VulnAPI Implementation

2019-07-18 20:32:15 +01:00
parent 84422b10c8
commit 463e77f0a5
60 changed files with 1126 additions and 223 deletions
--- a/lib/wpscan.rb
+++ b/lib/wpscan.rb
@@ -13,7 +13,8 @@ require 'uri'
 require 'time'
 require 'readline'
 require 'securerandom'
-
+# Monkey Patches/Fixes/Override
+require 'wpscan/typhoeus/response' # Adds a from_vuln_api? method
 # Custom Libs
 require 'wpscan/helper'
 require 'wpscan/db'
@@ -38,12 +39,28 @@ module WPScan
  APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
  DB_DIR  = Pathname.new(Dir.home).join('.wpscan', 'db')

+  Typhoeus.on_complete do |response|
+    next if response.cached? || !response.from_vuln_api?
+
+    self.api_requests += 1
+  end
+
  # Override, otherwise it would be returned as 'wp_scan'
  #
  # @return [ String ]
  def self.app_name
    'wpscan'
  end
+
+  # @return [ Integer ]
+  def self.api_requests
+    @@api_requests ||= 0
+  end
+
+  # @param [ Integer ] value
+  def self.api_requests=(value)
+    @@api_requests = value
+  end
 end

 require "#{WPScan::APP_DIR}/app"
--- a/lib/wpscan/browser.rb
+++ b/lib/wpscan/browser.rb
@@ -7,7 +7,7 @@ module WPScan

    # @return [ String ]
    def default_user_agent
-      "WPScan v#{VERSION} (https://wpscan.org/)"
+      @default_user_agent ||= "WPScan v#{VERSION} (https://wpscan.org/)"
    end
  end
 end
--- a/lib/wpscan/db.rb
+++ b/lib/wpscan/db.rb
@@ -10,6 +10,8 @@ require_relative 'db/theme'
 require_relative 'db/wp_version'
 require_relative 'db/fingerprints'

+require_relative 'db/vuln_api'
+
 require_relative 'db/dynamic_finders/base'
 require_relative 'db/dynamic_finders/plugin'
 require_relative 'db/dynamic_finders/theme'
--- a/lib/wpscan/db/updater.rb
+++ b/lib/wpscan/db/updater.rb
@@ -14,7 +14,7 @@ module WPScan

      OLD_FILES = %w[
        wordpress.db user-agents.txt dynamic_finders_01.yml
-        wordpressess.json plugins.json themes.json
+        wordpresses.json plugins.json themes.json
      ].freeze

      attr_reader :repo_directory
--- a/lib/wpscan/db/vuln_api.rb
+++ b/lib/wpscan/db/vuln_api.rb
@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+module WPScan
+  module DB
+    # WPVulnDB API
+    class VulnApi
+      NON_ERROR_CODES = [200, 401, 404].freeze
+
+      class << self
+        attr_accessor :token
+      end
+
+      # @return [ Addressable::URI ]
+      def self.uri
+        @uri ||= Addressable::URI.parse('https://wpvulndb.com/api/v3/')
+      end
+
+      # @param [ String ] path
+      # @param [ Hash ] params
+      #
+      # @return [ Hash ]
+      def self.get(path, params = {})
+        return {} unless token
+
+        res = Browser.get(uri.join(path), params.merge(request_params))
+
+        return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)
+
+        raise Error::HTTP, res
+      rescue Error::HTTP => e
+        retries ||= 0
+
+        if (retries += 1) <= 3
+          sleep(1)
+          retry
+        end
+
+        { 'http_error' => e }
+      end
+
+      # @return [ Hash ]
+      def self.plugin_data(slug)
+        get("plugins/#{slug}")&.dig(slug) || {}
+      end
+
+      # @return [ Hash ]
+      def self.theme_data(slug)
+        get("themes/#{slug}")&.dig(slug) || {}
+      end
+
+      # @return [ Hash ]
+      def self.wordpress_data(version_number)
+        get("wordpresses/#{version_number.tr('.', '')}")&.dig(version_number) || {}
+      end
+
+      # @return [ Hash ]
+      def self.status
+        json = get('status', params: { version: WPScan::VERSION }, cache_ttl: 0)
+
+        json['requests_remaining'] = 'Unlimited' if json['requests_remaining'] == -1
+
+        json
+      end
+
+      # @return [ Hash ]
+      def self.request_params
+        {
+          headers: {
+            'Host' => uri.host, # Reset in case user provided a --vhost for the target
+            'Referer' => nil, # Removes referer set by the cmsscanner to the target url
+            'User-Agent' => Browser.instance.default_user_agent,
+            'Authorization' => "Token token=#{token}"
+          }
+        }
+      end
+    end
+  end
+end
--- a/lib/wpscan/errors.rb
+++ b/lib/wpscan/errors.rb
@@ -12,5 +12,6 @@ end
 require_relative 'errors/enumeration'
 require_relative 'errors/http'
 require_relative 'errors/update'
+require_relative 'errors/vuln_api'
 require_relative 'errors/wordpress'
 require_relative 'errors/xmlrpc'
--- a/lib/wpscan/errors/vuln_api.rb
+++ b/lib/wpscan/errors/vuln_api.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Error
+    # Error raised when the token given via --api-token is invalid
+    class InvalidApiToken < Standard
+      def to_s
+        'The API token provided is invalid'
+      end
+    end
+
+    # Error raised when the number of API requests has been reached
+    # currently not implemented on the API side
+    class ApiLimitReached < Standard
+      def to_s
+        'Your API limit has been reached'
+      end
+    end
+  end
+end
--- a/lib/wpscan/typhoeus/response.rb
+++ b/lib/wpscan/typhoeus/response.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Typhoeus
+  # Custom Response class
+  class Response
+    # @note: Ignores requests done to the /status endpoint of the API
+    #
+    # @return [ Boolean ]
+    def from_vuln_api?
+      effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) && !effective_url.include?('/status')
+    end
+  end
+end