wpscan 3.8.6 → 3.8.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +1 -1
- data/README.md +4 -4
- data/app/controllers/password_attack.rb +2 -1
- data/app/controllers/vuln_api.rb +5 -2
- data/app/finders/interesting_findings/duplicator_installer_log.rb +1 -1
- data/app/views/cli/vuln_api/status.erb +4 -4
- data/app/views/json/vuln_api/status.erb +1 -1
- data/lib/wpscan/browser.rb +1 -1
- data/lib/wpscan/db/vuln_api.rb +6 -4
- data/lib/wpscan/finders/dynamic_finder/finder.rb +1 -3
- data/lib/wpscan/references.rb +1 -1
- data/lib/wpscan/target/platform/wordpress.rb +10 -9
- data/lib/wpscan/typhoeus/response.rb +2 -1
- data/lib/wpscan/version.rb +1 -1
- metadata +16 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 299c8c4ad7fc7a8e9329a891e57a6d13a2872ca0a977f49fe2070e71033e48a1
|
|
4
|
+
data.tar.gz: dcf67f4cc1770e7f97a201cc0216c7aa7fcf0d3d239834f597a822bdb30e373b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 57c0d2f83d1e6a9a33a79aae80bc0a6ee96ce938eb562db811ca55920607fbba71859f6f3aba8de97a9b900b853edb9bcd02672a14a4948301f0a083b835a13e
|
|
7
|
+
data.tar.gz: 433b89aab18df530527092bb3bb499fdf8bfcbf3043a9369744ea85aa59bb8709bc0d624ed20451103138b0e2bd86c78f8c18476378899172f450be1c2968b6d
|
data/LICENSE
CHANGED
|
@@ -27,7 +27,7 @@ Example cases which do not require a commercial license, and thus fall under the
|
|
|
27
27
|
- Using WPScan to test your own systems.
|
|
28
28
|
- Any non-commercial use of WPScan.
|
|
29
29
|
|
|
30
|
-
If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us -
|
|
30
|
+
If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - contact@wpscan.com.
|
|
31
31
|
|
|
32
32
|
Free-use Terms and Conditions;
|
|
33
33
|
|
data/README.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<p align="center">
|
|
2
|
-
<a href="https://wpscan.
|
|
2
|
+
<a href="https://wpscan.com/">
|
|
3
3
|
<img src="https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png" alt="WPScan logo">
|
|
4
4
|
</a>
|
|
5
5
|
</p>
|
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
WordPress Security Scanner
|
|
11
11
|
<br>
|
|
12
12
|
<br>
|
|
13
|
-
<a href="https://wpscan.
|
|
13
|
+
<a href="https://wpscan.com/" title="homepage" target="_blank">WPScan WordPress Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress security plugin" target="_blank">WordPress Security Plugin</a>
|
|
14
14
|
</p>
|
|
15
15
|
|
|
16
16
|
<p align="center">
|
|
@@ -82,7 +82,7 @@ The DB is located at ~/.wpscan/db
|
|
|
82
82
|
|
|
83
83
|
## Vulnerability Database
|
|
84
84
|
|
|
85
|
-
The WPScan CLI tool uses the [
|
|
85
|
+
The WPScan CLI tool uses the [WPScan API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan](https://wpscan.com/register). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan](https://wpscan.com/).
|
|
86
86
|
|
|
87
87
|
## Load CLI options from file/s
|
|
88
88
|
|
|
@@ -176,7 +176,7 @@ Example cases which do not require a commercial license, and thus fall under the
|
|
|
176
176
|
- Using WPScan to test your own systems.
|
|
177
177
|
- Any non-commercial use of WPScan.
|
|
178
178
|
|
|
179
|
-
If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us -
|
|
179
|
+
If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - contact@wpscan.com.
|
|
180
180
|
|
|
181
181
|
Free-use Terms and Conditions;
|
|
182
182
|
|
|
@@ -19,7 +19,8 @@ module WPScan
|
|
|
19
19
|
OptChoice.new(['--password-attack ATTACK',
|
|
20
20
|
'Force the supplied attack to be used rather than automatically determining one.'],
|
|
21
21
|
choices: %w[wp-login xmlrpc xmlrpc-multicall],
|
|
22
|
-
normalize: %i[downcase underscore to_sym])
|
|
22
|
+
normalize: %i[downcase underscore to_sym]),
|
|
23
|
+
OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])
|
|
23
24
|
]
|
|
24
25
|
end
|
|
25
26
|
|
data/app/controllers/vuln_api.rb
CHANGED
|
@@ -8,7 +8,10 @@ module WPScan
|
|
|
8
8
|
|
|
9
9
|
def cli_options
|
|
10
10
|
[
|
|
11
|
-
OptString.new(
|
|
11
|
+
OptString.new(
|
|
12
|
+
['--api-token TOKEN',
|
|
13
|
+
'The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile']
|
|
14
|
+
)
|
|
12
15
|
]
|
|
13
16
|
end
|
|
14
17
|
|
|
@@ -19,7 +22,7 @@ module WPScan
|
|
|
19
22
|
|
|
20
23
|
api_status = DB::VulnApi.status
|
|
21
24
|
|
|
22
|
-
raise Error::InvalidApiToken if api_status['
|
|
25
|
+
raise Error::InvalidApiToken if api_status['status'] == 'forbidden'
|
|
23
26
|
raise Error::ApiLimitReached if api_status['requests_remaining'] == 0
|
|
24
27
|
raise api_status['http_error'] if api_status['http_error']
|
|
25
28
|
end
|
|
@@ -9,7 +9,7 @@ module WPScan
|
|
|
9
9
|
def aggressive(_opts = {})
|
|
10
10
|
path = 'installer-log.txt'
|
|
11
11
|
|
|
12
|
-
return unless /DUPLICATOR INSTALL-LOG
|
|
12
|
+
return unless /DUPLICATOR(-|\s)?(PRO|LITE)?:? INSTALL-LOG/i.match?(target.head_and_get(path).body)
|
|
13
13
|
|
|
14
14
|
Model::DuplicatorInstallerLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
|
|
15
15
|
end
|
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
<% unless @status.empty? -%>
|
|
2
2
|
<% if @status['http_error'] -%>
|
|
3
|
-
<%= critical_icon %>
|
|
3
|
+
<%= critical_icon %> WPScan DB API, <%= @status['http_error'].to_s %>
|
|
4
4
|
<% else -%>
|
|
5
|
-
<%= info_icon %>
|
|
5
|
+
<%= info_icon %> WPScan DB API OK
|
|
6
6
|
| Plan: <%= @status['plan'] %>
|
|
7
7
|
| Requests Done (during the scan): <%= @api_requests %>
|
|
8
8
|
| Requests Remaining: <%= @status['requests_remaining'] %>
|
|
9
9
|
<% end -%>
|
|
10
10
|
<% else -%>
|
|
11
|
-
<%= warning_icon %> No
|
|
12
|
-
<%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://
|
|
11
|
+
<%= warning_icon %> No WPScan API Token given, as a result vulnerability data has not been output.
|
|
12
|
+
<%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpscan.com/register
|
|
13
13
|
<% end -%>
|
|
@@ -8,6 +8,6 @@
|
|
|
8
8
|
"requests_remaining": <%= @status['requests_remaining'].to_json %>
|
|
9
9
|
<% end -%>
|
|
10
10
|
<% else -%>
|
|
11
|
-
"error": "No
|
|
11
|
+
"error": "No WPScan API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpscan.com/register"
|
|
12
12
|
<% end -%>
|
|
13
13
|
},
|
data/lib/wpscan/browser.rb
CHANGED
data/lib/wpscan/db/vuln_api.rb
CHANGED
|
@@ -4,7 +4,7 @@ module WPScan
|
|
|
4
4
|
module DB
|
|
5
5
|
# WPVulnDB API
|
|
6
6
|
class VulnApi
|
|
7
|
-
NON_ERROR_CODES = [200,
|
|
7
|
+
NON_ERROR_CODES = [200, 403].freeze
|
|
8
8
|
|
|
9
9
|
class << self
|
|
10
10
|
attr_accessor :token
|
|
@@ -12,7 +12,7 @@ module WPScan
|
|
|
12
12
|
|
|
13
13
|
# @return [ Addressable::URI ]
|
|
14
14
|
def self.uri
|
|
15
|
-
@uri ||= Addressable::URI.parse('https://
|
|
15
|
+
@uri ||= Addressable::URI.parse('https://wpscan.com/api/v3/')
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
# @param [ String ] path
|
|
@@ -26,7 +26,7 @@ module WPScan
|
|
|
26
26
|
# Typhoeus.get is used rather than Browser.get to avoid merging irrelevant params from the CLI
|
|
27
27
|
res = Typhoeus.get(uri.join(path), default_request_params.merge(params))
|
|
28
28
|
|
|
29
|
-
return {} if res.code == 404
|
|
29
|
+
return {} if res.code == 404 || res.code == 429
|
|
30
30
|
return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)
|
|
31
31
|
|
|
32
32
|
raise Error::HTTP, res
|
|
@@ -34,6 +34,8 @@ module WPScan
|
|
|
34
34
|
retries ||= 0
|
|
35
35
|
|
|
36
36
|
if (retries += 1) <= 3
|
|
37
|
+
@default_request_params[:headers]['X-Retry'] = retries
|
|
38
|
+
|
|
37
39
|
sleep(1)
|
|
38
40
|
retry
|
|
39
41
|
end
|
|
@@ -68,7 +70,7 @@ module WPScan
|
|
|
68
70
|
# @return [ Hash ]
|
|
69
71
|
# @note Those params can not be overriden by CLI options
|
|
70
72
|
def self.default_request_params
|
|
71
|
-
Browser.instance.default_connect_request_params.merge(
|
|
73
|
+
@default_request_params ||= Browser.instance.default_connect_request_params.merge(
|
|
72
74
|
headers: {
|
|
73
75
|
'User-Agent' => Browser.instance.default_user_agent,
|
|
74
76
|
'Authorization' => "Token token=#{token}"
|
|
@@ -56,9 +56,7 @@ module WPScan
|
|
|
56
56
|
|
|
57
57
|
homepage_result = find(target.homepage_res, opts)
|
|
58
58
|
|
|
59
|
-
|
|
60
|
-
return homepage_result unless homepage_result.is_a?(Array) && homepage_result.empty?
|
|
61
|
-
end
|
|
59
|
+
return homepage_result unless homepage_result.nil? || homepage_result.is_a?(Array) && homepage_result&.empty?
|
|
62
60
|
|
|
63
61
|
find(target.error_404_res, opts)
|
|
64
62
|
end
|
data/lib/wpscan/references.rb
CHANGED
|
@@ -11,9 +11,10 @@ module WPScan
|
|
|
11
11
|
module WordPress
|
|
12
12
|
include CMSScanner::Target::Platform::PHP
|
|
13
13
|
|
|
14
|
-
WORDPRESS_PATTERN
|
|
15
|
-
|
|
16
|
-
|
|
14
|
+
WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|(?:mu-)?plugins|uploads))|wp-includes)/}i.freeze
|
|
15
|
+
WORDPRESS_HOSTED_PATTERN = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
|
|
16
|
+
WP_JSON_OEMBED_PATTERN = %r{/wp-json/oembed/}i.freeze
|
|
17
|
+
WP_ADMIN_AJAX_PATTERN = %r{\\?/wp-admin\\?/admin-ajax\.php}i.freeze
|
|
17
18
|
|
|
18
19
|
# These methods are used in the associated interesting_findings finders
|
|
19
20
|
# to keep the boolean state of the finding rather than re-check the whole thing again
|
|
@@ -103,11 +104,8 @@ module WPScan
|
|
|
103
104
|
return true if /\.wordpress\.com$/i.match?(uri.host)
|
|
104
105
|
|
|
105
106
|
unless content_dir
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
uris_from_page(homepage_res, xpath) do |uri|
|
|
110
|
-
return true if uri.to_s.match?(pattern)
|
|
107
|
+
uris_from_page(homepage_res, '(//@href|//@src)[contains(., "wp.com")]') do |uri|
|
|
108
|
+
return true if uri.to_s.match?(WORDPRESS_HOSTED_PATTERN)
|
|
111
109
|
end
|
|
112
110
|
end
|
|
113
111
|
|
|
@@ -139,11 +137,14 @@ module WPScan
|
|
|
139
137
|
# the first time the method is called, and the effective_url is then used
|
|
140
138
|
# if suitable, otherwise the default wp-login will be.
|
|
141
139
|
#
|
|
140
|
+
# If the login_uri CLI option has been provided, it will be returne w/o redirection check.
|
|
141
|
+
#
|
|
142
142
|
# @return [ String, false ] The URL to the login page or false if not detected
|
|
143
143
|
def login_url
|
|
144
144
|
return @login_url unless @login_url.nil?
|
|
145
|
+
return @login_url = url(ParsedCli.login_uri) if ParsedCli.login_uri
|
|
145
146
|
|
|
146
|
-
@login_url = url('wp-login.php')
|
|
147
|
+
@login_url = url('wp-login.php')
|
|
147
148
|
|
|
148
149
|
res = Browser.get_and_follow_location(@login_url)
|
|
149
150
|
|
|
@@ -7,7 +7,8 @@ module Typhoeus
|
|
|
7
7
|
#
|
|
8
8
|
# @return [ Boolean ]
|
|
9
9
|
def from_vuln_api?
|
|
10
|
-
effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) &&
|
|
10
|
+
effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) &&
|
|
11
|
+
!effective_url.start_with?(WPScan::DB::VulnApi.uri.join('status').to_s)
|
|
11
12
|
end
|
|
12
13
|
end
|
|
13
14
|
end
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.8.
|
|
4
|
+
version: 3.8.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-12-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 0.
|
|
47
|
+
version: 1.0.0
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 0.
|
|
54
|
+
version: 1.0.0
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rake
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -72,14 +72,14 @@ dependencies:
|
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: 3.
|
|
75
|
+
version: 3.10.0
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: 3.
|
|
82
|
+
version: 3.10.0
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: rspec-its
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,42 +100,42 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version:
|
|
103
|
+
version: 1.6.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
110
|
+
version: 1.6.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rubocop-performance
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: 1.9.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: 1.9.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: simplecov
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 0.
|
|
131
|
+
version: 0.20.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 0.
|
|
138
|
+
version: 0.20.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: simplecov-lcov
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -170,17 +170,17 @@ dependencies:
|
|
|
170
170
|
requirements:
|
|
171
171
|
- - "~>"
|
|
172
172
|
- !ruby/object:Gem::Version
|
|
173
|
-
version: 3.
|
|
173
|
+
version: 3.10.0
|
|
174
174
|
type: :development
|
|
175
175
|
prerelease: false
|
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
177
|
requirements:
|
|
178
178
|
- - "~>"
|
|
179
179
|
- !ruby/object:Gem::Version
|
|
180
|
-
version: 3.
|
|
180
|
+
version: 3.10.0
|
|
181
181
|
description: WPScan is a black box WordPress vulnerability scanner.
|
|
182
182
|
email:
|
|
183
|
-
-
|
|
183
|
+
- contact@wpscan.com
|
|
184
184
|
executables:
|
|
185
185
|
- wpscan
|
|
186
186
|
extensions: []
|
|
@@ -377,7 +377,7 @@ files:
|
|
|
377
377
|
- lib/wpscan/version.rb
|
|
378
378
|
- lib/wpscan/vulnerability.rb
|
|
379
379
|
- lib/wpscan/vulnerable.rb
|
|
380
|
-
homepage: https://wpscan.
|
|
380
|
+
homepage: https://wpscan.com/wordpress-security-scanner
|
|
381
381
|
licenses:
|
|
382
382
|
- Dual
|
|
383
383
|
metadata: {}
|