garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Moves Models into their own namespace - Ref #1315

Browse Source
This commit is contained in:
erwanlr
2019-03-19 21:07:53 +00:00
parent f1657164d5
commit 898e8d4546
116 changed files with 613 additions and 560 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/core.rb
View File

@@ -95,7 +95,7 @@ module WPScan
mod = CMSScanner::Target::Server.const_get(server)
target.extend mod
WPScan::WpItem.include mod
Model::WpItem.include mod
server
end

4
app/controllers/password_attack.rb
View File

@@ -52,7 +52,7 @@ module WPScan
@attacker ||= attacker_from_cli_options || attacker_from_automatic_detection
end
# @return [ WPScan::XMLRPC ]
# @return [ Model::XMLRPC ]
def xmlrpc
@xmlrpc ||= target.xmlrpc
end
@@ -95,7 +95,7 @@ module WPScan
return target.users unless parsed_options[:usernames]
parsed_options[:usernames].reduce([]) do |acc, elem|
acc << CMSScanner::User.new(elem.chomp)
acc << Model::User.new(elem.chomp)
end
end

4
app/finders/config_backups/known_filenames.rb
View File

@@ -17,7 +17,9 @@ module WPScan
# Might need to improve that
next unless res.body =~ /define/i && res.body !~ /<\s?html/i
found << WPScan::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
found << Model::ConfigBackup.new(res.request.url,
found_by: DIRECT_ACCESS,
confidence: 100)
end
found

4
app/finders/db_exports/known_locations.rb
View File

@@ -17,7 +17,9 @@ module WPScan
enumerate(potential_urls(opts), opts) do |res|
next unless res.code == 200 && res.body =~ /INSERT INTO/
found << WPScan::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
found << Model::DbExport.new(res.request.url,
found_by: DIRECT_ACCESS,
confidence: 100)
end
found

2
app/finders/interesting_findings/backup_db.rb
View File

@@ -11,7 +11,7 @@ module WPScan
return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
WPScan::BackupDB.new(
Model::BackupDB.new(
url,
confidence: 70,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/debug_log.rb
View File

@@ -9,7 +9,7 @@ module WPScan
return unless target.debug_log?(path)
WPScan::DebugLog.new(
Model::DebugLog.new(
target.url(path),
confidence: 100, found_by: DIRECT_ACCESS,
references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }

2
app/finders/interesting_findings/duplicator_installer_log.rb
View File

@@ -10,7 +10,7 @@ module WPScan
return unless res.body =~ /DUPLICATOR INSTALL-LOG/
WPScan::DuplicatorInstallerLog.new(
Model::DuplicatorInstallerLog.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/emergency_pwd_reset_script.rb
View File

@@ -10,7 +10,7 @@ module WPScan
return unless res.code == 200 && !target.homepage_or_404?(res)
WPScan::EmergencyPwdResetScript.new(
Model::EmergencyPwdResetScript.new(
url,
confidence: res.body =~ /password/i ? 100 : 40,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/full_path_disclosure.rb
View File

@@ -10,7 +10,7 @@ module WPScan
return if fpd_entries.empty?
WPScan::FullPathDisclosure.new(
Model::FullPathDisclosure.new(
target.url(path),
confidence: 100,
found_by: DIRECT_ACCESS,

4
app/finders/interesting_findings/mu_plugins.rb
View File

@@ -12,7 +12,7 @@ module WPScan
url = target.url('wp-content/mu-plugins/')
return WPScan::MuPlugins.new(
return Model::MuPlugins.new(
url,
confidence: 70,
found_by: 'URLs In Homepage (Passive Detection)',
@@ -35,7 +35,7 @@ module WPScan
target.mu_plugins = true
WPScan::MuPlugins.new(
Model::MuPlugins.new(
url,
confidence: 80,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/multisite.rb
View File

@@ -15,7 +15,7 @@ module WPScan
target.multisite = true
WPScan::Multisite.new(
Model::Multisite.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/readme.rb
View File

@@ -10,7 +10,7 @@ module WPScan
res = Browser.get(url)
if res.code == 200 && res.body =~ /wordpress/i
return WPScan::Readme.new(url, confidence: 100, found_by: DIRECT_ACCESS)
return Model::Readme.new(url, confidence: 100, found_by: DIRECT_ACCESS)
end
end
nil

2
app/finders/interesting_findings/registration.rb
View File

@@ -18,7 +18,7 @@ module WPScan
target.registration_enabled = true
WPScan::Registration.new(
Model::Registration.new(
res.effective_url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/tmm_db_migrate.rb
View File

@@ -11,7 +11,7 @@ module WPScan
return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
WPScan::TmmDbMigrate.new(
Model::TmmDbMigrate.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/upload_directory_listing.rb
View File

@@ -11,7 +11,7 @@ module WPScan
url = target.url(path)
WPScan::UploadDirectoryListing.new(
Model::UploadDirectoryListing.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/upload_sql_dump.rb
View File

@@ -12,7 +12,7 @@ module WPScan
return unless res.code == 200 && res.body =~ SQL_PATTERN
WPScan::UploadSQLDump.new(
Model::UploadSQLDump.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS

2
app/finders/interesting_findings/wp_cron.rb
View File

@@ -9,7 +9,7 @@ module WPScan
return unless res.code == 200
WPScan::WPCron.new(
Model::WPCron.new(
wp_cron_url,
confidence: 60,
found_by: DIRECT_ACCESS,

2
app/finders/main_theme/css_style.rb
View File

@@ -6,7 +6,7 @@ module WPScan
include Finders::WpItems::URLsInHomepage
def create_theme(slug, style_url, opts)
WPScan::Theme.new(
Model::Theme.new(
slug,
target,
opts.merge(found_by: found_by, confidence: 70, style_url: style_url)

2
app/finders/main_theme/urls_in_homepage.rb
View File

@@ -14,7 +14,7 @@ module WPScan
slugs = items_from_links('themes', false) + items_from_codes('themes', false)
slugs.each_with_object(Hash.new(0)) { |slug, counts| counts[slug] += 1 }.each do |slug, occurences|
found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))
found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))
end
found

2
app/finders/main_theme/woo_framework_meta_generator.rb
View File

@@ -10,7 +10,7 @@ module WPScan
def passive(opts = {})
return unless target.homepage_res.body =~ PATTERN
WPScan::Theme.new(
Model::Theme.new(
Regexp.last_match[1],
target,
opts.merge(found_by: found_by, confidence: 80)

2
app/finders/medias/attachment_brute_forcing.rb
View File

@@ -15,7 +15,7 @@ module WPScan
enumerate(target_urls(opts), opts) do |res|
next unless res.code == 200
found << WPScan::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
found << Model::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
end
found

4
app/finders/passwords/xml_rpc_multicall.rb
View File

@@ -20,13 +20,13 @@ module WPScan
target.multi_call(methods).run
end
# @param [ Array<CMSScanner::User> ] users
# @param [ Array<Model::User> ] users
# @param [ Array<String> ] passwords
# @param [ Hash ] opts
# @option opts [ Boolean ] :show_progression
# @option opts [ Integer ] :multicall_max_passwords
#
# @yield [ CMSScanner::User ] When a valid combination is found
# @yield [ Model::User ] When a valid combination is found
#
# TODO: Make rubocop happy about metrics etc
#

4
app/finders/plugin_version.rb
View File

@@ -7,7 +7,7 @@ module WPScan
class Base
include CMSScanner::Finders::UniqueFinder
# @param [ WPScan::Plugin ] plugin
# @param [ Model::Plugin ] plugin
def initialize(plugin)
finders << PluginVersion::Readme.new(plugin)
@@ -16,7 +16,7 @@ module WPScan
# Load the finders associated with the plugin
#
# @param [ WPScan::Plugin ] plugin
# @param [ Model::Plugin ] plugin
def load_specific_finders(plugin)
module_name = plugin.classify

4
app/finders/plugin_version/readme.rb
View File

@@ -7,14 +7,14 @@ module WPScan
def aggressive(_opts = {})
found_by_msg = 'Readme - %s (Aggressive Detection)'
WPScan::WpItem::READMES.each do |file|
Model::WpItem::READMES.each do |file|
url = target.url(file)
res = Browser.get(url)
next unless res.code == 200 && !(numbers = version_numbers(res.body)).empty?
return numbers.reduce([]) do |a, e|
a << WPScan::Version.new(
a << Model::Version.new(
e[0],
found_by: format(found_by_msg, e[1]),
confidence: e[2],

2
app/finders/plugins/body_pattern.rb
View File

@@ -15,7 +15,7 @@ module WPScan
def process_response(opts, response, slug, klass, config)
return unless response.body =~ config['pattern']
Plugin.new(
Model::Plugin.new(
slug,
target,
opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

2
app/finders/plugins/comment.rb
View File

@@ -18,7 +18,7 @@ module WPScan
next unless comment =~ config['pattern']
return Plugin.new(
return Model::Plugin.new(
slug,
target,
opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

2
app/finders/plugins/config_parser.rb
View File

@@ -19,7 +19,7 @@ module WPScan
# when checking for plugins
#
Plugin.new(
Model::Plugin.new(
slug,
target,
opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

2
app/finders/plugins/header_pattern.rb
View File

@@ -18,7 +18,7 @@ module WPScan
configs.each do |klass, config|
next unless headers[config['header']] && headers[config['header']].to_s =~ config['pattern']
found << Plugin.new(
found << Model::Plugin.new(
slug,
target,
opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

2
app/finders/plugins/javascript_var.rb
View File

@@ -16,7 +16,7 @@ module WPScan
response.html.xpath(config['xpath'] || '//script[not(@src)]').each do |node|
next if config['pattern'] && !node.text.match(config['pattern'])
return Plugin.new(
return Model::Plugin.new(
slug,
target,
opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

2
app/finders/plugins/known_locations.rb
View File

@@ -13,7 +13,7 @@ module WPScan
found = []
enumerate(target_urls(opts), opts) do |_res, slug|
found << WPScan::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
end
found

2
app/finders/plugins/urls_in_homepage.rb
View File

@@ -14,7 +14,7 @@ module WPScan
found = []
(items_from_links('plugins') + items_from_codes('plugins')).uniq.sort.each do |slug|
found << Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
end
found

2
app/finders/plugins/xpath.rb
View File

@@ -16,7 +16,7 @@ module WPScan
response.html.xpath(config['xpath']).each do |node|
next if config['pattern'] && !node.text.match(config['pattern'])
return Plugin.new(
return Model::Plugin.new(
slug,
target,
opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

4
app/finders/theme_version.rb
View File

@@ -8,7 +8,7 @@ module WPScan
class Base
include CMSScanner::Finders::UniqueFinder
# @param [ WPScan::Theme ] theme
# @param [ Model::Theme ] theme
def initialize(theme)
finders <<
ThemeVersion::Style.new(theme) <<
@@ -19,7 +19,7 @@ module WPScan
# Load the finders associated with the theme
#
# @param [ WPScan::Theme ] theme
# @param [ Model::Theme ] theme
def load_specific_finders(theme)
module_name = theme.classify

2
app/finders/theme_version/style.rb
View File

@@ -30,7 +30,7 @@ module WPScan
def style_version
return unless Browser.get(target.style_url).body =~ /Version:[\t ]*(?!trunk)([0-9a-z\.-]+)/i
WPScan::Version.new(
Model::Version.new(
Regexp.last_match[1],
found_by: found_by,
confidence: 80,

2
app/finders/theme_version/woo_framework_meta_generator.rb
View File

@@ -11,7 +11,7 @@ module WPScan
return unless Regexp.last_match[1] == target.slug
WPScan::Version.new(Regexp.last_match[2], found_by: found_by, confidence: 80)
Model::Version.new(Regexp.last_match[2], found_by: found_by, confidence: 80)
end
end
end

2
app/finders/themes/known_locations.rb
View File

@@ -13,7 +13,7 @@ module WPScan
found = []
enumerate(target_urls(opts), opts) do |_res, slug|
found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
end
found

2
app/finders/themes/urls_in_homepage.rb
View File

@@ -12,7 +12,7 @@ module WPScan
found = []
(items_from_links('themes') + items_from_codes('themes')).uniq.sort.each do |slug|
found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
end
found

2
app/finders/timthumb_version.rb
View File

@@ -7,7 +7,7 @@ module WPScan
class Base
include CMSScanner::Finders::UniqueFinder
# @param [ WPScan::Timthumb ] target
# @param [ Model::Timthumb ] target
def initialize(target)
finders << TimthumbVersion::BadRequest.new(target)
end

2
app/finders/timthumb_version/bad_request.rb
View File

@@ -8,7 +8,7 @@ module WPScan
def aggressive(_opts = {})
return unless Browser.get(target.url).body =~ /(TimThumb version\s*: ([^<]+))/
WPScan::Version.new(
Model::Version.new(
Regexp.last_match[2],
found_by: 'Bad Request (Aggressive Detection)',
confidence: 90,

2
app/finders/timthumbs/known_locations.rb
View File

@@ -15,7 +15,7 @@ module WPScan
found = []
enumerate(target_urls(opts), opts) do |res|
found << WPScan::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
end
found

2
app/finders/users/author_id_brute_forcing.rb
View File

@@ -18,7 +18,7 @@ module WPScan
next unless username
found << CMSScanner::User.new(
found << Model::User.new(
username,
id: id,
found_by: format(found_by_msg, found_by),

2
app/finders/users/author_posts.rb
View File

@@ -10,7 +10,7 @@ module WPScan
found_by_msg = 'Author Posts - %s (Passive Detection)'
usernames(opts).reduce([]) do |a, e|
a << CMSScanner::User.new(
a << Model::User.new(
e[0],
found_by: format(found_by_msg, e[1]),
confidence: e[2]

2
app/finders/users/login_error_messages.rb
View File

@@ -24,7 +24,7 @@ module WPScan
next unless error =~ /The password you entered for the username|Incorrect Password/i
found << CMSScanner::User.new(username, found_by: found_by, confidence: 100)
found << Model::User.new(username, found_by: found_by, confidence: 100)
end
found

8
app/finders/users/oembed_api.rb
View File

@@ -21,10 +21,10 @@ module WPScan
return [] unless details
[CMSScanner::User.new(details[0],
found_by: format(found_by_msg, details[1]),
confidence: details[2],
interesting_entries: [api_url])]
[Model::User.new(details[0],
found_by: format(found_by_msg, details[1]),
confidence: details[2],
interesting_entries: [api_url])]
rescue JSON::ParserError
[]
end

2
app/finders/users/rss_generator.rb
View File

@@ -30,7 +30,7 @@ module WPScan
end
potential_usernames.uniq.each do |potential_username|
found << CMSScanner::User.new(potential_username, found_by: found_by, confidence: 50)
found << Model::User.new(potential_username, found_by: found_by, confidence: 50)
end
break

10
app/finders/users/wp_json_api.rb
View File

@@ -41,11 +41,11 @@ module WPScan
found = []
JSON.parse(response.body)&.each do |user|
found << CMSScanner::User.new(user['slug'],
id: user['id'],
found_by: found_by,
confidence: 100,
interesting_entries: [response.effective_url])
found << Model::User.new(user['slug'],
id: user['id'],
found_by: found_by,
confidence: 100,
interesting_entries: [response.effective_url])
end
found

8
app/finders/users/yoast_seo_author_sitemap.rb
View File

@@ -15,10 +15,10 @@ module WPScan
next unless username && !username.strip.empty?
found << CMSScanner::User.new(username,
found_by: found_by,
confidence: 100,
interesting_entries: [sitemap_url])
found << Model::User.new(username,
found_by: found_by,
confidence: 100,
interesting_entries: [sitemap_url])
end
found

4
app/finders/wp_version/readme.rb
View File

@@ -13,9 +13,9 @@ module WPScan
number = Regexp.last_match(1)
return unless WPScan::WpVersion.valid?(number)
return unless Model::WpVersion.valid?(number)
WPScan::WpVersion.new(
Model::WpVersion.new(
number,
found_by: 'Readme (Aggressive Detection)',
# Since WP 4.7, the Readme only contains the major version (ie 4.7, 4.8 etc)

2
app/finders/wp_version/unique_fingerprinting.rb
View File

@@ -11,7 +11,7 @@ module WPScan
hydra.abort
progress_bar.finish
return WPScan::WpVersion.new(
return Model::WpVersion.new(
version_number,
found_by: 'Unique Fingerprinting (Aggressive Detection)',
confidence: 100,

6
app/models.rb
View File

@@ -1,3 +1,9 @@
module WPScan
module Model
include CMSScanner::Model
end
end
require_relative 'models/interesting_finding'
require_relative 'models/wp_version'
require_relative 'models/xml_rpc'

6
app/models/config_backup.rb
View File

@@ -1,5 +1,7 @@
module WPScan
# Config Backup
class ConfigBackup < InterestingFinding
module Model
# Config Backup
class ConfigBackup < InterestingFinding
end
end
end

6
app/models/db_export.rb
View File

@@ -1,5 +1,7 @@
module WPScan
# DB Export
class DbExport < InterestingFinding
module Model
# DB Export
class DbExport < InterestingFinding
end
end
end

66
app/models/interesting_finding.rb
View File

@@ -1,48 +1,50 @@
module WPScan
# Custom class to include the WPScan::References module
class InterestingFinding < CMSScanner::InterestingFinding
include References
end
module Model
# Custom class to include the WPScan::References module
class InterestingFinding < CMSScanner::Model::InterestingFinding
include References
end
#
# Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
#
class BackupDB < InterestingFinding
end
#
# Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
#
class BackupDB < InterestingFinding
end
class DebugLog < InterestingFinding
end
class DebugLog < InterestingFinding
end
class DuplicatorInstallerLog < InterestingFinding
end
class DuplicatorInstallerLog < InterestingFinding
end
class EmergencyPwdResetScript < InterestingFinding
end
class EmergencyPwdResetScript < InterestingFinding
end
class FullPathDisclosure < InterestingFinding
end
class FullPathDisclosure < InterestingFinding
end
class MuPlugins < InterestingFinding
end
class MuPlugins < InterestingFinding
end
class Multisite < InterestingFinding
end
class Multisite < InterestingFinding
end
class Readme < InterestingFinding
end
class Readme < InterestingFinding
end
class Registration < InterestingFinding
end
class Registration < InterestingFinding
end
class TmmDbMigrate < InterestingFinding
end
class TmmDbMigrate < InterestingFinding
end
class UploadDirectoryListing < InterestingFinding
end
class UploadDirectoryListing < InterestingFinding
end
class UploadSQLDump < InterestingFinding
end
class UploadSQLDump < InterestingFinding
end
class WPCron < InterestingFinding
class WPCron < InterestingFinding
end
end
end

6
app/models/media.rb
View File

@@ -1,5 +1,7 @@
module WPScan
# Media
class Media < InterestingFinding
module Model
# Media
class Media < InterestingFinding
end
end
end

36
app/models/plugin.rb
View File

@@ -1,25 +1,27 @@
module WPScan
# WordPress Plugin
class Plugin < WpItem
# See WpItem
def initialize(slug, blog, opts = {})
super(slug, blog, opts)
module Model
# WordPress Plugin
class Plugin < WpItem
# See WpItem
def initialize(slug, blog, opts = {})
super(slug, blog, opts)
@uri = Addressable::URI.parse(blog.url("wp-content/plugins/#{slug}/"))
end
@uri = Addressable::URI.parse(blog.url("wp-content/plugins/#{slug}/"))
end
# @return [ JSON ]
def db_data
DB::Plugin.db_data(slug)
end
# @return [ JSON ]
def db_data
DB::Plugin.db_data(slug)
end
# @param [ Hash ] opts
#
# @return [ WPScan::Version, false ]
def version(opts = {})
@version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
# @param [ Hash ] opts
#
# @return [ Model::Version, false ]
def version(opts = {})
@version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
@version
@version
end
end
end
end

174
app/models/theme.rb
View File

@@ -1,99 +1,101 @@
module WPScan
# WordPress Theme
class Theme < WpItem
attr_reader :style_url, :style_name, :style_uri, :author, :author_uri, :template, :description,
:license, :license_uri, :tags, :text_domain
module Model
# WordPress Theme
class Theme < WpItem
attr_reader :style_url, :style_name, :style_uri, :author, :author_uri, :template, :description,
:license, :license_uri, :tags, :text_domain
# See WpItem
def initialize(slug, blog, opts = {})
super(slug, blog, opts)
# See WpItem
def initialize(slug, blog, opts = {})
super(slug, blog, opts)
@uri = Addressable::URI.parse(blog.url("wp-content/themes/#{slug}/"))
@style_url = opts[:style_url] || url('style.css')
@uri = Addressable::URI.parse(blog.url("wp-content/themes/#{slug}/"))
@style_url = opts[:style_url] || url('style.css')
parse_style
end
# @return [ JSON ]
def db_data
DB::Theme.db_data(slug)
end
# @param [ Hash ] opts
#
# @return [ WPScan::Version, false ]
def version(opts = {})
@version = Finders::ThemeVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
@version
end
# @return [ Theme ]
def parent_theme
return unless template
return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
opts = detection_opts.merge(
style_url: url(Regexp.last_match[1]),
found_by: 'Parent Themes (Passive Detection)',
confidence: 100
).merge(version_detection: version_detection_opts)
self.class.new(template, blog, opts)
end
# @param [ Integer ] depth
#
# @retun [ Array<Theme> ]
def parent_themes(depth = 3)
theme = self
found = []
(1..depth).each do |_|
parent = theme.parent_theme
break unless parent
found << parent
theme = parent
parse_style
end
found
end
def style_body
@style_body ||= Browser.get(style_url).body
end
def parse_style
{
style_name: 'Theme Name',
style_uri: 'Theme URI',
author: 'Author',
author_uri: 'Author URI',
template: 'Template',
description: 'Description',
license: 'License',
license_uri: 'License URI',
tags: 'Tags',
text_domain: 'Text Domain'
}.each do |attribute, tag|
instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
# @return [ JSON ]
def db_data
DB::Theme.db_data(slug)
end
end
# @param [ String ] bofy
# @param [ String ] tag
#
# @return [ String ]
def parse_style_tag(body, tag)
value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
# @param [ Hash ] opts
#
# @return [ Model::Version, false ]
def version(opts = {})
@version = Finders::ThemeVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
value && !value.strip.empty? ? value.strip : nil
end
@version
end
def ==(other)
super(other) && style_url == other.style_url
# @return [ Theme ]
def parent_theme
return unless template
return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
opts = detection_opts.merge(
style_url: url(Regexp.last_match[1]),
found_by: 'Parent Themes (Passive Detection)',
confidence: 100
).merge(version_detection: version_detection_opts)
self.class.new(template, blog, opts)
end
# @param [ Integer ] depth
#
# @retun [ Array<Theme> ]
def parent_themes(depth = 3)
theme = self
found = []
(1..depth).each do |_|
parent = theme.parent_theme
break unless parent
found << parent
theme = parent
end
found
end
def style_body
@style_body ||= Browser.get(style_url).body
end
def parse_style
{
style_name: 'Theme Name',
style_uri: 'Theme URI',
author: 'Author',
author_uri: 'Author URI',
template: 'Template',
description: 'Description',
license: 'License',
license_uri: 'License URI',
tags: 'Tags',
text_domain: 'Text Domain'
}.each do |attribute, tag|
instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
end
end
# @param [ String ] bofy
# @param [ String ] tag
#
# @return [ String ]
def parse_style_tag(body, tag)
value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
value && !value.strip.empty? ? value.strip : nil
end
def ==(other)
super(other) && style_url == other.style_url
end
end
end
end

110
app/models/timthumb.rb
View File

@@ -1,71 +1,73 @@
module WPScan
# Timthumb
class Timthumb < InterestingFinding
include Vulnerable
module Model
# Timthumb
class Timthumb < InterestingFinding
include Vulnerable
attr_reader :version_detection_opts
attr_reader :version_detection_opts
# @param [ String ] url
# @param [ Hash ] opts
# @option opts [ Symbol ] :mode The mode to use to detect the version
def initialize(url, opts = {})
super(url, opts)
# @param [ String ] url
# @param [ Hash ] opts
# @option opts [ Symbol ] :mode The mode to use to detect the version
def initialize(url, opts = {})
super(url, opts)
@version_detection_opts = opts[:version_detection] || {}
end
@version_detection_opts = opts[:version_detection] || {}
end
# @param [ Hash ] opts
#
# @return [ WPScan::Version, false ]
def version(opts = {})
@version = Finders::TimthumbVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
# @param [ Hash ] opts
#
# @return [ Model::Version, false ]
def version(opts = {})
@version = Finders::TimthumbVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
@version
end
@version
end
# @return [ Array<Vulnerability> ]
def vulnerabilities
vulns = []
# @return [ Array<Vulnerability> ]
def vulnerabilities
vulns = []
vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
vulns << rce_132_vuln if version == false || version < '1.33'
vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
vulns << rce_132_vuln if version == false || version < '1.33'
vulns
end
vulns
end
# @return [ Vulnerability ] The RCE in the <= 1.32
def rce_132_vuln
Vulnerability.new(
'Timthumb <= 1.32 Remote Code Execution',
{ exploitdb: ['17602'] },
'RCE',
'1.33'
)
end
# @return [ Vulnerability ] The RCE in the <= 1.32
def rce_132_vuln
Vulnerability.new(
'Timthumb <= 1.32 Remote Code Execution',
{ exploitdb: ['17602'] },
'RCE',
'1.33'
)
end
# @return [ Vulnerability ] The RCE due to the WebShot in the > 1.35 (or >= 2.0) and <= 2.8.13
def rce_webshot_vuln
Vulnerability.new(
'Timthumb <= 2.8.13 WebShot Remote Code Execution',
{
url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
cve: '2014-4663'
},
'RCE',
'2.8.14'
)
end
# @return [ Vulnerability ] The RCE due to the WebShot in the > 1.35 (or >= 2.0) and <= 2.8.13
def rce_webshot_vuln
Vulnerability.new(
'Timthumb <= 2.8.13 WebShot Remote Code Execution',
{
url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
cve: '2014-4663'
},
'RCE',
'2.8.14'
)
end
# @return [ Boolean ]
def webshot_enabled?
res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
# @return [ Boolean ]
def webshot_enabled?
res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
res.body =~ /WEBSHOT_ENABLED == true/ ? false : true
end
res.body =~ /WEBSHOT_ENABLED == true/ ? false : true
end
# @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
def default_allowed_domains
%w[flickr.com picasa.com img.youtube.com upload.wikimedia.org]
# @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
def default_allowed_domains
%w[flickr.com picasa.com img.youtube.com upload.wikimedia.org]
end
end
end
end

266
app/models/wp_item.rb
View File

@@ -1,158 +1,160 @@
module WPScan
# WpItem (superclass of Plugin & Theme)
class WpItem
include Vulnerable
include Finders::Finding
include CMSScanner::Target::Platform::PHP
include CMSScanner::Target::Server::Generic
module Model
# WpItem (superclass of Plugin & Theme)
class WpItem
include Vulnerable
include Finders::Finding
include CMSScanner::Target::Platform::PHP
include CMSScanner::Target::Server::Generic
READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
CHANGELOGS = %w[changelog.txt CHANGELOG.md changelog.md].freeze
READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
CHANGELOGS = %w[changelog.txt CHANGELOG.md changelog.md].freeze
attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :db_data
attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :db_data
delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, to: :blog
delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, to: :blog
# @param [ String ] slug The plugin/theme slug
# @param [ Target ] blog The targeted blog
# @param [ Hash ] opts
# @option opts [ Symbol ] :mode The detection mode to use
# @option opts [ Hash ] :version_detection The options to use when looking for the version
# @option opts [ String ] :url The URL of the item
def initialize(slug, blog, opts = {})
@slug = URI.decode(slug)
@blog = blog
@uri = Addressable::URI.parse(opts[:url]) if opts[:url]
# @param [ String ] slug The plugin/theme slug
# @param [ Target ] blog The targeted blog
# @param [ Hash ] opts
# @option opts [ Symbol ] :mode The detection mode to use
# @option opts [ Hash ] :version_detection The options to use when looking for the version
# @option opts [ String ] :url The URL of the item
def initialize(slug, blog, opts = {})
@slug = URI.decode(slug)
@blog = blog
@uri = Addressable::URI.parse(opts[:url]) if opts[:url]
@detection_opts = { mode: opts[:mode] }
@version_detection_opts = opts[:version_detection] || {}
@detection_opts = { mode: opts[:mode] }
@version_detection_opts = opts[:version_detection] || {}
parse_finding_options(opts)
end
# @return [ Array<Vulnerabily> ]
def vulnerabilities
return @vulnerabilities if @vulnerabilities
@vulnerabilities = []
[*db_data['vulnerabilities']].each do |json_vuln|
vulnerability = Vulnerability.load_from_json(json_vuln)
@vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
parse_finding_options(opts)
end
@vulnerabilities
end
# @return [ Array<Vulnerabily> ]
def vulnerabilities
return @vulnerabilities if @vulnerabilities
# Checks if the wp_item is vulnerable to a specific vulnerability
#
# @param [ Vulnerability ] vuln Vulnerability to check the item against
#
# @return [ Boolean ]
def vulnerable_to?(vuln)
return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
@vulnerabilities = []
version < vuln.fixed_in
end
# @return [ String ]
def latest_version
@latest_version ||= db_data['latest_version'] ? WPScan::Version.new(db_data['latest_version']) : nil
end
# Not used anywhere ATM
# @return [ Boolean ]
def popular?
@popular ||= db_data['popular']
end
# @return [ String ]
def last_updated
@last_updated ||= db_data['last_updated']
end
# @return [ Boolean ]
def outdated?
@outdated ||= if version && latest_version
version < latest_version
else
false
end
end
# URI.encode is preferered over Addressable::URI.encode as it will encode
# leading # character:
# URI.encode('#t#') => %23t%23
# Addressable::URI.encode('#t#') => #t%23
#
# @param [ String ] path Optional path to merge with the uri
#
# @return [ String ]
def url(path = nil)
return unless @uri
return @uri.to_s unless path
@uri.join(URI.encode(path)).to_s
end
# @return [ Boolean ]
def ==(other)
self.class == other.class && slug == other.slug
end
def to_s
slug
end
# @return [ Symbol ] The Class symbol associated to the item
def classify
@classify ||= classify_slug(slug)
end
# @return [ String ] The readme url if found
def readme_url
return if detection_opts[:mode] == :passive
if @readme_url.nil?
READMES.each do |path|
return @readme_url = url(path) if Browser.get(url(path)).code == 200
[*db_data['vulnerabilities']].each do |json_vuln|
vulnerability = Vulnerability.load_from_json(json_vuln)
@vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
end
@vulnerabilities
end
@readme_url
end
# Checks if the wp_item is vulnerable to a specific vulnerability
#
# @param [ Vulnerability ] vuln Vulnerability to check the item against
#
# @return [ Boolean ]
def vulnerable_to?(vuln)
return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
# @return [ String, false ] The changelog urr if found
def changelog_url
return if detection_opts[:mode] == :passive
version < vuln.fixed_in
end
if @changelog_url.nil?
CHANGELOGS.each do |path|
return @changelog_url = url(path) if Browser.get(url(path)).code == 200
# @return [ String ]
def latest_version
@latest_version ||= db_data['latest_version'] ? Model::Version.new(db_data['latest_version']) : nil
end
# Not used anywhere ATM
# @return [ Boolean ]
def popular?
@popular ||= db_data['popular']
end
# @return [ String ]
def last_updated
@last_updated ||= db_data['last_updated']
end
# @return [ Boolean ]
def outdated?
@outdated ||= if version && latest_version
version < latest_version
else
false
end
end
# URI.encode is preferered over Addressable::URI.encode as it will encode
# leading # character:
# URI.encode('#t#') => %23t%23
# Addressable::URI.encode('#t#') => #t%23
#
# @param [ String ] path Optional path to merge with the uri
#
# @return [ String ]
def url(path = nil)
return unless @uri
return @uri.to_s unless path
@uri.join(URI.encode(path)).to_s
end
# @return [ Boolean ]
def ==(other)
self.class == other.class && slug == other.slug
end
def to_s
slug
end
# @return [ Symbol ] The Class symbol associated to the item
def classify
@classify ||= classify_slug(slug)
end
# @return [ String ] The readme url if found
def readme_url
return if detection_opts[:mode] == :passive
if @readme_url.nil?
READMES.each do |path|
return @readme_url = url(path) if Browser.get(url(path)).code == 200
end
end
@readme_url
end
@changelog_url
end
# @return [ String, false ] The changelog urr if found
def changelog_url
return if detection_opts[:mode] == :passive
# @param [ String ] path
# @param [ Hash ] params The request params
#
# @return [ Boolean ]
def directory_listing?(path = nil, params = {})
return if detection_opts[:mode] == :passive
if @changelog_url.nil?
CHANGELOGS.each do |path|
return @changelog_url = url(path) if Browser.get(url(path)).code == 200
end
end
super(path, params)
end
@changelog_url
end
# @param [ String ] path
# @param [ Hash ] params The request params
#
# @return [ Boolean ]
def error_log?(path = 'error_log', params = {})
return if detection_opts[:mode] == :passive
# @param [ String ] path
# @param [ Hash ] params The request params
#
# @return [ Boolean ]
def directory_listing?(path = nil, params = {})
return if detection_opts[:mode] == :passive
super(path, params)
super(path, params)
end
# @param [ String ] path
# @param [ Hash ] params The request params
#
# @return [ Boolean ]
def error_log?(path = 'error_log', params = {})
return if detection_opts[:mode] == :passive
super(path, params)
end
end
end
end

94
app/models/wp_version.rb
View File

@@ -1,64 +1,66 @@
module WPScan
# WP Version
class WpVersion < CMSScanner::Version
include Vulnerable
module Model
# WP Version
class WpVersion < CMSScanner::Model::Version
include Vulnerable
def initialize(number, opts = {})
raise Error::InvalidWordPressVersion unless WpVersion.valid?(number.to_s)
def initialize(number, opts = {})
raise Error::InvalidWordPressVersion unless WpVersion.valid?(number.to_s)
super(number, opts)
end
super(number, opts)
end
# @param [ String ] number
#
# @return [ Boolean ] true if the number is a valid WP version, false otherwise
def self.valid?(number)
all.include?(number)
end
# @param [ String ] number
#
# @return [ Boolean ] true if the number is a valid WP version, false otherwise
def self.valid?(number)
all.include?(number)
end
# @return [ Array<String> ] All the version numbers
def self.all
return @all_numbers if @all_numbers
# @return [ Array<String> ] All the version numbers
def self.all
return @all_numbers if @all_numbers
@all_numbers = []
@all_numbers = []
DB::Fingerprints.wp_fingerprints.each_value do |fp|
fp.each_value do |versions|
versions.each do |version|
@all_numbers << version unless @all_numbers.include?(version)
DB::Fingerprints.wp_fingerprints.each_value do |fp|
fp.each_value do |versions|
versions.each do |version|
@all_numbers << version unless @all_numbers.include?(version)
end
end
end
@all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
end
@all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
end
# @return [ JSON ]
def db_data
DB::Version.db_data(number)
end
# @return [ Array<Vulnerability> ]
def vulnerabilities
return @vulnerabilities if @vulnerabilities
@vulnerabilities = []
[*db_data['vulnerabilities']].each do |json_vuln|
@vulnerabilities << Vulnerability.load_from_json(json_vuln)
# @return [ JSON ]
def db_data
DB::Version.db_data(number)
end
@vulnerabilities
end
# @return [ Array<Vulnerability> ]
def vulnerabilities
return @vulnerabilities if @vulnerabilities
# @return [ String ]
def release_date
@release_date ||= db_data['release_date'] || 'Unknown'
end
@vulnerabilities = []
# @return [ String ]
def status
@status ||= db_data['status'] || 'Unknown'
[*db_data['vulnerabilities']].each do |json_vuln|
@vulnerabilities << Vulnerability.load_from_json(json_vuln)
end
@vulnerabilities
end
# @return [ String ]
def release_date
@release_date ||= db_data['release_date'] || 'Unknown'
end
# @return [ String ]
def status
@status ||= db_data['status'] || 'Unknown'
end
end
end
end

30
app/models/xml_rpc.rb
View File

@@ -1,19 +1,21 @@
module WPScan
# Override of the CMSScanner::XMLRPC to include the references
class XMLRPC < CMSScanner::XMLRPC
include References # To be able to use the :wpvulndb reference if needed
module Model
# Override of the CMSScanner::XMLRPC to include the references
class XMLRPC < CMSScanner::Model::XMLRPC
include References # To be able to use the :wpvulndb reference if needed
# @return [ Hash ]
def references
{
url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'],
metasploit: [
'auxiliary/scanner/http/wordpress_ghost_scanner',
'auxiliary/dos/http/wordpress_xmlrpc_dos',
'auxiliary/scanner/http/wordpress_xmlrpc_login',
'auxiliary/scanner/http/wordpress_pingback_access'
]
}
# @return [ Hash ]
def references
{
url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'],
metasploit: [
'auxiliary/scanner/http/wordpress_ghost_scanner',
'auxiliary/dos/http/wordpress_xmlrpc_dos',
'auxiliary/scanner/http/wordpress_xmlrpc_login',
'auxiliary/scanner/http/wordpress_pingback_access'
]
}
end
end
end
end

4
lib/wpscan/finders/dynamic_finder/version/finder.rb
View File

@@ -9,9 +9,9 @@ module WPScan
# @param [ String ] number
# @param [ Hash ] finding_opts
# @return [ WPScan::Version ]
# @return [ Model::Version ]
def create_version(number, finding_opts)
WPScan::Version.new(number, version_finding_opts(finding_opts))
Model::Version.new(number, version_finding_opts(finding_opts))
end
# @param [ Hash ] opts

4
lib/wpscan/finders/dynamic_finder/wp_items/finder.rb
View File

@@ -31,7 +31,7 @@ module WPScan
configs.each do |klass, config|
item = process_response(opts, target.homepage_res, slug, klass, config)
found << item if item.is_a?(WpItem)
found << item if item.is_a?(Model::WpItem)
end
end
@@ -70,7 +70,7 @@ module WPScan
item = process_response(opts, response, slug, klass, config)
found << item if item.is_a?(WpItem)
found << item if item.is_a?(Model::WpItem)
end
end

4
lib/wpscan/finders/dynamic_finder/wp_version.rb
View File

@@ -4,9 +4,9 @@ module WPScan
module WpVersion
module Finder
def create_version(number, finding_opts)
return unless WPScan::WpVersion.valid?(number)
return unless Model::WpVersion.valid?(number)
WPScan::WpVersion.new(number, version_finding_opts(finding_opts))
Model::WpVersion.new(number, version_finding_opts(finding_opts))
end
end

2
lib/wpscan/finders/finder/wp_version/smart_url_checker.rb
View File

@@ -7,7 +7,7 @@ module WPScan
include CMSScanner::Finders::Finder::SmartURLChecker
def create_version(number, opts = {})
WPScan::WpVersion.new(
Model::WpVersion.new(
number,
found_by: opts[:found_by] || found_by,
confidence: opts[:confidence] || 80,

2
lib/wpscan/target.rb
View File

@@ -21,7 +21,7 @@ module WPScan
# @return [ XMLRPC, nil ]
def xmlrpc
@xmlrpc ||= interesting_findings&.select { |f| f.is_a?(WPScan::XMLRPC) }&.first
@xmlrpc ||= interesting_findings&.select { |f| f.is_a?(Model::XMLRPC) }&.first
end
# @param [ Hash ] opts

4
spec/app/controllers/core_spec.rb
View File

@@ -29,13 +29,13 @@ describe WPScan::Controller::Core do
expect(core.target).to receive(:server).and_return(@stubbed_server)
expect(core.load_server_module).to eql @expected
[core.target, WPScan::WpItem.new(target_url, core.target)].each do |instance|
[core.target, WPScan::Model::WpItem.new(target_url, core.target)].each do |instance|
expect(instance).to respond_to(:directory_listing?)
expect(instance).to respond_to(:directory_listing_entries)
# The below doesn't work, the module would have to be removed from the class
# TODO: find a way to test this
# expect(instance.server).to eql @expected if instance.is_a? WPScan::WpItem
# expect(instance.server).to eql @expected if instance.is_a? WPScan::Model::WpItem
end
end

24
spec/app/controllers/password_attack_spec.rb
View File

@@ -32,7 +32,7 @@ describe WPScan::Controller::PasswordAttack do
it 'returns an array with the users' do
expected = %w[admin editor].reduce([]) do |a, e|
a << CMSScanner::User.new(e)
a << WPScan::Model::User.new(e)
end
expect(controller.users).to eql expected
@@ -90,7 +90,9 @@ describe WPScan::Controller::PasswordAttack do
context 'when xmlrpc detected on target' do
before do
expect(controller.target).to receive(:xmlrpc).and_return(WPScan::XMLRPC.new("#{target_url}/xmlrpc.php"))
expect(controller.target)
.to receive(:xmlrpc)
.and_return(WPScan::Model::XMLRPC.new("#{target_url}/xmlrpc.php"))
end
context 'when single xmlrpc' do
@@ -98,7 +100,7 @@ describe WPScan::Controller::PasswordAttack do
it 'returns the correct object' do
expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
expect(controller.attacker.target).to be_a WPScan::XMLRPC
expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
end
end
@@ -107,7 +109,7 @@ describe WPScan::Controller::PasswordAttack do
it 'returns the correct object' do
expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
expect(controller.attacker.target).to be_a WPScan::XMLRPC
expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
end
end
end
@@ -127,7 +129,7 @@ describe WPScan::Controller::PasswordAttack do
end
context 'when xmlrpc not enabled' do
let(:xmlrpc) { WPScan::XMLRPC.new("#{target_url}/xmlrpc.php") }
let(:xmlrpc) { WPScan::Model::XMLRPC.new("#{target_url}/xmlrpc.php") }
it 'returns the WpLogin' do
expect(xmlrpc).to receive(:enabled?).and_return(false)
@@ -138,7 +140,7 @@ describe WPScan::Controller::PasswordAttack do
end
context 'when xmlrpc enabled' do
let(:xmlrpc) { WPScan::XMLRPC.new("#{target_url}/xmlrpc.php") }
let(:xmlrpc) { WPScan::Model::XMLRPC.new("#{target_url}/xmlrpc.php") }
before { expect(xmlrpc).to receive(:enabled?).and_return(true) }
@@ -159,7 +161,7 @@ describe WPScan::Controller::PasswordAttack do
expect(controller.target).to receive(:wp_version).and_return(false)
expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
expect(controller.attacker.target).to be_a WPScan::XMLRPC
expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
end
end
@@ -167,20 +169,20 @@ describe WPScan::Controller::PasswordAttack do
before { expect(controller.target).to receive(:wp_version).and_return(wp_version) }
context 'when WP < 4.4' do
let(:wp_version) { WPScan::WpVersion.new('3.8.1') }
let(:wp_version) { WPScan::Model::WpVersion.new('3.8.1') }
it 'returns the XMLRPCMulticall' do
expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
expect(controller.attacker.target).to be_a WPScan::XMLRPC
expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
end
end
context 'when WP >= 4.4' do
let(:wp_version) { WPScan::WpVersion.new('4.4') }
let(:wp_version) { WPScan::Model::WpVersion.new('4.4') }
it 'returns the XMLRPC' do
expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
expect(controller.attacker.target).to be_a WPScan::XMLRPC
expect(controller.attacker.target).to be_a WPScan::Model::XMLRPC
end
end
end

10
spec/app/controllers/wp_version_spec.rb
View File

@@ -56,7 +56,7 @@ describe WPScan::Controller::WpVersion do
context "when --detection-mode #{mode}" do
let(:cli_args) { "#{super()} --detection-mode #{mode}" }
[WPScan::WpVersion.new('4.0')].each do |version|
[WPScan::Model::WpVersion.new('4.0')].each do |version|
context "when version = #{version}" do
let(:stubbed) { version }
@@ -68,16 +68,16 @@ describe WPScan::Controller::WpVersion do
context 'when --wp-version-all supplied' do
let(:cli_args) { "#{super()} --wp-version-all" }
let(:stubbed) { WPScan::WpVersion.new('3.9.1') }
let(:stubbed) { WPScan::Model::WpVersion.new('3.9.1') }
it_calls_the_formatter_with_the_correct_parameter(WPScan::WpVersion.new('3.9.1'))
it_calls_the_formatter_with_the_correct_parameter(WPScan::Model::WpVersion.new('3.9.1'))
end
context 'when --wp-version-detection mode supplied' do
let(:cli_args) { "#{super()} --detection-mode mixed --wp-version-detection passive" }
let(:stubbed) { WPScan::WpVersion.new('4.4') }
let(:stubbed) { WPScan::Model::WpVersion.new('4.4') }
it_calls_the_formatter_with_the_correct_parameter(WPScan::WpVersion.new('4.4'))
it_calls_the_formatter_with_the_correct_parameter(WPScan::Model::WpVersion.new('4.4'))
end
end
end

2
spec/app/finders/config_backups/known_filenames_spec.rb
View File

@@ -36,7 +36,7 @@ describe WPScan::Finders::ConfigBackups::KnownFilenames do
files.each do |file|
url = "#{target.url}#{file}"
expected << WPScan::ConfigBackup.new(
expected << WPScan::Model::ConfigBackup.new(
url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/db_exports/known_locations_spec.rb
View File

@@ -53,7 +53,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
files.each do |file|
url = "#{target.url}#{file}"
expected << WPScan::DbExport.new(
expected << WPScan::Model::DbExport.new(
url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/backup_db_spec.rb
View File

@@ -35,7 +35,7 @@ describe WPScan::Finders::InterestingFindings::BackupDB do
after do
found = finder.aggressive
expect(found).to eql WPScan::BackupDB.new(
expect(found).to eql WPScan::Model::BackupDB.new(
dir_url,
confidence: 70,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/debug_log_spec.rb
View File

@@ -21,7 +21,7 @@ describe WPScan::Finders::InterestingFindings::DebugLog do
let(:body) { File.read(fixtures.join('debug.log')) }
it 'returns the InterestingFinding' do
expect(finder.aggressive).to eql WPScan::DebugLog.new(
expect(finder.aggressive).to eql WPScan::Model::DebugLog.new(
log_url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/duplicator_installer_log_spec.rb
View File

@@ -22,7 +22,7 @@ describe WPScan::Finders::InterestingFindings::DuplicatorInstallerLog do
let(:body) { File.read(fixtures.join(filename)) }
it 'returns the InterestingFinding' do
expect(finder.aggressive).to eql WPScan::DuplicatorInstallerLog.new(
expect(finder.aggressive).to eql WPScan::Model::DuplicatorInstallerLog.new(
log_url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/full_path_disclosure_spec.rb
View File

@@ -23,7 +23,7 @@ describe WPScan::Finders::InterestingFindings::FullPathDisclosure do
it 'returns the InterestingFinding' do
found = finder.aggressive
expect(found).to eql WPScan::FullPathDisclosure.new(
expect(found).to eql WPScan::Model::FullPathDisclosure.new(
file_url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/readme_spec.rb
View File

@@ -25,7 +25,7 @@ describe WPScan::Finders::InterestingFindings::Readme do
before { stub_request(:get, target.url(file)).to_return(body: readme) }
it 'returns the expected InterestingFinding' do
expected = WPScan::Readme.new(
expected = WPScan::Model::Readme.new(
target.url(file),
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/upload_sql_dump_spec.rb
View File

@@ -36,7 +36,7 @@ describe WPScan::Finders::InterestingFindings::UploadSQLDump do
let(:fixture) { 'dump.sql' }
it 'returns the interesting findings' do
@expected = WPScan::UploadSQLDump.new(
@expected = WPScan::Model::UploadSQLDump.new(
finder.dump_url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/wp_cron_spec.rb
View File

@@ -13,7 +13,7 @@ describe WPScan::Finders::InterestingFindings::WPCron do
let(:status) { 200 }
it 'returns the InterestingFinding' do
expect(finder.aggressive).to eql WPScan::WPCron.new(
expect(finder.aggressive).to eql WPScan::Model::WPCron.new(
finder.wp_cron_url,
confidence: 60,
found_by: described_class::DIRECT_ACCESS

4
spec/app/finders/main_theme/css_style_spec.rb
View File

@@ -28,7 +28,7 @@ describe WPScan::Finders::MainTheme::CssStyle do
let(:fixture) { 'link_href.html' }
it 'returns the expected theme' do
@expected = WPScan::Theme.new(
@expected = WPScan::Model::Theme.new(
'twentyfifteen',
target,
found_by: 'Css Style (Passive Detection)',
@@ -42,7 +42,7 @@ describe WPScan::Finders::MainTheme::CssStyle do
let(:fixture) { 'style_code.html' }
it 'returns the expected theme' do
@expected = WPScan::Theme.new(
@expected = WPScan::Model::Theme.new(
'custom',
target,
found_by: 'Css Style (Passive Detection)',

2
spec/app/finders/main_theme/urls_in_homepage_spec.rb
View File

@@ -22,7 +22,7 @@ describe WPScan::Finders::MainTheme::UrlsInHomepage do
@expected = []
{ 'twentyfifteen' => 6, 'yolo' => 4, 'test' => 2 }.each do |slug, confidence|
@expected << WPScan::Theme.new(
@expected << WPScan::Model::Theme.new(
slug, target, found_by: 'Urls In Homepage (Passive Detection)', confidence: confidence
)
end

2
spec/app/finders/main_theme/woo_framework_meta_generator_spec.rb
View File

@@ -26,7 +26,7 @@ describe WPScan::Finders::MainTheme::WooFrameworkMetaGenerator do
it 'returns the expected theme' do
@file = 'woo_generator.html'
@expected = WPScan::Theme.new(
@expected = WPScan::Model::Theme.new(
'Merchant', target,
found_by: 'Woo Framework Meta Generator (Passive Detection)',
confidence: 80

6
spec/app/finders/plugin_version/readme_spec.rb
View File

@@ -1,11 +1,11 @@
describe WPScan::Finders::PluginVersion::Readme do
subject(:finder) { described_class.new(plugin) }
let(:plugin) { WPScan::Plugin.new('spec', target) }
let(:plugin) { WPScan::Model::Plugin.new('spec', target) }
let(:target) { WPScan::Target.new('http://wp.lab/') }
let(:fixtures) { FINDERS_FIXTURES.join('plugin_version', 'readme') }
def version(number, found_by, confidence)
WPScan::Version.new(
WPScan::Model::Version.new(
number,
found_by: format('Readme - %s (Aggressive Detection)', found_by),
confidence: confidence,
@@ -31,7 +31,7 @@ describe WPScan::Finders::PluginVersion::Readme do
expect(finder.aggressive).to eql @expected
end
let(:readme_url) { plugin.url(WPScan::WpItem::READMES.sample) }
let(:readme_url) { plugin.url(WPScan::Model::WpItem::READMES.sample) }
context 'when no version' do
it 'returns nil' do

2
spec/app/finders/plugin_version_spec.rb
View File

@@ -3,7 +3,7 @@
describe WPScan::Finders::PluginVersion::Base do
subject(:plugin_version) { described_class.new(plugin) }
let(:plugin) { WPScan::Plugin.new(slug, target) }
let(:plugin) { WPScan::Model::Plugin.new(slug, target) }
let(:target) { WPScan::Target.new('http://wp.lab/') }
let(:default_finders) { %w[Readme] }

2
spec/app/finders/plugins/body_pattern_spec.rb
View File

@@ -6,6 +6,6 @@ describe WPScan::Finders::Plugins::BodyPattern do
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
let(:expected_all) { df_expected_all['plugins'] }
let(:item_class) { WPScan::Plugin }
let(:item_class) { WPScan::Model::Plugin }
end
end

2
spec/app/finders/plugins/comment_spec.rb
View File

@@ -6,6 +6,6 @@ describe WPScan::Finders::Plugins::Comment do
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
let(:expected_all) { df_expected_all['plugins'] }
let(:item_class) { WPScan::Plugin }
let(:item_class) { WPScan::Model::Plugin }
end
end

2
spec/app/finders/plugins/config_parser_spec.rb
View File

@@ -8,6 +8,6 @@ describe WPScan::Finders::Plugins::ConfigParser do
# let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
#
# let(:expected_all) { df_expected_all['plugins'] }
# let(:item_class) { WPScan::Plugin }
# let(:item_class) { WPScan::Model::Plugin }
# end
end

2
spec/app/finders/plugins/header_pattern_spec.rb
View File

@@ -5,7 +5,7 @@ describe WPScan::Finders::Plugins::HeaderPattern do
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
def plugin(slug)
WPScan::Plugin.new(slug, target)
WPScan::Model::Plugin.new(slug, target)
end
describe '#passive' do

2
spec/app/finders/plugins/javascript_var_spec.rb
View File

@@ -6,6 +6,6 @@ describe WPScan::Finders::Plugins::JavascriptVar do
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
let(:expected_all) { df_expected_all['plugins'] }
let(:item_class) { WPScan::Plugin }
let(:item_class) { WPScan::Model::Plugin }
end
end

2
spec/app/finders/plugins/xpath_spec.rb
View File

@@ -6,6 +6,6 @@ describe WPScan::Finders::Plugins::Xpath do
let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
let(:expected_all) { df_expected_all['plugins'] }
let(:item_class) { WPScan::Plugin }
let(:item_class) { WPScan::Model::Plugin }
end
end

4
spec/app/finders/theme_version/style_spec.rb
View File

@@ -1,6 +1,6 @@
describe WPScan::Finders::ThemeVersion::Style do
subject(:finder) { described_class.new(theme) }
let(:theme) { WPScan::Theme.new('spec', target) }
let(:theme) { WPScan::Model::Theme.new('spec', target) }
let(:target) { WPScan::Target.new('http://wp.lab/') }
let(:fixtures) { FINDERS_FIXTURES.join('theme_version', 'style') }
@@ -81,7 +81,7 @@ describe WPScan::Finders::ThemeVersion::Style do
it 'returns the expected version' do
expected = if expected_version
WPScan::Version.new(
WPScan::Model::Version.new(
expected_version,
confidence: 80,
interesting_entries: ["#{theme.style_url}, Version: #{expected_version}"]

4
spec/app/finders/theme_version/woo_framework_meta_generator_spec.rb
View File

@@ -1,6 +1,6 @@
describe WPScan::Finders::ThemeVersion::WooFrameworkMetaGenerator do
subject(:finder) { described_class.new(theme) }
let(:theme) { WPScan::Theme.new(slug, target) }
let(:theme) { WPScan::Model::Theme.new(slug, target) }
let(:target) { WPScan::Target.new('http://wp.lab/') }
let(:fixtures) { FINDERS_FIXTURES.join('theme_version', 'woo_framework_meta_generator') }
@@ -28,7 +28,7 @@ describe WPScan::Finders::ThemeVersion::WooFrameworkMetaGenerator do
let(:slug) { 'Editorial' }
it 'return the expected version' do
@expected = WPScan::Version.new(
@expected = WPScan::Model::Version.new(
'1.3.5',
found_by: 'Woo Framework Meta Generator (Passive Detection)',
confidence: 80

2
spec/app/finders/theme_version_spec.rb
View File

@@ -1,6 +1,6 @@
describe WPScan::Finders::ThemeVersion::Base do
subject(:theme_version) { described_class.new(theme) }
let(:theme) { WPScan::Plugin.new(slug, target) }
let(:theme) { WPScan::Model::Plugin.new(slug, target) }
let(:target) { WPScan::Target.new('http://wp.lab/') }
let(:slug) { 'spec' }
let(:default_finders) { %w[Style WooFrameworkMetaGenerator] }

4
spec/app/finders/timthumb_version/bad_request_spec.rb
View File

@@ -1,6 +1,6 @@
describe WPScan::Finders::TimthumbVersion::BadRequest do
subject(:finder) { described_class.new(target) }
let(:target) { WPScan::Timthumb.new(url) }
let(:target) { WPScan::Model::Timthumb.new(url) }
let(:url) { 'http://ex.lo/timthumb.php' }
let(:fixtures) { FINDERS_FIXTURES.join('timthumb_version', 'bad_request') }
@@ -20,7 +20,7 @@ describe WPScan::Finders::TimthumbVersion::BadRequest do
let(:file) { '2.8.14.php' }
it 'returns the expected version' do
@expected = WPScan::Version.new(
@expected = WPScan::Model::Version.new(
'2.8.14',
confidence: 90,
found_by: 'Bad Request (Aggressive Detection)',

2
spec/app/finders/timthumb_version_spec.rb
View File

@@ -1,6 +1,6 @@
describe WPScan::Finders::TimthumbVersion::Base do
subject(:timthumb_version) { described_class.new(target) }
let(:target) { WPScan::Timthumb.new(url) }
let(:target) { WPScan::Model::Timthumb.new(url) }
let(:url) { 'http://ex.lo/timthumb.php' }
describe '#finders' do

16
spec/app/finders/users/rss_generator_spec.rb
View File

@@ -24,12 +24,12 @@ describe WPScan::Finders::Users::RSSGenerator do
stub_request(:get, target.url('feed/rss2/'))
expect(finder.aggressive).to eql [
CMSScanner::User.new(
WPScan::Model::User.new(
'admin',
confidence: 50,
found_by: 'Rss Generator (Aggressive Detection)'
),
CMSScanner::User.new(
WPScan::Model::User.new(
'Aa Dias-Gildes',
confidence: 50,
found_by: 'Rss Generator (Aggressive Detection)'
@@ -45,12 +45,12 @@ describe WPScan::Finders::Users::RSSGenerator do
stub_request(:get, target.url('feed/')).to_return(body: rss_fixture)
expect(finder.passive).to eql [
CMSScanner::User.new(
WPScan::Model::User.new(
'admin',
confidence: 50,
found_by: 'Rss Generator (Passive Detection)'
),
CMSScanner::User.new(
WPScan::Model::User.new(
'Aa Dias-Gildes',
confidence: 50,
found_by: 'Rss Generator (Passive Detection)'
@@ -63,12 +63,12 @@ describe WPScan::Finders::Users::RSSGenerator do
stub_request(:get, target.url('comments/feed/')).to_return(body: rss_fixture)
expect(finder.aggressive(mode: :mixed)).to eql [
CMSScanner::User.new(
WPScan::Model::User.new(
'admin',
confidence: 50,
found_by: 'Rss Generator (Aggressive Detection)'
),
CMSScanner::User.new(
WPScan::Model::User.new(
'Aa Dias-Gildes',
confidence: 50,
found_by: 'Rss Generator (Aggressive Detection)'
@@ -82,12 +82,12 @@ describe WPScan::Finders::Users::RSSGenerator do
stub_request(:get, target.url('feed/')).to_return(body: rss_fixture)
expect(finder.aggressive).to eql [
CMSScanner::User.new(
WPScan::Model::User.new(
'admin',
confidence: 50,
found_by: 'Rss Generator (Aggressive Detection)'
),
CMSScanner::User.new(
WPScan::Model::User.new(
'Aa Dias-Gildes',
confidence: 50,
found_by: 'Rss Generator (Aggressive Detection)'

8
spec/app/finders/wp_version/atom_generator_spec.rb
View File

@@ -22,7 +22,7 @@ describe WPScan::Finders::WpVersion::AtomGenerator do
stub_request(:get, target.url('?feed=atom'))
expect(finder.aggressive).to eql [
WPScan::WpVersion.new(
WPScan::Model::WpVersion.new(
'4.0',
confidence: 80,
found_by: 'Atom Generator (Aggressive Detection)',
@@ -42,7 +42,7 @@ describe WPScan::Finders::WpVersion::AtomGenerator do
stub_request(:get, target.url('?feed=atom')).to_return(body: atom_fixture)
expect(finder.passive).to eql [
WPScan::WpVersion.new(
WPScan::Model::WpVersion.new(
'4.0',
confidence: 80,
found_by: 'Atom Generator (Passive Detection)',
@@ -59,7 +59,7 @@ describe WPScan::Finders::WpVersion::AtomGenerator do
stub_request(:get, target.url('feed/atom/')).to_return(body: atom_fixture)
expect(finder.aggressive(mode: :mixed)).to eql [
WPScan::WpVersion.new(
WPScan::Model::WpVersion.new(
'4.0',
confidence: 80,
found_by: 'Atom Generator (Aggressive Detection)',
@@ -78,7 +78,7 @@ describe WPScan::Finders::WpVersion::AtomGenerator do
stub_request(:get, target.url('?feed=atom'))
expect(finder.aggressive).to eql [
WPScan::WpVersion.new(
WPScan::Model::WpVersion.new(
'4.0',
confidence: 80,
found_by: 'Atom Generator (Aggressive Detection)',

2
spec/app/finders/wp_version/readme_spec.rb
View File

@@ -33,7 +33,7 @@ describe WPScan::Finders::WpVersion::Readme do
let(:file) { '4.0.html' }
it 'returns the expected version' do
@expected = WPScan::WpVersion.new(
@expected = WPScan::Model::WpVersion.new(
'4.0',
confidence: 90,
found_by: 'Readme (Aggressive Detection)',

2
spec/app/models/interesting_finding_spec.rb
View File

@@ -1,4 +1,4 @@
describe WPScan::InterestingFinding do
describe WPScan::Model::InterestingFinding do
it_behaves_like WPScan::References do
subject(:finding) { described_class.new('http://e.org/file.php', opts) }
let(:opts) { { references: references } }

2
spec/app/models/media_spec.rb
View File

@@ -1,4 +1,4 @@
describe WPScan::Media do
describe WPScan::Model::Media do
subject(:media) { described_class.new(url) }
let(:url) { 'http://e.oeg/?attachment_id=2' }

25
spec/app/models/plugin_spec.rb
View File

@@ -1,4 +1,4 @@
describe WPScan::Plugin do
describe WPScan::Model::Plugin do
subject(:plugin) { described_class.new(slug, blog, opts) }
let(:slug) { 'spec' }
let(:blog) { WPScan::Target.new('http://wp.lab/') }
@@ -70,7 +70,7 @@ describe WPScan::Plugin do
context 'when values' do
let(:slug) { 'no-vulns-popular' }
its(:latest_version) { should eql WPScan::Version.new('2.0') }
its(:latest_version) { should eql WPScan::Model::Version.new('2.0') }
its(:last_updated) { should eql '2015-05-16T00:00:00.000Z' }
its(:popular?) { should be true }
end
@@ -87,7 +87,12 @@ describe WPScan::Plugin do
end
context 'when version' do
before { expect(plugin).to receive(:version).at_least(1).and_return(WPScan::Version.new(version_number)) }
before do
expect(plugin)
.to receive(:version)
.at_least(1)
.and_return(WPScan::Model::Version.new(version_number))
end
context 'when version < last_version' do
let(:version_number) { '1.2' }
@@ -113,7 +118,12 @@ describe WPScan::Plugin do
end
context 'when version' do
before { expect(plugin).to receive(:version).at_least(1).and_return(WPScan::Version.new('1.0')) }
before do
expect(plugin)
.to receive(:version)
.at_least(1)
.and_return(WPScan::Model::Version.new('1.0'))
end
its(:outdated?) { should eql false }
end
@@ -166,7 +176,12 @@ describe WPScan::Plugin do
end
context 'when plugin version' do
before { expect(plugin).to receive(:version).at_least(1).and_return(WPScan::Version.new(number)) }
before do
expect(plugin)
.to receive(:version)
.at_least(1)
.and_return(WPScan::Model::Version.new(number))
end
context 'when < to a fixed_in' do
let(:number) { '5.0' }

2
spec/app/models/theme_spec.rb
View File

@@ -1,4 +1,4 @@
describe WPScan::Theme do
describe WPScan::Model::Theme do
subject(:theme) { described_class.new(slug, blog, opts) }
let(:slug) { 'spec' }
let(:blog) { WPScan::Target.new('http://wp.lab/') }

Some files were not shown because too many files have changed in this diff Show More