check for Tomcat 6 and below
|
105
|
+
# check for Tomcat 6 and below
|
104
106
|
uri = uri.copy
|
105
107
|
uri.path = "/#{base_path}"
|
106
108
|
ret = Yawast::Shared::Http.get(uri)
|
@@ -116,7 +118,7 @@ module Yawast
|
|
116
118
|
end
|
117
119
|
|
118
120
|
def self.check_tomcat_manager_passwords(uri, manager)
|
119
|
-
#check for known passwords
|
121
|
+
# check for known passwords
|
120
122
|
check_tomcat_manager_pwd_check uri, manager, 'tomcat:tomcat'
|
121
123
|
check_tomcat_manager_pwd_check uri, manager, 'tomcat:password'
|
122
124
|
check_tomcat_manager_pwd_check uri, manager, 'tomcat:'
|
@@ -128,7 +130,7 @@ module Yawast
|
|
128
130
|
def self.check_tomcat_manager_pwd_check(uri, manager, credentials)
|
129
131
|
ret = Yawast::Shared::Http.get(uri, {'Authorization' => "Basic #{Base64.encode64(credentials)}"})
|
130
132
|
if ret.include?('<font size="+2">Tomcat Web Application Manager</font>') ||
|
131
|
-
|
133
|
+
ret.include?('<font size="+2">Tomcat Virtual Host Manager</font>')
|
132
134
|
Yawast::Utilities.puts_vuln "Apache Tomcat #{manager} weak password: #{credentials}"
|
133
135
|
|
134
136
|
Yawast::Shared::Output.log_value 'apache', 'tomcat_mgr_pwd', uri, credentials
|
@@ -138,7 +140,7 @@ module Yawast
|
|
138
140
|
def self.check_tomcat_put_rce(uri)
|
139
141
|
# CVE-2017-12615
|
140
142
|
uri.path = "/#{SecureRandom.hex}.jsp/"
|
141
|
-
uri.query = ''
|
143
|
+
uri.query = '' unless uri.query.nil?
|
142
144
|
|
143
145
|
Yawast::Shared::Output.log_value 'apache', 'cve_2017_12615', 'path', uri
|
144
146
|
|
@@ -166,7 +168,7 @@ module Yawast
|
|
166
168
|
end
|
167
169
|
|
168
170
|
def self.check_struts2_samples(uri)
|
169
|
-
search =
|
171
|
+
search = []
|
170
172
|
search.push '/Struts2XMLHelloWorld/User/home.action'
|
171
173
|
search.push '/struts2-showcase/showcase.action'
|
172
174
|
search.push '/struts2-showcase/titles/index.action'
|
@@ -182,15 +184,13 @@ module Yawast
|
|
182
184
|
ret = Yawast::Shared::Http.get_status_code uri
|
183
185
|
Yawast::Shared::Output.log_value 'apache', 'struts2_sample_files', uri, ret
|
184
186
|
|
185
|
-
if ret == 200
|
186
|
-
Yawast::Utilities.puts_warn "Apache Struts2 Sample Files: #{uri}"
|
187
|
-
end
|
187
|
+
Yawast::Utilities.puts_warn "Apache Struts2 Sample Files: #{uri}" if ret == 200
|
188
188
|
end
|
189
189
|
end
|
190
190
|
|
191
191
|
def self.check_page_for_string(uri, path, search)
|
192
192
|
uri.path = path
|
193
|
-
uri.query = ''
|
193
|
+
uri.query = '' unless uri.query.nil?
|
194
194
|
|
195
195
|
ret = Yawast::Shared::Http.get(uri)
|
196
196
|
|
@@ -202,7 +202,7 @@ module Yawast
|
|
202
202
|
end
|
203
203
|
end
|
204
204
|
|
205
|
-
#Custom class to allow using the XYZ verb
|
205
|
+
# Custom class to allow using the XYZ verb
|
206
206
|
class Xyz < Net::HTTPRequest
|
207
207
|
METHOD = 'XYZ'
|
208
208
|
REQUEST_HAS_BODY = false
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Yawast
|
4
|
+
module Scanner
|
5
|
+
module Plugins
|
6
|
+
module Servers
|
7
|
+
class Generic
|
8
|
+
def self.check_banner_php(banner)
|
9
|
+
# don't bother if this doesn't include PHP
|
10
|
+
return unless banner.include? 'PHP/'
|
11
|
+
|
12
|
+
modules = banner.split(' ')
|
13
|
+
|
14
|
+
modules.each do |mod|
|
15
|
+
if mod.include? 'PHP/'
|
16
|
+
Yawast::Utilities.puts_warn "PHP Version: #{mod}"
|
17
|
+
puts ''
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -1,10 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Yawast
|
2
4
|
module Scanner
|
3
5
|
module Plugins
|
4
6
|
module Servers
|
5
7
|
class Iis
|
6
8
|
def self.check_banner(banner)
|
7
|
-
#don't bother if this doesn't include IIS
|
9
|
+
# don't bother if this doesn't include IIS
|
8
10
|
return unless banner.include? 'Microsoft-IIS/'
|
9
11
|
@iis = true
|
10
12
|
|
@@ -13,7 +15,7 @@ module Yawast
|
|
13
15
|
end
|
14
16
|
|
15
17
|
def self.check_all(uri, head)
|
16
|
-
#run all the defined checks
|
18
|
+
# run all the defined checks
|
17
19
|
check_asp_banner(head)
|
18
20
|
check_mvc_version(head)
|
19
21
|
check_asp_net_debug(uri)
|
@@ -45,9 +47,7 @@ module Yawast
|
|
45
47
|
headers['Accept'] = '*/*'
|
46
48
|
res = req.request(Debug.new('/', headers))
|
47
49
|
|
48
|
-
if res.code == 200
|
49
|
-
Yawast::Utilities.puts_vuln 'ASP.NET Debugging Enabled'
|
50
|
-
end
|
50
|
+
Yawast::Utilities.puts_vuln 'ASP.NET Debugging Enabled' if res.code == 200
|
51
51
|
|
52
52
|
Yawast::Shared::Output.log_value 'http', 'asp_net_debug', 'raw', res.body
|
53
53
|
Yawast::Shared::Output.log_value 'http', 'asp_net_debug', 'code', res.code
|
@@ -55,7 +55,7 @@ module Yawast
|
|
55
55
|
end
|
56
56
|
end
|
57
57
|
|
58
|
-
#Custom class to allow using the DEBUG verb
|
58
|
+
# Custom class to allow using the DEBUG verb
|
59
59
|
class Debug < Net::HTTPRequest
|
60
60
|
METHOD = 'DEBUG'
|
61
61
|
REQUEST_HAS_BODY = false
|
@@ -1,10 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Yawast
|
2
4
|
module Scanner
|
3
5
|
module Plugins
|
4
6
|
module Servers
|
5
7
|
class Nginx
|
6
8
|
def self.check_banner(banner)
|
7
|
-
#don't bother if this doesn't include nginx
|
9
|
+
# don't bother if this doesn't include nginx
|
8
10
|
return unless banner.include? 'nginx/'
|
9
11
|
|
10
12
|
Yawast::Utilities.puts_warn "nginx Version: #{banner}"
|
@@ -1,10 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Yawast
|
2
4
|
module Scanner
|
3
5
|
module Plugins
|
4
6
|
module Servers
|
5
7
|
class Python
|
6
8
|
def self.check_banner(banner)
|
7
|
-
#don't bother if this doesn't include Python
|
9
|
+
# don't bother if this doesn't include Python
|
8
10
|
return unless banner.include? 'Python/'
|
9
11
|
|
10
12
|
Yawast::Utilities.puts_warn "Python Version: #{banner}"
|