wpscan 3.0.2 → 3.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 762c8fbc4af3e137589c84c8c330fcbd5016a4c9
4
- data.tar.gz: 9ee2312bd6d96907e4fc4b5cd150f800153ec553
3
+ metadata.gz: 4d9052417cae5d1b8c68bd2992c2e0c8ce035475
4
+ data.tar.gz: 0bb18cca39de608eda80347745bc5e287574a0bf
5
5
  SHA512:
6
- metadata.gz: 37bf49a4f0647047912b9871fb86db816aa61cdf8bf4dbddf1ddeee813189b35a4b6c866ed6e5062e7a2e75c26dfd59b505bb4232c78fc169152d0c0cd6ffd9d
7
- data.tar.gz: 324288177f5e576338cb026cbaec4fa474fead7ad3c9bd16e2b5ecfb84b442d72678102d43a602bb37c257aac66a21bdd5b135a4e6c64e439d15fecb4120032b
6
+ metadata.gz: 8246a24671367caf940874b35f4f08ce3bca6c381a857e45084630294799835d5ef9e7f425b662321aebcaaeb9c2100008707b153db071c7cc1d66a3560cfb5a
7
+ data.tar.gz: bbbc9906b96ff16e5a964342ff8cedab63c1b00ad25be29208bd0939df9abd53507da40b2899e474cf72f44f9d69a35af5641b6e4115888e8bedb0631dbe7883
data/README.md CHANGED
@@ -1,5 +1,6 @@
1
1
  ![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/wpscan_logo_407x80.png "WPScan - WordPress Security Scanner") v3 BETA
2
2
 
3
+ [![Gem Version](https://badge.fury.io/rb/wpscan.svg)](https://badge.fury.io/rb/wpscan)
3
4
  [![Build Status](https://travis-ci.org/wpscanteam/wpscan-v3.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan-v3)
4
5
  [![Code Climate](https://codeclimate.com/github/wpscanteam/wpscan-v3/badges/gpa.svg)](https://codeclimate.com/github/wpscanteam/wpscan-v3)
5
6
  [![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/wpscan-v3.svg)](https://gemnasium.com/wpscanteam/wpscan-v3)
@@ -5,6 +5,7 @@ require_relative 'plugin_version/revslider/release_log'
5
5
  require_relative 'plugin_version/sitepress_multilingual_cms/version_parameter'
6
6
  require_relative 'plugin_version/sitepress_multilingual_cms/meta_generator'
7
7
  require_relative 'plugin_version/w3_total_cache/headers'
8
+ require_relative 'plugin_version/shareaholic/meta_tag'
8
9
 
9
10
  module WPScan
10
11
  module Finders
@@ -0,0 +1,27 @@
1
+ module WPScan
2
+ module Finders
3
+ module PluginVersion
4
+ module Shareaholic
5
+ # Version from the meta
6
+ class MetaTag < CMSScanner::Finders::Finder
7
+ # @param [ Hash ] opts
8
+ #
9
+ # @return [ Version ]
10
+ def passive(_opts = {})
11
+ target.target.homepage_res.html.css('meta[name="shareaholic:wp_version"]').each do |node|
12
+ next unless node['content'] =~ /\A([0-9\.]+)/i
13
+
14
+ return WPScan::Version.new(
15
+ Regexp.last_match(1),
16
+ found_by: found_by,
17
+ confidence: 50,
18
+ interesting_entries: ["#{target.target.url}, Match: '#{node.to_s.strip}'"]
19
+ )
20
+ end
21
+ nil
22
+ end
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
@@ -5,7 +5,9 @@ require_relative 'wp_version/rdf_generator'
5
5
  require_relative 'wp_version/readme'
6
6
  require_relative 'wp_version/sitemap_generator'
7
7
  require_relative 'wp_version/opml_generator'
8
- require_relative 'wp_version/stylesheets'
8
+ require_relative 'wp_version/homepage_stylesheet_numbers'
9
+ require_relative 'wp_version/install_stylesheet_numbers'
10
+ require_relative 'wp_version/upgrade_stylesheet_numbers'
9
11
  require_relative 'wp_version/unique_fingerprinting'
10
12
 
11
13
  module WPScan
@@ -21,7 +23,9 @@ module WPScan
21
23
  WpVersion::MetaGenerator.new(target) <<
22
24
  WpVersion::RSSGenerator.new(target) <<
23
25
  WpVersion::AtomGenerator.new(target) <<
24
- WpVersion::Stylesheets.new(target) <<
26
+ WpVersion::HomepageStylesheetNumbers.new(target) <<
27
+ WpVersion::InstallStylesheetNumbers.new(target) <<
28
+ WpVersion::UpgradeStylesheetNumbers.new(target) <<
25
29
  WpVersion::RDFGenerator.new(target) <<
26
30
  WpVersion::Readme.new(target) <<
27
31
  WpVersion::SitemapGenerator.new(target) <<
@@ -17,7 +17,7 @@ module WPScan
17
17
  found << create_version(
18
18
  node['version'],
19
19
  found_by: found_by,
20
- entries: ["#{res.effective_url}, #{node}"]
20
+ entries: ["#{res.effective_url}, #{node.to_s.strip}"]
21
21
  )
22
22
  end
23
23
  end
@@ -0,0 +1,59 @@
1
+ module WPScan
2
+ module Finders
3
+ module WpVersion
4
+ # Stylesheets Version Finder from Homepage
5
+ #
6
+ # TODO: Maybe put such methods in the CMSScanner to have a generic
7
+ # way of getting those versions, and allow the confidence to be
8
+ # customised
9
+ class HomepageStylesheetNumbers < CMSScanner::Finders::Finder
10
+ # @return [ Array<WpVersion> ]
11
+ def passive(_opts = {})
12
+ wp_versions(target.homepage_url)
13
+ end
14
+
15
+ protected
16
+
17
+ # @param [ String ] url
18
+ #
19
+ # @return [ Array<WpVersion> ]
20
+ def wp_versions(url)
21
+ found = []
22
+
23
+ scan_page(url).each do |version_number, occurences|
24
+ next unless WPScan::WpVersion.valid?(version_number) # Skip invalid versions
25
+
26
+ found << WPScan::WpVersion.new(
27
+ version_number,
28
+ found_by: found_by,
29
+ confidence: 5 * occurences.count,
30
+ interesting_entries: occurences
31
+ )
32
+ end
33
+
34
+ found
35
+ end
36
+
37
+ # @param [ String ] url
38
+ #
39
+ # @return [ Hash ]
40
+ def scan_page(url)
41
+ found = {}
42
+ pattern = /\bver=([0-9\.]+)/i
43
+
44
+ target.in_scope_urls(Browser.get(url), '//link|//script') do |stylesheet_url, _tag|
45
+ uri = Addressable::URI.parse(stylesheet_url)
46
+ next unless uri.query && uri.query.match(pattern)
47
+
48
+ version = Regexp.last_match[1].to_s
49
+
50
+ found[version] ||= []
51
+ found[version] << stylesheet_url
52
+ end
53
+
54
+ found
55
+ end
56
+ end
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,16 @@
1
+ module WPScan
2
+ module Finders
3
+ module WpVersion
4
+ # Stylesheets Version Finder from Install page
5
+ class InstallStylesheetNumbers < HomepageStylesheetNumbers
6
+ # Overrides the parent
7
+ def passive(_ops = {}); end
8
+
9
+ # @return [ Array<WpVersion> ]
10
+ def aggressive(_opts = {})
11
+ wp_versions(target.url('wp-admin/install.php'))
12
+ end
13
+ end
14
+ end
15
+ end
16
+ end
@@ -16,7 +16,7 @@ module WPScan
16
16
  number,
17
17
  found_by: 'Meta Generator (Passive detection)',
18
18
  confidence: 80,
19
- interesting_entries: ["#{target.url}, Match: '#{node}'"]
19
+ interesting_entries: ["#{target.url}, Match: '#{node.to_s.strip}'"]
20
20
  )
21
21
  end
22
22
  nil
@@ -12,7 +12,7 @@ module WPScan
12
12
  match[1],
13
13
  found_by: 'OPML Generator (Aggressive Detection)',
14
14
  confidence: 80,
15
- interesting_entries: ["#{target.url('wp-links-opml.php')}, Match: '#{node}'"]
15
+ interesting_entries: ["#{target.url('wp-links-opml.php')}, Match: '#{node.to_s.strip}'"]
16
16
  )
17
17
  end
18
18
  nil
@@ -17,7 +17,7 @@ module WPScan
17
17
  found << create_version(
18
18
  Regexp.last_match[1],
19
19
  found_by: found_by,
20
- entries: ["#{res.effective_url}, #{node}"]
20
+ entries: ["#{res.effective_url}, #{node.to_s.strip}"]
21
21
  )
22
22
  end
23
23
  end
@@ -18,7 +18,8 @@ module WPScan
18
18
  WPScan::WpVersion.new(
19
19
  number,
20
20
  found_by: 'Readme (Aggressive Detection)',
21
- confidence: 90,
21
+ # Since WP 4.7, the Readme only contains the major version (ie 4.7, 4.8 etc)
22
+ confidence: number >= '4.7' ? 10 : 90,
22
23
  interesting_entries: ["#{readme_url}, Match: '#{node.text.to_s.strip}'"]
23
24
  )
24
25
  end
@@ -20,7 +20,7 @@ module WPScan
20
20
  found << create_version(
21
21
  Regexp.last_match[1],
22
22
  found_by: found_by,
23
- entries: ["#{res.effective_url}, #{node}"]
23
+ entries: ["#{res.effective_url}, #{node.to_s.strip}"]
24
24
  )
25
25
  end
26
26
  end
@@ -12,7 +12,7 @@ module WPScan
12
12
  match[1],
13
13
  found_by: 'Sitemap Generator (Aggressive Detection)',
14
14
  confidence: 80,
15
- interesting_entries: ["#{target.url('sitemap.xml')}, #{node}"]
15
+ interesting_entries: ["#{target.url('sitemap.xml')}, #{node.to_s.strip}"]
16
16
  )
17
17
  end
18
18
  nil
@@ -0,0 +1,13 @@
1
+ module WPScan
2
+ module Finders
3
+ module WpVersion
4
+ # Stylesheets Version Finder from Upgrade page
5
+ class UpgradeStylesheetNumbers < InstallStylesheetNumbers
6
+ # @return [ Array<WpVersion> ]
7
+ def aggressive(_opts = {})
8
+ wp_versions(target.url('wp-admin/upgrade.php'))
9
+ end
10
+ end
11
+ end
12
+ end
13
+ end
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module WPScan
3
- VERSION = '3.0.2'.freeze
3
+ VERSION = '3.0.3'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.2
4
+ version: 3.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-31 00:00:00.000000000 Z
11
+ date: 2017-02-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: yajl-ruby
@@ -251,6 +251,7 @@ files:
251
251
  - app/finders/plugin_version/layer_slider/translation_file.rb
252
252
  - app/finders/plugin_version/readme.rb
253
253
  - app/finders/plugin_version/revslider/release_log.rb
254
+ - app/finders/plugin_version/shareaholic/meta_tag.rb
254
255
  - app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb
255
256
  - app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb
256
257
  - app/finders/plugin_version/w3_total_cache/headers.rb
@@ -279,14 +280,16 @@ files:
279
280
  - app/finders/wp_items/urls_in_homepage.rb
280
281
  - app/finders/wp_version.rb
281
282
  - app/finders/wp_version/atom_generator.rb
283
+ - app/finders/wp_version/homepage_stylesheet_numbers.rb
284
+ - app/finders/wp_version/install_stylesheet_numbers.rb
282
285
  - app/finders/wp_version/meta_generator.rb
283
286
  - app/finders/wp_version/opml_generator.rb
284
287
  - app/finders/wp_version/rdf_generator.rb
285
288
  - app/finders/wp_version/readme.rb
286
289
  - app/finders/wp_version/rss_generator.rb
287
290
  - app/finders/wp_version/sitemap_generator.rb
288
- - app/finders/wp_version/stylesheets.rb
289
291
  - app/finders/wp_version/unique_fingerprinting.rb
292
+ - app/finders/wp_version/upgrade_stylesheet_numbers.rb
290
293
  - app/models.rb
291
294
  - app/models/config_backup.rb
292
295
  - app/models/interesting_finding.rb
@@ -366,7 +369,6 @@ files:
366
369
  - lib/wpscan/version.rb
367
370
  - lib/wpscan/vulnerability.rb
368
371
  - lib/wpscan/vulnerable.rb
369
- - wpscan.gemspec
370
372
  homepage: https://wpscan.org/
371
373
  licenses:
372
374
  - Dual
@@ -1,55 +0,0 @@
1
- module WPScan
2
- module Finders
3
- module WpVersion
4
- # Stylesheets Version Finder
5
- class Stylesheets < CMSScanner::Finders::Finder
6
- # @return [ WpVersion ]
7
- def passive(_opts = {})
8
- found = []
9
-
10
- scan_page(target.homepage_url).each do |version_number, occurences|
11
- next unless WPScan::WpVersion.valid?(version_number) # Skip invalid versions
12
-
13
- found << WPScan::WpVersion.new(
14
- version_number,
15
- found_by: 'Stylesheet Numbers (Passive Detection)',
16
- confidence: 5 * occurences,
17
- interesting_entries: [target.homepage_url]
18
- )
19
- end
20
-
21
- found
22
- end
23
-
24
- protected
25
-
26
- # TODO: use target.in_scope_urls to get the URLs
27
- # @param [ String ] url
28
- #
29
- # @return [ Hash ]
30
- def scan_page(url)
31
- found = {}
32
- pattern = /\bver=([0-9\.]+)/i
33
-
34
- Browser.get(url).html.css('link,script').each do |tag|
35
- %w(href src).each do |attribute|
36
- attr_value = tag.attribute(attribute).to_s
37
-
38
- next if attr_value.nil? || attr_value.empty?
39
-
40
- uri = Addressable::URI.parse(attr_value)
41
- next unless uri.query && uri.query.match(pattern)
42
-
43
- version = Regexp.last_match[1].to_s
44
-
45
- found[version] ||= 0
46
- found[version] += 1
47
- end
48
- end
49
-
50
- found
51
- end
52
- end
53
- end
54
- end
55
- end
@@ -1,55 +0,0 @@
1
- # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
3
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'wpscan/version'
5
-
6
- Gem::Specification.new do |s|
7
- s.name = 'wpscan'
8
- s.version = WPScan::VERSION
9
- s.platform = Gem::Platform::RUBY
10
- s.required_ruby_version = '>= 2.2.2'
11
- s.authors = ['WPScanTeam']
12
- s.date = Time.now.utc.strftime('%Y-%m-%d')
13
- s.email = ['team@wpscan.org']
14
- s.summary = 'WPScan - WordPress Vulnerability Scanner'
15
- s.description = 'WPScan is a black box WordPress vulnerability scanner.'
16
- s.homepage = 'https://wpscan.org/'
17
- s.license = 'Dual'
18
-
19
- s.files = `git ls-files -z`.split("\x0").reject do |file|
20
- file =~ %r{^(?:
21
- spec\/.*
22
- |Gemfile
23
- |Rakefile
24
- |Dockerfile
25
- |\.rspec
26
- |\.gitignore
27
- |\.gitlab-ci.yml
28
- |\.rubocop.yml
29
- |\.travis.yml
30
- |\.ruby-gemset
31
- |\.ruby-version
32
- |\.dockerignore
33
- )$}x
34
- end
35
- s.test_files = []
36
- s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
37
- s.require_path = 'lib'
38
-
39
- s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
40
- s.add_dependency 'cms_scanner', '~> 0.0.37.8'
41
- s.add_dependency 'activesupport', '~> 5.0.1.0' # Not sure if needed there as already needed in the CMSScanner
42
- # DB dependencies
43
- s.add_dependency 'dm-core', '~> 1.2.0'
44
- s.add_dependency 'dm-migrations', '~> 1.2.0'
45
- s.add_dependency 'dm-constraints', '~> 1.2.0'
46
- s.add_dependency 'dm-sqlite-adapter', '~> 1.2.0'
47
-
48
- s.add_development_dependency 'rake', '~> 12.0'
49
- s.add_development_dependency 'rspec', '~> 3.5.0'
50
- s.add_development_dependency 'rspec-its', '~> 1.2.0'
51
- s.add_development_dependency 'bundler', '~> 1.6'
52
- s.add_development_dependency 'rubocop', '~> 0.47.1'
53
- s.add_development_dependency 'webmock', '~> 1.22.0'
54
- s.add_development_dependency 'simplecov', '~> 0.12.0'
55
- end