yawast 0.6.0.beta4 → 0.6.0.beta5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +3 -2
- data/CHANGELOG.md +1 -0
- data/README.md +2 -1
- data/lib/resources/common_file.txt +214 -29
- data/lib/scanner/core.rb +3 -3
- data/lib/scanner/plugins/dns/generic.rb +48 -40
- data/lib/scanner/plugins/servers/apache.rb +22 -0
- data/lib/scanner/plugins/ssl/ssl.rb +55 -0
- data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +38 -3
- data/lib/scanner/plugins/ssl/sweet32.rb +7 -13
- data/lib/scanner/ssl.rb +5 -41
- data/lib/scanner/ssl_labs.rb +93 -37
- data/lib/shared/http.rb +16 -0
- data/lib/version.rb +1 -1
- data/lib/yawast.rb +2 -2
- data/test/data/hsts_disabled_server_header.txt +16 -0
- data/test/data/hsts_server_header.txt +17 -0
- data/test/data/ssl_labs_analyze_data_file_zetlab_com.json +3851 -0
- data/test/data/ssl_labs_analyze_data_parivahan_gov_in.json +1440 -0
- data/test/test_scan_apache.rb +50 -0
- data/test/test_scan_dns.rb +23 -0
- data/test/test_ssl.rb +43 -0
- data/test/test_ssl_labs_analyze.rb +29 -0
- data/test/test_ssl_sweet32.rb +29 -0
- data/test/test_yawast.rb +2 -1
- metadata +19 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 92439c2e610dc00a65cde05a4bed122f100d81fc
|
|
4
|
+
data.tar.gz: 62a8283127dcd7d69b159beccf215af178156168
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 89af74f2d41086e71b410a9daed6c2f3fb219e0629f20fa362503c25f5080184fb91620aeaedfa099ad894b500a05d77023ec456a7a323e4640c92a7484ead09
|
|
7
|
+
data.tar.gz: 07f65aa6e69696ee154d88cb6e36c3cf0492e9168b62405b61328186d549a3a8561cd5146f1c85b07f46dd1a7f21d123cf8529327c6a2f325b2bc062d4f0969c
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -10,6 +10,7 @@
|
|
|
10
10
|
* [#118](https://github.com/adamcaudill/yawast/issues/118) - Add check for CVE-2017-12617 - Apache Tomcat PUT RCE
|
|
11
11
|
* [#120](https://github.com/adamcaudill/yawast/issues/120) - Add Docker support
|
|
12
12
|
* [#122](https://github.com/adamcaudill/yawast/issues/122) - SSL Labs API v3
|
|
13
|
+
* [#125](https://github.com/adamcaudill/yawast/issues/125) - Add new search paths for Struts Sample Files
|
|
13
14
|
|
|
14
15
|
## 0.5.2 - 2017-07-13
|
|
15
16
|
|
data/README.md
CHANGED
|
@@ -50,7 +50,7 @@ The following tests are performed:
|
|
|
50
50
|
* *(Generic)* Presence of RELEASE-NOTES.txt
|
|
51
51
|
* *(Generic)* Presence of readme.html
|
|
52
52
|
* *(Generic)* Missing cookie flags (Secure, HttpOnly, and SameSite)
|
|
53
|
-
* *(Generic)* Search for files (14,
|
|
53
|
+
* *(Generic)* Search for files (14,169) & common directories (21,332)
|
|
54
54
|
* *(Apache)* Info Disclosure: Module listing enabled
|
|
55
55
|
* *(Apache)* Info Disclosure: Server version
|
|
56
56
|
* *(Apache)* Info Disclosure: OpenSSL module version
|
|
@@ -62,6 +62,7 @@ The following tests are performed:
|
|
|
62
62
|
* *(Apache Tomcat)* Tomcat Host Manager Weak Password
|
|
63
63
|
* *(Apache Tomcat)* Tomcat version detection via invalid HTTP verb
|
|
64
64
|
* *(Apache Tomcat)* Tomcat PUT RCE (CVE-2017-12617)
|
|
65
|
+
* *(Apache Struts)* Sample files which may be vulnerable
|
|
65
66
|
* *(IIS)* Info Disclosure: Server version
|
|
66
67
|
* *(ASP.NET)* Info Disclosure: ASP.NET version
|
|
67
68
|
* *(ASP.NET)* Info Disclosure: ASP.NET MVC version
|