garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Christian Mehlmauer
2012-11-26 22:30:07 +01:00
parent aebe925c95
commit 31d2ca06eb
6 changed files with 42 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/wpscan/modules/wp_plugins.rb
View File

@@ -22,8 +22,9 @@ module WpPlugins
# #
# return array of WpPlugin # return array of WpPlugin
def plugins_from_aggressive_detection(options) def plugins_from_aggressive_detection(options)
options[:file] = options[:file] || "#{DATA_DIR}/plugins.txt" options[:file] = options[:file] || (options[:full] ? "#{DATA_DIR}/plugins_full.txt" : "#{DATA_DIR}/plugins.txt")
options[:vulns_file] = options[:vulns_file] || "#{DATA_DIR}/plugin_vulns.xml" options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml"
options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability" options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability"
options[:vulns_xpath_2] = "//plugin" options[:vulns_xpath_2] = "//plugin"
options[:type] = "plugins" options[:type] = "plugins"

2
lib/wpscan/modules/wp_themes.rb
View File

@@ -19,7 +19,7 @@
module WpThemes module WpThemes
def themes_from_aggressive_detection(options) def themes_from_aggressive_detection(options)
options[:file] = options[:file] || "#{DATA_DIR}/themes.txt" options[:file] = options[:file] || (options[:full] ? "#{DATA_DIR}/themes_full.txt" : "#{DATA_DIR}/themes.txt")
options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
options[:vulns_file] : DATA_DIR + "/wp_theme_vulns.xml" options[:vulns_file] : DATA_DIR + "/wp_theme_vulns.xml"
options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability" options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability"

2
lib/wpscan/wpscan_helper.rb
View File

@@ -85,9 +85,11 @@ def help()
puts " u[10-20] usernames from id 10 to 20 (you must write [] chars)" puts " u[10-20] usernames from id 10 to 20 (you must write [] chars)"
puts " p plugins" puts " p plugins"
puts " vp only vulnerable plugins" puts " vp only vulnerable plugins"
puts " ap all plugins (can take a long time)"
puts " tt timthumbs" puts " tt timthumbs"
puts " t themes" puts " t themes"
puts " vt only vulnerable themes" puts " vt only vulnerable themes"
puts " at all themes (can take a long time)"
puts " Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins" puts " Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins"
puts " If no option is supplied, the default is 'vt,tt,u,vp'" puts " If no option is supplied, the default is 'vt,tt,u,vp'"
puts puts

36
lib/wpscan/wpscan_options.rb
View File

@@ -86,37 +86,53 @@ class WpscanOptions
end end
def enumerate_plugins=(enumerate_plugins) def enumerate_plugins=(enumerate_plugins)
if enumerate_plugins === true and @enumerate_only_vulnerable_plugins === true if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true)
raise "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one" raise "Please choose only one plugin enumeration option"
else else
@enumerate_plugins = enumerate_plugins @enumerate_plugins = enumerate_plugins
end end
end end
def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins) def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins)
if enumerate_only_vulnerable_plugins === true and @enumerate_plugins === true if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true)
raise "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one" raise "Please choose only one plugin enumeration option"
else else
@enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins
end end
end end
def enumerate_all_plugins=(enumerate_all_plugins)
if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true)
raise "Please choose only one plugin enumeration option"
else
@enumerate_all_plugins = enumerate_all_plugins
end
end
def enumerate_themes=(enumerate_themes) def enumerate_themes=(enumerate_themes)
if enumerate_themes === true and @enumerate_only_vulnerable_themes === true if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true)
raise "You can't enumerate themes and only vulnerable themes at the same time, please choose only one" raise "Please choose only one theme enumeration option"
else else
@enumerate_themes = enumerate_themes @enumerate_themes = enumerate_themes
end end
end end
def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes) def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
if enumerate_only_vulnerable_themes === true and @enumerate_themes === true if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true)
raise "You can't enumerate themes and only vulnerable themes at the same time, please choose only one" raise "Please choose only one theme enumeration option"
else else
@enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
end end
end end
def enumerate_all_themes=(enumerate_all_themes)
if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true)
raise "Please choose only one theme enumeration option"
else
@enumerate_all_themes = enumerate_all_themes
end
end
def has_options? def has_options?
!to_h.empty? !to_h.empty?
end end
@@ -181,12 +197,16 @@ class WpscanOptions
self.enumerate_plugins = true if value.include?('p') self.enumerate_plugins = true if value.include?('p')
self.enumerate_all_plugins = true if value.include?('ap')
@enumerate_timthumbs = true if value.include?('tt') @enumerate_timthumbs = true if value.include?('tt')
self.enumerate_only_vulnerable_themes = true if value.include?('vt') self.enumerate_only_vulnerable_themes = true if value.include?('vt')
self.enumerate_themes = true if value.include?('t') self.enumerate_themes = true if value.include?('t')
self.enumerate_all_themes = true if value.include?('at')
value.grep(/^u/) do |username_enum_value| value.grep(/^u/) do |username_enum_value|
@enumerate_usernames = true @enumerate_usernames = true
# Check for usernames range # Check for usernames range

8
spec/lib/wpscan/wpscan_options_spec.rb
View File

@@ -105,7 +105,7 @@ describe "WpscanOptions" do
it "should raise an error" do it "should raise an error" do
@wpscan_options.enumerate_only_vulnerable_plugins = true @wpscan_options.enumerate_only_vulnerable_plugins = true
expect { @wpscan_options.enumerate_plugins = true }.to raise_error( expect { @wpscan_options.enumerate_plugins = true }.to raise_error(
RuntimeError, "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one" RuntimeError, "Please choose only one plugin enumeration option"
) )
end end
@@ -121,7 +121,7 @@ describe "WpscanOptions" do
it "should raise an error" do it "should raise an error" do
@wpscan_options.enumerate_only_vulnerable_themes = true @wpscan_options.enumerate_only_vulnerable_themes = true
expect { @wpscan_options.enumerate_themes = true }.to raise_error( expect { @wpscan_options.enumerate_themes = true }.to raise_error(
RuntimeError, "You can't enumerate themes and only vulnerable themes at the same time, please choose only one" RuntimeError, "Please choose only one theme enumeration option"
) )
end end
@@ -137,7 +137,7 @@ describe "WpscanOptions" do
it "should raise an error" do it "should raise an error" do
@wpscan_options.enumerate_plugins = true @wpscan_options.enumerate_plugins = true
expect { @wpscan_options.enumerate_only_vulnerable_plugins = true }.to raise_error( expect { @wpscan_options.enumerate_only_vulnerable_plugins = true }.to raise_error(
RuntimeError, "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one" RuntimeError, "Please choose only one plugin enumeration option"
) )
end end
@@ -153,7 +153,7 @@ describe "WpscanOptions" do
it "should raise an error" do it "should raise an error" do
@wpscan_options.enumerate_themes = true @wpscan_options.enumerate_themes = true
expect { @wpscan_options.enumerate_only_vulnerable_themes = true }.to raise_error( expect { @wpscan_options.enumerate_only_vulnerable_themes = true }.to raise_error(
RuntimeError, "You can't enumerate themes and only vulnerable themes at the same time, please choose only one" RuntimeError, "Please choose only one theme enumeration option"
) )
end end

6
wpscan.rb
View File

@@ -197,7 +197,7 @@ begin
end end
# Enumerate the installed plugins # Enumerate the installed plugins
if wpscan_options.enumerate_plugins or wpscan_options.enumerate_only_vulnerable_plugins if wpscan_options.enumerate_plugins or wpscan_options.enumerate_only_vulnerable_plugins or wpscan_options.enumerate_all_plugins
puts puts
puts green("[+]") + " Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..." puts green("[+]") + " Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..."
puts puts
@@ -209,6 +209,7 @@ begin
options[:wp_content_dir] = wp_target.wp_content_dir options[:wp_content_dir] = wp_target.wp_content_dir
options[:error_404_hash] = wp_target.error_404_hash options[:error_404_hash] = wp_target.error_404_hash
options[:wp_plugins_dir] = wp_target.wp_plugins_dir options[:wp_plugins_dir] = wp_target.wp_plugins_dir
options[:full] = wpscan_options.enumerate_all_plugins
plugins = wp_target.plugins_from_aggressive_detection(options) plugins = wp_target.plugins_from_aggressive_detection(options)
unless plugins.empty? unless plugins.empty?
@@ -252,7 +253,7 @@ begin
end end
# Enumerate installed themes # Enumerate installed themes
if wpscan_options.enumerate_themes or wpscan_options.enumerate_only_vulnerable_themes if wpscan_options.enumerate_themes or wpscan_options.enumerate_only_vulnerable_themes or wpscan_options.enumerate_all_themes
puts puts
puts green("[+]") + " Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..." puts green("[+]") + " Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..."
puts puts
@@ -263,6 +264,7 @@ begin
options[:show_progress_bar] = true options[:show_progress_bar] = true
options[:wp_content_dir] = wp_target.wp_content_dir options[:wp_content_dir] = wp_target.wp_content_dir
options[:error_404_hash] = wp_target.error_404_hash options[:error_404_hash] = wp_target.error_404_hash
options[:full] = wpscan_options.enumerate_all_themes
themes = wp_target.themes_from_aggressive_detection(options) themes = wp_target.themes_from_aggressive_detection(options)
unless themes.empty? unless themes.empty?