wpscan 3.0.2 → 3.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (19) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -0
  3. data/app/finders/plugin_version.rb +1 -0
  4. data/app/finders/plugin_version/shareaholic/meta_tag.rb +27 -0
  5. data/app/finders/wp_version.rb +6 -2
  6. data/app/finders/wp_version/atom_generator.rb +1 -1
  7. data/app/finders/wp_version/homepage_stylesheet_numbers.rb +59 -0
  8. data/app/finders/wp_version/install_stylesheet_numbers.rb +16 -0
  9. data/app/finders/wp_version/meta_generator.rb +1 -1
  10. data/app/finders/wp_version/opml_generator.rb +1 -1
  11. data/app/finders/wp_version/rdf_generator.rb +1 -1
  12. data/app/finders/wp_version/readme.rb +2 -1
  13. data/app/finders/wp_version/rss_generator.rb +1 -1
  14. data/app/finders/wp_version/sitemap_generator.rb +1 -1
  15. data/app/finders/wp_version/upgrade_stylesheet_numbers.rb +13 -0
  16. data/lib/wpscan/version.rb +1 -1
  17. metadata +6 -4
  18. data/app/finders/wp_version/stylesheets.rb +0 -55
  19. data/wpscan.gemspec +0 -55
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 762c8fbc4af3e137589c84c8c330fcbd5016a4c9
4
- data.tar.gz: 9ee2312bd6d96907e4fc4b5cd150f800153ec553
3
+ metadata.gz: 4d9052417cae5d1b8c68bd2992c2e0c8ce035475
4
+ data.tar.gz: 0bb18cca39de608eda80347745bc5e287574a0bf
5
5
  SHA512:
6
- metadata.gz: 37bf49a4f0647047912b9871fb86db816aa61cdf8bf4dbddf1ddeee813189b35a4b6c866ed6e5062e7a2e75c26dfd59b505bb4232c78fc169152d0c0cd6ffd9d
7
- data.tar.gz: 324288177f5e576338cb026cbaec4fa474fead7ad3c9bd16e2b5ecfb84b442d72678102d43a602bb37c257aac66a21bdd5b135a4e6c64e439d15fecb4120032b
6
+ metadata.gz: 8246a24671367caf940874b35f4f08ce3bca6c381a857e45084630294799835d5ef9e7f425b662321aebcaaeb9c2100008707b153db071c7cc1d66a3560cfb5a
7
+ data.tar.gz: bbbc9906b96ff16e5a964342ff8cedab63c1b00ad25be29208bd0939df9abd53507da40b2899e474cf72f44f9d69a35af5641b6e4115888e8bedb0631dbe7883
data/README.md CHANGED
@@ -1,5 +1,6 @@
1
1
  ![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/wpscan_logo_407x80.png "WPScan - WordPress Security Scanner") v3 BETA
2
2
 
3
+ [![Gem Version](https://badge.fury.io/rb/wpscan.svg)](https://badge.fury.io/rb/wpscan)
3
4
  [![Build Status](https://travis-ci.org/wpscanteam/wpscan-v3.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan-v3)
4
5
  [![Code Climate](https://codeclimate.com/github/wpscanteam/wpscan-v3/badges/gpa.svg)](https://codeclimate.com/github/wpscanteam/wpscan-v3)
5
6
  [![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/wpscan-v3.svg)](https://gemnasium.com/wpscanteam/wpscan-v3)
data/app/finders/plugin_version.rb CHANGED
@@ -5,6 +5,7 @@ require_relative 'plugin_version/revslider/release_log'
5
5
  require_relative 'plugin_version/sitepress_multilingual_cms/version_parameter'
6
6
  require_relative 'plugin_version/sitepress_multilingual_cms/meta_generator'
7
7
  require_relative 'plugin_version/w3_total_cache/headers'
8
+ require_relative 'plugin_version/shareaholic/meta_tag'
8
9
 
9
10
  module WPScan
10
11
  module Finders
data/app/finders/plugin_version/shareaholic/meta_tag.rb ADDED
@@ -0,0 +1,27 @@
1
+ module WPScan
2
+ module Finders
3
+ module PluginVersion
4
+ module Shareaholic
5
+ # Version from the meta
6
+ class MetaTag < CMSScanner::Finders::Finder
7
+ # @param [ Hash ] opts
8
+ #
9
+ # @return [ Version ]
10
+ def passive(_opts = {})
11
+ target.target.homepage_res.html.css('meta[name="shareaholic:wp_version"]').each do |node|
12
+ next unless node['content'] =~ /\A([0-9\.]+)/i
13
+
14
+ return WPScan::Version.new(
15
+ Regexp.last_match(1),
16
+ found_by: found_by,
17
+ confidence: 50,
18
+ interesting_entries: ["#{target.target.url}, Match: '#{node.to_s.strip}'"]
19
+ )
20
+ end
21
+ nil
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
data/app/finders/wp_version.rb CHANGED
@@ -5,7 +5,9 @@ require_relative 'wp_version/rdf_generator'
5
5
  require_relative 'wp_version/readme'
6
6
  require_relative 'wp_version/sitemap_generator'
7
7
  require_relative 'wp_version/opml_generator'
8
- require_relative 'wp_version/stylesheets'
8
+ require_relative 'wp_version/homepage_stylesheet_numbers'
9
+ require_relative 'wp_version/install_stylesheet_numbers'
10
+ require_relative 'wp_version/upgrade_stylesheet_numbers'
9
11
  require_relative 'wp_version/unique_fingerprinting'
10
12
 
11
13
  module WPScan
@@ -21,7 +23,9 @@ module WPScan
21
23
  WpVersion::MetaGenerator.new(target) <<
22
24
  WpVersion::RSSGenerator.new(target) <<
23
25
  WpVersion::AtomGenerator.new(target) <<
24
- WpVersion::Stylesheets.new(target) <<
26
+ WpVersion::HomepageStylesheetNumbers.new(target) <<
27
+ WpVersion::InstallStylesheetNumbers.new(target) <<
28
+ WpVersion::UpgradeStylesheetNumbers.new(target) <<
25
29
  WpVersion::RDFGenerator.new(target) <<
26
30
  WpVersion::Readme.new(target) <<
27
31
  WpVersion::SitemapGenerator.new(target) <<
data/app/finders/wp_version/atom_generator.rb CHANGED
@@ -17,7 +17,7 @@ module WPScan
17
17
  found << create_version(
18
18
  node['version'],
19
19
  found_by: found_by,
20
- entries: ["#{res.effective_url}, #{node}"]
20
+ entries: ["#{res.effective_url}, #{node.to_s.strip}"]
21
21
  )
22
22
  end
23
23
  end
data/app/finders/wp_version/homepage_stylesheet_numbers.rb ADDED
@@ -0,0 +1,59 @@
1
+ module WPScan
2
+ module Finders
3
+ module WpVersion
4
+ # Stylesheets Version Finder from Homepage
5
+ #
6
+ # TODO: Maybe put such methods in the CMSScanner to have a generic
7
+ # way of getting those versions, and allow the confidence to be
8
+ # customised
9
+ class HomepageStylesheetNumbers < CMSScanner::Finders::Finder
10
+ # @return [ Array<WpVersion> ]
11
+ def passive(_opts = {})
12
+ wp_versions(target.homepage_url)
13
+ end
14
+
15
+ protected
16
+
17
+ # @param [ String ] url
18
+ #
19
+ # @return [ Array<WpVersion> ]
20
+ def wp_versions(url)
21
+ found = []
22
+
23
+ scan_page(url).each do |version_number, occurences|
24
+ next unless WPScan::WpVersion.valid?(version_number) # Skip invalid versions
25
+
26
+ found << WPScan::WpVersion.new(
27
+ version_number,
28
+ found_by: found_by,
29
+ confidence: 5 * occurences.count,
30
+ interesting_entries: occurences
31
+ )
32
+ end
33
+
34
+ found
35
+ end
36
+
37
+ # @param [ String ] url
38
+ #
39
+ # @return [ Hash ]
40
+ def scan_page(url)
41
+ found = {}
42
+ pattern = /\bver=([0-9\.]+)/i
43
+
44
+ target.in_scope_urls(Browser.get(url), '//link|//script') do |stylesheet_url, _tag|
45
+ uri = Addressable::URI.parse(stylesheet_url)
46
+ next unless uri.query && uri.query.match(pattern)
47
+
48
+ version = Regexp.last_match[1].to_s
49
+
50
+ found[version] ||= []
51
+ found[version] << stylesheet_url
52
+ end
53
+
54
+ found
55
+ end
56
+ end
57
+ end
58
+ end
59
+ end
data/app/finders/wp_version/install_stylesheet_numbers.rb ADDED
@@ -0,0 +1,16 @@
1
+ module WPScan
2
+ module Finders
3
+ module WpVersion
4
+ # Stylesheets Version Finder from Install page
5
+ class InstallStylesheetNumbers < HomepageStylesheetNumbers
6
+ # Overrides the parent
7
+ def passive(_ops = {}); end
8
+
9
+ # @return [ Array<WpVersion> ]
10
+ def aggressive(_opts = {})
11
+ wp_versions(target.url('wp-admin/install.php'))
12
+ end
13
+ end
14
+ end
15
+ end
16
+ end
data/app/finders/wp_version/meta_generator.rb CHANGED
@@ -16,7 +16,7 @@ module WPScan
16
16
  number,
17
17
  found_by: 'Meta Generator (Passive detection)',
18
18
  confidence: 80,
19
- interesting_entries: ["#{target.url}, Match: '#{node}'"]
19
+ interesting_entries: ["#{target.url}, Match: '#{node.to_s.strip}'"]
20
20
  )
21
21
  end
22
22
  nil
data/app/finders/wp_version/opml_generator.rb CHANGED
@@ -12,7 +12,7 @@ module WPScan
12
12
  match[1],
13
13
  found_by: 'OPML Generator (Aggressive Detection)',
14
14
  confidence: 80,
15
- interesting_entries: ["#{target.url('wp-links-opml.php')}, Match: '#{node}'"]
15
+ interesting_entries: ["#{target.url('wp-links-opml.php')}, Match: '#{node.to_s.strip}'"]
16
16
  )
17
17
  end
18
18
  nil
data/app/finders/wp_version/rdf_generator.rb CHANGED
@@ -17,7 +17,7 @@ module WPScan
17
17
  found << create_version(
18
18
  Regexp.last_match[1],
19
19
  found_by: found_by,
20
- entries: ["#{res.effective_url}, #{node}"]
20
+ entries: ["#{res.effective_url}, #{node.to_s.strip}"]
21
21
  )
22
22
  end
23
23
  end
data/app/finders/wp_version/readme.rb CHANGED
@@ -18,7 +18,8 @@ module WPScan
18
18
  WPScan::WpVersion.new(
19
19
  number,
20
20
  found_by: 'Readme (Aggressive Detection)',
21
- confidence: 90,
21
+ # Since WP 4.7, the Readme only contains the major version (ie 4.7, 4.8 etc)
22
+ confidence: number >= '4.7' ? 10 : 90,
22
23
  interesting_entries: ["#{readme_url}, Match: '#{node.text.to_s.strip}'"]
23
24
  )
24
25
  end
data/app/finders/wp_version/rss_generator.rb CHANGED
@@ -20,7 +20,7 @@ module WPScan
20
20
  found << create_version(
21
21
  Regexp.last_match[1],
22
22
  found_by: found_by,
23
- entries: ["#{res.effective_url}, #{node}"]
23
+ entries: ["#{res.effective_url}, #{node.to_s.strip}"]
24
24
  )
25
25
  end
26
26
  end
data/app/finders/wp_version/sitemap_generator.rb CHANGED
@@ -12,7 +12,7 @@ module WPScan
12
12
  match[1],
13
13
  found_by: 'Sitemap Generator (Aggressive Detection)',
14
14
  confidence: 80,
15
- interesting_entries: ["#{target.url('sitemap.xml')}, #{node}"]
15
+ interesting_entries: ["#{target.url('sitemap.xml')}, #{node.to_s.strip}"]
16
16
  )
17
17
  end
18
18
  nil
data/app/finders/wp_version/upgrade_stylesheet_numbers.rb ADDED
@@ -0,0 +1,13 @@
1
+ module WPScan
2
+ module Finders
3
+ module WpVersion
4
+ # Stylesheets Version Finder from Upgrade page
5
+ class UpgradeStylesheetNumbers < InstallStylesheetNumbers
6
+ # @return [ Array<WpVersion> ]
7
+ def aggressive(_opts = {})
8
+ wp_versions(target.url('wp-admin/upgrade.php'))
9
+ end
10
+ end
11
+ end
12
+ end
13
+ end
data/lib/wpscan/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module WPScan
3
- VERSION = '3.0.2'.freeze
3
+ VERSION = '3.0.3'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.2
4
+ version: 3.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-31 00:00:00.000000000 Z
11
+ date: 2017-02-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: yajl-ruby
@@ -251,6 +251,7 @@ files:
251
251
  - app/finders/plugin_version/layer_slider/translation_file.rb
252
252
  - app/finders/plugin_version/readme.rb
253
253
  - app/finders/plugin_version/revslider/release_log.rb
254
+ - app/finders/plugin_version/shareaholic/meta_tag.rb
254
255
  - app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb
255
256
  - app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb
256
257
  - app/finders/plugin_version/w3_total_cache/headers.rb
@@ -279,14 +280,16 @@ files:
279
280
  - app/finders/wp_items/urls_in_homepage.rb
280
281
  - app/finders/wp_version.rb
281
282
  - app/finders/wp_version/atom_generator.rb
283
+ - app/finders/wp_version/homepage_stylesheet_numbers.rb
284
+ - app/finders/wp_version/install_stylesheet_numbers.rb
282
285
  - app/finders/wp_version/meta_generator.rb
283
286
  - app/finders/wp_version/opml_generator.rb
284
287
  - app/finders/wp_version/rdf_generator.rb
285
288
  - app/finders/wp_version/readme.rb
286
289
  - app/finders/wp_version/rss_generator.rb
287
290
  - app/finders/wp_version/sitemap_generator.rb
288
- - app/finders/wp_version/stylesheets.rb
289
291
  - app/finders/wp_version/unique_fingerprinting.rb
292
+ - app/finders/wp_version/upgrade_stylesheet_numbers.rb
290
293
  - app/models.rb
291
294
  - app/models/config_backup.rb
292
295
  - app/models/interesting_finding.rb
@@ -366,7 +369,6 @@ files:
366
369
  - lib/wpscan/version.rb
367
370
  - lib/wpscan/vulnerability.rb
368
371
  - lib/wpscan/vulnerable.rb
369
- - wpscan.gemspec
370
372
  homepage: https://wpscan.org/
371
373
  licenses:
372
374
  - Dual
data/app/finders/wp_version/stylesheets.rb DELETED
@@ -1,55 +0,0 @@
1
- module WPScan
2
- module Finders
3
- module WpVersion
4
- # Stylesheets Version Finder
5
- class Stylesheets < CMSScanner::Finders::Finder
6
- # @return [ WpVersion ]
7
- def passive(_opts = {})
8
- found = []
9
-
10
- scan_page(target.homepage_url).each do |version_number, occurences|
11
- next unless WPScan::WpVersion.valid?(version_number) # Skip invalid versions
12
-
13
- found << WPScan::WpVersion.new(
14
- version_number,
15
- found_by: 'Stylesheet Numbers (Passive Detection)',
16
- confidence: 5 * occurences,
17
- interesting_entries: [target.homepage_url]
18
- )
19
- end
20
-
21
- found
22
- end
23
-
24
- protected
25
-
26
- # TODO: use target.in_scope_urls to get the URLs
27
- # @param [ String ] url
28
- #
29
- # @return [ Hash ]
30
- def scan_page(url)
31
- found = {}
32
- pattern = /\bver=([0-9\.]+)/i
33
-
34
- Browser.get(url).html.css('link,script').each do |tag|
35
- %w(href src).each do |attribute|
36
- attr_value = tag.attribute(attribute).to_s
37
-
38
- next if attr_value.nil? || attr_value.empty?
39
-
40
- uri = Addressable::URI.parse(attr_value)
41
- next unless uri.query && uri.query.match(pattern)
42
-
43
- version = Regexp.last_match[1].to_s
44
-
45
- found[version] ||= 0
46
- found[version] += 1
47
- end
48
- end
49
-
50
- found
51
- end
52
- end
53
- end
54
- end
55
- end
data/wpscan.gemspec DELETED
@@ -1,55 +0,0 @@
1
- # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
3
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'wpscan/version'
5
-
6
- Gem::Specification.new do |s|
7
- s.name = 'wpscan'
8
- s.version = WPScan::VERSION
9
- s.platform = Gem::Platform::RUBY
10
- s.required_ruby_version = '>= 2.2.2'
11
- s.authors = ['WPScanTeam']
12
- s.date = Time.now.utc.strftime('%Y-%m-%d')
13
- s.email = ['team@wpscan.org']
14
- s.summary = 'WPScan - WordPress Vulnerability Scanner'
15
- s.description = 'WPScan is a black box WordPress vulnerability scanner.'
16
- s.homepage = 'https://wpscan.org/'
17
- s.license = 'Dual'
18
-
19
- s.files = `git ls-files -z`.split("\x0").reject do |file|
20
- file =~ %r{^(?:
21
- spec\/.*
22
- |Gemfile
23
- |Rakefile
24
- |Dockerfile
25
- |\.rspec
26
- |\.gitignore
27
- |\.gitlab-ci.yml
28
- |\.rubocop.yml
29
- |\.travis.yml
30
- |\.ruby-gemset
31
- |\.ruby-version
32
- |\.dockerignore
33
- )$}x
34
- end
35
- s.test_files = []
36
- s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
37
- s.require_path = 'lib'
38
-
39
- s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
40
- s.add_dependency 'cms_scanner', '~> 0.0.37.8'
41
- s.add_dependency 'activesupport', '~> 5.0.1.0' # Not sure if needed there as already needed in the CMSScanner
42
- # DB dependencies
43
- s.add_dependency 'dm-core', '~> 1.2.0'
44
- s.add_dependency 'dm-migrations', '~> 1.2.0'
45
- s.add_dependency 'dm-constraints', '~> 1.2.0'
46
- s.add_dependency 'dm-sqlite-adapter', '~> 1.2.0'
47
-
48
- s.add_development_dependency 'rake', '~> 12.0'
49
- s.add_development_dependency 'rspec', '~> 3.5.0'
50
- s.add_development_dependency 'rspec-its', '~> 1.2.0'
51
- s.add_development_dependency 'bundler', '~> 1.6'
52
- s.add_development_dependency 'rubocop', '~> 0.47.1'
53
- s.add_development_dependency 'webmock', '~> 1.22.0'
54
- s.add_development_dependency 'simplecov', '~> 0.12.0'
55
- end