yawast 0.7.0.beta1 → 0.7.0.beta2

data/test/test_scan_cms.rb

@@ -7,7 +7,7 @@ class TestScannerCms < Minitest::Test
   def test_generator_tag_valid
     body = File.read(File.dirname(__FILE__) + '/data/cms_wordpress_body.txt')
     override_stdout
-    Yawast::Scanner::Cms.get_generator body
+    Yawast::Scanner::Plugins::Applications::CMS::Generic.get_generator body
 
     assert stdout_value.include?('WordPress'), "Unexpected generator tag: #{stdout_value}"
 
@@ -17,7 +17,7 @@ class TestScannerCms < Minitest::Test
   def test_generator_tag_invalid
     body = File.read(File.dirname(__FILE__) + '/data/cms_none_body.txt')
     override_stdout
-    Yawast::Scanner::Cms.get_generator body
+    Yawast::Scanner::Plugins::Applications::CMS::Generic.get_generator body
 
     assert stdout_value == '', "Unexpected generator tag: #{stdout_value}"
 

data/test/test_ssl_labs_analyze.rb

@@ -104,4 +104,19 @@ class TestSSLLabsAnalyze < Minitest::Test
 
     restore_stdout
   end
+
+  def test_process_data_hmhres
+    override_stdout
+
+    uri = URI.parse 'https://cam.hmhreservations.com/'
+    body = JSON.parse(File.read(File.dirname(__FILE__) + '/data/ssl_labs_analyze_data_cam_hmhreservations_com.json'))
+
+    Yawast::Scanner::SslLabs.process_results uri, body, false
+
+    assert stdout_value.include?('hmhreservations.com'), "domain name not found in #{stdout_value}"
+    assert stdout_value.include?('Serial may not comply with CA/B Forum requirements'), "serial length warning not found in #{stdout_value}"
+    assert !stdout_value.include?('[E]'), "Error message found in #{stdout_value}"
+
+    restore_stdout
+  end
 end

data/yawast.gemspec

@@ -13,17 +13,20 @@ Gem::Specification.new do |s|
   s.license           = 'MIT'
   s.rubyforge_project = 'yawast'
 
+  s.add_runtime_dependency 'colorize', '~> 0.8'
   s.add_runtime_dependency 'commander', '~> 4.4'
+  s.add_runtime_dependency 'diff-lcs', '~> 1.3'
+  s.add_runtime_dependency 'diffy', '~> 3.3'
+  s.add_runtime_dependency 'dnsruby', '~> 1.60'
   s.add_runtime_dependency 'highline', '~> 1.7'
-  s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
-  s.add_runtime_dependency 'colorize', '~> 0.8'
   s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
   s.add_runtime_dependency 'ipaddress', '~> 0.8'
-  s.add_runtime_dependency 'public_suffix', '~> 2.0'
-  s.add_runtime_dependency 'sslshake', '~> 1.1'
-  s.add_runtime_dependency 'dnsruby', '~> 1.60'
   s.add_runtime_dependency 'nokogiri', '~> 1.8'
   s.add_runtime_dependency 'oj', '~> 3.6'
+  s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
+  s.add_runtime_dependency 'public_suffix', '~> 2.0'
+  s.add_runtime_dependency 'selenium-webdriver', '~> 3.141'
+  s.add_runtime_dependency 'sslshake', '~> 1.1'
 
   s.bindir            = 'bin'
   s.files             = `git ls-files`.split("\n")

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: yawast
 version: !ruby/object:Gem::Version
-  version: 0.7.0.beta1
+  version: 0.7.0.beta2
 platform: ruby
 authors:
 - Adam Caudill
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-21 00:00:00.000000000 Z
+date: 2019-03-14 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: commander
   requirement: !ruby/object:Gem::Requirement
@@ -25,47 +39,61 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '4.4'
 - !ruby/object:Gem::Dependency
-  name: highline
+  name: diff-lcs
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.3'
 - !ruby/object:Gem::Dependency
-  name: openssl-extensions
+  name: diffy
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '3.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '3.3'
 - !ruby/object:Gem::Dependency
-  name: colorize
+  name: dnsruby
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '1.60'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '1.60'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: ipaddr_extensions
   requirement: !ruby/object:Gem::Requirement
@@ -95,75 +123,89 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.8'
 - !ruby/object:Gem::Dependency
-  name: public_suffix
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
-  name: sslshake
+  name: oj
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '3.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '3.6'
 - !ruby/object:Gem::Dependency
-  name: dnsruby
+  name: openssl-extensions
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.60'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.60'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
-  name: nokogiri
+  name: public_suffix
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: oj
+  name: selenium-webdriver
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3.141'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3.141'
+- !ruby/object:Gem::Dependency
+  name: sslshake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
 description: YAWAST is an application meant to simplify initial analysis and information
   gathering for penetration testers and security auditors.
 email: adam@adamcaudill.com
@@ -194,15 +236,17 @@ files:
 - lib/resources/common_file.txt
 - lib/resources/srv_list.txt
 - lib/resources/subdomain_list.txt
-- lib/scanner/cms.rb
 - lib/scanner/core.rb
 - lib/scanner/generic.rb
-- lib/scanner/php.rb
+- lib/scanner/plugins/applications/cms/generic.rb
+- lib/scanner/plugins/applications/generic/password_reset.rb
 - lib/scanner/plugins/dns/caa.rb
 - lib/scanner/plugins/dns/generic.rb
 - lib/scanner/plugins/http/directory_search.rb
 - lib/scanner/plugins/http/file_presence.rb
+- lib/scanner/plugins/http/generic.rb
 - lib/scanner/plugins/servers/apache.rb
+- lib/scanner/plugins/servers/generic.rb
 - lib/scanner/plugins/servers/iis.rb
 - lib/scanner/plugins/servers/nginx.rb
 - lib/scanner/plugins/servers/python.rb
@@ -213,6 +257,7 @@ files:
 - lib/scanner/plugins/ssl/sweet32.rb
 - lib/scanner/ssl.rb
 - lib/scanner/ssl_labs.rb
+- lib/scanner/vuln_scan.rb
 - lib/shared/http.rb
 - lib/shared/output.rb
 - lib/shared/uri.rb
@@ -231,6 +276,7 @@ files:
 - test/data/iis_server_header.txt
 - test/data/ssl_labs_analyze_data.json
 - test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
+- test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
 - test/data/ssl_labs_analyze_data_file_zetlab_com.json
 - test/data/ssl_labs_analyze_data_forest_gov_tw.json
 - test/data/ssl_labs_analyze_data_parivahan_gov_in.json
@@ -295,6 +341,7 @@ test_files:
 - test/data/iis_server_header.txt
 - test/data/ssl_labs_analyze_data.json
 - test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
+- test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
 - test/data/ssl_labs_analyze_data_file_zetlab_com.json
 - test/data/ssl_labs_analyze_data_forest_gov_tw.json
 - test/data/ssl_labs_analyze_data_parivahan_gov_in.json

data/lib/scanner/cms.rb

@@ -1,14 +0,0 @@
-module Yawast
-  module Scanner
-    class Cms
-      def self.get_generator(body)
-        regex = /<meta name="generator[^>]+content\s*=\s*['"]([^'"]+)['"][^>]*>/
-        match = body.match regex
-
-        if match
-          Yawast::Utilities.puts_info "Meta Generator: #{match[1]}"
-        end
-      end
-    end
-  end
-end

data/lib/scanner/php.rb

@@ -1,19 +0,0 @@
-module Yawast
-  module Scanner
-    class Php
-      def self.check_banner(banner)
-        #don't bother if this doesn't include PHP
-        return unless banner.include? 'PHP/'
-
-        modules = banner.split(' ')
-
-        modules.each do |mod|
-          if mod.include? 'PHP/'
-            Yawast::Utilities.puts_warn "PHP Version: #{mod}"
-            puts ''
-          end
-        end
-      end
-    end
-  end
-end