wpscan 3.4.3 → 3.4.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +14 -3
- data/app/controllers/core.rb +1 -1
- data/app/controllers/enumeration/enum_methods.rb +33 -11
- data/app/finders/users/wp_json_api.rb +30 -4
- data/lib/wpscan/target/platform/wordpress.rb +11 -3
- data/lib/wpscan/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 596e35304c45ab9f77fd6f4ad8cc332f37112417
|
|
4
|
+
data.tar.gz: 7f2fcf84a90c18367be53087d0006dd1c577f5eb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 706d1e3e353a7ead564579dc33d733601cbb41d800db7c4f5ab5ae7dfadff8e2b1cd682864ca0840298548e04d3994f10488c13e96072d3e82804f39adf70002
|
|
7
|
+
data.tar.gz: a4b11a8fb1122a7f0d2cacfd998e6f94302212dc3de949fa3d6531df3c5ba86b5b92ff534bb98f4a71430f70d00407e3f9feecacafa5bf85c59ea2a4fc968481
|
data/README.md
CHANGED
|
@@ -9,17 +9,22 @@
|
|
|
9
9
|
|
|
10
10
|
## Prerequisites:
|
|
11
11
|
|
|
12
|
+
- (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
|
|
12
13
|
- Ruby >= 2.3 - Recommended: latest
|
|
13
|
-
-
|
|
14
|
+
- Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
|
|
15
|
+
- Curl >= 7.21 - Recommended: latest
|
|
16
|
+
- The 7.29 has a segfault
|
|
14
17
|
- RubyGems - Recommended: latest
|
|
15
18
|
|
|
16
|
-
### From RubyGems:
|
|
19
|
+
### From RubyGems (Recommended):
|
|
17
20
|
|
|
18
21
|
```
|
|
19
22
|
gem install wpscan
|
|
20
23
|
```
|
|
21
24
|
|
|
22
|
-
|
|
25
|
+
On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
|
|
26
|
+
|
|
27
|
+
### From sources (NOT Recommended):
|
|
23
28
|
|
|
24
29
|
Prerequisites: Git
|
|
25
30
|
|
|
@@ -31,6 +36,12 @@ cd wpscan/
|
|
|
31
36
|
bundle install && rake install
|
|
32
37
|
```
|
|
33
38
|
|
|
39
|
+
# Updating
|
|
40
|
+
|
|
41
|
+
You can update the local database by using ```wpscan --update```
|
|
42
|
+
|
|
43
|
+
Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending how WPScan was (pre)installed
|
|
44
|
+
|
|
34
45
|
# Docker
|
|
35
46
|
|
|
36
47
|
Pull the repo with ```docker pull wpscanteam/wpscan```
|
data/app/controllers/core.rb
CHANGED
|
@@ -71,7 +71,7 @@ module WPScan
|
|
|
71
71
|
exit(WPScan::ExitCode::VULNERABLE)
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
-
raise NotWordPressError unless target.wordpress? || parsed_options[:force]
|
|
74
|
+
raise NotWordPressError unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
|
|
75
75
|
end
|
|
76
76
|
|
|
77
77
|
# Loads the related server module in the target
|
|
@@ -3,9 +3,10 @@ module WPScan
|
|
|
3
3
|
# Enumeration Methods
|
|
4
4
|
class Enumeration < CMSScanner::Controller::Base
|
|
5
5
|
# @param [ String ] type (plugins or themes)
|
|
6
|
+
# @param [ Symbol ] detection_mode
|
|
6
7
|
#
|
|
7
8
|
# @return [ String ] The related enumration message depending on the parsed_options and type supplied
|
|
8
|
-
def enum_message(type)
|
|
9
|
+
def enum_message(type, detection_mode)
|
|
9
10
|
return unless %w[plugins themes].include?(type)
|
|
10
11
|
|
|
11
12
|
details = if parsed_options[:enumerate][:"vulnerable_#{type}"]
|
|
@@ -16,7 +17,20 @@ module WPScan
|
|
|
16
17
|
'Most Popular'
|
|
17
18
|
end
|
|
18
19
|
|
|
19
|
-
"Enumerating #{details} #{type.capitalize}"
|
|
20
|
+
"Enumerating #{details} #{type.capitalize} #{enum_detection_message(detection_mode)}"
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
# @param [ Symbol ] detection_mode
|
|
24
|
+
#
|
|
25
|
+
# @return [ String ]
|
|
26
|
+
def enum_detection_message(detection_mode)
|
|
27
|
+
detection_method = if detection_mode == :mixed
|
|
28
|
+
'Passive and Aggressive'
|
|
29
|
+
else
|
|
30
|
+
detection_mode.to_s.capitalize
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
"(via #{detection_method} Methods)"
|
|
20
34
|
end
|
|
21
35
|
|
|
22
36
|
# @param [ String ] type (plugins, themes etc)
|
|
@@ -49,12 +63,15 @@ module WPScan
|
|
|
49
63
|
sort: true
|
|
50
64
|
)
|
|
51
65
|
|
|
52
|
-
output('@info', msg: enum_message('plugins')) if user_interaction?
|
|
66
|
+
output('@info', msg: enum_message('plugins', opts[:mode])) if user_interaction?
|
|
53
67
|
# Enumerate the plugins & find their versions to avoid doing that when #version
|
|
54
68
|
# is called in the view
|
|
55
69
|
plugins = target.plugins(opts)
|
|
56
70
|
|
|
57
|
-
|
|
71
|
+
if user_interaction? && !plugins.empty?
|
|
72
|
+
output('@info',
|
|
73
|
+
msg: "Checking Plugin Versions #{enum_detection_message(opts[:version_detection][:mode])}")
|
|
74
|
+
end
|
|
58
75
|
|
|
59
76
|
plugins.each(&:version)
|
|
60
77
|
|
|
@@ -92,12 +109,15 @@ module WPScan
|
|
|
92
109
|
sort: true
|
|
93
110
|
)
|
|
94
111
|
|
|
95
|
-
output('@info', msg: enum_message('themes')) if user_interaction?
|
|
112
|
+
output('@info', msg: enum_message('themes', opts[:mode])) if user_interaction?
|
|
96
113
|
# Enumerate the themes & find their versions to avoid doing that when #version
|
|
97
114
|
# is called in the view
|
|
98
115
|
themes = target.themes(opts)
|
|
99
116
|
|
|
100
|
-
|
|
117
|
+
if user_interaction? && !themes.empty?
|
|
118
|
+
output('@info',
|
|
119
|
+
msg: "Checking Theme Versions #{enum_detection_message(opts[:version_detection][:mode])}")
|
|
120
|
+
end
|
|
101
121
|
|
|
102
122
|
themes.each(&:version)
|
|
103
123
|
|
|
@@ -125,21 +145,21 @@ module WPScan
|
|
|
125
145
|
def enum_timthumbs
|
|
126
146
|
opts = default_opts('timthumbs').merge(list: parsed_options[:timthumbs_list])
|
|
127
147
|
|
|
128
|
-
output('@info', msg:
|
|
148
|
+
output('@info', msg: "Enumerating Timthumbs #{enum_detection_message(opts[:mode])}") if user_interaction?
|
|
129
149
|
output('timthumbs', timthumbs: target.timthumbs(opts))
|
|
130
150
|
end
|
|
131
151
|
|
|
132
152
|
def enum_config_backups
|
|
133
153
|
opts = default_opts('config_backups').merge(list: parsed_options[:config_backups_list])
|
|
134
154
|
|
|
135
|
-
output('@info', msg:
|
|
155
|
+
output('@info', msg: "Enumerating Config Backups #{enum_detection_message(opts[:mode])}") if user_interaction?
|
|
136
156
|
output('config_backups', config_backups: target.config_backups(opts))
|
|
137
157
|
end
|
|
138
158
|
|
|
139
159
|
def enum_db_exports
|
|
140
160
|
opts = default_opts('db_exports').merge(list: parsed_options[:db_exports_list])
|
|
141
161
|
|
|
142
|
-
output('@info', msg:
|
|
162
|
+
output('@info', msg: "Enumerating DB Exports #{enum_detection_message(opts[:mode])}") if user_interaction?
|
|
143
163
|
output('db_exports', db_exports: target.db_exports(opts))
|
|
144
164
|
end
|
|
145
165
|
|
|
@@ -147,7 +167,9 @@ module WPScan
|
|
|
147
167
|
opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias])
|
|
148
168
|
|
|
149
169
|
if user_interaction?
|
|
150
|
-
output('@info',
|
|
170
|
+
output('@info',
|
|
171
|
+
msg: "Enumerating Medias #{enum_detection_message(opts[:mode])} "\
|
|
172
|
+
'(Permalink setting must be set to "Plain" for those to be detected)')
|
|
151
173
|
end
|
|
152
174
|
|
|
153
175
|
output('medias', medias: target.medias(opts))
|
|
@@ -166,7 +188,7 @@ module WPScan
|
|
|
166
188
|
list: parsed_options[:users_list]
|
|
167
189
|
)
|
|
168
190
|
|
|
169
|
-
output('@info', msg:
|
|
191
|
+
output('@info', msg: "Enumerating Users #{enum_detection_message(opts[:mode])}") if user_interaction?
|
|
170
192
|
output('users', users: target.users(opts))
|
|
171
193
|
end
|
|
172
194
|
|
|
@@ -4,24 +4,50 @@ module WPScan
|
|
|
4
4
|
# WP JSON API
|
|
5
5
|
#
|
|
6
6
|
# Since 4.7 - Need more investigation as it seems WP 4.7.1 reduces the exposure, see https://github.com/wpscanteam/wpscan/issues/1038)
|
|
7
|
+
# For the pagination, see https://github.com/wpscanteam/wpscan/issues/1285
|
|
7
8
|
#
|
|
8
9
|
class WpJsonApi < CMSScanner::Finders::Finder
|
|
10
|
+
MAX_PER_PAGE = 100 # See https://developer.wordpress.org/rest-api/using-the-rest-api/pagination/
|
|
11
|
+
|
|
9
12
|
# @param [ Hash ] opts
|
|
10
13
|
#
|
|
11
14
|
# @return [ Array<User> ]
|
|
12
15
|
def aggressive(_opts = {})
|
|
16
|
+
found = []
|
|
17
|
+
current_page = 0
|
|
18
|
+
|
|
19
|
+
loop do
|
|
20
|
+
current_page += 1
|
|
21
|
+
|
|
22
|
+
res = Typhoeus.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
|
|
23
|
+
|
|
24
|
+
total_pages ||= res.headers['X-WP-TotalPages'].to_i
|
|
25
|
+
|
|
26
|
+
users_in_page = users_from_response(res)
|
|
27
|
+
found += users_in_page
|
|
28
|
+
|
|
29
|
+
break if current_page >= total_pages || users_in_page.empty?
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
found
|
|
33
|
+
rescue JSON::ParserError, TypeError
|
|
34
|
+
found
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
# @param [ Typhoeus::Response ] response
|
|
38
|
+
#
|
|
39
|
+
# @return [ Array<User> ] The users from the response
|
|
40
|
+
def users_from_response(response)
|
|
13
41
|
found = []
|
|
14
42
|
|
|
15
|
-
JSON.parse(
|
|
43
|
+
JSON.parse(response.body)&.each do |user|
|
|
16
44
|
found << CMSScanner::User.new(user['slug'],
|
|
17
45
|
id: user['id'],
|
|
18
46
|
found_by: found_by,
|
|
19
47
|
confidence: 100,
|
|
20
|
-
interesting_entries: [
|
|
48
|
+
interesting_entries: [response.effective_url])
|
|
21
49
|
end
|
|
22
50
|
|
|
23
|
-
found
|
|
24
|
-
rescue JSON::ParserError, TypeError
|
|
25
51
|
found
|
|
26
52
|
end
|
|
27
53
|
|
|
@@ -18,10 +18,10 @@ module WPScan
|
|
|
18
18
|
alias registration_enabled? registration_enabled
|
|
19
19
|
alias mu_plugins? mu_plugins
|
|
20
20
|
|
|
21
|
+
# @param [ Symbol ] detection_mode
|
|
22
|
+
#
|
|
21
23
|
# @return [ Boolean ]
|
|
22
|
-
def wordpress?
|
|
23
|
-
# res = Browser.get(url)
|
|
24
|
-
|
|
24
|
+
def wordpress?(detection_mode)
|
|
25
25
|
in_scope_urls(homepage_res) do |url|
|
|
26
26
|
return true if Addressable::URI.parse(url).path.match(WORDPRESS_PATTERN)
|
|
27
27
|
end
|
|
@@ -32,6 +32,14 @@ module WPScan
|
|
|
32
32
|
|
|
33
33
|
return true unless comments_from_page(/wordpress/i, homepage_res).empty?
|
|
34
34
|
|
|
35
|
+
if %i[mixed aggressive].include?(detection_mode)
|
|
36
|
+
%w[wp-admin/install.php wp-login.php].each do |path|
|
|
37
|
+
in_scope_urls(Browser.get_and_follow_location(url(path))).each do |url|
|
|
38
|
+
return true if Addressable::URI.parse(url).path.match(WORDPRESS_PATTERN)
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
35
43
|
false
|
|
36
44
|
end
|
|
37
45
|
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.4.
|
|
4
|
+
version: 3.4.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-02-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 0.
|
|
103
|
+
version: 0.64.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 0.
|
|
110
|
+
version: 0.64.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: simplecov
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -339,7 +339,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
339
339
|
version: '0'
|
|
340
340
|
requirements: []
|
|
341
341
|
rubyforge_project:
|
|
342
|
-
rubygems_version: 2.
|
|
342
|
+
rubygems_version: 2.6.10
|
|
343
343
|
signing_key:
|
|
344
344
|
specification_version: 4
|
|
345
345
|
summary: WPScan - WordPress Vulnerability Scanner
|