wpxf 2.0.0a → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 88cc61a49c99dadfe784503e10bb8850a9fa9783c86ca951aad98fe86878ea51
-  data.tar.gz: 4e3b3df123398881ea918dfc2a7f6c2a2279cb632ca9879eecbdf7f13c96c5b7
+  metadata.gz: 2e6dc34b56da0fd68db342c296a60346337584ccccf3c1c03b54122e9f5bb164
+  data.tar.gz: 494ef8fd8cdae9d0e7989124005647cfe48c6fe431510d2a0c5e402ff4bd155e
 SHA512:
-  metadata.gz: '000349eeaceaf3bd40b0b23861e8fd7ae5c231cda8fd079739d253abcd8e28a492d0e3915b1393b57ed6d498cb23095165d911763ed713b4b5c7b18cfe362fa9'
-  data.tar.gz: 4157996c7c90b62994c9a0186f198bd7efbf4584245a600a928c8896c875a1f14d4c61bca0d7450c2ddff645e19bbe6a0a5e87336a43b08ed23fb9711b25634e
+  metadata.gz: d35e6556e102cdea7ac5d43b35b17dec338e2390f81b7977caf4a78de088a112e67f0be0295915f68004026c79d0e89067b4c422b705d17d4bd1256add2e699b
+  data.tar.gz: 5a10159e78df9016a51771f5eb9a123dd1abd5d6698d02d0923488949c445114aed24064e27710583600f08e661b4ddbcec5a30504d92525694a2d9efd5918e4

data/lib/wpxf/cli/module_cache.rb

@@ -45,6 +45,7 @@ module Wpxf
         print_warning 'Refreshing the module cache...'
 
         Wpxf::Models::Module.truncate
+        Wpxf.load_custom_modules
 
         create_module_models 'exploit'
         create_module_models 'auxiliary'

data/lib/wpxf/modules.rb

@@ -1,19 +1,36 @@
 # frozen_string_literal: true
 
 module Wpxf
-  def self.build_module_list(namespace, folder_name = '')
+  def self.modules_path
+    File.join(Wpxf.app_path, 'lib', 'wpxf', 'modules')
+  end
+
+  def self.custom_modules_path
+    File.join(Wpxf.home_directory, 'modules')
+  end
+
+  def self.payloads_path
+    File.join(Wpxf.app_path, 'lib', 'wpxf', 'payloads')
+  end
+
+  def self.build_module_list(namespace, source_folders = [])
     modules = namespace.constants.select do |c|
       namespace.const_get(c).is_a? Class
     end
 
-    modules_directory = File.join(Wpxf.app_path, 'lib', 'wpxf', folder_name)
-
     modules.map do |m|
       klass = namespace.const_get(m)
       filename = klass.new.method(:initialize).source_location[0]
+
+      # Remove any source folders from the path and store the
+      # relative path that will be used in the CLI.
+      source_folders.each do |source_folder|
+        filename = filename.sub(source_folder, '')
+      end
+
       {
         class: klass,
-        name: filename.sub(modules_directory, '').sub(/^\//, '').sub(/\.rb$/, '')
+        name: filename.sub(/^\//, '').sub(/\.rb$/, '')
       }
     end
   end
@@ -24,15 +41,20 @@ module Wpxf
     Object.const_get(mod.class_name).new
   end
 
+  def self.load_custom_modules
+    custom_modules_path = File.join(Wpxf.home_directory, 'modules', '**', '*.rb')
+    Dir.glob(custom_modules_path).each { |p| load p }
+  end
+
   module Auxiliary
     def self.module_list
-      Wpxf.build_module_list(Wpxf::Auxiliary, 'modules')
+      Wpxf.build_module_list(Wpxf::Auxiliary, [Wpxf.modules_path, Wpxf.custom_modules_path])
     end
   end
 
   module Exploit
     def self.module_list
-      Wpxf.build_module_list(Wpxf::Exploit, 'modules')
+      Wpxf.build_module_list(Wpxf::Exploit, [Wpxf.modules_path, Wpxf.custom_modules_path])
     end
   end
 
@@ -46,7 +68,7 @@ module Wpxf
     end
 
     def self.payload_list
-      @@payloads ||= Wpxf.build_module_list(Wpxf::Payloads, 'payloads')
+      @@payloads ||= Wpxf.build_module_list(Wpxf::Payloads, [Wpxf.payloads_path])
     end
 
     def self.load_payload(name)
@@ -60,3 +82,5 @@ end
 require_rel 'modules/auxiliary'
 require_rel 'modules/exploit'
 require_rel 'payloads'
+
+Wpxf.load_custom_modules

data/lib/wpxf/modules/auxiliary/file_download/wp_hide_security_enhancer_file_download.rb

@@ -37,7 +37,10 @@ class Wpxf::Auxiliary::WpHideSecurityEnhancerFileDownload < Wpxf::Module
   end
 
   def download_request_params
-    { 'action' => 'style-clean', 'file_path' => "/#{remote_file}" }
+    {
+      'action' => 'style-clean',
+      'file_path' => "/#{remote_file}"
+    }
   end
 
   def validate_content(content)

data/lib/wpxf/modules/auxiliary/file_download/wp_marketplace_v2.4_file_download.rb

@@ -80,8 +80,7 @@ class Wpxf::Auxiliary::WpMarketplaceV24FileDownload < Wpxf::Module
       cookie: session_cookie
     )
 
-    return nil if !res || res.code != 200
-    nonce = res.body[/name="__product_wpmp" value="([^"]+)"/i, 1]
+    nonce = res.body[/name="__product_wpmp" value="([^"]+)"/i, 1] if res&.code == 200
 
     unless nonce
       emit_error 'Failed to acquire a download nonce'
@@ -122,7 +121,7 @@ class Wpxf::Auxiliary::WpMarketplaceV24FileDownload < Wpxf::Module
     return false unless @nonce
 
     emit_info "Acquired nonce \"#{@nonce}\"", true
-    @download_id = "1#{Utility::Text.rand_numeric(5)}"
+    self.download_id = "1#{Utility::Text.rand_numeric(5)}"
 
     create_product
   end
@@ -136,6 +135,8 @@ class Wpxf::Auxiliary::WpMarketplaceV24FileDownload < Wpxf::Module
   end
 
   def download_request_params
-    { 'wpmpfile' => @download_id }
+    { 'wpmpfile' => download_id }
   end
+
+  attr_accessor :download_id
 end

data/wpxf.gemspec

@@ -2,8 +2,8 @@
 
 Gem::Specification.new do |s|
   s.name = 'wpxf'
-  s.version = '2.0.0a'
-  s.date = '2018-07-12'
+  s.version = '2.0.0'
+  s.date = '2018-07-14'
   s.summary = 'WordPress Exploit Framework'
   s.description = 'A Ruby framework designed to aid in the penetration testing of WordPress systems'
   s.authors = ['rastating']
@@ -17,10 +17,9 @@ Gem::Specification.new do |s|
   s.add_dependency 'colorize', '~> 0.8'
   s.add_dependency 'mime-types', '~> 3.1'
   s.add_dependency 'nokogiri', '~> 1.8'
-  s.add_dependency 'rake', '~> 12.3'
   s.add_dependency 'require_all', '~> 2.0'
   s.add_dependency 'rubyzip', '~> 1.2'
-  s.add_dependency 'sequel', '~> 5.9'
+  s.add_dependency 'sequel', '~> 5.11'
   s.add_dependency 'slop', '~> 4.6'
   s.add_dependency 'sqlite3', '~> 1.3'
   s.add_dependency 'typhoeus', '~> 1.3'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpxf
 version: !ruby/object:Gem::Version
-  version: 2.0.0a
+  version: 2.0.0
 platform: ruby
 authors:
 - rastating
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-07-12 00:00:00.000000000 Z
+date: 2018-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -52,20 +52,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.8'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '12.3'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: require_all
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.9'
+        version: '5.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.9'
+        version: '5.11'
 - !ruby/object:Gem::Dependency
   name: slop
   requirement: !ruby/object:Gem::Requirement
@@ -696,9 +682,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.4.4
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.7.6