Class: CMSScanner::Controller::Core

Inherits:
Base
  • Object
show all
Defined in:
app/controllers/core.rb,
app/controllers/core/cli_options.rb

Overview

CLI Options for the Core Controller

Instance Method Summary collapse

Methods inherited from Base

#==, #datastore, #formatter, #output, #parsed_options, parsed_options=, #render, #target, #user_interaction?

Instance Method Details

#after_scanObject 



40
41
42
43
44
45
46
47
 
# File 'app/controllers/core.rb', line 40

def after_scan
  @stop_time     = Time.now
  @elapsed       = @stop_time - @start_time
  @used_memory   = memory_usage - @start_memory
  @requests_done = CMSScanner.total_requests

  output('finished')
end

#before_scan(output_banner = true) ⇒ Object 



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'app/controllers/core.rb', line 16

def before_scan(output_banner = true)
  output('banner') if output_banner

  setup_cache

  fail "The url supplied '#{target.url}' seems to be down" unless target.online?

  fail AccessForbiddenError if target.access_forbidden?
  fail HTTPAuthRequiredError if target.http_auth?
  fail ProxyAuthRequiredError if target.proxy_auth?

  # TODO: ask if the redirection should be followed
  # if user_interaction? is allowed (if followed, the Cache#storage_path should be updated)
  redirection = target.redirection
  fail "The url supplied redirects to #{redirection}" if redirection
end

#cli_browser_cache_optionsArray<OptParseValidator::OptBase>

Returns:

  • (Array<OptParseValidator::OptBase>) 


64
65
66
67
68
69
70
71
72
73
 
# File 'app/controllers/core/cli_options.rb', line 64

def cli_browser_cache_options
  [
    OptInteger.new(['--cache-ttl TIME_TO_LIVE'], default: 600),
    OptBoolean.new(['--clear-cache', 'Clear the cache before the scan']),
    OptDirectoryPath.new(['--cache-dir PATH'],
                         readable: true,
                         writable: true,
                         default: '/tmp/cms_scanner/cache/')
  ]
end

#cli_browser_cookies_optionsArray<OptParseValidator::OptBase>

Returns:

  • (Array<OptParseValidator::OptBase>) 


51
52
53
54
55
56
57
58
59
60
61
 
# File 'app/controllers/core/cli_options.rb', line 51

def cli_browser_cookies_options
  [
    OptString.new(['--cookie-string COOKIE',
                   'Cookie string to use in requests, ' \
                   'format: cookie1=value1[; cookie2=value2]']),
    OptFilePath.new(['--cookie-jar FILE-PATH', 'File to read and write cookies'],
                    writable: true,
                    exists: false,
                    default: '/tmp/cms_scanner/cookie_jar.txt')
  ]
end

#cli_browser_optionsArray<OptParseValidator::OptBase>

Returns:

  • (Array<OptParseValidator::OptBase>) 


25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'app/controllers/core/cli_options.rb', line 25

def cli_browser_options
  [
    OptString.new(['--user-agent VALUE', '--ua']),
    OptBoolean.new(['--random-user-agent', '--rua',
                    'Use a random user-agent for each scan']),
    OptFilePath.new(['--user-agents-list FILE-PATH',
                     'List of agents to use with --random-user-agent'], exists: true),
    OptCredentials.new(['--http-auth login:password']),
    OptPositiveInteger.new(['--max-threads VALUE', '-t', 'The max threads to use'],
                           default: 5),
    OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds']),
    OptPositiveInteger.new(['--connect-timeout SECONDS',
                            'The connection timeout in seconds'])
  ] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
end

#cli_browser_proxy_optionsArray<OptParseValidator::OptBase>

Returns:

  • (Array<OptParseValidator::OptBase>) 


42
43
44
45
46
47
48
 
# File 'app/controllers/core/cli_options.rb', line 42

def cli_browser_proxy_options
  [
    OptProxy.new(['--proxy protocol://IP:port',
                  'Supported protocols depend on the cURL installed']),
    OptCredentials.new(['--proxy-auth login:password'])
  ]
end

#cli_optionsObject 



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
# File 'app/controllers/core/cli_options.rb', line 5

def cli_options
  formats = NS::Formatter.availables

  [
    OptURL.new(['-u', '--url URL'], required: true, default_protocol: 'http'),
    OptBoolean.new(%w(-v --verbose)),
    OptFilePath.new(['-o', '--output FILE', 'Output to FILE'], writable: true, exists: false),
    OptChoice.new(['-f', '--format FORMAT',
                   "Available formats: #{formats.join(', ')}"], choices: formats),
    OptChoice.new(['--detection-mode MODE', 'Modes: mixed (default), passive, aggressive'],
                  choices: %w(mixed passive aggressive),
                  normalize: :to_sym,
                  default: :mixed),
    OptArray.new(['--scope DOMAINS',
                  'Coma separated (sub-)domains to consider in scope. ' \
                  'Wildcard(s) allowed in the trd of valid domains, e.g: *.target.tld'])
  ] + cli_browser_options
end

#runObject 



33
34
35
36
37
38
 
# File 'app/controllers/core.rb', line 33

def run
  @start_time   = Time.now
  @start_memory = memory_usage

  output('started', url: target.url)
end

#setup_cacheObject 



7
8
9
10
11
12
13
14
 
# File 'app/controllers/core.rb', line 7

def setup_cache
  return unless parsed_options[:cache_dir]

  storage_path = File.join(parsed_options[:cache_dir], Digest::MD5.hexdigest(target.url))

  Typhoeus::Config.cache = Cache::Typhoeus.new(storage_path)
  Typhoeus::Config.cache.clean if parsed_options[:clear_cache]
end