yawast 0.7.0.beta2 → 0.7.0.beta3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +6 -0
- data/CHANGELOG.md +3 -0
- data/README.md +5 -1
- data/lib/resources/common_file.txt +208 -0
- data/lib/scanner/core.rb +3 -2
- data/lib/scanner/plugins/applications/cms/generic.rb +11 -1
- data/lib/scanner/plugins/applications/framework/rails.rb +39 -0
- data/lib/scanner/plugins/applications/generic/password_reset.rb +40 -14
- data/lib/scanner/plugins/dns/caa.rb +1 -1
- data/lib/scanner/plugins/http/generic.rb +18 -8
- data/lib/scanner/plugins/servers/apache.rb +113 -15
- data/lib/scanner/plugins/servers/generic.rb +8 -0
- data/lib/scanner/plugins/servers/iis.rb +26 -3
- data/lib/scanner/plugins/servers/nginx.rb +33 -0
- data/lib/scanner/plugins/servers/python.rb +8 -0
- data/lib/scanner/plugins/spider/spider.rb +7 -3
- data/lib/scanner/vuln_scan.rb +18 -5
- data/lib/shared/http.rb +1 -5
- data/lib/shared/output.rb +10 -7
- data/lib/version.rb +1 -1
- data/test/data/dir.txt +9 -0
- data/test/data/etc_passwd.txt +16 -0
- data/test/data/nginx_status_page.txt +4 -0
- data/test/test_app_fw_rails.rb +28 -0
- data/test/test_scan_apache.rb +23 -0
- data/test/test_scan_nginx.rb +33 -0
- data/yawast.gemspec +0 -1
- metadata +13 -18
- data/test/test_scan_nginx_banner.rb +0 -17
data/lib/scanner/vuln_scan.rb
CHANGED
@@ -6,21 +6,34 @@ module Yawast
|
|
6
6
|
def self.scan(uri, options, head)
|
7
7
|
puts 'Performing vulnerability scan (this will take a while)...'
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
if options.spider
|
10
|
+
links = Yawast::Scanner::Plugins::Spider::Spider.spider(uri)
|
11
|
+
else
|
12
|
+
puts 'Building site map...'
|
13
|
+
links = Yawast::Scanner::Plugins::Spider::Spider.spider(uri, true)
|
14
|
+
end
|
12
15
|
|
13
16
|
# checks for interesting files
|
14
17
|
Yawast::Scanner::Plugins::Http::FilePresence.check_all uri, options.files
|
15
18
|
|
19
|
+
# server specific checks
|
20
|
+
Yawast::Scanner::Plugins::Servers::Apache.check_all(uri, links)
|
21
|
+
Yawast::Scanner::Plugins::Servers::Nginx.check_all(uri)
|
22
|
+
Yawast::Scanner::Plugins::Servers::Iis.check_all(uri, head)
|
23
|
+
|
16
24
|
# generic header checks
|
17
25
|
Yawast::Scanner::Plugins::Http::Generic.check_propfind(uri)
|
18
26
|
Yawast::Scanner::Plugins::Http::Generic.check_options(uri)
|
19
27
|
Yawast::Scanner::Plugins::Http::Generic.check_trace(uri)
|
20
28
|
|
21
29
|
# check for issues with the password reset form
|
22
|
-
Yawast
|
23
|
-
|
30
|
+
unless Yawast.options.pass_reset_page.nil?
|
31
|
+
Yawast::Scanner::Plugins::Applications::Generic::PasswordReset.setup
|
32
|
+
Yawast::Scanner::Plugins::Applications::Generic::PasswordReset.check_resp_user_enum
|
33
|
+
end
|
34
|
+
|
35
|
+
# check for framework specific issues
|
36
|
+
Yawast::Scanner::Plugins::Applications::Framework::Rails.check_all uri, links
|
24
37
|
end
|
25
38
|
end
|
26
39
|
end
|
data/lib/shared/http.rb
CHANGED
@@ -2,7 +2,6 @@
|
|
2
2
|
|
3
3
|
require 'securerandom'
|
4
4
|
require 'json'
|
5
|
-
require 'oj'
|
6
5
|
|
7
6
|
module Yawast
|
8
7
|
module Shared
|
@@ -38,6 +37,7 @@ module Yawast
|
|
38
37
|
|
39
38
|
def self.get_with_code(uri, headers = nil)
|
40
39
|
body = ''
|
40
|
+
code = nil
|
41
41
|
|
42
42
|
begin
|
43
43
|
req = get_http(uri)
|
@@ -45,8 +45,6 @@ module Yawast
|
|
45
45
|
res = req.request_get(uri, get_headers(headers))
|
46
46
|
body = res.read_body
|
47
47
|
code = res.code
|
48
|
-
|
49
|
-
Yawast::Shared::Output.log_json 'debug', 'http_get', uri, Oj.dump(res, Oj.default_options)
|
50
48
|
rescue # rubocop:disable Style/RescueStandardError, Lint/HandleExceptions
|
51
49
|
# do nothing for now
|
52
50
|
end
|
@@ -93,8 +91,6 @@ module Yawast
|
|
93
91
|
req.use_ssl = uri.scheme == 'https'
|
94
92
|
res = req.head(uri, get_headers)
|
95
93
|
|
96
|
-
Yawast::Shared::Output.log_json 'debug', 'http_get_status_code', uri, Oj.dump(res, Oj.default_options)
|
97
|
-
|
98
94
|
res.code
|
99
95
|
end
|
100
96
|
|
data/lib/shared/output.rb
CHANGED
@@ -67,7 +67,7 @@ module Yawast
|
|
67
67
|
|
68
68
|
target = get_target super_parent, parent
|
69
69
|
|
70
|
-
target[key] = JSON.parse(json_block)
|
70
|
+
target[key] = escape_hash(JSON.parse(json_block))
|
71
71
|
end
|
72
72
|
|
73
73
|
def self.log_hash(super_parent = nil, parent = nil, key, hash)
|
@@ -75,7 +75,7 @@ module Yawast
|
|
75
75
|
|
76
76
|
target = get_target super_parent, parent
|
77
77
|
|
78
|
-
target[key] = hash
|
78
|
+
target[key] = escape_hash hash
|
79
79
|
end
|
80
80
|
|
81
81
|
def self.encode_utf8(str)
|
@@ -111,13 +111,16 @@ module Yawast
|
|
111
111
|
end
|
112
112
|
|
113
113
|
def self.escape_hash(hash)
|
114
|
-
hash.each_pair do |k,v|
|
114
|
+
hash.each_pair do |k, v|
|
115
115
|
if v.is_a?(Hash)
|
116
116
|
escape_hash(v)
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
117
|
+
elsif v.is_a?(String)
|
118
|
+
# first, attempt to force utf-8
|
119
|
+
v = encode_utf8 v
|
120
|
+
hash[k] = v
|
121
|
+
|
122
|
+
# if needed, Base64 encode to ensure that we can produce the JSON output
|
123
|
+
hash[k] = Base64.encode64 v unless v.valid_encoding?
|
121
124
|
end
|
122
125
|
end
|
123
126
|
end
|
data/lib/version.rb
CHANGED
data/test/data/dir.txt
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
root:x:0:0:root:/root:/bin/bash
|
2
|
+
bin:x:1:1:bin:/bin:/sbin/nologin
|
3
|
+
daemon:x:2:2:daemon:/sbin:/sbin/nologin
|
4
|
+
adm:x:3:4:adm:/var/adm:/sbin/nologin
|
5
|
+
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
|
6
|
+
sync:x:5:0:sync:/sbin:/bin/sync
|
7
|
+
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
|
8
|
+
halt:x:7:0:halt:/sbin:/sbin/halt
|
9
|
+
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
|
10
|
+
news:x:9:13:news:/etc/news:
|
11
|
+
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
|
12
|
+
operator:x:11:0:operator:/root:/sbin/nologin
|
13
|
+
games:x:12:100:games:/usr/games:/sbin/nologin
|
14
|
+
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
|
15
|
+
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
|
16
|
+
nobody:x:99:99:Nobody:/:/sbin/nologin
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../lib/yawast'
|
2
|
+
require File.dirname(__FILE__) + '/base'
|
3
|
+
|
4
|
+
class TestScannerApache < Minitest::Test
|
5
|
+
include TestBase
|
6
|
+
|
7
|
+
def test_check_cve_2019_5418
|
8
|
+
override_stdout
|
9
|
+
|
10
|
+
port = rand(60000) + 1024 # pick a random port number
|
11
|
+
server = start_web_server File.dirname(__FILE__) + '/data/etc_passwd.txt', '', port
|
12
|
+
uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
|
13
|
+
|
14
|
+
error = nil
|
15
|
+
begin
|
16
|
+
Yawast::Scanner::Plugins::Applications::Framework::Rails.check_cve_2019_5418 [uri.to_s]
|
17
|
+
rescue => e
|
18
|
+
error = e.message
|
19
|
+
end
|
20
|
+
|
21
|
+
assert !stdout_value.include?('[W]'), "Unexpected finding: #{stdout_value}"
|
22
|
+
assert error == nil, "Unexpected error: #{error}"
|
23
|
+
|
24
|
+
restore_stdout
|
25
|
+
|
26
|
+
server.exit
|
27
|
+
end
|
28
|
+
end
|
data/test/test_scan_apache.rb
CHANGED
@@ -26,6 +26,29 @@ class TestScannerApache < Minitest::Test
|
|
26
26
|
server.exit
|
27
27
|
end
|
28
28
|
|
29
|
+
def test_check_tomcat_2019_0232
|
30
|
+
override_stdout
|
31
|
+
|
32
|
+
port = rand(60000) + 1024 # pick a random port number
|
33
|
+
server = start_web_server File.dirname(__FILE__) + '/data/apache_server_info.txt', '/cgi-bin/test.bat', port
|
34
|
+
uri = URI.parse "http://localhost:#{port}/cgi-bin/test.bat"
|
35
|
+
links = [uri.to_s]
|
36
|
+
|
37
|
+
error = nil
|
38
|
+
begin
|
39
|
+
Yawast::Scanner::Plugins::Servers::Apache.check_cve_2019_0232 links
|
40
|
+
rescue => e
|
41
|
+
error = e.message
|
42
|
+
end
|
43
|
+
|
44
|
+
assert !stdout_value.include?('[V]'), "Unexpected finding: #{stdout_value}"
|
45
|
+
assert error == nil, "Unexpected error: #{error}"
|
46
|
+
|
47
|
+
restore_stdout
|
48
|
+
|
49
|
+
server.exit
|
50
|
+
end
|
51
|
+
|
29
52
|
def test_check_struts2_samples
|
30
53
|
override_stdout
|
31
54
|
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../lib/yawast'
|
2
|
+
require File.dirname(__FILE__) + '/base'
|
3
|
+
|
4
|
+
class TestScannerNginx < Minitest::Test
|
5
|
+
include TestBase
|
6
|
+
|
7
|
+
def test_nginx_basic_banner
|
8
|
+
server = 'nginx/1.8.1'
|
9
|
+
|
10
|
+
override_stdout
|
11
|
+
Yawast::Scanner::Plugins::Servers::Nginx.check_banner server
|
12
|
+
|
13
|
+
assert stdout_value.include?("nginx Version: #{server}"), "Unexpected banner: #{stdout_value}"
|
14
|
+
|
15
|
+
restore_stdout
|
16
|
+
end
|
17
|
+
|
18
|
+
def test_nginx_status_present
|
19
|
+
port = rand(60000) + 1024 # pick a random port number
|
20
|
+
server = start_web_server File.dirname(__FILE__) + '/data/nginx_status_page.txt', 'status', port
|
21
|
+
|
22
|
+
override_stdout
|
23
|
+
uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
|
24
|
+
|
25
|
+
Yawast::Shared::Http.setup nil, nil
|
26
|
+
Yawast::Scanner::Plugins::Servers::Nginx.check_status_page uri
|
27
|
+
|
28
|
+
assert stdout_value.include?('Nginx status page found'), 'Nginx Status page warning not found'
|
29
|
+
|
30
|
+
server.exit
|
31
|
+
restore_stdout
|
32
|
+
end
|
33
|
+
end
|
data/yawast.gemspec
CHANGED
@@ -22,7 +22,6 @@ Gem::Specification.new do |s|
|
|
22
22
|
s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
|
23
23
|
s.add_runtime_dependency 'ipaddress', '~> 0.8'
|
24
24
|
s.add_runtime_dependency 'nokogiri', '~> 1.8'
|
25
|
-
s.add_runtime_dependency 'oj', '~> 3.6'
|
26
25
|
s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
|
27
26
|
s.add_runtime_dependency 'public_suffix', '~> 2.0'
|
28
27
|
s.add_runtime_dependency 'selenium-webdriver', '~> 3.141'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: yawast
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.0.
|
4
|
+
version: 0.7.0.beta3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Caudill
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-04-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: colorize
|
@@ -136,20 +136,6 @@ dependencies:
|
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
138
|
version: '1.8'
|
139
|
-
- !ruby/object:Gem::Dependency
|
140
|
-
name: oj
|
141
|
-
requirement: !ruby/object:Gem::Requirement
|
142
|
-
requirements:
|
143
|
-
- - "~>"
|
144
|
-
- !ruby/object:Gem::Version
|
145
|
-
version: '3.6'
|
146
|
-
type: :runtime
|
147
|
-
prerelease: false
|
148
|
-
version_requirements: !ruby/object:Gem::Requirement
|
149
|
-
requirements:
|
150
|
-
- - "~>"
|
151
|
-
- !ruby/object:Gem::Version
|
152
|
-
version: '3.6'
|
153
139
|
- !ruby/object:Gem::Dependency
|
154
140
|
name: openssl-extensions
|
155
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -239,6 +225,7 @@ files:
|
|
239
225
|
- lib/scanner/core.rb
|
240
226
|
- lib/scanner/generic.rb
|
241
227
|
- lib/scanner/plugins/applications/cms/generic.rb
|
228
|
+
- lib/scanner/plugins/applications/framework/rails.rb
|
242
229
|
- lib/scanner/plugins/applications/generic/password_reset.rb
|
243
230
|
- lib/scanner/plugins/dns/caa.rb
|
244
231
|
- lib/scanner/plugins/dns/generic.rb
|
@@ -271,9 +258,12 @@ files:
|
|
271
258
|
- test/data/apache_server_status.txt
|
272
259
|
- test/data/cms_none_body.txt
|
273
260
|
- test/data/cms_wordpress_body.txt
|
261
|
+
- test/data/dir.txt
|
262
|
+
- test/data/etc_passwd.txt
|
274
263
|
- test/data/hsts_disabled_server_header.txt
|
275
264
|
- test/data/hsts_server_header.txt
|
276
265
|
- test/data/iis_server_header.txt
|
266
|
+
- test/data/nginx_status_page.txt
|
277
267
|
- test/data/ssl_labs_analyze_data.json
|
278
268
|
- test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
|
279
269
|
- test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
|
@@ -284,6 +274,7 @@ files:
|
|
284
274
|
- test/data/ssl_labs_info.json
|
285
275
|
- test/data/tomcat_release_notes.txt
|
286
276
|
- test/data/wordpress_readme_html.txt
|
277
|
+
- test/test_app_fw_rails.rb
|
287
278
|
- test/test_cmd_util.rb
|
288
279
|
- test/test_directory_search.rb
|
289
280
|
- test/test_helper.rb
|
@@ -296,7 +287,7 @@ files:
|
|
296
287
|
- test/test_scan_cms.rb
|
297
288
|
- test/test_scan_dns.rb
|
298
289
|
- test/test_scan_iis_headers.rb
|
299
|
-
- test/
|
290
|
+
- test/test_scan_nginx.rb
|
300
291
|
- test/test_shared_http.rb
|
301
292
|
- test/test_shared_util.rb
|
302
293
|
- test/test_ssl.rb
|
@@ -336,9 +327,12 @@ test_files:
|
|
336
327
|
- test/data/apache_server_status.txt
|
337
328
|
- test/data/cms_none_body.txt
|
338
329
|
- test/data/cms_wordpress_body.txt
|
330
|
+
- test/data/dir.txt
|
331
|
+
- test/data/etc_passwd.txt
|
339
332
|
- test/data/hsts_disabled_server_header.txt
|
340
333
|
- test/data/hsts_server_header.txt
|
341
334
|
- test/data/iis_server_header.txt
|
335
|
+
- test/data/nginx_status_page.txt
|
342
336
|
- test/data/ssl_labs_analyze_data.json
|
343
337
|
- test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
|
344
338
|
- test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
|
@@ -349,6 +343,7 @@ test_files:
|
|
349
343
|
- test/data/ssl_labs_info.json
|
350
344
|
- test/data/tomcat_release_notes.txt
|
351
345
|
- test/data/wordpress_readme_html.txt
|
346
|
+
- test/test_app_fw_rails.rb
|
352
347
|
- test/test_cmd_util.rb
|
353
348
|
- test/test_directory_search.rb
|
354
349
|
- test/test_helper.rb
|
@@ -361,7 +356,7 @@ test_files:
|
|
361
356
|
- test/test_scan_cms.rb
|
362
357
|
- test/test_scan_dns.rb
|
363
358
|
- test/test_scan_iis_headers.rb
|
364
|
-
- test/
|
359
|
+
- test/test_scan_nginx.rb
|
365
360
|
- test/test_shared_http.rb
|
366
361
|
- test/test_shared_util.rb
|
367
362
|
- test/test_ssl.rb
|
@@ -1,17 +0,0 @@
|
|
1
|
-
require File.dirname(__FILE__) + '/../lib/yawast'
|
2
|
-
require File.dirname(__FILE__) + '/base'
|
3
|
-
|
4
|
-
class TestScannerNginxHeaders < Minitest::Test
|
5
|
-
include TestBase
|
6
|
-
|
7
|
-
def test_nginx_basic_banner
|
8
|
-
server = 'nginx/1.8.1'
|
9
|
-
|
10
|
-
override_stdout
|
11
|
-
Yawast::Scanner::Plugins::Servers::Nginx.check_banner server
|
12
|
-
|
13
|
-
assert stdout_value.include?("nginx Version: #{server}"), "Unexpected banner: #{stdout_value}"
|
14
|
-
|
15
|
-
restore_stdout
|
16
|
-
end
|
17
|
-
end
|