yawast 0.4.0.beta3 → 0.4.0.beta4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c657b676e6fb2fab6ddf48ac8c7b9a8a8606e1b7
4
- data.tar.gz: 24071878a0ea703638f5ce1587524505489a9cfb
3
+ metadata.gz: 578aea8ce34d6fd6603ffcffb70f4dfbee7a911d
4
+ data.tar.gz: 09ee59b7fbdd5fd51d222d92fd67752086eed664
5
5
  SHA512:
6
- metadata.gz: df6f61d22b221f9dccaff5ef22fdc0708793034368d1101762fdb41338c8a5472fd1ba81cf2ec746a3c76521e5a9ae288e4b39c5196426ca66d59d580eb1cb70
7
- data.tar.gz: 571fff42d3a0a67c5c1c8ec7a1d30994e91a73ba1a186f150b120a7f3edb83149a591ca631377cb69f49b1e590dd5de30a19bc2c9fc0e7d021b847e59a33c9a9
6
+ metadata.gz: 03ef71cdaf26cc2845c29c8667ec51af7a04ec77abfa6be96a91afb987b022eebc07d36b159b42f2ad69dfdb09c6c749a3f88d6158cf6ca1a29de3b094f374e5
7
+ data.tar.gz: 01e4313f8ee9d155d9c5a0470dbe956e5c6f83ae986fa6762a73d19462f3ba76fc997b91f72b7c59e76366ed840f00e7872871c6f24ff29d9f7cbed6a8cd180a
data/CHANGELOG.md CHANGED
@@ -2,7 +2,11 @@
2
2
 
3
3
  * [#66](https://github.com/adamcaudill/yawast/issues/66) - Thread directory search for better performance
4
4
  * [#67](https://github.com/adamcaudill/yawast/issues/67) - Make "Found Redirect" optional
5
+ * [#69](https://github.com/adamcaudill/yawast/issues/69) - False positives on non-standard 404 handling
6
+ * [#73](https://github.com/adamcaudill/yawast/issues/73) - Use `--internalssl` when host is an IP address
5
7
  * [#65](https://github.com/adamcaudill/yawast/issues/65) - Bug: Output redirection doesn't work correctly
8
+ * [#70](https://github.com/adamcaudill/yawast/issues/70) - Bug: Handle scans of IP addresses
9
+ * [#72](https://github.com/adamcaudill/yawast/issues/72) - Bug: internalssl & Scanning IPs Fails
6
10
 
7
11
  ## 0.3.0 - 2016-09-15
8
12
 
data/lib/scanner/cert.rb CHANGED
@@ -83,7 +83,7 @@ module Yawast
83
83
  if cert.nil?
84
84
  raise 'No certificate received.'
85
85
  else
86
- @results.push "#{domain}: Issuer: '#{cert.issuer.common_name}' / '#{cert.issuer.organization}' Serial: #{cert.serial}"
86
+ @results.push "#{domain}: Issuer: '#{cert.issuer.common_name}' / '#{cert.issuer.organization}' Subject: '#{cert.subject}' Serial: #{cert.serial}"
87
87
  end
88
88
  rescue
89
89
  unless domain.start_with? 'www.'
data/lib/scanner/core.rb CHANGED
@@ -48,14 +48,7 @@ module Yawast
48
48
  Yawast::Scanner::Apache.check_all(@uri, head)
49
49
  Yawast::Scanner::Iis.check_all(@uri, head)
50
50
 
51
- Yawast::Scanner::ObjectPresence.check_source_control(@uri)
52
- Yawast::Scanner::ObjectPresence.check_sitemap(@uri)
53
- Yawast::Scanner::ObjectPresence.check_cross_domain(@uri)
54
- Yawast::Scanner::ObjectPresence.check_wsftp_log(@uri)
55
- Yawast::Scanner::ObjectPresence.check_trace_axd(@uri)
56
- Yawast::Scanner::ObjectPresence.check_elmah_axd(@uri)
57
- Yawast::Scanner::ObjectPresence.check_readme_html(@uri)
58
- Yawast::Scanner::ObjectPresence.check_release_notes_txt(@uri)
51
+ Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri
59
52
 
60
53
  Yawast::Scanner::Generic.check_propfind(@uri)
61
54
  Yawast::Scanner::Generic.check_options(@uri)
@@ -110,7 +103,7 @@ module Yawast
110
103
  if @uri.scheme == 'https' && !options.nossl
111
104
  head = Yawast::Shared::Http.head(@uri) if head == nil
112
105
 
113
- if options.internalssl
106
+ if options.internalssl || IPAddress.valid?(uri.host)
114
107
  Yawast::Scanner::Ssl.info(uri, !options.nociphers, options.tdessessioncount)
115
108
  else
116
109
  Yawast::Scanner::SslLabs.info(@uri, options.tdessessioncount)
@@ -0,0 +1,90 @@
1
+ require 'securerandom'
2
+
3
+ module Yawast
4
+ module Scanner
5
+ module Plugins
6
+ module Http
7
+ class FilePresence
8
+ def self.check_path(uri, path, vuln)
9
+ #note: this only checks directly at the root, I'm not sure if this is what we want
10
+ # should probably be relative to what's passed in, instead of overriding the path.
11
+ check = uri.copy
12
+ check.path = "#{path}"
13
+ code = Yawast::Shared::Http.get_status_code(check)
14
+
15
+ if code == "200"
16
+ msg = "'#{path}' found: #{check}"
17
+
18
+ if vuln
19
+ Yawast::Utilities.puts_vuln msg
20
+ else
21
+ Yawast::Utilities.puts_warn msg
22
+ end
23
+
24
+ puts ''
25
+ end
26
+ end
27
+
28
+ def self.check_all(uri)
29
+ #first, we need to see if the site responds to 404 in a reasonable way
30
+ fake_uri = uri.copy
31
+ fake_uri.path = "/#{SecureRandom.hex}/"
32
+ if Yawast::Shared::Http.get_status_code(fake_uri) != '404'
33
+ #crazy 404 handling
34
+ puts 'Site does not respond properly to non-existent file requests; skipping some checks.'
35
+
36
+ return
37
+ end
38
+
39
+ check_source_control uri
40
+ check_cross_domain uri
41
+ check_sitemap uri
42
+ check_wsftp_log uri
43
+ check_trace_axd uri
44
+ check_elmah_axd uri
45
+ check_readme_html uri
46
+ check_release_notes_txt uri
47
+ end
48
+
49
+ def self.check_source_control(uri)
50
+ check_path(uri, '/.git/', true)
51
+ check_path(uri, '/.hg/', true)
52
+ check_path(uri, '/.svn/', true)
53
+ check_path(uri, '/.bzr/', true)
54
+ end
55
+
56
+ def self.check_cross_domain(uri)
57
+ check_path(uri, '/crossdomain.xml', false)
58
+ check_path(uri, '/clientaccesspolicy.xml', false)
59
+ end
60
+
61
+ def self.check_sitemap(uri)
62
+ check_path(uri, '/sitemap.xml', false)
63
+ end
64
+
65
+ def self.check_wsftp_log(uri)
66
+ #check both upper and lower, as they are both seen in the wild
67
+ check_path(uri, '/WS_FTP.LOG', false)
68
+ check_path(uri, '/ws_ftp.log', false)
69
+ end
70
+
71
+ def self.check_trace_axd(uri)
72
+ check_path(uri, '/Trace.axd', false)
73
+ end
74
+
75
+ def self.check_elmah_axd(uri)
76
+ check_path(uri, '/elmah.axd', false)
77
+ end
78
+
79
+ def self.check_readme_html(uri)
80
+ check_path(uri, '/readme.html', false)
81
+ end
82
+
83
+ def self.check_release_notes_txt(uri)
84
+ check_path(uri, '/RELEASE-NOTES.txt', false)
85
+ end
86
+ end
87
+ end
88
+ end
89
+ end
90
+ end
data/lib/scanner/ssl.rb CHANGED
@@ -108,7 +108,12 @@ module Yawast
108
108
  puts 'Supported Ciphers (based on your OpenSSL version):'
109
109
 
110
110
  dns = Resolv::DNS.new()
111
- ip = dns.getaddresses(uri.host)[0]
111
+
112
+ if IPAddress.valid? uri.host
113
+ ip = IPAddress.parse uri.host
114
+ else
115
+ ip = dns.getaddresses(uri.host)[0]
116
+ end
112
117
 
113
118
  #find all versions that don't include '_server' or '_client'
114
119
  versions = OpenSSL::SSL::SSLContext::METHODS.find_all { |v| !v.to_s.include?('_client') && !v.to_s.include?('_server')}
@@ -145,7 +150,8 @@ module Yawast
145
150
  rescue OpenSSL::SSL::SSLError => e
146
151
  unless e.message.include?('alert handshake failure') ||
147
152
  e.message.include?('no ciphers available') ||
148
- e.message.include?('wrong version number')
153
+ e.message.include?('wrong version number') ||
154
+ e.message.include?('alert protocol version')
149
155
  Yawast::Utilities.puts_error "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(Supported But Failed)"
150
156
  end
151
157
  rescue => e
data/lib/shared/uri.rb CHANGED
@@ -1,3 +1,5 @@
1
+ require 'ipaddress'
2
+
1
3
  module Yawast
2
4
  module Shared
3
5
  class Uri
@@ -21,7 +23,14 @@ module Yawast
21
23
  dns = Resolv::DNS.new
22
24
  dns.getaddress(uri.host)
23
25
  rescue => e
24
- raise ArgumentError.new("Invalid URL (#{e.message})") unless uri.host == 'localhost'
26
+ if uri.host == 'localhost'
27
+ #do nothing, in this case, we just don't care.
28
+ elsif IPAddress.valid? uri.host
29
+ #in this case the host name is actually a IP, let it go through.
30
+ else
31
+ #we've passed all the exceptions, if we are here, it's a problem
32
+ raise ArgumentError.new("Invalid URL (#{e.message})")
33
+ end
25
34
  end
26
35
 
27
36
  return uri
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Yawast
2
- VERSION = '0.4.0.beta3'
2
+ VERSION = '0.4.0.beta4'
3
3
  end
@@ -12,7 +12,7 @@ class TestScannerApacheServerStatus < Minitest::Test
12
12
 
13
13
  override_stdout
14
14
  uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
15
- Yawast::Scanner::ObjectPresence.check_readme_html uri
15
+ Yawast::Scanner::Plugins::Http::FilePresence.check_readme_html uri
16
16
 
17
17
  assert stdout_value.include?('\'/readme.html\' found:'), 'readme.html page warning not found'
18
18
 
@@ -26,7 +26,7 @@ class TestScannerApacheServerStatus < Minitest::Test
26
26
 
27
27
  override_stdout
28
28
  uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
29
- Yawast::Scanner::ObjectPresence.check_release_notes_txt uri
29
+ Yawast::Scanner::Plugins::Http::FilePresence.check_release_notes_txt uri
30
30
 
31
31
  assert stdout_value.include?('\'/RELEASE-NOTES.txt\' found:'), 'RELEASE-NOTES.txt page warning not found'
32
32
 
data/yawast.gemspec CHANGED
@@ -19,6 +19,7 @@ Gem::Specification.new do |s|
19
19
  s.add_runtime_dependency 'openssl-extensions', '~> 1.2'
20
20
  s.add_runtime_dependency 'colorize', '~> 0.8'
21
21
  s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
22
+ s.add_runtime_dependency 'ipaddress', '~> 0.8'
22
23
 
23
24
  s.bindir = 'bin'
24
25
  s.files = `git ls-files`.split("\n")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yawast
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0.beta3
4
+ version: 0.4.0.beta4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Caudill
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-09-22 00:00:00.000000000 Z
11
+ date: 2016-10-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ssllabs
@@ -94,6 +94,20 @@ dependencies:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
96
  version: '1.0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: ipaddress
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '0.8'
104
+ type: :runtime
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '0.8'
97
111
  description: YAWAST is an application meant to simplify initial analysis and information
98
112
  gathering for penetration testers and security auditors.
99
113
  email: adam@adamcaudill.com
@@ -124,9 +138,9 @@ files:
124
138
  - lib/scanner/generic.rb
125
139
  - lib/scanner/iis.rb
126
140
  - lib/scanner/nginx.rb
127
- - lib/scanner/obj_presence.rb
128
141
  - lib/scanner/php.rb
129
142
  - lib/scanner/plugins/http/directory_search.rb
143
+ - lib/scanner/plugins/http/file_presence.rb
130
144
  - lib/scanner/ssl.rb
131
145
  - lib/scanner/ssl_labs.rb
132
146
  - lib/shared/http.rb
@@ -1,63 +0,0 @@
1
- module Yawast
2
- module Scanner
3
- class ObjectPresence
4
- def self.check_source_control(uri)
5
- check_path(uri, '/.git/', true)
6
- check_path(uri, '/.hg/', true)
7
- check_path(uri, '/.svn/', true)
8
- check_path(uri, '/.bzr/', true)
9
- end
10
-
11
- def self.check_cross_domain(uri)
12
- check_path(uri, '/crossdomain.xml', false)
13
- check_path(uri, '/clientaccesspolicy.xml', false)
14
- end
15
-
16
- def self.check_sitemap(uri)
17
- check_path(uri, '/sitemap.xml', false)
18
- end
19
-
20
- def self.check_wsftp_log(uri)
21
- #check both upper and lower, as they are both seen in the wild
22
- check_path(uri, '/WS_FTP.LOG', false)
23
- check_path(uri, '/ws_ftp.log', false)
24
- end
25
-
26
- def self.check_trace_axd(uri)
27
- check_path(uri, '/Trace.axd', false)
28
- end
29
-
30
- def self.check_elmah_axd(uri)
31
- check_path(uri, '/elmah.axd', false)
32
- end
33
-
34
- def self.check_readme_html(uri)
35
- check_path(uri, '/readme.html', false)
36
- end
37
-
38
- def self.check_release_notes_txt(uri)
39
- check_path(uri, '/RELEASE-NOTES.txt', false)
40
- end
41
-
42
- def self.check_path(uri, path, vuln)
43
- #note: this only checks directly at the root, I'm not sure if this is what we want
44
- # should probably be relative to what's passed in, instead of overriding the path.
45
- check = uri.copy
46
- check.path = "#{path}"
47
- code = Yawast::Shared::Http.get_status_code(check)
48
-
49
- if code == "200"
50
- msg = "'#{path}' found: #{check}"
51
-
52
- if vuln
53
- Yawast::Utilities.puts_vuln msg
54
- else
55
- Yawast::Utilities.puts_warn msg
56
- end
57
-
58
- puts ''
59
- end
60
- end
61
- end
62
- end
63
- end