yawast 0.5.0.beta1 → 0.5.0.beta2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 65106d07977f1c60a5f68f2506cfe81746c22c13
4
- data.tar.gz: 6997ee2700653653651dd21a421d95cf0873a8a6
3
+ metadata.gz: 75ec2f46c0f9998affc625ef2c5513b99bb75ffc
4
+ data.tar.gz: d22f11e04d791c348243d994a02f6bef8762d926
5
5
  SHA512:
6
- metadata.gz: 043435f7f05f23da628a61ad534110f2c2abf9bc0e94d562905614cb19add99cd2c528fc8e3079c4ea68ed01f80a9700cf79de5c76f9c1df5faabc812f371300
7
- data.tar.gz: 916d107d840cfc78635193f88ca604588669f3b22706a5b4389e4932eef9f032dfa47b8b01ea98f18e4eab79234f3dfc72c5e2b2726f2feda2731059c49eb091
6
+ metadata.gz: e0d9f54ba2687801aac27fac90c9daab18504f45b64699ef045618a155b96eeb83536074c28c5835bbcef42791d77f54f6e1e8f867e8fdb55220d66fb7275a73
7
+ data.tar.gz: 8beddf3db6353a8124ce3648ea4f25a1407ce7be57c78e4f9e4ee8c4e5701e8066c0d333f45b2b75257bf11ada17a1720875866d0cbe619d4711d50e07d7c430
data/.travis.yml CHANGED
@@ -2,11 +2,13 @@ language: ruby
2
2
  rvm:
3
3
  - 2.2.4
4
4
  - 2.3.1
5
+ script:
6
+ - bundle exec rake
7
+ - bundle exec rake submitcodeclimate
5
8
  notifications:
6
9
  email:
7
10
  on_success: never
8
11
  on_failure: never
9
-
10
12
  addons:
11
13
  code_climate:
12
14
  repo_token: 6fd9c710b9a6e0da2011c62b81075b9bd620200a2a400f4dbeab9c88829f4cb6
data/CHANGELOG.md CHANGED
@@ -1,7 +1,15 @@
1
1
  ## 0.5.0 - In Development
2
2
 
3
3
  * [#75](https://github.com/adamcaudill/yawast/issues/75) - Use internal SSL scanner for non-standard ports
4
+ * [#84](https://github.com/adamcaudill/yawast/issues/84) - Improve the display of ct_precert_scts
5
+ * [#86](https://github.com/adamcaudill/yawast/issues/86) - Add check for Tomcat Manager & common passwords
6
+ * [#87](https://github.com/adamcaudill/yawast/issues/87) - Tomcat version detection via invalid HTTP verb
7
+ * [#88](https://github.com/adamcaudill/yawast/issues/88) - Add IP Network Info via [api.iptoasn.com](https://api.iptoasn.com/)
8
+ * [#89](https://github.com/adamcaudill/yawast/issues/89) - Add IP Location Info
9
+ * [#90](https://github.com/adamcaudill/yawast/issues/90) - Add HSTS Preload check via [HSTSPreload.com](https://hstspreload.com/)
10
+ * [#91](https://github.com/adamcaudill/yawast/issues/91) - Enhanced file search
4
11
  * [#76](https://github.com/adamcaudill/yawast/issues/76) - Bug: Handle error for OpenSSL version support error
12
+ * Various code and other improvements.
5
13
 
6
14
  ## 0.4.0 - 2016-11-03
7
15
 
data/LICENSE ADDED
@@ -0,0 +1,29 @@
1
+ BSD 3-Clause License
2
+
3
+ Copyright (c) 2013-2017, Adam Caudill <adam@adamcaudill.com>
4
+ All rights reserved.
5
+
6
+ Redistribution and use in source and binary forms, with or without
7
+ modification, are permitted provided that the following conditions are met:
8
+
9
+ * Redistributions of source code must retain the above copyright notice, this
10
+ list of conditions and the following disclaimer.
11
+
12
+ * Redistributions in binary form must reproduce the above copyright notice,
13
+ this list of conditions and the following disclaimer in the documentation
14
+ and/or other materials provided with the distribution.
15
+
16
+ * Neither the name of the copyright holder nor the names of its
17
+ contributors may be used to endorse or promote products derived from
18
+ this software without specific prior written permission.
19
+
20
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26
+ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27
+ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28
+ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
data/README.md CHANGED
@@ -20,7 +20,7 @@ The simplest method to install is to use the RubyGem installer:
20
20
 
21
21
  This allows for simple updates (`gem update yawast`) and makes it easy to ensure that you are always using the latest version.
22
22
 
23
- YAWAST requires Ruby 2.2+, and is tested on Mac OSX and Linux (Windows should work; please open a ticket if you have issues).
23
+ YAWAST requires Ruby 2.2+, and is tested on Mac OSX, Linux, and Windows.
24
24
 
25
25
  **Kali Rolling**
26
26
 
@@ -48,6 +48,10 @@ rvm use 2.2 --default
48
48
  gem install yawast
49
49
  ```
50
50
 
51
+ **Windows**
52
+
53
+ To install on Windows, you need to first install Ruby; this can be done easily with the latest version of [RubyInstaller](https://rubyinstaller.org/downloads/). Once Ruby is installed, YAWAST can be installed via `gem install yawast` as normal.
54
+
51
55
  ### Tests
52
56
 
53
57
  The following tests are performed:
@@ -72,12 +76,17 @@ The following tests are performed:
72
76
  * *(Generic)* Presence of RELEASE-NOTES.txt
73
77
  * *(Generic)* Presence of readme.html
74
78
  * *(Generic)* Missing cookie flags (Secure & HttpOnly)
75
- * *(Generic)* Search for common directories
79
+ * *(Generic)* Search for files & common directories
76
80
  * *(Apache)* Info Disclosure: Module listing enabled
77
81
  * *(Apache)* Info Disclosure: Server version
78
82
  * *(Apache)* Info Disclosure: OpenSSL module version
79
83
  * *(Apache)* Presence of /server-status
80
84
  * *(Apache)* Presence of /server-info
85
+ * *(Apache Tomcat)* Presence of Tomcat Manager
86
+ * *(Apache Tomcat)* Presence of Tomcat Host Manager
87
+ * *(Apache Tomcat)* Tomcat Manager Weak Password
88
+ * *(Apache Tomcat)* Tomcat Host Manager Weak Password
89
+ * *(Apache Tomcat)* Tomcat version detection via invalid HTTP verb
81
90
  * *(IIS)* Info Disclosure: Server version
82
91
  * *(ASP.NET)* Info Disclosure: ASP.NET version
83
92
  * *(ASP.NET)* Info Disclosure: ASP.NET MVC version
@@ -110,101 +119,6 @@ Checks for the following SSL issues are performed:
110
119
 
111
120
  In addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), HTTP HEAD request, and others.
112
121
 
113
- ### TLS / SSL Testing
114
-
115
- YAWAST offers two modes for testing TLS / SSL - one is custom, and most useful for internal systems, and the other uses the [SSL Labs](https://www.ssllabs.com/) API.
116
-
117
- #### Internal Mode
118
-
119
- To use the custom internal TLS / SSL scanner (which uses your copy of OpenSSL), simply pass `--internalssl` on the command line. Here is a sample of the output generated by this tester.
120
-
121
- ```
122
- [I] Found X509 Certificate:
123
- [I] Issued To: sni67677.cloudflaressl.com /
124
- [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
125
- [I] Version: 2
126
- [I] Serial: 14171089194524384184707003668844347326
127
- [I] Subject: /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni67677.cloudflaressl.com
128
- [I] Expires: 2016-09-11 23:59:59 UTC
129
- [I] Signature Algorithm: ecdsa-with-SHA256
130
- [I] Key: EC-prime256v1
131
- [I] Key Hash: 1a23d84441f9b811dc188bab42b2375873c42ba2
132
- [I] Extensions:
133
- [I] authorityKeyIdentifier = keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96,
134
- [I] subjectKeyIdentifier = D0:F8:D6:82:36:B5:5C:AC:2D:9A:8E:7B:D9:D5:E6:99:38:B6:8C:FE
135
- [I] keyUsage = critical, Digital Signature
136
- [I] basicConstraints = critical, CA:FALSE
137
- [I] extendedKeyUsage = TLS Web Server Authentication, TLS Web Client Authentication
138
- [I] certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7, CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1,
139
- [I] crlDistributionPoints = , Full Name:, URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl,
140
- [I] authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com,
141
- [I] Alternate Names:
142
- [I] sni67677.cloudflaressl.com
143
- [I] *.adamcaudill.com
144
- [I] *.bsidesknoxville.com
145
- [I] *.secrypto.com
146
- [I] *.smimp.org
147
- [I] *.underhandedcrypto.com
148
- [I] adamcaudill.com
149
- [I] bsidesknoxville.com
150
- [I] secrypto.com
151
- [I] smimp.org
152
- [I] underhandedcrypto.com
153
- [I] Hash: 9be2091903a01bcff3ec4049ed1d037a8c611010
154
-
155
- [I] Certificate: Chain
156
- [I] Issued To: sni67677.cloudflaressl.com /
157
- [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
158
- [I] Expires: 2016-09-11 23:59:59 UTC
159
- [I] Key: EC-prime256v1
160
- [I] Signature Algorithm: ecdsa-with-SHA256
161
- [I] Hash: 9be2091903a01bcff3ec4049ed1d037a8c611010
162
-
163
- [I] Issued To: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
164
- [I] Issuer: COMODO ECC Certification Authority / COMODO CA Limited
165
- [I] Expires: 2029-09-24 23:59:59 UTC
166
- [I] Key: EC-prime256v1
167
- [I] Signature Algorithm: ecdsa-with-SHA384
168
- [I] Hash: 75cfd9bc5cefa104ecc1082d77e63392ccba5291
169
-
170
- [I] Issued To: COMODO ECC Certification Authority / COMODO CA Limited
171
- [I] Issuer: AddTrust External CA Root / AddTrust AB
172
- [I] Expires: 2020-05-30 10:48:38 UTC
173
- [I] Key: EC-secp384r1
174
- [I] Signature Algorithm: sha384WithRSAEncryption
175
- [I] Hash: ae223cbf20191b40d7ffb4ea5701b65fdc68a1ca
176
-
177
-
178
- Qualys SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
179
-
180
- Supported Ciphers (based on your OpenSSL version):
181
- Checking for TLSv1 suites (98 possible suites)
182
- [I] Version: TLSv1 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA
183
- [I] Version: TLSv1 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA
184
- [W] Version: TLSv1 Bits: 112 Cipher: ECDHE-ECDSA-DES-CBC3-SHA
185
- Checking for TLSv1_2 suites (98 possible suites)
186
- [I] Version: TLSv1.2 Bits: 256 Cipher: ECDHE-ECDSA-AES256-GCM-SHA384
187
- [I] Version: TLSv1.2 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA384
188
- [I] Version: TLSv1.2 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA
189
- [I] Version: TLSv1.2 Bits: 128 Cipher: ECDHE-ECDSA-AES128-GCM-SHA256
190
- [I] Version: TLSv1.2 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA256
191
- [I] Version: TLSv1.2 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA
192
- [W] Version: TLSv1.2 Bits: 112 Cipher: ECDHE-ECDSA-DES-CBC3-SHA
193
- Checking for TLSv1_1 suites (98 possible suites)
194
- [I] Version: TLSv1.1 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA
195
- [I] Version: TLSv1.1 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA
196
- [W] Version: TLSv1.1 Bits: 112 Cipher: ECDHE-ECDSA-DES-CBC3-SHA
197
- Checking for SSLv3 suites (98 possible suites)
198
- ```
199
-
200
- This version is more limited than the SSL Labs option, though will work in cases where SSL Labs is unable to connect to the target server.
201
-
202
- #### SSL Labs Mode
203
-
204
- The default mode is to use the SSL Labs API, which makes all users bound by their [terms and conditions](https://www.ssllabs.com/downloads/Qualys_SSL_Labs_Terms_of_Use.pdf), and obviously results in the domain you are scanning being sent to them.
205
-
206
- This mode is the most comprehensive, and contains far more data than the Internal Mode. Unless there is a good reason to use the Internal Mode, this is what you should use.
207
-
208
122
  ### Usage
209
123
 
210
124
  * Standard scan: `./yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
@@ -231,7 +145,7 @@ For authenticated testing, YAWAST allows you to specify a cookie to be passed vi
231
145
  Using `scan` - the normal go-to option, here's what you get when scanning my website:
232
146
 
233
147
  ```
234
- $yawast scan https://adamcaudill.com --tdessessioncount --dir
148
+ $ yawast scan https://adamcaudill.com --dir --tdessessioncount
235
149
  __ _____ _ _ ___ _____ _____
236
150
  \ \ / / _ \| | | |/ _ \ / ___|_ _|
237
151
  \ V / /_\ \ | | / /_\ \\ `--. | |
@@ -239,54 +153,62 @@ $yawast scan https://adamcaudill.com --tdessessioncount --dir
239
153
  | || | | \ /\ / | | |/\__/ / | |
240
154
  \_/\_| |_/\/ \/\_| |_/\____/ \_/
241
155
 
242
- YAWAST v0.4.0 - The YAWAST Antecedent Web Application Security Toolkit
243
- Copyright (c) 2013-2016 Adam Caudill <adam@adamcaudill.com>
156
+ YAWAST v0.5.0.beta2 - The YAWAST Antecedent Web Application Security Toolkit
157
+ Copyright (c) 2013-2017 Adam Caudill <adam@adamcaudill.com>
244
158
  Support & Documentation: https://github.com/adamcaudill/yawast
245
159
  Ruby 2.2.4-p230; OpenSSL 1.0.2f 28 Jan 2016 (x86_64-darwin15)
246
160
 
247
161
  Scanning: https://adamcaudill.com/
248
162
 
249
163
  DNS Information:
250
- [I] 104.28.27.55 (N/A)
251
- https://www.shodan.io/host/104.28.27.55
252
- https://censys.io/ipv4/104.28.27.55
253
164
  [I] 104.28.26.55 (N/A)
254
- https://www.shodan.io/host/104.28.26.55
255
- https://censys.io/ipv4/104.28.26.55
256
- [I] 2400:CB00:2048:1::681C:1B37 (N/A)
257
- https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
165
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
166
+ [I] San Francisco, California, US
167
+ https://www.shodan.io/host/104.28.26.55
168
+ https://censys.io/ipv4/104.28.26.55
169
+ [I] 104.28.27.55 (N/A)
170
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
171
+ [I] San Francisco, California, US
172
+ https://www.shodan.io/host/104.28.27.55
173
+ https://censys.io/ipv4/104.28.27.55
258
174
  [I] 2400:CB00:2048:1::681C:1A37 (N/A)
259
- https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37
175
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
176
+ [I] US
177
+ https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37
178
+ [I] 2400:CB00:2048:1::681C:1B37 (N/A)
179
+ [I] US - CLOUDFLARENET - CloudFlare, Inc.
180
+ [I] US
181
+ https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
260
182
  [I] TXT: v=spf1 mx a ptr include:_spf.google.com ~all
261
183
  [I] TXT: google-site-verification=QTO_7Q7UXmrUIwieJliLTXV3XuQdqNvTPVcug_TwH0w
184
+ [I] MX: aspmx4.googlemail.com (30)
185
+ [I] MX: aspmx.l.google.com (10)
262
186
  [I] MX: alt1.aspmx.l.google.com (20)
263
187
  [I] MX: aspmx2.googlemail.com (30)
264
188
  [I] MX: alt2.aspmx.l.google.com (20)
265
189
  [I] MX: aspmx3.googlemail.com (30)
266
190
  [I] MX: aspmx5.googlemail.com (30)
267
- [I] MX: aspmx4.googlemail.com (30)
268
- [I] MX: aspmx.l.google.com (10)
269
191
  [I] NS: vera.ns.cloudflare.com
270
192
  [I] NS: hal.ns.cloudflare.com
271
193
 
272
194
  [I] HEAD:
273
- [I] date: Thu, 03 Nov 2016 16:01:17 GMT
195
+ [I] date: Tue, 03 Jan 2017 03:05:26 GMT
274
196
  [I] content-type: text/html; charset=UTF-8
275
197
  [I] connection: close
276
- [I] set-cookie: __cfduid=1; expires=Fri, 03-Nov-17 16:01:17 GMT; path=/; domain=.adamcaudill.com; HttpOnly
198
+ [I] set-cookie: __cfduid=a; expires=Wed, 03-Jan-18 03:05:26 GMT; path=/; domain=.adamcaudill.com; HttpOnly
277
199
  [I] x-xss-protection: 1; mode=block
278
200
  [I] content-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wp.com ajax.cloudflare.com platform.twitter.com s0.wp.com ssl.google-analytics.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.twimg.com platform.twitter.com s0.wp.com; img-src 'self' data: *.wp.com static.flickr.com *.ted.com *.w.org *.gravatar.com *.twimg.com ssl.google-analytics.com *.twitter.com *.staticflickr.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com public.slidesharecdn.com; media-src 'self' *.ted.com; child-src 'self' www.slideshare.net www.youtube.com *.twitter.com; frame-ancestors 'self'; reflected-xss block; referrer no-referrer-when-downgrade; report-uri https://adamcaudill.report-uri.io/r/default/csp/reportOnly;
279
201
  [I] vary: Accept-Encoding,Cookie
280
- [I] last-modified: Thu, 03 Nov 2016 14:48:39 GMT
202
+ [I] last-modified: Tue, 03 Jan 2017 01:49:31 GMT
281
203
  [I] cache-control: public, max-age=86400
282
- [I] expires: Fri, 04 Nov 2016 16:01:17 GMT
204
+ [I] expires: Wed, 04 Jan 2017 03:05:26 GMT
283
205
  [I] x-frame-options: sameorigin
284
206
  [I] pragma: public
285
207
  [I] cf-cache-status: REVALIDATED
286
208
  [I] strict-transport-security: max-age=15552000; preload
287
209
  [I] x-content-type-options: nosniff
288
210
  [I] server: cloudflare-nginx
289
- [I] cf-ray: 2fc10b441b1d2ebd-MIA
211
+ [I] cf-ray: a-MIA
290
212
 
291
213
  [I] NOTE: Server appears to be Cloudflare; WAF may be in place.
292
214
 
@@ -296,13 +218,13 @@ $yawast scan https://adamcaudill.com --tdessessioncount --dir
296
218
  [W] Public-Key-Pins Header Not Present
297
219
 
298
220
  [I] Cookies:
299
- [I] __cfduid=1; expires=Fri, 03-Nov-17 16:01:17 GMT; path=/; domain=.adamcaudill.com; HttpOnly
221
+ [I] __cfduid=a; expires=Wed, 03-Jan-18 03:05:26 GMT; path=/; domain=.adamcaudill.com; HttpOnly
300
222
  [W] Cookie missing Secure flag
301
223
 
302
224
 
303
225
  Beginning SSL Labs scan (this could take a minute or two)
304
226
  [SSL Labs] This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html
305
- ............................................
227
+ .............................................
306
228
 
307
229
  SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
308
230
 
@@ -315,12 +237,12 @@ $yawast scan https://adamcaudill.com --tdessessioncount --dir
315
237
  [I] sni67677.cloudflaressl.com
316
238
  [I] *.adamcaudill.com
317
239
  [I] adamcaudill.com
318
- [I] Not Before: 2016-10-25T00:00:00+00:00
319
- [I] Not After: 2017-04-30T23:59:59+00:00
240
+ [I] Not Before: 2016-12-29T00:00:00+00:00
241
+ [I] Not After: 2017-07-02T23:59:59+00:00
320
242
  [I] Key: EC 256 (RSA equivalent: 3072)
321
- [I] Public Key Hash: 228dcb22953a406066147ee04d853f921431677a
243
+ [I] Public Key Hash: a2e0276e6a44138fea0f4afc01a4e6a3e165d15e
322
244
  [I] Version: 2
323
- [I] Serial: 218453950133730970752982267078511306496
245
+ [I] Serial: 167670175484361448885961646389808341945
324
246
  [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2
325
247
  [I] Signature algorithm: SHA256withECDSA
326
248
  [I] Extended Validation: No (Domain Control)
@@ -338,9 +260,9 @@ $yawast scan https://adamcaudill.com --tdessessioncount --dir
338
260
  [I] certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7, CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1,
339
261
  [I] crlDistributionPoints = , Full Name:, URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl,
340
262
  [I] authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com,
341
- [I] Hash: fad37c378e602154ca707cfda874b0c21e9fc144
342
- https://censys.io/certificates?q=fad37c378e602154ca707cfda874b0c21e9fc144
343
- https://crt.sh/?q=fad37c378e602154ca707cfda874b0c21e9fc144
263
+ [I] Hash: 06746b606927dab24f9b339329639151112c9363
264
+ https://censys.io/certificates?q=06746b606927dab24f9b339329639151112c9363
265
+ https://crt.sh/?q=06746b606927dab24f9b339329639151112c9363
344
266
 
345
267
  Configuration Information:
346
268
  Protocol Support:
@@ -436,33 +358,34 @@ $yawast scan https://adamcaudill.com --tdessessioncount --dir
436
358
  [W] '/readme.html' found: https://adamcaudill.com/readme.html
437
359
 
438
360
  Searching for common directories...
361
+ [I] Found: 'https://adamcaudill.com/2005/'
362
+ [I] Found: 'https://adamcaudill.com/2006/'
439
363
  [I] Found: 'https://adamcaudill.com/2004/'
440
364
  [I] Found: 'https://adamcaudill.com/2003/'
441
- [I] Found: 'https://adamcaudill.com/2011/'
442
- [I] Found: 'https://adamcaudill.com/2005/'
443
365
  [I] Found: 'https://adamcaudill.com/2008/'
444
- [I] Found: 'https://adamcaudill.com/2006/'
445
366
  [I] Found: 'https://adamcaudill.com/2007/'
446
- [I] Found: 'https://adamcaudill.com/2013/'
447
- [I] Found: 'https://adamcaudill.com/2016/'
448
- [I] Found: 'https://adamcaudill.com/2015/'
449
367
  [I] Found: 'https://adamcaudill.com/2010/'
368
+ [I] Found: 'https://adamcaudill.com/2011/'
369
+ [I] Found: 'https://adamcaudill.com/2013/'
450
370
  [I] Found: 'https://adamcaudill.com/2014/'
451
371
  [I] Found: 'https://adamcaudill.com/2009/'
372
+ [I] Found: 'https://adamcaudill.com/2016/'
373
+ [I] Found: 'https://adamcaudill.com/2015/'
452
374
  [I] Found: 'https://adamcaudill.com/About/'
453
375
  [I] Found: 'https://adamcaudill.com/Blog/'
454
376
  [I] Found: 'https://adamcaudill.com/about/'
455
377
  [I] Found: 'https://adamcaudill.com/archives/'
456
378
  [I] Found: 'https://adamcaudill.com/blog/'
457
379
  [I] Found: 'https://adamcaudill.com/feed/'
458
- [I] Found: 'https://adamcaudill.com/photo/'
380
+ [I] Found: 'https://adamcaudill.com/files/'
459
381
  [I] Found: 'https://adamcaudill.com/pgp/'
382
+ [I] Found: 'https://adamcaudill.com/photo/'
460
383
  [I] Found: 'https://adamcaudill.com/resume/'
461
384
  [I] Found: 'https://adamcaudill.com/tools/'
462
385
  [I] Found: 'https://adamcaudill.com/wp-content/'
463
386
  [I] Found: 'https://adamcaudill.com/wp-includes/'
464
387
 
465
- [I] Meta Generator: WordPress 4.6.1
388
+ [I] Meta Generator: WordPress 4.7
466
389
  Scan complete.
467
390
  ```
468
391
 
@@ -477,25 +400,100 @@ You'll notice that most lines begin with a letter in a bracket, this is to tell
477
400
 
478
401
  The indicator used may change over time based on new research or better detection techniques. In all cases, results should be carefully evaluated within the context of the application, how it's used, and what threats apply. The indicator is guidance, a hint if you will, it's up to you to determine the real impact.
479
402
 
480
- ### About The Name
403
+ ### TLS / SSL Testing
481
404
 
482
- When this project was started, the original name was "Yet Another Web Application Security Tool" - as the project became more serious, the name was changed. The current name better reflects the role of the tool, and its place in the penetration tester's workflow. It's meant to be a first step, to come before the serious manual work, and provide information to allow a tester to be up and running quicker. The tests that are performed are based on that goal, as well as the availability and complexity of tests in other tools. If another common tool can do a given task better, it won't be done here.
405
+ YAWAST offers two modes for testing TLS / SSL - one is custom, and most useful for internal systems, and the other uses the [SSL Labs](https://www.ssllabs.com/) API.
483
406
 
484
- ### Special Thanks
407
+ #### Internal Mode
485
408
 
486
- [dirbuster-ng](https://github.com/digination/dirbuster-ng) For the use of their `common.txt` directoty list. This list was the foundation of the list used by YAWAST.
487
- [Shopify](https://www.shopify.com/) for [ssllabs.rb](https://github.com/Shopify/ssllabs.rb), which provides the Qualsys SSL Labs integration.
409
+ To use the custom internal TLS / SSL scanner (which uses your copy of OpenSSL), simply pass `--internalssl` on the command line. Here is a sample of the output generated by this tester.
488
410
 
489
- ### License
411
+ ```
412
+ [I] Found X509 Certificate:
413
+ [I] Issued To: sni67677.cloudflaressl.com /
414
+ [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
415
+ [I] Version: 2
416
+ [I] Serial: 167670175484361448885961646389808341945
417
+ [I] Subject: /OU=Domain Control Validated/OU=PositiveSSL Multi-Domain/CN=sni67677.cloudflaressl.com
418
+ [I] Expires: 2017-07-02 23:59:59 UTC
419
+ [I] Signature Algorithm: ecdsa-with-SHA256
420
+ [I] Key: EC-prime256v1
421
+ [I] Key Hash: 26c91946d32c2e664dd4c131ffd2b11bd6270331
422
+ [I] Extensions:
423
+ [I] authorityKeyIdentifier = keyid:40:09:61:67:F0:BC:83:71:4F:DE:12:08:2C:6F:D4:D4:2B:76:3D:96,
424
+ [I] subjectKeyIdentifier = D0:F8:D6:82:36:B5:5C:AC:2D:9A:8E:7B:D9:D5:E6:99:38:B6:8C:FE
425
+ [I] keyUsage = critical, Digital Signature
426
+ [I] basicConstraints = critical, CA:FALSE
427
+ [I] extendedKeyUsage = TLS Web Server Authentication, TLS Web Client Authentication
428
+ [I] certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7, CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1,
429
+ [I] crlDistributionPoints = , Full Name:, URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl,
430
+ [I] authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com,
431
+ [I] Alternate Names:
432
+ [I] sni67677.cloudflaressl.com
433
+ [I] *.adamcaudill.com
434
+ [I] adamcaudill.com
435
+ [I] Hash: 06746b606927dab24f9b339329639151112c9363
436
+ https://censys.io/certificates?q=06746b606927dab24f9b339329639151112c9363
437
+ https://crt.sh/?q=06746b606927dab24f9b339329639151112c9363
490
438
 
491
- Copyright (c) 2013 - 2016, Adam Caudill (adam@adamcaudill.com)
439
+ [I] Certificate: Chain
440
+ [I] Issued To: sni67677.cloudflaressl.com /
441
+ [I] Issuer: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
442
+ [I] Expires: 2017-07-02 23:59:59 UTC
443
+ [I] Key: EC-prime256v1
444
+ [I] Signature Algorithm: ecdsa-with-SHA256
445
+ [I] Hash: 06746b606927dab24f9b339329639151112c9363
492
446
 
493
- All rights reserved.
447
+ [I] Issued To: COMODO ECC Domain Validation Secure Server CA 2 / COMODO CA Limited
448
+ [I] Issuer: COMODO ECC Certification Authority / COMODO CA Limited
449
+ [I] Expires: 2029-09-24 23:59:59 UTC
450
+ [I] Key: EC-prime256v1
451
+ [I] Signature Algorithm: ecdsa-with-SHA384
452
+ [I] Hash: 75cfd9bc5cefa104ecc1082d77e63392ccba5291
494
453
 
495
- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
454
+ [I] Issued To: COMODO ECC Certification Authority / COMODO CA Limited
455
+ [I] Issuer: AddTrust External CA Root / AddTrust AB
456
+ [I] Expires: 2020-05-30 10:48:38 UTC
457
+ [I] Key: EC-secp384r1
458
+ [I] Signature Algorithm: sha384WithRSAEncryption
459
+ [I] Hash: ae223cbf20191b40d7ffb4ea5701b65fdc68a1ca
496
460
 
497
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
498
461
 
499
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
462
+ Qualys SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
463
+
464
+ Supported Ciphers (based on your OpenSSL version):
465
+ Checking for TLSv1 suites (98 possible suites)
466
+ [I] Version: TLSv1 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA
467
+ [I] Version: TLSv1 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA
468
+ [W] Version: TLSv1 Bits: 112 Cipher: ECDHE-ECDSA-DES-CBC3-SHA
469
+ Checking for TLSv1_2 suites (98 possible suites)
470
+ [I] Version: TLSv1.2 Bits: 256 Cipher: ECDHE-ECDSA-AES256-GCM-SHA384
471
+ [I] Version: TLSv1.2 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA384
472
+ [I] Version: TLSv1.2 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA
473
+ [I] Version: TLSv1.2 Bits: 128 Cipher: ECDHE-ECDSA-AES128-GCM-SHA256
474
+ [I] Version: TLSv1.2 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA256
475
+ [I] Version: TLSv1.2 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA
476
+ Checking for TLSv1_1 suites (98 possible suites)
477
+ [I] Version: TLSv1.1 Bits: 256 Cipher: ECDHE-ECDSA-AES256-SHA
478
+ [I] Version: TLSv1.1 Bits: 128 Cipher: ECDHE-ECDSA-AES128-SHA
479
+ Checking for SSLv3 suites (98 possible suites)
480
+
481
+ [I] HSTS: Enabled (strict-transport-security: max-age=15552000; preload)
482
+ ```
483
+
484
+ This version is more limited than the SSL Labs option, though will work in cases where SSL Labs is unable to connect to the target server.
485
+
486
+ #### SSL Labs Mode
487
+
488
+ The default mode is to use the SSL Labs API, which makes all users bound by their [terms and conditions](https://www.ssllabs.com/downloads/Qualys_SSL_Labs_Terms_of_Use.pdf), and obviously results in the domain you are scanning being sent to them.
489
+
490
+ This mode is the most comprehensive, and contains far more data than the Internal Mode. Unless there is a good reason to use the Internal Mode, this is what you should use.
491
+
492
+ ### About The Name
493
+
494
+ When this project was started, the original name was "Yet Another Web Application Security Tool" - as the project became more serious, the name was changed. The current name better reflects the role of the tool, and its place in the penetration tester's workflow. It's meant to be a first step, to come before the serious manual work, and provide information to allow a tester to be up and running quicker. The tests that are performed are based on that goal, as well as the availability and complexity of tests in other tools. If another common tool can do a given task better, it won't be done here.
495
+
496
+ ### Special Thanks
500
497
 
501
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
498
+ * [SecLists](https://github.com/danielmiessler/SecLists) - Various lists are based on the resources collected by this project.
499
+ * [Shopify](https://www.shopify.com/) for [ssllabs.rb](https://github.com/Shopify/ssllabs.rb), which provides the Qualsys SSL Labs integration.
data/Rakefile CHANGED
@@ -18,13 +18,10 @@ task :codeclimate do
18
18
 
19
19
  require 'simplecov'
20
20
  require 'codeclimate-test-reporter'
21
+ end
21
22
 
23
+ task :submitcodeclimate do
22
24
  ENV['CODECLIMATE_REPO_TOKEN'] ='6fd9c710b9a6e0da2011c62b81075b9bd620200a2a400f4dbeab9c88829f4cb6'
23
25
 
24
- SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new([
25
- SimpleCov::Formatter::HTMLFormatter,
26
- CodeClimate::TestReporter::Formatter
27
- ])
28
-
29
- CodeClimate::TestReporter::Formatter.new.format(SimpleCov.result)
26
+ system 'codeclimate-test-reporter'
30
27
  end
data/bin/yawast CHANGED
@@ -20,6 +20,7 @@ command :scan do |c|
20
20
  c.option '--dir', 'Enables directory search'
21
21
  c.option '--dirrecursive', 'Recursive directory search (only with --dir)'
22
22
  c.option '--dirlistredir', 'Show 301 redirects (only with --dir)'
23
+ c.option '--files', 'Performs a search for a large list of common files'
23
24
  c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
24
25
  c.option '--cookie STRING', String, 'Session cookie'
25
26