wpscan 3.8.5 → 3.8.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 374d883728b24244fefce17ac5dc35d2fb8ae1d34b161e46cfbe4019d6bcb93e
-  data.tar.gz: e38d72546d42547c7bfe79d1883db8e7d12dc04ccfc181c572c8b395661d6b65
+  metadata.gz: 80bb171dc3d30fab68355160acacb8359681a85fb7f43ca11dc17968cb8b354f
+  data.tar.gz: ae033388eb73cbe1bc736edf32b54170cf12f0fb085ee76799fa207ca885a5d7
 SHA512:
-  metadata.gz: 8b44e8757063dfc2e9aef1a0144c07fb8e5bb4f102e7681442fbdf1b86883bc2677030564b193388f174ddb743fc4dd6ed94e7d40827e8fe28883787a7cf2ca0
-  data.tar.gz: e8149cb867feb810b996bf3df2ce1df85b7ab8e329c5b8577eb7cf9d516887935f6f6802411adbca4552ba9ac1999dcd1f32ecd4489076123dab75171865c91c
+  metadata.gz: d0023c87de0d517a6eaf08ea8faf7a1a4681cad7a217bb8ee0201aa52f2ef209f64954cde27ea7d9ea2926e24800e377c43d2a4885ed15b3439468292006fb44
+  data.tar.gz: c01434b18a3682a190cf101e3a94622742dded2b5320c03bbb15eb515056531845feea68cc119351f428a73dbd966e6c1cffeb201844daca9734289f925e7e36

data/LICENSE

@@ -27,7 +27,7 @@ Example cases which do not require a commercial license, and thus fall under the
  - Using WPScan to test your own systems.
  - Any non-commercial use of WPScan.
 
-If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
+If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - contact@wpscan.com.
 
 Free-use Terms and Conditions;
 

data/README.md

@@ -10,7 +10,7 @@
   WordPress Security Scanner
   <br>
   <br>
-  <a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress security plugin" target="_blank">WordPress Security Plugin</a>
+  <a href="https://wpscan.com/" title="homepage" target="_blank">WPScan WordPress Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress security plugin" target="_blank">WordPress Security Plugin</a>
 </p>
 
 <p align="center">
@@ -82,7 +82,7 @@ The DB is located at ~/.wpscan/db
 
 ## Vulnerability Database
 
-The WPScan CLI tool uses the [WPVulnDB API](https://wpvulndb.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPVulnDB](https://wpvulndb.com/users/sign_up). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPVulnDB](https://wpvulndb.com/).
+The WPScan CLI tool uses the [WPScan API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan](https://wpscan.com/register). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan](https://wpscan.com/).
 
 ## Load CLI options from file/s
 

data/app/controllers/password_attack.rb

@@ -19,7 +19,8 @@ module WPScan
           OptChoice.new(['--password-attack ATTACK',
                          'Force the supplied attack to be used rather than automatically determining one.'],
                         choices: %w[wp-login xmlrpc xmlrpc-multicall],
-                        normalize: %i[downcase underscore to_sym])
+                        normalize: %i[downcase underscore to_sym]),
+          OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])
         ]
       end
 

data/app/finders/interesting_findings/duplicator_installer_log.rb

@@ -9,7 +9,7 @@ module WPScan
         def aggressive(_opts = {})
           path = 'installer-log.txt'
 
-          return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
+          return unless /DUPLICATOR(-|\s)?(PRO|LITE)?:? INSTALL-LOG/i.match?(target.head_and_get(path).body)
 
           Model::DuplicatorInstallerLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
         end

data/app/finders/main_theme/urls_in_homepage.rb

@@ -13,7 +13,7 @@ module WPScan
         def passive(opts = {})
           found = []
 
-          slugs = items_from_links('themes', false) + items_from_codes('themes', false)
+          slugs = items_from_links('themes', uniq: false) + items_from_codes('themes', uniq: false)
 
           slugs.each_with_object(Hash.new(0)) { |slug, counts| counts[slug] += 1 }.each do |slug, occurences|
             found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))

data/app/finders/users.rb

@@ -6,6 +6,7 @@ require_relative 'users/oembed_api'
 require_relative 'users/rss_generator'
 require_relative 'users/author_id_brute_forcing'
 require_relative 'users/login_error_messages'
+require_relative 'users/author_sitemap'
 require_relative 'users/yoast_seo_author_sitemap'
 
 module WPScan
@@ -22,6 +23,7 @@ module WPScan
             Users::WpJsonApi.new(target) <<
             Users::OembedApi.new(target) <<
             Users::RSSGenerator.new(target) <<
+            Users::AuthorSitemap.new(target) <<
             Users::YoastSeoAuthorSitemap.new(target) <<
             Users::AuthorIdBruteForcing.new(target) <<
             Users::LoginErrorMessages.new(target)

data/app/finders/users/author_sitemap.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module Users
+      # Since WP 5.5, /wp-sitemap-users-1.xml is generated and contains
+      # the usernames of accounts who made a post
+      class AuthorSitemap < CMSScanner::Finders::Finder
+        # @param [ Hash ] opts
+        #
+        # @return [ Array<User> ]
+        def aggressive(_opts = {})
+          found = []
+
+          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
+            username = user_tag.text.to_s[%r{/author/([^/]+)/}, 1]
+
+            next unless username && !username.strip.empty?
+
+            found << Model::User.new(username,
+                                     found_by: found_by,
+                                     confidence: 100,
+                                     interesting_entries: [sitemap_url])
+          end
+
+          found
+        end
+
+        # @return [ String ] The URL of the sitemap
+        def sitemap_url
+          @sitemap_url ||= target.url('wp-sitemap-users-1.xml')
+        end
+      end
+    end
+  end
+end

data/app/finders/users/yoast_seo_author_sitemap.rb

@@ -5,27 +5,7 @@ module WPScan
     module Users
       # The YOAST SEO plugin has an author-sitemap.xml which can leak usernames
       # See https://github.com/wpscanteam/wpscan/issues/1228
-      class YoastSeoAuthorSitemap < CMSScanner::Finders::Finder
-        # @param [ Hash ] opts
-        #
-        # @return [ Array<User> ]
-        def aggressive(_opts = {})
-          found = []
-
-          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
-            username = user_tag.text.to_s[%r{/author/([^/]+)/}, 1]
-
-            next unless username && !username.strip.empty?
-
-            found << Model::User.new(username,
-                                     found_by: found_by,
-                                     confidence: 100,
-                                     interesting_entries: [sitemap_url])
-          end
-
-          found
-        end
-
+      class YoastSeoAuthorSitemap < AuthorSitemap
         # @return [ String ] The URL of the author-sitemap
         def sitemap_url
           @sitemap_url ||= target.url('author-sitemap.xml')

data/app/finders/wp_items/urls_in_page.rb

@@ -9,7 +9,7 @@ module WPScan
         # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
         #
         # @return [ Array<String> ] The plugins/themes detected in the href, src attributes of the page
-        def items_from_links(type, uniq = true)
+        def items_from_links(type, uniq: true)
           found = []
           xpath = format(
             '(//@href|//@src|//@data-src)[contains(., "%s")]',
@@ -31,7 +31,7 @@ module WPScan
         # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
         #
         # @return [Array<String> ] The plugins/themes detected in the javascript/style of the homepage
-        def items_from_codes(type, uniq = true)
+        def items_from_codes(type, uniq: true)
           found = []
 
           page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|

data/app/views/cli/vuln_api/status.erb

@@ -9,5 +9,5 @@
 <% end -%>
 <% else -%>
 <%= warning_icon %> No WPVulnDB API Token given, as a result vulnerability data has not been output.
-<%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up
+<%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpscan.com/register
 <% end -%>

data/app/views/json/vuln_api/status.erb

@@ -8,6 +8,6 @@
 "requests_remaining": <%= @status['requests_remaining'].to_json %>
 <% end -%>
 <% else -%>
-"error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up"
+"error": "No WPVulnDB API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpscan.com/register"
 <% end -%>
 },

data/lib/wpscan/db/dynamic_finders/base.rb

@@ -31,7 +31,7 @@ module WPScan
 
           finder_configs(
             finder_class,
-            Regexp.last_match[1] == 'aggressive'
+            aggressive: Regexp.last_match[1] == 'aggressive'
           )
         end
 

data/lib/wpscan/db/dynamic_finders/plugin.rb

@@ -16,7 +16,7 @@ module WPScan
         # @param [ Symbol ] finder_class
         # @param [ Boolean ] aggressive
         # @return [ Hash ]
-        def self.finder_configs(finder_class, aggressive = false)
+        def self.finder_configs(finder_class, aggressive: false)
           configs = {}
 
           return configs unless allowed_classes.include?(finder_class)

data/lib/wpscan/db/dynamic_finders/wordpress.rb

@@ -24,7 +24,7 @@ module WPScan
         # @param [ Symbol ] finder_class
         # @param [ Boolean ] aggressive
         # @return [ Hash ]
-        def self.finder_configs(finder_class, aggressive = false)
+        def self.finder_configs(finder_class, aggressive: false)
           configs = {}
 
           return configs unless allowed_classes.include?(finder_class)

data/lib/wpscan/db/vuln_api.rb

@@ -12,7 +12,7 @@ module WPScan
 
       # @return [ Addressable::URI ]
       def self.uri
-        @uri ||= Addressable::URI.parse('https://wpvulndb.com/api/v3/')
+        @uri ||= Addressable::URI.parse('https://wpscan.com/api/v3/')
       end
 
       # @param [ String ] path

data/lib/wpscan/finders/dynamic_finder/finder.rb

@@ -56,9 +56,7 @@ module WPScan
 
           homepage_result = find(target.homepage_res, opts)
 
-          if homepage_result
-            return homepage_result unless homepage_result.is_a?(Array) && homepage_result.empty?
-          end
+          return homepage_result unless homepage_result.nil? || homepage_result.is_a?(Array) && homepage_result&.empty?
 
           find(target.error_404_res, opts)
         end

data/lib/wpscan/references.rb

@@ -27,7 +27,7 @@ module WPScan
     end
 
     def wpvulndb_url(id)
-      "https://wpvulndb.com/vulnerabilities/#{id}"
+      "https://wpscan.com/vulnerability/#{id}"
     end
   end
 end

data/lib/wpscan/target/platform/wordpress.rb

@@ -139,11 +139,14 @@ module WPScan
         # the first time the method is called, and the effective_url is then used
         # if suitable, otherwise the default wp-login will be.
         #
+        # If the login_uri CLI option has been provided, it will be returne w/o redirection check.
+        #
         # @return [ String, false ] The URL to the login page or false if not detected
         def login_url
           return @login_url unless @login_url.nil?
+          return @login_url = url(ParsedCli.login_uri) if ParsedCli.login_uri
 
-          @login_url = url('wp-login.php') # TODO: url(ParsedCli.login_uri)
+          @login_url = url('wp-login.php')
 
           res = Browser.get_and_follow_location(@login_url)
 

data/lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.8.5'
+  VERSION = '3.8.10'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.8.5
+  version: 3.8.10
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-07-25 00:00:00.000000000 Z
+date: 2020-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -100,42 +100,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.88.0
+        version: 1.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.88.0
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0
+        version: 1.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.18.2
+        version: 0.19.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.18.2
+        version: 0.19.0
 - !ruby/object:Gem::Dependency
   name: simplecov-lcov
   requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.0
+        version: 3.9.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.0
+        version: 3.9.0
 description: WPScan is a black box WordPress vulnerability scanner.
 email:
 - team@wpscan.org
@@ -258,6 +258,7 @@ files:
 - app/finders/users.rb
 - app/finders/users/author_id_brute_forcing.rb
 - app/finders/users/author_posts.rb
+- app/finders/users/author_sitemap.rb
 - app/finders/users/login_error_messages.rb
 - app/finders/users/oembed_api.rb
 - app/finders/users/rss_generator.rb