yawast 0.6.0.beta2 → 0.6.0.beta3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 779f6a4e3931af042ba6a710c3977dd90598c7a5
-  data.tar.gz: b4e509b33ff1f30567fd3e82045a528bba245194
+  metadata.gz: 22035a8dee3ff0cb29da78d15ae0e664c3ec3246
+  data.tar.gz: 02e2880f7d8569b17bc11d1b88481895dcd1b992
 SHA512:
-  metadata.gz: 17103ce8c7a19214dad58f4ae90dd5778d47c1e7238612ff6084a191e232202d2f25d23b3694c7a18cef9229e43ae47a671bd8fc335b969cf04e17b5b3a8f07d
-  data.tar.gz: 64be510794ac840caa60c864766fc683c6d2927e46debc85964131769db5e12997ffbff905f57b7ccc75b7b4e6114a69f1c9d8330b4657086475312dead484fe
+  metadata.gz: dab8b3cc377e7d2d8b5a33ceea9e0b62dc0e43d732c39fd4daaa32bd4f0a410057ba45a219a9fb65ea32a6cd91b0ea6be7d0cbb7db61fcb4f70b58f6c34d4bd1
+  data.tar.gz: 32a6f3f8486aa9c9a597b1ad3d546a63def8ae650e0555e62e440c378b54c95c4bd09f0d891828f4d66ca10992274d74336fa684af765d34b7f1aa018a1cf657

data/CHANGELOG.md

@@ -1,7 +1,13 @@
 ## 0.6.0 - In Development
 
+* [#54](https://github.com/adamcaudill/yawast/issues/54) - Check for Python version in Server header
 * [#109](https://github.com/adamcaudill/yawast/issues/109) - DNS CAA Support
 * [#113](https://github.com/adamcaudill/yawast/issues/113) - Better False Positive Detection For Directory Search
+* [#115](https://github.com/adamcaudill/yawast/issues/115) - Add dns Command
+* [#116](https://github.com/adamcaudill/yawast/issues/116) - Add option '--nodns' to skip DNS checks
+* [#117](https://github.com/adamcaudill/yawast/issues/117) - Show additional information about the TLS connection
+* [#118](https://github.com/adamcaudill/yawast/issues/118) - Add check for CVE-2017-12617 - Apache Tomcat PUT RCE
+* [#120](https://github.com/adamcaudill/yawast/issues/120) - Add Docker support
 
 ## 0.5.2 - 2017-07-13
 

data/Dockerfile

@@ -0,0 +1,12 @@
+FROM ruby:2.4-jessie
+
+COPY . /data
+WORKDIR /data
+
+ENV LANG      C.UTF-8
+ENV LANGUAGE  C.UTF-8
+ENV LC_ALL    C.UTF-8
+
+RUN bundle
+
+ENTRYPOINT ["/data/bin/yawast"]

data/README.md

@@ -22,11 +22,21 @@ This allows for simple updates (`gem update yawast`) and makes it easy to ensure
 
 YAWAST requires Ruby 2.2+, and is tested on Mac OSX, Linux, and Windows.
 
-**Kali Rolling**
+#### Docker
 
-To install on Kali, just run `gem install yawast` - all of the dependentcies are already installed.
+YAWAST can be run inside a docker container.
 
-**Ubuntu 16.04**
+```
+docker pull adamcaudill/yawast && docker run --rm adamcaudill/yawast scan <url> ...
+```
+
+This is the recommended option, especially if you need to perform the SWEET32 test (`--tdessessioncount`), due to OpenSSL dropping support for the 3DES cipher suites.
+
+#### Kali Rolling
+
+To install on Kali, just run `gem install yawast` - all of the dependencies are already installed. *Note:* The version of OpenSSL used with Kali doesn't support 3DES cipher suites, so some tests, such as SWEET32 do not work. If you need these tests to work, using the Docker image is the recommended solution.
+
+#### Ubuntu 16.04
 
 To install YAWAST, you first need to install a couple packages via `apt-get`:
 
@@ -35,7 +45,7 @@ sudo apt-get install ruby ruby-dev
 sudo gem install yawast
 ```
 
-**Mac OSX**
+#### Mac OSX
 
 The version of Ruby shipped with Mac OSX 10.11 is too old, so the recommended solution is to use RVM:
 
@@ -43,14 +53,14 @@ The version of Ruby shipped with Mac OSX 10.11 is too old, so the recommended so
 gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
 \curl -sSL https://get.rvm.io | bash -s stable
 source ~/.rvm/scripts/rvm
-rvm install 2.2
-rvm use 2.2 --default
+rvm install 2.4
+rvm use 2.4 --default
 gem install yawast
 ```
 
-**Windows**
+#### Windows
 
-To install on Windows, you need to first install Ruby; this can be done easily with the latest version of [RubyInstaller](https://rubyinstaller.org/downloads/). Once Ruby is installed, YAWAST can be installed via `gem install yawast` as normal.
+To install on Windows, you need to first install Ruby. This can be done easily with the latest version of [RubyInstaller](https://rubyinstaller.org/downloads/). Once Ruby is installed, YAWAST can be installed via `gem install yawast` as normal.
 
 ### Tests
 
@@ -87,6 +97,7 @@ The following tests are performed:
 * *(Apache Tomcat)* Tomcat Manager Weak Password
 * *(Apache Tomcat)* Tomcat Host Manager Weak Password
 * *(Apache Tomcat)* Tomcat version detection via invalid HTTP verb
+* *(Apache Tomcat)* Tomcat PUT RCE (CVE-2017-12617)
 * *(IIS)* Info Disclosure: Server version
 * *(ASP.NET)* Info Disclosure: ASP.NET version
 * *(ASP.NET)* Info Disclosure: ASP.NET MVC version
@@ -105,7 +116,8 @@ SSL Information:
 * Certificate details
 * Certificate chain
 * Supported ciphers
-* Maximum requests in a single connection
+* Maximum requests using 3DES in a single connection
+* DNS CAA records
 
 Checks for the following SSL issues are performed:
 
@@ -121,12 +133,12 @@ In addition to these tests, certain basic information is also displayed, such as
 
 ### Usage
 
-* Standard scan: `./yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--files] [--srv [--subdomains] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
-* HEAD-only scan: `./yawast head <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
-* SSL information: `./yawast ssl <url> [--internalssl] [--tdessessioncount] [--nociphers]`
-* CMS detection: `./yawast cms <url> [--proxy localhost:8080] [--cookie SESSIONID=12345]`
+* Standard scan: `yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--dirrecursive] [--dirlistredir] [--files] [--srv] [--subdomains] [--proxy localhost:8080] [--cookie SESSIONID=12345] [--nodns]`
+* HEAD-only scan: `yawast head <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
+* SSL information: `yawast ssl <url> [--internalssl] [--tdessessioncount] [--nociphers]`
+* CMS detection: `yawast cms <url> [--proxy localhost:8080] [--cookie SESSIONID=12345]`
 
-For detailed information, just call `./yawast -h` to see the help page. To see information for a specific command, call `./yawast -h <command>` for full details. Here is an example, the details for the options to the `scan` command:
+For detailed information, just call `yawast -h` to see the help page. To see information for a specific command, call `yawast -h <command>` for full details. Here is an example, the details for the options to the `scan` command:
 
 ```
   OPTIONS:
@@ -166,9 +178,12 @@ For detailed information, just call `./yawast -h` to see the help page. To see i
         
     --cookie STRING 
         Session cookie
+        
+    --nodns 
+        Disable DNS checks
 ```
 
-### Using with Burp Suite
+### Using with Zap / Burp Suite
 
 By default, Burp Suite's proxy listens on localhost at port 8080, to use YAWAST with Burp Suite (or any proxy for that matter), just add this to the command line:
 
@@ -193,64 +208,67 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
     | || | | \  /\  / | | |/\__/ / | |  
     \_/\_| |_/\/  \/\_| |_/\____/  \_/  
   
-  YAWAST v0.5.0.beta3 - The YAWAST Antecedent Web Application Security Toolkit
+  YAWAST v0.6.0.beta3 - The YAWAST Antecedent Web Application Security Toolkit
    Copyright (c) 2013-2017 Adam Caudill <adam@adamcaudill.com>
    Support & Documentation: https://github.com/adamcaudill/yawast
    Ruby 2.2.4-p230; OpenSSL 1.0.2j  26 Sep 2016 (x86_64-darwin16)
+   Latest Version: YAWAST v0.5.2 is the officially supported version, please update.
   
   Scanning: https://adamcaudill.com/
   
   DNS Information:
   [I] 		104.28.27.55 (N/A)
   [I] 			US - CLOUDFLARENET - CloudFlare, Inc.
-  [I] 			San Francisco, California, US
   			https://www.shodan.io/host/104.28.27.55
   			https://censys.io/ipv4/104.28.27.55
   [I] 		104.28.26.55 (N/A)
   [I] 			US - CLOUDFLARENET - CloudFlare, Inc.
-  [I] 			San Francisco, California, US
   			https://www.shodan.io/host/104.28.26.55
   			https://censys.io/ipv4/104.28.26.55
-  [I] 		2400:CB00:2048:1::681C:1B37 (N/A)
-  [I] 			US - CLOUDFLARENET - CloudFlare, Inc.
-  [I] 			US
-  			https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
   [I] 		2400:CB00:2048:1::681C:1A37 (N/A)
   [I] 			US - CLOUDFLARENET - CloudFlare, Inc.
-  [I] 			US
   			https://www.shodan.io/host/2400:cb00:2048:1::681c:1a37
-  [I] 		TXT: google-site-verification=QTO_7Q7UXmrUIwieJliLTXV3XuQdqNvTPVcug_TwH0w
+  [I] 		2400:CB00:2048:1::681C:1B37 (N/A)
+  [I] 			US - CLOUDFLARENET - CloudFlare, Inc.
+  			https://www.shodan.io/host/2400:cb00:2048:1::681c:1b37
   [I] 		TXT: v=spf1 mx a ptr include:_spf.google.com ~all
-  [I] 		TXT: brave-ledger-verification=1
-  [I] 		MX: aspmx5.googlemail.com (30) - 64.233.161.27 (US - GOOGLE - Google Inc.)
-  [I] 		MX: aspmx4.googlemail.com (30) - 74.125.143.26 (US - GOOGLE - Google Inc.)
-  [I] 		MX: aspmx3.googlemail.com (30) - 64.233.186.27 (US - GOOGLE - Google Inc.)
-  [I] 		MX: alt2.aspmx.l.google.com (20) - 74.125.133.26 (US - GOOGLE - Google Inc.)
-  [I] 		MX: aspmx2.googlemail.com (30) - 209.85.202.26 (US - GOOGLE - Google Inc.)
-  [I] 		MX: alt1.aspmx.l.google.com (20) - 209.85.202.27 (US - GOOGLE - Google Inc.)
-  [I] 		MX: aspmx.l.google.com (10) - 108.177.12.27 (US - GOOGLE - Google Inc.)
+  [I] 		TXT: brave-ledger-verification=0262b8f382f60074e0131f65243fa7caba48b15eb664ec8d0d3e0b3a26a45b47
+  [I] 		TXT: google-site-verification=QTO_7Q7UXmrUIwieJliLTXV3XuQdqNvTPVcug_TwH0w
+  [I] 		MX: aspmx5.googlemail.com (30) - 64.233.165.27 (US - GOOGLE - Google Inc.)
+  [I] 		MX: aspmx4.googlemail.com (30) - 173.194.69.27 (US - GOOGLE - Google Inc.)
+  [I] 		MX: aspmx3.googlemail.com (30) - 74.125.140.26 (US - GOOGLE - Google Inc.)
+  [I] 		MX: alt2.aspmx.l.google.com (20) - 74.125.140.27 (US - GOOGLE - Google Inc.)
+  [I] 		MX: aspmx2.googlemail.com (30) - 209.85.202.27 (US - GOOGLE - Google Inc.)
+  [I] 		MX: alt1.aspmx.l.google.com (20) - 209.85.202.26 (US - GOOGLE - Google Inc.)
+  [I] 		MX: aspmx.l.google.com (10) - 74.125.31.27 (US - GOOGLE - Google Inc.)
   [I] 		NS: hal.ns.cloudflare.com - 173.245.59.174 (US - CLOUDFLARENET - CloudFlare, Inc.)
   [I] 		NS: vera.ns.cloudflare.com - 173.245.58.147 (US - CLOUDFLARENET - CloudFlare, Inc.)
   [I] 		SRV: _bittorrent._tcp.adamcaudill.com: example.com:1 - 93.184.216.34 (US - EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business)
   [I] 		A: www.adamcaudill.com: 104.28.27.55 (US - CLOUDFLARENET - CloudFlare, Inc.)
   [I] 		A: www.adamcaudill.com: 104.28.26.55 (US - CLOUDFLARENET - CloudFlare, Inc.)
+  [I] 		CAA (adamcaudill.com): 0 iodef "mailto:adam@adamcaudill.com"
+  [I] 		CAA (adamcaudill.com): 0 issue "digicert.com"
+  [I] 		CAA (adamcaudill.com): 0 issue "comodoca.com"
+  [I] 		CAA (adamcaudill.com): 0 issue "globalsign.com"
+  [I] 		CAA (adamcaudill.com): 0 issue "letsencrypt.org"
+  [I] 		CAA (com): No Records Found
   
   [I] HEAD:
-  [I] 		date: Sat, 11 Mar 2017 20:25:53 GMT
+  [I] 		date: Wed, 11 Oct 2017 16:08:38 GMT
   [I] 		content-type: text/html; charset=UTF-8
   [I] 		connection: close
-  [I] 		set-cookie: __cfduid=1; expires=Sun, 11-Mar-18 20:25:53 GMT; path=/; domain=.adamcaudill.com; HttpOnly
+  [I] 		set-cookie: __cfduid=0123456789abcdef; expires=Thu, 11-Oct-18 16:08:38 GMT; path=/; domain=.adamcaudill.com; HttpOnly
   [I] 		vary: Accept-Encoding,Cookie
-  [I] 		last-modified: Sun, 05 Mar 2017 16:55:57 GMT
+  [I] 		last-modified: Wed, 04 Oct 2017 18:55:34 GMT
   [I] 		x-content-type-options: nosniff
   [I] 		x-frame-options: sameorigin
   [I] 		pragma: public
   [I] 		cache-control: public, max-age=86400
   [I] 		cf-cache-status: HIT
-  [I] 		expires: Sun, 12 Mar 2017 20:25:53 GMT
+  [I] 		expires: Thu, 12 Oct 2017 16:08:38 GMT
   [I] 		strict-transport-security: max-age=15552000; preload
   [I] 		server: cloudflare-nginx
-  [I] 		cf-ray: 1-MIA
+  [I] 		cf-ray: 3ac31446ce295308-MIA
   
   [I] NOTE: Server appears to be Cloudflare; WAF may be in place.
   
@@ -260,32 +278,32 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
   [W] Public-Key-Pins Header Not Present
   
   [I] Cookies:
-  [I] 		__cfduid=1; expires=Sun, 11-Mar-18 20:25:53 GMT; path=/; domain=.adamcaudill.com; HttpOnly
+  [I] 		__cfduid=0123456789abcdef; expires=Thu, 11-Oct-18 16:08:38 GMT; path=/; domain=.adamcaudill.com; HttpOnly
   [W] 			Cookie missing Secure flag
   [W] 			Cookie missing SameSite flag
   
   
   Beginning SSL Labs scan (this could take a minute or two)
   [SSL Labs] This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html
-  ............................
+  .............................
   
   	SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=adamcaudill.com&hideResults=on
   
   [I] IP: 104.28.27.55 - Grade: A+
   
   	Certificate Information:
-  [I] 		Subject: CN=sni67677.cloudflaressl.com,OU=PositiveSSL Multi-Domain,OU=Domain Control Validated
+  [I] 		Subject: CN=sni67677.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
   [I] 		Common Names: ["sni67677.cloudflaressl.com"]
   [I] 		Alternative names:
   [I] 			sni67677.cloudflaressl.com
   [I] 			*.adamcaudill.com
   [I] 			adamcaudill.com
-  [I] 		Not Before: 2017-02-23T00:00:00+00:00
-  [I] 		Not After: 2017-08-06T23:59:59+00:00
+  [I] 		Not Before: 2017-07-26T00:00:00+00:00
+  [I] 		Not After: 2018-02-01T23:59:59+00:00
   [I] 		Key: EC 256 (RSA equivalent: 3072)
-  [I] 		Public Key Hash: c19ebb18e1bb524f684f89cd90f8c6365277f678
+  [I] 		Public Key Hash: c4c5ab4bd6d16a18d32437ae35f2b5d22fa0a59b
   [I] 		Version: 2
-  [I] 		Serial: 220844199202016449134238880152306048120
+  [I] 		Serial: 77574794376740264441751965250081500687
   [I] 		Issuer: COMODO ECC Domain Validation Secure Server CA 2
   [I] 		Signature algorithm: SHA256withECDSA
   [I] 		Extended Validation: No (Domain Control)
@@ -303,9 +321,9 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
   [I] 			certificatePolicies = Policy: 1.3.6.1.4.1.6449.1.2.2.7,   CPS: https://secure.comodo.com/CPS, Policy: 2.23.140.1.2.1, 
   [I] 			crlDistributionPoints = , Full Name:,   URI:http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl, 
   [I] 			authorityInfoAccess = CA Issuers - URI:http://crt.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crt, OCSP - URI:http://ocsp.comodoca4.com, 
-  [I] 		Hash: 9f911f4c6f6b58bb239c526ad8eb8cc5ef641947
-  			https://censys.io/certificates?q=9f911f4c6f6b58bb239c526ad8eb8cc5ef641947
-  			https://crt.sh/?q=9f911f4c6f6b58bb239c526ad8eb8cc5ef641947
+  [I] 		Hash: 2cf22bbb21e5a3eaa042feadc8fbc86ff0d3b1e1
+  			https://censys.io/certificates?q=2cf22bbb21e5a3eaa042feadc8fbc86ff0d3b1e1
+  			https://crt.sh/?q=2cf22bbb21e5a3eaa042feadc8fbc86ff0d3b1e1
   
   	Configuration Information:
   		Protocol Support:
@@ -314,15 +332,17 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
   [I] 			TLS 1.2
   
   		Cipher Suite Support:
+  [I] 			TLS_AES_128_GCM_SHA256                             - 128-bits
   [I] 			TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            - 128-bits - ECDHE-256-bits
-  [I] 			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            - 128-bits - ECDHE-256-bits
   [I] 			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA               - 128-bits - ECDHE-256-bits
+  [I] 			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256            - 128-bits - ECDHE-256-bits
+  [I] 			TLS_AES_256_GCM_SHA384                             - 256-bits
+  [I] 			TLS_CHACHA20_POLY1305_SHA256                       - 256-bits
+  [I] 			OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256  - 256-bits - ECDHE-256-bits
+  [I] 			TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      - 256-bits - ECDHE-256-bits
   [I] 			TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            - 256-bits - ECDHE-256-bits
-  [I] 			TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384            - 256-bits - ECDHE-256-bits
   [I] 			TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA               - 256-bits - ECDHE-256-bits
-  [I] 			TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256      - 256-bits - ECDHE-256-bits
-  [I] 			OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256  - 256-bits - ECDHE-256-bits
-  [W] 			TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA              - 112-bits - ECDHE-256-bits
+  [I] 			TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384            - 256-bits - ECDHE-256-bits
   
   		Handshake Simulation:
   [E] 			Android 2.3.7                - Simulation Failed
@@ -337,11 +357,11 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
   [I] 			Baidu Jan 2015               - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
   [I] 			BingPreview Jan 2015         - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   [E] 			Chrome 49 / XP SP3           - Simulation Failed
-  [I] 			Chrome 51 / Win 7            - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+  [I] 			Chrome 57 / Win 7            -  - TLS_AES_128_GCM_SHA256
   [I] 			Firefox 31.3.0 ESR / Win 7   - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   [I] 			Firefox 47 / Win 7           - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   [I] 			Firefox 49 / XP SP3          - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-  [I] 			Firefox 49 / Win 7           - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+  [I] 			Firefox 53 / Win 7           -  - TLS_AES_128_GCM_SHA256
   [I] 			Googlebot Feb 2015           - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   [E] 			IE 6 / XP                    - Simulation Failed
   [I] 			IE 7 / Vista                 - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
@@ -362,12 +382,12 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
   [I] 			OpenSSL 1.0.1l               - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   [I] 			OpenSSL 1.0.2e               - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   [I] 			Safari 5.1.9 / OS X 10.6.8   - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-  [I] 			Safari 6 / iOS 6.0.1         - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+  [I] 			Safari 6 / iOS 6.0.1         - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
   [I] 			Safari 6.0.4 / OS X 10.8.4   - TLS 1.0 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-  [I] 			Safari 7 / iOS 7.1           - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-  [I] 			Safari 7 / OS X 10.9         - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-  [I] 			Safari 8 / iOS 8.4           - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-  [I] 			Safari 8 / OS X 10.10        - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+  [I] 			Safari 7 / iOS 7.1           - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+  [I] 			Safari 7 / OS X 10.9         - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+  [I] 			Safari 8 / iOS 8.4           - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+  [I] 			Safari 8 / OS X 10.10        - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
   [I] 			Safari 9 / iOS 9             - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   [I] 			Safari 9 / OS X 10.11        - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
   [I] 			Safari 10 / iOS 10           - TLS 1.2 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
@@ -393,11 +413,43 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
   [I] 			DH public server param (Ys) reuse: No
   [I] 			Protocol Intolerance: No
   
+  Confirming your OpenSSL supports 3DES cipher suites...
   TLS Session Request Limit: Checking number of requests accepted using 3DES suites...
-  Cloudflare server found: SWEET32 mitigated: https://support.cloudflare.com/hc/en-us/articles/231510928
+  
+  [I] TLS Session Request Limit: Server does not support 3DES cipher suites
   
   [I] HSTS: Enabled (strict-transport-security: max-age=15552000; preload)
   [I] HSTS Preload: Chrome - false; Firefox - false; Tor - false
+  SSL-Session:
+      Protocol  : TLSv1.2
+      Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256
+      Session-ID: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+      Session-ID-ctx: 
+      Master-Key: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+      Key-Arg   : None
+      PSK identity: None
+      PSK identity hint: None
+      SRP username: None
+      TLS session ticket lifetime hint: 64800 (seconds)
+      TLS session ticket:
+      0000 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      0070 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      0080 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      0090 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      00a0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      00b0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+      00c0 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+  
+      Start Time: 1507738278
+      Timeout   : 300 (sec)
+      Verify return code: 20 (unable to get local issuer certificate)
+  
   [W] '/readme.html' found: https://adamcaudill.com/readme.html
   
   
@@ -408,29 +460,32 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
   [I] '/sitemap_index.xml' found: https://adamcaudill.com/sitemap_index.xml
   [I] '/tools' found: https://adamcaudill.com/tools
   [I] '/wp-config.php' found: https://adamcaudill.com/wp-config.php
-  [I] '/wp-cron.php' found: https://adamcaudill.com/wp-cron.php
   [I] '/wp-links-opml.php' found: https://adamcaudill.com/wp-links-opml.php
+  [I] '/wp-cron.php' found: https://adamcaudill.com/wp-cron.php
   [I] '/wp-load.php' found: https://adamcaudill.com/wp-load.php
   [I] '/wp-login.php' found: https://adamcaudill.com/wp-login.php
   [I] '/keybase.txt' found: https://adamcaudill.com/keybase.txt
   
+  [I] Allow HTTP Verbs (OPTIONS): OPTIONS,GET,HEAD,POST
+  
   Searching for common directories...
   [I] 	Found: 'https://adamcaudill.com//'
   [I] 	Found: 'https://adamcaudill.com/0000/'
-  [I] 	Found: 'https://adamcaudill.com/2004/'
   [I] 	Found: 'https://adamcaudill.com/2003/'
+  [I] 	Found: 'https://adamcaudill.com/2008/'
   [I] 	Found: 'https://adamcaudill.com/2005/'
+  [I] 	Found: 'https://adamcaudill.com/2004/'
   [I] 	Found: 'https://adamcaudill.com/2006/'
+  [I] 	Found: 'https://adamcaudill.com/2009/'
   [I] 	Found: 'https://adamcaudill.com/2007/'
-  [I] 	Found: 'https://adamcaudill.com/2008/'
+  [I] 	Found: 'https://adamcaudill.com/2015/'
   [I] 	Found: 'https://adamcaudill.com/2011/'
-  [I] 	Found: 'https://adamcaudill.com/2009/'
-  [I] 	Found: 'https://adamcaudill.com/2010/'
   [I] 	Found: 'https://adamcaudill.com/2012/'
+  [I] 	Found: 'https://adamcaudill.com/2010/'
   [I] 	Found: 'https://adamcaudill.com/2013/'
-  [I] 	Found: 'https://adamcaudill.com/2015/'
   [I] 	Found: 'https://adamcaudill.com/2014/'
   [I] 	Found: 'https://adamcaudill.com/2016/'
+  [I] 	Found: 'https://adamcaudill.com/2017/'
   [I] 	Found: 'https://adamcaudill.com/ABOUT/'
   [I] 	Found: 'https://adamcaudill.com/ARCHIVES/'
   [I] 	Found: 'https://adamcaudill.com/About/'
@@ -453,7 +508,7 @@ $ yawast scan https://adamcaudill.com --tdessessioncount --dir --files --srv --s
   [I] 	Found: 'https://adamcaudill.com/tools/'
   [I] 	Found: 'https://adamcaudill.com/wp-content/'
   
-  [I] Meta Generator: WordPress 4.7.2
+  [I] Meta Generator: WordPress 4.8.2
   Scan complete.
 ```
 

data/bin/yawast

@@ -25,6 +25,7 @@ command :scan do |c|
   c.option '--subdomains', 'Search for Common Subdomains'
   c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
   c.option '--cookie STRING', String, 'Session cookie'
+  c.option '--nodns', 'Disable DNS checks'
 
   c.action do |args, options|
     Yawast::Commands::Scan.process(args, options)
@@ -41,6 +42,7 @@ command :head do |c|
   c.option '--tdessessioncount', 'Counts the number of messages that can be sent in a single session'
   c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
   c.option '--cookie STRING', String, 'Session cookie'
+  c.option '--nodns', 'Disable DNS checks'
 
   c.action do |args, options|
     Yawast::Commands::Head.process(args, options)
@@ -72,6 +74,15 @@ command :cms do |c|
   end
 end
 
+command :dns do |c|
+  c.syntax = './yawast dns URL'
+  c.description = 'Gets information about the server DNS configuration'
+
+  c.action do |args, options|
+    Yawast::Commands::DNS.process(args, options)
+  end
+end
+
 command :cert do |c|
   c.syntax = './yawast cert --input <file>'
   c.description = 'Gets information about the certificates used'

data/lib/commands/dns.rb

@@ -0,0 +1,16 @@
+module Yawast
+  module Commands
+    class DNS
+      def self.process(args, options)
+        uri = Yawast::Commands::Utils.extract_uri(args)
+
+        Yawast.header
+
+        puts "Scanning: #{@uri}"
+        puts
+
+        Yawast::Scanner::Plugins::DNS::Generic.dns_info uri, options
+      end
+    end
+  end
+end

data/lib/scanner/core.rb

@@ -22,13 +22,18 @@ module Yawast
 
           Yawast.set_openssl_options
 
-          Yawast::Scanner::Plugins::DNS::Generic.dns_info @uri, options
+          unless options.nodns
+            Yawast::Scanner::Plugins::DNS::Generic.dns_info @uri, options
+          end
         end
 
         @setup = true
       end
 
       def self.process(uri, options)
+        # get the start time, so we can display elapsed time
+        start_time = Time.now
+
         setup(uri, options)
 
         begin
@@ -44,12 +49,16 @@ module Yawast
 
           #process the 'scan' stuff that goes beyond 'head'
           unless options.head
-            #server specific checks
-            Yawast::Scanner::Apache.check_all(@uri)
-            Yawast::Scanner::Iis.check_all(@uri, head)
+            # connection details for SSL
+            Yawast::Scanner::Generic.ssl_connection_info @uri
+
+            # server specific checks
+            Yawast::Scanner::Plugins::Servers::Apache.check_all(@uri)
+            Yawast::Scanner::Plugins::Servers::Iis.check_all(@uri, head)
 
             Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri, options.files
 
+            # generic header checks
             Yawast::Scanner::Generic.check_propfind(@uri)
             Yawast::Scanner::Generic.check_options(@uri)
             Yawast::Scanner::Generic.check_trace(@uri)
@@ -62,7 +71,11 @@ module Yawast
             get_cms(@uri, options)
           end
 
-          puts 'Scan complete.'
+          # get the total time to complete the scan. this works as long as the scan take
+          # less than 24 hours. if a scan is that long, we have bigger problems
+          elapsed_time = Time.at(Time.now - start_time).utc.strftime('%H:%M:%S')
+
+          puts "Scan complete (#{elapsed_time} seconds)."
         rescue => e
           Yawast::Utilities.puts_error "Fatal Error: Can not continue. (#{e.class}: #{e.message})"
         end

data/lib/scanner/generic.rb

@@ -46,10 +46,11 @@ module Yawast
           puts ''
 
           if server != ''
-            Yawast::Scanner::Apache.check_banner(server)
+            Yawast::Scanner::Plugins::Servers::Apache.check_banner(server)
             Yawast::Scanner::Php.check_banner(server)
-            Yawast::Scanner::Iis.check_banner(server)
-            Yawast::Scanner::Nginx.check_banner(server)
+            Yawast::Scanner::Plugins::Servers::Iis.check_banner(server)
+            Yawast::Scanner::Plugins::Servers::Nginx.check_banner(server)
+            Yawast::Scanner::Plugins::Servers::Python.check_banner(server)
 
             if server == 'cloudflare-nginx'
               Yawast::Utilities.puts_info 'NOTE: Server appears to be Cloudflare; WAF may be in place.'
@@ -163,6 +164,11 @@ module Yawast
           if res['Public'] != nil
             Yawast::Utilities.puts_info "Public HTTP Verbs (OPTIONS): #{res['Public']}"
 
+            puts ''
+          end
+          if res['Allow'] != nil
+            Yawast::Utilities.puts_info "Allow HTTP Verbs (OPTIONS): #{res['Allow']}"
+
             puts ''
           end
         end
@@ -199,6 +205,31 @@ module Yawast
           end
         end
       end
+
+      def self.ssl_connection_info(uri)
+        begin
+          # we only care if this is https
+          if uri.scheme == 'https'
+            # setup the connection
+            socket = TCPSocket.new(uri.host, uri.port)
+
+            ctx = OpenSSL::SSL::SSLContext.new
+            ctx.ciphers = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers]
+
+            ssl = OpenSSL::SSL::SSLSocket.new(socket, ctx)
+            ssl.hostname = uri.host
+            ssl.connect
+
+            # this provides a bunch of useful info, that's already formatted
+            #  instead of building this manually, we'll let OpenSSL do the work
+            puts ssl.session.to_text
+
+            puts
+          end
+        rescue => e
+          Yawast::Utilities.puts_error "SSL Information: Error Getting Details: #{e.message}"
+        end
+      end
     end
 
     #Custom class to allow using the PROPFIND verb