wpscan 3.0.3 → 3.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/core.rb +2 -2
  3. data/app/controllers/enumeration.rb +2 -2
  4. data/app/controllers/enumeration/cli_options.rb +7 -7
  5. data/app/controllers/enumeration/enum_methods.rb +1 -1
  6. data/app/controllers/main_theme.rb +1 -1
  7. data/app/controllers/wp_version.rb +1 -1
  8. data/app/finders/interesting_findings.rb +2 -2
  9. data/app/finders/interesting_findings/readme.rb +1 -1
  10. data/app/finders/plugin_version/layer_slider/translation_file.rb +1 -1
  11. data/app/finders/timthumbs/known_locations.rb +2 -2
  12. data/app/finders/users/author_posts.rb +1 -1
  13. data/app/finders/wp_version/atom_generator.rb +1 -1
  14. data/app/finders/wp_version/rss_generator.rb +1 -1
  15. data/app/models/timthumb.rb +3 -3
  16. data/app/models/wp_item.rb +3 -3
  17. data/app/models/wp_version.rb +0 -1
  18. data/lib/wpscan/db/updater.rb +2 -2
  19. data/lib/wpscan/db/wp_items.rb +1 -1
  20. data/lib/wpscan/target/platform/wordpress.rb +1 -1
  21. data/lib/wpscan/version.rb +1 -1
  22. metadata +30 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4d9052417cae5d1b8c68bd2992c2e0c8ce035475
4
- data.tar.gz: 0bb18cca39de608eda80347745bc5e287574a0bf
3
+ metadata.gz: aec6c21b96dc11fe0d1de37121edb9d4cce6580e
4
+ data.tar.gz: 9dfc21c798b02915e4e06815d6bc0808b0567f5a
5
5
  SHA512:
6
- metadata.gz: 8246a24671367caf940874b35f4f08ce3bca6c381a857e45084630294799835d5ef9e7f425b662321aebcaaeb9c2100008707b153db071c7cc1d66a3560cfb5a
7
- data.tar.gz: bbbc9906b96ff16e5a964342ff8cedab63c1b00ad25be29208bd0939df9abd53507da40b2899e474cf72f44f9d69a35af5641b6e4115888e8bedb0631dbe7883
6
+ metadata.gz: 7dea9f1e9a2afc8240533a355690381b33f360aa658b3fd1135b94b25ccca86bfd60585dee81110147592737c060e13f4935112d5194b19b6af06d64e8870b20
7
+ data.tar.gz: f79944aec35413d122216f01100e1d13e1ed3f575935bd4a4dac2331b2dc94a1fcb9dbbb4f230674ed815a5d358753c22e1cb4f5cb59eef3fe366c9ee8ba88df
data/app/controllers/core.rb CHANGED
@@ -8,8 +8,8 @@ module WPScan
8
8
  super.drop(1) + # delete the --url from CMSScanner
9
9
  [
10
10
  OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
11
- choices: %w(apache iis nginx),
12
- normalize: [:downcase, :to_sym]),
11
+ choices: %w[apache iis nginx],
12
+ normalize: %i[downcase to_sym]),
13
13
  OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
14
14
  OptBoolean.new(['--[no-]update', 'Wether or not to update the Database'], required_unless: :url)
15
15
  ]
data/app/controllers/enumeration.rb CHANGED
@@ -8,7 +8,7 @@ module WPScan
8
8
  def before_scan
9
9
  # Create the Dynamic Finders
10
10
  DB::DynamicPluginFinders.db_data.each do |name, config|
11
- %w(Comments).each do |klass|
11
+ %w[Comments].each do |klass|
12
12
  next unless config[klass] && config[klass]['version']
13
13
 
14
14
  constant_name = name.tr('-', '_').camelize
@@ -42,7 +42,7 @@ module WPScan
42
42
  enum_plugins if enum_plugins?(enum)
43
43
  enum_themes if enum_themes?(enum)
44
44
 
45
- [:timthumbs, :config_backups, :medias].each do |key|
45
+ %i[timthumbs config_backups medias].each do |key|
46
46
  send("enum_#{key}".to_sym) if enum.key?(key)
47
47
  end
48
48
 
data/app/controllers/enumeration/cli_options.rb CHANGED
@@ -26,7 +26,7 @@ module WPScan
26
26
  m: OptIntegerRange.new(['--medias', 'Media ids range. e.g m1-15'], value_if_empty: '1-100')
27
27
  },
28
28
  value_if_empty: 'vp,vt,tt,cb,u,m',
29
- incompatible: [[:vp, :ap, :p], [:vt, :at, :t]]
29
+ incompatible: [%i[vp ap p], %i[vt at t]]
30
30
  ),
31
31
  OptRegexp.new(
32
32
  [
@@ -46,7 +46,7 @@ module WPScan
46
46
  OptChoice.new(
47
47
  ['--plugins-detection MODE',
48
48
  'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'],
49
- choices: %w(mixed passive aggressive), normalize: :to_sym
49
+ choices: %w[mixed passive aggressive], normalize: :to_sym
50
50
  ),
51
51
  OptBoolean.new(['--plugins-version-all', 'Check all the plugins version locations'])
52
52
  ]
@@ -59,7 +59,7 @@ module WPScan
59
59
  OptChoice.new(
60
60
  ['--themes-detection MODE',
61
61
  'Use the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode.'],
62
- choices: %w(mixed passive aggressive), normalize: :to_sym
62
+ choices: %w[mixed passive aggressive], normalize: :to_sym
63
63
  ),
64
64
  OptBoolean.new(['--themes-version-all', 'Check all the themes version locations'])
65
65
  ]
@@ -75,7 +75,7 @@ module WPScan
75
75
  OptChoice.new(
76
76
  ['--timthumbs-detection MODE',
77
77
  'Use the supplied mode to enumerate Timthumbs, instead of the global (--detection-mode) mode.'],
78
- choices: %w(mixed passive aggressive), normalize: :to_sym
78
+ choices: %w[mixed passive aggressive], normalize: :to_sym
79
79
  )
80
80
  ]
81
81
  end
@@ -90,7 +90,7 @@ module WPScan
90
90
  OptChoice.new(
91
91
  ['--config-backups-detection MODE',
92
92
  'Use the supplied mode to enumerate Configs, instead of the global (--detection-mode) mode.'],
93
- choices: %w(mixed passive aggressive), normalize: :to_sym
93
+ choices: %w[mixed passive aggressive], normalize: :to_sym
94
94
  )
95
95
  ]
96
96
  end
@@ -101,7 +101,7 @@ module WPScan
101
101
  OptChoice.new(
102
102
  ['--medias-detection MODE',
103
103
  'Use the supplied mode to enumerate Medias, instead of the global (--detection-mode) mode.'],
104
- choices: %w(mixed passive aggressive), normalize: :to_sym
104
+ choices: %w[mixed passive aggressive], normalize: :to_sym
105
105
  )
106
106
  ]
107
107
  end
@@ -117,7 +117,7 @@ module WPScan
117
117
  OptChoice.new(
118
118
  ['--users-detection MODE',
119
119
  'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],
120
- choices: %w(mixed passive aggressive), normalize: :to_sym
120
+ choices: %w[mixed passive aggressive], normalize: :to_sym
121
121
  )
122
122
  ]
123
123
  end
data/app/controllers/enumeration/enum_methods.rb CHANGED
@@ -6,7 +6,7 @@ module WPScan
6
6
  #
7
7
  # @return [ String ] The related enumration message depending on the parsed_options and type supplied
8
8
  def enum_message(type)
9
- return unless type == 'plugins' || type == 'themes'
9
+ return unless %w[plugins themes].include?(type)
10
10
 
11
11
  details = if parsed_options[:enumerate][:"vulnerable_#{type}"]
12
12
  'Vulnerable'
data/app/controllers/main_theme.rb CHANGED
@@ -7,7 +7,7 @@ module WPScan
7
7
  OptChoice.new(
8
8
  ['--main-theme-detection MODE',
9
9
  'Use the supplied mode for the Main theme detection, instead of the global (--detection-mode) mode.'],
10
- choices: %w(mixed passive aggressive),
10
+ choices: %w[mixed passive aggressive],
11
11
  normalize: :to_sym
12
12
  )
13
13
  ]
data/app/controllers/wp_version.rb CHANGED
@@ -9,7 +9,7 @@ module WPScan
9
9
  ['--wp-version-detection MODE',
10
10
  'Use the supplied mode for the WordPress version detection, ' \
11
11
  'instead of the global (--detection-mode) mode.'],
12
- choices: %w(mixed passive aggressive),
12
+ choices: %w[mixed passive aggressive],
13
13
  normalize: :to_sym
14
14
  )
15
15
  ]
data/app/finders/interesting_findings.rb CHANGED
@@ -19,11 +19,11 @@ module WPScan
19
19
  def initialize(target)
20
20
  super(target)
21
21
 
22
- %w(
22
+ %w[
23
23
  Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
24
24
  Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
25
25
  UploadSQLDump
26
- ).each do |f|
26
+ ].each do |f|
27
27
  finders << InterestingFindings.const_get(f).new(target)
28
28
  end
29
29
  end
data/app/finders/interesting_findings/readme.rb CHANGED
@@ -18,7 +18,7 @@ module WPScan
18
18
 
19
19
  # @retun [ Array<String> ] The list of potential readme files
20
20
  def potential_files
21
- %w(readme.html olvasdel.html lisenssi.html liesmich.html)
21
+ %w[readme.html olvasdel.html lisenssi.html liesmich.html]
22
22
  end
23
23
  end
24
24
  end
data/app/finders/plugin_version/layer_slider/translation_file.rb CHANGED
@@ -29,7 +29,7 @@ module WPScan
29
29
  def potential_urls
30
30
  # Recent versions seem to use the 'locales' directory instead of the 'languages' one.
31
31
  # Maybe also check other locales ?
32
- %w(locales languages).reduce([]) do |a, e|
32
+ %w[locales languages].reduce([]) do |a, e|
33
33
  a << target.url("#{e}/LayerSlider-en_US.po")
34
34
  end
35
35
  end
data/app/finders/timthumbs/known_locations.rb CHANGED
@@ -43,8 +43,8 @@ module WPScan
43
43
  end
44
44
 
45
45
  def main_theme_timthumbs_paths
46
- %w(timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
47
- scripts/timthumb.php tools/timthumb.php functions/timthumb.php)
46
+ %w[timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
47
+ scripts/timthumb.php tools/timthumb.php functions/timthumb.php]
48
48
  end
49
49
 
50
50
  def create_progress_bar(opts = {})
data/app/finders/users/author_posts.rb CHANGED
@@ -43,7 +43,7 @@ module WPScan
43
43
  def potential_usernames(res)
44
44
  usernames = []
45
45
 
46
- target.in_scope_urls(res, '//a', %w(href)) do |url, node|
46
+ target.in_scope_urls(res, '//a', %w[href]) do |url, node|
47
47
  uri = Addressable::URI.parse(url)
48
48
 
49
49
  if uri.path =~ %r{/author/([^/\b]+)/?\z}i
data/app/finders/wp_version/atom_generator.rb CHANGED
@@ -30,7 +30,7 @@ module WPScan
30
30
  end
31
31
 
32
32
  def aggressive_urls(_opts = {})
33
- %w(feed/atom/ ?feed=atom).reduce([]) do |a, uri|
33
+ %w[feed/atom/ ?feed=atom].reduce([]) do |a, uri|
34
34
  a << target.url(uri)
35
35
  end
36
36
  end
data/app/finders/wp_version/rss_generator.rb CHANGED
@@ -33,7 +33,7 @@ module WPScan
33
33
  end
34
34
 
35
35
  def aggressive_urls(_opts = {})
36
- %w(feed/ comments/feed/ feed/rss/ feed/rss2/).reduce([]) do |a, uri|
36
+ %w[feed/ comments/feed/ feed/rss/ feed/rss2/].reduce([]) do |a, uri|
37
37
  a << target.url(uri)
38
38
  end
39
39
  end
data/app/models/timthumb.rb CHANGED
@@ -30,8 +30,8 @@ module WPScan
30
30
  def vulnerabilities
31
31
  vulns = []
32
32
 
33
- vulns << rce_webshot_vuln if false == version || version > '1.35' && version < '2.8.14' && webshot_enabled?
34
- vulns << rce_132_vuln if false == version || version < '1.33'
33
+ vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
34
+ vulns << rce_132_vuln if version == false || version < '1.33'
35
35
 
36
36
  vulns
37
37
  end
@@ -68,7 +68,7 @@ module WPScan
68
68
 
69
69
  # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
70
70
  def default_allowed_domains
71
- %w(flickr.com picasa.com img.youtube.com upload.wikimedia.org)
71
+ %w[flickr.com picasa.com img.youtube.com upload.wikimedia.org]
72
72
  end
73
73
  end
74
74
  end
data/app/models/wp_item.rb CHANGED
@@ -6,8 +6,8 @@ module WPScan
6
6
  include CMSScanner::Target::Platform::PHP
7
7
  include CMSScanner::Target::Server::Generic
8
8
 
9
- READMES = %w(readme.txt README.txt Readme.txt ReadMe.txt README.TXT readme.TXT).freeze
10
- CHANGELOGS = %w(changelog.txt Changelog.txt ChangeLog.txt CHANGELOG.txt).freeze
9
+ READMES = %w[readme.txt README.txt Readme.txt ReadMe.txt README.TXT readme.TXT].freeze
10
+ CHANGELOGS = %w[changelog.txt Changelog.txt ChangeLog.txt CHANGELOG.txt].freeze
11
11
 
12
12
  attr_reader :uri, :name, :detection_opts, :target, :db_data
13
13
 
@@ -50,7 +50,7 @@ module WPScan
50
50
  def vulnerable_to?(vuln)
51
51
  return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
52
52
 
53
- version < vuln.fixed_in ? true : false
53
+ version < vuln.fixed_in
54
54
  end
55
55
 
56
56
  # @return [ String ]
data/app/models/wp_version.rb CHANGED
@@ -2,7 +2,6 @@ module WPScan
2
2
  # WP Version
3
3
  class WpVersion < CMSScanner::Version
4
4
  include Vulnerable
5
- attr_reader :db_data
6
5
 
7
6
  def initialize(number, opts = {})
8
7
  raise InvalidWordPressVersion unless WpVersion.valid?(number.to_s)
data/lib/wpscan/db/updater.rb CHANGED
@@ -4,11 +4,11 @@ module WPScan
4
4
  # :nocov:
5
5
  class Updater
6
6
  # /!\ Might want to also update the Enumeration#cli_options when some filenames are changed here
7
- FILES = %w(
7
+ FILES = %w[
8
8
  plugins.json themes.json wordpresses.json
9
9
  timthumbs-v3.txt user-agents.txt config_backups.txt
10
10
  dynamic_finders.yml wordpress.db LICENSE
11
- ).freeze
11
+ ].freeze
12
12
 
13
13
  attr_reader :repo_directory
14
14
 
data/lib/wpscan/db/wp_items.rb CHANGED
@@ -14,7 +14,7 @@ module WPScan
14
14
 
15
15
  # @return [ Array<String> ] The slug of all vulnerable items
16
16
  def self.vulnerable_slugs
17
- db.select { |_key, item| !item['vulnerabilities'].empty? }.keys
17
+ db.reject { |_key, item| item['vulnerabilities'].empty? }.keys
18
18
  end
19
19
  end
20
20
  end
data/lib/wpscan/target/platform/wordpress.rb CHANGED
@@ -1,4 +1,4 @@
1
- %w(custom_directories).each do |required|
1
+ %w[custom_directories].each do |required|
2
2
  require "wpscan/target/platform/wordpress/#{required}"
3
3
  end
4
4
 
data/lib/wpscan/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module WPScan
3
- VERSION = '3.0.3'.freeze
3
+ VERSION = '3.0.4'.freeze
4
4
  end
metadata CHANGED
@@ -1,57 +1,57 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.3
4
+ version: 3.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-02-23 00:00:00.000000000 Z
11
+ date: 2017-09-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: yajl-ruby
14
+ name: cms_scanner
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 1.3.0
19
+ version: 0.0.37.10
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 1.3.0
26
+ version: 0.0.37.10
27
27
  - !ruby/object:Gem::Dependency
28
- name: cms_scanner
28
+ name: yajl-ruby
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 0.0.37.8
33
+ version: '1.3'
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 0.0.37.8
40
+ version: '1.3'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: activesupport
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: 5.0.1.0
47
+ version: '5.1'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: 5.0.1.0
54
+ version: '5.1'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: dm-core
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 3.5.0
131
+ version: 3.6.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 3.5.0
138
+ version: 3.6.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: rspec-its
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: 0.47.1
173
+ version: 0.50.0
174
174
  type: :development
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: 0.47.1
180
+ version: 0.50.0
181
181
  - !ruby/object:Gem::Dependency
182
182
  name: webmock
183
183
  requirement: !ruby/object:Gem::Requirement
@@ -198,14 +198,28 @@ dependencies:
198
198
  requirements:
199
199
  - - "~>"
200
200
  - !ruby/object:Gem::Version
201
- version: 0.12.0
201
+ version: 0.14.0
202
+ type: :development
203
+ prerelease: false
204
+ version_requirements: !ruby/object:Gem::Requirement
205
+ requirements:
206
+ - - "~>"
207
+ - !ruby/object:Gem::Version
208
+ version: 0.14.0
209
+ - !ruby/object:Gem::Dependency
210
+ name: coveralls
211
+ requirement: !ruby/object:Gem::Requirement
212
+ requirements:
213
+ - - "~>"
214
+ - !ruby/object:Gem::Version
215
+ version: 0.8.0
202
216
  type: :development
203
217
  prerelease: false
204
218
  version_requirements: !ruby/object:Gem::Requirement
205
219
  requirements:
206
220
  - - "~>"
207
221
  - !ruby/object:Gem::Version
208
- version: 0.12.0
222
+ version: 0.8.0
209
223
  description: WPScan is a black box WordPress vulnerability scanner.
210
224
  email:
211
225
  - team@wpscan.org