garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #1461

Browse Source
This commit is contained in:
erwanlr
2020-03-02 15:34:51 +01:00
parent 4fd43694ae
commit 14ed6ae109
15 changed files with 81 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/finders/interesting_findings/backup_db.rb
View File

@@ -16,8 +16,7 @@ module WPScan
target.url(path),
confidence: 70,
found_by: DIRECT_ACCESS,
interesting_entries: target.directory_listing_entries(path),
references: { url: 'https://github.com/wpscanteam/wpscan/issues/422' }
interesting_entries: target.directory_listing_entries(path)
)
end
end

6
app/finders/interesting_findings/debug_log.rb
View File

@@ -11,11 +11,7 @@ module WPScan
return unless target.debug_log?(path)
Model::DebugLog.new(
target.url(path),
confidence: 100, found_by: DIRECT_ACCESS,
references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
)
Model::DebugLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
end
end
end

7
app/finders/interesting_findings/duplicator_installer_log.rb
View File

@@ -11,12 +11,7 @@ module WPScan
return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
Model::DuplicatorInstallerLog.new(
target.url(path),
confidence: 100,
found_by: DIRECT_ACCESS,
references: { url: 'https://www.exploit-db.com/ghdb/3981/' }
)
Model::DuplicatorInstallerLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
end
end
end

5
app/finders/interesting_findings/emergency_pwd_reset_script.rb
View File

@@ -15,10 +15,7 @@ module WPScan
Model::EmergencyPwdResetScript.new(
target.url(path),
confidence: /password/i.match?(res.body) ? 100 : 40,
found_by: DIRECT_ACCESS,
references: {
url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'
}
found_by: DIRECT_ACCESS
)
end
end

3
app/finders/interesting_findings/full_path_disclosure.rb
View File

@@ -16,8 +16,7 @@ module WPScan
target.url(path),
confidence: 100,
found_by: DIRECT_ACCESS,
interesting_entries: fpd_entries,
references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' }
interesting_entries: fpd_entries
)
end
end

16
app/finders/interesting_findings/mu_plugins.rb
View File

@@ -16,13 +16,7 @@ module WPScan
target.mu_plugins = true
return Model::MuPlugins.new(
url,
confidence: 70,
found_by: 'URLs In Homepage (Passive Detection)',
to_s: "This site has 'Must Use Plugins': #{url}",
references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
)
return Model::MuPlugins.new(url, confidence: 70, found_by: 'URLs In Homepage (Passive Detection)')
end
nil
end
@@ -37,13 +31,7 @@ module WPScan
target.mu_plugins = true
Model::MuPlugins.new(
url,
confidence: 80,
found_by: DIRECT_ACCESS,
to_s: "This site has 'Must Use Plugins': #{url}",
references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
)
Model::MuPlugins.new(url, confidence: 80, found_by: DIRECT_ACCESS)
end
end
end

8
app/finders/interesting_findings/multisite.rb
View File

@@ -17,13 +17,7 @@ module WPScan
target.multisite = true
Model::Multisite.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,
to_s: 'This site seems to be a multisite',
references: { url: 'http://codex.wordpress.org/Glossary#Multisite' }
)
Model::Multisite.new(url, confidence: 100, found_by: DIRECT_ACCESS)
end
end
end

7
app/finders/interesting_findings/registration.rb
View File

@@ -20,12 +20,7 @@ module WPScan
target.registration_enabled = true
Model::Registration.new(
res.effective_url,
confidence: 100,
found_by: DIRECT_ACCESS,
to_s: "Registration is enabled: #{res.effective_url}"
)
Model::Registration.new(res.effective_url, confidence: 100, found_by: DIRECT_ACCESS)
end
end
end

7
app/finders/interesting_findings/tmm_db_migrate.rb
View File

@@ -13,12 +13,7 @@ module WPScan
return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
Model::TmmDbMigrate.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,
references: { packetstorm: 131_957 }
)
Model::TmmDbMigrate.new(url, confidence: 100, found_by: DIRECT_ACCESS)
end
end
end

7
app/finders/interesting_findings/upload_directory_listing.rb
View File

@@ -13,12 +13,7 @@ module WPScan
url = target.url(path)
Model::UploadDirectoryListing.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,
to_s: "Upload directory has listing enabled: #{url}"
)
Model::UploadDirectoryListing.new(url, confidence: 100, found_by: DIRECT_ACCESS)
end
end
end

6
app/finders/interesting_findings/upload_sql_dump.rb
View File

@@ -14,11 +14,7 @@ module WPScan
return unless SQL_PATTERN.match?(res.body)
Model::UploadSQLDump.new(
target.url(path),
confidence: 100,
found_by: DIRECT_ACCESS
)
Model::UploadSQLDump.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
end
end
end

12
app/finders/interesting_findings/wp_cron.rb
View File

@@ -11,17 +11,7 @@ module WPScan
return unless res.code == 200
Model::WPCron.new(
wp_cron_url,
confidence: 60,
found_by: DIRECT_ACCESS,
references: {
url: [
'https://www.iplocation.net/defend-wordpress-from-ddos',
'https://github.com/wpscanteam/wpscan/issues/1299'
]
}
)
Model::WPCron.new(wp_cron_url, confidence: 60, found_by: DIRECT_ACCESS)
end
def wp_cron_url

67
app/models/interesting_finding.rb
View File

@@ -8,45 +8,110 @@ module WPScan
end
#
# Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
# Some classes are empty for the #type to be correctly displayed (as taken from the self.class from the parent)
#
class BackupDB < InterestingFinding
# @return [ Hash ]
def references
@references ||= { url: ['https://github.com/wpscanteam/wpscan/issues/422'] }
end
end
class DebugLog < InterestingFinding
# @ return [ Hash ]
def references
@references ||= { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
end
end
class DuplicatorInstallerLog < InterestingFinding
# @return [ Hash ]
def references
@references ||= { url: ['https://www.exploit-db.com/ghdb/3981/'] }
end
end
class EmergencyPwdResetScript < InterestingFinding
def references
@references ||= {
url: ['https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script']
}
end
end
class FullPathDisclosure < InterestingFinding
# @return [ Hash ]
def references
@references ||= { url: ['https://www.owasp.org/index.php/Full_Path_Disclosure'] }
end
end
class MuPlugins < InterestingFinding
# @return [ String ]
def to_s
@to_s ||= "This site has 'Must Use Plugins': #{url}"
end
# @return [ Hash ]
def references
@references ||= { url: ['http://codex.wordpress.org/Must_Use_Plugins'] }
end
end
class Multisite < InterestingFinding
# @return [ String ]
def to_s
@to_s ||= 'This site seems to be a multisite'
end
# @return [ Hash ]
def references
@references ||= { url: ['http://codex.wordpress.org/Glossary#Multisite'] }
end
end
class Readme < InterestingFinding
end
class Registration < InterestingFinding
# @return [ String ]
def to_s
@to_s ||= "Registration is enabled: #{url}"
end
end
class TmmDbMigrate < InterestingFinding
# @return [ Hash ]
def references
@references ||= { packetstorm: [131_957] }
end
end
class UploadDirectoryListing < InterestingFinding
# @return [ String ]
def to_s
@to_s ||= "Upload directory has listing enabled: #{url}"
end
end
class UploadSQLDump < InterestingFinding
end
class WPCron < InterestingFinding
# @return [ String ]
def to_s
@to_s ||= "The external WP-Cron seems to be enabled: #{url}"
end
# @return [ Hash ]
def references
@references ||= {
url: [
'https://www.iplocation.net/defend-wordpress-from-ddos',
'https://github.com/wpscanteam/wpscan/issues/1299'
]
}
end
end
end
end

2
app/models/xml_rpc.rb
View File

@@ -8,7 +8,7 @@ module WPScan
# @return [ Hash ]
def references
{
@references ||= {
url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'],
metasploit: [
'auxiliary/scanner/http/wordpress_ghost_scanner',

2
wpscan.gemspec
View File

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
s.executables = ['wpscan']
s.require_paths = ['lib']
s.add_dependency 'cms_scanner', '~> 0.8.3'
s.add_dependency 'cms_scanner', '~> 0.8.4'
s.add_development_dependency 'bundler', '>= 1.6'
s.add_development_dependency 'memory_profiler', '~> 0.9.13'