garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

-) custom plugins directory (outside of wp-content)

Browse Source 
-) feedback from ewanlr
-) Regex fix for version detection from readme.txt due to false positives (tag-cloud-widget plugin)
This commit is contained in:
Christian Mehlmauer
2012-09-23 21:50:41 +02:00
parent 9b6a2805d7
commit a15028793e
46 changed files with 560 additions and 415 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/WpDetector.html
View File

@@ -236,7 +236,7 @@
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">items</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">items</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">enum_results</span> = <span class="ruby-constant">WpEnumerator</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span>)
@@ -303,7 +303,7 @@
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">items</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">type</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;#{item}/&quot;</span>,

10
doc/WpEnumerator.html
View File

@@ -232,7 +232,7 @@
<ul><li>
<p><tt>targets</tt> - targets to enumerate</p>
</li><li><ul><li>
<p><tt>:url</tt> - Base URL</p>
<p><tt>:base_url</tt> - Base URL</p>
</li></ul>
</li><li><ul><li>
<p><tt>:wp_content</tt> - wp-content directory</p>
@@ -273,7 +273,7 @@
<span class="ruby-identifier">enumerate_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span> })
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
@@ -342,7 +342,7 @@
<span class="ruby-identifier">file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>]
<span class="ruby-identifier">vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
<span class="ruby-identifier">plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
<span class="ruby-identifier">targets_url</span> = []
@@ -352,7 +352,7 @@
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">&quot;r&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">line</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>),
@@ -374,7 +374,7 @@
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>]).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">name</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">&quot;name&quot;</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,

201
doc/WpItem.html
View File

@@ -79,9 +79,9 @@
<li><a href="#method-i-extract_name_from_url">#extract_name_from_url</a></li>
<li><a href="#method-i-get_sub_folder">#get_sub_folder</a></li>
<li><a href="#method-i-get_full_url">#get_full_url</a></li>
<li><a href="#method-i-get_url">#get_url</a></li>
<li><a href="#method-i-get_sub_folder">#get_sub_folder</a></li>
<li><a href="#method-i-get_url_without_filename">#get_url_without_filename</a></li>
@@ -235,14 +235,27 @@
<h3 class="section-header">Attributes</h3>
<div id="base_url-attribute-method" class="method-detail">
<a name="base_url"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">base_url</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="name-attribute-method" class="method-detail">
<a name="name"></a>
<a name="name="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">name</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -255,11 +268,9 @@
<div id="path-attribute-method" class="method-detail">
<a name="path"></a>
<a name="path="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">path</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -272,28 +283,9 @@
<div id="type-attribute-method" class="method-detail">
<a name="type"></a>
<a name="type="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">type</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="url-attribute-method" class="method-detail">
<a name="url"></a>
<a name="url="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">url</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -306,11 +298,9 @@
<div id="vulns_file-attribute-method" class="method-detail">
<a name="vulns_file"></a>
<a name="vulns_file="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_file</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -323,11 +313,9 @@
<div id="vulns_xpath-attribute-method" class="method-detail">
<a name="vulns_xpath"></a>
<a name="vulns_xpath="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_xpath</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -340,11 +328,9 @@
<div id="wp_content_dir-attribute-method" class="method-detail">
<a name="wp_content_dir"></a>
<a name="wp_content_dir="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">wp_content_dir</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -354,14 +340,12 @@
</div>
</div>
<div id="wp_plugin_dir-attribute-method" class="method-detail">
<a name="wp_plugin_dir"></a>
<a name="wp_plugin_dir="></a>
<div id="wp_plugins_dir-attribute-method" class="method-detail">
<a name="wp_plugins_dir"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">wp_plugin_dir</span><span
class="attribute-access-type">[RW]</span>
<span class="method-name">wp_plugins_dir</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -402,15 +386,15 @@
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-string">&quot;wp-content&quot;</span>
<span class="ruby-ivar">@wp_plugin_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-ivar">@url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">:</span> <span class="ruby-string">&quot;wp-content&quot;</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-node">&quot;#@wp_content_dir/plugins&quot;</span>
<span class="ruby-ivar">@base_url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-ivar">@path</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
<span class="ruby-ivar">@name</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>
<span class="ruby-ivar">@vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
<span class="ruby-ivar">@vulns_xpath</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\$name\$/</span>, <span class="ruby-ivar">@name</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@base_url</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
@@ -452,7 +436,7 @@
<div class="method-source-code" id="3C-3D-3E-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 121</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 122</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
@@ -485,7 +469,7 @@
<div class="method-source-code" id="3D-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 111</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 112</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">==</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
@@ -518,7 +502,7 @@
<div class="method-source-code" id="3D-3D-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 116</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 117</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
@@ -551,7 +535,7 @@
<div class="method-source-code" id="changelog_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 131</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 132</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;changelog.txt&quot;</span>)
<span class="ruby-keyword">end</span></pre>
@@ -584,7 +568,7 @@
<div class="method-source-code" id="directory_listing-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 94</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 95</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">directory_listing?</span>
<span class="ruby-comment"># Need to remove to file part from the url</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url_without_filename</span>).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
@@ -618,9 +602,9 @@
<div class="method-source-code" id="extract_name_from_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 100</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 101</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>
<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- extract_name_from_url-source -->
@@ -632,6 +616,53 @@
</div><!-- extract_name_from_url-method -->
<div id="get_full_url-method" class="method-detail ">
<a name="method-i-get_full_url"></a>
<div class="method-heading">
<span class="method-name">get_full_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Get the full url for this item</p>
<div class="method-source-code" id="get_full_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 57</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@base_url/&quot;</span>
<span class="ruby-comment"># remove first and last /</span>
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-comment"># remove first /</span>
<span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span><span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-comment"># plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#@wp_plugins_dir/#{path}&quot;</span>)
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-comment"># timthumbs have folder in path variable</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">ret</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_full_url-source -->
</div>
</div><!-- get_full_url-method -->
<div id="get_sub_folder-method" class="method-detail ">
<a name="method-i-get_sub_folder"></a>
@@ -654,8 +685,6 @@
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_sub_folder</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-ivar">@wp_plugin_dir</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
@@ -676,50 +705,6 @@
</div><!-- get_sub_folder-method -->
<div id="get_url-method" class="method-detail ">
<a name="method-i-get_url"></a>
<div class="method-heading">
<span class="method-name">get_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Get the full url for this item</p>
<div class="method-source-code" id="get_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 59</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@url/&quot;</span>
<span class="ruby-comment"># remove first and last /</span>
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-comment"># remove first /</span>
<span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-comment"># timthumbs have folder in path variable</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">ret</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_url-source -->
</div>
</div><!-- get_url-method -->
<div id="get_url_without_filename-method" class="method-detail ">
<a name="method-i-get_url_without_filename"></a>
@@ -739,9 +724,9 @@
<div class="method-source-code" id="get_url_without_filename-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 75</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 76</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
<span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">location_url</span>)
@@ -777,7 +762,7 @@
<div class="method-source-code" id="has_changelog-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 145</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 146</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_changelog?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@changelog</span>
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">changelog_url</span>).<span class="ruby-identifier">code</span>
@@ -814,7 +799,7 @@
<div class="method-source-code" id="has_readme-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 136</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 137</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@readme</span>
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>).<span class="ruby-identifier">code</span>
@@ -851,7 +836,7 @@
<div class="method-source-code" id="readme_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 126</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 127</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>)
<span class="ruby-keyword">end</span></pre>
@@ -884,7 +869,7 @@
<div class="method-source-code" id="to_s-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 105</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 106</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">item_version</span> = <span class="ruby-identifier">version</span>
<span class="ruby-node">&quot;#@name#{' v' + item_version.strip if item_version}&quot;</span>
@@ -918,10 +903,10 @@
<div class="method-source-code" id="version-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 85</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 86</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%{stable tag: #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@version</span>

2
doc/WpOptions.html
View File

@@ -255,7 +255,7 @@
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_options.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;only_vulnerable_ones must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;file must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_file must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>

2
doc/WpPlugin.html
View File

@@ -315,7 +315,7 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 39</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log_url</span>
<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_log_url-source -->

10
doc/WpPlugins.html
View File

@@ -235,12 +235,12 @@
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugin_dir</span>
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
@@ -285,16 +285,16 @@ plugins can be found in the source code :</p>
<span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 51</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_passive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>], <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugin_dir</span>]
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }

2
doc/WpTarget.html
View File

@@ -780,7 +780,7 @@
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 105</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_plugins_dir</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-node">&quot;#{wp_content_dir}/plugins&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_plugins_dir</span>
<span class="ruby-keyword">end</span></pre>

19
doc/WpTheme.html
View File

@@ -215,21 +215,6 @@
<h3 class="section-header">Attributes</h3>
<div id="name-attribute-method" class="method-detail">
<a name="name"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">name</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="style_url-attribute-method" class="method-detail">
<a name="style_url"></a>
@@ -382,7 +367,7 @@
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-value">:style_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
)
@@ -431,7 +416,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_name</span>,
<span class="ruby-value">:version</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_version</span>,
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
)

2
doc/WpTimthumbs.html
View File

@@ -322,7 +322,7 @@
scripts/timthumb.php tools/timthumb.php functions/timthumb.php
}</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>],
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;themes/#{theme_name}/#{file}&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,

17
doc/WpVersion.html
View File

@@ -293,7 +293,7 @@ etc)</p>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 39</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-identifier">options</span> = {
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>
}
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/find_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
@@ -393,7 +393,7 @@ file across all versions of wordpress.</p>
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 94</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_advanced_fingerprinting</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-comment"># needed for rpsec tests</span>
<span class="ruby-identifier">version_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/wp_versions.xml&quot;</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">version_xml</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
@@ -451,7 +451,7 @@ upgrade.</p>
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_meta_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{name=&quot;generator&quot; content=&quot;wordpress ([^&quot;]+)&quot;}</span>, <span class="ruby-value">1</span>]
@@ -487,7 +487,7 @@ upgrade.</p>
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 119</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_readme</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.html&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{&lt;br /&gt;\sversion #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_readme-source -->
@@ -521,7 +521,7 @@ upgrade.</p>
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 68</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rss_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;feed/&quot;</span>).<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;generator&gt;http://wordpress.org/\?v=([^&lt;]+)&lt;/generator&gt;}</span>, <span class="ruby-value">1</span>]
@@ -558,7 +558,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 125</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_sitemap_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;sitemap.xml&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_sitemap_generator-source -->
@@ -584,8 +584,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
<div class="method-description">
<p>Used to check if the version is correct : should be numeric with at least
one .</p>
<p>Used to check if the version is correct : must contain at least one .</p>
@@ -593,7 +592,7 @@ one .</p>
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 131</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">version_pattern</span>
<span class="ruby-string">'(.*(?=.)(?=.*\d)(?=.*[.]).*)'</span>
<span class="ruby-string">'([^\r\n]+[\.][^\r\n]+)'</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- version_pattern-source -->

28
doc/created.rid
View File

@@ -1,4 +1,4 @@
Sat, 22 Sep 2012 23:49:14 +0200
Sun, 23 Sep 2012 21:48:18 +0200
./CREDITS Mon, 17 Sep 2012 20:18:24 +0200
./Gemfile Sat, 22 Sep 2012 00:14:07 +0200
./lib/browser.rb Sat, 22 Sep 2012 15:51:15 +0200
@@ -15,23 +15,23 @@ Sat, 22 Sep 2012 23:49:14 +0200
./lib/wpscan/modules/web_site.rb Sat, 22 Sep 2012 16:18:55 +0200
./lib/wpscan/modules/wp_config_backup.rb Sat, 22 Sep 2012 15:01:32 +0200
./lib/wpscan/modules/wp_full_path_disclosure.rb Sat, 15 Sep 2012 08:01:17 +0200
./lib/wpscan/modules/wp_login_protection.rb Sat, 22 Sep 2012 16:18:32 +0200
./lib/wpscan/modules/wp_plugins.rb Sat, 22 Sep 2012 21:05:32 +0200
./lib/wpscan/modules/wp_login_protection.rb Sun, 23 Sep 2012 19:38:40 +0200
./lib/wpscan/modules/wp_plugins.rb Sun, 23 Sep 2012 20:20:17 +0200
./lib/wpscan/modules/wp_readme.rb Sat, 15 Sep 2012 08:01:52 +0200
./lib/wpscan/modules/wp_themes.rb Sat, 22 Sep 2012 21:32:34 +0200
./lib/wpscan/modules/wp_timthumbs.rb Sat, 22 Sep 2012 23:24:13 +0200
./lib/wpscan/modules/wp_themes.rb Sun, 23 Sep 2012 19:41:17 +0200
./lib/wpscan/modules/wp_timthumbs.rb Sun, 23 Sep 2012 19:40:38 +0200
./lib/wpscan/modules/wp_usernames.rb Sat, 22 Sep 2012 15:01:32 +0200
./lib/wpscan/msfrpc_client.rb Fri, 21 Sep 2012 23:32:27 +0200
./lib/wpscan/vulnerable.rb Sat, 22 Sep 2012 21:23:01 +0200
./lib/wpscan/wp_detector.rb Sat, 22 Sep 2012 21:23:10 +0200
./lib/wpscan/wp_enumerator.rb Sat, 22 Sep 2012 23:22:53 +0200
./lib/wpscan/wp_item.rb Sat, 22 Sep 2012 23:38:11 +0200
./lib/wpscan/wp_options.rb Sat, 22 Sep 2012 20:33:35 +0200
./lib/wpscan/wp_plugin.rb Sat, 22 Sep 2012 21:24:14 +0200
./lib/wpscan/wp_target.rb Sat, 22 Sep 2012 23:47:42 +0200
./lib/wpscan/wp_theme.rb Sat, 22 Sep 2012 21:24:57 +0200
./lib/wpscan/wp_detector.rb Sun, 23 Sep 2012 19:40:56 +0200
./lib/wpscan/wp_enumerator.rb Sun, 23 Sep 2012 19:58:52 +0200
./lib/wpscan/wp_item.rb Sun, 23 Sep 2012 21:47:56 +0200
./lib/wpscan/wp_options.rb Sun, 23 Sep 2012 19:35:16 +0200
./lib/wpscan/wp_plugin.rb Sun, 23 Sep 2012 19:59:17 +0200
./lib/wpscan/wp_target.rb Sun, 23 Sep 2012 20:07:45 +0200
./lib/wpscan/wp_theme.rb Sun, 23 Sep 2012 19:56:18 +0200
./lib/wpscan/wp_user.rb Sat, 22 Sep 2012 16:12:25 +0200
./lib/wpscan/wp_version.rb Sat, 22 Sep 2012 21:25:11 +0200
./lib/wpscan/wp_version.rb Sun, 23 Sep 2012 21:26:24 +0200
./lib/wpscan/wp_vulnerability.rb Sat, 22 Sep 2012 16:11:58 +0200
./lib/wpscan/wpscan_helper.rb Sat, 15 Sep 2012 21:19:30 +0200
./lib/wpscan/wpscan_options.rb Sat, 22 Sep 2012 15:01:32 +0200
@@ -39,5 +39,5 @@ Sat, 22 Sep 2012 23:49:14 +0200
./lib/wpstools/parse_svn.rb Sat, 22 Sep 2012 16:10:30 +0200
./lib/wpstools/wpstools_helper.rb Sat, 22 Sep 2012 15:00:03 +0200
./README Thu, 13 Sep 2012 22:54:08 +0200
./wpscan.rb Sat, 22 Sep 2012 23:46:46 +0200
./wpscan.rb Sun, 23 Sep 2012 19:58:44 +0200
./wpstools.rb Sat, 22 Sep 2012 14:59:30 +0200

4
doc/index.html
View File

@@ -291,6 +291,8 @@
<li><a href="RpcClient.html#method-i-get_exploit_info">#get_exploit_info &mdash; RpcClient</a></li>
<li><a href="WpItem.html#method-i-get_full_url">#get_full_url &mdash; WpItem</a></li>
<li><a href="WpUsernames.html#method-i-get_nickname_from_response">#get_nickname_from_response &mdash; WpUsernames</a></li>
<li><a href="WpUsernames.html#method-i-get_nickname_from_url">#get_nickname_from_url &mdash; WpUsernames</a></li>
@@ -303,8 +305,6 @@
<li><a href="WpItem.html#method-i-get_sub_folder">#get_sub_folder &mdash; WpItem</a></li>
<li><a href="WpItem.html#method-i-get_url">#get_url &mdash; WpItem</a></li>
<li><a href="WpItem.html#method-i-get_url_without_filename">#get_url_without_filename &mdash; WpItem</a></li>
<li><a href="Object.html#method-i-green">#green &mdash; Object</a></li>

2
doc/lib/wpscan/modules/wp_plugins_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:05:32 +0200</dd>
<dd class="modified-date">2012-09-23 20:20:17 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/modules/wp_timthumbs_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 23:24:13 +0200</dd>
<dd class="modified-date">2012-09-23 19:40:38 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_detector_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:23:10 +0200</dd>
<dd class="modified-date">2012-09-23 19:40:56 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_enumerator_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 23:22:53 +0200</dd>
<dd class="modified-date">2012-09-23 19:58:52 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_options_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 20:33:35 +0200</dd>
<dd class="modified-date">2012-09-23 19:35:16 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_plugin_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:24:14 +0200</dd>
<dd class="modified-date">2012-09-23 19:59:17 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_target_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 23:47:42 +0200</dd>
<dd class="modified-date">2012-09-23 20:07:45 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_theme_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:24:57 +0200</dd>
<dd class="modified-date">2012-09-23 19:56:18 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_version_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:25:11 +0200</dd>
<dd class="modified-date">2012-09-23 21:26:24 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/wpscan_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 23:46:46 +0200</dd>
<dd class="modified-date">2012-09-23 19:58:44 +0200</dd>
<dt class="requires">Requires</dt>

12
lib/wpscan/modules/wp_login_protection.rb
View File

@@ -38,7 +38,7 @@ module WpLoginProtection
return @login_protection_plugin = WpPlugin.new(
:name => plugin_name,
:url => @uri,
:base_url => @uri,
:path => "/plugins/#{plugin_name}/",
:wp_content_dir => @wp_content_dir
)
@@ -68,7 +68,7 @@ module WpLoginProtection
def better_wp_security_url
WpPlugin.new(:wp_content_dir => @wp_content_dir,
:url => @uri,
:base_url => @uri,
:path => "/plugins/better-wp-security/",
:name => "better-wp-security"
).get_url_without_filename
@@ -81,7 +81,7 @@ module WpLoginProtection
def simple_login_lockdown_url
WpPlugin.new(:wp_content_dir => @wp_content_dir,
:url => @uri,
:base_url => @uri,
:path => "/plugins/simple-login-lockdown/",
:name => "simple-login-lockdown"
).get_url_without_filename
@@ -94,7 +94,7 @@ module WpLoginProtection
def login_security_solution_url
WpPlugin.new(:wp_content_dir => @wp_content_dir,
:url => @uri,
:base_url => @uri,
:path => "/plugins/login-security-solution/",
:name => "login-security-solution"
).get_url_without_filename
@@ -107,7 +107,7 @@ module WpLoginProtection
def limit_login_attempts_url
WpPlugin.new(:wp_content_dir => @wp_content_dir,
:url => @uri,
:base_url => @uri,
:path => "/plugins/limit-login-attempts/",
:name => "limit-login-attempts"
).get_url_without_filename
@@ -120,7 +120,7 @@ module WpLoginProtection
def bluetrait_event_viewer_url
WpPlugin.new(:wp_content_dir => @wp_content_dir,
:url => @uri,
:base_url => @uri,
:path => "/plugins/bluetrait-event-viewer/",
:name => "bluetrait-event-viewer"
).get_url_without_filename

10
lib/wpscan/modules/wp_plugins.rb
View File

@@ -31,12 +31,12 @@ module WpPlugins
plugins = []
result.each do |r|
plugins << WpPlugin.new(
:url => r.url,
:base_url => r.base_url,
:path => r.path,
:wp_content_dir => r.wp_content_dir,
:name => r.name,
:type => "plugins",
:wp_plugins_dir => r.wp_plugin_dir
:wp_plugins_dir => r.wp_plugins_dir
)
end
plugins.sort_by { |p| p.name }
@@ -50,16 +50,16 @@ module WpPlugins
# return array of WpPlugin
def plugins_from_passive_detection(options)
plugins = []
temp = WpDetector.passive_detection(options[:url], "plugins", options[:wp_content_dir])
temp = WpDetector.passive_detection(options[:base_url], "plugins", options[:wp_content_dir])
temp.each do |item|
plugins << WpPlugin.new(
:url => item.url,
:base_url => item.base_url,
:name => item.name,
:path => item.path,
:wp_content_dir => options[:wp_content_dir],
:type => "plugins",
:wp_plugins_dir => options[:wp_plugin_dir]
:wp_plugins_dir => options[:wp_plugins_dir]
)
end
plugins.sort_by { |p| p.name }

6
lib/wpscan/modules/wp_themes.rb
View File

@@ -29,7 +29,7 @@ module WpThemes
themes = []
result.each do |r|
themes << WpTheme.new(
:url => r.url,
:base_url => r.base_url,
:path => r.path,
:wp_content_dir => r.wp_content_dir,
:name => r.name
@@ -40,11 +40,11 @@ module WpThemes
def themes_from_passive_detection(options)
themes = []
temp = WpDetector.passive_detection(options[:url], "themes", options[:wp_content_dir])
temp = WpDetector.passive_detection(options[:base_url], "themes", options[:wp_content_dir])
temp.each do |item|
themes << WpTheme.new(
:url => item.url,
:base_url => item.base_url,
:name => item.name,
:path => item.path,
:wp_content_dir => options[:wp_content_dir]

2
lib/wpscan/modules/wp_timthumbs.rb
View File

@@ -55,7 +55,7 @@ module WpTimthumbs
scripts/timthumb.php tools/timthumb.php functions/timthumb.php
}.each do |file|
targets << WpItem.new(
:url => options[:url],
:base_url => options[:base_url],
:path => "themes/#{theme_name}/#{file}",
:wp_content_dir => options[:wp_content_dir],
:name => theme_name,

4
lib/wpscan/wp_detector.rb
View File

@@ -23,7 +23,7 @@ class WpDetector
result = items
if items == nil or items.length == 0
result = passive_detection(options[:url], options[:type], options[:wp_content_dir])
result = passive_detection(options[:base_url], options[:type], options[:wp_content_dir])
end
enum_results = WpEnumerator.enumerate(options)
@@ -61,7 +61,7 @@ class WpDetector
names.each do |item|
items << WpItem.new(
:url => url,
:base_url => url,
:name => item,
:type => type,
:path => "#{item}/",

10
lib/wpscan/wp_enumerator.rb
View File

@@ -24,7 +24,7 @@ class WpEnumerator
# ==== Attributes
#
# * +targets+ - targets to enumerate
# * * +:url+ - Base URL
# * * +:base_url+ - Base URL
# * * +:wp_content+ - wp-content directory
# * * +:path+ - Path to plugin
# * +type+ - "plugins" or "themes", item to enumerate
@@ -50,7 +50,7 @@ class WpEnumerator
enumerate_size = targets.size
targets.each do |target|
url = target.get_url
url = target.get_full_url
request = enum_browser.forge_request(url, { :cache_timeout => 0, :follow_location => true })
request_count += 1
@@ -86,7 +86,7 @@ class WpEnumerator
file = options[:file]
vulns_file = options[:vulns_file]
wp_content_dir = options[:wp_content_dir]
url = options[:url]
url = options[:base_url]
type = options[:type]
plugins_dir = options[:wp_plugins_dir]
targets_url = []
@@ -96,7 +96,7 @@ class WpEnumerator
File.open(file, "r") do |f|
f.readlines.collect do |line|
targets_url << WpItem.new(
:url => url,
:base_url => url,
:path => line.strip,
:wp_content_dir => wp_content_dir,
:name => File.dirname(line.strip),
@@ -118,7 +118,7 @@ class WpEnumerator
xml.xpath(options[:vulns_xpath_2]).each do |node|
name = node.attribute("name").text
targets_url << WpItem.new(
:url => url,
:base_url => url,
:path => name,
:wp_content_dir => wp_content_dir,
:name => name,

27
lib/wpscan/wp_item.rb
View File

@@ -19,20 +19,20 @@
require "#{WPSCAN_LIB_DIR}/vulnerable"
class WpItem < Vulnerable
attr_accessor :path, :url, :wp_content_dir, :name, :vulns_file, :vulns_xpath, :wp_plugin_dir, :type
attr_reader :base_url, :path, :wp_content_dir, :name, :vulns_file, :vulns_xpath, :wp_plugins_dir, :type
@version = nil
def initialize(options)
@type = options[:type]
@wp_content_dir = options[:wp_content_dir] || "wp-content"
@wp_plugin_dir = options[:wp_plugins_dir] || "plugins"
@url = options[:url]
@wp_content_dir = options[:wp_content_dir] ? options[:wp_content_dir].sub(/^\//, "").sub(/\/$/, "") : "wp-content"
@wp_plugins_dir = options[:wp_plugins_dir] || "#@wp_content_dir/plugins"
@base_url = options[:base_url]
@path = options[:path]
@name = options[:name] || extract_name_from_url
@vulns_file = options[:vulns_file]
@vulns_xpath = options[:vulns_xpath].sub(/\$name\$/, @name) unless options[:vulns_xpath] == nil
raise("url not set") unless @url
raise("base_url not set") unless @base_url
raise("path not set") unless @path
raise("wp_content_dir not set") unless @wp_content_dir
raise("name not set") unless @name
@@ -42,8 +42,6 @@ class WpItem < Vulnerable
def get_sub_folder
case @type
when "plugins"
folder = @wp_plugin_dir
when "themes"
folder = "themes"
when "timthumbs"
@@ -56,13 +54,16 @@ class WpItem < Vulnerable
end
# Get the full url for this item
def get_url
url = @url.to_s.end_with?("/") ? @url.to_s : "#@url/"
def get_full_url
url = @base_url.to_s.end_with?("/") ? @base_url.to_s : "#@base_url/"
# remove first and last /
wp_content_dir = @wp_content_dir.sub(/^\//, "").sub(/\/$/, "")
# remove first /
path = @path.sub(/^\//, "")
if type == "timthumbs"
if type =="plugins"
# plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir
ret = URI.parse("#{url}#@wp_plugins_dir/#{path}")
elsif type == "timthumbs"
# timthumbs have folder in path variable
ret = URI.parse("#{url}#{wp_content_dir}/#{path}")
else
@@ -73,7 +74,7 @@ class WpItem < Vulnerable
# Gets the full url for this item without filenames
def get_url_without_filename
location_url = get_url.to_s
location_url = get_full_url.to_s
valid_location_url = location_url[%r{^(https?://.*/)[^.]+\.[^/]+$}, 1]
unless valid_location_url
valid_location_url = add_trailing_slash(location_url)
@@ -84,7 +85,7 @@ class WpItem < Vulnerable
# Returns version number from readme.txt if it exists
def version
unless @version
response = Browser.instance.get(get_url.merge("readme.txt").to_s)
response = Browser.instance.get(get_full_url.merge("readme.txt").to_s)
@version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
end
@version
@@ -98,7 +99,7 @@ class WpItem < Vulnerable
# Extract item name from a url
def extract_name_from_url
get_url.to_s[%r{^(https?://.*/([^/]+)/)}i, 2]
get_full_url.to_s[%r{^(https?://.*/([^/]+)/)}i, 2]
end
# To string. Adds a version number if detected

2
lib/wpscan/wp_options.rb
View File

@@ -32,7 +32,7 @@
# * +type+ - Type: plugins, themes
class WpOptions
def self.check_options(options)
raise("url must be set") unless options[:url] != nil and options[:url].to_s.length > 0
raise("base_url must be set") unless options[:base_url] != nil and options[:base_url].to_s.length > 0
raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil
raise("file must be set") unless options[:file] != nil and options[:file].length > 0
raise("vulns_file must be set") unless options[:vulns_file] != nil and options[:vulns_file].length > 0

2
lib/wpscan/wp_plugin.rb
View File

@@ -37,6 +37,6 @@ class WpPlugin < WpItem
end
def error_log_url
get_url.merge("error_log").to_s
get_full_url.merge("error_log").to_s
end
end

2
lib/wpscan/wp_target.rb
View File

@@ -104,7 +104,7 @@ class WpTarget
def wp_plugins_dir
unless @wp_plugins_dir
@wp_plugins_dir = "plugins"
@wp_plugins_dir = "#{wp_content_dir}/plugins"
end
@wp_plugins_dir
end

6
lib/wpscan/wp_theme.rb
View File

@@ -20,7 +20,7 @@ require "#{WPSCAN_LIB_DIR}/vulnerable"
class WpTheme < WpItem
attr_reader :name, :style_url, :version
attr_reader :style_url, :version
def initialize(options = {})
options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
@@ -67,7 +67,7 @@ class WpTheme < WpItem
return new(:name => theme_name,
:style_url => style_url,
:url => style_url,
:base_url => style_url,
:path => "",
:wp_content_dir => ""
)
@@ -87,7 +87,7 @@ class WpTheme < WpItem
return new(:name => woo_theme_name,
:version => woo_theme_version,
:url => matches[0],
:base_url => matches[0],
:path => "",
:wp_content_dir => ""
)

16
lib/wpscan/wp_version.rb
View File

@@ -38,7 +38,7 @@ class WpVersion < Vulnerable
# (find_from_meta_generator, find_from_rss_generator etc)
def self.find(target_uri, wp_content_dir)
options = {
:url => target_uri,
:base_url => target_uri,
:wp_content_dir => wp_content_dir
}
self.methods.grep(/find_from_/).each do |method_to_call|
@@ -59,14 +59,14 @@ class WpVersion < Vulnerable
# The meta tag can be removed however it seems,
# that it is reinstated on upgrade.
def self.find_from_meta_generator(options)
target_uri = options[:url]
target_uri = options[:base_url]
response = Browser.instance.get(target_uri.to_s, {:follow_location => true, :max_redirects => 2})
response.body[%r{name="generator" content="wordpress ([^"]+)"}i, 1]
end
def self.find_from_rss_generator(options)
target_uri = options[:url]
target_uri = options[:base_url]
response = Browser.instance.get(target_uri.merge("feed/").to_s, {:follow_location => true, :max_redirects => 2})
response.body[%r{<generator>http://wordpress.org/\?v=([^<]+)</generator>}i, 1]
@@ -92,7 +92,7 @@ class WpVersion < Vulnerable
# /!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)
#
def self.find_from_advanced_fingerprinting(options)
target_uri = options[:url]
target_uri = options[:base_url]
# needed for rpsec tests
version_xml = options[:version_xml] || DATA_DIR + "/wp_versions.xml"
xml = Nokogiri::XML(File.open(version_xml)) do |config|
@@ -117,18 +117,18 @@ class WpVersion < Vulnerable
end
def self.find_from_readme(options)
target_uri = options[:url]
target_uri = options[:base_url]
Browser.instance.get(target_uri.merge("readme.html").to_s).body[%r{<br />\sversion #{WpVersion.version_pattern}}i, 1]
end
# http://code.google.com/p/wpscan/issues/detail?id=109
def self.find_from_sitemap_generator(options)
target_uri = options[:url]
target_uri = options[:base_url]
Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}, 1]
end
# Used to check if the version is correct : should be numeric with at least one '.'
# Used to check if the version is correct : must contain at least one .
def self.version_pattern
'(.*(?=.)(?=.*\d)(?=.*[.]).*)'
'([^\r\n]+[\.][^\r\n]+)'
end
end

4
spec/lib/wpscan/modules/wp_login_protection_spec.rb
View File

@@ -100,7 +100,7 @@ shared_examples_for "WpLoginProtection" do
it "should return a login-lockdown WpPlugin object" do
@fixture = @fixtures_dir + "/wp-login-login_lockdown.php"
@plugin_expected = WpPlugin.new(:url => @module.url,
@plugin_expected = WpPlugin.new(:base_url => @module.url,
:path => "/plugins/login-lockdown/",
:name => "login-lockdown"
)
@@ -109,7 +109,7 @@ shared_examples_for "WpLoginProtection" do
it "should return a login-lock WpPlugin object" do
@fixture = @fixtures_dir + "/wp-login-login_lock.php"
@plugin_expected = WpPlugin.new(:url => @module.url,
@plugin_expected = WpPlugin.new(:base_url => @module.url,
:path => "/plugins/login-lock/",
:name => "login-lock"
)

28
spec/lib/wpscan/modules/wp_plugins_spec.rb
View File

@@ -31,7 +31,7 @@ shared_examples_for "WpPlugins" do
@module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
@module.extend(WpPlugins)
@options = {:url => @wp_url,
@options = {:base_url => @wp_url,
:only_vulnerable_ones => false,
:show_progress_bar => false,
:error_404_hash => Digest::MD5.hexdigest("Error 404!"),
@@ -43,27 +43,27 @@ shared_examples_for "WpPlugins" do
}
File.exist?(@plugin_vulns_file).should == true
File.exist?(@plugins_file).should == true
@targets = [WpPlugin.new({:url => "http://example.localhost/",
@targets = [WpPlugin.new({:base_url => "http://example.localhost/",
:path => "exclude-pages/exclude_pages.php",
:wp_content_dir => "wp-content",
:name => "exclude-pages"}),
WpPlugin.new({:url => "http://example.localhost/",
WpPlugin.new({:base_url => "http://example.localhost/",
:path => "display-widgets/display-widgets.php",
:wp_content_dir => "wp-content",
:name => "display-widgets"}),
WpPlugin.new({:url => "http://example.localhost/",
WpPlugin.new({:base_url => "http://example.localhost/",
:path => "media-library",
:wp_content_dir => "wp-content",
:name => "media-library"}),
WpPlugin.new({:url => "http://example.localhost/",
WpPlugin.new({:base_url => "http://example.localhost/",
:path => "deans",
:wp_content_dir => "wp-content",
:name => "deans"}),
WpPlugin.new({:url => "http://example.localhost/",
WpPlugin.new({:base_url => "http://example.localhost/",
:path => "formidable/formidable.php",
:wp_content_dir => "wp-content",
:name => "formidable"}),
WpPlugin.new({:url => "http://example.localhost/",
WpPlugin.new({:base_url => "http://example.localhost/",
:path => "regenerate-thumbnails/readme.txt",
:wp_content_dir => "wp-content",
:name => "regenerate-thumbnails"})]
@@ -74,7 +74,7 @@ shared_examples_for "WpPlugins" do
it "should return an empty array" do
stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_plugins.htm'))
plugins = @module.plugins_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
plugins.should be_empty
end
@@ -92,12 +92,12 @@ shared_examples_for "WpPlugins" do
}
expected_plugins = []
expected_plugin_names.each do |plugin_name|
expected_plugins << WpPlugin.new(:url => @module.url,
expected_plugins << WpPlugin.new(:base_url => @module.url,
:path => "/plugins/#{plugin_name}/",
:name => plugin_name)
end
plugins = @module.plugins_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
plugins.should_not be_empty
plugins.length.should == expected_plugins.length
plugins.sort.should == expected_plugins.sort
@@ -110,7 +110,7 @@ shared_examples_for "WpPlugins" do
stub_request(:get, @module.uri.to_s).to_return(:status => 200)
# Point all targets to a 404
@targets.each do |target|
stub_request(:get, target.get_url.to_s).to_return(:status => 404)
stub_request(:get, target.get_full_url.to_s).to_return(:status => 404)
# to_s calls readme_url
stub_request(:get, target.readme_url.to_s).to_return(:status => 404)
end
@@ -132,9 +132,9 @@ shared_examples_for "WpPlugins" do
@passive_detection_fixture = @fixtures_dir + "/passive_detection/one_plugin.htm"
@expected_plugins = @targets.sample(2)
@expected_plugins.each do |p|
stub_request(:get, p.get_url.to_s).to_return(:status => 200)
stub_request(:get, p.get_full_url.to_s).to_return(:status => 200)
end
new_plugin = WpPlugin.new(:url => "http://example.localhost/",
new_plugin = WpPlugin.new(:base_url => "http://example.localhost/",
:path => "/plugins/comment-info-tip/",
:name => "comment-info-tip")
stub_request(:get, new_plugin.readme_url.to_s).to_return(:status => 200)
@@ -149,7 +149,7 @@ shared_examples_for "WpPlugins" do
plugin_url.should_not be_nil
plugin_url.length.should == 1
@expected_plugins = plugin_url
stub_request(:get, plugin_url[0].get_url.to_s).to_return(:status => valid_response_code)
stub_request(:get, plugin_url[0].get_full_url.to_s).to_return(:status => valid_response_code)
end
end
end

42
spec/lib/wpscan/modules/wp_themes_spec.rb
View File

@@ -31,7 +31,7 @@ shared_examples_for "WpThemes" do
@module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
@module.extend(WpThemes)
@options = {:url => @wp_url,
@options = {:base_url => @wp_url,
:only_vulnerable_ones => false,
:show_progress_bar => false,
:error_404_hash => Digest::MD5.hexdigest("Error 404!"),
@@ -43,55 +43,55 @@ shared_examples_for "WpThemes" do
}
File.exist?(@theme_vulns_file).should == true
File.exist?(@themes_file).should == true
@targets = [WpTheme.new({:url => "http://example.localhost/",
@targets = [WpTheme.new({:base_url => "http://example.localhost/",
:path => "zenpro/404.php",
:wp_content_dir => "wp-content",
:name => "zenpro"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zeta-zip/404.php",
:wp_content_dir => "wp-content",
:name => "zeta-zip"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zfirst/404.php",
:wp_content_dir => "wp-content",
:name => "zfirst"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zgrey/404.php",
:wp_content_dir => "wp-content",
:name => "zgrey"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zindi-ii/404.php",
:wp_content_dir => "wp-content",
:name => "zindi-ii"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zindi/404.php",
:wp_content_dir => "wp-content",
:name => "zindi"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zombie-apocalypse/404.php",
:wp_content_dir => "wp-content",
:name => "zombie-apocalypse"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zsofa/404.php",
:wp_content_dir => "wp-content",
:name => "zsofa"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "zwei-seiten/404.php",
:wp_content_dir => "wp-content",
:name => "zwei-seiten"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "twentyten/404.php",
:wp_content_dir => "wp-content",
:name => "twentyten"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "shopperpress",
:wp_content_dir => "wp-content",
:name => "shopperpress"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "wise",
:wp_content_dir => "wp-content",
:name => "wise"}),
WpTheme.new({:url => "http://example.localhost/",
WpTheme.new({:base_url => "http://example.localhost/",
:path => "webfolio",
:wp_content_dir => "wp-content",
:name => "webfolio"})]
@@ -102,7 +102,7 @@ shared_examples_for "WpThemes" do
it "should return an empty array" do
stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_theme.htm'))
themes = @module.themes_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
themes.should be_empty
end
@@ -112,12 +112,12 @@ shared_examples_for "WpThemes" do
expected_theme_names = %w{ theme1 theme2 theme3 }
expected_themes = []
expected_theme_names.each do |theme_name|
expected_themes << WpTheme.new(:url => @module.url,
expected_themes << WpTheme.new(:base_url => @module.url,
:path => "/themes/#{theme_name}/",
:name => theme_name)
end
themes = @module.themes_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
themes.should_not be_empty
themes.length.should == expected_themes.length
themes.sort.should == expected_themes.sort
@@ -130,7 +130,7 @@ shared_examples_for "WpThemes" do
stub_request(:get, @module.uri.to_s).to_return(:status => 200)
# Point all targets to a 404
@targets.each do |target|
stub_request(:get, target.get_url.to_s).to_return(:status => 404)
stub_request(:get, target.get_full_url.to_s).to_return(:status => 404)
# to_s calls readme_url
stub_request(:get, target.readme_url.to_s).to_return(:status => 404)
end
@@ -152,9 +152,9 @@ shared_examples_for "WpThemes" do
@passive_detection_fixture = @fixtures_dir + "/passive_detection/one_theme.htm"
@expected_themes = @targets.sample(2)
@expected_themes.each do |p|
stub_request(:get, p.get_url.to_s).to_return(:status => 200)
stub_request(:get, p.get_full_url.to_s).to_return(:status => 200)
end
new_theme = WpTheme.new(:url => "http://example.localhost/",
new_theme = WpTheme.new(:base_url => "http://example.localhost/",
:path => "/themes/custom-twentyten/",
:name => "custom-twentyten")
stub_request(:get, new_theme.readme_url.to_s).to_return(:status => 200)
@@ -169,7 +169,7 @@ shared_examples_for "WpThemes" do
theme_url.should_not be_nil
theme_url.length.should == 1
@expected_themes = theme_url
stub_request(:get, theme_url[0].get_url.to_s).to_return(:status => valid_response_code)
stub_request(:get, theme_url[0].get_full_url.to_s).to_return(:status => valid_response_code)
end
end
end

8
spec/lib/wpscan/modules/wp_timthumbs_spec.rb
View File

@@ -22,7 +22,7 @@ shared_examples_for "WpTimthumbs" do
@options = {}
@url = "http://example.localhost/"
@theme_name = "bueno"
@options[:url] = @url
@options[:base_url] = @url
@options[:wp_content_dir] = "wp-content"
@options[:name] = @theme_name
@options[:error_404_hash] = "xx"
@@ -60,7 +60,7 @@ shared_examples_for "WpTimthumbs" do
targets.length.should > 0
temp = []
targets.each do |t|
temp << t.get_url.to_s
temp << t.get_full_url.to_s
end
temp.sort.should === @targets_from_theme.sort
end
@@ -91,7 +91,7 @@ shared_examples_for "WpTimthumbs" do
urls = []
urls_hash = WpEnumerator.generate_items(@options)
urls_hash.each do |u|
url = u.get_url.to_s
url = u.get_full_url.to_s
urls << url
stub_request(:get, url).to_return(:status => 404)
end
@@ -106,7 +106,7 @@ shared_examples_for "WpTimthumbs" do
temp = []
timthumbs.each do |t|
temp << t.get_url.to_s
temp << t.get_full_url.to_s
end
temp.sort.should === expected.sort
@module.has_timthumbs?(nil).should be_true

428
spec/lib/wpscan/wp_item_spec.rb
View File

@@ -19,8 +19,133 @@
require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpPlugin do
describe "#initialize" do
it "should create a correct instance" do
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
instance.wp_content_dir.should == "wp-content"
instance.base_url.should == "http://sub.example.com/path/to/wordpress/"
instance.path.should == "test/asdf.php"
end
end
describe "#get_full_url" do
it "should return the correct url" do
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php"
end
it "should return the correct url (custom wp_content_dir)" do
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins",
:wp_content_dir => "custom"
)
instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
end
it "should trim / and add missing / before concatenating url" do
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins",
:wp_content_dir => "/custom/"
)
instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
end
end
describe "#get_url_without_filename" do
it "should return the correct url" do
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
end
it "should return the correct url (custom wp_content_dir)" do
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins",
:wp_content_dir => "custom"
)
instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
end
it "should trim / and add missing / before concatenating url" do
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins",
:wp_content_dir => "/custom/"
)
instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
end
it "should not remove the last foldername" do
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
end
it "should return the correct url (https)" do
instance = WpItem.new(:base_url => "https://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
end
it "should add the last slash if it's not present" do
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test-one",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/"
end
end
describe "#version" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' }
before :each do
@instance = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
@instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
@@ -29,72 +154,6 @@ describe WpPlugin do
)
end
describe "#initialize" do
it "should create a correct instance" do
@instance.wp_content_dir.should == "wp-content"
@instance.url.should == "http://sub.example.com/path/to/wordpress/"
@instance.path.should == "test/asdf.php"
end
end
describe "#get_url" do
it "should return the correct url" do
@instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php"
end
it "should return the correct url (custom wp_content_dir)" do
@instance.wp_content_dir = "custom"
@instance.type = "plugins"
@instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
end
it "should trim / and add missing / before concatenating url" do
@instance.wp_content_dir = "/custom/"
@instance.url = "http://sub.example.com/path/to/wordpress"
@instance.path = "test/asdf.php"
@instance.type = "plugins"
@instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
end
end
describe "#get_url_without_filename" do
it "should return the correct url" do
@instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
end
it "should return the correct url (custom wp_content_dir)" do
@instance.wp_content_dir = "custom"
@instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
end
it "should trim / and add missing / before concatenating url" do
@instance.wp_content_dir = "/custom/"
@instance.url = "http://sub.example.com/path/to/wordpress"
@instance.path = "test/asdf.php"
@instance.type = "plugins"
@instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
end
it "should not remove the last foldername" do
@instance.path = "test/"
@instance.type = "plugins"
@instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
end
it "should return the correct url (https)" do
@instance.url = "https://sub.example.com/path/to/wordpress/"
@instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
end
it "should add the last slash if it's not present" do
@instance.path = "test-one"
@instance.type = "plugins"
@instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/"
end
end
describe "#version" do
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' }
it "should return a version number" do
stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1")
@instance.version.should == "1.2.4.3.2.1"
@@ -120,6 +179,16 @@ describe WpPlugin do
end
describe "#directory_listing?" do
before :each do
@instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
end
it "should return true" do
stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200,
:body => "<html><head><title>Index of asdf</title></head></html>")
@@ -140,36 +209,74 @@ describe WpPlugin do
describe "#extract_name_from_url" do
it "should extract the correct name" do
@instance.extract_name_from_url.should == "test"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
instance.extract_name_from_url.should == "test"
end
it "should extract the correct name (custom wp_content_dir)" do
@instance.wp_content_dir = "custom"
@instance.extract_name_from_url.should == "test"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins",
:wp_content_dir => "custom"
)
instance.extract_name_from_url.should == "test"
end
it "should extract the correct name" do
@instance.wp_content_dir = "/custom/"
@instance.url = "http://sub.example.com/path/to/wordpress"
@instance.path = "test2/asdf.php"
@instance.type = "plugins"
@instance.extract_name_from_url.should == "test2"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test2/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins",
:wp_content_dir => "/custom/"
)
instance.extract_name_from_url.should == "test2"
end
it "should extract the correct plugin name" do
@instance.path = "testplugin/"
@instance.type = "plugins"
@instance.extract_name_from_url.should == "testplugin"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "testplugin/",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
instance.extract_name_from_url.should == "testplugin"
end
it "should extract the correct theme name" do
@instance.path = "testtheme/"
@instance.type = "plugins"
@instance.extract_name_from_url.should == "testtheme"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "testtheme/",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "themes"
)
instance.extract_name_from_url.should == "testtheme"
end
end
describe "#to_s" do
before :each do
@instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
end
it "should return the name including a version number" do
stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1")
@instance.to_s.should == "test v1.2.4.3.2.1"
@@ -182,8 +289,18 @@ describe WpPlugin do
end
describe "#==" do
before :each do
@instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
end
it "should return false" do
instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
instance2 = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "newname/asdf.php",
:type => "plugins",
:vulns_file => "XXX.xml",
@@ -193,7 +310,7 @@ describe WpPlugin do
end
it "should return true" do
instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
instance2 = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:type => "plugins",
:vulns_file => "XXX.xml",
@@ -204,38 +321,25 @@ describe WpPlugin do
end
describe "#get_sub_folder" do
it "should return plugins" do
item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
it "should return themes" do
item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:wp_content_dir => "wp-content",
:wp_plugins_dir => "plugins",
:wp_plugins_dir => "wp-content/plugins",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
:type => "themes"
)
item.get_sub_folder.should == "plugins"
end
it "should return custom-plugins" do
item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:wp_content_dir => "wp-content",
:wp_plugins_dir => "custom-plugins",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
item.get_sub_folder.should == "custom-plugins"
item.get_sub_folder.should == "themes"
end
it "should return themes" do
item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:wp_content_dir => "wp-content",
:wp_plugins_dir => "plugins",
:wp_plugins_dir => "wp-content/plugins",
:name => "test",
:vulns_xpath => "XX",
:type => "themes"
@@ -244,11 +348,11 @@ describe WpPlugin do
end
it "should return nil" do
item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:wp_content_dir => "wp-content",
:wp_plugins_dir => "plugins",
:wp_plugins_dir => "wp-content/plugins",
:name => "test",
:vulns_xpath => "XX",
:type => "timthumbs"
@@ -257,11 +361,11 @@ describe WpPlugin do
end
it "should raise an exception" do
item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:wp_content_dir => "wp-content",
:wp_plugins_dir => "plugins",
:wp_plugins_dir => "wp-content/plugins",
:name => "test",
:vulns_xpath => "XX",
:type => "type"
@@ -272,55 +376,111 @@ describe WpPlugin do
describe "#readme_url" do
it "should return the corrent plugin readme url" do
@instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt"
end
it "should return the corrent plugin readme url (custom wp_content)" do
@instance.wp_content_dir = "custom"
@instance.type = "plugins"
@instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins",
:wp_content_dir => "custom"
)
instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt"
end
it "should return the corrent theme readme url" do
@instance.path = "test/asdf.php"
@instance.type = "themes"
@instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "themes"
)
instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt"
end
it "should return the corrent theme readme url (custom wp_content)" do
@instance.wp_content_dir = "custom"
@instance.path = "test/asdf.php"
@instance.type = "themes"
@instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "themes",
:wp_content_dir => "custom"
)
instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt"
end
end
describe "#changelog_url" do
it "should return the corrent plugin changelog url" do
@instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt"
end
it "should return the corrent plugin changelog url (custom wp_content)" do
@instance.wp_content_dir = "custom"
@instance.type = "plugins"
@instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins",
:wp_content_dir => "custom"
)
instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt"
end
it "should return the corrent theme changelog url" do
@instance.path = "test/asdf.php"
@instance.type = "themes"
@instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "themes"
)
instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt"
end
it "should return the corrent theme changelog url (custom wp_content)" do
@instance.wp_content_dir = "custom"
@instance.path = "test/asdf.php"
@instance.type = "themes"
@instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt"
instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "themes",
:wp_content_dir => "custom"
)
instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt"
end
end
describe "#has_readme?" do
before :each do
@instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
end
it "should return true" do
stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200)
@instance.has_readme?.should == true
@@ -333,6 +493,16 @@ describe WpPlugin do
end
describe "#has_changelog?" do
before :each do
@instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
end
it "should return true" do
stub_request(:get, @instance.changelog_url.to_s).to_return(:status => 200)
@instance.has_changelog?.should == true

14
spec/lib/wpscan/wp_options_spec.rb
View File

@@ -22,7 +22,7 @@ describe WpOptions do
describe "#check_options" do
before :each do
@options = {}
@options[:url] = "url"
@options[:base_url] = "url"
@options[:only_vulnerable_ones] = false
@options[:file] = "file"
@options[:vulns_file] = "vulns_file"
@@ -40,14 +40,14 @@ describe WpOptions do
expect { WpOptions.check_options(@options) }.to raise_error(RuntimeError, @message)
end
it "should raise an exception (url empty)" do
@options[:url] = ""
@message = "url must be set"
it "should raise an exception (base_url empty)" do
@options[:base_url] = ""
@message = "base_url must be set"
end
it "should raise an exception (url nil)" do
@options[:url] = nil
@message = "url must be set"
it "should raise an exception (base_url nil)" do
@options[:base_url] = nil
@message = "base_url must be set"
end
it "should raise an exception (only_vulnerable_ones nil)" do

14
spec/lib/wpscan/wp_plugin_spec.rb
View File

@@ -21,29 +21,29 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpPlugin do
describe "#initialize" do
it "should not raise an exception" do
expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
end
it "should not raise an exception (wp_content_dir not set)" do
expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error
expect { WpPlugin.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error
end
it "should raise an exception (url not set)" do
it "should raise an exception (base_url not set)" do
expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
end
it "should raise an exception (path not set)" do
expect { WpPlugin.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
expect { WpPlugin.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
end
it "should raise an exception (name not set)" do
expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
end
end
describe "#error_log_url" do
it "should return a correct url" do
temp = WpPlugin.new(:url => "http://wordpress.com",
temp = WpPlugin.new(:base_url => "http://wordpress.com",
:path => "test/asdf.php")
temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log"
end
@@ -51,7 +51,7 @@ describe WpPlugin do
describe "#error_log?" do
before :each do
@temp = WpPlugin.new(:url => "http://wordpress.com",
@temp = WpPlugin.new(:base_url => "http://wordpress.com",
:path => "test/asdf.php")
end

13
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -27,7 +27,7 @@ describe WpTarget do
:config_file => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
:cache_timeout => 0,
:wp_content_dir => "wp-content",
:wp_plugins_dir => "plugins"
:wp_plugins_dir => "wp-content/plugins"
}
@wp_target = WpTarget.new("http://example.localhost/", @options)
end
@@ -153,20 +153,25 @@ describe WpTarget do
describe "#wp_plugins_dir" do
after :each do
@wp_target.stub(:wp_content_dir => @stub_value) if @stub_value
@wp_target.stub(:wp_plugins_dir => @stub_value) if @stub_value
@wp_target.wp_plugins_dir.should === @expected
end
it "should return the string set in the initialize method" do
@wp_target = WpTarget.new("http://example.localhost/", :wp_plugins_dir => "custom-plugins")
@wp_target = WpTarget.new("http://example.localhost/", :wp_content_dir => "asdf", :wp_plugins_dir => "custom-plugins")
@expected = "custom-plugins"
end
it "should return 'plugins'" do
@stub_value = "wp-content"
@stub_value = "plugins"
@expected = "plugins"
end
it "should return 'wp-content/plugins'" do
@stub_value = nil
@expected = "wp-content/plugins"
end
end
describe "#debug_log_url" do

34
spec/lib/wpscan/wp_theme_spec.rb
View File

@@ -30,23 +30,23 @@ describe WpTheme do
describe "#initialize" do
it "should not raise an exception" do
expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
end
it "should not raise an exception (wp_content_dir not set)" do
expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error
expect { WpTheme.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error
end
it "should raise an exception (url not set)" do
it "should raise an exception (base_url not set)" do
expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
end
it "should raise an exception (path not set)" do
expect { WpTheme.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
expect { WpTheme.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
end
it "should raise an exception (name not set)" do
expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
end
end
@@ -102,12 +102,12 @@ describe WpTheme do
it "should return a WpTheme object with .name 'Editorial' and .version '1.3.5'" do
@fixture = fixtures_dir + "/editorial-1.3.5.html"
@expected_theme = WpTheme.new(:name => "Editorial", :version => "1.3.5", :url => "", :path => "", :wp_content_dir => "")
@expected_theme = WpTheme.new(:name => "Editorial", :version => "1.3.5", :base_url => "", :path => "", :wp_content_dir => "")
end
it "should return a WpTheme object with .name 'Merchant'" do
@fixture = fixtures_dir + "/merchant-no-version.html"
@expected_theme = WpTheme.new(:name => "Merchant", :url => "", :path => "", :wp_content_dir => "")
@expected_theme = WpTheme.new(:name => "Merchant", :base_url => "", :path => "", :wp_content_dir => "")
end
end
@@ -151,7 +151,7 @@ describe WpTheme do
if @fixture
stub_request_to_fixture(:url => theme_style_url, :fixture => @fixture)
wp_theme = WpTheme.new(:name => 'spec-theme', :style_url => theme_style_url, :url => "", :path => "", :wp_content_dir => "")
wp_theme = WpTheme.new(:name => "spec-theme", :style_url => theme_style_url, :base_url => "", :path => "", :wp_content_dir => "")
wp_theme.version.should === @expected
end
@@ -163,7 +163,7 @@ describe WpTheme do
end
it "should return nil if the style_url is nil" do
WpTheme.new(:name => "hello-world", :url => "", :path => "", :wp_content_dir => "").version.should be_nil
WpTheme.new(:name => "hello-world", :base_url => "", :path => "", :wp_content_dir => "").version.should be_nil
end
it "should return 1.3" do
@@ -179,12 +179,12 @@ describe WpTheme do
describe "#===" do
it "should return false (name not equal)" do
instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
)
instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/newname/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
@@ -193,12 +193,12 @@ describe WpTheme do
end
it "should return false (version not equal)" do
instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
)
instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php",
:vulns_file => "XXX.xml",
:version => "2.0"
@@ -207,12 +207,12 @@ describe WpTheme do
end
it "should return false (version and name not equal)" do
instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/name/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
)
instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/newname/asdf.php",
:vulns_file => "XXX.xml",
:version => "2.0"
@@ -221,12 +221,12 @@ describe WpTheme do
end
it "should return true" do
instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/test/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"
)
instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "themes/test/asdf.php",
:vulns_file => "XXX.xml",
:version => "1.0"

10
spec/lib/wpscan/wp_version_spec.rb
View File

@@ -31,7 +31,7 @@ describe WpVersion do
after :each do
stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture)
WpVersion.find_from_meta_generator(:url => @target_uri.to_s).should === @expected
WpVersion.find_from_meta_generator(:base_url => @target_uri.to_s).should === @expected
end
it "should return nil if the meta-generator is not found" do
@@ -57,7 +57,7 @@ describe WpVersion do
@status_code ||= 200
stub_request_to_fixture(:url => @target_uri.merge("feed/").to_s, :status => @status_code, :fixture => @fixture)
WpVersion.find_from_rss_generator(:url => @target_uri).should === @expected
WpVersion.find_from_rss_generator(:base_url => @target_uri).should === @expected
end
it "should return nil on a 404" do
@@ -92,7 +92,7 @@ describe WpVersion do
stub_request(:get, @target_uri.merge("sitemap.xml").to_s).
to_return(:status => 200, :body => @body)
WpVersion.find_from_sitemap_generator(:url => @target_uri).should === @expected
WpVersion.find_from_sitemap_generator(:base_url => @target_uri).should === @expected
end
it "should return nil if the generator is not found" do
@@ -118,7 +118,7 @@ describe WpVersion do
@status_code ||= 200
stub_request_to_fixture(:url => @target_uri.merge("readme.html").to_s, :status => @status_code, :fixture => @fixture)
WpVersion.find_from_readme(:url => @target_uri).should === @expected
WpVersion.find_from_readme(:base_url => @target_uri).should === @expected
end
it "should return nil on a 404" do
@@ -145,7 +145,7 @@ describe WpVersion do
stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
:status => 200,
:fixture => "#{fixtures_dir}/3.2.1.js")
version = WpVersion.find_from_advanced_fingerprinting(:url => @target_uri,
version = WpVersion.find_from_advanced_fingerprinting(:base_url => @target_uri,
:wp_content_dir => "wp-content",
:version_xml => "#{fixtures_dir}/wp_versions.xml")
version.should == "3.2.1"

4
spec/lib/wpscan/wp_vulnerability_spec.rb
View File

@@ -4,7 +4,7 @@ describe "#vulnerabilities" do
let(:location_url) { "http://example.localhost/" }
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/vulnerabilities" }
let(:vulns_file) { fixtures_dir + "/plugin_vulns.xml" }
let(:wp_plugin) { WpPlugin.new(:url => location_url,
let(:wp_plugin) { WpPlugin.new(:base_url => location_url,
:name => "spec-plugin",
:path => "plugins/spec-plugin/",
:vulns_file => vulns_file)
@@ -12,7 +12,7 @@ describe "#vulnerabilities" do
it "should return an empty array when no vulnerabilities are found" do
WpPlugin.new(:url => "http://example.localhost/",
WpPlugin.new(:base_url => "http://example.localhost/",
:name => "no-vulns",
:path => "plugins/no-vulns/",
:vulns_file => vulns_file).vulnerabilities.should be_empty

12
wpscan.rb
View File

@@ -154,14 +154,14 @@ begin
puts
puts green("[+]") + " Enumerating plugins from passive detection ... "
plugins = wp_target.plugins_from_passive_detection(:url => wp_target.uri, :wp_content_dir => wp_target.wp_content_dir)
plugins = wp_target.plugins_from_passive_detection(:base_url => wp_target.uri, :wp_content_dir => wp_target.wp_content_dir)
unless plugins.empty?
puts "#{plugins.size} found :"
plugins.each do |plugin|
puts
puts " | Name: #{plugin.name}"
puts " | Location: #{plugin.get_url}"
puts " | Location: #{plugin.get_full_url}"
plugin.vulnerabilities.each do |vulnerability|
puts " |"
@@ -181,7 +181,7 @@ begin
puts
options = {}
options[:url] = wp_target.uri
options[:base_url] = wp_target.uri
options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_plugins || false
options[:show_progress_bar] = true
options[:wp_content_dir] = wp_target.wp_content_dir
@@ -236,7 +236,7 @@ begin
puts
options = {}
options[:url] = wp_target.uri
options[:base_url] = wp_target.uri
options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_themes || false
options[:show_progress_bar] = true
options[:wp_content_dir] = wp_target.wp_content_dir
@@ -282,7 +282,7 @@ begin
puts
options = {}
options[:url] = wp_target.uri
options[:base_url] = wp_target.uri
options[:show_progress_bar] = true
options[:wp_content_dir] = wp_target.wp_content_dir
options[:error_404_hash] = wp_target.error_404_hash
@@ -296,7 +296,7 @@ begin
puts
timthumbs.each do |t|
puts " | " + red("[!]") + " #{t.get_url.to_s}"
puts " | " + red("[!]") + " #{t.get_full_url.to_s}"
end
puts
puts red(" * Reference: http://www.exploit-db.com/exploits/17602/")