wpscan 3.8.15 → 3.8.19

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 021d424ab717a7f32d4ed40025ed98d1572c4ef94193c48b31228c793ef616cc
4
- data.tar.gz: 0f5d3192ab56199f4ee403d6a94db378fdeba7a080fbef3a6c5aa12175d8b855
3
+ metadata.gz: a2b3e70edcacc1f1b15ffab1fa686732b1cfc9b6aa4346bd88e0e517082c7aec
4
+ data.tar.gz: fb794ab8574c5e1fa66553a7e954eaa5467ed62943ae68407124e6396e9359a4
5
5
  SHA512:
6
- metadata.gz: 78c4a98e1efe92ab08fa8c2f90e0a8851b8a076cdd4ce8faf755af6316d38bf496d862aedbe3532e523333d858df8668e3258112db2416548fd96073536d14bd
7
- data.tar.gz: 1f7d881cfc1aad30dfc810815d5dfa1991d85bc37970cad76757d9bde4a2d25f66c842fb87cd5b5298ddd943c702a995a63dd075fa6d427ca0691151b0d471fe
6
+ metadata.gz: 0b02409d2b49a831960a39aaca578aadb07bf1390f6ced4a91edc8e2be42f05287883213cedf2df279f5b763213d595c26defe1abc0f4f075cfc3e9a7a028e03
7
+ data.tar.gz: 7857de71dd8d276a150afb3f69a4e184cf9e7cd3d9b4ba61a058af1dad92e98594c154246fe7ded7a21ca84bc4ecba885a1ae3d4fb883b9449fb016ab10195fe
data/README.md CHANGED
@@ -15,6 +15,7 @@
15
15
 
16
16
  <p align="center">
17
17
  <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
18
+ <a href="https://hub.docker.com/r/wpscanteam/wpscan/" target="_blank"><img src="https://img.shields.io/docker/pulls/wpscanteam/wpscan.svg"></a>
18
19
  <a href="https://github.com/wpscanteam/wpscan/actions?query=workflow%3ABuild" target="_blank"><img src="https://github.com/wpscanteam/wpscan/workflows/Build/badge.svg"></a>
19
20
  <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
20
21
  </p>
@@ -52,7 +53,7 @@ On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's Syst
52
53
 
53
54
  You can update the local database by using ```wpscan --update```
54
55
 
55
- Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending how WPScan was (pre)installed
56
+ Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending on how WPScan was (pre)installed
56
57
 
57
58
  # Docker
58
59
 
@@ -170,6 +170,12 @@ module WPScan
170
170
  ['--users-detection MODE',
171
171
  'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],
172
172
  choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
173
+ ),
174
+ OptRegexp.new(
175
+ [
176
+ '--exclude-usernames REGEXP_OR_STRING',
177
+ 'Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.'
178
+ ], options: Regexp::IGNORECASE
173
179
  )
174
180
  ]
175
181
  end
@@ -39,18 +39,57 @@ module WPScan
39
39
  #
40
40
  # @return [ Hash ]
41
41
  def potential_urls(opts = {})
42
- urls = {}
43
- domain_name = (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
42
+ urls = {}
43
+ index = 0
44
44
 
45
- File.open(opts[:list]).each_with_index do |path, index|
46
- path.gsub!('{domain_name}', domain_name)
45
+ File.open(opts[:list]).each do |path|
46
+ path.chomp!
47
47
 
48
- urls[target.url(path.chomp)] = index
48
+ if path.include?('{domain_name}')
49
+ urls[target.url(path.gsub('{domain_name}', domain_name))] = index
50
+
51
+ if domain_name != domain_name_with_sub
52
+ urls[target.url(path.gsub('{domain_name}', domain_name_with_sub))] = index + 1
53
+
54
+ index += 1
55
+ end
56
+ else
57
+ urls[target.url(path)] = index
58
+ end
59
+
60
+ index += 1
49
61
  end
50
62
 
51
63
  urls
52
64
  end
53
65
 
66
+ def domain_name
67
+ @domain_name ||= if Resolv::AddressRegex.match?(target.uri.host)
68
+ target.uri.host
69
+ else
70
+ (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
71
+ end
72
+ end
73
+
74
+ def domain_name_with_sub
75
+ @domain_name_with_sub ||=
76
+ if Resolv::AddressRegex.match?(target.uri.host)
77
+ target.uri.host
78
+ else
79
+ parsed = PublicSuffix.parse(target.uri.host)
80
+
81
+ if parsed.subdomain
82
+ parsed.subdomain.gsub(".#{parsed.tld}", '')
83
+ elsif parsed.domain
84
+ parsed.domain.gsub(".#{parsed.tld}", '')
85
+ else
86
+ target.uri.host
87
+ end
88
+ end
89
+ rescue PublicSuffix::DomainNotAllowed
90
+ @domain_name_with_sub = target.uri.host
91
+ end
92
+
54
93
  def create_progress_bar(opts = {})
55
94
  super(opts.merge(title: ' Checking DB Exports -'))
56
95
  end
@@ -13,7 +13,7 @@ module WPScan
13
13
 
14
14
  return unless [200, 302].include?(res.code)
15
15
  return if res.code == 302 && location&.include?('wp-login.php?action=register')
16
- return unless res.code == 200 || res.code == 302 && location&.include?('wp-signup.php')
16
+ return unless res.code == 200 || (res.code == 302 && location&.include?('wp-signup.php'))
17
17
 
18
18
  target.multisite = true
19
19
 
data/app/finders/users.rb CHANGED
@@ -11,6 +11,16 @@ require_relative 'users/yoast_seo_author_sitemap'
11
11
 
12
12
  module WPScan
13
13
  module Finders
14
+ # Specific Finders container to filter the usernames found
15
+ # and remove the ones matching ParsedCli.exclude_username if supplied
16
+ class UsersFinders < SameTypeFinders
17
+ def filter_findings
18
+ findings.delete_if { |user| ParsedCli.exclude_usernames.match?(user.username) } if ParsedCli.exclude_usernames
19
+
20
+ findings
21
+ end
22
+ end
23
+
14
24
  module Users
15
25
  # Users Finder
16
26
  class Base
@@ -28,6 +38,10 @@ module WPScan
28
38
  Users::AuthorIdBruteForcing.new(target) <<
29
39
  Users::LoginErrorMessages.new(target)
30
40
  end
41
+
42
+ def finders
43
+ @finders ||= Finders::UsersFinders.new
44
+ end
31
45
  end
32
46
  end
33
47
  end
@@ -10,7 +10,7 @@ module WPScan
10
10
  module Finders
11
11
  # Specific Finders container to filter the version detected
12
12
  # and remove the one with low confidence to avoid false
13
- # positive when there is not enought information to accurately
13
+ # positive when there is not enough information to accurately
14
14
  # determine it.
15
15
  class WpVersionFinders < UniqueFinders
16
16
  def filter_findings
@@ -30,7 +30,7 @@ module WPScan
30
30
  def vulnerabilities
31
31
  vulns = []
32
32
 
33
- vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
33
+ vulns << rce_webshot_vuln if version == false || (version > '1.35' && version < '2.8.14' && webshot_enabled?)
34
34
  vulns << rce_132_vuln if version == false || version < '1.33'
35
35
 
36
36
  vulns
@@ -53,7 +53,9 @@ module WPScan
53
53
  #
54
54
  # @return [ Boolean ]
55
55
  def vulnerable_to?(vuln)
56
- return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
56
+ return false if version && vuln&.introduced_in && version < vuln.introduced_in
57
+
58
+ return true unless version && vuln&.fixed_in && !vuln.fixed_in.empty?
57
59
 
58
60
  version < vuln.fixed_in
59
61
  end
@@ -160,7 +162,7 @@ module WPScan
160
162
  #
161
163
  # @return [ Typhoeus::Response ]
162
164
  def head_and_get(path, codes = [200], params = {})
163
- final_path = +@path_from_blog
165
+ final_path = @path_from_blog.dup # @path_from_blog is set in the plugin/theme
164
166
  final_path << path unless path.nil?
165
167
 
166
168
  blog.head_and_get(final_path, codes, params)
@@ -1,5 +1,5 @@
1
1
  <% if @version -%>
2
- <%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.capitalize %>, released on <%= @version.release_date %>).
2
+ <%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.tr('-', '_').humanize %>, released on <%= @version.release_date %>).
3
3
  <%= render('@finding', item: @version) -%>
4
4
  <% else -%>
5
5
  <%= notice_icon %> The WordPress version could not be detected.
@@ -11,7 +11,11 @@ module WPScan
11
11
 
12
12
  # @return [ Hash ]
13
13
  def self.all_df_data
14
- @all_df_data ||= YAML.safe_load(File.read(df_file), [Regexp])
14
+ @all_df_data ||= if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('4.0.0')
15
+ YAML.safe_load(File.read(df_file), permitted_classes: [Regexp])
16
+ else
17
+ YAML.safe_load(File.read(df_file), [Regexp])
18
+ end
15
19
  end
16
20
 
17
21
  # @return [ Array<Symbol> ]
@@ -24,7 +24,9 @@ module WPScan
24
24
 
25
25
  FileUtils.mkdir_p(repo_directory.to_s) unless Dir.exist?(repo_directory.to_s)
26
26
 
27
- raise "#{repo_directory} is not writable" unless repo_directory.writable?
27
+ unless repo_directory.writable?
28
+ raise "#{repo_directory} is not writable (uid: #{Process.uid}, gid: #{Process.gid})"
29
+ end
28
30
 
29
31
  delete_old_files
30
32
  end
@@ -5,16 +5,16 @@ module WPScan
5
5
  class PluginsThresholdReached < Standard
6
6
  def to_s
7
7
  "The number of plugins detected reached the threshold of #{ParsedCli.plugins_threshold} " \
8
- 'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
9
- 'option to ignore the bad responses.'
8
+ 'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
9
+ 'option to ignore the bad responses.'
10
10
  end
11
11
  end
12
12
 
13
13
  class ThemesThresholdReached < Standard
14
14
  def to_s
15
15
  "The number of themes detected reached the threshold of #{ParsedCli.themes_threshold} " \
16
- 'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
17
- 'option to ignore the bad responses.'
16
+ 'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
17
+ 'option to ignore the bad responses.'
18
18
  end
19
19
  end
20
20
  end
@@ -26,7 +26,7 @@ module WPScan
26
26
  class WpContentDirNotDetected < Standard
27
27
  def to_s
28
28
  'Unable to identify the wp-content dir, please supply it with --wp-content-dir,' \
29
- ' use the --scope option or make sure the --url value given is the correct one'
29
+ ' use the --scope option or make sure the --url value given is the correct one'
30
30
  end
31
31
  end
32
32
 
@@ -56,7 +56,9 @@ module WPScan
56
56
 
57
57
  homepage_result = find(target.homepage_res, opts)
58
58
 
59
- return homepage_result unless homepage_result.nil? || homepage_result.is_a?(Array) && homepage_result&.empty?
59
+ unless homepage_result.nil? || (homepage_result.is_a?(Array) && homepage_result&.empty?)
60
+ return homepage_result
61
+ end
60
62
 
61
63
  find(target.error_404_res, opts)
62
64
  end
@@ -125,14 +125,14 @@ module WPScan
125
125
  return @uri.to_s unless path
126
126
 
127
127
  if %r{wp-content/plugins}i.match?(path)
128
- path = +path.gsub('wp-content/plugins', plugins_dir)
128
+ new_path = path.gsub('wp-content/plugins', plugins_dir)
129
129
  elsif /wp-content/i.match?(path)
130
- path = +path.gsub('wp-content', content_dir)
130
+ new_path = path.gsub('wp-content', content_dir)
131
131
  elsif path[0] != '/' && sub_dir
132
- path = "#{sub_dir}/#{path}"
132
+ new_path = "#{sub_dir}/#{path}"
133
133
  end
134
134
 
135
- super(path)
135
+ super(new_path || path)
136
136
  end
137
137
  end
138
138
  end
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.8.15'
5
+ VERSION = '3.8.19'
6
6
  end
@@ -21,6 +21,7 @@ module WPScan
21
21
  references: references,
22
22
  type: json_data['vuln_type'],
23
23
  fixed_in: json_data['fixed_in'],
24
+ introduced_in: json_data['introduced_in'],
24
25
  cvss: json_data['cvss']&.symbolize_keys
25
26
  )
26
27
  end
data/lib/wpscan.rb CHANGED
@@ -13,6 +13,7 @@ require 'uri'
13
13
  require 'time'
14
14
  require 'readline'
15
15
  require 'securerandom'
16
+ require 'resolv'
16
17
  # Monkey Patches/Fixes/Override
17
18
  require 'wpscan/typhoeus/response' # Adds a from_vuln_api? method
18
19
  # Custom Libs
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.15
4
+ version: 3.8.19
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-15 00:00:00.000000000 Z
11
+ date: 2021-09-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.13.1
19
+ version: 0.13.6
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.13.1
26
+ version: 0.13.6
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,28 +100,28 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.9.0
103
+ version: 1.21.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.9.0
110
+ version: 1.21.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rubocop-performance
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.9.0
117
+ version: 1.11.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.9.0
124
+ version: 1.11.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: 3.11.0
173
+ version: 3.13.0
174
174
  type: :development
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: 3.11.0
180
+ version: 3.13.0
181
181
  description: WPScan is a black box WordPress vulnerability scanner.
182
182
  email:
183
183
  - contact@wpscan.com
@@ -397,7 +397,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
397
397
  - !ruby/object:Gem::Version
398
398
  version: '0'
399
399
  requirements: []
400
- rubygems_version: 3.0.3
400
+ rubygems_version: 3.0.3.1
401
401
  signing_key:
402
402
  specification_version: 4
403
403
  summary: WPScan - WordPress Vulnerability Scanner