diff --git a/app/finders/interesting_findings/backup_db.rb b/app/finders/interesting_findings/backup_db.rb index c6358b81..3a0230fb 100644 --- a/app/finders/interesting_findings/backup_db.rb +++ b/app/finders/interesting_findings/backup_db.rb @@ -16,8 +16,7 @@ module WPScan target.url(path), confidence: 70, found_by: DIRECT_ACCESS, - interesting_entries: target.directory_listing_entries(path), - references: { url: 'https://github.com/wpscanteam/wpscan/issues/422' } + interesting_entries: target.directory_listing_entries(path) ) end end diff --git a/app/finders/interesting_findings/debug_log.rb b/app/finders/interesting_findings/debug_log.rb index 45d6c4a1..ce0667d2 100644 --- a/app/finders/interesting_findings/debug_log.rb +++ b/app/finders/interesting_findings/debug_log.rb @@ -11,11 +11,7 @@ module WPScan return unless target.debug_log?(path) - Model::DebugLog.new( - target.url(path), - confidence: 100, found_by: DIRECT_ACCESS, - references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' } - ) + Model::DebugLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS) end end end diff --git a/app/finders/interesting_findings/duplicator_installer_log.rb b/app/finders/interesting_findings/duplicator_installer_log.rb index ce67123c..7adc5b05 100644 --- a/app/finders/interesting_findings/duplicator_installer_log.rb +++ b/app/finders/interesting_findings/duplicator_installer_log.rb @@ -11,12 +11,7 @@ module WPScan return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body) - Model::DuplicatorInstallerLog.new( - target.url(path), - confidence: 100, - found_by: DIRECT_ACCESS, - references: { url: 'https://www.exploit-db.com/ghdb/3981/' } - ) + Model::DuplicatorInstallerLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS) end end end diff --git a/app/finders/interesting_findings/emergency_pwd_reset_script.rb b/app/finders/interesting_findings/emergency_pwd_reset_script.rb index 8186e348..e6bedd52 100644 --- a/app/finders/interesting_findings/emergency_pwd_reset_script.rb +++ b/app/finders/interesting_findings/emergency_pwd_reset_script.rb @@ -15,10 +15,7 @@ module WPScan Model::EmergencyPwdResetScript.new( target.url(path), confidence: /password/i.match?(res.body) ? 100 : 40, - found_by: DIRECT_ACCESS, - references: { - url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script' - } + found_by: DIRECT_ACCESS ) end end diff --git a/app/finders/interesting_findings/full_path_disclosure.rb b/app/finders/interesting_findings/full_path_disclosure.rb index 50c45a92..cf8fc40f 100644 --- a/app/finders/interesting_findings/full_path_disclosure.rb +++ b/app/finders/interesting_findings/full_path_disclosure.rb @@ -16,8 +16,7 @@ module WPScan target.url(path), confidence: 100, found_by: DIRECT_ACCESS, - interesting_entries: fpd_entries, - references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' } + interesting_entries: fpd_entries ) end end diff --git a/app/finders/interesting_findings/mu_plugins.rb b/app/finders/interesting_findings/mu_plugins.rb index 88892b6e..01cc6e76 100644 --- a/app/finders/interesting_findings/mu_plugins.rb +++ b/app/finders/interesting_findings/mu_plugins.rb @@ -16,13 +16,7 @@ module WPScan target.mu_plugins = true - return Model::MuPlugins.new( - url, - confidence: 70, - found_by: 'URLs In Homepage (Passive Detection)', - to_s: "This site has 'Must Use Plugins': #{url}", - references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' } - ) + return Model::MuPlugins.new(url, confidence: 70, found_by: 'URLs In Homepage (Passive Detection)') end nil end @@ -37,13 +31,7 @@ module WPScan target.mu_plugins = true - Model::MuPlugins.new( - url, - confidence: 80, - found_by: DIRECT_ACCESS, - to_s: "This site has 'Must Use Plugins': #{url}", - references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' } - ) + Model::MuPlugins.new(url, confidence: 80, found_by: DIRECT_ACCESS) end end end diff --git a/app/finders/interesting_findings/multisite.rb b/app/finders/interesting_findings/multisite.rb index e55d160e..546611c4 100644 --- a/app/finders/interesting_findings/multisite.rb +++ b/app/finders/interesting_findings/multisite.rb @@ -17,13 +17,7 @@ module WPScan target.multisite = true - Model::Multisite.new( - url, - confidence: 100, - found_by: DIRECT_ACCESS, - to_s: 'This site seems to be a multisite', - references: { url: 'http://codex.wordpress.org/Glossary#Multisite' } - ) + Model::Multisite.new(url, confidence: 100, found_by: DIRECT_ACCESS) end end end diff --git a/app/finders/interesting_findings/registration.rb b/app/finders/interesting_findings/registration.rb index 0fb693cf..d1a91e8d 100644 --- a/app/finders/interesting_findings/registration.rb +++ b/app/finders/interesting_findings/registration.rb @@ -20,12 +20,7 @@ module WPScan target.registration_enabled = true - Model::Registration.new( - res.effective_url, - confidence: 100, - found_by: DIRECT_ACCESS, - to_s: "Registration is enabled: #{res.effective_url}" - ) + Model::Registration.new(res.effective_url, confidence: 100, found_by: DIRECT_ACCESS) end end end diff --git a/app/finders/interesting_findings/tmm_db_migrate.rb b/app/finders/interesting_findings/tmm_db_migrate.rb index cc309db1..36d91c57 100644 --- a/app/finders/interesting_findings/tmm_db_migrate.rb +++ b/app/finders/interesting_findings/tmm_db_migrate.rb @@ -13,12 +13,7 @@ module WPScan return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i - Model::TmmDbMigrate.new( - url, - confidence: 100, - found_by: DIRECT_ACCESS, - references: { packetstorm: 131_957 } - ) + Model::TmmDbMigrate.new(url, confidence: 100, found_by: DIRECT_ACCESS) end end end diff --git a/app/finders/interesting_findings/upload_directory_listing.rb b/app/finders/interesting_findings/upload_directory_listing.rb index f74be93c..980009e6 100644 --- a/app/finders/interesting_findings/upload_directory_listing.rb +++ b/app/finders/interesting_findings/upload_directory_listing.rb @@ -13,12 +13,7 @@ module WPScan url = target.url(path) - Model::UploadDirectoryListing.new( - url, - confidence: 100, - found_by: DIRECT_ACCESS, - to_s: "Upload directory has listing enabled: #{url}" - ) + Model::UploadDirectoryListing.new(url, confidence: 100, found_by: DIRECT_ACCESS) end end end diff --git a/app/finders/interesting_findings/upload_sql_dump.rb b/app/finders/interesting_findings/upload_sql_dump.rb index 5c76bba0..824f5997 100644 --- a/app/finders/interesting_findings/upload_sql_dump.rb +++ b/app/finders/interesting_findings/upload_sql_dump.rb @@ -14,11 +14,7 @@ module WPScan return unless SQL_PATTERN.match?(res.body) - Model::UploadSQLDump.new( - target.url(path), - confidence: 100, - found_by: DIRECT_ACCESS - ) + Model::UploadSQLDump.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS) end end end diff --git a/app/finders/interesting_findings/wp_cron.rb b/app/finders/interesting_findings/wp_cron.rb index 53e5f588..6e10215a 100644 --- a/app/finders/interesting_findings/wp_cron.rb +++ b/app/finders/interesting_findings/wp_cron.rb @@ -11,17 +11,7 @@ module WPScan return unless res.code == 200 - Model::WPCron.new( - wp_cron_url, - confidence: 60, - found_by: DIRECT_ACCESS, - references: { - url: [ - 'https://www.iplocation.net/defend-wordpress-from-ddos', - 'https://github.com/wpscanteam/wpscan/issues/1299' - ] - } - ) + Model::WPCron.new(wp_cron_url, confidence: 60, found_by: DIRECT_ACCESS) end def wp_cron_url diff --git a/app/models/interesting_finding.rb b/app/models/interesting_finding.rb index 61e44da6..1a2ffddd 100644 --- a/app/models/interesting_finding.rb +++ b/app/models/interesting_finding.rb @@ -8,45 +8,110 @@ module WPScan end # - # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent) + # Some classes are empty for the #type to be correctly displayed (as taken from the self.class from the parent) # class BackupDB < InterestingFinding + # @return [ Hash ] + def references + @references ||= { url: ['https://github.com/wpscanteam/wpscan/issues/422'] } + end end class DebugLog < InterestingFinding + # @ return [ Hash ] + def references + @references ||= { url: 'https://codex.wordpress.org/Debugging_in_WordPress' } + end end class DuplicatorInstallerLog < InterestingFinding + # @return [ Hash ] + def references + @references ||= { url: ['https://www.exploit-db.com/ghdb/3981/'] } + end end class EmergencyPwdResetScript < InterestingFinding + def references + @references ||= { + url: ['https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'] + } + end end class FullPathDisclosure < InterestingFinding + # @return [ Hash ] + def references + @references ||= { url: ['https://www.owasp.org/index.php/Full_Path_Disclosure'] } + end end class MuPlugins < InterestingFinding + # @return [ String ] + def to_s + @to_s ||= "This site has 'Must Use Plugins': #{url}" + end + + # @return [ Hash ] + def references + @references ||= { url: ['http://codex.wordpress.org/Must_Use_Plugins'] } + end end class Multisite < InterestingFinding + # @return [ String ] + def to_s + @to_s ||= 'This site seems to be a multisite' + end + + # @return [ Hash ] + def references + @references ||= { url: ['http://codex.wordpress.org/Glossary#Multisite'] } + end end class Readme < InterestingFinding end class Registration < InterestingFinding + # @return [ String ] + def to_s + @to_s ||= "Registration is enabled: #{url}" + end end class TmmDbMigrate < InterestingFinding + # @return [ Hash ] + def references + @references ||= { packetstorm: [131_957] } + end end class UploadDirectoryListing < InterestingFinding + # @return [ String ] + def to_s + @to_s ||= "Upload directory has listing enabled: #{url}" + end end class UploadSQLDump < InterestingFinding end class WPCron < InterestingFinding + # @return [ String ] + def to_s + @to_s ||= "The external WP-Cron seems to be enabled: #{url}" + end + + # @return [ Hash ] + def references + @references ||= { + url: [ + 'https://www.iplocation.net/defend-wordpress-from-ddos', + 'https://github.com/wpscanteam/wpscan/issues/1299' + ] + } + end end end end diff --git a/app/models/xml_rpc.rb b/app/models/xml_rpc.rb index 0c065194..ea9aee05 100644 --- a/app/models/xml_rpc.rb +++ b/app/models/xml_rpc.rb @@ -8,7 +8,7 @@ module WPScan # @return [ Hash ] def references - { + @references ||= { url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'], metasploit: [ 'auxiliary/scanner/http/wordpress_ghost_scanner', diff --git a/wpscan.gemspec b/wpscan.gemspec index 30880c7a..693f631e 100644 --- a/wpscan.gemspec +++ b/wpscan.gemspec @@ -21,7 +21,7 @@ Gem::Specification.new do |s| s.executables = ['wpscan'] s.require_paths = ['lib'] - s.add_dependency 'cms_scanner', '~> 0.8.3' + s.add_dependency 'cms_scanner', '~> 0.8.4' s.add_development_dependency 'bundler', '>= 1.6' s.add_development_dependency 'memory_profiler', '~> 0.9.13'