yawast 0.7.0.beta1 → 0.7.0.beta2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +12 -0
  3. data/CHANGELOG.md +5 -1
  4. data/Gemfile +2 -2
  5. data/README.md +8 -1
  6. data/Rakefile +1 -1
  7. data/bin/yawast +8 -0
  8. data/lib/commands/cms.rb +2 -0
  9. data/lib/commands/dns.rb +3 -3
  10. data/lib/commands/head.rb +2 -0
  11. data/lib/commands/scan.rb +2 -0
  12. data/lib/commands/ssl.rb +2 -0
  13. data/lib/commands/utils.rb +5 -3
  14. data/lib/scanner/core.rb +34 -26
  15. data/lib/scanner/generic.rb +33 -130
  16. data/lib/scanner/plugins/applications/cms/generic.rb +20 -0
  17. data/lib/scanner/plugins/applications/generic/password_reset.rb +180 -0
  18. data/lib/scanner/plugins/dns/caa.rb +30 -12
  19. data/lib/scanner/plugins/dns/generic.rb +38 -1
  20. data/lib/scanner/plugins/http/directory_search.rb +14 -12
  21. data/lib/scanner/plugins/http/file_presence.rb +21 -13
  22. data/lib/scanner/plugins/http/generic.rb +95 -0
  23. data/lib/scanner/plugins/servers/apache.rb +23 -23
  24. data/lib/scanner/plugins/servers/generic.rb +25 -0
  25. data/lib/scanner/plugins/servers/iis.rb +6 -6
  26. data/lib/scanner/plugins/servers/nginx.rb +3 -1
  27. data/lib/scanner/plugins/servers/python.rb +3 -1
  28. data/lib/scanner/plugins/spider/spider.rb +7 -7
  29. data/lib/scanner/plugins/ssl/ssl.rb +14 -14
  30. data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +14 -13
  31. data/lib/scanner/plugins/ssl/ssl_labs/info.rb +6 -4
  32. data/lib/scanner/plugins/ssl/sweet32.rb +68 -63
  33. data/lib/scanner/ssl.rb +33 -36
  34. data/lib/scanner/ssl_labs.rb +373 -110
  35. data/lib/scanner/vuln_scan.rb +27 -0
  36. data/lib/shared/http.rb +31 -27
  37. data/lib/shared/output.rb +7 -15
  38. data/lib/shared/uri.rb +14 -14
  39. data/lib/string_ext.rb +10 -4
  40. data/lib/uri_ext.rb +1 -1
  41. data/lib/util.rb +28 -0
  42. data/lib/version.rb +3 -1
  43. data/lib/yawast.rb +12 -2
  44. data/test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json +1933 -0
  45. data/test/test_scan_cms.rb +2 -2
  46. data/test/test_ssl_labs_analyze.rb +15 -0
  47. data/yawast.gemspec +8 -5
  48. metadata +75 -28
  49. data/lib/scanner/cms.rb +0 -14
  50. data/lib/scanner/php.rb +0 -19
@@ -7,7 +7,7 @@ class TestScannerCms < Minitest::Test
7
7
  def test_generator_tag_valid
8
8
  body = File.read(File.dirname(__FILE__) + '/data/cms_wordpress_body.txt')
9
9
  override_stdout
10
- Yawast::Scanner::Cms.get_generator body
10
+ Yawast::Scanner::Plugins::Applications::CMS::Generic.get_generator body
11
11
 
12
12
  assert stdout_value.include?('WordPress'), "Unexpected generator tag: #{stdout_value}"
13
13
 
@@ -17,7 +17,7 @@ class TestScannerCms < Minitest::Test
17
17
  def test_generator_tag_invalid
18
18
  body = File.read(File.dirname(__FILE__) + '/data/cms_none_body.txt')
19
19
  override_stdout
20
- Yawast::Scanner::Cms.get_generator body
20
+ Yawast::Scanner::Plugins::Applications::CMS::Generic.get_generator body
21
21
 
22
22
  assert stdout_value == '', "Unexpected generator tag: #{stdout_value}"
23
23
 
@@ -104,4 +104,19 @@ class TestSSLLabsAnalyze < Minitest::Test
104
104
 
105
105
  restore_stdout
106
106
  end
107
+
108
+ def test_process_data_hmhres
109
+ override_stdout
110
+
111
+ uri = URI.parse 'https://cam.hmhreservations.com/'
112
+ body = JSON.parse(File.read(File.dirname(__FILE__) + '/data/ssl_labs_analyze_data_cam_hmhreservations_com.json'))
113
+
114
+ Yawast::Scanner::SslLabs.process_results uri, body, false
115
+
116
+ assert stdout_value.include?('hmhreservations.com'), "domain name not found in #{stdout_value}"
117
+ assert stdout_value.include?('Serial may not comply with CA/B Forum requirements'), "serial length warning not found in #{stdout_value}"
118
+ assert !stdout_value.include?('[E]'), "Error message found in #{stdout_value}"
119
+
120
+ restore_stdout
121
+ end
107
122
  end
data/yawast.gemspec CHANGED
@@ -13,17 +13,20 @@ Gem::Specification.new do |s|
13
13
  s.license = 'MIT'
14
14
  s.rubyforge_project = 'yawast'
15
15
 
16
+ s.add_runtime_dependency 'colorize', '~> 0.8'
16
17
  s.add_runtime_dependency 'commander', '~> 4.4'
18
+ s.add_runtime_dependency 'diff-lcs', '~> 1.3'
19
+ s.add_runtime_dependency 'diffy', '~> 3.3'
20
+ s.add_runtime_dependency 'dnsruby', '~> 1.60'
17
21
  s.add_runtime_dependency 'highline', '~> 1.7'
18
- s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
19
- s.add_runtime_dependency 'colorize', '~> 0.8'
20
22
  s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
21
23
  s.add_runtime_dependency 'ipaddress', '~> 0.8'
22
- s.add_runtime_dependency 'public_suffix', '~> 2.0'
23
- s.add_runtime_dependency 'sslshake', '~> 1.1'
24
- s.add_runtime_dependency 'dnsruby', '~> 1.60'
25
24
  s.add_runtime_dependency 'nokogiri', '~> 1.8'
26
25
  s.add_runtime_dependency 'oj', '~> 3.6'
26
+ s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
27
+ s.add_runtime_dependency 'public_suffix', '~> 2.0'
28
+ s.add_runtime_dependency 'selenium-webdriver', '~> 3.141'
29
+ s.add_runtime_dependency 'sslshake', '~> 1.1'
27
30
 
28
31
  s.bindir = 'bin'
29
32
  s.files = `git ls-files`.split("\n")
metadata CHANGED
@@ -1,15 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yawast
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0.beta1
4
+ version: 0.7.0.beta2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Caudill
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-21 00:00:00.000000000 Z
11
+ date: 2019-03-14 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: colorize
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '0.8'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '0.8'
13
27
  - !ruby/object:Gem::Dependency
14
28
  name: commander
15
29
  requirement: !ruby/object:Gem::Requirement
@@ -25,47 +39,61 @@ dependencies:
25
39
  - !ruby/object:Gem::Version
26
40
  version: '4.4'
27
41
  - !ruby/object:Gem::Dependency
28
- name: highline
42
+ name: diff-lcs
29
43
  requirement: !ruby/object:Gem::Requirement
30
44
  requirements:
31
45
  - - "~>"
32
46
  - !ruby/object:Gem::Version
33
- version: '1.7'
47
+ version: '1.3'
34
48
  type: :runtime
35
49
  prerelease: false
36
50
  version_requirements: !ruby/object:Gem::Requirement
37
51
  requirements:
38
52
  - - "~>"
39
53
  - !ruby/object:Gem::Version
40
- version: '1.7'
54
+ version: '1.3'
41
55
  - !ruby/object:Gem::Dependency
42
- name: openssl-extensions
56
+ name: diffy
43
57
  requirement: !ruby/object:Gem::Requirement
44
58
  requirements:
45
59
  - - "~>"
46
60
  - !ruby/object:Gem::Version
47
- version: '1.2'
61
+ version: '3.3'
48
62
  type: :runtime
49
63
  prerelease: false
50
64
  version_requirements: !ruby/object:Gem::Requirement
51
65
  requirements:
52
66
  - - "~>"
53
67
  - !ruby/object:Gem::Version
54
- version: '1.2'
68
+ version: '3.3'
55
69
  - !ruby/object:Gem::Dependency
56
- name: colorize
70
+ name: dnsruby
57
71
  requirement: !ruby/object:Gem::Requirement
58
72
  requirements:
59
73
  - - "~>"
60
74
  - !ruby/object:Gem::Version
61
- version: '0.8'
75
+ version: '1.60'
62
76
  type: :runtime
63
77
  prerelease: false
64
78
  version_requirements: !ruby/object:Gem::Requirement
65
79
  requirements:
66
80
  - - "~>"
67
81
  - !ruby/object:Gem::Version
68
- version: '0.8'
82
+ version: '1.60'
83
+ - !ruby/object:Gem::Dependency
84
+ name: highline
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '1.7'
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '1.7'
69
97
  - !ruby/object:Gem::Dependency
70
98
  name: ipaddr_extensions
71
99
  requirement: !ruby/object:Gem::Requirement
@@ -95,75 +123,89 @@ dependencies:
95
123
  - !ruby/object:Gem::Version
96
124
  version: '0.8'
97
125
  - !ruby/object:Gem::Dependency
98
- name: public_suffix
126
+ name: nokogiri
99
127
  requirement: !ruby/object:Gem::Requirement
100
128
  requirements:
101
129
  - - "~>"
102
130
  - !ruby/object:Gem::Version
103
- version: '2.0'
131
+ version: '1.8'
104
132
  type: :runtime
105
133
  prerelease: false
106
134
  version_requirements: !ruby/object:Gem::Requirement
107
135
  requirements:
108
136
  - - "~>"
109
137
  - !ruby/object:Gem::Version
110
- version: '2.0'
138
+ version: '1.8'
111
139
  - !ruby/object:Gem::Dependency
112
- name: sslshake
140
+ name: oj
113
141
  requirement: !ruby/object:Gem::Requirement
114
142
  requirements:
115
143
  - - "~>"
116
144
  - !ruby/object:Gem::Version
117
- version: '1.1'
145
+ version: '3.6'
118
146
  type: :runtime
119
147
  prerelease: false
120
148
  version_requirements: !ruby/object:Gem::Requirement
121
149
  requirements:
122
150
  - - "~>"
123
151
  - !ruby/object:Gem::Version
124
- version: '1.1'
152
+ version: '3.6'
125
153
  - !ruby/object:Gem::Dependency
126
- name: dnsruby
154
+ name: openssl-extensions
127
155
  requirement: !ruby/object:Gem::Requirement
128
156
  requirements:
129
157
  - - "~>"
130
158
  - !ruby/object:Gem::Version
131
- version: '1.60'
159
+ version: '1.2'
132
160
  type: :runtime
133
161
  prerelease: false
134
162
  version_requirements: !ruby/object:Gem::Requirement
135
163
  requirements:
136
164
  - - "~>"
137
165
  - !ruby/object:Gem::Version
138
- version: '1.60'
166
+ version: '1.2'
139
167
  - !ruby/object:Gem::Dependency
140
- name: nokogiri
168
+ name: public_suffix
141
169
  requirement: !ruby/object:Gem::Requirement
142
170
  requirements:
143
171
  - - "~>"
144
172
  - !ruby/object:Gem::Version
145
- version: '1.8'
173
+ version: '2.0'
146
174
  type: :runtime
147
175
  prerelease: false
148
176
  version_requirements: !ruby/object:Gem::Requirement
149
177
  requirements:
150
178
  - - "~>"
151
179
  - !ruby/object:Gem::Version
152
- version: '1.8'
180
+ version: '2.0'
153
181
  - !ruby/object:Gem::Dependency
154
- name: oj
182
+ name: selenium-webdriver
155
183
  requirement: !ruby/object:Gem::Requirement
156
184
  requirements:
157
185
  - - "~>"
158
186
  - !ruby/object:Gem::Version
159
- version: '3.6'
187
+ version: '3.141'
160
188
  type: :runtime
161
189
  prerelease: false
162
190
  version_requirements: !ruby/object:Gem::Requirement
163
191
  requirements:
164
192
  - - "~>"
165
193
  - !ruby/object:Gem::Version
166
- version: '3.6'
194
+ version: '3.141'
195
+ - !ruby/object:Gem::Dependency
196
+ name: sslshake
197
+ requirement: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - "~>"
200
+ - !ruby/object:Gem::Version
201
+ version: '1.1'
202
+ type: :runtime
203
+ prerelease: false
204
+ version_requirements: !ruby/object:Gem::Requirement
205
+ requirements:
206
+ - - "~>"
207
+ - !ruby/object:Gem::Version
208
+ version: '1.1'
167
209
  description: YAWAST is an application meant to simplify initial analysis and information
168
210
  gathering for penetration testers and security auditors.
169
211
  email: adam@adamcaudill.com
@@ -194,15 +236,17 @@ files:
194
236
  - lib/resources/common_file.txt
195
237
  - lib/resources/srv_list.txt
196
238
  - lib/resources/subdomain_list.txt
197
- - lib/scanner/cms.rb
198
239
  - lib/scanner/core.rb
199
240
  - lib/scanner/generic.rb
200
- - lib/scanner/php.rb
241
+ - lib/scanner/plugins/applications/cms/generic.rb
242
+ - lib/scanner/plugins/applications/generic/password_reset.rb
201
243
  - lib/scanner/plugins/dns/caa.rb
202
244
  - lib/scanner/plugins/dns/generic.rb
203
245
  - lib/scanner/plugins/http/directory_search.rb
204
246
  - lib/scanner/plugins/http/file_presence.rb
247
+ - lib/scanner/plugins/http/generic.rb
205
248
  - lib/scanner/plugins/servers/apache.rb
249
+ - lib/scanner/plugins/servers/generic.rb
206
250
  - lib/scanner/plugins/servers/iis.rb
207
251
  - lib/scanner/plugins/servers/nginx.rb
208
252
  - lib/scanner/plugins/servers/python.rb
@@ -213,6 +257,7 @@ files:
213
257
  - lib/scanner/plugins/ssl/sweet32.rb
214
258
  - lib/scanner/ssl.rb
215
259
  - lib/scanner/ssl_labs.rb
260
+ - lib/scanner/vuln_scan.rb
216
261
  - lib/shared/http.rb
217
262
  - lib/shared/output.rb
218
263
  - lib/shared/uri.rb
@@ -231,6 +276,7 @@ files:
231
276
  - test/data/iis_server_header.txt
232
277
  - test/data/ssl_labs_analyze_data.json
233
278
  - test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
279
+ - test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
234
280
  - test/data/ssl_labs_analyze_data_file_zetlab_com.json
235
281
  - test/data/ssl_labs_analyze_data_forest_gov_tw.json
236
282
  - test/data/ssl_labs_analyze_data_parivahan_gov_in.json
@@ -295,6 +341,7 @@ test_files:
295
341
  - test/data/iis_server_header.txt
296
342
  - test/data/ssl_labs_analyze_data.json
297
343
  - test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
344
+ - test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
298
345
  - test/data/ssl_labs_analyze_data_file_zetlab_com.json
299
346
  - test/data/ssl_labs_analyze_data_forest_gov_tw.json
300
347
  - test/data/ssl_labs_analyze_data_parivahan_gov_in.json
data/lib/scanner/cms.rb DELETED
@@ -1,14 +0,0 @@
1
- module Yawast
2
- module Scanner
3
- class Cms
4
- def self.get_generator(body)
5
- regex = /<meta name="generator[^>]+content\s*=\s*['"]([^'"]+)['"][^>]*>/
6
- match = body.match regex
7
-
8
- if match
9
- Yawast::Utilities.puts_info "Meta Generator: #{match[1]}"
10
- end
11
- end
12
- end
13
- end
14
- end
data/lib/scanner/php.rb DELETED
@@ -1,19 +0,0 @@
1
- module Yawast
2
- module Scanner
3
- class Php
4
- def self.check_banner(banner)
5
- #don't bother if this doesn't include PHP
6
- return unless banner.include? 'PHP/'
7
-
8
- modules = banner.split(' ')
9
-
10
- modules.each do |mod|
11
- if mod.include? 'PHP/'
12
- Yawast::Utilities.puts_warn "PHP Version: #{mod}"
13
- puts ''
14
- end
15
- end
16
- end
17
- end
18
- end
19
- end