wpscan 3.4.3 → 3.4.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA256:
3
- metadata.gz: fac5a51fdf06964fabdcc5d3684cb7030e68cc15bf9638fb21f74f93b68f8420
4
- data.tar.gz: da6c4ea9f757ecefc56b13ff210acbf0c4c738e237c8771ac9c9f87a24fa1599
2
+ SHA1:
3
+ metadata.gz: 596e35304c45ab9f77fd6f4ad8cc332f37112417
4
+ data.tar.gz: 7f2fcf84a90c18367be53087d0006dd1c577f5eb
5
5
  SHA512:
6
- metadata.gz: 347a866bef0391d84725585e81acc5515f03dcd78303a41fb6e8ca3eab11f6979a3d7b2a8b31c4bd1222abacca389c1b32756d3915f6a6f055a64854b9bacc96
7
- data.tar.gz: ab46eb81378c6fad169cfe6a2c30e505b3e4bc949a99f88bdfe3493e7105b246dade2df42160fc94d082f77269f48d83296f9aec9deb9f97f9dec980122fec41
6
+ metadata.gz: 706d1e3e353a7ead564579dc33d733601cbb41d800db7c4f5ab5ae7dfadff8e2b1cd682864ca0840298548e04d3994f10488c13e96072d3e82804f39adf70002
7
+ data.tar.gz: a4b11a8fb1122a7f0d2cacfd998e6f94302212dc3de949fa3d6531df3c5ba86b5b92ff534bb98f4a71430f70d00407e3f9feecacafa5bf85c59ea2a4fc968481
data/README.md CHANGED
@@ -9,17 +9,22 @@
9
9
 
10
10
  ## Prerequisites:
11
11
 
12
+ - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
12
13
  - Ruby >= 2.3 - Recommended: latest
13
- - Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
14
+ - Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
15
+ - Curl >= 7.21 - Recommended: latest
16
+ - The 7.29 has a segfault
14
17
  - RubyGems - Recommended: latest
15
18
 
16
- ### From RubyGems:
19
+ ### From RubyGems (Recommended):
17
20
 
18
21
  ```
19
22
  gem install wpscan
20
23
  ```
21
24
 
22
- ### From sources:
25
+ On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
26
+
27
+ ### From sources (NOT Recommended):
23
28
 
24
29
  Prerequisites: Git
25
30
 
@@ -31,6 +36,12 @@ cd wpscan/
31
36
  bundle install && rake install
32
37
  ```
33
38
 
39
+ # Updating
40
+
41
+ You can update the local database by using ```wpscan --update```
42
+
43
+ Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending how WPScan was (pre)installed
44
+
34
45
  # Docker
35
46
 
36
47
  Pull the repo with ```docker pull wpscanteam/wpscan```
@@ -71,7 +71,7 @@ module WPScan
71
71
  exit(WPScan::ExitCode::VULNERABLE)
72
72
  end
73
73
 
74
- raise NotWordPressError unless target.wordpress? || parsed_options[:force]
74
+ raise NotWordPressError unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
75
75
  end
76
76
 
77
77
  # Loads the related server module in the target
@@ -3,9 +3,10 @@ module WPScan
3
3
  # Enumeration Methods
4
4
  class Enumeration < CMSScanner::Controller::Base
5
5
  # @param [ String ] type (plugins or themes)
6
+ # @param [ Symbol ] detection_mode
6
7
  #
7
8
  # @return [ String ] The related enumration message depending on the parsed_options and type supplied
8
- def enum_message(type)
9
+ def enum_message(type, detection_mode)
9
10
  return unless %w[plugins themes].include?(type)
10
11
 
11
12
  details = if parsed_options[:enumerate][:"vulnerable_#{type}"]
@@ -16,7 +17,20 @@ module WPScan
16
17
  'Most Popular'
17
18
  end
18
19
 
19
- "Enumerating #{details} #{type.capitalize}"
20
+ "Enumerating #{details} #{type.capitalize} #{enum_detection_message(detection_mode)}"
21
+ end
22
+
23
+ # @param [ Symbol ] detection_mode
24
+ #
25
+ # @return [ String ]
26
+ def enum_detection_message(detection_mode)
27
+ detection_method = if detection_mode == :mixed
28
+ 'Passive and Aggressive'
29
+ else
30
+ detection_mode.to_s.capitalize
31
+ end
32
+
33
+ "(via #{detection_method} Methods)"
20
34
  end
21
35
 
22
36
  # @param [ String ] type (plugins, themes etc)
@@ -49,12 +63,15 @@ module WPScan
49
63
  sort: true
50
64
  )
51
65
 
52
- output('@info', msg: enum_message('plugins')) if user_interaction?
66
+ output('@info', msg: enum_message('plugins', opts[:mode])) if user_interaction?
53
67
  # Enumerate the plugins & find their versions to avoid doing that when #version
54
68
  # is called in the view
55
69
  plugins = target.plugins(opts)
56
70
 
57
- output('@info', msg: 'Checking Plugin Versions') if user_interaction? && !plugins.empty?
71
+ if user_interaction? && !plugins.empty?
72
+ output('@info',
73
+ msg: "Checking Plugin Versions #{enum_detection_message(opts[:version_detection][:mode])}")
74
+ end
58
75
 
59
76
  plugins.each(&:version)
60
77
 
@@ -92,12 +109,15 @@ module WPScan
92
109
  sort: true
93
110
  )
94
111
 
95
- output('@info', msg: enum_message('themes')) if user_interaction?
112
+ output('@info', msg: enum_message('themes', opts[:mode])) if user_interaction?
96
113
  # Enumerate the themes & find their versions to avoid doing that when #version
97
114
  # is called in the view
98
115
  themes = target.themes(opts)
99
116
 
100
- output('@info', msg: 'Checking Theme Versions') if user_interaction? && !themes.empty?
117
+ if user_interaction? && !themes.empty?
118
+ output('@info',
119
+ msg: "Checking Theme Versions #{enum_detection_message(opts[:version_detection][:mode])}")
120
+ end
101
121
 
102
122
  themes.each(&:version)
103
123
 
@@ -125,21 +145,21 @@ module WPScan
125
145
  def enum_timthumbs
126
146
  opts = default_opts('timthumbs').merge(list: parsed_options[:timthumbs_list])
127
147
 
128
- output('@info', msg: 'Enumerating Timthumbs') if user_interaction?
148
+ output('@info', msg: "Enumerating Timthumbs #{enum_detection_message(opts[:mode])}") if user_interaction?
129
149
  output('timthumbs', timthumbs: target.timthumbs(opts))
130
150
  end
131
151
 
132
152
  def enum_config_backups
133
153
  opts = default_opts('config_backups').merge(list: parsed_options[:config_backups_list])
134
154
 
135
- output('@info', msg: 'Enumerating Config Backups') if user_interaction?
155
+ output('@info', msg: "Enumerating Config Backups #{enum_detection_message(opts[:mode])}") if user_interaction?
136
156
  output('config_backups', config_backups: target.config_backups(opts))
137
157
  end
138
158
 
139
159
  def enum_db_exports
140
160
  opts = default_opts('db_exports').merge(list: parsed_options[:db_exports_list])
141
161
 
142
- output('@info', msg: 'Enumerating DB Exports') if user_interaction?
162
+ output('@info', msg: "Enumerating DB Exports #{enum_detection_message(opts[:mode])}") if user_interaction?
143
163
  output('db_exports', db_exports: target.db_exports(opts))
144
164
  end
145
165
 
@@ -147,7 +167,9 @@ module WPScan
147
167
  opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias])
148
168
 
149
169
  if user_interaction?
150
- output('@info', msg: 'Enumerating Medias (Permalink setting must be set to "Plain" for those to be detected)')
170
+ output('@info',
171
+ msg: "Enumerating Medias #{enum_detection_message(opts[:mode])} "\
172
+ '(Permalink setting must be set to "Plain" for those to be detected)')
151
173
  end
152
174
 
153
175
  output('medias', medias: target.medias(opts))
@@ -166,7 +188,7 @@ module WPScan
166
188
  list: parsed_options[:users_list]
167
189
  )
168
190
 
169
- output('@info', msg: 'Enumerating Users') if user_interaction?
191
+ output('@info', msg: "Enumerating Users #{enum_detection_message(opts[:mode])}") if user_interaction?
170
192
  output('users', users: target.users(opts))
171
193
  end
172
194
 
@@ -4,24 +4,50 @@ module WPScan
4
4
  # WP JSON API
5
5
  #
6
6
  # Since 4.7 - Need more investigation as it seems WP 4.7.1 reduces the exposure, see https://github.com/wpscanteam/wpscan/issues/1038)
7
+ # For the pagination, see https://github.com/wpscanteam/wpscan/issues/1285
7
8
  #
8
9
  class WpJsonApi < CMSScanner::Finders::Finder
10
+ MAX_PER_PAGE = 100 # See https://developer.wordpress.org/rest-api/using-the-rest-api/pagination/
11
+
9
12
  # @param [ Hash ] opts
10
13
  #
11
14
  # @return [ Array<User> ]
12
15
  def aggressive(_opts = {})
16
+ found = []
17
+ current_page = 0
18
+
19
+ loop do
20
+ current_page += 1
21
+
22
+ res = Typhoeus.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
23
+
24
+ total_pages ||= res.headers['X-WP-TotalPages'].to_i
25
+
26
+ users_in_page = users_from_response(res)
27
+ found += users_in_page
28
+
29
+ break if current_page >= total_pages || users_in_page.empty?
30
+ end
31
+
32
+ found
33
+ rescue JSON::ParserError, TypeError
34
+ found
35
+ end
36
+
37
+ # @param [ Typhoeus::Response ] response
38
+ #
39
+ # @return [ Array<User> ] The users from the response
40
+ def users_from_response(response)
13
41
  found = []
14
42
 
15
- JSON.parse(Browser.get(api_url).body)&.each do |user|
43
+ JSON.parse(response.body)&.each do |user|
16
44
  found << CMSScanner::User.new(user['slug'],
17
45
  id: user['id'],
18
46
  found_by: found_by,
19
47
  confidence: 100,
20
- interesting_entries: [api_url])
48
+ interesting_entries: [response.effective_url])
21
49
  end
22
50
 
23
- found
24
- rescue JSON::ParserError, TypeError
25
51
  found
26
52
  end
27
53
 
@@ -18,10 +18,10 @@ module WPScan
18
18
  alias registration_enabled? registration_enabled
19
19
  alias mu_plugins? mu_plugins
20
20
 
21
+ # @param [ Symbol ] detection_mode
22
+ #
21
23
  # @return [ Boolean ]
22
- def wordpress?
23
- # res = Browser.get(url)
24
-
24
+ def wordpress?(detection_mode)
25
25
  in_scope_urls(homepage_res) do |url|
26
26
  return true if Addressable::URI.parse(url).path.match(WORDPRESS_PATTERN)
27
27
  end
@@ -32,6 +32,14 @@ module WPScan
32
32
 
33
33
  return true unless comments_from_page(/wordpress/i, homepage_res).empty?
34
34
 
35
+ if %i[mixed aggressive].include?(detection_mode)
36
+ %w[wp-admin/install.php wp-login.php].each do |path|
37
+ in_scope_urls(Browser.get_and_follow_location(url(path))).each do |url|
38
+ return true if Addressable::URI.parse(url).path.match(WORDPRESS_PATTERN)
39
+ end
40
+ end
41
+ end
42
+
35
43
  false
36
44
  end
37
45
 
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module WPScan
3
- VERSION = '3.4.3'.freeze
3
+ VERSION = '3.4.4'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.4.3
4
+ version: 3.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-01-11 00:00:00.000000000 Z
11
+ date: 2019-02-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.62.0
103
+ version: 0.64.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.62.0
110
+ version: 0.64.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: simplecov
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -339,7 +339,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
339
339
  version: '0'
340
340
  requirements: []
341
341
  rubyforge_project:
342
- rubygems_version: 2.7.8
342
+ rubygems_version: 2.6.10
343
343
  signing_key:
344
344
  specification_version: 4
345
345
  summary: WPScan - WordPress Vulnerability Scanner