wpscan 3.8.13 → 3.8.18

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1b15205abaabe9c5d311ec5cbb471948a4c385f56bf22166800abecfa071b57a
4
- data.tar.gz: f97caad190b0ceff2a35338989f701363fc33bf3ebdf65b722043b03656ac7fd
3
+ metadata.gz: e7fc9dea6d2aa00fc366bbe8f1cde8af5668597020b0f3762aba9c8bd0f4f720
4
+ data.tar.gz: 5bd79cbef80eb57065cafab7bbf787f4d71de73052068ac37d6a407ca86b813c
5
5
  SHA512:
6
- metadata.gz: b77be4cc33ec3c6c7f34cf4a89cd2528dd6f0dd8dde66352f10a96ec085a760282343401e1e75d7247a2e8671257e63894752cf0174025524e0702ed8e890cab
7
- data.tar.gz: 801bf830858b01d41c819cd2ebb55b9927b429be71ef661895fde00afe3e1fd2823cc70034d30769842942d173579a363c49dea295873a98f5c95d7c0d00a88f
6
+ metadata.gz: d093d424143d40bc594dc8f5ef5e6b577bdb09e8e1aff5289da2f471a1b5b7bccdde600c91700300a940281763b6b74e0b6384a23220d928b9e1edef947dac21
7
+ data.tar.gz: 4032d8268e1961adc1c767bf6857ba5ff46c929c3534955f56550af65aa6996c59e3a2ec17f2c95f8c1af6efbc992122c5cc4f6ee3c012b978e4a5a5c9446e28
data/README.md CHANGED
@@ -15,6 +15,7 @@
15
15
 
16
16
  <p align="center">
17
17
  <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
18
+ <a href="https://hub.docker.com/r/wpscanteam/wpscan/" target="_blank"><img src="https://img.shields.io/docker/pulls/wpscanteam/wpscan.svg"></a>
18
19
  <a href="https://github.com/wpscanteam/wpscan/actions?query=workflow%3ABuild" target="_blank"><img src="https://github.com/wpscanteam/wpscan/workflows/Build/badge.svg"></a>
19
20
  <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
20
21
  </p>
@@ -24,10 +25,11 @@
24
25
  ## Prerequisites
25
26
 
26
27
  - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
27
- - Ruby >= 2.3 - Recommended: latest
28
+ - Ruby >= 2.5 - Recommended: latest
28
29
  - Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
29
- - Curl >= 7.21 - Recommended: latest
30
+ - Curl >= 7.72 - Recommended: latest
30
31
  - The 7.29 has a segfault
32
+ - The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
31
33
  - RubyGems - Recommended: latest
32
34
  - Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html
33
35
 
@@ -35,6 +37,10 @@
35
37
 
36
38
  When using a pentesting distubution (such as Kali Linux), it is recommended to install/update wpscan via the package manager if available.
37
39
 
40
+ ### In macOSX via Homebrew
41
+
42
+ `brew install wpscanteam/tap/wpscan`
43
+
38
44
  ### From RubyGems
39
45
 
40
46
  ```shell
@@ -47,7 +53,7 @@ On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's Syst
47
53
 
48
54
  You can update the local database by using ```wpscan --update```
49
55
 
50
- Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending how WPScan was (pre)installed
56
+ Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending on how WPScan was (pre)installed
51
57
 
52
58
  # Docker
53
59
 
@@ -80,9 +86,19 @@ For more options, open a terminal and type ```wpscan --help``` (if you built wps
80
86
 
81
87
  The DB is located at ~/.wpscan/db
82
88
 
83
- ## Vulnerability Database
89
+ ## Optional: WordPress Vulnerability Database API
90
+
91
+ The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
92
+
93
+ Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan.com](https://wpscan.com/).
94
+
95
+ #### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
96
+
97
+ ### How many API requests do you need?
84
98
 
85
- The WPScan CLI tool uses the [WPScan API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan](https://wpscan.com/register). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan](https://wpscan.com/).
99
+ - Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
100
+ - On average, a WordPress website has 22 installed plugins.
101
+ - The Free plan should cover around 50% of all WordPress websites.
86
102
 
87
103
  ## Load CLI options from file/s
88
104
 
@@ -39,7 +39,7 @@ module WPScan
39
39
  output('@notice', msg: 'It seems like you have not updated the database for some time.')
40
40
  print '[?] Do you want to update now? [Y]es [N]o, default: [N]'
41
41
 
42
- /^y/i.match?(Readline.readline) ? true : false
42
+ /^y/i.match?(Readline.readline)
43
43
  end
44
44
 
45
45
  def update_db
@@ -170,6 +170,12 @@ module WPScan
170
170
  ['--users-detection MODE',
171
171
  'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],
172
172
  choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
173
+ ),
174
+ OptRegexp.new(
175
+ [
176
+ '--exclude-usernames REGEXP_OR_STRING',
177
+ 'Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.'
178
+ ], options: Regexp::IGNORECASE
173
179
  )
174
180
  ]
175
181
  end
@@ -7,7 +7,7 @@ module WPScan
7
7
  class KnownLocations < CMSScanner::Finders::Finder
8
8
  include CMSScanner::Finders::Finder::Enumerator
9
9
 
10
- SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
10
+ SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
11
11
 
12
12
  # @param [ Hash ] opts
13
13
  # @option opts [ String ] :list
@@ -39,18 +39,57 @@ module WPScan
39
39
  #
40
40
  # @return [ Hash ]
41
41
  def potential_urls(opts = {})
42
- urls = {}
43
- domain_name = (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
42
+ urls = {}
43
+ index = 0
44
44
 
45
- File.open(opts[:list]).each_with_index do |path, index|
46
- path.gsub!('{domain_name}', domain_name)
45
+ File.open(opts[:list]).each do |path|
46
+ path.chomp!
47
47
 
48
- urls[target.url(path.chomp)] = index
48
+ if path.include?('{domain_name}')
49
+ urls[target.url(path.gsub('{domain_name}', domain_name))] = index
50
+
51
+ if domain_name != domain_name_with_sub
52
+ urls[target.url(path.gsub('{domain_name}', domain_name_with_sub))] = index + 1
53
+
54
+ index += 1
55
+ end
56
+ else
57
+ urls[target.url(path)] = index
58
+ end
59
+
60
+ index += 1
49
61
  end
50
62
 
51
63
  urls
52
64
  end
53
65
 
66
+ def domain_name
67
+ @domain_name ||= if Resolv::AddressRegex.match?(target.uri.host)
68
+ target.uri.host
69
+ else
70
+ (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
71
+ end
72
+ end
73
+
74
+ def domain_name_with_sub
75
+ @domain_name_with_sub ||=
76
+ if Resolv::AddressRegex.match?(target.uri.host)
77
+ target.uri.host
78
+ else
79
+ parsed = PublicSuffix.parse(target.uri.host)
80
+
81
+ if parsed.subdomain
82
+ parsed.subdomain.gsub(".#{parsed.tld}", '')
83
+ elsif parsed.domain
84
+ parsed.domain.gsub(".#{parsed.tld}", '')
85
+ else
86
+ target.uri.host
87
+ end
88
+ end
89
+ rescue PublicSuffix::DomainNotAllowed
90
+ @domain_name_with_sub = target.uri.host
91
+ end
92
+
54
93
  def create_progress_bar(opts = {})
55
94
  super(opts.merge(title: ' Checking DB Exports -'))
56
95
  end
data/app/finders/users.rb CHANGED
@@ -11,6 +11,16 @@ require_relative 'users/yoast_seo_author_sitemap'
11
11
 
12
12
  module WPScan
13
13
  module Finders
14
+ # Specific Finders container to filter the usernames found
15
+ # and remove the ones matching ParsedCli.exclude_username if supplied
16
+ class UsersFinders < SameTypeFinders
17
+ def filter_findings
18
+ findings.delete_if { |user| ParsedCli.exclude_usernames.match?(user.username) } if ParsedCli.exclude_usernames
19
+
20
+ findings
21
+ end
22
+ end
23
+
14
24
  module Users
15
25
  # Users Finder
16
26
  class Base
@@ -28,6 +38,10 @@ module WPScan
28
38
  Users::AuthorIdBruteForcing.new(target) <<
29
39
  Users::LoginErrorMessages.new(target)
30
40
  end
41
+
42
+ def finders
43
+ @finders ||= Finders::UsersFinders.new
44
+ end
31
45
  end
32
46
  end
33
47
  end
@@ -10,7 +10,7 @@ module WPScan
10
10
  module Finders
11
11
  # Specific Finders container to filter the version detected
12
12
  # and remove the one with low confidence to avoid false
13
- # positive when there is not enought information to accurately
13
+ # positive when there is not enough information to accurately
14
14
  # determine it.
15
15
  class WpVersionFinders < UniqueFinders
16
16
  def filter_findings
@@ -63,7 +63,7 @@ module WPScan
63
63
  def webshot_enabled?
64
64
  res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
65
65
 
66
- /WEBSHOT_ENABLED == true/.match?(res.body) ? false : true
66
+ !/WEBSHOT_ENABLED == true/.match?(res.body)
67
67
  end
68
68
 
69
69
  # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
@@ -53,7 +53,9 @@ module WPScan
53
53
  #
54
54
  # @return [ Boolean ]
55
55
  def vulnerable_to?(vuln)
56
- return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
56
+ return false if version && vuln&.introduced_in && version < vuln.introduced_in
57
+
58
+ return true unless version && vuln&.fixed_in && !vuln.fixed_in.empty?
57
59
 
58
60
  version < vuln.fixed_in
59
61
  end
@@ -160,7 +162,7 @@ module WPScan
160
162
  #
161
163
  # @return [ Typhoeus::Response ]
162
164
  def head_and_get(path, codes = [200], params = {})
163
- final_path = +@path_from_blog
165
+ final_path = @path_from_blog.dup # @path_from_blog is set in the plugin/theme
164
166
  final_path << path unless path.nil?
165
167
 
166
168
  blog.head_and_get(final_path, codes, params)
@@ -9,5 +9,5 @@
9
9
  <% end -%>
10
10
  <% else -%>
11
11
  <%= warning_icon %> No WPScan API Token given, as a result vulnerability data has not been output.
12
- <%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpscan.com/register
12
+ <%= warning_icon %> You can get a free API token with 25 daily requests by registering at https://wpscan.com/register
13
13
  <% end -%>
@@ -1,5 +1,5 @@
1
1
  <% if @version -%>
2
- <%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.capitalize %>, released on <%= @version.release_date %>).
2
+ <%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.tr('-', '_').humanize %>, released on <%= @version.release_date %>).
3
3
  <%= render('@finding', item: @version) -%>
4
4
  <% else -%>
5
5
  <%= notice_icon %> The WordPress version could not be detected.
@@ -8,6 +8,6 @@
8
8
  "requests_remaining": <%= @status['requests_remaining'].to_json %>
9
9
  <% end -%>
10
10
  <% else -%>
11
- "error": "No WPScan API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpscan.com/register"
11
+ "error": "No WPScan API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 25 daily requests by registering at https://wpscan.com/register"
12
12
  <% end -%>
13
13
  },
data/lib/wpscan.rb CHANGED
@@ -13,6 +13,7 @@ require 'uri'
13
13
  require 'time'
14
14
  require 'readline'
15
15
  require 'securerandom'
16
+ require 'resolv'
16
17
  # Monkey Patches/Fixes/Override
17
18
  require 'wpscan/typhoeus/response' # Adds a from_vuln_api? method
18
19
  # Custom Libs
@@ -11,7 +11,11 @@ module WPScan
11
11
 
12
12
  # @return [ Hash ]
13
13
  def self.all_df_data
14
- @all_df_data ||= YAML.safe_load(File.read(df_file), [Regexp])
14
+ @all_df_data ||= if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('4.0.0')
15
+ YAML.safe_load(File.read(df_file), permitted_classes: [Regexp])
16
+ else
17
+ YAML.safe_load(File.read(df_file), [Regexp])
18
+ end
15
19
  end
16
20
 
17
21
  # @return [ Array<Symbol> ]
@@ -125,14 +125,14 @@ module WPScan
125
125
  return @uri.to_s unless path
126
126
 
127
127
  if %r{wp-content/plugins}i.match?(path)
128
- path = +path.gsub('wp-content/plugins', plugins_dir)
128
+ new_path = path.gsub('wp-content/plugins', plugins_dir)
129
129
  elsif /wp-content/i.match?(path)
130
- path = +path.gsub('wp-content', content_dir)
130
+ new_path = path.gsub('wp-content', content_dir)
131
131
  elsif path[0] != '/' && sub_dir
132
- path = "#{sub_dir}/#{path}"
132
+ new_path = "#{sub_dir}/#{path}"
133
133
  end
134
134
 
135
- super(path)
135
+ super(new_path || path)
136
136
  end
137
137
  end
138
138
  end
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.8.13'
5
+ VERSION = '3.8.18'
6
6
  end
@@ -21,6 +21,7 @@ module WPScan
21
21
  references: references,
22
22
  type: json_data['vuln_type'],
23
23
  fixed_in: json_data['fixed_in'],
24
+ introduced_in: json_data['introduced_in'],
24
25
  cvss: json_data['cvss']&.symbolize_keys
25
26
  )
26
27
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.13
4
+ version: 3.8.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-12 00:00:00.000000000 Z
11
+ date: 2021-06-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.13.0
19
+ version: 0.13.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.13.0
26
+ version: 0.13.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,28 +100,28 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.8.0
103
+ version: 1.16.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.8.0
110
+ version: 1.16.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rubocop-performance
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.9.0
117
+ version: 1.11.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.9.0
124
+ version: 1.11.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: 3.11.0
173
+ version: 3.13.0
174
174
  type: :development
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: 3.11.0
180
+ version: 3.13.0
181
181
  description: WPScan is a black box WordPress vulnerability scanner.
182
182
  email:
183
183
  - contact@wpscan.com
@@ -397,7 +397,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
397
397
  - !ruby/object:Gem::Version
398
398
  version: '0'
399
399
  requirements: []
400
- rubygems_version: 3.0.3
400
+ rubygems_version: 3.0.3.1
401
401
  signing_key:
402
402
  specification_version: 4
403
403
  summary: WPScan - WordPress Vulnerability Scanner