wpxf 2.0.0a

data/lib/wpxf/cli/workspace.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+module Wpxf
+  module Cli
+    # Provides functionality for interacting with workspaces.
+    module Workspace
+      def initialize
+        super
+
+        self.active_workspace = Wpxf::Models::Workspace.first(name: 'default')
+      end
+
+      def workspace(*args)
+        return list_workspaces if args.length.zero?
+
+        case args[0]
+        when '-a'
+          add_workspace(args[1])
+        when '-d'
+          delete_workspace(args[1])
+        else
+          switch_workspace(args[0])
+        end
+      end
+
+      def workspaces
+        Wpxf::Models::Workspace.all
+      end
+
+      def add_workspace(name)
+        unless Wpxf::Models::Workspace.where(name: name).count.zero?
+          return print_warning "#{name} already exists"
+        end
+
+        begin
+          Wpxf::Models::Workspace.create(name: name)
+          return print_good "Added workspace: #{name}"
+        rescue Sequel::ValidationFailed
+          print_warning 'Workspace names may only contain 1-50 alphanumeric characters and underscores'
+        end
+      end
+
+      def list_workspaces
+        workspaces.each do |workspace|
+          if workspace.id == active_workspace.id
+            print_info "#{workspace.name} #{'(active)'.green}"
+          else
+            print_info workspace.name
+          end
+        end
+      end
+
+      def switch_workspace(name)
+        next_workspace = Wpxf::Models::Workspace.first(name: name)
+
+        if next_workspace
+          self.active_workspace = next_workspace
+          context.module.active_workspace = active_workspace if context&.module
+          print_good "Switched to workspace: #{name}"
+        else
+          print_bad "#{name} is not a valid workspace"
+        end
+      end
+
+      def delete_workspace(name)
+        if name == 'default'
+          print_warning 'You cannot delete the default workspace'
+          return
+        end
+
+        current_name = active_workspace.name
+        Wpxf::Models::Workspace.where(name: name).destroy
+        print_good "Deleted workspace: #{name}"
+        switch_workspace 'default' if name == current_name
+      end
+
+      attr_accessor :active_workspace
+    end
+  end
+end

data/lib/wpxf/core.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'wpxf/db'
+require 'wpxf/utility'
+
+require 'wpxf/core/data_file'
+require 'wpxf/core/options'
+require 'wpxf/core/payload'
+require 'wpxf/core/event_emitter'
+require 'wpxf/core/output_emitters'
+require 'wpxf/core/module_info'
+require 'wpxf/core/module_authentication'
+
+require 'wpxf/versioning'
+require 'wpxf/net'
+require 'wpxf/wordpress'
+
+require 'wpxf/core/module'

data/lib/wpxf/core/data_file.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Wpxf
+  # Represents a data file found in the data directory.
+  class DataFile
+    # Initialize a new instance of {DataFile}.
+    # @param path_parts the path to the file, relative to the data directory.
+    def initialize(*path_parts)
+      self.content = File.read(File.join(Wpxf.data_directory, path_parts))
+    end
+
+    # @return [String] the contents of a PHP data file without the surrounding
+    #   <?php ?> tags.
+    def php_content
+      content.strip.sub(/^<\?php/i, '').sub(/\?>$/i, '')
+    end
+
+    # @return [String] the contents of the data file with variable replacements.
+    def content_with_named_vars(vars)
+      matcher = /#{vars.keys.map { |k| Regexp.escape(k) }.join('|')}/
+      content.gsub(matcher, vars)
+    end
+
+    # @return the content of the file.
+    attr_accessor :content
+  end
+end

data/lib/wpxf/core/event_emitter.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Wpxf
+  # An event emitter that allows one or more subscribers.
+  class EventEmitter
+    def initialize
+      @subscribers = []
+    end
+
+    # Subscribe to the events emitted by this {EventEmitter}.
+    # @param subscriber [Object] the event subscriber.
+    def subscribe(subscriber)
+      @subscribers.push(subscriber)
+    end
+
+    # Unsubscribe from the events emitted by this {EventEmitter}.
+    # @param subscriber [Object] the event subscriber.
+    def unsubscribe(subscriber)
+      @subscribers -= [subscriber]
+    end
+
+    # Emit an event to be handled by each subscriber.
+    # @param event [Object] the event object to emit.
+    def emit(event)
+      @subscribers.each do |s|
+        s.on_event_emitted(event) if s.respond_to? 'on_event_emitted'
+      end
+    end
+  end
+end

data/lib/wpxf/core/module.rb

@@ -0,0 +1,140 @@
+# frozen_string_literal: true
+
+module Wpxf
+  # The base class for all modules.
+  class Module
+    include Wpxf::ModuleInfo
+    include Wpxf::OutputEmitters
+    include Wpxf::Options
+    include Wpxf::Net::HttpClient
+    include Wpxf::WordPress::Fingerprint
+    include Wpxf::WordPress::Login
+    include Wpxf::WordPress::Options
+    include Wpxf::WordPress::Urls
+    include Wpxf::ModuleAuthentication
+    include Wpxf::Db::Credentials
+
+    def initialize
+      super
+
+      register_option(
+        BooleanOption.new(
+          name: 'verbose',
+          desc: 'Enable verbose output',
+          required: true,
+          default: false
+        )
+      )
+
+      register_advanced_options([
+        BooleanOption.new(
+          name: 'check_wordpress_and_online',
+          desc: 'Check that the target is running WordPress and is online',
+          required: true,
+          default: true
+        )
+      ])
+
+      self.event_emitter = EventEmitter.new
+    end
+
+    # @return [Boolean] true if all the required options are set.
+    def can_execute?
+      all_options_valid? && (aux_module? || (payload&.all_options_valid?))
+    end
+
+    # @return [Boolean] true if the target is running WordPress.
+    def check_wordpress_and_online
+      unless wordpress_and_online?
+        emit_error "#{full_uri} does not appear to be running WordPress"
+        return false
+      end
+
+      true
+    end
+
+    # @return [Array] an array of missing option names that are required.
+    def missing_options
+      opts = super
+      opts.push('payload') if exploit_module? && !payload
+
+      if payload
+        payload_opts = payload.missing_options
+        opts = [*opts, *payload_opts] unless payload_opts.empty?
+      end
+
+      opts
+    end
+
+    # Set the value of a module option.
+    # @param name the name of the option to set.
+    # @param value the value to use.
+    # @return [String, Symbol] the normalized value, :invalid if the
+    #   specified value is invalid or :not_found if the name is invalid.
+    def set_option_value(name, value)
+      res = super(name, value)
+
+      if payload
+        return payload.set_option_value(name, value) if res == :not_found
+        payload.set_option_value(name, value)
+      end
+
+      res
+    end
+
+    # Unset an option or reset it back to its default value.
+    # @param name [String] the name of the option to unset.
+    def unset_option(name)
+      super(name)
+      payload&.unset_option(name)
+    end
+
+    # Run the module.
+    # @return [Boolean] true if successful.
+    def run
+      if normalized_option_value('check_wordpress_and_online')
+        return false unless check_wordpress_and_online
+      end
+
+      if requires_authentication
+        @session_cookie = authenticate_with_wordpress(datastore['username'], datastore['password'])
+        return false unless @session_cookie
+      end
+
+      true
+    end
+
+    # Cleanup any allocated resource to the module.
+    def cleanup
+      payload&.cleanup
+    end
+
+    # Check if the target is vulnerable.
+    # @return [Symbol] :unknown, :vulnerable or :safe.
+    def check
+      :unknown
+    end
+
+    # @return [Boolean] true if the module is an auxiliary module.
+    def aux_module?
+      to_s.split('::')[-2].eql? 'Auxiliary'
+    end
+
+    # @return [Boolean] true if the module is an exploit module.
+    def exploit_module?
+      to_s.split('::')[-2].eql? 'Exploit'
+    end
+
+    # @return [Payload] the {Payload} to use with the current module.
+    attr_accessor :payload
+
+    # @return [EventEmitter] the {EventEmitter} for the module's events.
+    attr_accessor :event_emitter
+
+    # @return [Models::Workspace] the currently active {Models::Workspace}.
+    attr_accessor :active_workspace
+
+    # @return [String, nil] the current session cookie, if authenticated with the target.
+    attr_reader :session_cookie
+  end
+end

data/lib/wpxf/core/module_authentication.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module Wpxf
+  # Provides functionality for authenticating modules with a WordPress target.
+  module ModuleAuthentication
+    # Initialize a new instance of {ModuleAuthentication}.
+    def initialize
+      super
+      return unless requires_authentication
+
+      register_options([
+        StringOption.new(
+          name: 'username',
+          desc: 'The WordPress username to authenticate with',
+          required: true
+        ),
+        StringOption.new(
+          name: 'password',
+          desc: 'The WordPress password to authenticate with',
+          required: true
+        )
+      ])
+    end
+
+    # @return [Boolean] true if the module requires the user to authenticate.
+    def requires_authentication
+      false
+    end
+
+    # Authenticate with WordPress and return the cookie.
+    # @param username [String] the username to authenticate with.
+    # @param password [String] the password to authenticate with.
+    # @return [CookieJar, Boolean] the cookie in a CookieJar if successful,
+    #   otherwise, returns false.
+    def authenticate_with_wordpress(username, password)
+      emit_info "Authenticating with WordPress using #{username}:#{password}..."
+      cookie = wordpress_login(username, password)
+      if cookie.nil?
+        emit_error 'Failed to authenticate with WordPress'
+        return false
+      else
+        store_credentials username, password
+        emit_success 'Authenticated with WordPress', true
+        return cookie
+      end
+    end
+  end
+end

data/lib/wpxf/core/module_info.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Wpxf
+  # Provides functionality for specifying module metadata.
+  module ModuleInfo
+    # Initialize a new instance of {ModuleInfo}.
+    def initialize
+      super
+      @_module_info = {}
+    end
+
+    # Update the module info.
+    # @param info [Hash] a hash containing the module info.
+    def update_info(info)
+      required_keys = %i[name desc author date]
+      unless required_keys.all? { |key| info.key?(key) || @_module_info.key?(key) }
+        raise 'Missing one or more required module info keys'
+      end
+
+      _update_info_without_validation(info)
+    end
+
+    # @return [String] the name of the module.
+    def module_name
+      @_module_info[:name]
+    end
+
+    # @return [String] the description of the module.
+    def module_desc
+      @_module_info[:desc]
+    end
+
+    # @return [Array] an aray of references relating to the module.
+    def module_references
+      @_module_info[:references]
+    end
+
+    # @return [Array] the name of the module author(s).
+    def module_author
+      @_module_info[:author]
+    end
+
+    # @return [Date] the disclosure date of the vulnerability.
+    def module_date
+      @_module_info[:date]
+    end
+
+    # @return [Boolean] true if the description is preformatted.
+    def module_description_preformatted
+      @_module_info[:desc_preformatted]
+    end
+
+    # Emits any information that the user should be aware of before using the module.
+    def emit_usage_info
+      nil
+    end
+
+    private
+
+    def _update_info_without_validation(info)
+      @_module_info.merge!(info)
+
+      if @_module_info[:date]
+        @_module_info[:date] = Date.parse(@_module_info[:date].to_s)
+      end
+
+      if @_module_info[:desc]
+        @_module_info[:desc] = @_module_info[:desc].gsub(/  +/, ' ')
+      end
+
+      @_module_info
+    end
+  end
+end

data/lib/wpxf/core/options.rb

@@ -0,0 +1,175 @@
+# frozen_string_literal: true
+
+require 'wpxf/core/opts/option'
+require 'wpxf/core/opts/boolean_option'
+require 'wpxf/core/opts/enum_option'
+require 'wpxf/core/opts/integer_option'
+require 'wpxf/core/opts/path_option'
+require 'wpxf/core/opts/port_option'
+require 'wpxf/core/opts/string_option'
+
+module Wpxf
+  # A mixin to provide option registering and datastore functionality.
+  module Options
+    # Initialize a new instance of {Options}.
+    def initialize
+      super
+
+      self.options = []
+      self.datastore = {}
+    end
+
+    # Unregister an {Option}.
+    # @param opt the {Option} to unregister.
+    # @return [Void] nothing.
+    def unregister_option(opt)
+      options.delete_if { |o| o.name.eql?(opt.name) }
+    end
+
+    # Register an {Option}.
+    # @param opt the {Option} to register.
+    # @return [Void] nothing.
+    def register_option(opt)
+      raise 'payload is a reserved name' if opt.name.eql? 'payload'
+      unregister_option(opt)
+      options.push(opt)
+      datastore[opt.name] = opt.default unless opt.default.nil?
+    end
+
+    # Register an array of {Option}.
+    # @param opts the array of {Option} to register.
+    # @return [Void] nothing.
+    def register_options(opts)
+      opts.each do |opt|
+        register_option(opt)
+      end
+    end
+
+    # Register an array of advanced {Option}.
+    # @param opts the array of {Option} to register.
+    # @return [Void] nothing.
+    def register_advanced_options(opts)
+      opts.each do |opt|
+        opt.advanced = true
+      end
+
+      register_options(opts)
+    end
+
+    # Register an array of evasion {Option}.
+    # @param opts the array of {Option} to register.
+    # @return [Void] nothing.
+    def register_evasion_options(opts)
+      opts.each do |opt|
+        opt.evasion = true
+      end
+
+      register_options(opts)
+    end
+
+    # Find and return an {Option} by its registered name.
+    # @param name the name of the {Option}.
+    # @return [Option, nil] the matching option or nil if not found.
+    def get_option(name)
+      options.find { |o| o.name.eql?(name) }
+    end
+
+    # Set the value of a module option.
+    # @param name the name of the option to set.
+    # @param value the value to use.
+    # @return [String, Symbol] the normalized value, :invalid if the
+    #   specified value is invalid or :not_found if the name is invalid.
+    def set_option_value(name, value)
+      opt = get_option(name)
+      return :not_found unless opt
+      return :invalid unless opt.valid?(value)
+
+      datastore[name] = value
+      opt.normalize(value)
+    end
+
+    # Get the value of a module option.
+    # @param name the name of the option.
+    # @return the option value.
+    def get_option_value(name)
+      datastore[name]
+    end
+
+    # Get the normalized value of a module option.
+    # @param name the name of the option.
+    # @return the option value.
+    def normalized_option_value(name)
+      option = get_option(name)
+      return option.normalize(datastore[name]) unless option.nil?
+    end
+
+    # @param name the name of the option.
+    # @return [Boolean] true if the specified option has a value.
+    def option_value?(name)
+      !datastore[name].nil? && !datastore[name].empty?
+    end
+
+    # Temporarily change the value of an option and yield a block that
+    # uses the scoped value before resetting it back to the original value.
+    # @param name [String] the name of the option.
+    # @param value [Object] the scoped value.
+    # @yieldparam value [Object] the scoped value of the option.
+    # @return [Nil] nothing.
+    def scoped_option_change(name, value)
+      original_value = get_option_value(name)
+
+      # Set the scoped option value and invoke the proc.
+      set_option_value(name, value)
+      yield(get_option_value(name))
+
+      # Reset the option value back to the original.
+      set_option_value(name, original_value)
+
+      nil
+    end
+
+    # Unset an option or reset it back to its default value.
+    # @param name [String] the name of the option to unset.
+    def unset_option(name)
+      opt = get_option(name)
+      return unless opt
+
+      datastore.delete(name)
+      datastore[opt.name] = opt.default if opt.required?
+    end
+
+    # @return [Boolean] true if all the required options are set.
+    def all_options_valid?
+      options.each do |opt|
+        return false unless opt.valid?(datastore[opt.name])
+      end
+
+      true
+    end
+
+    # Check if an option is valid.
+    # @param opt [String, Option] the {Option} or name of the option to check.
+    # @return [Boolean] true if valid.
+    def option_valid?(opt)
+      return opt.valid?(datastore[opt.name]) if opt.is_a? Option
+
+      get_option(opt).valid?(datastore[opt])
+    end
+
+    # @return [Array] an array of missing option names that are required.
+    def missing_options
+      opts = []
+      options.each do |opt|
+        opts.push(opt.name) unless !opt.required? || option_valid?(opt)
+      end
+      opts
+    end
+
+    # @return [Array] an array of {Option} objects used to configure
+    #   the current module.
+    attr_accessor :options
+
+    # @return [Hash] a hash containing the option values specified by the user.
+    attr_accessor :datastore
+  end
+end