targets - targets to enumerate
:url - Base URL
+:base_url - Base URL
:wp_content - wp-content directory
@@ -273,7 +273,7 @@ enumerate_size = targets.size targets.each do |target| - url = target.get_url + url = target.get_full_url request = enum_browser.forge_request(url, { :cache_timeout => 0, :follow_location => true }) request_count += 1 @@ -342,7 +342,7 @@ file = options[:file] vulns_file = options[:vulns_file] wp_content_dir = options[:wp_content_dir] - url = options[:url] + url = options[:base_url] type = options[:type] plugins_dir = options[:wp_plugins_dir] targets_url = [] @@ -352,7 +352,7 @@ File.open(file, "r") do |f| f.readlines.collect do |line| targets_url << WpItem.new( - :url => url, + :base_url => url, :path => line.strip, :wp_content_dir => wp_content_dir, :name => File.dirname(line.strip), @@ -374,7 +374,7 @@ xml.xpath(options[:vulns_xpath_2]).each do |node| name = node.attribute("name").text targets_url << WpItem.new( - :url => url, + :base_url => url, :path => name, :wp_content_dir => wp_content_dir, :name => name, diff --git a/doc/WpItem.html b/doc/WpItem.html index e67b0fdb..71de90c0 100644 --- a/doc/WpItem.html +++ b/doc/WpItem.html @@ -79,9 +79,9 @@-# File lib/wpscan/wp_item.rb, line 121 +# File lib/wpscan/wp_item.rb, line 122 def <=>(other) other.name <=> self.name end@@ -485,7 +469,7 @@
-# File lib/wpscan/wp_item.rb, line 111 +# File lib/wpscan/wp_item.rb, line 112 def ==(other) other.name == self.name end@@ -518,7 +502,7 @@
-# File lib/wpscan/wp_item.rb, line 116 +# File lib/wpscan/wp_item.rb, line 117 def ===(other) other.name == self.name end@@ -551,7 +535,7 @@
-# File lib/wpscan/wp_item.rb, line 131 +# File lib/wpscan/wp_item.rb, line 132 def changelog_url get_url_without_filename.merge("changelog.txt") end@@ -584,7 +568,7 @@
-# File lib/wpscan/wp_item.rb, line 94 +# File lib/wpscan/wp_item.rb, line 95 def directory_listing? # Need to remove to file part from the url Browser.instance.get(get_url_without_filename).body[%{<title>Index of}] ? true : false @@ -618,9 +602,9 @@@@ -632,6 +616,53 @@-# File lib/wpscan/wp_item.rb, line 100 +# File lib/wpscan/wp_item.rb, line 101 def extract_name_from_url - get_url.to_s[%{^(https?://.*/([^/]+)/)}, 2] + get_full_url.to_s[%{^(https?://.*/([^/]+)/)}, 2] end
Get the full url for this item
+ + + ++# File lib/wpscan/wp_item.rb, line 57 +def get_full_url + url = @base_url.to_s.end_with?("/") ? @base_url.to_s : "#@base_url/" + # remove first and last / + wp_content_dir = @wp_content_dir.sub(/^\//, "").sub(/\/$/, "") + # remove first / + path = @path.sub(/^\//, "") + if type =="plugins" + # plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir + ret = URI.parse("#{url}#@wp_plugins_dir/#{path}") + elsif type == "timthumbs" + # timthumbs have folder in path variable + ret = URI.parse("#{url}#{wp_content_dir}/#{path}") + else + ret = URI.parse("#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}") + end + ret +end+
Get the full url for this item
- - - --# File lib/wpscan/wp_item.rb, line 59 -def get_url - url = @url.to_s.end_with?("/") ? @url.to_s : "#@url/" - # remove first and last / - wp_content_dir = @wp_content_dir.sub(/^\//, "").sub(/\/$/, "") - # remove first / - path = @path.sub(/^\//, "") - if type == "timthumbs" - # timthumbs have folder in path variable - ret = URI.parse("#{url}#{wp_content_dir}/#{path}") - else - ret = URI.parse("#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}") - end - ret -end-
-# File lib/wpscan/wp_item.rb, line 75 +# File lib/wpscan/wp_item.rb, line 76 def get_url_without_filename - location_url = get_url.to_s + location_url = get_full_url.to_s valid_location_url = location_url[%{^(https?://.*/)[^.]+\.[^/]+$}, 1] unless valid_location_url valid_location_url = add_trailing_slash(location_url) @@ -777,7 +762,7 @@-# File lib/wpscan/wp_item.rb, line 145 +# File lib/wpscan/wp_item.rb, line 146 def has_changelog? unless @changelog status = Browser.instance.get(changelog_url).code @@ -814,7 +799,7 @@-# File lib/wpscan/wp_item.rb, line 136 +# File lib/wpscan/wp_item.rb, line 137 def has_readme? unless @readme status = Browser.instance.get(readme_url).code @@ -851,7 +836,7 @@-# File lib/wpscan/wp_item.rb, line 126 +# File lib/wpscan/wp_item.rb, line 127 def readme_url get_url_without_filename.merge("readme.txt") end@@ -884,7 +869,7 @@@@ -584,8 +584,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp-# File lib/wpscan/wp_item.rb, line 105 +# File lib/wpscan/wp_item.rb, line 106 def to_s item_version = version "#@name#{' v' + item_version.strip if item_version}" @@ -918,10 +903,10 @@diff --git a/doc/WpTheme.html b/doc/WpTheme.html index c74123fa..7998da6c 100644 --- a/doc/WpTheme.html +++ b/doc/WpTheme.html @@ -215,21 +215,6 @@diff --git a/doc/WpPlugins.html b/doc/WpPlugins.html index 9e1ce0e8..2c845832 100644 --- a/doc/WpPlugins.html +++ b/doc/WpPlugins.html @@ -235,12 +235,12 @@ plugins = [] result.each do |r| plugins << WpPlugin.new( - :url => r.url, + :base_url => r.base_url, :path => r.path, :wp_content_dir => r.wp_content_dir, :name => r.name, :type => "plugins", - :wp_plugins_dir => r.wp_plugin_dir + :wp_plugins_dir => r.wp_plugins_dir ) end plugins.sort_by { |p| p.name } @@ -285,16 +285,16 @@ plugins can be found in the source code : # File lib/wpscan/modules/wp_plugins.rb, line 51 def plugins_from_passive_detection(options) plugins = [] - temp = WpDetector.passive_detection(options[:url], "plugins", options[:wp_content_dir]) + temp = WpDetector.passive_detection(options[:base_url], "plugins", options[:wp_content_dir]) temp.each do |item| plugins << WpPlugin.new( - :url => item.url, + :base_url => item.base_url, :name => item.name, :path => item.path, :wp_content_dir => options[:wp_content_dir], :type => "plugins", - :wp_plugins_dir => options[:wp_plugin_dir] + :wp_plugins_dir => options[:wp_plugins_dir] ) end plugins.sort_by { |p| p.name } diff --git a/doc/WpTarget.html b/doc/WpTarget.html index ef4994fa..7c9b1a0a 100644 --- a/doc/WpTarget.html +++ b/doc/WpTarget.html @@ -780,7 +780,7 @@ # File lib/wpscan/wp_target.rb, line 105 def wp_plugins_dir unless @wp_plugins_dir - @wp_plugins_dir = "plugins" + @wp_plugins_dir = "#{wp_content_dir}/plugins" end @wp_plugins_dir end-# File lib/wpscan/wp_item.rb, line 85 +# File lib/wpscan/wp_item.rb, line 86 def version unless @version - response = Browser.instance.get(get_url.merge("readme.txt").to_s) + response = Browser.instance.get(get_full_url.merge("readme.txt").to_s) @version = response.body[%{stable tag: #{WpVersion.version_pattern}}, 1] end @version diff --git a/doc/WpOptions.html b/doc/WpOptions.html index 871d1290..95da2aab 100644 --- a/doc/WpOptions.html +++ b/doc/WpOptions.html @@ -255,7 +255,7 @@# File lib/wpscan/wp_options.rb, line 34 def self.check_options(options) - raise("url must be set") unless options[:url] != nil and options[:url].to_s.length > 0 + raise("base_url must be set") unless options[:base_url] != nil and options[:base_url].to_s.length > 0 raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil raise("file must be set") unless options[:file] != nil and options[:file].length > 0 raise("vulns_file must be set") unless options[:vulns_file] != nil and options[:vulns_file].length > 0 diff --git a/doc/WpPlugin.html b/doc/WpPlugin.html index 884a062a..c8b0cbd9 100644 --- a/doc/WpPlugin.html +++ b/doc/WpPlugin.html @@ -315,7 +315,7 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/ # File lib/wpscan/wp_plugin.rb, line 39 def error_log_url - get_url.merge("error_log").to_s + get_full_url.merge("error_log").to_s endAttributes
- -@@ -382,7 +367,7 @@ return new(:name => theme_name, :style_url => style_url, - :url => style_url, + :base_url => style_url, :path => "", :wp_content_dir => "" ) @@ -431,7 +416,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp return new(:name => woo_theme_name, :version => woo_theme_version, - :url => matches[0], + :base_url => matches[0], :path => "", :wp_content_dir => "" ) diff --git a/doc/WpTimthumbs.html b/doc/WpTimthumbs.html index 7aff900d..a311a682 100644 --- a/doc/WpTimthumbs.html +++ b/doc/WpTimthumbs.html @@ -322,7 +322,7 @@ scripts/timthumb.php tools/timthumb.php functions/timthumb.php }.each do |file| targets << WpItem.new( - :url => options[:url], + :base_url => options[:base_url], :path => "themes/#{theme_name}/#{file}", :wp_content_dir => options[:wp_content_dir], :name => theme_name, diff --git a/doc/WpVersion.html b/doc/WpVersion.html index bca92ace..f6b35a5f 100644 --- a/doc/WpVersion.html +++ b/doc/WpVersion.html @@ -293,7 +293,7 @@ etc) # File lib/wpscan/wp_version.rb, line 39 def self.find(target_uri, wp_content_dir) options = { - :url => target_uri, + :base_url => target_uri, :wp_content_dir => wp_content_dir } self.methods.grep(/find_from_/).each do |method_to_call| @@ -393,7 +393,7 @@ file across all versions of wordpress.@@ -521,7 +521,7 @@ upgrade.# File lib/wpscan/wp_version.rb, line 94 def self.find_from_advanced_fingerprinting(options) - target_uri = options[:url] + target_uri = options[:base_url] # needed for rpsec tests version_xml = options[:version_xml] || DATA_DIR + "/wp_versions.xml" xml = Nokogiri::XML(File.open(version_xml)) do |config| @@ -451,7 +451,7 @@ upgrade.# File lib/wpscan/wp_version.rb, line 61 def self.find_from_meta_generator(options) - target_uri = options[:url] + target_uri = options[:base_url] response = Browser.instance.get(target_uri.to_s, {:follow_location => true, :max_redirects => 2}) response.body[%{name="generator" content="wordpress ([^"]+)"}, 1] @@ -487,7 +487,7 @@ upgrade.# File lib/wpscan/wp_version.rb, line 119 def self.find_from_readme(options) - target_uri = options[:url] + target_uri = options[:base_url] Browser.instance.get(target_uri.merge("readme.html").to_s).body[%{<br />\sversion #{WpVersion.version_pattern}}, 1] end# File lib/wpscan/wp_version.rb, line 68 def self.find_from_rss_generator(options) - target_uri = options[:url] + target_uri = options[:base_url] response = Browser.instance.get(target_uri.merge("feed/").to_s, {:follow_location => true, :max_redirects => 2}) response.body[%{<generator>http://wordpress.org/\?v=([^<]+)</generator>}, 1] @@ -558,7 +558,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp# File lib/wpscan/wp_version.rb, line 125 def self.find_from_sitemap_generator(options) - target_uri = options[:url] + target_uri = options[:base_url] Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%{generator="wordpress/#{WpVersion.version_pattern}"}, 1] end-diff --git a/doc/created.rid b/doc/created.rid index a561312f..b1138ea1 100644 --- a/doc/created.rid +++ b/doc/created.rid @@ -1,4 +1,4 @@ -Sat, 22 Sep 2012 23:49:14 +0200 +Sun, 23 Sep 2012 21:48:18 +0200 ./CREDITS Mon, 17 Sep 2012 20:18:24 +0200 ./Gemfile Sat, 22 Sep 2012 00:14:07 +0200 ./lib/browser.rb Sat, 22 Sep 2012 15:51:15 +0200 @@ -15,23 +15,23 @@ Sat, 22 Sep 2012 23:49:14 +0200 ./lib/wpscan/modules/web_site.rb Sat, 22 Sep 2012 16:18:55 +0200 ./lib/wpscan/modules/wp_config_backup.rb Sat, 22 Sep 2012 15:01:32 +0200 ./lib/wpscan/modules/wp_full_path_disclosure.rb Sat, 15 Sep 2012 08:01:17 +0200 -./lib/wpscan/modules/wp_login_protection.rb Sat, 22 Sep 2012 16:18:32 +0200 -./lib/wpscan/modules/wp_plugins.rb Sat, 22 Sep 2012 21:05:32 +0200 +./lib/wpscan/modules/wp_login_protection.rb Sun, 23 Sep 2012 19:38:40 +0200 +./lib/wpscan/modules/wp_plugins.rb Sun, 23 Sep 2012 20:20:17 +0200 ./lib/wpscan/modules/wp_readme.rb Sat, 15 Sep 2012 08:01:52 +0200 -./lib/wpscan/modules/wp_themes.rb Sat, 22 Sep 2012 21:32:34 +0200 -./lib/wpscan/modules/wp_timthumbs.rb Sat, 22 Sep 2012 23:24:13 +0200 +./lib/wpscan/modules/wp_themes.rb Sun, 23 Sep 2012 19:41:17 +0200 +./lib/wpscan/modules/wp_timthumbs.rb Sun, 23 Sep 2012 19:40:38 +0200 ./lib/wpscan/modules/wp_usernames.rb Sat, 22 Sep 2012 15:01:32 +0200 ./lib/wpscan/msfrpc_client.rb Fri, 21 Sep 2012 23:32:27 +0200 ./lib/wpscan/vulnerable.rb Sat, 22 Sep 2012 21:23:01 +0200 -./lib/wpscan/wp_detector.rb Sat, 22 Sep 2012 21:23:10 +0200 -./lib/wpscan/wp_enumerator.rb Sat, 22 Sep 2012 23:22:53 +0200 -./lib/wpscan/wp_item.rb Sat, 22 Sep 2012 23:38:11 +0200 -./lib/wpscan/wp_options.rb Sat, 22 Sep 2012 20:33:35 +0200 -./lib/wpscan/wp_plugin.rb Sat, 22 Sep 2012 21:24:14 +0200 -./lib/wpscan/wp_target.rb Sat, 22 Sep 2012 23:47:42 +0200 -./lib/wpscan/wp_theme.rb Sat, 22 Sep 2012 21:24:57 +0200 +./lib/wpscan/wp_detector.rb Sun, 23 Sep 2012 19:40:56 +0200 +./lib/wpscan/wp_enumerator.rb Sun, 23 Sep 2012 19:58:52 +0200 +./lib/wpscan/wp_item.rb Sun, 23 Sep 2012 21:47:56 +0200 +./lib/wpscan/wp_options.rb Sun, 23 Sep 2012 19:35:16 +0200 +./lib/wpscan/wp_plugin.rb Sun, 23 Sep 2012 19:59:17 +0200 +./lib/wpscan/wp_target.rb Sun, 23 Sep 2012 20:07:45 +0200 +./lib/wpscan/wp_theme.rb Sun, 23 Sep 2012 19:56:18 +0200 ./lib/wpscan/wp_user.rb Sat, 22 Sep 2012 16:12:25 +0200 -./lib/wpscan/wp_version.rb Sat, 22 Sep 2012 21:25:11 +0200 +./lib/wpscan/wp_version.rb Sun, 23 Sep 2012 21:26:24 +0200 ./lib/wpscan/wp_vulnerability.rb Sat, 22 Sep 2012 16:11:58 +0200 ./lib/wpscan/wpscan_helper.rb Sat, 15 Sep 2012 21:19:30 +0200 ./lib/wpscan/wpscan_options.rb Sat, 22 Sep 2012 15:01:32 +0200 @@ -39,5 +39,5 @@ Sat, 22 Sep 2012 23:49:14 +0200 ./lib/wpstools/parse_svn.rb Sat, 22 Sep 2012 16:10:30 +0200 ./lib/wpstools/wpstools_helper.rb Sat, 22 Sep 2012 15:00:03 +0200 ./README Thu, 13 Sep 2012 22:54:08 +0200 -./wpscan.rb Sat, 22 Sep 2012 23:46:46 +0200 +./wpscan.rb Sun, 23 Sep 2012 19:58:44 +0200 ./wpstools.rb Sat, 22 Sep 2012 14:59:30 +0200 diff --git a/doc/index.html b/doc/index.html index cae72895..d520143b 100644 --- a/doc/index.html +++ b/doc/index.html @@ -291,6 +291,8 @@Used to check if the version is correct : should be numeric with at least -one ‘.’
+Used to check if the version is correct : must contain at least one .
@@ -593,7 +592,7 @@ one ‘.’# File lib/wpscan/wp_version.rb, line 131 def self.version_pattern - '(.*(?=.)(?=.*\d)(?=.*[.]).*)' + '([^\r\n]+[\.][^\r\n]+)' end- #get_exploit_info — RpcClient
+- #get_full_url — WpItem
+- #get_nickname_from_response — WpUsernames
- #get_nickname_from_url — WpUsernames
@@ -303,8 +305,6 @@- #get_sub_folder — WpItem
-- #get_url — WpItem
-- #get_url_without_filename — WpItem
- #green — Object
diff --git a/doc/lib/wpscan/modules/wp_plugins_rb.html b/doc/lib/wpscan/modules/wp_plugins_rb.html index 375773cb..a957f7e9 100644 --- a/doc/lib/wpscan/modules/wp_plugins_rb.html +++ b/doc/lib/wpscan/modules/wp_plugins_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 21:05:32 +0200
+- 2012-09-23 20:20:17 +0200
- Requires
diff --git a/doc/lib/wpscan/modules/wp_timthumbs_rb.html b/doc/lib/wpscan/modules/wp_timthumbs_rb.html index 408c7604..4789dce4 100644 --- a/doc/lib/wpscan/modules/wp_timthumbs_rb.html +++ b/doc/lib/wpscan/modules/wp_timthumbs_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 23:24:13 +0200
+- 2012-09-23 19:40:38 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_detector_rb.html b/doc/lib/wpscan/wp_detector_rb.html index 451e993e..bdc256ac 100644 --- a/doc/lib/wpscan/wp_detector_rb.html +++ b/doc/lib/wpscan/wp_detector_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 21:23:10 +0200
+- 2012-09-23 19:40:56 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_enumerator_rb.html b/doc/lib/wpscan/wp_enumerator_rb.html index 470f8b83..caabd18d 100644 --- a/doc/lib/wpscan/wp_enumerator_rb.html +++ b/doc/lib/wpscan/wp_enumerator_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 23:22:53 +0200
+- 2012-09-23 19:58:52 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_options_rb.html b/doc/lib/wpscan/wp_options_rb.html index c2bdd2e8..2cae4d51 100644 --- a/doc/lib/wpscan/wp_options_rb.html +++ b/doc/lib/wpscan/wp_options_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 20:33:35 +0200
+- 2012-09-23 19:35:16 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_plugin_rb.html b/doc/lib/wpscan/wp_plugin_rb.html index 87462010..2ae3a21a 100644 --- a/doc/lib/wpscan/wp_plugin_rb.html +++ b/doc/lib/wpscan/wp_plugin_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 21:24:14 +0200
+- 2012-09-23 19:59:17 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_target_rb.html b/doc/lib/wpscan/wp_target_rb.html index 3762198b..cf1a80b4 100644 --- a/doc/lib/wpscan/wp_target_rb.html +++ b/doc/lib/wpscan/wp_target_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 23:47:42 +0200
+- 2012-09-23 20:07:45 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_theme_rb.html b/doc/lib/wpscan/wp_theme_rb.html index 9160117e..105bcd25 100644 --- a/doc/lib/wpscan/wp_theme_rb.html +++ b/doc/lib/wpscan/wp_theme_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 21:24:57 +0200
+- 2012-09-23 19:56:18 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_version_rb.html b/doc/lib/wpscan/wp_version_rb.html index b98561a0..065afc9d 100644 --- a/doc/lib/wpscan/wp_version_rb.html +++ b/doc/lib/wpscan/wp_version_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 21:25:11 +0200
+- 2012-09-23 21:26:24 +0200
- Requires
diff --git a/doc/wpscan_rb.html b/doc/wpscan_rb.html index 92570ed4..1d5ee923 100644 --- a/doc/wpscan_rb.html +++ b/doc/wpscan_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 23:46:46 +0200
+- 2012-09-23 19:58:44 +0200
- Requires
diff --git a/lib/wpscan/modules/wp_login_protection.rb b/lib/wpscan/modules/wp_login_protection.rb index 648c2e1a..39102a7e 100644 --- a/lib/wpscan/modules/wp_login_protection.rb +++ b/lib/wpscan/modules/wp_login_protection.rb @@ -38,7 +38,7 @@ module WpLoginProtection return @login_protection_plugin = WpPlugin.new( :name => plugin_name, - :url => @uri, + :base_url => @uri, :path => "/plugins/#{plugin_name}/", :wp_content_dir => @wp_content_dir ) @@ -68,7 +68,7 @@ module WpLoginProtection def better_wp_security_url WpPlugin.new(:wp_content_dir => @wp_content_dir, - :url => @uri, + :base_url => @uri, :path => "/plugins/better-wp-security/", :name => "better-wp-security" ).get_url_without_filename @@ -81,7 +81,7 @@ module WpLoginProtection def simple_login_lockdown_url WpPlugin.new(:wp_content_dir => @wp_content_dir, - :url => @uri, + :base_url => @uri, :path => "/plugins/simple-login-lockdown/", :name => "simple-login-lockdown" ).get_url_without_filename @@ -94,7 +94,7 @@ module WpLoginProtection def login_security_solution_url WpPlugin.new(:wp_content_dir => @wp_content_dir, - :url => @uri, + :base_url => @uri, :path => "/plugins/login-security-solution/", :name => "login-security-solution" ).get_url_without_filename @@ -107,7 +107,7 @@ module WpLoginProtection def limit_login_attempts_url WpPlugin.new(:wp_content_dir => @wp_content_dir, - :url => @uri, + :base_url => @uri, :path => "/plugins/limit-login-attempts/", :name => "limit-login-attempts" ).get_url_without_filename @@ -120,7 +120,7 @@ module WpLoginProtection def bluetrait_event_viewer_url WpPlugin.new(:wp_content_dir => @wp_content_dir, - :url => @uri, + :base_url => @uri, :path => "/plugins/bluetrait-event-viewer/", :name => "bluetrait-event-viewer" ).get_url_without_filename diff --git a/lib/wpscan/modules/wp_plugins.rb b/lib/wpscan/modules/wp_plugins.rb index 68c1ad7e..bad4c765 100644 --- a/lib/wpscan/modules/wp_plugins.rb +++ b/lib/wpscan/modules/wp_plugins.rb @@ -31,12 +31,12 @@ module WpPlugins plugins = [] result.each do |r| plugins << WpPlugin.new( - :url => r.url, + :base_url => r.base_url, :path => r.path, :wp_content_dir => r.wp_content_dir, :name => r.name, :type => "plugins", - :wp_plugins_dir => r.wp_plugin_dir + :wp_plugins_dir => r.wp_plugins_dir ) end plugins.sort_by { |p| p.name } @@ -50,16 +50,16 @@ module WpPlugins # return array of WpPlugin def plugins_from_passive_detection(options) plugins = [] - temp = WpDetector.passive_detection(options[:url], "plugins", options[:wp_content_dir]) + temp = WpDetector.passive_detection(options[:base_url], "plugins", options[:wp_content_dir]) temp.each do |item| plugins << WpPlugin.new( - :url => item.url, + :base_url => item.base_url, :name => item.name, :path => item.path, :wp_content_dir => options[:wp_content_dir], :type => "plugins", - :wp_plugins_dir => options[:wp_plugin_dir] + :wp_plugins_dir => options[:wp_plugins_dir] ) end plugins.sort_by { |p| p.name } diff --git a/lib/wpscan/modules/wp_themes.rb b/lib/wpscan/modules/wp_themes.rb index 97d6b302..78e93fd5 100644 --- a/lib/wpscan/modules/wp_themes.rb +++ b/lib/wpscan/modules/wp_themes.rb @@ -29,7 +29,7 @@ module WpThemes themes = [] result.each do |r| themes << WpTheme.new( - :url => r.url, + :base_url => r.base_url, :path => r.path, :wp_content_dir => r.wp_content_dir, :name => r.name @@ -40,11 +40,11 @@ module WpThemes def themes_from_passive_detection(options) themes = [] - temp = WpDetector.passive_detection(options[:url], "themes", options[:wp_content_dir]) + temp = WpDetector.passive_detection(options[:base_url], "themes", options[:wp_content_dir]) temp.each do |item| themes << WpTheme.new( - :url => item.url, + :base_url => item.base_url, :name => item.name, :path => item.path, :wp_content_dir => options[:wp_content_dir] diff --git a/lib/wpscan/modules/wp_timthumbs.rb b/lib/wpscan/modules/wp_timthumbs.rb index cae99b4d..95f47391 100644 --- a/lib/wpscan/modules/wp_timthumbs.rb +++ b/lib/wpscan/modules/wp_timthumbs.rb @@ -55,7 +55,7 @@ module WpTimthumbs scripts/timthumb.php tools/timthumb.php functions/timthumb.php }.each do |file| targets << WpItem.new( - :url => options[:url], + :base_url => options[:base_url], :path => "themes/#{theme_name}/#{file}", :wp_content_dir => options[:wp_content_dir], :name => theme_name, diff --git a/lib/wpscan/wp_detector.rb b/lib/wpscan/wp_detector.rb index 43933d36..40362e94 100644 --- a/lib/wpscan/wp_detector.rb +++ b/lib/wpscan/wp_detector.rb @@ -23,7 +23,7 @@ class WpDetector result = items if items == nil or items.length == 0 - result = passive_detection(options[:url], options[:type], options[:wp_content_dir]) + result = passive_detection(options[:base_url], options[:type], options[:wp_content_dir]) end enum_results = WpEnumerator.enumerate(options) @@ -61,7 +61,7 @@ class WpDetector names.each do |item| items << WpItem.new( - :url => url, + :base_url => url, :name => item, :type => type, :path => "#{item}/", diff --git a/lib/wpscan/wp_enumerator.rb b/lib/wpscan/wp_enumerator.rb index 11ae4eee..ba4bab5a 100644 --- a/lib/wpscan/wp_enumerator.rb +++ b/lib/wpscan/wp_enumerator.rb @@ -24,7 +24,7 @@ class WpEnumerator # ==== Attributes # # * +targets+ - targets to enumerate - # * * +:url+ - Base URL + # * * +:base_url+ - Base URL # * * +:wp_content+ - wp-content directory # * * +:path+ - Path to plugin # * +type+ - "plugins" or "themes", item to enumerate @@ -50,7 +50,7 @@ class WpEnumerator enumerate_size = targets.size targets.each do |target| - url = target.get_url + url = target.get_full_url request = enum_browser.forge_request(url, { :cache_timeout => 0, :follow_location => true }) request_count += 1 @@ -86,7 +86,7 @@ class WpEnumerator file = options[:file] vulns_file = options[:vulns_file] wp_content_dir = options[:wp_content_dir] - url = options[:url] + url = options[:base_url] type = options[:type] plugins_dir = options[:wp_plugins_dir] targets_url = [] @@ -96,7 +96,7 @@ class WpEnumerator File.open(file, "r") do |f| f.readlines.collect do |line| targets_url << WpItem.new( - :url => url, + :base_url => url, :path => line.strip, :wp_content_dir => wp_content_dir, :name => File.dirname(line.strip), @@ -118,7 +118,7 @@ class WpEnumerator xml.xpath(options[:vulns_xpath_2]).each do |node| name = node.attribute("name").text targets_url << WpItem.new( - :url => url, + :base_url => url, :path => name, :wp_content_dir => wp_content_dir, :name => name, diff --git a/lib/wpscan/wp_item.rb b/lib/wpscan/wp_item.rb index 97b85f24..47d33928 100644 --- a/lib/wpscan/wp_item.rb +++ b/lib/wpscan/wp_item.rb @@ -19,20 +19,20 @@ require "#{WPSCAN_LIB_DIR}/vulnerable" class WpItem < Vulnerable - attr_accessor :path, :url, :wp_content_dir, :name, :vulns_file, :vulns_xpath, :wp_plugin_dir, :type + attr_reader :base_url, :path, :wp_content_dir, :name, :vulns_file, :vulns_xpath, :wp_plugins_dir, :type @version = nil def initialize(options) @type = options[:type] - @wp_content_dir = options[:wp_content_dir] || "wp-content" - @wp_plugin_dir = options[:wp_plugins_dir] || "plugins" - @url = options[:url] + @wp_content_dir = options[:wp_content_dir] ? options[:wp_content_dir].sub(/^\//, "").sub(/\/$/, "") : "wp-content" + @wp_plugins_dir = options[:wp_plugins_dir] || "#@wp_content_dir/plugins" + @base_url = options[:base_url] @path = options[:path] @name = options[:name] || extract_name_from_url @vulns_file = options[:vulns_file] @vulns_xpath = options[:vulns_xpath].sub(/\$name\$/, @name) unless options[:vulns_xpath] == nil - raise("url not set") unless @url + raise("base_url not set") unless @base_url raise("path not set") unless @path raise("wp_content_dir not set") unless @wp_content_dir raise("name not set") unless @name @@ -42,8 +42,6 @@ class WpItem < Vulnerable def get_sub_folder case @type - when "plugins" - folder = @wp_plugin_dir when "themes" folder = "themes" when "timthumbs" @@ -56,13 +54,16 @@ class WpItem < Vulnerable end # Get the full url for this item - def get_url - url = @url.to_s.end_with?("/") ? @url.to_s : "#@url/" + def get_full_url + url = @base_url.to_s.end_with?("/") ? @base_url.to_s : "#@base_url/" # remove first and last / wp_content_dir = @wp_content_dir.sub(/^\//, "").sub(/\/$/, "") # remove first / path = @path.sub(/^\//, "") - if type == "timthumbs" + if type =="plugins" + # plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir + ret = URI.parse("#{url}#@wp_plugins_dir/#{path}") + elsif type == "timthumbs" # timthumbs have folder in path variable ret = URI.parse("#{url}#{wp_content_dir}/#{path}") else @@ -73,7 +74,7 @@ class WpItem < Vulnerable # Gets the full url for this item without filenames def get_url_without_filename - location_url = get_url.to_s + location_url = get_full_url.to_s valid_location_url = location_url[%r{^(https?://.*/)[^.]+\.[^/]+$}, 1] unless valid_location_url valid_location_url = add_trailing_slash(location_url) @@ -84,7 +85,7 @@ class WpItem < Vulnerable # Returns version number from readme.txt if it exists def version unless @version - response = Browser.instance.get(get_url.merge("readme.txt").to_s) + response = Browser.instance.get(get_full_url.merge("readme.txt").to_s) @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1] end @version @@ -98,7 +99,7 @@ class WpItem < Vulnerable # Extract item name from a url def extract_name_from_url - get_url.to_s[%r{^(https?://.*/([^/]+)/)}i, 2] + get_full_url.to_s[%r{^(https?://.*/([^/]+)/)}i, 2] end # To string. Adds a version number if detected diff --git a/lib/wpscan/wp_options.rb b/lib/wpscan/wp_options.rb index e48c4196..c68320ff 100644 --- a/lib/wpscan/wp_options.rb +++ b/lib/wpscan/wp_options.rb @@ -32,7 +32,7 @@ # * +type+ - Type: plugins, themes class WpOptions def self.check_options(options) - raise("url must be set") unless options[:url] != nil and options[:url].to_s.length > 0 + raise("base_url must be set") unless options[:base_url] != nil and options[:base_url].to_s.length > 0 raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil raise("file must be set") unless options[:file] != nil and options[:file].length > 0 raise("vulns_file must be set") unless options[:vulns_file] != nil and options[:vulns_file].length > 0 diff --git a/lib/wpscan/wp_plugin.rb b/lib/wpscan/wp_plugin.rb index 0e9799f1..7315771a 100644 --- a/lib/wpscan/wp_plugin.rb +++ b/lib/wpscan/wp_plugin.rb @@ -37,6 +37,6 @@ class WpPlugin < WpItem end def error_log_url - get_url.merge("error_log").to_s + get_full_url.merge("error_log").to_s end end diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb index a1b7f636..8e7ab549 100644 --- a/lib/wpscan/wp_target.rb +++ b/lib/wpscan/wp_target.rb @@ -104,7 +104,7 @@ class WpTarget def wp_plugins_dir unless @wp_plugins_dir - @wp_plugins_dir = "plugins" + @wp_plugins_dir = "#{wp_content_dir}/plugins" end @wp_plugins_dir end diff --git a/lib/wpscan/wp_theme.rb b/lib/wpscan/wp_theme.rb index 50a1e73a..79a18f53 100644 --- a/lib/wpscan/wp_theme.rb +++ b/lib/wpscan/wp_theme.rb @@ -20,7 +20,7 @@ require "#{WPSCAN_LIB_DIR}/vulnerable" class WpTheme < WpItem - attr_reader :name, :style_url, :version + attr_reader :style_url, :version def initialize(options = {}) options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? @@ -67,7 +67,7 @@ class WpTheme < WpItem return new(:name => theme_name, :style_url => style_url, - :url => style_url, + :base_url => style_url, :path => "", :wp_content_dir => "" ) @@ -87,7 +87,7 @@ class WpTheme < WpItem return new(:name => woo_theme_name, :version => woo_theme_version, - :url => matches[0], + :base_url => matches[0], :path => "", :wp_content_dir => "" ) diff --git a/lib/wpscan/wp_version.rb b/lib/wpscan/wp_version.rb index 4f69ecc4..17be618a 100644 --- a/lib/wpscan/wp_version.rb +++ b/lib/wpscan/wp_version.rb @@ -38,7 +38,7 @@ class WpVersion < Vulnerable # (find_from_meta_generator, find_from_rss_generator etc) def self.find(target_uri, wp_content_dir) options = { - :url => target_uri, + :base_url => target_uri, :wp_content_dir => wp_content_dir } self.methods.grep(/find_from_/).each do |method_to_call| @@ -59,14 +59,14 @@ class WpVersion < Vulnerable # The meta tag can be removed however it seems, # that it is reinstated on upgrade. def self.find_from_meta_generator(options) - target_uri = options[:url] + target_uri = options[:base_url] response = Browser.instance.get(target_uri.to_s, {:follow_location => true, :max_redirects => 2}) response.body[%r{name="generator" content="wordpress ([^"]+)"}i, 1] end def self.find_from_rss_generator(options) - target_uri = options[:url] + target_uri = options[:base_url] response = Browser.instance.get(target_uri.merge("feed/").to_s, {:follow_location => true, :max_redirects => 2}) response.body[%r{http://wordpress.org/\?v=([^<]+) }i, 1] @@ -92,7 +92,7 @@ class WpVersion < Vulnerable # /!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated) # def self.find_from_advanced_fingerprinting(options) - target_uri = options[:url] + target_uri = options[:base_url] # needed for rpsec tests version_xml = options[:version_xml] || DATA_DIR + "/wp_versions.xml" xml = Nokogiri::XML(File.open(version_xml)) do |config| @@ -117,18 +117,18 @@ class WpVersion < Vulnerable end def self.find_from_readme(options) - target_uri = options[:url] + target_uri = options[:base_url] Browser.instance.get(target_uri.merge("readme.html").to_s).body[%r{
\sversion #{WpVersion.version_pattern}}i, 1] end # http://code.google.com/p/wpscan/issues/detail?id=109 def self.find_from_sitemap_generator(options) - target_uri = options[:url] + target_uri = options[:base_url] Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}, 1] end - # Used to check if the version is correct : should be numeric with at least one '.' + # Used to check if the version is correct : must contain at least one . def self.version_pattern - '(.*(?=.)(?=.*\d)(?=.*[.]).*)' + '([^\r\n]+[\.][^\r\n]+)' end end diff --git a/spec/lib/wpscan/modules/wp_login_protection_spec.rb b/spec/lib/wpscan/modules/wp_login_protection_spec.rb index d8119549..2349ded2 100644 --- a/spec/lib/wpscan/modules/wp_login_protection_spec.rb +++ b/spec/lib/wpscan/modules/wp_login_protection_spec.rb @@ -100,7 +100,7 @@ shared_examples_for "WpLoginProtection" do it "should return a login-lockdown WpPlugin object" do @fixture = @fixtures_dir + "/wp-login-login_lockdown.php" - @plugin_expected = WpPlugin.new(:url => @module.url, + @plugin_expected = WpPlugin.new(:base_url => @module.url, :path => "/plugins/login-lockdown/", :name => "login-lockdown" ) @@ -109,7 +109,7 @@ shared_examples_for "WpLoginProtection" do it "should return a login-lock WpPlugin object" do @fixture = @fixtures_dir + "/wp-login-login_lock.php" - @plugin_expected = WpPlugin.new(:url => @module.url, + @plugin_expected = WpPlugin.new(:base_url => @module.url, :path => "/plugins/login-lock/", :name => "login-lock" ) diff --git a/spec/lib/wpscan/modules/wp_plugins_spec.rb b/spec/lib/wpscan/modules/wp_plugins_spec.rb index 9cf6c458..406cd628 100644 --- a/spec/lib/wpscan/modules/wp_plugins_spec.rb +++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb @@ -31,7 +31,7 @@ shared_examples_for "WpPlugins" do @module.error_404_hash = Digest::MD5.hexdigest("Error 404!") @module.extend(WpPlugins) - @options = {:url => @wp_url, + @options = {:base_url => @wp_url, :only_vulnerable_ones => false, :show_progress_bar => false, :error_404_hash => Digest::MD5.hexdigest("Error 404!"), @@ -43,27 +43,27 @@ shared_examples_for "WpPlugins" do } File.exist?(@plugin_vulns_file).should == true File.exist?(@plugins_file).should == true - @targets = [WpPlugin.new({:url => "http://example.localhost/", + @targets = [WpPlugin.new({:base_url => "http://example.localhost/", :path => "exclude-pages/exclude_pages.php", :wp_content_dir => "wp-content", :name => "exclude-pages"}), - WpPlugin.new({:url => "http://example.localhost/", + WpPlugin.new({:base_url => "http://example.localhost/", :path => "display-widgets/display-widgets.php", :wp_content_dir => "wp-content", :name => "display-widgets"}), - WpPlugin.new({:url => "http://example.localhost/", + WpPlugin.new({:base_url => "http://example.localhost/", :path => "media-library", :wp_content_dir => "wp-content", :name => "media-library"}), - WpPlugin.new({:url => "http://example.localhost/", + WpPlugin.new({:base_url => "http://example.localhost/", :path => "deans", :wp_content_dir => "wp-content", :name => "deans"}), - WpPlugin.new({:url => "http://example.localhost/", + WpPlugin.new({:base_url => "http://example.localhost/", :path => "formidable/formidable.php", :wp_content_dir => "wp-content", :name => "formidable"}), - WpPlugin.new({:url => "http://example.localhost/", + WpPlugin.new({:base_url => "http://example.localhost/", :path => "regenerate-thumbnails/readme.txt", :wp_content_dir => "wp-content", :name => "regenerate-thumbnails"})] @@ -74,7 +74,7 @@ shared_examples_for "WpPlugins" do it "should return an empty array" do stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_plugins.htm')) - plugins = @module.plugins_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content") + plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content") plugins.should be_empty end @@ -92,12 +92,12 @@ shared_examples_for "WpPlugins" do } expected_plugins = [] expected_plugin_names.each do |plugin_name| - expected_plugins << WpPlugin.new(:url => @module.url, + expected_plugins << WpPlugin.new(:base_url => @module.url, :path => "/plugins/#{plugin_name}/", :name => plugin_name) end - plugins = @module.plugins_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content") + plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content") plugins.should_not be_empty plugins.length.should == expected_plugins.length plugins.sort.should == expected_plugins.sort @@ -110,7 +110,7 @@ shared_examples_for "WpPlugins" do stub_request(:get, @module.uri.to_s).to_return(:status => 200) # Point all targets to a 404 @targets.each do |target| - stub_request(:get, target.get_url.to_s).to_return(:status => 404) + stub_request(:get, target.get_full_url.to_s).to_return(:status => 404) # to_s calls readme_url stub_request(:get, target.readme_url.to_s).to_return(:status => 404) end @@ -132,9 +132,9 @@ shared_examples_for "WpPlugins" do @passive_detection_fixture = @fixtures_dir + "/passive_detection/one_plugin.htm" @expected_plugins = @targets.sample(2) @expected_plugins.each do |p| - stub_request(:get, p.get_url.to_s).to_return(:status => 200) + stub_request(:get, p.get_full_url.to_s).to_return(:status => 200) end - new_plugin = WpPlugin.new(:url => "http://example.localhost/", + new_plugin = WpPlugin.new(:base_url => "http://example.localhost/", :path => "/plugins/comment-info-tip/", :name => "comment-info-tip") stub_request(:get, new_plugin.readme_url.to_s).to_return(:status => 200) @@ -149,7 +149,7 @@ shared_examples_for "WpPlugins" do plugin_url.should_not be_nil plugin_url.length.should == 1 @expected_plugins = plugin_url - stub_request(:get, plugin_url[0].get_url.to_s).to_return(:status => valid_response_code) + stub_request(:get, plugin_url[0].get_full_url.to_s).to_return(:status => valid_response_code) end end end diff --git a/spec/lib/wpscan/modules/wp_themes_spec.rb b/spec/lib/wpscan/modules/wp_themes_spec.rb index e4001657..79072983 100644 --- a/spec/lib/wpscan/modules/wp_themes_spec.rb +++ b/spec/lib/wpscan/modules/wp_themes_spec.rb @@ -31,7 +31,7 @@ shared_examples_for "WpThemes" do @module.error_404_hash = Digest::MD5.hexdigest("Error 404!") @module.extend(WpThemes) - @options = {:url => @wp_url, + @options = {:base_url => @wp_url, :only_vulnerable_ones => false, :show_progress_bar => false, :error_404_hash => Digest::MD5.hexdigest("Error 404!"), @@ -43,55 +43,55 @@ shared_examples_for "WpThemes" do } File.exist?(@theme_vulns_file).should == true File.exist?(@themes_file).should == true - @targets = [WpTheme.new({:url => "http://example.localhost/", + @targets = [WpTheme.new({:base_url => "http://example.localhost/", :path => "zenpro/404.php", :wp_content_dir => "wp-content", :name => "zenpro"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "zeta-zip/404.php", :wp_content_dir => "wp-content", :name => "zeta-zip"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "zfirst/404.php", :wp_content_dir => "wp-content", :name => "zfirst"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "zgrey/404.php", :wp_content_dir => "wp-content", :name => "zgrey"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "zindi-ii/404.php", :wp_content_dir => "wp-content", :name => "zindi-ii"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "zindi/404.php", :wp_content_dir => "wp-content", :name => "zindi"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "zombie-apocalypse/404.php", :wp_content_dir => "wp-content", :name => "zombie-apocalypse"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "zsofa/404.php", :wp_content_dir => "wp-content", :name => "zsofa"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "zwei-seiten/404.php", :wp_content_dir => "wp-content", :name => "zwei-seiten"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "twentyten/404.php", :wp_content_dir => "wp-content", :name => "twentyten"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "shopperpress", :wp_content_dir => "wp-content", :name => "shopperpress"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "wise", :wp_content_dir => "wp-content", :name => "wise"}), - WpTheme.new({:url => "http://example.localhost/", + WpTheme.new({:base_url => "http://example.localhost/", :path => "webfolio", :wp_content_dir => "wp-content", :name => "webfolio"})] @@ -102,7 +102,7 @@ shared_examples_for "WpThemes" do it "should return an empty array" do stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_theme.htm')) - themes = @module.themes_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content") + themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content") themes.should be_empty end @@ -112,12 +112,12 @@ shared_examples_for "WpThemes" do expected_theme_names = %w{ theme1 theme2 theme3 } expected_themes = [] expected_theme_names.each do |theme_name| - expected_themes << WpTheme.new(:url => @module.url, + expected_themes << WpTheme.new(:base_url => @module.url, :path => "/themes/#{theme_name}/", :name => theme_name) end - themes = @module.themes_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content") + themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content") themes.should_not be_empty themes.length.should == expected_themes.length themes.sort.should == expected_themes.sort @@ -130,7 +130,7 @@ shared_examples_for "WpThemes" do stub_request(:get, @module.uri.to_s).to_return(:status => 200) # Point all targets to a 404 @targets.each do |target| - stub_request(:get, target.get_url.to_s).to_return(:status => 404) + stub_request(:get, target.get_full_url.to_s).to_return(:status => 404) # to_s calls readme_url stub_request(:get, target.readme_url.to_s).to_return(:status => 404) end @@ -152,9 +152,9 @@ shared_examples_for "WpThemes" do @passive_detection_fixture = @fixtures_dir + "/passive_detection/one_theme.htm" @expected_themes = @targets.sample(2) @expected_themes.each do |p| - stub_request(:get, p.get_url.to_s).to_return(:status => 200) + stub_request(:get, p.get_full_url.to_s).to_return(:status => 200) end - new_theme = WpTheme.new(:url => "http://example.localhost/", + new_theme = WpTheme.new(:base_url => "http://example.localhost/", :path => "/themes/custom-twentyten/", :name => "custom-twentyten") stub_request(:get, new_theme.readme_url.to_s).to_return(:status => 200) @@ -169,7 +169,7 @@ shared_examples_for "WpThemes" do theme_url.should_not be_nil theme_url.length.should == 1 @expected_themes = theme_url - stub_request(:get, theme_url[0].get_url.to_s).to_return(:status => valid_response_code) + stub_request(:get, theme_url[0].get_full_url.to_s).to_return(:status => valid_response_code) end end end diff --git a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb index e136c802..8c8a849e 100644 --- a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb +++ b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb @@ -22,7 +22,7 @@ shared_examples_for "WpTimthumbs" do @options = {} @url = "http://example.localhost/" @theme_name = "bueno" - @options[:url] = @url + @options[:base_url] = @url @options[:wp_content_dir] = "wp-content" @options[:name] = @theme_name @options[:error_404_hash] = "xx" @@ -60,7 +60,7 @@ shared_examples_for "WpTimthumbs" do targets.length.should > 0 temp = [] targets.each do |t| - temp << t.get_url.to_s + temp << t.get_full_url.to_s end temp.sort.should === @targets_from_theme.sort end @@ -91,7 +91,7 @@ shared_examples_for "WpTimthumbs" do urls = [] urls_hash = WpEnumerator.generate_items(@options) urls_hash.each do |u| - url = u.get_url.to_s + url = u.get_full_url.to_s urls << url stub_request(:get, url).to_return(:status => 404) end @@ -106,7 +106,7 @@ shared_examples_for "WpTimthumbs" do temp = [] timthumbs.each do |t| - temp << t.get_url.to_s + temp << t.get_full_url.to_s end temp.sort.should === expected.sort @module.has_timthumbs?(nil).should be_true diff --git a/spec/lib/wpscan/wp_item_spec.rb b/spec/lib/wpscan/wp_item_spec.rb index 89dac96f..fa8ad2af 100644 --- a/spec/lib/wpscan/wp_item_spec.rb +++ b/spec/lib/wpscan/wp_item_spec.rb @@ -19,82 +19,141 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpPlugin do - before :each do - @instance = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins" - ) - end - describe "#initialize" do it "should create a correct instance" do - @instance.wp_content_dir.should == "wp-content" - @instance.url.should == "http://sub.example.com/path/to/wordpress/" - @instance.path.should == "test/asdf.php" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + instance.wp_content_dir.should == "wp-content" + instance.base_url.should == "http://sub.example.com/path/to/wordpress/" + instance.path.should == "test/asdf.php" end end - describe "#get_url" do + describe "#get_full_url" do it "should return the correct url" do - @instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php" end it "should return the correct url (custom wp_content_dir)" do - @instance.wp_content_dir = "custom" - @instance.type = "plugins" - @instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins", + :wp_content_dir => "custom" + ) + instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php" end it "should trim / and add missing / before concatenating url" do - @instance.wp_content_dir = "/custom/" - @instance.url = "http://sub.example.com/path/to/wordpress" - @instance.path = "test/asdf.php" - @instance.type = "plugins" - @instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins", + :wp_content_dir => "/custom/" + ) + instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php" end end describe "#get_url_without_filename" do it "should return the correct url" do - @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/" end it "should return the correct url (custom wp_content_dir)" do - @instance.wp_content_dir = "custom" - @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins", + :wp_content_dir => "custom" + ) + instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/" end it "should trim / and add missing / before concatenating url" do - @instance.wp_content_dir = "/custom/" - @instance.url = "http://sub.example.com/path/to/wordpress" - @instance.path = "test/asdf.php" - @instance.type = "plugins" - @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins", + :wp_content_dir => "/custom/" + ) + instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/" end it "should not remove the last foldername" do - @instance.path = "test/" - @instance.type = "plugins" - @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/" end it "should return the correct url (https)" do - @instance.url = "https://sub.example.com/path/to/wordpress/" - @instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/" + instance = WpItem.new(:base_url => "https://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/" end it "should add the last slash if it's not present" do - @instance.path = "test-one" - @instance.type = "plugins" - @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test-one", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/" end end describe "#version" do let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' } + + before :each do + @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + end + it "should return a version number" do stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1") @instance.version.should == "1.2.4.3.2.1" @@ -120,6 +179,16 @@ describe WpPlugin do end describe "#directory_listing?" do + before :each do + @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + end + it "should return true" do stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200, :body => "Index of asdf ") @@ -140,36 +209,74 @@ describe WpPlugin do describe "#extract_name_from_url" do it "should extract the correct name" do - @instance.extract_name_from_url.should == "test" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + instance.extract_name_from_url.should == "test" end it "should extract the correct name (custom wp_content_dir)" do - @instance.wp_content_dir = "custom" - @instance.extract_name_from_url.should == "test" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins", + :wp_content_dir => "custom" + ) + instance.extract_name_from_url.should == "test" end it "should extract the correct name" do - @instance.wp_content_dir = "/custom/" - @instance.url = "http://sub.example.com/path/to/wordpress" - @instance.path = "test2/asdf.php" - @instance.type = "plugins" - @instance.extract_name_from_url.should == "test2" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test2/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins", + :wp_content_dir => "/custom/" + ) + instance.extract_name_from_url.should == "test2" end it "should extract the correct plugin name" do - @instance.path = "testplugin/" - @instance.type = "plugins" - @instance.extract_name_from_url.should == "testplugin" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "testplugin/", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + instance.extract_name_from_url.should == "testplugin" end it "should extract the correct theme name" do - @instance.path = "testtheme/" - @instance.type = "plugins" - @instance.extract_name_from_url.should == "testtheme" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "testtheme/", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "themes" + ) + instance.extract_name_from_url.should == "testtheme" end end describe "#to_s" do + before :each do + @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + end + it "should return the name including a version number" do stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1") @instance.to_s.should == "test v1.2.4.3.2.1" @@ -182,8 +289,18 @@ describe WpPlugin do end describe "#==" do + before :each do + @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + end + it "should return false" do - instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "newname/asdf.php", :type => "plugins", :vulns_file => "XXX.xml", @@ -193,7 +310,7 @@ describe WpPlugin do end it "should return true" do - instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "test/asdf.php", :type => "plugins", :vulns_file => "XXX.xml", @@ -204,38 +321,25 @@ describe WpPlugin do end describe "#get_sub_folder" do - it "should return plugins" do - item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", + it "should return themes" do + item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "test/asdf.php", :vulns_file => "XXX.xml", :wp_content_dir => "wp-content", - :wp_plugins_dir => "plugins", + :wp_plugins_dir => "wp-content/plugins", :name => "test", :vulns_xpath => "XX", - :type => "plugins" + :type => "themes" ) - item.get_sub_folder.should == "plugins" - end - - it "should return custom-plugins" do - item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", - :path => "test/asdf.php", - :vulns_file => "XXX.xml", - :wp_content_dir => "wp-content", - :wp_plugins_dir => "custom-plugins", - :name => "test", - :vulns_xpath => "XX", - :type => "plugins" - ) - item.get_sub_folder.should == "custom-plugins" + item.get_sub_folder.should == "themes" end it "should return themes" do - item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", + item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "test/asdf.php", :vulns_file => "XXX.xml", :wp_content_dir => "wp-content", - :wp_plugins_dir => "plugins", + :wp_plugins_dir => "wp-content/plugins", :name => "test", :vulns_xpath => "XX", :type => "themes" @@ -244,11 +348,11 @@ describe WpPlugin do end it "should return nil" do - item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", + item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "test/asdf.php", :vulns_file => "XXX.xml", :wp_content_dir => "wp-content", - :wp_plugins_dir => "plugins", + :wp_plugins_dir => "wp-content/plugins", :name => "test", :vulns_xpath => "XX", :type => "timthumbs" @@ -257,11 +361,11 @@ describe WpPlugin do end it "should raise an exception" do - item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/", + item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "test/asdf.php", :vulns_file => "XXX.xml", :wp_content_dir => "wp-content", - :wp_plugins_dir => "plugins", + :wp_plugins_dir => "wp-content/plugins", :name => "test", :vulns_xpath => "XX", :type => "type" @@ -272,55 +376,111 @@ describe WpPlugin do describe "#readme_url" do it "should return the corrent plugin readme url" do - @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt" end it "should return the corrent plugin readme url (custom wp_content)" do - @instance.wp_content_dir = "custom" - @instance.type = "plugins" - @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins", + :wp_content_dir => "custom" + ) + instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt" end it "should return the corrent theme readme url" do - @instance.path = "test/asdf.php" - @instance.type = "themes" - @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "themes" + ) + instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt" end it "should return the corrent theme readme url (custom wp_content)" do - @instance.wp_content_dir = "custom" - @instance.path = "test/asdf.php" - @instance.type = "themes" - @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "themes", + :wp_content_dir => "custom" + ) + instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt" end end describe "#changelog_url" do it "should return the corrent plugin changelog url" do - @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt" end it "should return the corrent plugin changelog url (custom wp_content)" do - @instance.wp_content_dir = "custom" - @instance.type = "plugins" - @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins", + :wp_content_dir => "custom" + ) + instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt" end it "should return the corrent theme changelog url" do - @instance.path = "test/asdf.php" - @instance.type = "themes" - @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "themes" + ) + instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt" end it "should return the corrent theme changelog url (custom wp_content)" do - @instance.wp_content_dir = "custom" - @instance.path = "test/asdf.php" - @instance.type = "themes" - @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt" + instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "themes", + :wp_content_dir => "custom" + ) + instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt" end end describe "#has_readme?" do + before :each do + @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + end + it "should return true" do stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200) @instance.has_readme?.should == true @@ -333,6 +493,16 @@ describe WpPlugin do end describe "#has_changelog?" do + before :each do + @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/", + :path => "test/asdf.php", + :vulns_file => "XXX.xml", + :name => "test", + :vulns_xpath => "XX", + :type => "plugins" + ) + end + it "should return true" do stub_request(:get, @instance.changelog_url.to_s).to_return(:status => 200) @instance.has_changelog?.should == true diff --git a/spec/lib/wpscan/wp_options_spec.rb b/spec/lib/wpscan/wp_options_spec.rb index 7ddddacd..0e5a18b9 100644 --- a/spec/lib/wpscan/wp_options_spec.rb +++ b/spec/lib/wpscan/wp_options_spec.rb @@ -22,7 +22,7 @@ describe WpOptions do describe "#check_options" do before :each do @options = {} - @options[:url] = "url" + @options[:base_url] = "url" @options[:only_vulnerable_ones] = false @options[:file] = "file" @options[:vulns_file] = "vulns_file" @@ -40,14 +40,14 @@ describe WpOptions do expect { WpOptions.check_options(@options) }.to raise_error(RuntimeError, @message) end - it "should raise an exception (url empty)" do - @options[:url] = "" - @message = "url must be set" + it "should raise an exception (base_url empty)" do + @options[:base_url] = "" + @message = "base_url must be set" end - it "should raise an exception (url nil)" do - @options[:url] = nil - @message = "url must be set" + it "should raise an exception (base_url nil)" do + @options[:base_url] = nil + @message = "base_url must be set" end it "should raise an exception (only_vulnerable_ones nil)" do diff --git a/spec/lib/wpscan/wp_plugin_spec.rb b/spec/lib/wpscan/wp_plugin_spec.rb index 7ca5deee..28c1a536 100644 --- a/spec/lib/wpscan/wp_plugin_spec.rb +++ b/spec/lib/wpscan/wp_plugin_spec.rb @@ -21,29 +21,29 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpPlugin do describe "#initialize" do it "should not raise an exception" do - expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error + expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error end it "should not raise an exception (wp_content_dir not set)" do - expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error + expect { WpPlugin.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error end - it "should raise an exception (url not set)" do + it "should raise an exception (base_url not set)" do expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error end it "should raise an exception (path not set)" do - expect { WpPlugin.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error + expect { WpPlugin.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error end it "should raise an exception (name not set)" do - expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error + expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error end end describe "#error_log_url" do it "should return a correct url" do - temp = WpPlugin.new(:url => "http://wordpress.com", + temp = WpPlugin.new(:base_url => "http://wordpress.com", :path => "test/asdf.php") temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log" end @@ -51,7 +51,7 @@ describe WpPlugin do describe "#error_log?" do before :each do - @temp = WpPlugin.new(:url => "http://wordpress.com", + @temp = WpPlugin.new(:base_url => "http://wordpress.com", :path => "test/asdf.php") end diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb index 39a5c988..c1563538 100644 --- a/spec/lib/wpscan/wp_target_spec.rb +++ b/spec/lib/wpscan/wp_target_spec.rb @@ -27,7 +27,7 @@ describe WpTarget do :config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json', :cache_timeout => 0, :wp_content_dir => "wp-content", - :wp_plugins_dir => "plugins" + :wp_plugins_dir => "wp-content/plugins" } @wp_target = WpTarget.new("http://example.localhost/", @options) end @@ -153,20 +153,25 @@ describe WpTarget do describe "#wp_plugins_dir" do after :each do - @wp_target.stub(:wp_content_dir => @stub_value) if @stub_value + @wp_target.stub(:wp_plugins_dir => @stub_value) if @stub_value @wp_target.wp_plugins_dir.should === @expected end it "should return the string set in the initialize method" do - @wp_target = WpTarget.new("http://example.localhost/", :wp_plugins_dir => "custom-plugins") + @wp_target = WpTarget.new("http://example.localhost/", :wp_content_dir => "asdf", :wp_plugins_dir => "custom-plugins") @expected = "custom-plugins" end it "should return 'plugins'" do - @stub_value = "wp-content" + @stub_value = "plugins" @expected = "plugins" end + + it "should return 'wp-content/plugins'" do + @stub_value = nil + @expected = "wp-content/plugins" + end end describe "#debug_log_url" do diff --git a/spec/lib/wpscan/wp_theme_spec.rb b/spec/lib/wpscan/wp_theme_spec.rb index 8aac5e43..336d8e15 100644 --- a/spec/lib/wpscan/wp_theme_spec.rb +++ b/spec/lib/wpscan/wp_theme_spec.rb @@ -30,23 +30,23 @@ describe WpTheme do describe "#initialize" do it "should not raise an exception" do - expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error + expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error end it "should not raise an exception (wp_content_dir not set)" do - expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error + expect { WpTheme.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error end - it "should raise an exception (url not set)" do + it "should raise an exception (base_url not set)" do expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error end it "should raise an exception (path not set)" do - expect { WpTheme.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error + expect { WpTheme.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error end it "should raise an exception (name not set)" do - expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error + expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error end end @@ -102,12 +102,12 @@ describe WpTheme do it "should return a WpTheme object with .name 'Editorial' and .version '1.3.5'" do @fixture = fixtures_dir + "/editorial-1.3.5.html" - @expected_theme = WpTheme.new(:name => "Editorial", :version => "1.3.5", :url => "", :path => "", :wp_content_dir => "") + @expected_theme = WpTheme.new(:name => "Editorial", :version => "1.3.5", :base_url => "", :path => "", :wp_content_dir => "") end it "should return a WpTheme object with .name 'Merchant'" do @fixture = fixtures_dir + "/merchant-no-version.html" - @expected_theme = WpTheme.new(:name => "Merchant", :url => "", :path => "", :wp_content_dir => "") + @expected_theme = WpTheme.new(:name => "Merchant", :base_url => "", :path => "", :wp_content_dir => "") end end @@ -151,7 +151,7 @@ describe WpTheme do if @fixture stub_request_to_fixture(:url => theme_style_url, :fixture => @fixture) - wp_theme = WpTheme.new(:name => 'spec-theme', :style_url => theme_style_url, :url => "", :path => "", :wp_content_dir => "") + wp_theme = WpTheme.new(:name => "spec-theme", :style_url => theme_style_url, :base_url => "", :path => "", :wp_content_dir => "") wp_theme.version.should === @expected end @@ -163,7 +163,7 @@ describe WpTheme do end it "should return nil if the style_url is nil" do - WpTheme.new(:name => "hello-world", :url => "", :path => "", :wp_content_dir => "").version.should be_nil + WpTheme.new(:name => "hello-world", :base_url => "", :path => "", :wp_content_dir => "").version.should be_nil end it "should return 1.3" do @@ -179,12 +179,12 @@ describe WpTheme do describe "#===" do it "should return false (name not equal)" do - instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", + instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "themes/name/asdf.php", :vulns_file => "XXX.xml", :version => "1.0" ) - instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "themes/newname/asdf.php", :vulns_file => "XXX.xml", :version => "1.0" @@ -193,12 +193,12 @@ describe WpTheme do end it "should return false (version not equal)" do - instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", + instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "themes/name/asdf.php", :vulns_file => "XXX.xml", :version => "1.0" ) - instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "themes/name/asdf.php", :vulns_file => "XXX.xml", :version => "2.0" @@ -207,12 +207,12 @@ describe WpTheme do end it "should return false (version and name not equal)" do - instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", + instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "themes/name/asdf.php", :vulns_file => "XXX.xml", :version => "1.0" ) - instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "themes/newname/asdf.php", :vulns_file => "XXX.xml", :version => "2.0" @@ -221,12 +221,12 @@ describe WpTheme do end it "should return true" do - instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", + instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "themes/test/asdf.php", :vulns_file => "XXX.xml", :version => "1.0" ) - instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/", + instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/", :path => "themes/test/asdf.php", :vulns_file => "XXX.xml", :version => "1.0" diff --git a/spec/lib/wpscan/wp_version_spec.rb b/spec/lib/wpscan/wp_version_spec.rb index 1a8ab437..f6cc32d5 100644 --- a/spec/lib/wpscan/wp_version_spec.rb +++ b/spec/lib/wpscan/wp_version_spec.rb @@ -31,7 +31,7 @@ describe WpVersion do after :each do stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture) - WpVersion.find_from_meta_generator(:url => @target_uri.to_s).should === @expected + WpVersion.find_from_meta_generator(:base_url => @target_uri.to_s).should === @expected end it "should return nil if the meta-generator is not found" do @@ -57,7 +57,7 @@ describe WpVersion do @status_code ||= 200 stub_request_to_fixture(:url => @target_uri.merge("feed/").to_s, :status => @status_code, :fixture => @fixture) - WpVersion.find_from_rss_generator(:url => @target_uri).should === @expected + WpVersion.find_from_rss_generator(:base_url => @target_uri).should === @expected end it "should return nil on a 404" do @@ -92,7 +92,7 @@ describe WpVersion do stub_request(:get, @target_uri.merge("sitemap.xml").to_s). to_return(:status => 200, :body => @body) - WpVersion.find_from_sitemap_generator(:url => @target_uri).should === @expected + WpVersion.find_from_sitemap_generator(:base_url => @target_uri).should === @expected end it "should return nil if the generator is not found" do @@ -118,7 +118,7 @@ describe WpVersion do @status_code ||= 200 stub_request_to_fixture(:url => @target_uri.merge("readme.html").to_s, :status => @status_code, :fixture => @fixture) - WpVersion.find_from_readme(:url => @target_uri).should === @expected + WpVersion.find_from_readme(:base_url => @target_uri).should === @expected end it "should return nil on a 404" do @@ -145,7 +145,7 @@ describe WpVersion do stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s, :status => 200, :fixture => "#{fixtures_dir}/3.2.1.js") - version = WpVersion.find_from_advanced_fingerprinting(:url => @target_uri, + version = WpVersion.find_from_advanced_fingerprinting(:base_url => @target_uri, :wp_content_dir => "wp-content", :version_xml => "#{fixtures_dir}/wp_versions.xml") version.should == "3.2.1" diff --git a/spec/lib/wpscan/wp_vulnerability_spec.rb b/spec/lib/wpscan/wp_vulnerability_spec.rb index 470eee46..14cd1c49 100644 --- a/spec/lib/wpscan/wp_vulnerability_spec.rb +++ b/spec/lib/wpscan/wp_vulnerability_spec.rb @@ -4,7 +4,7 @@ describe "#vulnerabilities" do let(:location_url) { "http://example.localhost/" } let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/vulnerabilities" } let(:vulns_file) { fixtures_dir + "/plugin_vulns.xml" } - let(:wp_plugin) { WpPlugin.new(:url => location_url, + let(:wp_plugin) { WpPlugin.new(:base_url => location_url, :name => "spec-plugin", :path => "plugins/spec-plugin/", :vulns_file => vulns_file) @@ -12,7 +12,7 @@ describe "#vulnerabilities" do it "should return an empty array when no vulnerabilities are found" do - WpPlugin.new(:url => "http://example.localhost/", + WpPlugin.new(:base_url => "http://example.localhost/", :name => "no-vulns", :path => "plugins/no-vulns/", :vulns_file => vulns_file).vulnerabilities.should be_empty diff --git a/wpscan.rb b/wpscan.rb index 45a9394f..6ebebfcb 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -154,14 +154,14 @@ begin puts puts green("[+]") + " Enumerating plugins from passive detection ... " - plugins = wp_target.plugins_from_passive_detection(:url => wp_target.uri, :wp_content_dir => wp_target.wp_content_dir) + plugins = wp_target.plugins_from_passive_detection(:base_url => wp_target.uri, :wp_content_dir => wp_target.wp_content_dir) unless plugins.empty? puts "#{plugins.size} found :" plugins.each do |plugin| puts puts " | Name: #{plugin.name}" - puts " | Location: #{plugin.get_url}" + puts " | Location: #{plugin.get_full_url}" plugin.vulnerabilities.each do |vulnerability| puts " |" @@ -181,7 +181,7 @@ begin puts options = {} - options[:url] = wp_target.uri + options[:base_url] = wp_target.uri options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_plugins || false options[:show_progress_bar] = true options[:wp_content_dir] = wp_target.wp_content_dir @@ -236,7 +236,7 @@ begin puts options = {} - options[:url] = wp_target.uri + options[:base_url] = wp_target.uri options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_themes || false options[:show_progress_bar] = true options[:wp_content_dir] = wp_target.wp_content_dir @@ -282,7 +282,7 @@ begin puts options = {} - options[:url] = wp_target.uri + options[:base_url] = wp_target.uri options[:show_progress_bar] = true options[:wp_content_dir] = wp_target.wp_content_dir options[:error_404_hash] = wp_target.error_404_hash @@ -296,7 +296,7 @@ begin puts timthumbs.each do |t| - puts " | " + red("[!]") + " #{t.get_url.to_s}" + puts " | " + red("[!]") + " #{t.get_full_url.to_s}" end puts puts red(" * Reference: http://www.exploit-db.com/exploits/17602/")