From 1d6593fd4d453a04a65e74a5a86dc10a2b5a3d92 Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Wed, 20 Apr 2016 12:02:15 +0200 Subject: [PATCH 1/7] Add WP metadata #704 --- lib/common/models/wp_version.rb | 12 +++++++++++- lib/common/models/wp_version/output.rb | 4 ++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/common/models/wp_version.rb b/lib/common/models/wp_version.rb index 5cde2eca..d3687bff 100755 --- a/lib/common/models/wp_version.rb +++ b/lib/common/models/wp_version.rb @@ -8,7 +8,7 @@ class WpVersion < WpItem include WpVersion::Output # The version number - attr_accessor :number + attr_accessor :number, :metadata alias_method :version, :number # Needed to have the right behaviour in Vulnerable#vulnerable_to? # @return [ Array ] @@ -35,4 +35,14 @@ class WpVersion < WpItem a << node.text.to_s end end + + # @return [ Hash ] All metadata from version_file + def metadata(version) + json = json(WORDPRESSES_FILE) + + metadata = {} + metadata[:release_date] = json[version]['release_date'] + metadata[:changelog_url] = json[version]['changelog_url'] + metadata + end end diff --git a/lib/common/models/wp_version/output.rb b/lib/common/models/wp_version/output.rb index a724d711..53cf5e4f 100644 --- a/lib/common/models/wp_version/output.rb +++ b/lib/common/models/wp_version/output.rb @@ -4,8 +4,12 @@ class WpVersion < WpItem module Output def output(verbose = false) + metadata = self.metadata(self.number) + puts puts info("WordPress version #{self.number} identified from #{self.found_from}") + puts " | Released: #{metadata[:release_date]}" + puts " | Changelog: #{metadata[:changelog_url]}" vulnerabilities = self.vulnerabilities From 8192a4a21527422648e93475d2c82fa6d10bac2f Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Wed, 20 Apr 2016 12:27:09 +0200 Subject: [PATCH 2/7] Fix typo --- lib/common/models/wp_version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common/models/wp_version.rb b/lib/common/models/wp_version.rb index d3687bff..2bb40321 100755 --- a/lib/common/models/wp_version.rb +++ b/lib/common/models/wp_version.rb @@ -36,7 +36,7 @@ class WpVersion < WpItem end end - # @return [ Hash ] All metadata from version_file + # @return [ Hash ] All metadata from WORDPRESSES_FILE def metadata(version) json = json(WORDPRESSES_FILE) From 49a6d275d27f7b44746cdd2692ce2f2ce82d7cb8 Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Wed, 20 Apr 2016 12:37:46 +0200 Subject: [PATCH 3/7] Update comment --- lib/common/models/wp_version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common/models/wp_version.rb b/lib/common/models/wp_version.rb index 2bb40321..e9e36dee 100755 --- a/lib/common/models/wp_version.rb +++ b/lib/common/models/wp_version.rb @@ -36,7 +36,7 @@ class WpVersion < WpItem end end - # @return [ Hash ] All metadata from WORDPRESSES_FILE + # @return [ Hash ] Metadata for specific WP version from WORDPRESSES_FILE def metadata(version) json = json(WORDPRESSES_FILE) From a09dbab6a8fa634783d88e8c52b1cbeeac92236a Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Wed, 20 Apr 2016 12:43:56 +0200 Subject: [PATCH 4/7] Use db_file --- lib/common/models/wp_version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common/models/wp_version.rb b/lib/common/models/wp_version.rb index e9e36dee..f357ede0 100755 --- a/lib/common/models/wp_version.rb +++ b/lib/common/models/wp_version.rb @@ -38,7 +38,7 @@ class WpVersion < WpItem # @return [ Hash ] Metadata for specific WP version from WORDPRESSES_FILE def metadata(version) - json = json(WORDPRESSES_FILE) + json = json(db_file) metadata = {} metadata[:release_date] = json[version]['release_date'] From cdf2b387802587e4381ad02eeaea4a8deea98bea Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Wed, 20 Apr 2016 13:09:02 +0200 Subject: [PATCH 5/7] Only show changelog if verbose --- lib/common/models/wp_version/output.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common/models/wp_version/output.rb b/lib/common/models/wp_version/output.rb index 53cf5e4f..709a7eb1 100644 --- a/lib/common/models/wp_version/output.rb +++ b/lib/common/models/wp_version/output.rb @@ -9,7 +9,7 @@ class WpVersion < WpItem puts puts info("WordPress version #{self.number} identified from #{self.found_from}") puts " | Released: #{metadata[:release_date]}" - puts " | Changelog: #{metadata[:changelog_url]}" + puts " | Changelog: #{metadata[:changelog_url]}" if verbose vulnerabilities = self.vulnerabilities From fe7aede45892f27e9919259fc264386765354b09 Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Wed, 20 Apr 2016 13:39:05 +0200 Subject: [PATCH 6/7] Better output --- lib/common/models/wp_version/output.rb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/common/models/wp_version/output.rb b/lib/common/models/wp_version/output.rb index 709a7eb1..88abfa99 100644 --- a/lib/common/models/wp_version/output.rb +++ b/lib/common/models/wp_version/output.rb @@ -7,9 +7,13 @@ class WpVersion < WpItem metadata = self.metadata(self.number) puts - puts info("WordPress version #{self.number} identified from #{self.found_from}") - puts " | Released: #{metadata[:release_date]}" - puts " | Changelog: #{metadata[:changelog_url]}" if verbose + if verbose + puts info("WordPress version #{self.number} identified from #{self.found_from}") + puts " | Released: #{metadata[:release_date]}" + puts " | Changelog: #{metadata[:changelog_url]}" + else + puts info("WordPress version #{self.number} identified from #{self.found_from} #{"(Released on #{metadata[:release_date]})" if metadata[:release_date]}") + end vulnerabilities = self.vulnerabilities From 2e05f4171e6e03dbae32cd5b59ee1a89f653f8eb Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Thu, 28 Apr 2016 14:04:54 +0200 Subject: [PATCH 7/7] Update to Ruby 2.3.1 --- .ruby-version | 2 +- .travis.yml | 1 + README.md | 6 +++--- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.ruby-version b/.ruby-version index 276cbf9e..2bf1c1cc 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.3.0 +2.3.1 diff --git a/.travis.yml b/.travis.yml index c83d3894..ee2f2dd0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,6 +9,7 @@ rvm: - 2.2.3 - 2.2.4 - 2.3.0 + - 2.3.1 before_install: - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc" script: bundle exec rspec diff --git a/README.md b/README.md index a974eb9a..3f1446fb 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,7 @@ WPScan comes pre-installed on the following Linux distributions: Prerequisites: -- Ruby >= 2.1.9 - Recommended: 2.3.0 +- Ruby >= 2.1.9 - Recommended: 2.3.1 - Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault - RubyGems - Recommended: latest - Git @@ -156,8 +156,8 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install curl -sSL https://get.rvm.io | bash -s stable source ~/.rvm/scripts/rvm echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc - rvm install 2.3.0 - rvm use 2.3.0 --default + rvm install 2.3.1 + rvm use 2.3.1 --default echo "gem: --no-ri --no-rdoc" > ~/.gemrc gem install bundler git clone https://github.com/wpscanteam/wpscan.git