garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Work on json database file parsing, still needs some work.

Browse Source
This commit is contained in:
ethicalhack3r
2014-07-30 18:34:42 +02:00
parent 9b1312c7d9
commit 14be7dead5
43 changed files with 532 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
data/plugin_vulns.json Normal file
View File

File diff suppressed because one or more lines are too long

1
data/theme_vulns.json Normal file
View File

File diff suppressed because one or more lines are too long

1
data/wp_vulns.json Normal file
View File

File diff suppressed because one or more lines are too long

30
lib/common/collections/wp_items/detectable.rb
View File

@@ -142,16 +142,29 @@ class WpItems < Array
# @return [ Array<WpItem> ] # @return [ Array<WpItem> ]
def vulnerable_targets_items(wp_target, item_class, vulns_file) def vulnerable_targets_items(wp_target, item_class, vulns_file)
targets = [] targets = []
xml = xml(vulns_file) json = json(vulns_file)
# xml = xml(vulns_file)
xml.xpath(item_xpath).each do |node| unless json.nil? || json == ''
targets << create_item( json.each do |item|
item_class, targets << create_item(
node.attribute('name').text, item_class,
wp_target, item.keys.inject,
vulns_file wp_target,
) vulns_file
)
end
end end
# xml.xpath(item_xpath).each do |node|
# targets << create_item(
# item_class,
# node.attribute('name').text,
# wp_target,
# vulns_file
# )
# end
targets targets
end end
@@ -190,6 +203,7 @@ class WpItems < Array
) )
end end
end end
targets targets
end end

6
lib/common/collections/wp_plugins/detectable.rb
View File

@@ -9,9 +9,9 @@ class WpPlugins < WpItems
end end
# @return [ String ] # @return [ String ]
def item_xpath # def item_xpath
'//plugin' # '//plugin'
end # end
# @param [ WpTarget ] wp_target # @param [ WpTarget ] wp_target
# @param [ Hash ] options # @param [ Hash ] options

6
lib/common/collections/wp_themes/detectable.rb
View File

@@ -9,9 +9,9 @@ class WpThemes < WpItems
end end
# @return [ String ] # @return [ String ]
def item_xpath # def item_xpath
'//theme' # '//theme'
end # end
end end
end end

20
lib/common/common_helper.rb
View File

@@ -22,14 +22,14 @@ WPSTOOLS_PLUGINS_DIR = File.join(WPSTOOLS_LIB_DIR, 'plugins')
# Data files # Data files
PLUGINS_FILE = File.join(DATA_DIR, 'plugins.txt') PLUGINS_FILE = File.join(DATA_DIR, 'plugins.txt')
PLUGINS_FULL_FILE = File.join(DATA_DIR, 'plugins_full.txt') PLUGINS_FULL_FILE = File.join(DATA_DIR, 'plugins_full.txt')
PLUGINS_VULNS_FILE = File.join(DATA_DIR, 'plugin_vulns.xml') PLUGINS_VULNS_FILE = File.join(DATA_DIR, 'plugin_vulns.json')
THEMES_FILE = File.join(DATA_DIR, 'themes.txt') THEMES_FILE = File.join(DATA_DIR, 'themes.txt')
THEMES_FULL_FILE = File.join(DATA_DIR, 'themes_full.txt') THEMES_FULL_FILE = File.join(DATA_DIR, 'themes_full.txt')
THEMES_VULNS_FILE = File.join(DATA_DIR, 'theme_vulns.xml') THEMES_VULNS_FILE = File.join(DATA_DIR, 'theme_vulns.json')
WP_VULNS_FILE = File.join(DATA_DIR, 'wp_vulns.xml') WP_VULNS_FILE = File.join(DATA_DIR, 'wp_vulns.json')
WP_VERSIONS_FILE = File.join(DATA_DIR, 'wp_versions.xml') WP_VERSIONS_FILE = File.join(DATA_DIR, 'wp_versions.xml')
LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml') LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml')
VULNS_XSD = File.join(DATA_DIR, 'vuln.xsd') # VULNS_XSD = File.join(DATA_DIR, 'vuln.xsd')
WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd') WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd')
LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd') LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
USER_AGENTS_FILE = File.join(DATA_DIR, 'user-agents.txt') USER_AGENTS_FILE = File.join(DATA_DIR, 'user-agents.txt')
@@ -54,7 +54,7 @@ require 'environment'
def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb') def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
files = Dir[File.join(absolute_dir_path, files_pattern)] files = Dir[File.join(absolute_dir_path, files_pattern)]
# Files in the root dir are loaded first, then thoses in the subdirectories # Files in the root dir are loaded first, then those in the subdirectories
files.sort_by { |file| [file.count("/"), file] }.each do |f| files.sort_by { |file| [file.count("/"), file] }.each do |f|
f = File.expand_path(f) f = File.expand_path(f)
#puts "require #{f}" # Used for debug #puts "require #{f}" # Used for debug
@@ -153,6 +153,16 @@ def xml(file)
end end
end end
def json(file)
content = File.open(file).read
begin
JSON.parse(content)
rescue => e
puts "[ERROR] In JSON file parsing #{e} #{e.backtrace}"
end
end
def redefine_constant(constant, value) def redefine_constant(constant, value)
Object.send(:remove_const, constant) Object.send(:remove_const, constant)
Object.const_set(constant, value) Object.const_set(constant, value)

51
lib/common/models/vulnerability.rb
View File

@@ -40,22 +40,47 @@ class Vulnerability
# @param [ Nokogiri::XML::Node ] xml_node # @param [ Nokogiri::XML::Node ] xml_node
# #
# @return [ Vulnerability ] # @return [ Vulnerability ]
def self.load_from_xml_node(xml_node) # def self.load_from_xml_node(xml_node)
# references = {}
# refs = xml_node.search('references')
# if refs
# references[:url] = refs.search('url').map(&:text)
# references[:cve] = refs.search('cve').map(&:text)
# references[:secunia] = refs.search('secunia').map(&:text)
# references[:osvdb] = refs.search('osvdb').map(&:text)
# references[:metasploit] = refs.search('metasploit').map(&:text)
# references[:exploitdb] = refs.search('exploitdb').map(&:text)
# end
# new(
# xml_node.search('title').text,
# xml_node.search('type').text,
# references,
# xml_node.search('fixed_in').text,
# )
# end
# Create the Vulnerability from the json_item
#
# @param [ Hash ] json_item
#
# @return [ Vulnerability ]
def self.load_from_json_item(json_item)
references = {} references = {}
refs = xml_node.search('references')
if refs references[:url] = json_item['references'].split(',') if json_item['references']
references[:url] = refs.search('url').map(&:text) references[:cve] = json_item['cve'].split(',') if json_item['cve']
references[:cve] = refs.search('cve').map(&:text) references[:secunia] = json_item['secunia'].split(',') if json_item['secunia']
references[:secunia] = refs.search('secunia').map(&:text) references[:osvdb] = json_item['osvdb'].split(',') if json_item['osvdb']
references[:osvdb] = refs.search('osvdb').map(&:text) references[:metasploit] = json_item['metasploit'].split(',') if json_item['metasploit']
references[:metasploit] = refs.search('metasploit').map(&:text) references[:exploitdb] = json_item['exploitdb'].split(',') if json_item['exploitdb']
references[:exploitdb] = refs.search('exploitdb').map(&:text)
end
new( new(
xml_node.search('title').text, json_item['title'],
xml_node.search('type').text, json_item['type'],
references, references,
xml_node.search('fixed_in').text, json_item['fixed_in'],
) )
end end

2
lib/common/models/vulnerability/output.rb
View File

@@ -14,7 +14,7 @@ class Vulnerability
puts " Reference: #{url}" if url puts " Reference: #{url}" if url
end end
end end
if !fixed_in.empty? if !fixed_in.nil?
puts "#{blue('[i]')} Fixed in: #{fixed_in}" puts "#{blue('[i]')} Fixed in: #{fixed_in}"
end end
end end

25
lib/common/models/wp_item/vulnerable.rb
View File

@@ -2,22 +2,35 @@
class WpItem class WpItem
module Vulnerable module Vulnerable
attr_accessor :vulns_file, :vulns_xpath attr_accessor :vulns_file, :identifier
# Get the vulnerabilities associated to the WpItem # Get the vulnerabilities associated to the WpItem
# Filters out already fixed vulnerabilities # Filters out already fixed vulnerabilities
# #
# @return [ Vulnerabilities ] # @return [ Vulnerabilities ]
def vulnerabilities def vulnerabilities
xml = xml(vulns_file) # xml = xml(vulns_file)
json = json(vulns_file)
vulnerabilities = Vulnerabilities.new vulnerabilities = Vulnerabilities.new
xml.xpath(vulns_xpath).each do |node| json.each do |item|
vuln = Vulnerability.load_from_xml_node(node) asset = item[identifier]
if vulnerable_to?(vuln)
vulnerabilities << vuln if asset
asset['vulnerabilities'].each do |vulnerability|
vulnerability = Vulnerability.load_from_json_item(vulnerability)
vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
end
end end
end end
# xml.xpath(vulns_xpath).each do |node|
# vuln = Vulnerability.load_from_xml_node(node)
# if vulnerable_to?(vuln)
# vulnerabilities << vuln
# end
# end
vulnerabilities vulnerabilities
end end

9
lib/common/models/wp_plugin/vulnerable.rb
View File

@@ -12,9 +12,14 @@ class WpPlugin < WpItem
end end
# @return [ String ] # @return [ String ]
def vulns_xpath def identifier
"//plugin[@name='#{@name}']/vulnerability" @name
end end
# # @return [ String ]
# def vulns_xpath
# "//plugin[@name='#{@name}']/vulnerability"
# end
end end
end end

11
lib/common/models/wp_theme/vulnerable.rb
View File

@@ -12,9 +12,14 @@ class WpTheme < WpItem
end end
# @return [ String ] # @return [ String ]
def vulns_xpath def identifier
"//theme[@name='#{@name}']/vulnerability" @name
end end
# @return [ String ]
# def vulns_xpath
# "//theme[@name='#{@name}']/vulnerability"
# end
end end
end end

11
lib/common/models/wp_version/vulnerable.rb
View File

@@ -12,9 +12,14 @@ class WpVersion < WpItem
end end
# @return [ String ] # @return [ String ]
def vulns_xpath def identifier
"//wordpress[@version='#{@number}']/vulnerability" @number
end end
# @return [ String ]
# def vulns_xpath
# "//wordpress[@version='#{@number}']/vulnerability"
# end
end end
end end

8
lib/wpstools/plugins/stats/stats_plugin.rb
View File

@@ -48,15 +48,15 @@ class StatsPlugin < Plugin
end end
def vuln_core_count(file=WP_VULNS_FILE) def vuln_core_count(file=WP_VULNS_FILE)
xml(file).xpath('count(//wordpress)').to_i json(file).size
end end
def vuln_plugin_count(file=PLUGINS_VULNS_FILE) def vuln_plugin_count(file=PLUGINS_VULNS_FILE)
xml(file).xpath('count(//plugin)').to_i json(file).size
end end
def vuln_theme_count(file=THEMES_VULNS_FILE) def vuln_theme_count(file=THEMES_VULNS_FILE)
xml(file).xpath('count(//theme)').to_i json(file).size
end end
def version_vulns_count(file=WP_VULNS_FILE) def version_vulns_count(file=WP_VULNS_FILE)
@@ -67,7 +67,7 @@ class StatsPlugin < Plugin
end end
def plugin_vulns_count(file=PLUGINS_VULNS_FILE) def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
xml(file).xpath('count(//vulnerability)').to_i json(file).xpath('count(//vulnerability)').to_i
end end
def fix_plugin_count(file=PLUGINS_VULNS_FILE) def fix_plugin_count(file=PLUGINS_VULNS_FILE)

8
spec/lib/common/models/vulnerability_spec.rb
View File

@@ -30,10 +30,10 @@ describe Vulnerability do
end end
describe '::load_from_xml_node' do describe '::load_from_json_item' do
subject(:vulnerability) { Vulnerability.load_from_xml_node(node) } subject(:vulnerability) { Vulnerability.load_from_json_item(item) }
let(:node) { let(:item) {
xml(MODELS_FIXTURES + '/vulnerability/xml_node.xml').xpath('//vulnerability') json(MODELS_FIXTURES + '/vulnerability/json_item.json')
} }
expected_refs = { expected_refs = {

4
spec/lib/common/models/wp_item_spec.rb
View File

@@ -11,8 +11,8 @@ describe WpItem do
end end
it_behaves_like 'WpItem::Versionable' it_behaves_like 'WpItem::Versionable'
it_behaves_like 'WpItem::Vulnerable' do it_behaves_like 'WpItem::Vulnerable' do
let(:vulns_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.xml' } let(:vulns_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' }
let(:vulns_xpath) { "//item[@name='neo']/vulnerability" } let(:identifier) { 'neo' }
let(:expected_refs) { { let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'], :url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'], :cve => ['2011-001'],

2
spec/lib/common/models/wp_plugin_spec.rb
View File

@@ -6,7 +6,7 @@ describe WpPlugin do
it_behaves_like 'WpPlugin::Vulnerable' it_behaves_like 'WpPlugin::Vulnerable'
it_behaves_like 'WpItem::Vulnerable' do it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'white-rabbit' } } let(:options) { { name: 'white-rabbit' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.xml' } let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' }
let(:expected_refs) { { let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'], :url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'], :cve => ['2011-001'],

2
spec/lib/common/models/wp_theme_spec.rb
View File

@@ -11,7 +11,7 @@ describe WpTheme do
it_behaves_like 'WpTheme::Vulnerable' it_behaves_like 'WpTheme::Vulnerable'
it_behaves_like 'WpItem::Vulnerable' do it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'the-oracle' } } let(:options) { { name: 'the-oracle' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.xml' } let(:vulns_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
let(:expected_refs) { { let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'], :url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'], :cve => ['2011-001'],

2
spec/lib/common/models/wp_version_spec.rb
View File

@@ -6,7 +6,7 @@ describe WpVersion do
it_behaves_like 'WpVersion::Vulnerable' it_behaves_like 'WpVersion::Vulnerable'
it_behaves_like 'WpItem::Vulnerable' do it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { number: '3.2' } } let(:options) { { number: '3.2' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.xml' } let(:vulns_file) { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.json' }
let(:expected_refs) { { let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'], :url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'], :cve => ['2011-001'],

4
spec/lib/wpstools/plugins/stats/stats_plugin_spec.rb
View File

@@ -4,8 +4,8 @@ require File.expand_path(File.dirname(__FILE__) + '/../../wpstools_helper')
describe 'StatsPlugin' do describe 'StatsPlugin' do
subject(:stats) { StatsPlugin.new } subject(:stats) { StatsPlugin.new }
let(:plugins_vulns) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.xml' } let(:plugins_vulns) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' }
let(:themes_vulns) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.xml' } let(:themes_vulns) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
let(:plugins_file) { COLLECTIONS_FIXTURES + '/wp_plugins/detectable/targets.txt' } let(:plugins_file) { COLLECTIONS_FIXTURES + '/wp_plugins/detectable/targets.txt' }
let(:themes_file) { COLLECTIONS_FIXTURES + '/wp_themes/detectable/targets.txt'} let(:themes_file) { COLLECTIONS_FIXTURES + '/wp_themes/detectable/targets.txt'}

58
spec/samples/common/collections/wp_items/detectable/vulns.json Normal file
View File

@@ -0,0 +1,58 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

7
spec/samples/common/collections/wp_items/detectable/vulns.xml
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed -->
<vulnerabilities>
<item name="mr-smith"/>
<not-valid name='I should not appear in the results'/>
<item name="neo"/>
</vulnerabilities>

58
spec/samples/common/collections/wp_plugins/detectable/vulns.json Normal file
View File

@@ -0,0 +1,58 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

7
spec/samples/common/collections/wp_plugins/detectable/vulns.xml
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed -->
<vulnerabilities>
<plugin name="mr-smith"/>
<not-valid name='I should not appear in the results'/>
<plugin name="neo"/>
</vulnerabilities>

58
spec/samples/common/collections/wp_themes/detectable/vulns.json Normal file
View File

@@ -0,0 +1,58 @@
[
{
"shopperpress":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
},
{
"webfolio":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

7
spec/samples/common/collections/wp_themes/detectable/vulns.xml
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed -->
<themes>
<theme name="shopperpress"/>
<not-valid name="wise"/>
<theme name="webfolio"/>
</themes>

14
spec/samples/common/models/vulnerability/json_item.json Normal file
View File

@@ -0,0 +1,14 @@
{
"id": "3911",
"title": "Vuln Title",
"references": "Ref 1,Ref 2",
"secunia": "secunia",
"osvdb": "osvdb",
"cve": "2011-001",
"metasploit": "exploit/ex1",
"exploitdb": "exploitdb",
"created_at": "2014-07-28T12:10:45.000Z",
"updated_at": "2014-07-28T12:10:45.000Z",
"type": "CSRF",
"fixed_in": "1.0"
}

14
spec/samples/common/models/vulnerability/xml_node.xml
View File

@@ -1,14 +0,0 @@
<vulnerability>
<title>Vuln Title</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>CSRF</type>
<fixed_in>1.0</fixed_in>
</vulnerability>

1
spec/samples/common/models/wp_item/vulnerable/empty.json Normal file
View File

@@ -0,0 +1 @@
{}

5
spec/samples/common/models/wp_item/vulnerable/empty.xml
View File

@@ -1,5 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
</vulnerabilities>

35
spec/samples/common/models/wp_item/vulnerable/items_vulns.json Normal file
View File

@@ -0,0 +1,35 @@
[
{
"not-this-one":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
}
]
}
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"I'm the one",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

37
spec/samples/common/models/wp_item/vulnerable/items_vulns.xml
View File

@@ -1,37 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<item name="not-this-one">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</item>
<item name="neo">
<vulnerability>
<title>I'm the one</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</item>
</vulnerabilities>

56
spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json Normal file
View File

@@ -0,0 +1,56 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"white-rabbit":{
"vulnerabilities":[
{
"id":2993,
"title":"Follow me!",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"REDIRECT",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

48
spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.xml
View File

@@ -1,48 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<plugin name="mr-smith">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>Neither do I</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="white-rabbit">
<vulnerability>
<title>Follow me!</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
</vulnerabilities>

56
spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json Normal file
View File

@@ -0,0 +1,56 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"the-oracle":{
"vulnerabilities":[
{
"id":2993,
"title":"I see you",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"FPD",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

48
spec/samples/common/models/wp_theme/vulnerable/themes_vulns.xml
View File

@@ -1,48 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<theme name="not-this-one">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Neither do I</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</theme>
<theme name="the-oracle">
<vulnerability>
<title>I see you</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>FPD</type>
</vulnerability>
</theme>
</vulnerabilities>

42
spec/samples/common/models/wp_version/vulnerable/versions_vulns.json Normal file
View File

@@ -0,0 +1,42 @@
[
{
"3.5":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"3.2":{
"vulnerabilities":[
{
"id":2993,
"title":"Here I Am",
"references":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"SQLI",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

35
spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml
View File

@@ -1,35 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<wordpress version="3.5">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.2">
<vulnerability>
<title>Here I Am</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</wordpress>
</vulnerabilities>

4
spec/shared_examples/wp_item_vulnerable.rb
View File

@@ -10,7 +10,7 @@ shared_examples 'WpItem::Vulnerable' do
# let(:vulns_xpath) { } # let(:vulns_xpath) { }
describe '#vulnerabilities' do describe '#vulnerabilities' do
let(:empty_file) { MODELS_FIXTURES + '/wp_item/vulnerable/empty.xml' } let(:empty_file) { MODELS_FIXTURES + '/wp_item/vulnerable/empty.json' }
before do before do
stub_request(:get, /.*\/readme\.txt/i) stub_request(:get, /.*\/readme\.txt/i)
@@ -19,7 +19,7 @@ shared_examples 'WpItem::Vulnerable' do
after do after do
subject.vulns_file = @vulns_file subject.vulns_file = @vulns_file
subject.vulns_xpath = vulns_xpath if defined?(vulns_xpath) subject.identifier = identifier if defined?(identifier)
result = subject.vulnerabilities result = subject.vulnerabilities
expect(result).to be_a Vulnerabilities expect(result).to be_a Vulnerabilities

2
spec/shared_examples/wp_items_detectable.rb
View File

@@ -3,7 +3,7 @@
require WPSCAN_LIB_DIR + '/wp_target' require WPSCAN_LIB_DIR + '/wp_target'
shared_examples 'WpItems::Detectable' do shared_examples 'WpItems::Detectable' do
let(:vulns_file) { fixtures_dir + '/vulns.xml' } let(:vulns_file) { fixtures_dir + '/vulns.json' }
let(:targets_items_file) { fixtures_dir + '/targets.txt' } let(:targets_items_file) { fixtures_dir + '/targets.txt' }
let(:wp_content_dir) { 'wp-content' } let(:wp_content_dir) { 'wp-content' }
let(:wp_plugins_dir) { wp_content_dir + '/plugins' } let(:wp_plugins_dir) { wp_content_dir + '/plugins' }

6
spec/shared_examples/wp_plugin_vulnerable.rb
View File

@@ -13,14 +13,14 @@ shared_examples 'WpPlugin::Vulnerable' do
context 'when the :vulns_file is already set' do context 'when the :vulns_file is already set' do
it 'returns it' do it 'returns it' do
@expected = 'test.xml' @expected = 'test.json'
subject.vulns_file = @expected subject.vulns_file = @expected
end end
end end
end end
describe '#vulns_xpath' do describe '#identifier' do
its(:vulns_xpath) { is_expected.to eq "//plugin[@name='plugin-name']/vulnerability" } its(:identifier) { is_expected.to eq 'plugin-name' }
end end
end end

6
spec/shared_examples/wp_theme_vulnerable.rb
View File

@@ -13,14 +13,14 @@ shared_examples 'WpTheme::Vulnerable' do
context 'when the :vulns_file is already set' do context 'when the :vulns_file is already set' do
it 'returns it' do it 'returns it' do
@expected = 'test.xml' @expected = 'test.json'
subject.vulns_file = @expected subject.vulns_file = @expected
end end
end end
end end
describe '#vulns_xpath' do describe '#identifier' do
its(:vulns_xpath) { is_expected.to eq "//theme[@name='theme-name']/vulnerability" } its(:identifier) { is_expected.to eq 'theme-name' }
end end
end end

6
spec/shared_examples/wp_version_vulnerable.rb
View File

@@ -13,14 +13,14 @@ shared_examples 'WpVersion::Vulnerable' do
context 'when the :vulns_file is already set' do context 'when the :vulns_file is already set' do
it 'returns it' do it 'returns it' do
@expected = 'test.xml' @expected = 'test.json'
subject.vulns_file = @expected subject.vulns_file = @expected
end end
end end
end end
describe '#vulns_xpath' do describe '#identifier' do
its(:vulns_xpath) { is_expected.to eq "//wordpress[@version='1.2']/vulnerability" } its(:identifier) { is_expected.to eq '1.2' }
end end
end end