Module: CMSScanner::Target::Server::Generic

Included in:

CMSScanner::Target

Defined in:

lib/cms_scanner/target/server/generic.rb

Overview

Generic Server methods

Instance Method Summary

• #directory_listing?(path = nil, params = {}) ⇒ Boolean

  True if url(path) has the directory listing enabled, false otherwise.

• #directory_listing_entries(path = nil, params = {}, selector = 'pre a', ignore = /parent directory/i) ⇒ Array<String>

  The first level of directories/files listed, or an empty array if none.

• #headers(path = nil, params = {}) ⇒ Hash

  The headers.

• #server(path = nil, params = {}) ⇒ Symbol

  The detected remote server (:Apache, :IIS, :Nginx).

Instance Method Details

#directory_listing?(path = nil, params = {}) ⇒ Boolean

Returns true if url(path) has the directory listing enabled, false otherwise.

Parameters:

• path (String) (defaults to: nil)
• params (Hash) (defaults to: {}) —

  The request params

Returns:

• (Boolean) —

  true if url(path) has the directory listing enabled, false otherwise

# File 'lib/cms_scanner/target/server/generic.rb', line 41

def directory_listing?(path = nil, params = {})
  res = NS::Browser.get(url(path), params)

  res.code == 200 && res.body.include?('<h1>Index of')
end

#directory_listing_entries(path = nil, params = {}, selector = 'pre a', ignore = /parent directory/i) ⇒ Array<String>

Returns The first level of directories/files listed, or an empty array if none.

Parameters:

• path (String) (defaults to: nil)
• params (Hash) (defaults to: {}) —

  The request params

• selector (String) (defaults to: 'pre a')
• ignore (Regexp) (defaults to: /parent directory/i)

Returns:

• (Array<String>) —

  The first level of directories/files listed, or an empty array if none

# File 'lib/cms_scanner/target/server/generic.rb', line 54

def directory_listing_entries(path = nil, params = {}, selector = 'pre a', ignore = /parent directory/i)
  return [] unless directory_listing?(path, params)

  found = []

  NS::Browser.get(url(path), params).html.css(selector).each do |node|
    entry = node.text.to_s

    next if entry&.match?(ignore)

    found << entry
  end

  found
end

#headers(path = nil, params = {}) ⇒ Hash

Returns The headers.

Parameters:

• path (String) (defaults to: nil)
• params (Hash) (defaults to: {}) —

  The request params

Returns:

• (Hash) —

  The headers

# File 'lib/cms_scanner/target/server/generic.rb', line 31

def headers(path = nil, params = {})
  # The HEAD method might be rejected by some servers ... maybe switch to GET ?
  NS::Browser.head(url(path), params).headers
end

#server(path = nil, params = {}) ⇒ Symbol

Returns The detected remote server (:Apache, :IIS, :Nginx).

Parameters:

• path (String) (defaults to: nil)
• params (Hash) (defaults to: {}) —

  The request params

Returns:

• (Symbol) —

  The detected remote server (:Apache, :IIS, :Nginx)

# File 'lib/cms_scanner/target/server/generic.rb', line 12

def server(path = nil, params = {})
  headers = headers(path, params)

  return unless headers

  case headers[:server]
  when /\Aapache/i
    :Apache
  when /\AMicrosoft-IIS/i
    :IIS
  when /\Anginx/
    :Nginx
  end
end