garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added metasploit references

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-01-13 21:08:07 +01:00
parent 7522a44b0a
commit 1377ee2653
5 changed files with 37 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
data/plugin_vulns.xml
View File

@@ -26,6 +26,9 @@ ryandewhurst at gmail
<vulnerability> <vulnerability>
<title></title> <title></title>
<reference></reference> <reference></reference>
<reference></reference>
<metasploit></metasploit>
<metasploit></metasploit>
<type></type> <type></type>
</vulnerability> </vulnerability>
</plugin> </plugin>
@@ -141,6 +144,7 @@ ryandewhurst at gmail
<title>Google Document Embedder Arbitrary File Disclosure</title> <title>Google Document Embedder Arbitrary File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/23970/</reference> <reference>http://www.exploit-db.com/exploits/23970/</reference>
<reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</reference> <reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</reference>
<metasploit>exploit/unix/webapp/wp_google_document_embedder_exec</metasploit>
<type>UNKNOWN</type> <type>UNKNOWN</type>
</vulnerability> </vulnerability>
</plugin> </plugin>
@@ -256,6 +260,7 @@ ryandewhurst at gmail
<vulnerability> <vulnerability>
<title>Advanced Custom Fields &lt;= 3.5.1 Remote File Inclusion</title> <title>Advanced Custom Fields &lt;= 3.5.1 Remote File Inclusion</title>
<reference>http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt</reference> <reference>http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt</reference>
<metasploit>exploit/unix/webapp/wp_advanced_custom_fields_exec</metasploit>
<type>RFI</type> <type>RFI</type>
</vulnerability> </vulnerability>
</plugin> </plugin>

6
lib/common_helper.rb
View File

@@ -139,3 +139,9 @@ end
def green(text) def green(text)
colorize(text, 32) colorize(text, 32)
end end
def get_metasploit_url(module_path)
# remove leading slash
module_path = module_path.sub(/^\//, "")
"http://www.metasploit.com/modules/#{module_path}"
end

3
lib/wpscan/vulnerable.rb
View File

@@ -32,7 +32,8 @@ class Vulnerable
vulnerabilities << WpVulnerability.new( vulnerabilities << WpVulnerability.new(
node.search("title").text, node.search("title").text,
node.search("reference").map(&:text), node.search("reference").map(&:text),
node.search("type").text node.search("type").text,
node.search("metasploit").map(&:text)
) )
end end
vulnerabilities vulnerabilities

11
lib/wpscan/wp_vulnerability.rb
View File

@@ -17,11 +17,12 @@
#++ #++
class WpVulnerability class WpVulnerability
attr_accessor :title, :references, :type attr_accessor :title, :references, :type, :metasploit_modules
def initialize(title, references, type) def initialize(title, references, type, metasploit_modules)
@title = title @title = title
@references = references @references = references
@type = type @type = type
@metasploit_modules = metasploit_modules
end end
end end

72
wpscan.rb
View File

@@ -21,6 +21,19 @@
$: << '.' $: << '.'
require File.dirname(__FILE__) +'/lib/wpscan/wpscan_helper' require File.dirname(__FILE__) +'/lib/wpscan/wpscan_helper'
def output_vulnerabilities(vulns)
vulns.each do |vulnerability|
puts
puts " | " + red("* Title: #{vulnerability.title}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
vulnerability.metasploit_modules.each do |m|
puts " | " + red("* Metasploit module: #{get_metasploit_url(m)}")
end
end
end
banner() banner()
begin begin
@@ -119,13 +132,7 @@ begin
theme_vulnerabilities = wp_theme.vulnerabilities theme_vulnerabilities = wp_theme.vulnerabilities
unless theme_vulnerabilities.empty? unless theme_vulnerabilities.empty?
puts red("[!]") + " We have identified #{theme_vulnerabilities.size} vulnerabilities for this theme :" puts red("[!]") + " We have identified #{theme_vulnerabilities.size} vulnerabilities for this theme :"
theme_vulnerabilities.each do |vulnerability| output_vulnerabilities(theme_vulnerabilities)
puts
puts " | " + red("* Title: #{vulnerability.title}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
end
puts puts
end end
end end
@@ -182,13 +189,7 @@ begin
unless version_vulnerabilities.empty? unless version_vulnerabilities.empty?
puts puts
puts red("[!]") + " We have identified #{version_vulnerabilities.size} vulnerabilities from the version number :" puts red("[!]") + " We have identified #{version_vulnerabilities.size} vulnerabilities from the version number :"
version_vulnerabilities.each do |vulnerability| output_vulnerabilities(version_vulnerabilities)
puts
puts " | " + red("* Title: #{vulnerability.title}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
end
end end
end end
@@ -206,13 +207,7 @@ begin
puts " | Location: #{plugin.get_full_url}" puts " | Location: #{plugin.get_full_url}"
puts " | WordPress: #{plugin.wp_org_url}" puts " | WordPress: #{plugin.wp_org_url}"
plugin.vulnerabilities.each do |vulnerability| output_vulnerabilities(plugin.vulnerabilities)
puts " |"
puts " | " + red("[!] #{vulnerability.title}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
end
end end
else else
puts "No plugins found :(" puts "No plugins found :("
@@ -251,24 +246,7 @@ begin
puts " | Readme: #{plugin.readme_url}" if plugin.has_readme? puts " | Readme: #{plugin.readme_url}" if plugin.has_readme?
puts " | Changelog: #{plugin.changelog_url}" if plugin.has_changelog? puts " | Changelog: #{plugin.changelog_url}" if plugin.has_changelog?
plugin.vulnerabilities.each do |vulnerability| output_vulnerabilities(plugin.vulnerabilities)
#vulnerability['vulnerability'][0]['uri'] == nil ? "" : uri = vulnerability['vulnerability'][0]['uri'] # uri
#vulnerability['vulnerability'][0]['postdata'] == nil ? "" : postdata = CGI.unescapeHTML(vulnerability['vulnerability'][0]['postdata']) # postdata
puts " |"
puts " | " + red("[!] #{vulnerability.title}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
# This has been commented out as MSF are moving from
# XML-RPC to MessagePack.
# I need to get to grips with the new way of communicating
# with MSF and implement new code.
# check if vuln is exploitable
#Exploit.new(url, type, uri, postdata.to_s, use_proxy, proxy_addr, proxy_port)
end
if plugin.error_log? if plugin.error_log?
puts " | " + red("[!]") + " A WordPress error_log file has been found : #{plugin.error_log_url}" puts " | " + red("[!]") + " A WordPress error_log file has been found : #{plugin.error_log_url}"
@@ -311,21 +289,7 @@ begin
puts " | Readme: #{theme.readme_url}" if theme.has_readme? puts " | Readme: #{theme.readme_url}" if theme.has_readme?
puts " | Changelog: #{theme.changelog_url}" if theme.has_changelog? puts " | Changelog: #{theme.changelog_url}" if theme.has_changelog?
theme.vulnerabilities.each do |vulnerability| output_vulnerabilities(theme.vulnerabilities)
puts " |"
puts " | " + red("[!] #{vulnerability.title}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
# This has been commented out as MSF are moving from
# XML-RPC to MessagePack.
# I need to get to grips with the new way of communicating
# with MSF and implement new code.
# check if vuln is exploitable
#Exploit.new(url, type, uri, postdata.to_s, use_proxy, proxy_addr, proxy_port)
end
end end
else else
puts puts