wpscan 3.8.17 → 3.8.18

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -0
  3. data/app/finders/db_exports/known_locations.rb +44 -5
  4. data/app/models/wp_item.rb +1 -1
  5. data/app/views/cli/wp_version/version.erb +1 -1
  6. data/lib/wpscan.rb +1 -0
  7. data/lib/wpscan/db/dynamic_finders/base.rb +5 -1
  8. data/lib/wpscan/target/platform/wordpress/custom_directories.rb +4 -4
  9. data/lib/wpscan/version.rb +1 -1
  10. metadata +11 -11
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8fd0e8ef31b7a0ec70d1b93c3c70a2e2d62278e7f8e1fd5bdf01ddcc86056a34
4
- data.tar.gz: c6309c4e33474ad9b8f27db9c8fe7ac11439dbd131bf5931fd21457b8477e390
3
+ metadata.gz: e7fc9dea6d2aa00fc366bbe8f1cde8af5668597020b0f3762aba9c8bd0f4f720
4
+ data.tar.gz: 5bd79cbef80eb57065cafab7bbf787f4d71de73052068ac37d6a407ca86b813c
5
5
  SHA512:
6
- metadata.gz: 7d647b59ec39d73f08bd72cf090ae324c91a28e9799d6e65070f3c97bdd279f007ccf561bd23787553770bd49957ddc133592484a79cac9bc99b53049f8e4d90
7
- data.tar.gz: ac0aa133d13b5365b25714222fa46684a6380cd9dc25832ba90c27e28303d18d133adf768f11777af9eb653e4ee4fbd945e56982943798135a77cf232e218802
6
+ metadata.gz: d093d424143d40bc594dc8f5ef5e6b577bdb09e8e1aff5289da2f471a1b5b7bccdde600c91700300a940281763b6b74e0b6384a23220d928b9e1edef947dac21
7
+ data.tar.gz: 4032d8268e1961adc1c767bf6857ba5ff46c929c3534955f56550af65aa6996c59e3a2ec17f2c95f8c1af6efbc992122c5cc4f6ee3c012b978e4a5a5c9446e28
data/README.md CHANGED
@@ -15,6 +15,7 @@
15
15
 
16
16
  <p align="center">
17
17
  <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
18
+ <a href="https://hub.docker.com/r/wpscanteam/wpscan/" target="_blank"><img src="https://img.shields.io/docker/pulls/wpscanteam/wpscan.svg"></a>
18
19
  <a href="https://github.com/wpscanteam/wpscan/actions?query=workflow%3ABuild" target="_blank"><img src="https://github.com/wpscanteam/wpscan/workflows/Build/badge.svg"></a>
19
20
  <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
20
21
  </p>
data/app/finders/db_exports/known_locations.rb CHANGED
@@ -39,18 +39,57 @@ module WPScan
39
39
  #
40
40
  # @return [ Hash ]
41
41
  def potential_urls(opts = {})
42
- urls = {}
43
- domain_name = (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
42
+ urls = {}
43
+ index = 0
44
44
 
45
- File.open(opts[:list]).each_with_index do |path, index|
46
- path.gsub!('{domain_name}', domain_name)
45
+ File.open(opts[:list]).each do |path|
46
+ path.chomp!
47
47
 
48
- urls[target.url(path.chomp)] = index
48
+ if path.include?('{domain_name}')
49
+ urls[target.url(path.gsub('{domain_name}', domain_name))] = index
50
+
51
+ if domain_name != domain_name_with_sub
52
+ urls[target.url(path.gsub('{domain_name}', domain_name_with_sub))] = index + 1
53
+
54
+ index += 1
55
+ end
56
+ else
57
+ urls[target.url(path)] = index
58
+ end
59
+
60
+ index += 1
49
61
  end
50
62
 
51
63
  urls
52
64
  end
53
65
 
66
+ def domain_name
67
+ @domain_name ||= if Resolv::AddressRegex.match?(target.uri.host)
68
+ target.uri.host
69
+ else
70
+ (PublicSuffix.domain(target.uri.host) || target.uri.host)[/(^[\w|-]+)/, 1]
71
+ end
72
+ end
73
+
74
+ def domain_name_with_sub
75
+ @domain_name_with_sub ||=
76
+ if Resolv::AddressRegex.match?(target.uri.host)
77
+ target.uri.host
78
+ else
79
+ parsed = PublicSuffix.parse(target.uri.host)
80
+
81
+ if parsed.subdomain
82
+ parsed.subdomain.gsub(".#{parsed.tld}", '')
83
+ elsif parsed.domain
84
+ parsed.domain.gsub(".#{parsed.tld}", '')
85
+ else
86
+ target.uri.host
87
+ end
88
+ end
89
+ rescue PublicSuffix::DomainNotAllowed
90
+ @domain_name_with_sub = target.uri.host
91
+ end
92
+
54
93
  def create_progress_bar(opts = {})
55
94
  super(opts.merge(title: ' Checking DB Exports -'))
56
95
  end
data/app/models/wp_item.rb CHANGED
@@ -162,7 +162,7 @@ module WPScan
162
162
  #
163
163
  # @return [ Typhoeus::Response ]
164
164
  def head_and_get(path, codes = [200], params = {})
165
- final_path = +@path_from_blog
165
+ final_path = @path_from_blog.dup # @path_from_blog is set in the plugin/theme
166
166
  final_path << path unless path.nil?
167
167
 
168
168
  blog.head_and_get(final_path, codes, params)
data/app/views/cli/wp_version/version.erb CHANGED
@@ -1,5 +1,5 @@
1
1
  <% if @version -%>
2
- <%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.capitalize %>, released on <%= @version.release_date %>).
2
+ <%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.tr('-', '_').humanize %>, released on <%= @version.release_date %>).
3
3
  <%= render('@finding', item: @version) -%>
4
4
  <% else -%>
5
5
  <%= notice_icon %> The WordPress version could not be detected.
data/lib/wpscan.rb CHANGED
@@ -13,6 +13,7 @@ require 'uri'
13
13
  require 'time'
14
14
  require 'readline'
15
15
  require 'securerandom'
16
+ require 'resolv'
16
17
  # Monkey Patches/Fixes/Override
17
18
  require 'wpscan/typhoeus/response' # Adds a from_vuln_api? method
18
19
  # Custom Libs
data/lib/wpscan/db/dynamic_finders/base.rb CHANGED
@@ -11,7 +11,11 @@ module WPScan
11
11
 
12
12
  # @return [ Hash ]
13
13
  def self.all_df_data
14
- @all_df_data ||= YAML.safe_load(File.read(df_file), [Regexp])
14
+ @all_df_data ||= if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('4.0.0')
15
+ YAML.safe_load(File.read(df_file), permitted_classes: [Regexp])
16
+ else
17
+ YAML.safe_load(File.read(df_file), [Regexp])
18
+ end
15
19
  end
16
20
 
17
21
  # @return [ Array<Symbol> ]
data/lib/wpscan/target/platform/wordpress/custom_directories.rb CHANGED
@@ -125,14 +125,14 @@ module WPScan
125
125
  return @uri.to_s unless path
126
126
 
127
127
  if %r{wp-content/plugins}i.match?(path)
128
- path = +path.gsub('wp-content/plugins', plugins_dir)
128
+ new_path = path.gsub('wp-content/plugins', plugins_dir)
129
129
  elsif /wp-content/i.match?(path)
130
- path = +path.gsub('wp-content', content_dir)
130
+ new_path = path.gsub('wp-content', content_dir)
131
131
  elsif path[0] != '/' && sub_dir
132
- path = "#{sub_dir}/#{path}"
132
+ new_path = "#{sub_dir}/#{path}"
133
133
  end
134
134
 
135
- super(path)
135
+ super(new_path || path)
136
136
  end
137
137
  end
138
138
  end
data/lib/wpscan/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.8.17'
5
+ VERSION = '3.8.18'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.17
4
+ version: 3.8.18
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-22 00:00:00.000000000 Z
11
+ date: 2021-06-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.13.3
19
+ version: 0.13.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.13.3
26
+ version: 0.13.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,28 +100,28 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.11.0
103
+ version: 1.16.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.11.0
110
+ version: 1.16.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rubocop-performance
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.10.0
117
+ version: 1.11.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.10.0
124
+ version: 1.11.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov
127
127
  requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: 3.12.0
173
+ version: 3.13.0
174
174
  type: :development
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: 3.12.0
180
+ version: 3.13.0
181
181
  description: WPScan is a black box WordPress vulnerability scanner.
182
182
  email:
183
183
  - contact@wpscan.com
@@ -397,7 +397,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
397
397
  - !ruby/object:Gem::Version
398
398
  version: '0'
399
399
  requirements: []
400
- rubygems_version: 3.0.3
400
+ rubygems_version: 3.0.3.1
401
401
  signing_key:
402
402
  specification_version: 4
403
403
  summary: WPScan - WordPress Vulnerability Scanner