wpscan 3.7.3 → 3.7.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b09450bc3d471ad71176d276e4e1d5961ce9bc8b12511a133efe17145fe5206b
-  data.tar.gz: b31d1f2425c69100b985f660447e967d88a2706f737fe313d2517cc2ed3b726a
+  metadata.gz: 38d2b75ba4f218b5209c148d94b9f97d27bc09f006e0869b59d7d27f11e72a0e
+  data.tar.gz: 0d26b15d56d4275559d424153bd196ad8a591fb54831596b93d933ab06130fad
 SHA512:
-  metadata.gz: 24e87decb82a9f01edcdf77b46fbecb7c816bef1b1ed2c7a3d839ef3f5975326920d1b3d6cd74684054744d56a8d0baa0f85f831c39477d9ac02355d9f47b8ca
-  data.tar.gz: 4c593ed0dd0bc0bb27bbf8b1827095d82ea601a25b17f673cc972c6e540ad21d13f61162d95c32b32fb06e7a93153264b432e5147caa779cfcbdba93d508b943
+  metadata.gz: f86b4a313c7a643834d63d44f8eb851f1f338771abe1588e5c0b1bb6c77ba282829d53ed0211f7cd4434d54c579a06d5712ac466561d1573a6659bca9c74ff49
+  data.tar.gz: 1b41933c21f0fcb66a734549322b263e72d7130b2ab1c7546afe81235d06ca21668d8f2de3666831dd8dc911c635ae0c62f7af81d83604e7e983b5a24661f43f

data/LICENSE

@@ -29,8 +29,6 @@ Example cases which do not require a commercial license, and thus fall under the
 
 If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
 
-We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
-
 Free-use Terms and Conditions;
 
 3. Redistribution

data/app/finders/main_theme.rb

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 
-require_relative 'main_theme/css_style'
+require_relative 'main_theme/css_style_in_homepage'
+require_relative 'main_theme/css_style_in_404_page'
 require_relative 'main_theme/woo_framework_meta_generator'
 require_relative 'main_theme/urls_in_homepage'
+require_relative 'main_theme/urls_in_404_page'
 
 module WPScan
   module Finders
@@ -14,9 +16,11 @@ module WPScan
         # @param [ WPScan::Target ] target
         def initialize(target)
           finders <<
-            MainTheme::CssStyle.new(target) <<
+            MainTheme::CssStyleInHomepage.new(target) <<
+            MainTheme::CssStyleIn404Page.new(target) <<
             MainTheme::WooFrameworkMetaGenerator.new(target) <<
-            MainTheme::UrlsInHomepage.new(target)
+            MainTheme::UrlsInHomepage.new(target) <<
+            MainTheme::UrlsIn404Page.new(target)
         end
       end
     end

data/app/finders/main_theme/css_style_in_404_page.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module MainTheme
+      # From the CSS style in the 404 page
+      class CssStyleIn404Page < CssStyleInHomepage
+        def passive(opts = {})
+          passive_from_css_href(target.error_404_res, opts) || passive_from_style_code(target.error_404_res, opts)
+        end
+      end
+    end
+  end
+end

data/app/finders/main_theme/{css_style.rb → css_style_in_homepage.rb}

@@ -3,9 +3,9 @@
 module WPScan
   module Finders
     module MainTheme
-      # From the css style
-      class CssStyle < CMSScanner::Finders::Finder
-        include Finders::WpItems::URLsInHomepage
+      # From the CSS style in the homepage
+      class CssStyleInHomepage < CMSScanner::Finders::Finder
+        include Finders::WpItems::UrlsInPage # To have the item_code_pattern method available here
 
         def create_theme(slug, style_url, opts)
           Model::Theme.new(

data/app/finders/main_theme/urls_in_404_page.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module MainTheme
+      # URLs In 404 Page Finder
+      class UrlsIn404Page < UrlsInHomepage
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.error_404_res
+        end
+      end
+    end
+  end
+end

data/app/finders/main_theme/urls_in_homepage.rb

@@ -5,7 +5,7 @@ module WPScan
     module MainTheme
       # URLs In Homepage Finder
       class UrlsInHomepage < CMSScanner::Finders::Finder
-        include WpItems::URLsInHomepage
+        include WpItems::UrlsInPage
 
         # @param [ Hash ] opts
         #
@@ -21,6 +21,11 @@ module WPScan
 
           found
         end
+
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.homepage_res
+        end
       end
     end
   end

data/app/finders/main_theme/woo_framework_meta_generator.rb

@@ -10,7 +10,7 @@ module WPScan
         PATTERN           = /#{THEME_PATTERN}\s+#{FRAMEWORK_PATTERN}/i.freeze
 
         def passive(opts = {})
-          return unless target.homepage_res.body =~ PATTERN
+          return unless target.homepage_res.body =~ PATTERN || target.error_404_res.body =~ PATTERN
 
           Model::Theme.new(
             Regexp.last_match[1],

data/app/finders/plugins.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'plugins/urls_in_homepage'
+require_relative 'plugins/urls_in_404_page'
 require_relative 'plugins/known_locations'
 # From the DynamicFinders
 require_relative 'plugins/comment'
@@ -22,6 +23,7 @@ module WPScan
         def initialize(target)
           finders <<
             Plugins::UrlsInHomepage.new(target) <<
+            Plugins::UrlsIn404Page.new(target) <<
             Plugins::HeaderPattern.new(target) <<
             Plugins::Comment.new(target) <<
             Plugins::Xpath.new(target) <<

data/app/finders/plugins/urls_in_404_page.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module Plugins
+      # URLs In 404 Page Finder
+      # Typically, the items detected from URLs like /wp-content/plugins/<slug>/
+      class UrlsIn404Page < UrlsInHomepage
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.error_404_res
+        end
+      end
+    end
+  end
+end

data/app/finders/plugins/urls_in_homepage.rb

@@ -4,10 +4,9 @@ module WPScan
   module Finders
     module Plugins
       # URLs In Homepage Finder
-      # Typically, the items detected from URLs like
-      # /wp-content/plugins/<slug>/
+      # Typically, the items detected from URLs like /wp-content/plugins/<slug>/
       class UrlsInHomepage < CMSScanner::Finders::Finder
-        include WpItems::URLsInHomepage
+        include WpItems::UrlsInPage
 
         # @param [ Hash ] opts
         #
@@ -21,6 +20,11 @@ module WPScan
 
           found
         end
+
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.homepage_res
+        end
       end
     end
   end

data/app/finders/themes.rb

@@ -1,12 +1,13 @@
 # frozen_string_literal: true
 
 require_relative 'themes/urls_in_homepage'
+require_relative 'themes/urls_in_404_page'
 require_relative 'themes/known_locations'
 
 module WPScan
   module Finders
     module Themes
-      # themes Finder
+      # Themes Finder
       class Base
         include CMSScanner::Finders::SameTypeFinder
 
@@ -14,6 +15,7 @@ module WPScan
         def initialize(target)
           finders <<
             Themes::UrlsInHomepage.new(target) <<
+            Themes::UrlsIn404Page.new(target) <<
             Themes::KnownLocations.new(target)
         end
       end

data/app/finders/themes/urls_in_404_page.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module Themes
+      # URLs In 04 Page Finder
+      class UrlsIn404Page < UrlsInHomepage
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.error_404_res
+        end
+      end
+    end
+  end
+end

data/app/finders/themes/urls_in_homepage.rb

@@ -5,7 +5,7 @@ module WPScan
     module Themes
       # URLs In Homepage Finder
       class UrlsInHomepage < CMSScanner::Finders::Finder
-        include WpItems::URLsInHomepage
+        include WpItems::UrlsInPage
 
         # @param [ Hash ] opts
         #
@@ -19,6 +19,11 @@ module WPScan
 
           found
         end
+
+        # @return [ Typhoeus::Response ]
+        def page_res
+          @page_res ||= target.homepage_res
+        end
       end
     end
   end

data/app/finders/wp_items.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-require_relative 'wp_items/urls_in_homepage'
+require_relative 'wp_items/urls_in_page'

data/app/finders/wp_items/{urls_in_homepage.rb → urls_in_page.rb}

@@ -4,7 +4,7 @@ module WPScan
   module Finders
     module WpItems
       # URLs In Homepage Module to use in plugins & themes finders
-      module URLsInHomepage
+      module UrlsInPage
         # @param [ String ] type plugins / themes
         # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
         #
@@ -12,7 +12,7 @@ module WPScan
         def items_from_links(type, uniq = true)
           found = []
 
-          target.in_scope_uris(target.homepage_res) do |uri|
+          target.in_scope_uris(page_res) do |uri|
             next unless uri.to_s =~ item_attribute_pattern(type)
 
             slug = Regexp.last_match[1]&.strip
@@ -30,7 +30,7 @@ module WPScan
         def items_from_codes(type, uniq = true)
           found = []
 
-          target.homepage_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|
+          page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|
             code = tag.text.to_s
             next if code.empty?
 

data/app/models/wp_item.rb

@@ -14,7 +14,7 @@ module WPScan
 
       attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data
 
-      delegate :homepage_res, :xpath_pattern_from_page, :in_scope_uris, :head_or_get_params, to: :blog
+      delegate :homepage_res, :error_404_res, :xpath_pattern_from_page, :in_scope_uris, :head_or_get_params, to: :blog
 
       # @param [ String ] slug The plugin/theme slug
       # @param [ Target ] blog The targeted blog

data/app/views/cli/core/banner.erb

@@ -1,14 +1,14 @@
 _______________________________________________________________
-        __          _______   _____
-        \ \        / /  __ \ / ____|
-         \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
-          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
-           \  /\  /  | |     ____) | (__| (_| | | | |
-            \/  \/   |_|    |_____/ \___|\__,_|_| |_|
+         __          _______   _____
+         \ \        / /  __ \ / ____|
+          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
+           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
+            \  /\  /  | |     ____) | (__| (_| | | | |
+             \/  \/   |_|    |_____/ \___|\__,_|_| |_|
 
-        WordPress Security Scanner by the WPScan Team
-                       Version <%= WPScan::VERSION %>
+         WordPress Security Scanner by the WPScan Team
+                         Version <%= WPScan::VERSION %>
 <%= ' ' * ((63 - WPScan::DB::Sponsor.text.length)/2) + WPScan::DB::Sponsor.text %>
-      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
+       @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
 _______________________________________________________________
 

data/app/views/cli/finding.erb

@@ -1,4 +1,4 @@
- | Detected By: <%= @item.found_by %>
+ | Found By: <%= @item.found_by %>
 <% @item.interesting_entries.each do |entry| -%>
  |  - <%= entry %>
 <% end -%>

data/lib/wpscan/finders/dynamic_finder/finder.rb

@@ -44,19 +44,27 @@ module WPScan
         #
         # @param [ Typhoeus::Response ] response
         # @param [ Hash ] opts
-        # @return [ Mixed ]
+        # @return [ Mixed: nil, Object, Array ]
         def find(_response, _opts = {})
           raise NoMethodError
         end
 
         # @param [ Hash ] opts
+        # @return [ Mixed ] See #find
         def passive(opts = {})
           return if self.class::PATH
 
-          find(target.homepage_res, opts)
+          homepage_result = find(target.homepage_res, opts)
+
+          if homepage_result
+            return homepage_result unless homepage_result.is_a?(Array) && homepage_result.empty?
+          end
+
+          find(target.error_404_res, opts)
         end
 
         # @param [ Hash ] opts
+        # @return [ Mixed ] See #find
         def aggressive(opts = {})
           return unless self.class::PATH
 

data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb

@@ -31,9 +31,14 @@ module WPScan
 
             passive_configs.each do |slug, configs|
               configs.each do |klass, config|
-                item = process_response(opts, target.homepage_res, slug, klass, config)
-
-                found << item if item.is_a?(Model::WpItem)
+                [target.homepage_res, target.error_404_res].each do |page_res|
+                  item = process_response(opts, page_res, slug, klass, config)
+
+                  if item.is_a?(Model::WpItem)
+                    found << item
+                    break # No need to check the other page if detected in the current
+                  end
+                end
               end
             end
 

data/lib/wpscan/target/platform/wordpress.rb

@@ -24,21 +24,10 @@ module WPScan
 
         # @param [ Symbol ] detection_mode
         #
-        # @return [ Boolean ]
-        # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
+        # @return [ Boolean ] Whether or not the target is running WordPress
         def wordpress?(detection_mode)
-          in_scope_uris(homepage_res) do |uri|
-            return true if WORDPRESS_PATTERN.match?(uri.path) || WP_JSON_OEMBED_PATTERN.match?(uri.path)
-          end
-
-          return true if homepage_res.html.css('meta[name="generator"]').any? do |node|
-            /wordpress/i.match?(node['content'])
-          end
-
-          return true unless comments_from_page(/wordpress/i, homepage_res).empty?
-
-          return true if homepage_res.html.xpath('//script[not(@src)]').any? do |node|
-            WP_ADMIN_AJAX_PATTERN.match?(node.text)
+          [homepage_res, error_404_res].each do |page_res|
+            return true if wordpress_from_meta_comments_or_scripts?(page_res)
           end
 
           if %i[mixed aggressive].include?(detection_mode)
@@ -51,7 +40,26 @@ module WPScan
 
           false
         end
-        # rubocop:enable Metrics/AbcSize, Metrics/PerceivedComplexity
+
+        # @param [ Typhoeus::Response ] response
+        # @return [ Boolean ]
+        def wordpress_from_meta_comments_or_scripts?(response)
+          in_scope_uris(response) do |uri|
+            return true if WORDPRESS_PATTERN.match?(uri.path) || WP_JSON_OEMBED_PATTERN.match?(uri.path)
+          end
+
+          return true if response.html.css('meta[name="generator"]').any? do |node|
+            /wordpress/i.match?(node['content'])
+          end
+
+          return true unless comments_from_page(/wordpress/i, response).empty?
+
+          return true if response.html.xpath('//script[not(@src)]').any? do |node|
+            WP_ADMIN_AJAX_PATTERN.match?(node.text)
+          end
+
+          false
+        end
 
         COOKIE_PATTERNS = {
           'vjs' => /createCookie\('vjs','(?<c_value>\d+)',\d+\);/i

data/lib/wpscan/target/platform/wordpress/custom_directories.rb

@@ -19,13 +19,15 @@ module WPScan
             # scope_url_pattern is from CMSScanner::Target
             pattern = %r{#{scope_url_pattern}([\w\s\-/]+?)\\?/(?:themes|plugins|uploads|cache)\\?/}i
 
-            in_scope_uris(homepage_res) do |uri|
-              return @content_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
-            end
-
-            # Checks for the pattern in raw JS code, as well as @content attributes of meta tags
-            xpath_pattern_from_page('//script[not(@src)]|//meta/@content', pattern, homepage_res) do |match|
-              return @content_dir = match[1]
+            [homepage_res, error_404_res].each do |page_res|
+              in_scope_uris(page_res, '//link/@href|//script/@src|//img/@src') do |uri|
+                return @content_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
+              end
+
+              # Checks for the pattern in raw JS code, as well as @content attributes of meta tags
+              xpath_pattern_from_page('//script[not(@src)]|//meta/@content', pattern, page_res) do |match|
+                return @content_dir = match[1]
+              end
             end
 
             return @content_dir = 'wp-content' if default_content_dir_exists?
@@ -104,8 +106,10 @@ module WPScan
           # url_pattern is from CMSScanner::Target
           pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
 
-          in_scope_uris(homepage_res) do |uri|
-            return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
+          [homepage_res, error_404_res].each do |page_res|
+            in_scope_uris(page_res) do |uri|
+              return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
+            end
           end
 
           @sub_dir = false

data/lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.7.3'
+  VERSION = '3.7.4'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.7.3
+  version: 3.7.4
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-11 00:00:00.000000000 Z
+date: 2019-11-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.7.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.7.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.75.0
+        version: 0.76.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.75.0
+        version: 0.76.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -220,7 +220,9 @@ files:
 - app/finders/interesting_findings/upload_sql_dump.rb
 - app/finders/interesting_findings/wp_cron.rb
 - app/finders/main_theme.rb
-- app/finders/main_theme/css_style.rb
+- app/finders/main_theme/css_style_in_404_page.rb
+- app/finders/main_theme/css_style_in_homepage.rb
+- app/finders/main_theme/urls_in_404_page.rb
 - app/finders/main_theme/urls_in_homepage.rb
 - app/finders/main_theme/woo_framework_meta_generator.rb
 - app/finders/medias.rb
@@ -239,6 +241,7 @@ files:
 - app/finders/plugins/javascript_var.rb
 - app/finders/plugins/known_locations.rb
 - app/finders/plugins/query_parameter.rb
+- app/finders/plugins/urls_in_404_page.rb
 - app/finders/plugins/urls_in_homepage.rb
 - app/finders/plugins/xpath.rb
 - app/finders/theme_version.rb
@@ -246,6 +249,7 @@ files:
 - app/finders/theme_version/woo_framework_meta_generator.rb
 - app/finders/themes.rb
 - app/finders/themes/known_locations.rb
+- app/finders/themes/urls_in_404_page.rb
 - app/finders/themes/urls_in_homepage.rb
 - app/finders/timthumb_version.rb
 - app/finders/timthumb_version/bad_request.rb
@@ -260,7 +264,7 @@ files:
 - app/finders/users/wp_json_api.rb
 - app/finders/users/yoast_seo_author_sitemap.rb
 - app/finders/wp_items.rb
-- app/finders/wp_items/urls_in_homepage.rb
+- app/finders/wp_items/urls_in_page.rb
 - app/finders/wp_version.rb
 - app/finders/wp_version/atom_generator.rb
 - app/finders/wp_version/rdf_generator.rb