wpscan 3.0.4 → 3.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/brute_force.rb +0 -2
- data/app/controllers/enumeration.rb +1 -1
- data/app/controllers/enumeration/cli_options.rb +22 -2
- data/app/controllers/enumeration/enum_methods.rb +9 -5
- data/app/finders/interesting_findings.rb +2 -1
- data/app/finders/interesting_findings/emergency_pwd_reset_script.rb +25 -0
- data/app/models/plugin.rb +1 -1
- data/app/models/theme.rb +2 -2
- data/app/models/timthumb.rb +4 -5
- data/app/models/wp_item.rb +5 -5
- data/app/views/cli/enumeration/config_backups.erb +2 -2
- data/lib/wpscan/db/updater.rb +0 -2
- data/lib/wpscan/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d9fd4bc758b868aa36848d44911b54335efdaefc
|
|
4
|
+
data.tar.gz: e02f0a0f89271384cd00a1d9ab760205c5bd1837
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 955e80f693240687635f34d3b7081a302c452511e6d4191624edae196b7395f08759206b9aefc56f95449eccd5bdb9b91e6e48b613d9a27c681e1370759ed6bd
|
|
7
|
+
data.tar.gz: 9944fa88fba74980f74df6225dd47a2cf2d419eb02da52cf844f296ab729b58a3c7d747d623614bd950832a680352d5fbd9de0c3d0eb0e8dddae3bf46c17a57f
|
|
@@ -56,7 +56,6 @@ module WPScan
|
|
|
56
56
|
# @param [ Array<String> ] passwords
|
|
57
57
|
#
|
|
58
58
|
# @yield [ User ] when a valid combination is found
|
|
59
|
-
# rubocop:disable all
|
|
60
59
|
def brute_force(users, passwords)
|
|
61
60
|
hydra = Browser.instance.hydra
|
|
62
61
|
|
|
@@ -86,7 +85,6 @@ module WPScan
|
|
|
86
85
|
hydra.run
|
|
87
86
|
end
|
|
88
87
|
end
|
|
89
|
-
# rubocop:enable all
|
|
90
88
|
|
|
91
89
|
def progress_bar(size, username)
|
|
92
90
|
ProgressBar.create(
|
|
@@ -6,7 +6,7 @@ module WPScan
|
|
|
6
6
|
# Enumeration Controller
|
|
7
7
|
class Enumeration < CMSScanner::Controller::Base
|
|
8
8
|
def before_scan
|
|
9
|
-
# Create the Dynamic Finders
|
|
9
|
+
# Create the Dynamic PluginVersion Finders
|
|
10
10
|
DB::DynamicPluginFinders.db_data.each do |name, config|
|
|
11
11
|
%w[Comments].each do |klass|
|
|
12
12
|
next unless config[klass] && config[klass]['version']
|
|
@@ -48,7 +48,17 @@ module WPScan
|
|
|
48
48
|
'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'],
|
|
49
49
|
choices: %w[mixed passive aggressive], normalize: :to_sym
|
|
50
50
|
),
|
|
51
|
-
OptBoolean.new(
|
|
51
|
+
OptBoolean.new(
|
|
52
|
+
['--plugins-version-all',
|
|
53
|
+
'Check all the plugins version locations according to the choosen mode (--detection-mode, ' \
|
|
54
|
+
'--plugins-detection and --plugins-version-detection)']
|
|
55
|
+
),
|
|
56
|
+
OptChoice.new(
|
|
57
|
+
['--plugins-version-detection MODE',
|
|
58
|
+
'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
|
|
59
|
+
'or --plugins-detection modes.'],
|
|
60
|
+
choices: %w[mixed passive aggressive], normalize: :to_sym
|
|
61
|
+
)
|
|
52
62
|
]
|
|
53
63
|
end
|
|
54
64
|
|
|
@@ -61,7 +71,17 @@ module WPScan
|
|
|
61
71
|
'Use the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode.'],
|
|
62
72
|
choices: %w[mixed passive aggressive], normalize: :to_sym
|
|
63
73
|
),
|
|
64
|
-
OptBoolean.new(
|
|
74
|
+
OptBoolean.new(
|
|
75
|
+
['--themes-version-all',
|
|
76
|
+
'Check all the themes version locations according to the choosen mode (--detection-mode, ' \
|
|
77
|
+
'--themes-detection and --themes-version-detection)']
|
|
78
|
+
),
|
|
79
|
+
OptChoice.new(
|
|
80
|
+
['--themes-version-detection MODE',
|
|
81
|
+
'Use the supplied mode to check themes versions instead of the --detection-mode ' \
|
|
82
|
+
'or --themes-detection modes.'],
|
|
83
|
+
choices: %w[mixed passive aggressive], normalize: :to_sym
|
|
84
|
+
)
|
|
65
85
|
]
|
|
66
86
|
end
|
|
67
87
|
|
|
@@ -23,10 +23,16 @@ module WPScan
|
|
|
23
23
|
#
|
|
24
24
|
# @return [ Hash ]
|
|
25
25
|
def default_opts(type)
|
|
26
|
+
mode = parsed_options[:"#{type}_detection"] || parsed_options[:detection_mode]
|
|
27
|
+
|
|
26
28
|
{
|
|
27
|
-
mode:
|
|
29
|
+
mode: mode,
|
|
28
30
|
exclude_content: parsed_options[:exclude_content_based],
|
|
29
|
-
show_progression: user_interaction
|
|
31
|
+
show_progression: user_interaction?,
|
|
32
|
+
version_detection: {
|
|
33
|
+
mode: parsed_options[:"#{type}_version_detection"] || mode,
|
|
34
|
+
confidence_threshold: parsed_options[:"#{type}_version_all"] ? 0 : 100
|
|
35
|
+
}
|
|
30
36
|
}
|
|
31
37
|
end
|
|
32
38
|
|
|
@@ -40,7 +46,6 @@ module WPScan
|
|
|
40
46
|
def enum_plugins
|
|
41
47
|
opts = default_opts('plugins').merge(
|
|
42
48
|
list: plugins_list_from_opts(parsed_options),
|
|
43
|
-
version_all: parsed_options[:plugins_version_all],
|
|
44
49
|
sort: true
|
|
45
50
|
)
|
|
46
51
|
|
|
@@ -79,7 +84,6 @@ module WPScan
|
|
|
79
84
|
def enum_themes
|
|
80
85
|
opts = default_opts('themes').merge(
|
|
81
86
|
list: themes_list_from_opts(parsed_options),
|
|
82
|
-
version_all: parsed_options[:themes_version_all],
|
|
83
87
|
sort: true
|
|
84
88
|
)
|
|
85
89
|
|
|
@@ -116,7 +120,7 @@ module WPScan
|
|
|
116
120
|
end
|
|
117
121
|
|
|
118
122
|
def enum_config_backups
|
|
119
|
-
opts = default_opts('
|
|
123
|
+
opts = default_opts('config_backups').merge(list: parsed_options[:config_backups_list])
|
|
120
124
|
|
|
121
125
|
output('@info', msg: 'Enumerating Config Backups') if user_interaction?
|
|
122
126
|
output('config_backups', config_backups: target.config_backups(opts))
|
|
@@ -9,6 +9,7 @@ require_relative 'interesting_findings/upload_sql_dump'
|
|
|
9
9
|
require_relative 'interesting_findings/full_path_disclosure'
|
|
10
10
|
require_relative 'interesting_findings/duplicator_installer_log'
|
|
11
11
|
require_relative 'interesting_findings/upload_directory_listing'
|
|
12
|
+
require_relative 'interesting_findings/emergency_pwd_reset_script'
|
|
12
13
|
|
|
13
14
|
module WPScan
|
|
14
15
|
module Finders
|
|
@@ -22,7 +23,7 @@ module WPScan
|
|
|
22
23
|
%w[
|
|
23
24
|
Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
|
|
24
25
|
Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
|
|
25
|
-
UploadSQLDump
|
|
26
|
+
UploadSQLDump EmergencyPwdResetScript
|
|
26
27
|
].each do |f|
|
|
27
28
|
finders << InterestingFindings.const_get(f).new(target)
|
|
28
29
|
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
module WPScan
|
|
2
|
+
module Finders
|
|
3
|
+
module InterestingFindings
|
|
4
|
+
# Emergency Password Reset Script finder
|
|
5
|
+
class EmergencyPwdResetScript < CMSScanner::Finders::Finder
|
|
6
|
+
# @return [ InterestingFinding ]
|
|
7
|
+
def aggressive(_opts = {})
|
|
8
|
+
url = target.url('/emergency.php')
|
|
9
|
+
res = Browser.get(url)
|
|
10
|
+
|
|
11
|
+
return unless res.code == 200 && !target.homepage_or_404?(res)
|
|
12
|
+
|
|
13
|
+
WPScan::InterestingFinding.new(
|
|
14
|
+
url,
|
|
15
|
+
confidence: res.body =~ /password/i ? 100 : 40,
|
|
16
|
+
found_by: DIRECT_ACCESS,
|
|
17
|
+
references: {
|
|
18
|
+
url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'
|
|
19
|
+
}
|
|
20
|
+
)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
data/app/models/plugin.rb
CHANGED
|
@@ -17,7 +17,7 @@ module WPScan
|
|
|
17
17
|
#
|
|
18
18
|
# @return [ WPScan::Version, false ]
|
|
19
19
|
def version(opts = {})
|
|
20
|
-
@version = Finders::PluginVersion::Base.find(self,
|
|
20
|
+
@version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
|
|
21
21
|
|
|
22
22
|
@version
|
|
23
23
|
end
|
data/app/models/theme.rb
CHANGED
|
@@ -23,7 +23,7 @@ module WPScan
|
|
|
23
23
|
#
|
|
24
24
|
# @return [ WPScan::Version, false ]
|
|
25
25
|
def version(opts = {})
|
|
26
|
-
@version = Finders::ThemeVersion::Base.find(self,
|
|
26
|
+
@version = Finders::ThemeVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
|
|
27
27
|
|
|
28
28
|
@version
|
|
29
29
|
end
|
|
@@ -37,7 +37,7 @@ module WPScan
|
|
|
37
37
|
style_url: url(Regexp.last_match[1]),
|
|
38
38
|
found_by: 'Parent Themes (Passive Detection)',
|
|
39
39
|
confidence: 100
|
|
40
|
-
)
|
|
40
|
+
).merge(version_detection: version_detection_opts)
|
|
41
41
|
|
|
42
42
|
self.class.new(template, target, opts)
|
|
43
43
|
end
|
data/app/models/timthumb.rb
CHANGED
|
@@ -3,16 +3,15 @@ module WPScan
|
|
|
3
3
|
class Timthumb < InterestingFinding
|
|
4
4
|
include Vulnerable
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
attr_reader :detection_opts
|
|
6
|
+
attr_reader :version_detection_opts
|
|
8
7
|
|
|
9
8
|
# @param [ String ] url
|
|
10
9
|
# @param [ Hash ] opts
|
|
11
|
-
# @option opts [
|
|
10
|
+
# @option opts [ Symbol ] :mode The mode to use to detect the version
|
|
12
11
|
def initialize(url, opts = {})
|
|
13
12
|
super(url, opts)
|
|
14
13
|
|
|
15
|
-
@
|
|
14
|
+
@version_detection_opts = opts[:version_detection] || {}
|
|
16
15
|
end
|
|
17
16
|
|
|
18
17
|
# @param [ Hash ] opts
|
|
@@ -20,7 +19,7 @@ module WPScan
|
|
|
20
19
|
# @return [ WPScan::Version, false ]
|
|
21
20
|
def version(opts = {})
|
|
22
21
|
if @version.nil?
|
|
23
|
-
@version = Finders::TimthumbVersion::Base.find(self,
|
|
22
|
+
@version = Finders::TimthumbVersion::Base.find(self, version_detection_opts.merge(opts))
|
|
24
23
|
end
|
|
25
24
|
|
|
26
25
|
@version
|
data/app/models/wp_item.rb
CHANGED
|
@@ -9,21 +9,21 @@ module WPScan
|
|
|
9
9
|
READMES = %w[readme.txt README.txt Readme.txt ReadMe.txt README.TXT readme.TXT].freeze
|
|
10
10
|
CHANGELOGS = %w[changelog.txt Changelog.txt ChangeLog.txt CHANGELOG.txt].freeze
|
|
11
11
|
|
|
12
|
-
attr_reader :uri, :name, :detection_opts, :target, :db_data
|
|
12
|
+
attr_reader :uri, :name, :detection_opts, :version_detection_opts, :target, :db_data
|
|
13
13
|
|
|
14
14
|
# @param [ String ] name The plugin/theme name
|
|
15
15
|
# @param [ Target ] target The targeted blog
|
|
16
16
|
# @param [ Hash ] opts
|
|
17
|
-
# @option opts [
|
|
18
|
-
# @option opts [
|
|
17
|
+
# @option opts [ Symbol ] :mode The detection mode to use
|
|
18
|
+
# @option opts [ Hash ] :version_detection The options to use when looking for the version
|
|
19
19
|
# @option opts [ String ] :url The URL of the item
|
|
20
20
|
def initialize(name, target, opts = {})
|
|
21
21
|
@name = URI.decode(name)
|
|
22
22
|
@target = target
|
|
23
23
|
@uri = Addressable::URI.parse(opts[:url]) if opts[:url]
|
|
24
24
|
|
|
25
|
-
|
|
26
|
-
@
|
|
25
|
+
@detection_opts = { mode: opts[:mode] }
|
|
26
|
+
@version_detection_opts = opts[:version_detection] || {}
|
|
27
27
|
|
|
28
28
|
parse_finding_options(opts)
|
|
29
29
|
end
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
|
|
2
2
|
<% if @config_backups.empty? -%>
|
|
3
|
-
<%= notice_icon %> No Backups Found.
|
|
3
|
+
<%= notice_icon %> No Config Backups Found.
|
|
4
4
|
<% else -%>
|
|
5
|
-
<%= notice_icon %> Backup(s) Identified:
|
|
5
|
+
<%= notice_icon %> Config Backup(s) Identified:
|
|
6
6
|
<% @config_backups.each do |config_backup| -%>
|
|
7
7
|
|
|
8
8
|
<%= info_icon %> <%= config_backup %>
|
data/lib/wpscan/db/updater.rb
CHANGED
|
@@ -112,7 +112,6 @@ module WPScan
|
|
|
112
112
|
local_file_checksum(filename)
|
|
113
113
|
end
|
|
114
114
|
|
|
115
|
-
# rubocop:disable MethodLength
|
|
116
115
|
# @return [ Array<String> ] The filenames updated
|
|
117
116
|
def update
|
|
118
117
|
updated = []
|
|
@@ -141,7 +140,6 @@ module WPScan
|
|
|
141
140
|
|
|
142
141
|
updated
|
|
143
142
|
end
|
|
144
|
-
# rubocop:enable MethodLength
|
|
145
143
|
end
|
|
146
144
|
end
|
|
147
145
|
# :nocov:
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.0.37.
|
|
19
|
+
version: 0.0.37.11
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.0.37.
|
|
26
|
+
version: 0.0.37.11
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: yajl-ruby
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -247,6 +247,7 @@ files:
|
|
|
247
247
|
- app/finders/interesting_findings/backup_db.rb
|
|
248
248
|
- app/finders/interesting_findings/debug_log.rb
|
|
249
249
|
- app/finders/interesting_findings/duplicator_installer_log.rb
|
|
250
|
+
- app/finders/interesting_findings/emergency_pwd_reset_script.rb
|
|
250
251
|
- app/finders/interesting_findings/full_path_disclosure.rb
|
|
251
252
|
- app/finders/interesting_findings/mu_plugins.rb
|
|
252
253
|
- app/finders/interesting_findings/multisite.rb
|