yawast 0.7.0.beta3 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7b0bb4cac61cb155a8c1bd6ac9393bfd7191e617
4
- data.tar.gz: 11d3f67fb4d47496a67021a9802138713d167892
3
+ metadata.gz: 0ae21762fe7abf26bd16283e6a104c1013c446b7
4
+ data.tar.gz: 31549266d294f446a7e803e77cecd0e7e2bc999b
5
5
  SHA512:
6
- metadata.gz: 36da9932032084faf8641741829ad7df7a2bdfa8be6f7c73ad05e6f3a0cedce7092b59be3dbd935b25ffe4ac3d7b22aaffffb55ba3fd6eba4b0219e12a75241d
7
- data.tar.gz: a0f36333064f4299d03ba7139fe6fe8821929107730c9b5cdbfe584977be05ee211ffeb3dd1fe1bd33261285015725cc77f77abd99b2c8898fc7e841468140b3
6
+ metadata.gz: 886b7a4bf891d77eeca0f65a50733eb43aa6414c9d4d38a52acc363c1d6184df4b02d1ebf957ffc9637cb32097b088ae95527a90dbbdad58431403d327ec63a4
7
+ data.tar.gz: edd06c1933bda3b8643b9e6a06a8e690fa34f8136db9de5abdc446e08cc3fc766ffe8fc6f0ea514f76527630f718e35c30b9279a5dd6a01768d444cc05646e97
data/CHANGELOG.md CHANGED
@@ -1,4 +1,4 @@
1
- ## 0.7.0 - In Development
1
+ ## 0.7.0 - 2019-04-19
2
2
 
3
3
  * [#38](https://github.com/adamcaudill/yawast/issues/38) - JSON Output Option via `--output=` (work in progress)
4
4
  * [#133](https://github.com/adamcaudill/yawast/issues/133) - Include a Timestamp In Output
@@ -16,6 +16,7 @@
16
16
  * [#156](https://github.com/adamcaudill/yawast/issues/156) - Check for Rails CVE-2019-5418
17
17
  * [#157](https://github.com/adamcaudill/yawast/issues/157) - Add check for Nginx Status Page
18
18
  * [#158](https://github.com/adamcaudill/yawast/issues/158) - Add check for Tomcat RCE CVE-2019-0232
19
+ * [#161](https://github.com/adamcaudill/yawast/issues/161) - Add WordPress WP-JSON User Enumeration
19
20
  * [#130](https://github.com/adamcaudill/yawast/issues/130) - Bug: HSTS Error leads to printing HTML
20
21
  * [#132](https://github.com/adamcaudill/yawast/issues/132) - Bug: Typo in SSL Output
21
22
  * [#142](https://github.com/adamcaudill/yawast/issues/142) - Bug: Error In Collecting DNS Information
data/Dockerfile CHANGED
@@ -1,8 +1,50 @@
1
1
  FROM ruby:2.4-jessie
2
2
 
3
+ RUN apt-get update && apt-get install -y \
4
+ apt-transport-https \
5
+ ca-certificates \
6
+ curl \
7
+ wget \
8
+ gnupg \
9
+ unzip \
10
+ --no-install-recommends \
11
+ && curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
12
+ && echo "deb https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
13
+ && apt-get update && apt-get install -y google-chrome-stable \
14
+ fontconfig \
15
+ fonts-ipafont-gothic \
16
+ fonts-wqy-zenhei \
17
+ fonts-thai-tlwg \
18
+ fonts-kacst \
19
+ fonts-noto \
20
+ ttf-freefont \
21
+ --no-install-recommends \
22
+ && apt-get clean \
23
+ && rm -rf /var/lib/apt/lists/*
24
+
25
+ RUN CHROME_STRING=$(/usr/bin/google-chrome-stable --version) \
26
+ && CHROME_VERSION_STRING=$(echo "${CHROME_STRING}" | grep -oP "\d+\.\d+\.\d+\.\d+") \
27
+ && CHROME_MAJOR_VERSION=$(echo "${CHROME_VERSION_STRING%%.*}") \
28
+ && wget --no-verbose -O /tmp/LATEST_RELEASE "https://chromedriver.storage.googleapis.com/LATEST_RELEASE_${CHROME_MAJOR_VERSION}" \
29
+ && CD_VERSION=$(cat "/tmp/LATEST_RELEASE") \
30
+ && rm /tmp/LATEST_RELEASE \
31
+ && CHROME_DRIVER_VERSION="${CD_VERSION}" \
32
+ && echo "Using chromedriver version: "$CD_VERSION \
33
+ && echo "Using Chrome version: "$CHROME_VERSION_STRING \
34
+ && wget --no-verbose -O /tmp/chromedriver_linux64.zip https://chromedriver.storage.googleapis.com/$CD_VERSION/chromedriver_linux64.zip \
35
+ && unzip /tmp/chromedriver_linux64.zip -d /usr/bin/ \
36
+ && rm /tmp/chromedriver_linux64.zip \
37
+ && chmod +x /usr/bin/chromedriver
38
+
39
+ RUN groupadd -r chrome && useradd -r -g chrome -G audio,video chrome \
40
+ && mkdir -p /home/chrome && chown -R chrome:chrome /home/chrome \
41
+ && mkdir -p /opt/google/chrome && chown -R chrome:chrome /opt/google/chrome
42
+
3
43
  COPY . /data
4
44
  WORKDIR /data
5
45
 
46
+ USER chrome
47
+
6
48
  ENV LANG C.UTF-8
7
49
  ENV LANGUAGE C.UTF-8
8
50
  ENV LC_ALL C.UTF-8
data/README.md CHANGED
@@ -75,9 +75,10 @@ The following tests are performed:
75
75
  * *(ASP.NET)* Presence of Trace.axd
76
76
  * *(ASP.NET)* Presence of Elmah.axd
77
77
  * *(ASP.NET)* Debugging Enabled
78
- * *(nginx)* Info Disclosure: Server version
79
78
  * *(PHP)* Info Disclosure: PHP version
80
79
  * *(Rails)* File Content Disclosure: CVE-2019-5418
80
+ * *(WordPress)* Version detection
81
+ * *(WordPress)* WP-JSON User Enumeration
81
82
 
82
83
  CMS Detection:
83
84
 
@@ -63,6 +63,8 @@ module Yawast
63
63
  Yawast::Utilities.puts_info 'NOTE: Server appears to be Cloudflare; WAF may be in place.'
64
64
  puts
65
65
  end
66
+
67
+ Yawast::Shared::Output.log_value 'server', server
66
68
  end
67
69
 
68
70
  Yawast::Utilities.puts_warn "X-Powered-By Header Present: #{powered_by}" if powered_by != ''
@@ -0,0 +1,99 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Yawast
4
+ module Scanner
5
+ module Plugins
6
+ module Applications
7
+ module CMS
8
+ class WordPress
9
+ # check to see if we can confirm the presence of WordPress
10
+ def self.identify(uri)
11
+ ret = nil
12
+
13
+ # check for wp-login.php in the current directory
14
+ resp = identify_by_path uri, uri.path
15
+
16
+ if resp.nil?
17
+ # if we don't get a hit at the current path, try under /blog/
18
+ resp = identify_by_path uri, uri.path + 'blog/'
19
+ end
20
+
21
+ unless resp.nil?
22
+ # confirmed hit
23
+ res = resp[:result]
24
+ ret = resp[:uri]
25
+
26
+ # strip the file name from the path
27
+ ret.path = ret.path.sub! 'wp-login.php', ''
28
+
29
+ css = res[:body].scan /login.min.css\?ver=\d+\.\d+\.?\d*/
30
+
31
+ ver = 'Unknown'
32
+ if !css.count.zero?
33
+ ver = css[0].to_s.split('=')[1]
34
+ else
35
+ # the current method doesn't work, fall back to an older method
36
+ css = res[:body].scan /load-styles.php\?[\w\,\;\=\&\%]+;ver=\d+\.\d+\.?\d*/
37
+ ver = css[0].to_s.split('=')[-1] unless css.count.zero?
38
+ end
39
+
40
+ Yawast::Utilities.puts_info "Found WordPress v#{ver} at #{ret}"
41
+ Yawast::Shared::Output.log_value 'application', 'wordpress', 'uri', ret
42
+ Yawast::Shared::Output.log_value 'application', 'wordpress', 'version', ver
43
+ Yawast::Shared::Output.log_value 'application', 'wordpress', 'login_body', res[:body]
44
+ end
45
+
46
+ ret
47
+ end
48
+
49
+ def self.identify_by_path(uri, path)
50
+ login_uri = uri.copy
51
+ login_uri.path = path + 'wp-login.php'
52
+
53
+ res = Yawast::Shared::Http.get_with_code login_uri
54
+
55
+ if res[:code] == '200' && res[:body].include?('Powered by WordPress')
56
+ return {result: res, uri: login_uri}
57
+ else
58
+ return nil
59
+ end
60
+ end
61
+
62
+ def self.check_json_user_enum(uri)
63
+ Yawast::Shared::Output.log_hash 'vulnerabilities',
64
+ 'wordpress_json_user_enum',
65
+ {vulnerable: false, users: nil}
66
+
67
+ json_uri = uri.copy
68
+ json_uri.path = json_uri.path + 'wp-json/wp/v2/users'
69
+ res = Yawast::Shared::Http.get_with_code json_uri
70
+
71
+ if res[:code] == '200' && res[:body].include?('slug')
72
+ # we have a likely hit
73
+ users = nil
74
+ begin
75
+ users = JSON.parse res[:body]
76
+ rescue # rubocop:disable Style/RescueStandardError, Lint/HandleExceptions
77
+ # don't care why it failed
78
+ end
79
+
80
+ unless users.nil?
81
+ Yawast::Shared::Output.log_hash 'vulnerabilities',
82
+ 'wordpress_json_user_enum',
83
+ {vulnerable: true, users: users}
84
+ Yawast::Utilities.puts_warn "WordPress WP-JSON User Enumeration at #{json_uri}"
85
+
86
+ users.each do |user|
87
+ Yawast::Utilities.puts_raw "ID: #{user['id']}\tUser Slug: '#{user['slug']}'\t\tUser Name: '#{user['name']}'"
88
+ end
89
+
90
+ puts
91
+ end
92
+ end
93
+ end
94
+ end
95
+ end
96
+ end
97
+ end
98
+ end
99
+ end
@@ -92,11 +92,13 @@ module Yawast
92
92
  end
93
93
  rescue ArgumentError => e
94
94
  Yawast::Utilities.puts_error "Unable to find a matching element to perform the User Enumeration via Password Reset Response test (#{e.message})"
95
+ rescue => e # rubocop:disable Style/RescueStandardError
96
+ Yawast::Utilities.puts_error "Failed to execute Password Reset Page User Enumeration: Error: #{e.message}"
95
97
  end
96
98
  end
97
99
 
98
100
  def self.fill_form_get_body(uri, user, valid, log_output)
99
- options = Selenium::WebDriver::Chrome::Options.new({args: ['headless', 'incognito']})
101
+ options = Selenium::WebDriver::Chrome::Options.new({args: ['headless', 'incognito', 'disable-dev-shm-usage', 'no-sandbox']})
100
102
 
101
103
  # if we have a proxy set, use that
102
104
  if !Yawast.options.proxy.nil?
@@ -391,6 +391,7 @@ module Yawast
391
391
  elsif proto['name'] == 'TLS' && proto['version'] == '1.3'
392
392
  # capture TLS 1.3 status
393
393
  tls13_enabled = true
394
+ Yawast::Utilities.puts_info "\t\t\t#{proto['name']} #{proto['version']}"
394
395
  Yawast::Shared::Output.log_hash 'vulnerabilities',
395
396
  'tls_tls13_not_enabled',
396
397
  {vulnerable: false}
@@ -34,6 +34,11 @@ module Yawast
34
34
 
35
35
  # check for framework specific issues
36
36
  Yawast::Scanner::Plugins::Applications::Framework::Rails.check_all uri, links
37
+
38
+ wordpress_uri = Yawast::Scanner::Plugins::Applications::CMS::WordPress.identify uri
39
+ unless wordpress_uri.nil?
40
+ Yawast::Scanner::Plugins::Applications::CMS::WordPress.check_json_user_enum wordpress_uri
41
+ end
37
42
  end
38
43
  end
39
44
  end
data/lib/shared/http.rb CHANGED
@@ -45,8 +45,8 @@ module Yawast
45
45
  res = req.request_get(uri, get_headers(headers))
46
46
  body = res.read_body
47
47
  code = res.code
48
- rescue # rubocop:disable Style/RescueStandardError, Lint/HandleExceptions
49
- # do nothing for now
48
+ rescue => e # rubocop:disable Style/RescueStandardError
49
+ Yawast::Utilities.puts_error "Error sending request to #{uri} - '#{e.message}'"
50
50
  end
51
51
 
52
52
  {body: body, code: code}
data/lib/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Yawast
4
- VERSION = '0.7.0.beta3'
4
+ VERSION = '0.7.0'
5
5
  end
@@ -0,0 +1 @@
1
+ [{"id":1,"name":"Adam Caudill","url":"https:\/\/adamcaudill.com","description":"","link":"https:\/\/underhandedcrypto.com\/author\/adam\/","slug":"adam","avatar_urls":{"24":"https:\/\/secure.gravatar.com\/avatar\/49e14cf9f67c48aad082dec4f106f19a?s=24&d=mm&r=g","48":"https:\/\/secure.gravatar.com\/avatar\/49e14cf9f67c48aad082dec4f106f19a?s=48&d=mm&r=g","96":"https:\/\/secure.gravatar.com\/avatar\/49e14cf9f67c48aad082dec4f106f19a?s=96&d=mm&r=g"},"meta":[],"_links":{"self":[{"href":"https:\/\/underhandedcrypto.com\/wp-json\/wp\/v2\/users\/1"}],"collection":[{"href":"https:\/\/underhandedcrypto.com\/wp-json\/wp\/v2\/users"}]}},{"id":2,"name":"Taylor Hornby","url":"https:\/\/defuse.ca\/","description":"","link":"https:\/\/underhandedcrypto.com\/author\/taylor\/","slug":"taylor","avatar_urls":{"24":"https:\/\/secure.gravatar.com\/avatar\/8b1f016c79a6b82740427da6fff77de2?s=24&d=mm&r=g","48":"https:\/\/secure.gravatar.com\/avatar\/8b1f016c79a6b82740427da6fff77de2?s=48&d=mm&r=g","96":"https:\/\/secure.gravatar.com\/avatar\/8b1f016c79a6b82740427da6fff77de2?s=96&d=mm&r=g"},"meta":[],"_links":{"self":[{"href":"https:\/\/underhandedcrypto.com\/wp-json\/wp\/v2\/users\/2"}],"collection":[{"href":"https:\/\/underhandedcrypto.com\/wp-json\/wp\/v2\/users"}]}}]
@@ -0,0 +1,61 @@
1
+
2
+ <!DOCTYPE html>
3
+ <!--[if IE 8]>
4
+ <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" lang="en-US">
5
+ <![endif]-->
6
+ <!--[if !(IE 8) ]><!-->
7
+ <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
8
+ <!--<![endif]-->
9
+ <head>
10
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
11
+ <title>Log In &lsaquo; Underhanded Crypto Contest &#8212; WordPress</title>
12
+ <link rel='dns-prefetch' href='//s.w.org' />
13
+ <link rel='stylesheet' href='https://underhandedcrypto.com/wp-admin/load-styles.php?c=0&amp;dir=ltr&amp;load%5B%5D=dashicons,buttons,forms,l10n,login&amp;ver=4.9.8' type='text/css' media='all' />
14
+ <meta name='robots' content='noindex,follow' />
15
+ <meta name="viewport" content="width=device-width" />
16
+ <link rel="icon" href="https://underhandedcrypto.com/wp-content/uploads/2014/09/cropped-logo1-32x32.png" sizes="32x32" />
17
+ <link rel="icon" href="https://underhandedcrypto.com/wp-content/uploads/2014/09/cropped-logo1-192x192.png" sizes="192x192" />
18
+ <link rel="apple-touch-icon-precomposed" href="https://underhandedcrypto.com/wp-content/uploads/2014/09/cropped-logo1-180x180.png" />
19
+ <meta name="msapplication-TileImage" content="https://underhandedcrypto.com/wp-content/uploads/2014/09/cropped-logo1-270x270.png" />
20
+ </head>
21
+ <body class="login login-action-login wp-core-ui locale-en-us">
22
+ <div id="login">
23
+ <h1><a href="https://wordpress.org/" title="Powered by WordPress" tabindex="-1">Powered by WordPress</a></h1>
24
+ <form name="loginform" id="loginform" action="https://underhandedcrypto.com/wp-login.php" method="post">
25
+ <p>
26
+ <label for="user_login">Username or Email Address<br />
27
+ <input type="text" name="log" id="user_login" class="input" value="" size="20" /></label>
28
+ </p>
29
+ <p>
30
+ <label for="user_pass">Password<br />
31
+ <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
32
+ </p>
33
+ <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" /> Remember Me</label></p>
34
+ <p class="submit">
35
+ <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="Log In" />
36
+ <input type="hidden" name="redirect_to" value="https://underhandedcrypto.com/wp-admin/" />
37
+ <input type="hidden" name="testcookie" value="1" />
38
+ </p>
39
+ </form>
40
+ <p id="nav">
41
+ <a href="https://underhandedcrypto.com/wp-login.php?action=lostpassword">Lost your password?</a>
42
+ </p>
43
+ <script type="text/javascript">
44
+ function wp_attempt_focus(){
45
+ setTimeout( function(){ try{
46
+ d = document.getElementById('user_login');
47
+ d.focus();
48
+ d.select();
49
+ } catch(e){}
50
+ }, 200);
51
+ }
52
+
53
+ wp_attempt_focus();
54
+ if(typeof wpOnload=='function')wpOnload();
55
+ </script>
56
+ <p id="backtoblog"><a href="https://underhandedcrypto.com/">&larr; Back to Underhanded Crypto Contest</a></p>
57
+ </div>
58
+ <link rel='stylesheet' id='jetpack_css-css' href='https://underhandedcrypto.com/wp-content/plugins/jetpack/css/jetpack.css?ver=6.4.2' type='text/css' media='all' />
59
+ <div class="clear"></div>
60
+ </body>
61
+ </html>
@@ -0,0 +1,80 @@
1
+
2
+ <!DOCTYPE html>
3
+ <!--[if IE 8]>
4
+ <html xmlns="http://www.w3.org/1999/xhtml" class="ie8" lang="en-US">
5
+ <![endif]-->
6
+ <!--[if !(IE 8) ]><!-->
7
+ <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
8
+ <!--<![endif]-->
9
+ <head>
10
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
11
+ <title>Log In &lsaquo; Adam Caudill &#8212; WordPress</title>
12
+ <link rel='dns-prefetch' href='//s.w.org' />
13
+ <link rel='stylesheet' id='dashicons-css' href='https://adamcaudill.com/wp-includes/css/dashicons.min.css?ver=5.1.1' type='text/css' media='all' />
14
+ <link rel='stylesheet' id='buttons-css' href='https://adamcaudill.com/wp-includes/css/buttons.min.css?ver=5.1.1' type='text/css' media='all' />
15
+ <link rel='stylesheet' id='forms-css' href='https://adamcaudill.com/wp-admin/css/forms.min.css?ver=5.1.1' type='text/css' media='all' />
16
+ <link rel='stylesheet' id='l10n-css' href='https://adamcaudill.com/wp-admin/css/l10n.min.css?ver=5.1.1' type='text/css' media='all' />
17
+ <link rel='stylesheet' id='login-css' href='https://adamcaudill.com/wp-admin/css/login.min.css?ver=5.1.1' type='text/css' media='all' />
18
+ <meta name='robots' content='noindex,noarchive' />
19
+ <meta name='referrer' content='strict-origin-when-cross-origin' />
20
+ <meta name="viewport" content="width=device-width" />
21
+ </head>
22
+ <body class="login login-action-login wp-core-ui locale-en-us">
23
+ <div id="login">
24
+ <h1><a href="https://wordpress.org/" title="Powered by WordPress">Powered by WordPress</a></h1>
25
+
26
+ <form name="loginform" id="loginform" action="https://adamcaudill.com/wp-login.php" method="post">
27
+ <p>
28
+ <label for="user_login">Username or Email Address<br />
29
+ <input type="text" name="log" id="user_login" class="input" value="" size="20" autocapitalize="off" /></label>
30
+ </p>
31
+ <p>
32
+ <label for="user_pass">Password<br />
33
+ <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
34
+ </p>
35
+ <p>
36
+ <label title="If you don't have Google Authenticator enabled for your WordPress account, leave this field empty.">Google Authenticator code<span id="google-auth-info"></span><br />
37
+ <input type="text" name="googleotp" id="user_email" class="input" value="" size="20" style="ime-mode: inactive;" /></label>
38
+ </p>
39
+ <p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" /> Remember Me</label></p>
40
+ <p class="submit">
41
+ <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="Log In" />
42
+ <input type="hidden" name="redirect_to" value="https://adamcaudill.com/wp-admin/" />
43
+ <input type="hidden" name="testcookie" value="1" />
44
+ </p>
45
+ </form>
46
+
47
+ <p id="nav">
48
+ <a href="https://adamcaudill.com/wp-login.php?action=lostpassword">Lost your password?</a>
49
+ </p>
50
+
51
+ <script type="text/javascript">
52
+ function wp_attempt_focus(){
53
+ setTimeout( function(){ try{
54
+ d = document.getElementById('user_login');
55
+ d.focus();
56
+ d.select();
57
+ } catch(e){}
58
+ }, 200);
59
+ }
60
+
61
+ wp_attempt_focus();
62
+ if(typeof wpOnload=='function')wpOnload();
63
+ </script>
64
+
65
+ <p id="backtoblog"><a href="https://adamcaudill.com/">
66
+ &larr; Back to Adam Caudill </a></p>
67
+
68
+ </div>
69
+
70
+
71
+
72
+ <script type="text/javascript">
73
+ try{
74
+ document.getElementById('user_email').setAttribute('autocomplete','off');
75
+ } catch(e){}
76
+ </script>
77
+ <link rel='stylesheet' id='jetpack_css-css' href='https://adamcaudill.com/wp-content/plugins/jetpack/css/jetpack.css?ver=7.1.1' type='text/css' media='all' />
78
+ <div class="clear"></div>
79
+ </body>
80
+ </html>
@@ -0,0 +1,76 @@
1
+ require 'webrick'
2
+ require File.dirname(__FILE__) + '/../lib/yawast'
3
+ require File.dirname(__FILE__) + '/base'
4
+
5
+ class TestAppCMSWordPress < Minitest::Test
6
+ include TestBase
7
+
8
+ def test_identify_wp_551
9
+ override_stdout
10
+
11
+ port = rand(60000) + 1024 # pick a random port number
12
+ server = start_web_server File.dirname(__FILE__) + '/data/wp-login-5.1.1.txt', '', port
13
+ uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
14
+
15
+ error = nil
16
+ begin
17
+ Yawast::Shared::Http.setup nil, nil
18
+ Yawast::Scanner::Plugins::Applications::CMS::WordPress.identify uri
19
+ rescue => e
20
+ error = e.message
21
+ end
22
+
23
+ assert stdout_value.include?('Found WordPress v5.1.1'), "WordPress version not found: #{stdout_value}"
24
+ assert error == nil, "Unexpected error: #{error}"
25
+
26
+ restore_stdout
27
+
28
+ server.exit
29
+ end
30
+
31
+ def test_identify_wp_498
32
+ override_stdout
33
+
34
+ port = rand(60000) + 1024 # pick a random port number
35
+ server = start_web_server File.dirname(__FILE__) + '/data/wp-login-4.9.8.txt', '', port
36
+ uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
37
+
38
+ error = nil
39
+ begin
40
+ Yawast::Shared::Http.setup nil, nil
41
+ Yawast::Scanner::Plugins::Applications::CMS::WordPress.identify uri
42
+ rescue => e
43
+ error = e.message
44
+ end
45
+
46
+ assert stdout_value.include?('Found WordPress v4.9.8'), "WordPress version not found: #{stdout_value}"
47
+ assert error == nil, "Unexpected error: #{error}"
48
+
49
+ restore_stdout
50
+
51
+ server.exit
52
+ end
53
+
54
+ def test_wp_json_enum
55
+ override_stdout
56
+
57
+ port = rand(60000) + 1024 # pick a random port number
58
+ server = start_web_server File.dirname(__FILE__) + '/data/wp-json-users.txt', '', port
59
+ uri = Yawast::Commands::Utils.extract_uri(["http://localhost:#{port}"])
60
+
61
+ error = nil
62
+ begin
63
+ Yawast::Shared::Http.setup nil, nil
64
+ Yawast::Scanner::Plugins::Applications::CMS::WordPress.check_json_user_enum uri
65
+ rescue => e
66
+ error = e.message
67
+ end
68
+
69
+ assert stdout_value.include?('WordPress WP-JSON User Enumeration at'), "WordPress WP-JSON User Enum not found: #{stdout_value}"
70
+ assert error == nil, "Unexpected error: #{error}"
71
+
72
+ restore_stdout
73
+
74
+ server.exit
75
+ end
76
+ end
@@ -1,7 +1,7 @@
1
1
  require File.dirname(__FILE__) + '/../lib/yawast'
2
2
  require File.dirname(__FILE__) + '/base'
3
3
 
4
- class TestScannerApache < Minitest::Test
4
+ class TestAppFWRails < Minitest::Test
5
5
  include TestBase
6
6
 
7
7
  def test_check_cve_2019_5418
@@ -4,26 +4,26 @@ require File.dirname(__FILE__) + '/base'
4
4
  class TestSharedHttp < Minitest::Test
5
5
  include TestBase
6
6
 
7
- def test_check_tdes
8
- override_stdout
9
-
10
- res = Yawast::Scanner::Plugins::SSL::Sweet32.check_tdes
11
-
12
- assert stdout_value.include?('OpenSSL supports 3DES'), "Header line not found in #{stdout_value}"
13
- assert res, '3DES support check failed'
14
-
15
- restore_stdout
16
- end
17
-
18
- def test_session_count
19
- override_stdout
20
-
21
- uri = URI::Parser.new.parse 'https://3des.badssl.com/'
22
- Yawast::Scanner::Plugins::SSL::Sweet32.get_tdes_session_msg_count uri, 1
23
-
24
- assert stdout_value.include?('Connection not terminated after'), "SWEET32 warning not found in #{stdout_value}"
25
-
26
- restore_stdout
27
- end
7
+ # def test_check_tdes
8
+ # override_stdout
9
+ #
10
+ # res = Yawast::Scanner::Plugins::SSL::Sweet32.check_tdes
11
+ #
12
+ # assert stdout_value.include?('OpenSSL supports 3DES'), "Header line not found in #{stdout_value}"
13
+ # assert res, '3DES support check failed'
14
+ #
15
+ # restore_stdout
16
+ # end
17
+ #
18
+ # def test_session_count
19
+ # override_stdout
20
+ #
21
+ # uri = URI::Parser.new.parse 'https://3des.badssl.com/'
22
+ # Yawast::Scanner::Plugins::SSL::Sweet32.get_tdes_session_msg_count uri, 1
23
+ #
24
+ # assert stdout_value.include?('Connection not terminated after'), "SWEET32 warning not found in #{stdout_value}"
25
+ #
26
+ # restore_stdout
27
+ # end
28
28
 
29
29
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yawast
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0.beta3
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Caudill
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-15 00:00:00.000000000 Z
11
+ date: 2019-04-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize
@@ -225,6 +225,7 @@ files:
225
225
  - lib/scanner/core.rb
226
226
  - lib/scanner/generic.rb
227
227
  - lib/scanner/plugins/applications/cms/generic.rb
228
+ - lib/scanner/plugins/applications/cms/wordpress.rb
228
229
  - lib/scanner/plugins/applications/framework/rails.rb
229
230
  - lib/scanner/plugins/applications/generic/password_reset.rb
230
231
  - lib/scanner/plugins/dns/caa.rb
@@ -274,6 +275,10 @@ files:
274
275
  - test/data/ssl_labs_info.json
275
276
  - test/data/tomcat_release_notes.txt
276
277
  - test/data/wordpress_readme_html.txt
278
+ - test/data/wp-json-users.txt
279
+ - test/data/wp-login-4.9.8.txt
280
+ - test/data/wp-login-5.1.1.txt
281
+ - test/test_app_cms_wp.rb
277
282
  - test/test_app_fw_rails.rb
278
283
  - test/test_cmd_util.rb
279
284
  - test/test_directory_search.rb
@@ -312,9 +317,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
312
317
  version: '0'
313
318
  required_rubygems_version: !ruby/object:Gem::Requirement
314
319
  requirements:
315
- - - ">"
320
+ - - ">="
316
321
  - !ruby/object:Gem::Version
317
- version: 1.3.1
322
+ version: '0'
318
323
  requirements: []
319
324
  rubyforge_project: yawast
320
325
  rubygems_version: 2.6.14
@@ -343,6 +348,10 @@ test_files:
343
348
  - test/data/ssl_labs_info.json
344
349
  - test/data/tomcat_release_notes.txt
345
350
  - test/data/wordpress_readme_html.txt
351
+ - test/data/wp-json-users.txt
352
+ - test/data/wp-login-4.9.8.txt
353
+ - test/data/wp-login-5.1.1.txt
354
+ - test/test_app_cms_wp.rb
346
355
  - test/test_app_fw_rails.rb
347
356
  - test/test_cmd_util.rb
348
357
  - test/test_directory_search.rb