wpscan 3.8.16 → 3.8.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/app/controllers/enumeration/cli_options.rb +6 -0
- data/app/finders/db_exports/known_locations.rb +44 -5
- data/app/finders/interesting_findings/multisite.rb +1 -1
- data/app/finders/plugin_version/readme.rb +1 -1
- data/app/finders/users.rb +14 -0
- data/app/finders/wp_version.rb +1 -1
- data/app/models/timthumb.rb +1 -1
- data/app/models/wp_item.rb +1 -1
- data/app/views/cli/wp_version/version.erb +1 -1
- data/lib/wpscan/db/dynamic_finders/base.rb +5 -1
- data/lib/wpscan/db/updater.rb +7 -1
- data/lib/wpscan/errors/enumeration.rb +4 -4
- data/lib/wpscan/errors/wordpress.rb +1 -1
- data/lib/wpscan/finders/dynamic_finder/finder.rb +3 -1
- data/lib/wpscan/target/platform/wordpress/custom_directories.rb +4 -4
- data/lib/wpscan/version.rb +1 -1
- data/lib/wpscan.rb +1 -0
- metadata +11 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a21125b1df131312fb9f1a9a750b6fb30935345bcbd6bce0e8bb332220fe5fae
|
|
4
|
+
data.tar.gz: ef630d83235212b53eb79f6eb617d4984758cca923492e454a1142160daf634d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 768b7694fcc3782431898f23c1562371e15b10f097383c2190fe48950c9772ab87147f341bf3c6f891b9d28edcfe1883f291f61e17ab6d3b7333725d25c20685
|
|
7
|
+
data.tar.gz: 67f2df393294add287579eede4604642253f8740aa4ecf56d19ed4fe6e5b5476d3a80e38edf7af83890d63bea1b15cad391e13c85c8952766da0afbb19726320
|
data/README.md
CHANGED
|
@@ -15,6 +15,7 @@
|
|
|
15
15
|
|
|
16
16
|
<p align="center">
|
|
17
17
|
<a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
|
|
18
|
+
<a href="https://hub.docker.com/r/wpscanteam/wpscan/" target="_blank"><img src="https://img.shields.io/docker/pulls/wpscanteam/wpscan.svg"></a>
|
|
18
19
|
<a href="https://github.com/wpscanteam/wpscan/actions?query=workflow%3ABuild" target="_blank"><img src="https://github.com/wpscanteam/wpscan/workflows/Build/badge.svg"></a>
|
|
19
20
|
<a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
|
|
20
21
|
</p>
|
|
@@ -170,6 +170,12 @@ module WPScan
|
|
|
170
170
|
['--users-detection MODE',
|
|
171
171
|
'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],
|
|
172
172
|
choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
|
|
173
|
+
),
|
|
174
|
+
OptRegexp.new(
|
|
175
|
+
[
|
|
176
|
+
'--exclude-usernames REGEXP_OR_STRING',
|
|
177
|
+
'Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.'
|
|
178
|
+
], options: Regexp::IGNORECASE
|
|
173
179
|
)
|
|
174
180
|
]
|
|
175
181
|
end
|
|
@@ -39,18 +39,57 @@ module WPScan
|
|
|
39
39
|
#
|
|
40
40
|
# @return [ Hash ]
|
|
41
41
|
def potential_urls(opts = {})
|
|
42
|
-
urls
|
|
43
|
-
|
|
42
|
+
urls = {}
|
|
43
|
+
index = 0
|
|
44
44
|
|
|
45
|
-
File.open(opts[:list]).
|
|
46
|
-
path.
|
|
45
|
+
File.open(opts[:list]).each do |path|
|
|
46
|
+
path.chomp!
|
|
47
47
|
|
|
48
|
-
|
|
48
|
+
if path.include?('{domain_name}')
|
|
49
|
+
urls[target.url(path.gsub('{domain_name}', domain_name))] = index
|
|
50
|
+
|
|
51
|
+
if domain_name != domain_name_with_sub
|
|
52
|
+
urls[target.url(path.gsub('{domain_name}', domain_name_with_sub))] = index + 1
|
|
53
|
+
|
|
54
|
+
index += 1
|
|
55
|
+
end
|
|
56
|
+
else
|
|
57
|
+
urls[target.url(path)] = index
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
index += 1
|
|
49
61
|
end
|
|
50
62
|
|
|
51
63
|
urls
|
|
52
64
|
end
|
|
53
65
|
|
|
66
|
+
def domain_name
|
|
67
|
+
@domain_name ||= if Resolv::AddressRegex.match?(target.uri.host)
|
|
68
|
+
target.uri.host
|
|
69
|
+
else
|
|
70
|
+
(PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
def domain_name_with_sub
|
|
75
|
+
@domain_name_with_sub ||=
|
|
76
|
+
if Resolv::AddressRegex.match?(target.uri.host)
|
|
77
|
+
target.uri.host
|
|
78
|
+
else
|
|
79
|
+
parsed = PublicSuffix.parse(target.uri.host)
|
|
80
|
+
|
|
81
|
+
if parsed.subdomain
|
|
82
|
+
parsed.subdomain.gsub(".#{parsed.tld}", '')
|
|
83
|
+
elsif parsed.domain
|
|
84
|
+
parsed.domain.gsub(".#{parsed.tld}", '')
|
|
85
|
+
else
|
|
86
|
+
target.uri.host
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
rescue PublicSuffix::DomainNotAllowed
|
|
90
|
+
@domain_name_with_sub = target.uri.host
|
|
91
|
+
end
|
|
92
|
+
|
|
54
93
|
def create_progress_bar(opts = {})
|
|
55
94
|
super(opts.merge(title: ' Checking DB Exports -'))
|
|
56
95
|
end
|
|
@@ -13,7 +13,7 @@ module WPScan
|
|
|
13
13
|
|
|
14
14
|
return unless [200, 302].include?(res.code)
|
|
15
15
|
return if res.code == 302 && location&.include?('wp-login.php?action=register')
|
|
16
|
-
return unless res.code == 200 || res.code == 302 && location&.include?('wp-signup.php')
|
|
16
|
+
return unless res.code == 200 || (res.code == 302 && location&.include?('wp-signup.php'))
|
|
17
17
|
|
|
18
18
|
target.multisite = true
|
|
19
19
|
|
|
@@ -65,7 +65,7 @@ module WPScan
|
|
|
65
65
|
|
|
66
66
|
extracted_versions.flatten!
|
|
67
67
|
# must contain at least one number
|
|
68
|
-
extracted_versions = extracted_versions.
|
|
68
|
+
extracted_versions = extracted_versions.grep(/[0-9]+/)
|
|
69
69
|
|
|
70
70
|
sorted = extracted_versions.sort do |x, y|
|
|
71
71
|
Gem::Version.new(x) <=> Gem::Version.new(y)
|
data/app/finders/users.rb
CHANGED
|
@@ -11,6 +11,16 @@ require_relative 'users/yoast_seo_author_sitemap'
|
|
|
11
11
|
|
|
12
12
|
module WPScan
|
|
13
13
|
module Finders
|
|
14
|
+
# Specific Finders container to filter the usernames found
|
|
15
|
+
# and remove the ones matching ParsedCli.exclude_username if supplied
|
|
16
|
+
class UsersFinders < SameTypeFinders
|
|
17
|
+
def filter_findings
|
|
18
|
+
findings.delete_if { |user| ParsedCli.exclude_usernames.match?(user.username) } if ParsedCli.exclude_usernames
|
|
19
|
+
|
|
20
|
+
findings
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
14
24
|
module Users
|
|
15
25
|
# Users Finder
|
|
16
26
|
class Base
|
|
@@ -28,6 +38,10 @@ module WPScan
|
|
|
28
38
|
Users::AuthorIdBruteForcing.new(target) <<
|
|
29
39
|
Users::LoginErrorMessages.new(target)
|
|
30
40
|
end
|
|
41
|
+
|
|
42
|
+
def finders
|
|
43
|
+
@finders ||= Finders::UsersFinders.new
|
|
44
|
+
end
|
|
31
45
|
end
|
|
32
46
|
end
|
|
33
47
|
end
|
data/app/finders/wp_version.rb
CHANGED
|
@@ -10,7 +10,7 @@ module WPScan
|
|
|
10
10
|
module Finders
|
|
11
11
|
# Specific Finders container to filter the version detected
|
|
12
12
|
# and remove the one with low confidence to avoid false
|
|
13
|
-
# positive when there is not
|
|
13
|
+
# positive when there is not enough information to accurately
|
|
14
14
|
# determine it.
|
|
15
15
|
class WpVersionFinders < UniqueFinders
|
|
16
16
|
def filter_findings
|
data/app/models/timthumb.rb
CHANGED
|
@@ -30,7 +30,7 @@ module WPScan
|
|
|
30
30
|
def vulnerabilities
|
|
31
31
|
vulns = []
|
|
32
32
|
|
|
33
|
-
vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
|
|
33
|
+
vulns << rce_webshot_vuln if version == false || (version > '1.35' && version < '2.8.14' && webshot_enabled?)
|
|
34
34
|
vulns << rce_132_vuln if version == false || version < '1.33'
|
|
35
35
|
|
|
36
36
|
vulns
|
data/app/models/wp_item.rb
CHANGED
|
@@ -162,7 +162,7 @@ module WPScan
|
|
|
162
162
|
#
|
|
163
163
|
# @return [ Typhoeus::Response ]
|
|
164
164
|
def head_and_get(path, codes = [200], params = {})
|
|
165
|
-
final_path =
|
|
165
|
+
final_path = @path_from_blog.dup # @path_from_blog is set in the plugin/theme
|
|
166
166
|
final_path << path unless path.nil?
|
|
167
167
|
|
|
168
168
|
blog.head_and_get(final_path, codes, params)
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<% if @version -%>
|
|
2
|
-
<%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.
|
|
2
|
+
<%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.tr('-', '_').humanize %>, released on <%= @version.release_date %>).
|
|
3
3
|
<%= render('@finding', item: @version) -%>
|
|
4
4
|
<% else -%>
|
|
5
5
|
<%= notice_icon %> The WordPress version could not be detected.
|
|
@@ -11,7 +11,11 @@ module WPScan
|
|
|
11
11
|
|
|
12
12
|
# @return [ Hash ]
|
|
13
13
|
def self.all_df_data
|
|
14
|
-
@all_df_data ||=
|
|
14
|
+
@all_df_data ||= if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('4.0.0')
|
|
15
|
+
YAML.safe_load(File.read(df_file), permitted_classes: [Regexp])
|
|
16
|
+
else
|
|
17
|
+
YAML.safe_load(File.read(df_file), [Regexp])
|
|
18
|
+
end
|
|
15
19
|
end
|
|
16
20
|
|
|
17
21
|
# @return [ Array<Symbol> ]
|
data/lib/wpscan/db/updater.rb
CHANGED
|
@@ -24,7 +24,13 @@ module WPScan
|
|
|
24
24
|
|
|
25
25
|
FileUtils.mkdir_p(repo_directory.to_s) unless Dir.exist?(repo_directory.to_s)
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
# When --no-update is passed, return to avoid raising an error if the directory is not writable
|
|
28
|
+
# Mainly there for Homebrew: https://github.com/wpscanteam/wpscan/pull/1455
|
|
29
|
+
return if ParsedCli.update == false
|
|
30
|
+
|
|
31
|
+
unless repo_directory.writable?
|
|
32
|
+
raise "#{repo_directory} is not writable (uid: #{Process.uid}, gid: #{Process.gid})"
|
|
33
|
+
end
|
|
28
34
|
|
|
29
35
|
delete_old_files
|
|
30
36
|
end
|
|
@@ -5,16 +5,16 @@ module WPScan
|
|
|
5
5
|
class PluginsThresholdReached < Standard
|
|
6
6
|
def to_s
|
|
7
7
|
"The number of plugins detected reached the threshold of #{ParsedCli.plugins_threshold} " \
|
|
8
|
-
|
|
9
|
-
|
|
8
|
+
'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
|
|
9
|
+
'option to ignore the bad responses.'
|
|
10
10
|
end
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
class ThemesThresholdReached < Standard
|
|
14
14
|
def to_s
|
|
15
15
|
"The number of themes detected reached the threshold of #{ParsedCli.themes_threshold} " \
|
|
16
|
-
|
|
17
|
-
|
|
16
|
+
'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
|
|
17
|
+
'option to ignore the bad responses.'
|
|
18
18
|
end
|
|
19
19
|
end
|
|
20
20
|
end
|
|
@@ -26,7 +26,7 @@ module WPScan
|
|
|
26
26
|
class WpContentDirNotDetected < Standard
|
|
27
27
|
def to_s
|
|
28
28
|
'Unable to identify the wp-content dir, please supply it with --wp-content-dir,' \
|
|
29
|
-
|
|
29
|
+
' use the --scope option or make sure the --url value given is the correct one'
|
|
30
30
|
end
|
|
31
31
|
end
|
|
32
32
|
|
|
@@ -56,7 +56,9 @@ module WPScan
|
|
|
56
56
|
|
|
57
57
|
homepage_result = find(target.homepage_res, opts)
|
|
58
58
|
|
|
59
|
-
|
|
59
|
+
unless homepage_result.nil? || (homepage_result.is_a?(Array) && homepage_result&.empty?)
|
|
60
|
+
return homepage_result
|
|
61
|
+
end
|
|
60
62
|
|
|
61
63
|
find(target.error_404_res, opts)
|
|
62
64
|
end
|
|
@@ -125,14 +125,14 @@ module WPScan
|
|
|
125
125
|
return @uri.to_s unless path
|
|
126
126
|
|
|
127
127
|
if %r{wp-content/plugins}i.match?(path)
|
|
128
|
-
|
|
128
|
+
new_path = path.gsub('wp-content/plugins', plugins_dir)
|
|
129
129
|
elsif /wp-content/i.match?(path)
|
|
130
|
-
|
|
130
|
+
new_path = path.gsub('wp-content', content_dir)
|
|
131
131
|
elsif path[0] != '/' && sub_dir
|
|
132
|
-
|
|
132
|
+
new_path = "#{sub_dir}/#{path}"
|
|
133
133
|
end
|
|
134
134
|
|
|
135
|
-
super(path)
|
|
135
|
+
super(new_path || path)
|
|
136
136
|
end
|
|
137
137
|
end
|
|
138
138
|
end
|
data/lib/wpscan/version.rb
CHANGED
data/lib/wpscan.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.8.
|
|
4
|
+
version: 3.8.20
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.13.
|
|
19
|
+
version: 0.13.6
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.13.
|
|
26
|
+
version: 0.13.6
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,28 +100,28 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.22.3
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.22.3
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rubocop-performance
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: 1.12.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: 1.12.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: simplecov
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -170,14 +170,14 @@ dependencies:
|
|
|
170
170
|
requirements:
|
|
171
171
|
- - "~>"
|
|
172
172
|
- !ruby/object:Gem::Version
|
|
173
|
-
version: 3.
|
|
173
|
+
version: 3.14.0
|
|
174
174
|
type: :development
|
|
175
175
|
prerelease: false
|
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
177
|
requirements:
|
|
178
178
|
- - "~>"
|
|
179
179
|
- !ruby/object:Gem::Version
|
|
180
|
-
version: 3.
|
|
180
|
+
version: 3.14.0
|
|
181
181
|
description: WPScan is a black box WordPress vulnerability scanner.
|
|
182
182
|
email:
|
|
183
183
|
- contact@wpscan.com
|
|
@@ -397,7 +397,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
397
397
|
- !ruby/object:Gem::Version
|
|
398
398
|
version: '0'
|
|
399
399
|
requirements: []
|
|
400
|
-
rubygems_version: 3.0.3
|
|
400
|
+
rubygems_version: 3.0.3.1
|
|
401
401
|
signing_key:
|
|
402
402
|
specification_version: 4
|
|
403
403
|
summary: WPScan - WordPress Vulnerability Scanner
|