garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Version of the plugin found by aggressive detection is now output with the name

Browse Source
This commit is contained in:
Erwan
2012-07-26 13:47:42 +02:00
parent 45d171bbed
commit 62e21ba1e8
4 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/wpscan/modules/wp_plugins.rb
View File

@@ -39,7 +39,7 @@ module WpPlugins
request_count += 1 request_count += 1
request.on_complete do |response| request.on_complete do |response|
print "\rChecking for " + targets_url.size.to_s + " total plugins... #{(request_count * 100) / targets_url.size}% complete." if show_progress_bar print "\rChecking for #{targets_url.size} total plugins... #{(request_count * 100) / targets_url.size}% complete." if show_progress_bar
if valid_response_codes.include?(response.code) if valid_response_codes.include?(response.code)
if Digest::MD5.hexdigest(response.body) != local_404_hash if Digest::MD5.hexdigest(response.body) != local_404_hash

5
lib/wpscan/wp_plugin.rb
View File

@@ -48,6 +48,11 @@ class WpPlugin < Vulnerable
response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1] response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
end end
def to_s
version = version()
"#{@name}#{' v' + version if version}"
end
# Discover any error_log files created by WordPress # Discover any error_log files created by WordPress
# These are created by the WordPress error_log() function # These are created by the WordPress error_log() function
# They are normally found in the /plugins/ directory, # They are normally found in the /plugins/ directory,

20
spec/lib/wpscan/wp_plugin_spec.rb
View File

@@ -143,6 +143,26 @@ describe WpPlugin do
end end
end end
describe "#to_s" do
after :each do
wp_plugin = WpPlugin.new(WpPlugin.create_location_url_from_name(@name, "http://example.localhost"))
wp_plugin.stub(:version => @version)
wp_plugin.to_s.should === @expected
end
it "should not include the version if it's not detected" do
@name = "a-plugin"
@version = nil
@expected = "a-plugin"
end
it "should show the version if it's detected" do
@name = "another-plugin"
@version = "3.2"
@expected = "another-plugin v3.2"
end
end
describe "#vulnerabilities" do describe "#vulnerabilities" do
let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' } let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' }
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' } let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' }

2
wpscan.rb
View File

@@ -193,7 +193,7 @@ begin
plugins.each do |plugin| plugins.each do |plugin|
puts puts
puts " | Name: " + plugin.name puts " | Name: " + plugin #this will also output the version number if detected
puts " | Location: " + plugin.location_url puts " | Location: " + plugin.location_url
puts " | Directory listing enabled? #{plugin.directory_listing? ? "Yes." : "No."}" puts " | Directory listing enabled? #{plugin.directory_listing? ? "Yes." : "No."}"