Class: CMSScanner::Target
- Includes:
- Server::Generic
- Defined in:
- lib/cms_scanner/target.rb,
lib/cms_scanner/target/scope.rb,
lib/cms_scanner/target/hashes.rb,
lib/cms_scanner/target/server/iis.rb,
lib/cms_scanner/target/platform/php.rb,
lib/cms_scanner/target/server/nginx.rb,
lib/cms_scanner/target/server/apache.rb,
lib/cms_scanner/target/server/generic.rb
Overview
Scope system logic
Defined Under Namespace
Modules: Platform, Server Classes: Scope
Instance Attribute Summary
Attributes inherited from WebSite
Class Method Summary collapse
-
.page_hash(page) ⇒ String
The md5sum of the page.
Instance Method Summary collapse
- #comments_from_page(pattern, page = nil) {|MatchData, Nokogiri::XML::Comment| ... } ⇒ Array<Array<MatchData, Nokogiri::XML::Comment>>
-
#error_404_hash ⇒ String
The hash of a 404.
-
#homepage_hash ⇒ String
The hash of the homepage.
-
#homepage_or_404?(page) ⇒ Boolean
Wether or not the page is a the homepage or a 404 based on its md5sum.
-
#in_scope?(url) ⇒ Boolean
True if the url given is in scope.
-
#in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src)) {|String, Nokogiri::XML::Element| ... } ⇒ Array<String>
The in scope absolute URLs detected in the response’s body.
-
#initialize(url, opts = {}) ⇒ Target
constructor
A new instance of Target.
- #interesting_findings(opts = {}) ⇒ Findings
-
#non_existant_page_url ⇒ String
The URL of an unlikely existant page.
- #scope ⇒ Array<PublicSuffix::Domain, String>
Methods included from Server::Generic
#directory_listing?, #directory_listing_entries, #headers, #server
Methods inherited from WebSite
#access_forbidden?, #http_auth?, #online?, #proxy_auth?, #redirection, #url, #url=
Constructor Details
#initialize(url, opts = {}) ⇒ Target
Returns a new instance of Target.
15 16 17 18 19 20 |
# File 'lib/cms_scanner/target.rb', line 15 def initialize(url, opts = {}) super(url, opts) scope << uri.host [*opts[:scope]].each { |s| scope << s } end |
Class Method Details
.page_hash(page) ⇒ String
Comments are deleted to avoid cache generation details
Returns The md5sum of the page.
9 10 11 12 13 |
# File 'lib/cms_scanner/target/hashes.rb', line 9 def self.page_hash(page) page = NS::Browser.get(page, followlocation: true) unless page.is_a?(Typhoeus::Response) Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, '')) end |
Instance Method Details
#comments_from_page(pattern, page = nil) {|MatchData, Nokogiri::XML::Comment| ... } ⇒ Array<Array<MatchData, Nokogiri::XML::Comment>>
34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/cms_scanner/target.rb', line 34 def comments_from_page(pattern, page = nil) page = NS::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response) matches = [] page.html.xpath('//comment()').each do |node| next unless node.text.strip =~ pattern yield Regexp.last_match, node if block_given? matches << [Regexp.last_match, node] end matches end |
#error_404_hash ⇒ String
This is used to detect potential custom 404 responding with a 200
Returns The hash of a 404.
22 23 24 |
# File 'lib/cms_scanner/target/hashes.rb', line 22 def error_404_hash @error_404_hash ||= self.class.page_hash(non_existant_page_url) end |
#homepage_hash ⇒ String
Returns The hash of the homepage.
16 17 18 |
# File 'lib/cms_scanner/target/hashes.rb', line 16 def homepage_hash @homepage_hash ||= self.class.page_hash(url) end |
#homepage_or_404?(page) ⇒ Boolean
Returns Wether or not the page is a the homepage or a 404 based on its md5sum.
33 34 35 36 37 |
# File 'lib/cms_scanner/target/hashes.rb', line 33 def homepage_or_404?(page) md5sum = self.class.page_hash(page) md5sum == homepage_hash || md5sum == error_404_hash end |
#in_scope?(url) ⇒ Boolean
Returns true if the url given is in scope.
12 13 14 15 16 |
# File 'lib/cms_scanner/target/scope.rb', line 12 def in_scope?(url) scope.include?(Addressable::URI.parse(url.strip).host) rescue false end |
#in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src)) {|String, Nokogiri::XML::Element| ... } ⇒ Array<String>
Returns The in scope absolute URLs detected in the response’s body.
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# File 'lib/cms_scanner/target/scope.rb', line 25 def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src)) found = [] res.html.xpath(xpath).each do |tag| attributes.each do |attribute| attr_value = tag[attribute] next unless attr_value && !attr_value.empty? url = uri.join(attr_value.strip).to_s next unless in_scope?(url) yield url, tag if block_given? && !found.include?(url) found << url end end found.uniq end |
#interesting_findings(opts = {}) ⇒ Findings
25 26 27 |
# File 'lib/cms_scanner/target.rb', line 25 def interesting_findings(opts = {}) @interesting_findings ||= NS::Finders::InterestingFindings::Base.find(self, opts) end |
#non_existant_page_url ⇒ String
Returns The URL of an unlikely existant page.
27 28 29 |
# File 'lib/cms_scanner/target/hashes.rb', line 27 def non_existant_page_url uri.join(Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html').to_s end |
#scope ⇒ Array<PublicSuffix::Domain, String>
5 6 7 |
# File 'lib/cms_scanner/target/scope.rb', line 5 def scope @scope ||= Scope.new end |