From 7a963e346ab66e9fbcbd9f556f0f67394ee5a4ba Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Fri, 3 May 2013 17:51:14 +0200
Subject: [PATCH 1/3] Ref #177 Passive detection of specific plugins (Dirty
 work)

---
 lib/common/collections/wp_items.rb            |  5 ++
 lib/common/collections/wp_items/detectable.rb | 16 ++++--
 .../collections/wp_plugins/detectable.rb      | 57 +++++++++++++++++++
 3 files changed, 73 insertions(+), 5 deletions(-)

diff --git a/lib/common/collections/wp_items.rb b/lib/common/collections/wp_items.rb
index be09bbf4..dc6c0b82 100755
--- a/lib/common/collections/wp_items.rb
+++ b/lib/common/collections/wp_items.rb
@@ -6,4 +6,9 @@ require 'common/collections/wp_items/output'
 class WpItems < Array
   extend WpItems::Detectable
   include WpItems::Output
+
+  def +(other)
+    other.each { |item| self << item }
+    self
+  end
 end
diff --git a/lib/common/collections/wp_items/detectable.rb b/lib/common/collections/wp_items/detectable.rb
index 348c75b4..cf7fe64e 100755
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -74,11 +74,7 @@ class WpItems < Array
       item_class   = self.item_class
       type         = self.to_s.gsub(/Wp/, '').downcase
       response     = Browser.get(wp_target.url)
-      item_options = {
-        wp_content_dir: wp_target.wp_content_dir,
-        wp_plugins_dir: wp_target.wp_plugins_dir,
-        vulns_file:     self.vulns_file
-      }
+      item_options = self.item_options(wp_target)
 
       regex1 = %r{(?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\\?/}
       regex2 = %r{\\?/}
@@ -96,6 +92,16 @@ class WpItems < Array
 
     protected
 
+    # @param [ WpTarget ] wp_target
+    #
+    # @return [ Hash ]
+    def item_options(wp_target)
+      {
+        wp_content_dir: wp_target.wp_content_dir,
+        wp_plugins_dir: wp_target.wp_plugins_dir,
+        vulns_file:     self.vulns_file
+      }
+    end
     # The default request parameters
     #
     # @return [ Hash ]
diff --git a/lib/common/collections/wp_plugins/detectable.rb b/lib/common/collections/wp_plugins/detectable.rb
index 0573cea5..5ea4aa6c 100644
--- a/lib/common/collections/wp_plugins/detectable.rb
+++ b/lib/common/collections/wp_plugins/detectable.rb
@@ -13,5 +13,62 @@ class WpPlugins < WpItems
       '//plugin'
     end
 
+    # @param [ WpTarget ] wp_target
+    # @param [ Hash ] options
+    #
+    # @return [ WpPlugins ]
+    def passive_detection(wp_target, options = {})
+      detected = super(wp_target, options)
+
+      detected += from_header(wp_target)
+      detected += from_content(wp_target)
+
+      detected.sort.uniq!
+      detected
+    end
+
+    protected
+
+    # X-Powered-By: W3 Total Cache/0.9.2.5
+    # @param [ Typhoeus::Response ] response
+    #
+    # @return [ WpPlugins ]
+    def from_header(wp_target)
+      wp_plugins = WpPlugins.new
+      response   = Browser.get(wp_target.url)
+
+      if response.headers && powered_by = response.headers[:x_powered_by]
+        if powered_by =~ /W3 Total Cache\/([^0-9.]+)/i
+          wp_plugins << WpPlugin.new(
+            wp_target.uri,
+            self.item_options(wp_target).merge(name: 'w3-total-cache', version: $1)
+          )
+        end
+      end
+      wp_plugins
+    end
+
+    # <!-- Cached page generated by WP-Super-Cache on 2013-05-03 14:46:37 -->
+    # <!-- Performance optimized by W3 Total Cache.
+    # @param [ Typhoeus::Response ] response
+    #
+    # @return [ WpPlugins ]
+    def from_content(wp_target)
+      body       = Browser.get(wp_target.url).body
+      wp_plugins = WpPlugins.new
+      options    = self.item_options(wp_target)
+
+      if body =~ /wp-super-cache/i
+        wp_plugins << WpPlugin.new(wp_target.uri, options.merge(name: 'wp-super-cache'))
+      end
+
+      if body =~ /w3 total cache/i
+        wp_plugins << WpPlugin.new(wp_target.uri, options.merge(name: 'w3-total-cache'))
+      end
+
+      wp_plugins.uniq!
+      wp_plugins
+    end
+
   end
 end

From b06dcf555ee919930308422dfca462424bdf8c81 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Mon, 6 May 2013 15:35:15 +0200
Subject: [PATCH 2/3] Ref #177 wp-super-cache detected from header

---
 lib/common/collections/wp_items/detectable.rb |  1 +
 .../collections/wp_plugins/detectable.rb      | 32 +++++++++++--------
 2 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/lib/common/collections/wp_items/detectable.rb b/lib/common/collections/wp_items/detectable.rb
index cf7fe64e..db76c952 100755
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -102,6 +102,7 @@ class WpItems < Array
         vulns_file:     self.vulns_file
       }
     end
+
     # The default request parameters
     #
     # @return [ Hash ]
diff --git a/lib/common/collections/wp_plugins/detectable.rb b/lib/common/collections/wp_plugins/detectable.rb
index 5ea4aa6c..0f8580ac 100644
--- a/lib/common/collections/wp_plugins/detectable.rb
+++ b/lib/common/collections/wp_plugins/detectable.rb
@@ -23,50 +23,54 @@ class WpPlugins < WpItems
       detected += from_header(wp_target)
       detected += from_content(wp_target)
 
-      detected.sort.uniq!
+      detected.uniq! { |i| i.name }
       detected
     end
 
     protected
 
     # X-Powered-By: W3 Total Cache/0.9.2.5
-    # @param [ Typhoeus::Response ] response
+    # WP-Super-Cache: Served supercache file from PHP
+    # @param [ WpTarget ] wp_target
     #
     # @return [ WpPlugins ]
     def from_header(wp_target)
+      headers    = Browser.get(wp_target.url).headers
       wp_plugins = WpPlugins.new
-      response   = Browser.get(wp_target.url)
 
-      if response.headers && powered_by = response.headers[:x_powered_by]
-        if powered_by =~ /W3 Total Cache\/([^0-9.]+)/i
-          wp_plugins << WpPlugin.new(
-            wp_target.uri,
-            self.item_options(wp_target).merge(name: 'w3-total-cache', version: $1)
-          )
+      if headers
+        powered_by     = headers[:x_powered_by]
+        wp_super_cache = headers['wp-super-cache']
+
+        if powered_by =~ /W3 Total Cache/i
+          wp_plugins << create_item(WpPlugin, 'w3-total-cache', wp_target)
+        end
+
+        if wp_super_cache =~ /supercache/i
+          wp_plugins << create_item(WpPlugin, 'wp-super-cache', wp_target)
         end
       end
+
       wp_plugins
     end
 
     # <!-- Cached page generated by WP-Super-Cache on 2013-05-03 14:46:37 -->
     # <!-- Performance optimized by W3 Total Cache.
-    # @param [ Typhoeus::Response ] response
+    # @param [ WpTarget ] wp_target
     #
     # @return [ WpPlugins ]
     def from_content(wp_target)
       body       = Browser.get(wp_target.url).body
       wp_plugins = WpPlugins.new
-      options    = self.item_options(wp_target)
 
       if body =~ /wp-super-cache/i
-        wp_plugins << WpPlugin.new(wp_target.uri, options.merge(name: 'wp-super-cache'))
+        wp_plugins << create_item(WpPlugin, 'wp-super-cache', wp_target)
       end
 
       if body =~ /w3 total cache/i
-        wp_plugins << WpPlugin.new(wp_target.uri, options.merge(name: 'w3-total-cache'))
+        wp_plugins << create_item(WpPlugin, 'w3-total-cache', wp_target)
       end
 
-      wp_plugins.uniq!
       wp_plugins
     end
 

From b544ee12d93692d2ebfdd2d213a63d40429f45a2 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Fri, 14 Jun 2013 11:48:55 +0200
Subject: [PATCH 3/3] Fix #177 Passive Cache plugins detection (no spec)

---
 lib/common/collections/wp_items.rb            | 60 +++++++++++++++++++
 lib/common/collections/wp_items/detectable.rb |  4 +-
 .../collections/wp_plugins/detectable.rb      | 23 +++----
 3 files changed, 70 insertions(+), 17 deletions(-)

diff --git a/lib/common/collections/wp_items.rb b/lib/common/collections/wp_items.rb
index dc6c0b82..78a5dceb 100755
--- a/lib/common/collections/wp_items.rb
+++ b/lib/common/collections/wp_items.rb
@@ -7,8 +7,68 @@ class WpItems < Array
   extend WpItems::Detectable
   include WpItems::Output
 
+  attr_accessor :wp_target
+
+  # @param [ WpTarget ] wp_target
+  def initialize(wp_target = nil)
+    self.wp_target = wp_target
+  end
+
+  # @param [String,] argv
+  #
+  # @return [ void ]
+  def add(*args)
+    index = 0
+
+    until args[index].nil?
+      arg = args[index]
+
+      if arg.is_a?(String)
+        if (next_arg = args[index + 1]).is_a?(Hash)
+          item = create_item(arg, next_arg)
+          index += 1
+        else
+          item = create_item(arg)
+        end
+      elsif arg.is_a?(Item)
+        item = arg
+      else
+        raise 'Invalid arguments'
+      end
+
+      self << item
+      index += 1
+    end
+  end
+
+  # @param [ String ] name
+  # @param [ Hash ] attrs
+  #
+  # @return [ WpItem ]
+  def create_item(name, attrs = {})
+    raise 'wp_target must be set' unless wp_target
+
+    item_class.new(
+      wp_target.uri,
+      attrs.merge(
+        name: name,
+        wp_content_dir: wp_target.wp_content_dir,
+        wp_plugins_dir: wp_target.wp_plugins_dir
+      ) { |key, oldval, newval| oldval }
+    )
+  end
+
+  # @param [ WpItems ] other
+  #
+  # @return [ self ]
   def +(other)
     other.each { |item| self << item }
     self
   end
+
+  protected
+  # @return [ Class ]
+  def item_class
+    Object.const_get(self.class.to_s.gsub(/.$/, ''))
+  end
 end
diff --git a/lib/common/collections/wp_items/detectable.rb b/lib/common/collections/wp_items/detectable.rb
index db76c952..27891012 100755
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -57,7 +57,7 @@ class WpItems < Array
       if options[:show_progression]
         ProgressBar.create(
           format: '%t %a <%B> (%c / %C) %P%% %e',
-          title: '  ', # Used to craete a left margin
+          title: '  ', # Used to create a left margin
           length: 120,
           total: targets_size
         )
@@ -173,7 +173,7 @@ class WpItems < Array
     # @param [ Class ] item_class
     # @param [ String ] vulns_file
     #
-    # @return [ WpItem ]
+    # @return [ Array<WpItem> ]
     def targets_items_from_file(file, wp_target, item_class, vulns_file)
       targets = []
 
diff --git a/lib/common/collections/wp_plugins/detectable.rb b/lib/common/collections/wp_plugins/detectable.rb
index 0f8580ac..5c3db5ca 100644
--- a/lib/common/collections/wp_plugins/detectable.rb
+++ b/lib/common/collections/wp_plugins/detectable.rb
@@ -36,19 +36,17 @@ class WpPlugins < WpItems
     # @return [ WpPlugins ]
     def from_header(wp_target)
       headers    = Browser.get(wp_target.url).headers
-      wp_plugins = WpPlugins.new
+      wp_plugins = WpPlugins.new(wp_target)
 
       if headers
-        powered_by     = headers[:x_powered_by]
+        powered_by     = headers['X-Powered-By']
         wp_super_cache = headers['wp-super-cache']
 
-        if powered_by =~ /W3 Total Cache/i
-          wp_plugins << create_item(WpPlugin, 'w3-total-cache', wp_target)
+        if matches = /W3 Total Cache\/([0-9.]+)/i.match(powered_by)
+          wp_plugins.add('w3-total-cache', version: matches[1])
         end
 
-        if wp_super_cache =~ /supercache/i
-          wp_plugins << create_item(WpPlugin, 'wp-super-cache', wp_target)
-        end
+        wp_plugins.add('wp-super-cache') if wp_super_cache =~ /supercache/i
       end
 
       wp_plugins
@@ -61,15 +59,10 @@ class WpPlugins < WpItems
     # @return [ WpPlugins ]
     def from_content(wp_target)
       body       = Browser.get(wp_target.url).body
-      wp_plugins = WpPlugins.new
+      wp_plugins = WpPlugins.new(wp_target)
 
-      if body =~ /wp-super-cache/i
-        wp_plugins << create_item(WpPlugin, 'wp-super-cache', wp_target)
-      end
-
-      if body =~ /w3 total cache/i
-        wp_plugins << create_item(WpPlugin, 'w3-total-cache', wp_target)
-      end
+      wp_plugins.add('wp-super-cache') if body =~ /wp-super-cache/i
+      wp_plugins.add('w3-total-cache') if body =~ /w3 total cache/i
 
       wp_plugins
     end