Commit 86b74b43ec5906c4961315466f05650b37eb3f51 - ruby-cms-scanner

+1

-1

app/finders/interesting_findings/search_replace_db_2.rb less more

8	8	def aggressive(_opts = {})
9	9	path = 'searchreplacedb2.php'
10	10
11		return unless target.head_and_get(path).body =~ /by interconnect/i
	11	return unless /by interconnect/i.match?(target.head_and_get(path).body)
12	12
13	13	NS::Model::InterestingFinding.new(target.url(path),
14	14	confidence: 100,

+1

-1

app/finders/interesting_findings/xml_rpc.rb less more

49	49
50	50	res = NS::Browser.post(potential_url, body: Digest::MD5.hexdigest(rand(999_999).to_s[0..5]))
51	51
52		next unless res&.body =~ /<methodResponse>/i
	52	next unless /<methodResponse>/i.match?(res&.body)
53	53
54	54	return NS::Model::XMLRPC.new(potential_url,
55	55	confidence: 100,

+1

-1

app/models/fantastico_fileslist.rb less more

8	8	results = []
9	9
10	10	entries.each do \|entry\|
11		next unless entry =~ /(?:admin\|\.log\|\.sql\|\.db)/i
	11	next unless /(?:admin\|\.log\|\.sql\|\.db)/i.match?(entry)
12	12
13	13	results << entry
14	14	end

+2

-2

cms_scanner.gemspec less more

19	19	s.require_paths = ['lib']
20	20
21	21	s.add_dependency 'nokogiri', '~> 1.10.0'
22		s.add_dependency 'opt_parse_validator', '~> 1.7.3'
	22	s.add_dependency 'opt_parse_validator', '~> 1.7.4'
23	23	s.add_dependency 'public_suffix', '>= 3.0', '< 4.1'
24	24	s.add_dependency 'ruby-progressbar', '~> 1.10.0'
25	25	s.add_dependency 'typhoeus', '~> 1.3.0'

31	31	s.add_development_dependency 'rake', '~> 12.3'
32	32	s.add_development_dependency 'rspec', '~> 3.8.0'
33	33	s.add_development_dependency 'rspec-its', '~> 1.3.0'
34		s.add_development_dependency 'rubocop', '~> 0.72.0'
	34	s.add_development_dependency 'rubocop', '~> 0.74.0'
35	35	s.add_development_dependency 'rubocop-performance', '~> 1.4.0'
36	36	s.add_development_dependency 'simplecov', '~> 0.16.1'
37	37	s.add_development_dependency 'webmock', '~> 3.6.0'

+1

-0

lib/cms_scanner/browser/options.rb less more

+1

-1

lib/cms_scanner/browser.rb less more

47	47	# @return [ Hash ]
48	48	def default_request_params
49	49	params = {
50		headers: { 'User-Agent' => user_agent }.merge(headers \|\| {}),
	50	headers: { 'User-Agent' => user_agent, 'Referer' => url }.merge(headers \|\| {}),
51	51	accept_encoding: 'gzip, deflate',
52	52	method: :get
53	53	}

+2

-0

lib/cms_scanner/cache/typhoeus.rb less more

15	15	# @param [ Typhoeus::Request ] request
16	16	# @param [ Typhoeus::Response ] response
17	17	def set(request, response)
	18	return if response.timed_out? \|\| response.code&.zero?
	19
18	20	write_entry(request.hash.to_s, response, request.cache_ttl)
19	21	end
20	22	end

+1

-1

lib/cms_scanner/formatter.rb less more

116	116	tpl = "#{controller_name}/#{tpl}"
117	117	end
118	118
119		raise "Wrong tpl format: '#{tpl}'" unless tpl =~ %r{\A[\w/_]+\z}
	119	raise "Wrong tpl format: '#{tpl}'" unless %r{\A[\w/_]+\z}.match?(tpl)
120	120
121	121	views_directories.reverse_each do \|dir\|
122	122	formats.each do \|format\|

+1

-1

lib/cms_scanner/target/server/generic.rb less more

58	58	NS::Browser.get(url(path), params).html.css(selector).each do \|node\|
59	59	entry = node.text.to_s
60	60
61		next if entry =~ ignore
	61	next if entry&.match?(ignore)
62	62
63	63	found << entry
64	64	end

+1

-1

lib/cms_scanner/version.rb less more

+3

-2

spec/lib/browser_spec.rb less more

7	7	let(:options) { {} }
8	8	let(:default) do
9	9	{
10		headers: { 'User-Agent' => "CMSScanner v#{CMSScanner::VERSION}" },
	10	headers: { 'User-Agent' => "CMSScanner v#{CMSScanner::VERSION}", 'Referer' => nil },
11	11	accept_encoding: 'gzip, deflate',
12	12	method: :get
13	13	}

25	25	context 'when some attributes are set' do
26	26	let(:options) do
27	27	{
	28	url: 'http://wp.lo/',
28	29	cache_ttl: 200, connect_timeout: 10,
29	30	http_auth: { username: 'log', password: 'pwd' },
30	31	cookie_jar: '/tmp/cookie_jar.txt',

41	42	userpwd: 'log:pwd', proxyuserpwd: 'u:pwd',
42	43	cookiejar: options[:cookie_jar], cookiefile: options[:cookie_jar],
43	44	ssl_verifypeer: false, ssl_verifyhost: 0
44		).merge(headers: default[:headers].merge('Host' => 'testing', 'Test' => 'aa'))
	45	).merge(headers: default[:headers].merge('Host' => 'testing', 'Test' => 'aa', 'Referer' => 'http://wp.lo/'))
45	46	end
46	47
47	48	its(:default_request_params) { should eq expected }

+26

-4

spec/lib/cache/typhoeus_spec.rb less more

16	16	end
17	17
18	18	describe '#set' do
19		let(:response) { Typhoeus::Response.new }
	19	context 'when response did not time out' do
	20	let(:response) { Typhoeus::Response.new(return_code: :ok, code: 200) }
20	21
21		it 'calls #write_entry' do
22		expect(cache).to receive(:write_entry).with(key, response, request.cache_ttl)
	22	it 'calls #write_entry' do
	23	expect(cache).to receive(:write_entry).with(key, response, request.cache_ttl)
23	24
24		cache.set(request, response)
	25	cache.set(request, response)
	26	end
	27	end
	28
	29	context 'when response timed out' do
	30	let(:response) { Typhoeus::Response.new(return_code: :operation_timedout) }
	31
	32	it 'does not write the entry' do
	33	expect(cache).to_not receive(:write_entry)
	34
	35	cache.set(request, response)
	36	end
	37	end
	38
	39	context 'when response code is 0' do
	40	let(:response) { Typhoeus::Response.new(code: 0) }
	41
	42	it 'does not write the entry' do
	43	expect(cache).to_not receive(:write_entry)
	44
	45	cache.set(request, response)
	46	end
25	47	end
26	48	end
27	49	end