Merge branch 'advanced_help'

2018-10-20 13:41:17 +01:00
parent d1ff642957 48dab90313
commit 498da1a06b
23 changed files with 65 additions and 36 deletions
--- a/app/controllers/core.rb
+++ b/app/controllers/core.rb
@@ -5,15 +5,15 @@ module WPScan
      # @return [ Array<OptParseValidator::Opt> ]
      def cli_options
        [OptURL.new(['--url URL', 'The URL of the blog to scan'],
-                    required_unless: %i[update help version], default_protocol: 'http')] +
+                    required_unless: %i[update help hh version], default_protocol: 'http')] +
          super.drop(1) + # delete the --url from CMSScanner
          [
            OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
                          choices: %w[apache iis nginx],
-                          normalize: %i[downcase to_sym]),
+                          normalize: %i[downcase to_sym],
+                          advanced: true),
            OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
-            OptBoolean.new(['--[no-]update', 'Wether or not to update the Database'],
-                           required_unless: %i[url help version])
+            OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
          ]
      end

--- a/app/controllers/enumeration/cli_options.rb
+++ b/app/controllers/enumeration/cli_options.rb
@@ -13,7 +13,7 @@ module WPScan
      def cli_enum_choices
        [
          OptMultiChoices.new(
-            ['--enumerate [OPTS]', '-e', 'Enumeration Process'],
+            ['-e', '--enumerate [OPTS]', 'Enumeration Process'],
            choices: {
              vp:  OptBoolean.new(['--vulnerable-plugins']),
              ap:  OptBoolean.new(['--all-plugins']),
@@ -25,7 +25,10 @@ module WPScan
              cb:  OptBoolean.new(['--config-backups']),
              dbe: OptBoolean.new(['--db-exports']),
              u:   OptIntegerRange.new(['--users', 'User IDs range. e.g: u1-5'], value_if_empty: '1-10'),
-              m:   OptIntegerRange.new(['--medias', 'Media IDs range. e.g m1-15'], value_if_empty: '1-100')
+              m:   OptIntegerRange.new(['--medias',
+                                        'Media IDs range. e.g m1-15',
+                                        'Note: Permalink setting must be set to "Plain" for those to be detected'],
+                                       value_if_empty: '1-100')
            },
            value_if_empty: 'vp,vt,tt,cb,dbe,u,m',
            incompatible: [%i[vp ap p], %i[vt at t]],
@@ -45,7 +48,7 @@ module WPScan
      # @return [ Array<OptParseValidator::OptBase> ]
      def cli_plugins_opts
        [
-          OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate']),
+          OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate'], advanced: true),
          OptChoice.new(
            ['--plugins-detection MODE',
             'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'],
@@ -54,7 +57,8 @@ module WPScan
          OptBoolean.new(
            ['--plugins-version-all',
             'Check all the plugins version locations according to the choosen mode (--detection-mode, ' \
-             '--plugins-detection and --plugins-version-detection)']
+             '--plugins-detection and --plugins-version-detection)'],
+            advanced: true
          ),
          OptChoice.new(
            ['--plugins-version-detection MODE',
@@ -68,22 +72,23 @@ module WPScan
      # @return [ Array<OptParseValidator::OptBase> ]
      def cli_themes_opts
        [
-          OptSmartList.new(['--themes-list LIST', 'List of themes to enumerate']),
+          OptSmartList.new(['--themes-list LIST', 'List of themes to enumerate'], advanced: true),
          OptChoice.new(
            ['--themes-detection MODE',
             'Use the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          ),
          OptBoolean.new(
            ['--themes-version-all',
             'Check all the themes version locations according to the choosen mode (--detection-mode, ' \
-             '--themes-detection and --themes-version-detection)']
+             '--themes-detection and --themes-version-detection)'],
+            advanced: true
          ),
          OptChoice.new(
            ['--themes-version-detection MODE',
             'Use the supplied mode to check themes versions instead of the --detection-mode ' \
             'or --themes-detection modes.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          )
        ]
      end
@@ -93,12 +98,12 @@ module WPScan
        [
          OptFilePath.new(
            ['--timthumbs-list FILE-PATH', 'List of timthumbs\' location to use'],
-            exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt')
+            exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt'), advanced: true
          ),
          OptChoice.new(
            ['--timthumbs-detection MODE',
             'Use the supplied mode to enumerate Timthumbs, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          )
        ]
      end
@@ -108,12 +113,12 @@ module WPScan
        [
          OptFilePath.new(
            ['--config-backups-list FILE-PATH', 'List of config backups\' filenames to use'],
-            exists: true, default: File.join(DB_DIR, 'config_backups.txt')
+            exists: true, default: File.join(DB_DIR, 'config_backups.txt'), advanced: true
          ),
          OptChoice.new(
            ['--config-backups-detection MODE',
             'Use the supplied mode to enumerate Config Backups, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          )
        ]
      end
@@ -123,12 +128,12 @@ module WPScan
        [
          OptFilePath.new(
            ['--db-exports-list FILE-PATH', 'List of DB exports\' paths to use'],
-            exists: true, default: File.join(DB_DIR, 'db_exports.txt')
+            exists: true, default: File.join(DB_DIR, 'db_exports.txt'), advanced: true
          ),
          OptChoice.new(
            ['--db-exports-detection MODE',
             'Use the supplied mode to enumerate DB Exports, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          )
        ]
      end
@@ -139,7 +144,7 @@ module WPScan
          OptChoice.new(
            ['--medias-detection MODE',
             'Use the supplied mode to enumerate Medias, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          )
        ]
      end
@@ -149,12 +154,13 @@ module WPScan
        [
          OptSmartList.new(
            ['--users-list LIST',
-             'List of users to check during the users enumeration from the Login Error Messages']
+             'List of users to check during the users enumeration from the Login Error Messages'],
+            advanced: true
          ),
          OptChoice.new(
            ['--users-detection MODE',
             'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          )
        ]
      end
--- a/app/controllers/enumeration/enum_methods.rb
+++ b/app/controllers/enumeration/enum_methods.rb
@@ -146,7 +146,10 @@ module WPScan
      def enum_medias
        opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias])

-        output('@info', msg: 'Enumerating Medias') if user_interaction?
+        if user_interaction?
+          output('@info', msg: 'Enumerating Medias (Permalink setting must be set to "Plain" for those to be detected)')
+        end
+
        output('medias', medias: target.medias(opts))
      end

--- a/app/controllers/main_theme.rb
+++ b/app/controllers/main_theme.rb
@@ -7,8 +7,7 @@ module WPScan
          OptChoice.new(
            ['--main-theme-detection MODE',
             'Use the supplied mode for the Main theme detection, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive],
-            normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          )
        ]
      end
--- a/app/controllers/wp_version.rb
+++ b/app/controllers/wp_version.rb
@@ -4,13 +4,12 @@ module WPScan
    class WpVersion < CMSScanner::Controller::Base
      def cli_options
        [
-          OptBoolean.new(['--wp-version-all', 'Check all the version locations']),
+          OptBoolean.new(['--wp-version-all', 'Check all the version locations'], advanced: true),
          OptChoice.new(
            ['--wp-version-detection MODE',
             'Use the supplied mode for the WordPress version detection, ' \
             'instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive],
-            normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          )
        ]
      end
--- a/app/finders/medias/attachment_brute_forcing.rb
+++ b/app/finders/medias/attachment_brute_forcing.rb
@@ -1,7 +1,7 @@
 module WPScan
  module Finders
    module Medias
-      # Medias Finder
+      # Medias Finder, see https://github.com/wpscanteam/wpscan/issues/172
      class AttachmentBruteForcing < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator

--- a/app/models/wp_version.rb
+++ b/app/models/wp_version.rb
@@ -50,5 +50,10 @@ module WPScan

      @vulnerabilities
    end
+
+    # @return [ String ]
+    def release_date
+      @release_date ||= db_data['release_date']
+    end
  end
 end
--- a/app/views/cli/wp_version/version.erb
+++ b/app/views/cli/wp_version/version.erb
@@ -1,5 +1,5 @@
 <% if @version -%>
-<%= info_icon %> WordPress version <%= @version.number %> identified.
+<%= info_icon %> WordPress version <%= @version.number %> identified (Released on <%= @version.release_date %>).
 <%= render('@finding', item: @version) -%>
 <% else -%>
 <%= notice_icon %> The WordPress version could not be detected.
--- a/app/views/json/wp_version/version.erb
+++ b/app/views/json/wp_version/version.erb
@@ -1,6 +1,7 @@
 <% if @version -%>
 "version": {
  "number": <%= @version.number.to_json %>,
+  "release_date": <%= @version.release_date.to_json %>,
  <%= render('@finding', item: @version) -%>
 },
 <% else -%>
--- a/spec/app/controllers/core_spec.rb
+++ b/spec/app/controllers/core_spec.rb
@@ -22,7 +22,7 @@ describe WPScan::Controller::Core do

      # Ensures the :url is the first one and is correctly setup
      expect(cli_options.first.to_sym).to eql :url
-      expect(cli_options.first.required_unless).to match_array %i[update help version]
+      expect(cli_options.first.required_unless).to match_array %i[update help hh version]
    end
  end

--- a/spec/app/models/wp_version_spec.rb
+++ b/spec/app/models/wp_version_spec.rb
@@ -86,4 +86,10 @@ describe WPScan::WpVersion do
      end
    end
  end
+
+  describe '#release_date' do
+    subject(:version) { described_class.new('3.8.1') }
+
+    its(:release_date) { should eql '2014-01-23' }
+  end
 end
--- a/spec/fixtures/db/wordpresses.json
+++ b/spec/fixtures/db/wordpresses.json
@@ -1,5 +1,9 @@
 {
+  "4.0": {
+    "release_date" : "2014-09-04"
+  },
  "3.8.1": {
+    "release_date" : "2014-01-23",
    "vulnerabilities" : [
      {
        "created_at" : "2014-08-01T10:58:19.000Z",
@@ -25,6 +29,7 @@
    ]
   },
   "3.8": {
+    "release_date" : "2013-12-12",
    "vulnerabilities" : [
      {
        "references": {
--- a/spec/output/wp_version/confirmed_multiples.cli_no_colour
+++ b/spec/output/wp_version/confirmed_multiples.cli_no_colour
@@ -1,4 +1,4 @@
-[+] WordPress version 4.0 identified.
+[+] WordPress version 4.0 identified (Released on 2014-09-04).
 | Detected By: rspec
 | Confirmed By:
 |  Confirmed 1
--- a/spec/output/wp_version/confirmed_multiples.json
+++ b/spec/output/wp_version/confirmed_multiples.json
@@ -1,6 +1,7 @@
 {
  "version": {
    "number": "4.0",
+    "release_date": "2014-09-04",
    "found_by": "rspec",
    "confidence": 0,
    "interesting_entries": [
--- a/spec/output/wp_version/confirmed_one.cli_no_colour
+++ b/spec/output/wp_version/confirmed_one.cli_no_colour
@@ -1,4 +1,4 @@
-[+] WordPress version 4.0 identified.
+[+] WordPress version 4.0 identified (Released on 2014-09-04).
 | Detected By: rspec
 | Confirmed By: Confirmed 1
 |  - IE1
--- a/spec/output/wp_version/confirmed_one.json
+++ b/spec/output/wp_version/confirmed_one.json
@@ -1,6 +1,7 @@
 {
  "version": {
    "number": "4.0",
+    "release_date": "2014-09-04",
    "found_by": "rspec",
    "confidence": 0,
    "interesting_entries": [
--- a/spec/output/wp_version/not_confirmed_entries.cli_no_colour
+++ b/spec/output/wp_version/not_confirmed_entries.cli_no_colour
@@ -1,4 +1,4 @@
-[+] WordPress version 4.0 identified.
+[+] WordPress version 4.0 identified (Released on 2014-09-04).
 | Detected By: rspec
 |  - IE1
 |  - IE2
--- a/spec/output/wp_version/not_confirmed_entries.json
+++ b/spec/output/wp_version/not_confirmed_entries.json
@@ -1,6 +1,7 @@
 {
  "version": {
    "number": "4.0",
+    "release_date": "2014-09-04",
    "found_by": "rspec",
    "confidence": 0,
    "interesting_entries": [
--- a/spec/output/wp_version/not_confirmed_no_entries.cli_no_colour
+++ b/spec/output/wp_version/not_confirmed_no_entries.cli_no_colour
@@ -1,3 +1,3 @@
-[+] WordPress version 4.0 identified.
+[+] WordPress version 4.0 identified (Released on 2014-09-04).
 | Detected By: rspec

--- a/spec/output/wp_version/not_confirmed_no_entries.json
+++ b/spec/output/wp_version/not_confirmed_no_entries.json
@@ -1,6 +1,7 @@
 {
  "version": {
    "number": "4.0",
+    "release_date": "2014-09-04",
    "found_by": "rspec",
    "confidence": 0,
    "interesting_entries": [
--- a/spec/output/wp_version/with_vulns.cli_no_colour
+++ b/spec/output/wp_version/with_vulns.cli_no_colour
@@ -1,4 +1,4 @@
-[+] WordPress version 3.8.1 identified.
+[+] WordPress version 3.8.1 identified (Released on 2014-01-23).
 | Detected By: rspec
 |
 | [!] 2 vulnerabilities identified:
--- a/spec/output/wp_version/with_vulns.json
+++ b/spec/output/wp_version/with_vulns.json
@@ -1,6 +1,7 @@
 {
  "version": {
    "number": "3.8.1",
+    "release_date": "2014-01-23",
    "found_by": "rspec",
    "confidence": 0,
    "interesting_entries": [
--- a/wpscan.gemspec
+++ b/wpscan.gemspec
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
  s.executables           = ['wpscan']
  s.require_paths         = ['lib']

-  s.add_dependency 'cms_scanner', '~> 0.0.40.1'
+  s.add_dependency 'cms_scanner', '~> 0.0.40.2'

  # Already required by CMSScanner, so version restrictions loosen
  s.add_dependency 'activesupport', '~> 5.2'