wordstress 0.15.0 → 0.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 559b014cd3100530e2a30f54da9bbebcd37530c4
-  data.tar.gz: 0398ef2797138d181fba62c84609456e5a1e4d76
+  metadata.gz: b75716cca39e58a1207a5d4901dbc878ca553fcd
+  data.tar.gz: d63b16b6134ba9640c627d45a535714f36fb968c
 SHA512:
-  metadata.gz: a1c1a877d30ef0557957ac1bc2f56bedc33653e78cb16b0c014ba667a38fb5ef3b8572cfe93e09ba06f97e0980de749270f815034d914cf159bae93371d50ab9
-  data.tar.gz: 0b9cc780b6a570919b72aa637b6f86c00c63ac6a91fc3eac59c5f547113cc7232d70e42f2d9af01aca9da9444d388989f1ee0f356f2257babf30b23ceb03eaa0
+  metadata.gz: 968b67f94189455ee2f9c88efd70153283bd3dd74a00570cf0173c06f7dc0e80e4e707e533de464a68630a11df0df375f96e1d73d5ca6dc54c2b6308b15775f4
+  data.tar.gz: 20c5b07abad346fd080ede674850d9e0d0b9a0c5680b46a1423ae24469ad148cc8100cf365a2c7c4e3d32f9ce53af1b0a169188bc3cda59eba8f666d9e9fd91f

data/README.md

@@ -27,11 +27,16 @@ During those years I was very upset as pentester with false positives about
 themes and plugins and their version. Since an authenticated check is necessary
 to match scan results with installed plugin (or theme) version, I tought it was
 a better idea to start authenticated from the beginning.
+** UPDATE ** - this can be very tricky to accomplish
 
 Of course, wordstress will perform blackbox testing, trying to guess the
 installed wordpress version and listing vulnerabilities taken from
 [wpvulndb](https://wpvulndb.com).
 
+## Online resource
+
+[Attacking Wordpress](http://hackertarget.com/attacking-wordpress/)
+
 ## Killing features
 
 * A great knowledge base powered by [wpvulndb API](https://wpvulndb.com)

data/Rakefile

@@ -1,5 +1,17 @@
 require "bundler/gem_tasks"
 
+namespace :update do
+  desc 'Update themes'
+  task :themes, :name do |t,args|
+
+  end
+
+  desc 'Update plugins'
+  task :plugins, :name do |t, args|
+
+  end
+
+end
 namespace :import do
   desc 'Import themes'
   task :themes, :name do |t,args|

data/bin/wordstress

@@ -19,12 +19,16 @@ APPNAME = File.basename($0)
 $logger  = Codesake::Commons::Logging.instance
 @output_root = File.join(Dir.home, '/wordstress')
 scanning_mode = :gentleman
+interactive = {:url=>"", :pwd=>""}
 
 opts    = GetoptLong.new(
-  [ '--gentleman','-G',   GetoptLong::NO_ARGUMENT],
-  [ '--csv',      '-C',   GetoptLong::NO_ARGUMENT],
-  [ '--version',  '-v',   GetoptLong::NO_ARGUMENT],
-  [ '--help',     '-h',   GetoptLong::NO_ARGUMENT]
+  [ '--gentleman',  '-G',   GetoptLong::NO_ARGUMENT],
+  [ '--interactive','-I',   GetoptLong::NO_ARGUMENT],
+  [ '--interactive-url', '-u', GetoptLong::REQUIRED_ARGUMENT],
+  [ '--interactive-pwd', '-p', GetoptLong::REQUIRED_ARGUMENT],
+  [ '--csv',        '-C',   GetoptLong::NO_ARGUMENT],
+  [ '--version',    '-v',   GetoptLong::NO_ARGUMENT],
+  [ '--help',       '-h',   GetoptLong::NO_ARGUMENT]
 )
 
 opts.quiet=true
@@ -32,6 +36,12 @@ opts.quiet=true
 begin
   opts.each do |opt, val|
     case opt
+    when '--interactive'
+      scanning_mode = :interactive
+    when '--interactive-url'
+      interactive[:url] = val
+    when '--interactive-pwd'
+      interactive[:pwd] = val
     when '--version'
       puts "#{Wordstress::VERSION}"
       Kernel.exit(0)
@@ -63,7 +73,7 @@ trap("INT")   { $logger.die('[INTERRUPTED]') }
 $logger.die("missing target") if target.nil?
 
 $logger.log "scanning #{target}"
-site = Wordstress::Site.new({:target=>target, :scanning_mode=>scanning_mode})
+site = Wordstress::Site.new({:target=>target, :scanning_mode=>scanning_mode, :interactive=>interactive})
 
 if site.version[:version] == "0.0.0"
   $logger.err "can't detect wordpress version running on #{target}. Giving up!"

data/lib/wordstress/site.rb

@@ -5,7 +5,7 @@ module Wordstress
 
     attr_reader :version, :scanning_mode, :wp_vuln_json, :plugins, :themes, :themes_vuln_json
 
-    def initialize(options={:target=>"http://localhost", :scanning_mode=>:gentleman})
+    def initialize(options={:target=>"http://localhost", :scanning_mode=>:gentleman, :interactive=>{}})
       begin
         @uri      = URI(options[:target])
         @raw_name = options[:target]
@@ -24,6 +24,8 @@ module Wordstress
       @wp_vuln_json = get_wp_vulnerabilities  unless @version[:version] == "0.0.0"
       @wp_vuln_json = Hash.new.to_json        if @version[:version] == "0.0.0"
 
+      @wordstress_page = post_and_get(options[:interactive][:url], options[:interactive][:pwd]) if options[:scanning_mode] == :interactive && !options[:interactive][:pwd].empty?
+      @wordstress_page = get(options[:interactive][:url]) if options[:scanning_mode] == :interactive && options[:interactive][:pwd].empty?
       @plugins      = find_plugins
       @themes       = find_themes
       # @themes_vuln_json = get_themes_vulnerabilities
@@ -99,9 +101,13 @@ module Wordstress
 
       v_rss = ""
       rss_doc = Nokogiri::HTML(@homepage.body)
-      rss = Nokogiri::HTML(get(rss_doc.css('link[type="application/rss+xml"]').first.attr('href')).body)
+      begin
+        rss = Nokogiri::HTML(get(rss_doc.css('link[type="application/rss+xml"]').first.attr('href')).body) unless l.nil?
+        v_rss= rss.css('generator').text.split('=')[1]
+      rescue => e
+        v_rss = "0.0.0"
+      end
 
-      v_rss= rss.css('generator').text.split('=')[1]
 
       return {:version => v_meta, :accuracy => 1.0} if v_meta == v_readme && v_meta == v_rss
       return {:version => v_meta, :accuracy => 0.8} if v_meta == v_readme || v_meta == v_rss
@@ -123,11 +129,13 @@ module Wordstress
     end
 
     def find_themes
-      return find_themes_gentleman if @scanning_mode == :gentleman
+      return find_themes_gentleman  if @scanning_mode == :gentleman
+      return find_themes_interactive if @scanning_mode == :interactive
       return []
     end
     def find_plugins
       return find_plugins_gentleman if @scanning_mode == :gentleman
+      return find_plugins_interactive if @scanning_mode == :interactive
 
       # bruteforce check must start with error page discovery.
       # the idea is to send 2 random plugin names (e.g. 2 sha256 of time seed)
@@ -136,14 +144,42 @@ module Wordstress
       return []
     end
 
+    def post_and_get(url, pass)
+      uri = URI(url)
+      res = Net::HTTP.post_form(uri, {'post_password' => pass, 'Submit'=>'Submit'})
+      get(url)
+      res.body
+    end
+
     private
+    def find_plugins_interactive
+      ret = []
+      doc = Nokogiri::HTML(@wordstress_page.body)
+      doc.css('#all_plugin').each do |link|
+        l=link.text.split(',')
+        ret << {:name=>l[2], :version=>l[1], :status=>l[3]}
+      end
+      $logger.debug ret
+      ret
+    end
+    def find_themes_interactive
+      ret = []
+      doc = Nokogiri::HTML(@wordstress_page.body)
+      doc.css('#all_theme').each do |link|
+        l=link.text.split(',')
+        ret << {:name=>l[2], :version=>l[1]}
+      end
+      $logger.debug ret
+      ret
+    end
+
     def find_themes_gentleman
       ret = []
       doc = Nokogiri::HTML(@homepage.body)
       doc.css('link').each do |link|
         if link.attr('href').include?("wp-content/themes")
         theme = theme_name(link.attr('href'))
-        ret << theme if ret.index(theme).nil?
+        ret << {:name=>theme, :version=>""} if ret.index(theme).nil?
         end
       end
       ret
@@ -163,7 +199,7 @@ module Wordstress
         if ! link.attr('src').nil?
           if link.attr('src').include?("wp-content/plugins")
           plugin = plugin_name(link.attr('src'))
-          ret << plugin if ret.index(plugin).nil?
+          ret << {:name=>plugin, :version=>"", :status=>"active"} if ret.index(plugin).nil?
           end
         end
       end

data/lib/wordstress/version.rb

@@ -1,3 +1,3 @@
 module Wordstress
-  VERSION = "0.15.0"
+  VERSION = "0.20.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wordstress
 version: !ruby/object:Gem::Version
-  version: 0.15.0
+  version: 0.20.0
 platform: ruby
 authors:
 - Paolo Perego
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-26 00:00:00.000000000 Z
+date: 2015-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler