wpscan 3.7.3 → 3.7.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b09450bc3d471ad71176d276e4e1d5961ce9bc8b12511a133efe17145fe5206b
4
- data.tar.gz: b31d1f2425c69100b985f660447e967d88a2706f737fe313d2517cc2ed3b726a
3
+ metadata.gz: 38d2b75ba4f218b5209c148d94b9f97d27bc09f006e0869b59d7d27f11e72a0e
4
+ data.tar.gz: 0d26b15d56d4275559d424153bd196ad8a591fb54831596b93d933ab06130fad
5
5
  SHA512:
6
- metadata.gz: 24e87decb82a9f01edcdf77b46fbecb7c816bef1b1ed2c7a3d839ef3f5975326920d1b3d6cd74684054744d56a8d0baa0f85f831c39477d9ac02355d9f47b8ca
7
- data.tar.gz: 4c593ed0dd0bc0bb27bbf8b1827095d82ea601a25b17f673cc972c6e540ad21d13f61162d95c32b32fb06e7a93153264b432e5147caa779cfcbdba93d508b943
6
+ metadata.gz: f86b4a313c7a643834d63d44f8eb851f1f338771abe1588e5c0b1bb6c77ba282829d53ed0211f7cd4434d54c579a06d5712ac466561d1573a6659bca9c74ff49
7
+ data.tar.gz: 1b41933c21f0fcb66a734549322b263e72d7130b2ab1c7546afe81235d06ca21668d8f2de3666831dd8dc911c635ae0c62f7af81d83604e7e983b5a24661f43f
data/LICENSE CHANGED
@@ -29,8 +29,6 @@ Example cases which do not require a commercial license, and thus fall under the
29
29
 
30
30
  If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
31
31
 
32
- We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
33
-
34
32
  Free-use Terms and Conditions;
35
33
 
36
34
  3. Redistribution
@@ -1,8 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require_relative 'main_theme/css_style'
3
+ require_relative 'main_theme/css_style_in_homepage'
4
+ require_relative 'main_theme/css_style_in_404_page'
4
5
  require_relative 'main_theme/woo_framework_meta_generator'
5
6
  require_relative 'main_theme/urls_in_homepage'
7
+ require_relative 'main_theme/urls_in_404_page'
6
8
 
7
9
  module WPScan
8
10
  module Finders
@@ -14,9 +16,11 @@ module WPScan
14
16
  # @param [ WPScan::Target ] target
15
17
  def initialize(target)
16
18
  finders <<
17
- MainTheme::CssStyle.new(target) <<
19
+ MainTheme::CssStyleInHomepage.new(target) <<
20
+ MainTheme::CssStyleIn404Page.new(target) <<
18
21
  MainTheme::WooFrameworkMetaGenerator.new(target) <<
19
- MainTheme::UrlsInHomepage.new(target)
22
+ MainTheme::UrlsInHomepage.new(target) <<
23
+ MainTheme::UrlsIn404Page.new(target)
20
24
  end
21
25
  end
22
26
  end
@@ -0,0 +1,14 @@
1
+ # frozen_string_literal: true
2
+
3
+ module WPScan
4
+ module Finders
5
+ module MainTheme
6
+ # From the CSS style in the 404 page
7
+ class CssStyleIn404Page < CssStyleInHomepage
8
+ def passive(opts = {})
9
+ passive_from_css_href(target.error_404_res, opts) || passive_from_style_code(target.error_404_res, opts)
10
+ end
11
+ end
12
+ end
13
+ end
14
+ end
@@ -3,9 +3,9 @@
3
3
  module WPScan
4
4
  module Finders
5
5
  module MainTheme
6
- # From the css style
7
- class CssStyle < CMSScanner::Finders::Finder
8
- include Finders::WpItems::URLsInHomepage
6
+ # From the CSS style in the homepage
7
+ class CssStyleInHomepage < CMSScanner::Finders::Finder
8
+ include Finders::WpItems::UrlsInPage # To have the item_code_pattern method available here
9
9
 
10
10
  def create_theme(slug, style_url, opts)
11
11
  Model::Theme.new(
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ module WPScan
4
+ module Finders
5
+ module MainTheme
6
+ # URLs In 404 Page Finder
7
+ class UrlsIn404Page < UrlsInHomepage
8
+ # @return [ Typhoeus::Response ]
9
+ def page_res
10
+ @page_res ||= target.error_404_res
11
+ end
12
+ end
13
+ end
14
+ end
15
+ end
@@ -5,7 +5,7 @@ module WPScan
5
5
  module MainTheme
6
6
  # URLs In Homepage Finder
7
7
  class UrlsInHomepage < CMSScanner::Finders::Finder
8
- include WpItems::URLsInHomepage
8
+ include WpItems::UrlsInPage
9
9
 
10
10
  # @param [ Hash ] opts
11
11
  #
@@ -21,6 +21,11 @@ module WPScan
21
21
 
22
22
  found
23
23
  end
24
+
25
+ # @return [ Typhoeus::Response ]
26
+ def page_res
27
+ @page_res ||= target.homepage_res
28
+ end
24
29
  end
25
30
  end
26
31
  end
@@ -10,7 +10,7 @@ module WPScan
10
10
  PATTERN = /#{THEME_PATTERN}\s+#{FRAMEWORK_PATTERN}/i.freeze
11
11
 
12
12
  def passive(opts = {})
13
- return unless target.homepage_res.body =~ PATTERN
13
+ return unless target.homepage_res.body =~ PATTERN || target.error_404_res.body =~ PATTERN
14
14
 
15
15
  Model::Theme.new(
16
16
  Regexp.last_match[1],
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require_relative 'plugins/urls_in_homepage'
4
+ require_relative 'plugins/urls_in_404_page'
4
5
  require_relative 'plugins/known_locations'
5
6
  # From the DynamicFinders
6
7
  require_relative 'plugins/comment'
@@ -22,6 +23,7 @@ module WPScan
22
23
  def initialize(target)
23
24
  finders <<
24
25
  Plugins::UrlsInHomepage.new(target) <<
26
+ Plugins::UrlsIn404Page.new(target) <<
25
27
  Plugins::HeaderPattern.new(target) <<
26
28
  Plugins::Comment.new(target) <<
27
29
  Plugins::Xpath.new(target) <<
@@ -0,0 +1,16 @@
1
+ # frozen_string_literal: true
2
+
3
+ module WPScan
4
+ module Finders
5
+ module Plugins
6
+ # URLs In 404 Page Finder
7
+ # Typically, the items detected from URLs like /wp-content/plugins/<slug>/
8
+ class UrlsIn404Page < UrlsInHomepage
9
+ # @return [ Typhoeus::Response ]
10
+ def page_res
11
+ @page_res ||= target.error_404_res
12
+ end
13
+ end
14
+ end
15
+ end
16
+ end
@@ -4,10 +4,9 @@ module WPScan
4
4
  module Finders
5
5
  module Plugins
6
6
  # URLs In Homepage Finder
7
- # Typically, the items detected from URLs like
8
- # /wp-content/plugins/<slug>/
7
+ # Typically, the items detected from URLs like /wp-content/plugins/<slug>/
9
8
  class UrlsInHomepage < CMSScanner::Finders::Finder
10
- include WpItems::URLsInHomepage
9
+ include WpItems::UrlsInPage
11
10
 
12
11
  # @param [ Hash ] opts
13
12
  #
@@ -21,6 +20,11 @@ module WPScan
21
20
 
22
21
  found
23
22
  end
23
+
24
+ # @return [ Typhoeus::Response ]
25
+ def page_res
26
+ @page_res ||= target.homepage_res
27
+ end
24
28
  end
25
29
  end
26
30
  end
@@ -1,12 +1,13 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require_relative 'themes/urls_in_homepage'
4
+ require_relative 'themes/urls_in_404_page'
4
5
  require_relative 'themes/known_locations'
5
6
 
6
7
  module WPScan
7
8
  module Finders
8
9
  module Themes
9
- # themes Finder
10
+ # Themes Finder
10
11
  class Base
11
12
  include CMSScanner::Finders::SameTypeFinder
12
13
 
@@ -14,6 +15,7 @@ module WPScan
14
15
  def initialize(target)
15
16
  finders <<
16
17
  Themes::UrlsInHomepage.new(target) <<
18
+ Themes::UrlsIn404Page.new(target) <<
17
19
  Themes::KnownLocations.new(target)
18
20
  end
19
21
  end
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ module WPScan
4
+ module Finders
5
+ module Themes
6
+ # URLs In 04 Page Finder
7
+ class UrlsIn404Page < UrlsInHomepage
8
+ # @return [ Typhoeus::Response ]
9
+ def page_res
10
+ @page_res ||= target.error_404_res
11
+ end
12
+ end
13
+ end
14
+ end
15
+ end
@@ -5,7 +5,7 @@ module WPScan
5
5
  module Themes
6
6
  # URLs In Homepage Finder
7
7
  class UrlsInHomepage < CMSScanner::Finders::Finder
8
- include WpItems::URLsInHomepage
8
+ include WpItems::UrlsInPage
9
9
 
10
10
  # @param [ Hash ] opts
11
11
  #
@@ -19,6 +19,11 @@ module WPScan
19
19
 
20
20
  found
21
21
  end
22
+
23
+ # @return [ Typhoeus::Response ]
24
+ def page_res
25
+ @page_res ||= target.homepage_res
26
+ end
22
27
  end
23
28
  end
24
29
  end
@@ -1,3 +1,3 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require_relative 'wp_items/urls_in_homepage'
3
+ require_relative 'wp_items/urls_in_page'
@@ -4,7 +4,7 @@ module WPScan
4
4
  module Finders
5
5
  module WpItems
6
6
  # URLs In Homepage Module to use in plugins & themes finders
7
- module URLsInHomepage
7
+ module UrlsInPage
8
8
  # @param [ String ] type plugins / themes
9
9
  # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
10
10
  #
@@ -12,7 +12,7 @@ module WPScan
12
12
  def items_from_links(type, uniq = true)
13
13
  found = []
14
14
 
15
- target.in_scope_uris(target.homepage_res) do |uri|
15
+ target.in_scope_uris(page_res) do |uri|
16
16
  next unless uri.to_s =~ item_attribute_pattern(type)
17
17
 
18
18
  slug = Regexp.last_match[1]&.strip
@@ -30,7 +30,7 @@ module WPScan
30
30
  def items_from_codes(type, uniq = true)
31
31
  found = []
32
32
 
33
- target.homepage_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|
33
+ page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|
34
34
  code = tag.text.to_s
35
35
  next if code.empty?
36
36
 
@@ -14,7 +14,7 @@ module WPScan
14
14
 
15
15
  attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data
16
16
 
17
- delegate :homepage_res, :xpath_pattern_from_page, :in_scope_uris, :head_or_get_params, to: :blog
17
+ delegate :homepage_res, :error_404_res, :xpath_pattern_from_page, :in_scope_uris, :head_or_get_params, to: :blog
18
18
 
19
19
  # @param [ String ] slug The plugin/theme slug
20
20
  # @param [ Target ] blog The targeted blog
@@ -1,14 +1,14 @@
1
1
  _______________________________________________________________
2
- __ _______ _____
3
- \ \ / / __ \ / ____|
4
- \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
5
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
6
- \ /\ / | | ____) | (__| (_| | | | |
7
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
2
+ __ _______ _____
3
+ \ \ / / __ \ / ____|
4
+ \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
5
+ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
6
+ \ /\ / | | ____) | (__| (_| | | | |
7
+ \/ \/ |_| |_____/ \___|\__,_|_| |_|
8
8
 
9
- WordPress Security Scanner by the WPScan Team
10
- Version <%= WPScan::VERSION %>
9
+ WordPress Security Scanner by the WPScan Team
10
+ Version <%= WPScan::VERSION %>
11
11
  <%= ' ' * ((63 - WPScan::DB::Sponsor.text.length)/2) + WPScan::DB::Sponsor.text %>
12
- @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
12
+ @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
13
13
  _______________________________________________________________
14
14
 
@@ -1,4 +1,4 @@
1
- | Detected By: <%= @item.found_by %>
1
+ | Found By: <%= @item.found_by %>
2
2
  <% @item.interesting_entries.each do |entry| -%>
3
3
  | - <%= entry %>
4
4
  <% end -%>
@@ -44,19 +44,27 @@ module WPScan
44
44
  #
45
45
  # @param [ Typhoeus::Response ] response
46
46
  # @param [ Hash ] opts
47
- # @return [ Mixed ]
47
+ # @return [ Mixed: nil, Object, Array ]
48
48
  def find(_response, _opts = {})
49
49
  raise NoMethodError
50
50
  end
51
51
 
52
52
  # @param [ Hash ] opts
53
+ # @return [ Mixed ] See #find
53
54
  def passive(opts = {})
54
55
  return if self.class::PATH
55
56
 
56
- find(target.homepage_res, opts)
57
+ homepage_result = find(target.homepage_res, opts)
58
+
59
+ if homepage_result
60
+ return homepage_result unless homepage_result.is_a?(Array) && homepage_result.empty?
61
+ end
62
+
63
+ find(target.error_404_res, opts)
57
64
  end
58
65
 
59
66
  # @param [ Hash ] opts
67
+ # @return [ Mixed ] See #find
60
68
  def aggressive(opts = {})
61
69
  return unless self.class::PATH
62
70
 
@@ -31,9 +31,14 @@ module WPScan
31
31
 
32
32
  passive_configs.each do |slug, configs|
33
33
  configs.each do |klass, config|
34
- item = process_response(opts, target.homepage_res, slug, klass, config)
35
-
36
- found << item if item.is_a?(Model::WpItem)
34
+ [target.homepage_res, target.error_404_res].each do |page_res|
35
+ item = process_response(opts, page_res, slug, klass, config)
36
+
37
+ if item.is_a?(Model::WpItem)
38
+ found << item
39
+ break # No need to check the other page if detected in the current
40
+ end
41
+ end
37
42
  end
38
43
  end
39
44
 
@@ -24,21 +24,10 @@ module WPScan
24
24
 
25
25
  # @param [ Symbol ] detection_mode
26
26
  #
27
- # @return [ Boolean ]
28
- # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity
27
+ # @return [ Boolean ] Whether or not the target is running WordPress
29
28
  def wordpress?(detection_mode)
30
- in_scope_uris(homepage_res) do |uri|
31
- return true if WORDPRESS_PATTERN.match?(uri.path) || WP_JSON_OEMBED_PATTERN.match?(uri.path)
32
- end
33
-
34
- return true if homepage_res.html.css('meta[name="generator"]').any? do |node|
35
- /wordpress/i.match?(node['content'])
36
- end
37
-
38
- return true unless comments_from_page(/wordpress/i, homepage_res).empty?
39
-
40
- return true if homepage_res.html.xpath('//script[not(@src)]').any? do |node|
41
- WP_ADMIN_AJAX_PATTERN.match?(node.text)
29
+ [homepage_res, error_404_res].each do |page_res|
30
+ return true if wordpress_from_meta_comments_or_scripts?(page_res)
42
31
  end
43
32
 
44
33
  if %i[mixed aggressive].include?(detection_mode)
@@ -51,7 +40,26 @@ module WPScan
51
40
 
52
41
  false
53
42
  end
54
- # rubocop:enable Metrics/AbcSize, Metrics/PerceivedComplexity
43
+
44
+ # @param [ Typhoeus::Response ] response
45
+ # @return [ Boolean ]
46
+ def wordpress_from_meta_comments_or_scripts?(response)
47
+ in_scope_uris(response) do |uri|
48
+ return true if WORDPRESS_PATTERN.match?(uri.path) || WP_JSON_OEMBED_PATTERN.match?(uri.path)
49
+ end
50
+
51
+ return true if response.html.css('meta[name="generator"]').any? do |node|
52
+ /wordpress/i.match?(node['content'])
53
+ end
54
+
55
+ return true unless comments_from_page(/wordpress/i, response).empty?
56
+
57
+ return true if response.html.xpath('//script[not(@src)]').any? do |node|
58
+ WP_ADMIN_AJAX_PATTERN.match?(node.text)
59
+ end
60
+
61
+ false
62
+ end
55
63
 
56
64
  COOKIE_PATTERNS = {
57
65
  'vjs' => /createCookie\('vjs','(?<c_value>\d+)',\d+\);/i
@@ -19,13 +19,15 @@ module WPScan
19
19
  # scope_url_pattern is from CMSScanner::Target
20
20
  pattern = %r{#{scope_url_pattern}([\w\s\-/]+?)\\?/(?:themes|plugins|uploads|cache)\\?/}i
21
21
 
22
- in_scope_uris(homepage_res) do |uri|
23
- return @content_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
24
- end
25
-
26
- # Checks for the pattern in raw JS code, as well as @content attributes of meta tags
27
- xpath_pattern_from_page('//script[not(@src)]|//meta/@content', pattern, homepage_res) do |match|
28
- return @content_dir = match[1]
22
+ [homepage_res, error_404_res].each do |page_res|
23
+ in_scope_uris(page_res, '//link/@href|//script/@src|//img/@src') do |uri|
24
+ return @content_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
25
+ end
26
+
27
+ # Checks for the pattern in raw JS code, as well as @content attributes of meta tags
28
+ xpath_pattern_from_page('//script[not(@src)]|//meta/@content', pattern, page_res) do |match|
29
+ return @content_dir = match[1]
30
+ end
29
31
  end
30
32
 
31
33
  return @content_dir = 'wp-content' if default_content_dir_exists?
@@ -104,8 +106,10 @@ module WPScan
104
106
  # url_pattern is from CMSScanner::Target
105
107
  pattern = %r{#{url_pattern}(.+?)/(?:xmlrpc\.php|wp\-includes/)}i
106
108
 
107
- in_scope_uris(homepage_res) do |uri|
108
- return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
109
+ [homepage_res, error_404_res].each do |page_res|
110
+ in_scope_uris(page_res) do |uri|
111
+ return @sub_dir = Regexp.last_match[1] if uri.to_s.match(pattern)
112
+ end
109
113
  end
110
114
 
111
115
  @sub_dir = false
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.7.3'
5
+ VERSION = '3.7.4'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.7.3
4
+ version: 3.7.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-10-11 00:00:00.000000000 Z
11
+ date: 2019-11-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.6.0
19
+ version: 0.7.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.6.0
26
+ version: 0.7.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,14 +114,14 @@ dependencies:
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 0.75.0
117
+ version: 0.76.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 0.75.0
124
+ version: 0.76.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rubocop-performance
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -220,7 +220,9 @@ files:
220
220
  - app/finders/interesting_findings/upload_sql_dump.rb
221
221
  - app/finders/interesting_findings/wp_cron.rb
222
222
  - app/finders/main_theme.rb
223
- - app/finders/main_theme/css_style.rb
223
+ - app/finders/main_theme/css_style_in_404_page.rb
224
+ - app/finders/main_theme/css_style_in_homepage.rb
225
+ - app/finders/main_theme/urls_in_404_page.rb
224
226
  - app/finders/main_theme/urls_in_homepage.rb
225
227
  - app/finders/main_theme/woo_framework_meta_generator.rb
226
228
  - app/finders/medias.rb
@@ -239,6 +241,7 @@ files:
239
241
  - app/finders/plugins/javascript_var.rb
240
242
  - app/finders/plugins/known_locations.rb
241
243
  - app/finders/plugins/query_parameter.rb
244
+ - app/finders/plugins/urls_in_404_page.rb
242
245
  - app/finders/plugins/urls_in_homepage.rb
243
246
  - app/finders/plugins/xpath.rb
244
247
  - app/finders/theme_version.rb
@@ -246,6 +249,7 @@ files:
246
249
  - app/finders/theme_version/woo_framework_meta_generator.rb
247
250
  - app/finders/themes.rb
248
251
  - app/finders/themes/known_locations.rb
252
+ - app/finders/themes/urls_in_404_page.rb
249
253
  - app/finders/themes/urls_in_homepage.rb
250
254
  - app/finders/timthumb_version.rb
251
255
  - app/finders/timthumb_version/bad_request.rb
@@ -260,7 +264,7 @@ files:
260
264
  - app/finders/users/wp_json_api.rb
261
265
  - app/finders/users/yoast_seo_author_sitemap.rb
262
266
  - app/finders/wp_items.rb
263
- - app/finders/wp_items/urls_in_homepage.rb
267
+ - app/finders/wp_items/urls_in_page.rb
264
268
  - app/finders/wp_version.rb
265
269
  - app/finders/wp_version/atom_generator.rb
266
270
  - app/finders/wp_version/rdf_generator.rb