garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't fail silent.

Browse Source
This commit is contained in:
g0tmi1k
2018-05-15 10:39:16 +01:00
parent 439900a1ea
commit 59368a72bd
3 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@@ -24,7 +24,7 @@ before_install:
- "gem regenerate_binstubs" - "gem regenerate_binstubs"
- "bundle --version" - "bundle --version"
before_script: before_script:
- "unzip -o $TRAVIS_BUILD_DIR/data.zip -d $HOME" - "unzip -o $TRAVIS_BUILD_DIR/data.zip -d $HOME/.wpscan/"
script: script:
- "bundle exec rspec" - "bundle exec rspec"
notifications: notifications:

21
lib/wpscan/wp_target/wp_api.rb
View File

@@ -46,22 +46,25 @@ class WpTarget < WebSite
def json_get_users(url) def json_get_users(url)
# Variables # Variables
users = [] users = []
data = ""
# Make the request # Make the request
response = Browser.get(url) response = Browser.get(url)
# Able to view the output? # If not HTTP 200, return false
return false if not valid_json?(response.body) return false if response.code != 200
# Read in JSON # Able to view the output?
data = JSON.parse(response.body) if valid_json?(response.body)
# Read in JSON
data = JSON.parse(response.body)
else
return false
end
# If there is nothing there, return false # If there is nothing there, return false
return false if data.empty? return false if data.empty?
# If not HTTP 200, return false
return false if response.code != 200
# Add to array # Add to array
data.each do |child| data.each do |child|
row = [ child['id'], child['name'], child['link'] ] row = [ child['id'], child['name'], child['link'] ]
@@ -71,7 +74,7 @@ class WpTarget < WebSite
# Sort and uniq # Sort and uniq
users = users.sort.uniq users = users.sort.uniq
if users and users.size > 1 if users and users.size >= 1
# Feedback # Feedback
grammar = grammar_s(users.size) grammar = grammar_s(users.size)
puts warning("#{users.size} user#{grammar} exposed via API: #{json_users_url}") puts warning("#{users.size} user#{grammar} exposed via API: #{json_users_url}")
@@ -80,6 +83,8 @@ class WpTarget < WebSite
table = Terminal::Table.new(headings: ['ID', 'Name', 'URL'], table = Terminal::Table.new(headings: ['ID', 'Name', 'URL'],
rows: users) rows: users)
puts table puts table
else
return false
end end
end end
end end

9
lib/wpscan/wp_target/wp_rss.rb
View File

@@ -33,6 +33,9 @@ class WpTarget < WebSite
# Get output # Get output
data = response.body data = response.body
# If there is nothing there, return false
return false if data.empty?
# Read in RSS/XML # Read in RSS/XML
xml = Nokogiri::XML(data) xml = Nokogiri::XML(data)
@@ -43,12 +46,14 @@ class WpTarget < WebSite
users << [%r{.*}i.match(node).to_s] users << [%r{.*}i.match(node).to_s]
end end
rescue rescue
puts critical("Missing Author field. Maybe non-standard WordPress RSS feed?")
return false
end end
# Sort and uniq # Sort and uniq
users = users.sort_by { |user| user.to_s.downcase }.uniq users = users.sort_by { |user| user.to_s.downcase }.uniq
if users and users.size > 1 if users and users.size >= 1
# Feedback # Feedback
grammar = grammar_s(users.size) grammar = grammar_s(users.size)
puts warning("Detected #{users.size} user#{grammar} from RSS feed:") puts warning("Detected #{users.size} user#{grammar} from RSS feed:")
@@ -57,6 +62,8 @@ class WpTarget < WebSite
table = Terminal::Table.new(headings: ['Name'], table = Terminal::Table.new(headings: ['Name'],
rows: users) rows: users)
puts table puts table
else
return false
end end
end end
end end