wpscan 3.7.11 → 3.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/enumeration/cli_options.rb +2 -3
- data/app/finders/plugin_version/readme.rb +3 -5
- data/app/views/cli/password_attack/users.erb +1 -1
- data/lib/wpscan/db/updater.rb +12 -14
- data/lib/wpscan/finders/dynamic_finder/finder.rb +1 -1
- data/lib/wpscan/finders/dynamic_finder/version/config_parser.rb +4 -6
- data/lib/wpscan/version.rb +1 -1
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d1a64c9f7a8530afcf1845d98ebdd35198ca21b8dc785f8adc4c20b08f4d4671
|
4
|
+
data.tar.gz: 2fd12843b4b3b40c48d0e3020505e78fed646e279d8222d17b245072b0ffd258
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a9a9b2471e89e6ad9a1b253a9c19eb35524fa6722ba61f65eeebc8624472ee5b25bfadb50f15d066b70888fdf75e88a89b5506a31f987b1e3de14889b92ab93b
|
7
|
+
data.tar.gz: f4712583e27d1a48598cdd8ebf5e13a7a4c089f57cea2967d0d76810fff22769b3170df149d091449a5714405314c24dfd26c73f111f66c2bae1728eeb733a23
|
@@ -51,7 +51,7 @@ module WPScan
|
|
51
51
|
OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate'], advanced: true),
|
52
52
|
OptChoice.new(
|
53
53
|
['--plugins-detection MODE',
|
54
|
-
'Use the supplied mode to enumerate Plugins
|
54
|
+
'Use the supplied mode to enumerate Plugins.'],
|
55
55
|
choices: %w[mixed passive aggressive], normalize: :to_sym, default: :passive
|
56
56
|
),
|
57
57
|
OptBoolean.new(
|
@@ -62,8 +62,7 @@ module WPScan
|
|
62
62
|
),
|
63
63
|
OptChoice.new(
|
64
64
|
['--plugins-version-detection MODE',
|
65
|
-
'Use the supplied mode to check plugins versions
|
66
|
-
'or --plugins-detection modes.'],
|
65
|
+
'Use the supplied mode to check plugins\' versions.'],
|
67
66
|
choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
|
68
67
|
),
|
69
68
|
OptInteger.new(
|
@@ -68,11 +68,9 @@ module WPScan
|
|
68
68
|
extracted_versions = extracted_versions.select { |x| x =~ /[0-9]+/ }
|
69
69
|
|
70
70
|
sorted = extracted_versions.sort do |x, y|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
0
|
75
|
-
end
|
71
|
+
Gem::Version.new(x) <=> Gem::Version.new(y)
|
72
|
+
rescue StandardError
|
73
|
+
0
|
76
74
|
end
|
77
75
|
|
78
76
|
sorted.last
|
@@ -2,7 +2,7 @@
|
|
2
2
|
<% if @users.empty? -%>
|
3
3
|
<%= notice_icon %> No Valid Passwords Found.
|
4
4
|
<% else -%>
|
5
|
-
<%=
|
5
|
+
<%= critical_icon %> Valid Combinations Found:
|
6
6
|
<% @users.each do |user| -%>
|
7
7
|
| Username: <%= user.username %>, Password: <%= user.password %>
|
8
8
|
<% end -%>
|
data/lib/wpscan/db/updater.rb
CHANGED
@@ -139,24 +139,22 @@ module WPScan
|
|
139
139
|
updated = []
|
140
140
|
|
141
141
|
FILES.each do |filename|
|
142
|
-
|
143
|
-
db_checksum = remote_file_checksum(filename)
|
142
|
+
db_checksum = remote_file_checksum(filename)
|
144
143
|
|
145
|
-
|
146
|
-
|
144
|
+
# Checking if the file needs to be updated
|
145
|
+
next if File.exist?(local_file_path(filename)) && db_checksum == local_file_checksum(filename)
|
147
146
|
|
148
|
-
|
149
|
-
|
147
|
+
create_backup(filename)
|
148
|
+
dl_checksum = download(filename)
|
150
149
|
|
151
|
-
|
150
|
+
raise Error::ChecksumsMismatch, filename unless dl_checksum == db_checksum
|
152
151
|
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
end
|
152
|
+
updated << filename
|
153
|
+
rescue StandardError => e
|
154
|
+
restore_backup(filename)
|
155
|
+
raise e
|
156
|
+
ensure
|
157
|
+
delete_backup(filename) if File.exist?(backup_file_path(filename))
|
160
158
|
end
|
161
159
|
|
162
160
|
File.write(last_update_file, Time.now)
|
@@ -17,7 +17,7 @@ module WPScan
|
|
17
17
|
end
|
18
18
|
|
19
19
|
# Needed to have inheritance of the @child_class_constants
|
20
|
-
# If inheritance is not needed, then the #child_class_constant can be used in the
|
20
|
+
# If inheritance is not needed, then the #child_class_constant can be used in the class definition, ie
|
21
21
|
# child_class_constant :FILES, PATTERN: /aaa/i
|
22
22
|
# @return [ Hash ]
|
23
23
|
def self.child_class_constants
|
@@ -21,13 +21,11 @@ module WPScan
|
|
21
21
|
parsers = ALLOWED_PARSERS.include?(self.class::PARSER) ? [self.class::PARSER] : ALLOWED_PARSERS
|
22
22
|
|
23
23
|
parsers.each do |parser|
|
24
|
-
|
25
|
-
parsed = parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)
|
24
|
+
parsed = parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)
|
26
25
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
end
|
26
|
+
return parsed if parsed.is_a?(Hash) || parsed.is_a?(Array)
|
27
|
+
rescue StandardError
|
28
|
+
next
|
31
29
|
end
|
32
30
|
|
33
31
|
nil # Make sure nil is returned in case none of the parsers managed to parse the body correctly
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: wpscan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.8.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- WPScanTeam
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-04-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: cms_scanner
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.9.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.9.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 0.
|
103
|
+
version: 0.81.0
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 0.
|
110
|
+
version: 0.81.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: rubocop-performance
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -388,7 +388,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
388
388
|
requirements:
|
389
389
|
- - ">="
|
390
390
|
- !ruby/object:Gem::Version
|
391
|
-
version: '2.
|
391
|
+
version: '2.5'
|
392
392
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
393
393
|
requirements:
|
394
394
|
- - ">="
|