yawast 0.6.0 → 0.7.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +4 -1
- data/CHANGELOG.md +16 -1
- data/LICENSE +1 -1
- data/bin/yawast +8 -0
- data/lib/commands/dns.rb +5 -0
- data/lib/scanner/core.rb +11 -0
- data/lib/scanner/generic.rb +16 -1
- data/lib/scanner/plugins/dns/caa.rb +6 -0
- data/lib/scanner/plugins/dns/generic.rb +30 -4
- data/lib/scanner/plugins/http/directory_search.rb +2 -0
- data/lib/scanner/plugins/http/file_presence.rb +1 -0
- data/lib/scanner/plugins/servers/apache.rb +23 -2
- data/lib/scanner/plugins/servers/iis.rb +3 -0
- data/lib/scanner/plugins/spider/spider.rb +65 -0
- data/lib/scanner/plugins/ssl/ssl.rb +78 -8
- data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +12 -2
- data/lib/scanner/plugins/ssl/ssl_labs/info.rb +10 -3
- data/lib/scanner/plugins/ssl/sweet32.rb +38 -16
- data/lib/scanner/ssl.rb +6 -1
- data/lib/scanner/ssl_labs.rb +63 -16
- data/lib/shared/http.rb +13 -1
- data/lib/shared/output.rb +151 -0
- data/lib/util.rb +4 -0
- data/lib/version.rb +1 -1
- data/lib/yawast.rb +6 -1
- data/test/test_internalssl.rb +1 -1
- data/yawast.gemspec +2 -0
- metadata +34 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1a0010955fcbfb843d4eaf927682a22df138b4a6
|
4
|
+
data.tar.gz: df672ffa6576e142c62fe0904f07ef90cc54c612
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d1152a1e138492093e18834d8d542b4438a3904703a9449e6092857212db4d04048afeb9329e49bb591e217c1be82d06c1451a986a5e3cd517b66933dbacf018
|
7
|
+
data.tar.gz: 6ab13462bab4524b4e8c0347d0065b7947799ad6ab4ef6bed5bf38dadf090ad2d85e9bc1384a73247d302820ce034ea949824565960b93fedeaabc52797cbea1
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,4 +1,19 @@
|
|
1
|
-
## 0.
|
1
|
+
## 0.7.0 - In Development
|
2
|
+
|
3
|
+
* [#38](https://github.com/adamcaudill/yawast/issues/38) - Report Generation Mode (work in progress)
|
4
|
+
* [#133](https://github.com/adamcaudill/yawast/issues/133) - Include a Timestamp In Output
|
5
|
+
* [#134](https://github.com/adamcaudill/yawast/issues/134) - Add options to DNS command
|
6
|
+
* [#135](https://github.com/adamcaudill/yawast/issues/135) - Incomplete Certificate Chain Warning
|
7
|
+
* [#137](https://github.com/adamcaudill/yawast/issues/137) - Warn on TLS 1.0
|
8
|
+
* [#138](https://github.com/adamcaudill/yawast/issues/138) - Warn on Symantec Roots
|
9
|
+
* [#139](https://github.com/adamcaudill/yawast/issues/139) - Add Spider Option
|
10
|
+
* [#140](https://github.com/adamcaudill/yawast/issues/140) - Save output on cancel
|
11
|
+
* [#141](https://github.com/adamcaudill/yawast/issues/141) - Flag --internalssl as Deprecated
|
12
|
+
* [#130](https://github.com/adamcaudill/yawast/issues/130) - Bug: HSTS Error leads to printing HTML
|
13
|
+
* [#132](https://github.com/adamcaudill/yawast/issues/132) - Bug: Typo in SSL Output
|
14
|
+
* [#142](https://github.com/adamcaudill/yawast/issues/142) - Bug: Error In Collecting DNS Information
|
15
|
+
|
16
|
+
## 0.6.0 - 2018-01-16
|
2
17
|
|
3
18
|
* [#54](https://github.com/adamcaudill/yawast/issues/54) - Check for Python version in Server header
|
4
19
|
* [#59](https://github.com/adamcaudill/yawast/issues/59) - SSL Labs: Display Certificate Chain
|
data/LICENSE
CHANGED
data/bin/yawast
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
# encoding: UTF-8
|
2
3
|
|
3
4
|
require 'commander/import'
|
4
5
|
require File.dirname(__FILE__) + '/../lib/yawast'
|
@@ -26,6 +27,8 @@ command :scan do |c|
|
|
26
27
|
c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
|
27
28
|
c.option '--cookie STRING', String, 'Session cookie'
|
28
29
|
c.option '--nodns', 'Disable DNS checks'
|
30
|
+
c.option '--spider', 'Spider the site'
|
31
|
+
c.option '--output STRING', String, 'Output JSON file'
|
29
32
|
|
30
33
|
c.action do |args, options|
|
31
34
|
Yawast::Commands::Scan.process(args, options)
|
@@ -43,6 +46,7 @@ command :head do |c|
|
|
43
46
|
c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
|
44
47
|
c.option '--cookie STRING', String, 'Session cookie'
|
45
48
|
c.option '--nodns', 'Disable DNS checks'
|
49
|
+
c.option '--output STRING', String, 'Output JSON file'
|
46
50
|
|
47
51
|
c.action do |args, options|
|
48
52
|
Yawast::Commands::Head.process(args, options)
|
@@ -79,6 +83,10 @@ command :dns do |c|
|
|
79
83
|
c.syntax = './yawast dns URL'
|
80
84
|
c.description = 'Gets information about the server DNS configuration'
|
81
85
|
|
86
|
+
c.option '--srv', 'Scan for known SRV DNS Records'
|
87
|
+
c.option '--subdomains', 'Search for Common Subdomains'
|
88
|
+
c.option '--output STRING', String, 'Output JSON file'
|
89
|
+
|
82
90
|
c.action do |args, options|
|
83
91
|
Yawast::Commands::DNS.process(args, options)
|
84
92
|
end
|
data/lib/commands/dns.rb
CHANGED
@@ -6,10 +6,15 @@ module Yawast
|
|
6
6
|
|
7
7
|
Yawast.header
|
8
8
|
|
9
|
+
if options.output != nil
|
10
|
+
Yawast::Shared::Output.setup uri, options
|
11
|
+
end
|
12
|
+
|
9
13
|
puts "Scanning: #{uri}"
|
10
14
|
puts
|
11
15
|
|
12
16
|
Yawast::Scanner::Plugins::DNS::Generic.dns_info uri, options
|
17
|
+
Yawast::Shared::Output.write_file
|
13
18
|
end
|
14
19
|
end
|
15
20
|
end
|
data/lib/scanner/core.rb
CHANGED
@@ -14,10 +14,15 @@ module Yawast
|
|
14
14
|
|
15
15
|
print_header
|
16
16
|
|
17
|
+
if options.output != nil
|
18
|
+
Yawast::Shared::Output.setup @uri, options
|
19
|
+
end
|
20
|
+
|
17
21
|
ssl_redirect = Yawast::Scanner::Plugins::SSL::SSL.check_for_ssl_redirect @uri
|
18
22
|
if ssl_redirect
|
19
23
|
@uri = ssl_redirect
|
20
24
|
puts "Server redirects to TLS: Scanning: #{@uri}"
|
25
|
+
Yawast::Shared::Output.log_value 'server_tls_redirect', @uri
|
21
26
|
end
|
22
27
|
|
23
28
|
Yawast::Scanner::Plugins::SSL::SSL.set_openssl_options
|
@@ -42,6 +47,7 @@ module Yawast
|
|
42
47
|
|
43
48
|
#cache the HEAD result, so that we can minimize hits
|
44
49
|
head = get_head
|
50
|
+
Yawast::Shared::Output.log_hash 'http', 'head', 'raw', head.to_hash
|
45
51
|
Yawast::Scanner::Generic.head_info(head, @uri)
|
46
52
|
|
47
53
|
#perfom SSL checks
|
@@ -63,6 +69,10 @@ module Yawast
|
|
63
69
|
Yawast::Scanner::Generic.check_options(@uri)
|
64
70
|
Yawast::Scanner::Generic.check_trace(@uri)
|
65
71
|
|
72
|
+
if options.spider
|
73
|
+
Yawast::Scanner::Plugins::Spider::Spider.spider(@uri)
|
74
|
+
end
|
75
|
+
|
66
76
|
#check for common directories
|
67
77
|
if options.dir
|
68
78
|
Yawast::Scanner::Plugins::Http::DirectorySearch.search @uri, options.dirrecursive, options.dirlistredir
|
@@ -75,6 +85,7 @@ module Yawast
|
|
75
85
|
# less than 24 hours. if a scan is that long, we have bigger problems
|
76
86
|
elapsed_time = Time.at(Time.now - start_time).utc.strftime('%H:%M:%S')
|
77
87
|
|
88
|
+
Yawast::Shared::Output.write_file
|
78
89
|
puts "Scan complete (#{elapsed_time})."
|
79
90
|
rescue => e
|
80
91
|
Yawast::Utilities.puts_error "Fatal Error: Can not continue. (#{e.class}: #{e.message})"
|
data/lib/scanner/generic.rb
CHANGED
@@ -24,6 +24,7 @@ module Yawast
|
|
24
24
|
Yawast::Utilities.puts_info 'HEAD:'
|
25
25
|
head.each do |k, v|
|
26
26
|
Yawast::Utilities.puts_info "\t\t#{k}: #{v}"
|
27
|
+
Yawast::Shared::Output.log_value 'http', 'head', k, v
|
27
28
|
|
28
29
|
server = v if k.downcase == 'server'
|
29
30
|
powered_by = v if k.downcase == 'x-powered-by'
|
@@ -40,7 +41,11 @@ module Yawast
|
|
40
41
|
|
41
42
|
if k.downcase == 'set-cookie'
|
42
43
|
#this chunk of magic manages to properly split cookies, when multiple are sent together
|
43
|
-
v.gsub(/(,([^;,]*=)|,$)/) { "\r\n#{$2}" }.split(/\r\n/).each
|
44
|
+
v.gsub(/(,([^;,]*=)|,$)/) { "\r\n#{$2}" }.split(/\r\n/).each do |c|
|
45
|
+
cookies.push(c)
|
46
|
+
|
47
|
+
Yawast::Shared::Output.log_append_value 'http', 'head', 'cookies', c
|
48
|
+
end
|
44
49
|
end
|
45
50
|
end
|
46
51
|
puts ''
|
@@ -163,11 +168,13 @@ module Yawast
|
|
163
168
|
|
164
169
|
if res['Public'] != nil
|
165
170
|
Yawast::Utilities.puts_info "Public HTTP Verbs (OPTIONS): #{res['Public']}"
|
171
|
+
Yawast::Shared::Output.log_value 'http', 'options', 'public', res['Public']
|
166
172
|
|
167
173
|
puts ''
|
168
174
|
end
|
169
175
|
if res['Allow'] != nil
|
170
176
|
Yawast::Utilities.puts_info "Allow HTTP Verbs (OPTIONS): #{res['Allow']}"
|
177
|
+
Yawast::Shared::Output.log_value 'http', 'options', 'allow', res['Allow']
|
171
178
|
|
172
179
|
puts ''
|
173
180
|
end
|
@@ -187,6 +194,9 @@ module Yawast
|
|
187
194
|
|
188
195
|
puts ''
|
189
196
|
end
|
197
|
+
|
198
|
+
Yawast::Shared::Output.log_value 'http', 'trace', 'raw', res.body
|
199
|
+
Yawast::Shared::Output.log_value 'http', 'trace', 'code', res.code
|
190
200
|
end
|
191
201
|
end
|
192
202
|
|
@@ -203,6 +213,11 @@ module Yawast
|
|
203
213
|
|
204
214
|
puts ''
|
205
215
|
end
|
216
|
+
|
217
|
+
Yawast::Shared::Output.log_value 'http', 'propfind', 'raw', res.body
|
218
|
+
Yawast::Shared::Output.log_value 'http', 'propfind', 'code', res.code
|
219
|
+
Yawast::Shared::Output.log_value 'http', 'propfind', 'content-type', res['Content-Type']
|
220
|
+
Yawast::Shared::Output.log_value 'http', 'propfind', 'length', res.body.length
|
206
221
|
end
|
207
222
|
end
|
208
223
|
end
|
@@ -35,6 +35,8 @@ module Yawast
|
|
35
35
|
cname = get_cname_record(domain)
|
36
36
|
if cname != nil
|
37
37
|
Yawast::Utilities.puts_info "\t\tCAA (#{domain}): CNAME Found: -> #{cname}"
|
38
|
+
Yawast::Shared::Output.log_value 'dns', 'caa', domain, "CNAME: #{cname}"
|
39
|
+
|
38
40
|
chase_domain cname.to_s
|
39
41
|
else
|
40
42
|
print_caa_record domain
|
@@ -66,6 +68,8 @@ module Yawast
|
|
66
68
|
# check for RDATA
|
67
69
|
if rec.rdata != nil
|
68
70
|
Yawast::Utilities.puts_info "\t\tCAA (#{domain}): #{rec.rdata}"
|
71
|
+
|
72
|
+
Yawast::Shared::Output.log_append_value 'dns', 'caa', domain, rec.rdata
|
69
73
|
else
|
70
74
|
Yawast::Utilities.puts_error "\t\tCAA (#{domain}): Invalid Response: #{ans.answer}"
|
71
75
|
end
|
@@ -73,6 +77,8 @@ module Yawast
|
|
73
77
|
else
|
74
78
|
# no answer, so no records
|
75
79
|
Yawast::Utilities.puts_info "\t\tCAA (#{domain}): No Records Found"
|
80
|
+
|
81
|
+
Yawast::Shared::Output.log_value 'dns', 'caa', domain, 'nil'
|
76
82
|
end
|
77
83
|
end
|
78
84
|
end
|
@@ -21,9 +21,13 @@ module Yawast
|
|
21
21
|
|
22
22
|
Yawast::Utilities.puts_info "\t\t#{ip.address} (#{host_name})"
|
23
23
|
|
24
|
+
Yawast::Shared::Output.log_value 'dns', 'a', ip.address, host_name
|
25
|
+
|
24
26
|
# if address is private, force internal SSL mode, don't show links
|
25
27
|
if IPAddr.new(ip.address.to_s, Socket::AF_INET).private?
|
26
28
|
options.internalssl = true
|
29
|
+
|
30
|
+
Yawast::Shared::Output.log_value 'force_internal_ssl', true
|
27
31
|
else
|
28
32
|
#show network info
|
29
33
|
Yawast::Utilities.puts_info "\t\t\t#{get_network_info(ip.address)}"
|
@@ -45,6 +49,8 @@ module Yawast
|
|
45
49
|
|
46
50
|
Yawast::Utilities.puts_info "\t\t#{ip.address} (#{host_name})"
|
47
51
|
|
52
|
+
Yawast::Shared::Output.log_value 'dns', 'aaaa', ip.address, host_name
|
53
|
+
|
48
54
|
# if address is private, force internal SSL mode, don't show links
|
49
55
|
if IPAddr.new(ip.address.to_s, Socket::AF_INET6).private?
|
50
56
|
options.internalssl = true
|
@@ -61,16 +67,24 @@ module Yawast
|
|
61
67
|
unless txt.empty?
|
62
68
|
txt.each do |rec|
|
63
69
|
Yawast::Utilities.puts_info "\t\tTXT: #{rec.data}"
|
70
|
+
|
71
|
+
Yawast::Shared::Output.log_append_value 'dns', 'txt', uri.host, rec.data
|
64
72
|
end
|
65
73
|
end
|
66
74
|
|
67
75
|
#check for higher-level TXT records, if we aren't already at the top
|
68
76
|
if root_domain != uri.host
|
69
|
-
|
70
|
-
|
71
|
-
txt.
|
72
|
-
|
77
|
+
begin
|
78
|
+
txt = resv.getresources(root_domain, Resolv::DNS::Resource::IN::TXT)
|
79
|
+
unless txt.empty?
|
80
|
+
txt.each do |rec|
|
81
|
+
Yawast::Utilities.puts_info "\t\tTXT (#{root_domain}): #{rec.data}"
|
82
|
+
|
83
|
+
Yawast::Shared::Output.log_append_value 'dns', 'txt', root_domain, rec.data
|
84
|
+
end
|
73
85
|
end
|
86
|
+
rescue => e
|
87
|
+
Yawast::Utilities.puts_error "\t\tTXT: #{root_domain} (Error: #{e.message})"
|
74
88
|
end
|
75
89
|
end
|
76
90
|
|
@@ -81,6 +95,8 @@ module Yawast
|
|
81
95
|
ip = resv.getaddress rec.exchange
|
82
96
|
|
83
97
|
Yawast::Utilities.puts_info "\t\tMX: #{rec.exchange} (#{rec.preference}) - #{ip} (#{get_network_info(ip.to_s)})"
|
98
|
+
|
99
|
+
Yawast::Shared::Output.log_value 'dns', 'mx', rec.exchange, ip
|
84
100
|
rescue => e
|
85
101
|
Yawast::Utilities.puts_error "\t\tMX: #{rec.exchange} (#{rec.preference}) - Error: #{e.message})"
|
86
102
|
end
|
@@ -96,6 +112,8 @@ module Yawast
|
|
96
112
|
ip = resv.getaddress rec.exchange
|
97
113
|
|
98
114
|
Yawast::Utilities.puts_info "\t\tMX (#{root_domain}): #{rec.exchange} (#{rec.preference}) - #{ip} (#{get_network_info(ip.to_s)})"
|
115
|
+
|
116
|
+
Yawast::Shared::Output.log_value 'dns', 'mx', rec.exchange, ip
|
99
117
|
rescue => e
|
100
118
|
Yawast::Utilities.puts_error "\t\tMX (#{root_domain}): #{rec.exchange} (#{rec.preference}) - Error: #{e.message})"
|
101
119
|
end
|
@@ -109,6 +127,8 @@ module Yawast
|
|
109
127
|
ip = resv.getaddress rec.name
|
110
128
|
|
111
129
|
Yawast::Utilities.puts_info "\t\tNS: #{rec.name} - #{ip} (#{get_network_info(ip.to_s)})"
|
130
|
+
|
131
|
+
Yawast::Shared::Output.log_value 'dns', 'ns', rec.name, ip
|
112
132
|
end
|
113
133
|
end
|
114
134
|
|
@@ -145,6 +165,8 @@ module Yawast
|
|
145
165
|
ip = resv.getaddress rec.target
|
146
166
|
|
147
167
|
Yawast::Utilities.puts_info "\t\tSRV: #{host}: #{rec.target}:#{rec.port} - #{ip} (#{get_network_info(ip.to_s)})"
|
168
|
+
|
169
|
+
Yawast::Shared::Output.log_value 'dns', 'srv', host, "#{rec.target}:#{rec.port}"
|
148
170
|
end
|
149
171
|
end
|
150
172
|
rescue
|
@@ -169,6 +191,8 @@ module Yawast
|
|
169
191
|
else
|
170
192
|
Yawast::Utilities.puts_info "\t\tA: #{host}: #{ip.address} (#{get_network_info(ip.address)})"
|
171
193
|
end
|
194
|
+
|
195
|
+
Yawast::Shared::Output.log_value 'dns', 'subdomain', host, ip.address
|
172
196
|
end
|
173
197
|
end
|
174
198
|
rescue
|
@@ -194,6 +218,8 @@ module Yawast
|
|
194
218
|
ret = "#{network_info['as_country_code']} - #{network_info['as_description']}"
|
195
219
|
@netinfo[ip] = ret
|
196
220
|
|
221
|
+
Yawast::Shared::Output.log_value 'dns', 'asn_info', ip, ret
|
222
|
+
|
197
223
|
return ret
|
198
224
|
rescue => e
|
199
225
|
@netinfo_failed = true
|
@@ -99,10 +99,12 @@ module Yawast
|
|
99
99
|
|
100
100
|
if res.code == '200'
|
101
101
|
@results.push "\tFound: '#{uri}'"
|
102
|
+
Yawast::Shared::Output.log_append_value 'http', 'http_dir', uri
|
102
103
|
|
103
104
|
load_queue uri if @recursive
|
104
105
|
elsif res.code == '301' && @list_redirects
|
105
106
|
@results.push "\tFound Redirect: '#{uri} -> '#{res['Location']}'"
|
107
|
+
Yawast::Shared::Output.log_value 'http', 'http_dir_redirect', uri, res['Location']
|
106
108
|
end
|
107
109
|
rescue => e
|
108
110
|
unless e.message.include?('end of file') || e.message.include?('getaddrinfo')
|
@@ -163,6 +163,7 @@ module Yawast
|
|
163
163
|
|
164
164
|
if res.code == '200'
|
165
165
|
@results.push "'#{uri.path}' found: #{uri}"
|
166
|
+
Yawast::Shared::Output.log_append_value 'http', 'http_file', uri
|
166
167
|
end
|
167
168
|
rescue => e
|
168
169
|
unless e.message.include?('end of file') || e.message.include?('getaddrinfo')
|
@@ -71,6 +71,8 @@ module Yawast
|
|
71
71
|
|
72
72
|
if version != nil && version[0] != nil
|
73
73
|
Yawast::Utilities.puts_warn "Apache Tomcat Version Found: #{version[0]}"
|
74
|
+
Yawast::Shared::Output.log_value 'apache', 'tomcat_version', version[0]
|
75
|
+
|
74
76
|
puts "\t\t\"curl -X XYZ #{uri}\""
|
75
77
|
|
76
78
|
puts ''
|
@@ -80,8 +82,8 @@ module Yawast
|
|
80
82
|
end
|
81
83
|
|
82
84
|
def self.check_tomcat_manager(uri)
|
83
|
-
check_tomcat_manager_paths uri, 'manager', 'Manager'
|
84
|
-
check_tomcat_manager_paths uri, 'host-manager', 'Host Manager'
|
85
|
+
check_tomcat_manager_paths uri.copy, 'manager', 'Manager'
|
86
|
+
check_tomcat_manager_paths uri.copy, 'host-manager', 'Host Manager'
|
85
87
|
end
|
86
88
|
|
87
89
|
def self.check_tomcat_manager_paths(uri, base_path, manager)
|
@@ -93,16 +95,19 @@ module Yawast
|
|
93
95
|
if ret.include? '<tt>conf/tomcat-users.xml</tt>'
|
94
96
|
#this will get Tomcat 7+
|
95
97
|
Yawast::Utilities.puts_warn "Apache Tomcat #{manager} page found: #{uri}"
|
98
|
+
Yawast::Shared::Output.log_value 'apache', 'tomcat_mgr', manager, uri
|
96
99
|
check_tomcat_manager_passwords uri, manager
|
97
100
|
|
98
101
|
puts ''
|
99
102
|
else
|
100
103
|
#check for Tomcat 6 and below
|
104
|
+
uri = uri.copy
|
101
105
|
uri.path = "/#{base_path}"
|
102
106
|
ret = Yawast::Shared::Http.get(uri)
|
103
107
|
|
104
108
|
if ret.include? '<tt>conf/tomcat-users.xml</tt>'
|
105
109
|
Yawast::Utilities.puts_warn "Apache Tomcat #{manager} page found: #{uri}"
|
110
|
+
Yawast::Shared::Output.log_value 'apache', 'tomcat_mgr', manager, uri
|
106
111
|
check_tomcat_manager_passwords uri, manager
|
107
112
|
|
108
113
|
puts ''
|
@@ -125,6 +130,8 @@ module Yawast
|
|
125
130
|
if ret.include?('<font size="+2">Tomcat Web Application Manager</font>') ||
|
126
131
|
ret.include?('<font size="+2">Tomcat Virtual Host Manager</font>')
|
127
132
|
Yawast::Utilities.puts_vuln "Apache Tomcat #{manager} weak password: #{credentials}"
|
133
|
+
|
134
|
+
Yawast::Shared::Output.log_value 'apache', 'tomcat_mgr_pwd', uri, credentials
|
128
135
|
end
|
129
136
|
end
|
130
137
|
|
@@ -133,9 +140,13 @@ module Yawast
|
|
133
140
|
uri.path = "/#{SecureRandom.hex}.jsp/"
|
134
141
|
uri.query = '' if uri.query != nil
|
135
142
|
|
143
|
+
Yawast::Shared::Output.log_value 'apache', 'cve_2017_12615', 'path', uri
|
144
|
+
|
136
145
|
# we'll use this to verify that it actually worked
|
137
146
|
check_value = SecureRandom.hex
|
138
147
|
|
148
|
+
Yawast::Shared::Output.log_value 'apache', 'cve_2017_12615', 'check_value', check_value
|
149
|
+
|
139
150
|
# upload the JSP file
|
140
151
|
req_data = "<% out.println(\"#{check_value}\");%>"
|
141
152
|
Yawast::Shared::Http.put(uri, req_data)
|
@@ -143,8 +154,14 @@ module Yawast
|
|
143
154
|
# check to see of we get check_value back
|
144
155
|
uri.path = uri.path.chomp('/')
|
145
156
|
res = Yawast::Shared::Http.get(uri)
|
157
|
+
|
158
|
+
Yawast::Shared::Output.log_value 'apache', 'cve_2017_12615', 'body', res
|
159
|
+
|
146
160
|
if res.include? check_value
|
147
161
|
Yawast::Utilities.puts_vuln "Apache Tomcat PUT RCE (CVE-2017-12615): #{uri}"
|
162
|
+
Yawast::Shared::Output.log_value 'apache', 'cve_2017_12615', 'vulnerable', true
|
163
|
+
else
|
164
|
+
Yawast::Shared::Output.log_value 'apache', 'cve_2017_12615', 'vulnerable', false
|
148
165
|
end
|
149
166
|
end
|
150
167
|
|
@@ -159,9 +176,12 @@ module Yawast
|
|
159
176
|
search.push '/struts2-rest-showcase/'
|
160
177
|
|
161
178
|
search.each do |path|
|
179
|
+
uri = uri.copy
|
162
180
|
uri.path = path
|
163
181
|
|
164
182
|
ret = Yawast::Shared::Http.get_status_code uri
|
183
|
+
Yawast::Shared::Output.log_value 'apache', 'struts2_sample_files', uri, ret
|
184
|
+
|
165
185
|
if ret == 200
|
166
186
|
Yawast::Utilities.puts_warn "Apache Struts2 Sample Files: #{uri}"
|
167
187
|
end
|
@@ -176,6 +196,7 @@ module Yawast
|
|
176
196
|
|
177
197
|
if ret.include? search
|
178
198
|
Yawast::Utilities.puts_vuln "#{search} page found: #{uri}"
|
199
|
+
Yawast::Shared::Output.log_value 'apache', 'page_search', search, uri
|
179
200
|
puts ''
|
180
201
|
end
|
181
202
|
end
|
@@ -48,6 +48,9 @@ module Yawast
|
|
48
48
|
if res.code == 200
|
49
49
|
Yawast::Utilities.puts_vuln 'ASP.NET Debugging Enabled'
|
50
50
|
end
|
51
|
+
|
52
|
+
Yawast::Shared::Output.log_value 'http', 'asp_net_debug', 'raw', res.body
|
53
|
+
Yawast::Shared::Output.log_value 'http', 'asp_net_debug', 'code', res.code
|
51
54
|
end
|
52
55
|
end
|
53
56
|
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
require 'nokogiri'
|
2
|
+
|
3
|
+
module Yawast
|
4
|
+
module Scanner
|
5
|
+
module Plugins
|
6
|
+
module Spider
|
7
|
+
class Spider
|
8
|
+
def self.spider(uri)
|
9
|
+
@uri = uri.copy
|
10
|
+
|
11
|
+
@workers = []
|
12
|
+
@results = Queue.new
|
13
|
+
|
14
|
+
@links = []
|
15
|
+
@links.push @uri.to_s
|
16
|
+
puts 'Spidering site...'
|
17
|
+
get_links @uri
|
18
|
+
|
19
|
+
results = Thread.new do
|
20
|
+
begin
|
21
|
+
while true
|
22
|
+
if @results.length > 0
|
23
|
+
out = @results.pop(true)
|
24
|
+
Yawast::Utilities.puts_info out
|
25
|
+
Yawast::Shared::Output.log_append_value 'spider', 'get', out
|
26
|
+
end
|
27
|
+
end
|
28
|
+
rescue ThreadError
|
29
|
+
#do nothing
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
@workers.map(&:join)
|
34
|
+
results.terminate
|
35
|
+
|
36
|
+
puts
|
37
|
+
end
|
38
|
+
|
39
|
+
def self.get_links(uri)
|
40
|
+
# get the page, and work out from there
|
41
|
+
res = Yawast::Shared::Http.get_with_code uri
|
42
|
+
doc = Nokogiri::HTML res[:body]
|
43
|
+
|
44
|
+
results = doc.css('a').map { |link| link['href'] }
|
45
|
+
|
46
|
+
results.each do |link|
|
47
|
+
# check to see if this link is in scope
|
48
|
+
if link.to_s.include?(@uri.to_s) && res[:code] == '200'
|
49
|
+
# check to see if we've already seen this one
|
50
|
+
unless @links.include? link.to_s
|
51
|
+
@links.push link.to_s
|
52
|
+
@results.push "#{link.to_s}"
|
53
|
+
|
54
|
+
@workers.push Thread.new {
|
55
|
+
get_links URI.parse(link)
|
56
|
+
}
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -45,20 +45,25 @@ module Yawast
|
|
45
45
|
|
46
46
|
Yawast::Utilities.puts_info "HSTS Preload: Chrome - #{chrome}; Firefox - #{firefox}; Tor - #{tor}"
|
47
47
|
rescue => e
|
48
|
-
|
48
|
+
if e.message.include? 'unexpected token'
|
49
|
+
#this means we have a parsing error - don't need to include the entire message
|
50
|
+
Yawast::Utilities.puts_error "Error getting HSTS preload information: #{e.message.truncate(30)}"
|
51
|
+
else
|
52
|
+
Yawast::Utilities.puts_error "Error getting HSTS preload information: #{e.message}"
|
53
|
+
end
|
49
54
|
end
|
50
55
|
end
|
51
56
|
|
52
57
|
def self.set_openssl_options
|
53
|
-
#change certain defaults, to make things work better
|
54
|
-
#we prefer RSA, to avoid issues with small DH keys
|
58
|
+
# change certain defaults, to make things work better
|
59
|
+
# we prefer RSA, to avoid issues with small DH keys
|
55
60
|
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers] = 'RSA:ALL:COMPLEMENTOFALL'
|
56
61
|
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
|
57
62
|
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] = OpenSSL::SSL::OP_ALL
|
58
63
|
end
|
59
64
|
|
60
65
|
def self.check_for_ssl_redirect(uri)
|
61
|
-
#check to see if the site redirects to SSL by default
|
66
|
+
# check to see if the site redirects to SSL by default
|
62
67
|
if uri.scheme != 'https'
|
63
68
|
head = Yawast::Shared::Http.head(uri)
|
64
69
|
|
@@ -67,11 +72,11 @@ module Yawast
|
|
67
72
|
location = URI.parse(head['Location'])
|
68
73
|
|
69
74
|
if location.scheme == 'https'
|
70
|
-
#we run this through extract_uri as it performs a few checks we need
|
75
|
+
# we run this through extract_uri as it performs a few checks we need
|
71
76
|
return Yawast::Shared::Uri.extract_uri location.to_s
|
72
77
|
end
|
73
78
|
rescue
|
74
|
-
#we don't care if this fails
|
79
|
+
# we don't care if this fails
|
75
80
|
end
|
76
81
|
end
|
77
82
|
end
|
@@ -94,8 +99,11 @@ module Yawast
|
|
94
99
|
ssl.connect
|
95
100
|
|
96
101
|
# this provides a bunch of useful info, that's already formatted
|
97
|
-
# instead of building this manually, we'll let OpenSSL do the
|
98
|
-
|
102
|
+
# instead of building this manually, we'll let OpenSSL do the
|
103
|
+
session_info = ssl.session.to_text
|
104
|
+
puts session_info
|
105
|
+
|
106
|
+
Yawast::Shared::Output.log_value 'ssl', 'session', 'info', session_info
|
99
107
|
|
100
108
|
puts
|
101
109
|
end
|
@@ -103,6 +111,68 @@ module Yawast
|
|
103
111
|
Yawast::Utilities.puts_error "SSL Information: Error Getting Details: #{e.message}"
|
104
112
|
end
|
105
113
|
end
|
114
|
+
|
115
|
+
def self.check_symantec_root(hash)
|
116
|
+
roots = ['08297a4047dba23680c731db6e317653ca7848e1bebd3a0b0179a707f92cf178',
|
117
|
+
'2399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c',
|
118
|
+
'2834991cf677466d22baac3b0055e5b911d9a9e55f5b85ba02dc566782c30e8a',
|
119
|
+
'2930bd09a07126bdc17288d4f2ad84645ec948607907a97b5ed0b0b05879ef69',
|
120
|
+
'2f274e48aba4ac7b765933101775506dc30ee38ef6acd5c04932cfe041234220',
|
121
|
+
'309b4a87f6ca56c93169aaa99c6d988854d7892bd5437e2d07b29cbeda55d35d',
|
122
|
+
'3266967e59cd68008d9dd320811185c704205e8d95fdd84f1c7b311e6704fc32',
|
123
|
+
'341de98b1392abf7f4ab90a960cf25d4bd6ec65b9a51ce6ed067d00ec7ce9b7f',
|
124
|
+
'363f3c849eab03b0a2a0f636d7b86d04d3ac7fcfe26a0a9121ab9795f6e176df',
|
125
|
+
'37d51006c512eaab626421f1ec8c92013fc5f82ae98ee533eb4619b8deb4d06c',
|
126
|
+
'3a43e220fe7f3ea9653d1e21742eac2b75c20fd8980305bc502caf8c2d9b41a1',
|
127
|
+
'3f9f27d583204b9e09c8a3d2066c4b57d3a2479c3693650880505698105dbce9',
|
128
|
+
'44640a0a0e4d000fbd574d2b8a07bdb4d1dfed3b45baaba76f785778c7011961',
|
129
|
+
'4b03f45807ad70f21bfc2cae71c9fde4604c064cf5ffb686bae5dbaad7fdd34c',
|
130
|
+
'53dfdfa4e297fcfe07594e8c62d5b8ab06b32c7549f38a163094fd6429d5da43',
|
131
|
+
'5b38bd129e83d5a0cad23921089490d50d4aae370428f8ddfffffa4c1564e184',
|
132
|
+
'5edb7ac43b82a06a8761e8d7be4979ebf2611f7dd79bf91c1c6b566a219ed766',
|
133
|
+
'5f0b62eab5e353ea6521651658fbb65359f443280a4afbd104d77d10f9f04c07',
|
134
|
+
'614fd18da1490560cdad1196e2492ab7062eab1a67b3a30f1d0585a7d6ba6824',
|
135
|
+
'69ddd7ea90bb57c93e135dc85ea6fcd5480b603239bdc454fc758b2a26cf7f79',
|
136
|
+
'76ef4762e573206006cbc338b17ca4bc200574a11928d90c3ef31c5e803e6c6f',
|
137
|
+
'83ce3c1229688a593d485f81973c0f9195431eda37cc5e36430e79c7a888638b',
|
138
|
+
'87c678bfb8b25f38f7e97b336956bbcf144bbacaa53647e61a2325bc1055316b',
|
139
|
+
'8d722f81a9c113c0791df136a2966db26c950a971db46b4199f4ea54b78bfb9f',
|
140
|
+
'8dbb5a7c06c20ef62dd912a36740992ff6e1e8583d42ede257c3affd7c769399',
|
141
|
+
'8f9e2751dcd574e9ba90e744ea92581fd0af640ae86ac1ce2198c90f96b44823',
|
142
|
+
'92a9d9833fe1944db366e8bfae7a95b6480c2d6c6c2a1be65d4236b608fca1bb',
|
143
|
+
'944554239d91ed9efedcf906d5e8113160b46fc816dc6bdc77b89da29b6562b9',
|
144
|
+
'9acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df',
|
145
|
+
'9d190b2e314566685be8a889e27aa8c7d7ae1d8aaddba3c1ecf9d24863cd34b9',
|
146
|
+
'9e503738722e0a104cf659ff9f92f0b5b3662acd112d4664d1e7db93abf46a59',
|
147
|
+
'a0234f3bc8527ca5628eec81ad5d69895da5680dc91d1cb8477f33f878b95b0b',
|
148
|
+
'a0459b9f63b22559f5fa5d4c6db3f9f72ff19342033578f073bf1d1b46cbb912',
|
149
|
+
'a4310d50af18a6447190372a86afaf8b951ffb431d837f1e5688b45971ed1557',
|
150
|
+
'a4b6b3996fc2f306b3fd8681bd63413d8c5009cc4fa329c2ccf0e2fa1b140305',
|
151
|
+
'b32396746453442f353e616292bb20bbaa5d23b546450fdb9c54b8386167d529',
|
152
|
+
'b478b812250df878635c2aa7ec7d155eaa625ee82916e2cd294361886cd1fbd4',
|
153
|
+
'bb6ce72f0e64bfd93ade14b1becf8c41e7bc927cafb477a3a95878c01aa26c3e',
|
154
|
+
'bcff2ab03578ebbfb219b65e854cf26a3d8dfe6d1acf3e765b8636827b81eaee',
|
155
|
+
'c38dcb38959393358691ea4d4f3ce495ce748996e64ed1891d897a0fc4dd55c6',
|
156
|
+
'c4fa68f8270924c300cbc0d3615a7b88e82231749cf6522452272222c9f0a83e',
|
157
|
+
'ca2d82a08677072f8ab6764ff035676cfe3e5e325e012172df3f92096db79b85',
|
158
|
+
'cb627d18b58ad56dde331a30456bc65c601a4e9b18dedcea08e7daaa07815ff0',
|
159
|
+
'cb6b05d9e8e57cd882b10b4db70de4bb1de42ba48a7bd0318b635bf6e7781a9d',
|
160
|
+
'cbb02707160f4f77291a27561448691ca5901808e5f36e758449a862aa5272cb',
|
161
|
+
'cbb5af185e942a2402f9eacbc0ed5bb876eea3c1223623d00447e4f3ba554b65',
|
162
|
+
'cf56ff46a4a186109dd96584b5eeb58a510c4275b0e5f94f40bbae865e19f673',
|
163
|
+
'd17cd8ecd586b712238a482ce46fa5293970742f276d8ab6a9e46ee0288f3355',
|
164
|
+
'ddcef1660de3b06996507f56168865a20b43cda89cf7e8735a82b83bba00c498',
|
165
|
+
'e389360d0fdbaeb3d250584b4730314e222f39c156a020144e8d960561791506',
|
166
|
+
'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
|
167
|
+
'e6b8f8766485f807ae7f8dac1670461f07c0a13eef3a1ff717538d7abad391b4',
|
168
|
+
'eb04cf5eb1f39afa762f2bb120f296cba520c1b97db1589565b81cb9a17b7244',
|
169
|
+
'ebf3c02a8789b1fb7d511995d663b72906d913ce0d5e10568a8a77e2586167e7',
|
170
|
+
'f5074a8f5b9a5b8142f34abe152f60364d770eae75ee3eeceb45b6b996509788',
|
171
|
+
'f59db3f45d57fcec94ccd516e6c8ccb20dd4363feb2c44d8656e95f50fdd8df8',
|
172
|
+
'fe863d0822fe7a2353fa484d5924e875656d3dc9fb58771f6f616f9d571bc592',
|
173
|
+
'ff856a2d251dcd88d36656f450126798cfabaade40799c722de4d2b5db36a73a']
|
174
|
+
return roots.include? hash
|
175
|
+
end
|
106
176
|
end
|
107
177
|
end
|
108
178
|
end
|