dradis-wpscan 4.9.0 → 4.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5eced390e441a6ec6dbe30861731ba5e2a21a669dcac452b57a23e28d5a7a93
-  data.tar.gz: 33bf17822b379dd88ee9c3b696f80769cbf7e2c3ff4c0ea9c058d207d9733518
+  metadata.gz: 04053fb23a9bd7d39c7c5640b0a3d8a9bac576de9f09a4d5ac163de670975887
+  data.tar.gz: 4bd01d6905569d04ddf5934744af6036cbce3f55b9cdfb0656163b8fb56d828e
 SHA512:
-  metadata.gz: a0f9cc14575819d423a9999c766566d0bacdb6876a5563b9d23a8ee93cb410e074e7b55f50d1a206b74e612c7eeada39647a4574800efbc46da7e2a23a9a9d9c
-  data.tar.gz: 401b3e31509a3f3cf5af7ae9f7d3ef2ad6f2127408db838402b477ce00e680930f97ef455da8ac1d556a31ad78b21662293ffea4d0f6d309bef37945042625c9
+  metadata.gz: 8becfb81a6b67a4ccf52ac15e8a38b071416d14e4f07a3cee77893cd24a84f89badf549a0acc6f82127f28d34b44dcb1ba40659d06ba3bbd036c4d68eca6fedb
+  data.tar.gz: 48ee083ec5ad44ead933671b8593cd14189dbd55a750516361df2ebaa02f99ac856b783d7b668d9afcb165f4d4e48143c70650d8609560c38e8b39c1d6a620bd

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+v4.10.0 (September 2023)
+  - Import "version" findings with status: outdated
+  - Update gemspec links
+
 v4.9.0 (June 2023)
   - No changes
 

data/dradis-wpscan.gemspec

@@ -13,11 +13,10 @@ Gem::Specification.new do |spec|
   spec.license     = 'GPL-2'
 
   spec.authors     = ['Christian Mehlmauer', 'Daniel Martin', 'Erwan', 'Ryan Dewhurst']
-  spec.email       = ['etd@nomejortu.com']
-  spec.homepage    = 'http://dradisframework.org'
+  spec.homepage    = 'https://dradis.com/integrations/wpscan.html'
 
   spec.files       = `git ls-files`.split($\)
-  spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.executables = spec.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   spec.test_files  = spec.files.grep(%r{^(test|spec|features)/})
 
   # By not including Rails as a dependency, we can use the gem with different

data/lib/dradis/plugins/wpscan/gem_version.rb

@@ -8,11 +8,11 @@ module Dradis
 
       module VERSION
         MAJOR = 4
-        MINOR = 9
+        MINOR = 10
         TINY = 0
         PRE = nil
 
-        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
       end
     end
   end

data/lib/dradis/plugins/wpscan/importer.rb

@@ -7,9 +7,8 @@ module Dradis::Plugins::Wpscan
     # The framework will call this function if the user selects this plugin from
     # the dropdown list and uploads a file.
     # @returns true if the operation was successful, false otherwise
-    def import(params={})
-
-      file_content = File.read( params[:file] )
+    def import(params = {})
+      file_content = File.read(params[:file])
 
       # Parse the uploaded file into a Ruby Hash
       logger.info { "Parsing WPScan output from #{ params[:file] }..." }
@@ -20,35 +19,34 @@ module Dradis::Plugins::Wpscan
       # format.
       if data['target_url'].nil?
         error = "ERROR: No 'target_url' field present in the provided " \
-                "JSON data. Are you sure you uploaded a WPScan JSON output file?"
+                'JSON data. Are you sure you uploaded a WPScan JSON output file?'
         logger.fatal { error }
         content_service.create_note text: error
         return false
       end
 
       # Initial data normalisation
-      data = parse_json( data )
+      data = parse_json(data)
 
       # Create a node based on the target_url
-      node = create_node( data )
+      node = create_node(data)
 
       # Parse vulnerability data and make more human readable.
       # NOTE: You need an API token for the WPVulnDB vulnerability data.
-      parse_known_vulnerabilities( data, node )
-
+      parse_known_vulnerabilities(data, node)
 
       # Add bespoke/config vulnerabilities to Dradis
       #
       # TODO: Can we add severity to issues?
       #
       # Note: No API key needed.
-      parse_config_vulnerabilities( data, node )
+      parse_config_vulnerabilities(data, node)
     end
 
-    def parse_json( data )
+    def parse_json(data)
       # Parse scan info data and make more human readable.
       data['wpscan_version']    = data.dig('banner', 'version')
-      data['start_time']        = DateTime.strptime(data['start_time'].to_s,'%s')
+      data['start_time']        = DateTime.strptime(data['start_time'].to_s, '%s')
       data['elapsed']           = "#{data["elapsed"]} seconds"
       data['wordpress_version'] = data.dig('version', 'number')   if data['version']
       data['plugins_string']    = data['plugins'].keys.join("\n") if data['plugins']
@@ -58,7 +56,7 @@ module Dradis::Plugins::Wpscan
       data
     end
 
-    def create_node( data )
+    def create_node(data)
       node = content_service.create_node(label: data['target_url'], type: :host)
 
       # Define Node properties
@@ -74,14 +72,13 @@ module Dradis::Plugins::Wpscan
       node
     end
 
-
-    def parse_known_vulnerabilities( data, node )
+    def parse_known_vulnerabilities(data, node)
       vulnerabilities = []
 
       # WordPress Vulnerabilities
-      if data['version'] && data['version']['status'] == 'insecure'
+      if data['version'] && ['insecure', 'outdated'].include?(data['version']['status'])
         data['version']['vulnerabilities'].each do |vulnerability_data|
-          vulnerabilities << parse_vulnerability( vulnerability_data )
+          vulnerabilities << parse_vulnerability(vulnerability_data)
         end
       end
 
@@ -90,7 +87,7 @@ module Dradis::Plugins::Wpscan
         data['plugins'].each do |key, plugin|
           if plugin['vulnerabilities']
             plugin['vulnerabilities'].each do |vulnerability_data|
-              vulnerabilities << parse_vulnerability( vulnerability_data )
+              vulnerabilities << parse_vulnerability(vulnerability_data)
             end
           end
         end
@@ -101,7 +98,7 @@ module Dradis::Plugins::Wpscan
         data['themes'].each do |key, theme|
           if theme['vulnerabilities']
             theme['vulnerabilities'].each do |vulnerability_data|
-              vulnerabilities << parse_vulnerability( vulnerability_data )
+              vulnerabilities << parse_vulnerability(vulnerability_data)
             end
           end
         end
@@ -121,7 +118,7 @@ module Dradis::Plugins::Wpscan
       end
     end
 
-    def parse_config_vulnerabilities( data, node )
+    def parse_config_vulnerabilities(data, node)
       vulnerabilities = []
 
       if data['config_backups']
@@ -148,7 +145,7 @@ module Dradis::Plugins::Wpscan
         data['timthumbs'].each do |url, value|
           unless value['vulnerabilities'].empty?
             vulnerability = {}
-            vulnerability['title']    = "Timthumb RCE File Found"
+            vulnerability['title']    = 'Timthumb RCE File Found'
             vulnerability['evidence'] = url
 
             vulnerabilities << vulnerability
@@ -159,7 +156,7 @@ module Dradis::Plugins::Wpscan
       if data['password_attack']
         data['password_attack'].each do |user|
           vulnerability = {}
-          vulnerability['title'] = "WordPres Weak User Password Found"
+          vulnerability['title'] = 'WordPres Weak User Password Found'
           vulnerability['evidence'] = "#{user[0]}:#{user[1]['password']}"
 
           vulnerabilities << vulnerability
@@ -180,7 +177,7 @@ module Dradis::Plugins::Wpscan
       end
     end
 
-    def parse_vulnerability( vulnerability_data )
+    def parse_vulnerability(vulnerability_data)
       wpvulndb_url = 'https://wpvulndb.com/vulnerabilities/'
 
       vulnerability = {}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dradis-wpscan
 version: !ruby/object:Gem::Version
-  version: 4.9.0
+  version: 4.10.0
 platform: ruby
 authors:
 - Christian Mehlmauer
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-05-31 00:00:00.000000000 Z
+date: 2023-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -99,8 +99,7 @@ dependencies:
         version: 0.5.2
 description: This add-on allows you to upload and parse output produced from the WPScan
   WordPress security scanner into Dradis.
-email:
-- etd@nomejortu.com
+email: 
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -139,7 +138,7 @@ files:
 - templates/vulnerability.fields
 - templates/vulnerability.sample
 - templates/vulnerability.template
-homepage: http://dradisframework.org
+homepage: https://dradis.com/integrations/wpscan.html
 licenses:
 - GPL-2
 metadata: {}