From b81a4987d9f65524dcca9a3b679744d6e679128c Mon Sep 17 00:00:00 2001 From: dctabuyz Date: Tue, 6 Jan 2015 19:10:22 +0300 Subject: [PATCH 1/5] fix page hash calculation --- lib/wpscan/wp_target/wp_must_use_plugins.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/wpscan/wp_target/wp_must_use_plugins.rb b/lib/wpscan/wp_target/wp_must_use_plugins.rb index 9f9f5a9b..e328861a 100644 --- a/lib/wpscan/wp_target/wp_must_use_plugins.rb +++ b/lib/wpscan/wp_target/wp_must_use_plugins.rb @@ -10,7 +10,7 @@ class WpTarget < WebSite response = Browser.get(must_use_url) if response && WpTarget.valid_response_codes.include?(response.code) - hash = WebSite.page_hash(response.body) + hash = Digest::MD5.hexdigest(response.body) return true if hash != error_404_hash && hash != homepage_hash end From 265bfcd7c871ef55072a6feb0aa917505fb21164 Mon Sep 17 00:00:00 2001 From: dctabuyz Date: Tue, 6 Jan 2015 19:11:57 +0300 Subject: [PATCH 2/5] calculate page hash only if response code is valid --- lib/wpscan/wp_target/wp_custom_directories.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/wpscan/wp_target/wp_custom_directories.rb b/lib/wpscan/wp_target/wp_custom_directories.rb index 1e60791a..6a4d7354 100644 --- a/lib/wpscan/wp_target/wp_custom_directories.rb +++ b/lib/wpscan/wp_target/wp_custom_directories.rb @@ -23,9 +23,9 @@ class WpTarget < WebSite # @return [ Boolean ] def default_wp_content_dir_exists? response = Browser.get(@uri.merge('wp-content').to_s) - hash = Digest::MD5.hexdigest(response.body) if WpTarget.valid_response_codes.include?(response.code) + hash = Digest::MD5.hexdigest(response.body) return true if hash != error_404_hash and hash != homepage_hash end From 5adefda286fce6f10684cf82a5ed31dbbfa57c56 Mon Sep 17 00:00:00 2001 From: dctabuyz Date: Tue, 6 Jan 2015 23:05:57 +0300 Subject: [PATCH 3/5] Digest::MD5.hexdigest replaced by WebSite.page_hash --- lib/wpscan/wp_target/wp_custom_directories.rb | 2 +- lib/wpscan/wp_target/wp_must_use_plugins.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/wpscan/wp_target/wp_custom_directories.rb b/lib/wpscan/wp_target/wp_custom_directories.rb index 6a4d7354..59956edb 100644 --- a/lib/wpscan/wp_target/wp_custom_directories.rb +++ b/lib/wpscan/wp_target/wp_custom_directories.rb @@ -25,7 +25,7 @@ class WpTarget < WebSite response = Browser.get(@uri.merge('wp-content').to_s) if WpTarget.valid_response_codes.include?(response.code) - hash = Digest::MD5.hexdigest(response.body) + hash = WebSite.page_hash(response) return true if hash != error_404_hash and hash != homepage_hash end diff --git a/lib/wpscan/wp_target/wp_must_use_plugins.rb b/lib/wpscan/wp_target/wp_must_use_plugins.rb index e328861a..f0c82203 100644 --- a/lib/wpscan/wp_target/wp_must_use_plugins.rb +++ b/lib/wpscan/wp_target/wp_must_use_plugins.rb @@ -10,7 +10,7 @@ class WpTarget < WebSite response = Browser.get(must_use_url) if response && WpTarget.valid_response_codes.include?(response.code) - hash = Digest::MD5.hexdigest(response.body) + hash = WebSite.page_hash(response) return true if hash != error_404_hash && hash != homepage_hash end From cbad8857bd40b3a0fa36a2978c64202bcd0625b2 Mon Sep 17 00:00:00 2001 From: dctabuyz Date: Wed, 7 Jan 2015 12:34:27 +0500 Subject: [PATCH 4/5] use actual ruby interpreter --- spec/wpscan_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/wpscan_spec.rb b/spec/wpscan_spec.rb index e2de8712..85d8f12f 100644 --- a/spec/wpscan_spec.rb +++ b/spec/wpscan_spec.rb @@ -5,14 +5,14 @@ require 'spec_helper' describe 'wpscan main checks' do it 'should check for errors on running the mainscript' do - a = %x[ruby #{ROOT_DIR}/wpscan.rb] + a = %x[#{RbConfig.ruby} #{ROOT_DIR}/wpscan.rb] expect(a).to match /No argument supplied/ end it 'should check for valid syntax' do result = "" Dir.glob("**/*.rb") do |file| - res = %x{ruby -c #{ROOT_DIR}/#{file} 2>&1}.split("\n") + res = %x{#{RbConfig.ruby} -c #{ROOT_DIR}/#{file} 2>&1}.split("\n") ok = res.select {|msg| msg =~ /Syntax OK/} result << ("####################\nSyntax error in #{file}:\n#{res.join("\n").strip()}\n") if ok.size != 1 end From a9e161268ccc42b6bd466089a1b2dba6e540e1ca Mon Sep 17 00:00:00 2001 From: dctabuyz Date: Wed, 7 Jan 2015 12:55:26 +0500 Subject: [PATCH 5/5] IDN support: encode non-ascii domain names --- lib/environment.rb | 1 + lib/wpscan/wpscan_options.rb | 2 ++ spec/lib/wpscan/wpscan_options_spec.rb | 5 +++++ 3 files changed, 8 insertions(+) diff --git a/lib/environment.rb b/lib/environment.rb index 58be2da9..46270890 100644 --- a/lib/environment.rb +++ b/lib/environment.rb @@ -35,6 +35,7 @@ begin require 'nokogiri' require 'terminal-table' require 'ruby-progressbar' + require 'addressable/uri' # Custom libs require 'common/browser' require 'common/custom_option_parser' diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb index 76b8fdbd..195c7be0 100644 --- a/lib/wpscan/wpscan_options.rb +++ b/lib/wpscan/wpscan_options.rb @@ -55,6 +55,8 @@ class WpscanOptions def url=(url) raise Exception.new('Empty URL given') if url.nil? || url == '' + url = Addressable::URI.parse(url).normalize.to_s unless url.ascii_only? + @url = URI.parse(add_http_protocol(url)).to_s end diff --git a/spec/lib/wpscan/wpscan_options_spec.rb b/spec/lib/wpscan/wpscan_options_spec.rb index 947229d9..2d689a25 100644 --- a/spec/lib/wpscan/wpscan_options_spec.rb +++ b/spec/lib/wpscan/wpscan_options_spec.rb @@ -32,6 +32,11 @@ describe 'WpscanOptions' do @wpscan_options.url = url expect(@wpscan_options.url).to be === url end + + it 'should encode IDN' do + @wpscan_options.url = 'http://пример.испытание/' + expect(@wpscan_options.url).to be === 'http://xn--e1afmkfd.xn--80akhbyknj4f/' + end end describe '#threads=' do