output total number of plugins and themes

2013-02-08 00:13:27 +01:00
parent a8a556464b
commit a07d55f1ab
7 changed files with 45 additions and 0 deletions
--- a/lib/wpscan/modules/wp_plugins.rb
+++ b/lib/wpscan/modules/wp_plugins.rb
@@ -69,4 +69,10 @@ module WpPlugins
    plugins.sort_by { |p| p.name }
  end

+  def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
+    xml = Nokogiri::XML(File.open(file)) do |config|
+      config.noblanks
+    end
+    xml.xpath("count(//plugin)").to_i
+  end
 end
--- a/lib/wpscan/modules/wp_themes.rb
+++ b/lib/wpscan/modules/wp_themes.rb
@@ -56,4 +56,10 @@ module WpThemes
    themes.sort_by { |t| t.name }
  end

+  def theme_vulns_count(file=THEMES_VULNS_FILE)
+    xml = Nokogiri::XML(File.open(file)) do |config|
+      config.noblanks
+    end
+    xml.xpath("count(//theme)").to_i
+  end
 end
--- a/spec/lib/wpscan/modules/wp_plugins_spec.rb
+++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb
@@ -192,6 +192,12 @@ shared_examples_for 'WpPlugins' do

      @expected_plugins = [plugins[1]]
    end
+  end

+  describe '#plugin_vulns_count' do
+    it 'should return the correct number' do
+      xml = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/vulnerabilities/plugin_vulns.xml"
+      @module.plugin_vulns_count(xml).should === 2
+    end
  end
 end
--- a/spec/lib/wpscan/modules/wp_themes_spec.rb
+++ b/spec/lib/wpscan/modules/wp_themes_spec.rb
@@ -207,4 +207,11 @@ shared_examples_for 'WpThemes' do
      end
    end
  end
+
+  describe '#theme_vulns_count' do
+    it 'should return the correct number' do
+      xml = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/vulnerabilities/theme_vulns.xml"
+      @module.theme_vulns_count(xml).should === 2
+    end
+  end
 end
--- a/spec/lib/wpscan/wp_theme_spec.rb
+++ b/spec/lib/wpscan/wp_theme_spec.rb
@@ -285,4 +285,5 @@ describe WpTheme do
      (instance === instance2).should == true
    end
  end
+
 end
--- a/spec/samples/wpscan/wp_theme/vulnerabilities/theme_vulns.xml
+++ b/spec/samples/wpscan/wp_theme/vulnerabilities/theme_vulns.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<vulnerabilities>
+  <theme name="onepagewebsite">
+    <vulnerability>
+      <title>onepagewebsite Full Path Disclosure vulnerability</title>
+      <reference>http://1337day.com/exploit/20027</reference>
+      <type>FPD</type>
+    </vulnerability>
+  </theme>
+  <theme name="vithy">
+    <vulnerability>
+      <title>vithy Full Path Disclosure vulnerability</title>
+      <reference>http://1337day.com/exploit/20040</reference>
+      <type>FPD</type>
+    </vulnerability>
+  </theme>
+</vulnerabilities>
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -146,6 +146,8 @@ begin
  start_time = Time.now
  puts "| URL: #{wp_target.url}"
  puts "| Started on #{start_time.asctime}"
+  puts "| Total vulnerable plugins: #{wp_target.plugin_vulns_count}"
+  puts "| Total vulnerable themes: #{wp_target.theme_vulns_count}"
  puts

  if wp_target.has_robots?