garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #749 from dctabuyz/master

Browse Source 
wp_must_use_plugins.rb fix page hash calculation & encode IDN
This commit is contained in:
erwanlr
2015-01-07 10:33:36 +01:00
parent 6b9c9eb0ed c0fe02efb9
commit 5bd3d4fd96
6 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/environment.rb
View File

@@ -35,6 +35,7 @@ begin
require 'nokogiri' require 'nokogiri'
require 'terminal-table' require 'terminal-table'
require 'ruby-progressbar' require 'ruby-progressbar'
require 'addressable/uri'
# Custom libs # Custom libs
require 'common/browser' require 'common/browser'
require 'common/custom_option_parser' require 'common/custom_option_parser'

2
lib/wpscan/wp_target/wp_custom_directories.rb
View File

@@ -23,9 +23,9 @@ class WpTarget < WebSite
# @return [ Boolean ] # @return [ Boolean ]
def default_wp_content_dir_exists? def default_wp_content_dir_exists?
response = Browser.get(@uri.merge('wp-content').to_s) response = Browser.get(@uri.merge('wp-content').to_s)
hash = Digest::MD5.hexdigest(response.body)
if WpTarget.valid_response_codes.include?(response.code) if WpTarget.valid_response_codes.include?(response.code)
hash = WebSite.page_hash(response)
return true if hash != error_404_hash and hash != homepage_hash return true if hash != error_404_hash and hash != homepage_hash
end end

2
lib/wpscan/wp_target/wp_must_use_plugins.rb
View File

@@ -10,7 +10,7 @@ class WpTarget < WebSite
response = Browser.get(must_use_url) response = Browser.get(must_use_url)
if response && WpTarget.valid_response_codes.include?(response.code) if response && WpTarget.valid_response_codes.include?(response.code)
hash = WebSite.page_hash(response.body) hash = WebSite.page_hash(response)
return true if hash != error_404_hash && hash != homepage_hash return true if hash != error_404_hash && hash != homepage_hash
end end

2
lib/wpscan/wpscan_options.rb
View File

@@ -55,6 +55,8 @@ class WpscanOptions
def url=(url) def url=(url)
raise Exception.new('Empty URL given') if url.nil? || url == '' raise Exception.new('Empty URL given') if url.nil? || url == ''
url = Addressable::URI.parse(url).normalize.to_s unless url.ascii_only?
@url = URI.parse(add_http_protocol(url)).to_s @url = URI.parse(add_http_protocol(url)).to_s
end end

5
spec/lib/wpscan/wpscan_options_spec.rb
View File

@@ -32,6 +32,11 @@ describe 'WpscanOptions' do
@wpscan_options.url = url @wpscan_options.url = url
expect(@wpscan_options.url).to be === url expect(@wpscan_options.url).to be === url
end end
it 'should encode IDN' do
@wpscan_options.url = 'http://пример.испытание/'
expect(@wpscan_options.url).to be === 'http://xn--e1afmkfd.xn--80akhbyknj4f/'
end
end end
describe '#threads=' do describe '#threads=' do

4
spec/wpscan_spec.rb
View File

@@ -5,14 +5,14 @@ require 'spec_helper'
describe 'wpscan main checks' do describe 'wpscan main checks' do
it 'should check for errors on running the mainscript' do it 'should check for errors on running the mainscript' do
a = %x[ruby #{ROOT_DIR}/wpscan.rb] a = %x[#{RbConfig.ruby} #{ROOT_DIR}/wpscan.rb]
expect(a).to match /No argument supplied/ expect(a).to match /No argument supplied/
end end
it 'should check for valid syntax' do it 'should check for valid syntax' do
result = "" result = ""
Dir.glob("**/*.rb") do |file| Dir.glob("**/*.rb") do |file|
res = %x{ruby -c #{ROOT_DIR}/#{file} 2>&1}.split("\n") res = %x{#{RbConfig.ruby} -c #{ROOT_DIR}/#{file} 2>&1}.split("\n")
ok = res.select {|msg| msg =~ /Syntax OK/} ok = res.select {|msg| msg =~ /Syntax OK/}
result << ("####################\nSyntax error in #{file}:\n#{res.join("\n").strip()}\n") if ok.size != 1 result << ("####################\nSyntax error in #{file}:\n#{res.join("\n").strip()}\n") if ok.size != 1
end end