WPScan files

2012-07-11 22:49:18 +02:00
parent 6da2da90f7
commit 3d78cbc4ac
190 changed files with 43701 additions and 0 deletions
--- a/lib/wpstools/generate_plugin_list.rb
+++ b/lib/wpstools/generate_plugin_list.rb
@@ -0,0 +1,128 @@
+#!/usr/bin/env ruby
+
+#
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2011  Ryan Dewhurst AKA ethicalhack3r
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+# ryandewhurst at gmail
+#
+
+# This tool generates a plugin list to use for plugin enumeration
+
+class Generate_Plugin_List
+
+  attr_accessor :pages, :verbose
+
+  def initialize(pages, verbose)
+    @pages = pages.to_i
+    @verbose = verbose
+    @browser = Browser.instance
+    @hydra = @browser.hydra
+  end
+
+  # Send a HTTP request to the WordPress most popular plugins webpage
+  # parse the response for the plugin names.
+
+  def parse_plugins
+
+    found_plugins = []
+    page_count = 1
+    queue_count = 0
+
+    (1...@pages).each do |page|
+
+      request = @browser.forge_request('http://wordpress.org/extend/plugins/browse/popular/page/'+page.to_s+'/')
+
+      queue_count += 1
+
+      request.on_complete do |response|
+        puts "[+] Parsing page " + page_count.to_s if @verbose
+        page_count += 1
+        response.body.scan(%r{<h3><a href="http://wordpress.org/extend/plugins/(.*)/">.+</a></h3>}i).each do |plugin|
+          found_plugins << plugin[0]
+        end
+      end
+
+      @hydra.queue(request)
+
+      if queue_count == @browser.max_threads
+         @hydra.run
+         queue_count = 0
+       end
+
+    end
+
+    @hydra.run
+
+    found_plugins.uniq
+  end
+
+  # Use the WordPress plugin SVN repo to find a
+  # valid plugin file. This will cut down on
+  # false positives. See issue 39.
+
+  def parse_plugin_files(plugins)
+
+    plugins_with_paths = ""
+    queue_count = 0
+
+    plugins.each do |plugin|
+
+  	  request = @browser.forge_request('http://plugins.svn.wordpress.org/' + plugin  + '/trunk/')
+
+      request.on_complete do |response|
+
+        puts "[+] Parsing plugin " + plugin  + " [" + response.code.to_s  + "]" if @verbose
+        file = response.body[%r{<li><a href="(\d*?[a-zA-Z].*\..*)">.+</a></li>}i, 1]
+        if file
+          plugin += "/" + file
+        end
+
+        plugins_with_paths << plugin + "\n"
+      end
+
+      queue_count += 1
+      @hydra.queue(request)
+
+      # the wordpress server stops
+      # responding if we dont use this.
+      if queue_count == @browser.max_threads
+         @hydra.run
+         queue_count = 0
+      end
+
+    end
+
+    @hydra.run
+
+    plugins_with_paths
+  end
+
+  # Save the file
+
+  def save_file
+    begin
+      plugins = parse_plugins
+      puts "[*] We have parsed " + plugins.size.to_s
+      plugins_with_paths = parse_plugin_files(plugins)
+      File.open(DATA_DIR + '/plugins.txt', 'w') { |f| f.write(plugins_with_paths) }
+      puts "New data/plugin.txt file created with " + plugins_with_paths.scan(/\n/).size.to_s + " entries."
+    rescue => e
+      puts "ERROR: Something went wrong :( " + e.inspect
+    end
+  end
+
+end
--- a/lib/wpstools/wpstools_helper.rb
+++ b/lib/wpstools/wpstools_helper.rb
@@ -0,0 +1,28 @@
+require File.expand_path(File.dirname(__FILE__) + '/../common_helper')
+
+require_files_from_directory(WPSTOOLS_LIB_DIR)
+
+def usage()
+  script_name = $0
+  puts
+  puts "-h for further help."
+  puts
+  puts "Examples:"
+  puts
+  puts "- Generate a new 'most popular' plugin list, up to 150 pages ..."
+  puts "ruby " + script_name + " --generate_plugin_list 150"
+  puts
+  puts "See README for further information."
+  puts
+end
+
+def help()
+  puts "Help :"
+  puts
+  puts "--help    | -h   This help screen."
+  puts "--Verbose | -v   Verbose output."
+  puts "--update  | -u   Update to the latest revision."
+  puts "--generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)"
+  puts "--gpl  Alias for --generate_plugin_list"
+  puts
+end