diff --git a/.dockerignore b/.dockerignore index abf6bb87..f561920d 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,21 +1,6 @@ -git/ -bundle/ -.idea/ -.yardoc/ -cache/ -coverage/ -spec/ -dev/ .* -**/*.md -*.md -Dockerfile -**/*.orig -*.orig -CREDITS -data.zip -DISCLAIMER.txt -example.conf.json bin/ -log.txt - +dev/ +spec/ +*.md +Dockerfile \ No newline at end of file diff --git a/.gitignore b/.gitignore index 15d856b1..ee7fb0af 100644 --- a/.gitignore +++ b/.gitignore @@ -1,21 +1,21 @@ -# OS Rubbish +# WPScan (If not using ~/.wpscan/) +cache/ +data/ +log.txt +output.txt + +# WPScan (Deployment) +debug.log +rspec_results.html +wordlist.txt + +# OS/IDE Rubbish coverage/ +.yardoc/ +.idea/ *.sublime-* .*.swp .ash_history .bundle .DS_Store -.DS_Store? -.idea -.yardoc - -# WPScan -cache/ -data/ -log.txt -wordlist.txt - -# WPScan (Dev) -vendor/ -debug.log -rspec_results.html +.DS_Store? \ No newline at end of file diff --git a/DISCLAIMER.txt b/DISCLAIMER.md similarity index 100% rename from DISCLAIMER.txt rename to DISCLAIMER.md diff --git a/Dockerfile b/Dockerfile index b3390607..4af7010b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,29 +1,37 @@ FROM ruby:2.5-alpine -MAINTAINER WPScan Team +LABEL maintainer="WPScan Team " ARG BUNDLER_ARGS="--jobs=8 --without test" +# Add a new user RUN adduser -h /wpscan -g WPScan -D wpscan + +# Setup gems RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc COPY Gemfile /wpscan COPY Gemfile.lock /wpscan -# runtime dependencies +# Runtime dependencies RUN apk add --no-cache libcurl procps && \ # build dependencies apk add --no-cache --virtual build-deps alpine-sdk ruby-dev libffi-dev zlib-dev && \ bundle install --system --gemfile=/wpscan/Gemfile $BUNDLER_ARGS && \ apk del --no-cache build-deps +# Copy over data & set permissions COPY . /wpscan RUN chown -R wpscan:wpscan /wpscan -USER wpscan - -RUN /wpscan/wpscan.rb --update --verbose --no-color - +# Switch directory WORKDIR /wpscan +# Switch users +USER wpscan + +# Update WPScan +RUN /wpscan/wpscan.rb --update --verbose --no-color + +# Run WPScan ENTRYPOINT ["/wpscan/wpscan.rb"] CMD ["--help"] diff --git a/Gemfile.lock b/Gemfile.lock index 365402fb..fbff01db 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,9 @@ GEM ffi (1.9.23) hashdiff (0.3.7) json (2.1.0) + mini_portile2 (2.3.0) nokogiri (1.8.2) + mini_portile2 (~> 2.3.0) public_suffix (3.0.2) rspec (3.7.0) rspec-core (~> 3.7.0) diff --git a/data/.gitignore b/data/.gitignore deleted file mode 100644 index d6b7ef32..00000000 --- a/data/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!.gitignore diff --git a/lib/common/common_helper.rb b/lib/common/common_helper.rb index 53a1e51d..01799fe5 100644 --- a/lib/common/common_helper.rb +++ b/lib/common/common_helper.rb @@ -8,32 +8,25 @@ USER_DIR = File.expand_path(Dir.home) # ~/ # Core WPScan directories CACHE_DIR = File.join(USER_DIR, '.wpscan/cache') # ~/.wpscan/cache/ DATA_DIR = File.join(USER_DIR, '.wpscan/data') # ~/.wpscan/data/ -CONF_DIR = File.join(USER_DIR, '.wpscan/conf') # ~/.wpscan/conf/ COMMON_LIB_DIR = File.join(LIB_DIR, 'common') # wpscan/lib/common/ -UPDATER_LIB_DIR = File.join(LIB_DIR, 'updater') # wpscan/lib/updater/ - Not used ATM WPSCAN_LIB_DIR = File.join(LIB_DIR, 'wpscan') # wpscan/lib/wpscan/ -COLLECTIONS_LIB_DIR = File.join(COMMON_LIB_DIR, 'collections') # wpscan/lib/common/collections/ - Not used ATM MODELS_LIB_DIR = File.join(COMMON_LIB_DIR, 'models') # wpscan/lib/common/models/ # Core WPScan files DEFAULT_LOG_FILE = File.join(USER_DIR, '.wpscan/log.txt') # ~/.wpscan/log.txt DATA_FILE = File.join(ROOT_DIR, 'data.zip') # wpscan/data.zip -# WPScan Plugins directories -COMMON_PLUGINS_DIR = File.join(COMMON_LIB_DIR, 'plugins') # wpscan/lib/common/plugins/ - Not used ATM -WPSCAN_PLUGINS_DIR = File.join(WPSCAN_LIB_DIR, 'plugins') # wpscan/lib/common/plugins/ - Not used ATM - # WPScan Data files (data.zip) LAST_UPDATE_FILE = File.join(DATA_DIR, '.last_update') # ~/.wpscan/data/.last_update -LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml') # ~/.wpscan/data/local_vulnerable_files.xml - Not used ATM -LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd') # ~/.wpscan/data/local_vulnerable_files.xsd - Not used ATM +LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml') # ~/.wpscan/data/local_vulnerable_files.xml - Not ref ATM +LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd') # ~/.wpscan/data/local_vulnerable_files.xsd - Not ref ATM PLUGINS_FILE = File.join(DATA_DIR, 'plugins.json') # ~/.wpscan/data/plugins.json THEMES_FILE = File.join(DATA_DIR, 'themes.json') # ~/.wpscan/data/themes.json TIMTHUMBS_FILE = File.join(DATA_DIR, 'timthumbs.txt') # ~/.wpscan/data/timthumbs.txt USER_AGENTS_FILE = File.join(DATA_DIR, 'user-agents.txt') # ~/.wpscan/data/user-agents.txt WORDPRESSES_FILE = File.join(DATA_DIR, 'wordpresses.json') # ~/.wpscan/data/wordpresses.json WP_VERSIONS_FILE = File.join(DATA_DIR, 'wp_versions.xml') # ~/.wpscan/data/wp_versions.xml -WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd') # ~/.wpscan/data/wp_versions.xsd - Not used ATM +WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd') # ~/.wpscan/data/wp_versions.xsd - Not ref ATM MIN_RUBY_VERSION = '2.1.9'