RubyGems - wpscan - Versions diffs - 3.8.16 → 3.8.20 - Mend

wpscan 3.8.16 → 3.8.20

Files changed (20) hide show

checksums.yaml +4 -4
data/README.md +1 -0
data/app/controllers/enumeration/cli_options.rb +6 -0
data/app/finders/db_exports/known_locations.rb +44 -5
data/app/finders/interesting_findings/multisite.rb +1 -1
data/app/finders/plugin_version/readme.rb +1 -1
data/app/finders/users.rb +14 -0
data/app/finders/wp_version.rb +1 -1
data/app/models/timthumb.rb +1 -1
data/app/models/wp_item.rb +1 -1
data/app/views/cli/wp_version/version.erb +1 -1
data/lib/wpscan/db/dynamic_finders/base.rb +5 -1
data/lib/wpscan/db/updater.rb +7 -1
data/lib/wpscan/errors/enumeration.rb +4 -4
data/lib/wpscan/errors/wordpress.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/finder.rb +3 -1
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +4 -4
data/lib/wpscan/version.rb +1 -1
data/lib/wpscan.rb +1 -0
metadata +11 -11

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a0b4c94506cabb2e0e6363ef3d9287d65fda78e47c6fc35272d600df532d964
-  data.tar.gz: 67b2b4c373efaad655a3cbb7c666e8e21ff71306611fee28efdfc70e1cb7ed44
+  metadata.gz: a21125b1df131312fb9f1a9a750b6fb30935345bcbd6bce0e8bb332220fe5fae
+  data.tar.gz: ef630d83235212b53eb79f6eb617d4984758cca923492e454a1142160daf634d
 SHA512:
-  metadata.gz: cb558302c8dd13327816a1ee456763ffbbd66cefc28051ed0fd15ee1eaf41775652552a08be1af125d4d43f536f960f23fe9675b97040ef071950c230c6cf059
-  data.tar.gz: f89c89415dbb34b7c8a99f3876914a44a602ae23cde638b649bf1b1fa3d10bc9c0fbd19bed827f9841cb9d7324ad1e4c5b564ba3027ab94ec2ce56cc754e08c0
+  metadata.gz: 768b7694fcc3782431898f23c1562371e15b10f097383c2190fe48950c9772ab87147f341bf3c6f891b9d28edcfe1883f291f61e17ab6d3b7333725d25c20685
+  data.tar.gz: 67f2df393294add287579eede4604642253f8740aa4ecf56d19ed4fe6e5b5476d3a80e38edf7af83890d63bea1b15cad391e13c85c8952766da0afbb19726320

data/README.md CHANGED Viewed

@@ -15,6 +15,7 @@
 <p align="center">
   <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
+  <a href="https://hub.docker.com/r/wpscanteam/wpscan/" target="_blank"><img src="https://img.shields.io/docker/pulls/wpscanteam/wpscan.svg"></a>
   <a href="https://github.com/wpscanteam/wpscan/actions?query=workflow%3ABuild" target="_blank"><img src="https://github.com/wpscanteam/wpscan/workflows/Build/badge.svg"></a>
   <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
 </p>

data/app/controllers/enumeration/cli_options.rb CHANGED Viewed

@@ -170,6 +170,12 @@ module WPScan
             ['--users-detection MODE',
              'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],
             choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
+          ),
+          OptRegexp.new(
+            [
+              '--exclude-usernames REGEXP_OR_STRING',
+              'Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.'
+            ], options: Regexp::IGNORECASE
           )
         ]
       end

data/app/finders/db_exports/known_locations.rb CHANGED Viewed

@@ -39,18 +39,57 @@ module WPScan
         #
         # @return [ Hash ]
         def potential_urls(opts = {})
-          urls        = {}
-          domain_name = (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
+          urls = {}
+          index = 0
-          File.open(opts[:list]).each_with_index do |path, index|
-            path.gsub!('{domain_name}', domain_name)
+          File.open(opts[:list]).each do |path|
+            path.chomp!
-            urls[target.url(path.chomp)] = index
+            if path.include?('{domain_name}')
+              urls[target.url(path.gsub('{domain_name}', domain_name))] = index
+              if domain_name != domain_name_with_sub
+                urls[target.url(path.gsub('{domain_name}', domain_name_with_sub))] = index + 1
+                index += 1
+              end
+            else
+              urls[target.url(path)] = index
+            end
+            index += 1
           end
           urls
         end
+        def domain_name
+          @domain_name ||= if Resolv::AddressRegex.match?(target.uri.host)
+                             target.uri.host
+                           else
+                             (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
+                           end
+        end
+        def domain_name_with_sub
+          @domain_name_with_sub ||=
+            if Resolv::AddressRegex.match?(target.uri.host)
+              target.uri.host
+            else
+              parsed = PublicSuffix.parse(target.uri.host)
+              if parsed.subdomain
+                parsed.subdomain.gsub(".#{parsed.tld}", '')
+              elsif parsed.domain
+                parsed.domain.gsub(".#{parsed.tld}", '')
+              else
+                target.uri.host
+              end
+            end
+        rescue PublicSuffix::DomainNotAllowed
+          @domain_name_with_sub = target.uri.host
+        end
         def create_progress_bar(opts = {})
           super(opts.merge(title: ' Checking DB Exports -'))
         end

data/app/finders/interesting_findings/multisite.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module WPScan
           return unless [200, 302].include?(res.code)
           return if res.code == 302 && location&.include?('wp-login.php?action=register')
-          return unless res.code == 200 || res.code == 302 && location&.include?('wp-signup.php')
+          return unless res.code == 200 || (res.code == 302 && location&.include?('wp-signup.php'))
           target.multisite = true

data/app/finders/plugin_version/readme.rb CHANGED Viewed

@@ -65,7 +65,7 @@ module WPScan
           extracted_versions.flatten!
           # must contain at least one number
-          extracted_versions = extracted_versions.select { |x| x =~ /[0-9]+/ }
+          extracted_versions = extracted_versions.grep(/[0-9]+/)
           sorted = extracted_versions.sort do |x, y|
             Gem::Version.new(x) <=> Gem::Version.new(y)

data/app/finders/users.rb CHANGED Viewed

@@ -11,6 +11,16 @@ require_relative 'users/yoast_seo_author_sitemap'
 module WPScan
   module Finders
+    # Specific Finders container to filter the usernames found
+    # and remove the ones matching ParsedCli.exclude_username if supplied
+    class UsersFinders < SameTypeFinders
+      def filter_findings
+        findings.delete_if { |user| ParsedCli.exclude_usernames.match?(user.username) } if ParsedCli.exclude_usernames
+        findings
+      end
+    end
     module Users
       # Users Finder
       class Base
@@ -28,6 +38,10 @@ module WPScan
             Users::AuthorIdBruteForcing.new(target) <<
             Users::LoginErrorMessages.new(target)
         end
+        def finders
+          @finders ||= Finders::UsersFinders.new
+        end
       end
     end
   end

data/app/finders/wp_version.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module WPScan
   module Finders
     # Specific Finders container to filter the version detected
     # and remove the one with low confidence to avoid false
-    # positive when there is not enought information to accurately
+    # positive when there is not enough information to accurately
     # determine it.
     class WpVersionFinders < UniqueFinders
       def filter_findings

data/app/models/timthumb.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module WPScan
       def vulnerabilities
         vulns = []
-        vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
+        vulns << rce_webshot_vuln if version == false || (version > '1.35' && version < '2.8.14' && webshot_enabled?)
         vulns << rce_132_vuln if version == false || version < '1.33'
         vulns

data/app/models/wp_item.rb CHANGED Viewed

@@ -162,7 +162,7 @@ module WPScan
       #
       # @return [ Typhoeus::Response ]
       def head_and_get(path, codes = [200], params = {})
-        final_path = +@path_from_blog
+        final_path = @path_from_blog.dup # @path_from_blog is set in the plugin/theme
         final_path << path unless path.nil?
         blog.head_and_get(final_path, codes, params)

data/app/views/cli/wp_version/version.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 <% if @version -%>
-<%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.capitalize %>, released on <%= @version.release_date %>).
+<%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.tr('-', '_').humanize %>, released on <%= @version.release_date %>).
 <%= render('@finding', item: @version) -%>
 <% else -%>
 <%= notice_icon %> The WordPress version could not be detected.

data/lib/wpscan/db/dynamic_finders/base.rb CHANGED Viewed

@@ -11,7 +11,11 @@ module WPScan
         # @return [ Hash ]
         def self.all_df_data
-          @all_df_data ||= YAML.safe_load(File.read(df_file), [Regexp])
+          @all_df_data ||= if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('4.0.0')
+                             YAML.safe_load(File.read(df_file), permitted_classes: [Regexp])
+                           else
+                             YAML.safe_load(File.read(df_file), [Regexp])
+                           end
         end
         # @return [ Array<Symbol> ]

data/lib/wpscan/db/updater.rb CHANGED Viewed

@@ -24,7 +24,13 @@ module WPScan
         FileUtils.mkdir_p(repo_directory.to_s) unless Dir.exist?(repo_directory.to_s)
-        raise "#{repo_directory} is not writable" unless repo_directory.writable?
+        # When --no-update is passed, return to avoid raising an error if the directory is not writable
+        # Mainly there for Homebrew: https://github.com/wpscanteam/wpscan/pull/1455
+        return if ParsedCli.update == false
+        unless repo_directory.writable?
+          raise "#{repo_directory} is not writable (uid: #{Process.uid}, gid: #{Process.gid})"
+        end
         delete_old_files
       end

data/lib/wpscan/errors/enumeration.rb CHANGED Viewed

@@ -5,16 +5,16 @@ module WPScan
     class PluginsThresholdReached < Standard
       def to_s
         "The number of plugins detected reached the threshold of #{ParsedCli.plugins_threshold} " \
-        'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
-        'option to ignore the bad responses.'
+          'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
+          'option to ignore the bad responses.'
       end
     end
     class ThemesThresholdReached < Standard
       def to_s
         "The number of themes detected reached the threshold of #{ParsedCli.themes_threshold} " \
-        'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
-        'option to ignore the bad responses.'
+          'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
+          'option to ignore the bad responses.'
       end
     end
   end

data/lib/wpscan/errors/wordpress.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module WPScan
     class WpContentDirNotDetected < Standard
       def to_s
         'Unable to identify the wp-content dir, please supply it with --wp-content-dir,' \
-        ' use the --scope option or make sure the --url value given is the correct one'
+          ' use the --scope option or make sure the --url value given is the correct one'
       end
     end

data/lib/wpscan/finders/dynamic_finder/finder.rb CHANGED Viewed

@@ -56,7 +56,9 @@ module WPScan
           homepage_result = find(target.homepage_res, opts)
-          return homepage_result unless homepage_result.nil? || homepage_result.is_a?(Array) && homepage_result&.empty?
+          unless homepage_result.nil? || (homepage_result.is_a?(Array) && homepage_result&.empty?)
+            return homepage_result
+          end
           find(target.error_404_res, opts)
         end

data/lib/wpscan/target/platform/wordpress/custom_directories.rb CHANGED Viewed

@@ -125,14 +125,14 @@ module WPScan
           return @uri.to_s unless path
           if %r{wp-content/plugins}i.match?(path)
-            path = +path.gsub('wp-content/plugins', plugins_dir)
+            new_path = path.gsub('wp-content/plugins', plugins_dir)
           elsif /wp-content/i.match?(path)
-            path = +path.gsub('wp-content', content_dir)
+            new_path = path.gsub('wp-content', content_dir)
           elsif path[0] != '/' && sub_dir
-            path = "#{sub_dir}/#{path}"
+            new_path = "#{sub_dir}/#{path}"
           end
-          super(path)
+          super(new_path || path)
         end
       end
     end

data/lib/wpscan/version.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 # Version
 module WPScan
-  VERSION = '3.8.16'
+  VERSION = '3.8.20'
 end

data/lib/wpscan.rb CHANGED Viewed

@@ -13,6 +13,7 @@ require 'uri'
 require 'time'
 require 'readline'
 require 'securerandom'
+require 'resolv'
 # Monkey Patches/Fixes/Override
 require 'wpscan/typhoeus/response' # Adds a from_vuln_api? method
 # Custom Libs

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.8.16
+  version: 3.8.20
 platform: ruby
 authors:
 - WPScanTeam
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-22 00:00:00.000000000 Z
+date: 2021-11-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.13.2
+        version: 0.13.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.13.2
+        version: 0.13.6
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -100,28 +100,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.11.0
+        version: 1.22.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.11.0
+        version: 1.22.3
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.0
+        version: 1.12.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.10.0
+        version: 1.12.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.12.0
+        version: 3.14.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.12.0
+        version: 3.14.0
 description: WPScan is a black box WordPress vulnerability scanner.
 email:
 - contact@wpscan.com
@@ -397,7 +397,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.3.1
 signing_key:
 specification_version: 4
 summary: WPScan - WordPress Vulnerability Scanner