wpscan 3.6.1 → 3.6.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (15) hide show
  1. checksums.yaml +4 -4
  2. data/app/finders/db_exports/known_locations.rb +2 -2
  3. data/app/finders/interesting_findings/duplicator_installer_log.rb +1 -1
  4. data/app/finders/interesting_findings/mu_plugins.rb +1 -1
  5. data/app/finders/interesting_findings/upload_sql_dump.rb +1 -1
  6. data/app/finders/plugin_version/readme.rb +1 -1
  7. data/app/finders/plugins/body_pattern.rb +1 -1
  8. data/app/finders/plugins/comment.rb +1 -1
  9. data/app/finders/timthumbs/known_locations.rb +1 -1
  10. data/app/finders/users/login_error_messages.rb +1 -1
  11. data/lib/wpscan/db/updater.rb +1 -1
  12. data/lib/wpscan/helper.rb +1 -1
  13. data/lib/wpscan/target/platform/wordpress.rb +1 -1
  14. data/lib/wpscan/version.rb +1 -1
  15. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 459148fa0c668df5a304b762d29083116206143351b769300d518500a9a87e3b
4
- data.tar.gz: 4a641fb29db8caf1a5dd33b48112bc167683b5d508416f5843e7d40a2a729884
3
+ metadata.gz: eba446cae860a55c001b36f276acfb9ecc8ae167ff15de5d28320ce6a2dc232f
4
+ data.tar.gz: ced188b66638904c0af191268dc2285e8ceac4872d866623844d1359a38c42da
5
5
  SHA512:
6
- metadata.gz: 96783cf55c79ff8221d20a8c55f8a29ccd1032e8ca83d55a16aebeae2fd791bd6c02e695a6ddbc03afe80a143dfe0b3bc213f93c8345bf39396a43d1baef6b12
7
- data.tar.gz: 0f6dfee9fc37092b97fdc5976d170bb6126683ee640a3ae3ab244a7b8c6d3767d61f5338427c489f72592e317c844cb1bdfcf6ff23599274332ca878bf205f23
6
+ metadata.gz: ee4e0c44dcdd7d48b45dde56df7e4696a1171c426f5bc12002095fd073e6180753e3d7c4da60f62c97bb2f058bb6dc7f40567e53badb300945878c344ec9c7c5
7
+ data.tar.gz: 16ffdb8cfcdb41ed530a10f5488e6c68a0f4116ba44fd537c6ffd3419ee0727ea36689f7fa9c612f9cfebd96861358123510d65b9cec4de5d6cedecca733a016
data/app/finders/db_exports/known_locations.rb CHANGED
@@ -20,9 +20,9 @@ module WPScan
20
20
 
21
21
  enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
22
22
  if res.effective_url.end_with?('.zip')
23
- next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
23
+ next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
24
24
  else
25
- next unless res.body =~ SQL_PATTERN
25
+ next unless SQL_PATTERN.match?(res.body)
26
26
  end
27
27
 
28
28
  found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
data/app/finders/interesting_findings/duplicator_installer_log.rb CHANGED
@@ -9,7 +9,7 @@ module WPScan
9
9
  def aggressive(_opts = {})
10
10
  path = 'installer-log.txt'
11
11
 
12
- return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/
12
+ return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
13
13
 
14
14
  Model::DuplicatorInstallerLog.new(
15
15
  target.url(path),
data/app/finders/interesting_findings/mu_plugins.rb CHANGED
@@ -10,7 +10,7 @@ module WPScan
10
10
  pattern = %r{#{target.content_dir}/mu\-plugins/}i
11
11
 
12
12
  target.in_scope_uris(target.homepage_res) do |uri|
13
- next unless uri.path =~ pattern
13
+ next unless uri.path&.match?(pattern)
14
14
 
15
15
  url = target.url('wp-content/mu-plugins/')
16
16
 
data/app/finders/interesting_findings/upload_sql_dump.rb CHANGED
@@ -12,7 +12,7 @@ module WPScan
12
12
  path = 'wp-content/uploads/dump.sql'
13
13
  res = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })
14
14
 
15
- return unless res.body =~ SQL_PATTERN
15
+ return unless SQL_PATTERN.match?(res.body)
16
16
 
17
17
  Model::UploadSQLDump.new(
18
18
  target.url(path),
data/app/finders/plugin_version/readme.rb CHANGED
@@ -52,7 +52,7 @@ module WPScan
52
52
 
53
53
  number = Regexp.last_match[1]
54
54
 
55
- number if number =~ /[0-9]+/
55
+ number if /[0-9]+/.match?(number)
56
56
  end
57
57
 
58
58
  # @param [ String ] body
data/app/finders/plugins/body_pattern.rb CHANGED
@@ -15,7 +15,7 @@ module WPScan
15
15
  #
16
16
  # @return [ Plugin ] The detected plugin in the response, related to the config
17
17
  def process_response(opts, response, slug, klass, config)
18
- return unless response.body =~ config['pattern']
18
+ return unless response.body&.match?(config['pattern'])
19
19
 
20
20
  Model::Plugin.new(
21
21
  slug,
data/app/finders/plugins/comment.rb CHANGED
@@ -18,7 +18,7 @@ module WPScan
18
18
  response.html.xpath(config['xpath'] || '//comment()').each do |node|
19
19
  comment = node.text.to_s.strip
20
20
 
21
- next unless comment =~ config['pattern']
21
+ next unless comment&.match?(config['pattern'])
22
22
 
23
23
  return Model::Plugin.new(
24
24
  slug,
data/app/finders/timthumbs/known_locations.rb CHANGED
@@ -22,7 +22,7 @@ module WPScan
22
22
  found = []
23
23
 
24
24
  enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
25
- next unless res.body =~ /no image specified/i
25
+ next unless /no image specified/i.match?(res.body)
26
26
 
27
27
  found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
28
28
  end
data/app/finders/users/login_error_messages.rb CHANGED
@@ -24,7 +24,7 @@ module WPScan
24
24
 
25
25
  return found if error.empty? # Protection plugin / error disabled
26
26
 
27
- next unless error =~ /The password you entered for the username|Incorrect Password/i
27
+ next unless /The password you entered for the username|Incorrect Password/i.match?(error)
28
28
 
29
29
  found << Model::User.new(username, found_by: found_by, confidence: 100)
30
30
  end
data/lib/wpscan/db/updater.rb CHANGED
@@ -69,7 +69,7 @@ module WPScan
69
69
  connecttimeout: 300,
70
70
  accept_encoding: 'gzip, deflate',
71
71
  cache_ttl: 0,
72
- headers: { 'User-Agent' => Browser.instance.default_user_agent }
72
+ headers: { 'User-Agent' => Browser.instance.default_user_agent, 'Referer' => nil }
73
73
  }
74
74
  end
75
75
 
data/lib/wpscan/helper.rb CHANGED
@@ -14,7 +14,7 @@ end
14
14
  # @return [ Symbol ]
15
15
  def classify_slug(slug)
16
16
  classified = slug.to_s.gsub(/[^a-z\d\-]/i, '-').gsub(/\-{1,}/, '_').camelize.to_s
17
- classified = "D_#{classified}" if classified[0] =~ /\d/
17
+ classified = "D_#{classified}" if /\d/.match?(classified[0])
18
18
 
19
19
  classified.to_sym
20
20
  end
data/lib/wpscan/target/platform/wordpress.rb CHANGED
@@ -29,7 +29,7 @@ module WPScan
29
29
  end
30
30
 
31
31
  homepage_res.html.css('meta[name="generator"]').each do |node|
32
- return true if node['content'] =~ /wordpress/i
32
+ return true if /wordpress/i.match?(node['content'])
33
33
  end
34
34
 
35
35
  return true unless comments_from_page(/wordpress/i, homepage_res).empty?
data/lib/wpscan/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.6.1'
5
+ VERSION = '3.6.2'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.6.1
4
+ version: 3.6.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-07-23 00:00:00.000000000 Z
11
+ date: 2019-07-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.5.4
19
+ version: 0.5.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.5.4
26
+ version: 0.5.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement