lib/scanner/generic.rb in yawast-0.6.0 vs lib/scanner/generic.rb in yawast-0.7.0.beta1

@@ -22,10 +22,11 @@
           acao = ''
 
           Yawast::Utilities.puts_info 'HEAD:'
           head.each do |k, v|
             Yawast::Utilities.puts_info "\t\t#{k}: #{v}"
+            Yawast::Shared::Output.log_value 'http', 'head', k, v
 
             server = v if k.downcase == 'server'
             powered_by = v if k.downcase == 'x-powered-by'
             pingback = v if k.downcase == 'x-pingback'
             frame_options = v if k.downcase == 'x-frame-options'
@@ -38,11 +39,15 @@
             hpkp = v if k.downcase == 'public-key-pins'
             acao = v if k.downcase == 'access-control-allow-origin'
 
             if k.downcase == 'set-cookie'
               #this chunk of magic manages to properly split cookies, when multiple are sent together
-              v.gsub(/(,([^;,]*=)|,$)/) { "\r\n#{$2}" }.split(/\r\n/).each { |c| cookies.push(c) }
+              v.gsub(/(,([^;,]*=)|,$)/) { "\r\n#{$2}" }.split(/\r\n/).each do |c|
+                cookies.push(c)
+
+                Yawast::Shared::Output.log_append_value 'http', 'head', 'cookies', c
+              end
             end
           end
           puts ''
 
           if server != ''
@@ -161,15 +166,17 @@
           headers = Yawast::Shared::Http.get_headers
           res = req.request(Options.new('/', headers))
 
           if res['Public'] != nil
             Yawast::Utilities.puts_info "Public HTTP Verbs (OPTIONS): #{res['Public']}"
+            Yawast::Shared::Output.log_value 'http', 'options', 'public', res['Public']
 
             puts ''
           end
           if res['Allow'] != nil
             Yawast::Utilities.puts_info "Allow HTTP Verbs (OPTIONS): #{res['Allow']}"
+            Yawast::Shared::Output.log_value 'http', 'options', 'allow', res['Allow']
 
             puts ''
           end
         end
       end
@@ -185,10 +192,13 @@
             Yawast::Utilities.puts_warn 'HTTP TRACE Enabled'
             puts "\t\t\"curl -X TRACE #{uri}\""
 
             puts ''
           end
+
+          Yawast::Shared::Output.log_value 'http', 'trace', 'raw', res.body
+          Yawast::Shared::Output.log_value 'http', 'trace', 'code', res.code
         end
       end
 
       def self.check_propfind(uri)
         begin
@@ -201,9 +211,14 @@
             Yawast::Utilities.puts_warn 'Possible Info Disclosure: PROPFIND Enabled'
             puts "\t\t\"curl -X PROPFIND #{uri}\""
 
             puts ''
           end
+
+          Yawast::Shared::Output.log_value 'http', 'propfind', 'raw', res.body
+          Yawast::Shared::Output.log_value 'http', 'propfind', 'code', res.code
+          Yawast::Shared::Output.log_value 'http', 'propfind', 'content-type', res['Content-Type']
+          Yawast::Shared::Output.log_value 'http', 'propfind', 'length', res.body.length
         end
       end
     end
 
     #Custom class to allow using the PROPFIND verb