RubyGems - wpscan - Versions diffs - 3.4.4 → 3.4.5 - Mend

wpscan 3.4.4 → 3.4.5

Files changed (20) hide show

checksums.yaml +4 -4
data/LICENSE +6 -4
data/README.md +33 -27
data/app/controllers/enumeration/cli_options.rb +3 -3
data/app/controllers/password_attack.rb +4 -0
data/app/finders/interesting_findings.rb +2 -1
data/app/finders/interesting_findings/wp_cron.rb +31 -0
data/app/models/interesting_finding.rb +3 -0
data/lib/wpscan.rb +1 -1
data/lib/wpscan/browser.rb +1 -1
data/lib/wpscan/db/dynamic_finders/base.rb +1 -1
data/lib/wpscan/db/fingerprints.rb +1 -1
data/lib/wpscan/db/plugin.rb +1 -1
data/lib/wpscan/db/theme.rb +1 -1
data/lib/wpscan/db/updater.rb +9 -7
data/lib/wpscan/db/wp_version.rb +1 -1
data/lib/wpscan/errors.rb +1 -0
data/lib/wpscan/errors/xmlrpc.rb +8 -0
data/lib/wpscan/version.rb +1 -1
metadata +8 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 596e35304c45ab9f77fd6f4ad8cc332f37112417
-  data.tar.gz: 7f2fcf84a90c18367be53087d0006dd1c577f5eb
+  metadata.gz: 7706d292cdec1a8266440da57fcf2efb491b89ab
+  data.tar.gz: 72b9bb343646c020a70dd4da8adf4856f65fee29
 SHA512:
-  metadata.gz: 706d1e3e353a7ead564579dc33d733601cbb41d800db7c4f5ab5ae7dfadff8e2b1cd682864ca0840298548e04d3994f10488c13e96072d3e82804f39adf70002
-  data.tar.gz: a4b11a8fb1122a7f0d2cacfd998e6f94302212dc3de949fa3d6531df3c5ba86b5b92ff534bb98f4a71430f70d00407e3f9feecacafa5bf85c59ea2a4fc968481
+  metadata.gz: 7718c6dc510391992368a474a5ce8b5bf1577e3d1f49738484491d1181489880d4a54f89edacf40ef533ddd9a1cb5757543ec8a777fe7e6c36e40de047b9d4bb
+  data.tar.gz: 5820861b4a255e169c03f3af862b45ab39847320a09a511476051a2cefa99a094ac1e26dffc8d1102b544fd0f50132b4e98838433857c7fb200816a20cd8234f

data/LICENSE CHANGED Viewed

@@ -6,9 +6,9 @@ Cases that include commercialization of WPScan require a commercial, non-free li
 1. Definitions
-1.1 “License” means this document.
-1.2 “Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
-1.3 “WPScan Team” means WPScan’s core developers.
+1.1 "License" means this document.
+1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
+1.3 "WPScan Team" means WPScan’s core developers.
 2. Commercialization
@@ -29,6 +29,8 @@ Example cases which do not require a commercial license, and thus fall under the
 If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
+We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
 Free-use Terms and Conditions;
 3. Redistribution
@@ -57,7 +59,7 @@ WPScan is provided under an AS-IS basis and without any support, updates or main
 8. Disclaimer of Warranty
-WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
+WPScan is provided under this License on an "as is" basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
 9. Limitation of Liability

data/README.md CHANGED Viewed

@@ -7,7 +7,7 @@
 # INSTALL
-## Prerequisites:
+## Prerequisites
 - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
 - Ruby >= 2.3 - Recommended: latest
@@ -16,19 +16,19 @@
   - The 7.29 has a segfault
 - RubyGems      - Recommended: latest
-### From RubyGems (Recommended):
+### From RubyGems (Recommended)
-```
+```shell
 gem install wpscan
 ```
 On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
-### From sources (NOT Recommended):
+### From sources (NOT Recommended)
 Prerequisites: Git
-```
+```shell
 git clone https://github.com/wpscanteam/wpscan
 cd wpscan/
@@ -47,14 +47,17 @@ Updating WPScan itself is either done via ```gem update wpscan``` or the package
 Pull the repo with ```docker pull wpscanteam/wpscan```
 Enumerating usernames
-```
+```shell
 docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u
 ```
 Enumerating a range of usernames
-```
+```shell
 docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-100
 ```
 ** replace u1-100 with a range of your choice.
 # Usage
@@ -68,41 +71,44 @@ The DB is located at ~/.wpscan/db
 WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
-* ~/.wpscan/cli_options.json
-* ~/.wpscan/cli_options.yml
-* pwd/.wpscan/cli_options.json
-* pwd/.wpscan/cli_options.yml
+- ~/.wpscan/cli_options.json
+- ~/.wpscan/cli_options.yml
+- pwd/.wpscan/cli_options.json
+- pwd/.wpscan/cli_options.yml
 If those files exist, options from them will be loaded and overridden if found twice.
 e.g:
 ~/.wpscan/cli_options.yml:
-```
+```yml
 proxy: 'http://127.0.0.1:8080'
 verbose: true
 ```
 pwd/.wpscan/cli_options.yml:
-```
+```yml
 proxy: 'socks5://127.0.0.1:9090'
 url: 'http://target.tld'
 ```
 Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
 Enumerating usernames
-```
+```shell
 wpscan --url https://target.tld/ --enumerate u
 ```
 Enumerating a range of usernames
-```
+```shell
 wpscan --url https://target.tld/ --enumerate u1-100
 ```
-** replace u1-100 with a range of your choice.
+** replace u1-100 with a range of your choice.
 # PROJECT HOME
@@ -134,16 +140,16 @@ A commercial use is one intended for commercial advantage or monetary compensati
 Example cases of commercialization are:
- - Using WPScan to provide commercial managed/Software-as-a-Service services.
- - Distributing WPScan as a commercial product or as part of one.
- - Using WPScan as a value added service/product.
+- Using WPScan to provide commercial managed/Software-as-a-Service services.
+- Distributing WPScan as a commercial product or as part of one.
+- Using WPScan as a value added service/product.
 Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
- - Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
- - Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
- - Using WPScan to test your own systems.
- - Any non-commercial use of WPScan.
+- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
+- Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
+- Using WPScan to test your own systems.
+- Any non-commercial use of WPScan.
 If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
@@ -153,9 +159,9 @@ Free-use Terms and Conditions;
 Redistribution is permitted under the following conditions:
- - Unmodified License is provided with WPScan.
- - Unmodified Copyright notices are provided with WPScan.
- - Does not conflict with the commercialization clause.
+- Unmodified License is provided with WPScan.
+- Unmodified Copyright notices are provided with WPScan.
+- Does not conflict with the commercialization clause.
 ### 4. Copying

data/app/controllers/enumeration/cli_options.rb CHANGED Viewed

@@ -98,7 +98,7 @@ module WPScan
         [
           OptFilePath.new(
             ['--timthumbs-list FILE-PATH', 'List of timthumbs\' location to use'],
-            exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt'), advanced: true
+            exists: true, default: DB_DIR.join('timthumbs-v3.txt').to_s, advanced: true
           ),
           OptChoice.new(
             ['--timthumbs-detection MODE',
@@ -113,7 +113,7 @@ module WPScan
         [
           OptFilePath.new(
             ['--config-backups-list FILE-PATH', 'List of config backups\' filenames to use'],
-            exists: true, default: File.join(DB_DIR, 'config_backups.txt'), advanced: true
+            exists: true, default: DB_DIR.join('config_backups.txt').to_s, advanced: true
           ),
           OptChoice.new(
             ['--config-backups-detection MODE',
@@ -128,7 +128,7 @@ module WPScan
         [
           OptFilePath.new(
             ['--db-exports-list FILE-PATH', 'List of DB exports\' paths to use'],
-            exists: true, default: File.join(DB_DIR, 'db_exports.txt'), advanced: true
+            exists: true, default: DB_DIR.join('db_exports.txt').to_s, advanced: true
           ),
           OptChoice.new(
             ['--db-exports-detection MODE',

data/app/controllers/password_attack.rb CHANGED Viewed

@@ -65,8 +65,12 @@ module WPScan
         when :wp_login
           WPScan::Finders::Passwords::WpLogin.new(target)
         when :xmlrpc
+          raise XMLRPCNotDetected unless xmlrpc
           WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
         when :xmlrpc_multicall
+          raise XMLRPCNotDetected unless xmlrpc
           WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
         end
       end

data/app/finders/interesting_findings.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require_relative 'interesting_findings/readme'
+require_relative 'interesting_findings/wp_cron'
 require_relative 'interesting_findings/multisite'
 require_relative 'interesting_findings/debug_log'
 require_relative 'interesting_findings/backup_db'
@@ -23,7 +24,7 @@ module WPScan
           %w[
             Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
             Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
-            UploadSQLDump EmergencyPwdResetScript
+            UploadSQLDump EmergencyPwdResetScript WPCron
           ].each do |f|
             finders << InterestingFindings.const_get(f).new(target)
           end

data/app/finders/interesting_findings/wp_cron.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # wp-cron.php finder
+      class WPCron < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          res = Browser.get(wp_cron_url)
+          return unless res.code == 200
+          WPScan::WPCron.new(
+            wp_cron_url,
+            confidence: 60,
+            found_by: DIRECT_ACCESS,
+            references: {
+              url: [
+                'https://www.iplocation.net/defend-wordpress-from-ddos',
+                'https://github.com/wpscanteam/wpscan/issues/1299'
+              ]
+            }
+          )
+        end
+        def wp_cron_url
+          @wp_cron_url ||= target.url('wp-cron.php')
+        end
+      end
+    end
+  end
+end

data/app/models/interesting_finding.rb CHANGED Viewed

@@ -42,4 +42,7 @@ module WPScan
   class UploadSQLDump < InterestingFinding
   end
+  class WPCron < InterestingFinding
+  end
 end

data/lib/wpscan.rb CHANGED Viewed

@@ -33,7 +33,7 @@ module WPScan
   include CMSScanner
   APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
-  DB_DIR  = File.join(Dir.home, '.wpscan', 'db')
+  DB_DIR  = Pathname.new(Dir.home).join('.wpscan', 'db')
   # Override, otherwise it would be returned as 'wp_scan'
   #

data/lib/wpscan/browser.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module WPScan
     # @return [ String ] The path to the user agents list
     def user_agents_list
-      @user_agents_list ||= File.join(DB_DIR, 'user-agents.txt')
+      @user_agents_list ||= DB_DIR.join('user-agents.txt').to_s
     end
     # @return [ String ]

data/lib/wpscan/db/dynamic_finders/base.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module WPScan
       class Base
         # @return [ String ]
         def self.db_file
-          @db_file ||= File.join(DB_DIR, 'dynamic_finders.yml')
+          @db_file ||= DB_DIR.join('dynamic_finders.yml').to_s
         end
         # @return [ Hash ]

data/lib/wpscan/db/fingerprints.rb CHANGED Viewed

@@ -33,7 +33,7 @@ module WPScan
       # @return [ String ]
       def self.wp_fingerprints_path
-        @wp_fingerprints_path ||= File.join(DB_DIR, 'wp_fingerprints.json')
+        @wp_fingerprints_path ||= DB_DIR.join('wp_fingerprints.json').to_s
       end
       # @return [ Hash ]

data/lib/wpscan/db/plugin.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module WPScan
     class Plugin < WpItem
       # @return [ String ]
       def self.db_file
-        @db_file ||= File.join(DB_DIR, 'plugins.json')
+        @db_file ||= DB_DIR.join('plugins.json').to_s
       end
     end
   end

data/lib/wpscan/db/theme.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module WPScan
     class Theme < WpItem
       # @return [ String ]
       def self.db_file
-        @db_file ||= File.join(DB_DIR, 'themes.json')
+        @db_file ||= DB_DIR.join('themes.json').to_s
       end
     end
   end

data/lib/wpscan/db/updater.rb CHANGED Viewed

@@ -15,11 +15,11 @@ module WPScan
       attr_reader :repo_directory
       def initialize(repo_directory)
-        @repo_directory = repo_directory
+        @repo_directory = Pathname.new(repo_directory).expand_path
-        FileUtils.mkdir_p(repo_directory) unless Dir.exist?(repo_directory)
+        FileUtils.mkdir_p(repo_directory.to_s) unless Dir.exist?(repo_directory.to_s)
-        raise "#{repo_directory} is not writable" unless Pathname.new(repo_directory).writable?
+        raise "#{repo_directory} is not writable" unless repo_directory.writable?
         delete_old_files
       end
@@ -41,7 +41,7 @@ module WPScan
       # @return [ String ]
       def last_update_file
-        @last_update_file ||= File.join(repo_directory, '.last_update')
+        @last_update_file ||= repo_directory.join('.last_update').to_s
       end
       # @return [ Boolean ]
@@ -54,7 +54,7 @@ module WPScan
       # @return [ Boolean ]
       def missing_files?
         FILES.each do |file|
-          return true unless File.exist?(File.join(repo_directory, file))
+          return true unless File.exist?(repo_directory.join(file))
         end
         false
       end
@@ -85,16 +85,18 @@ module WPScan
         res.body.chomp
       end
+      # @return [ String ]
       def local_file_path(filename)
-        File.join(repo_directory, filename.to_s)
+        repo_directory.join(filename.to_s).to_s
       end
       def local_file_checksum(filename)
         Digest::SHA512.file(local_file_path(filename)).hexdigest
       end
+      # @return [ String ]
       def backup_file_path(filename)
-        File.join(repo_directory, "#{filename}.back")
+        repo_directory.join("#{filename}.back").to_s
       end
       def create_backup(filename)

data/lib/wpscan/db/wp_version.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module WPScan
     class Version < WpItem
       # @return [ String ]
       def self.db_file
-        @db_file ||= File.join(DB_DIR, 'wordpresses.json')
+        @db_file ||= DB_DIR.join('wordpresses.json').to_s
       end
     end
   end

data/lib/wpscan/errors.rb CHANGED Viewed

@@ -6,3 +6,4 @@ end
 require_relative 'errors/http'
 require_relative 'errors/update'
 require_relative 'errors/wordpress'
+require_relative 'errors/xmlrpc'

data/lib/wpscan/errors/xmlrpc.rb ADDED Viewed

@@ -0,0 +1,8 @@
+module WPScan
+  # XML-RPC Not Detected
+  class XMLRPCNotDetected < Error
+    def to_s
+      'The XML-RPC Interface was not detected.'
+    end
+  end
+end

data/lib/wpscan/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # Version
 module WPScan
-  VERSION = '3.4.4'.freeze
+  VERSION = '3.4.5'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.4.4
+  version: 3.4.5
 platform: ruby
 authors:
 - WPScanTeam
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-02-11 00:00:00.000000000 Z
+date: 2019-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.41.2
+        version: 0.0.41.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.41.2
+        version: 0.0.41.4
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.64.0
+        version: 0.65.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.64.0
+        version: 0.65.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -175,6 +175,7 @@ files:
 - app/finders/interesting_findings/tmm_db_migrate.rb
 - app/finders/interesting_findings/upload_directory_listing.rb
 - app/finders/interesting_findings/upload_sql_dump.rb
+- app/finders/interesting_findings/wp_cron.rb
 - app/finders/main_theme.rb
 - app/finders/main_theme/css_style.rb
 - app/finders/main_theme/urls_in_homepage.rb
@@ -297,6 +298,7 @@ files:
 - lib/wpscan/errors/http.rb
 - lib/wpscan/errors/update.rb
 - lib/wpscan/errors/wordpress.rb
+- lib/wpscan/errors/xmlrpc.rb
 - lib/wpscan/finders.rb
 - lib/wpscan/finders/dynamic_finder/finder.rb
 - lib/wpscan/finders/dynamic_finder/version/body_pattern.rb