wpscan 3.4.5 → 3.5.0

data/lib/wpscan/finders/dynamic_finder/wp_version.rb

@@ -1,12 +1,14 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module DynamicFinder
       module WpVersion
         module Finder
           def create_version(number, finding_opts)
-            return unless WPScan::WpVersion.valid?(number)
+            return unless Model::WpVersion.valid?(number)
 
-            WPScan::WpVersion.new(number, version_finding_opts(finding_opts))
+            Model::WpVersion.new(number, version_finding_opts(finding_opts))
           end
         end
 

data/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     class Finder
@@ -7,13 +9,13 @@ module WPScan
           include CMSScanner::Finders::Finder::SmartURLChecker
 
           def create_version(number, opts = {})
-            WPScan::WpVersion.new(
+            Model::WpVersion.new(
               number,
               found_by: opts[:found_by] || found_by,
               confidence: opts[:confidence] || 80,
               interesting_entries: opts[:entries]
             )
-          rescue WPScan::InvalidWordPressVersion
+          rescue WPScan::Error::InvalidWordPressVersion
             nil # Invalid Version returned as nil and will be ignored by Finders
           end
         end

data/lib/wpscan/helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 def read_json_file(file)
   JSON.parse(File.read(file))
 rescue StandardError => e

data/lib/wpscan/references.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   # References module (which should be included along with the CMSScanner::References)
   # to allow the use of the wpvulndb reference

data/lib/wpscan/target.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'wpscan/target/platform/wordpress'
 
 module WPScan
@@ -5,6 +7,15 @@ module WPScan
   class Target < CMSScanner::Target
     include Platform::WordPress
 
+    # @return [ Hash ]
+    def head_or_get_request_params
+      @head_or_get_request_params ||= if Browser.head(url).code == 405
+                                        { method: :get, maxfilesize: 1 }
+                                      else
+                                        { method: :head }
+                                      end
+    end
+
     # @return [ Boolean ]
     def vulnerable?
       [@wp_version, @main_theme, @plugins, @themes, @timthumbs].each do |e|
@@ -21,7 +32,7 @@ module WPScan
 
     # @return [ XMLRPC, nil ]
     def xmlrpc
-      @xmlrpc ||= interesting_findings&.select { |f| f.is_a?(WPScan::XMLRPC) }&.first
+      @xmlrpc ||= interesting_findings&.select { |f| f.is_a?(Model::XMLRPC) }&.first
     end
 
     # @param [ Hash ] opts

data/lib/wpscan/target/platform/wordpress.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 %w[custom_directories].each do |required|
   require "wpscan/target/platform/wordpress/#{required}"
 end
@@ -72,9 +74,21 @@ module WPScan
           )
         end
 
+        # The login page is checked for a potential redirection (from http to https)
+        # the first time the method is called, and the effective_url is then used
+        # if suitable, otherwise the default wp-login will be.
+        #
         # @return [ String ] The URL to the login page
         def login_url
-          url('wp-login.php')
+          return @login_url if @login_url
+
+          @login_url = url('wp-login.php')
+
+          res = Browser.get_and_follow_location(@login_url)
+
+          @login_url = res.effective_url if res.effective_url =~ /wp\-login\.php\z/i && in_scope?(res.effective_url)
+
+          @login_url
         end
       end
     end

data/lib/wpscan/target/platform/wordpress/custom_directories.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   class Target < CMSScanner::Target
     module Platform
@@ -15,11 +17,15 @@ module WPScan
         def content_dir
           unless @content_dir
             escaped_url = Regexp.escape(url).gsub(/https?/i, 'https?')
-            pattern     = %r{#{escaped_url}(.+?)\/(?:themes|plugins|uploads|cache)\/}i
+            pattern     = %r{#{escaped_url}([\w\s\-\/]+)\/(?:themes|plugins|uploads|cache)\/}i
 
             in_scope_urls(homepage_res) do |url|
               return @content_dir = Regexp.last_match[1] if url.match(pattern)
             end
+
+            xpath_pattern_from_page('//script[not(@src)]', pattern, homepage_res) do |match|
+              return @content_dir = match[1]
+            end
           end
 
           @content_dir
@@ -50,6 +56,13 @@ module WPScan
           plugins_uri.to_s
         end
 
+        # @param [ String ] slug
+        #
+        # @return [ String ]
+        def plugin_url(slug)
+          plugins_uri.join("#{URI.encode(slug)}/").to_s
+        end
+
         # @return [ String ]
         def themes_dir
           @themes_dir ||= "#{content_dir}/themes"
@@ -65,6 +78,13 @@ module WPScan
           themes_uri.to_s
         end
 
+        # @param [ String ] slug
+        #
+        # @return [ String ]
+        def theme_url(slug)
+          themes_uri.join("#{URI.encode(slug)}/").to_s
+        end
+
         # TODO: Factorise the code and the content_dir one ?
         # @return [ String, False ] String of the sub_dir found, false otherwise
         # @note: nil can not be returned here, otherwise if there is no sub_dir
@@ -93,9 +113,9 @@ module WPScan
           return @uri.to_s unless path
 
           if path =~ %r{wp\-content/plugins}i
-            path.gsub!('wp-content/plugins', plugins_dir)
+            path = +path.gsub('wp-content/plugins', plugins_dir)
           elsif path =~ /wp\-content/i
-            path.gsub!('wp-content', content_dir)
+            path = +path.gsub('wp-content', content_dir)
           elsif path[0] != '/' && sub_dir
             path = "#{sub_dir}/#{path}"
           end

data/lib/wpscan/version.rb

@@ -1,4 +1,6 @@
+# frozen_string_literal: true
+
 # Version
 module WPScan
-  VERSION = '3.4.5'.freeze
+  VERSION = '3.5.0'
 end

data/lib/wpscan/vulnerability.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   # Specific implementation
   class Vulnerability < CMSScanner::Vulnerability

data/lib/wpscan/vulnerable.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   # Module to include in vulnerable WP item such as WpVersion.
   # the vulnerabilities method should be implemented

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.4.5
+  version: 3.5.0
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-10 00:00:00.000000000 Z
+date: 2019-04-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.41.4
+        version: 0.0.43.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.41.4
+        version: 0.0.43.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.8.0
+- !ruby/object:Gem::Dependency
+  name: memory_profiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.13
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.13
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.65.0
+        version: 0.66.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.65.0
+        version: 0.66.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +136,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.16.1
+- !ruby/object:Gem::Dependency
+  name: stackprof
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.12
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.12
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -340,8 +368,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.10
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: WPScan - WordPress Vulnerability Scanner