wpscan 3.0.8 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE +1 -1
- data/README.md +1 -1
- data/app/controllers.rb +1 -0
- data/app/controllers/aliases.rb +12 -0
- data/app/controllers/core.rb +3 -5
- data/app/controllers/enumeration.rb +2 -28
- data/app/controllers/enumeration/enum_methods.rb +12 -2
- data/app/controllers/wp_version.rb +4 -0
- data/app/finders/main_theme/css_style.rb +2 -2
- data/app/finders/main_theme/urls_in_homepage.rb +3 -3
- data/app/finders/plugin_version.rb +1 -8
- data/app/finders/plugins.rb +13 -4
- data/app/finders/plugins/body_pattern.rb +27 -0
- data/app/finders/plugins/comment.rb +31 -0
- data/app/finders/plugins/config_parser.rb +31 -0
- data/app/finders/plugins/header_pattern.rb +41 -0
- data/app/finders/plugins/javascript_var.rb +29 -0
- data/app/finders/plugins/known_locations.rb +5 -5
- data/app/finders/plugins/query_parameter.rb +25 -0
- data/app/finders/plugins/urls_in_homepage.rb +4 -8
- data/app/finders/plugins/xpath.rb +29 -0
- data/app/finders/theme_version.rb +1 -1
- data/app/finders/theme_version/woo_framework_meta_generator.rb +2 -2
- data/app/finders/themes/known_locations.rb +5 -5
- data/app/finders/themes/urls_in_homepage.rb +2 -2
- data/app/finders/users/login_error_messages.rb +1 -4
- data/app/finders/users/wp_json_api.rb +2 -2
- data/app/finders/wp_items/urls_in_homepage.rb +1 -1
- data/app/finders/wp_version.rb +21 -18
- data/app/models/plugin.rb +4 -4
- data/app/models/theme.rb +6 -6
- data/app/models/timthumb.rb +1 -3
- data/app/models/wp_item.rb +15 -15
- data/app/views/json/enumeration/plugins.erb +1 -1
- data/app/views/json/enumeration/themes.erb +1 -1
- data/app/views/json/wp_item.erb +1 -1
- data/bin/wpscan +2 -1
- data/lib/wpscan/db.rb +14 -10
- data/lib/wpscan/db/dynamic_finders/base.rb +41 -0
- data/lib/wpscan/db/dynamic_finders/plugin.rb +111 -0
- data/lib/wpscan/db/dynamic_finders/theme.rb +16 -0
- data/lib/wpscan/db/dynamic_finders/wordpress.rb +75 -0
- data/lib/wpscan/db/updater.rb +2 -2
- data/lib/wpscan/finders.rb +13 -1
- data/lib/wpscan/finders/dynamic_finder/finder.rb +66 -0
- data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +28 -0
- data/lib/wpscan/finders/dynamic_finder/version/comment.rb +16 -0
- data/lib/wpscan/finders/dynamic_finder/version/config_parser.rb +52 -0
- data/lib/wpscan/finders/dynamic_finder/version/finder.rb +29 -0
- data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +28 -0
- data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +56 -0
- data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +62 -0
- data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +34 -0
- data/lib/wpscan/finders/dynamic_finder/wp_item_version.rb +42 -0
- data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +96 -0
- data/lib/wpscan/finders/dynamic_finder/wp_version.rb +60 -0
- data/lib/wpscan/helper.rb +11 -0
- data/lib/wpscan/target/platform/wordpress/custom_directories.rb +16 -1
- data/lib/wpscan/version.rb +1 -1
- metadata +32 -24
- data/app/finders/plugin_version/layer_slider/translation_file.rb +0 -40
- data/app/finders/plugin_version/revslider/release_log.rb +0 -35
- data/app/finders/plugin_version/shareaholic/meta_tag.rb +0 -27
- data/app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb +0 -27
- data/app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb +0 -31
- data/app/finders/plugin_version/w3_total_cache/headers.rb +0 -28
- data/app/finders/plugins/comments.rb +0 -31
- data/app/finders/plugins/headers.rb +0 -36
- data/app/finders/wp_version/homepage_stylesheet_numbers.rb +0 -59
- data/app/finders/wp_version/install_stylesheet_numbers.rb +0 -16
- data/app/finders/wp_version/meta_generator.rb +0 -27
- data/app/finders/wp_version/opml_generator.rb +0 -23
- data/app/finders/wp_version/sitemap_generator.rb +0 -23
- data/app/finders/wp_version/upgrade_stylesheet_numbers.rb +0 -13
- data/lib/wpscan/db/dynamic_finders.rb +0 -55
- data/lib/wpscan/finders/finder/plugin_version/comments.rb +0 -27
@@ -0,0 +1,56 @@
|
|
1
|
+
module WPScan
|
2
|
+
module Finders
|
3
|
+
module DynamicFinder
|
4
|
+
module Version
|
5
|
+
# Version finder using JavaScript Variable method
|
6
|
+
class JavascriptVar < WPScan::Finders::DynamicFinder::Version::Finder
|
7
|
+
# @return [ Hash ]
|
8
|
+
def self.child_class_constants
|
9
|
+
@child_class_constants ||= super().merge(
|
10
|
+
XPATH: '//script[not(@src)]', VERSION_KEY: nil,
|
11
|
+
PATTERN: nil, CONFIDENCE: 60
|
12
|
+
)
|
13
|
+
end
|
14
|
+
|
15
|
+
# @param [ Typhoeus::Response ] response
|
16
|
+
# @param [ Hash ] opts
|
17
|
+
# @return [ Version ]
|
18
|
+
def find(response, _opts = {})
|
19
|
+
target.xpath_pattern_from_page(
|
20
|
+
self.class::XPATH, self.class::PATTERN, response
|
21
|
+
) do |match_data, _node|
|
22
|
+
next unless (version_number = version_number_from_match_data(match_data))
|
23
|
+
|
24
|
+
# If the text to be output in the interesting_entries is > 50 chars,
|
25
|
+
# get 20 chars before and after (when possible) the detected version instead
|
26
|
+
match = match_data.to_s
|
27
|
+
match = match[/.*?(.{,20}#{Regexp.escape(version_number)}.{,20}).*/, 1] if match.size > 50
|
28
|
+
|
29
|
+
return create_version(
|
30
|
+
version_number,
|
31
|
+
interesting_entries: ["#{response.effective_url}, Match: '#{match.strip}'"]
|
32
|
+
)
|
33
|
+
end
|
34
|
+
nil
|
35
|
+
end
|
36
|
+
|
37
|
+
# @param [ MatchData ] match_data
|
38
|
+
# @return [ String ]
|
39
|
+
def version_number_from_match_data(match_data)
|
40
|
+
if self.class::VERSION_KEY
|
41
|
+
begin
|
42
|
+
json = JSON.parse("{#{match_data[:json].strip.tr("'", '"')}}")
|
43
|
+
rescue JSON::ParserError
|
44
|
+
return
|
45
|
+
end
|
46
|
+
|
47
|
+
json.dig(*self.class::VERSION_KEY.split(':'))
|
48
|
+
else
|
49
|
+
match_data[:v]
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
module WPScan
|
2
|
+
module Finders
|
3
|
+
module DynamicFinder
|
4
|
+
module Version
|
5
|
+
# Version finder using QueryParameter method
|
6
|
+
class QueryParameter < WPScan::Finders::DynamicFinder::Version::Finder
|
7
|
+
# @return [ Hash ]
|
8
|
+
def self.child_class_constants
|
9
|
+
@child_class_constants ||= super().merge(
|
10
|
+
XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)\=(?<v>\d+\.[\.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
|
11
|
+
)
|
12
|
+
end
|
13
|
+
|
14
|
+
# @param [ Typhoeus::Response ] response
|
15
|
+
# @param [ Hash ] opts
|
16
|
+
# @return [ Array<Version>, nil ]
|
17
|
+
def find(response, _opts = {})
|
18
|
+
found = []
|
19
|
+
|
20
|
+
scan_response(response).each do |version_number, occurences|
|
21
|
+
found << create_version(
|
22
|
+
version_number,
|
23
|
+
confidence: self.class::CONFIDENCE_PER_OCCURENCE * occurences.size,
|
24
|
+
interesting_entries: occurences
|
25
|
+
)
|
26
|
+
end
|
27
|
+
|
28
|
+
found.compact
|
29
|
+
end
|
30
|
+
|
31
|
+
# @param [ Typhoeus::Response ] response
|
32
|
+
# @return [ Hash ]
|
33
|
+
def scan_response(response)
|
34
|
+
found = {}
|
35
|
+
|
36
|
+
target.in_scope_urls(response, xpath) do |url, _tag|
|
37
|
+
uri = Addressable::URI.parse(url)
|
38
|
+
|
39
|
+
next unless uri.path =~ path_pattern && uri.query&.match(self.class::PATTERN)
|
40
|
+
version = Regexp.last_match[:v].to_s
|
41
|
+
|
42
|
+
found[version] ||= []
|
43
|
+
found[version] << url
|
44
|
+
end
|
45
|
+
|
46
|
+
found
|
47
|
+
end
|
48
|
+
|
49
|
+
# @return [ String ]
|
50
|
+
def xpath
|
51
|
+
@xpath ||= self.class::XPATH || '//link[@href]|//script[@src]'
|
52
|
+
end
|
53
|
+
|
54
|
+
# @return [ Regexp ]
|
55
|
+
def path_pattern
|
56
|
+
@path_pattern ||= %r{/(?:#{self.class::FILES.join('|')})\z}i
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module WPScan
|
2
|
+
module Finders
|
3
|
+
module DynamicFinder
|
4
|
+
module Version
|
5
|
+
# Version finder using Xpath method
|
6
|
+
class Xpath < WPScan::Finders::DynamicFinder::Version::Finder
|
7
|
+
# @return [ Hash ]
|
8
|
+
def self.child_class_constants
|
9
|
+
@child_class_constants ||= super().merge(
|
10
|
+
XPATH: nil, PATTERN: /\A(?<v>\d+\.[\.\d]+)/, CONFIDENCE: 60
|
11
|
+
)
|
12
|
+
end
|
13
|
+
|
14
|
+
# @param [ Typhoeus::Response ] response
|
15
|
+
# @param [ Hash ] opts
|
16
|
+
# @return [ Version ]
|
17
|
+
def find(response, _opts = {})
|
18
|
+
target.xpath_pattern_from_page(
|
19
|
+
self.class::XPATH, self.class::PATTERN, response
|
20
|
+
) do |match_data, _node|
|
21
|
+
next unless match_data[:v]
|
22
|
+
|
23
|
+
return create_version(
|
24
|
+
match_data[:v],
|
25
|
+
interesting_entries: ["#{response.effective_url}, Match: '#{match_data}'"]
|
26
|
+
)
|
27
|
+
end
|
28
|
+
nil
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
module WPScan
|
2
|
+
module Finders
|
3
|
+
module DynamicFinder
|
4
|
+
module WpItemVersion
|
5
|
+
class BodyPattern < WPScan::Finders::DynamicFinder::Version::BodyPattern
|
6
|
+
end
|
7
|
+
|
8
|
+
class Comment < WPScan::Finders::DynamicFinder::Version::Comment
|
9
|
+
end
|
10
|
+
|
11
|
+
class ConfigParser < WPScan::Finders::DynamicFinder::Version::ConfigParser
|
12
|
+
end
|
13
|
+
|
14
|
+
class HeaderPattern < WPScan::Finders::DynamicFinder::Version::HeaderPattern
|
15
|
+
end
|
16
|
+
|
17
|
+
class JavascriptVar < WPScan::Finders::DynamicFinder::Version::JavascriptVar
|
18
|
+
end
|
19
|
+
|
20
|
+
class QueryParameter < WPScan::Finders::DynamicFinder::Version::QueryParameter
|
21
|
+
# @return [ Regexp ]
|
22
|
+
def path_pattern
|
23
|
+
# TODO: consider the target.blog.themes_dir if the target is a Theme (maybe implement a WpItem#item_dir ?)
|
24
|
+
@path_pattern ||= %r{
|
25
|
+
#{Regexp.escape(target.blog.plugins_dir)}/
|
26
|
+
#{Regexp.escape(target.slug)}/
|
27
|
+
(?:#{self.class::FILES.join('|')})\z
|
28
|
+
}ix
|
29
|
+
end
|
30
|
+
|
31
|
+
def xpath
|
32
|
+
@xpath ||= self.class::XPATH ||
|
33
|
+
"//link[contains(@href,'#{target.slug}')]|//script[contains(@src,'#{target.slug}')]"
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
class Xpath < WPScan::Finders::DynamicFinder::Version::Xpath
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,96 @@
|
|
1
|
+
module WPScan
|
2
|
+
module Finders
|
3
|
+
module DynamicFinder
|
4
|
+
module WpItems
|
5
|
+
# Not really a dynamic finder in itself (hence not a child class of DynamicFinder::Finder)
|
6
|
+
# but will use the dynamic finder DB configs to find collections of
|
7
|
+
# WpItems (such as Plugins and Themes)
|
8
|
+
#
|
9
|
+
# Also used to factorise some code used between such finders.
|
10
|
+
# The #process_response should be implemented in each child class, or the
|
11
|
+
# #passive and #aggressive overriden
|
12
|
+
class Finder < CMSScanner::Finders::Finder
|
13
|
+
# @return [ Hash ] The related dynamic finder passive configurations
|
14
|
+
# for the current class (all its usefullness comes from child classes)
|
15
|
+
def passive_configs
|
16
|
+
# So far only the Plugins have dynamic finders so using DB:: DynamicFinders::Plugin
|
17
|
+
# is ok. However, when Themes have some, will need to create other child classes for them
|
18
|
+
|
19
|
+
method = "passive_#{self.class.to_s.demodulize.underscore}_finder_configs".to_sym
|
20
|
+
|
21
|
+
DB::DynamicFinders::Plugin.public_send(method)
|
22
|
+
end
|
23
|
+
|
24
|
+
# @param [ Hash ] opts
|
25
|
+
#
|
26
|
+
# @return [ Array<Plugin>, Array<Theme> ]
|
27
|
+
def passive(opts = {})
|
28
|
+
found = []
|
29
|
+
|
30
|
+
passive_configs.each do |slug, configs|
|
31
|
+
configs.each do |klass, config|
|
32
|
+
item = process_response(opts, target.homepage_res, slug, klass, config)
|
33
|
+
|
34
|
+
found << item if item.is_a?(WpItem)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
found
|
39
|
+
end
|
40
|
+
|
41
|
+
# @return [ Hash ] The related dynamic finder passive configurations
|
42
|
+
# for the current class (all its usefullness comes from child classes)
|
43
|
+
def aggressive_configs
|
44
|
+
# So far only the Plugins have dynamic finders so using DB:: DynamicFinders::Plugin
|
45
|
+
# is ok. However, when Themes have some, will need to create other child classes for them
|
46
|
+
|
47
|
+
method = "aggressive_#{self.class.to_s.demodulize.underscore}_finder_configs".to_sym
|
48
|
+
|
49
|
+
DB::DynamicFinders::Plugin.public_send(method)
|
50
|
+
end
|
51
|
+
|
52
|
+
# @param [ Hash ] opts
|
53
|
+
#
|
54
|
+
# @return [ Array<Plugin>, Array<Theme> ]
|
55
|
+
def aggressive(_opts = {})
|
56
|
+
# Disable this as it would make quite a lot of extra requests just to find plugins/themes
|
57
|
+
# Kept the original method below for future implementation
|
58
|
+
end
|
59
|
+
|
60
|
+
# @param [ Hash ] opts
|
61
|
+
#
|
62
|
+
# @return [ Array<Plugin>, Array<Theme> ]
|
63
|
+
def aggressive_(opts = {})
|
64
|
+
found = []
|
65
|
+
|
66
|
+
aggressive_configs.each do |slug, configs|
|
67
|
+
configs.each do |klass, config|
|
68
|
+
path = aggressive_path(slug, config)
|
69
|
+
response = Browser.get(target.url(path))
|
70
|
+
|
71
|
+
item = process_response(opts, response, slug, klass, config)
|
72
|
+
|
73
|
+
found << item if item.is_a?(WpItem)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
found
|
78
|
+
end
|
79
|
+
|
80
|
+
# @param [ String ] slug
|
81
|
+
# @param [ Hash ] config from the YAML file with he 'path' key
|
82
|
+
#
|
83
|
+
# @return [ String ] The path related to the aggresive configuration
|
84
|
+
# ie config['path'] if it's an absolute path (like /file.txt)
|
85
|
+
# or the path from inside the related plugin directory
|
86
|
+
def aggressive_path(slug, config)
|
87
|
+
return config['path'] if config['path'][0] == '/'
|
88
|
+
|
89
|
+
# No need to set the correct plugins dir, it will be handled by target.url()
|
90
|
+
"wp-content/plugins/#{slug}/#{config['path']}"
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
module WPScan
|
2
|
+
module Finders
|
3
|
+
module DynamicFinder
|
4
|
+
module WpVersion
|
5
|
+
module Finder
|
6
|
+
def create_version(number, finding_opts)
|
7
|
+
return unless WPScan::WpVersion.valid?(number)
|
8
|
+
|
9
|
+
WPScan::WpVersion.new(number, version_finding_opts(finding_opts))
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
class BodyPattern < WPScan::Finders::DynamicFinder::Version::BodyPattern
|
14
|
+
include Finder
|
15
|
+
end
|
16
|
+
|
17
|
+
class Comment < WPScan::Finders::DynamicFinder::Version::Comment
|
18
|
+
include Finder
|
19
|
+
end
|
20
|
+
|
21
|
+
class HeaderPattern < WPScan::Finders::DynamicFinder::Version::HeaderPattern
|
22
|
+
include Finder
|
23
|
+
end
|
24
|
+
|
25
|
+
class JavascriptVar < WPScan::Finders::DynamicFinder::Version::JavascriptVar
|
26
|
+
include Finder
|
27
|
+
end
|
28
|
+
|
29
|
+
class QueryParameter < WPScan::Finders::DynamicFinder::Version::QueryParameter
|
30
|
+
include Finder
|
31
|
+
|
32
|
+
# @return [ Hash ]
|
33
|
+
def self.child_class_constants
|
34
|
+
@child_class_constants ||= super().merge(PATTERN: /ver\=(?<v>\d+\.[\.\d]+)/i)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
class WpItemQueryParameter < QueryParameter
|
39
|
+
def xpath
|
40
|
+
@xpath ||= self.class::XPATH ||
|
41
|
+
"//link[contains(@href,'#{target.plugins_dir}') or contains(@href,'#{target.themes_dir}')]|" \
|
42
|
+
"//script[contains(@src,'#{target.plugins_dir}') or contains(@src,'#{target.themes_dir}')]"
|
43
|
+
end
|
44
|
+
|
45
|
+
def path_pattern
|
46
|
+
@pattern ||= %r{
|
47
|
+
(?:#{Regexp.escape(target.plugins_dir)}|#{Regexp.escape(target.themes_dir)})/
|
48
|
+
[^/]+/
|
49
|
+
.*\.(?:css|js)\z
|
50
|
+
}ix
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
class Xpath < WPScan::Finders::DynamicFinder::Version::Xpath
|
55
|
+
include Finder
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
data/lib/wpscan/helper.rb
CHANGED
@@ -3,3 +3,14 @@ def read_json_file(file)
|
|
3
3
|
rescue StandardError => e
|
4
4
|
raise "JSON parsing error in #{file} #{e}"
|
5
5
|
end
|
6
|
+
|
7
|
+
# @return [ Symbol ]
|
8
|
+
# @note As a class can not start with a digit or underscore, a D_ is
|
9
|
+
# put as a prefix in such case. Ugly but well :x
|
10
|
+
# Not only used to classify slugs though, but Dynamic Finder names as well
|
11
|
+
def classify_slug(slug)
|
12
|
+
classified = slug.to_s.tr('-', '_').camelize.to_s
|
13
|
+
classified = "D_#{classified}" if classified[0] =~ /\d/
|
14
|
+
|
15
|
+
classified.to_sym
|
16
|
+
end
|
@@ -50,8 +50,23 @@ module WPScan
|
|
50
50
|
plugins_uri.to_s
|
51
51
|
end
|
52
52
|
|
53
|
+
# @return [ String ]
|
54
|
+
def themes_dir
|
55
|
+
@themes_dir ||= "#{content_dir}/themes"
|
56
|
+
end
|
57
|
+
|
58
|
+
# @return [ Addressable::URI ]
|
59
|
+
def themes_uri
|
60
|
+
uri.join("#{themes_dir}/")
|
61
|
+
end
|
62
|
+
|
63
|
+
# @return [ String ]
|
64
|
+
def themes_url
|
65
|
+
themes_uri.to_s
|
66
|
+
end
|
67
|
+
|
53
68
|
# TODO: Factorise the code and the content_dir one ?
|
54
|
-
# @return [ String, False ]
|
69
|
+
# @return [ String, False ] String of the sub_dir found, false otherwise
|
55
70
|
# @note: nil can not be returned here, otherwise if there is no sub_dir
|
56
71
|
# the check would be done each time
|
57
72
|
def sub_dir
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: wpscan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0
|
4
|
+
version: 3.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-01-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: cms_scanner
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.0.
|
19
|
+
version: 0.0.39.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.0.
|
26
|
+
version: 0.0.39.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: activesupport
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,14 +128,14 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 0.
|
131
|
+
version: 0.52.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 0.
|
138
|
+
version: 0.52.0
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: simplecov
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -156,14 +156,14 @@ dependencies:
|
|
156
156
|
requirements:
|
157
157
|
- - "~>"
|
158
158
|
- !ruby/object:Gem::Version
|
159
|
-
version:
|
159
|
+
version: 3.2.0
|
160
160
|
type: :development
|
161
161
|
prerelease: false
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
163
163
|
requirements:
|
164
164
|
- - "~>"
|
165
165
|
- !ruby/object:Gem::Version
|
166
|
-
version:
|
166
|
+
version: 3.2.0
|
167
167
|
description: WPScan is a black box WordPress vulnerability scanner.
|
168
168
|
email:
|
169
169
|
- team@wpscan.org
|
@@ -176,6 +176,7 @@ files:
|
|
176
176
|
- README.md
|
177
177
|
- app/app.rb
|
178
178
|
- app/controllers.rb
|
179
|
+
- app/controllers/aliases.rb
|
179
180
|
- app/controllers/brute_force.rb
|
180
181
|
- app/controllers/core.rb
|
181
182
|
- app/controllers/custom_directories.rb
|
@@ -207,18 +208,17 @@ files:
|
|
207
208
|
- app/finders/medias.rb
|
208
209
|
- app/finders/medias/attachment_brute_forcing.rb
|
209
210
|
- app/finders/plugin_version.rb
|
210
|
-
- app/finders/plugin_version/layer_slider/translation_file.rb
|
211
211
|
- app/finders/plugin_version/readme.rb
|
212
|
-
- app/finders/plugin_version/revslider/release_log.rb
|
213
|
-
- app/finders/plugin_version/shareaholic/meta_tag.rb
|
214
|
-
- app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb
|
215
|
-
- app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb
|
216
|
-
- app/finders/plugin_version/w3_total_cache/headers.rb
|
217
212
|
- app/finders/plugins.rb
|
218
|
-
- app/finders/plugins/
|
219
|
-
- app/finders/plugins/
|
213
|
+
- app/finders/plugins/body_pattern.rb
|
214
|
+
- app/finders/plugins/comment.rb
|
215
|
+
- app/finders/plugins/config_parser.rb
|
216
|
+
- app/finders/plugins/header_pattern.rb
|
217
|
+
- app/finders/plugins/javascript_var.rb
|
220
218
|
- app/finders/plugins/known_locations.rb
|
219
|
+
- app/finders/plugins/query_parameter.rb
|
221
220
|
- app/finders/plugins/urls_in_homepage.rb
|
221
|
+
- app/finders/plugins/xpath.rb
|
222
222
|
- app/finders/theme_version.rb
|
223
223
|
- app/finders/theme_version/style.rb
|
224
224
|
- app/finders/theme_version/woo_framework_meta_generator.rb
|
@@ -239,16 +239,10 @@ files:
|
|
239
239
|
- app/finders/wp_items/urls_in_homepage.rb
|
240
240
|
- app/finders/wp_version.rb
|
241
241
|
- app/finders/wp_version/atom_generator.rb
|
242
|
-
- app/finders/wp_version/homepage_stylesheet_numbers.rb
|
243
|
-
- app/finders/wp_version/install_stylesheet_numbers.rb
|
244
|
-
- app/finders/wp_version/meta_generator.rb
|
245
|
-
- app/finders/wp_version/opml_generator.rb
|
246
242
|
- app/finders/wp_version/rdf_generator.rb
|
247
243
|
- app/finders/wp_version/readme.rb
|
248
244
|
- app/finders/wp_version/rss_generator.rb
|
249
|
-
- app/finders/wp_version/sitemap_generator.rb
|
250
245
|
- app/finders/wp_version/unique_fingerprinting.rb
|
251
|
-
- app/finders/wp_version/upgrade_stylesheet_numbers.rb
|
252
246
|
- app/models.rb
|
253
247
|
- app/models/config_backup.rb
|
254
248
|
- app/models/interesting_finding.rb
|
@@ -304,7 +298,10 @@ files:
|
|
304
298
|
- lib/wpscan/controller.rb
|
305
299
|
- lib/wpscan/controllers.rb
|
306
300
|
- lib/wpscan/db.rb
|
307
|
-
- lib/wpscan/db/dynamic_finders.rb
|
301
|
+
- lib/wpscan/db/dynamic_finders/base.rb
|
302
|
+
- lib/wpscan/db/dynamic_finders/plugin.rb
|
303
|
+
- lib/wpscan/db/dynamic_finders/theme.rb
|
304
|
+
- lib/wpscan/db/dynamic_finders/wordpress.rb
|
308
305
|
- lib/wpscan/db/fingerprints.rb
|
309
306
|
- lib/wpscan/db/plugin.rb
|
310
307
|
- lib/wpscan/db/plugins.rb
|
@@ -318,7 +315,18 @@ files:
|
|
318
315
|
- lib/wpscan/errors/update.rb
|
319
316
|
- lib/wpscan/errors/wordpress.rb
|
320
317
|
- lib/wpscan/finders.rb
|
321
|
-
- lib/wpscan/finders/finder
|
318
|
+
- lib/wpscan/finders/dynamic_finder/finder.rb
|
319
|
+
- lib/wpscan/finders/dynamic_finder/version/body_pattern.rb
|
320
|
+
- lib/wpscan/finders/dynamic_finder/version/comment.rb
|
321
|
+
- lib/wpscan/finders/dynamic_finder/version/config_parser.rb
|
322
|
+
- lib/wpscan/finders/dynamic_finder/version/finder.rb
|
323
|
+
- lib/wpscan/finders/dynamic_finder/version/header_pattern.rb
|
324
|
+
- lib/wpscan/finders/dynamic_finder/version/javascript_var.rb
|
325
|
+
- lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
|
326
|
+
- lib/wpscan/finders/dynamic_finder/version/xpath.rb
|
327
|
+
- lib/wpscan/finders/dynamic_finder/wp_item_version.rb
|
328
|
+
- lib/wpscan/finders/dynamic_finder/wp_items/finder.rb
|
329
|
+
- lib/wpscan/finders/dynamic_finder/wp_version.rb
|
322
330
|
- lib/wpscan/finders/finder/wp_version/smart_url_checker.rb
|
323
331
|
- lib/wpscan/helper.rb
|
324
332
|
- lib/wpscan/references.rb
|