dradis-wpscan 4.9.0 → 4.10.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a5eced390e441a6ec6dbe30861731ba5e2a21a669dcac452b57a23e28d5a7a93
4
- data.tar.gz: 33bf17822b379dd88ee9c3b696f80769cbf7e2c3ff4c0ea9c058d207d9733518
3
+ metadata.gz: 04053fb23a9bd7d39c7c5640b0a3d8a9bac576de9f09a4d5ac163de670975887
4
+ data.tar.gz: 4bd01d6905569d04ddf5934744af6036cbce3f55b9cdfb0656163b8fb56d828e
5
5
  SHA512:
6
- metadata.gz: a0f9cc14575819d423a9999c766566d0bacdb6876a5563b9d23a8ee93cb410e074e7b55f50d1a206b74e612c7eeada39647a4574800efbc46da7e2a23a9a9d9c
7
- data.tar.gz: 401b3e31509a3f3cf5af7ae9f7d3ef2ad6f2127408db838402b477ce00e680930f97ef455da8ac1d556a31ad78b21662293ffea4d0f6d309bef37945042625c9
6
+ metadata.gz: 8becfb81a6b67a4ccf52ac15e8a38b071416d14e4f07a3cee77893cd24a84f89badf549a0acc6f82127f28d34b44dcb1ba40659d06ba3bbd036c4d68eca6fedb
7
+ data.tar.gz: 48ee083ec5ad44ead933671b8593cd14189dbd55a750516361df2ebaa02f99ac856b783d7b668d9afcb165f4d4e48143c70650d8609560c38e8b39c1d6a620bd
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ v4.10.0 (September 2023)
2
+ - Import "version" findings with status: outdated
3
+ - Update gemspec links
4
+
1
5
  v4.9.0 (June 2023)
2
6
  - No changes
3
7
 
@@ -13,11 +13,10 @@ Gem::Specification.new do |spec|
13
13
  spec.license = 'GPL-2'
14
14
 
15
15
  spec.authors = ['Christian Mehlmauer', 'Daniel Martin', 'Erwan', 'Ryan Dewhurst']
16
- spec.email = ['etd@nomejortu.com']
17
- spec.homepage = 'http://dradisframework.org'
16
+ spec.homepage = 'https://dradis.com/integrations/wpscan.html'
18
17
 
19
18
  spec.files = `git ls-files`.split($\)
20
- spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
19
+ spec.executables = spec.files.grep(%r{^bin/}).map { |f| File.basename(f) }
21
20
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
22
21
 
23
22
  # By not including Rails as a dependency, we can use the gem with different
@@ -8,11 +8,11 @@ module Dradis
8
8
 
9
9
  module VERSION
10
10
  MAJOR = 4
11
- MINOR = 9
11
+ MINOR = 10
12
12
  TINY = 0
13
13
  PRE = nil
14
14
 
15
- STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
15
+ STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
16
16
  end
17
17
  end
18
18
  end
@@ -7,9 +7,8 @@ module Dradis::Plugins::Wpscan
7
7
  # The framework will call this function if the user selects this plugin from
8
8
  # the dropdown list and uploads a file.
9
9
  # @returns true if the operation was successful, false otherwise
10
- def import(params={})
11
-
12
- file_content = File.read( params[:file] )
10
+ def import(params = {})
11
+ file_content = File.read(params[:file])
13
12
 
14
13
  # Parse the uploaded file into a Ruby Hash
15
14
  logger.info { "Parsing WPScan output from #{ params[:file] }..." }
@@ -20,35 +19,34 @@ module Dradis::Plugins::Wpscan
20
19
  # format.
21
20
  if data['target_url'].nil?
22
21
  error = "ERROR: No 'target_url' field present in the provided " \
23
- "JSON data. Are you sure you uploaded a WPScan JSON output file?"
22
+ 'JSON data. Are you sure you uploaded a WPScan JSON output file?'
24
23
  logger.fatal { error }
25
24
  content_service.create_note text: error
26
25
  return false
27
26
  end
28
27
 
29
28
  # Initial data normalisation
30
- data = parse_json( data )
29
+ data = parse_json(data)
31
30
 
32
31
  # Create a node based on the target_url
33
- node = create_node( data )
32
+ node = create_node(data)
34
33
 
35
34
  # Parse vulnerability data and make more human readable.
36
35
  # NOTE: You need an API token for the WPVulnDB vulnerability data.
37
- parse_known_vulnerabilities( data, node )
38
-
36
+ parse_known_vulnerabilities(data, node)
39
37
 
40
38
  # Add bespoke/config vulnerabilities to Dradis
41
39
  #
42
40
  # TODO: Can we add severity to issues?
43
41
  #
44
42
  # Note: No API key needed.
45
- parse_config_vulnerabilities( data, node )
43
+ parse_config_vulnerabilities(data, node)
46
44
  end
47
45
 
48
- def parse_json( data )
46
+ def parse_json(data)
49
47
  # Parse scan info data and make more human readable.
50
48
  data['wpscan_version'] = data.dig('banner', 'version')
51
- data['start_time'] = DateTime.strptime(data['start_time'].to_s,'%s')
49
+ data['start_time'] = DateTime.strptime(data['start_time'].to_s, '%s')
52
50
  data['elapsed'] = "#{data["elapsed"]} seconds"
53
51
  data['wordpress_version'] = data.dig('version', 'number') if data['version']
54
52
  data['plugins_string'] = data['plugins'].keys.join("\n") if data['plugins']
@@ -58,7 +56,7 @@ module Dradis::Plugins::Wpscan
58
56
  data
59
57
  end
60
58
 
61
- def create_node( data )
59
+ def create_node(data)
62
60
  node = content_service.create_node(label: data['target_url'], type: :host)
63
61
 
64
62
  # Define Node properties
@@ -74,14 +72,13 @@ module Dradis::Plugins::Wpscan
74
72
  node
75
73
  end
76
74
 
77
-
78
- def parse_known_vulnerabilities( data, node )
75
+ def parse_known_vulnerabilities(data, node)
79
76
  vulnerabilities = []
80
77
 
81
78
  # WordPress Vulnerabilities
82
- if data['version'] && data['version']['status'] == 'insecure'
79
+ if data['version'] && ['insecure', 'outdated'].include?(data['version']['status'])
83
80
  data['version']['vulnerabilities'].each do |vulnerability_data|
84
- vulnerabilities << parse_vulnerability( vulnerability_data )
81
+ vulnerabilities << parse_vulnerability(vulnerability_data)
85
82
  end
86
83
  end
87
84
 
@@ -90,7 +87,7 @@ module Dradis::Plugins::Wpscan
90
87
  data['plugins'].each do |key, plugin|
91
88
  if plugin['vulnerabilities']
92
89
  plugin['vulnerabilities'].each do |vulnerability_data|
93
- vulnerabilities << parse_vulnerability( vulnerability_data )
90
+ vulnerabilities << parse_vulnerability(vulnerability_data)
94
91
  end
95
92
  end
96
93
  end
@@ -101,7 +98,7 @@ module Dradis::Plugins::Wpscan
101
98
  data['themes'].each do |key, theme|
102
99
  if theme['vulnerabilities']
103
100
  theme['vulnerabilities'].each do |vulnerability_data|
104
- vulnerabilities << parse_vulnerability( vulnerability_data )
101
+ vulnerabilities << parse_vulnerability(vulnerability_data)
105
102
  end
106
103
  end
107
104
  end
@@ -121,7 +118,7 @@ module Dradis::Plugins::Wpscan
121
118
  end
122
119
  end
123
120
 
124
- def parse_config_vulnerabilities( data, node )
121
+ def parse_config_vulnerabilities(data, node)
125
122
  vulnerabilities = []
126
123
 
127
124
  if data['config_backups']
@@ -148,7 +145,7 @@ module Dradis::Plugins::Wpscan
148
145
  data['timthumbs'].each do |url, value|
149
146
  unless value['vulnerabilities'].empty?
150
147
  vulnerability = {}
151
- vulnerability['title'] = "Timthumb RCE File Found"
148
+ vulnerability['title'] = 'Timthumb RCE File Found'
152
149
  vulnerability['evidence'] = url
153
150
 
154
151
  vulnerabilities << vulnerability
@@ -159,7 +156,7 @@ module Dradis::Plugins::Wpscan
159
156
  if data['password_attack']
160
157
  data['password_attack'].each do |user|
161
158
  vulnerability = {}
162
- vulnerability['title'] = "WordPres Weak User Password Found"
159
+ vulnerability['title'] = 'WordPres Weak User Password Found'
163
160
  vulnerability['evidence'] = "#{user[0]}:#{user[1]['password']}"
164
161
 
165
162
  vulnerabilities << vulnerability
@@ -180,7 +177,7 @@ module Dradis::Plugins::Wpscan
180
177
  end
181
178
  end
182
179
 
183
- def parse_vulnerability( vulnerability_data )
180
+ def parse_vulnerability(vulnerability_data)
184
181
  wpvulndb_url = 'https://wpvulndb.com/vulnerabilities/'
185
182
 
186
183
  vulnerability = {}
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.9.0
4
+ version: 4.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Christian Mehlmauer
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2023-05-31 00:00:00.000000000 Z
14
+ date: 2023-09-07 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: dradis-plugins
@@ -99,8 +99,7 @@ dependencies:
99
99
  version: 0.5.2
100
100
  description: This add-on allows you to upload and parse output produced from the WPScan
101
101
  WordPress security scanner into Dradis.
102
- email:
103
- - etd@nomejortu.com
102
+ email:
104
103
  executables: []
105
104
  extensions: []
106
105
  extra_rdoc_files: []
@@ -139,7 +138,7 @@ files:
139
138
  - templates/vulnerability.fields
140
139
  - templates/vulnerability.sample
141
140
  - templates/vulnerability.template
142
- homepage: http://dradisframework.org
141
+ homepage: https://dradis.com/integrations/wpscan.html
143
142
  licenses:
144
143
  - GPL-2
145
144
  metadata: {}