RubyGems - wpscan - Versions diffs - 3.0.8 → 3.1.0 - Mend

wpscan 3.0.8 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

checksums.yaml +4 -4
data/LICENSE +1 -1
data/README.md +1 -1
data/app/controllers.rb +1 -0
data/app/controllers/aliases.rb +12 -0
data/app/controllers/core.rb +3 -5
data/app/controllers/enumeration.rb +2 -28
data/app/controllers/enumeration/enum_methods.rb +12 -2
data/app/controllers/wp_version.rb +4 -0
data/app/finders/main_theme/css_style.rb +2 -2
data/app/finders/main_theme/urls_in_homepage.rb +3 -3
data/app/finders/plugin_version.rb +1 -8
data/app/finders/plugins.rb +13 -4
data/app/finders/plugins/body_pattern.rb +27 -0
data/app/finders/plugins/comment.rb +31 -0
data/app/finders/plugins/config_parser.rb +31 -0
data/app/finders/plugins/header_pattern.rb +41 -0
data/app/finders/plugins/javascript_var.rb +29 -0
data/app/finders/plugins/known_locations.rb +5 -5
data/app/finders/plugins/query_parameter.rb +25 -0
data/app/finders/plugins/urls_in_homepage.rb +4 -8
data/app/finders/plugins/xpath.rb +29 -0
data/app/finders/theme_version.rb +1 -1
data/app/finders/theme_version/woo_framework_meta_generator.rb +2 -2
data/app/finders/themes/known_locations.rb +5 -5
data/app/finders/themes/urls_in_homepage.rb +2 -2
data/app/finders/users/login_error_messages.rb +1 -4
data/app/finders/users/wp_json_api.rb +2 -2
data/app/finders/wp_items/urls_in_homepage.rb +1 -1
data/app/finders/wp_version.rb +21 -18
data/app/models/plugin.rb +4 -4
data/app/models/theme.rb +6 -6
data/app/models/timthumb.rb +1 -3
data/app/models/wp_item.rb +15 -15
data/app/views/json/enumeration/plugins.erb +1 -1
data/app/views/json/enumeration/themes.erb +1 -1
data/app/views/json/wp_item.erb +1 -1
data/bin/wpscan +2 -1
data/lib/wpscan/db.rb +14 -10
data/lib/wpscan/db/dynamic_finders/base.rb +41 -0
data/lib/wpscan/db/dynamic_finders/plugin.rb +111 -0
data/lib/wpscan/db/dynamic_finders/theme.rb +16 -0
data/lib/wpscan/db/dynamic_finders/wordpress.rb +75 -0
data/lib/wpscan/db/updater.rb +2 -2
data/lib/wpscan/finders.rb +13 -1
data/lib/wpscan/finders/dynamic_finder/finder.rb +66 -0
data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +28 -0
data/lib/wpscan/finders/dynamic_finder/version/comment.rb +16 -0
data/lib/wpscan/finders/dynamic_finder/version/config_parser.rb +52 -0
data/lib/wpscan/finders/dynamic_finder/version/finder.rb +29 -0
data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +28 -0
data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +56 -0
data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +62 -0
data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +34 -0
data/lib/wpscan/finders/dynamic_finder/wp_item_version.rb +42 -0
data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +96 -0
data/lib/wpscan/finders/dynamic_finder/wp_version.rb +60 -0
data/lib/wpscan/helper.rb +11 -0
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +16 -1
data/lib/wpscan/version.rb +1 -1
metadata +32 -24
data/app/finders/plugin_version/layer_slider/translation_file.rb +0 -40
data/app/finders/plugin_version/revslider/release_log.rb +0 -35
data/app/finders/plugin_version/shareaholic/meta_tag.rb +0 -27
data/app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb +0 -27
data/app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb +0 -31
data/app/finders/plugin_version/w3_total_cache/headers.rb +0 -28
data/app/finders/plugins/comments.rb +0 -31
data/app/finders/plugins/headers.rb +0 -36
data/app/finders/wp_version/homepage_stylesheet_numbers.rb +0 -59
data/app/finders/wp_version/install_stylesheet_numbers.rb +0 -16
data/app/finders/wp_version/meta_generator.rb +0 -27
data/app/finders/wp_version/opml_generator.rb +0 -23
data/app/finders/wp_version/sitemap_generator.rb +0 -23
data/app/finders/wp_version/upgrade_stylesheet_numbers.rb +0 -13
data/lib/wpscan/db/dynamic_finders.rb +0 -55
data/lib/wpscan/finders/finder/plugin_version/comments.rb +0 -27

data/app/finders/plugin_version/layer_slider/translation_file.rb DELETED Viewed

@@ -1,40 +0,0 @@
-module WPScan
-  module Finders
-    module PluginVersion
-      module LayerSlider
-        # Version from a Translation file
-        #
-        # See https://github.com/wpscanteam/wpscan/issues/765
-        class TranslationFile < CMSScanner::Finders::Finder
-          # @param [ Hash ] opts
-          #
-          # @return [ Version ]
-          def aggressive(_opts = {})
-            potential_urls.each do |url|
-              res = Browser.get(url)
-              next unless res.code == 200 && res.body =~ /Project-Id-Version: LayerSlider WP v?([0-9\.][^\\\s]+)/
-              return WPScan::Version.new(
-                Regexp.last_match[1],
-                found_by: 'Translation File (Aggressive Detection)',
-                confidence: 90,
-                interesting_entries: ["#{url}, Match: '#{Regexp.last_match}'"]
-              )
-            end
-            nil
-          end
-          # @return [ Array<String> ] The potential URLs where the version is disclosed
-          def potential_urls
-            # Recent versions seem to use the 'locales' directory instead of the 'languages' one.
-            # Maybe also check other locales ?
-            %w[locales languages].reduce([]) do |a, e|
-              a << target.url("#{e}/LayerSlider-en_US.po")
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/app/finders/plugin_version/revslider/release_log.rb DELETED Viewed

@@ -1,35 +0,0 @@
-module WPScan
-  module Finders
-    module PluginVersion
-      module Revslider
-        # Version from the release_log.html
-        #
-        # See https://github.com/wpscanteam/wpscan/issues/817
-        class ReleaseLog < CMSScanner::Finders::Finder
-          # @param [ Hash ] opts
-          #
-          # @return [ Version ]
-          def aggressive(_opts = {})
-            res = Browser.get(release_log_url)
-            res.html.css('h3.version-number:first').each do |node|
-              next unless node.text =~ /\AVersion ([0-9\.]+).*\z/i
-              return WPScan::Version.new(
-                Regexp.last_match[1],
-                found_by: found_by,
-                confidence: 90,
-                interesting_entries: ["#{release_log_url}, Match: '#{Regexp.last_match}'"]
-              )
-            end
-            nil
-          end
-          def release_log_url
-            target.url('release_log.html')
-          end
-        end
-      end
-    end
-  end
-end

data/app/finders/plugin_version/shareaholic/meta_tag.rb DELETED Viewed

@@ -1,27 +0,0 @@
-module WPScan
-  module Finders
-    module PluginVersion
-      module Shareaholic
-        # Version from the meta
-        class MetaTag < CMSScanner::Finders::Finder
-          # @param [ Hash ] opts
-          #
-          # @return [ Version ]
-          def passive(_opts = {})
-            target.target.homepage_res.html.css('meta[name="shareaholic:wp_version"]').each do |node|
-              next unless node['content'] =~ /\A([0-9\.]+)/i
-              return WPScan::Version.new(
-                Regexp.last_match(1),
-                found_by: found_by,
-                confidence: 50,
-                interesting_entries: ["#{target.target.url}, Match: '#{node.to_s.strip}'"]
-              )
-            end
-            nil
-          end
-        end
-      end
-    end
-  end
-end

data/app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb DELETED Viewed

@@ -1,27 +0,0 @@
-module WPScan
-  module Finders
-    module PluginVersion
-      module SitepressMultilingualCms
-        # Version from the meta generator
-        class MetaGenerator < CMSScanner::Finders::Finder
-          # @param [ Hash ] opts
-          #
-          # @return [ Version ]
-          def passive(_opts = {})
-            target.target.homepage_res.html.css('meta[name="generator"]').each do |node|
-              next unless node['content'] =~ /\AWPML\sver:([0-9\.]+)\sstt/i
-              return WPScan::Version.new(
-                Regexp.last_match(1),
-                found_by: 'Meta Generator (Passive detection)',
-                confidence: 50,
-                interesting_entries: ["#{target.target.url}, Match: '#{node}'"]
-              )
-            end
-            nil
-          end
-        end
-      end
-    end
-  end
-end

data/app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb DELETED Viewed

@@ -1,31 +0,0 @@
-module WPScan
-  module Finders
-    module PluginVersion
-      module SitepressMultilingualCms
-        # Version from the v parameter in href / src of stylesheets / scripts
-        class VersionParameter < CMSScanner::Finders::Finder
-          # @param [ Hash ] opts
-          #
-          # @return [ Version ]
-          def passive(_opts = {})
-            pattern = %r{#{Regexp.escape(target.target.plugins_dir)}/sitepress-multilingual-cms/}i
-            target.target.in_scope_urls(target.target.homepage_res, '//link|//script') do |url|
-              uri = Addressable::URI.parse(url)
-              next unless uri.path =~ pattern && uri.query =~ /v=([0-9\.]+)/
-              return WPScan::Version.new(
-                Regexp.last_match[1],
-                found_by: found_by,
-                confidence: 50,
-                interesting_entries: [url]
-              )
-            end
-            nil
-          end
-        end
-      end
-    end
-  end
-end

data/app/finders/plugin_version/w3_total_cache/headers.rb DELETED Viewed

@@ -1,28 +0,0 @@
-module WPScan
-  module Finders
-    module PluginVersion
-      module W3TotalCache
-        # Version from Headers
-        class Headers < CMSScanner::Finders::Finder
-          PATTERN = %r{W3 Total Cache/([0-9.]+)}i
-          # @param [ Hash ] opts
-          #
-          # @return [ Version ]
-          def passive(_opts = {})
-            headers = target.target.headers
-            return unless headers && headers['X-Powered-By'].to_s =~ PATTERN
-            WPScan::Version.new(
-              Regexp.last_match[1],
-              found_by: found_by,
-              confidence: 80,
-              interesting_entries: ["#{target.target.url}, Match: '#{Regexp.last_match}'"]
-            )
-          end
-        end
-      end
-    end
-  end
-end

data/app/finders/plugins/comments.rb DELETED Viewed

@@ -1,31 +0,0 @@
-module WPScan
-  module Finders
-    module Plugins
-      # Plugins from Comments Finder
-      class Comments < CMSScanner::Finders::Finder
-        # @param [ Hash ] opts
-        # @option opts [ Boolean ] :unique Default: true
-        #
-        # @return [ Array<Plugin> ]
-        def passive(opts = {})
-          found         = []
-          opts[:unique] = true unless opts.key?(:unique)
-          target.homepage_res.html.xpath('//comment()').each do |node|
-            comment = node.text.to_s.strip
-            DB::DynamicPluginFinders.comments.each do |name, config|
-              next unless comment =~ config['pattern']
-              plugin = WPScan::Plugin.new(name, target, opts.merge(found_by: found_by, confidence: 70))
-              found << plugin unless opts[:unique] && found.include?(plugin)
-            end
-          end
-          found
-        end
-      end
-    end
-  end
-end

data/app/finders/plugins/headers.rb DELETED Viewed

@@ -1,36 +0,0 @@
-module WPScan
-  module Finders
-    module Plugins
-      # Plugins from Headers Finder
-      class Headers < CMSScanner::Finders::Finder
-        # @param [ Hash ] opts
-        #
-        # @return [ Array<Plugin> ]
-        def passive(opts = {})
-          plugin_names_from_headers(opts).reduce([]) do |a, e|
-            a << WPScan::Plugin.new(e, target, opts.merge(found_by: found_by, confidence: 60))
-          end
-        end
-        # X-Powered-By: W3 Total Cache/0.9.2.5
-        # WP-Super-Cache: Served supercache file from PHP
-        #
-        # @return [ Array<String> ]
-        def plugin_names_from_headers(_opts = {})
-          found   = []
-          headers = target.homepage_res.headers
-          if headers
-            powered_by     = headers['X-Powered-By'].to_s
-            wp_super_cache = headers['wp-super-cache'].to_s
-            found << 'w3-total-cache' if powered_by =~ Finders::PluginVersion::W3TotalCache::Headers::PATTERN
-            found << 'wp-super-cache' if wp_super_cache =~ /supercache/i
-          end
-          found
-        end
-      end
-    end
-  end
-end

data/app/finders/wp_version/homepage_stylesheet_numbers.rb DELETED Viewed

@@ -1,59 +0,0 @@
-module WPScan
-  module Finders
-    module WpVersion
-      # Stylesheets Version Finder from Homepage
-      #
-      # TODO: Maybe put such methods in the CMSScanner to have a generic
-      # way of getting those versions, and allow the confidence to be
-      # customised
-      class HomepageStylesheetNumbers < CMSScanner::Finders::Finder
-        # @return [ Array<WpVersion> ]
-        def passive(_opts = {})
-          wp_versions(target.homepage_url)
-        end
-        protected
-        # @param [ String ] url
-        #
-        # @return [ Array<WpVersion> ]
-        def wp_versions(url)
-          found = []
-          scan_page(url).each do |version_number, occurences|
-            next unless WPScan::WpVersion.valid?(version_number) # Skip invalid versions
-            found << WPScan::WpVersion.new(
-              version_number,
-              found_by: found_by,
-              confidence: 5 * occurences.count,
-              interesting_entries: occurences
-            )
-          end
-          found
-        end
-        # @param [ String ] url
-        #
-        # @return [ Hash ]
-        def scan_page(url)
-          found   = {}
-          pattern = /\bver=([0-9\.]+)/i
-          target.in_scope_urls(Browser.get(url), '//link|//script') do |stylesheet_url, _tag|
-            uri = Addressable::URI.parse(stylesheet_url)
-            next unless uri.query&.match(pattern)
-            version = Regexp.last_match[1].to_s
-            found[version] ||= []
-            found[version] << stylesheet_url
-          end
-          found
-        end
-      end
-    end
-  end
-end

data/app/finders/wp_version/install_stylesheet_numbers.rb DELETED Viewed

@@ -1,16 +0,0 @@
-module WPScan
-  module Finders
-    module WpVersion
-      # Stylesheets Version Finder from Install page
-      class InstallStylesheetNumbers < HomepageStylesheetNumbers
-        # Overrides the parent
-        def passive(_ops = {}); end
-        # @return [ Array<WpVersion> ]
-        def aggressive(_opts = {})
-          wp_versions(target.url('wp-admin/install.php'))
-        end
-      end
-    end
-  end
-end

data/app/finders/wp_version/meta_generator.rb DELETED Viewed

@@ -1,27 +0,0 @@
-module WPScan
-  module Finders
-    module WpVersion
-      # Meta Generator Version Finder
-      class MetaGenerator < CMSScanner::Finders::Finder
-        # @return [ WpVersion ]
-        def passive(_opts = {})
-          target.homepage_res.html.css('meta[name="generator"]').each do |node|
-            next unless node.attribute('content').to_s =~ /wordpress ([0-9\.]+)/i
-            number = Regexp.last_match(1)
-            next unless WPScan::WpVersion.valid?(number)
-            return WPScan::WpVersion.new(
-              number,
-              found_by: 'Meta Generator (Passive detection)',
-              confidence: 80,
-              interesting_entries: ["#{target.url}, Match: '#{node.to_s.strip}'"]
-            )
-          end
-          nil
-        end
-      end
-    end
-  end
-end

data/app/finders/wp_version/opml_generator.rb DELETED Viewed

@@ -1,23 +0,0 @@
-module WPScan
-  module Finders
-    module WpVersion
-      # Sitemap Generator Version Finder
-      class OpmlGenerator < CMSScanner::Finders::Finder
-        # @return [ WpVersion ]
-        def aggressive(_opts = {})
-          target.comments_from_page(%r{\Agenerator="wordpress/([^"]+)"\z}i, 'wp-links-opml.php') do |match, node|
-            next unless WPScan::WpVersion.valid?(match[1])
-            return WPScan::WpVersion.new(
-              match[1],
-              found_by: 'OPML Generator (Aggressive Detection)',
-              confidence: 80,
-              interesting_entries: ["#{target.url('wp-links-opml.php')}, Match: '#{node.to_s.strip}'"]
-            )
-          end
-          nil
-        end
-      end
-    end
-  end
-end

data/app/finders/wp_version/sitemap_generator.rb DELETED Viewed

@@ -1,23 +0,0 @@
-module WPScan
-  module Finders
-    module WpVersion
-      # Sitemap Generator Version Finder
-      class SitemapGenerator < CMSScanner::Finders::Finder
-        # @return [ WpVersion ]
-        def aggressive(_opts = {})
-          target.comments_from_page(%r{\Agenerator="wordpress/([^"]+)"\z}i, 'sitemap.xml') do |match, node|
-            next unless WPScan::WpVersion.valid?(match[1])
-            return WPScan::WpVersion.new(
-              match[1],
-              found_by: 'Sitemap Generator (Aggressive Detection)',
-              confidence: 80,
-              interesting_entries: ["#{target.url('sitemap.xml')}, #{node.to_s.strip}"]
-            )
-          end
-          nil
-        end
-      end
-    end
-  end
-end

data/app/finders/wp_version/upgrade_stylesheet_numbers.rb DELETED Viewed

@@ -1,13 +0,0 @@
-module WPScan
-  module Finders
-    module WpVersion
-      # Stylesheets Version Finder from Upgrade page
-      class UpgradeStylesheetNumbers < InstallStylesheetNumbers
-        # @return [ Array<WpVersion> ]
-        def aggressive(_opts = {})
-          wp_versions(target.url('wp-admin/upgrade.php'))
-        end
-      end
-    end
-  end
-end

data/lib/wpscan/db/dynamic_finders.rb DELETED Viewed

@@ -1,55 +0,0 @@
-module WPScan
-  module DB
-    # Dynamic Finders
-    class DynamicFinders
-      # @return [ String ]
-      def self.db_file
-        @db_file ||= File.join(DB_DIR, 'dynamic_finders_01.yml')
-      end
-      # @return [ Hash ]
-      def self.db_data
-        @db_data ||= YAML.safe_load(File.read(db_file), [Regexp])
-      end
-      # @return [ Hash ]
-      def self.finder_configs(finder_klass)
-        configs = {}
-        db_data.each do |slug, config|
-          next unless config[finder_klass]
-          configs[slug] = config[finder_klass].dup
-        end
-        configs
-      end
-    end
-    # Dynamic Plugin Finders
-    class DynamicPluginFinders < DynamicFinders
-      # @return [ Hash ]
-      def self.db_data
-        @db_data ||= super['plugins'] || {}
-      end
-      # @return [ Hash ]
-      def self.comments
-        @comments ||= finder_configs('Comments')
-      end
-      # @return [ Hash ]
-      def self.urls_in_page
-        @urls_in_page ||= finder_configs('UrlsInPage')
-      end
-    end
-    # Dynamic Theme Finders (none ATM)
-    class DynamicThemeFinders < DynamicFinders
-      # @return [ Hash ]
-      def self.db_data
-        @db_data ||= super['themes'] || {}
-      end
-    end
-  end
-end