garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Work on json database file parsing, still needs some work.

Browse Source
This commit is contained in:
ethicalhack3r
2014-07-30 18:34:42 +02:00
parent 9b1312c7d9
commit 14be7dead5
43 changed files with 532 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
spec/samples/common/collections/wp_items/detectable/vulns.json Normal file
View File

@@ -0,0 +1,58 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

7
spec/samples/common/collections/wp_items/detectable/vulns.xml
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed -->
<vulnerabilities>
<item name="mr-smith"/>
<not-valid name='I should not appear in the results'/>
<item name="neo"/>
</vulnerabilities>

58
spec/samples/common/collections/wp_plugins/detectable/vulns.json Normal file
View File

@@ -0,0 +1,58 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

7
spec/samples/common/collections/wp_plugins/detectable/vulns.xml
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed -->
<vulnerabilities>
<plugin name="mr-smith"/>
<not-valid name='I should not appear in the results'/>
<plugin name="neo"/>
</vulnerabilities>

58
spec/samples/common/collections/wp_themes/detectable/vulns.json Normal file
View File

@@ -0,0 +1,58 @@
[
{
"shopperpress":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
},
{
"webfolio":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

7
spec/samples/common/collections/wp_themes/detectable/vulns.xml
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed -->
<themes>
<theme name="shopperpress"/>
<not-valid name="wise"/>
<theme name="webfolio"/>
</themes>

14
spec/samples/common/models/vulnerability/json_item.json Normal file
View File

@@ -0,0 +1,14 @@
{
"id": "3911",
"title": "Vuln Title",
"references": "Ref 1,Ref 2",
"secunia": "secunia",
"osvdb": "osvdb",
"cve": "2011-001",
"metasploit": "exploit/ex1",
"exploitdb": "exploitdb",
"created_at": "2014-07-28T12:10:45.000Z",
"updated_at": "2014-07-28T12:10:45.000Z",
"type": "CSRF",
"fixed_in": "1.0"
}

14
spec/samples/common/models/vulnerability/xml_node.xml
View File

@@ -1,14 +0,0 @@
<vulnerability>
<title>Vuln Title</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>CSRF</type>
<fixed_in>1.0</fixed_in>
</vulnerability>

1
spec/samples/common/models/wp_item/vulnerable/empty.json Normal file
View File

@@ -0,0 +1 @@
{}

5
spec/samples/common/models/wp_item/vulnerable/empty.xml
View File

@@ -1,5 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
</vulnerabilities>

35
spec/samples/common/models/wp_item/vulnerable/items_vulns.json Normal file
View File

@@ -0,0 +1,35 @@
[
{
"not-this-one":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
}
]
}
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"I'm the one",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

37
spec/samples/common/models/wp_item/vulnerable/items_vulns.xml
View File

@@ -1,37 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<item name="not-this-one">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</item>
<item name="neo">
<vulnerability>
<title>I'm the one</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</item>
</vulnerabilities>

56
spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json Normal file
View File

@@ -0,0 +1,56 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"white-rabbit":{
"vulnerabilities":[
{
"id":2993,
"title":"Follow me!",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"REDIRECT",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

48
spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.xml
View File

@@ -1,48 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<plugin name="mr-smith">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>Neither do I</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="white-rabbit">
<vulnerability>
<title>Follow me!</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
</vulnerabilities>

56
spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json Normal file
View File

@@ -0,0 +1,56 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"the-oracle":{
"vulnerabilities":[
{
"id":2993,
"title":"I see you",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"FPD",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

48
spec/samples/common/models/wp_theme/vulnerable/themes_vulns.xml
View File

@@ -1,48 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<theme name="not-this-one">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Neither do I</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</theme>
<theme name="the-oracle">
<vulnerability>
<title>I see you</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>FPD</type>
</vulnerability>
</theme>
</vulnerabilities>

42
spec/samples/common/models/wp_version/vulnerable/versions_vulns.json Normal file
View File

@@ -0,0 +1,42 @@
[
{
"3.5":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"3.2":{
"vulnerabilities":[
{
"id":2993,
"title":"Here I Am",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"SQLI",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

35
spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml
View File

@@ -1,35 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<wordpress version="3.5">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.2">
<vulnerability>
<title>Here I Am</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</wordpress>
</vulnerabilities>