garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #862 from wpscanteam/apiv2

Browse Source 
Apiv2
This commit is contained in:
Ryan Dewhurst
2015-09-08 21:00:03 +02:00
parent e4d6b988ef 2208f2a8c0
commit 5ce3581386
41 changed files with 681 additions and 607 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile
View File

@@ -3,7 +3,7 @@ source 'https://rubygems.org'
gem 'typhoeus', '~>0.7.0'
gem 'nokogiri'
gem 'addressable'
gem 'json'
gem 'yajl-ruby' # Better JSON parser regarding memory usage
gem 'terminal-table', '~>1.4.5'
gem 'ruby-progressbar', '>=1.6.0'

1
lib/common/collections/wp_items.rb
View File

@@ -67,6 +67,7 @@ class WpItems < Array
end
protected
# @return [ Class ]
def item_class
Object.const_get(self.class.to_s.gsub(/.$/, ''))

36
lib/common/collections/wp_items/detectable.rb
View File

@@ -32,11 +32,7 @@ class WpItems < Array
progress_bar.progress += 1 if options[:show_progression]
if target_item.exists?(exist_options, response)
unless results.include?(target_item)
if !options[:only_vulnerable] || options[:only_vulnerable] && target_item.vulnerable?
results << target_item
end
end
results << target_item unless results.include?(target_item)
end
end
@@ -53,7 +49,7 @@ class WpItems < Array
# run the remaining requests
hydra.run
results.select!(&:vulnerable?) if options[:only_vulnerable]
results.select!(&:vulnerable?) if options[:type] == :vulnerable
results.sort!
results # can't just return results.sort as it would return an array, and we want a WpItems
@@ -155,15 +151,7 @@ class WpItems < Array
item_class = self.item_class
vulns_file = self.vulns_file
targets = vulnerable_targets_items(wp_target, item_class, vulns_file)
unless options[:only_vulnerable]
unless options[:file]
raise 'A file must be supplied'
end
targets += targets_items_from_file(options[:file], wp_target, item_class, vulns_file)
end
targets = target_items_from_type(wp_target, item_class, vulns_file, options[:type])
targets.uniq! { |t| t.name }
targets.sort_by { rand }
@@ -174,14 +162,25 @@ class WpItems < Array
# @param [ String ] vulns_file
#
# @return [ Array<WpItem> ]
def vulnerable_targets_items(wp_target, item_class, vulns_file)
def target_items_from_type(wp_target, item_class, vulns_file, type)
targets = []
json = json(vulns_file)
[*json].each do |item|
case type
when :vulnerable
items = json.select { |item| !json[item]['vulnerabilities'].empty? }.keys
when :popular
items = json.select { |item| json[item]['popular'] == true }.keys
when :all
items = json.keys
else
raise "Unknown type #{type}"
end
items.each do |item|
targets << create_item(
item_class,
item.keys.inject,
item,
wp_target,
vulns_file
)
@@ -233,6 +232,5 @@ class WpItems < Array
def item_class
Object.const_get(self.to_s.gsub(/.$/, ''))
end
end
end

8
lib/common/collections/wp_plugins/detectable.rb
View File

@@ -2,17 +2,11 @@
class WpPlugins < WpItems
module Detectable
# @return [ String ]
def vulns_file
PLUGINS_VULNS_FILE
PLUGINS_FILE
end
# @return [ String ]
# def item_xpath
# '//plugin'
# end
# @param [ WpTarget ] wp_target
# @param [ Hash ] options
#

8
lib/common/collections/wp_themes/detectable.rb
View File

@@ -5,13 +5,7 @@ class WpThemes < WpItems
# @return [ String ]
def vulns_file
THEMES_VULNS_FILE
THEMES_FILE
end
# @return [ String ]
# def item_xpath
# '//theme'
# end
end
end

23
lib/common/common_helper.rb
View File

@@ -18,20 +18,15 @@ COMMON_PLUGINS_DIR = File.join(COMMON_LIB_DIR, 'plugins')
WPSCAN_PLUGINS_DIR = File.join(WPSCAN_LIB_DIR, 'plugins') # Not used ATM
# Data files
PLUGINS_FILE = File.join(DATA_DIR, 'plugins.txt')
PLUGINS_FULL_FILE = File.join(DATA_DIR, 'plugins_full.txt')
PLUGINS_VULNS_FILE = File.join(DATA_DIR, 'plugin_vulns.json')
THEMES_FILE = File.join(DATA_DIR, 'themes.txt')
THEMES_FULL_FILE = File.join(DATA_DIR, 'themes_full.txt')
THEMES_VULNS_FILE = File.join(DATA_DIR, 'theme_vulns.json')
WP_VULNS_FILE = File.join(DATA_DIR, 'wp_vulns.json')
WP_VERSIONS_FILE = File.join(DATA_DIR, 'wp_versions.xml')
LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml')
# VULNS_XSD = File.join(DATA_DIR, 'vuln.xsd')
WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd')
LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
USER_AGENTS_FILE = File.join(DATA_DIR, 'user-agents.txt')
LAST_UPDATE_FILE = File.join(DATA_DIR, '.last_update')
WORDPRESSES_FILE = File.join(DATA_DIR, 'wordpresses.json')
PLUGINS_FILE = File.join(DATA_DIR, 'plugins.json')
THEMES_FILE = File.join(DATA_DIR, 'themes.json')
WP_VERSIONS_FILE = File.join(DATA_DIR, 'wp_versions.xml')
LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml')
WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd')
LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
USER_AGENTS_FILE = File.join(DATA_DIR, 'user-agents.txt')
LAST_UPDATE_FILE = File.join(DATA_DIR, '.last_update')
WPSCAN_VERSION = '2.8'

3
lib/common/db_updater.rb
View File

@@ -4,9 +4,8 @@
class DbUpdater
FILES = %w(
local_vulnerable_files.xml local_vulnerable_files.xsd
plugins_full.txt plugins.txt themes_full.txt themes.txt
timthumbs.txt user-agents.txt wp_versions.xml wp_versions.xsd
plugin_vulns.json theme_vulns.json wp_vulns.json LICENSE
wordpresses.json plugins.json themes.json LICENSE
)
attr_reader :repo_directory

11
lib/common/models/vulnerability.rb
View File

@@ -42,11 +42,12 @@ class Vulnerability
# @return [ Vulnerability ]
def self.load_from_json_item(json_item)
references = {}
references['id'] = [json_item['id']]
%w(id url cve secunia osvdb metasploit exploitdb).each do |key|
if json_item[key]
json_item[key] = [json_item[key]] if json_item[key].class != Array
references[key] = json_item[key]
%w(url cve secunia osvdb metasploit exploitdb).each do |key|
if json_item['references'][key]
json_item['references'][key] = [json_item['references'][key]] if json_item['references'][key].class != Array
references[key] = json_item['references'][key]
end
end
@@ -54,7 +55,7 @@ class Vulnerability
json_item['title'],
json_item['type'],
references,
json_item['fixed_in'],
json_item['fixed_in']
)
end

8
lib/common/models/vulnerability/output.rb
View File

@@ -2,22 +2,22 @@
class Vulnerability
module Output
# output the vulnerability
def output(verbose = false)
puts
puts critical("Title: #{title}")
references.each do |key, urls|
methodname = "url_#{key}"
urls.each do |u|
next unless respond_to?(methodname)
url = send(methodname, u)
puts " Reference: #{url}" if url
end
end
unless fixed_in.nil?
puts notice("Fixed in: #{fixed_in}")
end
puts notice("Fixed in: #{fixed_in}") if fixed_in
end
end
end

24
lib/common/models/wp_item.rb
View File

@@ -22,7 +22,7 @@ class WpItem
# @return [ Array ]
# Make it private ?
def allowed_options
[:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :vulns_file]
[:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :db_file]
end
# @param [ URI ] target_base_uri
@@ -30,7 +30,6 @@ class WpItem
#
# @return [ WpItem ]
def initialize(target_base_uri, options = {})
options[:wp_content_dir] ||= 'wp-content'
options[:wp_plugins_dir] ||= options[:wp_content_dir] + '/plugins'
@@ -38,6 +37,27 @@ class WpItem
forge_uri(target_base_uri)
end
def identifier
@identifier ||= name
end
# @return [ Hash ]
def db_data
@db_data ||= json(db_file)[identifier] || {}
end
def latest_version
db_data['latest_version']
end
def last_updated
db_data['last_ipdated']
end
def popular?
db_data['popular']
end
# @param [ Hash ] options
#
# @return [ void ]

7
lib/common/models/wp_item/output.rb
View File

@@ -5,12 +5,17 @@ class WpItem
# @return [ Void ]
def output(verbose = false)
outdated = VersionCompare.lesser?(version, latest_version) if latest_version
puts
puts info("Name: #{self}") #this will also output the version number if detected
puts " | Latest version: #{latest_version} (up to date)" if latest_version && !outdated
puts " | Last updated: #{last_updated}" if last_updated
puts " | Location: #{url}"
#puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
puts " | Readme: #{readme_url}" if has_readme?
puts " | Changelog: #{changelog_url}" if has_changelog?
puts warning("The version is out of date, the latest version is #{latest_version}") if latest_version && outdated
puts warning("Directory listing is enabled: #{url}") if has_directory_listing?
puts warning("An error_log file has been found: #{error_log_url}") if has_error_log?

21
lib/common/models/wp_item/vulnerable.rb
View File

@@ -2,30 +2,23 @@
class WpItem
module Vulnerable
attr_accessor :vulns_file, :identifier
attr_accessor :db_file, :identifier
# Get the vulnerabilities associated to the WpItem
# Filters out already fixed vulnerabilities
#
# @return [ Vulnerabilities ]
def vulnerabilities
json = json(vulns_file)
vulnerabilities = Vulnerabilities.new
return @vulnerabilities if @vulnerabilities
json.each do |item|
asset = item[identifier]
@vulnerabilities = Vulnerabilities.new
next unless asset
asset['vulnerabilities'].each do |vulnerability|
vulnerability = Vulnerability.load_from_json_item(vulnerability)
vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
end
break # No need to iterate any further
[*db_data['vulnerabilities']].each do |vulnerability|
vulnerability = Vulnerability.load_from_json_item(vulnerability)
@vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
end
vulnerabilities
@vulnerabilities
end
def vulnerable?

7
lib/common/models/wp_plugin.rb
View File

@@ -1,10 +1,6 @@
# encoding: UTF-8
require 'wp_plugin/vulnerable'
class WpPlugin < WpItem
include WpPlugin::Vulnerable
# Sets the @uri
#
# @param [ URI ] target_base_uri The URI of the wordpress blog
@@ -14,4 +10,7 @@ class WpPlugin < WpItem
@uri = target_base_uri.merge(URI.encode(wp_plugins_dir + '/' + name + '/'))
end
def db_file
@db_file ||= PLUGINS_FILE
end
end

20
lib/common/models/wp_plugin/vulnerable.rb
View File

@@ -1,20 +0,0 @@
# encoding: UTF-8
class WpPlugin < WpItem
module Vulnerable
# @return [ String ] The path to the file containing vulnerabilities
def vulns_file
unless @vulns_file
@vulns_file = PLUGINS_VULNS_FILE
end
@vulns_file
end
# @return [ String ]
def identifier
@name
end
end
end

5
lib/common/models/wp_theme.rb
View File

@@ -2,7 +2,6 @@
require 'wp_theme/findable'
require 'wp_theme/versionable'
require 'wp_theme/vulnerable'
require 'wp_theme/info'
require 'wp_theme/output'
require 'wp_theme/childtheme'
@@ -10,7 +9,6 @@ require 'wp_theme/childtheme'
class WpTheme < WpItem
extend WpTheme::Findable
include WpTheme::Versionable
include WpTheme::Vulnerable
include WpTheme::Info
include WpTheme::Output
include WpTheme::Childtheme
@@ -33,4 +31,7 @@ class WpTheme < WpItem
@uri.merge('style.css').to_s
end
def db_file
@db_file ||= THEMES_FILE
end
end

19
lib/common/models/wp_theme/vulnerable.rb
View File

@@ -1,19 +0,0 @@
# encoding: UTF-8
class WpTheme < WpItem
module Vulnerable
# @return [ String ] The path to the file containing vulnerabilities
def vulns_file
unless @vulns_file
@vulns_file = THEMES_VULNS_FILE
end
@vulns_file
end
# @return [ String ]
def identifier
@name
end
end
end

11
lib/common/models/wp_version.rb
View File

@@ -1,13 +1,10 @@
# encoding: UTF-8
require 'wp_version/findable'
require 'wp_version/vulnerable'
require 'wp_version/output'
class WpVersion < WpItem
extend WpVersion::Findable
include WpVersion::Vulnerable
include WpVersion::Output
# The version number
@@ -17,6 +14,14 @@ class WpVersion < WpItem
# @return [ Array ]
def allowed_options; super << :number << :found_from end
def identifier
@identifier ||= number
end
def db_file
@db_file ||= WORDPRESSES_FILE
end
# @param [ WpVersion ] other
#
# @return [ Boolean ]

19
lib/common/models/wp_version/vulnerable.rb
View File

@@ -1,19 +0,0 @@
# encoding: UTF-8
class WpVersion < WpItem
module Vulnerable
# @return [ String ] The path to the file containing vulnerabilities
def vulns_file
unless @vulns_file
@vulns_file = WP_VULNS_FILE
end
@vulns_file
end
# @return [ String ]
def identifier
@number
end
end
end

36
lib/common/version_compare.rb
View File

@@ -11,8 +11,8 @@ class VersionCompare
# @return [ Boolean ]
def self.lesser_or_equal?(version1, version2)
# Prepend a '0' if the version starts with a '.'
version1 = "0#{version1}" if version1 && version1[0,1] == '.'
version2 = "0#{version2}" if version2 && version2[0,1] == '.'
version1 = prepend_zero(version1)
version2 = prepend_zero(version2)
return true if (version1 == version2)
# Both versions must be set
@@ -27,4 +27,36 @@ class VersionCompare
end
return false
end
# Compares two version strings. Returns true if version1 < version2
# and false otherwise
#
# @param [ String ] version1
# @param [ String ] version2
#
# @return [ Boolean ]
def self.lesser?(version1, version2)
# Prepend a '0' if the version starts with a '.'
version1 = prepend_zero(version1)
version2 = prepend_zero(version2)
return false if (version1 == version2)
# Both versions must be set
return false unless (version1 and version2)
return false if (version1.empty? or version2.empty?)
begin
return true if (Gem::Version.new(version1) < Gem::Version.new(version2))
rescue ArgumentError => e
# Example: ArgumentError: Malformed version number string a
return false if e.message =~ /Malformed version number string/
raise
end
return false
end
# @return [ String ]
def self.prepend_zero(version)
return nil if version.nil?
version[0,1] == '.' ? "0#{version}" : version
end
end

2
lib/environment.rb
View File

@@ -31,7 +31,7 @@ begin
require 'pathname'
# Third party libs
require 'typhoeus'
require 'json'
require 'yajl/json_gem'
require 'nokogiri'
require 'terminal-table'
require 'ruby-progressbar'

2
spec/lib/common/collections/wp_plugins_spec.rb
View File

@@ -11,7 +11,7 @@ describe WpPlugins do
let(:expected) do
{
request_params: { cache_ttl: 0, followlocation: true },
vulns_file: PLUGINS_VULNS_FILE,
vulns_file: PLUGINS_FILE,
targets_items_from_file: [ WpPlugin.new(uri, name: 'plugin1'),
WpPlugin.new(uri, name:'plugin-2'),
WpPlugin.new(uri, name: 'mr-smith')],

2
spec/lib/common/collections/wp_themes_spec.rb
View File

@@ -13,7 +13,7 @@ describe WpThemes do
let(:expected) do
{
request_params: { cache_ttl: 0, followlocation: true },
vulns_file: THEMES_VULNS_FILE,
vulns_file: THEMES_FILE,
targets_items_from_file: [ WpTheme.new(uri, name: '3colours'),
WpTheme.new(uri, name:'42k'),
WpTheme.new(uri, name: 'a-ri')],

4
spec/lib/common/models/wp_item_spec.rb
View File

@@ -11,11 +11,11 @@ describe WpItem do
end
it_behaves_like 'WpItem::Versionable'
it_behaves_like 'WpItem::Vulnerable' do
let(:vulns_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' }
let(:db_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' }
let(:identifier) { 'neo' }
let(:expected_refs) { {
'id' => [2993],
'url' => ['Ref 1,Ref 2'],
'url' => ['Ref 1', 'Ref 2'],
'cve' => ['2011-001'],
'secunia' => ['secunia'],
'osvdb' => ['osvdb'],

6
spec/lib/common/models/wp_plugin_spec.rb
View File

@@ -5,11 +5,11 @@ require 'spec_helper'
describe WpPlugin do
it_behaves_like 'WpPlugin::Vulnerable'
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'white-rabbit' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' }
let(:options) { { name: 'white-rabbit' } }
let(:db_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins.json' }
let(:expected_refs) { {
'id' => [2993],
'url' => ['Ref 1,Ref 2'],
'url' => ['Ref 1', 'Ref 2'],
'cve' => ['2011-001'],
'secunia' => ['secunia'],
'osvdb' => ['osvdb'],

4
spec/lib/common/models/wp_theme_spec.rb
View File

@@ -7,10 +7,10 @@ describe WpTheme do
it_behaves_like 'WpTheme::Vulnerable'
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'the-oracle' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
let(:db_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
let(:expected_refs) { {
'id' => [2993],
'url' => ['Ref 1,Ref 2'],
'url' => ['Ref 1', 'Ref 2'],
'cve' => ['2011-001'],
'secunia' => ['secunia'],
'osvdb' => ['osvdb'],

118
spec/lib/common/version_compare_spec.rb
View File

@@ -121,4 +121,122 @@ describe 'VersionCompare' do
end
end
describe '::lesser?' do
context 'version checked is newer' do
after { expect(VersionCompare::lesser?(@version1, @version2)).to be_truthy }
it 'returns true' do
@version1 = '1.0'
@version2 = '2.0'
end
it 'returns true' do
@version1 = '1.0'
@version2 = '1.1'
end
it 'returns true' do
@version1 = '1.0a'
@version2 = '1.0b'
end
it 'returns true' do
@version1 = '1.0'
@version2 = '5000000'
end
it 'returns true' do
@version1 = '0'
@version2 = '1'
end
it 'returns true' do
@version1 = '0.4.2b'
@version2 = '2.3.3'
end
it 'returns true' do
@version1 = '.47'
@version2 = '.50.3'
end
end
context 'version checked is older' do
after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey }
it 'returns false' do
@version1 = '1'
@version2 = '0'
end
it 'returns false' do
@version1 = '1.0'
@version2 = '0.5'
end
it 'returns false' do
@version1 = '500000'
@version2 = '1'
end
it 'returns false' do
@version1 = '1.6.3.7.3.4'
@version2 = '1.2.4.567.679.8.e'
end
it 'returns false' do
@version1 = '.47'
@version2 = '.46.3'
end
end
context 'version checked is the same' do
after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey }
it 'returns true' do
@version1 = '1'
@version2 = '1'
end
it 'returns true' do
@version1 = 'a'
@version2 = 'a'
end
end
context 'version number causes Gem::Version new Exception' do
after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey }
it 'returns false' do
@version1 = 'a'
@version2 = 'b'
end
end
context 'one version number is not set' do
after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey }
it 'returns false (version2 nil)' do
@version1 = '1'
@version2 = nil
end
it 'returns false (version1 nil)' do
@version1 = nil
@version2 = '1'
end
it 'returns false (version2 empty)' do
@version1 = '1'
@version2 = ''
end
it 'returns false (version1 empty)' do
@version1 = ''
@version2 = '1'
end
end
end
end

106
spec/samples/common/collections/wp_items/detectable/vulns.json
View File

@@ -1,58 +1,64 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
{
"mr-smith": {
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references": {
"url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references": {
"url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
"cve":"2014-0166"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references": {
"url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
"cve":"2014-0165"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"references": {
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
"secunia":"57769"
},
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
"neo": {
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references": {
"url": "http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101"
},
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
]
}

108
spec/samples/common/collections/wp_plugins/detectable/vulns.json
View File

@@ -1,58 +1,64 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
{
"mr-smith": {
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references": {
"url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references": {
"url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references": {
"url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
"cve":"2014-0165"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"references": {
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
"secunia":"57769"
},
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
"neo": {
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references": {
"url": "http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101"
},
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
]
}

111
spec/samples/common/collections/wp_themes/detectable/vulns.json
View File

@@ -1,58 +1,65 @@
[
{
"shopperpress":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
{
"shopperpress": {
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references": {
"url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references": {
"url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references": {
"url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"references": {
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
"secunia":"57769"
},
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
},
{
"webfolio":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
"webfolio": {
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references": {
"url": "http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101"
},
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
]
}

14
spec/samples/common/models/vulnerability/json_item.json
View File

@@ -1,12 +1,14 @@
{
"id": "3911",
"title": "Vuln Title",
"url": "Ref 1,Ref 2",
"secunia": "secunia",
"osvdb": "osvdb",
"cve": "2011-001",
"metasploit": "exploit/ex1",
"exploitdb": "exploitdb",
"references":{
"url": "Ref 1,Ref 2",
"secunia": "secunia",
"osvdb": "osvdb",
"cve": "2011-001",
"metasploit": "exploit/ex1",
"exploitdb": "exploitdb"
},
"created_at": "2014-07-28T12:10:45.000Z",
"updated_at": "2014-07-28T12:10:45.000Z",
"type": "CSRF",

66
spec/samples/common/models/wp_item/vulnerable/items_vulns.json
View File

@@ -1,35 +1,35 @@
[
{
"not-this-one":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
}
]
}
{
"not-this-one": {
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references": {
"url": ["https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/" ,"http://www.example.com"]
},
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
}
]
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"I'm the one",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
"neo": {
"vulnerabilities":[
{
"id":2993,
"title":"I'm the one",
"references": {
"url": ["Ref 1", "Ref 2"],
"osvdb": ["osvdb"],
"cve": ["2011-001"],
"secunia": ["secunia"],
"metasploit": ["exploit/ex1"],
"exploitdb": ["exploitdb"]
},
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
]
}

58
spec/samples/common/models/wp_plugin/vulnerable/plugins.json Normal file
View File

@@ -0,0 +1,58 @@
{
"mr-smith": {
"vulnerabilities":[
{
"id":2993,
"title":"I should not appear in the results",
"references": {
"url": ["Ref 1","Ref 2"],
"osvdb": ["osvdb"],
"cve": ["2011-001"],
"secunia": ["secunia"],
"metasploit": ["exploit/ex1"],
"exploitdb": ["exploitdb"]
},
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"references": {
"url": ["Ref 1" ,"Ref 2"],
"osvdb": ["osvdb"],
"cve": ["2011-001"],
"secunia": ["secunia"],
"metasploit": ["exploit/ex1"],
"exploitdb": ["exploitdb"]
},
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
},
"white-rabbit": {
"vulnerabilities": [
{
"id":2993,
"title":"Follow me!",
"references": {
"url": ["Ref 1", "Ref 2"],
"osvdb": ["osvdb"],
"cve": ["2011-001"],
"secunia": ["secunia"],
"metasploit": ["exploit/ex1"],
"exploitdb": ["exploitdb"]
},
"type":"REDIRECT",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}

56
spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json
View File

@@ -1,56 +0,0 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"white-rabbit":{
"vulnerabilities":[
{
"id":2993,
"title":"Follow me!",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"REDIRECT",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

89
spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json
View File

@@ -1,56 +1,59 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
{
"mr-smith": {
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"references": {
"url": ["Ref 1", "Ref 2"],
"osvdb": ["osvdb"],
"cve": ["2011-001"],
"secunia": ["secunia"],
"metasploit": ["exploit/ex1"],
"exploitdb": ["exploitdb"]
},
{
"id":2989,
"title":"Neither do I",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"references": {
"url": ["Ref 1", "Ref 2"],
"osvdb": ["osvdb"],
"cve": ["2011-001"],
"secunia": ["secunia"],
"metasploit": ["exploit/ex1"],
"exploitdb": ["exploitdb"]
},
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"the-oracle":{
},
"the-oracle": {
"vulnerabilities":[
{
"id":2993,
"title":"I see you",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"references": {
"url": ["Ref 1", "Ref 2"],
"osvdb": ["osvdb"],
"cve": ["2011-001"],
"secunia": ["secunia"],
"metasploit": ["exploit/ex1"],
"exploitdb": ["exploitdb"]
},
"type":"FPD",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]
}

82
spec/samples/common/models/wp_version/vulnerable/versions_vulns.json
View File

@@ -1,42 +1,42 @@
[
{
"3.5":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"3.2":{
"vulnerabilities":[
{
"id":2993,
"title":"Here I Am",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"SQLI",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
{
"3.5": {
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"references": {
"url": ["Ref 1", "Ref 2"],
"osvdb": ["osvdb"],
"cve": ["2011-001"],
"secunia": ["secunia"],
"metasploit": ["exploit/ex1"],
"exploitdb": ["exploitdb"]
},
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
},
"3.2": {
"vulnerabilities":[
{
"id":2993,
"title":"Here I Am",
"references": {
"url": ["Ref 1", "Ref 2"],
"osvdb": ["osvdb"],
"cve": ["2011-001"],
"secunia": ["secunia"],
"metasploit": ["exploit/ex1"],
"exploitdb": ["exploitdb"]
},
"type":"SQLI",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
]
}

16
spec/shared_examples/wp_item_vulnerable.rb
View File

@@ -3,8 +3,8 @@
shared_examples 'WpItem::Vulnerable' do
# 2 variables have to be set in the described class or subject:
# let(:vulns_file) { }
# let(:expected_vulns) { } The expected Vulnerabilities when using vulns_file and vulns_xpath
# let(:db_file) { }
# let(:expected_vulns) { } The expected Vulnerabilities when using db_file and vulns_xpath
#
# 1 variable is optional, used if supplied, otherwise subject.vulns_xpath is used
# let(:vulns_xpath) { }
@@ -18,7 +18,7 @@ shared_examples 'WpItem::Vulnerable' do
end
after do
subject.vulns_file = @vulns_file
subject.db_file = @db_file
subject.identifier = identifier if defined?(identifier)
result = subject.vulnerabilities
@@ -26,16 +26,16 @@ shared_examples 'WpItem::Vulnerable' do
expect(result).to eq @expected
end
context 'when the vulns_file is empty' do
context 'when the db_file is empty' do
it 'returns an empty Vulnerabilities' do
@vulns_file = empty_file
@expected = Vulnerabilities.new
@db_file = empty_file
@expected = Vulnerabilities.new
end
end
it 'returns the expected vulnerabilities' do
@vulns_file = vulns_file
@expected = expected_vulns
@db_file = db_file
@expected = expected_vulns
end
end

88
spec/shared_examples/wp_items_detectable.rb
View File

@@ -39,68 +39,8 @@ shared_examples 'WpItems::Detectable' do
end
end
describe '::targets_items_from_file' do
after do
results = subject.send(:targets_items_from_file, file, wp_target, item_class, vulns_file)
expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name }
unless results.empty?
results.each do |item|
expect(item).to be_a item_class
end
end
end
# should raise error.
# context 'when an empty file' do
# let(:file) { empty_file }
# it 'returns an empty Array' do
# @expected = []
# end
# end
context 'when a file' do
let(:file) { targets_items_file }
it 'returns the expected Array of WpItem' do
@expected = expected[:targets_items_from_file]
end
end
end
describe '::vulnerable_targets_items' do
after do
results = subject.send(:vulnerable_targets_items, wp_target, item_class, vulns_file)
expect(results.map { |i| i.name }).to eq @expected.map { |i| i.name }
unless results.empty?
results.each do |item|
expect(item).to be_a item_class
end
end
end
# should raise error.
# context 'when an empty file' do
# let(:file) { empty_file }
# it 'returns an empty Array' do
# @expected = []
# end
# end
context 'when a file' do
it 'returns the expected Array of WpItem' do
@expected = expected[:vulnerable_targets_items]
end
end
end
describe '::targets_items' do
let(:options) { {} }
let(:options) { { type: :all } }
after do
if @expected
@@ -110,29 +50,13 @@ shared_examples 'WpItems::Detectable' do
end
end
context 'when :only_vulnerable' do
let(:options) { { only_vulnerable: true } }
context 'when :type = :vulnerable' do
let(:options) { { type: :vulnerable } }
it 'returns the expected Array of WpItem' do
@expected = expected[:vulnerable_targets_items]
end
end
context 'when not :only_vulnerable' do
context 'when no :file' do
it 'raises an error' do
expect { subject.send(:targets_items, wp_target, options) }.to raise_error('A file must be supplied')
end
end
context 'when :file' do
let(:options) { { file: targets_items_file } }
it 'returns the expected Array of WpItem' do
@expected = (expected[:targets_items_from_file] + expected[:vulnerable_targets_items]).uniq {|t| t.name }
end
end
end
end
describe '::passive_detection' do
@@ -176,8 +100,8 @@ shared_examples 'WpItems::Detectable' do
expect(result.sort.map { |i| i.name }).to eq @expected.sort.map { |i| i.name }
end
context 'when :only_vulnerable' do
let(:options) { { only_vulnerable: true } }
context 'when :type = :vulnerable' do
let(:options) { { type: :vulnerable } }
let(:targets) { expected[:vulnerable_targets_items] }
it 'only checks and return vulnerable targets' do
@@ -207,7 +131,7 @@ shared_examples 'WpItems::Detectable' do
end
end
context 'when no :only_vulnerable' do
context 'when no :type = :vulnerable' do
let(:targets) { (expected[:vulnerable_targets_items] + expected[:targets_items_from_file]).uniq { |t| t.name } }
it 'checks all targets, and merge the results with passive_detection' do

16
spec/shared_examples/wp_plugin_vulnerable.rb
View File

@@ -2,25 +2,25 @@
shared_examples 'WpPlugin::Vulnerable' do
describe '#vulns_file' do
after { expect(subject.vulns_file).to eq @expected }
describe '#db_file' do
after { expect(subject.db_file).to eq @expected }
context 'when :vulns_file is no set' do
context 'when :db_file is no set' do
it 'returns the default one' do
@expected = PLUGINS_VULNS_FILE
@expected = PLUGINS_FILE
end
end
context 'when the :vulns_file is already set' do
context 'when the :db_file is already set' do
it 'returns it' do
@expected = 'test.json'
subject.vulns_file = @expected
@expected = 'test.json'
subject.db_file = @expected
end
end
end
describe '#identifier' do
its(:identifier) { is_expected.to eq 'plugin-name' }
its(:identifier) { should eq 'plugin-name' }
end
end

16
spec/shared_examples/wp_theme_vulnerable.rb
View File

@@ -2,25 +2,25 @@
shared_examples 'WpTheme::Vulnerable' do
describe '#vulns_file' do
after { expect(subject.vulns_file).to eq @expected }
describe '#db_file' do
after { expect(subject.db_file).to eq @expected }
context 'when :vulns_file is not set' do
context 'when :db_file is not set' do
it 'returns the default one' do
@expected = THEMES_VULNS_FILE
@expected = THEMES_FILE
end
end
context 'when the :vulns_file is already set' do
context 'when the :db_file is already set' do
it 'returns it' do
@expected = 'test.json'
subject.vulns_file = @expected
@expected = 'test.json'
subject.db_file = @expected
end
end
end
describe '#identifier' do
its(:identifier) { is_expected.to eq 'theme-name' }
its(:identifier) { should eq 'theme-name' }
end
end

16
spec/shared_examples/wp_version_vulnerable.rb
View File

@@ -2,25 +2,25 @@
shared_examples 'WpVersion::Vulnerable' do
describe '#vulns_file' do
after { expect(subject.vulns_file).to eq @expected }
describe '#db_file' do
after { expect(subject.db_file).to eq @expected }
context 'when :vulns_file is no set' do
context 'when :db_file is no set' do
it 'returns the default one' do
@expected = WP_VULNS_FILE
@expected = WORDPRESSES_FILE
end
end
context 'when the :vulns_file is already set' do
context 'when the :db_file is already set' do
it 'returns it' do
@expected = 'test.json'
subject.vulns_file = @expected
@expected = 'test.json'
subject.db_file = @expected
end
end
end
describe '#identifier' do
its(:identifier) { is_expected.to eq '1.2' }
its(:identifier) { should eq '1.2' }
end
end

39
wpscan.rb
View File

@@ -273,15 +273,29 @@ def main
# Enumerate the installed plugins
if wpscan_options.enumerate_plugins or wpscan_options.enumerate_only_vulnerable_plugins or wpscan_options.enumerate_all_plugins
puts
puts info("Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ...")
if wpscan_options.enumerate_only_vulnerable_plugins
puts info('Enumerating installed plugins (only ones with known vulnerabilities) ...')
plugin_enumeration_type = :vulnerable
end
if wpscan_options.enumerate_plugins
puts info('Enumerating installed plugins (only ones marked as popular) ...')
plugin_enumeration_type = :popular
end
if wpscan_options.enumerate_all_plugins
puts info('Enumerating all plugins (may take a while and use a lot of system resources) ...')
plugin_enumeration_type = :all
end
puts
wp_plugins = WpPlugins.aggressive_detection(wp_target,
enum_options.merge(
file: wpscan_options.enumerate_all_plugins ? PLUGINS_FULL_FILE : PLUGINS_FILE,
only_vulnerable: wpscan_options.enumerate_only_vulnerable_plugins || false
file: PLUGINS_FILE,
type: plugin_enumeration_type
)
)
puts
if !wp_plugins.empty?
puts info("We found #{wp_plugins.size} plugins:")
@@ -295,13 +309,26 @@ def main
# Enumerate installed themes
if wpscan_options.enumerate_themes or wpscan_options.enumerate_only_vulnerable_themes or wpscan_options.enumerate_all_themes
puts
puts info("Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ...")
if wpscan_options.enumerate_only_vulnerable_themes
puts info('Enumerating installed themes (only ones with known vulnerabilities) ...')
theme_enumeration_type = :vulnerable
end
if wpscan_options.enumerate_themes
puts info('Enumerating installed themes (only ones marked as popular) ...')
theme_enumeration_type = :popular
end
if wpscan_options.enumerate_all_themes
puts info('Enumerating all themes (may take a while and use a lot of system resources) ...')
theme_enumeration_type = :all
end
puts
wp_themes = WpThemes.aggressive_detection(wp_target,
enum_options.merge(
file: wpscan_options.enumerate_all_themes ? THEMES_FULL_FILE : THEMES_FILE,
only_vulnerable: wpscan_options.enumerate_only_vulnerable_themes || false
file: THEMES_FILE,
type: theme_enumeration_type
)
)
puts