dradis-wpscan 4.11.0 → 4.13.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/README.md +1 -2
- data/dradis-wpscan.gemspec +1 -1
- data/lib/dradis/plugins/wpscan/gem_version.rb +1 -1
- data/lib/dradis/plugins/wpscan/importer.rb +5 -5
- data/lib/dradis/plugins/wpscan/mapping.rb +51 -0
- data/lib/dradis/plugins/wpscan.rb +1 -0
- metadata +8 -13
- data/templates/evidence.fields +0 -1
- data/templates/evidence.template +0 -2
- data/templates/scan_info.fields +0 -8
- data/templates/scan_info.template +0 -34
- data/templates/vulnerability.fields +0 -6
- data/templates/vulnerability.template +0 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 84e74a2f6395035d66171cf3109a8568b0aa2568e312b0bdcf679d75a6c88d08
|
4
|
+
data.tar.gz: 3a133b7c552fc5fc33a5cf56b0c2447d0fef633c63d07e1a7b847d5068ad37e9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8acde751028e416ebdee8bd3c12ef3c928884fad9b3b8611c539e23735c63b07fd610af138e3310a42db4784d03cde67d1675f57138067b72f4bf921dae36060
|
7
|
+
data.tar.gz: 6709c992c808586e0d6b5cf74f90c43c5f145f469c6b805a31af2fd4d5564aaa5718c7192110eecd11e1d55614c4a1d882504a4e346a88466087af12e0108de6
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -4,8 +4,7 @@
|
|
4
4
|
|
5
5
|
Upload [WPScan](https://wpscan.org/) security scanner JSON output into Dradis.
|
6
6
|
|
7
|
-
The add-on requires [Dradis CE](https://
|
8
|
-
|
7
|
+
The add-on requires [Dradis CE](https://dradis.com/ce/) > 3.0, or [Dradis Pro](https://dradis.com/).
|
9
8
|
|
10
9
|
## More information
|
11
10
|
|
data/dradis-wpscan.gemspec
CHANGED
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
|
|
26
26
|
spec.add_dependency 'dradis-plugins', '~> 4.0'
|
27
27
|
spec.add_dependency 'multi_json'
|
28
28
|
|
29
|
-
spec.add_development_dependency 'bundler'
|
29
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
30
30
|
spec.add_development_dependency 'rake', '~> 12.3.3'
|
31
31
|
spec.add_development_dependency 'rspec-rails'
|
32
32
|
spec.add_development_dependency 'combustion', '~> 0.5.2'
|
@@ -66,7 +66,7 @@ module Dradis::Plugins::Wpscan
|
|
66
66
|
node.set_property(:scan_time, data['elapsed'])
|
67
67
|
end
|
68
68
|
|
69
|
-
scan_info =
|
69
|
+
scan_info = mapping_service.apply_mapping(source: 'scan_info', data: data)
|
70
70
|
content_service.create_note text: scan_info, node: node
|
71
71
|
|
72
72
|
node
|
@@ -108,11 +108,11 @@ module Dradis::Plugins::Wpscan
|
|
108
108
|
vulnerabilities.each do |vulnerability|
|
109
109
|
logger.info { "Adding vulnerability: #{vulnerability['title']}" }
|
110
110
|
|
111
|
-
vulnerability_template =
|
111
|
+
vulnerability_template = mapping_service.apply_mapping(source: 'vulnerability', data: vulnerability)
|
112
112
|
issue = content_service.create_issue(text: vulnerability_template, id: vulnerability['wpvulndb_id'], node: node)
|
113
113
|
|
114
114
|
if vulnerability['evidence']
|
115
|
-
evidence_content =
|
115
|
+
evidence_content = mapping_service.apply_mapping(source: 'evidence', data: vulnerability)
|
116
116
|
content_service.create_evidence(issue: issue, node: node, content: vulnerability['evidence'])
|
117
117
|
end
|
118
118
|
end
|
@@ -167,11 +167,11 @@ module Dradis::Plugins::Wpscan
|
|
167
167
|
vulnerabilities.each do |vulnerability|
|
168
168
|
logger.info { "Adding vulnerability: #{vulnerability['title']}" }
|
169
169
|
|
170
|
-
vulnerability_template =
|
170
|
+
vulnerability_template = mapping_service.apply_mapping(source: 'vulnerability', data: vulnerability)
|
171
171
|
issue = content_service.create_issue(text: vulnerability_template, id: "wpscan_#{rand(999999)}")
|
172
172
|
|
173
173
|
if vulnerability['evidence']
|
174
|
-
evidence_content =
|
174
|
+
evidence_content = mapping_service.apply_mapping(source: 'evidence', data: vulnerability)
|
175
175
|
content_service.create_evidence(issue: issue, node: node, content: vulnerability['evidence'])
|
176
176
|
end
|
177
177
|
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
module Dradis::Plugins::Wpscan
|
2
|
+
module Mapping
|
3
|
+
DEFAULT_MAPPING = {
|
4
|
+
evidence: {
|
5
|
+
'Evidence' => '{{ wpscan[evidence.evidence] }}'
|
6
|
+
},
|
7
|
+
scan_info: {
|
8
|
+
'Title' => 'WPScan Scan Information',
|
9
|
+
'TargetURL' => '{{ wpscan[scan_info.target_url] }}',
|
10
|
+
'WordpressVersion' => '{{ wpscan[scan_info.wordpress_version] }}',
|
11
|
+
'Plugins' => '{{ wpscan[scan_info.plugins_string] }}',
|
12
|
+
'Themes' => '{{ wpscan[scan_info.themes_string] }}',
|
13
|
+
'Users' => '{{ wpscan[scan_info.users] }}',
|
14
|
+
'WPScanVersion' => '{{ wpscan[scan_info.wpscan_version] }}',
|
15
|
+
'StartTime' => '{{ wpscan[scan_info.start_time] }}',
|
16
|
+
'TotalScanTime' => '{{ wpscan[scan_info.elapsed] }}'
|
17
|
+
},
|
18
|
+
vulnerability: {
|
19
|
+
'Title' => '{{ wpscan[vulnerability.title] }}',
|
20
|
+
'FixedIn' => '{{ wpscan[vulnerability.fixed_in] }}',
|
21
|
+
'CVE' => '{{ wpscan[vulnerability.cve] }}',
|
22
|
+
'References' => '{{ wpscan[vulnerability.url] }}',
|
23
|
+
'WPVulnDB' => '{{ wpscan[vulnerability.wpvulndb_url] }}'
|
24
|
+
}
|
25
|
+
}.freeze
|
26
|
+
|
27
|
+
SOURCE_FIELDS = {
|
28
|
+
evidence: [
|
29
|
+
'evidence.evidence'
|
30
|
+
],
|
31
|
+
scan_info: [
|
32
|
+
'scan_info.target_url',
|
33
|
+
'scan_info.wpscan_version',
|
34
|
+
'scan_info.start_time',
|
35
|
+
'scan_info.elapsed',
|
36
|
+
'scan_info.wordpress_version',
|
37
|
+
'scan_info.plugins_string',
|
38
|
+
'scan_info.themes_string',
|
39
|
+
'scan_info.users'
|
40
|
+
],
|
41
|
+
vulnerability: [
|
42
|
+
'vulnerability.title',
|
43
|
+
'vulnerability.fixed_in',
|
44
|
+
'vulnerability.cve',
|
45
|
+
'vulnerability.url',
|
46
|
+
'vulnerability.wpvulndb_url',
|
47
|
+
'vulnerability.wpvulndb_id'
|
48
|
+
]
|
49
|
+
}.freeze
|
50
|
+
end
|
51
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dradis-wpscan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.13.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Christian Mehlmauer
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2024-
|
14
|
+
date: 2024-08-07 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: dradis-plugins
|
@@ -45,16 +45,16 @@ dependencies:
|
|
45
45
|
name: bundler
|
46
46
|
requirement: !ruby/object:Gem::Requirement
|
47
47
|
requirements:
|
48
|
-
- - "
|
48
|
+
- - "~>"
|
49
49
|
- !ruby/object:Gem::Version
|
50
|
-
version: '0'
|
50
|
+
version: '2.0'
|
51
51
|
type: :development
|
52
52
|
prerelease: false
|
53
53
|
version_requirements: !ruby/object:Gem::Requirement
|
54
54
|
requirements:
|
55
|
-
- - "
|
55
|
+
- - "~>"
|
56
56
|
- !ruby/object:Gem::Version
|
57
|
-
version: '0'
|
57
|
+
version: '2.0'
|
58
58
|
- !ruby/object:Gem::Dependency
|
59
59
|
name: rake
|
60
60
|
requirement: !ruby/object:Gem::Requirement
|
@@ -122,6 +122,7 @@ files:
|
|
122
122
|
- lib/dradis/plugins/wpscan/field_processor.rb
|
123
123
|
- lib/dradis/plugins/wpscan/gem_version.rb
|
124
124
|
- lib/dradis/plugins/wpscan/importer.rb
|
125
|
+
- lib/dradis/plugins/wpscan/mapping.rb
|
125
126
|
- lib/dradis/plugins/wpscan/version.rb
|
126
127
|
- lib/tasks/thorfile.rb
|
127
128
|
- output.json
|
@@ -129,15 +130,9 @@ files:
|
|
129
130
|
- spec/fixtures/files/sample.json
|
130
131
|
- spec/spec_helper.rb
|
131
132
|
- spec/wpscan_upload_spec.rb
|
132
|
-
- templates/evidence.fields
|
133
133
|
- templates/evidence.sample
|
134
|
-
- templates/evidence.template
|
135
|
-
- templates/scan_info.fields
|
136
134
|
- templates/scan_info.sample
|
137
|
-
- templates/scan_info.template
|
138
|
-
- templates/vulnerability.fields
|
139
135
|
- templates/vulnerability.sample
|
140
|
-
- templates/vulnerability.template
|
141
136
|
homepage: https://dradis.com/integrations/wpscan.html
|
142
137
|
licenses:
|
143
138
|
- GPL-2
|
@@ -157,7 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
157
152
|
- !ruby/object:Gem::Version
|
158
153
|
version: '0'
|
159
154
|
requirements: []
|
160
|
-
rubygems_version: 3.
|
155
|
+
rubygems_version: 3.5.6
|
161
156
|
signing_key:
|
162
157
|
specification_version: 4
|
163
158
|
summary: WPScan add-on for the Dradis Framework.
|
data/templates/evidence.fields
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
evidence.evidence
|
data/templates/evidence.template
DELETED
data/templates/scan_info.fields
DELETED
@@ -1,34 +0,0 @@
|
|
1
|
-
#[Title]#
|
2
|
-
WPScan Scan Information
|
3
|
-
|
4
|
-
|
5
|
-
#[TargetURL]#
|
6
|
-
%scan_info.target_url%
|
7
|
-
|
8
|
-
|
9
|
-
#[WordpressVersion]#
|
10
|
-
%scan_info.wordpress_version%
|
11
|
-
|
12
|
-
|
13
|
-
#[Plugins]#
|
14
|
-
%scan_info.plugins_string%
|
15
|
-
|
16
|
-
|
17
|
-
#[Themes]#
|
18
|
-
%scan_info.themes_string%
|
19
|
-
|
20
|
-
|
21
|
-
#[Users]#
|
22
|
-
%scan_info.users%
|
23
|
-
|
24
|
-
|
25
|
-
#[WPScanVersion]#
|
26
|
-
%scan_info.wpscan_version%
|
27
|
-
|
28
|
-
|
29
|
-
#[StartTime]#
|
30
|
-
%scan_info.start_time%
|
31
|
-
|
32
|
-
|
33
|
-
#[TotalScanTime]#
|
34
|
-
%scan_info.elapsed%
|