diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index e9a15173..ca38ea99 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -32,20 +32,20 @@ This file contains vulnerabilities associated with WordPress verions.
-
- Wordpress 3.3.1 Multiple CSRF Vulnerabilities
- http://www.exploit-db.com/exploits/18791/
+
+ Wordpress 3.3.1 Multiple CSRF Vulnerabilities
+ http://www.exploit-db.com/exploits/18791/
-
- Wordpress 3.3.1 Multiple CSRF Vulnerabilities
- http://www.exploit-db.com/exploits/18791/
+
+ Wordpress 3.3.1 Multiple CSRF Vulnerabilities
+ http://www.exploit-db.com/exploits/18791/
-
- WordPress 3.3.2 Cross Site Scripting
- http://packetstormsecurity.org/files/113254
+
+ WordPress 3.3.2 Cross Site Scripting
+ http://packetstormsecurity.org/files/113254
@@ -54,13 +54,13 @@ This file contains vulnerabilities associated with WordPress verions.
Multiple vulnerabilities including XSS and Privilege Escalation
http://wordpress.org/news/2012/04/wordpress-3-3-2/
-
- Wordpress 3.3.1 Multiple CSRF Vulnerabilities
- http://www.exploit-db.com/exploits/18791/
+
+ Wordpress 3.3.1 Multiple CSRF Vulnerabilities
+ http://www.exploit-db.com/exploits/18791/
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -69,30 +69,30 @@ This file contains vulnerabilities associated with WordPress verions.
Reflected Cross-Site Scripting in WordPress 3.3
http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -101,9 +101,9 @@ This file contains vulnerabilities associated with WordPress verions.
Multiple SQL Injection Vulnerabilities
http://www.exploit-db.com/exploits/17465/
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -112,9 +112,9 @@ This file contains vulnerabilities associated with WordPress verions.
Wordpress <= 3.1.2 Clickjacking Vulnerability
http://seclists.org/fulldisclosure/2011/Sep/219
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -123,37 +123,37 @@ This file contains vulnerabilities associated with WordPress verions.
WordPress wp-includes/formatting.php make_clickable() PCRE Library Remote DoS
http://osvdb.org/show/osvdb/72142
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -166,9 +166,9 @@ This file contains vulnerabilities associated with WordPress verions.
Wordpress 3.0.3 stored XSS IE7,6 NS8.1
http://www.exploit-db.com/exploits/15858/
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -177,9 +177,9 @@ This file contains vulnerabilities associated with WordPress verions.
WordPress XML-RPC Interface Access Restriction Bypass
http://osvdb.org/69761
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -188,30 +188,30 @@ This file contains vulnerabilities associated with WordPress verions.
WordPress: Information Disclosure via SQL Injection Attack
http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -224,16 +224,16 @@ This file contains vulnerabilities associated with WordPress verions.
Wordpress DOS <= 2.9
http://www.exploit-db.com/exploits/11441/
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -242,16 +242,16 @@ This file contains vulnerabilities associated with WordPress verions.
WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution
http://www.exploit-db.com/exploits/10089/
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -260,9 +260,9 @@ This file contains vulnerabilities associated with WordPress verions.
Wordpress <= 2.8.3 Remote Admin Reset Password Vulnerability
http://www.exploit-db.com/exploits/9410/
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -271,16 +271,16 @@ This file contains vulnerabilities associated with WordPress verions.
Wordpress 2.8.1 (url) Remote Cross Site Scripting Exploit
http://www.exploit-db.com/exploits/9250/
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -289,44 +289,44 @@ This file contains vulnerabilities associated with WordPress verions.
WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability
http://www.exploit-db.com/exploits/10088/
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -335,30 +335,30 @@ This file contains vulnerabilities associated with WordPress verions.
Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
http://www.exploit-db.com/exploits/6421/
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
-
- XSS vulnerability in swfupload in WordPress
- http://seclists.org/fulldisclosure/2012/Nov/51
+
+ XSS vulnerability in swfupload in WordPress
+ http://seclists.org/fulldisclosure/2012/Nov/51
@@ -440,4 +440,4 @@ This file contains vulnerabilities associated with WordPress verions.
-
\ No newline at end of file
+
diff --git a/lib/wpstools/wpstools_helper.rb b/lib/wpstools/wpstools_helper.rb
index fab30fea..4320b268 100644
--- a/lib/wpstools/wpstools_helper.rb
+++ b/lib/wpstools/wpstools_helper.rb
@@ -56,12 +56,12 @@ def help()
puts "--gpl Alias for --generate_plugin_list"
puts "--generate_full_plugin_list Generate a new full data/plugins.txt file"
puts "--gfpl Alias for --generate_full_plugin_list"
-
puts "--generate_theme_list [number of pages] Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)"
puts "--gtl Alias for --generate_theme_list"
puts "--generate_full_theme_list Generate a new full data/themes.txt file"
puts "--gftl Alias for --generate_full_theme_list"
puts "--generate_all Generate a new full plugins, full themes, popular plugins and popular themes list"
puts "--ga Alias for --generate_all"
+ puts "--check-vuln-ref-urls | --cvru Check all the vulnerabilities reference urls for 404"
puts
end
diff --git a/wpstools.rb b/wpstools.rb
index cbc2cdfe..26f432ad 100755
--- a/wpstools.rb
+++ b/wpstools.rb
@@ -39,12 +39,14 @@ begin
["--generate_theme_list", GetoptLong::OPTIONAL_ARGUMENT],
["--generate_full_theme_list", GetoptLong::NO_ARGUMENT],
["--generate_all", GetoptLong::NO_ARGUMENT],
- ["--gpl", GetoptLong::OPTIONAL_ARGUMENT],
- ["--gfpl", GetoptLong::OPTIONAL_ARGUMENT],
- ["--gtl", GetoptLong::OPTIONAL_ARGUMENT],
- ["--gftl", GetoptLong::OPTIONAL_ARGUMENT],
- ["--ga", GetoptLong::OPTIONAL_ARGUMENT],
- ["--update", "-u", GetoptLong::NO_ARGUMENT]
+ ["--gpl", GetoptLong::OPTIONAL_ARGUMENT], # Alias for --generate_plugin_list
+ ["--gfpl", GetoptLong::OPTIONAL_ARGUMENT], # Alias for --generate_full_plugin_list
+ ["--gtl", GetoptLong::OPTIONAL_ARGUMENT], # Alias for --generate_theme_list
+ ["--gftl", GetoptLong::OPTIONAL_ARGUMENT], # Alias for --generate_full_theme_list
+ ["--ga", GetoptLong::OPTIONAL_ARGUMENT], # Alias for --generate_all
+ ["--update", "-u", GetoptLong::NO_ARGUMENT],
+ ["--check-vuln-ref-urls", GetoptLong::NO_ARGUMENT],
+ ["--cvru", GetoptLong::NO_ARGUMENT] # Alias for --check-vuln-ref-urls
)
options.each do |option, argument|
@@ -79,11 +81,13 @@ begin
when "--generate_full_theme_list", "--gftl"
@generate_full_theme_list = true
when "--generate_all", "--ga"
- @generate_plugin_list = true
- @generate_theme_list = true
- @number_of_pages = 150
- @generate_full_theme_list = true
+ @generate_plugin_list = true
+ @generate_theme_list = true
+ @number_of_pages = 150
+ @generate_full_theme_list = true
@generate_full_plugin_list = true
+ when "--check-vuln-ref-urls", "--cvru"
+ @check_vuln_ref_urls = true
end
end
@@ -111,6 +115,61 @@ begin
Generate_List.new('themes', @verbose).generate_full_list
end
+ # seclists.org redirects to the homepage if the reference does not exist
+ # TODO : the special case above
+ if @check_vuln_ref_urls
+ vuln_ref_files = ["plugin_vulns.xml", "wp_theme_vulns.xml", "wp_vulns.xml"]
+ error_codes = [404, 500, 403]
+ not_found_regexp = %r{No Results Found|error 404|ID Invalid or Not Found}i
+
+ puts "[+] Checking vulnerabilities reference urls"
+
+ vuln_ref_files.each do |vuln_ref_file|
+ xml = Nokogiri::XML(File.open(DATA_DIR + '/' + vuln_ref_file)) do |config|
+ config.noblanks
+ end
+
+ urls = []
+ xml.xpath("//reference").each { |node| urls << node.text }
+
+ urls.uniq!
+
+ dead_urls = []
+ queue_count = 0
+ request_count = 0
+ browser = Browser.instance
+ hydra = browser.hydra
+ number_of_urls = urls.size
+
+ urls.each do |url|
+ request = browser.forge_request(url, { :cache_timeout => 0, :follow_location => true })
+ request_count += 1
+
+ request.on_complete do |response|
+ print "\r [+] Checking #{vuln_ref_file} #{number_of_urls} total ... #{(request_count * 100) / number_of_urls}% complete."
+
+ if error_codes.include?(response.code) or not_found_regexp.match(response.body)
+ dead_urls << url
+ end
+ end
+
+ hydra.queue(request)
+ queue_count += 1
+
+ if queue_count == browser.max_threads
+ hydra.run
+ queue_count = 0
+ end
+ end
+
+ hydra.run
+ puts
+ unless dead_urls.empty?
+ dead_urls.each { |url| puts " Not Found #{url}" }
+ end
+ end
+ end
+
if @update
unless @updater.nil?
puts @updater.update()