wpscan 3.3.3 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +24 -0
- data/app/finders/users/oembed_api.rb +19 -13
- data/app/models/wp_version.rb +5 -0
- data/app/views/cli/wp_version/version.erb +1 -1
- data/app/views/json/wp_version/version.erb +1 -0
- data/lib/wpscan.rb +1 -3
- data/lib/wpscan/errors.rb +8 -0
- data/lib/wpscan/errors/http.rb +1 -1
- data/lib/wpscan/errors/update.rb +1 -1
- data/lib/wpscan/errors/wordpress.rb +3 -3
- data/lib/wpscan/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eaa89ff7a89797ee415fe856a087fc8919c6aec8
|
|
4
|
+
data.tar.gz: 86daf1df43f7ba98edb75c5707f27c26243bb57c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c8158d90d7b7cfe7240188b36071e4fde25aa755a83203bd6f0da3e413234d85458986bdd6e96efb3caac44d67e1d0e4f65d3abeb2d9ebfecdd2bd731af8ae82
|
|
7
|
+
data.tar.gz: 21e3799132cd3e78263e26f16606a61f39a8abd82fec25a7cdae0a4c59f7798193f74a268f141efb0283724ce109d16ad7b748c903e9bb5a39ce756e211c612b
|
data/README.md
CHANGED
|
@@ -35,6 +35,17 @@ bundle install && rake install
|
|
|
35
35
|
|
|
36
36
|
Pull the repo with ```docker pull wpscanteam/wpscan```
|
|
37
37
|
|
|
38
|
+
Enumerating usernames
|
|
39
|
+
```
|
|
40
|
+
docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
Enumerating a range of usernames
|
|
44
|
+
```
|
|
45
|
+
docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-100
|
|
46
|
+
```
|
|
47
|
+
** replace u1-100 with a range of your choice.
|
|
48
|
+
|
|
38
49
|
# Usage
|
|
39
50
|
|
|
40
51
|
```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
|
|
@@ -69,6 +80,19 @@ url: 'http://target.tld'
|
|
|
69
80
|
|
|
70
81
|
Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
|
|
71
82
|
|
|
83
|
+
|
|
84
|
+
Enumerating usernames
|
|
85
|
+
```
|
|
86
|
+
wpscan --url https://target.tld/ --enumerate u
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
Enumerating a range of usernames
|
|
90
|
+
```
|
|
91
|
+
wpscan --url https://target.tld/ --enumerate u1-100
|
|
92
|
+
```
|
|
93
|
+
** replace u1-100 with a range of your choice.
|
|
94
|
+
|
|
95
|
+
|
|
72
96
|
# PROJECT HOME
|
|
73
97
|
|
|
74
98
|
[https://wpscan.org](https://wpscan.org)
|
|
@@ -14,29 +14,35 @@ module WPScan
|
|
|
14
14
|
|
|
15
15
|
# @param [ Hash ] opts
|
|
16
16
|
#
|
|
17
|
-
# TODO: make this code pretty :x
|
|
18
|
-
#
|
|
19
17
|
# @return [ Array<User> ]
|
|
20
18
|
def aggressive(_opts = {})
|
|
21
|
-
found = []
|
|
22
|
-
found_by_msg = 'Oembed API - %s (Aggressive Detection)'
|
|
23
|
-
|
|
24
19
|
oembed_data = JSON.parse(Browser.get(api_url).body)
|
|
20
|
+
details = user_details_from_oembed_data(oembed_data)
|
|
21
|
+
|
|
22
|
+
return [] unless details
|
|
23
|
+
|
|
24
|
+
[CMSScanner::User.new(details[0],
|
|
25
|
+
found_by: format(found_by_msg, details[1]),
|
|
26
|
+
confidence: details[2],
|
|
27
|
+
interesting_entries: [api_url])]
|
|
28
|
+
rescue JSON::ParserError
|
|
29
|
+
[]
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def user_details_from_oembed_data(oembed_data)
|
|
33
|
+
return unless oembed_data
|
|
25
34
|
|
|
26
35
|
if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
|
|
27
36
|
details = [Regexp.last_match[1], 'Author URL', 90]
|
|
28
37
|
elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?
|
|
29
|
-
details = [oembed_data['author_name']
|
|
38
|
+
details = [oembed_data['author_name'], 'Author Name', 70]
|
|
30
39
|
end
|
|
31
40
|
|
|
32
|
-
|
|
41
|
+
details
|
|
42
|
+
end
|
|
33
43
|
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
confidence: details[2],
|
|
37
|
-
interesting_entries: [api_url])
|
|
38
|
-
rescue JSON::ParserError
|
|
39
|
-
found
|
|
44
|
+
def found_by_msg
|
|
45
|
+
'Oembed API - %s (Aggressive Detection)'
|
|
40
46
|
end
|
|
41
47
|
|
|
42
48
|
# @return [ String ] The URL of the API listing the Users
|
data/app/models/wp_version.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<% if @version -%>
|
|
2
|
-
<%= info_icon %> WordPress version <%= @version.number %> identified (
|
|
2
|
+
<%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.capitalize %>, released on <%= @version.release_date %>).
|
|
3
3
|
<%= render('@finding', item: @version) -%>
|
|
4
4
|
<% else -%>
|
|
5
5
|
<%= notice_icon %> The WordPress version could not be detected.
|
data/lib/wpscan.rb
CHANGED
|
@@ -16,9 +16,7 @@ require 'securerandom'
|
|
|
16
16
|
require 'wpscan/helper'
|
|
17
17
|
require 'wpscan/db'
|
|
18
18
|
require 'wpscan/version'
|
|
19
|
-
require 'wpscan/errors
|
|
20
|
-
require 'wpscan/errors/http'
|
|
21
|
-
require 'wpscan/errors/update'
|
|
19
|
+
require 'wpscan/errors'
|
|
22
20
|
require 'wpscan/browser'
|
|
23
21
|
require 'wpscan/target'
|
|
24
22
|
require 'wpscan/finders'
|
data/lib/wpscan/errors/http.rb
CHANGED
data/lib/wpscan/errors/update.rb
CHANGED
|
@@ -1,20 +1,20 @@
|
|
|
1
1
|
module WPScan
|
|
2
2
|
# WordPress hosted (*.wordpress.com)
|
|
3
|
-
class WordPressHostedError <
|
|
3
|
+
class WordPressHostedError < Error
|
|
4
4
|
def to_s
|
|
5
5
|
'Scanning *.wordpress.com hosted blogs is not supported.'
|
|
6
6
|
end
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
# Not WordPress Error
|
|
10
|
-
class NotWordPressError <
|
|
10
|
+
class NotWordPressError < Error
|
|
11
11
|
def to_s
|
|
12
12
|
'The remote website is up, but does not seem to be running WordPress.'
|
|
13
13
|
end
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
# Invalid Wp Version (used in the WpVersion#new)
|
|
17
|
-
class InvalidWordPressVersion <
|
|
17
|
+
class InvalidWordPressVersion < Error
|
|
18
18
|
def to_s
|
|
19
19
|
'The WordPress version is invalid'
|
|
20
20
|
end
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-11-
|
|
11
|
+
date: 2018-11-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.0.
|
|
19
|
+
version: 0.0.41.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.0.
|
|
26
|
+
version: 0.0.41.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: activesupport
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -321,6 +321,7 @@ files:
|
|
|
321
321
|
- lib/wpscan/db/wp_item.rb
|
|
322
322
|
- lib/wpscan/db/wp_items.rb
|
|
323
323
|
- lib/wpscan/db/wp_version.rb
|
|
324
|
+
- lib/wpscan/errors.rb
|
|
324
325
|
- lib/wpscan/errors/http.rb
|
|
325
326
|
- lib/wpscan/errors/update.rb
|
|
326
327
|
- lib/wpscan/errors/wordpress.rb
|