RubyGems - wpscan - Versions diffs - 3.0.8 → 3.1.0 - Mend

wpscan 3.0.8 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

checksums.yaml +4 -4
data/LICENSE +1 -1
data/README.md +1 -1
data/app/controllers.rb +1 -0
data/app/controllers/aliases.rb +12 -0
data/app/controllers/core.rb +3 -5
data/app/controllers/enumeration.rb +2 -28
data/app/controllers/enumeration/enum_methods.rb +12 -2
data/app/controllers/wp_version.rb +4 -0
data/app/finders/main_theme/css_style.rb +2 -2
data/app/finders/main_theme/urls_in_homepage.rb +3 -3
data/app/finders/plugin_version.rb +1 -8
data/app/finders/plugins.rb +13 -4
data/app/finders/plugins/body_pattern.rb +27 -0
data/app/finders/plugins/comment.rb +31 -0
data/app/finders/plugins/config_parser.rb +31 -0
data/app/finders/plugins/header_pattern.rb +41 -0
data/app/finders/plugins/javascript_var.rb +29 -0
data/app/finders/plugins/known_locations.rb +5 -5
data/app/finders/plugins/query_parameter.rb +25 -0
data/app/finders/plugins/urls_in_homepage.rb +4 -8
data/app/finders/plugins/xpath.rb +29 -0
data/app/finders/theme_version.rb +1 -1
data/app/finders/theme_version/woo_framework_meta_generator.rb +2 -2
data/app/finders/themes/known_locations.rb +5 -5
data/app/finders/themes/urls_in_homepage.rb +2 -2
data/app/finders/users/login_error_messages.rb +1 -4
data/app/finders/users/wp_json_api.rb +2 -2
data/app/finders/wp_items/urls_in_homepage.rb +1 -1
data/app/finders/wp_version.rb +21 -18
data/app/models/plugin.rb +4 -4
data/app/models/theme.rb +6 -6
data/app/models/timthumb.rb +1 -3
data/app/models/wp_item.rb +15 -15
data/app/views/json/enumeration/plugins.erb +1 -1
data/app/views/json/enumeration/themes.erb +1 -1
data/app/views/json/wp_item.erb +1 -1
data/bin/wpscan +2 -1
data/lib/wpscan/db.rb +14 -10
data/lib/wpscan/db/dynamic_finders/base.rb +41 -0
data/lib/wpscan/db/dynamic_finders/plugin.rb +111 -0
data/lib/wpscan/db/dynamic_finders/theme.rb +16 -0
data/lib/wpscan/db/dynamic_finders/wordpress.rb +75 -0
data/lib/wpscan/db/updater.rb +2 -2
data/lib/wpscan/finders.rb +13 -1
data/lib/wpscan/finders/dynamic_finder/finder.rb +66 -0
data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +28 -0
data/lib/wpscan/finders/dynamic_finder/version/comment.rb +16 -0
data/lib/wpscan/finders/dynamic_finder/version/config_parser.rb +52 -0
data/lib/wpscan/finders/dynamic_finder/version/finder.rb +29 -0
data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +28 -0
data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +56 -0
data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +62 -0
data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +34 -0
data/lib/wpscan/finders/dynamic_finder/wp_item_version.rb +42 -0
data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +96 -0
data/lib/wpscan/finders/dynamic_finder/wp_version.rb +60 -0
data/lib/wpscan/helper.rb +11 -0
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +16 -1
data/lib/wpscan/version.rb +1 -1
metadata +32 -24
data/app/finders/plugin_version/layer_slider/translation_file.rb +0 -40
data/app/finders/plugin_version/revslider/release_log.rb +0 -35
data/app/finders/plugin_version/shareaholic/meta_tag.rb +0 -27
data/app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb +0 -27
data/app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb +0 -31
data/app/finders/plugin_version/w3_total_cache/headers.rb +0 -28
data/app/finders/plugins/comments.rb +0 -31
data/app/finders/plugins/headers.rb +0 -36
data/app/finders/wp_version/homepage_stylesheet_numbers.rb +0 -59
data/app/finders/wp_version/install_stylesheet_numbers.rb +0 -16
data/app/finders/wp_version/meta_generator.rb +0 -27
data/app/finders/wp_version/opml_generator.rb +0 -23
data/app/finders/wp_version/sitemap_generator.rb +0 -23
data/app/finders/wp_version/upgrade_stylesheet_numbers.rb +0 -13
data/lib/wpscan/db/dynamic_finders.rb +0 -55
data/lib/wpscan/finders/finder/plugin_version/comments.rb +0 -27

data/lib/wpscan/db/dynamic_finders/plugin.rb ADDED Viewed

@@ -0,0 +1,111 @@
+module WPScan
+  module DB
+    module DynamicFinders
+      class Plugin < Base
+        # @return [ Hash ]
+        def self.db_data
+          @db_data ||= super['plugins'] || {}
+        end
+        def self.version_finder_module
+          Finders::PluginVersion
+        end
+        # @param [ Symbol ] finder_class
+        # @param [ Boolean ] aggressive
+        # @return [ Hash ]
+        def self.finder_configs(finder_class, aggressive = false)
+          configs = {}
+          return configs unless allowed_classes.include?(finder_class)
+          db_data.each do |slug, finders|
+            # Quite sure better can be done with some kind of logic statement in the select
+            fs = if aggressive
+                   finders.reject { |_f, c| c['path'].nil? }
+                 else
+                   finders.select { |_f, c| c['path'].nil? }
+                 end
+            fs.each do |finder_name, config|
+              klass = config['class'] ? config['class'] : finder_name
+              next unless klass.to_sym == finder_class
+              configs[slug] ||= {}
+              configs[slug][finder_name] = config
+            end
+          end
+          configs
+        end
+        # @return [ Hash ]
+        def self.versions_finders_configs
+          return @versions_finders_configs if @versions_finders_configs
+          @versions_finders_configs = {}
+          db_data.each do |slug, finders|
+            finders.each do |finder_name, config|
+              next unless config.key?('version')
+              @versions_finders_configs[slug] ||= {}
+              @versions_finders_configs[slug][finder_name] = config
+            end
+          end
+          @versions_finders_configs
+        end
+        # @param [ String ] slug
+        # @return [ Constant ]
+        def self.maybe_create_modudle(slug)
+          # What about slugs such as js_composer which will be done as JsComposer, just like js-composer
+          constant_name = classify_slug(slug)
+          unless version_finder_module.constants.include?(constant_name)
+            version_finder_module.const_set(constant_name, Module.new)
+          end
+          version_finder_module.const_get(constant_name)
+        end
+        def self.create_versions_finders
+          versions_finders_configs.each do |slug, finders|
+            # Kind of an issue here, module is created even if there is no valid classes
+            # Could put the #maybe_ directly in the #send() BUT it would be checked everytime,
+            # which is kind of a waste
+            mod = maybe_create_modudle(slug)
+            finders.each do |finder_class, config|
+              klass = config['class'] ? config['class'] : finder_class
+              # Instead of raising exceptions, skip unallowed/already defined finders
+              # So that, when new DF configs are put in the .yml
+              # users with old version of WPScan will still be able to scan blogs
+              # when updating the DB but not the tool
+              next if mod.constants.include?(finder_class.to_sym) ||
+                      !allowed_classes.include?(klass.to_sym)
+              version_finder_super_class(klass).create_child_class(mod, finder_class.to_sym, config)
+            end
+          end
+        end
+        # The idea here would be to check if the class exist in
+        # the Finders::DynamicFinders::Plugins/Themes::klass or WpItemVersion::klass
+        # and return the related constant when one has been found.
+        #
+        # So far, the Finders::DynamicFinders::WPItemVersion is enought
+        # as nothing else is used
+        #
+        # @param [ String, Symbol ] klass
+        # @return [ Constant ]
+        def self.version_finder_super_class(klass)
+          "WPScan::Finders::DynamicFinder::WpItemVersion::#{klass}".constantize
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/db/dynamic_finders/theme.rb ADDED Viewed

@@ -0,0 +1,16 @@
+module WPScan
+  module DB
+    module DynamicFinders
+      class Theme < Plugin
+        # @return [ Hash ]
+        def self.db_data
+          @db_data ||= super['themes'] || {}
+        end
+        def self.version_finder_module
+          Finders::ThemeVersion
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/db/dynamic_finders/wordpress.rb ADDED Viewed

@@ -0,0 +1,75 @@
+module WPScan
+  module DB
+    module DynamicFinders
+      class Wordpress < Base
+        # @return [ Hash ]
+        def self.db_data
+          @db_data ||= super['wordpress'] || {}
+        end
+        # @return [ Constant ]
+        def self.version_finder_module
+          Finders::WpVersion
+        end
+        # @return [ Array<Symbol> ]
+        def self.allowed_classes
+          @allowed_classes ||= %i[
+            Comment Xpath HeaderPattern BodyPattern JavascriptVar QueryParameter WpItemQueryParameter
+          ]
+        end
+        # @param [ Symbol ] finder_class
+        # @param [ Boolean ] aggressive
+        # @return [ Hash ]
+        def self.finder_configs(finder_class, aggressive = false)
+          configs = {}
+          return configs unless allowed_classes.include?(finder_class)
+          finders = if aggressive
+                      db_data.reject { |_f, c| c['path'].nil? }
+                    else
+                      db_data.select { |_f, c| c['path'].nil? }
+                    end
+          finders.each do |finder_name, config|
+            klass = config['class'] ? config['class'] : finder_name
+            next unless klass.to_sym == finder_class
+            configs[finder_name] = config
+          end
+          configs
+        end
+        # @return [ Hash ]
+        def self.versions_finders_configs
+          @versions_finders_configs ||= db_data.select { |_finder_name, config| config.key?('version') }
+        end
+        def self.create_versions_finders
+          versions_finders_configs.each do |finder_class, config|
+            klass = config['class'] ? config['class'] : finder_class
+            # Instead of raising exceptions, skip unallowed/already defined finders
+            # So that, when new DF configs are put in the .yml
+            # users with old version of WPScan will still be able to scan blogs
+            # when updating the DB but not the tool
+            next if version_finder_module.constants.include?(finder_class.to_sym) ||
+                    !allowed_classes.include?(klass.to_sym)
+            version_finder_super_class(klass).create_child_class(version_finder_module, finder_class.to_sym, config)
+          end
+        end
+        # @param [ String, Symbol ] klass
+        # @return [ Constant ]
+        def self.version_finder_super_class(klass)
+          "WPScan::Finders::DynamicFinder::WpVersion::#{klass}".constantize
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/db/updater.rb CHANGED Viewed

@@ -7,10 +7,10 @@ module WPScan
       FILES = %w[
         plugins.json themes.json wordpresses.json
         timthumbs-v3.txt user-agents.txt config_backups.txt
-        dynamic_finders_01.yml wp_fingerprints.json LICENSE
+        dynamic_finders.yml wp_fingerprints.json LICENSE
       ].freeze
-      OLD_FILES = %w[wordpress.db dynamic_finders.yml].freeze
+      OLD_FILES = %w[wordpress.db dynamic_finders_01.yml].freeze
       attr_reader :repo_directory

data/lib/wpscan/finders.rb CHANGED Viewed

@@ -1,5 +1,17 @@
 require 'wpscan/finders/finder/wp_version/smart_url_checker'
-require 'wpscan/finders/finder/plugin_version/comments'
+require 'wpscan/finders/dynamic_finder/finder'
+require 'wpscan/finders/dynamic_finder/wp_items/finder'
+require 'wpscan/finders/dynamic_finder/version/finder'
+require 'wpscan/finders/dynamic_finder/version/xpath'
+require 'wpscan/finders/dynamic_finder/version/comment'
+require 'wpscan/finders/dynamic_finder/version/header_pattern'
+require 'wpscan/finders/dynamic_finder/version/body_pattern'
+require 'wpscan/finders/dynamic_finder/version/javascript_var'
+require 'wpscan/finders/dynamic_finder/version/query_parameter'
+require 'wpscan/finders/dynamic_finder/version/config_parser'
+require 'wpscan/finders/dynamic_finder/wp_item_version'
+require 'wpscan/finders/dynamic_finder/wp_version'
 module WPScan
   # Custom Finders

data/lib/wpscan/finders/dynamic_finder/finder.rb ADDED Viewed

@@ -0,0 +1,66 @@
+module WPScan
+  module Finders
+    module DynamicFinder
+      # To be used as a base when creating a dynamic finder
+      class Finder < CMSScanner::Finders::Finder
+        # @param [ Array ] args
+        def self.child_class_constant(*args)
+          args.each do |arg|
+            if arg.is_a?(Hash)
+              child_class_constants.merge!(arg)
+            else
+              child_class_constants[arg] = nil
+            end
+          end
+        end
+        # Needed to have inheritance of the @child_class_constants
+        # If inheritance is not needed, then the #child_class_constant can be used in the classe definition, ie
+        #   child_class_constant :FILES, PATTERN: /aaa/i
+        # @return [ Hash ]
+        def self.child_class_constants
+          @child_class_constants ||= { PATH: nil }
+        end
+        # @param [ Constant ] mod
+        # @param [ Constant ] klass
+        # @param [ Hash ] config
+        def self.create_child_class(mod, klass, config)
+          # Can't use the #child_class_constants directly in the Class.new(self) do; end below
+          class_constants = child_class_constants
+          mod.const_set(
+            klass, Class.new(self) do
+              class_constants.each do |key, value|
+                const_set(key, config[key.downcase.to_s] || value)
+              end
+            end
+          )
+        end
+        # This method has to be overriden in child classes
+        #
+        # @param [ Typhoeus::Response ] response
+        # @param [ Hash ] opts
+        # @return [ Mixed ]
+        def find(_response, _opts = {})
+          raise NoMethodError
+        end
+        # @param [ Hash ] opts
+        def passive(opts = {})
+          return if self.class::PATH
+          find(target.homepage_res, opts)
+        end
+        # @param [ Hash ] opts
+        def aggressive(opts = {})
+          return unless self.class::PATH
+          find(Browser.get(target.url(self.class::PATH)), opts)
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module WPScan
+  module Finders
+    module DynamicFinder
+      module Version
+        # Version finder using Body Pattern method. Tipically used when the response is not
+        # an HTML doc and Xpath can't be used
+        class BodyPattern < WPScan::Finders::DynamicFinder::Version::Finder
+          # @return [ Hash ]
+          def self.child_class_constants
+            @child_class_constants ||= super().merge(PATTERN: nil, CONFIDENCE: 60)
+          end
+          # @param [ Typhoeus::Response ] response
+          # @param [ Hash ] opts
+          # @return [ Version ]
+          def find(response, _opts = {})
+            return unless response.body =~ self.class::PATTERN
+            create_version(
+              Regexp.last_match[:v],
+              interesting_entries: ["#{response.effective_url}, Match: '#{Regexp.last_match}'"]
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/finders/dynamic_finder/version/comment.rb ADDED Viewed

@@ -0,0 +1,16 @@
+module WPScan
+  module Finders
+    module DynamicFinder
+      module Version
+        # Version finder in Comment, which is basically an Xpath one with a default
+        # Xpath of //comment()
+        class Comment < WPScan::Finders::DynamicFinder::Version::Xpath
+          # @return [ Hash ]
+          def self.child_class_constants
+            @child_class_constants ||= super().merge(PATTERN: nil, XPATH: '//comment()')
+          end
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/finders/dynamic_finder/version/config_parser.rb ADDED Viewed

@@ -0,0 +1,52 @@
+module WPScan
+  module Finders
+    module DynamicFinder
+      module Version
+        # Version finder using by parsing config files, such as composer.json
+        # and so on
+        class ConfigParser < WPScan::Finders::DynamicFinder::Version::Finder
+          ALLOWED_PARSERS = [JSON, YAML].freeze
+          def self.child_class_constants
+            @child_class_constants ||= super.merge(
+              PARSER: nil, KEY: nil, PATTERN: /(?<v>\d+\.[\.\d]+)/, CONFIDENCE: 70
+            )
+          end
+          # @param [ String ] body
+          # @return [ Hash, nil ] The parsed body, with an available parser, if possible
+          def parse(body)
+            parsers = ALLOWED_PARSERS.include?(self.class::PARSER) ? [self.class::PARSER] : ALLOWED_PARSERS
+            parsers.each do |parser|
+              begin
+                return parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)
+              rescue StandardError
+                next
+              end
+            end
+            nil # Make sure nil is returned in case none of the parsers manage to parse the body correctly
+          end
+          # No Passive way
+          def passive(opts = {}); end
+          # @param [ Typhoeus::Response ] response
+          # @param [ Hash ] opts
+          # @return [ Version ]
+          def find(response, _opts = {})
+            parsed_body = parse(response.body)
+            return unless (data = parsed_body&.dig(*self.class::KEY.split(':'))) && data =~ self.class::PATTERN
+            create_version(
+              Regexp.last_match[:v],
+              interesting_entries: ["#{response.effective_url}, Match: '#{Regexp.last_match}'"]
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/finders/dynamic_finder/version/finder.rb ADDED Viewed

@@ -0,0 +1,29 @@
+module WPScan
+  module Finders
+    module DynamicFinder
+      module Version
+        # To be used as a base when creating
+        # a dynamic finder to find the version of a WP Item (such as theme/plugin)
+        class Finder < Finders::DynamicFinder::Finder
+          protected
+          # @param [ String ] number
+          # @param [ Hash ] finding_opts
+          # @return [ WPScan::Version ]
+          def create_version(number, finding_opts)
+            WPScan::Version.new(number, version_finding_opts(finding_opts))
+          end
+          # @param [ Hash ] opts
+          # @retutn [ Hash ]
+          def version_finding_opts(opts)
+            opts[:found_by]   ||= found_by
+            opts[:confidence] ||= self.class::CONFIDENCE
+            opts
+          end
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module WPScan
+  module Finders
+    module DynamicFinder
+      module Version
+        # Version finder using Header Pattern method
+        class HeaderPattern < WPScan::Finders::DynamicFinder::Version::Finder
+          # @return [ Hash ]
+          def self.child_class_constants
+            @child_class_constants ||= super().merge(HEADER: nil, PATTERN: nil, CONFIDENCE: 60)
+          end
+          # @param [ Typhoeus::Response ] response
+          # @param [ Hash ] opts
+          # @return [ Version ]
+          def find(response, _opts = {})
+            return unless response.headers && response.headers[self.class::HEADER]
+            return unless response.headers[self.class::HEADER].to_s =~ self.class::PATTERN
+            create_version(
+              Regexp.last_match[:v],
+              interesting_entries: ["#{response.effective_url}, Match: '#{Regexp.last_match}'"]
+            )
+          end
+        end
+      end
+    end
+  end
+end