dradis-wpscan 4.10.0 → 4.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/pull_request_template.md +12 -3
- data/CHANGELOG.md +7 -0
- data/README.md +3 -4
- data/lib/dradis/plugins/wpscan/gem_version.rb +1 -1
- data/lib/dradis/plugins/wpscan/importer.rb +5 -5
- data/lib/dradis/plugins/wpscan/mapping.rb +51 -0
- data/lib/dradis/plugins/wpscan.rb +1 -0
- metadata +7 -12
- data/templates/evidence.fields +0 -1
- data/templates/evidence.template +0 -2
- data/templates/scan_info.fields +0 -8
- data/templates/scan_info.template +0 -34
- data/templates/vulnerability.fields +0 -6
- data/templates/vulnerability.template +0 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 812a679e762e731665a5f795b3ff2848573f6dd454703cea6bb8b94a765b2fc7
|
4
|
+
data.tar.gz: 2754978e12588efb5418e718fbb4aa7322bb516b26549596617e86730583846b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '052689636604d9fc6c4b205485ee555cb317109e3b90506215e7c99b9642d1a70ec2f406d87e655d954104a31299d93bd0bd33a994a035e38a43d4909603d837'
|
7
|
+
data.tar.gz: 56754118a893197ba264459444065704f5b53f9e84592356ebb6877d630ea2270ddf96290e4078ed36e27754718b069c63771281083ed7632159bfe61d977f56
|
@@ -1,3 +1,5 @@
|
|
1
|
+
Please review [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md) and remove this line.
|
2
|
+
|
1
3
|
### Summary
|
2
4
|
|
3
5
|
Provide a general description of the code changes in your pull
|
@@ -6,6 +8,11 @@ these bugs have open GitHub issues, be sure to tag them here as well,
|
|
6
8
|
to keep the conversation linked together.
|
7
9
|
|
8
10
|
|
11
|
+
### Testing Steps
|
12
|
+
|
13
|
+
Provide steps to test functionality, described in detail for someone not familiar with this part of the application / code base
|
14
|
+
|
15
|
+
|
9
16
|
### Other Information
|
10
17
|
|
11
18
|
If there's anything else that's important and relevant to your pull
|
@@ -26,11 +33,13 @@ products, we must have the copyright associated with the entire
|
|
26
33
|
codebase. Any code you create which is merged must be owned by us.
|
27
34
|
That's not us trying to be a jerks, that's just the way it works.
|
28
35
|
|
29
|
-
Please review the [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/master/CONTRIBUTING.md)
|
30
|
-
file for the details.
|
31
|
-
|
32
36
|
You can delete this section, but the following sentence needs to
|
33
37
|
remain in the PR's description:
|
34
38
|
|
35
39
|
> I assign all rights, including copyright, to any future Dradis
|
36
40
|
> work by myself to Security Roots.
|
41
|
+
|
42
|
+
### Check List
|
43
|
+
|
44
|
+
- [ ] Added a CHANGELOG entry
|
45
|
+
- [ ] Added specs
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -4,17 +4,16 @@
|
|
4
4
|
|
5
5
|
Upload [WPScan](https://wpscan.org/) security scanner JSON output into Dradis.
|
6
6
|
|
7
|
-
The add-on requires [Dradis CE](https://
|
8
|
-
|
7
|
+
The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
|
9
8
|
|
10
9
|
## More information
|
11
10
|
|
12
|
-
See the Dradis Framework's [README.md](https://github.com/dradis/
|
11
|
+
See the Dradis Framework's [README.md](https://github.com/dradis/dradis-ce/blob/develop/README.md)
|
13
12
|
|
14
13
|
|
15
14
|
## Contributing
|
16
15
|
|
17
|
-
See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/
|
16
|
+
See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradis-ce/blob/develop/CONTRIBUTING.md)
|
18
17
|
|
19
18
|
|
20
19
|
## License
|
@@ -66,7 +66,7 @@ module Dradis::Plugins::Wpscan
|
|
66
66
|
node.set_property(:scan_time, data['elapsed'])
|
67
67
|
end
|
68
68
|
|
69
|
-
scan_info =
|
69
|
+
scan_info = mapping_service.apply_mapping(source: 'scan_info', data: data)
|
70
70
|
content_service.create_note text: scan_info, node: node
|
71
71
|
|
72
72
|
node
|
@@ -108,11 +108,11 @@ module Dradis::Plugins::Wpscan
|
|
108
108
|
vulnerabilities.each do |vulnerability|
|
109
109
|
logger.info { "Adding vulnerability: #{vulnerability['title']}" }
|
110
110
|
|
111
|
-
vulnerability_template =
|
111
|
+
vulnerability_template = mapping_service.apply_mapping(source: 'vulnerability', data: vulnerability)
|
112
112
|
issue = content_service.create_issue(text: vulnerability_template, id: vulnerability['wpvulndb_id'], node: node)
|
113
113
|
|
114
114
|
if vulnerability['evidence']
|
115
|
-
evidence_content =
|
115
|
+
evidence_content = mapping_service.apply_mapping(source: 'evidence', data: vulnerability)
|
116
116
|
content_service.create_evidence(issue: issue, node: node, content: vulnerability['evidence'])
|
117
117
|
end
|
118
118
|
end
|
@@ -167,11 +167,11 @@ module Dradis::Plugins::Wpscan
|
|
167
167
|
vulnerabilities.each do |vulnerability|
|
168
168
|
logger.info { "Adding vulnerability: #{vulnerability['title']}" }
|
169
169
|
|
170
|
-
vulnerability_template =
|
170
|
+
vulnerability_template = mapping_service.apply_mapping(source: 'vulnerability', data: vulnerability)
|
171
171
|
issue = content_service.create_issue(text: vulnerability_template, id: "wpscan_#{rand(999999)}")
|
172
172
|
|
173
173
|
if vulnerability['evidence']
|
174
|
-
evidence_content =
|
174
|
+
evidence_content = mapping_service.apply_mapping(source: 'evidence', data: vulnerability)
|
175
175
|
content_service.create_evidence(issue: issue, node: node, content: vulnerability['evidence'])
|
176
176
|
end
|
177
177
|
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
module Dradis::Plugins::Wpscan
|
2
|
+
module Mapping
|
3
|
+
DEFAULT_MAPPING = {
|
4
|
+
evidence: {
|
5
|
+
'Evidence' => '{{ wpscan[evidence.evidence] }}'
|
6
|
+
},
|
7
|
+
scan_info: {
|
8
|
+
'Title' => 'WPScan Scan Information',
|
9
|
+
'TargetURL' => '{{ wpscan[scan_info.target_url] }}',
|
10
|
+
'WordpressVersion' => '{{ wpscan[scan_info.wordpress_version] }}',
|
11
|
+
'Plugins' => '{{ wpscan[scan_info.plugins_string] }}',
|
12
|
+
'Themes' => '{{ wpscan[scan_info.themes_string] }}',
|
13
|
+
'Users' => '{{ wpscan[scan_info.users] }}',
|
14
|
+
'WPScanVersion' => '{{ wpscan[scan_info.wpscan_version] }}',
|
15
|
+
'StartTime' => '{{ wpscan[scan_info.start_time] }}',
|
16
|
+
'TotalScanTime' => '{{ wpscan[scan_info.elapsed] }}'
|
17
|
+
},
|
18
|
+
vulnerability: {
|
19
|
+
'Title' => '{{ wpscan[vulnerability.title] }}',
|
20
|
+
'FixedIn' => '{{ wpscan[vulnerability.fixed_in] }}',
|
21
|
+
'CVE' => '{{ wpscan[vulnerability.cve] }}',
|
22
|
+
'References' => '{{ wpscan[vulnerability.url] }}',
|
23
|
+
'WPVulnDB' => '{{ wpscan[vulnerability.wpvulndb_url] }}'
|
24
|
+
}
|
25
|
+
}.freeze
|
26
|
+
|
27
|
+
SOURCE_FIELDS = {
|
28
|
+
evidence: [
|
29
|
+
'evidence.evidence'
|
30
|
+
],
|
31
|
+
scan_info: [
|
32
|
+
'scan_info.target_url',
|
33
|
+
'scan_info.wpscan_version',
|
34
|
+
'scan_info.start_time',
|
35
|
+
'scan_info.elapsed',
|
36
|
+
'scan_info.wordpress_version',
|
37
|
+
'scan_info.plugins_string',
|
38
|
+
'scan_info.themes_string',
|
39
|
+
'scan_info.users'
|
40
|
+
],
|
41
|
+
vulnerability: [
|
42
|
+
'vulnerability.title',
|
43
|
+
'vulnerability.fixed_in',
|
44
|
+
'vulnerability.cve',
|
45
|
+
'vulnerability.url',
|
46
|
+
'vulnerability.wpvulndb_url',
|
47
|
+
'vulnerability.wpvulndb_id'
|
48
|
+
]
|
49
|
+
}.freeze
|
50
|
+
end
|
51
|
+
end
|
metadata
CHANGED
@@ -1,17 +1,17 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-wpscan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Christian Mehlmauer
|
8
8
|
- Daniel Martin
|
9
9
|
- Erwan
|
10
10
|
- Ryan Dewhurst
|
11
|
-
autorequire:
|
11
|
+
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2024-05-07 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: dradis-plugins
|
@@ -99,7 +99,7 @@ dependencies:
|
|
99
99
|
version: 0.5.2
|
100
100
|
description: This add-on allows you to upload and parse output produced from the WPScan
|
101
101
|
WordPress security scanner into Dradis.
|
102
|
-
email:
|
102
|
+
email:
|
103
103
|
executables: []
|
104
104
|
extensions: []
|
105
105
|
extra_rdoc_files: []
|
@@ -122,6 +122,7 @@ files:
|
|
122
122
|
- lib/dradis/plugins/wpscan/field_processor.rb
|
123
123
|
- lib/dradis/plugins/wpscan/gem_version.rb
|
124
124
|
- lib/dradis/plugins/wpscan/importer.rb
|
125
|
+
- lib/dradis/plugins/wpscan/mapping.rb
|
125
126
|
- lib/dradis/plugins/wpscan/version.rb
|
126
127
|
- lib/tasks/thorfile.rb
|
127
128
|
- output.json
|
@@ -129,20 +130,14 @@ files:
|
|
129
130
|
- spec/fixtures/files/sample.json
|
130
131
|
- spec/spec_helper.rb
|
131
132
|
- spec/wpscan_upload_spec.rb
|
132
|
-
- templates/evidence.fields
|
133
133
|
- templates/evidence.sample
|
134
|
-
- templates/evidence.template
|
135
|
-
- templates/scan_info.fields
|
136
134
|
- templates/scan_info.sample
|
137
|
-
- templates/scan_info.template
|
138
|
-
- templates/vulnerability.fields
|
139
135
|
- templates/vulnerability.sample
|
140
|
-
- templates/vulnerability.template
|
141
136
|
homepage: https://dradis.com/integrations/wpscan.html
|
142
137
|
licenses:
|
143
138
|
- GPL-2
|
144
139
|
metadata: {}
|
145
|
-
post_install_message:
|
140
|
+
post_install_message:
|
146
141
|
rdoc_options: []
|
147
142
|
require_paths:
|
148
143
|
- lib
|
@@ -158,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
158
153
|
version: '0'
|
159
154
|
requirements: []
|
160
155
|
rubygems_version: 3.1.4
|
161
|
-
signing_key:
|
156
|
+
signing_key:
|
162
157
|
specification_version: 4
|
163
158
|
summary: WPScan add-on for the Dradis Framework.
|
164
159
|
test_files:
|
data/templates/evidence.fields
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
evidence.evidence
|
data/templates/evidence.template
DELETED
data/templates/scan_info.fields
DELETED
@@ -1,34 +0,0 @@
|
|
1
|
-
#[Title]#
|
2
|
-
WPScan Scan Information
|
3
|
-
|
4
|
-
|
5
|
-
#[TargetURL]#
|
6
|
-
%scan_info.target_url%
|
7
|
-
|
8
|
-
|
9
|
-
#[WordpressVersion]#
|
10
|
-
%scan_info.wordpress_version%
|
11
|
-
|
12
|
-
|
13
|
-
#[Plugins]#
|
14
|
-
%scan_info.plugins_string%
|
15
|
-
|
16
|
-
|
17
|
-
#[Themes]#
|
18
|
-
%scan_info.themes_string%
|
19
|
-
|
20
|
-
|
21
|
-
#[Users]#
|
22
|
-
%scan_info.users%
|
23
|
-
|
24
|
-
|
25
|
-
#[WPScanVersion]#
|
26
|
-
%scan_info.wpscan_version%
|
27
|
-
|
28
|
-
|
29
|
-
#[StartTime]#
|
30
|
-
%scan_info.start_time%
|
31
|
-
|
32
|
-
|
33
|
-
#[TotalScanTime]#
|
34
|
-
%scan_info.elapsed%
|