add home history files module

README.fr.md

@@ -14,7 +14,7 @@
 
 ## Fonctionnalités
 
-- [24 outils](https://acceis.github.io/aspisec/#/pages/tools) pris en charge
+- [25 outils / modules](https://acceis.github.io/aspisec/#/pages/tools) pris en charge
 - Modularité : le fichier de configuration complet vous permet d'affiner le comportement de chaque module
 - Extensible : la conception du cadriciel facilite l'ajout d'un nouveau module
 - Correct par défaut : les valeurs par défaut ont été soigneusement choisies pour refléter le comportement le plus attendu et le plus courant.

README.md

@@ -14,7 +14,7 @@
 
 ## Features
 
-- [24 tools](https://acceis.github.io/aspisec/#/pages/tools) supported
+- [25 tools / modules](https://acceis.github.io/aspisec/#/pages/tools) supported
 - Modularity: the comprehensive configuration file let you fine tune the behavior for every module
 - Extensible: the framework design makes it easy to add a new module
 - Nice by default: default values have been carefully chosen to reflect the most expected and common behavior

docs/CHANGELOG.md

@@ -18,6 +18,7 @@
   - ffuf
   - Recaf
   - dbgate
+  - Home history files
 - **New features**
   - Locations now support [globbing](https://ruby-doc.org/3.3.0/Dir.html#method-c-glob), useful when needing to remove several files in a directory while not removing the whole directory (e.g. log files with rotation in the same directory as the configuration file)
 - **Quality**

docs/pages/roadmap.md

@@ -1,16 +1,5 @@
 # Roadmap
 
-More modules:
-
-- [ ] 🟨 ~/.python_history
-- [ ] 🟨 ~/.psql_history
-- [ ] 🟨 ~/.irb_history
-- [ ] 🟨 ~/.rdbg_history
-- [ ] 🟨 ~/.rediscli_history
-- [ ] 🟨 ~/.bash_history
-- [ ] 🟨 ~/.zsh_history
-- [ ] 🟨 ~/.histfile
-
 Features:
 
 - CLI

docs/pages/tools.md

@@ -27,4 +27,8 @@ The tools handled by Aspisec are (in alphabetical order):
 - [Weevely](https://acceis.github.io/aspisec/ruby/Aspisec/Modules/Weevely)
 - [WhatWaf](https://acceis.github.io/aspisec/ruby/Aspisec/Modules/Whatwaf)
 
-More will be added in the future, some are already planning in the [Roadmap](pages/roadmap.md).
+Special features:
+
+- [Home history files](https://acceis.github.io/aspisec/ruby/Aspisec/Modules/HomeHistoryFiles)
+
+More may be added in the future, some may be already planned in the [Roadmap](pages/roadmap.md).

lib-ruby/aspisec/config.rb

@@ -70,7 +70,8 @@ class Config
         'bloodhound' => Configs::BLOODHOUND,
         'ffuf' => Configs::FFUF,
         'recaf' => Configs::RECAF,
-        'dbgate' => Configs::DBGATE
+        'dbgate' => Configs::DBGATE,
+        'home-history-files' => Configs::HOME_HISTORY_FILES
       },
       'audit' => {
         'enabled' => false,

lib-ruby/aspisec/configs/home_history_files.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Aspisec
+  class Config
+    module Configs
+      HOME_HISTORY_FILES = {
+        'enabled' => true,
+        'location' => {
+          'base' => '$HOME', # ~/
+          'python' => {
+            'path' => '<base>/.python_history',
+            'description' => "Python history file.\n" \
+                             'Contains all commands entered in the Python REPL.'
+          },
+          'postgresql' => {
+            'path' => '<base>/.psql_history',
+            'description' => "PostgreSQL history file.\n" \
+                             'Contains all commands entered in the PostegreSQL shell.'
+          },
+          'ruby-irb' => {
+            'path' => '<base>/.irb_history',
+            'description' => "Ruby (IRB) hitory file.\n" \
+                             'Contains all commands entered in the Ruby REPL.'
+          },
+          'ruby-rdbg' => {
+            'path' => '<base>/.rdbg_history',
+            'description' => "Ruby (rdbg) hitory file.\n" \
+                             'Contains all commands entered in the Ruby debugger.'
+          },
+          'redis-cli' => {
+            'path' => '<base>/.rediscli_history',
+            'description' => "Redis CLI history file.\n" \
+                             'Contains all commands entered in the redis-cli shell.'
+          },
+          'bash' => {
+            'enabled' => false,
+            'path' => '<base>/.bash_history',
+            'description' => "Bash history file.\n" \
+                             'Contains all commands entered in the Bash shell.'
+          },
+          'zsh' => {
+            'enabled' => false,
+            'path' => '<base>/.zsh_history',
+            'description' => "Zsh history file.\n" \
+                             'Contains all commands entered in the Zsh shell.'
+          },
+          'zsh-alt' => {
+            'enabled' => false,
+            'path' => '<base>/.histfile',
+            'description' => "Zsh history file.\n" \
+                             "Contains all commands entered in the Zsh shell.\n" \
+                             'Alternative Zsh history file location set by zsh-newuser-install in HISTFILE ' \
+                             'environment variable.'
+          }
+        }
+      }.freeze
+    end
+  end
+end

lib-ruby/aspisec/modules/home_history_files.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require 'aspisec/module'
+
+module Aspisec
+  module Modules
+    # Module for various history files stored in the user home directory.
+    # Inherits {Aspisec::Module}.
+    # For more examples of methods, see {Aspisec::Modules::Sqlmap}.
+    # @example
+    #   # Get the global config
+    #   conf = Aspisec::Config.new.conf
+    #   # Create a HomeHistoryFiles module instance
+    #   hhf = Aspisec::Modules::HomeHistoryFiles.new(conf)
+    #   # Locations available
+    #   hhf.locations_list # => ["python", "postgresql", "ruby_irb", "ruby_rdbg", "redis_cli", "bash", "zsh", "zsh_alt"]
+    class HomeHistoryFiles < Aspisec::Module
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :python
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :postgresql
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :ruby_irb
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :ruby_rdbg
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :redis_cli
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :bash
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :zsh
+
+      # see {Aspisec::Config::DEFAULT_CONFIG} or call {Aspisec::Module::Location#description}.
+      # @return [Location]
+      attr_reader :zsh_alt
+
+      # Inherits from {Aspisec::Module} but has only the `conf` argument,
+      # `tool_name` is hardcoded for each module.
+      # @param conf [Aspisec::Config] an instance of the global configuration
+      def initialize(conf, logger: nil)
+        super(conf, 'home-history-files', logger:)
+        @python = Location.new(@conf, 'python')
+        @postgresql = Location.new(@conf, 'postgresql')
+        @ruby_irb = Location.new(@conf, 'ruby-irb')
+        @ruby_rdbg = Location.new(@conf, 'ruby-rdbg')
+        @redis_cli = Location.new(@conf, 'redis-cli')
+        @bash = Location.new(@conf, 'bash')
+        @zsh = Location.new(@conf, 'zsh')
+        @zsh_alt = Location.new(@conf, 'zsh-alt')
+        @locations_list = %w[python postgresql ruby_irb ruby_rdbg redis_cli bash zsh zsh_alt]
+      end
+    end
+  end
+end