RubyGems - wordstress - Versions diffs - 0.30.0 → 0.40.0 - Mend

wordstress 0.30.0 → 0.40.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ec2d1bdf19fed96cb2415b71df03a5a6e81422bb
-  data.tar.gz: 653958b73a60f4dac746d88d7a3af073ee8eab83
+  metadata.gz: 8d1d25228ca184bd9640ee87d516d4f5ab6b4c73
+  data.tar.gz: cbeb681f9ddf891f3a67f34b03960a49c63b9e57
 SHA512:
-  metadata.gz: 94d66e0a989016ffaac389867c1f214194b713a457eabf5f7e18cea65b5a601f111714ef01b79c488387e44661563e78d583a98fa207613e69b222aae1378118
-  data.tar.gz: 68de0225374d311b219056ecc05b3c8698a29a58000c7286ab27a7e7dd91022aab7d637681a70f951db2a0a7eea2214e1be0d9cf025ee6f876b20ed469d4ee5f
+  metadata.gz: b7163eef62c310c477d7d247446ab7484ecda6e45543d3fc7d2a5c678d11e758aec38f039ebfdfe57cbfb15242522d71ea70c3687dd33da79da06bdc83522e77
+  data.tar.gz: 8dfceb6b7446fbb0282ddf24fc42ff6640df1238fb13971d65c3d7a4f855b41ca872d6a05f65e471e1953cbe687316e509bd9768ee6ea06c56643e582ec3ae66

data/bin/wordstress CHANGED Viewed

@@ -2,6 +2,7 @@
 require 'getoptlong'
 require 'json'
+require 'fileutils'
 require 'codesake-commons'
 require 'wordstress'
@@ -9,26 +10,32 @@ require 'wordstress'
 # Scanning modes for plugins and themes
 #   + gentleman: wordstress will try to fetch plugins and themes only using
 #     info in the HTML page (this is very polite but also very inaccurate).
-#   + interactive: wordstress will use a target installed plugin to fetch
+#   + whitebox: wordstress will use a target installed plugin to fetch
 #     installed plugins and themes with their version
 #   + aggressive: wordstress will use enumeration to find installed plugins and
 #     themes. This will lead to false positives.
-MODES = [:gentleman,:interactive,:aggressive]
+MODES = [:gentleman,:whitebox,:aggressive]
 APPNAME = File.basename($0)
 $logger  = Codesake::Commons::Logging.instance
+$logger.debug = false
+# $logger.toggle_silence
 @output_root = File.join(Dir.home, '/wordstress')
-scanning_mode = :gentleman
-interactive = {:url=>"", :pwd=>""}
+scanning_mode = :whitebox
+whitebox = {:url=>"", :key=>""}
+basic_auth  = {:user=>"", :pwd=>""}
 opts    = GetoptLong.new(
-  [ '--gentleman',  '-G',   GetoptLong::NO_ARGUMENT],
-  [ '--interactive','-I',   GetoptLong::NO_ARGUMENT],
-  [ '--interactive-url', '-u', GetoptLong::REQUIRED_ARGUMENT],
-  [ '--interactive-pwd', '-p', GetoptLong::REQUIRED_ARGUMENT],
-  [ '--csv',        '-C',   GetoptLong::NO_ARGUMENT],
-  [ '--version',    '-v',   GetoptLong::NO_ARGUMENT],
-  [ '--help',       '-h',   GetoptLong::NO_ARGUMENT]
+  [ '--gentleman',          '-G',   GetoptLong::NO_ARGUMENT],
+  [ '--basic-auth',         '-B',   GetoptLong::REQUIRED_ARGUMENT],
+  [ '--whitebox' ,          '-W',   GetoptLong::NO_ARGUMENT],
+  [ '--wordstress-url',     '-u', GetoptLong::REQUIRED_ARGUMENT],
+  [ '--wordstress-api-key', '-k', GetoptLong::REQUIRED_ARGUMENT],
+  [ '--csv',                '-C',   GetoptLong::NO_ARGUMENT],
+  [ '--debug',              '-D',   GetoptLong::NO_ARGUMENT],
+  [ '--version',            '-v',   GetoptLong::NO_ARGUMENT],
+  [ '--help',               '-h',   GetoptLong::NO_ARGUMENT]
 )
 opts.quiet=true
@@ -36,15 +43,20 @@ opts.quiet=true
 begin
   opts.each do |opt, val|
     case opt
-    when '--interactive'
-      scanning_mode = :interactive
-    when '--interactive-url'
-      interactive[:url] = val
-    when '--interactive-pwd'
-      interactive[:pwd] = val
+    when '--basic-auth'
+      basic_auth[:user] = val.split(':')[0]
+      basic_auth[:pwd] = val.split(':')[1]
+    when '--whitebox'
+      scanning_mode = :whitebox
+    when '--wordstress-url'
+      whitebox[:url] = val
+    when '--wordstress-api-key'
+      whitebox[:key] = val
     when '--version'
       puts "#{Wordstress::VERSION}"
       Kernel.exit(0)
+    when '--debug'
+      $logger.debug = true
     when '--help'
       Kernel.exit(0)
     end
@@ -55,55 +67,68 @@ rescue GetoptLong::InvalidOption => e
   Kernel.exit(-1)
 end
-target=ARGV.shift
+target=ARGV.shift unless scanning_mode == :whitebox
+target=whitebox[:url] if scanning_mode == :whitebox
 $logger.helo APPNAME, Wordstress::VERSION
-$logger.toggle_syslog
-@output_dir = File.join(@output_root, Wordstress::Utils.target_to_dirname(target))
 unless Dir.exists?(@output_root)
-  $logger.ok "creating output dir #{@output_root}"
+  $logger.log "creating output dir #{@output_root}"
   Dir.mkdir @output_root
 end
-unless Dir.exists?(@output_dir)
-  $logger.ok "storing results to #{@output_dir}"
-end
+@output_dir = Wordstress::Utils.build_output_dir(@output_root, target)
+$logger.log "storing results to #{@output_dir}"
+FileUtils::mkdir_p(@output_dir)
 trap("INT")   { $logger.die('[INTERRUPTED]') }
 $logger.die("missing target") if target.nil?
 $logger.log "scanning #{target}"
-site = Wordstress::Site.new({:target=>target, :scanning_mode=>scanning_mode, :interactive=>interactive})
+site = Wordstress::Site.new({:target=>target, :scanning_mode=>scanning_mode, :whitebox=>whitebox,:basic_auth=>basic_auth, :output_dir=>@output_dir})
 if site.version[:version] == "0.0.0"
   $logger.err "can't detect wordpress version running on #{target}. Giving up!"
   Kernel.exit(-2)
 end
-$logger.ok "wordpress version #{site.version[:version]} detected"
+$logger.ok "#{target} is a wordpress version #{site.version[:version]} with #{site.themes.count} themes and #{site.plugins.count} plugins"
 $logger.warn "scan mode is set to 'gentleman'. We are using only information found on resulting HTML. This can be lead to undetected plugins or themes" if site.scanning_mode == :gentleman
 if site.online?
-  wp_vuln_hash = JSON.parse(site.wp_vuln_json)
-  $logger.ok "#{wp_vuln_hash["wordpress"]["vulnerabilities"].size} vulnerabilities found due wordpress version"
-  wp_vuln_hash["wordpress"]["vulnerabilities"].each do |v|
-    $logger.log "#{v["id"]} - #{v["title"]}"
+  site.wp_vuln["wordpress"]["vulnerabilities"].each do |v|
+    $logger.err "#{v["title"]}. Detected: #{site.version[:version]}. Safe: #{v["fixed_in"]}" if Gem::Version.new(site.version[:version]) <= Gem::Version.new(v["fixed_in"])
+  end
+  site.themes.each do |t|
+    v = site.get_theme_vulnerabilities(t[:name])
+    unless v["theme"].nil?
+      v["theme"]["vulnerabilities"].each do |vv|
+        if Gem::Version.new(t[:version]) <= Gem::Version.new(vv["fixed_in"])
+          $logger.err "#{vv["title"]}. Detected: #{t[:version]}. Safe: #{vv["fixed_in"]}"
+          site.theme_vulns << {:title=>vv["title"], :cve=>vv["cve"], :url=>vv["url"], :detected=>t[:version], :fixed_in=>vv["fixed_in"]}
+        end
+      end
+    end
+  end
+  site.plugins.each do |t|
+    v = site.get_plugin_vulnerabilities(t[:name])
+    unless v["plugin"].nil?
+      v["plugin"]["vulnerabilities"].each do |vv|
+        if Gem::Version.new(t[:version]) <= Gem::Version.new(vv["fixed_in"])
+          $logger.err "#{vv["title"]}. Detected: #{t[:version]}. Safe: #{vv["fixed_in"]}"
+          site.plugin_vulns << {:title=>vv["title"], :cve=>vv["cve"], :url=>vv["url"], :detected=>t[:version], :fixed_in=>vv["fixed_in"]}
+        end
+      end
+    end
   end
 else
+  site.online = false
   $logger.err "it seems we are offline. wordstress can't reach https://wpvulndb.com"
   $logger.err "wordpress can't enumerate vulnerabilities"
 end
-$logger.log "#{target} has #{site.themes.count} themes"
-site.themes.each do |t|
-  $logger.log "searching wpvulndb for theme #{t[:name]} vulnerabilities"
-  v = site.get_theme_vulnerabilities(t[:name])
-  $logger.debug v
-end
-$logger.log "#{target} has #{site.plugins.count} plugins"
-site.plugins.each do |t|
-  $logger.log "searching wpvulndb for plugin #{t[:name]} vulnerabilities"
-  v = site.get_plugin_vulnerabilities(t[:name])
-  $logger.debug v
-end
+site.stop_scan
+site.ascii_report
 $logger.bye

data/lib/wordstress/site.rb CHANGED Viewed

@@ -1,11 +1,14 @@
 require 'net/http'
+require 'terminal-table'
 module Wordstress
   class Site
-    attr_reader :version, :scanning_mode, :wp_vuln_json, :plugins, :themes, :themes_vuln_json
+    attr_reader :version, :scanning_mode, :wp_vuln, :plugins, :themes
+    attr_accessor :theme_vulns, :plugin_vulns, :online
-    def initialize(options={:target=>"http://localhost", :scanning_mode=>:gentleman, :interactive=>{}})
+    def initialize(options={:target=>"http://localhost", :scanning_mode=>:gentleman, :whitebox=>{}, :basic_auth=>{:user=>"", :pwd=>""}, :output_dir=>"./"})
+      @target     = options[:target]
       begin
         @uri      = URI(options[:target])
         @raw_name = options[:target]
@@ -13,80 +16,105 @@ module Wordstress
       rescue
         @valid = false
       end
-      @scanning_mode = options[:scanning_mode]
+      @scanning_mode    = options[:scanning_mode]
+      @basic_auth_user  = options[:basic_auth][:user]
+      @basic_auth_pwd   = options[:basic_auth][:pwd]
+      @output_dir       = options[:output_dir]
+      @start_time       = Time.now
+      @end_time         = Time.now # I hate init variables to nil...
+      unless scanning_mode == :whitebox
+        @robots_txt   = get(@raw_name + "/robots.txt")
+        @readme_html  = get(@raw_name + "/readme.html")
+        @homepage     = get(@raw_name)
+        @version      = detect_version(@homepage, false)
+      else
+        @wordstress_page  = get("#{options[:whitebox][:url]}?wordstress-key=#{options[:whitebox][:key]}") if options[:scanning_mode] == :whitebox
+        @version          = detect_version(@wordstress_page, true)
+      end
-      @robots_txt   = get(@raw_name + "/robots.txt")
-      @readme_html  = get(@raw_name + "/readme.html")
-      @homepage     = get(@raw_name)
-      @version      = detect_version
       @online       = true
-      @wp_vuln_json = get_wp_vulnerabilities  unless @version[:version] == "0.0.0"
-      @wp_vuln_json = Hash.new.to_json        if @version[:version] == "0.0.0"
+      @wp_vuln = get_wp_vulnerabilities  unless @version[:version] == "0.0.0"
+      @wp_vuln = JSON.parse("{}")        if @version[:version] == "0.0.0"
-      @wordstress_page = post_and_get(options[:interactive][:url], options[:interactive][:pwd]) if options[:scanning_mode] == :interactive && !options[:interactive][:pwd].empty?
-      @wordstress_page = get(options[:interactive][:url]) if options[:scanning_mode] == :interactive && options[:interactive][:pwd].empty?
       @plugins      = find_plugins
       @themes       = find_themes
-      # @themes_vuln_json = get_themes_vulnerabilities
+      @theme_vulns  = []
+      @plugin_vulns = []
     end
-    def get_themes_vulnerabilities
-      vuln = []
-      @themes.each do |t|
-        vuln << {:theme=>t, :vulns=>get_theme_vulnerabilities(t)}
-      end
+    def stop_scan
+      @end_time = Time.now
     end
     def get_plugin_vulnerabilities(theme)
       begin
         json= get_https("https://wpvulndb.com/api/v1/plugins/#{theme}").body
-        return "Plugin #{theme} is not present on wpvulndb.com" if json.include?"The page you were looking for doesn't exist (404)"
-        return json
+        return JSON.parse("{\"plugin\":{\"vulnerabilities\":[]}}") if json.include?"The page you were looking for doesn't exist (404)"
+        return JSON.parse(json)
       rescue => e
         $logger.err e.message
         @online = false
-        return []
+        return JSON.parse("{}")
       end
     end
     def get_theme_vulnerabilities(theme)
       begin
         json=get_https("https://wpvulndb.com/api/v1/themes/#{theme}").body
-        return "Theme #{theme} is not present on wpvulndb.com" if json.include?"The page you were looking for doesn't exist (404)"
-        return json
+        return JSON.parse("{\"theme\":{\"vulnerabilities\":[]}}") if json.include?"The page you were looking for doesn't exist (404)"
+        return JSON.parse(json)
       rescue => e
         $logger.err e.message
         @online = false
-        return []
+        return JSON.parse("{}")
       end
     end
     def get_wp_vulnerabilities
       begin
-        return get_https("https://wpvulndb.com/api/v1/wordpresses/#{version_pad(@version[:version])}").body
+        page= get_https("https://wpvulndb.com/api/v1/wordpresses/#{version_pad(@version[:version])}")
+        return JSON.parse(page.body) unless page.class == Net::HTTPNotFound
+        return JSON.parse("{\"wordpress\":{\"vulnerabilities\":[]}}") if page.class == Net::HTTPNotFound
       rescue => e
         $logger.err e.message
         @online = false
-        return ""
+        return JSON.parse("{}")
       end
     end
     def version_pad(version)
-      # 3.2.1 => 321
-      # 4.0 => 400
-      return version.gsub('.', '')      if version.split('.').count == 3
-      return version.gsub('.', '')+'0'  if version.split('.').count == 2
+      return version.gsub('.', '')      #if version.split('.').count == 3
+      # return version.gsub('.', '')+'0'  if version.split('.').count == 2
+    end
+    def detect_version(page, whitebox=false)
+      detect_version_blackbox(page) unless whitebox
+      detect_version_whitebox(page) if whitebox
+    end
+    def detect_version_whitebox(page)
+      v_meta = '0.0.0'
+      doc = Nokogiri::HTML(page.body)
+      doc.css('#wp_version').each do |link|
+        v_meta = link.text
+      end
+      return {:version => v_meta, :accuracy => 1.0}
     end
-    def detect_version
+    def detect_version_blackbox(page)
       #
       # 1. trying to detect wordpress version from homepage body meta generator
       # tag
       v_meta = ""
-      doc = Nokogiri::HTML(@homepage.body)
+      doc = Nokogiri::HTML(page.body)
       doc.xpath("//meta[@name='generator']/@content").each do |attr|
         v_meta = attr.value.split(' ')[1]
       end
@@ -94,13 +122,20 @@ module Wordstress
       #
       # 2. trying to detect wordpress version from readme.html in the root
       # directory
+      #
+      # Not available if scanning
-      v_readme = ""
-      doc = Nokogiri::HTML(@readme_html.body)
-      v_readme = doc.at_css('h1').children.last.text.chop.lstrip.split(' ')[1]
+      unless whitebox
+        v_readme = ""
+        doc = Nokogiri::HTML(@readme_html.body)
+        v_readme = doc.at_css('h1').children.last.text.chop.lstrip.split(' ')[1]
+      end
+      #
+      # 3. Detect from RSS link
+      #
       v_rss = ""
-      rss_doc = Nokogiri::HTML(@homepage.body)
+      rss_doc = Nokogiri::HTML(page.body)
       begin
         rss = Nokogiri::HTML(get(rss_doc.css('link[type="application/rss+xml"]').first.attr('href')).body) unless l.nil?
         v_rss= rss.css('generator').text.split('=')[1]
@@ -130,12 +165,12 @@ module Wordstress
     def find_themes
       return find_themes_gentleman  if @scanning_mode == :gentleman
-      return find_themes_interactive if @scanning_mode == :interactive
+      return find_themes_whitebox if @scanning_mode == :whitebox
       return []
     end
     def find_plugins
       return find_plugins_gentleman if @scanning_mode == :gentleman
-      return find_plugins_interactive if @scanning_mode == :interactive
+      return find_plugins_whitebox if @scanning_mode == :whitebox
       # bruteforce check must start with error page discovery.
       # the idea is to send 2 random plugin names (e.g. 2 sha256 of time seed)
@@ -144,11 +179,89 @@ module Wordstress
       return []
     end
-    def post_and_get(url, pass)
-      uri = URI(url)
-      res = Net::HTTP.post_form(uri, {'post_password' => pass, 'Submit'=>'Submit'})
-      get(url)
-      res.body
+    def ascii_report
+      # 0_Executive summary
+      rows = []
+      rows << ['Wordstress version', Wordstress::VERSION]
+      rows << ['Scan started',@start_time]
+      rows << ['Scan duration', "#{(@end_time - @start_time).round(3)} sec"]
+      rows << ['Target', @target]
+      rows << ['Wordpress version', version[:version]]
+      unless @online
+        rows << ['Scan status', 'During scan wordstress went offline. Results are incomplete / unreliable. Please make sure you are connected to the Internet']
+      else
+        rows << ['Scan status', 'Scan completed successfully']
+      end
+      table = Terminal::Table.new :title=>'Scan summary', :rows => rows
+      puts table
+      return table unless @online
+      # 1_vulnerability summary
+      rows = []
+      rows << ['Wordpress version', @wp_vuln["wordpress"]["vulnerabilities"].count]
+      rows << ['Plugins installed', @plugin_vulns.count]
+      rows << ['Themes installed', @theme_vulns.count]
+      table = Terminal::Table.new :title=>'Vulnerabilities found', :rows => rows
+      puts table
+      # 2_vulnerabilities detail
+      if @wp_vuln["wordpress"]["vulnerabilities"].count != 0
+        rows = []
+        @wp_vuln["wordpress"]["vulnerabilities"].each do |v|
+          rows << [v[:title], v[:cve], v[:url], v[:fixed_in]]
+          rows << :separator
+        end
+        table = Terminal::Table.new :title=>"Vulnerabilities in Wordpress version #{version[:version]}", :headings=>['Issue', 'CVE', 'Url', 'Fixed in version'], :rows=>rows
+        puts table
+      end
+      if @plugin_vulns.count != 0
+        rows = []
+        @plugin_vulns.each do |v|
+          rows << [v[:title], v[:cve], v[:detected], v[:fixed_in]]
+          rows << :separator
+        end
+        table = Terminal::Table.new :title=>"Vulnerabilities in installed plugins", :headings=>['Issue', 'CVE', 'Detected version', 'Fixed version'], :rows=>rows
+        puts table
+      end
+      if @theme_vulns.count != 0
+        rows = []
+        @theme_vulns.each do |v|
+          rows << [v[:title], v[:cve], v[:detected], v[:fixed_in]]
+          rows << :separator
+        end
+        table = Terminal::Table.new :title=>"Vulnerabilities in installed themes", :headings=>['Issue', 'CVE', 'Detected version', 'Fixed in version'], :rows=>rows
+        puts table
+      end
+      # File.open(File.join(@output_dir, "report.txt"), 'w') do |file|
+      # file.puts("target: #{@target}")
+      # file.puts("wordpress version: #{version[:version]}")
+      # file.puts("themes found: #{@themes.count}")
+        # file.puts("plugins found: #{@plugins.count}")
+        # file.puts("Vulnerabilities in wordpress")
+        # @wp_vuln["wordpress"]["vulnerabilities"].each do |v|
+          # file.puts "#{v[:title]} - fixed in #{v[:fixed_in]}"
+        # end
+        # file.puts("Vulnerabilities in themes")
+        # @theme_vulns.each do |v|
+          # file.puts "#{v[:title]} - fixed in #{v[:fixed_in]}"
+        # end
+        # file.puts("Vulnerabilities in plugins")
+        # @plugins_vulns.each do |v|
+          # file.puts "#{v[:title]} - fixed in #{v[:fixed_in]}"
+        # end
+      # end
     end
     private
@@ -158,24 +271,22 @@ module Wordstress
       return (!a.nil?)
     end
-    def find_plugins_interactive
+    def find_plugins_whitebox
       ret = []
       doc = Nokogiri::HTML(@wordstress_page.body)
       doc.css('#all_plugin').each do |link|
         l=link.text.split(',')
-        ret << {:name=>l[2], :version=>l[1], :status=>l[3]} unless is_already_detected?(ret, l[2])
+        ret << {:name=>l[2].split('/')[0], :version=>l[1], :status=>l[3]} unless is_already_detected?(ret, l[2])
       end
-      $logger.debug ret
       ret
     end
-    def find_themes_interactive
+    def find_themes_whitebox
       ret = []
       doc = Nokogiri::HTML(@wordstress_page.body)
       doc.css('#all_theme').each do |link|
         l=link.text.split(',')
-        ret << {:name=>l[2], :version=>l[1]} unless is_already_detected?(ret, l[2])
+        ret << {:name=>l[2], :version=>l[1], :status=>l[3]} unless is_already_detected?(ret, l[2])
       end
-      $logger.debug ret
       ret
     end
@@ -220,19 +331,34 @@ module Wordstress
       ret
     end
-    def get_http(page)
-      uri = URI.parse(page)
-      http = Net::HTTP.new(uri.host, uri.port)
-      request = Net::HTTP::Get.new(uri.request_uri)
-      return http.request(request)
+    def get_http(page, use_ssl=false)
+      uri = URI(page)
+      req = Net::HTTP::Get.new(uri)
+      req.basic_auth @basic_auth_user, @basic_auth_pwd unless @basic_auth_user == ""
+      http = Net::HTTP.new(uri.hostname, uri.port)
+      http.use_ssl = use_ssl
+      res = http.start {|h|
+        h.request(req)
+      }
+      case res
+      when Net::HTTPSuccess then
+        return res
+      when Net::HTTPRedirection then
+        location = res['location']
+        $logger.debug "redirected to #{location}"
+        get_http(location)
+      when Net::HTTPNotFound
+        return res
+      else
+        return res.value
+      end
     end
-    def get_https(page)
-      uri = URI.parse(page)
-      http = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl = true
-      request = Net::HTTP::Get.new(uri.request_uri)
-      return http.request(request)
+    def get_https(page)
+      get_http(page, true)
     end
   end
 end

data/lib/wordstress/utils.rb CHANGED Viewed

@@ -3,7 +3,29 @@ module Wordstress
     # Transform a given URL into a directory name to be used to store data
     def self.target_to_dirname(target)
-      target.split("://")[1].gsub('.','_').gsub('/', '')
+      uri = URI.parse(target)
+      path = uri.request_uri.split('/')
+      blog_path = ""
+      blog_path = "_#{path[1]}" if path.count >= 2
+      return "#{uri.host}_#{uri.port}#{blog_path}"
+    end
+    def self.build_output_dir(root, target)
+      attempt=0
+      today=Time.now.strftime("%Y%m%d")
+      while 1 do
+        proposed = File.join(root, Wordstress::Utils.target_to_dirname(target), today)
+        if attempt != 0
+          proposed += "_#{attempt}"
+        end
+        return proposed unless Dir.exists?(proposed)
+        attempt +=1 if Dir.exists?(proposed)
+      end
     end
   end

data/lib/wordstress/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Wordstress
-  VERSION = "0.30.0"
+  VERSION = "0.40.0"
 end

data/wordstress.gemspec CHANGED Viewed

@@ -7,10 +7,10 @@ Gem::Specification.new do |spec|
   spec.name          = "wordstress"
   spec.version       = Wordstress::VERSION
   spec.authors       = ["Paolo Perego"]
-  spec.email         = ["thesp0nge@gmail.com"]
+  spec.email         = ["paolo@wordstress.org"]
   spec.summary       = %q{wordstress is a security scanner for wordpress powered websites}
   spec.description   = %q{wordstress is a security scanner for wordpress powered websites}
-  spec.homepage      = "https://github.com/thesp0nge/wordstress"
+  spec.homepage      = "http://wordstress.org"
   spec.license       = "MIT"
   spec.files         = `git ls-files -z`.split("\x0")
@@ -24,5 +24,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'codesake-commons'
   spec.add_dependency 'json'
   spec.add_dependency 'ciphersurfer'
+  spec.add_dependency 'terminal-table'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wordstress
 version: !ruby/object:Gem::Version
-  version: 0.30.0
+  version: 0.40.0
 platform: ruby
 authors:
 - Paolo Perego
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-01-19 00:00:00.000000000 Z
+date: 2015-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -80,9 +80,23 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: wordstress is a security scanner for wordpress powered websites
 email:
-- thesp0nge@gmail.com
+- paolo@wordstress.org
 executables:
 - wordstress
 extensions: []
@@ -101,7 +115,7 @@ files:
 - lib/wordstress/utils.rb
 - lib/wordstress/version.rb
 - wordstress.gemspec
-homepage: https://github.com/thesp0nge/wordstress
+homepage: http://wordstress.org
 licenses:
 - MIT
 metadata: {}