dradis-wpscan 3.17.0

data/spec/spec_helper.rb

@@ -0,0 +1,9 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'nokogiri'
+require 'combustion'
+
+Combustion.initialize!
+
+RSpec.configure do |config|
+end

data/spec/wpscan_upload_spec.rb

@@ -0,0 +1,58 @@
+require 'spec_helper'
+
+describe 'wpscan upload plugin' do
+  describe "Importer" do
+
+    before(:each) do
+      # Stub template service
+      templates_dir = File.expand_path('../../templates', __FILE__)
+      expect_any_instance_of(Dradis::Plugins::TemplateService)
+      .to receive(:default_templates_dir).and_return(templates_dir)
+
+      # Init services
+      plugin = Dradis::Plugins::Wpscan
+
+      @content_service = Dradis::Plugins::ContentService::Base.new(plugin: plugin)
+
+      @importer = plugin::Importer.new(
+        content_service: @content_service
+      )
+    end
+
+    it 'raises an error note when the json is not valid' do
+      expect(@content_service).to receive(:create_note) do |args|
+        expect(args[:text]).to include("ERROR: No 'target_url' field present in the provided JSON data")
+        OpenStruct.new(args)
+      end.once
+
+      @importer.import(file: 'spec/fixtures/files/invalid.json')
+    end
+
+    it "creates nodes, issues, notes and an evidences as needed" do
+      expect(@content_service).to receive(:create_node) do |args|
+        # puts "create_node: #{ args.inspect }"
+        expect(args[:label]).to eq('http://www.redacted.com/')
+        expect(args[:type]).to eq(:host)
+        OpenStruct.new(args)
+      end.once
+      expect(@content_service).to receive(:create_note) do |args|
+        # puts "create_note: #{ args.inspect }"
+        expect(args[:text]).to include("#[Title]#\nWPScan Scan Information")
+        expect(args[:node].label).to eq('http://www.redacted.com/')
+        OpenStruct.new(args)
+      end.once
+      expect(@content_service).to receive(:create_issue) do |args|
+        # puts "create_issue: #{ args.inspect }"
+        OpenStruct.new(args)
+      end.exactly(10).times
+      expect(@content_service).to receive(:create_evidence) do |args|
+        # puts "create_evidence: #{ args.inspect }"
+        OpenStruct.new(args)
+      end.exactly(5).times
+
+      # Run the import
+      @importer.import(file: 'spec/fixtures/files/sample.json')
+    end
+
+  end
+end

data/templates/evidence.fields

@@ -0,0 +1 @@
+evidence.evidence

data/templates/evidence.template

@@ -0,0 +1,2 @@
+#[Evidence]#
+%evidence.evidence%

data/templates/scan_info.fields

@@ -0,0 +1,8 @@
+scan_info.target_url
+scan_info.wpscan_version
+scan_info.start_time
+scan_info.elapsed
+scan_info.wordpress_version
+scan_info.plugins_string
+scan_info.themes_string
+scan_info.users

data/templates/scan_info.sample

@@ -0,0 +1,30 @@
+{
+  "banner": {
+    "description": "WordPress Security Scanner by the WPScan Team",
+    "version": "3.7.4",
+    "authors": [
+      "@_WPScan_",
+      "@ethicalhack3r",
+      "@erwan_lr",
+      "@_FireFart_"
+    ],
+    "sponsor": "WPScan.io - Online WordPress Vulnerability Scanner"
+  },
+  "start_time": 1573126188,
+  "start_memory": 49848320,
+  "target_url": "http://www.lagardelanguages.com/",
+  "effective_url": "http://www.lagardelanguages.com/",
+  "vuln_api": {
+    "error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up."
+  },
+  "stop_time": 1573126193,
+  "elapsed": 5,
+  "requests_done": 23,
+  "cached_requests": 45,
+  "data_sent": 6850,
+  "data_sent_humanised": "6.689 KB",
+  "data_received": 24157,
+  "data_received_humanised": "23.591 KB",
+  "used_memory": 215461888,
+  "used_memory_humanised": "205.48 MB"
+}

data/templates/scan_info.template

@@ -0,0 +1,34 @@
+#[Title]#
+WPScan Scan Information
+
+
+#[TargetURL]#
+%scan_info.target_url%
+
+
+#[WordpressVersion]#
+%scan_info.wordpress_version%
+
+
+#[Plugins]#
+%scan_info.plugins_string%
+
+
+#[Themes]#
+%scan_info.themes_string%
+
+
+#[Users]#
+%scan_info.users%
+
+
+#[WPScanVersion]#
+%scan_info.wpscan_version%
+
+
+#[StartTime]#
+%scan_info.start_time%
+
+
+#[TotalScanTime]#
+%scan_info.elapsed%

data/templates/vulnerability.fields

@@ -0,0 +1,6 @@
+vulnerability.title
+vulnerability.fixed_in
+vulnerability.cve
+vulnerability.url
+vulnerability.wpvulndb_url
+vulnerability.wpvulndb_id

data/templates/vulnerability.sample

@@ -0,0 +1,481 @@
+{ 
+   "banner":{ 
+      "description":"WordPress Security Scanner by the WPScan Team",
+      "version":"3.7.5",
+      "authors":[ 
+         "@_WPScan_",
+         "@ethicalhack3r",
+         "@erwan_lr",
+         "@_FireFart_"
+      ],
+      "sponsor":"WPScan.io - Online WordPress Vulnerability Scanner"
+   },
+   "start_time":1573480650,
+   "start_memory":49602560,
+   "target_url":"http://www.redacted.com/",
+   "effective_url":"http://www.redacted.com/",
+   "interesting_findings":[ 
+      { 
+         "url":"http://www.redacted.com/",
+         "to_s":"http://www.redacted.com/",
+         "type":"headers",
+         "found_by":"Headers (Passive Detection)",
+         "confidence":100,
+         "confirmed_by":{ 
+
+         },
+         "references":{ 
+
+         },
+         "interesting_entries":[ 
+            "Server: nginx"
+         ]
+      },
+      { 
+         "url":"http://www.redacted.com/robots.txt",
+         "to_s":"http://www.redacted.com/robots.txt",
+         "type":"robots_txt",
+         "found_by":"Robots Txt (Aggressive Detection)",
+         "confidence":100,
+         "confirmed_by":{ 
+
+         },
+         "references":{ 
+
+         },
+         "interesting_entries":[ 
+            "/wp-admin/",
+            "/wp-admin/admin-ajax.php"
+         ]
+      },
+      { 
+         "url":"http://www.redacted.com/xmlrpc.php",
+         "to_s":"http://www.redacted.com/xmlrpc.php",
+         "type":"xmlrpc",
+         "found_by":"Headers (Passive Detection)",
+         "confidence":100,
+         "confirmed_by":{ 
+            "Link Tag (Passive Detection)":{ 
+               "confidence":30
+            },
+            "Direct Access (Aggressive Detection)":{ 
+               "confidence":100
+            }
+         },
+         "references":{ 
+            "url":[ 
+               "http://codex.wordpress.org/XML-RPC_Pingback_API"
+            ],
+            "metasploit":[ 
+               "auxiliary/scanner/http/wordpress_ghost_scanner",
+               "auxiliary/dos/http/wordpress_xmlrpc_dos",
+               "auxiliary/scanner/http/wordpress_xmlrpc_login",
+               "auxiliary/scanner/http/wordpress_pingback_access"
+            ]
+         },
+         "interesting_entries":[ 
+
+         ]
+      },
+      { 
+         "url":"http://www.redacted.com/readme.html",
+         "to_s":"http://www.redacted.com/readme.html",
+         "type":"readme",
+         "found_by":"Direct Access (Aggressive Detection)",
+         "confidence":100,
+         "confirmed_by":{ 
+
+         },
+         "references":{ 
+
+         },
+         "interesting_entries":[ 
+
+         ]
+      },
+      { 
+         "url":"http://www.redacted.com/wp-cron.php",
+         "to_s":"http://www.redacted.com/wp-cron.php",
+         "type":"wp_cron",
+         "found_by":"Direct Access (Aggressive Detection)",
+         "confidence":60,
+         "confirmed_by":{ 
+
+         },
+         "references":{ 
+            "url":[ 
+               "https://www.iplocation.net/defend-wordpress-from-ddos",
+               "https://github.com/wpscanteam/wpscan/issues/1299"
+            ]
+         },
+         "interesting_entries":[ 
+
+         ]
+      }
+   ],
+   "version":{ 
+      "number":"4.7.2",
+      "release_date":"2017-01-26",
+      "status":"insecure",
+      "found_by":"Meta Generator (Passive Detection)",
+      "confidence":60,
+      "interesting_entries":[ 
+         "http://www.redacted.com/, Match: 'WordPress 4.7.2'"
+      ],
+      "confirmed_by":{ 
+
+      },
+      "vulnerabilities":[ 
+         { 
+            "title":"WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata",
+            "fixed_in":"4.7.3",
+            "references":{ 
+               "cve":[ 
+                  "2017-6814"
+               ],
+               "url":[ 
+                  "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/",
+                  "https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7",
+                  "https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html",
+                  "https://seclists.org/oss-sec/2017/q1/563"
+               ],
+               "wpvulndb":[ 
+                  "8765"
+               ]
+            }
+         },
+         { 
+            "title":"WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation",
+            "fixed_in":"4.7.3",
+            "references":{ 
+               "cve":[ 
+                  "2017-6815"
+               ],
+               "url":[ 
+                  "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/",
+                  "https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e"
+               ],
+               "wpvulndb":[ 
+                  "8766"
+               ]
+            }
+         }
+      ]
+   },
+   "main_theme":{ 
+      "slug":"liquorice",
+      "location":"http://www.redacted.com/wp-content/themes/liquorice/",
+      "latest_version":"2.3",
+      "last_updated":"2013-05-30T00:00:00.000Z",
+      "outdated":false,
+      "readme_url":"http://www.redacted.com/wp-content/themes/liquorice/readme.txt",
+      "directory_listing":false,
+      "error_log_url":null,
+      "style_url":"http://www.redacted.com/wp-content/themes/liquorice/style.css",
+      "style_name":"Liquorice",
+      "style_uri":"http://www.nudgedesign.ca/wordpress-themes/liquorice",
+      "description":"A simple and clean vintage looking theme for you to build on using Google's font API Lobster font. Custom background feature enabled.",
+      "author":"Nudge Design",
+      "author_uri":"http://www.nudgedesign.ca",
+      "template":null,
+      "license":"GNU General Public License v2.0",
+      "license_uri":"http://www.gnu.org/licenses/gpl-2.0.html",
+      "tags":"custom-background, two-columns, fixed-width, right-sidebar, light, brown, orange, blue",
+      "text_domain":null,
+      "found_by":"Css Style In Homepage (Passive Detection)",
+      "confidence":100,
+      "interesting_entries":[ 
+
+      ],
+      "confirmed_by":{ 
+         "Css Style In 404 Page (Passive Detection)":{ 
+            "confidence":70,
+            "interesting_entries":[ 
+
+            ]
+         }
+      },
+      "vulnerabilities":[ 
+
+      ],
+      "version":{ 
+         "number":"2.3",
+         "confidence":80,
+         "found_by":"Style (Passive Detection)",
+         "interesting_entries":[ 
+            "http://www.redacted.com/wp-content/themes/liquorice/style.css, Match: 'Version: 2.3'"
+         ],
+         "confirmed_by":{ 
+
+         }
+      },
+      "parents":[ 
+
+      ]
+   },
+   "plugins":{ 
+      "all-in-one-seo-pack":{ 
+         "slug":"all-in-one-seo-pack",
+         "location":"http://www.redacted.com/wp-content/plugins/all-in-one-seo-pack/",
+         "latest_version":"3.2.10",
+         "last_updated":"2019-10-17T15:07:00.000Z",
+         "outdated":true,
+         "readme_url":null,
+         "directory_listing":null,
+         "error_log_url":null,
+         "found_by":"Comment (Passive Detection)",
+         "confidence":30,
+         "interesting_entries":[ 
+
+         ],
+         "confirmed_by":{ 
+
+         },
+         "vulnerabilities":[ 
+            { 
+               "title":"All In One SEO Pack < 3.2.7 - Stored Cross-Site Scripting (XSS)",
+               "fixed_in":"3.2.7",
+               "references":{ 
+                  "cve":[ 
+                     "2019-16520"
+                  ],
+                  "url":[ 
+                     "https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-04_WordPress_Plugin_All_in_One_SEO_Pack"
+                  ],
+                  "wpvulndb":[ 
+                     "9915"
+                  ]
+               }
+            }
+         ],
+         "version":{ 
+            "number":"3.1",
+            "confidence":100,
+            "found_by":"Comment (Passive Detection)",
+            "interesting_entries":[ 
+               "http://www.redacted.com/, Match: 'All in One SEO Pack 3.1 by'"
+            ],
+            "confirmed_by":{ 
+               "Readme - Stable Tag (Aggressive Detection)":{ 
+                  "confidence":80,
+                  "interesting_entries":[ 
+                     "http://www.redacted.com/wp-content/plugins/all-in-one-seo-pack/readme.txt"
+                  ]
+               }
+            }
+         }
+      },
+      "qtranslate":{ 
+         "slug":"qtranslate",
+         "location":"http://www.redacted.com/wp-content/plugins/qtranslate/",
+         "latest_version":null,
+         "last_updated":null,
+         "outdated":false,
+         "readme_url":null,
+         "directory_listing":null,
+         "error_log_url":null,
+         "found_by":"Urls In Homepage (Passive Detection)",
+         "confidence":100,
+         "interesting_entries":[ 
+
+         ],
+         "confirmed_by":{ 
+            "Urls In 404 Page (Passive Detection)":{ 
+               "confidence":80,
+               "interesting_entries":[ 
+
+               ]
+            }
+         },
+         "vulnerabilities":[ 
+            { 
+               "title":"qTranslate 2.5.34 - Setting Manipulation CSRF",
+               "fixed_in":null,
+               "references":{ 
+                  "cve":[ 
+                     "2013-3251"
+                  ],
+                  "wpvulndb":[ 
+                     "6846"
+                  ]
+               }
+            },
+            { 
+               "title":"qTranslate <= 2.5.39 - Cross-Site Scripting (XSS)",
+               "fixed_in":null,
+               "references":{ 
+                  "cve":[ 
+                     "2015-5535"
+                  ],
+                  "url":[ 
+                     "https://seclists.org/bugtraq/2015/Jul/139",
+                     "https://www.immuniweb.com/advisory/HTB23265"
+                  ],
+                  "wpvulndb":[ 
+                     "8120"
+                  ]
+               }
+            }
+         ],
+         "version":null
+      }
+   },
+   "db_exports":{ 
+      "http://www.redacted.com/redacted.sql":{ 
+         "found_by":"Direct Access (Aggressive Detection)",
+         "confidence":100,
+         "interesting_entries":[ 
+
+         ],
+         "confirmed_by":{ 
+
+         }
+      },
+      "http://www.redacted.com/dump.sql":{ 
+         "found_by":"Direct Access (Aggressive Detection)",
+         "confidence":100,
+         "interesting_entries":[ 
+
+         ],
+         "confirmed_by":{ 
+
+         }
+      }
+   },
+   "timthumbs":{ 
+      "http://www.redacted.com/wordpress-5.2.4/timthumb.php":{ 
+         "confirmed_by":{ 
+
+         },
+         "confidence":100,
+         "interesting_entries":[ 
+
+         ],
+         "version":{ 
+            "found_by":"Bad Request (Aggressive Detection)",
+            "interesting_entries":[ 
+               "http://www.redacted.com/wordpress-5.2.4/timthumb.php, Match: 'TimThumb version : 2.8.13'"
+            ],
+            "number":"2.8.13",
+            "confirmed_by":{ 
+
+            },
+            "confidence":90
+         },
+         "vulnerabilities":[ 
+
+         ],
+         "found_by":"Known Locations (Aggressive Detection)"
+      },
+      "http://www.redacted.com/wordpress-5.2.4/thumb.php":{ 
+         "interesting_entries":[ 
+
+         ],
+         "confidence":100,
+         "confirmed_by":{ 
+
+         },
+         "vulnerabilities":[ 
+            { 
+               "title":"Timthumb <= 2.8.13 WebShot Remote Code Execution",
+               "fixed_in":"2.8.14",
+               "references":{ 
+                  "cve":[ 
+                     "2014-4663"
+                  ],
+                  "url":[ 
+                     "http://seclists.org/fulldisclosure/2014/Jun/117",
+                     "https://github.com/wpscanteam/wpscan/issues/519"
+                  ]
+               }
+            }
+         ],
+         "found_by":"Known Locations (Aggressive Detection)",
+         "version":{ 
+            "confirmed_by":{ 
+
+            },
+            "confidence":90,
+            "number":"2.8.13",
+            "interesting_entries":[ 
+               "http://www.redacted.com/wordpress-5.2.4/thumb.php, Match: 'TimThumb version : 2.8.13'"
+            ],
+            "found_by":"Bad Request (Aggressive Detection)"
+         }
+      }
+   },
+   "config_backups":{ 
+      "http://www.redacted.com/wp-config.txt":{ 
+         "found_by":"Direct Access (Aggressive Detection)",
+         "confidence":100,
+         "interesting_entries":[ 
+
+         ],
+         "confirmed_by":{ 
+
+         }
+      }
+   },
+   "users": {
+    "marie": {
+      "id": null,
+      "found_by": "Rss Generator (Passive Detection)",
+      "confidence": 100,
+      "interesting_entries": [
+
+      ],
+      "confirmed_by": {
+        "Wp Json Api (Aggressive Detection)": {
+          "confidence": 100,
+          "interesting_entries": [
+            "http://www.lagardelanguages.com/wp-json/wp/v2/users/?per_page=100&page=1"
+          ]
+        },
+        "Oembed API - Author URL (Aggressive Detection)": {
+          "confidence": 90,
+          "interesting_entries": [
+            "http://www.lagardelanguages.com/wp-json/oembed/1.0/embed?url=http://www.lagardelanguages.com/&format=json"
+          ]
+        },
+        "Rss Generator (Aggressive Detection)": {
+          "confidence": 50,
+          "interesting_entries": [
+
+          ]
+        },
+        "Author Id Brute Forcing - Author Pattern (Aggressive Detection)": {
+          "confidence": 100,
+          "interesting_entries": [
+
+          ]
+        },
+        "Login Error Messages (Aggressive Detection)": {
+          "confidence": 100,
+          "interesting_entries": [
+
+          ]
+        }
+      }
+    }
+  },
+  "password_attack": {
+    "marie": {
+      "password": "your-password"
+    }
+  },
+   "vuln_api":{ 
+      "plan":"enterprise",
+      "requests_done_during_scan":2,
+      "requests_remaining":"Unlimited"
+   },
+   "stop_time":1573480662,
+   "elapsed":12,
+   "requests_done":456,
+   "cached_requests":8,
+   "data_sent":96169,
+   "data_sent_humanised":"93.915 KB",
+   "data_received":479810,
+   "data_received_humanised":"468.564 KB",
+   "used_memory":212566016,
+   "used_memory_humanised":"202.719 MB"
+}