RubyGems - dradis-wpscan - Versions diffs - 4.9.0 → 4.10.0 - Mend

dradis-wpscan 4.9.0 → 4.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/dradis-wpscan.gemspec +2 -3
data/lib/dradis/plugins/wpscan/gem_version.rb +2 -2
data/lib/dradis/plugins/wpscan/importer.rb +19 -22
metadata +4 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5eced390e441a6ec6dbe30861731ba5e2a21a669dcac452b57a23e28d5a7a93
-  data.tar.gz: 33bf17822b379dd88ee9c3b696f80769cbf7e2c3ff4c0ea9c058d207d9733518
+  metadata.gz: 04053fb23a9bd7d39c7c5640b0a3d8a9bac576de9f09a4d5ac163de670975887
+  data.tar.gz: 4bd01d6905569d04ddf5934744af6036cbce3f55b9cdfb0656163b8fb56d828e
 SHA512:
-  metadata.gz: a0f9cc14575819d423a9999c766566d0bacdb6876a5563b9d23a8ee93cb410e074e7b55f50d1a206b74e612c7eeada39647a4574800efbc46da7e2a23a9a9d9c
-  data.tar.gz: 401b3e31509a3f3cf5af7ae9f7d3ef2ad6f2127408db838402b477ce00e680930f97ef455da8ac1d556a31ad78b21662293ffea4d0f6d309bef37945042625c9
+  metadata.gz: 8becfb81a6b67a4ccf52ac15e8a38b071416d14e4f07a3cee77893cd24a84f89badf549a0acc6f82127f28d34b44dcb1ba40659d06ba3bbd036c4d68eca6fedb
+  data.tar.gz: 48ee083ec5ad44ead933671b8593cd14189dbd55a750516361df2ebaa02f99ac856b783d7b668d9afcb165f4d4e48143c70650d8609560c38e8b39c1d6a620bd

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+v4.10.0 (September 2023)
+  - Import "version" findings with status: outdated
+  - Update gemspec links
 v4.9.0 (June 2023)
   - No changes

data/dradis-wpscan.gemspec CHANGED Viewed

@@ -13,11 +13,10 @@ Gem::Specification.new do |spec|
   spec.license     = 'GPL-2'
   spec.authors     = ['Christian Mehlmauer', 'Daniel Martin', 'Erwan', 'Ryan Dewhurst']
-  spec.email       = ['etd@nomejortu.com']
-  spec.homepage    = 'http://dradisframework.org'
+  spec.homepage    = 'https://dradis.com/integrations/wpscan.html'
   spec.files       = `git ls-files`.split($\)
-  spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.executables = spec.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   spec.test_files  = spec.files.grep(%r{^(test|spec|features)/})
   # By not including Rails as a dependency, we can use the gem with different

data/lib/dradis/plugins/wpscan/gem_version.rb CHANGED Viewed

@@ -8,11 +8,11 @@ module Dradis
       module VERSION
         MAJOR = 4
-        MINOR = 9
+        MINOR = 10
         TINY = 0
         PRE = nil
-        STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+        STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
       end
     end
   end

data/lib/dradis/plugins/wpscan/importer.rb CHANGED Viewed

@@ -7,9 +7,8 @@ module Dradis::Plugins::Wpscan
     # The framework will call this function if the user selects this plugin from
     # the dropdown list and uploads a file.
     # @returns true if the operation was successful, false otherwise
-    def import(params={})
-      file_content = File.read( params[:file] )
+    def import(params = {})
+      file_content = File.read(params[:file])
       # Parse the uploaded file into a Ruby Hash
       logger.info { "Parsing WPScan output from #{ params[:file] }..." }
@@ -20,35 +19,34 @@ module Dradis::Plugins::Wpscan
       # format.
       if data['target_url'].nil?
         error = "ERROR: No 'target_url' field present in the provided " \
-                "JSON data. Are you sure you uploaded a WPScan JSON output file?"
+                'JSON data. Are you sure you uploaded a WPScan JSON output file?'
         logger.fatal { error }
         content_service.create_note text: error
         return false
       end
       # Initial data normalisation
-      data = parse_json( data )
+      data = parse_json(data)
       # Create a node based on the target_url
-      node = create_node( data )
+      node = create_node(data)
       # Parse vulnerability data and make more human readable.
       # NOTE: You need an API token for the WPVulnDB vulnerability data.
-      parse_known_vulnerabilities( data, node )
+      parse_known_vulnerabilities(data, node)
       # Add bespoke/config vulnerabilities to Dradis
       #
       # TODO: Can we add severity to issues?
       #
       # Note: No API key needed.
-      parse_config_vulnerabilities( data, node )
+      parse_config_vulnerabilities(data, node)
     end
-    def parse_json( data )
+    def parse_json(data)
       # Parse scan info data and make more human readable.
       data['wpscan_version']    = data.dig('banner', 'version')
-      data['start_time']        = DateTime.strptime(data['start_time'].to_s,'%s')
+      data['start_time']        = DateTime.strptime(data['start_time'].to_s, '%s')
       data['elapsed']           = "#{data["elapsed"]} seconds"
       data['wordpress_version'] = data.dig('version', 'number')   if data['version']
       data['plugins_string']    = data['plugins'].keys.join("\n") if data['plugins']
@@ -58,7 +56,7 @@ module Dradis::Plugins::Wpscan
       data
     end
-    def create_node( data )
+    def create_node(data)
       node = content_service.create_node(label: data['target_url'], type: :host)
       # Define Node properties
@@ -74,14 +72,13 @@ module Dradis::Plugins::Wpscan
       node
     end
-    def parse_known_vulnerabilities( data, node )
+    def parse_known_vulnerabilities(data, node)
       vulnerabilities = []
       # WordPress Vulnerabilities
-      if data['version'] && data['version']['status'] == 'insecure'
+      if data['version'] && ['insecure', 'outdated'].include?(data['version']['status'])
         data['version']['vulnerabilities'].each do |vulnerability_data|
-          vulnerabilities << parse_vulnerability( vulnerability_data )
+          vulnerabilities << parse_vulnerability(vulnerability_data)
         end
       end
@@ -90,7 +87,7 @@ module Dradis::Plugins::Wpscan
         data['plugins'].each do |key, plugin|
           if plugin['vulnerabilities']
             plugin['vulnerabilities'].each do |vulnerability_data|
-              vulnerabilities << parse_vulnerability( vulnerability_data )
+              vulnerabilities << parse_vulnerability(vulnerability_data)
             end
           end
         end
@@ -101,7 +98,7 @@ module Dradis::Plugins::Wpscan
         data['themes'].each do |key, theme|
           if theme['vulnerabilities']
             theme['vulnerabilities'].each do |vulnerability_data|
-              vulnerabilities << parse_vulnerability( vulnerability_data )
+              vulnerabilities << parse_vulnerability(vulnerability_data)
             end
           end
         end
@@ -121,7 +118,7 @@ module Dradis::Plugins::Wpscan
       end
     end
-    def parse_config_vulnerabilities( data, node )
+    def parse_config_vulnerabilities(data, node)
       vulnerabilities = []
       if data['config_backups']
@@ -148,7 +145,7 @@ module Dradis::Plugins::Wpscan
         data['timthumbs'].each do |url, value|
           unless value['vulnerabilities'].empty?
             vulnerability = {}
-            vulnerability['title']    = "Timthumb RCE File Found"
+            vulnerability['title']    = 'Timthumb RCE File Found'
             vulnerability['evidence'] = url
             vulnerabilities << vulnerability
@@ -159,7 +156,7 @@ module Dradis::Plugins::Wpscan
       if data['password_attack']
         data['password_attack'].each do |user|
           vulnerability = {}
-          vulnerability['title'] = "WordPres Weak User Password Found"
+          vulnerability['title'] = 'WordPres Weak User Password Found'
           vulnerability['evidence'] = "#{user[0]}:#{user[1]['password']}"
           vulnerabilities << vulnerability
@@ -180,7 +177,7 @@ module Dradis::Plugins::Wpscan
       end
     end
-    def parse_vulnerability( vulnerability_data )
+    def parse_vulnerability(vulnerability_data)
       wpvulndb_url = 'https://wpvulndb.com/vulnerabilities/'
       vulnerability = {}

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dradis-wpscan
 version: !ruby/object:Gem::Version
-  version: 4.9.0
+  version: 4.10.0
 platform: ruby
 authors:
 - Christian Mehlmauer
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-31 00:00:00.000000000 Z
+date: 2023-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dradis-plugins
@@ -99,8 +99,7 @@ dependencies:
         version: 0.5.2
 description: This add-on allows you to upload and parse output produced from the WPScan
   WordPress security scanner into Dradis.
-email:
-- etd@nomejortu.com
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -139,7 +138,7 @@ files:
 - templates/vulnerability.fields
 - templates/vulnerability.sample
 - templates/vulnerability.template
-homepage: http://dradisframework.org
+homepage: https://dradis.com/integrations/wpscan.html
 licenses:
 - GPL-2
 metadata: {}