-) more rspec tests

-) Bugfixing

lib/wpscan/modules/brute_force.rb

@@ -45,9 +45,11 @@ module BruteForce
 
         # the request object
         request = Browser.instance.forge_request(login_url,
-          :method => :post,
-          :params => {:log => username, :pwd => password},
-          :cache_timeout => 0
+          {
+            :method => :post,
+            :params => {:log => username, :pwd => password},
+            :cache_timeout => 0
+          }
         )
 
         # tell hydra what to do when the request completes

lib/wpscan/modules/web_site.rb

@@ -24,16 +24,14 @@ module WebSite
     wordpress = false
 
     response = Browser.instance.get(login_url(),
-      :follow_location => true,
-      :max_redirects => 2
+      { :follow_location => true, :max_redirects => 2 }
     )
 
     if response.body =~ %r{WordPress}i
       wordpress = true
     else
       response = Browser.instance.get(xmlrpc_url(),
-        :follow_location => true,
-        :max_redirects => 2
+        { :follow_location => true, :max_redirects => 2 }
       )
 
       if response.body =~ %r{XML-RPC server accepts POST requests only}i

lib/wpscan/modules/wp_plugins.rb

@@ -22,8 +22,8 @@ module WpPlugins
   #
   # return array of WpPlugin
   def plugins_from_aggressive_detection(options)
-    options[:file]          = "#{DATA_DIR}/plugins.txt"
-    options[:vulns_file]    = "#{DATA_DIR}/plugin_vulns.xml"
+    options[:file]          = options[:file] || "#{DATA_DIR}/plugins.txt"
+    options[:vulns_file]    = options[:vulns_file] || "#{DATA_DIR}/plugin_vulns.xml"
     options[:vulns_xpath]   = "//plugin[@name='#{@name}']/vulnerability"
     options[:vulns_xpath_2] = "//plugin"
     options[:type]          = "plugins"
@@ -46,16 +46,16 @@ module WpPlugins
   #   <link rel='stylesheet' href='http://example.com/wp-content/plugins/wp-minify/..' type='text/css' media='screen'/>
   #   ...
   # return array of WpPlugin
-  def plugins_from_passive_detection(wp_content_dir)
+  def plugins_from_passive_detection(options)
     plugins = []
-    temp = WpDetector.passive_detection(url(), "plugins", wp_content_dir)
+    temp = WpDetector.passive_detection(options[:url], "plugins", options[:wp_content_dir])
 
     temp.each do |item|
       plugins << WpPlugin.new(
           :url            => item[:url],
           :name           => item[:name],
           :path           => item[:path],
-          :wp_content_dir => wp_content_dir
+          :wp_content_dir => options[:wp_content_dir]
       )
     end
     plugins.sort_by { |p| p.name }

lib/wpscan/modules/wp_themes.rb

@@ -19,8 +19,8 @@
 module WpThemes
 
   def themes_from_aggressive_detection(options)
-    options[:file]          = "#{DATA_DIR}/themes.txt"
-    options[:vulns_file]    = "#{DATA_DIR}/wp_theme_vulns.xml"
+    options[:file]          = options[:file] || "#{DATA_DIR}/themes.txt"
+    options[:vulns_file]    = options[:vulns_file] || "#{DATA_DIR}/wp_theme_vulns.xml"
     options[:vulns_xpath]   = "//theme[@name='#{@name}']/vulnerability"
     options[:vulns_xpath_2] = "//theme"
     options[:type]          = "themes"
@@ -37,16 +37,16 @@ module WpThemes
     themes.sort_by { |t| t.name }
   end
 
-  def themes_from_passive_detection(wp_content_dir)
+  def themes_from_passive_detection(options)
     themes = []
-    temp = WpDetector.passive_detection(url(), "themes", wp_content_dir)
+    temp = WpDetector.passive_detection(options[:url], "themes", options[:wp_content_dir])
 
     temp.each do |item|
       themes << WpTheme.new(
           :url            => item[:url],
           :name           => item[:name],
           :path           => item[:path],
-          :wp_content_dir => wp_content_dir
+          :wp_content_dir => options[:wp_content_dir]
       )
     end
     themes.sort_by { |t| t.name }

lib/wpscan/modules/wp_usernames.rb

@@ -39,7 +39,7 @@ module WpUsernames
       if response.code == 301 # username in location?
         username = response.headers_hash['location'][%r{/author/([^/]+)/}i, 1]
         # Get the real name from the redirect site
-        real_name = get_real_name_from_url(response.headers_hash['location'])
+        real_name = get_real_name_from_url(url)
       elsif response.code == 200 # username in body?
         username = response.body[%r{posts by (.*) feed}i, 1]
         real_name = get_real_name_from_response(response)
@@ -62,7 +62,7 @@ module WpUsernames
   end
 
   def get_real_name_from_url(url)
-    resp = Browser.instance.get(url, :follow_location => true, :max_redirects => 2)
+    resp = Browser.instance.get(url, { :follow_location => true, :max_redirects => 2 })
     real_name = nil
     if resp.code == 200
       real_name = extract_real_name_from_body(resp.body)

lib/wpscan/wp_enumerator.rb

@@ -56,7 +56,7 @@ class WpEnumerator
       end
       url = "#{target[:url]}#{target[:wp_content_dir]}/#{target[:path]}"
 
-      request = enum_browser.forge_request(url, :cache_timeout => 0, :follow_location => true)
+      request = enum_browser.forge_request(url, { :cache_timeout => 0, :follow_location => true })
       request_count += 1
 
       request.on_complete do |response|
@@ -116,17 +116,14 @@ class WpEnumerator
 
       # We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it
       xml.xpath(options[:vulns_xpath_2]).each do |node|
-        item_name = node.attribute('name').text
-
-        if targets_url.grep(%r{/#{item_name}/}).empty?
-          targets_url << {
-              :url            => url,
-              :path           => item_name,
-              :wp_content_dir => wp_content_dir,
-              :name           => item_name
-          }
+        name = node.attribute("name").text
+        targets_url << {
+            :url            => url,
+            :path           => name,
+            :wp_content_dir => wp_content_dir,
+            :name           => name
+        }
         end
-      end
     end
 
     targets_url.flatten!
@@ -134,5 +131,4 @@ class WpEnumerator
     # randomize the plugins array to *maybe* help in some crappy IDS/IPS/WAF detection
     targets_url.sort_by! { rand }
   end
-
 end

lib/wpscan/wp_item.rb

@@ -83,9 +83,19 @@ class WpItem < Vulnerable
     "#@name#{' v' + item_version.strip if item_version}"
   end
 
-  # Object comparer
-  def ==(item)
-    item.name == @name
+  # Compare
+  def ==(other)
+    other.name == self.name
+  end
+
+  # Compare
+  def ===(other)
+    other.name == self.name
+  end
+
+  # Compare
+  def <=>(other)
+    other.name <=> self.name
   end
 
   # Url for readme.txt

lib/wpscan/wp_options.rb

@@ -31,22 +31,6 @@
 # * +error_404_hash+ - MD5 hash of a 404 page
 # * +type+ - Type: plugins, themes
 class WpOptions
-  def self.get_empty_options
-    options = {
-        :url                  => "",
-        :only_vulnerable_ones => false,
-        :file                 => "",
-        :vulns_file           => "",
-        :vulns_xpath          => "",
-        :vulns_xpath_2        => "",
-        :wp_content_dir       => "",
-        :show_progress_bar    => true,
-        :error_404_hash       => "",
-        :type                 => ""
-    }
-    options
-  end
-
   def self.check_options(options)
     raise("url must be set")                  unless options[:url] != nil and options[:url].to_s.length > 0
     raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil

lib/wpscan/wp_plugin.rb

@@ -18,8 +18,10 @@
 
 class WpPlugin < WpItem
   def initialize(options = {})
-    options[:vulns_xml]   = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml'
-    options[:vulns_xpath] = "//plugin[@name='#@name']/vulnerability"
+    options[:vulns_xml]     = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml'
+    options[:vulns_xpath]   = "//plugin[@name='#@name']/vulnerability"
+    options[:vulns_xpath_2] = "//plugin"
+    options[:type]          = "plugins"
     super(options)
   end
 
@@ -36,5 +38,4 @@ class WpPlugin < WpItem
   def error_log_url
     get_url.merge("error_log").to_s
   end
-
 end

lib/wpscan/wp_target.rb

@@ -117,4 +117,13 @@ class WpTarget
     @uri.merge("#{wp_content_dir()}/debug.log").to_s
   end
 
+  # Should check wp-login.php if registration is enabled or not
+  def registration_enabled?
+    # TODO
+  end
+
+  def registration_url
+    # TODO
+  end
+
 end

lib/wpscan/wp_theme.rb

@@ -24,7 +24,7 @@ class WpTheme < WpItem
 
   def initialize(options = {})
     options[:vulns_xml]   = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml'
-    options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability"
+    options[:vulns_xpath] = "//theme[@name='#@name']/vulnerability"
     @version              = options[:version]
     @style_url            = options[:style_url]
     super(options)
@@ -56,7 +56,7 @@ class WpTheme < WpItem
 
   # Discover the wordpress theme name by parsing the css link rel
   def self.find_from_css_link(target_uri)
-    response = Browser.instance.get(target_uri.to_s, :follow_location => true, :max_redirects => 2)
+    response = Browser.instance.get(target_uri.to_s, { :follow_location => true, :max_redirects => 2 })
 
     if matches = %r{https?://[^"']+/themes/([^"']+)/style.css}i.match(response.body)
       style_url = matches[0]

lib/wpscan/wp_version.rb

@@ -60,14 +60,14 @@ class WpVersion < Vulnerable
   # that it is reinstated on upgrade.
   def self.find_from_meta_generator(options)
     target_uri = options[:url]
-    response = Browser.instance.get(target_uri.to_s, :follow_location => true, :max_redirects => 2)
+    response = Browser.instance.get(target_uri.to_s, { :follow_location => true, :max_redirects => 2 })
 
     response.body[%r{name="generator" content="wordpress ([^"]+)"}i, 1]
   end
 
   def self.find_from_rss_generator(options)
     target_uri = options[:url]
-    response = Browser.instance.get(target_uri.merge("feed/").to_s, :follow_location => true, :max_redirects => 2)
+    response = Browser.instance.get(target_uri.merge("feed/").to_s, { :follow_location => true, :max_redirects => 2 })
 
     response.body[%r{<generator>http://wordpress.org/\?v=([^<]+)</generator>}i, 1]
   end