diff --git a/lib/common_helper.rb b/lib/common_helper.rb index ed3b113a..5bd547c7 100644 --- a/lib/common_helper.rb +++ b/lib/common_helper.rb @@ -31,6 +31,15 @@ COMON_PLUGINS_DIR = COMMON_LIB_DIR + "/plugins" WPSCAN_PLUGINS_DIR = WPSCAN_LIB_DIR + "/plugins" WPSTOOLS_PLUGINS_DIR = WPSTOOLS_LIB_DIR + "/plugins" +# Data files +PLUGINS_FILE = DATA_DIR + "/plugins.txt" +PLUGINS_FULL_FILE = DATA_DIR + "/plugins_full.txt" +PLUGINS_VULNS_FILE = DATA_DIR + "/plugin_vulns.xml" +THEMES_FILE = DATA_DIR + "/themes.txt" +THEMES_FULL_FILE = DATA_DIR + "/themes_full.txt" +THEMES_VULNS_FILE = DATA_DIR + "/theme_vulns.xml" +WP_VULNS_FILE = DATA_DIR + "/wp_vulns.xml" + WPSCAN_VERSION = "2.0" require "#{LIB_DIR}/environment" diff --git a/lib/wpscan/modules/wp_plugins.rb b/lib/wpscan/modules/wp_plugins.rb index ae7f445f..e1d7ad3a 100644 --- a/lib/wpscan/modules/wp_plugins.rb +++ b/lib/wpscan/modules/wp_plugins.rb @@ -22,9 +22,9 @@ module WpPlugins # # return array of WpPlugin def plugins_from_aggressive_detection(options) - options[:file] = options[:file] || (options[:full] ? "#{DATA_DIR}/plugins_full.txt" : "#{DATA_DIR}/plugins.txt") + options[:file] = options[:file] || (options[:full] ? PLUGINS_FULL_FILE : PLUGINS_FILE) options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? - options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml" + options[:vulns_file] : PLUGINS_VULNS_FILE options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability" options[:vulns_xpath_2] = "//plugin" options[:type] = "plugins" diff --git a/lib/wpscan/modules/wp_themes.rb b/lib/wpscan/modules/wp_themes.rb index b9f85ab7..16a8a855 100644 --- a/lib/wpscan/modules/wp_themes.rb +++ b/lib/wpscan/modules/wp_themes.rb @@ -19,9 +19,9 @@ module WpThemes def themes_from_aggressive_detection(options) - options[:file] = options[:file] || (options[:full] ? "#{DATA_DIR}/themes_full.txt" : "#{DATA_DIR}/themes.txt") + options[:file] = options[:file] || (options[:full] ? THEMES_FULL_FILE : THEMES_FILE) options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? - options[:vulns_file] : DATA_DIR + "/theme_vulns.xml" + options[:vulns_file] : THEMES_VULNS_FILE options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability" options[:vulns_xpath_2] = "//theme" options[:type] = "themes" diff --git a/lib/wpscan/wp_item.rb b/lib/wpscan/wp_item.rb index 652be108..8361bc93 100644 --- a/lib/wpscan/wp_item.rb +++ b/lib/wpscan/wp_item.rb @@ -57,9 +57,9 @@ class WpItem < Vulnerable def wp_org_item? case @type when "themes" - file = "#{DATA_DIR}/themes_full.txt" + file = THEMES_FULL_FILE when "plugins" - file = "#{DATA_DIR}/plugins_full.txt" + file = PLUGINS_FULL_FILE else raise("Unknown type #@type") end diff --git a/lib/wpscan/wp_plugin.rb b/lib/wpscan/wp_plugin.rb index 25345193..bcebc94b 100644 --- a/lib/wpscan/wp_plugin.rb +++ b/lib/wpscan/wp_plugin.rb @@ -19,7 +19,7 @@ class WpPlugin < WpItem def initialize(options = {}) options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? - options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml" + options[:vulns_file] : PLUGINS_VULNS_FILE options[:vulns_xpath] = "//plugin[@name='$name$']/vulnerability" options[:vulns_xpath_2] = "//plugin" options[:type] = "plugins" diff --git a/lib/wpscan/wp_theme.rb b/lib/wpscan/wp_theme.rb index b8edcf68..2519d81e 100644 --- a/lib/wpscan/wp_theme.rb +++ b/lib/wpscan/wp_theme.rb @@ -24,7 +24,7 @@ class WpTheme < WpItem def initialize(options = {}) options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? - options[:vulns_file] : DATA_DIR + "/theme_vulns.xml" + options[:vulns_file] : THEMES_VULNS_FILE options[:vulns_xpath] = "//theme[@name='$name$']/vulnerability" options[:type] = "themes" @version = options[:version] diff --git a/lib/wpscan/wp_version.rb b/lib/wpscan/wp_version.rb index 47beafef..158be288 100644 --- a/lib/wpscan/wp_version.rb +++ b/lib/wpscan/wp_version.rb @@ -25,7 +25,7 @@ class WpVersion < Vulnerable def initialize(number, options = {}) @number = number @discovery_method = options[:discovery_method] - @vulns_file = options[:vulns_file] || DATA_DIR + '/wp_vulns.xml' + @vulns_file = options[:vulns_file] || WP_VULNS_FILE @vulns_xpath = "//wordpress[@version='#{@number}']/vulnerability" end diff --git a/lib/wpstools/plugins/checker/checker_plugin.rb b/lib/wpstools/plugins/checker/checker_plugin.rb index 736f7464..23240b5f 100644 --- a/lib/wpstools/plugins/checker/checker_plugin.rb +++ b/lib/wpstools/plugins/checker/checker_plugin.rb @@ -39,14 +39,14 @@ class CheckerPlugin < Plugin end def check_vuln_ref_urls - vuln_ref_files = ["plugin_vulns.xml", "theme_vulns.xml", "wp_vulns.xml"] + vuln_ref_files = [ PLUGINS_VULNS_FILE , THEMES_VULNS_FILE, WP_VULNS_FILE ] error_codes = [404, 500, 403] not_found_regexp = %r{No Results Found|error 404|ID Invalid or Not Found}i puts "[+] Checking vulnerabilities reference urls" vuln_ref_files.each do |vuln_ref_file| - xml = Nokogiri::XML(File.open(DATA_DIR + '/' + vuln_ref_file)) do |config| + xml = Nokogiri::XML(File.open(vuln_ref_file)) do |config| config.noblanks end diff --git a/lib/wpstools/plugins/list_generator/generate_list.rb b/lib/wpstools/plugins/list_generator/generate_list.rb index dcc471c2..8ee482c7 100644 --- a/lib/wpstools/plugins/list_generator/generate_list.rb +++ b/lib/wpstools/plugins/list_generator/generate_list.rb @@ -48,18 +48,18 @@ class GenerateList when "plugin" case type when :full - @file_name = DATA_DIR + "/plugins_full.txt" + @file_name = PLUGINS_FULL_FILE when :popular - @file_name = DATA_DIR + "/plugins.txt" + @file_name = PLUGINS_FILE else raise "Unknown type" end when "theme" case type when :full - @file_name = DATA_DIR + "/themes_full.txt" + @file_name = THEMES_FULL_FILE when :popular - @file_name = DATA_DIR + "/themes.txt" + @file_name = THEMES_FILE else raise "Unknown type" end