CMSScanner icon indicating copy to clipboard operation
CMSScanner copied to clipboard
verified publisher icon wpscanteam

Add support for SAML authentication

Open jwidavid opened this issue 1 year ago • 2 comments

This PR will serve as the base for several other PR's. As they get reviewed and approved, I will merge them into this one once the feature is a functioning MVP.

  • [x] Update gem to identify the SAML redirect
  • [x] Update gem to add SAML flag to follow the redirect and open the browser (or submit via headless browser)
  • [x] Update gem to accept and handle session and cookies
  • [x] Clean up and complete authentication and scan

Testing Instructions

These specific instructions are dependent on being able to build and run the WPScan CLI Scanner locally (rather than through docker). See: https://github.com/wpscanteam/wpscan

Update wpscan/Gemfile to add: gem 'cms_scanner', path: '/absolute-path-to-the-scanner/CMSScanner'

You may also need to comment the following line from the wpscan.gemspec: s.add_dependency 'cms_scanner', '~> 0.13.9'

  • Run the scanner using the new --expect-saml flag
  • To test against a server with SAML authentication you can use http://3.135.88.75/

jwidavid avatar May 25 '24 18:05 jwidavid

Coverage Status

coverage: 98.84% (-1.1%) from 99.925% when pulling 9275a622cf1550621a2d48bdce093d763c1b0c15 on add/saml-authentication into e4f555a0fbc6d2f3c0550e02ac2e0c9c7afac5d4 on master.

coveralls avatar May 26 '24 03:05 coveralls

Can't really approve it since it's a draft state, but LGTM, we can probably go forward with the other ones and then merge them into this branch.

miguelxpn avatar May 26 '24 21:05 miguelxpn