garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bugfixing

Browse Source
This commit is contained in:
Christian Mehlmauer
2012-09-15 23:28:00 +02:00
parent 4c8fb5b1b9
commit 22006f40b8
4 changed files with 25 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/wpscan/modules/wp_plugins.rb
View File

@@ -25,6 +25,7 @@ module WpPlugins
options[:file] = "#{DATA_DIR}/plugins.txt" options[:file] = "#{DATA_DIR}/plugins.txt"
options[:vulns_file] = "#{DATA_DIR}/plugin_vulns.xml" options[:vulns_file] = "#{DATA_DIR}/plugin_vulns.xml"
options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability" options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability"
options[:vulns_xpath_2] = "//plugin"
options[:type] = "plugins" options[:type] = "plugins"
result = WpDetector.aggressive_detection(options) result = WpDetector.aggressive_detection(options)
result result

3
lib/wpscan/modules/wp_themes.rb
View File

@@ -20,8 +20,9 @@ module WpThemes
def themes_from_aggressive_detection(options) def themes_from_aggressive_detection(options)
options[:file] = "#{DATA_DIR}/themes.txt" options[:file] = "#{DATA_DIR}/themes.txt"
options[:vulns_file] = "#{DATA_DIR}/theme_vulns.xml" options[:vulns_file] = "#{DATA_DIR}/wp_theme_vulns.xml"
options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability" options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability"
options[:vulns_xpath_2] = "//theme"
options[:type] = "themes" options[:type] = "themes"
result = WpDetector.aggressive_detection(options) result = WpDetector.aggressive_detection(options)
result result

23
lib/wpscan/wp_enumerator.rb
View File

@@ -76,8 +76,8 @@ class WpEnumerator
def self.generate_items(options = {}) def self.generate_items(options = {})
only_vulnerable = options[:only_vulnerable_ones] only_vulnerable = options[:only_vulnerable_ones]
plugins_file = options[:file] || "#{DATA_DIR}/plugins.txt" file = options[:file]
plugin_vulns_file = options[:vulns_file] || "#{DATA_DIR}/plugin_vulns.xml" vulns_file = options[:vulns_file]
wp_content_dir = options[:wp_content_dir] wp_content_dir = options[:wp_content_dir]
url = options[:url] url = options[:url]
type = options[:type] type = options[:type]
@@ -85,27 +85,28 @@ class WpEnumerator
if only_vulnerable == false if only_vulnerable == false
# Open and parse the 'most popular' plugin list... # Open and parse the 'most popular' plugin list...
File.open(plugins_file, 'r') do |file| File.open(file, 'r') do |f|
file.readlines.collect do |line| f.readlines.collect do |line|
targets_url << WpPlugin.new(:url => url, :path => line.strip, :wp_content_dir => wp_content_dir) targets_url << WpPlugin.new(:url => url, :path => "#{type}/#{line.strip}", :wp_content_dir => wp_content_dir)
end end
end end
end end
xml = Nokogiri::XML(File.open(plugin_vulns_file)) do |config| xml = Nokogiri::XML(File.open(vulns_file)) do |config|
config.noblanks config.noblanks
end end
# We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it # We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it
xml.xpath("//plugin").each do |node| xml.xpath(options[:vulns_xpath_2]).each do |node|
plugin_name = node.attribute('name').text item_name = node.attribute('name').text
if targets_url.grep(%r{/#{plugin_name}/}).empty? if targets_url.grep(%r{/#{item_name}/}).empty?
# TODO: Generic
targets_url << WpPlugin.new( targets_url << WpPlugin.new(
:url => url, :url => url,
:path => "#{type}/#{plugin_name}", :path => "#{type}/#{item_name}",
:wp_content_dir => wp_content_dir, :wp_content_dir => wp_content_dir,
:name => plugin_name :name => item_name
) )
end end
end end

3
lib/wpscan/wp_options.rb
View File

@@ -25,6 +25,7 @@
# * +file+ - Filename with items to detect # * +file+ - Filename with items to detect
# * +vulns_file+ - XML file with vulnerabilities # * +vulns_file+ - XML file with vulnerabilities
# * +vulns_xpath+ - XPath for vulnerability XML file # * +vulns_xpath+ - XPath for vulnerability XML file
# * +vulns_xpath_2+ - XPath for vulnerability XML file
# * +wp_content_dir+ - Name of the wp-content directory # * +wp_content_dir+ - Name of the wp-content directory
# * +show_progress_bar+ - Show a progress bar during enumeration # * +show_progress_bar+ - Show a progress bar during enumeration
# * +error_404_hash+ - MD5 hash of a 404 page # * +error_404_hash+ - MD5 hash of a 404 page
@@ -37,6 +38,7 @@ class WpOptions
:file => "", :file => "",
:vulns_file => "", :vulns_file => "",
:vulns_xpath => "", :vulns_xpath => "",
:vulns_xpath_2 => "",
:wp_content_dir => "", :wp_content_dir => "",
:show_progress_bar => true, :show_progress_bar => true,
:error_404_hash => "", :error_404_hash => "",
@@ -51,6 +53,7 @@ class WpOptions
raise("file must be set") unless options[:file] != nil and options[:file].length > 0 raise("file must be set") unless options[:file] != nil and options[:file].length > 0
raise("vulns_file must be set") unless options[:vulns_file] != nil and options[:vulns_file].length > 0 raise("vulns_file must be set") unless options[:vulns_file] != nil and options[:vulns_file].length > 0
raise("vulns_xpath must be set") unless options[:vulns_xpath] != nil and options[:vulns_xpath].length > 0 raise("vulns_xpath must be set") unless options[:vulns_xpath] != nil and options[:vulns_xpath].length > 0
raise("vulns_xpath_2 must be set") unless options[:vulns_xpath_2] != nil and options[:vulns_xpath_2].length > 0
raise("wp_content_dir must be set") unless options[:wp_content_dir] != nil and options[:wp_content_dir].length > 0 raise("wp_content_dir must be set") unless options[:wp_content_dir] != nil and options[:wp_content_dir].length > 0
raise("show_progress_bar must be set") unless options[:show_progress_bar] != nil raise("show_progress_bar must be set") unless options[:show_progress_bar] != nil
raise("error_404_hash must be set") unless options[:error_404_hash] != nil and options[:error_404_hash].length > 0 raise("error_404_hash must be set") unless options[:error_404_hash] != nil and options[:error_404_hash].length > 0