RubyGems - wpscan - Versions diffs - 3.0.2 → 3.0.3 - Mend

wpscan 3.0.2 → 3.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +4 -4
data/README.md +1 -0
data/app/finders/plugin_version.rb +1 -0
data/app/finders/plugin_version/shareaholic/meta_tag.rb +27 -0
data/app/finders/wp_version.rb +6 -2
data/app/finders/wp_version/atom_generator.rb +1 -1
data/app/finders/wp_version/homepage_stylesheet_numbers.rb +59 -0
data/app/finders/wp_version/install_stylesheet_numbers.rb +16 -0
data/app/finders/wp_version/meta_generator.rb +1 -1
data/app/finders/wp_version/opml_generator.rb +1 -1
data/app/finders/wp_version/rdf_generator.rb +1 -1
data/app/finders/wp_version/readme.rb +2 -1
data/app/finders/wp_version/rss_generator.rb +1 -1
data/app/finders/wp_version/sitemap_generator.rb +1 -1
data/app/finders/wp_version/upgrade_stylesheet_numbers.rb +13 -0
data/lib/wpscan/version.rb +1 -1
metadata +6 -4
data/app/finders/wp_version/stylesheets.rb +0 -55
data/wpscan.gemspec +0 -55

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 762c8fbc4af3e137589c84c8c330fcbd5016a4c9
-  data.tar.gz: 9ee2312bd6d96907e4fc4b5cd150f800153ec553
+  metadata.gz: 4d9052417cae5d1b8c68bd2992c2e0c8ce035475
+  data.tar.gz: 0bb18cca39de608eda80347745bc5e287574a0bf
 SHA512:
-  metadata.gz: 37bf49a4f0647047912b9871fb86db816aa61cdf8bf4dbddf1ddeee813189b35a4b6c866ed6e5062e7a2e75c26dfd59b505bb4232c78fc169152d0c0cd6ffd9d
-  data.tar.gz: 324288177f5e576338cb026cbaec4fa474fead7ad3c9bd16e2b5ecfb84b442d72678102d43a602bb37c257aac66a21bdd5b135a4e6c64e439d15fecb4120032b
+  metadata.gz: 8246a24671367caf940874b35f4f08ce3bca6c381a857e45084630294799835d5ef9e7f425b662321aebcaaeb9c2100008707b153db071c7cc1d66a3560cfb5a
+  data.tar.gz: bbbc9906b96ff16e5a964342ff8cedab63c1b00ad25be29208bd0939df9abd53507da40b2899e474cf72f44f9d69a35af5641b6e4115888e8bedb0631dbe7883

data/README.md CHANGED

@@ -1,5 +1,6 @@
 ![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/wpscan_logo_407x80.png "WPScan - WordPress Security Scanner") v3 BETA
+[![Gem Version](https://badge.fury.io/rb/wpscan.svg)](https://badge.fury.io/rb/wpscan)
 [![Build Status](https://travis-ci.org/wpscanteam/wpscan-v3.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan-v3)
 [![Code Climate](https://codeclimate.com/github/wpscanteam/wpscan-v3/badges/gpa.svg)](https://codeclimate.com/github/wpscanteam/wpscan-v3)
 [![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/wpscan-v3.svg)](https://gemnasium.com/wpscanteam/wpscan-v3)

data/app/finders/plugin_version.rb CHANGED

@@ -5,6 +5,7 @@ require_relative 'plugin_version/revslider/release_log'
 require_relative 'plugin_version/sitepress_multilingual_cms/version_parameter'
 require_relative 'plugin_version/sitepress_multilingual_cms/meta_generator'
 require_relative 'plugin_version/w3_total_cache/headers'
+require_relative 'plugin_version/shareaholic/meta_tag'
 module WPScan
   module Finders

data/app/finders/plugin_version/shareaholic/meta_tag.rb ADDED

@@ -0,0 +1,27 @@
+module WPScan
+  module Finders
+    module PluginVersion
+      module Shareaholic
+        # Version from the meta
+        class MetaTag < CMSScanner::Finders::Finder
+          # @param [ Hash ] opts
+          #
+          # @return [ Version ]
+          def passive(_opts = {})
+            target.target.homepage_res.html.css('meta[name="shareaholic:wp_version"]').each do |node|
+              next unless node['content'] =~ /\A([0-9\.]+)/i
+              return WPScan::Version.new(
+                Regexp.last_match(1),
+                found_by: found_by,
+                confidence: 50,
+                interesting_entries: ["#{target.target.url}, Match: '#{node.to_s.strip}'"]
+              )
+            end
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/app/finders/wp_version.rb CHANGED

@@ -5,7 +5,9 @@ require_relative 'wp_version/rdf_generator'
 require_relative 'wp_version/readme'
 require_relative 'wp_version/sitemap_generator'
 require_relative 'wp_version/opml_generator'
-require_relative 'wp_version/stylesheets'
+require_relative 'wp_version/homepage_stylesheet_numbers'
+require_relative 'wp_version/install_stylesheet_numbers'
+require_relative 'wp_version/upgrade_stylesheet_numbers'
 require_relative 'wp_version/unique_fingerprinting'
 module WPScan
@@ -21,7 +23,9 @@ module WPScan
             WpVersion::MetaGenerator.new(target) <<
             WpVersion::RSSGenerator.new(target) <<
             WpVersion::AtomGenerator.new(target) <<
-            WpVersion::Stylesheets.new(target) <<
+            WpVersion::HomepageStylesheetNumbers.new(target) <<
+            WpVersion::InstallStylesheetNumbers.new(target) <<
+            WpVersion::UpgradeStylesheetNumbers.new(target) <<
             WpVersion::RDFGenerator.new(target) <<
             WpVersion::Readme.new(target) <<
             WpVersion::SitemapGenerator.new(target) <<

data/app/finders/wp_version/atom_generator.rb CHANGED

@@ -17,7 +17,7 @@ module WPScan
               found << create_version(
                 node['version'],
                 found_by: found_by,
-                entries: ["#{res.effective_url}, #{node}"]
+                entries: ["#{res.effective_url}, #{node.to_s.strip}"]
               )
             end
           end

data/app/finders/wp_version/homepage_stylesheet_numbers.rb ADDED

@@ -0,0 +1,59 @@
+module WPScan
+  module Finders
+    module WpVersion
+      # Stylesheets Version Finder from Homepage
+      #
+      # TODO: Maybe put such methods in the CMSScanner to have a generic
+      # way of getting those versions, and allow the confidence to be
+      # customised
+      class HomepageStylesheetNumbers < CMSScanner::Finders::Finder
+        # @return [ Array<WpVersion> ]
+        def passive(_opts = {})
+          wp_versions(target.homepage_url)
+        end
+        protected
+        # @param [ String ] url
+        #
+        # @return [ Array<WpVersion> ]
+        def wp_versions(url)
+          found = []
+          scan_page(url).each do |version_number, occurences|
+            next unless WPScan::WpVersion.valid?(version_number) # Skip invalid versions
+            found << WPScan::WpVersion.new(
+              version_number,
+              found_by: found_by,
+              confidence: 5 * occurences.count,
+              interesting_entries: occurences
+            )
+          end
+          found
+        end
+        # @param [ String ] url
+        #
+        # @return [ Hash ]
+        def scan_page(url)
+          found   = {}
+          pattern = /\bver=([0-9\.]+)/i
+          target.in_scope_urls(Browser.get(url), '//link|//script') do |stylesheet_url, _tag|
+            uri = Addressable::URI.parse(stylesheet_url)
+            next unless uri.query && uri.query.match(pattern)
+            version = Regexp.last_match[1].to_s
+            found[version] ||= []
+            found[version] << stylesheet_url
+          end
+          found
+        end
+      end
+    end
+  end
+end

data/app/finders/wp_version/install_stylesheet_numbers.rb ADDED

@@ -0,0 +1,16 @@
+module WPScan
+  module Finders
+    module WpVersion
+      # Stylesheets Version Finder from Install page
+      class InstallStylesheetNumbers < HomepageStylesheetNumbers
+        # Overrides the parent
+        def passive(_ops = {}); end
+        # @return [ Array<WpVersion> ]
+        def aggressive(_opts = {})
+          wp_versions(target.url('wp-admin/install.php'))
+        end
+      end
+    end
+  end
+end

data/app/finders/wp_version/meta_generator.rb CHANGED

@@ -16,7 +16,7 @@ module WPScan
               number,
               found_by: 'Meta Generator (Passive detection)',
               confidence: 80,
-              interesting_entries: ["#{target.url}, Match: '#{node}'"]
+              interesting_entries: ["#{target.url}, Match: '#{node.to_s.strip}'"]
             )
           end
           nil

data/app/finders/wp_version/opml_generator.rb CHANGED

@@ -12,7 +12,7 @@ module WPScan
               match[1],
               found_by: 'OPML Generator (Aggressive Detection)',
               confidence: 80,
-              interesting_entries: ["#{target.url('wp-links-opml.php')}, Match: '#{node}'"]
+              interesting_entries: ["#{target.url('wp-links-opml.php')}, Match: '#{node.to_s.strip}'"]
             )
           end
           nil

data/app/finders/wp_version/rdf_generator.rb CHANGED

@@ -17,7 +17,7 @@ module WPScan
               found << create_version(
                 Regexp.last_match[1],
                 found_by: found_by,
-                entries: ["#{res.effective_url}, #{node}"]
+                entries: ["#{res.effective_url}, #{node.to_s.strip}"]
               )
             end
           end

data/app/finders/wp_version/readme.rb CHANGED

@@ -18,7 +18,8 @@ module WPScan
           WPScan::WpVersion.new(
             number,
             found_by: 'Readme (Aggressive Detection)',
-            confidence: 90,
+            # Since WP 4.7, the Readme only contains the major version (ie 4.7, 4.8 etc)
+            confidence: number >= '4.7' ? 10 : 90,
             interesting_entries: ["#{readme_url}, Match: '#{node.text.to_s.strip}'"]
           )
         end

data/app/finders/wp_version/rss_generator.rb CHANGED

@@ -20,7 +20,7 @@ module WPScan
               found << create_version(
                 Regexp.last_match[1],
                 found_by: found_by,
-                entries: ["#{res.effective_url}, #{node}"]
+                entries: ["#{res.effective_url}, #{node.to_s.strip}"]
               )
             end
           end

data/app/finders/wp_version/sitemap_generator.rb CHANGED

@@ -12,7 +12,7 @@ module WPScan
               match[1],
               found_by: 'Sitemap Generator (Aggressive Detection)',
               confidence: 80,
-              interesting_entries: ["#{target.url('sitemap.xml')}, #{node}"]
+              interesting_entries: ["#{target.url('sitemap.xml')}, #{node.to_s.strip}"]
             )
           end
           nil

data/app/finders/wp_version/upgrade_stylesheet_numbers.rb ADDED

@@ -0,0 +1,13 @@
+module WPScan
+  module Finders
+    module WpVersion
+      # Stylesheets Version Finder from Upgrade page
+      class UpgradeStylesheetNumbers < InstallStylesheetNumbers
+        # @return [ Array<WpVersion> ]
+        def aggressive(_opts = {})
+          wp_versions(target.url('wp-admin/upgrade.php'))
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/version.rb CHANGED

@@ -1,4 +1,4 @@
 # Version
 module WPScan
-  VERSION = '3.0.2'.freeze
+  VERSION = '3.0.3'.freeze
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.0.2
+  version: 3.0.3
 platform: ruby
 authors:
 - WPScanTeam
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-01-31 00:00:00.000000000 Z
+date: 2017-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: yajl-ruby
@@ -251,6 +251,7 @@ files:
 - app/finders/plugin_version/layer_slider/translation_file.rb
 - app/finders/plugin_version/readme.rb
 - app/finders/plugin_version/revslider/release_log.rb
+- app/finders/plugin_version/shareaholic/meta_tag.rb
 - app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb
 - app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb
 - app/finders/plugin_version/w3_total_cache/headers.rb
@@ -279,14 +280,16 @@ files:
 - app/finders/wp_items/urls_in_homepage.rb
 - app/finders/wp_version.rb
 - app/finders/wp_version/atom_generator.rb
+- app/finders/wp_version/homepage_stylesheet_numbers.rb
+- app/finders/wp_version/install_stylesheet_numbers.rb
 - app/finders/wp_version/meta_generator.rb
 - app/finders/wp_version/opml_generator.rb
 - app/finders/wp_version/rdf_generator.rb
 - app/finders/wp_version/readme.rb
 - app/finders/wp_version/rss_generator.rb
 - app/finders/wp_version/sitemap_generator.rb
-- app/finders/wp_version/stylesheets.rb
 - app/finders/wp_version/unique_fingerprinting.rb
+- app/finders/wp_version/upgrade_stylesheet_numbers.rb
 - app/models.rb
 - app/models/config_backup.rb
 - app/models/interesting_finding.rb
@@ -366,7 +369,6 @@ files:
 - lib/wpscan/version.rb
 - lib/wpscan/vulnerability.rb
 - lib/wpscan/vulnerable.rb
-- wpscan.gemspec
 homepage: https://wpscan.org/
 licenses:
 - Dual

data/app/finders/wp_version/stylesheets.rb DELETED

@@ -1,55 +0,0 @@
-module WPScan
-  module Finders
-    module WpVersion
-      # Stylesheets Version Finder
-      class Stylesheets < CMSScanner::Finders::Finder
-        # @return [ WpVersion ]
-        def passive(_opts = {})
-          found = []
-          scan_page(target.homepage_url).each do |version_number, occurences|
-            next unless WPScan::WpVersion.valid?(version_number) # Skip invalid versions
-            found << WPScan::WpVersion.new(
-              version_number,
-              found_by: 'Stylesheet Numbers (Passive Detection)',
-              confidence: 5 * occurences,
-              interesting_entries: [target.homepage_url]
-            )
-          end
-          found
-        end
-        protected
-        # TODO: use target.in_scope_urls to get the URLs
-        # @param [ String ] url
-        #
-        # @return [ Hash ]
-        def scan_page(url)
-          found   = {}
-          pattern = /\bver=([0-9\.]+)/i
-          Browser.get(url).html.css('link,script').each do |tag|
-            %w(href src).each do |attribute|
-              attr_value = tag.attribute(attribute).to_s
-              next if attr_value.nil? || attr_value.empty?
-              uri = Addressable::URI.parse(attr_value)
-              next unless uri.query && uri.query.match(pattern)
-              version = Regexp.last_match[1].to_s
-              found[version] ||= 0
-              found[version] += 1
-            end
-          end
-          found
-        end
-      end
-    end
-  end
-end

data/wpscan.gemspec DELETED

@@ -1,55 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'wpscan/version'
-Gem::Specification.new do |s|
-  s.name                  = 'wpscan'
-  s.version               = WPScan::VERSION
-  s.platform              = Gem::Platform::RUBY
-  s.required_ruby_version = '>= 2.2.2'
-  s.authors               = ['WPScanTeam']
-  s.date                  = Time.now.utc.strftime('%Y-%m-%d')
-  s.email                 = ['team@wpscan.org']
-  s.summary               = 'WPScan - WordPress Vulnerability Scanner'
-  s.description           = 'WPScan is a black box WordPress vulnerability scanner.'
-  s.homepage              = 'https://wpscan.org/'
-  s.license               = 'Dual'
-  s.files                 = `git ls-files -z`.split("\x0").reject do |file|
-    file =~ %r{^(?:
-      spec\/.*
-      |Gemfile
-      |Rakefile
-      |Dockerfile
-      |\.rspec
-      |\.gitignore
-      |\.gitlab-ci.yml
-      |\.rubocop.yml
-      |\.travis.yml
-      |\.ruby-gemset
-      |\.ruby-version
-      |\.dockerignore
-      )$}x
-  end
-  s.test_files            = []
-  s.executables           = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  s.require_path          = 'lib'
-  s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
-  s.add_dependency 'cms_scanner', '~> 0.0.37.8'
-  s.add_dependency 'activesupport', '~> 5.0.1.0' # Not sure if needed there as already needed in the CMSScanner
-  # DB dependencies
-  s.add_dependency 'dm-core', '~> 1.2.0'
-  s.add_dependency 'dm-migrations', '~> 1.2.0'
-  s.add_dependency 'dm-constraints', '~> 1.2.0'
-  s.add_dependency 'dm-sqlite-adapter', '~> 1.2.0'
-  s.add_development_dependency 'rake', '~> 12.0'
-  s.add_development_dependency 'rspec', '~> 3.5.0'
-  s.add_development_dependency 'rspec-its', '~> 1.2.0'
-  s.add_development_dependency 'bundler', '~> 1.6'
-  s.add_development_dependency 'rubocop', '~> 0.47.1'
-  s.add_development_dependency 'webmock', '~> 1.22.0'
-  s.add_development_dependency 'simplecov', '~> 0.12.0'
-end