wpscan 3.4.5 → 3.5.0

data/app/finders/wp_version/rss_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module WpVersion

data/app/finders/wp_version/unique_fingerprinting.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module WpVersion
@@ -11,7 +13,7 @@ module WPScan
             hydra.abort
             progress_bar.finish
 
-            return WPScan::WpVersion.new(
+            return Model::WpVersion.new(
               version_number,
               found_by: 'Unique Fingerprinting (Aggressive Detection)',
               confidence: 100,

data/app/models.rb

@@ -1,3 +1,11 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Model
+    include CMSScanner::Model
+  end
+end
+
 require_relative 'models/interesting_finding'
 require_relative 'models/wp_version'
 require_relative 'models/xml_rpc'

data/app/models/config_backup.rb

@@ -1,5 +1,9 @@
+# frozen_string_literal: true
+
 module WPScan
-  # Config Backup
-  class ConfigBackup < InterestingFinding
+  module Model
+    # Config Backup
+    class ConfigBackup < InterestingFinding
+    end
   end
 end

data/app/models/db_export.rb

@@ -1,5 +1,9 @@
+# frozen_string_literal: true
+
 module WPScan
-  # DB Export
-  class DbExport < InterestingFinding
+  module Model
+    # DB Export
+    class DbExport < InterestingFinding
+    end
   end
 end

data/app/models/interesting_finding.rb

@@ -1,48 +1,52 @@
+# frozen_string_literal: true
+
 module WPScan
-  # Custom class to include the WPScan::References module
-  class InterestingFinding < CMSScanner::InterestingFinding
-    include References
-  end
+  module Model
+    # Custom class to include the WPScan::References module
+    class InterestingFinding < CMSScanner::Model::InterestingFinding
+      include References
+    end
 
-  #
-  # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
-  #
-  class BackupDB < InterestingFinding
-  end
+    #
+    # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
+    #
+    class BackupDB < InterestingFinding
+    end
 
-  class DebugLog < InterestingFinding
-  end
+    class DebugLog < InterestingFinding
+    end
 
-  class DuplicatorInstallerLog < InterestingFinding
-  end
+    class DuplicatorInstallerLog < InterestingFinding
+    end
 
-  class EmergencyPwdResetScript < InterestingFinding
-  end
+    class EmergencyPwdResetScript < InterestingFinding
+    end
 
-  class FullPathDisclosure < InterestingFinding
-  end
+    class FullPathDisclosure < InterestingFinding
+    end
 
-  class MuPlugins < InterestingFinding
-  end
+    class MuPlugins < InterestingFinding
+    end
 
-  class Multisite < InterestingFinding
-  end
+    class Multisite < InterestingFinding
+    end
 
-  class Readme < InterestingFinding
-  end
+    class Readme < InterestingFinding
+    end
 
-  class Registration < InterestingFinding
-  end
+    class Registration < InterestingFinding
+    end
 
-  class TmmDbMigrate < InterestingFinding
-  end
+    class TmmDbMigrate < InterestingFinding
+    end
 
-  class UploadDirectoryListing < InterestingFinding
-  end
+    class UploadDirectoryListing < InterestingFinding
+    end
 
-  class UploadSQLDump < InterestingFinding
-  end
+    class UploadSQLDump < InterestingFinding
+    end
 
-  class WPCron < InterestingFinding
+    class WPCron < InterestingFinding
+    end
   end
 end

data/app/models/media.rb

@@ -1,5 +1,9 @@
+# frozen_string_literal: true
+
 module WPScan
-  # Media
-  class Media < InterestingFinding
+  module Model
+    # Media
+    class Media < InterestingFinding
+    end
   end
 end

data/app/models/plugin.rb

@@ -1,25 +1,33 @@
+# frozen_string_literal: true
+
 module WPScan
-  # WordPress Plugin
-  class Plugin < WpItem
-    # See WpItem
-    def initialize(slug, blog, opts = {})
-      super(slug, blog, opts)
+  module Model
+    # WordPress Plugin
+    class Plugin < WpItem
+      # See WpItem
+      def initialize(slug, blog, opts = {})
+        super(slug, blog, opts)
 
-      @uri = Addressable::URI.parse(blog.url("wp-content/plugins/#{slug}/"))
-    end
+        # To be used by #head_and_get
+        # If custom wp-content, it will be replaced by blog#url
+        @path_from_blog = "wp-content/plugins/#{slug}/"
 
-    # @return [ JSON ]
-    def db_data
-      DB::Plugin.db_data(slug)
-    end
+        @uri = Addressable::URI.parse(blog.url(path_from_blog))
+      end
+
+      # @return [ JSON ]
+      def db_data
+        @db_data ||= DB::Plugin.db_data(slug)
+      end
 
-    # @param [ Hash ] opts
-    #
-    # @return [ WPScan::Version, false ]
-    def version(opts = {})
-      @version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
+      # @param [ Hash ] opts
+      #
+      # @return [ Model::Version, false ]
+      def version(opts = {})
+        @version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
 
-      @version
+        @version
+      end
     end
   end
 end

data/app/models/theme.rb

@@ -1,99 +1,107 @@
+# frozen_string_literal: true
+
 module WPScan
-  # WordPress Theme
-  class Theme < WpItem
-    attr_reader :style_url, :style_name, :style_uri, :author, :author_uri, :template, :description,
-                :license, :license_uri, :tags, :text_domain
+  module Model
+    # WordPress Theme
+    class Theme < WpItem
+      attr_reader :style_url, :style_name, :style_uri, :author, :author_uri, :template, :description,
+                  :license, :license_uri, :tags, :text_domain
 
-    # See WpItem
-    def initialize(slug, blog, opts = {})
-      super(slug, blog, opts)
+      # See WpItem
+      def initialize(slug, blog, opts = {})
+        super(slug, blog, opts)
 
-      @uri       = Addressable::URI.parse(blog.url("wp-content/themes/#{slug}/"))
-      @style_url = opts[:style_url] || url('style.css')
+        # To be used by #head_and_get
+        # If custom wp-content, it will be replaced by blog#url
+        @path_from_blog = "wp-content/themes/#{slug}/"
 
-      parse_style
-    end
+        @uri       = Addressable::URI.parse(blog.url(path_from_blog))
+        @style_url = opts[:style_url] || url('style.css')
 
-    # @return [ JSON ]
-    def db_data
-      DB::Theme.db_data(slug)
-    end
+        parse_style
+      end
 
-    # @param [ Hash ] opts
-    #
-    # @return [ WPScan::Version, false ]
-    def version(opts = {})
-      @version = Finders::ThemeVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
+      # @return [ JSON ]
+      def db_data
+        @db_data ||= DB::Theme.db_data(slug)
+      end
 
-      @version
-    end
+      # @param [ Hash ] opts
+      #
+      # @return [ Model::Version, false ]
+      def version(opts = {})
+        @version = Finders::ThemeVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
 
-    # @return [ Theme ]
-    def parent_theme
-      return unless template
-      return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
+        @version
+      end
 
-      opts = detection_opts.merge(
-        style_url: url(Regexp.last_match[1]),
-        found_by: 'Parent Themes (Passive Detection)',
-        confidence: 100
-      ).merge(version_detection: version_detection_opts)
+      # @return [ Theme ]
+      def parent_theme
+        return unless template
+        return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
 
-      self.class.new(template, blog, opts)
-    end
+        opts = detection_opts.merge(
+          style_url: url(Regexp.last_match[1]),
+          found_by: 'Parent Themes (Passive Detection)',
+          confidence: 100
+        ).merge(version_detection: version_detection_opts)
 
-    # @param [ Integer ] depth
-    #
-    # @retun [ Array<Theme> ]
-    def parent_themes(depth = 3)
-      theme  = self
-      found  = []
+        self.class.new(template, blog, opts)
+      end
 
-      (1..depth).each do |_|
-        parent = theme.parent_theme
+      # @param [ Integer ] depth
+      #
+      # @retun [ Array<Theme> ]
+      def parent_themes(depth = 3)
+        theme  = self
+        found  = []
 
-        break unless parent
+        (1..depth).each do |_|
+          parent = theme.parent_theme
 
-        found << parent
-        theme = parent
-      end
+          break unless parent
 
-      found
-    end
+          found << parent
+          theme = parent
+        end
 
-    def style_body
-      @style_body ||= Browser.get(style_url).body
-    end
+        found
+      end
 
-    def parse_style
-      {
-        style_name: 'Theme Name',
-        style_uri: 'Theme URI',
-        author: 'Author',
-        author_uri: 'Author URI',
-        template: 'Template',
-        description: 'Description',
-        license: 'License',
-        license_uri: 'License URI',
-        tags: 'Tags',
-        text_domain: 'Text Domain'
-      }.each do |attribute, tag|
-        instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
+      def style_body
+        @style_body ||= Browser.get(style_url).body
       end
-    end
 
-    # @param [ String ] bofy
-    # @param [ String ] tag
-    #
-    # @return [ String ]
-    def parse_style_tag(body, tag)
-      value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
+      def parse_style
+        {
+          style_name: 'Theme Name',
+          style_uri: 'Theme URI',
+          author: 'Author',
+          author_uri: 'Author URI',
+          template: 'Template',
+          description: 'Description',
+          license: 'License',
+          license_uri: 'License URI',
+          tags: 'Tags',
+          text_domain: 'Text Domain'
+        }.each do |attribute, tag|
+          instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
+        end
+      end
 
-      value && !value.strip.empty? ? value.strip : nil
-    end
+      # @param [ String ] bofy
+      # @param [ String ] tag
+      #
+      # @return [ String ]
+      def parse_style_tag(body, tag)
+        value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
+
+        value && !value.strip.empty? ? value.strip : nil
+      end
 
-    def ==(other)
-      super(other) && style_url == other.style_url
+      def ==(other)
+        super(other) && style_url == other.style_url
+      end
     end
   end
 end

data/app/models/timthumb.rb

@@ -1,71 +1,75 @@
+# frozen_string_literal: true
+
 module WPScan
-  # Timthumb
-  class Timthumb < InterestingFinding
-    include Vulnerable
+  module Model
+    # Timthumb
+    class Timthumb < InterestingFinding
+      include Vulnerable
 
-    attr_reader :version_detection_opts
+      attr_reader :version_detection_opts
 
-    # @param [ String ] url
-    # @param [ Hash ] opts
-    # @option opts [ Symbol ] :mode The mode to use to detect the version
-    def initialize(url, opts = {})
-      super(url, opts)
+      # @param [ String ] url
+      # @param [ Hash ] opts
+      # @option opts [ Symbol ] :mode The mode to use to detect the version
+      def initialize(url, opts = {})
+        super(url, opts)
 
-      @version_detection_opts = opts[:version_detection] || {}
-    end
+        @version_detection_opts = opts[:version_detection] || {}
+      end
 
-    # @param [ Hash ] opts
-    #
-    # @return [ WPScan::Version, false ]
-    def version(opts = {})
-      @version = Finders::TimthumbVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
+      # @param [ Hash ] opts
+      #
+      # @return [ Model::Version, false ]
+      def version(opts = {})
+        @version = Finders::TimthumbVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
 
-      @version
-    end
+        @version
+      end
 
-    # @return [ Array<Vulnerability> ]
-    def vulnerabilities
-      vulns = []
+      # @return [ Array<Vulnerability> ]
+      def vulnerabilities
+        vulns = []
 
-      vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
-      vulns << rce_132_vuln if version == false || version < '1.33'
+        vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
+        vulns << rce_132_vuln if version == false || version < '1.33'
 
-      vulns
-    end
+        vulns
+      end
 
-    # @return [ Vulnerability ] The RCE in the <= 1.32
-    def rce_132_vuln
-      Vulnerability.new(
-        'Timthumb <= 1.32 Remote Code Execution',
-        { exploitdb: ['17602'] },
-        'RCE',
-        '1.33'
-      )
-    end
+      # @return [ Vulnerability ] The RCE in the <= 1.32
+      def rce_132_vuln
+        Vulnerability.new(
+          'Timthumb <= 1.32 Remote Code Execution',
+          { exploitdb: ['17602'] },
+          'RCE',
+          '1.33'
+        )
+      end
 
-    # @return [ Vulnerability ] The RCE due to the WebShot in the > 1.35 (or >= 2.0) and <= 2.8.13
-    def rce_webshot_vuln
-      Vulnerability.new(
-        'Timthumb <= 2.8.13 WebShot Remote Code Execution',
-        {
-          url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
-          cve: '2014-4663'
-        },
-        'RCE',
-        '2.8.14'
-      )
-    end
+      # @return [ Vulnerability ] The RCE due to the WebShot in the > 1.35 (or >= 2.0) and <= 2.8.13
+      def rce_webshot_vuln
+        Vulnerability.new(
+          'Timthumb <= 2.8.13 WebShot Remote Code Execution',
+          {
+            url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
+            cve: '2014-4663'
+          },
+          'RCE',
+          '2.8.14'
+        )
+      end
 
-    # @return [ Boolean ]
-    def webshot_enabled?
-      res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
+      # @return [ Boolean ]
+      def webshot_enabled?
+        res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
 
-      res.body =~ /WEBSHOT_ENABLED == true/ ? false : true
-    end
+        res.body =~ /WEBSHOT_ENABLED == true/ ? false : true
+      end
 
-    # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
-    def default_allowed_domains
-      %w[flickr.com picasa.com img.youtube.com upload.wikimedia.org]
+      # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
+      def default_allowed_domains
+        %w[flickr.com picasa.com img.youtube.com upload.wikimedia.org]
+      end
     end
   end
 end