yawast 0.7.0.beta1 → 0.7.0.beta2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +12 -0
  3. data/CHANGELOG.md +5 -1
  4. data/Gemfile +2 -2
  5. data/README.md +8 -1
  6. data/Rakefile +1 -1
  7. data/bin/yawast +8 -0
  8. data/lib/commands/cms.rb +2 -0
  9. data/lib/commands/dns.rb +3 -3
  10. data/lib/commands/head.rb +2 -0
  11. data/lib/commands/scan.rb +2 -0
  12. data/lib/commands/ssl.rb +2 -0
  13. data/lib/commands/utils.rb +5 -3
  14. data/lib/scanner/core.rb +34 -26
  15. data/lib/scanner/generic.rb +33 -130
  16. data/lib/scanner/plugins/applications/cms/generic.rb +20 -0
  17. data/lib/scanner/plugins/applications/generic/password_reset.rb +180 -0
  18. data/lib/scanner/plugins/dns/caa.rb +30 -12
  19. data/lib/scanner/plugins/dns/generic.rb +38 -1
  20. data/lib/scanner/plugins/http/directory_search.rb +14 -12
  21. data/lib/scanner/plugins/http/file_presence.rb +21 -13
  22. data/lib/scanner/plugins/http/generic.rb +95 -0
  23. data/lib/scanner/plugins/servers/apache.rb +23 -23
  24. data/lib/scanner/plugins/servers/generic.rb +25 -0
  25. data/lib/scanner/plugins/servers/iis.rb +6 -6
  26. data/lib/scanner/plugins/servers/nginx.rb +3 -1
  27. data/lib/scanner/plugins/servers/python.rb +3 -1
  28. data/lib/scanner/plugins/spider/spider.rb +7 -7
  29. data/lib/scanner/plugins/ssl/ssl.rb +14 -14
  30. data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +14 -13
  31. data/lib/scanner/plugins/ssl/ssl_labs/info.rb +6 -4
  32. data/lib/scanner/plugins/ssl/sweet32.rb +68 -63
  33. data/lib/scanner/ssl.rb +33 -36
  34. data/lib/scanner/ssl_labs.rb +373 -110
  35. data/lib/scanner/vuln_scan.rb +27 -0
  36. data/lib/shared/http.rb +31 -27
  37. data/lib/shared/output.rb +7 -15
  38. data/lib/shared/uri.rb +14 -14
  39. data/lib/string_ext.rb +10 -4
  40. data/lib/uri_ext.rb +1 -1
  41. data/lib/util.rb +28 -0
  42. data/lib/version.rb +3 -1
  43. data/lib/yawast.rb +12 -2
  44. data/test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json +1933 -0
  45. data/test/test_scan_cms.rb +2 -2
  46. data/test/test_ssl_labs_analyze.rb +15 -0
  47. data/yawast.gemspec +8 -5
  48. metadata +75 -28
  49. data/lib/scanner/cms.rb +0 -14
  50. data/lib/scanner/php.rb +0 -19
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1a0010955fcbfb843d4eaf927682a22df138b4a6
4
- data.tar.gz: df672ffa6576e142c62fe0904f07ef90cc54c612
3
+ metadata.gz: 449a14e8b574b57874cdbb8fff80b11b667b1d81
4
+ data.tar.gz: 7a724b743c8d27f5a92b0e477d27adf06e5b837f
5
5
  SHA512:
6
- metadata.gz: d1152a1e138492093e18834d8d542b4438a3904703a9449e6092857212db4d04048afeb9329e49bb591e217c1be82d06c1451a986a5e3cd517b66933dbacf018
7
- data.tar.gz: 6ab13462bab4524b4e8c0347d0065b7947799ad6ab4ef6bed5bf38dadf090ad2d85e9bc1384a73247d302820ce034ea949824565960b93fedeaabc52797cbea1
6
+ metadata.gz: 8e692349d710ad580cb80b027e7bd1da180e954a3dad1f9d4f493802c9c4f4cd5a0909ad2afd62429d6c2c7b61711ef24f3e887262b5fe899dcde3e316feb09f
7
+ data.tar.gz: 68f55b6ff5fd2e62d0b608ac3c6afa981f9cd59d69cc2de34878b7e9d60e929232043d022d3549b5a8ad0d3f29a0a22fbdb4e502b6c48b6a0570a6db34da4b3b
data/.rubocop.yml CHANGED
@@ -15,3 +15,15 @@ Metrics/MethodLength:
15
15
 
16
16
  Layout/CaseIndentation:
17
17
  IndentOneStep: true
18
+
19
+ Layout/SpaceInsideHashLiteralBraces:
20
+ EnforcedStyle: no_space
21
+
22
+ Style/BracesAroundHashParameters:
23
+ EnforcedStyle: braces
24
+
25
+ Style/RedundantBegin:
26
+ Enabled: false
27
+
28
+ Style/SafeNavigation:
29
+ Enabled: false
data/CHANGELOG.md CHANGED
@@ -1,6 +1,6 @@
1
1
  ## 0.7.0 - In Development
2
2
 
3
- * [#38](https://github.com/adamcaudill/yawast/issues/38) - Report Generation Mode (work in progress)
3
+ * [#38](https://github.com/adamcaudill/yawast/issues/38) - JSON Output Option via `--output=` (work in progress)
4
4
  * [#133](https://github.com/adamcaudill/yawast/issues/133) - Include a Timestamp In Output
5
5
  * [#134](https://github.com/adamcaudill/yawast/issues/134) - Add options to DNS command
6
6
  * [#135](https://github.com/adamcaudill/yawast/issues/135) - Incomplete Certificate Chain Warning
@@ -9,6 +9,10 @@
9
9
  * [#139](https://github.com/adamcaudill/yawast/issues/139) - Add Spider Option
10
10
  * [#140](https://github.com/adamcaudill/yawast/issues/140) - Save output on cancel
11
11
  * [#141](https://github.com/adamcaudill/yawast/issues/141) - Flag --internalssl as Deprecated
12
+ * [#147](https://github.com/adamcaudill/yawast/issues/147) - User Enumeration via Password Reset Form
13
+ * [#148](https://github.com/adamcaudill/yawast/issues/148) - Added `--vuln_scan` option to enable new vulnerability scanner
14
+ * [#151](https://github.com/adamcaudill/yawast/issues/151) - User Enumeration via Password Reset Form Timing Differences
15
+ * [#152](https://github.com/adamcaudill/yawast/issues/152) - Add check for 64bit TLS Cert Serial Numbers
12
16
  * [#130](https://github.com/adamcaudill/yawast/issues/130) - Bug: HSTS Error leads to printing HTML
13
17
  * [#132](https://github.com/adamcaudill/yawast/issues/132) - Bug: Typo in SSL Output
14
18
  * [#142](https://github.com/adamcaudill/yawast/issues/142) - Bug: Error In Collecting DNS Information
data/Gemfile CHANGED
@@ -3,10 +3,10 @@ source 'https://rubygems.org'
3
3
  gemspec
4
4
 
5
5
  group :test do
6
- gem 'rake'
6
+ gem 'codeclimate-test-reporter', {require: nil}
7
7
  gem 'minitest'
8
8
  gem 'minitest-reporters'
9
+ gem 'rake'
9
10
  gem 'simplecov'
10
11
  gem 'webrick'
11
- gem 'codeclimate-test-reporter', require: nil
12
12
  end
data/README.md CHANGED
@@ -30,6 +30,8 @@ It's strongly recommended that you review the [installation](https://github.com/
30
30
 
31
31
  The following tests are performed:
32
32
 
33
+ * *(Generic)* User Enumeration via Password Reset Form Response Differences
34
+ * *(Generic)* User Enumeration via Password Reset Form Timing Differences
33
35
  * *(Generic)* Info Disclosure: X-Powered-By header present
34
36
  * *(Generic)* Info Disclosure: X-Pingback header present
35
37
  * *(Generic)* Info Disclosure: X-Backend-Server header present
@@ -49,8 +51,9 @@ The following tests are performed:
49
51
  * *(Generic)* Presence of WS_FTP.LOG
50
52
  * *(Generic)* Presence of RELEASE-NOTES.txt
51
53
  * *(Generic)* Presence of readme.html
54
+ * *(Generic)* Presence of CHANGELOG.txt
52
55
  * *(Generic)* Missing cookie flags (Secure, HttpOnly, and SameSite)
53
- * *(Generic)* Search for files (14,169) & common directories (21,332)
56
+ * *(Generic)* Search for 14,169 common files (via `--files`) & 21,332 common directories (via `--dir`)
54
57
  * *(Apache)* Info Disclosure: Module listing enabled
55
58
  * *(Apache)* Info Disclosure: Server version
56
59
  * *(Apache)* Info Disclosure: OpenSSL module version
@@ -86,6 +89,8 @@ SSL Information:
86
89
 
87
90
  Checks for the following SSL issues are performed:
88
91
 
92
+ *Note: By default, YAWAST uses SSL Labs, meaning this is a small subset of issues detected.*
93
+
89
94
  * Expired Certificate
90
95
  * Self-Signed Certificate
91
96
  * MD5 Signature
@@ -93,6 +98,7 @@ Checks for the following SSL issues are performed:
93
98
  * RC4 Cipher Suites
94
99
  * Weak (< 128 bit) Cipher Suites
95
100
  * SWEET32
101
+ * 64-bit Serial Numbers ([details](https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/))
96
102
 
97
103
  Certain DNS information is collected:
98
104
 
@@ -121,4 +127,5 @@ Sample output for a [scan](https://github.com/adamcaudill/yawast/wiki/Sample-Out
121
127
 
122
128
  ### Special Thanks
123
129
 
130
+ * [AppSec Consulting](https://www.appsecconsulting.com/) - Generously providing time to improve this tool.
124
131
  * [SecLists](https://github.com/danielmiessler/SecLists) - Various lists are based on the resources collected by this project.
data/Rakefile CHANGED
@@ -3,7 +3,7 @@ require 'rake/testtask'
3
3
  task :default => [:codeclimate]
4
4
 
5
5
  task :test do
6
- #set this, so that we can modify behavior based on where's it's ran from
6
+ # set this, so that we can modify behavior based on where's it's ran from
7
7
  ENV['FROM_RAKE'] = 'true'
8
8
 
9
9
  require File.join(File.dirname(__FILE__), 'test/test_helper')
data/bin/yawast CHANGED
@@ -29,8 +29,12 @@ command :scan do |c|
29
29
  c.option '--nodns', 'Disable DNS checks'
30
30
  c.option '--spider', 'Spider the site'
31
31
  c.option '--output STRING', String, 'Output JSON file'
32
+ c.option '--vuln_scan', 'Use new vulnerability scanner (BETA)'
33
+ c.option '--user STRING', String, 'Valid username for the application (will prompt if not provided)'
34
+ c.option '--pass_reset_page STRING', String, 'Password reset page (will prompt if not provided)'
32
35
 
33
36
  c.action do |args, options|
37
+ Yawast.options = options
34
38
  Yawast::Commands::Scan.process(args, options)
35
39
  end
36
40
  end
@@ -49,6 +53,7 @@ command :head do |c|
49
53
  c.option '--output STRING', String, 'Output JSON file'
50
54
 
51
55
  c.action do |args, options|
56
+ Yawast.options = options
52
57
  Yawast::Commands::Head.process(args, options)
53
58
  end
54
59
  end
@@ -63,6 +68,7 @@ command :ssl do |c|
63
68
  c.option '--nodns', 'Disable DNS checks'
64
69
 
65
70
  c.action do |args, options|
71
+ Yawast.options = options
66
72
  Yawast::Commands::Ssl.process(args, options)
67
73
  end
68
74
  end
@@ -75,6 +81,7 @@ command :cms do |c|
75
81
  c.option '--cookie STRING', String, 'Session cookie'
76
82
 
77
83
  c.action do |args, options|
84
+ Yawast.options = options
78
85
  Yawast::Commands::Cms.process(args, options)
79
86
  end
80
87
  end
@@ -88,6 +95,7 @@ command :dns do |c|
88
95
  c.option '--output STRING', String, 'Output JSON file'
89
96
 
90
97
  c.action do |args, options|
98
+ Yawast.options = options
91
99
  Yawast::Commands::DNS.process(args, options)
92
100
  end
93
101
  end
data/lib/commands/cms.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Yawast
2
4
  module Commands
3
5
  class Cms
data/lib/commands/dns.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Yawast
2
4
  module Commands
3
5
  class DNS
@@ -6,9 +8,7 @@ module Yawast
6
8
 
7
9
  Yawast.header
8
10
 
9
- if options.output != nil
10
- Yawast::Shared::Output.setup uri, options
11
- end
11
+ Yawast::Shared::Output.setup uri, options unless options.output.nil?
12
12
 
13
13
  puts "Scanning: #{uri}"
14
14
  puts
data/lib/commands/head.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Yawast
2
4
  module Commands
3
5
  class Head
data/lib/commands/scan.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Yawast
2
4
  module Commands
3
5
  class Scan
data/lib/commands/ssl.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Yawast
2
4
  module Commands
3
5
  class Ssl
@@ -1,13 +1,15 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Yawast
2
4
  module Commands
3
5
  class Utils
4
6
  def self.extract_uri(args)
5
- raise ArgumentError.new('You must specify a URL.') if args.empty?
7
+ raise ArgumentError, 'You must specify a URL.' if args.empty?
6
8
 
7
- #this might be a bad assumption
9
+ # this might be a bad assumption
8
10
  url = args[0]
9
11
 
10
- return Yawast::Shared::Uri.extract_uri url
12
+ Yawast::Shared::Uri.extract_uri url
11
13
  end
12
14
  end
13
15
  end
data/lib/scanner/core.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Yawast
2
4
  module Scanner
3
5
  class Core
@@ -14,9 +16,7 @@ module Yawast
14
16
 
15
17
  print_header
16
18
 
17
- if options.output != nil
18
- Yawast::Shared::Output.setup @uri, options
19
- end
19
+ Yawast::Shared::Output.setup @uri, options if options.output != nil
20
20
 
21
21
  ssl_redirect = Yawast::Scanner::Plugins::SSL::SSL.check_for_ssl_redirect @uri
22
22
  if ssl_redirect
@@ -27,9 +27,7 @@ module Yawast
27
27
 
28
28
  Yawast::Scanner::Plugins::SSL::SSL.set_openssl_options
29
29
 
30
- unless options.nodns
31
- Yawast::Scanner::Plugins::DNS::Generic.dns_info @uri, options
32
- end
30
+ Yawast::Scanner::Plugins::DNS::Generic.dns_info @uri, options unless options.nodns
33
31
  end
34
32
 
35
33
  @setup = true
@@ -42,38 +40,48 @@ module Yawast
42
40
  setup(uri, options)
43
41
 
44
42
  begin
45
- #setup the proxy
43
+ # setup the proxy
46
44
  Yawast::Shared::Http.setup(options.proxy, options.cookie)
47
45
 
48
- #cache the HEAD result, so that we can minimize hits
46
+ # cache the HEAD result, so that we can minimize hits
49
47
  head = get_head
50
48
  Yawast::Shared::Output.log_hash 'http', 'head', 'raw', head.to_hash
51
49
  Yawast::Scanner::Generic.head_info(head, @uri)
52
50
 
53
- #perfom SSL checks
51
+ # perform SSL checks
54
52
  check_ssl(@uri, options, head)
55
53
 
56
- #process the 'scan' stuff that goes beyond 'head'
54
+ # process the 'scan' stuff that goes beyond 'head'
57
55
  unless options.head
58
56
  # connection details for SSL
59
57
  Yawast::Scanner::Plugins::SSL::SSL.ssl_connection_info @uri
60
58
 
61
- # server specific checks
62
- Yawast::Scanner::Plugins::Servers::Apache.check_all(@uri)
63
- Yawast::Scanner::Plugins::Servers::Iis.check_all(@uri, head)
59
+ if Yawast.options.vuln_scan
60
+ # new scanner-----------------------------------------------------
61
+ # this is the new model, that will eventually become the default--
62
+ # ----------------------------------------------------------------
64
63
 
65
- Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri, options.files
64
+ Yawast::Scanner::VulnScan.scan(@uri, options, head)
65
+ else
66
+ # legacy checks --------------------------------------------------
67
+ # try not to break these, until the old scanner model is removed--
68
+ # ----------------------------------------------------------------
66
69
 
67
- # generic header checks
68
- Yawast::Scanner::Generic.check_propfind(@uri)
69
- Yawast::Scanner::Generic.check_options(@uri)
70
- Yawast::Scanner::Generic.check_trace(@uri)
70
+ # server specific checks
71
+ Yawast::Scanner::Plugins::Servers::Apache.check_all(@uri)
72
+ Yawast::Scanner::Plugins::Servers::Iis.check_all(@uri, head)
71
73
 
72
- if options.spider
73
- Yawast::Scanner::Plugins::Spider::Spider.spider(@uri)
74
+ Yawast::Scanner::Plugins::Http::FilePresence.check_all @uri, options.files
75
+
76
+ # generic header checks
77
+ Yawast::Scanner::Plugins::Http::Generic.check_propfind(@uri)
78
+ Yawast::Scanner::Plugins::Http::Generic.check_options(@uri)
79
+ Yawast::Scanner::Plugins::Http::Generic.check_trace(@uri)
74
80
  end
75
81
 
76
- #check for common directories
82
+ Yawast::Scanner::Plugins::Spider::Spider.spider(@uri) if options.spider
83
+
84
+ # check for common directories
77
85
  if options.dir
78
86
  Yawast::Scanner::Plugins::Http::DirectorySearch.search @uri, options.dirrecursive, options.dirlistredir
79
87
  end
@@ -87,7 +95,7 @@ module Yawast
87
95
 
88
96
  Yawast::Shared::Output.write_file
89
97
  puts "Scan complete (#{elapsed_time})."
90
- rescue => e
98
+ rescue => e # rubocop:disable Style/RescueStandardError
91
99
  Yawast::Utilities.puts_error "Fatal Error: Can not continue. (#{e.class}: #{e.message})"
92
100
  end
93
101
  end
@@ -96,14 +104,14 @@ module Yawast
96
104
  setup(uri, options)
97
105
 
98
106
  body = Yawast::Shared::Http.get(uri)
99
- Yawast::Scanner::Cms.get_generator(body)
107
+ Yawast::Scanner::Plugins::Applications::CMS::Generic.get_generator(body)
100
108
  end
101
109
 
102
110
  def self.check_ssl(uri, options, head)
103
111
  setup(uri, options)
104
112
 
105
113
  if @uri.scheme == 'https' && !options.nossl
106
- head = get_head if head == nil
114
+ head = get_head if head.nil?
107
115
 
108
116
  if options.internalssl || IPAddress.valid?(@uri.host) || @uri.port != 443
109
117
  Yawast::Scanner::Ssl.info(@uri, !options.nociphers, options.tdessessioncount)
@@ -118,10 +126,10 @@ module Yawast
118
126
  end
119
127
  end
120
128
 
121
- def self.get_head()
129
+ def self.get_head
122
130
  begin
123
131
  Yawast::Shared::Http.head(@uri)
124
- rescue => e
132
+ rescue => e # rubocop:disable Style/RescueStandardError
125
133
  Yawast::Utilities.puts_error "Fatal Connection Error: Unable to complete HEAD request from '#{@uri}' (#{e.class}: #{e.message})"
126
134
  exit 1
127
135
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'ipaddr_extensions'
2
4
  require 'json'
3
5
  require 'public_suffix'
@@ -9,7 +11,7 @@ module Yawast
9
11
  begin
10
12
  server = ''
11
13
  powered_by = ''
12
- cookies = Array.new
14
+ cookies = []
13
15
  pingback = ''
14
16
  frame_options = ''
15
17
  content_options = ''
@@ -26,21 +28,21 @@ module Yawast
26
28
  Yawast::Utilities.puts_info "\t\t#{k}: #{v}"
27
29
  Yawast::Shared::Output.log_value 'http', 'head', k, v
28
30
 
29
- server = v if k.downcase == 'server'
30
- powered_by = v if k.downcase == 'x-powered-by'
31
- pingback = v if k.downcase == 'x-pingback'
32
- frame_options = v if k.downcase == 'x-frame-options'
33
- content_options = v if k.downcase == 'x-content-type-options'
34
- csp = v if k.downcase == 'content-security-policy'
35
- backend_server = v if k.downcase == 'x-backend-server'
36
- runtime = v if k.downcase == 'x-runtime'
37
- xss_protection = v if k.downcase == 'x-xss-protection'
38
- via = v if k.downcase == 'via'
39
- hpkp = v if k.downcase == 'public-key-pins'
40
- acao = v if k.downcase == 'access-control-allow-origin'
41
-
42
- if k.downcase == 'set-cookie'
43
- #this chunk of magic manages to properly split cookies, when multiple are sent together
31
+ server = v if k.casecmp('server').zero?
32
+ powered_by = v if k.casecmp('x-powered-by').zero?
33
+ pingback = v if k.casecmp('x-pingback').zero?
34
+ frame_options = v if k.casecmp('x-frame-options').zero?
35
+ content_options = v if k.casecmp('x-content-type-options').zero?
36
+ csp = v if k.casecmp('content-security-policy').zero?
37
+ backend_server = v if k.casecmp('x-backend-server').zero?
38
+ runtime = v if k.casecmp('x-runtime').zero?
39
+ xss_protection = v if k.casecmp('x-xss-protection').zero?
40
+ via = v if k.casecmp('via').zero?
41
+ hpkp = v if k.casecmp('public-key-pins').zero?
42
+ acao = v if k.casecmp('access-control-allow-origin').zero?
43
+
44
+ if k.casecmp('set-cookie').zero?
45
+ # this chunk of magic manages to properly split cookies, when multiple are sent together
44
46
  v.gsub(/(,([^;,]*=)|,$)/) { "\r\n#{$2}" }.split(/\r\n/).each do |c|
45
47
  cookies.push(c)
46
48
 
@@ -52,28 +54,22 @@ module Yawast
52
54
 
53
55
  if server != ''
54
56
  Yawast::Scanner::Plugins::Servers::Apache.check_banner(server)
55
- Yawast::Scanner::Php.check_banner(server)
57
+ Yawast::Scanner::Plugins::Servers::Generic.check_banner_php(server)
56
58
  Yawast::Scanner::Plugins::Servers::Iis.check_banner(server)
57
59
  Yawast::Scanner::Plugins::Servers::Nginx.check_banner(server)
58
60
  Yawast::Scanner::Plugins::Servers::Python.check_banner(server)
59
61
 
60
- if server == 'cloudflare-nginx'
62
+ if server == 'cloudflare'
61
63
  Yawast::Utilities.puts_info 'NOTE: Server appears to be Cloudflare; WAF may be in place.'
62
64
  puts
63
65
  end
64
66
  end
65
67
 
66
- if powered_by != ''
67
- Yawast::Utilities.puts_warn "X-Powered-By Header Present: #{powered_by}"
68
- end
68
+ Yawast::Utilities.puts_warn "X-Powered-By Header Present: #{powered_by}" if powered_by != ''
69
69
 
70
- if xss_protection == '0'
71
- Yawast::Utilities.puts_warn 'X-XSS-Protection Disabled Header Present'
72
- end
70
+ Yawast::Utilities.puts_warn 'X-XSS-Protection Disabled Header Present' if xss_protection == '0'
73
71
 
74
- unless pingback == ''
75
- Yawast::Utilities.puts_info "X-Pingback Header Present: #{pingback}"
76
- end
72
+ Yawast::Utilities.puts_info "X-Pingback Header Present: #{pingback}" unless pingback == ''
77
73
 
78
74
  unless runtime == ''
79
75
  if runtime.is_number?
@@ -83,18 +79,14 @@ module Yawast
83
79
  end
84
80
  end
85
81
 
86
- unless backend_server == ''
87
- Yawast::Utilities.puts_warn "X-Backend-Server Header Present: #{backend_server}"
88
- end
82
+ Yawast::Utilities.puts_warn "X-Backend-Server Header Present: #{backend_server}" unless backend_server == ''
89
83
 
90
- unless via == ''
91
- Yawast::Utilities.puts_warn "Via Header Present: #{via}"
92
- end
84
+ Yawast::Utilities.puts_warn "Via Header Present: #{via}" unless via == ''
93
85
 
94
86
  if frame_options == ''
95
87
  Yawast::Utilities.puts_warn 'X-Frame-Options Header Not Present'
96
88
  else
97
- if frame_options.downcase == 'allow'
89
+ if frame_options.casecmp('allow').zero?
98
90
  Yawast::Utilities.puts_vuln "X-Frame-Options Header: #{frame_options}"
99
91
  else
100
92
  Yawast::Utilities.puts_info "X-Frame-Options Header: #{frame_options}"
@@ -107,17 +99,11 @@ module Yawast
107
99
  Yawast::Utilities.puts_info "X-Content-Type-Options Header: #{content_options}"
108
100
  end
109
101
 
110
- if csp == ''
111
- Yawast::Utilities.puts_warn 'Content-Security-Policy Header Not Present'
112
- end
102
+ Yawast::Utilities.puts_warn 'Content-Security-Policy Header Not Present' if csp == ''
113
103
 
114
- if hpkp == ''
115
- Yawast::Utilities.puts_warn 'Public-Key-Pins Header Not Present'
116
- end
104
+ Yawast::Utilities.puts_warn 'Public-Key-Pins Header Not Present' if hpkp == ''
117
105
 
118
- if acao == '*'
119
- Yawast::Utilities.puts_warn 'Access-Control-Allow-Origin: Unrestricted'
120
- end
106
+ Yawast::Utilities.puts_warn 'Access-Control-Allow-Origin: Unrestricted' if acao == '*'
121
107
 
122
108
  puts ''
123
109
 
@@ -129,7 +115,7 @@ module Yawast
129
115
 
130
116
  elements = val.strip.split(';')
131
117
 
132
- #check for secure cookies
118
+ # check for secure cookies
133
119
  if elements.include?(' Secure') || elements.include?(' secure')
134
120
  if uri.scheme != 'https'
135
121
  Yawast::Utilities.puts_warn "\t\t\tCookie with Secure flag sent over non-HTTPS connection"
@@ -138,12 +124,12 @@ module Yawast
138
124
  Yawast::Utilities.puts_warn "\t\t\tCookie missing Secure flag"
139
125
  end
140
126
 
141
- #check for HttpOnly cookies
127
+ # check for HttpOnly cookies
142
128
  unless elements.include?(' HttpOnly') || elements.include?(' httponly')
143
129
  Yawast::Utilities.puts_warn "\t\t\tCookie missing HttpOnly flag"
144
130
  end
145
131
 
146
- #check for SameSite cookies
132
+ # check for SameSite cookies
147
133
  unless elements.include?(' SameSite') || elements.include?(' samesite')
148
134
  Yawast::Utilities.puts_warn "\t\t\tCookie missing SameSite flag"
149
135
  end
@@ -153,94 +139,11 @@ module Yawast
153
139
  end
154
140
 
155
141
  puts ''
156
- rescue => e
142
+ rescue => e # rubocop:disable Style/RescueStandardError
157
143
  Yawast::Utilities.puts_error "Error getting head information: #{e.message}"
158
144
  raise
159
145
  end
160
146
  end
161
-
162
- def self.check_options(uri)
163
- begin
164
- req = Yawast::Shared::Http.get_http(uri)
165
- req.use_ssl = uri.scheme == 'https'
166
- headers = Yawast::Shared::Http.get_headers
167
- res = req.request(Options.new('/', headers))
168
-
169
- if res['Public'] != nil
170
- Yawast::Utilities.puts_info "Public HTTP Verbs (OPTIONS): #{res['Public']}"
171
- Yawast::Shared::Output.log_value 'http', 'options', 'public', res['Public']
172
-
173
- puts ''
174
- end
175
- if res['Allow'] != nil
176
- Yawast::Utilities.puts_info "Allow HTTP Verbs (OPTIONS): #{res['Allow']}"
177
- Yawast::Shared::Output.log_value 'http', 'options', 'allow', res['Allow']
178
-
179
- puts ''
180
- end
181
- end
182
- end
183
-
184
- def self.check_trace(uri)
185
- begin
186
- req = Yawast::Shared::Http.get_http(uri)
187
- req.use_ssl = uri.scheme == 'https'
188
- headers = Yawast::Shared::Http.get_headers
189
- res = req.request(Trace.new('/', headers))
190
-
191
- if res.body.include?('TRACE / HTTP/1.1') && res.code == '200'
192
- Yawast::Utilities.puts_warn 'HTTP TRACE Enabled'
193
- puts "\t\t\"curl -X TRACE #{uri}\""
194
-
195
- puts ''
196
- end
197
-
198
- Yawast::Shared::Output.log_value 'http', 'trace', 'raw', res.body
199
- Yawast::Shared::Output.log_value 'http', 'trace', 'code', res.code
200
- end
201
- end
202
-
203
- def self.check_propfind(uri)
204
- begin
205
- req = Yawast::Shared::Http.get_http(uri)
206
- req.use_ssl = uri.scheme == 'https'
207
- headers = Yawast::Shared::Http.get_headers
208
- res = req.request(Propfind.new('/', headers))
209
-
210
- if res.code.to_i <= 400 && res.body.length > 0 && res['Content-Type'] == 'text/xml'
211
- Yawast::Utilities.puts_warn 'Possible Info Disclosure: PROPFIND Enabled'
212
- puts "\t\t\"curl -X PROPFIND #{uri}\""
213
-
214
- puts ''
215
- end
216
-
217
- Yawast::Shared::Output.log_value 'http', 'propfind', 'raw', res.body
218
- Yawast::Shared::Output.log_value 'http', 'propfind', 'code', res.code
219
- Yawast::Shared::Output.log_value 'http', 'propfind', 'content-type', res['Content-Type']
220
- Yawast::Shared::Output.log_value 'http', 'propfind', 'length', res.body.length
221
- end
222
- end
223
- end
224
-
225
- #Custom class to allow using the PROPFIND verb
226
- class Propfind < Net::HTTPRequest
227
- METHOD = 'PROPFIND'
228
- REQUEST_HAS_BODY = false
229
- RESPONSE_HAS_BODY = true
230
- end
231
-
232
- #Custom class to allow using the OPTIONS verb
233
- class Options < Net::HTTPRequest
234
- METHOD = 'OPTIONS'
235
- REQUEST_HAS_BODY = false
236
- RESPONSE_HAS_BODY = true
237
- end
238
-
239
- #Custom class to allow using the TRACE verb
240
- class Trace < Net::HTTPRequest
241
- METHOD = 'TRACE'
242
- REQUEST_HAS_BODY = false
243
- RESPONSE_HAS_BODY = true
244
147
  end
245
148
  end
246
149
  end