yawast 0.7.0.beta2 → 0.7.0.beta3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +6 -0
- data/CHANGELOG.md +3 -0
- data/README.md +5 -1
- data/lib/resources/common_file.txt +208 -0
- data/lib/scanner/core.rb +3 -2
- data/lib/scanner/plugins/applications/cms/generic.rb +11 -1
- data/lib/scanner/plugins/applications/framework/rails.rb +39 -0
- data/lib/scanner/plugins/applications/generic/password_reset.rb +40 -14
- data/lib/scanner/plugins/dns/caa.rb +1 -1
- data/lib/scanner/plugins/http/generic.rb +18 -8
- data/lib/scanner/plugins/servers/apache.rb +113 -15
- data/lib/scanner/plugins/servers/generic.rb +8 -0
- data/lib/scanner/plugins/servers/iis.rb +26 -3
- data/lib/scanner/plugins/servers/nginx.rb +33 -0
- data/lib/scanner/plugins/servers/python.rb +8 -0
- data/lib/scanner/plugins/spider/spider.rb +7 -3
- data/lib/scanner/vuln_scan.rb +18 -5
- data/lib/shared/http.rb +1 -5
- data/lib/shared/output.rb +10 -7
- data/lib/version.rb +1 -1
- data/test/data/dir.txt +9 -0
- data/test/data/etc_passwd.txt +16 -0
- data/test/data/nginx_status_page.txt +4 -0
- data/test/test_app_fw_rails.rb +28 -0
- data/test/test_scan_apache.rb +23 -0
- data/test/test_scan_nginx.rb +33 -0
- data/yawast.gemspec +0 -1
- metadata +13 -18
- data/test/test_scan_nginx_banner.rb +0 -17
data/lib/scanner/vuln_scan.rb
CHANGED
|
@@ -6,21 +6,34 @@ module Yawast
|
|
|
6
6
|
def self.scan(uri, options, head)
|
|
7
7
|
puts 'Performing vulnerability scan (this will take a while)...'
|
|
8
8
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
if options.spider
|
|
10
|
+
links = Yawast::Scanner::Plugins::Spider::Spider.spider(uri)
|
|
11
|
+
else
|
|
12
|
+
puts 'Building site map...'
|
|
13
|
+
links = Yawast::Scanner::Plugins::Spider::Spider.spider(uri, true)
|
|
14
|
+
end
|
|
12
15
|
|
|
13
16
|
# checks for interesting files
|
|
14
17
|
Yawast::Scanner::Plugins::Http::FilePresence.check_all uri, options.files
|
|
15
18
|
|
|
19
|
+
# server specific checks
|
|
20
|
+
Yawast::Scanner::Plugins::Servers::Apache.check_all(uri, links)
|
|
21
|
+
Yawast::Scanner::Plugins::Servers::Nginx.check_all(uri)
|
|
22
|
+
Yawast::Scanner::Plugins::Servers::Iis.check_all(uri, head)
|
|
23
|
+
|
|
16
24
|
# generic header checks
|
|
17
25
|
Yawast::Scanner::Plugins::Http::Generic.check_propfind(uri)
|
|
18
26
|
Yawast::Scanner::Plugins::Http::Generic.check_options(uri)
|
|
19
27
|
Yawast::Scanner::Plugins::Http::Generic.check_trace(uri)
|
|
20
28
|
|
|
21
29
|
# check for issues with the password reset form
|
|
22
|
-
Yawast
|
|
23
|
-
|
|
30
|
+
unless Yawast.options.pass_reset_page.nil?
|
|
31
|
+
Yawast::Scanner::Plugins::Applications::Generic::PasswordReset.setup
|
|
32
|
+
Yawast::Scanner::Plugins::Applications::Generic::PasswordReset.check_resp_user_enum
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# check for framework specific issues
|
|
36
|
+
Yawast::Scanner::Plugins::Applications::Framework::Rails.check_all uri, links
|
|
24
37
|
end
|
|
25
38
|
end
|
|
26
39
|
end
|
data/lib/shared/http.rb
CHANGED
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
require 'securerandom'
|
|
4
4
|
require 'json'
|
|
5
|
-
require 'oj'
|
|
6
5
|
|
|
7
6
|
module Yawast
|
|
8
7
|
module Shared
|
|
@@ -38,6 +37,7 @@ module Yawast
|
|
|
38
37
|
|
|
39
38
|
def self.get_with_code(uri, headers = nil)
|
|
40
39
|
body = ''
|
|
40
|
+
code = nil
|
|
41
41
|
|
|
42
42
|
begin
|
|
43
43
|
req = get_http(uri)
|
|
@@ -45,8 +45,6 @@ module Yawast
|
|
|
45
45
|
res = req.request_get(uri, get_headers(headers))
|
|
46
46
|
body = res.read_body
|
|
47
47
|
code = res.code
|
|
48
|
-
|
|
49
|
-
Yawast::Shared::Output.log_json 'debug', 'http_get', uri, Oj.dump(res, Oj.default_options)
|
|
50
48
|
rescue # rubocop:disable Style/RescueStandardError, Lint/HandleExceptions
|
|
51
49
|
# do nothing for now
|
|
52
50
|
end
|
|
@@ -93,8 +91,6 @@ module Yawast
|
|
|
93
91
|
req.use_ssl = uri.scheme == 'https'
|
|
94
92
|
res = req.head(uri, get_headers)
|
|
95
93
|
|
|
96
|
-
Yawast::Shared::Output.log_json 'debug', 'http_get_status_code', uri, Oj.dump(res, Oj.default_options)
|
|
97
|
-
|
|
98
94
|
res.code
|
|
99
95
|
end
|
|
100
96
|
|
data/lib/shared/output.rb
CHANGED
|
@@ -67,7 +67,7 @@ module Yawast
|
|
|
67
67
|
|
|
68
68
|
target = get_target super_parent, parent
|
|
69
69
|
|
|
70
|
-
target[key] = JSON.parse(json_block)
|
|
70
|
+
target[key] = escape_hash(JSON.parse(json_block))
|
|
71
71
|
end
|
|
72
72
|
|
|
73
73
|
def self.log_hash(super_parent = nil, parent = nil, key, hash)
|
|
@@ -75,7 +75,7 @@ module Yawast
|
|
|
75
75
|
|
|
76
76
|
target = get_target super_parent, parent
|
|
77
77
|
|
|
78
|
-
target[key] = hash
|
|
78
|
+
target[key] = escape_hash hash
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
def self.encode_utf8(str)
|
|
@@ -111,13 +111,16 @@ module Yawast
|
|
|
111
111
|
end
|
|
112
112
|
|
|
113
113
|
def self.escape_hash(hash)
|
|
114
|
-
hash.each_pair do |k,v|
|
|
114
|
+
hash.each_pair do |k, v|
|
|
115
115
|
if v.is_a?(Hash)
|
|
116
116
|
escape_hash(v)
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
117
|
+
elsif v.is_a?(String)
|
|
118
|
+
# first, attempt to force utf-8
|
|
119
|
+
v = encode_utf8 v
|
|
120
|
+
hash[k] = v
|
|
121
|
+
|
|
122
|
+
# if needed, Base64 encode to ensure that we can produce the JSON output
|
|
123
|
+
hash[k] = Base64.encode64 v unless v.valid_encoding?
|
|
121
124
|
end
|
|
122
125
|
end
|
|
123
126
|
end
|
data/lib/version.rb
CHANGED
data/test/data/dir.txt
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
root:x:0:0:root:/root:/bin/bash
|
|
2
|
+
bin:x:1:1:bin:/bin:/sbin/nologin
|
|
3
|
+
daemon:x:2:2:daemon:/sbin:/sbin/nologin
|
|
4
|
+
adm:x:3:4:adm:/var/adm:/sbin/nologin
|
|
5
|
+
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
|
|
6
|
+
sync:x:5:0:sync:/sbin:/bin/sync
|
|
7
|
+
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
|
|
8
|
+
halt:x:7:0:halt:/sbin:/sbin/halt
|
|
9
|
+
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
|
|
10
|
+
news:x:9:13:news:/etc/news:
|
|
11
|
+
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
|
|
12
|
+
operator:x:11:0:operator:/root:/sbin/nologin
|
|
13
|
+
games:x:12:100:games:/usr/games:/sbin/nologin
|
|
14
|
+
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
|
|
15
|
+
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
|
|
16
|
+
nobody:x:99:99:Nobody:/:/sbin/nologin
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
require File.dirname(__FILE__) + '/../lib/yawast'
|
|
2
|
+
require File.dirname(__FILE__) + '/base'
|
|
3
|
+
|
|
4
|
+
class TestScannerApache < Minitest::Test
|
|
5
|
+
include TestBase
|
|
6
|
+
|
|
7
|
+
def test_check_cve_2019_5418
|
|
8
|
+
override_stdout
|
|
9
|
+
|
|
10
|
+
port = rand(60000) + 1024 # pick a random port number
|
|
11
|
+
server = start_web_server File.dirname(__FILE__) + '/data/etc_passwd.txt', '', port
|
|
12
|
+
uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
|
|
13
|
+
|
|
14
|
+
error = nil
|
|
15
|
+
begin
|
|
16
|
+
Yawast::Scanner::Plugins::Applications::Framework::Rails.check_cve_2019_5418 [uri.to_s]
|
|
17
|
+
rescue => e
|
|
18
|
+
error = e.message
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
assert !stdout_value.include?('[W]'), "Unexpected finding: #{stdout_value}"
|
|
22
|
+
assert error == nil, "Unexpected error: #{error}"
|
|
23
|
+
|
|
24
|
+
restore_stdout
|
|
25
|
+
|
|
26
|
+
server.exit
|
|
27
|
+
end
|
|
28
|
+
end
|
data/test/test_scan_apache.rb
CHANGED
|
@@ -26,6 +26,29 @@ class TestScannerApache < Minitest::Test
|
|
|
26
26
|
server.exit
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
+
def test_check_tomcat_2019_0232
|
|
30
|
+
override_stdout
|
|
31
|
+
|
|
32
|
+
port = rand(60000) + 1024 # pick a random port number
|
|
33
|
+
server = start_web_server File.dirname(__FILE__) + '/data/apache_server_info.txt', '/cgi-bin/test.bat', port
|
|
34
|
+
uri = URI.parse "http://localhost:#{port}/cgi-bin/test.bat"
|
|
35
|
+
links = [uri.to_s]
|
|
36
|
+
|
|
37
|
+
error = nil
|
|
38
|
+
begin
|
|
39
|
+
Yawast::Scanner::Plugins::Servers::Apache.check_cve_2019_0232 links
|
|
40
|
+
rescue => e
|
|
41
|
+
error = e.message
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
assert !stdout_value.include?('[V]'), "Unexpected finding: #{stdout_value}"
|
|
45
|
+
assert error == nil, "Unexpected error: #{error}"
|
|
46
|
+
|
|
47
|
+
restore_stdout
|
|
48
|
+
|
|
49
|
+
server.exit
|
|
50
|
+
end
|
|
51
|
+
|
|
29
52
|
def test_check_struts2_samples
|
|
30
53
|
override_stdout
|
|
31
54
|
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
require File.dirname(__FILE__) + '/../lib/yawast'
|
|
2
|
+
require File.dirname(__FILE__) + '/base'
|
|
3
|
+
|
|
4
|
+
class TestScannerNginx < Minitest::Test
|
|
5
|
+
include TestBase
|
|
6
|
+
|
|
7
|
+
def test_nginx_basic_banner
|
|
8
|
+
server = 'nginx/1.8.1'
|
|
9
|
+
|
|
10
|
+
override_stdout
|
|
11
|
+
Yawast::Scanner::Plugins::Servers::Nginx.check_banner server
|
|
12
|
+
|
|
13
|
+
assert stdout_value.include?("nginx Version: #{server}"), "Unexpected banner: #{stdout_value}"
|
|
14
|
+
|
|
15
|
+
restore_stdout
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def test_nginx_status_present
|
|
19
|
+
port = rand(60000) + 1024 # pick a random port number
|
|
20
|
+
server = start_web_server File.dirname(__FILE__) + '/data/nginx_status_page.txt', 'status', port
|
|
21
|
+
|
|
22
|
+
override_stdout
|
|
23
|
+
uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
|
|
24
|
+
|
|
25
|
+
Yawast::Shared::Http.setup nil, nil
|
|
26
|
+
Yawast::Scanner::Plugins::Servers::Nginx.check_status_page uri
|
|
27
|
+
|
|
28
|
+
assert stdout_value.include?('Nginx status page found'), 'Nginx Status page warning not found'
|
|
29
|
+
|
|
30
|
+
server.exit
|
|
31
|
+
restore_stdout
|
|
32
|
+
end
|
|
33
|
+
end
|
data/yawast.gemspec
CHANGED
|
@@ -22,7 +22,6 @@ Gem::Specification.new do |s|
|
|
|
22
22
|
s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
|
|
23
23
|
s.add_runtime_dependency 'ipaddress', '~> 0.8'
|
|
24
24
|
s.add_runtime_dependency 'nokogiri', '~> 1.8'
|
|
25
|
-
s.add_runtime_dependency 'oj', '~> 3.6'
|
|
26
25
|
s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
|
|
27
26
|
s.add_runtime_dependency 'public_suffix', '~> 2.0'
|
|
28
27
|
s.add_runtime_dependency 'selenium-webdriver', '~> 3.141'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: yawast
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.0.
|
|
4
|
+
version: 0.7.0.beta3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Caudill
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-04-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colorize
|
|
@@ -136,20 +136,6 @@ dependencies:
|
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
138
|
version: '1.8'
|
|
139
|
-
- !ruby/object:Gem::Dependency
|
|
140
|
-
name: oj
|
|
141
|
-
requirement: !ruby/object:Gem::Requirement
|
|
142
|
-
requirements:
|
|
143
|
-
- - "~>"
|
|
144
|
-
- !ruby/object:Gem::Version
|
|
145
|
-
version: '3.6'
|
|
146
|
-
type: :runtime
|
|
147
|
-
prerelease: false
|
|
148
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
149
|
-
requirements:
|
|
150
|
-
- - "~>"
|
|
151
|
-
- !ruby/object:Gem::Version
|
|
152
|
-
version: '3.6'
|
|
153
139
|
- !ruby/object:Gem::Dependency
|
|
154
140
|
name: openssl-extensions
|
|
155
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -239,6 +225,7 @@ files:
|
|
|
239
225
|
- lib/scanner/core.rb
|
|
240
226
|
- lib/scanner/generic.rb
|
|
241
227
|
- lib/scanner/plugins/applications/cms/generic.rb
|
|
228
|
+
- lib/scanner/plugins/applications/framework/rails.rb
|
|
242
229
|
- lib/scanner/plugins/applications/generic/password_reset.rb
|
|
243
230
|
- lib/scanner/plugins/dns/caa.rb
|
|
244
231
|
- lib/scanner/plugins/dns/generic.rb
|
|
@@ -271,9 +258,12 @@ files:
|
|
|
271
258
|
- test/data/apache_server_status.txt
|
|
272
259
|
- test/data/cms_none_body.txt
|
|
273
260
|
- test/data/cms_wordpress_body.txt
|
|
261
|
+
- test/data/dir.txt
|
|
262
|
+
- test/data/etc_passwd.txt
|
|
274
263
|
- test/data/hsts_disabled_server_header.txt
|
|
275
264
|
- test/data/hsts_server_header.txt
|
|
276
265
|
- test/data/iis_server_header.txt
|
|
266
|
+
- test/data/nginx_status_page.txt
|
|
277
267
|
- test/data/ssl_labs_analyze_data.json
|
|
278
268
|
- test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
|
|
279
269
|
- test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
|
|
@@ -284,6 +274,7 @@ files:
|
|
|
284
274
|
- test/data/ssl_labs_info.json
|
|
285
275
|
- test/data/tomcat_release_notes.txt
|
|
286
276
|
- test/data/wordpress_readme_html.txt
|
|
277
|
+
- test/test_app_fw_rails.rb
|
|
287
278
|
- test/test_cmd_util.rb
|
|
288
279
|
- test/test_directory_search.rb
|
|
289
280
|
- test/test_helper.rb
|
|
@@ -296,7 +287,7 @@ files:
|
|
|
296
287
|
- test/test_scan_cms.rb
|
|
297
288
|
- test/test_scan_dns.rb
|
|
298
289
|
- test/test_scan_iis_headers.rb
|
|
299
|
-
- test/
|
|
290
|
+
- test/test_scan_nginx.rb
|
|
300
291
|
- test/test_shared_http.rb
|
|
301
292
|
- test/test_shared_util.rb
|
|
302
293
|
- test/test_ssl.rb
|
|
@@ -336,9 +327,12 @@ test_files:
|
|
|
336
327
|
- test/data/apache_server_status.txt
|
|
337
328
|
- test/data/cms_none_body.txt
|
|
338
329
|
- test/data/cms_wordpress_body.txt
|
|
330
|
+
- test/data/dir.txt
|
|
331
|
+
- test/data/etc_passwd.txt
|
|
339
332
|
- test/data/hsts_disabled_server_header.txt
|
|
340
333
|
- test/data/hsts_server_header.txt
|
|
341
334
|
- test/data/iis_server_header.txt
|
|
335
|
+
- test/data/nginx_status_page.txt
|
|
342
336
|
- test/data/ssl_labs_analyze_data.json
|
|
343
337
|
- test/data/ssl_labs_analyze_data_activationservice1_installshield_com.json
|
|
344
338
|
- test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json
|
|
@@ -349,6 +343,7 @@ test_files:
|
|
|
349
343
|
- test/data/ssl_labs_info.json
|
|
350
344
|
- test/data/tomcat_release_notes.txt
|
|
351
345
|
- test/data/wordpress_readme_html.txt
|
|
346
|
+
- test/test_app_fw_rails.rb
|
|
352
347
|
- test/test_cmd_util.rb
|
|
353
348
|
- test/test_directory_search.rb
|
|
354
349
|
- test/test_helper.rb
|
|
@@ -361,7 +356,7 @@ test_files:
|
|
|
361
356
|
- test/test_scan_cms.rb
|
|
362
357
|
- test/test_scan_dns.rb
|
|
363
358
|
- test/test_scan_iis_headers.rb
|
|
364
|
-
- test/
|
|
359
|
+
- test/test_scan_nginx.rb
|
|
365
360
|
- test/test_shared_http.rb
|
|
366
361
|
- test/test_shared_util.rb
|
|
367
362
|
- test/test_ssl.rb
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
require File.dirname(__FILE__) + '/../lib/yawast'
|
|
2
|
-
require File.dirname(__FILE__) + '/base'
|
|
3
|
-
|
|
4
|
-
class TestScannerNginxHeaders < Minitest::Test
|
|
5
|
-
include TestBase
|
|
6
|
-
|
|
7
|
-
def test_nginx_basic_banner
|
|
8
|
-
server = 'nginx/1.8.1'
|
|
9
|
-
|
|
10
|
-
override_stdout
|
|
11
|
-
Yawast::Scanner::Plugins::Servers::Nginx.check_banner server
|
|
12
|
-
|
|
13
|
-
assert stdout_value.include?("nginx Version: #{server}"), "Unexpected banner: #{stdout_value}"
|
|
14
|
-
|
|
15
|
-
restore_stdout
|
|
16
|
-
end
|
|
17
|
-
end
|