wordstress 0.30.0 → 0.40.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ec2d1bdf19fed96cb2415b71df03a5a6e81422bb
-  data.tar.gz: 653958b73a60f4dac746d88d7a3af073ee8eab83
+  metadata.gz: 8d1d25228ca184bd9640ee87d516d4f5ab6b4c73
+  data.tar.gz: cbeb681f9ddf891f3a67f34b03960a49c63b9e57
 SHA512:
-  metadata.gz: 94d66e0a989016ffaac389867c1f214194b713a457eabf5f7e18cea65b5a601f111714ef01b79c488387e44661563e78d583a98fa207613e69b222aae1378118
-  data.tar.gz: 68de0225374d311b219056ecc05b3c8698a29a58000c7286ab27a7e7dd91022aab7d637681a70f951db2a0a7eea2214e1be0d9cf025ee6f876b20ed469d4ee5f
+  metadata.gz: b7163eef62c310c477d7d247446ab7484ecda6e45543d3fc7d2a5c678d11e758aec38f039ebfdfe57cbfb15242522d71ea70c3687dd33da79da06bdc83522e77
+  data.tar.gz: 8dfceb6b7446fbb0282ddf24fc42ff6640df1238fb13971d65c3d7a4f855b41ca872d6a05f65e471e1953cbe687316e509bd9768ee6ea06c56643e582ec3ae66

data/bin/wordstress

@@ -2,6 +2,7 @@
 
 require 'getoptlong'
 require 'json'
+require 'fileutils'
 require 'codesake-commons'
 
 require 'wordstress'
@@ -9,26 +10,32 @@ require 'wordstress'
 # Scanning modes for plugins and themes
 #   + gentleman: wordstress will try to fetch plugins and themes only using
 #     info in the HTML page (this is very polite but also very inaccurate).
-#   + interactive: wordstress will use a target installed plugin to fetch
+#   + whitebox: wordstress will use a target installed plugin to fetch
 #     installed plugins and themes with their version
 #   + aggressive: wordstress will use enumeration to find installed plugins and
 #     themes. This will lead to false positives.
-MODES = [:gentleman,:interactive,:aggressive]
+MODES = [:gentleman,:whitebox,:aggressive]
 APPNAME = File.basename($0)
 
 $logger  = Codesake::Commons::Logging.instance
+$logger.debug = false
+# $logger.toggle_silence
 @output_root = File.join(Dir.home, '/wordstress')
-scanning_mode = :gentleman
-interactive = {:url=>"", :pwd=>""}
+
+scanning_mode = :whitebox
+whitebox = {:url=>"", :key=>""}
+basic_auth  = {:user=>"", :pwd=>""}
 
 opts    = GetoptLong.new(
-  [ '--gentleman',  '-G',   GetoptLong::NO_ARGUMENT],
-  [ '--interactive','-I',   GetoptLong::NO_ARGUMENT],
-  [ '--interactive-url', '-u', GetoptLong::REQUIRED_ARGUMENT],
-  [ '--interactive-pwd', '-p', GetoptLong::REQUIRED_ARGUMENT],
-  [ '--csv',        '-C',   GetoptLong::NO_ARGUMENT],
-  [ '--version',    '-v',   GetoptLong::NO_ARGUMENT],
-  [ '--help',       '-h',   GetoptLong::NO_ARGUMENT]
+  [ '--gentleman',          '-G',   GetoptLong::NO_ARGUMENT],
+  [ '--basic-auth',         '-B',   GetoptLong::REQUIRED_ARGUMENT],
+  [ '--whitebox' ,          '-W',   GetoptLong::NO_ARGUMENT],
+  [ '--wordstress-url',     '-u', GetoptLong::REQUIRED_ARGUMENT],
+  [ '--wordstress-api-key', '-k', GetoptLong::REQUIRED_ARGUMENT],
+  [ '--csv',                '-C',   GetoptLong::NO_ARGUMENT],
+  [ '--debug',              '-D',   GetoptLong::NO_ARGUMENT],
+  [ '--version',            '-v',   GetoptLong::NO_ARGUMENT],
+  [ '--help',               '-h',   GetoptLong::NO_ARGUMENT]
 )
 
 opts.quiet=true
@@ -36,15 +43,20 @@ opts.quiet=true
 begin
   opts.each do |opt, val|
     case opt
-    when '--interactive'
-      scanning_mode = :interactive
-    when '--interactive-url'
-      interactive[:url] = val
-    when '--interactive-pwd'
-      interactive[:pwd] = val
+    when '--basic-auth'
+      basic_auth[:user] = val.split(':')[0]
+      basic_auth[:pwd] = val.split(':')[1]
+    when '--whitebox'
+      scanning_mode = :whitebox
+    when '--wordstress-url'
+      whitebox[:url] = val
+    when '--wordstress-api-key'
+      whitebox[:key] = val
     when '--version'
       puts "#{Wordstress::VERSION}"
       Kernel.exit(0)
+    when '--debug'
+      $logger.debug = true
     when '--help'
       Kernel.exit(0)
     end
@@ -55,55 +67,68 @@ rescue GetoptLong::InvalidOption => e
   Kernel.exit(-1)
 end
 
-target=ARGV.shift
+target=ARGV.shift unless scanning_mode == :whitebox
+target=whitebox[:url] if scanning_mode == :whitebox
+
+
 $logger.helo APPNAME, Wordstress::VERSION
-$logger.toggle_syslog
-@output_dir = File.join(@output_root, Wordstress::Utils.target_to_dirname(target))
 
 unless Dir.exists?(@output_root)
-  $logger.ok "creating output dir #{@output_root}"
+  $logger.log "creating output dir #{@output_root}"
   Dir.mkdir @output_root
 end
 
-unless Dir.exists?(@output_dir)
-  $logger.ok "storing results to #{@output_dir}"
-end
+@output_dir = Wordstress::Utils.build_output_dir(@output_root, target)
+$logger.log "storing results to #{@output_dir}"
+FileUtils::mkdir_p(@output_dir)
 
 trap("INT")   { $logger.die('[INTERRUPTED]') }
 $logger.die("missing target") if target.nil?
 
 $logger.log "scanning #{target}"
-site = Wordstress::Site.new({:target=>target, :scanning_mode=>scanning_mode, :interactive=>interactive})
+site = Wordstress::Site.new({:target=>target, :scanning_mode=>scanning_mode, :whitebox=>whitebox,:basic_auth=>basic_auth, :output_dir=>@output_dir})
 
 if site.version[:version] == "0.0.0"
   $logger.err "can't detect wordpress version running on #{target}. Giving up!"
   Kernel.exit(-2)
 end
 
-$logger.ok "wordpress version #{site.version[:version]} detected"
+$logger.ok "#{target} is a wordpress version #{site.version[:version]} with #{site.themes.count} themes and #{site.plugins.count} plugins"
 $logger.warn "scan mode is set to 'gentleman'. We are using only information found on resulting HTML. This can be lead to undetected plugins or themes" if site.scanning_mode == :gentleman
+
 if site.online?
-  wp_vuln_hash = JSON.parse(site.wp_vuln_json)
-  $logger.ok "#{wp_vuln_hash["wordpress"]["vulnerabilities"].size} vulnerabilities found due wordpress version"
-  wp_vuln_hash["wordpress"]["vulnerabilities"].each do |v|
-    $logger.log "#{v["id"]} - #{v["title"]}"
+  site.wp_vuln["wordpress"]["vulnerabilities"].each do |v|
+    $logger.err "#{v["title"]}. Detected: #{site.version[:version]}. Safe: #{v["fixed_in"]}" if Gem::Version.new(site.version[:version]) <= Gem::Version.new(v["fixed_in"])
+  end
+  site.themes.each do |t|
+    v = site.get_theme_vulnerabilities(t[:name])
+    unless v["theme"].nil?
+      v["theme"]["vulnerabilities"].each do |vv|
+        if Gem::Version.new(t[:version]) <= Gem::Version.new(vv["fixed_in"])
+          $logger.err "#{vv["title"]}. Detected: #{t[:version]}. Safe: #{vv["fixed_in"]}"
+          site.theme_vulns << {:title=>vv["title"], :cve=>vv["cve"], :url=>vv["url"], :detected=>t[:version], :fixed_in=>vv["fixed_in"]}
+        end
+      end
+    end
+  end
+
+  site.plugins.each do |t|
+    v = site.get_plugin_vulnerabilities(t[:name])
+    unless v["plugin"].nil?
+      v["plugin"]["vulnerabilities"].each do |vv|
+        if Gem::Version.new(t[:version]) <= Gem::Version.new(vv["fixed_in"])
+          $logger.err "#{vv["title"]}. Detected: #{t[:version]}. Safe: #{vv["fixed_in"]}"
+          site.plugin_vulns << {:title=>vv["title"], :cve=>vv["cve"], :url=>vv["url"], :detected=>t[:version], :fixed_in=>vv["fixed_in"]}
+        end
+      end
+    end
   end
 else
+  site.online = false
   $logger.err "it seems we are offline. wordstress can't reach https://wpvulndb.com"
   $logger.err "wordpress can't enumerate vulnerabilities"
 end
-$logger.log "#{target} has #{site.themes.count} themes"
-site.themes.each do |t|
-  $logger.log "searching wpvulndb for theme #{t[:name]} vulnerabilities"
-  v = site.get_theme_vulnerabilities(t[:name])
-  $logger.debug v
-end
-
-$logger.log "#{target} has #{site.plugins.count} plugins"
-site.plugins.each do |t|
-  $logger.log "searching wpvulndb for plugin #{t[:name]} vulnerabilities"
-  v = site.get_plugin_vulnerabilities(t[:name])
-  $logger.debug v
-end
 
+site.stop_scan
+site.ascii_report
 $logger.bye

data/lib/wordstress/site.rb

@@ -1,11 +1,14 @@
 require 'net/http'
+require 'terminal-table'
 
 module Wordstress
   class Site
 
-    attr_reader :version, :scanning_mode, :wp_vuln_json, :plugins, :themes, :themes_vuln_json
+    attr_reader :version, :scanning_mode, :wp_vuln, :plugins, :themes
+    attr_accessor :theme_vulns, :plugin_vulns, :online
 
-    def initialize(options={:target=>"http://localhost", :scanning_mode=>:gentleman, :interactive=>{}})
+    def initialize(options={:target=>"http://localhost", :scanning_mode=>:gentleman, :whitebox=>{}, :basic_auth=>{:user=>"", :pwd=>""}, :output_dir=>"./"})
+      @target     = options[:target]
       begin
         @uri      = URI(options[:target])
         @raw_name = options[:target]
@@ -13,80 +16,105 @@ module Wordstress
       rescue
         @valid = false
       end
-      @scanning_mode = options[:scanning_mode]
+      @scanning_mode    = options[:scanning_mode]
+
+      @basic_auth_user  = options[:basic_auth][:user]
+      @basic_auth_pwd   = options[:basic_auth][:pwd]
+      @output_dir       = options[:output_dir]
+
+      @start_time       = Time.now
+      @end_time         = Time.now # I hate init variables to nil...
+
+      unless scanning_mode == :whitebox
+
+        @robots_txt   = get(@raw_name + "/robots.txt")
+        @readme_html  = get(@raw_name + "/readme.html")
+        @homepage     = get(@raw_name)
+        @version      = detect_version(@homepage, false)
+      else
+        @wordstress_page  = get("#{options[:whitebox][:url]}?wordstress-key=#{options[:whitebox][:key]}") if options[:scanning_mode] == :whitebox
+        @version          = detect_version(@wordstress_page, true)
+      end
 
-      @robots_txt   = get(@raw_name + "/robots.txt")
-      @readme_html  = get(@raw_name + "/readme.html")
-      @homepage     = get(@raw_name)
-      @version      = detect_version
       @online       = true
 
-      @wp_vuln_json = get_wp_vulnerabilities  unless @version[:version] == "0.0.0"
-      @wp_vuln_json = Hash.new.to_json        if @version[:version] == "0.0.0"
+      @wp_vuln = get_wp_vulnerabilities  unless @version[:version] == "0.0.0"
+      @wp_vuln = JSON.parse("{}")        if @version[:version] == "0.0.0"
 
-      @wordstress_page = post_and_get(options[:interactive][:url], options[:interactive][:pwd]) if options[:scanning_mode] == :interactive && !options[:interactive][:pwd].empty?
-      @wordstress_page = get(options[:interactive][:url]) if options[:scanning_mode] == :interactive && options[:interactive][:pwd].empty?
       @plugins      = find_plugins
       @themes       = find_themes
-      # @themes_vuln_json = get_themes_vulnerabilities
+      @theme_vulns  = []
+      @plugin_vulns = []
     end
 
-    def get_themes_vulnerabilities
-      vuln = []
-      @themes.each do |t|
-        vuln << {:theme=>t, :vulns=>get_theme_vulnerabilities(t)}
-      end
+    def stop_scan
+      @end_time = Time.now
     end
 
     def get_plugin_vulnerabilities(theme)
       begin
         json= get_https("https://wpvulndb.com/api/v1/plugins/#{theme}").body
-        return "Plugin #{theme} is not present on wpvulndb.com" if json.include?"The page you were looking for doesn't exist (404)"
-        return json
+        return JSON.parse("{\"plugin\":{\"vulnerabilities\":[]}}") if json.include?"The page you were looking for doesn't exist (404)"
+        return JSON.parse(json)
       rescue => e
         $logger.err e.message
         @online = false
-        return []
+        return JSON.parse("{}")
       end
     end
 
     def get_theme_vulnerabilities(theme)
       begin
         json=get_https("https://wpvulndb.com/api/v1/themes/#{theme}").body
-        return "Theme #{theme} is not present on wpvulndb.com" if json.include?"The page you were looking for doesn't exist (404)"
-        return json
+        return JSON.parse("{\"theme\":{\"vulnerabilities\":[]}}") if json.include?"The page you were looking for doesn't exist (404)"
+        return JSON.parse(json)
       rescue => e
         $logger.err e.message
         @online = false
-        return []
+        return JSON.parse("{}")
       end
     end
 
     def get_wp_vulnerabilities
       begin
-        return get_https("https://wpvulndb.com/api/v1/wordpresses/#{version_pad(@version[:version])}").body
+        page= get_https("https://wpvulndb.com/api/v1/wordpresses/#{version_pad(@version[:version])}")
+        return JSON.parse(page.body) unless page.class == Net::HTTPNotFound
+        return JSON.parse("{\"wordpress\":{\"vulnerabilities\":[]}}") if page.class == Net::HTTPNotFound
       rescue => e
         $logger.err e.message
         @online = false
-        return ""
+        return JSON.parse("{}")
       end
     end
 
     def version_pad(version)
-      # 3.2.1 => 321
-      # 4.0 => 400
-      return version.gsub('.', '')      if version.split('.').count == 3
-      return version.gsub('.', '')+'0'  if version.split('.').count == 2
+      return version.gsub('.', '')      #if version.split('.').count == 3
+      # return version.gsub('.', '')+'0'  if version.split('.').count == 2
+    end
+
+    def detect_version(page, whitebox=false)
+      detect_version_blackbox(page) unless whitebox
+      detect_version_whitebox(page) if whitebox
+    end
+
+    def detect_version_whitebox(page)
+      v_meta = '0.0.0'
+      doc = Nokogiri::HTML(page.body)
+      doc.css('#wp_version').each do |link|
+        v_meta = link.text
+      end
+
+      return {:version => v_meta, :accuracy => 1.0}
     end
 
-    def detect_version
+    def detect_version_blackbox(page)
 
       #
       # 1. trying to detect wordpress version from homepage body meta generator
       # tag
 
       v_meta = ""
-      doc = Nokogiri::HTML(@homepage.body)
+      doc = Nokogiri::HTML(page.body)
       doc.xpath("//meta[@name='generator']/@content").each do |attr|
         v_meta = attr.value.split(' ')[1]
       end
@@ -94,13 +122,20 @@ module Wordstress
       #
       # 2. trying to detect wordpress version from readme.html in the root
       # directory
+      #
+      # Not available if scanning 
 
-      v_readme = ""
-      doc = Nokogiri::HTML(@readme_html.body)
-      v_readme = doc.at_css('h1').children.last.text.chop.lstrip.split(' ')[1]
+      unless whitebox
+        v_readme = ""
+        doc = Nokogiri::HTML(@readme_html.body)
+        v_readme = doc.at_css('h1').children.last.text.chop.lstrip.split(' ')[1]
+      end
 
+      #
+      # 3. Detect from RSS link
+      #
       v_rss = ""
-      rss_doc = Nokogiri::HTML(@homepage.body)
+      rss_doc = Nokogiri::HTML(page.body)
       begin
         rss = Nokogiri::HTML(get(rss_doc.css('link[type="application/rss+xml"]').first.attr('href')).body) unless l.nil?
         v_rss= rss.css('generator').text.split('=')[1]
@@ -130,12 +165,12 @@ module Wordstress
 
     def find_themes
       return find_themes_gentleman  if @scanning_mode == :gentleman
-      return find_themes_interactive if @scanning_mode == :interactive
+      return find_themes_whitebox if @scanning_mode == :whitebox
       return []
     end
     def find_plugins
       return find_plugins_gentleman if @scanning_mode == :gentleman
-      return find_plugins_interactive if @scanning_mode == :interactive
+      return find_plugins_whitebox if @scanning_mode == :whitebox
 
       # bruteforce check must start with error page discovery.
       # the idea is to send 2 random plugin names (e.g. 2 sha256 of time seed)
@@ -144,11 +179,89 @@ module Wordstress
       return []
     end
 
-    def post_and_get(url, pass)
-      uri = URI(url)
-      res = Net::HTTP.post_form(uri, {'post_password' => pass, 'Submit'=>'Submit'})
-      get(url)
-      res.body
+    def ascii_report
+      # 0_Executive summary
+      rows = []
+      rows << ['Wordstress version', Wordstress::VERSION]
+      rows << ['Scan started',@start_time]
+      rows << ['Scan duration', "#{(@end_time - @start_time).round(3)} sec"]
+      rows << ['Target', @target]
+      rows << ['Wordpress version', version[:version]]
+      unless @online
+        rows << ['Scan status', 'During scan wordstress went offline. Results are incomplete / unreliable. Please make sure you are connected to the Internet']
+      else
+        rows << ['Scan status', 'Scan completed successfully']
+      end
+      table = Terminal::Table.new :title=>'Scan summary', :rows => rows
+      puts table
+
+      return table unless @online
+      # 1_vulnerability summary
+      rows = []
+      rows << ['Wordpress version', @wp_vuln["wordpress"]["vulnerabilities"].count]
+      rows << ['Plugins installed', @plugin_vulns.count]
+      rows << ['Themes installed', @theme_vulns.count]
+
+      table = Terminal::Table.new :title=>'Vulnerabilities found', :rows => rows
+      puts table
+
+      # 2_vulnerabilities detail
+
+      if @wp_vuln["wordpress"]["vulnerabilities"].count != 0
+
+        rows = []
+        @wp_vuln["wordpress"]["vulnerabilities"].each do |v|
+          rows << [v[:title], v[:cve], v[:url], v[:fixed_in]]
+          rows << :separator
+        end
+        table = Terminal::Table.new :title=>"Vulnerabilities in Wordpress version #{version[:version]}", :headings=>['Issue', 'CVE', 'Url', 'Fixed in version'], :rows=>rows
+        puts table
+      end
+
+      if @plugin_vulns.count != 0
+        rows = []
+        @plugin_vulns.each do |v|
+          rows << [v[:title], v[:cve], v[:detected], v[:fixed_in]]
+          rows << :separator
+        end
+        table = Terminal::Table.new :title=>"Vulnerabilities in installed plugins", :headings=>['Issue', 'CVE', 'Detected version', 'Fixed version'], :rows=>rows
+        puts table
+      end
+
+      if @theme_vulns.count != 0
+
+        rows = []
+        @theme_vulns.each do |v|
+          rows << [v[:title], v[:cve], v[:detected], v[:fixed_in]]
+          rows << :separator
+        end
+        table = Terminal::Table.new :title=>"Vulnerabilities in installed themes", :headings=>['Issue', 'CVE', 'Detected version', 'Fixed in version'], :rows=>rows
+        puts table
+      end
+
+
+
+
+
+      # File.open(File.join(@output_dir, "report.txt"), 'w') do |file|
+
+      # file.puts("target: #{@target}")
+      # file.puts("wordpress version: #{version[:version]}")
+      # file.puts("themes found: #{@themes.count}")
+        # file.puts("plugins found: #{@plugins.count}")
+        # file.puts("Vulnerabilities in wordpress")
+        # @wp_vuln["wordpress"]["vulnerabilities"].each do |v|
+          # file.puts "#{v[:title]} - fixed in #{v[:fixed_in]}"
+        # end
+        # file.puts("Vulnerabilities in themes")
+        # @theme_vulns.each do |v|
+          # file.puts "#{v[:title]} - fixed in #{v[:fixed_in]}"
+        # end
+        # file.puts("Vulnerabilities in plugins")
+        # @plugins_vulns.each do |v|
+          # file.puts "#{v[:title]} - fixed in #{v[:fixed_in]}"
+        # end
+      # end
     end
 
     private
@@ -158,24 +271,22 @@ module Wordstress
       return (!a.nil?)
     end
 
-    def find_plugins_interactive
+    def find_plugins_whitebox
       ret = []
       doc = Nokogiri::HTML(@wordstress_page.body)
       doc.css('#all_plugin').each do |link|
         l=link.text.split(',')
-        ret << {:name=>l[2], :version=>l[1], :status=>l[3]} unless is_already_detected?(ret, l[2])
+        ret << {:name=>l[2].split('/')[0], :version=>l[1], :status=>l[3]} unless is_already_detected?(ret, l[2])
       end
-      $logger.debug ret
       ret
     end
-    def find_themes_interactive
+    def find_themes_whitebox
       ret = []
       doc = Nokogiri::HTML(@wordstress_page.body)
       doc.css('#all_theme').each do |link|
         l=link.text.split(',')
-        ret << {:name=>l[2], :version=>l[1]} unless is_already_detected?(ret, l[2])
+        ret << {:name=>l[2], :version=>l[1], :status=>l[3]} unless is_already_detected?(ret, l[2])
       end
-      $logger.debug ret
       ret
     end
 
@@ -220,19 +331,34 @@ module Wordstress
       ret
     end
 
-    def get_http(page)
-      uri = URI.parse(page)
-      http = Net::HTTP.new(uri.host, uri.port)
-      request = Net::HTTP::Get.new(uri.request_uri)
-      return http.request(request)
+    def get_http(page, use_ssl=false)
+      uri = URI(page)
+      req = Net::HTTP::Get.new(uri)
+      req.basic_auth @basic_auth_user, @basic_auth_pwd unless @basic_auth_user == ""
+
+
+      http = Net::HTTP.new(uri.hostname, uri.port)
+      http.use_ssl = use_ssl
+
+      res = http.start {|h|
+        h.request(req)
+      }
+      case res
+      when Net::HTTPSuccess then
+        return res
+      when Net::HTTPRedirection then
+        location = res['location']
+        $logger.debug "redirected to #{location}"
+        get_http(location)
+      when Net::HTTPNotFound
+        return res
+      else
+        return res.value
+      end
     end
-    def get_https(page)
-      uri = URI.parse(page)
-      http = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl = true
-      request = Net::HTTP::Get.new(uri.request_uri)
-      return http.request(request)
 
+    def get_https(page)
+      get_http(page, true)
     end
   end
 end

data/lib/wordstress/utils.rb

@@ -3,7 +3,29 @@ module Wordstress
 
     # Transform a given URL into a directory name to be used to store data
     def self.target_to_dirname(target)
-      target.split("://")[1].gsub('.','_').gsub('/', '')
+      uri = URI.parse(target)
+      path = uri.request_uri.split('/')
+      blog_path = ""
+      blog_path = "_#{path[1]}" if path.count >= 2
+      return "#{uri.host}_#{uri.port}#{blog_path}"
+    end
+
+    def self.build_output_dir(root, target)
+      attempt=0
+      today=Time.now.strftime("%Y%m%d")
+
+      while 1 do
+
+        proposed = File.join(root, Wordstress::Utils.target_to_dirname(target), today)
+        if attempt != 0
+          proposed += "_#{attempt}"
+        end
+
+        return proposed unless Dir.exists?(proposed)
+        attempt +=1 if Dir.exists?(proposed)
+      end
+
+
     end
 
   end

data/lib/wordstress/version.rb

@@ -1,3 +1,3 @@
 module Wordstress
-  VERSION = "0.30.0"
+  VERSION = "0.40.0"
 end

data/wordstress.gemspec

@@ -7,10 +7,10 @@ Gem::Specification.new do |spec|
   spec.name          = "wordstress"
   spec.version       = Wordstress::VERSION
   spec.authors       = ["Paolo Perego"]
-  spec.email         = ["thesp0nge@gmail.com"]
+  spec.email         = ["paolo@wordstress.org"]
   spec.summary       = %q{wordstress is a security scanner for wordpress powered websites}
   spec.description   = %q{wordstress is a security scanner for wordpress powered websites}
-  spec.homepage      = "https://github.com/thesp0nge/wordstress"
+  spec.homepage      = "http://wordstress.org"
   spec.license       = "MIT"
 
   spec.files         = `git ls-files -z`.split("\x0")
@@ -24,5 +24,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'codesake-commons'
   spec.add_dependency 'json'
   spec.add_dependency 'ciphersurfer'
+  spec.add_dependency 'terminal-table'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wordstress
 version: !ruby/object:Gem::Version
-  version: 0.30.0
+  version: 0.40.0
 platform: ruby
 authors:
 - Paolo Perego
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-19 00:00:00.000000000 Z
+date: 2015-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -80,9 +80,23 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: wordstress is a security scanner for wordpress powered websites
 email:
-- thesp0nge@gmail.com
+- paolo@wordstress.org
 executables:
 - wordstress
 extensions: []
@@ -101,7 +115,7 @@ files:
 - lib/wordstress/utils.rb
 - lib/wordstress/version.rb
 - wordstress.gemspec
-homepage: https://github.com/thesp0nge/wordstress
+homepage: http://wordstress.org
 licenses:
 - MIT
 metadata: {}