wpscan 3.0.2 → 3.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/app/finders/plugin_version.rb +1 -0
- data/app/finders/plugin_version/shareaholic/meta_tag.rb +27 -0
- data/app/finders/wp_version.rb +6 -2
- data/app/finders/wp_version/atom_generator.rb +1 -1
- data/app/finders/wp_version/homepage_stylesheet_numbers.rb +59 -0
- data/app/finders/wp_version/install_stylesheet_numbers.rb +16 -0
- data/app/finders/wp_version/meta_generator.rb +1 -1
- data/app/finders/wp_version/opml_generator.rb +1 -1
- data/app/finders/wp_version/rdf_generator.rb +1 -1
- data/app/finders/wp_version/readme.rb +2 -1
- data/app/finders/wp_version/rss_generator.rb +1 -1
- data/app/finders/wp_version/sitemap_generator.rb +1 -1
- data/app/finders/wp_version/upgrade_stylesheet_numbers.rb +13 -0
- data/lib/wpscan/version.rb +1 -1
- metadata +6 -4
- data/app/finders/wp_version/stylesheets.rb +0 -55
- data/wpscan.gemspec +0 -55
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4d9052417cae5d1b8c68bd2992c2e0c8ce035475
|
4
|
+
data.tar.gz: 0bb18cca39de608eda80347745bc5e287574a0bf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8246a24671367caf940874b35f4f08ce3bca6c381a857e45084630294799835d5ef9e7f425b662321aebcaaeb9c2100008707b153db071c7cc1d66a3560cfb5a
|
7
|
+
data.tar.gz: bbbc9906b96ff16e5a964342ff8cedab63c1b00ad25be29208bd0939df9abd53507da40b2899e474cf72f44f9d69a35af5641b6e4115888e8bedb0631dbe7883
|
data/README.md
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
 v3 BETA
|
2
2
|
|
3
|
+
[](https://badge.fury.io/rb/wpscan)
|
3
4
|
[](https://travis-ci.org/wpscanteam/wpscan-v3)
|
4
5
|
[](https://codeclimate.com/github/wpscanteam/wpscan-v3)
|
5
6
|
[](https://gemnasium.com/wpscanteam/wpscan-v3)
|
@@ -5,6 +5,7 @@ require_relative 'plugin_version/revslider/release_log'
|
|
5
5
|
require_relative 'plugin_version/sitepress_multilingual_cms/version_parameter'
|
6
6
|
require_relative 'plugin_version/sitepress_multilingual_cms/meta_generator'
|
7
7
|
require_relative 'plugin_version/w3_total_cache/headers'
|
8
|
+
require_relative 'plugin_version/shareaholic/meta_tag'
|
8
9
|
|
9
10
|
module WPScan
|
10
11
|
module Finders
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module WPScan
|
2
|
+
module Finders
|
3
|
+
module PluginVersion
|
4
|
+
module Shareaholic
|
5
|
+
# Version from the meta
|
6
|
+
class MetaTag < CMSScanner::Finders::Finder
|
7
|
+
# @param [ Hash ] opts
|
8
|
+
#
|
9
|
+
# @return [ Version ]
|
10
|
+
def passive(_opts = {})
|
11
|
+
target.target.homepage_res.html.css('meta[name="shareaholic:wp_version"]').each do |node|
|
12
|
+
next unless node['content'] =~ /\A([0-9\.]+)/i
|
13
|
+
|
14
|
+
return WPScan::Version.new(
|
15
|
+
Regexp.last_match(1),
|
16
|
+
found_by: found_by,
|
17
|
+
confidence: 50,
|
18
|
+
interesting_entries: ["#{target.target.url}, Match: '#{node.to_s.strip}'"]
|
19
|
+
)
|
20
|
+
end
|
21
|
+
nil
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/app/finders/wp_version.rb
CHANGED
@@ -5,7 +5,9 @@ require_relative 'wp_version/rdf_generator'
|
|
5
5
|
require_relative 'wp_version/readme'
|
6
6
|
require_relative 'wp_version/sitemap_generator'
|
7
7
|
require_relative 'wp_version/opml_generator'
|
8
|
-
require_relative 'wp_version/
|
8
|
+
require_relative 'wp_version/homepage_stylesheet_numbers'
|
9
|
+
require_relative 'wp_version/install_stylesheet_numbers'
|
10
|
+
require_relative 'wp_version/upgrade_stylesheet_numbers'
|
9
11
|
require_relative 'wp_version/unique_fingerprinting'
|
10
12
|
|
11
13
|
module WPScan
|
@@ -21,7 +23,9 @@ module WPScan
|
|
21
23
|
WpVersion::MetaGenerator.new(target) <<
|
22
24
|
WpVersion::RSSGenerator.new(target) <<
|
23
25
|
WpVersion::AtomGenerator.new(target) <<
|
24
|
-
WpVersion::
|
26
|
+
WpVersion::HomepageStylesheetNumbers.new(target) <<
|
27
|
+
WpVersion::InstallStylesheetNumbers.new(target) <<
|
28
|
+
WpVersion::UpgradeStylesheetNumbers.new(target) <<
|
25
29
|
WpVersion::RDFGenerator.new(target) <<
|
26
30
|
WpVersion::Readme.new(target) <<
|
27
31
|
WpVersion::SitemapGenerator.new(target) <<
|
@@ -0,0 +1,59 @@
|
|
1
|
+
module WPScan
|
2
|
+
module Finders
|
3
|
+
module WpVersion
|
4
|
+
# Stylesheets Version Finder from Homepage
|
5
|
+
#
|
6
|
+
# TODO: Maybe put such methods in the CMSScanner to have a generic
|
7
|
+
# way of getting those versions, and allow the confidence to be
|
8
|
+
# customised
|
9
|
+
class HomepageStylesheetNumbers < CMSScanner::Finders::Finder
|
10
|
+
# @return [ Array<WpVersion> ]
|
11
|
+
def passive(_opts = {})
|
12
|
+
wp_versions(target.homepage_url)
|
13
|
+
end
|
14
|
+
|
15
|
+
protected
|
16
|
+
|
17
|
+
# @param [ String ] url
|
18
|
+
#
|
19
|
+
# @return [ Array<WpVersion> ]
|
20
|
+
def wp_versions(url)
|
21
|
+
found = []
|
22
|
+
|
23
|
+
scan_page(url).each do |version_number, occurences|
|
24
|
+
next unless WPScan::WpVersion.valid?(version_number) # Skip invalid versions
|
25
|
+
|
26
|
+
found << WPScan::WpVersion.new(
|
27
|
+
version_number,
|
28
|
+
found_by: found_by,
|
29
|
+
confidence: 5 * occurences.count,
|
30
|
+
interesting_entries: occurences
|
31
|
+
)
|
32
|
+
end
|
33
|
+
|
34
|
+
found
|
35
|
+
end
|
36
|
+
|
37
|
+
# @param [ String ] url
|
38
|
+
#
|
39
|
+
# @return [ Hash ]
|
40
|
+
def scan_page(url)
|
41
|
+
found = {}
|
42
|
+
pattern = /\bver=([0-9\.]+)/i
|
43
|
+
|
44
|
+
target.in_scope_urls(Browser.get(url), '//link|//script') do |stylesheet_url, _tag|
|
45
|
+
uri = Addressable::URI.parse(stylesheet_url)
|
46
|
+
next unless uri.query && uri.query.match(pattern)
|
47
|
+
|
48
|
+
version = Regexp.last_match[1].to_s
|
49
|
+
|
50
|
+
found[version] ||= []
|
51
|
+
found[version] << stylesheet_url
|
52
|
+
end
|
53
|
+
|
54
|
+
found
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
module WPScan
|
2
|
+
module Finders
|
3
|
+
module WpVersion
|
4
|
+
# Stylesheets Version Finder from Install page
|
5
|
+
class InstallStylesheetNumbers < HomepageStylesheetNumbers
|
6
|
+
# Overrides the parent
|
7
|
+
def passive(_ops = {}); end
|
8
|
+
|
9
|
+
# @return [ Array<WpVersion> ]
|
10
|
+
def aggressive(_opts = {})
|
11
|
+
wp_versions(target.url('wp-admin/install.php'))
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -12,7 +12,7 @@ module WPScan
|
|
12
12
|
match[1],
|
13
13
|
found_by: 'OPML Generator (Aggressive Detection)',
|
14
14
|
confidence: 80,
|
15
|
-
interesting_entries: ["#{target.url('wp-links-opml.php')}, Match: '#{node}'"]
|
15
|
+
interesting_entries: ["#{target.url('wp-links-opml.php')}, Match: '#{node.to_s.strip}'"]
|
16
16
|
)
|
17
17
|
end
|
18
18
|
nil
|
@@ -18,7 +18,8 @@ module WPScan
|
|
18
18
|
WPScan::WpVersion.new(
|
19
19
|
number,
|
20
20
|
found_by: 'Readme (Aggressive Detection)',
|
21
|
-
|
21
|
+
# Since WP 4.7, the Readme only contains the major version (ie 4.7, 4.8 etc)
|
22
|
+
confidence: number >= '4.7' ? 10 : 90,
|
22
23
|
interesting_entries: ["#{readme_url}, Match: '#{node.text.to_s.strip}'"]
|
23
24
|
)
|
24
25
|
end
|
@@ -12,7 +12,7 @@ module WPScan
|
|
12
12
|
match[1],
|
13
13
|
found_by: 'Sitemap Generator (Aggressive Detection)',
|
14
14
|
confidence: 80,
|
15
|
-
interesting_entries: ["#{target.url('sitemap.xml')}, #{node}"]
|
15
|
+
interesting_entries: ["#{target.url('sitemap.xml')}, #{node.to_s.strip}"]
|
16
16
|
)
|
17
17
|
end
|
18
18
|
nil
|
@@ -0,0 +1,13 @@
|
|
1
|
+
module WPScan
|
2
|
+
module Finders
|
3
|
+
module WpVersion
|
4
|
+
# Stylesheets Version Finder from Upgrade page
|
5
|
+
class UpgradeStylesheetNumbers < InstallStylesheetNumbers
|
6
|
+
# @return [ Array<WpVersion> ]
|
7
|
+
def aggressive(_opts = {})
|
8
|
+
wp_versions(target.url('wp-admin/upgrade.php'))
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: wpscan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-02-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: yajl-ruby
|
@@ -251,6 +251,7 @@ files:
|
|
251
251
|
- app/finders/plugin_version/layer_slider/translation_file.rb
|
252
252
|
- app/finders/plugin_version/readme.rb
|
253
253
|
- app/finders/plugin_version/revslider/release_log.rb
|
254
|
+
- app/finders/plugin_version/shareaholic/meta_tag.rb
|
254
255
|
- app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb
|
255
256
|
- app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb
|
256
257
|
- app/finders/plugin_version/w3_total_cache/headers.rb
|
@@ -279,14 +280,16 @@ files:
|
|
279
280
|
- app/finders/wp_items/urls_in_homepage.rb
|
280
281
|
- app/finders/wp_version.rb
|
281
282
|
- app/finders/wp_version/atom_generator.rb
|
283
|
+
- app/finders/wp_version/homepage_stylesheet_numbers.rb
|
284
|
+
- app/finders/wp_version/install_stylesheet_numbers.rb
|
282
285
|
- app/finders/wp_version/meta_generator.rb
|
283
286
|
- app/finders/wp_version/opml_generator.rb
|
284
287
|
- app/finders/wp_version/rdf_generator.rb
|
285
288
|
- app/finders/wp_version/readme.rb
|
286
289
|
- app/finders/wp_version/rss_generator.rb
|
287
290
|
- app/finders/wp_version/sitemap_generator.rb
|
288
|
-
- app/finders/wp_version/stylesheets.rb
|
289
291
|
- app/finders/wp_version/unique_fingerprinting.rb
|
292
|
+
- app/finders/wp_version/upgrade_stylesheet_numbers.rb
|
290
293
|
- app/models.rb
|
291
294
|
- app/models/config_backup.rb
|
292
295
|
- app/models/interesting_finding.rb
|
@@ -366,7 +369,6 @@ files:
|
|
366
369
|
- lib/wpscan/version.rb
|
367
370
|
- lib/wpscan/vulnerability.rb
|
368
371
|
- lib/wpscan/vulnerable.rb
|
369
|
-
- wpscan.gemspec
|
370
372
|
homepage: https://wpscan.org/
|
371
373
|
licenses:
|
372
374
|
- Dual
|
@@ -1,55 +0,0 @@
|
|
1
|
-
module WPScan
|
2
|
-
module Finders
|
3
|
-
module WpVersion
|
4
|
-
# Stylesheets Version Finder
|
5
|
-
class Stylesheets < CMSScanner::Finders::Finder
|
6
|
-
# @return [ WpVersion ]
|
7
|
-
def passive(_opts = {})
|
8
|
-
found = []
|
9
|
-
|
10
|
-
scan_page(target.homepage_url).each do |version_number, occurences|
|
11
|
-
next unless WPScan::WpVersion.valid?(version_number) # Skip invalid versions
|
12
|
-
|
13
|
-
found << WPScan::WpVersion.new(
|
14
|
-
version_number,
|
15
|
-
found_by: 'Stylesheet Numbers (Passive Detection)',
|
16
|
-
confidence: 5 * occurences,
|
17
|
-
interesting_entries: [target.homepage_url]
|
18
|
-
)
|
19
|
-
end
|
20
|
-
|
21
|
-
found
|
22
|
-
end
|
23
|
-
|
24
|
-
protected
|
25
|
-
|
26
|
-
# TODO: use target.in_scope_urls to get the URLs
|
27
|
-
# @param [ String ] url
|
28
|
-
#
|
29
|
-
# @return [ Hash ]
|
30
|
-
def scan_page(url)
|
31
|
-
found = {}
|
32
|
-
pattern = /\bver=([0-9\.]+)/i
|
33
|
-
|
34
|
-
Browser.get(url).html.css('link,script').each do |tag|
|
35
|
-
%w(href src).each do |attribute|
|
36
|
-
attr_value = tag.attribute(attribute).to_s
|
37
|
-
|
38
|
-
next if attr_value.nil? || attr_value.empty?
|
39
|
-
|
40
|
-
uri = Addressable::URI.parse(attr_value)
|
41
|
-
next unless uri.query && uri.query.match(pattern)
|
42
|
-
|
43
|
-
version = Regexp.last_match[1].to_s
|
44
|
-
|
45
|
-
found[version] ||= 0
|
46
|
-
found[version] += 1
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
found
|
51
|
-
end
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
data/wpscan.gemspec
DELETED
@@ -1,55 +0,0 @@
|
|
1
|
-
# coding: utf-8
|
2
|
-
lib = File.expand_path('../lib', __FILE__)
|
3
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
-
require 'wpscan/version'
|
5
|
-
|
6
|
-
Gem::Specification.new do |s|
|
7
|
-
s.name = 'wpscan'
|
8
|
-
s.version = WPScan::VERSION
|
9
|
-
s.platform = Gem::Platform::RUBY
|
10
|
-
s.required_ruby_version = '>= 2.2.2'
|
11
|
-
s.authors = ['WPScanTeam']
|
12
|
-
s.date = Time.now.utc.strftime('%Y-%m-%d')
|
13
|
-
s.email = ['team@wpscan.org']
|
14
|
-
s.summary = 'WPScan - WordPress Vulnerability Scanner'
|
15
|
-
s.description = 'WPScan is a black box WordPress vulnerability scanner.'
|
16
|
-
s.homepage = 'https://wpscan.org/'
|
17
|
-
s.license = 'Dual'
|
18
|
-
|
19
|
-
s.files = `git ls-files -z`.split("\x0").reject do |file|
|
20
|
-
file =~ %r{^(?:
|
21
|
-
spec\/.*
|
22
|
-
|Gemfile
|
23
|
-
|Rakefile
|
24
|
-
|Dockerfile
|
25
|
-
|\.rspec
|
26
|
-
|\.gitignore
|
27
|
-
|\.gitlab-ci.yml
|
28
|
-
|\.rubocop.yml
|
29
|
-
|\.travis.yml
|
30
|
-
|\.ruby-gemset
|
31
|
-
|\.ruby-version
|
32
|
-
|\.dockerignore
|
33
|
-
)$}x
|
34
|
-
end
|
35
|
-
s.test_files = []
|
36
|
-
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
37
|
-
s.require_path = 'lib'
|
38
|
-
|
39
|
-
s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
|
40
|
-
s.add_dependency 'cms_scanner', '~> 0.0.37.8'
|
41
|
-
s.add_dependency 'activesupport', '~> 5.0.1.0' # Not sure if needed there as already needed in the CMSScanner
|
42
|
-
# DB dependencies
|
43
|
-
s.add_dependency 'dm-core', '~> 1.2.0'
|
44
|
-
s.add_dependency 'dm-migrations', '~> 1.2.0'
|
45
|
-
s.add_dependency 'dm-constraints', '~> 1.2.0'
|
46
|
-
s.add_dependency 'dm-sqlite-adapter', '~> 1.2.0'
|
47
|
-
|
48
|
-
s.add_development_dependency 'rake', '~> 12.0'
|
49
|
-
s.add_development_dependency 'rspec', '~> 3.5.0'
|
50
|
-
s.add_development_dependency 'rspec-its', '~> 1.2.0'
|
51
|
-
s.add_development_dependency 'bundler', '~> 1.6'
|
52
|
-
s.add_development_dependency 'rubocop', '~> 0.47.1'
|
53
|
-
s.add_development_dependency 'webmock', '~> 1.22.0'
|
54
|
-
s.add_development_dependency 'simplecov', '~> 0.12.0'
|
55
|
-
end
|