garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merges the db-update branch

Browse Source
This commit is contained in:
erwanlr
2014-09-17 16:12:12 +02:00
parent 280a91f139 c31a06e255
commit 9d084a7b2f
40 changed files with 141 additions and 60089 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
data/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
*
!.gitignore

48
data/local_vulnerable_files.xml
View File

@@ -1,48 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Only he following extensions are scanned : js, php, swf, html, htm
If you want to add one, modify the variable file_extension_to_scan, line 191 in wpstools.rb
-->
<hashes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="local_vulnerable_files.xsd">
<hash sha1="17c372678aafb3bc1a7b37320b5cc1d8af433527">
<title>XSS in swfupload.swf</title>
<file>swfupload.swf</file>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
</hash>
<hash sha1="775dc1089829ef07838406def28a4d8bfef69d66">
<title>Arbitrary File Upload Vulnerability</title>
<file>php.php</file>
<reference>http://packetstormsecurity.com/files/119241/wpvalums-shell.txt</reference>
</hash>
<!-- This one a is the same as above, but the postSize verification has been removed -->
<hash sha1="5e8f0d5a917d2937318a9bafd0529135bd473e70">
<title>Arbitrary File Upload Vulnerability</title>
<file>php.php</file>
<reference>http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt</reference>
</hash>
<hash sha1="3f9ad05b05b65ee2b6efa1373f708293dd2005c7">
<title>Arbitrary File Upload Vulnerability</title>
<file>uploadify.php</file>
<reference>http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt</reference>
</hash>
<hash sha1="ac638cc38f011b74a8d9a4e7d3d60358e472166c">
<title>Inline phpinfo()</title>
<file>phpinfo.php</file>
<reference>http://php.net/manual/en/function.phpinfo.php</reference>
</hash>
<hash sha1="012ee25cceff745e681fbb3697a06f3712f55554">
<title>phpinfo()</title>
<file>phpinfo.php</file>
<reference>http://php.net/manual/en/function.phpinfo.php</reference>
</hash>
</hashes>

42
data/local_vulnerable_files.xsd
View File

@@ -1,42 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
<xs:restriction base="xs:string">
<xs:whiteSpace value="preserve" />
<xs:minLength value="1" />
<xs:pattern value="[^\s].+[^\s]|[^\s]"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="uritype">
<xs:restriction base="xs:anyURI">
<xs:minLength value="1" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="sha1type">
<xs:restriction base="stringtype">
<xs:pattern value="[0-9a-f]{40}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="hashtype">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="title" type="stringtype"/>
<xs:element name="file" type="stringtype"/>
<xs:element name="reference" type="uritype"/>
</xs:sequence>
<xs:attribute type="sha1type" name="sha1" use="required"/>
</xs:complexType>
<xs:element name="hashes">
<xs:complexType>
<xs:sequence>
<xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>

3
data/malwares.txt
View File

@@ -1,3 +0,0 @@
http://.*\.rr\.nu
http://www\.thesea\.org/media\.php

1
data/plugin_vulns.json
View File

File diff suppressed because one or more lines are too long

1498
data/plugins.txt
View File

File diff suppressed because it is too large Load Diff

45667
data/plugins_full.txt
View File

File diff suppressed because it is too large Load Diff

1
data/theme_vulns.json
View File

File diff suppressed because one or more lines are too long

200
data/themes.txt
View File

@@ -1,200 +0,0 @@
accelerate
accesspress-lite
adamos
adventurous
advertica-lite
alexandria
analytical-lite
anarcho-notepad
aplos
arcade-basic
asteria-lite
atahualpa
attitude
baskerville
beach
being-hueman
blanc
blankslate
boldr-lite
bouquet
brickyard
business-guru
business-lite
busiprof
casper
catch-box
catch-everest
catch-evolution
catch-kathmandu
chaostheory
clean-retina
coeur
coller
colorway
contango
coraline
corpo
custom-community
customizable
customizr
dazzling
decode
destro
discover
discovery
dusk-to-dawn
duster
eclipse
editor
eighties
engrave-lite
espied
esquire
evolve
exclusive
exhibit
expound
fashionistas
fastnews-light
fifteen
finch
flat
flat-bootstrap
food-recipes
forefront
formation
frontier
fruitful
fullfolio
gamepress
garfunkel
generatepress
generator
graphene
graphy
gridster-lite
harmonux-core
hatch
hathor
hemingway
hiero
highwind
hueman
iconic-one
ifeature
ignite
independent-publisher
influence
inkness
interface
invert-lite
iribbon
isis
itek
jshop
klasik
landline
leatherdiary
magazine-basic
magazine-style
make
mantle
mantra
market
matheson
meris
mesocolumn
mh-magazine-lite
mh-purity-lite
minamaze
minezine
minimatica
montezuma
neuro
next-saturday
nictitate
omega
onetone
opulus-sombre
origami
origin
oxygen
p2
padhang
papercuts
parabola
parallax
parament
phogra
photostory
pictorico
pilcrow
pilot-fish
pinbin
pinboard
pink-touch-2
point
portfolio-press
pr-news
professional
quality
radcliffe
radiant
radiate
raindrops
rambo
rams
ravel
rectangulum
resolution
responsive
reviewgine-affiliate
semicolon
shopping
simone
simple-catch
simplify
sixteen
skt-full-width
skt-parallaxme
smartline-lite
snapshot
socially-awkward
solon
spacious
sparkling
spasalon
spun
stargazer
steira
suffusion
sugar-and-spice
sundance
sunspot
supernova
swift-basic
tempera
themify-base
tracks
travelify
twentyeleven
twentyfourteen
twentyten
twentythirteen
twentytwelve
ugallu
unite
vantage
virtue
ward
weaver-ii
weblizar
weddings
white
wilson
wix
wp-opulus
wp-simple
writr
zeedynamic

8952
data/themes_full.txt
View File

File diff suppressed because it is too large Load Diff

2565
data/timthumbs.txt
View File

File diff suppressed because it is too large Load Diff

36
data/user-agents.txt
View File

@@ -1,36 +0,0 @@
# Windows
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1
Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)
Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)
Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
# MAC
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
# Linux
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0
Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00
Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0

109
data/vuln.xsd
View File

@@ -1,109 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
<xs:restriction base="xs:string">
<xs:whiteSpace value="preserve" />
<xs:minLength value="1" />
<xs:pattern value="[^\s].+[^\s]|[^\s]"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="inttype">
<xs:restriction base="xs:positiveInteger" />
</xs:simpleType>
<xs:simpleType name="uritype">
<xs:restriction base="xs:anyURI">
<xs:minLength value="1" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="cvetype">
<xs:restriction base="xs:token">
<xs:pattern value="[0-9]{4}-[0-9]{4,}"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="typetype">
<xs:restriction base="stringtype">
<xs:enumeration value="SQLI"/>
<xs:enumeration value="MULTI"/>
<xs:enumeration value="REDIRECT"/>
<xs:enumeration value="RCE"/>
<xs:enumeration value="RFI"/>
<xs:enumeration value="LFI"/>
<xs:enumeration value="UPLOAD"/>
<xs:enumeration value="UNKNOWN"/>
<xs:enumeration value="XSS"/>
<xs:enumeration value="CSRF"/>
<xs:enumeration value="SSRF"/>
<xs:enumeration value="AUTHBYPASS"/>
<xs:enumeration value="BYPASS"/>
<xs:enumeration value="FPD"/>
<xs:enumeration value="XXE"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="itemtype">
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:element name="vulnerability" type="vulntype" />
</xs:sequence>
<xs:attribute type="stringtype" name="name" use="required"/>
</xs:complexType>
<xs:complexType name="wordpresstype">
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:element name="vulnerability" type="vulntype"/>
</xs:sequence>
<xs:attribute type="stringtype" name="version" use="required"/>
</xs:complexType>
<xs:complexType name="vulntype">
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:choice>
<xs:element name="title" type="stringtype"/>
<xs:element name="type" type="typetype"/>
<xs:element name="fixed_in" type="stringtype"/>
<xs:element name="references" type="referencetype"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
<xs:complexType name="referencetype">
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:choice>
<xs:element name="url" type="uritype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="cve" type="cvetype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="secunia" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="osvdb" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="metasploit" type="stringtype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="exploitdb" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
<xs:element name="vulnerabilities">
<xs:complexType>
<xs:choice>
<xs:element name="plugin" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
<xs:element name="theme" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
<xs:element name="wordpress" type="wordpresstype" maxOccurs="unbounded" minOccurs="0"/>
</xs:choice>
</xs:complexType>
<xs:unique name="uniquePlugin">
<xs:selector xpath="plugin"/>
<xs:field xpath="@name"/>
</xs:unique>
<xs:unique name="uniqueTheme">
<xs:selector xpath="theme"/>
<xs:field xpath="@name"/>
</xs:unique>
<xs:unique name="uniqueWordpress">
<xs:selector xpath="wordpress"/>
<xs:field xpath="@version"/>
</xs:unique>
</xs:element>
</xs:schema>

236
data/wp_versions.xml
View File

@@ -1,236 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file contains identification data to identify WordPress versions.
http://wordpress.org/download/release-archive/
Position is important, DO NOT change anything unless you know what you are doing :p
-->
<wp-versions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="wp_versions.xsd">
<file src="readme.html">
<hash md5="f00855fca05f89294d0fcee6bebea64a">
<version>4.0</version>
</hash>
<hash md5="dfb2d2be1648ee220bf9bd3c03694ed8">
<version>3.9.2</version>
</hash>
<hash md5="cdbf9b18e3729b3553437fc4e9b6baad">
<version>3.9.1</version>
</hash>
<hash md5="84b54c54aa48ae72e633685c17e67457">
<version>3.9</version>
</hash>
<hash md5="fb73e4ab558adc3948adf2653e28d880">
<version>3.8.4</version>
</hash>
<hash md5="c6de8fc70a18be7e5c36198cd0f99a64">
<version>3.8.3</version>
</hash>
<hash md5="e01a2663475f6a7a8363a7c75a73fe23">
<version>3.8.2</version>
</hash>
<hash md5="0d0eb101038124a108f608d419387b92">
<version>3.8.1</version>
</hash>
<hash md5="38ee273095b8f25b9ffd5ce5018fc4f0">
<version>3.8</version>
</hash>
<hash md5="dc09e38cb48fbbec5b5f990513b491e4">
<version>3.7.4</version>
</hash>
<hash md5="813e06052daa0692036e60d76d7141d3">
<version>3.7.3</version>
</hash>
<hash md5="b3a05c7a344c2f53cb6b680fd65a91e8">
<version>3.7.2</version>
</hash>
<hash md5="e82f4fe7d3c1166afb4c00856b875f16">
<version>3.6.1</version>
</hash>
<hash md5="477f1e652f31dae76a38e3559c91deb9">
<version>3.6</version>
</hash>
<hash md5="caf7946275c3e885419b1d36b22cb5f3">
<version>3.5.2</version>
</hash>
<hash md5="05d50a04ef19bd4b0a280362469bf22f">
<version>3.5.1</version>
</hash>
<hash md5="066cfc0f9b29ae6d491aa342ebfb1b71">
<version>3.5</version>
</hash>
<hash md5="36b2b72a0f22138a921a38db890d18c1">
<version>3.3.3</version>
</hash>
<hash md5="628419c327ca5ed8685ae3af6f753eb8">
<version>3.3.2</version>
</hash>
<hash md5="c1ed266e26a829b772362d5135966bc3">
<version>3.3.1</version>
</hash>
<hash md5="9ea06ab0184049bf4ea2410bf51ce402">
<version>3.0</version>
</hash>
</file>
<file src="wp-includes/css/buttons-rtl.css">
<hash md5="adf3b5ecfe050b4e66e2a0d08e944444">
<version>4.0</version>
</hash>
<hash md5="71c13ab1693b45fb3d7712e540c4dfe0">
<version>3.8</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/wp-tinymce.js.gz">
<hash md5="1d52314b1767c557b7232ae192c80318">
<version>3.9</version>
</hash>
<!-- Note: 3.7.1 has no unique file (the hash below is the same than the 3.7.2) -->
<hash md5="44d281b0d84cc494e2b095a6d2202f4d">
<version>3.7.1</version>
</hash>
<hash md5="b0bcf8091516db358ee9c833afd73175">
<version>3.7</version>
</hash>
<hash md5="cf4bbd562430a9bcbe735062be851be1">
<version>3.6.1</version>
</hash>
<hash md5="42ce18e88f1c21d4e991fcd431bcb606">
<version>3.6</version>
</hash>
<hash md5="a58dd12608659503cf087e879e720354">
<version>3.5.2</version>
</hash>
<hash md5="55c80a4794624ce9b94aa3631ad46c0b">
<version>3.5.1</version>
</hash>
<hash md5="8e529a971610d7ebe7851339c5cb3d67">
<version>3.5</version>
</hash>
<hash md5="ff19e44be975f89b647274d85b70f821">
<version>3.4.2</version>
</hash>
</file>
<file src="wp-admin/js/customize-controls.js">
<hash md5="aa0d38bd6f590ad8c3126074145b1bf1">
<version>3.4.1</version>
</hash>
</file>
<file src="wp-includes/js/customize-preview.js">
<hash md5="da36bc2dfcb13350c799b62de68dfa4b">
<version>3.4</version>
</hash>
</file>
<file src="wp-includes/js/plupload/plupload.js">
<hash md5="85199c05db63fcb5880de4af8be7b571">
<version>3.3.2</version>
</hash>
</file>
<file src="wp-admin/js/common.js">
<hash md5="4516252d47a73630280869994d510180">
<version>3.3</version>
</hash>
</file>
<file src="wp-admin/js/wp-fullscreen.js">
<hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
<version>3.2.1</version>
</hash>
<hash md5="7b423e0b7c9221092737ad5271d09863">
<version>3.2</version>
</hash>
</file>
<file src="wp-includes/css/admin-bar.css">
<hash md5="181250fab3a7e2549a7e7fa21c2e6079">
<version>3.1</version>
</hash>
</file>
<file src="$wp-content$/themes/twentyten/style.css">
<hash md5="6211e2ac1463bf99e98f28ab63e47c54">
<version>3.0</version>
</hash>
</file>
<file src="$wp-plugins$/akismet/readme.txt">
<hash md5="4d5e52da417aa0101054bd41e6243389">
<version>2.8.6</version>
</hash>
<hash md5="58e086dea9d24ed074fe84ba87386c69">
<version>2.8.5</version>
</hash>
<hash md5="48c52025b5f28731e9a0c864c189c2e7">
<version>2.8.2</version>
</hash>
</file>
<file src="wp-includes/js/wp-ajax-response.js">
<hash md5="0289d1c13821599764774d55516ab81a">
<version>2.7.1</version>
</hash>
</file>
<file src="wp-includes/js/thickbox/thickbox.css">
<hash md5="9c2bd2be0893adbe02a0f864526734c2">
<version>2.7</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js">
<hash md5="5b140ddf0f08034402ae78b31d8a1a28">
<version>2.6</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/themes/advanced/js/image.js">
<hash md5="088245408531c58bb52cc092294cc384">
<version>2.5.1</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/themes/advanced/js/link.js">
<hash md5="19c6f3118728c38eb7779aab4847d2d9">
<version>2.5</version>
</hash>
</file>
<file src="wp-includes/js/wp-ajax.js">
<hash md5="c5dbce0c3232c477033e0ce486c62755">
<version>2.2</version>
</hash>
</file>
<file src="$wp-content$/themes/default/style.css">
<hash md5="e44545f529a54de88209ce588676231c">
<version>2.0.1</version>
</hash>
<hash md5="f786f66d3a40846aa22dcdfeb44fa562">
<version>2.0</version>
</hash>
</file>
<file src="wp-layout.css">
<hash md5="7140e06c00ed03d2bb3dad7672557510">
<version>1.2.1</version>
</hash>
<hash md5="1bcc9253506c067eb130c9fc4f211a2f">
<version>1.2-delta</version>
</hash>
</file>
<file src="layout2b.css">
<hash md5="baec6b6ccbf71d8dced9f1bf67c751e1">
<version>0.71-gold</version>
</hash>
</file>
</wp-versions>

41
data/wp_versions.xsd
View File

@@ -1,41 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
<xs:restriction base="xs:string">
<xs:whiteSpace value="preserve" />
<xs:minLength value="1" />
<xs:pattern value="[^\s].+[^\s]|[^\s]"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="filetype">
<xs:sequence>
<xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
</xs:sequence>
<xs:attribute type="stringtype" name="src" use="required"/>
</xs:complexType>
<xs:simpleType name="md5type">
<xs:restriction base="stringtype">
<xs:pattern value="[0-9a-f]{32}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="hashtype">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="version" type="stringtype"/>
</xs:sequence>
<xs:attribute type="md5type" name="md5" use="required"/>
</xs:complexType>
<xs:element name="wp-versions">
<xs:complexType>
<xs:sequence>
<xs:element name="file" type="filetype" maxOccurs="unbounded" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>

1
data/wp_vulns.json
View File

File diff suppressed because one or more lines are too long

22
lib/common/common_helper.rb
View File

@@ -73,18 +73,11 @@ def add_trailing_slash(url)
url =~ /\/$/ ? url : "#{url}/" url =~ /\/$/ ? url : "#{url}/"
end end
# loading the updater def missing_db_file?
require_files_from_directory(UPDATER_LIB_DIR) DbUpdater::FILES.each do |db_file|
@updater = UpdaterFactory.get_updater(ROOT_DIR) return true unless File.exist?(File.join(DATA_DIR, db_file))
if @updater
REVISION = @updater.local_revision_number()
else
REVISION = nil
end end
false
def version
REVISION ? "v#{WPSCAN_VERSION}r#{REVISION}" : "v#{WPSCAN_VERSION}"
end end
# Define colors # Define colors
@@ -127,12 +120,7 @@ def banner
puts ' \\/ \\/ |_| |_____/ \\___|\\__,_|_| |_|' puts ' \\/ \\/ |_| |_____/ \\___|\\__,_|_| |_|'
puts puts
puts ' WordPress Security Scanner by the WPScan Team ' puts ' WordPress Security Scanner by the WPScan Team '
# Alignment of the version (w & w/o the Revision) puts " Version #{WPSCAN_VERSION}"
if REVISION
puts " Version #{version}"
else
puts " Version #{version}"
end
puts ' Sponsored by the RandomStorm Open Source Initiative' puts ' Sponsored by the RandomStorm Open Source Initiative'
puts ' @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_' puts ' @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_'
puts '_______________________________________________________________' puts '_______________________________________________________________'

115
lib/common/db_updater.rb Normal file
View File

@@ -0,0 +1,115 @@
# encoding: UTF-8
# DB Updater
class DbUpdater
FILES = %w(
local_vulnerable_files.xml local_vulnerable_files.xsd malwares.txt
plugins_full.txt plugins.txt themes_full.txt themes.txt
timthumbs.txt user-agents.txt wp_versions.xml wp_versions.xsd
plugin_vulns.json theme_vulns.json wp_vulns.json
)
attr_reader :repo_directory
def initialize(repo_directory)
@repo_directory = repo_directory
fail "#{repo_directory} is not writable" unless \
Pathname.new(repo_directory).writable?
end
# @return [ Hash ] The params for Typhoeus::Request
def request_params
{
ssl_verifyhost: 2,
ssl_verifypeer: true
}
end
# @return [ String ] The raw file URL associated with the given filename
def remote_file_url(filename)
"https://raw.githubusercontent.com/wpscanteam/vulndb/master/#{filename}"
end
# @return [ String ] The checksum of the associated remote filename
def remote_file_checksum(filename)
url = "#{remote_file_url(filename)}.sha512"
res = Browser.get(url, request_params)
fail "Unable to get #{url}" unless res.code == 200
res.body
end
def local_file_path(filename)
File.join(repo_directory, "#{filename}")
end
def local_file_checksum(filename)
Digest::SHA512.file(local_file_path(filename)).hexdigest
end
def backup_file_path(filename)
File.join(repo_directory, "#{filename}.back")
end
def create_backup(filename)
return unless File.exist?(local_file_path(filename))
FileUtils.cp(local_file_path(filename), backup_file_path(filename))
end
def restore_backup(filename)
return unless File.exist?(backup_file_path(filename))
FileUtils.cp(backup_file_path(filename), local_file_path(filename))
end
def delete_backup(filename)
FileUtils.rm(backup_file_path(filename))
end
# @return [ String ] The checksum of the downloaded file
def download(filename)
file_path = local_file_path(filename)
file_url = remote_file_url(filename)
res = Browser.get(file_url, request_params)
fail "Error while downloading #{file_url}" unless res.code == 200
File.write(file_path, res.body)
local_file_checksum(filename)
end
def update(verbose = false)
FILES.each do |filename|
begin
puts "[+] Checking #{filename}" if verbose
db_checksum = remote_file_checksum(filename)
# Checking if the file needs to be updated
if File.exist?(local_file_path(filename)) && db_checksum == local_file_checksum(filename)
puts ' [i] Already Up-To-Date' if verbose
next
end
puts ' [i] Needs to be updated' if verbose
create_backup(filename)
puts ' [i] Backup Created' if verbose
puts ' [i] Downloading new file' if verbose
dl_checksum = download(filename)
puts " [i] Downloaded File Checksum: #{dl_checksum}" if verbose
unless dl_checksum == db_checksum
fail "#{filename}: checksums do not match"
end
rescue => e
puts ' [i] Restoring Backup due to error' if verbose
restore_backup(filename)
raise e
ensure
if File.exist?(backup_file_path(filename))
puts ' [i] Deleting Backup' if verbose
delete_backup(filename)
end
end
end
end
end

37
lib/common/updater/git_updater.rb
View File

@@ -1,37 +0,0 @@
# encoding: UTF-8
require 'common/updater/updater'
class GitUpdater < Updater
def is_installed?
%x[git #{repo_directory_arguments()} status 2>&1] =~ /On branch/ ? true : false
end
# Git has not a revsion number like SVN,
# so we will take the 7 first chars of the last commit hash
def local_revision_number
git_log = %x[git #{repo_directory_arguments()} log -1 2>&1]
git_log[/commit ([0-9a-z]{7})/i, 1].to_s
end
def update
%x[git #{repo_directory_arguments()} pull]
end
def has_local_changes?
%x[git #{repo_directory_arguments()} diff --exit-code 2>&1] =~ /diff/ ? true : false
end
def reset_head
%x[git #{repo_directory_arguments()} reset --hard HEAD]
end
protected
def repo_directory_arguments
if @repo_directory
return "--git-dir=\"#{@repo_directory}/.git\" --work-tree=\"#{@repo_directory}\""
end
end
end

23
lib/common/updater/svn_updater.rb
View File

@@ -1,23 +0,0 @@
# encoding: UTF-8
require 'common/updater/updater'
class SvnUpdater < Updater
REVISION_PATTERN = /revision="(\d+)"/i
TRUNK_URL = 'https://github.com/wpscanteam/wpscan'
def is_installed?
%x[svn info "#@repo_directory" --xml 2>&1] =~ /revision=/ ? true : false
end
def local_revision_number
local_revision = %x[svn info "#@repo_directory" --xml 2>&1]
local_revision[REVISION_PATTERN, 1].to_s
end
def update
%x[svn up "#@repo_directory"]
end
end

25
lib/common/updater/updater.rb
View File

@@ -1,25 +0,0 @@
# encoding: UTF-8
# This class act as an absract one
class Updater
attr_reader :repo_directory
# TODO : add a last '/ to repo_directory if it's not present
def initialize(repo_directory = nil)
@repo_directory = repo_directory
end
def is_installed?
raise NotImplementedError
end
def local_revision_number
raise NotImplementedError
end
def update
raise NotImplementedError
end
end

23
lib/common/updater/updater_factory.rb
View File

@@ -1,23 +0,0 @@
# encoding: UTF-8
class UpdaterFactory
def self.get_updater(repo_directory)
self.available_updaters_classes().each do |updater_symbol|
updater = Object.const_get(updater_symbol).new(repo_directory)
if updater.is_installed?
return updater
end
end
nil
end
protected
# return array of class symbols
def self.available_updaters_classes
Object.constants.grep(/^.+Updater$/)
end
end

1
lib/wpscan/wp_target.rb
View File

@@ -30,7 +30,6 @@ class WpTarget < WebSite
@wp_plugins_dir = options[:wp_plugins_dir] @wp_plugins_dir = options[:wp_plugins_dir]
@multisite = nil @multisite = nil
Browser.instance(options.merge(:max_threads => options[:threads]))
Browser.instance.referer = url Browser.instance.referer = url
end end

4
lib/wpscan/wpscan_helper.rb
View File

@@ -46,7 +46,7 @@ def usage
puts '-Use custom plugins directory ...' puts '-Use custom plugins directory ...'
puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins" puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins"
puts puts
puts '-Update ...' puts '-Update the DB ...'
puts "ruby #{script_name} --update" puts "ruby #{script_name} --update"
puts puts
puts '-Debug output ...' puts '-Debug output ...'
@@ -62,7 +62,7 @@ def help
puts puts
puts 'Some values are settable in a config file, see the example.conf.json' puts 'Some values are settable in a config file, see the example.conf.json'
puts puts
puts '--update Update to the latest revision.' puts '--update Update to the database to the latest version.'
puts '--url | -u <target url> The WordPress URL/domain to scan.' puts '--url | -u <target url> The WordPress URL/domain to scan.'
puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.' puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.'
puts '--enumerate | -e [option(s)] Enumeration.' puts '--enumerate | -e [option(s)] Enumeration.'

118
lib/wpstools/plugins/list_generator/generate_list.rb
View File

@@ -1,118 +0,0 @@
# encoding: UTF-8
# This tool generates a list to use for plugin and theme enumeration
class GenerateList
attr_accessor :verbose
# type = themes | plugins
def initialize(type, verbose)
if type =~ /plugins/i
@type = 'plugin'
@svn_url = 'http://plugins.svn.wordpress.org/'
@popular_url = 'http://api.wordpress.org/plugins/info/1.0/'
@popular_action = 'query_plugins'
elsif type =~ /themes/i
@type = 'theme'
@svn_url = 'http://themes.svn.wordpress.org/'
@popular_url = 'http://api.wordpress.org/themes/info/1.0/'
@popular_action = 'query_themes'
else
raise "Type #{type} not defined"
end
@verbose = verbose
@browser = Browser.instance(request_timeout: 20000, connect_timeout: 20000, max_threads: 1, cache_ttl: 0)
end
def set_file_name(type)
case @type
when 'plugin'
case type
when :full
@file_name = PLUGINS_FULL_FILE
when :popular
@file_name = PLUGINS_FILE
else
raise 'Unknown type'
end
when 'theme'
case type
when :full
@file_name = THEMES_FULL_FILE
when :popular
@file_name = THEMES_FILE
else
raise 'Unknown type'
end
else
raise "Unknown type #@type"
end
end
def generate_full_list
set_file_name(:full)
items = SvnParser.new(@svn_url).parse
save items
end
def generate_popular_list(items)
set_file_name(:popular)
items = get_popular_items(items)
save items
end
# Fets most popular items via unofficial wordpress api
# see https://github.com/wpscanteam/wpscan/issues/657
def get_popular_items(items)
found_items = []
# in chunks of 100
step = 100
number_of_requests = (items.to_f / step.to_f).ceil
counter = 1
while items > 0
puts "[+] Request #{counter} / #{number_of_requests}"
rest = items < step ? items : step
# we need to fetch step entries every time, because the starting page
# is calculated: page * entries per page. If we would reduce the
# per page entries, the starting point will not match. So we are
# stripping down the array later
post_data = get_serialized(counter, step)
resp = Browser.post(@popular_url, { :body => { :action => @popular_action, :request => post_data } })
raise "Unknown reponse (code #{resp.code})" unless resp.code == 200
found = resp.body.scan(/"slug";s:[0-9]+:"([^"]+)";/).flatten
# too much entries? remove them
if found.length > rest
found = found[0,rest]
end
found_items << found
items -= rest
counter += 1
end
found_items.flatten!
found_items.sort!
found_items.uniq
end
# Save the file
def save(items)
items.sort!
items.uniq!
puts "[*] We have parsed #{items.length} #{@type}s"
File.open(@file_name, 'w') { |f| f.puts(items) }
puts "New #@file_name file created"
end
private
def get_serialized(page_start, count)
'O:8:"stdClass":4:{s:4:"page";i:' + page_start.to_s + ';s:8:"per_page";i:' + count.to_s + ';s:6:"browse";s:7:"popular";s:6:"fields";a:9:{s:11:"description";b:0;s:8:"sections";b:0;s:6:"tested";b:0;s:8:"requires";b:0;s:6:"rating";b:0;s:12:"downloadlink";b:0;s:12:"last_updated";b:0;s:8:"homepage";b:0;s:4:"tags";b:0;}}'
end
end

53
lib/wpstools/plugins/list_generator/list_generator_plugin.rb
View File

@@ -1,53 +0,0 @@
# encoding: UTF-8
class ListGeneratorPlugin < Plugin
def initialize
super(author: 'WPScanTeam - @FireFart')
register_options(
['--generate-plugin-list [NUMBER_OF_ITEMS]', '--gpl', Integer, 'Generate a new data/plugins.txt file. (supply number of *items* to parse, default : 1500)'],
['--generate-full-plugin-list', '--gfpl', 'Generate a new full data/plugins.txt file'],
['--generate-theme-list [NUMBER_OF_ITEMS]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *items* to parse, default : 200)'],
['--generate-full-theme-list', '--gftl', 'Generate a new full data/themes.txt file'],
['--generate-all', '--ga', 'Generate a new full plugins, full themes, popular plugins and popular themes list']
)
end
def run(options = {})
@verbose = options[:verbose] || false
generate_all = options[:generate_all] || false
if options.has_key?(:generate_plugin_list) || generate_all
most_popular('plugin', options[:generate_plugin_list] || 1500)
end
if options[:generate_full_plugin_list] || generate_all
full('plugin')
end
if options.has_key?(:generate_theme_list) || generate_all
most_popular('theme', options[:generate_theme_list] || 200)
end
if options[:generate_full_theme_list] || generate_all
full('theme')
end
end
private
def most_popular(type, number_of_items)
puts "[+] Generating new most popular #{type} list (#{number_of_items} items)"
puts
GenerateList.new(type + 's', @verbose).generate_popular_list(number_of_items)
end
def full(type)
puts "[+] Generating new full #{type} list"
puts
GenerateList.new(type + 's', @verbose).generate_full_list
end
end

31
lib/wpstools/plugins/list_generator/svn_parser.rb
View File

@@ -1,31 +0,0 @@
# encoding: UTF-8
# This Class Parses SVN Repositories via HTTP
class SvnParser
attr_accessor :verbose, :svn_root, :keep_empty_dirs
def initialize(svn_root)
@svn_root = svn_root
end
def parse
get_root_directories
end
#Private methods start here
private
# Gets all directories in the SVN root
def get_root_directories
dirs = []
rootindex = Browser.get(@svn_root).body
rootindex.scan(%r{<li><a href=".+">(.+)/</a></li>}i).each do |dir|
dirs << dir[0]
end
dirs.sort!
dirs.uniq
end
end

15
lib/wpstools/wpstools_helper.rb
View File

@@ -12,21 +12,6 @@ def usage
puts puts
puts 'Examples:' puts 'Examples:'
puts puts
puts "- Generate a new 'most popular' plugin list, up to 1500 items ..."
puts "ruby #{script_name} --generate-plugin-list 1500"
puts
puts '- Generate a new full plugin list'
puts "ruby #{script_name} --generate-full-plugin-list"
puts
puts "- Generate a new 'most popular' theme list, up to 1500 items ..."
puts "ruby #{script_name} --generate-theme-list 1500"
puts
puts '- Generate a new full theme list'
puts "ruby #{script_name} --generate-full-theme-list"
puts
puts '- Generate all list'
puts "ruby #{script_name} --generate-all"
puts
puts 'Locally scan a wordpress installation for vulnerable files or shells' puts 'Locally scan a wordpress installation for vulnerable files or shells'
puts "ruby #{script_name} --check-local-vulnerable-files /var/www/wordpress/" puts "ruby #{script_name} --check-local-vulnerable-files /var/www/wordpress/"
puts puts

45
spec/json_checks_spec.rb
View File

@@ -1,45 +0,0 @@
# encoding: UTF-8
require 'spec_helper'
describe 'JSON checks' do
after :each do
expect(FileTest.exists?(@file)).to be_truthy
expect { JSON.parse(File.open(@file).read) }.not_to raise_error
end
it 'check plugin_vulns.json for syntax errors' do
@file = PLUGINS_VULNS_FILE
end
it 'check theme_vulns.json for syntax errors' do
@file = THEMES_VULNS_FILE
end
it 'check wp_vulns.json for syntax errors' do
@file = WP_VULNS_FILE
end
end
describe 'JSON content' do
before :all do
@vuln_plugins = json(PLUGINS_VULNS_FILE)
@vuln_themes = json(THEMES_VULNS_FILE)
@vulnerabilities = @vuln_plugins + @vuln_themes
end
after :each do
expect(@result.size).to eq(0), "Items:\n#{@result.join("\n")}"
end
it 'each asset vuln needs a title node' do
@result = []
@vulnerabilities.each do |plugin|
plugin[plugin.keys.inject]['vulnerabilities'].each do |vulnerability|
@result << vulnerability['title'] if vulnerability['title'].nil?
end
end
end
end

74
spec/lib/common/updater/git_updater_spec.rb
View File

@@ -1,74 +0,0 @@
# encoding: UTF-8
require 'spec_helper'
describe GitUpdater do
before :each do
@git_updater = GitUpdater.new
end
describe '#is_installed?' do
after :each do
stub_system_command(@git_updater, /^git .* status/, @stub_value)
expect(@git_updater.is_installed?).to be === @expected
end
it 'should return false if the command is not found' do
@stub_value = 'git: command not found'
@expected = false
end
it 'should return true if the repo is a git one' do
@stub_value = "# On branch master\n# Changed but not updated:"
@expected = true
end
end
describe '#local_revision_number' do
after :each do
stub_system_command(@git_updater, /^git .* log/, @stub_value)
expect(@git_updater.local_revision_number).to be === @expected
end
it 'should return 79c01f3' do
@stub_value = '
commit 79c01f3ed535a8e33876ea091d8217cae7df4028
Author: Moi <tadimm>
Date: Wed Jul 11 23:22:16 2012 +0100'
@expected = '79c01f3'
end
end
describe '#update' do
it 'should do nothing xD' do
stub_system_command(@git_updater, /^git .* pull/, 'Already up-to-date.')
expect(@git_updater.update()).to be === 'Already up-to-date.'
end
end
describe '#has_local_changes?' do
after :each do
stub_system_command(@git_updater, /^git .* diff --exit-code 2>&1/, @stub_value)
expect(@git_updater.has_local_changes?).to be === @expected
end
it 'should return true if there are local changes' do
@stub_value = 'diff'
@expected = true
end
it 'should return false if there are no local changes' do
@stub_value = ''
@expected = false
end
end
describe '#reset_head' do
it 'should reset the local repo' do
stub_system_command(@git_updater, /^git .* reset --hard HEAD/, 'HEAD is now at')
expect(@git_updater.reset_head).to match(/^HEAD is now at/)
end
end
end

86
spec/lib/common/updater/svn_updater_spec.rb
View File

@@ -1,86 +0,0 @@
# encoding: UTF-8
require 'spec_helper'
describe SvnUpdater do
before :each do
@svn_updater = SvnUpdater.new
end
describe '#is_installed?' do
after :each do
stub_system_command(@svn_updater, /^svn info/, @stub_value)
expect(@svn_updater.is_installed?).to be === @expected
end
it 'should return false if the svn command is not found' do
@stub_value = 'svn: command not found'
@expected = false
end
it 'should return false if the repository is not manage by svn' do
@stub_value = "svn: '.' is not a working copy"
@expected = false
end
it 'should return true' do
@stub_value = '<?xml version="1.0"?>
<info>
<entry kind="dir" path="." revision="362">
<url>https://wpscan.googlecode.com/svn/trunk</url>
<repository>
<root>https://wpscan.googlecode.com/svn</root>
<uuid>0b0242d5-46e6-2201-410d-bc09fd35266c</uuid>
</repository>
<wc-info>
<schedule>normal</schedule>
<depth>infinity</depth>
</wc-info>
<commit revision="362">
<author>author@mail.tld</author>
<date>2012-06-02T06:26:25.309806Z</date>
</commit>
</entry>
</info>'
@expected = true
end
end
describe '#local_revision_number' do
after :each do
stub_system_command(@svn_updater, /^svn info/, @stub_value)
expect(@svn_updater.local_revision_number).to be === @expected
end
it 'should return 399' do
@stub_value = '<?xml version="1.0"?>
<info>
<entry kind="dir" path="." revision="362">
<url>https://wpscan.googlecode.com/svn/trunk</url>
<repository>
<root>https://wpscan.googlecode.com/svn</root>
<uuid>0b0242d5-46e6-2201-410d-bc09fd35266c</uuid>
</repository>
<wc-info>
<schedule>normal</schedule>
<depth>infinity</depth>
</wc-info>
<commit revision="362">
<author>author@mail.tld</author>
<date>2012-06-02T06:26:25.309806Z</date>
</commit>
</entry>
</info>'
@expected = '362'
end
end
describe '#update' do
it 'should do nothing xD' do
stub_system_command(@svn_updater, /^svn up/, 'At revision 425.')
expect(@svn_updater.update()).to be === 'At revision 425.'
end
end
end

29
spec/lib/common/updater/updater_factory_spec.rb
View File

@@ -1,29 +0,0 @@
# encoding: UTF-8
require 'spec_helper'
describe UpdaterFactory do
describe '#available_updaters_classes' do
after :each do
expect(UpdaterFactory.available_updaters_classes.sort).to be === @expected.sort
end
it 'should return [:GitUpdater, :SvnUpdater]' do
@expected = [:GitUpdater, :SvnUpdater]
end
it 'should return [:TestUpdater, :GitUpdater, :SvnUpdater]' do
class TestUpdater < Updater
end
@expected = [:GitUpdater, :SvnUpdater, :TestUpdater]
end
end
# TODO : Find a way to test that
describe '#get_updater' do
end
end

27
spec/lib/common/updater/updater_spec.rb
View File

@@ -1,27 +0,0 @@
# encoding: UTF-8
require 'spec_helper'
describe Updater do
before :all do
class TestUpdater < Updater
end
end
after :all do
Object.send(:remove_const, :TestUpdater)
end
describe 'non implementation of #is_installed?, #has_update? and #update' do
it 'should raise errors' do
test_updater = TestUpdater.new
methods_to_call = [:is_installed?, :update, :local_revision_number]
methods_to_call.each do |method_to_call|
expect { test_updater.send(method_to_call) }.to raise_error(NotImplementedError)
end
end
end
end

5
spec/lib/wpstools/plugins/list_generator/generate_list_spec.rb
View File

@@ -1,5 +0,0 @@
# encoding: UTF-8
require File.expand_path(File.dirname(__FILE__) + '/../../wpstools_helper')
# TODO

5
spec/lib/wpstools/plugins/list_generator/svn_parser_spec.rb
View File

@@ -1,5 +0,0 @@
# encoding: UTF-8
require File.expand_path(File.dirname(__FILE__) + '/../../wpstools_helper')
# TODO

2
spec/lib/wpstools/wpstools_helper.rb
View File

@@ -1,6 +1,4 @@
# encoding: UTF-8 # encoding: UTF-8
require 'spec_helper' require 'spec_helper'
require WPSTOOLS_LIB_DIR + '/wpstools_helper' require WPSTOOLS_LIB_DIR + '/wpstools_helper'

8
spec/shared_examples/wp_target/malwares.rb
View File

@@ -6,7 +6,7 @@ shared_examples 'WpTarget::Malwares' do
let(:malwares_file) { fixtures_dir + '/malwares.txt' } let(:malwares_file) { fixtures_dir + '/malwares.txt' }
describe '#malwares_file' do describe '#malwares_file' do
it "returns the correct file path" do it 'returns the correct file path' do
expect(WpTarget::Malwares.malwares_file(malwares_file)).to be === malwares_file expect(WpTarget::Malwares.malwares_file(malwares_file)).to be === malwares_file
end end
end end
@@ -14,10 +14,12 @@ shared_examples 'WpTarget::Malwares' do
describe '#malwares & #has_malwares' do describe '#malwares & #has_malwares' do
after :each do after :each do
if @fixture if @fixture
stub_request_to_fixture(url: wp_target.url, fixture: File.new(fixtures_dir + @fixture)) stub_request_to_fixture(
url: wp_target.url, fixture: File.new(File.join(fixtures_dir, @fixture))
)
end end
malwares = wp_target.malwares(@malwares_file_path) malwares = wp_target.malwares(malwares_file)
expect(malwares.sort).to be === @expected.sort expect(malwares.sort).to be === @expected.sort
expect(wp_target.has_malwares?).to be === (@expected.empty? ? false : true) expect(wp_target.has_malwares?).to be === (@expected.empty? ? false : true)

52
spec/xml_checks_spec.rb
View File

@@ -1,52 +0,0 @@
# encoding: UTF-8
require 'spec_helper'
describe 'XSD checks' do
after :each do
expect(FileTest.exists?(@file)).to be_truthy
xsd = Nokogiri::XML::Schema(File.read(@xsd))
doc = Nokogiri::XML(File.read(@file))
errors = []
xsd.validate(doc).each do |error|
errors << "#{@file}:#{error.line}: #{error.message}"
end
unless errors.empty?
fail errors.join("\n")
end
end
it 'check wp_versions.xml for syntax errors' do
@file = WP_VERSIONS_FILE
@xsd = WP_VERSIONS_XSD
end
it 'check local_vulnerable_files.xml for syntax errors' do
@file = LOCAL_FILES_FILE
@xsd = LOCAL_FILES_XSD
end
end
describe 'Well formed XML checks' do
after :each do
expect(FileTest.exists?(@file)).to be_truthy
begin
Nokogiri::XML(File.open(@file)) { |config| config.options = Nokogiri::XML::ParseOptions::STRICT }
rescue Nokogiri::XML::SyntaxError => e
fail "#{@file}:#{e.line},#{e.column}: #{e.message}"
end
end
it 'check wp_versions.xml for syntax errors' do
@file = WP_VERSIONS_FILE
end
it 'check local_vulnerable_files.xml for syntax errors' do
@file = LOCAL_FILES_FILE
end
end

25
wpscan.rb
View File

@@ -33,23 +33,20 @@ def main
end end
if wpscan_options.version if wpscan_options.version
puts "Current version: #{version}" puts "Current version: #{WPSCAN_VERSION}"
exit(0) exit(0)
end end
# Check for updates # Initialize the browser to allow the db update
if wpscan_options.update # to be done over a proxy if set
if !@updater.nil? Browser.instance(
if @updater.has_local_changes? wpscan_options.to_h.merge(max_threads: wpscan_options.threads)
print "#{red('[!]')} Local file changes detected, an update will override local changes, do you want to continue updating? [y/n] " )
Readline.readline =~ /^y/i ? @updater.reset_head : raise('Update aborted')
end if wpscan_options.update || missing_db_file?
puts @updater.update() puts 'Updating the DB ...'
else DbUpdater.new(DATA_DIR).update(wpscan_options.verbose)
puts '[i] Svn / Git not installed, or wpscan has not been installed with one of them.' puts 'Done.'
puts "#{red('[!]')} Update aborted"
end
exit(0)
end end
unless wpscan_options.url unless wpscan_options.url

1
wpstools.rb
View File

@@ -17,7 +17,6 @@ begin
plugins = Plugins.new(option_parser) plugins = Plugins.new(option_parser)
plugins.register( plugins.register(
CheckerPlugin.new, CheckerPlugin.new,
ListGeneratorPlugin.new,
StatsPlugin.new, StatsPlugin.new,
CheckerSpelling.new CheckerSpelling.new
) )