RubyGems - yawast - Versions diffs - 0.7.0.beta1 → 0.7.0.beta2 - Mend

yawast 0.7.0.beta1 → 0.7.0.beta2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

checksums.yaml +4 -4
data/.rubocop.yml +12 -0
data/CHANGELOG.md +5 -1
data/Gemfile +2 -2
data/README.md +8 -1
data/Rakefile +1 -1
data/bin/yawast +8 -0
data/lib/commands/cms.rb +2 -0
data/lib/commands/dns.rb +3 -3
data/lib/commands/head.rb +2 -0
data/lib/commands/scan.rb +2 -0
data/lib/commands/ssl.rb +2 -0
data/lib/commands/utils.rb +5 -3
data/lib/scanner/core.rb +34 -26
data/lib/scanner/generic.rb +33 -130
data/lib/scanner/plugins/applications/cms/generic.rb +20 -0
data/lib/scanner/plugins/applications/generic/password_reset.rb +180 -0
data/lib/scanner/plugins/dns/caa.rb +30 -12
data/lib/scanner/plugins/dns/generic.rb +38 -1
data/lib/scanner/plugins/http/directory_search.rb +14 -12
data/lib/scanner/plugins/http/file_presence.rb +21 -13
data/lib/scanner/plugins/http/generic.rb +95 -0
data/lib/scanner/plugins/servers/apache.rb +23 -23
data/lib/scanner/plugins/servers/generic.rb +25 -0
data/lib/scanner/plugins/servers/iis.rb +6 -6
data/lib/scanner/plugins/servers/nginx.rb +3 -1
data/lib/scanner/plugins/servers/python.rb +3 -1
data/lib/scanner/plugins/spider/spider.rb +7 -7
data/lib/scanner/plugins/ssl/ssl.rb +14 -14
data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +14 -13
data/lib/scanner/plugins/ssl/ssl_labs/info.rb +6 -4
data/lib/scanner/plugins/ssl/sweet32.rb +68 -63
data/lib/scanner/ssl.rb +33 -36
data/lib/scanner/ssl_labs.rb +373 -110
data/lib/scanner/vuln_scan.rb +27 -0
data/lib/shared/http.rb +31 -27
data/lib/shared/output.rb +7 -15
data/lib/shared/uri.rb +14 -14
data/lib/string_ext.rb +10 -4
data/lib/uri_ext.rb +1 -1
data/lib/util.rb +28 -0
data/lib/version.rb +3 -1
data/lib/yawast.rb +12 -2
data/test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json +1933 -0
data/test/test_scan_cms.rb +2 -2
data/test/test_ssl_labs_analyze.rb +15 -0
data/yawast.gemspec +8 -5
metadata +75 -28
data/lib/scanner/cms.rb +0 -14
data/lib/scanner/php.rb +0 -19

data/test/test_scan_cms.rb CHANGED Viewed

@@ -7,7 +7,7 @@ class TestScannerCms < Minitest::Test
   def test_generator_tag_valid
     body = File.read(File.dirname(__FILE__) + '/data/cms_wordpress_body.txt')
     override_stdout
-    Yawast::Scanner::Cms.get_generator body
+    Yawast::Scanner::Plugins::Applications::CMS::Generic.get_generator body
     assert stdout_value.include?('WordPress'), "Unexpected generator tag: #{stdout_value}"
@@ -17,7 +17,7 @@ class TestScannerCms < Minitest::Test
   def test_generator_tag_invalid
     body = File.read(File.dirname(__FILE__) + '/data/cms_none_body.txt')
     override_stdout
-    Yawast::Scanner::Cms.get_generator body
+    Yawast::Scanner::Plugins::Applications::CMS::Generic.get_generator body
     assert stdout_value == '', "Unexpected generator tag: #{stdout_value}"

data/test/test_ssl_labs_analyze.rb CHANGED Viewed

@@ -104,4 +104,19 @@ class TestSSLLabsAnalyze < Minitest::Test
     restore_stdout
   end
+  def test_process_data_hmhres
+    override_stdout
+    uri = URI.parse 'https://cam.hmhreservations.com/'
+    body = JSON.parse(File.read(File.dirname(__FILE__) + '/data/ssl_labs_analyze_data_cam_hmhreservations_com.json'))
+    Yawast::Scanner::SslLabs.process_results uri, body, false
+    assert stdout_value.include?('hmhreservations.com'), "domain name not found in #{stdout_value}"
+    assert stdout_value.include?('Serial may not comply with CA/B Forum requirements'), "serial length warning not found in #{stdout_value}"
+    assert !stdout_value.include?('[E]'), "Error message found in #{stdout_value}"
+    restore_stdout
+  end
 end

data/yawast.gemspec CHANGED Viewed

@@ -13,17 +13,20 @@ Gem::Specification.new do |s|
   s.license           = 'MIT'
   s.rubyforge_project = 'yawast'
+  s.add_runtime_dependency 'colorize', '~> 0.8'
   s.add_runtime_dependency 'commander', '~> 4.4'
+  s.add_runtime_dependency 'diff-lcs', '~> 1.3'
+  s.add_runtime_dependency 'diffy', '~> 3.3'
+  s.add_runtime_dependency 'dnsruby', '~> 1.60'
   s.add_runtime_dependency 'highline', '~> 1.7'
-  s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
-  s.add_runtime_dependency 'colorize', '~> 0.8'
   s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
   s.add_runtime_dependency 'ipaddress', '~> 0.8'
-  s.add_runtime_dependency 'public_suffix', '~> 2.0'
-  s.add_runtime_dependency 'sslshake', '~> 1.1'
-  s.add_runtime_dependency 'dnsruby', '~> 1.60'
   s.add_runtime_dependency 'nokogiri', '~> 1.8'
   s.add_runtime_dependency 'oj', '~> 3.6'
+  s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
+  s.add_runtime_dependency 'public_suffix', '~> 2.0'
+  s.add_runtime_dependency 'selenium-webdriver', '~> 3.141'
+  s.add_runtime_dependency 'sslshake', '~> 1.1'
   s.bindir            = 'bin'
   s.files             = `git ls-files`.split("\n")

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: yawast
 version: !ruby/object:Gem::Version
-  version: 0.7.0.beta1
+  version: 0.7.0.beta2
 platform: ruby
 authors:
 - Adam Caudill
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-02-21 00:00:00.000000000 Z
+date: 2019-03-14 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: commander
   requirement: !ruby/object:Gem::Requirement
@@ -25,47 +39,61 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '4.4'
 - !ruby/object:Gem::Dependency
-  name: highline
+  name: diff-lcs
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.3'
 - !ruby/object:Gem::Dependency
-  name: openssl-extensions
+  name: diffy
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '3.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '3.3'
 - !ruby/object:Gem::Dependency
-  name: colorize
+  name: dnsruby
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '1.60'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '1.60'
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: ipaddr_extensions
   requirement: !ruby/object:Gem::Requirement
@@ -95,75 +123,89 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.8'
 - !ruby/object:Gem::Dependency
-  name: public_suffix
+  name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '1.8'
 - !ruby/object:Gem::Dependency
-  name: sslshake
+  name: oj
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '3.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '3.6'
 - !ruby/object:Gem::Dependency
-  name: dnsruby
+  name: openssl-extensions
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.60'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.60'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
-  name: nokogiri
+  name: public_suffix
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: oj
+  name: selenium-webdriver
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3.141'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3.141'
+- !ruby/object:Gem::Dependency
+  name: sslshake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
 description: YAWAST is an application meant to simplify initial analysis and information
   gathering for penetration testers and security auditors.
 email: adam@adamcaudill.com
@@ -194,15 +236,17 @@ files:
 - lib/resources/common_file.txt
 - lib/resources/srv_list.txt
 - lib/resources/subdomain_list.txt
-- lib/scanner/cms.rb
 - lib/scanner/core.rb
 - lib/scanner/generic.rb
-- lib/scanner/php.rb
+- lib/scanner/plugins/applications/cms/generic.rb
+- lib/scanner/plugins/applications/generic/password_reset.rb
 - lib/scanner/plugins/dns/caa.rb
 - lib/scanner/plugins/dns/generic.rb
 - lib/scanner/plugins/http/directory_search.rb
 - lib/scanner/plugins/http/file_presence.rb
+- lib/scanner/plugins/http/generic.rb
 - lib/scanner/plugins/servers/apache.rb
+- lib/scanner/plugins/servers/generic.rb
 - lib/scanner/plugins/servers/iis.rb
 - lib/scanner/plugins/servers/nginx.rb
 - lib/scanner/plugins/servers/python.rb
@@ -213,6 +257,7 @@ files:
 - lib/scanner/plugins/ssl/sweet32.rb
 - lib/scanner/ssl.rb
 - lib/scanner/ssl_labs.rb
+- lib/scanner/vuln_scan.rb
 - lib/shared/http.rb
 - lib/shared/output.rb
 - lib/shared/uri.rb
@@ -231,6 +276,7 @@ files:
 - test/data/iis_server_header.txt
 - test/data/ssl_labs_analyze_data.json
 - test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
+- test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
 - test/data/ssl_labs_analyze_data_file_zetlab_com.json
 - test/data/ssl_labs_analyze_data_forest_gov_tw.json
 - test/data/ssl_labs_analyze_data_parivahan_gov_in.json
@@ -295,6 +341,7 @@ test_files:
 - test/data/iis_server_header.txt
 - test/data/ssl_labs_analyze_data.json
 - test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
+- test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
 - test/data/ssl_labs_analyze_data_file_zetlab_com.json
 - test/data/ssl_labs_analyze_data_forest_gov_tw.json
 - test/data/ssl_labs_analyze_data_parivahan_gov_in.json

data/lib/scanner/cms.rb DELETED Viewed

@@ -1,14 +0,0 @@
-module Yawast
-  module Scanner
-    class Cms
-      def self.get_generator(body)
-        regex = /<meta name="generator[^>]+content\s*=\s*['"]([^'"]+)['"][^>]*>/
-        match = body.match regex
-        if match
-          Yawast::Utilities.puts_info "Meta Generator: #{match[1]}"
-        end
-      end
-    end
-  end
-end

data/lib/scanner/php.rb DELETED Viewed

@@ -1,19 +0,0 @@
-module Yawast
-  module Scanner
-    class Php
-      def self.check_banner(banner)
-        #don't bother if this doesn't include PHP
-        return unless banner.include? 'PHP/'
-        modules = banner.split(' ')
-        modules.each do |mod|
-          if mod.include? 'PHP/'
-            Yawast::Utilities.puts_warn "PHP Version: #{mod}"
-            puts ''
-          end
-        end
-      end
-    end
-  end
-end