RubyGems - wpscan - Versions diffs - 3.8.28 → 4.0.0 - Mend

wpscan 3.8.28 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

checksums.yaml +4 -4
data/README.md +104 -30
data/app/app.rb +26 -0
data/app/controllers/aliases.rb +2 -2
data/app/controllers/authenticated_inventory.rb +43 -0
data/app/controllers/core/cli_options.rb +151 -0
data/app/controllers/core.rb +200 -25
data/app/controllers/custom_directories.rb +1 -1
data/app/controllers/enumeration/cli_options.rb +21 -31
data/app/controllers/enumeration/enum_methods.rb +145 -38
data/app/controllers/enumeration.rb +26 -3
data/app/controllers/interesting_findings.rb +25 -0
data/app/controllers/main_theme.rb +1 -1
data/app/controllers/password_attack.rb +14 -6
data/app/controllers/vuln_api.rb +9 -3
data/app/controllers/wp_version.rb +1 -1
data/app/controllers.rb +1 -0
data/app/finders/backup_folders/known_locations.rb +66 -0
data/app/finders/backup_folders.rb +19 -0
data/app/finders/config_backups/known_filenames.rb +6 -4
data/app/finders/config_backups.rb +1 -1
data/app/finders/db_exports/known_locations.rb +16 -14
data/app/finders/db_exports.rb +1 -1
data/app/finders/interesting_findings/backup_db.rb +1 -1
data/app/finders/interesting_findings/debug_log.rb +1 -1
data/app/finders/interesting_findings/duplicator_installer_log.rb +1 -1
data/app/finders/interesting_findings/emergency_pwd_reset_script.rb +1 -1
data/app/finders/interesting_findings/fantastico_fileslist.rb +21 -0
data/app/finders/interesting_findings/full_path_disclosure.rb +1 -1
data/app/finders/interesting_findings/headers.rb +17 -0
data/app/finders/interesting_findings/mu_plugins.rb +1 -1
data/app/finders/interesting_findings/multisite.rb +1 -1
data/app/finders/interesting_findings/php_disabled.rb +2 -2
data/app/finders/interesting_findings/readme.rb +1 -1
data/app/finders/interesting_findings/registration.rb +1 -1
data/app/finders/interesting_findings/robots_txt.rb +20 -0
data/app/finders/interesting_findings/search_replace_db_2.rb +19 -0
data/app/finders/interesting_findings/tmm_db_migrate.rb +1 -1
data/app/finders/interesting_findings/upload_directory_listing.rb +1 -1
data/app/finders/interesting_findings/upload_sql_dump.rb +2 -2
data/app/finders/interesting_findings/wp_cron.rb +1 -1
data/app/finders/interesting_findings/xml_rpc.rb +61 -0
data/app/finders/interesting_findings.rb +13 -4
data/app/finders/main_theme/css_style_in_homepage.rb +1 -1
data/app/finders/main_theme/urls_in_homepage.rb +3 -7
data/app/finders/main_theme/woo_framework_meta_generator.rb +4 -4
data/app/finders/main_theme.rb +1 -1
data/app/finders/medias/attachment_brute_forcing.rb +2 -2
data/app/finders/medias.rb +1 -1
data/app/finders/passwords/wp_login.rb +2 -2
data/app/finders/passwords/xml_rpc.rb +2 -2
data/app/finders/passwords/xml_rpc_multicall.rb +1 -1
data/app/finders/plugin_version/readme.rb +1 -1
data/app/finders/plugin_version.rb +1 -1
data/app/finders/plugins/known_locations.rb +17 -7
data/app/finders/plugins/urls_in_homepage.rb +3 -7
data/app/finders/plugins/wp_json_api.rb +85 -0
data/app/finders/plugins.rb +2 -1
data/app/finders/theme_version/style.rb +1 -1
data/app/finders/theme_version/woo_framework_meta_generator.rb +1 -1
data/app/finders/theme_version.rb +1 -1
data/app/finders/themes/known_locations.rb +12 -6
data/app/finders/themes/urls_in_homepage.rb +3 -7
data/app/finders/themes/wp_json_api.rb +74 -0
data/app/finders/themes.rb +2 -1
data/app/finders/timthumb_version/bad_request.rb +1 -1
data/app/finders/timthumb_version.rb +1 -1
data/app/finders/timthumbs/known_locations.rb +6 -4
data/app/finders/timthumbs.rb +1 -1
data/app/finders/users/author_id_brute_forcing.rb +11 -7
data/app/finders/users/author_posts.rb +1 -1
data/app/finders/users/author_sitemap.rb +1 -1
data/app/finders/users/login_error_messages.rb +1 -1
data/app/finders/users/oembed_api.rb +3 -1
data/app/finders/users/wp_json_api.rb +11 -7
data/app/finders/users.rb +1 -1
data/app/finders/wp_version/atom_generator.rb +1 -1
data/app/finders/wp_version/rdf_generator.rb +1 -1
data/app/finders/wp_version/readme.rb +1 -1
data/app/finders/wp_version/rss_generator.rb +1 -1
data/app/finders/wp_version/unique_fingerprinting.rb +2 -2
data/app/finders/wp_version.rb +1 -1
data/app/finders.rb +1 -0
data/app/formatters/cli.rb +79 -0
data/app/formatters/cli_no_color.rb +9 -0
data/app/formatters/cli_no_colour.rb +17 -0
data/app/formatters/json.rb +14 -0
data/app/formatters/jsonl.rb +29 -0
data/app/formatters/sarif.rb +311 -0
data/app/models/backup_folder.rb +39 -0
data/app/models/fantastico_fileslist.rb +34 -0
data/app/models/headers.rb +44 -0
data/app/models/interesting_finding.rb +41 -2
data/app/models/plugin.rb +8 -2
data/app/models/robots_txt.rb +31 -0
data/app/models/search_replace_db_2.rb +17 -0
data/app/models/theme.rb +9 -2
data/app/models/timthumb.rb +2 -2
data/app/models/user.rb +35 -0
data/app/models/version.rb +49 -0
data/app/models/wp_item/wordpress_org_data.rb +55 -0
data/app/models/wp_item.rb +109 -9
data/app/models/wp_version.rb +2 -2
data/app/models/xml_rpc.rb +73 -3
data/app/models.rb +2 -1
data/app/user_agents.txt +46 -0
data/app/views/cli/core/banner.erb +3 -3
data/app/views/cli/core/finished.erb +15 -0
data/app/views/cli/core/help.erb +4 -0
data/app/views/cli/core/started.erb +11 -0
data/app/views/cli/enumeration/backup_folders.erb +11 -0
data/app/views/cli/enumeration/plugin.erb +13 -0
data/app/views/cli/enumeration/plugins.erb +1 -12
data/app/views/cli/enumeration/theme.erb +4 -0
data/app/views/cli/enumeration/themes.erb +1 -3
data/app/views/cli/enumeration/user.erb +4 -0
data/app/views/cli/enumeration/users.erb +1 -3
data/app/views/cli/finding.erb +1 -1
data/app/views/cli/interesting_findings/_array.erb +10 -0
data/app/views/cli/interesting_findings/findings.erb +23 -0
data/app/views/cli/scan_aborted.erb +5 -0
data/app/views/cli/update_aborted.erb +5 -0
data/app/views/cli/vuln_api/status.erb +2 -0
data/app/views/cli/vulnerability.erb +6 -0
data/app/views/cli/wp_item.erb +4 -1
data/app/views/json/core/banner.erb +2 -8
data/app/views/json/core/finished.erb +13 -0
data/app/views/json/core/help.erb +4 -0
data/app/views/json/core/started.erb +10 -0
data/app/views/json/enumeration/backup_folders.erb +11 -0
data/app/views/json/enumeration/plugin.erb +15 -0
data/app/views/json/enumeration/theme.erb +5 -0
data/app/views/json/enumeration/user.erb +6 -0
data/app/views/json/finding.erb +8 -2
data/app/views/json/interesting_findings/findings.erb +24 -0
data/app/views/json/notice.erb +1 -0
data/app/views/json/scan_aborted.erb +5 -0
data/app/views/json/update_aborted.erb +5 -0
data/app/views/json/vuln_api/status.erb +2 -0
data/app/views/json/wp_item.erb +4 -1
data/bin/wpscan +1 -0
data/lib/opt_parse_validator/config_files_loader_merger/base.rb +26 -0
data/lib/opt_parse_validator/config_files_loader_merger/json.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger/yml.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger.rb +62 -0
data/lib/opt_parse_validator/errors.rb +9 -0
data/lib/opt_parse_validator/hacks.rb +19 -0
data/lib/opt_parse_validator/opts/alias.rb +28 -0
data/lib/opt_parse_validator/opts/array.rb +34 -0
data/lib/opt_parse_validator/opts/base.rb +142 -0
data/lib/opt_parse_validator/opts/boolean.rb +19 -0
data/lib/opt_parse_validator/opts/choice.rb +43 -0
data/lib/opt_parse_validator/opts/credentials.rb +15 -0
data/lib/opt_parse_validator/opts/directory_path.rb +17 -0
data/lib/opt_parse_validator/opts/file_path.rb +34 -0
data/lib/opt_parse_validator/opts/headers.rb +33 -0
data/lib/opt_parse_validator/opts/integer.rb +15 -0
data/lib/opt_parse_validator/opts/integer_range.rb +37 -0
data/lib/opt_parse_validator/opts/multi_choices.rb +135 -0
data/lib/opt_parse_validator/opts/path.rb +78 -0
data/lib/opt_parse_validator/opts/positive_integer.rb +16 -0
data/lib/opt_parse_validator/opts/proxy.rb +7 -0
data/lib/opt_parse_validator/opts/regexp.rb +14 -0
data/lib/opt_parse_validator/opts/smart_list.rb +30 -0
data/lib/opt_parse_validator/opts/string.rb +8 -0
data/lib/opt_parse_validator/opts/uri.rb +41 -0
data/lib/opt_parse_validator/opts/url.rb +11 -0
data/lib/opt_parse_validator/opts.rb +9 -0
data/lib/opt_parse_validator/version.rb +6 -0
data/lib/opt_parse_validator.rb +161 -0
data/lib/wpscan/browser/actions.rb +48 -0
data/lib/wpscan/browser/options.rb +92 -0
data/lib/wpscan/browser.rb +87 -2
data/lib/wpscan/browser_authenticator.rb +64 -0
data/lib/wpscan/cache/file_store.rb +77 -0
data/lib/wpscan/cache/typhoeus.rb +25 -0
data/lib/wpscan/controller.rb +100 -4
data/lib/wpscan/controllers.rb +78 -3
data/lib/wpscan/db/dynamic_finders/base.rb +3 -7
data/lib/wpscan/db/dynamic_finders/plugin.rb +2 -2
data/lib/wpscan/db/dynamic_finders/wordpress.rb +1 -1
data/lib/wpscan/db/fingerprints.rb +2 -2
data/lib/wpscan/db/updater.rb +23 -13
data/lib/wpscan/db/vuln_api.rb +19 -7
data/lib/wpscan/db/wp_item.rb +2 -2
data/lib/wpscan/errors/enumeration.rb +4 -4
data/lib/wpscan/errors/http.rb +82 -3
data/lib/wpscan/errors/saml.rb +28 -0
data/lib/wpscan/errors/scan.rb +14 -0
data/lib/wpscan/errors/update.rb +11 -3
data/lib/wpscan/errors/vuln_api.rb +24 -0
data/lib/wpscan/errors/wordpress.rb +2 -2
data/lib/wpscan/errors/wp_auth.rb +37 -0
data/lib/wpscan/errors.rb +4 -3
data/lib/wpscan/exit_code.rb +25 -0
data/lib/wpscan/finders/base_finders.rb +45 -0
data/lib/wpscan/finders/dynamic_finder/finder.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/comment.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +3 -5
data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +3 -3
data/lib/wpscan/finders/dynamic_finder/wp_version.rb +1 -1
data/lib/wpscan/finders/finder/breadth_first_dictionary_attack.rb +257 -0
data/lib/wpscan/finders/finder/enumerator.rb +77 -0
data/lib/wpscan/finders/finder/fingerprinter.rb +48 -0
data/lib/wpscan/finders/finder/smart_url_checker/findings.rb +33 -0
data/lib/wpscan/finders/finder/smart_url_checker.rb +60 -0
data/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb +1 -1
data/lib/wpscan/finders/finder.rb +78 -0
data/lib/wpscan/finders/finding.rb +54 -0
data/lib/wpscan/finders/findings.rb +33 -0
data/lib/wpscan/finders/independent_finder.rb +33 -0
data/lib/wpscan/finders/independent_finders.rb +26 -0
data/lib/wpscan/finders/same_type_finder.rb +19 -0
data/lib/wpscan/finders/same_type_finders.rb +28 -0
data/lib/wpscan/finders/unique_finder.rb +19 -0
data/lib/wpscan/finders/unique_finders.rb +47 -0
data/lib/wpscan/finders.rb +11 -12
data/lib/wpscan/formatter/buffer.rb +17 -0
data/lib/wpscan/formatter.rb +152 -0
data/lib/wpscan/helper.rb +7 -1
data/lib/wpscan/http_status_tracking.rb +128 -0
data/lib/wpscan/numeric.rb +13 -0
data/lib/wpscan/parsed_cli.rb +31 -2
data/lib/wpscan/progressbar_null_output.rb +23 -0
data/lib/wpscan/public_suffix/domain.rb +44 -0
data/lib/wpscan/references.rb +118 -4
data/lib/wpscan/scan.rb +127 -0
data/lib/wpscan/target/hashes.rb +45 -0
data/lib/wpscan/target/platform/php.rb +124 -0
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +3 -3
data/lib/wpscan/target/platform/wordpress.rb +7 -8
data/lib/wpscan/target/platform.rb +3 -0
data/lib/wpscan/target/scope.rb +103 -0
data/lib/wpscan/target/server/apache.rb +27 -0
data/lib/wpscan/target/server/generic.rb +72 -0
data/lib/wpscan/target/server/iis.rb +29 -0
data/lib/wpscan/target/server/nginx.rb +27 -0
data/lib/wpscan/target/server.rb +6 -0
data/lib/wpscan/target.rb +129 -9
data/lib/wpscan/typhoeus/hydra.rb +12 -0
data/lib/wpscan/typhoeus/response.rb +24 -1
data/lib/wpscan/version.rb +1 -1
data/lib/wpscan/vulnerability.rb +49 -3
data/lib/wpscan/vulnerability_filter.rb +68 -0
data/lib/wpscan/vulnerable.rb +13 -1
data/lib/wpscan/web_site.rb +152 -0
data/lib/wpscan.rb +126 -29
metadata +362 -20

data/lib/opt_parse_validator/opts/integer.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Integer Option
+  class OptInteger < OptBase
+    # @param [ String ] value
+    #
+    # @return [ Integer ]
+    def validate(value)
+      raise Error, "#{value} is not an integer" if value.to_i.to_s != value
+      value.to_i
+    end
+  end
+end

data/lib/opt_parse_validator/opts/integer_range.rb ADDED Viewed

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Integer Range Option
+  class OptIntegerRange < OptBase
+    # @return [ Void ]
+    def append_help_messages
+      option << "Range separator to use: '#{separator}'"
+      super
+    end
+    # @param [ String ] value
+    #
+    # @return [ Range ]
+    def validate(value)
+      a = super.split(separator)
+      raise Error, "Incorrect number of ranges found: #{a.size}, should be 2" unless a.size == 2
+      first_integer = a.first.to_i
+      last_integer  = a.last.to_i
+      unless first_integer.to_s == a.first && last_integer.to_s == a.last
+        raise Error,
+              'Argument is not a valid integer range'
+      end
+      (first_integer..last_integer)
+    end
+    # @return [ String ]
+    def separator
+      attrs[:separator] || '-'
+    end
+  end
+end

data/lib/opt_parse_validator/opts/multi_choices.rb ADDED Viewed

@@ -0,0 +1,135 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the MultiChoices Option
+  class OptMultiChoices < OptArray
+    # @param [ Array ] option See OptBase#new
+    # @param [ Hash ] attrs
+    # @option attrs [ Hash ] :choices
+    # @option attrs [ Array<Array> ] :incompatible
+    # @options attrs [ String ] :separator See OptArray#new
+    def initialize(option, attrs = {})
+      raise Error, 'The :choices attribute is mandatory' unless attrs.key?(:choices)
+      raise Error, 'The :choices attribute must be a hash' unless attrs[:choices].is_a?(Hash)
+      super
+    end
+    def append_help_messages
+      option << 'Available Choices:'
+      append_choices_help_messages
+      super
+      append_incompatible_help_messages
+    end
+    def append_choices_help_messages
+      max_spaces = choices.keys.max_by(&:size).size
+      choices.each do |key, opt|
+        first_line_prefix  = " #{key} #{' ' * (max_spaces - key.length)}"
+        other_lines_prefix = ' ' * first_line_prefix.size
+        opt_help_messages(opt).each_with_index do |message, index|
+          option << "#{index.zero? ? first_line_prefix : other_lines_prefix} #{message}"
+        end
+      end
+    end
+    def help_message_for_default
+      msg = +''
+      default.each do |key, value|
+        msg << if value == true
+                 key.to_s.titleize
+               else
+                 "#{key.to_s.titleize}: #{value}"
+               end
+        msg << ', '
+      end
+      msg.chomp(', ')
+    end
+    # @param [ OptBase ] opt
+    #
+    # @return [ Array<String> ]
+    def opt_help_messages(opt)
+      opt.help_messages.empty? ? [opt.to_s.humanize] : opt.help_messages
+    end
+    def append_incompatible_help_messages
+      return if incompatible.empty?
+      option << 'Incompatible choices (only one of each group/s can be used):'
+      incompatible.each do |a|
+        option << " - #{a.join(', ')}"
+      end
+    end
+    # @param [ String ] value
+    #
+    # @return [ Hash ]
+    def validate(value)
+      results = {}
+      super.each do |item|
+        opt = choices[item.to_sym]
+        if opt
+          opt_value = opt.value_if_empty.nil? || opt.value_if_empty
+        else
+          opt, opt_value = value_from_pattern(item)
+        end
+        results[opt.to_sym] = opt.normalize(opt.validate(opt_value))
+      end
+      verify_compatibility(results)
+    end
+    # @return [ Array ]
+    def value_from_pattern(item)
+      choices.each do |key, opt|
+        next unless item =~ /\A#{key}(.*)\z/
+        return [opt, Regexp.last_match[1]]
+      end
+      raise Error, "Unknown choice: #{item}"
+    end
+    # @return [ Array<Array<Symbol>> ]
+    def incompatible
+      Array(attrs[:incompatible])
+    end
+    # @param [ Hash ] values
+    #
+    # @return [ Hash ]
+    def verify_compatibility(values)
+      incompatible.each do |a|
+        last_match = ''
+        a.each do |key|
+          sym = choices[key].to_sym
+          next unless values.key?(sym)
+          raise Error, "Incompatible choices detected: #{last_match}, #{key}" unless last_match.empty?
+          last_match = key
+        end
+      end
+      values
+    end
+    # No normalization
+    def normalize(value)
+      value
+    end
+  end
+end

data/lib/opt_parse_validator/opts/path.rb ADDED Viewed

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Path Option
+  class OptPath < OptBase
+    # Initialize attrs:
+    #
+    # :create     if set to true, will create the path
+    #
+    # :exists     if set to false, will ignore the file? and directory? checks
+    #
+    # :file       Check if the path is a file
+    # :directory  Check if the path is a directory
+    #
+    # :executable
+    # :readable
+    # :writable
+    #
+    # @param [ String ] value
+    #
+    # @return [ Pathname ]
+    def validate(value)
+      path = Pathname.new(value)
+      allowed_attrs.each do |key|
+        method = "check_#{key}"
+        send(method, path) if respond_to?(method) && attrs[key]
+      end
+      path
+    end
+    def allowed_attrs
+      %i[create file directory executable readable writable]
+    end
+    # check_create is implemented in the file_path and directory_path opts
+    # @param [ Pathname ] path
+    def check_file(path)
+      raise Error, "The path '#{path}' does not exist or is not a file" unless path.file? || attrs[:exists] == false
+    end
+    # @param [ Pathname ] path
+    def check_directory(path)
+      return if path.directory? || attrs[:exists] == false
+      raise Error,
+            "The path '#{path}' does not exist or is not a directory"
+    end
+    # @param [ Pathname ] path
+    def check_executable(path)
+      raise Error, "The path '#{path}' is not executable#{process_identity}" unless path.executable?
+    end
+    # @param [ Pathname ] path
+    def check_readable(path)
+      raise Error, "The path '#{path}' is not readable#{process_identity}" unless path.readable?
+    end
+    # If the path does not exist, it will check for the parent
+    # directory write permission
+    #
+    # @param [ Pathname ] path
+    def check_writable(path)
+      return unless (path.exist? && !path.writable?) || !path.parent.writable?
+      raise Error, "The path '#{path}' is not writable#{process_identity}"
+    end
+    # @return [ String ] Current process uid/gid, formatted for inclusion in error messages
+    def process_identity
+      " (uid=#{Process.uid}, gid=#{Process.gid})"
+    end
+  end
+end

data/lib/opt_parse_validator/opts/positive_integer.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Positive Integer Option
+  class OptPositiveInteger < OptInteger
+    # @param [ String ] value
+    #
+    # @return [ Integer ]
+    def validate(value)
+      i = super
+      raise Error, "#{i} is not > 0" unless i.positive?
+      i
+    end
+  end
+end

data/lib/opt_parse_validator/opts/proxy.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Proxy Option
+  class OptProxy < OptURI
+  end
+end

data/lib/opt_parse_validator/opts/regexp.rb ADDED Viewed

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the Regexp Option
+  # See http://ruby-doc.org/core-2.2.1/Regexp.html#method-c-new for expected values in :options
+  class OptRegexp < OptBase
+    # @param [ String ] value
+    #
+    # @return [ Regexp ]
+    def validate(value)
+      Regexp.new(super, attrs[:options])
+    end
+  end
+end

data/lib/opt_parse_validator/opts/smart_list.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the SmartList Option
+  # Such option allow users to supply a list like
+  # - name1
+  # - name1,name2,name3
+  # - /tmp/names.txt
+  class OptSmartList < OptArray
+    # @return [ Void ]
+    def append_help_messages
+      super
+      # removes the help message from OptArray about the separator as useless here
+      # can't use option as it's an attr_reader only
+      @option -= ["Separator to use between the values: '#{separator}'"]
+      option << "Examples: 'a1', '#{%w[a1 a2 a3].join(separator)}', '/tmp/a.txt'"
+    end
+    # @param [ String ] value
+    #
+    # @return [ Array<String> ]
+    def validate(value)
+      # Might be a better way to do this especially with a big file
+      File.open(value) { |f| f.map(&:chomp) }
+    rescue Errno::ENOENT, Errno::ENAMETOOLONG
+      super
+    end
+  end
+end

data/lib/opt_parse_validator/opts/string.rb ADDED Viewed

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Alias of OptBase
+  # Used for convenience
+  class OptString < OptBase
+  end
+end

data/lib/opt_parse_validator/opts/uri.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the URI Option
+  class OptURI < OptBase
+    # return [ Void ]
+    def append_help_messages
+      option << "Allowed Protocols: #{allowed_protocols.join(', ')}" unless allowed_protocols.empty?
+      option << "Default Protocol if none provided: #{default_protocol}" if default_protocol
+      super
+    end
+    # @return [ Array<String> ]
+    def allowed_protocols
+      @allowed_protocols ||= Array(attrs[:protocols]).map(&:downcase)
+    end
+    # The default protocol (or scheme) to use if none was given
+    def default_protocol
+      @default_protocol ||= attrs[:default_protocol]&.downcase
+    end
+    # @param [ String ] value
+    #
+    # @return [ String ]
+    def validate(value)
+      uri = Addressable::URI.parse(value)
+      uri = Addressable::URI.parse("#{default_protocol}://#{value}") if !uri.scheme && default_protocol
+      unless allowed_protocols.empty? || allowed_protocols.include?(uri.scheme&.downcase)
+        # For future refs: will have to check if the uri.scheme exists,
+        # otherwise it means that the value was empty
+        raise Addressable::URI::InvalidURIError
+      end
+      uri.to_s
+    end
+  end
+end

data/lib/opt_parse_validator/opts/url.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+module OptParseValidator
+  # Implementation of the URL Option
+  class OptURL < OptURI
+    # @return [ Array ] The allowed protocols
+    def allowed_protocols
+      %w[http https]
+    end
+  end
+end

data/lib/opt_parse_validator/opts.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+%w[
+  base string integer positive_integer choice boolean uri url proxy credentials
+  path file_path directory_path array integer_range multi_choices regexp headers
+  smart_list alias
+].each do |opt|
+  require "opt_parse_validator/opts/#{opt}"
+end

data/lib/opt_parse_validator/version.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+# Gem Version
+module OptParseValidator
+  VERSION = '1.10.1'
+end

data/lib/opt_parse_validator.rb ADDED Viewed

@@ -0,0 +1,161 @@
+# frozen_string_literal: true
+# Gems
+require 'addressable/uri'
+require 'active_support/inflector'
+require 'active_support/core_ext/hash'
+# Standard Libs
+require 'optparse'
+require 'pathname'
+# Custom Libs
+require 'opt_parse_validator/errors'
+require 'opt_parse_validator/hacks'
+require 'opt_parse_validator/opts'
+require 'opt_parse_validator/version'
+require 'opt_parse_validator/config_files_loader_merger' # Could even create a gem out of it, as completely independent
+# Gem namespace
+module OptParseValidator
+  # Validator
+  class OptParser < OptionParser
+    attr_reader :symbols_used, :opts
+    def initialize(banner = nil, width = 32, indent = ' ' * 4)
+      @results      = {}
+      @symbols_used = []
+      @opts         = []
+      super
+    end
+    # @return [ OptParseValidator::ConfigFilesLoaderMerger ]
+    def config_files
+      @config_files ||= ConfigFilesLoaderMerger.new
+    end
+    # @param [ Array<OptBase> ] options
+    #
+    # @return [ Self ] For chaining #new.add.results
+    def add(*options)
+      options.each do |option|
+        check_option(option)
+        @opts << option
+        @symbols_used << option.to_sym
+        # Set the default option value if it exists
+        # The default value is not validated as it is provided by devs
+        # and should be set to the correct format/value directly
+        @results[option.to_sym] = option.default unless option.default.nil?
+        register_callback(option)
+      end
+      self
+    end
+    # @return [ Hash ]
+    def results(argv = default_argv)
+      load_config_files
+      parse!(argv)
+      post_processing
+      @results
+    rescue StandardError => e
+      # Raise it as an OptParseValidator::Error if not already one
+      raise e.is_a?(Error) ? e.class : Error, e.message
+    end
+    # @return [ String ] The simplified help (without any of the advanced option/s listed)
+    def simple_help
+      help = to_s
+      # Removes all advanced help messages
+      @opts.select(&:advanced?).each do |opt|
+        messages_pattern = //
+        opt.help_messages.each do |msg|
+          messages_pattern = /#{messages_pattern}\s*#{Regexp.escape(msg)}/
+        end
+        pattern = /\s*#{Regexp.escape(opt.option[0..1].select { |o| o[0] == '-' }.join(', '))}#{messages_pattern}/
+        help.gsub!(pattern, '')
+      end
+      help
+    end
+    # @return [ String ] The full help, with the advanced option/s listed
+    def full_help
+      to_s
+    end
+    protected
+    # Ensures the opt given is valid
+    #
+    # @param [ OptBase ] opt
+    #
+    # @return [ void ]
+    def check_option(opt)
+      raise Error, "The option is not an OptBase, #{opt.class} supplied" unless opt.is_a?(OptBase)
+      raise Error, "The option #{opt.to_sym} is already used !" if @symbols_used.include?(opt.to_sym)
+    end
+    # @param [ OptBase ] opt
+    #
+    # @return [ void ]
+    def register_callback(opt)
+      on(*opt.option) do |arg|
+        if opt.alias?
+          parse!(opt.alias_for.split)
+        else
+          @results[opt.to_sym] = opt.normalize(opt.validate(arg))
+        end
+      rescue StandardError => e
+        # Adds the long option name to the message
+        # And raises it as an OptParseValidator::Error if not already one
+        # e.g --proxy Invalid Scheme format.
+        raise e.is_a?(Error) ? e.class : Error, "#{opt.to_long} #{e}"
+      end
+    end
+    # @return [ Void ]
+    def load_config_files
+      files_data = config_files.parse
+      @opts.each do |opt|
+        next unless files_data.key?(opt.to_sym)
+        begin
+          @results[opt.to_sym] = opt.normalize(opt.validate(files_data[opt.to_sym].to_s))
+        rescue StandardError => e
+          # Adds the long option name to the message
+          # And raises it as an OptParseValidator::Error if not already one
+          # e.g --proxy Invalid Scheme format.
+          raise e.is_a?(Error) ? e.class : Error, "#{opt.to_long} #{e}"
+        end
+      end
+    end
+    # Ensure that all required options are supplied
+    # Should be overriden to modify the behavior
+    #
+    # @return [ Void ]
+    def post_processing
+      @opts.each do |opt|
+        raise NoRequiredOption, "The option #{opt.to_long} is required" if opt.required? && !@results.key?(opt.to_sym)
+        next if opt.required_unless.empty? || @results.key?(opt.to_sym)
+        fail_msg = 'One of the following options is required: ' \
+                   "#{opt.to_long}, --#{opt.required_unless.join(', --').tr('_', '-')}"
+        raise NoRequiredOption, fail_msg unless opt.required_unless.any? do |sym|
+          @results.key?(sym)
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/browser/actions.rb ADDED Viewed

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+module WPScan
+  class Browser
+    # Browser Actions (get, post etc)
+    module Actions
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Request ]
+      def forge_request(url, params = {})
+        WPScan::Browser.instance.forge_request(url, params)
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def get(url, params = {})
+        forge_request(url, params.merge(method: :get)).run
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def post(url, params = {})
+        forge_request(url, params.merge(method: :post)).run
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def head(url, params = {})
+        forge_request(url, params.merge(method: :head)).run
+      end
+      # @param [ String ] url
+      # @param [ Hash ] params
+      #
+      # @return [ Typhoeus::Response ]
+      def get_and_follow_location(url, params = {})
+        get(url, { followlocation: true, maxredirs: 3 }.merge(params))
+      end
+    end
+  end
+end