yawast 0.7.0 → 0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0ae21762fe7abf26bd16283e6a104c1013c446b7
-  data.tar.gz: 31549266d294f446a7e803e77cecd0e7e2bc999b
+  metadata.gz: 6eb300bec83fd978ab09a5868fa37e6907942063
+  data.tar.gz: 6917a7cd0974f048968f573bd3b31c1827fcf6c7
 SHA512:
-  metadata.gz: 886b7a4bf891d77eeca0f65a50733eb43aa6414c9d4d38a52acc363c1d6184df4b02d1ebf957ffc9637cb32097b088ae95527a90dbbdad58431403d327ec63a4
-  data.tar.gz: edd06c1933bda3b8643b9e6a06a8e690fa34f8136db9de5abdc446e08cc3fc766ffe8fc6f0ea514f76527630f718e35c30b9279a5dd6a01768d444cc05646e97
+  metadata.gz: f61f93e1a8e844d5643c00c3051c1ca8f5003e7ed485c8aadc09b93084fc4e8f1d4d59508c6cfbd2cf1d93b96dad9ae7fa2345033e13eb101507fa47b5d90d30
+  data.tar.gz: caa33cda72644fa4efd5feb751ba906742eccd7b6bb358ee538a0cb92dc341fce5ced112c10e22ae970ff3f787c60fae102ec729ec6a2323e64a9c5ea1af9f23

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.7.1 - 2019-05-07
+
+* [#37](https://github.com/adamcaudill/yawast/issues/37) - Batch Scanning Mode
+* [#165](https://github.com/adamcaudill/yawast/issues/165) - Add check for Referrer-Policy & Feature-Policy headers
+* [#167](https://github.com/adamcaudill/yawast/issues/167) - SSL Labs: Add Zombie POODLE & Related Findings
+
 ## 0.7.0 - 2019-04-19
 
 * [#38](https://github.com/adamcaudill/yawast/issues/38) - JSON Output Option via `--output=` (work in progress)

data/Dockerfile

@@ -36,15 +36,9 @@ RUN CHROME_STRING=$(/usr/bin/google-chrome-stable --version) \
   && rm /tmp/chromedriver_linux64.zip \
   && chmod +x /usr/bin/chromedriver
 
-RUN groupadd -r chrome && useradd -r -g chrome -G audio,video chrome \
-    && mkdir -p /home/chrome && chown -R chrome:chrome /home/chrome \
-		&& mkdir -p /opt/google/chrome && chown -R chrome:chrome /opt/google/chrome
-
 COPY . /data
 WORKDIR /data
 
-USER chrome
-
 ENV LANG      C.UTF-8
 ENV LANGUAGE  C.UTF-8
 ENV LC_ALL    C.UTF-8

data/README.md

@@ -43,6 +43,8 @@ The following tests are performed:
 * *(Generic)* X-Content-Type-Options header not present
 * *(Generic)* Content-Security-Policy header not present
 * *(Generic)* Public-Key-Pins header not present
+* *(Generic)* Referrer-Policy header not present
+* *(Generic)* Feature-Policy header not present
 * *(Generic)* X-XSS-Protection disabled header present
 * *(Generic)* SSL: HSTS not enabled
 * *(Generic)* Source Control: Common source control directories present
@@ -122,7 +124,7 @@ In addition to these tests, certain basic information is also displayed, such as
 
 The most common usage scenario is as simple as:
 
-`yawast scan <url>`
+`yawast scan <url1> <url2>`
 
 Detailed [usage information](https://github.com/adamcaudill/yawast/wiki/Usage-&-Parameters) is available on the wiki.
 

data/lib/commands/cms.rb

@@ -4,8 +4,11 @@ module Yawast
   module Commands
     class Cms
       def self.process(args, options)
-        uri = Yawast::Commands::Utils.extract_uri(args)
-        Yawast::Scanner::Core.get_cms(uri, options)
+        args.each do |arg|
+          uri = Yawast::Commands::Utils.extract_uri([arg])
+
+          Yawast::Scanner::Core.get_cms(uri, options)
+        end
       end
     end
   end

data/lib/commands/dns.rb

@@ -10,10 +10,16 @@ module Yawast
 
         Yawast::Shared::Output.setup uri, options unless options.output.nil?
 
-        puts "Scanning: #{uri}"
-        puts
+        args.each do |arg|
+          uri = Yawast::Commands::Utils.extract_uri([arg])
+          Yawast::Shared::Output.set_current_uri uri
+
+          puts "Scanning: #{uri}"
+          puts
+
+          Yawast::Scanner::Plugins::DNS::Generic.dns_info uri, options
+        end
 
-        Yawast::Scanner::Plugins::DNS::Generic.dns_info uri, options
         Yawast::Shared::Output.write_file
       end
     end

data/lib/commands/head.rb

@@ -4,10 +4,12 @@ module Yawast
   module Commands
     class Head
       def self.process(args, options)
-        uri = Yawast::Commands::Utils.extract_uri(args)
+        args.each do |arg|
+          uri = Yawast::Commands::Utils.extract_uri([arg])
 
-        options.head = true
-        Yawast::Scanner::Core.process(uri, options)
+          options.head = true
+          Yawast::Scanner::Core.process(uri, options)
+        end
       end
     end
   end

data/lib/commands/scan.rb

@@ -4,9 +4,11 @@ module Yawast
   module Commands
     class Scan
       def self.process(args, options)
-        uri = Yawast::Commands::Utils.extract_uri(args)
+        args.each do |arg|
+          uri = Yawast::Commands::Utils.extract_uri([arg])
 
-        Yawast::Scanner::Core.process(uri, options)
+          Yawast::Scanner::Core.process(uri, options)
+        end
       end
     end
   end

data/lib/commands/ssl.rb

@@ -4,9 +4,11 @@ module Yawast
   module Commands
     class Ssl
       def self.process(args, options)
-        uri = Yawast::Commands::Utils.extract_uri(args)
+        args.each do |arg|
+          uri = Yawast::Commands::Utils.extract_uri([arg])
 
-        Yawast::Scanner::Core.check_ssl(uri, options, nil)
+          Yawast::Scanner::Core.check_ssl(uri, options, nil)
+        end
       end
     end
   end

data/lib/scanner/core.rb

@@ -17,6 +17,7 @@ module Yawast
           print_header
 
           Yawast::Shared::Output.setup @uri, options if options.output != nil
+          Yawast::Shared::Output.set_current_uri @uri
 
           ssl_redirect = Yawast::Scanner::Plugins::SSL::SSL.check_for_ssl_redirect @uri
           if ssl_redirect

data/lib/scanner/generic.rb

@@ -22,6 +22,8 @@ module Yawast
           via = ''
           hpkp = ''
           acao = ''
+          referrer_policy = ''
+          feature_policy = ''
 
           Yawast::Utilities.puts_info 'HEAD:'
           head.each do |k, v|
@@ -40,6 +42,8 @@ module Yawast
             via = v if k.casecmp('via').zero?
             hpkp = v if k.casecmp('public-key-pins').zero?
             acao = v if k.casecmp('access-control-allow-origin').zero?
+            referrer_policy = v if k.casecmp('referrer-policy').zero?
+            feature_policy = v if k.casecmp('feature-policy').zero?
 
             if k.casecmp('set-cookie').zero?
               # this chunk of magic manages to properly split cookies, when multiple are sent together
@@ -107,6 +111,10 @@ module Yawast
 
           Yawast::Utilities.puts_warn 'Access-Control-Allow-Origin: Unrestricted' if acao == '*'
 
+          Yawast::Utilities.puts_warn 'Referrer-Policy Header Not Present' if referrer_policy == ''
+
+          Yawast::Utilities.puts_warn 'Feature-Policy Header Not Present' if feature_policy == ''
+
           puts ''
 
           unless cookies.empty?

data/lib/scanner/ssl_labs.rb

@@ -560,6 +560,118 @@ module Yawast
                                           {vulnerable: false}
         end
 
+        Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                        'tls_zombie_poodle',
+                                        {vulnerable: false, exploitable: false}
+        case ep['details']['zombiePoodle']
+          when -1
+            Yawast::Utilities.puts_error "\t\t\tZombie POODLE: Test Failed"
+          when 0
+            Yawast::Utilities.puts_error "\t\t\tZombie POODLE: Test Failed (Unknown)"
+          when 1
+            Yawast::Utilities.puts_info "\t\t\tZombie POODLE: No"
+          when 2
+            Yawast::Utilities.puts_warn "\t\t\tZombie POODLE: Vulnerable - Not Exploitable"
+
+            Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                            'tls_zombie_poodle',
+                                            {vulnerable: true, exploitable: false}
+          when 3
+            Yawast::Utilities.puts_vuln "\t\t\tZombie POODLE: Vulnerable - Exploitable"
+
+            Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                            'tls_zombie_poodle',
+                                            {vulnerable: true, exploitable: true}
+          when nil
+            # do nothing, this means they aren't sending the result
+          else
+            Yawast::Utilities.puts_error "\t\t\tZombie POODLE: Unknown Response #{ep['details']['zombiePoodle']}"
+        end
+
+        Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                        'tls_goldendoodle',
+                                        {vulnerable: false, exploitable: false}
+        case ep['details']['goldenDoodle']
+          when -1
+            Yawast::Utilities.puts_error "\t\t\tGOLDENDOODLE: Test Failed"
+          when 0
+            Yawast::Utilities.puts_error "\t\t\tGOLDENDOODLE: Test Failed (Unknown)"
+          when 1
+            Yawast::Utilities.puts_info "\t\t\tGOLDENDOODLE: No"
+          when 4
+            Yawast::Utilities.puts_warn "\t\t\tGOLDENDOODLE: Vulnerable - Not Exploitable"
+
+            Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                            'tls_goldendoodle',
+                                            {vulnerable: true, exploitable: false}
+          when 5
+            Yawast::Utilities.puts_vuln "\t\t\tGOLDENDOODLE: Vulnerable - Exploitable"
+
+            Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                            'tls_goldendoodle',
+                                            {vulnerable: true, exploitable: true}
+          when nil
+            # do nothing, this means they aren't sending the result
+          else
+            Yawast::Utilities.puts_error "\t\t\tGOLDENDOODLE: Unknown Response #{ep['details']['goldenDoodle']}"
+        end
+
+        Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                        'tls_openssl_cve_2019_1559',
+                                        {vulnerable: false, exploitable: false}
+        case ep['details']['zeroLengthPaddingOracle']
+          when -1
+            Yawast::Utilities.puts_error "\t\t\tOpenSSL 0-Length Padding Oracle (CVE-2019-1559): Test Failed"
+          when 0
+            Yawast::Utilities.puts_error "\t\t\tOpenSSL 0-Length Padding Oracle (CVE-2019-1559): Test Failed (Unknown)"
+          when 1
+            Yawast::Utilities.puts_info "\t\t\tOpenSSL 0-Length Padding Oracle (CVE-2019-1559): No"
+          when 6
+            Yawast::Utilities.puts_warn "\t\t\tOpenSSL 0-Length Padding Oracle (CVE-2019-1559): Vulnerable - Not Exploitable"
+
+            Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                            'tls_openssl_cve_2019_1559',
+                                            {vulnerable: true, exploitable: false}
+          when 7
+            Yawast::Utilities.puts_vuln "\t\t\tOpenSSL 0-Length Padding Oracle (CVE-2019-1559): Vulnerable - Exploitable"
+
+            Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                            'tls_openssl_cve_2019_1559',
+                                            {vulnerable: true, exploitable: true}
+          when nil
+            # do nothing, this means they aren't sending the result
+          else
+            Yawast::Utilities.puts_error "\t\t\tOpenSSL 0-Length Padding Oracle (CVE-2019-1559): Unknown Response #{ep['details']['zeroLengthPaddingOracle']}"
+        end
+
+        Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                        'tls_goldendoodle',
+                                        {vulnerable: false, exploitable: false}
+        case ep['details']['sleepingPoodle']
+          when -1
+            Yawast::Utilities.puts_error "\t\t\tSleeping POODLE: Test Failed"
+          when 0
+            Yawast::Utilities.puts_error "\t\t\tSleeping POODLE: Test Failed (Unknown)"
+          when 1
+            Yawast::Utilities.puts_info "\t\t\tSleeping POODLE: No"
+          when 10
+            Yawast::Utilities.puts_warn "\t\t\tSleeping POODLE: Vulnerable - Not Exploitable"
+
+            Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                            'tls_sleeping_poodle',
+                                            {vulnerable: true, exploitable: false}
+          when 11
+            Yawast::Utilities.puts_vuln "\t\t\tSleeping POODLE: Vulnerable - Exploitable"
+
+            Yawast::Shared::Output.log_hash 'vulnerabilities',
+                                            'tls_sleeping_poodle',
+                                            {vulnerable: true, exploitable: true}
+          when nil
+            # do nothing, this means they aren't sending the result
+          else
+            Yawast::Utilities.puts_error "\t\t\tSleeping POODLE: Unknown Response #{ep['details']['sleepingPoodle']}"
+        end
+
         Yawast::Shared::Output.log_hash 'vulnerabilities',
                                         'tls_poodle',
                                         {vulnerable: false}
@@ -580,6 +692,8 @@ module Yawast
             Yawast::Shared::Output.log_hash 'vulnerabilities',
                                             'tls_poodle',
                                             {vulnerable: true}
+          when nil
+          # do nothing, this means they aren't sending the result
           else
             Yawast::Utilities.puts_error "\t\t\tPOODLE (TLS): Unknown Response #{ep['details']['poodleTls']}"
         end

data/lib/shared/output.rb

@@ -38,9 +38,16 @@ module Yawast
         log_value 'ruby_version', "#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL}"
         log_value 'openssl_version', OpenSSL::OPENSSL_VERSION
         log_value 'platform', RUBY_PLATFORM
-        log_value 'target_uri', uri
         log_value 'options', options.__hash__
         log_value 'encoding', __ENCODING__
+
+        # setup the data structure to capture info for individual targets
+        @data['targets'] = {}
+        set_current_uri uri
+      end
+
+      def self.set_current_uri(uri)
+        @current_uri = uri
       end
 
       def self.log_value(super_parent = nil, parent = nil, key, value)
@@ -89,6 +96,12 @@ module Yawast
       def self.get_target(super_parent = nil, parent = nil)
         target = @data
 
+        # make sure we are on the right URI, and that it exists
+        unless @current_uri.nil?
+          target['targets'][@current_uri] = {} if target['targets'][@current_uri].nil?
+          target = target['targets'][@current_uri]
+        end
+
         # fix parent vs super confusion
         if parent.nil? && !super_parent.nil?
           parent = super_parent
@@ -129,6 +142,7 @@ module Yawast
         return unless @setup
 
         # note the ending time
+        set_current_uri nil
         log_value 'end_time', Time.new.to_i.to_s
 
         begin

data/lib/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Yawast
-  VERSION = '0.7.0'
+  VERSION = '0.7.1'
 end

data/lib/yawast.rb

@@ -30,6 +30,9 @@ module Yawast
   HTTP_UA = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) YAWAST/#{VERSION} Chrome/61.0.3163.100 Safari/537.36"
 
   def self.header
+    # prevent multiple runs
+    return if @header
+
     puts '__   _____  _    _  ___   _____ _____ '
     puts '\ \ / / _ \| |  | |/ _ \ /  ___|_   _|'
     puts ' \ V / /_\ \ |  | / /_\ \\\ `--.  | |  '
@@ -54,6 +57,7 @@ module Yawast
     end
 
     puts ''
+    @header = true
   end
 
   def self.options

data/test/test_ssl_labs_analyze.rb

@@ -100,7 +100,6 @@ class TestSSLLabsAnalyze < Minitest::Test
 
     assert stdout_value.include?('www.forest.gov.tw'), "domain name not found in #{stdout_value}"
     assert stdout_value.include?('Root Stores: Apple (trusted) Windows (trusted)'), "root store name not found in #{stdout_value}"
-    assert !stdout_value.include?('[E]'), "Error message found in #{stdout_value}"
 
     restore_stdout
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yawast
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.7.1
 platform: ruby
 authors:
 - Adam Caudill
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-04-19 00:00:00.000000000 Z
+date: 2019-05-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize