wpscan 3.3.1 → 3.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b77bc527248669714e48a9a4d3549575b029006c
-  data.tar.gz: 68e93f30dc5261b5b7243068141ac1cc4c5de17a
+  metadata.gz: 8dda343622bf0697b7550b1254b6ca134d008dd6
+  data.tar.gz: 37e9aea11ee2b721556f7d79f46f5a9e0c51cbb4
 SHA512:
-  metadata.gz: b03bb631c5ef92997b39be32bb14aed714b0a080f4d3295a3bcda867d2be642e98b0694f3c20d394aa516a104dc53f48bc61a7ffdc9081ab1e0887c47ea63661
-  data.tar.gz: 17af60085bfdc2bccb8fd01fcb91257c91530e577b13a7b84e64b66d7c9b1bea2ecc838bc7c33d83b8b9874a53db72036329b1dada36970ab7b0ff3a08059f75
+  metadata.gz: 441dc0b1704f815839579727c46f7c5b3f32dc4f4e80fe6b06f60397494f28ff29ce5d0efdd70b2d22cdad7c78a21a175d89c58f5910447aa11832906ac97654
+  data.tar.gz: c6513a30c849d6de42da986703caa8810c3d45dddfadb96e661d1ffdc661bf57b4425a7f9b035bcfd0edd566b14cd481c1ecc9555343033d68154eddd4aedc1e

data/LICENSE

@@ -0,0 +1,74 @@
+WPScan Public Source License
+
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team.
+
+Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
+
+1. Definitions
+
+1.1 “License” means this document.
+1.2 “Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
+1.3 “WPScan Team” means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
+
+2. Commercialization
+
+A commercial use is one intended for commercial advantage or monetary compensation.
+
+Example cases of commercialization are:
+
+ - Using WPScan to provide commercial managed/Software-as-a-Service services.
+ - Distributing WPScan as a commercial product or as part of one.
+ - Using WPScan as a value added service/product.
+
+Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
+
+ - Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
+ - Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
+ - Using WPScan to test your own systems.
+ - Any non-commercial use of WPScan.
+
+If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
+
+We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
+
+Free-use Terms and Conditions;
+
+3. Redistribution
+
+Redistribution is permitted under the following conditions:
+
+ - Unmodified License is provided with WPScan.
+ - Unmodified Copyright notices are provided with WPScan.
+ - Does not conflict with the commercialization clause.
+
+4. Copying
+
+Copying is permitted so long as it does not conflict with the Redistribution clause.
+
+5. Modification
+
+Modification is permitted so long as it does not conflict with the Redistribution clause.
+
+6. Contributions
+
+Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.
+
+7. Support
+
+WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.
+
+8. Disclaimer of Warranty
+
+WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
+
+9. Limitation of Liability
+
+To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.
+
+10. Disclaimer
+
+Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
+
+11. Trademark
+
+The "wpscan" term is a registered trademark. This License does not grant the use of the "wpscan" trademark or the use of the WPScan logo.

data/README.md

@@ -0,0 +1,157 @@
+![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png "WPScan - WordPress Security Scanner")
+
+[![Gem Version](https://badge.fury.io/rb/wpscan.svg)](https://badge.fury.io/rb/wpscan)
+[![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
+[![Code Climate](https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
+[![Patreon Donate](https://img.shields.io/badge/patreon-donate-green.svg)](https://www.patreon.com/wpscan)
+
+# INSTALL
+
+## Prerequisites:
+
+- Ruby >= 2.3 - Recommended: latest
+- Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
+- RubyGems      - Recommended: latest
+
+### From RubyGems:
+
+```
+gem install wpscan
+```
+
+### From sources:
+
+Prerequisites: Git
+
+```
+git clone https://github.com/wpscanteam/wpscan
+
+cd wpscan/
+
+bundle install && rake install
+```
+
+# Docker
+
+Pull the repo with ```docker pull wpscanteam/wpscan```
+
+# Usage
+
+```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
+As a result, when using the ```--enumerate``` option, don't forget to set the ```--plugins-detection``` accordingly, as its default is 'passive'.
+
+For more options, open a terminal and type ```wpscan --help``` (if you built wpscan from the source, you should type the command outside of the git repo)
+
+The DB is located at ~/.wpscan/db
+
+WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
+
+* ~/.wpscan/cli_options.json
+* ~/.wpscan/cli_options.yml
+* pwd/.wpscan/cli_options.json
+* pwd/.wpscan/cli_options.yml
+
+If those files exist, options from them will be loaded and overridden if found twice.
+
+e.g:
+
+~/.wpscan/cli_options.yml:
+```
+proxy: 'http://127.0.0.1:8080'
+verbose: true
+```
+
+pwd/.wpscan/cli_options.yml:
+```
+proxy: 'socks5://127.0.0.1:9090'
+url: 'http://target.tld'
+```
+
+Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
+
+# PROJECT HOME
+
+[https://wpscan.org](https://wpscan.org)
+
+# VULNERABILITY DATABASE
+
+[https://wpvulndb.com](https://wpvulndb.com)
+
+# LICENSE
+
+## WPScan Public Source License
+
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team.
+
+Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
+
+### 1. Definitions
+
+1.1 "License" means this document.
+
+1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
+
+1.3 "WPScan Team" means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
+
+### 2. Commercialization
+
+A commercial use is one intended for commercial advantage or monetary compensation.
+
+Example cases of commercialization are:
+
+ - Using WPScan to provide commercial managed/Software-as-a-Service services.
+ - Distributing WPScan as a commercial product or as part of one.
+ - Using WPScan as a value added service/product.
+
+Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
+
+ - Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
+ - Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
+ - Using WPScan to test your own systems.
+ - Any non-commercial use of WPScan.
+
+If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
+
+We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
+
+Free-use Terms and Conditions;
+
+### 3. Redistribution
+
+Redistribution is permitted under the following conditions:
+
+ - Unmodified License is provided with WPScan.
+ - Unmodified Copyright notices are provided with WPScan.
+ - Does not conflict with the commercialization clause.
+
+### 4. Copying
+
+Copying is permitted so long as it does not conflict with the Redistribution clause.
+
+### 5. Modification
+
+Modification is permitted so long as it does not conflict with the Redistribution clause.
+
+### 6. Contributions
+
+Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.
+
+### 7. Support
+
+WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.
+
+### 8. Disclaimer of Warranty
+
+WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
+
+### 9. Limitation of Liability
+
+To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.
+
+### 10. Disclaimer
+
+Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
+
+### 11. Trademark
+
+The "wpscan" term is a registered trademark. This License does not grant the use of the "wpscan" trademark or the use of the WPScan logo.

data/app/controllers/core.rb

@@ -5,15 +5,15 @@ module WPScan
       # @return [ Array<OptParseValidator::Opt> ]
       def cli_options
         [OptURL.new(['--url URL', 'The URL of the blog to scan'],
-                    required_unless: %i[update help version], default_protocol: 'http')] +
+                    required_unless: %i[update help hh version], default_protocol: 'http')] +
           super.drop(1) + # delete the --url from CMSScanner
           [
             OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
                           choices: %w[apache iis nginx],
-                          normalize: %i[downcase to_sym]),
+                          normalize: %i[downcase to_sym],
+                          advanced: true),
             OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
-            OptBoolean.new(['--[no-]update', 'Wether or not to update the Database'],
-                           required_unless: %i[url help version])
+            OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
           ]
       end
 

data/app/controllers/enumeration/cli_options.rb

@@ -13,7 +13,7 @@ module WPScan
       def cli_enum_choices
         [
           OptMultiChoices.new(
-            ['--enumerate [OPTS]', '-e', 'Enumeration Process'],
+            ['-e', '--enumerate [OPTS]', 'Enumeration Process'],
             choices: {
               vp:  OptBoolean.new(['--vulnerable-plugins']),
               ap:  OptBoolean.new(['--all-plugins']),
@@ -25,7 +25,10 @@ module WPScan
               cb:  OptBoolean.new(['--config-backups']),
               dbe: OptBoolean.new(['--db-exports']),
               u:   OptIntegerRange.new(['--users', 'User IDs range. e.g: u1-5'], value_if_empty: '1-10'),
-              m:   OptIntegerRange.new(['--medias', 'Media IDs range. e.g m1-15'], value_if_empty: '1-100')
+              m:   OptIntegerRange.new(['--medias',
+                                        'Media IDs range. e.g m1-15',
+                                        'Note: Permalink setting must be set to "Plain" for those to be detected'],
+                                       value_if_empty: '1-100')
             },
             value_if_empty: 'vp,vt,tt,cb,dbe,u,m',
             incompatible: [%i[vp ap p], %i[vt at t]],
@@ -45,7 +48,7 @@ module WPScan
       # @return [ Array<OptParseValidator::OptBase> ]
       def cli_plugins_opts
         [
-          OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate']),
+          OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate'], advanced: true),
           OptChoice.new(
             ['--plugins-detection MODE',
              'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'],
@@ -54,7 +57,8 @@ module WPScan
           OptBoolean.new(
             ['--plugins-version-all',
              'Check all the plugins version locations according to the choosen mode (--detection-mode, ' \
-             '--plugins-detection and --plugins-version-detection)']
+             '--plugins-detection and --plugins-version-detection)'],
+            advanced: true
           ),
           OptChoice.new(
             ['--plugins-version-detection MODE',
@@ -68,22 +72,23 @@ module WPScan
       # @return [ Array<OptParseValidator::OptBase> ]
       def cli_themes_opts
         [
-          OptSmartList.new(['--themes-list LIST', 'List of themes to enumerate']),
+          OptSmartList.new(['--themes-list LIST', 'List of themes to enumerate'], advanced: true),
           OptChoice.new(
             ['--themes-detection MODE',
              'Use the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
           ),
           OptBoolean.new(
             ['--themes-version-all',
              'Check all the themes version locations according to the choosen mode (--detection-mode, ' \
-             '--themes-detection and --themes-version-detection)']
+             '--themes-detection and --themes-version-detection)'],
+            advanced: true
           ),
           OptChoice.new(
             ['--themes-version-detection MODE',
              'Use the supplied mode to check themes versions instead of the --detection-mode ' \
              'or --themes-detection modes.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
           )
         ]
       end
@@ -93,12 +98,12 @@ module WPScan
         [
           OptFilePath.new(
             ['--timthumbs-list FILE-PATH', 'List of timthumbs\' location to use'],
-            exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt')
+            exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt'), advanced: true
           ),
           OptChoice.new(
             ['--timthumbs-detection MODE',
              'Use the supplied mode to enumerate Timthumbs, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
           )
         ]
       end
@@ -108,12 +113,12 @@ module WPScan
         [
           OptFilePath.new(
             ['--config-backups-list FILE-PATH', 'List of config backups\' filenames to use'],
-            exists: true, default: File.join(DB_DIR, 'config_backups.txt')
+            exists: true, default: File.join(DB_DIR, 'config_backups.txt'), advanced: true
           ),
           OptChoice.new(
             ['--config-backups-detection MODE',
              'Use the supplied mode to enumerate Config Backups, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
           )
         ]
       end
@@ -123,12 +128,12 @@ module WPScan
         [
           OptFilePath.new(
             ['--db-exports-list FILE-PATH', 'List of DB exports\' paths to use'],
-            exists: true, default: File.join(DB_DIR, 'db_exports.txt')
+            exists: true, default: File.join(DB_DIR, 'db_exports.txt'), advanced: true
           ),
           OptChoice.new(
             ['--db-exports-detection MODE',
              'Use the supplied mode to enumerate DB Exports, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
           )
         ]
       end
@@ -139,7 +144,7 @@ module WPScan
           OptChoice.new(
             ['--medias-detection MODE',
              'Use the supplied mode to enumerate Medias, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
           )
         ]
       end
@@ -149,12 +154,13 @@ module WPScan
         [
           OptSmartList.new(
             ['--users-list LIST',
-             'List of users to check during the users enumeration from the Login Error Messages']
+             'List of users to check during the users enumeration from the Login Error Messages'],
+            advanced: true
           ),
           OptChoice.new(
             ['--users-detection MODE',
              'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
           )
         ]
       end

data/app/controllers/enumeration/enum_methods.rb

@@ -146,7 +146,10 @@ module WPScan
       def enum_medias
         opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias])
 
-        output('@info', msg: 'Enumerating Medias') if user_interaction?
+        if user_interaction?
+          output('@info', msg: 'Enumerating Medias (Permalink setting must be set to "Plain" for those to be detected)')
+        end
+
         output('medias', medias: target.medias(opts))
       end
 

data/app/controllers/main_theme.rb

@@ -7,8 +7,7 @@ module WPScan
           OptChoice.new(
             ['--main-theme-detection MODE',
              'Use the supplied mode for the Main theme detection, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive],
-            normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
           )
         ]
       end

data/app/controllers/wp_version.rb

@@ -4,13 +4,12 @@ module WPScan
     class WpVersion < CMSScanner::Controller::Base
       def cli_options
         [
-          OptBoolean.new(['--wp-version-all', 'Check all the version locations']),
+          OptBoolean.new(['--wp-version-all', 'Check all the version locations'], advanced: true),
           OptChoice.new(
             ['--wp-version-detection MODE',
              'Use the supplied mode for the WordPress version detection, ' \
              'instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive],
-            normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
           )
         ]
       end

data/app/finders/medias/attachment_brute_forcing.rb

@@ -1,7 +1,7 @@
 module WPScan
   module Finders
     module Medias
-      # Medias Finder
+      # Medias Finder, see https://github.com/wpscanteam/wpscan/issues/172
       class AttachmentBruteForcing < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
 

data/app/models/wp_version.rb

@@ -50,5 +50,10 @@ module WPScan
 
       @vulnerabilities
     end
+
+    # @return [ String ]
+    def release_date
+      @release_date ||= db_data['release_date']
+    end
   end
 end

data/app/views/cli/wp_version/version.erb

@@ -1,5 +1,5 @@
 <% if @version -%>
-<%= info_icon %> WordPress version <%= @version.number %> identified.
+<%= info_icon %> WordPress version <%= @version.number %> identified (Released on <%= @version.release_date %>).
 <%= render('@finding', item: @version) -%>
 <% else -%>
 <%= notice_icon %> The WordPress version could not be detected.

data/app/views/json/wp_version/version.erb

@@ -1,6 +1,7 @@
 <% if @version -%>
 "version": {
   "number": <%= @version.number.to_json %>,
+  "release_date": <%= @version.release_date.to_json %>,
   <%= render('@finding', item: @version) -%>
 },
 <% else -%>

data/lib/wpscan/version.rb

@@ -1,4 +1,4 @@
 # Version
 module WPScan
-  VERSION = '3.3.1'.freeze
+  VERSION = '3.3.2'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.3.1
+  version: 3.3.2
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-28 00:00:00.000000000 Z
+date: 2018-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.40.1
+        version: 0.0.40.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.40.1
+        version: 0.0.40.2
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -172,6 +172,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- LICENSE
+- README.md
 - app/app.rb
 - app/controllers.rb
 - app/controllers/aliases.rb