wpscan 3.0.4 → 3.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/brute_force.rb +0 -2
- data/app/controllers/enumeration.rb +1 -1
- data/app/controllers/enumeration/cli_options.rb +22 -2
- data/app/controllers/enumeration/enum_methods.rb +9 -5
- data/app/finders/interesting_findings.rb +2 -1
- data/app/finders/interesting_findings/emergency_pwd_reset_script.rb +25 -0
- data/app/models/plugin.rb +1 -1
- data/app/models/theme.rb +2 -2
- data/app/models/timthumb.rb +4 -5
- data/app/models/wp_item.rb +5 -5
- data/app/views/cli/enumeration/config_backups.erb +2 -2
- data/lib/wpscan/db/updater.rb +0 -2
- data/lib/wpscan/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d9fd4bc758b868aa36848d44911b54335efdaefc
|
|
4
|
+
data.tar.gz: e02f0a0f89271384cd00a1d9ab760205c5bd1837
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 955e80f693240687635f34d3b7081a302c452511e6d4191624edae196b7395f08759206b9aefc56f95449eccd5bdb9b91e6e48b613d9a27c681e1370759ed6bd
|
|
7
|
+
data.tar.gz: 9944fa88fba74980f74df6225dd47a2cf2d419eb02da52cf844f296ab729b58a3c7d747d623614bd950832a680352d5fbd9de0c3d0eb0e8dddae3bf46c17a57f
|
|
@@ -56,7 +56,6 @@ module WPScan
|
|
|
56
56
|
# @param [ Array<String> ] passwords
|
|
57
57
|
#
|
|
58
58
|
# @yield [ User ] when a valid combination is found
|
|
59
|
-
# rubocop:disable all
|
|
60
59
|
def brute_force(users, passwords)
|
|
61
60
|
hydra = Browser.instance.hydra
|
|
62
61
|
|
|
@@ -86,7 +85,6 @@ module WPScan
|
|
|
86
85
|
hydra.run
|
|
87
86
|
end
|
|
88
87
|
end
|
|
89
|
-
# rubocop:enable all
|
|
90
88
|
|
|
91
89
|
def progress_bar(size, username)
|
|
92
90
|
ProgressBar.create(
|
|
@@ -6,7 +6,7 @@ module WPScan
|
|
|
6
6
|
# Enumeration Controller
|
|
7
7
|
class Enumeration < CMSScanner::Controller::Base
|
|
8
8
|
def before_scan
|
|
9
|
-
# Create the Dynamic Finders
|
|
9
|
+
# Create the Dynamic PluginVersion Finders
|
|
10
10
|
DB::DynamicPluginFinders.db_data.each do |name, config|
|
|
11
11
|
%w[Comments].each do |klass|
|
|
12
12
|
next unless config[klass] && config[klass]['version']
|
|
@@ -48,7 +48,17 @@ module WPScan
|
|
|
48
48
|
'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'],
|
|
49
49
|
choices: %w[mixed passive aggressive], normalize: :to_sym
|
|
50
50
|
),
|
|
51
|
-
OptBoolean.new(
|
|
51
|
+
OptBoolean.new(
|
|
52
|
+
['--plugins-version-all',
|
|
53
|
+
'Check all the plugins version locations according to the choosen mode (--detection-mode, ' \
|
|
54
|
+
'--plugins-detection and --plugins-version-detection)']
|
|
55
|
+
),
|
|
56
|
+
OptChoice.new(
|
|
57
|
+
['--plugins-version-detection MODE',
|
|
58
|
+
'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
|
|
59
|
+
'or --plugins-detection modes.'],
|
|
60
|
+
choices: %w[mixed passive aggressive], normalize: :to_sym
|
|
61
|
+
)
|
|
52
62
|
]
|
|
53
63
|
end
|
|
54
64
|
|
|
@@ -61,7 +71,17 @@ module WPScan
|
|
|
61
71
|
'Use the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode.'],
|
|
62
72
|
choices: %w[mixed passive aggressive], normalize: :to_sym
|
|
63
73
|
),
|
|
64
|
-
OptBoolean.new(
|
|
74
|
+
OptBoolean.new(
|
|
75
|
+
['--themes-version-all',
|
|
76
|
+
'Check all the themes version locations according to the choosen mode (--detection-mode, ' \
|
|
77
|
+
'--themes-detection and --themes-version-detection)']
|
|
78
|
+
),
|
|
79
|
+
OptChoice.new(
|
|
80
|
+
['--themes-version-detection MODE',
|
|
81
|
+
'Use the supplied mode to check themes versions instead of the --detection-mode ' \
|
|
82
|
+
'or --themes-detection modes.'],
|
|
83
|
+
choices: %w[mixed passive aggressive], normalize: :to_sym
|
|
84
|
+
)
|
|
65
85
|
]
|
|
66
86
|
end
|
|
67
87
|
|
|
@@ -23,10 +23,16 @@ module WPScan
|
|
|
23
23
|
#
|
|
24
24
|
# @return [ Hash ]
|
|
25
25
|
def default_opts(type)
|
|
26
|
+
mode = parsed_options[:"#{type}_detection"] || parsed_options[:detection_mode]
|
|
27
|
+
|
|
26
28
|
{
|
|
27
|
-
mode:
|
|
29
|
+
mode: mode,
|
|
28
30
|
exclude_content: parsed_options[:exclude_content_based],
|
|
29
|
-
show_progression: user_interaction
|
|
31
|
+
show_progression: user_interaction?,
|
|
32
|
+
version_detection: {
|
|
33
|
+
mode: parsed_options[:"#{type}_version_detection"] || mode,
|
|
34
|
+
confidence_threshold: parsed_options[:"#{type}_version_all"] ? 0 : 100
|
|
35
|
+
}
|
|
30
36
|
}
|
|
31
37
|
end
|
|
32
38
|
|
|
@@ -40,7 +46,6 @@ module WPScan
|
|
|
40
46
|
def enum_plugins
|
|
41
47
|
opts = default_opts('plugins').merge(
|
|
42
48
|
list: plugins_list_from_opts(parsed_options),
|
|
43
|
-
version_all: parsed_options[:plugins_version_all],
|
|
44
49
|
sort: true
|
|
45
50
|
)
|
|
46
51
|
|
|
@@ -79,7 +84,6 @@ module WPScan
|
|
|
79
84
|
def enum_themes
|
|
80
85
|
opts = default_opts('themes').merge(
|
|
81
86
|
list: themes_list_from_opts(parsed_options),
|
|
82
|
-
version_all: parsed_options[:themes_version_all],
|
|
83
87
|
sort: true
|
|
84
88
|
)
|
|
85
89
|
|
|
@@ -116,7 +120,7 @@ module WPScan
|
|
|
116
120
|
end
|
|
117
121
|
|
|
118
122
|
def enum_config_backups
|
|
119
|
-
opts = default_opts('
|
|
123
|
+
opts = default_opts('config_backups').merge(list: parsed_options[:config_backups_list])
|
|
120
124
|
|
|
121
125
|
output('@info', msg: 'Enumerating Config Backups') if user_interaction?
|
|
122
126
|
output('config_backups', config_backups: target.config_backups(opts))
|
|
@@ -9,6 +9,7 @@ require_relative 'interesting_findings/upload_sql_dump'
|
|
|
9
9
|
require_relative 'interesting_findings/full_path_disclosure'
|
|
10
10
|
require_relative 'interesting_findings/duplicator_installer_log'
|
|
11
11
|
require_relative 'interesting_findings/upload_directory_listing'
|
|
12
|
+
require_relative 'interesting_findings/emergency_pwd_reset_script'
|
|
12
13
|
|
|
13
14
|
module WPScan
|
|
14
15
|
module Finders
|
|
@@ -22,7 +23,7 @@ module WPScan
|
|
|
22
23
|
%w[
|
|
23
24
|
Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
|
|
24
25
|
Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
|
|
25
|
-
UploadSQLDump
|
|
26
|
+
UploadSQLDump EmergencyPwdResetScript
|
|
26
27
|
].each do |f|
|
|
27
28
|
finders << InterestingFindings.const_get(f).new(target)
|
|
28
29
|
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
module WPScan
|
|
2
|
+
module Finders
|
|
3
|
+
module InterestingFindings
|
|
4
|
+
# Emergency Password Reset Script finder
|
|
5
|
+
class EmergencyPwdResetScript < CMSScanner::Finders::Finder
|
|
6
|
+
# @return [ InterestingFinding ]
|
|
7
|
+
def aggressive(_opts = {})
|
|
8
|
+
url = target.url('/emergency.php')
|
|
9
|
+
res = Browser.get(url)
|
|
10
|
+
|
|
11
|
+
return unless res.code == 200 && !target.homepage_or_404?(res)
|
|
12
|
+
|
|
13
|
+
WPScan::InterestingFinding.new(
|
|
14
|
+
url,
|
|
15
|
+
confidence: res.body =~ /password/i ? 100 : 40,
|
|
16
|
+
found_by: DIRECT_ACCESS,
|
|
17
|
+
references: {
|
|
18
|
+
url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'
|
|
19
|
+
}
|
|
20
|
+
)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
data/app/models/plugin.rb
CHANGED
|
@@ -17,7 +17,7 @@ module WPScan
|
|
|
17
17
|
#
|
|
18
18
|
# @return [ WPScan::Version, false ]
|
|
19
19
|
def version(opts = {})
|
|
20
|
-
@version = Finders::PluginVersion::Base.find(self,
|
|
20
|
+
@version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
|
|
21
21
|
|
|
22
22
|
@version
|
|
23
23
|
end
|
data/app/models/theme.rb
CHANGED
|
@@ -23,7 +23,7 @@ module WPScan
|
|
|
23
23
|
#
|
|
24
24
|
# @return [ WPScan::Version, false ]
|
|
25
25
|
def version(opts = {})
|
|
26
|
-
@version = Finders::ThemeVersion::Base.find(self,
|
|
26
|
+
@version = Finders::ThemeVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
|
|
27
27
|
|
|
28
28
|
@version
|
|
29
29
|
end
|
|
@@ -37,7 +37,7 @@ module WPScan
|
|
|
37
37
|
style_url: url(Regexp.last_match[1]),
|
|
38
38
|
found_by: 'Parent Themes (Passive Detection)',
|
|
39
39
|
confidence: 100
|
|
40
|
-
)
|
|
40
|
+
).merge(version_detection: version_detection_opts)
|
|
41
41
|
|
|
42
42
|
self.class.new(template, target, opts)
|
|
43
43
|
end
|
data/app/models/timthumb.rb
CHANGED
|
@@ -3,16 +3,15 @@ module WPScan
|
|
|
3
3
|
class Timthumb < InterestingFinding
|
|
4
4
|
include Vulnerable
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
attr_reader :detection_opts
|
|
6
|
+
attr_reader :version_detection_opts
|
|
8
7
|
|
|
9
8
|
# @param [ String ] url
|
|
10
9
|
# @param [ Hash ] opts
|
|
11
|
-
# @option opts [
|
|
10
|
+
# @option opts [ Symbol ] :mode The mode to use to detect the version
|
|
12
11
|
def initialize(url, opts = {})
|
|
13
12
|
super(url, opts)
|
|
14
13
|
|
|
15
|
-
@
|
|
14
|
+
@version_detection_opts = opts[:version_detection] || {}
|
|
16
15
|
end
|
|
17
16
|
|
|
18
17
|
# @param [ Hash ] opts
|
|
@@ -20,7 +19,7 @@ module WPScan
|
|
|
20
19
|
# @return [ WPScan::Version, false ]
|
|
21
20
|
def version(opts = {})
|
|
22
21
|
if @version.nil?
|
|
23
|
-
@version = Finders::TimthumbVersion::Base.find(self,
|
|
22
|
+
@version = Finders::TimthumbVersion::Base.find(self, version_detection_opts.merge(opts))
|
|
24
23
|
end
|
|
25
24
|
|
|
26
25
|
@version
|
data/app/models/wp_item.rb
CHANGED
|
@@ -9,21 +9,21 @@ module WPScan
|
|
|
9
9
|
READMES = %w[readme.txt README.txt Readme.txt ReadMe.txt README.TXT readme.TXT].freeze
|
|
10
10
|
CHANGELOGS = %w[changelog.txt Changelog.txt ChangeLog.txt CHANGELOG.txt].freeze
|
|
11
11
|
|
|
12
|
-
attr_reader :uri, :name, :detection_opts, :target, :db_data
|
|
12
|
+
attr_reader :uri, :name, :detection_opts, :version_detection_opts, :target, :db_data
|
|
13
13
|
|
|
14
14
|
# @param [ String ] name The plugin/theme name
|
|
15
15
|
# @param [ Target ] target The targeted blog
|
|
16
16
|
# @param [ Hash ] opts
|
|
17
|
-
# @option opts [
|
|
18
|
-
# @option opts [
|
|
17
|
+
# @option opts [ Symbol ] :mode The detection mode to use
|
|
18
|
+
# @option opts [ Hash ] :version_detection The options to use when looking for the version
|
|
19
19
|
# @option opts [ String ] :url The URL of the item
|
|
20
20
|
def initialize(name, target, opts = {})
|
|
21
21
|
@name = URI.decode(name)
|
|
22
22
|
@target = target
|
|
23
23
|
@uri = Addressable::URI.parse(opts[:url]) if opts[:url]
|
|
24
24
|
|
|
25
|
-
|
|
26
|
-
@
|
|
25
|
+
@detection_opts = { mode: opts[:mode] }
|
|
26
|
+
@version_detection_opts = opts[:version_detection] || {}
|
|
27
27
|
|
|
28
28
|
parse_finding_options(opts)
|
|
29
29
|
end
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
|
|
2
2
|
<% if @config_backups.empty? -%>
|
|
3
|
-
<%= notice_icon %> No Backups Found.
|
|
3
|
+
<%= notice_icon %> No Config Backups Found.
|
|
4
4
|
<% else -%>
|
|
5
|
-
<%= notice_icon %> Backup(s) Identified:
|
|
5
|
+
<%= notice_icon %> Config Backup(s) Identified:
|
|
6
6
|
<% @config_backups.each do |config_backup| -%>
|
|
7
7
|
|
|
8
8
|
<%= info_icon %> <%= config_backup %>
|
data/lib/wpscan/db/updater.rb
CHANGED
|
@@ -112,7 +112,6 @@ module WPScan
|
|
|
112
112
|
local_file_checksum(filename)
|
|
113
113
|
end
|
|
114
114
|
|
|
115
|
-
# rubocop:disable MethodLength
|
|
116
115
|
# @return [ Array<String> ] The filenames updated
|
|
117
116
|
def update
|
|
118
117
|
updated = []
|
|
@@ -141,7 +140,6 @@ module WPScan
|
|
|
141
140
|
|
|
142
141
|
updated
|
|
143
142
|
end
|
|
144
|
-
# rubocop:enable MethodLength
|
|
145
143
|
end
|
|
146
144
|
end
|
|
147
145
|
# :nocov:
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.0.37.
|
|
19
|
+
version: 0.0.37.11
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.0.37.
|
|
26
|
+
version: 0.0.37.11
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: yajl-ruby
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -247,6 +247,7 @@ files:
|
|
|
247
247
|
- app/finders/interesting_findings/backup_db.rb
|
|
248
248
|
- app/finders/interesting_findings/debug_log.rb
|
|
249
249
|
- app/finders/interesting_findings/duplicator_installer_log.rb
|
|
250
|
+
- app/finders/interesting_findings/emergency_pwd_reset_script.rb
|
|
250
251
|
- app/finders/interesting_findings/full_path_disclosure.rb
|
|
251
252
|
- app/finders/interesting_findings/mu_plugins.rb
|
|
252
253
|
- app/finders/interesting_findings/multisite.rb
|