Version of the plugin found by aggressive detection is now output with the name

2012-07-26 13:47:42 +02:00
parent 45d171bbed
commit 62e21ba1e8
4 changed files with 27 additions and 2 deletions
--- a/lib/wpscan/modules/wp_plugins.rb
+++ b/lib/wpscan/modules/wp_plugins.rb
@@ -39,7 +39,7 @@ module WpPlugins
      request_count += 1

      request.on_complete do |response|
-        print "\rChecking for " + targets_url.size.to_s + " total plugins... #{(request_count * 100) / targets_url.size}% complete." if show_progress_bar
+        print "\rChecking for #{targets_url.size} total plugins... #{(request_count * 100) / targets_url.size}% complete." if show_progress_bar

        if valid_response_codes.include?(response.code)
          if Digest::MD5.hexdigest(response.body) != local_404_hash
--- a/lib/wpscan/wp_plugin.rb
+++ b/lib/wpscan/wp_plugin.rb
@@ -48,6 +48,11 @@ class WpPlugin < Vulnerable
    response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
  end

+  def to_s
+    version = version()
+    "#{@name}#{' v' + version if version}"
+  end
+
  # Discover any error_log files created by WordPress
  # These are created by the WordPress error_log() function
  # They are normally found in the /plugins/ directory,
--- a/spec/lib/wpscan/wp_plugin_spec.rb
+++ b/spec/lib/wpscan/wp_plugin_spec.rb
@@ -143,6 +143,26 @@ describe WpPlugin do
    end
  end

+  describe "#to_s" do
+    after :each do
+      wp_plugin = WpPlugin.new(WpPlugin.create_location_url_from_name(@name, "http://example.localhost"))
+      wp_plugin.stub(:version => @version)
+      wp_plugin.to_s.should === @expected
+    end
+
+    it "should not include the version if it's not detected" do
+      @name = "a-plugin"
+      @version = nil
+      @expected = "a-plugin"
+    end
+
+    it "should show the version if it's detected" do
+      @name = "another-plugin"
+      @version = "3.2"
+      @expected = "another-plugin v3.2"
+    end
+  end
+
  describe "#vulnerabilities" do
    let(:location_url) { 'http://example.localhost/wp-content/plugins/spec-plugin/' }
    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/vulnerabilities' }
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -193,7 +193,7 @@ begin

      plugins.each do |plugin|
        puts
-        puts " | Name: " + plugin.name
+        puts " | Name: " + plugin #this will also output the version number if detected
        puts " | Location: " + plugin.location_url

        puts " | Directory listing enabled? #{plugin.directory_listing? ? "Yes." : "No."}"