Codebase list ruby-cms-scanner / b3dcff7
New upstream version 0.0.41.0 Sophie Brun 5 years ago
6 changed file(s) with 31 addition(s) and 15 deletion(s). Raw diff Collapse all Expand all
+6
-3
lib/cms_scanner/exit_code.rb less more
99 # Interrupt received
1010 INTERRUPTED = 2
1111
12 # Exceptions
13 ERROR = 3
12 # Unhandled/unexpected Exception occured
13 EXCEPTION = 3
14
15 # Error, scan did not finish
16 ERROR = 4
1417
1518 # The target has at least one vulnerability.
1619 # Currently, the interesting findings do not count as vulnerable things
17 VULNERABLE = 4
20 VULNERABLE = 5
1821 end
1922 end
+11
-5
lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb less more
1414 # rubocop:disable all
1515 def attack(users, passwords, opts = {})
1616 create_progress_bar(total: users.size * passwords.size, show_progression: opts[:show_progression])
17 queue_count = 0
1817
19 passwords.each_with_index do |password, password_index|
18 queue_count = 0
19 # Keep the number of requests sent for each users
20 # to be able to correctly update the progress when a password is found
21 user_requests_count = {}
22
23 users.each { |u| user_requests_count[u.username] = 0 }
24
25 passwords.each do |password|
2026 remaining_users = users.select { |u| u.password.nil? }
2127
2228 break if remaining_users.empty?
2329
2430 remaining_users.each do |user|
2531 request = login_request(user.username, password)
32
33 user_requests_count[user.username] += 1
2634
2735 request.on_complete do |res|
2836 progress_bar.title = "Trying #{user.username} / #{password}"
3341
3442 yield user
3543
36 offset = progress_bar.total - progress_bar.progress < hydra.max_concurrency ? 2 : 1
37
38 progress_bar.total -= passwords.size - password_index - offset
44 progress_bar.total -= passwords.size - user_requests_count[user.username]
3945 elsif errored_response?(res)
4046 output_error(res)
4147 end
+0
-1
lib/cms_scanner/helper.rb less more
11 def redirect_output_to_file(file)
22 $stdout.reopen(file, 'w')
33 $stdout.sync = true
4 $stderr.reopen($stdout) # Not sure if this is needed
54 end
65
76 # @return [ Integer ] The memory of the current process in Bytes
+1
-1
lib/cms_scanner/version.rb less more
00 # Version
11 module CMSScanner
2 VERSION = '0.0.40.3'.freeze
2 VERSION = '0.0.41.0'.freeze
33 end
+5
-2
lib/cms_scanner.rb less more
144144 formatter.output('@scan_aborted',
145145 reason: e.is_a?(Interrupt) ? 'Canceled by User' : e.message,
146146 trace: e.backtrace,
147 verbose: controllers.first.parsed_options[:verbose])
147 verbose: controllers.first.parsed_options[:verbose] ||
148 run_error_exit_code == NS::ExitCode::EXCEPTION)
148149 ensure
149150 Browser.instance.hydra.abort
150151
183184
184185 return NS::ExitCode::INTERRUPTED if run_error.is_a?(Interrupt)
185186
186 NS::ExitCode::ERROR
187 return NS::ExitCode::ERROR if run_error.is_a?(NS::Error)
188
189 NS::ExitCode::EXCEPTION
187190 end
188191 end
189192 end
+8
-3
spec/lib/cms_scanner_spec.rb less more
9797 .and_raise(Interrupt)
9898
9999 expect(scanner.formatter).to receive(:output)
100 .with('@scan_aborted', hash_including(reason: 'Canceled by User', trace: anything, verbose: nil))
100 .with('@scan_aborted', hash_including(reason: 'Canceled by User', trace: anything, verbose: false))
101101 end
102102 end
103103
104 [RuntimeError.new('error spotted'), SignalException.new('SIGTERM')].each do |error|
104 [RuntimeError.new('error spotted'),
105 CMSScanner::Error.new('aa'),
106 SignalException.new('SIGTERM'),
107 Interrupt.new('Canceled by User')].each do |error|
105108 context "when an/a #{error.class} is raised during the scan" do
106109 let(:run_error) { error }
107110
113116 .and_raise(run_error.class, run_error.message)
114117
115118 expect(scanner.formatter).to receive(:output)
116 .with('@scan_aborted', hash_including(reason: run_error.message, trace: anything, verbose: nil))
119 .with('@scan_aborted', hash_including(reason: run_error.message,
120 trace: anything,
121 verbose: [RuntimeError, SignalException].include?(error.class)))
117122 end
118123 end
119124 end