garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds the db update system

Browse Source
This commit is contained in:
erwanlr
2014-09-12 12:43:06 +02:00
parent fb46fd7101
commit 91de353307
8 changed files with 50 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,6 +1,6 @@
cache cache
coverage coverage
#data/*_vulns.json data/*_vulns.json
.bundle .bundle
.DS_Store .DS_Store
.DS_Store? .DS_Store?

1
data/plugin_vulns.json
View File

File diff suppressed because one or more lines are too long

1
data/theme_vulns.json
View File

File diff suppressed because one or more lines are too long

1
data/wp_vulns.json
View File

File diff suppressed because one or more lines are too long

13
lib/common/common_helper.rb
View File

@@ -87,6 +87,19 @@ def version
REVISION ? "v#{WPSCAN_VERSION}r#{REVISION}" : "v#{WPSCAN_VERSION}" REVISION ? "v#{WPSCAN_VERSION}r#{REVISION}" : "v#{WPSCAN_VERSION}"
end end
def missing_db_file?
DbUpdater::FILES.each do |db_file|
return true unless File.exist?(File.join(DATA_DIR, db_file))
end
false
end
def update_db
print 'Updating the DB ...'
DbUpdater.new(DATA_DIR).update
puts ' Done.'
end
# Define colors # Define colors
def colorize(text, color_code) def colorize(text, color_code)
if $COLORSWITCH if $COLORSWITCH

39
lib/common/updater/db_updater.rb
View File

@@ -4,13 +4,16 @@ require 'common/updater/updater'
# Updater for the Database (currently only 3 .json) # Updater for the Database (currently only 3 .json)
class DbUpdater < Updater class DbUpdater < Updater
FILENAMES = %w(plugin_vulns theme_vulns wp_vulns) # FILENAMES = %w(plugin_vulns theme_vulns wp_vulns)
FILES = %w(plugin_vulns.json theme_vulns.json wp_vulns.json)
attr_reader :repo_directory attr_reader :repo_directory
def initialize(repo_directory) def initialize(repo_directory)
@repo_directory = repo_directory @repo_directory = repo_directory
fail "#{repo_directory} is not writable" unless Pathname.new(repo_directory).writable?
fail "#{repo_directory} is not writable" unless \
Pathname.new(repo_directory).writable?
end end
# @return [ Hash ] The params for Typhoeus::Request # @return [ Hash ] The params for Typhoeus::Request
@@ -23,7 +26,7 @@ class DbUpdater < Updater
# @return [ String ] The raw file URL associated with the given filename # @return [ String ] The raw file URL associated with the given filename
def remote_file_url(filename) def remote_file_url(filename)
"https://raw.githubusercontent.com/wpscanteam/vulndb/master/#{filename}.json" "https://raw.githubusercontent.com/wpscanteam/vulndb/master/#{filename}"
end end
# @return [ String ] The checksum of the associated remote filename # @return [ String ] The checksum of the associated remote filename
@@ -31,16 +34,20 @@ class DbUpdater < Updater
url = "#{remote_file_url(filename)}.sha512" url = "#{remote_file_url(filename)}.sha512"
res = Browser.get(url, request_params) res = Browser.get(url, request_params)
fail "Unable to get #{url}" unless res && res.code == 200 fail "Unable to get #{url}" unless res.code == 200
res.body res.body
end end
def local_file_path(filename) def local_file_path(filename)
File.join(repo_directory, "#{filename}.json") File.join(repo_directory, "#{filename}")
end
def local_file_checksum(filename)
Digest::SHA512.file(local_file_path(filename)).hexdigest
end end
def backup_file_path(filename) def backup_file_path(filename)
File.join(repo_directory, "#{filename}.back.json") File.join(repo_directory, "#{filename}.back")
end end
def create_backup(filename) def create_backup(filename)
@@ -62,20 +69,26 @@ class DbUpdater < Updater
file_path = local_file_path(filename) file_path = local_file_path(filename)
file_url = remote_file_url(filename) file_url = remote_file_url(filename)
res = Browser.get(file_url) res = Browser.get(file_url, request_params)
fail "Error while downloading #{file_url}" unless res && res.code == 200 fail "Error while downloading #{file_url}" unless res.code == 200
File.write(file_path, res.body.chomp) File.write(file_path, res.body.chomp)
Digest::SHA512.file(file_path).hexdigest local_file_checksum(filename)
end end
def update def update
FILENAMES.each do |filename| FILES.each do |filename|
begin begin
create_backup(filename) db_checksum = remote_file_checksum(filename)
checksum = download(filename)
unless checksum == remote_file_checksum(filename) # Checking if the file needs to be updated
next if File.exist?(local_file_path(filename)) &&
db_checksum == local_file_checksum(filename)
create_backup(filename)
dl_checksum = download(filename)
unless dl_checksum == db_checksum
fail "#{filename}: checksums do not match" fail "#{filename}: checksums do not match"
end end
rescue => e rescue => e

1
lib/wpscan/wp_target.rb
View File

@@ -30,7 +30,6 @@ class WpTarget < WebSite
@wp_plugins_dir = options[:wp_plugins_dir] @wp_plugins_dir = options[:wp_plugins_dir]
@multisite = nil @multisite = nil
Browser.instance(options.merge(:max_threads => options[:threads]))
Browser.instance.referer = url Browser.instance.referer = url
end end

14
wpscan.rb
View File

@@ -37,6 +37,16 @@ def main
exit(0) exit(0)
end end
# Initialize the browser to allow the db update
# to be done over a proxy if set
Browser.instance(
wpscan_options.to_h.merge(max_threads: wpscan_options.threads)
)
update_db if wpscan_options.update || missing_db_file?
exit
# Check for updates # Check for updates
if wpscan_options.update if wpscan_options.update
if !@updater.nil? if !@updater.nil?
@@ -50,10 +60,6 @@ def main
puts "#{red('[!]')} Update aborted" puts "#{red('[!]')} Update aborted"
end end
puts 'Updating the DB ...'
DbUpdater.new(DATA_DIR).update
puts 'Done.'
exit(0) exit(0)
end end