yawast 0.7.0.beta1 → 0.7.0.beta2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +12 -0
- data/CHANGELOG.md +5 -1
- data/Gemfile +2 -2
- data/README.md +8 -1
- data/Rakefile +1 -1
- data/bin/yawast +8 -0
- data/lib/commands/cms.rb +2 -0
- data/lib/commands/dns.rb +3 -3
- data/lib/commands/head.rb +2 -0
- data/lib/commands/scan.rb +2 -0
- data/lib/commands/ssl.rb +2 -0
- data/lib/commands/utils.rb +5 -3
- data/lib/scanner/core.rb +34 -26
- data/lib/scanner/generic.rb +33 -130
- data/lib/scanner/plugins/applications/cms/generic.rb +20 -0
- data/lib/scanner/plugins/applications/generic/password_reset.rb +180 -0
- data/lib/scanner/plugins/dns/caa.rb +30 -12
- data/lib/scanner/plugins/dns/generic.rb +38 -1
- data/lib/scanner/plugins/http/directory_search.rb +14 -12
- data/lib/scanner/plugins/http/file_presence.rb +21 -13
- data/lib/scanner/plugins/http/generic.rb +95 -0
- data/lib/scanner/plugins/servers/apache.rb +23 -23
- data/lib/scanner/plugins/servers/generic.rb +25 -0
- data/lib/scanner/plugins/servers/iis.rb +6 -6
- data/lib/scanner/plugins/servers/nginx.rb +3 -1
- data/lib/scanner/plugins/servers/python.rb +3 -1
- data/lib/scanner/plugins/spider/spider.rb +7 -7
- data/lib/scanner/plugins/ssl/ssl.rb +14 -14
- data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +14 -13
- data/lib/scanner/plugins/ssl/ssl_labs/info.rb +6 -4
- data/lib/scanner/plugins/ssl/sweet32.rb +68 -63
- data/lib/scanner/ssl.rb +33 -36
- data/lib/scanner/ssl_labs.rb +373 -110
- data/lib/scanner/vuln_scan.rb +27 -0
- data/lib/shared/http.rb +31 -27
- data/lib/shared/output.rb +7 -15
- data/lib/shared/uri.rb +14 -14
- data/lib/string_ext.rb +10 -4
- data/lib/uri_ext.rb +1 -1
- data/lib/util.rb +28 -0
- data/lib/version.rb +3 -1
- data/lib/yawast.rb +12 -2
- data/test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json +1933 -0
- data/test/test_scan_cms.rb +2 -2
- data/test/test_ssl_labs_analyze.rb +15 -0
- data/yawast.gemspec +8 -5
- metadata +75 -28
- data/lib/scanner/cms.rb +0 -14
- data/lib/scanner/php.rb +0 -19
data/test/test_scan_cms.rb
CHANGED
@@ -7,7 +7,7 @@ class TestScannerCms < Minitest::Test
|
|
7
7
|
def test_generator_tag_valid
|
8
8
|
body = File.read(File.dirname(__FILE__) + '/data/cms_wordpress_body.txt')
|
9
9
|
override_stdout
|
10
|
-
Yawast::Scanner::
|
10
|
+
Yawast::Scanner::Plugins::Applications::CMS::Generic.get_generator body
|
11
11
|
|
12
12
|
assert stdout_value.include?('WordPress'), "Unexpected generator tag: #{stdout_value}"
|
13
13
|
|
@@ -17,7 +17,7 @@ class TestScannerCms < Minitest::Test
|
|
17
17
|
def test_generator_tag_invalid
|
18
18
|
body = File.read(File.dirname(__FILE__) + '/data/cms_none_body.txt')
|
19
19
|
override_stdout
|
20
|
-
Yawast::Scanner::
|
20
|
+
Yawast::Scanner::Plugins::Applications::CMS::Generic.get_generator body
|
21
21
|
|
22
22
|
assert stdout_value == '', "Unexpected generator tag: #{stdout_value}"
|
23
23
|
|
@@ -104,4 +104,19 @@ class TestSSLLabsAnalyze < Minitest::Test
|
|
104
104
|
|
105
105
|
restore_stdout
|
106
106
|
end
|
107
|
+
|
108
|
+
def test_process_data_hmhres
|
109
|
+
override_stdout
|
110
|
+
|
111
|
+
uri = URI.parse 'https://cam.hmhreservations.com/'
|
112
|
+
body = JSON.parse(File.read(File.dirname(__FILE__) + '/data/ssl_labs_analyze_data_cam_hmhreservations_com.json'))
|
113
|
+
|
114
|
+
Yawast::Scanner::SslLabs.process_results uri, body, false
|
115
|
+
|
116
|
+
assert stdout_value.include?('hmhreservations.com'), "domain name not found in #{stdout_value}"
|
117
|
+
assert stdout_value.include?('Serial may not comply with CA/B Forum requirements'), "serial length warning not found in #{stdout_value}"
|
118
|
+
assert !stdout_value.include?('[E]'), "Error message found in #{stdout_value}"
|
119
|
+
|
120
|
+
restore_stdout
|
121
|
+
end
|
107
122
|
end
|
data/yawast.gemspec
CHANGED
@@ -13,17 +13,20 @@ Gem::Specification.new do |s|
|
|
13
13
|
s.license = 'MIT'
|
14
14
|
s.rubyforge_project = 'yawast'
|
15
15
|
|
16
|
+
s.add_runtime_dependency 'colorize', '~> 0.8'
|
16
17
|
s.add_runtime_dependency 'commander', '~> 4.4'
|
18
|
+
s.add_runtime_dependency 'diff-lcs', '~> 1.3'
|
19
|
+
s.add_runtime_dependency 'diffy', '~> 3.3'
|
20
|
+
s.add_runtime_dependency 'dnsruby', '~> 1.60'
|
17
21
|
s.add_runtime_dependency 'highline', '~> 1.7'
|
18
|
-
s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
|
19
|
-
s.add_runtime_dependency 'colorize', '~> 0.8'
|
20
22
|
s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
|
21
23
|
s.add_runtime_dependency 'ipaddress', '~> 0.8'
|
22
|
-
s.add_runtime_dependency 'public_suffix', '~> 2.0'
|
23
|
-
s.add_runtime_dependency 'sslshake', '~> 1.1'
|
24
|
-
s.add_runtime_dependency 'dnsruby', '~> 1.60'
|
25
24
|
s.add_runtime_dependency 'nokogiri', '~> 1.8'
|
26
25
|
s.add_runtime_dependency 'oj', '~> 3.6'
|
26
|
+
s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
|
27
|
+
s.add_runtime_dependency 'public_suffix', '~> 2.0'
|
28
|
+
s.add_runtime_dependency 'selenium-webdriver', '~> 3.141'
|
29
|
+
s.add_runtime_dependency 'sslshake', '~> 1.1'
|
27
30
|
|
28
31
|
s.bindir = 'bin'
|
29
32
|
s.files = `git ls-files`.split("\n")
|
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: yawast
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.0.
|
4
|
+
version: 0.7.0.beta2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Caudill
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-03-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: colorize
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0.8'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0.8'
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: commander
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -25,47 +39,61 @@ dependencies:
|
|
25
39
|
- !ruby/object:Gem::Version
|
26
40
|
version: '4.4'
|
27
41
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
42
|
+
name: diff-lcs
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
30
44
|
requirements:
|
31
45
|
- - "~>"
|
32
46
|
- !ruby/object:Gem::Version
|
33
|
-
version: '1.
|
47
|
+
version: '1.3'
|
34
48
|
type: :runtime
|
35
49
|
prerelease: false
|
36
50
|
version_requirements: !ruby/object:Gem::Requirement
|
37
51
|
requirements:
|
38
52
|
- - "~>"
|
39
53
|
- !ruby/object:Gem::Version
|
40
|
-
version: '1.
|
54
|
+
version: '1.3'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
56
|
+
name: diffy
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
44
58
|
requirements:
|
45
59
|
- - "~>"
|
46
60
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
61
|
+
version: '3.3'
|
48
62
|
type: :runtime
|
49
63
|
prerelease: false
|
50
64
|
version_requirements: !ruby/object:Gem::Requirement
|
51
65
|
requirements:
|
52
66
|
- - "~>"
|
53
67
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
68
|
+
version: '3.3'
|
55
69
|
- !ruby/object:Gem::Dependency
|
56
|
-
name:
|
70
|
+
name: dnsruby
|
57
71
|
requirement: !ruby/object:Gem::Requirement
|
58
72
|
requirements:
|
59
73
|
- - "~>"
|
60
74
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
75
|
+
version: '1.60'
|
62
76
|
type: :runtime
|
63
77
|
prerelease: false
|
64
78
|
version_requirements: !ruby/object:Gem::Requirement
|
65
79
|
requirements:
|
66
80
|
- - "~>"
|
67
81
|
- !ruby/object:Gem::Version
|
68
|
-
version: '
|
82
|
+
version: '1.60'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: highline
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '1.7'
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '1.7'
|
69
97
|
- !ruby/object:Gem::Dependency
|
70
98
|
name: ipaddr_extensions
|
71
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -95,75 +123,89 @@ dependencies:
|
|
95
123
|
- !ruby/object:Gem::Version
|
96
124
|
version: '0.8'
|
97
125
|
- !ruby/object:Gem::Dependency
|
98
|
-
name:
|
126
|
+
name: nokogiri
|
99
127
|
requirement: !ruby/object:Gem::Requirement
|
100
128
|
requirements:
|
101
129
|
- - "~>"
|
102
130
|
- !ruby/object:Gem::Version
|
103
|
-
version: '
|
131
|
+
version: '1.8'
|
104
132
|
type: :runtime
|
105
133
|
prerelease: false
|
106
134
|
version_requirements: !ruby/object:Gem::Requirement
|
107
135
|
requirements:
|
108
136
|
- - "~>"
|
109
137
|
- !ruby/object:Gem::Version
|
110
|
-
version: '
|
138
|
+
version: '1.8'
|
111
139
|
- !ruby/object:Gem::Dependency
|
112
|
-
name:
|
140
|
+
name: oj
|
113
141
|
requirement: !ruby/object:Gem::Requirement
|
114
142
|
requirements:
|
115
143
|
- - "~>"
|
116
144
|
- !ruby/object:Gem::Version
|
117
|
-
version: '
|
145
|
+
version: '3.6'
|
118
146
|
type: :runtime
|
119
147
|
prerelease: false
|
120
148
|
version_requirements: !ruby/object:Gem::Requirement
|
121
149
|
requirements:
|
122
150
|
- - "~>"
|
123
151
|
- !ruby/object:Gem::Version
|
124
|
-
version: '
|
152
|
+
version: '3.6'
|
125
153
|
- !ruby/object:Gem::Dependency
|
126
|
-
name:
|
154
|
+
name: openssl-extensions
|
127
155
|
requirement: !ruby/object:Gem::Requirement
|
128
156
|
requirements:
|
129
157
|
- - "~>"
|
130
158
|
- !ruby/object:Gem::Version
|
131
|
-
version: '1.
|
159
|
+
version: '1.2'
|
132
160
|
type: :runtime
|
133
161
|
prerelease: false
|
134
162
|
version_requirements: !ruby/object:Gem::Requirement
|
135
163
|
requirements:
|
136
164
|
- - "~>"
|
137
165
|
- !ruby/object:Gem::Version
|
138
|
-
version: '1.
|
166
|
+
version: '1.2'
|
139
167
|
- !ruby/object:Gem::Dependency
|
140
|
-
name:
|
168
|
+
name: public_suffix
|
141
169
|
requirement: !ruby/object:Gem::Requirement
|
142
170
|
requirements:
|
143
171
|
- - "~>"
|
144
172
|
- !ruby/object:Gem::Version
|
145
|
-
version: '
|
173
|
+
version: '2.0'
|
146
174
|
type: :runtime
|
147
175
|
prerelease: false
|
148
176
|
version_requirements: !ruby/object:Gem::Requirement
|
149
177
|
requirements:
|
150
178
|
- - "~>"
|
151
179
|
- !ruby/object:Gem::Version
|
152
|
-
version: '
|
180
|
+
version: '2.0'
|
153
181
|
- !ruby/object:Gem::Dependency
|
154
|
-
name:
|
182
|
+
name: selenium-webdriver
|
155
183
|
requirement: !ruby/object:Gem::Requirement
|
156
184
|
requirements:
|
157
185
|
- - "~>"
|
158
186
|
- !ruby/object:Gem::Version
|
159
|
-
version: '3.
|
187
|
+
version: '3.141'
|
160
188
|
type: :runtime
|
161
189
|
prerelease: false
|
162
190
|
version_requirements: !ruby/object:Gem::Requirement
|
163
191
|
requirements:
|
164
192
|
- - "~>"
|
165
193
|
- !ruby/object:Gem::Version
|
166
|
-
version: '3.
|
194
|
+
version: '3.141'
|
195
|
+
- !ruby/object:Gem::Dependency
|
196
|
+
name: sslshake
|
197
|
+
requirement: !ruby/object:Gem::Requirement
|
198
|
+
requirements:
|
199
|
+
- - "~>"
|
200
|
+
- !ruby/object:Gem::Version
|
201
|
+
version: '1.1'
|
202
|
+
type: :runtime
|
203
|
+
prerelease: false
|
204
|
+
version_requirements: !ruby/object:Gem::Requirement
|
205
|
+
requirements:
|
206
|
+
- - "~>"
|
207
|
+
- !ruby/object:Gem::Version
|
208
|
+
version: '1.1'
|
167
209
|
description: YAWAST is an application meant to simplify initial analysis and information
|
168
210
|
gathering for penetration testers and security auditors.
|
169
211
|
email: adam@adamcaudill.com
|
@@ -194,15 +236,17 @@ files:
|
|
194
236
|
- lib/resources/common_file.txt
|
195
237
|
- lib/resources/srv_list.txt
|
196
238
|
- lib/resources/subdomain_list.txt
|
197
|
-
- lib/scanner/cms.rb
|
198
239
|
- lib/scanner/core.rb
|
199
240
|
- lib/scanner/generic.rb
|
200
|
-
- lib/scanner/
|
241
|
+
- lib/scanner/plugins/applications/cms/generic.rb
|
242
|
+
- lib/scanner/plugins/applications/generic/password_reset.rb
|
201
243
|
- lib/scanner/plugins/dns/caa.rb
|
202
244
|
- lib/scanner/plugins/dns/generic.rb
|
203
245
|
- lib/scanner/plugins/http/directory_search.rb
|
204
246
|
- lib/scanner/plugins/http/file_presence.rb
|
247
|
+
- lib/scanner/plugins/http/generic.rb
|
205
248
|
- lib/scanner/plugins/servers/apache.rb
|
249
|
+
- lib/scanner/plugins/servers/generic.rb
|
206
250
|
- lib/scanner/plugins/servers/iis.rb
|
207
251
|
- lib/scanner/plugins/servers/nginx.rb
|
208
252
|
- lib/scanner/plugins/servers/python.rb
|
@@ -213,6 +257,7 @@ files:
|
|
213
257
|
- lib/scanner/plugins/ssl/sweet32.rb
|
214
258
|
- lib/scanner/ssl.rb
|
215
259
|
- lib/scanner/ssl_labs.rb
|
260
|
+
- lib/scanner/vuln_scan.rb
|
216
261
|
- lib/shared/http.rb
|
217
262
|
- lib/shared/output.rb
|
218
263
|
- lib/shared/uri.rb
|
@@ -231,6 +276,7 @@ files:
|
|
231
276
|
- test/data/iis_server_header.txt
|
232
277
|
- test/data/ssl_labs_analyze_data.json
|
233
278
|
- test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
|
279
|
+
- test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
|
234
280
|
- test/data/ssl_labs_analyze_data_file_zetlab_com.json
|
235
281
|
- test/data/ssl_labs_analyze_data_forest_gov_tw.json
|
236
282
|
- test/data/ssl_labs_analyze_data_parivahan_gov_in.json
|
@@ -295,6 +341,7 @@ test_files:
|
|
295
341
|
- test/data/iis_server_header.txt
|
296
342
|
- test/data/ssl_labs_analyze_data.json
|
297
343
|
- test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
|
344
|
+
- test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
|
298
345
|
- test/data/ssl_labs_analyze_data_file_zetlab_com.json
|
299
346
|
- test/data/ssl_labs_analyze_data_forest_gov_tw.json
|
300
347
|
- test/data/ssl_labs_analyze_data_parivahan_gov_in.json
|
data/lib/scanner/cms.rb
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
module Yawast
|
2
|
-
module Scanner
|
3
|
-
class Cms
|
4
|
-
def self.get_generator(body)
|
5
|
-
regex = /<meta name="generator[^>]+content\s*=\s*['"]([^'"]+)['"][^>]*>/
|
6
|
-
match = body.match regex
|
7
|
-
|
8
|
-
if match
|
9
|
-
Yawast::Utilities.puts_info "Meta Generator: #{match[1]}"
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
data/lib/scanner/php.rb
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
module Yawast
|
2
|
-
module Scanner
|
3
|
-
class Php
|
4
|
-
def self.check_banner(banner)
|
5
|
-
#don't bother if this doesn't include PHP
|
6
|
-
return unless banner.include? 'PHP/'
|
7
|
-
|
8
|
-
modules = banner.split(' ')
|
9
|
-
|
10
|
-
modules.each do |mod|
|
11
|
-
if mod.include? 'PHP/'
|
12
|
-
Yawast::Utilities.puts_warn "PHP Version: #{mod}"
|
13
|
-
puts ''
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|