From 8014093d33a7d96524e37979a03b7d23b3c03948 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 8 Nov 2013 15:22:50 +0100 Subject: [PATCH 1/3] Create CHANGELOG First commit CHANGELOG. Needs some polish --- CHANGELOG | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 CHANGELOG diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 00000000..960ebf96 --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,130 @@ +Version 2.2 released: yyyy-m-d + +* Addidions +Output the vulnerability fix if available +Added 'WordPress Version Vulnerability' statistics +Added Kali Linux on the list of pre-installed Linux distributions +Added hosted wordpress detection. See issue #343. +Add detection for all-in-one-seo-pack +Use less memory when brute forcing with a large wordlist +Memory Usage output +Added cve tag to xml file +Add documentation to readme +Add --version switch +Parse robots.txt +Show twitter usernames +Clean logfile on wpstools too +Added pingback header +Request_timeout and connect_timeout implemented +Output interesting http-headers +Kali Linux detection +Ensure that brute forcing results are output even if an error occurs or the user exits +Added debug output +Fixed Version compare for issue #179 +Added ruby-progressbar version to Gemfile +Use the redirect_to parameter on bruteforce +Readded "junk removal" from usernames before output +Add license file +Output the timthumb version if found +New enumeration system +More error details for XSD checks +Added default wp-content dir detection, see Issue #141. +Added checks for well formed xml + +* Changed +Make a seperator between plugin name and vulnerability name +It's WordPress, not Wordpress +Changed wordpress.com scanning error to warning. See issue #343. +Make output lines consistent +Replace packetstormsecurity.org to packetstormsecurity.com +Same URL syntax for all Packet Storm Security URL's +Packet Storm Security URL's don't need the 'friendly part' of the URL. So it can be neglected. +Use online documentation +User prompt on same line +Ruby-progressbar Gemfile version bump +Banner artwork +Handle when there are 2 headers of the same name +Releasing the Typhoeus version constraint +Amended Arch Linux install instructions. See issue #183. + +* Update +Plugins & Themes updated +Update README.md +Updated documentation + +* Remove +Removed 'smileys' in output messages +Removed 'for WordPress' and 'plugin' in title strings. +Removed reference +Removed useless code +Removed duplicate vulnerabilities + +* General core +Code cleaning +Fix typo's +clean up rspecs +Themes & Plugins lists regenerated +Rspecs +Code Factoring +Added checks for old ruby. Otherwise there will be syntax errors + +* Vulnerabilities +Update WordPress Vulnerabilities +Update timthumb due to Secunia #54801 +Added WP vuln: 3.4 - 3.5.1 wp-admin/users.php FPD + +* WPScan Databse Statistics: +Total vulnerable versions: 76, 4 are new +Total vulnerable plugins: 606, 197 are new +Total vulnerable themes: 194, 45 are new +Total version vulnerabilities: 274, 53 are new +Total plugin vulnerabilities: 764, 270 are new +Total theme vulnerabilities: 198, 46 are new + +* Add WP Fingerprints +WP 3.7.1 Fingerprinting +WP 3.7 Fingerprinting +Ref #280 WP 3.6.1 fingerprint +Added WP 3.6 advanced fingerprint hash. See Issue #255. +Updated MD5 hash of WP 3.6 detection. See Issue #277. +WP 3.5.2 Fingerprint +Bug Fix : Wp 3.5 & 3.5.1 not detected from advanced fingerprinting. + +* Fixed issues +Trying a fix for Kali Linux +Fix #249 +Fix #275 +Fix #271 Further Instructions added to the Mac Install +Don't skip passwords that start with a hash. This is fairly common (see RockYou list for example). +Fix #266 - passive detection regex +Fix #265 - remove base64 images before passive detection +Fix #262 +Ref #260 Fixes Travis Fail, due to rspec-mock v2.14.3 +Fix for xmlrpc false positive. Issue #260. +Fix #208 - Fixed vulnerable plugins still appear in the results +Fix #245 +Fix #241 +Fix #232 +Fix #231 +Updated Fedora install instructions as per Issue #92 +Slight update to security plugin warning. Issue #212. +Fix #223 - New wordpress urls for most popular plugins & themes +Fix #177 - Passive Cache plugins detection (no spec) +Possible fix for #169 - False reports +Fix #182 - Remove the progress-bar static length (120), and let it to automatic +Fix #181 - Don't exit if no usernames found during a simple enumeration (but exit if a brute force is asked) +Fix for issue #200 +Fix #164 - README.txt detection +Fix #166 - ListGenerator using the old Browser#get method for full generation +Fix hacks.rb conflict +Fix error with the -U option (undefined method 'merge' for #WpTarget:) +Fix #153 - Disable error trace when it's from the main script +Fix #163 - in the proper way +Fix #144 - Use cookie jar to prevent infinite redirections loop +Fix #158 - Add the solution to 'no such file to load -- rubygems' in the README +Fix #152 - invalid ssl_certificate - response code 0 +Fix #147 - can't modify frozen string +Fix #140 - xml_rpc_url in the body +Fix #153 - No error trace when 'No argument supplied' + +Version 2.1 released 2013-3-4 From 48ad1a9af29505716efbba242b532fecb3fb2640 Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 8 Nov 2013 15:31:25 +0100 Subject: [PATCH 2/3] Update CHANGELOG --- CHANGELOG | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 960ebf96..f2c01d16 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,6 @@ Version 2.2 released: yyyy-m-d -* Addidions +* Additions Output the vulnerability fix if available Added 'WordPress Version Vulnerability' statistics Added Kali Linux on the list of pre-installed Linux distributions @@ -92,20 +92,19 @@ Bug Fix : Wp 3.5 & 3.5.1 not detected from advanced fingerprinting. * Fixed issues Trying a fix for Kali Linux -Fix #249 -Fix #275 -Fix #271 Further Instructions added to the Mac Install +Fix #249 - [ERROR] "\xF1" on US-ASCII +Fix #275 - [ERROR] "\xC3" on US-ASCII +Fix #271 - Further Instructions added to the Mac Install Don't skip passwords that start with a hash. This is fairly common (see RockYou list for example). Fix #266 - passive detection regex Fix #265 - remove base64 images before passive detection -Fix #262 -Ref #260 Fixes Travis Fail, due to rspec-mock v2.14.3 +Fix #262 - [ERROR] bad component(expected absolute path component) +Ref #260 - Fixes Travis Fail, due to rspec-mock v2.14.3 Fix for xmlrpc false positive. Issue #260. Fix #208 - Fixed vulnerable plugins still appear in the results -Fix #245 -Fix #241 -Fix #232 -Fix #231 +Fix #245 - all theme enumeration error +Fix #241 - Cant convert array to string +Fix #232 - Crash while enumerating usernames Updated Fedora install instructions as per Issue #92 Slight update to security plugin warning. Issue #212. Fix #223 - New wordpress urls for most popular plugins & themes From 804db84b9a079a8b75cbd22a78ed323399ff695a Mon Sep 17 00:00:00 2001 From: Peter van der Laan Date: Fri, 8 Nov 2013 15:43:48 +0100 Subject: [PATCH 3/3] Update CHANGELOG --- CHANGELOG | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index f2c01d16..42f52384 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -32,6 +32,7 @@ Added default wp-content dir detection, see Issue #141. Added checks for well formed xml * Changed +Trying a fix for Kali Linux Make a seperator between plugin name and vulnerability name It's WordPress, not Wordpress Changed wordpress.com scanning error to warning. See issue #343. @@ -41,8 +42,13 @@ Same URL syntax for all Packet Storm Security URL's Packet Storm Security URL's don't need the 'friendly part' of the URL. So it can be neglected. Use online documentation User prompt on same line +Don't skip passwords that start with a hash. This is fairly common (see RockYou list for example). +Updated Fedora install instructions as per Issue #92 +Slight update to security plugin warning. Issue #212. Ruby-progressbar Gemfile version bump +Fix error with the -U option (undefined method 'merge' for #WpTarget:) Banner artwork +Fix hacks.rb conflict Handle when there are 2 headers of the same name Releasing the Typhoeus version constraint Amended Arch Linux install instructions. See issue #183. @@ -64,7 +70,7 @@ Code cleaning Fix typo's clean up rspecs Themes & Plugins lists regenerated -Rspecs +Rspecs update Code Factoring Added checks for old ruby. Otherwise there will be syntax errors @@ -91,32 +97,25 @@ WP 3.5.2 Fingerprint Bug Fix : Wp 3.5 & 3.5.1 not detected from advanced fingerprinting. * Fixed issues -Trying a fix for Kali Linux Fix #249 - [ERROR] "\xF1" on US-ASCII Fix #275 - [ERROR] "\xC3" on US-ASCII Fix #271 - Further Instructions added to the Mac Install -Don't skip passwords that start with a hash. This is fairly common (see RockYou list for example). Fix #266 - passive detection regex Fix #265 - remove base64 images before passive detection Fix #262 - [ERROR] bad component(expected absolute path component) -Ref #260 - Fixes Travis Fail, due to rspec-mock v2.14.3 -Fix for xmlrpc false positive. Issue #260. +Fix #260 - Fixes Travis Fail, due to rspec-mock v2.14.3 Fix #208 - Fixed vulnerable plugins still appear in the results Fix #245 - all theme enumeration error Fix #241 - Cant convert array to string Fix #232 - Crash while enumerating usernames -Updated Fedora install instructions as per Issue #92 -Slight update to security plugin warning. Issue #212. Fix #223 - New wordpress urls for most popular plugins & themes Fix #177 - Passive Cache plugins detection (no spec) -Possible fix for #169 - False reports +Fix #169 - False reports Fix #182 - Remove the progress-bar static length (120), and let it to automatic Fix #181 - Don't exit if no usernames found during a simple enumeration (but exit if a brute force is asked) -Fix for issue #200 +Fix #200 - Log file not recording the list of username retireved Fix #164 - README.txt detection Fix #166 - ListGenerator using the old Browser#get method for full generation -Fix hacks.rb conflict -Fix error with the -U option (undefined method 'merge' for #WpTarget:) Fix #153 - Disable error trace when it's from the main script Fix #163 - in the proper way Fix #144 - Use cookie jar to prevent infinite redirections loop