Codebase list ruby-cms-scanner / upstream/0.0.41.3
New upstream version 0.0.41.3 Sophie Brun 5 years ago
65 changed file(s) with 123 addition(s) and 158 deletion(s). Raw diff Collapse all Expand all
+1
-0
.rspec less more
00 --color
11 --fail-fast
2 --require spec_helper
+5
-0
.simplecov less more
0 SimpleCov.start do
1 add_filter '/example/'
2 add_filter '/spec/'
3 add_filter 'helper'
4 end
+2
-1
.travis.yml less more
1919 - 2.5.1
2020 - 2.5.2
2121 - 2.5.3
22 - 2.6.0
2223 - ruby-head
2324 before_install:
2425 - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
25 - "gem update --system"
26 - gem update --system
2627 matrix:
2728 allow_failures:
2829 - rvm: ruby-head
+0
-1
README.md less more
33 [![Build Status](https://img.shields.io/travis/wpscanteam/CMSScanner.svg)](https://travis-ci.org/wpscanteam/CMSScanner)
44 [![Coverage Status](https://img.shields.io/coveralls/wpscanteam/CMSScanner.svg)](https://coveralls.io/r/wpscanteam/CMSScanner)
55 [![Code Climate](https://api.codeclimate.com/v1/badges/b90b7f9f6982792ef8d6/maintainability)](https://codeclimate.com/github/wpscanteam/CMSScanner/maintainability)
6 [![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/CMSScanner.svg)](https://gemnasium.com/wpscanteam/CMSScanner)
76
87 The goal of this gem is to provide a quick and easy way to create a CMS/WebSite Scanner by acting like a Framework and providing classes, formatters etc.
98
+4
-1
app/controllers/core/cli_options.rb less more
3030 OptBoolean.new(['--ignore-main-redirect', 'Ignore the main redirect (if any) and scan the target url'],
3131 advanced: true),
3232 OptBoolean.new(['-v', '--verbose', 'Verbose mode']),
33 OptBoolean.new(['--[no-]banner', 'Whether or not to display the banner'], default: true)
33 OptBoolean.new(['--[no-]banner', 'Whether or not to display the banner'], default: true),
34 OptPositiveInteger.new(['--max-scan-duration SECONDS',
35 'Abort the scan if it exceeds the time provided in seconds'],
36 advanced: true)
3437 ]
3538 end
3639
+4
-9
cms_scanner.gemspec less more
1818 s.test_files = []
1919 s.require_paths = ['lib']
2020
21 s.add_dependency 'nokogiri', '~> 1.8.0'
22 s.add_dependency 'opt_parse_validator', '~> 0.0.16.5'
21 s.add_dependency 'nokogiri', '~> 1.10.0'
22 s.add_dependency 'opt_parse_validator', '~> 0.0.16.6'
2323 s.add_dependency 'public_suffix', '~> 3.0.0'
2424 s.add_dependency 'ruby-progressbar', '~> 1.10.0'
2525 s.add_dependency 'typhoeus', '~> 1.3.0'
2626 s.add_dependency 'xmlrpc', '~> 0.3'
2727 s.add_dependency 'yajl-ruby', '~> 1.4.1' # Better JSON parser regarding memory usage
2828
29 # Already required by opt_parse_validator
30 # so version restriction loosen to avoid potential future conflicts
31 s.add_dependency 'activesupport', '~> 5.1'
32 s.add_dependency 'addressable', '~> 2.5'
33
34 s.add_development_dependency 'bundler', '~> 1.6'
29 s.add_development_dependency 'bundler', '>= 1.6'
3530 s.add_development_dependency 'coveralls', '~> 0.8.0'
3631 s.add_development_dependency 'rake', '~> 12.3'
3732 s.add_development_dependency 'rspec', '~> 3.8.0'
3833 s.add_development_dependency 'rspec-its', '~> 1.2.0'
39 s.add_development_dependency 'rubocop', '~> 0.61.1'
34 s.add_development_dependency 'rubocop', '~> 0.62.0'
4035 s.add_development_dependency 'simplecov', '~> 0.16.1'
4136 s.add_development_dependency 'webmock', '~> 3.5.1'
4237 end
+1
-0
example/.rspec less more
00 --color
11 --fail-fast
2 --require spec_helper
+4
-0
example/.simplecov less more
0 SimpleCov.start do
1 add_filter '/spec/'
2 add_filter 'helper'
3 end
+15
-3
example/.travis.yml less more
66 - 2.3.2
77 - 2.3.3
88 - 2.3.4
9 - 2.4.0
9 - 2.3.5
10 - 2.3.6
11 - 2.3.7
12 - 2.3.8
1013 - 2.4.1
14 - 2.4.2
15 - 2.4.3
16 - 2.4.4
17 - 2.4.5
18 - 2.5.0
19 - 2.5.1
20 - 2.5.2
21 - 2.5.3
22 - 2.6.0
1123 - ruby-head
1224 before_install:
1325 - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
14 - "gem update --system"
26 - gem update --system
1527 matrix:
1628 allow_failures:
1729 - rvm: ruby-head
1830 script:
31 - bundle exec rubocop
1932 - bundle exec rspec
20 - bundle exec rubocop
+12
-29
example/cmsscan.gemspec less more
0 # coding: utf-8
1
20 lib = File.expand_path('../lib', __FILE__)
31 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
42
86 s.name = 'cmsscan'
97 s.version = CMSScan::VERSION
108 s.platform = Gem::Platform::RUBY
11 s.required_ruby_version = '>= 2.1.0'
9 s.required_ruby_version = '>= 2.3'
1210 s.authors = ['WPScanTeam']
1311 s.date = Time.now.utc.strftime('%Y-%m-%d')
1412 s.email = ['[email protected]']
1715 s.homepage = 'https://github.com/wpscanteam/CMSScanner'
1816 s.license = 'MIT'
1917
20 s.files = `git ls-files -z`.split("\x0").reject do |file|
21 file =~ %r{^(?:
22 spec\/.*
23 |Gemfile
24 |Rakefile
25 |\.rspec
26 |\.gitignore
27 |\.rubocop.yml
28 |\.travis.yml
29 )$}x
30 end
18 s.files = Dir.glob('lib/**/*') + Dir.glob('app/**/*')
19 s.test_files = []
20 s.executables = ['cmsscan']
21 s.require_paths = ['lib']
3122
32 s.test_files = []
33 s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
34 s.require_path = 'lib'
23 s.add_dependency 'cms_scanner', '~> 0.0.41.1'
3524
36 s.add_dependency 'cms_scanner', '~> 0.0.39.0'
37
38 # Already required by CMSScanner, so version restrictions loosen
39 s.add_dependency 'activesupport', '~> 5.1'
40 s.add_dependency 'yajl-ruby', '~> 1.3'
41
42 s.add_development_dependency 'bundler', '~> 1.6'
25 s.add_development_dependency 'bundler', '>= 1.6'
4326 s.add_development_dependency 'coveralls', '~> 0.8.0'
44 s.add_development_dependency 'rake', '~> 12.0'
45 s.add_development_dependency 'rspec', '~> 3.7.0'
27 s.add_development_dependency 'rake', '~> 12.3'
28 s.add_development_dependency 'rspec', '~> 3.8.0'
4629 s.add_development_dependency 'rspec-its', '~> 1.2.0'
47 s.add_development_dependency 'rubocop', '~> 0.52.0'
48 s.add_development_dependency 'simplecov', '~> 0.14.0' # Can't update to 0.15 as it breaks coveralls dep
49 s.add_development_dependency 'webmock', '~> 3.3.0'
30 s.add_development_dependency 'rubocop', '~> 0.62.0'
31 s.add_development_dependency 'simplecov', '~> 0.16.1'
32 s.add_development_dependency 'webmock', '~> 3.5.1'
5033 end
+19
-0
example/spec/spec_helper.rb less more
0 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
1
2 require 'simplecov'
3 require 'rspec/its'
4 require 'webmock/rspec'
5
6 require 'cmsscan'
7
8 if ENV['TRAVIS']
9 require 'coveralls'
10 SimpleCov.formatter = Coveralls::SimpleCov::Formatter
11 end
12
13 # See http://betterspecs.org/
14 RSpec.configure do |config|
15 config.expect_with :rspec do |c|
16 c.syntax = :expect
17 end
18 end
+7
-5
lib/cms_scanner/controllers.rb less more
3838
3939 redirect_output_to_file(parsed_options[:output]) if parsed_options[:output]
4040
41 each(&:before_scan)
42 each(&:run)
43 # Reverse is used here as the app/controllers/core#after_scan finishes the output
44 # and must be the last one to be executed
45 reverse_each(&:after_scan)
41 Timeout.timeout(parsed_options[:max_scan_duration], NS::MaxScanDurationReachedError) do
42 each(&:before_scan)
43 each(&:run)
44 # Reverse is used here as the app/controllers/core#after_scan finishes the output
45 # and must be the last one to be executed
46 reverse_each(&:after_scan)
47 end
4648 end
4749 end
4850 end
+10
-0
lib/cms_scanner/errors/scan.rb less more
0 module CMSScanner
1 # Used instead of the Timeout::Error
2 class MaxScanDurationReachedError < Error
3 # :nocov:
4 def to_s
5 'Max Scan Duration Reached'
6 end
7 # :nocov:
8 end
9 end
+1
-1
lib/cms_scanner/version.rb less more
00 # Version
11 module CMSScanner
2 VERSION = '0.0.41.1'.freeze
2 VERSION = '0.0.41.3'.freeze
33 end
+3
-1
lib/cms_scanner.rb less more
1212 require 'uri'
1313 require 'fileutils'
1414 require 'pathname'
15 require 'timeout'
1516 require 'xmlrpc/client'
1617 # Monkey Patches
1718 require 'cms_scanner/typhoeus/response' # Adds a Response#html using Nokogiri to parse the body
2324 require 'cms_scanner/helper'
2425 require 'cms_scanner/exit_code'
2526 require 'cms_scanner/errors/http'
27 require 'cms_scanner/errors/scan'
2628 require 'cms_scanner/cache/typhoeus'
2729 require 'cms_scanner/target'
2830 require 'cms_scanner/browser'
184186
185187 return NS::ExitCode::INTERRUPTED if run_error.is_a?(Interrupt)
186188
187 return NS::ExitCode::ERROR if run_error.is_a?(NS::Error)
189 return NS::ExitCode::ERROR if run_error.is_a?(NS::Error) || run_error.is_a?(CMSScanner::Error)
188190
189191 NS::ExitCode::EXCEPTION
190192 end
+2
-4
spec/app/controllers/core_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Controller::Core do
31 subject(:core) { described_class.new }
42 let(:target_url) { 'http://example.com/' }
1917 %i[
2018 banner cache_dir cache_ttl clear_cache connect_timeout cookie_jar cookie_string
2119 detection_mode disable_tls_checks format headers help hh http_auth ignore_main_redirect
22 max_threads output proxy proxy_auth random_user_agent request_timeout scope
23 throttle url user_agent user_agents_list verbose version vhost
20 max_scan_duration max_threads output proxy proxy_auth random_user_agent request_timeout
21 scope throttle url user_agent user_agents_list verbose version vhost
2422 ]
2523 )
2624 end
+0
-2
spec/app/controllers/interesting_findings_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Controller::InterestingFindings do
31 subject(:controller) { described_class.new }
42 let(:target_url) { 'http://example.com/' }
+0
-2
spec/app/finders/interesting_findings/fantastico_fileslist_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::InterestingFindings::FantasticoFileslist do
31 subject(:finder) { described_class.new(target) }
42 let(:target) { CMSScanner::Target.new(url) }
+0
-2
spec/app/finders/interesting_findings/headers_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::InterestingFindings::Headers do
31 subject(:finder) { described_class.new(target) }
42 let(:target) { CMSScanner::Target.new(url) }
+0
-2
spec/app/finders/interesting_findings/robots_txt_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::InterestingFindings::RobotsTxt do
31 subject(:finder) { described_class.new(target) }
42 let(:target) { CMSScanner::Target.new(url) }
+0
-2
spec/app/finders/interesting_findings/search_replace_db_2_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::InterestingFindings::SearchReplaceDB2 do
31 subject(:finder) { described_class.new(target) }
42 let(:target) { CMSScanner::Target.new(url) }
+0
-2
spec/app/finders/interesting_findings/xml_rpc_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::InterestingFindings::XMLRPC do
31 subject(:finder) { described_class.new(target) }
42 let(:target) { CMSScanner::Target.new(url) }
+0
-2
spec/app/finders/interesting_findings_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::InterestingFindings::Base do
31 it_behaves_like CMSScanner::Finders::IndependentFinder do
42 let(:expected_finders) { %w[Headers RobotsTxt FantasticoFileslist SearchReplaceDB2 XMLRPC] }
+0
-2
spec/app/formatters/cli_no_colour_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Formatter::CliNoColour do
31 subject(:formatter) { described_class.new }
42
+0
-2
spec/app/formatters/cli_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Formatter::Cli do
31 subject(:formatter) { described_class.new }
42
+0
-2
spec/app/formatters/json_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Formatter::Json do
31 it_behaves_like CMSScanner::Formatter::Buffer
42
+0
-2
spec/app/models/fantastico_fileslist_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::FantasticoFileslist do
31 subject(:file) { described_class.new(url) }
42 let(:url) { 'http://example.com/robots.txt' }
+0
-2
spec/app/models/headers_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Headers do
31 subject(:file) { described_class.new(url) }
42 let(:url) { 'http://example.com/' }
+0
-2
spec/app/models/interesting_finding_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::InterestingFinding do
31 it_behaves_like CMSScanner::Finders::Finding
42
+0
-2
spec/app/models/robots_txt_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::RobotsTxt do
31 subject(:file) { described_class.new(url) }
42 let(:url) { 'http://example.com/robots.txt' }
+0
-2
spec/app/models/user_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::User do
31 subject(:user) { described_class.new(username, opts) }
42 let(:username) { 'john' }
+0
-2
spec/app/models/version_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Version do
31 it_behaves_like CMSScanner::Finders::Finding
42
+0
-2
spec/app/models/xml_rpc_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::XMLRPC do
31 subject(:xml_rpc) { described_class.new(url) }
42 let(:url) { 'http://example.com/xmlrpc' }
+0
-2
spec/app/views_spec.rb less more
0 require 'spec_helper'
1
20 describe 'App::Views' do
31 let(:target_url) { 'http://e.org/' }
42 let(:fixtures) { SPECS.join('output') }
+0
-2
spec/lib/browser_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Browser do
31 it_behaves_like described_class::Actions
42
+0
-2
spec/lib/cache/file_store_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Cache::FileStore do
31 let(:cache_dir) { CACHE.join('cache_file_store').to_s }
42 subject(:cache) { described_class.new(cache_dir) }
+0
-2
spec/lib/cache/typhoeus_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Cache::Typhoeus do
31 subject(:cache) { described_class.new(cache_dir) }
42
+1
-2
spec/lib/cms_scanner_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner do
31 let(:target_url) { 'http://wp.lab/' }
42
103101
104102 [RuntimeError.new('error spotted'),
105103 CMSScanner::Error.new('aa'),
104 CMSScanner::MaxScanDurationReachedError.new,
106105 SignalException.new('SIGTERM'),
107106 Interrupt.new('Canceled by User')].each do |error|
108107 context "when an/a #{error.class} is raised during the scan" do
+0
-2
spec/lib/controller_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Controller do
31 subject(:controller) { described_class::Base.new }
42
+31
-2
spec/lib/controllers_spec.rb less more
0 require 'spec_helper'
1
20 module CMSScanner
31 module Controller
42 class Spec < Base
3 end
4
5 class SpecTooLong < Spec
6 def run
7 sleep(2)
8 end
59 end
610 end
711 end
4751
4852 controllers.run
4953 end
54
55 context 'when max_scan_duration is provided' do
56 before do
57 expect(controllers.option_parser).to receive(:results)
58 .and_return(max_scan_duration: max_scan_duration)
59
60 controllers << controller_mod::Spec.new << controller_mod::SpecTooLong.new
61 end
62
63 context 'when the scan exceeds the max duration' do
64 let(:max_scan_duration) { 1 }
65
66 it 'raises an exception' do
67 expect { controllers.run }.to raise_error(CMSScanner::MaxScanDurationReachedError)
68 end
69 end
70
71 context 'when the scan does not exceed to max duration' do
72 let(:max_scan_duration) { 4 }
73
74 it 'does not raise an exception' do
75 expect { controllers.run }.to_not raise_error
76 end
77 end
78 end
5079 end
5180
5281 describe '#register_options_files' do
+0
-2
spec/lib/finders/finder/breadth_first_dictionary_attack_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack do
31 # Dummy class to test the module
42 class DummyBreadthFirstDictionaryAttack < CMSScanner::Finders::Finder
+0
-2
spec/lib/finders/finder/enumerator_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::Finder::Enumerator do
31 # Dummy class to test the module
42 class DummyEnumeratorFinder < CMSScanner::Finders::Finder
+0
-2
spec/lib/finders/finder/fingerprinter_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::Finder::Fingerprinter do
31 # Dummy class to test the module
42 class DummyFingerprinterFinder < CMSScanner::Finders::Finder
+0
-2
spec/lib/finders/finder/smart_url_checker_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::Finder::SmartURLChecker do
31 # Dummy class to test the module
42 class DummyFinder < CMSScanner::Finders::Finder
+0
-2
spec/lib/finders/finder_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Finders::Finder do
31 subject(:finder) { described_class.new('target') }
42
+0
-2
spec/lib/finders/same_type_finder_spec.rb less more
0 require 'spec_helper'
1
20 module CMSScanner
31 module Finders
42 # Dummy Class to test the module
+0
-2
spec/lib/finders/unique_finder_spec.rb less more
0 require 'spec_helper'
1
20 module CMSScanner
31 module Finders
42 # Dummy Class to test the module
+0
-2
spec/lib/formatter_spec.rb less more
0 require 'spec_helper'
1
20 module CMSScanner
31 module Formatter
42 module Spec
+0
-2
spec/lib/numeric_spec.rb less more
0 require 'spec_helper'
1
20 describe Numeric do
31 describe '#bytes_to_human' do
42 context 'when positive' do
+0
-2
spec/lib/progressbar_null_output_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::ProgressBarNullOutput do
31 subject(:output) { described_class.new }
42
+0
-2
spec/lib/public_suffix/domain_spec.rb less more
0 require 'spec_helper'
1
20 describe PublicSuffix::Domain do
31 describe '#match' do
42 it 'returns true' do
+0
-2
spec/lib/sub_scanner_spec.rb less more
0 require 'spec_helper'
1
20 describe 'SubScanner' do
31 before :all do
42 # Module including the CMSScanner to test its correct inclusion
+0
-2
spec/lib/target/hashes_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Target do
31 subject(:target) { described_class.new(url) }
42 let(:url) { 'http://e.org' }
+0
-2
spec/lib/target/platforms_spec.rb less more
0 require 'spec_helper'
1
20 [:PHP].each do |platform|
31 describe CMSScanner::Target do
42 subject(:target) do
+0
-2
spec/lib/target/scope_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Target do
31 subject(:target) { described_class.new(url, opts) }
42 let(:url) { 'http://e.org' }
+0
-2
spec/lib/target/servers_spec.rb less more
0 require 'spec_helper'
1
20 %i[Generic Apache IIS Nginx].each do |server|
31 describe CMSScanner::Target do
42 subject(:target) do
+0
-2
spec/lib/target_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Target do
31 subject(:target) { described_class.new(url) }
42 let(:url) { 'http://e.org' }
+0
-2
spec/lib/typhoeus/response_spec.rb less more
0 require 'spec_helper'
1
20 describe Typhoeus::Response do
31 subject(:response) { Typhoeus::Response.new(opts) }
42 let(:opts) { { body: 'hello world' } }
+0
-2
spec/lib/vulnerability_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::Vulnerability do
31 subject(:vuln) { described_class.new(title, references) }
42 let(:title) { 'Test Vuln' }
+0
-2
spec/lib/web_site_spec.rb less more
0 require 'spec_helper'
1
20 describe CMSScanner::WebSite do
31 subject(:web_site) { described_class.new(url, opts) }
42 let(:url) { 'http://e.org' }
+0
-2
spec/shared_examples/target/server/apache.rb less more
0 require 'spec_helper'
1
20 shared_examples CMSScanner::Target::Server::Apache do
31 describe '#server' do
42 its(:server) { should eq :Apache }
+0
-2
spec/shared_examples/target/server/generic.rb less more
0 require 'spec_helper'
1
20 shared_examples CMSScanner::Target::Server::Generic do
31 describe '#server' do
42 before { stub_request(:head, target.url).to_return(headers: parse_headers_file(fixture)) }
+0
-2
spec/shared_examples/target/server/iis.rb less more
0 require 'spec_helper'
1
20 shared_examples CMSScanner::Target::Server::IIS do
31 describe '#server' do
42 its(:server) { should eq :IIS }
+0
-2
spec/shared_examples/target/server/nginx.rb less more
0 require 'spec_helper'
1
20 shared_examples CMSScanner::Target::Server::Nginx do
31 describe '#server' do
42 its(:server) { should eq :Nginx }
+1
-7
spec/spec_helper.rb less more
00 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
11
2 require 'simplecov'
2 require 'simplecov' # Used filters are in /.simplecov
33 require 'rspec/its'
44 require 'webmock/rspec'
55 require 'active_support/time'
77 if ENV['TRAVIS']
88 require 'coveralls'
99 SimpleCov.formatter = Coveralls::SimpleCov::Formatter
10 end
11
12 SimpleCov.start do
13 add_filter '/example/'
14 add_filter '/spec/'
15 add_filter 'helper'
1610 end
1711
1812 # See http://betterspecs.org/