lib/scanner/generic.rb in yawast-0.5.0.beta2 vs lib/scanner/generic.rb in yawast-0.5.0.beta3
- old
+ new
@@ -1,118 +1,12 @@
require 'ipaddr_extensions'
require 'json'
+require 'public_suffix'
module Yawast
module Scanner
class Generic
- def self.server_info(uri, options)
- begin
- puts 'DNS Information:'
-
- dns = Resolv::DNS.new
- Resolv::DNS.open do |resv|
- a = resv.getresources(uri.host, Resolv::DNS::Resource::IN::A)
- unless a.empty?
- a.each do |ip|
- begin
- host_name = dns.getname(ip.address)
- rescue
- host_name = 'N/A'
- end
-
- Yawast::Utilities.puts_info "\t\t#{ip.address} (#{host_name})"
-
- # if address is private, force internal SSL mode, don't show links
- if IPAddr.new(ip.address.to_s, Socket::AF_INET).private?
- options.internalssl = true
- else
- #show network info
- get_network_info ip
- get_network_location_info ip
-
- puts "\t\t\thttps://www.shodan.io/host/#{ip.address}"
- puts "\t\t\thttps://censys.io/ipv4/#{ip.address}"
- end
- end
- end
-
- aaaa = resv.getresources(uri.host, Resolv::DNS::Resource::IN::AAAA)
- unless aaaa.empty?
- aaaa.each do |ip|
- begin
- host_name = dns.getname(ip.address)
- rescue
- host_name = 'N/A'
- end
-
- Yawast::Utilities.puts_info "\t\t#{ip.address} (#{host_name})"
-
- # if address is private, force internal SSL mode, don't show links
- if IPAddr.new(ip.address.to_s, Socket::AF_INET6).private?
- options.internalssl = true
- else
- #show network info
- get_network_info ip
- get_network_location_info ip
-
- puts "\t\t\thttps://www.shodan.io/host/#{ip.address.to_s.downcase}"
- end
- end
- end
-
- txt = resv.getresources(uri.host, Resolv::DNS::Resource::IN::TXT)
- unless txt.empty?
- txt.each do |rec|
- Yawast::Utilities.puts_info "\t\tTXT: #{rec.data}"
- end
- end
-
- mx = resv.getresources(uri.host, Resolv::DNS::Resource::IN::MX)
- unless mx.empty?
- mx.each do |rec|
- Yawast::Utilities.puts_info "\t\tMX: #{rec.exchange} (#{rec.preference})"
- end
- end
-
- ns = resv.getresources(uri.host, Resolv::DNS::Resource::IN::NS)
- unless ns.empty?
- ns.each do |rec|
- Yawast::Utilities.puts_info "\t\tNS: #{rec.name}"
- end
- end
- end
-
- puts
- rescue => e
- Yawast::Utilities.puts_error "Error getting basic information: #{e.message}"
- raise
- end
- end
-
- def self.get_network_info(ip)
- begin
- network_info = JSON.parse(Net::HTTP.get(URI("https://api.iptoasn.com/v1/as/ip/#{ip.address}")))
-
- Yawast::Utilities.puts_info "\t\t\t#{network_info['as_country_code']} - #{network_info['as_description']}"
- rescue => e
- Yawast::Utilities.puts_error "Error getting network information: #{e.message}"
- end
- end
-
- def self.get_network_location_info(ip)
- begin
- info = JSON.parse(Net::HTTP.get(URI("https://freegeoip.net/json/#{ip.address}")))
- location = [info['city'], info['region_name'], info['country_code']].reject { |c| c.empty? }.join(', ')
-
- if location != nil && !location.empty?
- Yawast::Utilities.puts_info "\t\t\t#{location}"
- end
- rescue => e
- Yawast::Utilities.puts_error "Error getting location information: #{e.message}"
- end
- end
-
def self.head_info(head, uri)
begin
server = ''
powered_by = ''
cookies = Array.new
@@ -239,9 +133,14 @@
end
#check for HttpOnly cookies
unless elements.include?(' HttpOnly') || elements.include?(' httponly')
Yawast::Utilities.puts_warn "\t\t\tCookie missing HttpOnly flag"
+ end
+
+ #check for SameSite cookies
+ unless elements.include?(' SameSite') || elements.include?(' samesite')
+ Yawast::Utilities.puts_warn "\t\t\tCookie missing SameSite flag"
end
end
puts ''
end