yawast 0.7.0.beta2 → 0.7.0.beta3

Sign up to get free protection for your applications and to get access to all the features.
@@ -6,21 +6,34 @@ module Yawast
6
6
  def self.scan(uri, options, head)
7
7
  puts 'Performing vulnerability scan (this will take a while)...'
8
8
 
9
- # server specific checks
10
- Yawast::Scanner::Plugins::Servers::Apache.check_all(uri)
11
- Yawast::Scanner::Plugins::Servers::Iis.check_all(uri, head)
9
+ if options.spider
10
+ links = Yawast::Scanner::Plugins::Spider::Spider.spider(uri)
11
+ else
12
+ puts 'Building site map...'
13
+ links = Yawast::Scanner::Plugins::Spider::Spider.spider(uri, true)
14
+ end
12
15
 
13
16
  # checks for interesting files
14
17
  Yawast::Scanner::Plugins::Http::FilePresence.check_all uri, options.files
15
18
 
19
+ # server specific checks
20
+ Yawast::Scanner::Plugins::Servers::Apache.check_all(uri, links)
21
+ Yawast::Scanner::Plugins::Servers::Nginx.check_all(uri)
22
+ Yawast::Scanner::Plugins::Servers::Iis.check_all(uri, head)
23
+
16
24
  # generic header checks
17
25
  Yawast::Scanner::Plugins::Http::Generic.check_propfind(uri)
18
26
  Yawast::Scanner::Plugins::Http::Generic.check_options(uri)
19
27
  Yawast::Scanner::Plugins::Http::Generic.check_trace(uri)
20
28
 
21
29
  # check for issues with the password reset form
22
- Yawast::Scanner::Plugins::Applications::Generic::PasswordReset.setup
23
- Yawast::Scanner::Plugins::Applications::Generic::PasswordReset.check_resp_user_enum
30
+ unless Yawast.options.pass_reset_page.nil?
31
+ Yawast::Scanner::Plugins::Applications::Generic::PasswordReset.setup
32
+ Yawast::Scanner::Plugins::Applications::Generic::PasswordReset.check_resp_user_enum
33
+ end
34
+
35
+ # check for framework specific issues
36
+ Yawast::Scanner::Plugins::Applications::Framework::Rails.check_all uri, links
24
37
  end
25
38
  end
26
39
  end
data/lib/shared/http.rb CHANGED
@@ -2,7 +2,6 @@
2
2
 
3
3
  require 'securerandom'
4
4
  require 'json'
5
- require 'oj'
6
5
 
7
6
  module Yawast
8
7
  module Shared
@@ -38,6 +37,7 @@ module Yawast
38
37
 
39
38
  def self.get_with_code(uri, headers = nil)
40
39
  body = ''
40
+ code = nil
41
41
 
42
42
  begin
43
43
  req = get_http(uri)
@@ -45,8 +45,6 @@ module Yawast
45
45
  res = req.request_get(uri, get_headers(headers))
46
46
  body = res.read_body
47
47
  code = res.code
48
-
49
- Yawast::Shared::Output.log_json 'debug', 'http_get', uri, Oj.dump(res, Oj.default_options)
50
48
  rescue # rubocop:disable Style/RescueStandardError, Lint/HandleExceptions
51
49
  # do nothing for now
52
50
  end
@@ -93,8 +91,6 @@ module Yawast
93
91
  req.use_ssl = uri.scheme == 'https'
94
92
  res = req.head(uri, get_headers)
95
93
 
96
- Yawast::Shared::Output.log_json 'debug', 'http_get_status_code', uri, Oj.dump(res, Oj.default_options)
97
-
98
94
  res.code
99
95
  end
100
96
 
data/lib/shared/output.rb CHANGED
@@ -67,7 +67,7 @@ module Yawast
67
67
 
68
68
  target = get_target super_parent, parent
69
69
 
70
- target[key] = JSON.parse(json_block)
70
+ target[key] = escape_hash(JSON.parse(json_block))
71
71
  end
72
72
 
73
73
  def self.log_hash(super_parent = nil, parent = nil, key, hash)
@@ -75,7 +75,7 @@ module Yawast
75
75
 
76
76
  target = get_target super_parent, parent
77
77
 
78
- target[key] = hash
78
+ target[key] = escape_hash hash
79
79
  end
80
80
 
81
81
  def self.encode_utf8(str)
@@ -111,13 +111,16 @@ module Yawast
111
111
  end
112
112
 
113
113
  def self.escape_hash(hash)
114
- hash.each_pair do |k,v|
114
+ hash.each_pair do |k, v|
115
115
  if v.is_a?(Hash)
116
116
  escape_hash(v)
117
- else
118
- if v.is_a?(String)
119
- hash[k] = Base64.encode64 v unless v.valid_encoding?
120
- end
117
+ elsif v.is_a?(String)
118
+ # first, attempt to force utf-8
119
+ v = encode_utf8 v
120
+ hash[k] = v
121
+
122
+ # if needed, Base64 encode to ensure that we can produce the JSON output
123
+ hash[k] = Base64.encode64 v unless v.valid_encoding?
121
124
  end
122
125
  end
123
126
  end
data/lib/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Yawast
4
- VERSION = '0.7.0.beta2'
4
+ VERSION = '0.7.0.beta3'
5
5
  end
data/test/data/dir.txt ADDED
@@ -0,0 +1,9 @@
1
+ Volume in drive C has no label.
2
+ Volume Serial Number is B86A-EF32
3
+
4
+ Directory of C:\test
5
+
6
+ 11/30/2004 01:40 PM <DIR> .
7
+ 11/30/2004 01:40 PM <DIR> ..
8
+ 11/30/2004 11:05 AM 0 T97B4~1.TXT t.txt2
9
+ 11/30/2004 01:16 PM 0 t97.txt
@@ -0,0 +1,16 @@
1
+ root:x:0:0:root:/root:/bin/bash
2
+ bin:x:1:1:bin:/bin:/sbin/nologin
3
+ daemon:x:2:2:daemon:/sbin:/sbin/nologin
4
+ adm:x:3:4:adm:/var/adm:/sbin/nologin
5
+ lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
6
+ sync:x:5:0:sync:/sbin:/bin/sync
7
+ shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
8
+ halt:x:7:0:halt:/sbin:/sbin/halt
9
+ mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
10
+ news:x:9:13:news:/etc/news:
11
+ uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
12
+ operator:x:11:0:operator:/root:/sbin/nologin
13
+ games:x:12:100:games:/usr/games:/sbin/nologin
14
+ gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
15
+ ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
16
+ nobody:x:99:99:Nobody:/:/sbin/nologin
@@ -0,0 +1,4 @@
1
+ Active connections: 24
2
+ server accepts handled requests
3
+ 6347476 6347476 11266177
4
+ Reading: 0 Writing: 1 Waiting: 23
@@ -0,0 +1,28 @@
1
+ require File.dirname(__FILE__) + '/../lib/yawast'
2
+ require File.dirname(__FILE__) + '/base'
3
+
4
+ class TestScannerApache < Minitest::Test
5
+ include TestBase
6
+
7
+ def test_check_cve_2019_5418
8
+ override_stdout
9
+
10
+ port = rand(60000) + 1024 # pick a random port number
11
+ server = start_web_server File.dirname(__FILE__) + '/data/etc_passwd.txt', '', port
12
+ uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
13
+
14
+ error = nil
15
+ begin
16
+ Yawast::Scanner::Plugins::Applications::Framework::Rails.check_cve_2019_5418 [uri.to_s]
17
+ rescue => e
18
+ error = e.message
19
+ end
20
+
21
+ assert !stdout_value.include?('[W]'), "Unexpected finding: #{stdout_value}"
22
+ assert error == nil, "Unexpected error: #{error}"
23
+
24
+ restore_stdout
25
+
26
+ server.exit
27
+ end
28
+ end
@@ -26,6 +26,29 @@ class TestScannerApache < Minitest::Test
26
26
  server.exit
27
27
  end
28
28
 
29
+ def test_check_tomcat_2019_0232
30
+ override_stdout
31
+
32
+ port = rand(60000) + 1024 # pick a random port number
33
+ server = start_web_server File.dirname(__FILE__) + '/data/apache_server_info.txt', '/cgi-bin/test.bat', port
34
+ uri = URI.parse "http://localhost:#{port}/cgi-bin/test.bat"
35
+ links = [uri.to_s]
36
+
37
+ error = nil
38
+ begin
39
+ Yawast::Scanner::Plugins::Servers::Apache.check_cve_2019_0232 links
40
+ rescue => e
41
+ error = e.message
42
+ end
43
+
44
+ assert !stdout_value.include?('[V]'), "Unexpected finding: #{stdout_value}"
45
+ assert error == nil, "Unexpected error: #{error}"
46
+
47
+ restore_stdout
48
+
49
+ server.exit
50
+ end
51
+
29
52
  def test_check_struts2_samples
30
53
  override_stdout
31
54
 
@@ -0,0 +1,33 @@
1
+ require File.dirname(__FILE__) + '/../lib/yawast'
2
+ require File.dirname(__FILE__) + '/base'
3
+
4
+ class TestScannerNginx < Minitest::Test
5
+ include TestBase
6
+
7
+ def test_nginx_basic_banner
8
+ server = 'nginx/1.8.1'
9
+
10
+ override_stdout
11
+ Yawast::Scanner::Plugins::Servers::Nginx.check_banner server
12
+
13
+ assert stdout_value.include?("nginx Version: #{server}"), "Unexpected banner: #{stdout_value}"
14
+
15
+ restore_stdout
16
+ end
17
+
18
+ def test_nginx_status_present
19
+ port = rand(60000) + 1024 # pick a random port number
20
+ server = start_web_server File.dirname(__FILE__) + '/data/nginx_status_page.txt', 'status', port
21
+
22
+ override_stdout
23
+ uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
24
+
25
+ Yawast::Shared::Http.setup nil, nil
26
+ Yawast::Scanner::Plugins::Servers::Nginx.check_status_page uri
27
+
28
+ assert stdout_value.include?('Nginx status page found'), 'Nginx Status page warning not found'
29
+
30
+ server.exit
31
+ restore_stdout
32
+ end
33
+ end
data/yawast.gemspec CHANGED
@@ -22,7 +22,6 @@ Gem::Specification.new do |s|
22
22
  s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
23
23
  s.add_runtime_dependency 'ipaddress', '~> 0.8'
24
24
  s.add_runtime_dependency 'nokogiri', '~> 1.8'
25
- s.add_runtime_dependency 'oj', '~> 3.6'
26
25
  s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
27
26
  s.add_runtime_dependency 'public_suffix', '~> 2.0'
28
27
  s.add_runtime_dependency 'selenium-webdriver', '~> 3.141'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yawast
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0.beta2
4
+ version: 0.7.0.beta3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Caudill
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-14 00:00:00.000000000 Z
11
+ date: 2019-04-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize
@@ -136,20 +136,6 @@ dependencies:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
138
  version: '1.8'
139
- - !ruby/object:Gem::Dependency
140
- name: oj
141
- requirement: !ruby/object:Gem::Requirement
142
- requirements:
143
- - - "~>"
144
- - !ruby/object:Gem::Version
145
- version: '3.6'
146
- type: :runtime
147
- prerelease: false
148
- version_requirements: !ruby/object:Gem::Requirement
149
- requirements:
150
- - - "~>"
151
- - !ruby/object:Gem::Version
152
- version: '3.6'
153
139
  - !ruby/object:Gem::Dependency
154
140
  name: openssl-extensions
155
141
  requirement: !ruby/object:Gem::Requirement
@@ -239,6 +225,7 @@ files:
239
225
  - lib/scanner/core.rb
240
226
  - lib/scanner/generic.rb
241
227
  - lib/scanner/plugins/applications/cms/generic.rb
228
+ - lib/scanner/plugins/applications/framework/rails.rb
242
229
  - lib/scanner/plugins/applications/generic/password_reset.rb
243
230
  - lib/scanner/plugins/dns/caa.rb
244
231
  - lib/scanner/plugins/dns/generic.rb
@@ -271,9 +258,12 @@ files:
271
258
  - test/data/apache_server_status.txt
272
259
  - test/data/cms_none_body.txt
273
260
  - test/data/cms_wordpress_body.txt
261
+ - test/data/dir.txt
262
+ - test/data/etc_passwd.txt
274
263
  - test/data/hsts_disabled_server_header.txt
275
264
  - test/data/hsts_server_header.txt
276
265
  - test/data/iis_server_header.txt
266
+ - test/data/nginx_status_page.txt
277
267
  - test/data/ssl_labs_analyze_data.json
278
268
  - test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
279
269
  - test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
@@ -284,6 +274,7 @@ files:
284
274
  - test/data/ssl_labs_info.json
285
275
  - test/data/tomcat_release_notes.txt
286
276
  - test/data/wordpress_readme_html.txt
277
+ - test/test_app_fw_rails.rb
287
278
  - test/test_cmd_util.rb
288
279
  - test/test_directory_search.rb
289
280
  - test/test_helper.rb
@@ -296,7 +287,7 @@ files:
296
287
  - test/test_scan_cms.rb
297
288
  - test/test_scan_dns.rb
298
289
  - test/test_scan_iis_headers.rb
299
- - test/test_scan_nginx_banner.rb
290
+ - test/test_scan_nginx.rb
300
291
  - test/test_shared_http.rb
301
292
  - test/test_shared_util.rb
302
293
  - test/test_ssl.rb
@@ -336,9 +327,12 @@ test_files:
336
327
  - test/data/apache_server_status.txt
337
328
  - test/data/cms_none_body.txt
338
329
  - test/data/cms_wordpress_body.txt
330
+ - test/data/dir.txt
331
+ - test/data/etc_passwd.txt
339
332
  - test/data/hsts_disabled_server_header.txt
340
333
  - test/data/hsts_server_header.txt
341
334
  - test/data/iis_server_header.txt
335
+ - test/data/nginx_status_page.txt
342
336
  - test/data/ssl_labs_analyze_data.json
343
337
  - test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
344
338
  - test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
@@ -349,6 +343,7 @@ test_files:
349
343
  - test/data/ssl_labs_info.json
350
344
  - test/data/tomcat_release_notes.txt
351
345
  - test/data/wordpress_readme_html.txt
346
+ - test/test_app_fw_rails.rb
352
347
  - test/test_cmd_util.rb
353
348
  - test/test_directory_search.rb
354
349
  - test/test_helper.rb
@@ -361,7 +356,7 @@ test_files:
361
356
  - test/test_scan_cms.rb
362
357
  - test/test_scan_dns.rb
363
358
  - test/test_scan_iis_headers.rb
364
- - test/test_scan_nginx_banner.rb
359
+ - test/test_scan_nginx.rb
365
360
  - test/test_shared_http.rb
366
361
  - test/test_shared_util.rb
367
362
  - test/test_ssl.rb
@@ -1,17 +0,0 @@
1
- require File.dirname(__FILE__) + '/../lib/yawast'
2
- require File.dirname(__FILE__) + '/base'
3
-
4
- class TestScannerNginxHeaders < Minitest::Test
5
- include TestBase
6
-
7
- def test_nginx_basic_banner
8
- server = 'nginx/1.8.1'
9
-
10
- override_stdout
11
- Yawast::Scanner::Plugins::Servers::Nginx.check_banner server
12
-
13
- assert stdout_value.include?("nginx Version: #{server}"), "Unexpected banner: #{stdout_value}"
14
-
15
- restore_stdout
16
- end
17
- end