diff --git a/app/controllers/core.rb b/app/controllers/core.rb index 0b66f2dc..d2c6ab79 100644 --- a/app/controllers/core.rb +++ b/app/controllers/core.rb @@ -5,15 +5,15 @@ module WPScan # @return [ Array ] def cli_options [OptURL.new(['--url URL', 'The URL of the blog to scan'], - required_unless: %i[update help version], default_protocol: 'http')] + + required_unless: %i[update help hh version], default_protocol: 'http')] + super.drop(1) + # delete the --url from CMSScanner [ OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'], choices: %w[apache iis nginx], - normalize: %i[downcase to_sym]), + normalize: %i[downcase to_sym], + advanced: true), OptBoolean.new(['--force', 'Do not check if the target is running WordPress']), - OptBoolean.new(['--[no-]update', 'Wether or not to update the Database'], - required_unless: %i[url help version]) + OptBoolean.new(['--[no-]update', 'Whether or not to update the Database']) ] end diff --git a/app/controllers/enumeration/cli_options.rb b/app/controllers/enumeration/cli_options.rb index 3a974b67..ee6b8d5b 100644 --- a/app/controllers/enumeration/cli_options.rb +++ b/app/controllers/enumeration/cli_options.rb @@ -13,7 +13,7 @@ module WPScan def cli_enum_choices [ OptMultiChoices.new( - ['--enumerate [OPTS]', '-e', 'Enumeration Process'], + ['-e', '--enumerate [OPTS]', 'Enumeration Process'], choices: { vp: OptBoolean.new(['--vulnerable-plugins']), ap: OptBoolean.new(['--all-plugins']), @@ -25,7 +25,10 @@ module WPScan cb: OptBoolean.new(['--config-backups']), dbe: OptBoolean.new(['--db-exports']), u: OptIntegerRange.new(['--users', 'User IDs range. e.g: u1-5'], value_if_empty: '1-10'), - m: OptIntegerRange.new(['--medias', 'Media IDs range. e.g m1-15'], value_if_empty: '1-100') + m: OptIntegerRange.new(['--medias', + 'Media IDs range. e.g m1-15', + 'Note: Permalink setting must be set to "Plain" for those to be detected'], + value_if_empty: '1-100') }, value_if_empty: 'vp,vt,tt,cb,dbe,u,m', incompatible: [%i[vp ap p], %i[vt at t]], @@ -45,7 +48,7 @@ module WPScan # @return [ Array ] def cli_plugins_opts [ - OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate']), + OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate'], advanced: true), OptChoice.new( ['--plugins-detection MODE', 'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'], @@ -54,7 +57,8 @@ module WPScan OptBoolean.new( ['--plugins-version-all', 'Check all the plugins version locations according to the choosen mode (--detection-mode, ' \ - '--plugins-detection and --plugins-version-detection)'] + '--plugins-detection and --plugins-version-detection)'], + advanced: true ), OptChoice.new( ['--plugins-version-detection MODE', @@ -68,22 +72,23 @@ module WPScan # @return [ Array ] def cli_themes_opts [ - OptSmartList.new(['--themes-list LIST', 'List of themes to enumerate']), + OptSmartList.new(['--themes-list LIST', 'List of themes to enumerate'], advanced: true), OptChoice.new( ['--themes-detection MODE', 'Use the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ), OptBoolean.new( ['--themes-version-all', 'Check all the themes version locations according to the choosen mode (--detection-mode, ' \ - '--themes-detection and --themes-version-detection)'] + '--themes-detection and --themes-version-detection)'], + advanced: true ), OptChoice.new( ['--themes-version-detection MODE', 'Use the supplied mode to check themes versions instead of the --detection-mode ' \ 'or --themes-detection modes.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end @@ -93,12 +98,12 @@ module WPScan [ OptFilePath.new( ['--timthumbs-list FILE-PATH', 'List of timthumbs\' location to use'], - exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt') + exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt'), advanced: true ), OptChoice.new( ['--timthumbs-detection MODE', 'Use the supplied mode to enumerate Timthumbs, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end @@ -108,12 +113,12 @@ module WPScan [ OptFilePath.new( ['--config-backups-list FILE-PATH', 'List of config backups\' filenames to use'], - exists: true, default: File.join(DB_DIR, 'config_backups.txt') + exists: true, default: File.join(DB_DIR, 'config_backups.txt'), advanced: true ), OptChoice.new( ['--config-backups-detection MODE', 'Use the supplied mode to enumerate Config Backups, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end @@ -123,12 +128,12 @@ module WPScan [ OptFilePath.new( ['--db-exports-list FILE-PATH', 'List of DB exports\' paths to use'], - exists: true, default: File.join(DB_DIR, 'db_exports.txt') + exists: true, default: File.join(DB_DIR, 'db_exports.txt'), advanced: true ), OptChoice.new( ['--db-exports-detection MODE', 'Use the supplied mode to enumerate DB Exports, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end @@ -139,7 +144,7 @@ module WPScan OptChoice.new( ['--medias-detection MODE', 'Use the supplied mode to enumerate Medias, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end @@ -149,12 +154,13 @@ module WPScan [ OptSmartList.new( ['--users-list LIST', - 'List of users to check during the users enumeration from the Login Error Messages'] + 'List of users to check during the users enumeration from the Login Error Messages'], + advanced: true ), OptChoice.new( ['--users-detection MODE', 'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end diff --git a/app/controllers/enumeration/enum_methods.rb b/app/controllers/enumeration/enum_methods.rb index 9447bcb9..2b5758d6 100644 --- a/app/controllers/enumeration/enum_methods.rb +++ b/app/controllers/enumeration/enum_methods.rb @@ -146,7 +146,10 @@ module WPScan def enum_medias opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias]) - output('@info', msg: 'Enumerating Medias') if user_interaction? + if user_interaction? + output('@info', msg: 'Enumerating Medias (Permalink setting must be set to "Plain" for those to be detected)') + end + output('medias', medias: target.medias(opts)) end diff --git a/app/controllers/main_theme.rb b/app/controllers/main_theme.rb index 22b616d3..11f3c576 100644 --- a/app/controllers/main_theme.rb +++ b/app/controllers/main_theme.rb @@ -7,8 +7,7 @@ module WPScan OptChoice.new( ['--main-theme-detection MODE', 'Use the supplied mode for the Main theme detection, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], - normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end diff --git a/app/controllers/wp_version.rb b/app/controllers/wp_version.rb index 0b1ffa5c..5ea409c7 100644 --- a/app/controllers/wp_version.rb +++ b/app/controllers/wp_version.rb @@ -4,13 +4,12 @@ module WPScan class WpVersion < CMSScanner::Controller::Base def cli_options [ - OptBoolean.new(['--wp-version-all', 'Check all the version locations']), + OptBoolean.new(['--wp-version-all', 'Check all the version locations'], advanced: true), OptChoice.new( ['--wp-version-detection MODE', 'Use the supplied mode for the WordPress version detection, ' \ 'instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], - normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end diff --git a/app/finders/medias/attachment_brute_forcing.rb b/app/finders/medias/attachment_brute_forcing.rb index 0657fd16..eefa4a07 100644 --- a/app/finders/medias/attachment_brute_forcing.rb +++ b/app/finders/medias/attachment_brute_forcing.rb @@ -1,7 +1,7 @@ module WPScan module Finders module Medias - # Medias Finder + # Medias Finder, see https://github.com/wpscanteam/wpscan/issues/172 class AttachmentBruteForcing < CMSScanner::Finders::Finder include CMSScanner::Finders::Finder::Enumerator diff --git a/app/models/wp_version.rb b/app/models/wp_version.rb index 0f2ccaa0..0a817aff 100644 --- a/app/models/wp_version.rb +++ b/app/models/wp_version.rb @@ -50,5 +50,10 @@ module WPScan @vulnerabilities end + + # @return [ String ] + def release_date + @release_date ||= db_data['release_date'] + end end end diff --git a/app/views/cli/wp_version/version.erb b/app/views/cli/wp_version/version.erb index a2cc0893..b5397788 100644 --- a/app/views/cli/wp_version/version.erb +++ b/app/views/cli/wp_version/version.erb @@ -1,5 +1,5 @@ <% if @version -%> -<%= info_icon %> WordPress version <%= @version.number %> identified. +<%= info_icon %> WordPress version <%= @version.number %> identified (Released on <%= @version.release_date %>). <%= render('@finding', item: @version) -%> <% else -%> <%= notice_icon %> The WordPress version could not be detected. diff --git a/app/views/json/wp_version/version.erb b/app/views/json/wp_version/version.erb index 1066c23c..babf139e 100644 --- a/app/views/json/wp_version/version.erb +++ b/app/views/json/wp_version/version.erb @@ -1,6 +1,7 @@ <% if @version -%> "version": { "number": <%= @version.number.to_json %>, + "release_date": <%= @version.release_date.to_json %>, <%= render('@finding', item: @version) -%> }, <% else -%> diff --git a/spec/app/controllers/core_spec.rb b/spec/app/controllers/core_spec.rb index 475485bd..7172b023 100644 --- a/spec/app/controllers/core_spec.rb +++ b/spec/app/controllers/core_spec.rb @@ -22,7 +22,7 @@ describe WPScan::Controller::Core do # Ensures the :url is the first one and is correctly setup expect(cli_options.first.to_sym).to eql :url - expect(cli_options.first.required_unless).to match_array %i[update help version] + expect(cli_options.first.required_unless).to match_array %i[update help hh version] end end diff --git a/spec/app/models/wp_version_spec.rb b/spec/app/models/wp_version_spec.rb index 6e010908..1c4cbeb6 100644 --- a/spec/app/models/wp_version_spec.rb +++ b/spec/app/models/wp_version_spec.rb @@ -86,4 +86,10 @@ describe WPScan::WpVersion do end end end + + describe '#release_date' do + subject(:version) { described_class.new('3.8.1') } + + its(:release_date) { should eql '2014-01-23' } + end end diff --git a/spec/fixtures/db/wordpresses.json b/spec/fixtures/db/wordpresses.json index 8d6c3914..197d471e 100644 --- a/spec/fixtures/db/wordpresses.json +++ b/spec/fixtures/db/wordpresses.json @@ -1,5 +1,9 @@ { + "4.0": { + "release_date" : "2014-09-04" + }, "3.8.1": { + "release_date" : "2014-01-23", "vulnerabilities" : [ { "created_at" : "2014-08-01T10:58:19.000Z", @@ -25,6 +29,7 @@ ] }, "3.8": { + "release_date" : "2013-12-12", "vulnerabilities" : [ { "references": { diff --git a/spec/output/wp_version/confirmed_multiples.cli_no_colour b/spec/output/wp_version/confirmed_multiples.cli_no_colour index a364a6ac..75eb1e2b 100644 --- a/spec/output/wp_version/confirmed_multiples.cli_no_colour +++ b/spec/output/wp_version/confirmed_multiples.cli_no_colour @@ -1,4 +1,4 @@ -[+] WordPress version 4.0 identified. +[+] WordPress version 4.0 identified (Released on 2014-09-04). | Detected By: rspec | Confirmed By: | Confirmed 1 diff --git a/spec/output/wp_version/confirmed_multiples.json b/spec/output/wp_version/confirmed_multiples.json index 0971855f..bd47879a 100644 --- a/spec/output/wp_version/confirmed_multiples.json +++ b/spec/output/wp_version/confirmed_multiples.json @@ -1,6 +1,7 @@ { "version": { "number": "4.0", + "release_date": "2014-09-04", "found_by": "rspec", "confidence": 0, "interesting_entries": [ diff --git a/spec/output/wp_version/confirmed_one.cli_no_colour b/spec/output/wp_version/confirmed_one.cli_no_colour index 3b8e23f2..75c89109 100644 --- a/spec/output/wp_version/confirmed_one.cli_no_colour +++ b/spec/output/wp_version/confirmed_one.cli_no_colour @@ -1,4 +1,4 @@ -[+] WordPress version 4.0 identified. +[+] WordPress version 4.0 identified (Released on 2014-09-04). | Detected By: rspec | Confirmed By: Confirmed 1 | - IE1 diff --git a/spec/output/wp_version/confirmed_one.json b/spec/output/wp_version/confirmed_one.json index 8156a6fa..5d748206 100644 --- a/spec/output/wp_version/confirmed_one.json +++ b/spec/output/wp_version/confirmed_one.json @@ -1,6 +1,7 @@ { "version": { "number": "4.0", + "release_date": "2014-09-04", "found_by": "rspec", "confidence": 0, "interesting_entries": [ diff --git a/spec/output/wp_version/not_confirmed_entries.cli_no_colour b/spec/output/wp_version/not_confirmed_entries.cli_no_colour index 28f6559e..6cf39f33 100644 --- a/spec/output/wp_version/not_confirmed_entries.cli_no_colour +++ b/spec/output/wp_version/not_confirmed_entries.cli_no_colour @@ -1,4 +1,4 @@ -[+] WordPress version 4.0 identified. +[+] WordPress version 4.0 identified (Released on 2014-09-04). | Detected By: rspec | - IE1 | - IE2 diff --git a/spec/output/wp_version/not_confirmed_entries.json b/spec/output/wp_version/not_confirmed_entries.json index bf29a95f..204d071f 100644 --- a/spec/output/wp_version/not_confirmed_entries.json +++ b/spec/output/wp_version/not_confirmed_entries.json @@ -1,6 +1,7 @@ { "version": { "number": "4.0", + "release_date": "2014-09-04", "found_by": "rspec", "confidence": 0, "interesting_entries": [ diff --git a/spec/output/wp_version/not_confirmed_no_entries.cli_no_colour b/spec/output/wp_version/not_confirmed_no_entries.cli_no_colour index 53baf371..fd5340cb 100644 --- a/spec/output/wp_version/not_confirmed_no_entries.cli_no_colour +++ b/spec/output/wp_version/not_confirmed_no_entries.cli_no_colour @@ -1,3 +1,3 @@ -[+] WordPress version 4.0 identified. +[+] WordPress version 4.0 identified (Released on 2014-09-04). | Detected By: rspec diff --git a/spec/output/wp_version/not_confirmed_no_entries.json b/spec/output/wp_version/not_confirmed_no_entries.json index 25276fa4..a7e10916 100644 --- a/spec/output/wp_version/not_confirmed_no_entries.json +++ b/spec/output/wp_version/not_confirmed_no_entries.json @@ -1,6 +1,7 @@ { "version": { "number": "4.0", + "release_date": "2014-09-04", "found_by": "rspec", "confidence": 0, "interesting_entries": [ diff --git a/spec/output/wp_version/with_vulns.cli_no_colour b/spec/output/wp_version/with_vulns.cli_no_colour index f8a73300..8c55466c 100644 --- a/spec/output/wp_version/with_vulns.cli_no_colour +++ b/spec/output/wp_version/with_vulns.cli_no_colour @@ -1,4 +1,4 @@ -[+] WordPress version 3.8.1 identified. +[+] WordPress version 3.8.1 identified (Released on 2014-01-23). | Detected By: rspec | | [!] 2 vulnerabilities identified: diff --git a/spec/output/wp_version/with_vulns.json b/spec/output/wp_version/with_vulns.json index c77bc2a7..2b720834 100644 --- a/spec/output/wp_version/with_vulns.json +++ b/spec/output/wp_version/with_vulns.json @@ -1,6 +1,7 @@ { "version": { "number": "3.8.1", + "release_date": "2014-01-23", "found_by": "rspec", "confidence": 0, "interesting_entries": [ diff --git a/wpscan.gemspec b/wpscan.gemspec index 7341f90d..96b35a68 100644 --- a/wpscan.gemspec +++ b/wpscan.gemspec @@ -21,7 +21,7 @@ Gem::Specification.new do |s| s.executables = ['wpscan'] s.require_paths = ['lib'] - s.add_dependency 'cms_scanner', '~> 0.0.40.1' + s.add_dependency 'cms_scanner', '~> 0.0.40.2' # Already required by CMSScanner, so version restrictions loosen s.add_dependency 'activesupport', '~> 5.2'