garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Work on json database file parsing, still needs some work.

Browse Source
This commit is contained in:
ethicalhack3r
2014-07-30 18:34:42 +02:00
parent 9b1312c7d9
commit 14be7dead5
43 changed files with 532 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
lib/common/collections/wp_items/detectable.rb
View File

@@ -142,16 +142,29 @@ class WpItems < Array
# @return [ Array<WpItem> ]
def vulnerable_targets_items(wp_target, item_class, vulns_file)
targets = []
xml = xml(vulns_file)
json = json(vulns_file)
# xml = xml(vulns_file)
xml.xpath(item_xpath).each do |node|
targets << create_item(
item_class,
node.attribute('name').text,
wp_target,
vulns_file
)
unless json.nil? || json == ''
json.each do |item|
targets << create_item(
item_class,
item.keys.inject,
wp_target,
vulns_file
)
end
end
# xml.xpath(item_xpath).each do |node|
# targets << create_item(
# item_class,
# node.attribute('name').text,
# wp_target,
# vulns_file
# )
# end
targets
end
@@ -190,6 +203,7 @@ class WpItems < Array
)
end
end
targets
end

6
lib/common/collections/wp_plugins/detectable.rb
View File

@@ -9,9 +9,9 @@ class WpPlugins < WpItems
end
# @return [ String ]
def item_xpath
'//plugin'
end
# def item_xpath
# '//plugin'
# end
# @param [ WpTarget ] wp_target
# @param [ Hash ] options

6
lib/common/collections/wp_themes/detectable.rb
View File

@@ -9,9 +9,9 @@ class WpThemes < WpItems
end
# @return [ String ]
def item_xpath
'//theme'
end
# def item_xpath
# '//theme'
# end
end
end

20
lib/common/common_helper.rb
View File

@@ -22,14 +22,14 @@ WPSTOOLS_PLUGINS_DIR = File.join(WPSTOOLS_LIB_DIR, 'plugins')
# Data files
PLUGINS_FILE = File.join(DATA_DIR, 'plugins.txt')
PLUGINS_FULL_FILE = File.join(DATA_DIR, 'plugins_full.txt')
PLUGINS_VULNS_FILE = File.join(DATA_DIR, 'plugin_vulns.xml')
PLUGINS_VULNS_FILE = File.join(DATA_DIR, 'plugin_vulns.json')
THEMES_FILE = File.join(DATA_DIR, 'themes.txt')
THEMES_FULL_FILE = File.join(DATA_DIR, 'themes_full.txt')
THEMES_VULNS_FILE = File.join(DATA_DIR, 'theme_vulns.xml')
WP_VULNS_FILE = File.join(DATA_DIR, 'wp_vulns.xml')
THEMES_VULNS_FILE = File.join(DATA_DIR, 'theme_vulns.json')
WP_VULNS_FILE = File.join(DATA_DIR, 'wp_vulns.json')
WP_VERSIONS_FILE = File.join(DATA_DIR, 'wp_versions.xml')
LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml')
VULNS_XSD = File.join(DATA_DIR, 'vuln.xsd')
# VULNS_XSD = File.join(DATA_DIR, 'vuln.xsd')
WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd')
LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
USER_AGENTS_FILE = File.join(DATA_DIR, 'user-agents.txt')
@@ -54,7 +54,7 @@ require 'environment'
def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
files = Dir[File.join(absolute_dir_path, files_pattern)]
# Files in the root dir are loaded first, then thoses in the subdirectories
# Files in the root dir are loaded first, then those in the subdirectories
files.sort_by { |file| [file.count("/"), file] }.each do |f|
f = File.expand_path(f)
#puts "require #{f}" # Used for debug
@@ -153,6 +153,16 @@ def xml(file)
end
end
def json(file)
content = File.open(file).read
begin
JSON.parse(content)
rescue => e
puts "[ERROR] In JSON file parsing #{e} #{e.backtrace}"
end
end
def redefine_constant(constant, value)
Object.send(:remove_const, constant)
Object.const_set(constant, value)

51
lib/common/models/vulnerability.rb
View File

@@ -40,22 +40,47 @@ class Vulnerability
# @param [ Nokogiri::XML::Node ] xml_node
#
# @return [ Vulnerability ]
def self.load_from_xml_node(xml_node)
# def self.load_from_xml_node(xml_node)
# references = {}
# refs = xml_node.search('references')
# if refs
# references[:url] = refs.search('url').map(&:text)
# references[:cve] = refs.search('cve').map(&:text)
# references[:secunia] = refs.search('secunia').map(&:text)
# references[:osvdb] = refs.search('osvdb').map(&:text)
# references[:metasploit] = refs.search('metasploit').map(&:text)
# references[:exploitdb] = refs.search('exploitdb').map(&:text)
# end
# new(
# xml_node.search('title').text,
# xml_node.search('type').text,
# references,
# xml_node.search('fixed_in').text,
# )
# end
# Create the Vulnerability from the json_item
#
# @param [ Hash ] json_item
#
# @return [ Vulnerability ]
def self.load_from_json_item(json_item)
references = {}
refs = xml_node.search('references')
if refs
references[:url] = refs.search('url').map(&:text)
references[:cve] = refs.search('cve').map(&:text)
references[:secunia] = refs.search('secunia').map(&:text)
references[:osvdb] = refs.search('osvdb').map(&:text)
references[:metasploit] = refs.search('metasploit').map(&:text)
references[:exploitdb] = refs.search('exploitdb').map(&:text)
end
references[:url] = json_item['references'].split(',') if json_item['references']
references[:cve] = json_item['cve'].split(',') if json_item['cve']
references[:secunia] = json_item['secunia'].split(',') if json_item['secunia']
references[:osvdb] = json_item['osvdb'].split(',') if json_item['osvdb']
references[:metasploit] = json_item['metasploit'].split(',') if json_item['metasploit']
references[:exploitdb] = json_item['exploitdb'].split(',') if json_item['exploitdb']
new(
xml_node.search('title').text,
xml_node.search('type').text,
json_item['title'],
json_item['type'],
references,
xml_node.search('fixed_in').text,
json_item['fixed_in'],
)
end

2
lib/common/models/vulnerability/output.rb
View File

@@ -14,7 +14,7 @@ class Vulnerability
puts " Reference: #{url}" if url
end
end
if !fixed_in.empty?
if !fixed_in.nil?
puts "#{blue('[i]')} Fixed in: #{fixed_in}"
end
end

25
lib/common/models/wp_item/vulnerable.rb
View File

@@ -2,22 +2,35 @@
class WpItem
module Vulnerable
attr_accessor :vulns_file, :vulns_xpath
attr_accessor :vulns_file, :identifier
# Get the vulnerabilities associated to the WpItem
# Filters out already fixed vulnerabilities
#
# @return [ Vulnerabilities ]
def vulnerabilities
xml = xml(vulns_file)
# xml = xml(vulns_file)
json = json(vulns_file)
vulnerabilities = Vulnerabilities.new
xml.xpath(vulns_xpath).each do |node|
vuln = Vulnerability.load_from_xml_node(node)
if vulnerable_to?(vuln)
vulnerabilities << vuln
json.each do |item|
asset = item[identifier]
if asset
asset['vulnerabilities'].each do |vulnerability|
vulnerability = Vulnerability.load_from_json_item(vulnerability)
vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
end
end
end
# xml.xpath(vulns_xpath).each do |node|
# vuln = Vulnerability.load_from_xml_node(node)
# if vulnerable_to?(vuln)
# vulnerabilities << vuln
# end
# end
vulnerabilities
end

9
lib/common/models/wp_plugin/vulnerable.rb
View File

@@ -12,9 +12,14 @@ class WpPlugin < WpItem
end
# @return [ String ]
def vulns_xpath
"//plugin[@name='#{@name}']/vulnerability"
def identifier
@name
end
# # @return [ String ]
# def vulns_xpath
# "//plugin[@name='#{@name}']/vulnerability"
# end
end
end

11
lib/common/models/wp_theme/vulnerable.rb
View File

@@ -12,9 +12,14 @@ class WpTheme < WpItem
end
# @return [ String ]
def vulns_xpath
"//theme[@name='#{@name}']/vulnerability"
end
def identifier
@name
end
# @return [ String ]
# def vulns_xpath
# "//theme[@name='#{@name}']/vulnerability"
# end
end
end

11
lib/common/models/wp_version/vulnerable.rb
View File

@@ -12,9 +12,14 @@ class WpVersion < WpItem
end
# @return [ String ]
def vulns_xpath
"//wordpress[@version='#{@number}']/vulnerability"
end
def identifier
@number
end
# @return [ String ]
# def vulns_xpath
# "//wordpress[@version='#{@number}']/vulnerability"
# end
end
end