garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

-) Code formatting

Browse Source 
-) rspec tests
This commit is contained in:
Christian Mehlmauer
2012-09-22 15:44:41 +02:00
parent 55fa6422b2
commit ae96d93cee
52 changed files with 897 additions and 463 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/browser.rb
View File

@@ -52,6 +52,7 @@ class Browser
# might be in CacheFileStore
setup_cache_handlers
end
private_class_method :new
def self.instance(options = {})
@@ -123,6 +124,7 @@ class Browser
@cache.read_entry(Browser.generate_cache_key_from_request(request)) rescue nil
end
end
private :setup_cache_handlers
def get(url, params = {})

12
lib/common_helper.rb
View File

@@ -66,7 +66,7 @@ def get_equal_string_end(stringarray = [""])
break
end
end
if looping == false or (counter * -1 ) > base.length
if looping == false or (counter * -1) > base.length
break
end
already_found = "#{character if character}#{already_found}"
@@ -87,6 +87,7 @@ if RUBY_VERSION < "1.9"
end
matches
end
alias_method :grep, :_grep_
end
end
@@ -125,5 +126,10 @@ def colorize(text, color_code)
"\e[#{color_code}m#{text}\e[0m"
end
def red(text); colorize(text, 31) end
def green(text); colorize(text, 32) end
def red(text)
; colorize(text, 31)
end
def green(text)
; colorize(text, 32)
end

12
lib/updater/svn_updater.rb
View File

@@ -20,20 +20,20 @@ require File.expand_path(File.dirname(__FILE__) + '/updater')
class SvnUpdater < Updater
@@revision_pattern = /revision="(\d+)"/i
@@trunk_url = "https://wpscan.googlecode.com/svn/trunk"
REVISION_PATTERN = /revision="(\d+)"/i
TRUNK_URL = "https://github.com/wpscanteam/wpscan"
def is_installed?
%x[svn info "#{@repo_directory}" --xml 2>&1] =~ /revision=/ ? true : false
%x[svn info "#@repo_directory" --xml 2>&1] =~ /revision=/ ? true : false
end
def local_revision_number
local_revision = %x[svn info "#{@repo_directory}" --xml 2>&1]
local_revision[@@revision_pattern, 1].to_s
local_revision = %x[svn info "#@repo_directory" --xml 2>&1]
local_revision[REVISION_PATTERN, 1].to_s
end
def update
%x[svn up "#{@repo_directory}"]
%x[svn up "#@repo_directory"]
end
end

4
lib/wpscan/modules/web_site.rb
View File

@@ -24,14 +24,14 @@ module WebSite
wordpress = false
response = Browser.instance.get(login_url(),
{ :follow_location => true, :max_redirects => 2 }
{:follow_location => true, :max_redirects => 2}
)
if response.body =~ %r{WordPress}i
wordpress = true
else
response = Browser.instance.get(xmlrpc_url(),
{ :follow_location => true, :max_redirects => 2 }
{:follow_location => true, :max_redirects => 2}
)
if response.body =~ %r{XML-RPC server accepts POST requests only}i

2
lib/wpscan/modules/wp_usernames.rb
View File

@@ -58,7 +58,7 @@ module WpUsernames
end
def get_nickname_from_url(url)
resp = Browser.instance.get(url, { :follow_location => true, :max_redirects => 2 })
resp = Browser.instance.get(url, {:follow_location => true, :max_redirects => 2})
nickname = nil
if resp.code == 200
nickname = extract_nickname_from_body(resp.body)

2
lib/wpscan/wp_plugin.rb
View File

@@ -31,7 +31,7 @@ class WpPlugin < WpItem
# however can also be found in their specific plugin dir.
# http://www.exploit-db.com/ghdb/3714/
def error_log?
response_body = Browser.instance.get(error_log_url(), :headers => { "range" => "bytes=0-700"}).body
response_body = Browser.instance.get(error_log_url(), :headers => {"range" => "bytes=0-700"}).body
response_body[%r{PHP Fatal error}i] ? true : false
end

2
lib/wpscan/wp_target.rb
View File

@@ -111,7 +111,7 @@ class WpTarget
def has_debug_log?
# We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)
response_body = Browser.instance.get(debug_log_url(), :headers => { "range" => "bytes=0-700"}).body
response_body = Browser.instance.get(debug_log_url(), :headers => {"range" => "bytes=0-700"}).body
response_body[%r{\[[^\]]+\] PHP (?:Warning|Error|Notice):}] ? true : false
end

2
lib/wpscan/wp_theme.rb
View File

@@ -56,7 +56,7 @@ class WpTheme < WpItem
# Discover the wordpress theme name by parsing the css link rel
def self.find_from_css_link(target_uri)
response = Browser.instance.get(target_uri.to_s, { :follow_location => true, :max_redirects => 2 })
response = Browser.instance.get(target_uri.to_s, {:follow_location => true, :max_redirects => 2})
matches = %r{https?://[^"']+/themes/([^"']+)/style.css}i.match(response.body)
if matches

4
lib/wpscan/wp_version.rb
View File

@@ -60,14 +60,14 @@ class WpVersion < Vulnerable
# that it is reinstated on upgrade.
def self.find_from_meta_generator(options)
target_uri = options[:url]
response = Browser.instance.get(target_uri.to_s, { :follow_location => true, :max_redirects => 2 })
response = Browser.instance.get(target_uri.to_s, {:follow_location => true, :max_redirects => 2})
response.body[%r{name="generator" content="wordpress ([^"]+)"}i, 1]
end
def self.find_from_rss_generator(options)
target_uri = options[:url]
response = Browser.instance.get(target_uri.merge("feed/").to_s, { :follow_location => true, :max_redirects => 2 })
response = Browser.instance.get(target_uri.merge("feed/").to_s, {:follow_location => true, :max_redirects => 2})
response.body[%r{<generator>http://wordpress.org/\?v=([^<]+)</generator>}i, 1]
end

6
lib/wpscan/wpscan_options.rb
View File

@@ -192,10 +192,10 @@ class WpscanOptions
["--enumerate", "-e", GetoptLong::OPTIONAL_ARGUMENT],
["--username", "-U", GetoptLong::REQUIRED_ARGUMENT],
["--wordlist", "-w", GetoptLong::REQUIRED_ARGUMENT],
["--threads", "-t",GetoptLong::REQUIRED_ARGUMENT],
["--force", "-f",GetoptLong::NO_ARGUMENT],
["--threads", "-t", GetoptLong::REQUIRED_ARGUMENT],
["--force", "-f", GetoptLong::NO_ARGUMENT],
["--help", "-h", GetoptLong::NO_ARGUMENT],
["--verbose", "-v", GetoptLong::NO_ARGUMENT] ,
["--verbose", "-v", GetoptLong::NO_ARGUMENT],
["--proxy", GetoptLong::OPTIONAL_ARGUMENT],
["--update", GetoptLong::NO_ARGUMENT],
["--follow-redirection", GetoptLong::NO_ARGUMENT],

4
lib/wpstools/parse_svn.rb
View File

@@ -64,14 +64,14 @@ class Svn_Parser
# trunk folder present
if contains_trunk(response)
puts "[+] Adding trunk on #{dir}" if @verbose
urls << { :name => dir, :folder => "trunk"}
urls << {:name => dir, :folder => "trunk"}
# no trunk folder. This is true on theme svn repos
else
folders = response.body.scan(%r{^\s*<li><a href="(.+)/">.+/</a></li>$}i)
if folders != nil and folders.length > 0
last_version = folders.last[0]
puts "[+] Adding #{last_version} on #{dir}" if @verbose
urls << { :name => dir, :folder => last_version}
urls << {:name => dir, :folder => last_version}
else
puts "[+] No content in #{dir}" if @verbose
end

9
spec/fixtures/wpscan/modules/wp_themes/passive_detection/no_theme.htm vendored Normal file
View File

@@ -0,0 +1,9 @@
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
</body>
</html>

179
spec/fixtures/wpscan/modules/wp_themes/passive_detection/one_theme.htm vendored Normal file
View File

@@ -0,0 +1,179 @@
<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<head>
<meta charset="UTF-8" />
<title>ddd</title>
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="stylesheet" type="text/css" media="all" href="http://10.211.55.8/wordpress/wp-content/themes/custom-twentyten/style.css" />
<link rel="pingback" href="http://10.211.55.8/wordpress/xmlrpc.php" />
<meta name='robots' content='noindex,nofollow' />
<link rel="alternate" type="application/rss+xml" title="test &raquo; Feed" href="http://10.211.55.8/wordpress/?feed=rss2" />
<link rel="alternate" type="application/rss+xml" title="test &raquo; Comments Feed" href="http://10.211.55.8/wordpress/?feed=comments-rss2" />
<!-- AL2FB CSS -->
<style type="text/css" media="screen">
.al2fb_widget_comments { }
.al2fb_widget_comments li { }
.al2fb_widget_picture { width: 32px; height: 32px; }
.al2fb_widget_name { }
.al2fb_widget_comment { }
.al2fb_widget_date { font-size: smaller; }
</style>
<link rel='stylesheet' id='al2fb_style-css' href='http://10.211.55.8/wordpress/wp-content/plugins/add-link-to-facebook/add-link-to-facebook.css?ver=3.3.1' type='text/css' media='all' />
<link rel='stylesheet' id='events-manager-css' href='http://10.211.55.8/wordpress/wp-content/plugins/events-manager/includes/css/events_manager.css?ver=3.3.1' type='text/css' media='all' />
<link rel='stylesheet' id='NextGEN-css' href='http://10.211.55.8/wordpress/wp-content/plugins/nextgen-gallery/css/nggallery.css?ver=1.0.0' type='text/css' media='screen' />
<link rel='stylesheet' id='shutter-css' href='http://10.211.55.8/wordpress/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.css?ver=1.3.4' type='text/css' media='screen' />
<link rel='stylesheet' id='contact-form-7-css' href='http://10.211.55.8/wordpress/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.2.1' type='text/css' media='all' />
<link rel='stylesheet' id='cntctfrmStylesheet-css' href='http://10.211.55.8/wordpress/wp-content/plugins/contact-form-plugin/css/style.css?ver=3.3.1' type='text/css' media='all' />
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/jquery.js?ver=1.7.1'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.position.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.mouse.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.sortable.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.datepicker.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.autocomplete.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.resizable.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.draggable.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.button.min.js?ver=1.8.16'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-includes/js/jquery/ui/jquery.ui.dialog.min.js?ver=1.8.16'></script>
<script type='text/javascript'>
/* <![CDATA[ */
var EM = {"ajaxurl":"http:\/\/10.211.55.8\/wordpress\/wp-admin\/admin-ajax.php","bookingajaxurl":"http:\/\/10.211.55.8\/wordpress\/wp-admin\/admin-ajax.php","locationajaxurl":"http:\/\/10.211.55.8\/wordpress\/wp-admin\/admin-ajax.php?action=locations_search","firstDay":"1","locale":"en","dateFormat":"dd\/mm\/yy","bookingInProgress":"Please wait while the booking is being submitted.","ui_css":"http:\/\/10.211.55.8\/wordpress\/wp-content\/plugins\/events-manager\/includes\/css\/ui-lightness.css","show24hours":"","is_ssl":"","tickets_save":"Save Ticket","bookings_export_save":"Export Bookings","bookings_settings_save":"Save Settings","booking_delete":"Are you sure you want to delete?","bb_full":"Sold Out","bb_book":"Book Now","bb_booking":"Booking...","bb_booked":"Booking Submitted","bb_error":"Booking Error. Try again?","bb_cancel":"Cancel","bb_canceling":"Canceling...","bb_cancelled":"Cancelled","bb_cancel_error":"Cancellation Error. Try again?","txt_search":"Search","txt_searching":"Searching...","txt_loading":"Loading..."};
/* ]]> */
</script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/events-manager/includes/js/events-manager.js?ver=3.3.1'></script>
<script type='text/javascript'>
/* <![CDATA[ */
var shutterSettings = {"msgLoading":"L O A D I N G","msgClose":"Click to Close","imageCount":"1"};
/* ]]> */
</script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.3'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.9995'></script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06'></script>
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://10.211.55.8/wordpress/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://10.211.55.8/wordpress/wp-includes/wlwmanifest.xml" />
<meta name="generator" content="WordPress 3.3.1" />
<!-- All in One SEO Pack 1.6.15 by Michael Torbert of Semper Fi Web Design[78,119] -->
<meta name="description" content="ddddd" />
<meta name="keywords" content="dd" />
<link rel="canonical" href="http://10.211.55.8/wordpress/" />
<!-- /all in one seo pack -->
<!-- <meta name="NextGEN" version="1.9.6" /> -->
<script charset="utf-8" type="text/javascript">var switchTo5x=true;</script><script charset="utf-8" type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script><script type="text/javascript">stLight.options({publisher:'wp.d54da82c-32aa-4efc-ab15-d4e2ed4f0b4d'});var st_type='wordpress3.3.1';</script></head>
<body class="home blog">
<div id="wrapper" class="hfeed">
<div id="header">
<div id="masthead">
<div id="branding" role="banner">
<h1 id="site-title">
<span>
<a href="http://10.211.55.8/wordpress/" title="test" rel="home">test</a>
</span>
</h1>
<div id="site-description">Just another WordPress site</div>
<img src="http://10.211.55.8/wordpress/wp-content/themes/custom-twentyten/images/headers/path.jpg" width="940" height="198" alt="" />
</div><!-- #branding -->
<div id="access" role="navigation">
<div class="skip-link screen-reader-text"><a href="#content" title="Skip to content">Skip to content</a></div>
<div class="menu"><ul><li class="current_page_item"><a href="http://10.211.55.8/wordpress/" title="Home">Home</a></li><li class="page_item page-item-11"><a href="http://10.211.55.8/wordpress/?page_id=11">Events</a><ul class='children'><li class="page_item page-item-13"><a href="http://10.211.55.8/wordpress/?page_id=13">Categories</a></li><li class="page_item page-item-12"><a href="http://10.211.55.8/wordpress/?page_id=12">Locations</a></li><li class="page_item page-item-14"><a href="http://10.211.55.8/wordpress/?page_id=14">My Bookings</a></li></ul></li><li class="page_item page-item-2"><a href="http://10.211.55.8/wordpress/?page_id=2">Sample Page</a></li></ul></div>
</div><!-- #access -->
</div><!-- #masthead -->
</div><!-- #header -->
<div id="main">
<div id="container">
<div id="content" role="main">
<div id="post-1" class="post-1 post type-post status-publish format-standard hentry category-uncategorized">
<h2 class="entry-title"><a href="http://10.211.55.8/wordpress/?p=1" title="Permalink to Hello world!" rel="bookmark">Hello world!</a></h2>
<div class="entry-meta">
<span class="meta-prep meta-prep-author">Posted on</span> <a href="http://10.211.55.8/wordpress/?p=1" title="8:41 pm" rel="bookmark"><span class="entry-date">September 15, 2012</span></a> <span class="meta-sep">by</span> <span class="author vcard"><a class="url fn n" href="http://10.211.55.8/wordpress/?author=1" title="View all posts by admin">admin</a></span> </div><!-- .entry-meta -->
<div class="entry-content">
<p>Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!</p>
<p><span class='st_facebook_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Facebook'></span><span class='st_twitter_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Twitter'></span><span class='st_email_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Email'></span><span class='st_sharethis_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='ShareThis'></span><span class='st_fblike_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Facebook Like'></span><span class='st_plusone_buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Google +1'></span><span class='st_pinterest _buttons' st_title='Hello world!' st_url='http://10.211.55.8/wordpress/?p=1' displayText='Pinterest'></span></p> </div><!-- .entry-content -->
<div class="entry-utility">
<span class="cat-links">
<span class="entry-utility-prep entry-utility-prep-cat-links">Posted in</span> <a href="http://10.211.55.8/wordpress/?cat=1" title="View all posts in Uncategorized" rel="category">Uncategorized</a> </span>
<span class="meta-sep">|</span>
<span class="comments-link"><a href="http://10.211.55.8/wordpress/?p=1#comments" title="Comment on Hello world!">1 Comment</a></span>
</div><!-- .entry-utility -->
</div><!-- #post-## -->
</div><!-- #content -->
</div><!-- #container -->
<div id="primary" class="widget-area" role="complementary">
<ul class="xoxo">
<li id="search-2" class="widget-container widget_search"><form role="search" method="get" id="searchform" action="http://10.211.55.8/wordpress/" >
<div><label class="screen-reader-text" for="s">Search for:</label>
<input type="text" value="" name="s" id="s" />
<input type="submit" id="searchsubmit" value="Search" />
</div>
</form></li> <li id="recent-posts-2" class="widget-container widget_recent_entries"> <h3 class="widget-title">Recent Posts</h3> <ul>
<li><a href="http://10.211.55.8/wordpress/?p=1" title="Hello world!">Hello world!</a></li>
</ul>
</li><li id="recent-comments-2" class="widget-container widget_recent_comments"><h3 class="widget-title">Recent Comments</h3><ul id="recentcomments"><li class="recentcomments"><a href='http://wordpress.org/' rel='external nofollow' class='url'>Mr WordPress</a> on <a href="http://10.211.55.8/wordpress/?p=1#comment-1">Hello world!</a></li></ul></li><li id="archives-2" class="widget-container widget_archive"><h3 class="widget-title">Archives</h3> <ul>
<li><a href='http://10.211.55.8/wordpress/?m=201209' title='September 2012'>September 2012</a></li>
</ul>
</li><li id="categories-2" class="widget-container widget_categories"><h3 class="widget-title">Categories</h3> <ul>
<li class="cat-item cat-item-1"><a href="http://10.211.55.8/wordpress/?cat=1" title="View all posts filed under Uncategorized">Uncategorized</a>
</li>
</ul>
</li><li id="meta-2" class="widget-container widget_meta"><h3 class="widget-title">Meta</h3> <ul>
<li><a href="http://10.211.55.8/wordpress/wp-login.php">Log in</a></li>
<li><a href="http://10.211.55.8/wordpress/?feed=rss2" title="Syndicate this site using RSS 2.0">Entries <abbr title="Really Simple Syndication">RSS</abbr></a></li>
<li><a href="http://10.211.55.8/wordpress/?feed=comments-rss2" title="The latest comments to all posts in RSS">Comments <abbr title="Really Simple Syndication">RSS</abbr></a></li>
<li><a href="http://wordpress.org/" title="Powered by WordPress, state-of-the-art semantic personal publishing platform.">WordPress.org</a></li>
</ul>
</li> </ul>
</div><!-- #primary .widget-area -->
</div><!-- #main -->
<div id="footer" role="contentinfo">
<div id="colophon">
<div id="site-info">
<a href="http://10.211.55.8/wordpress/" title="test" rel="home">
test </a>
</div><!-- #site-info -->
<div id="site-generator">
<a href="http://wordpress.org/" title="Semantic Personal Publishing Platform" rel="generator">Proudly powered by WordPress.</a>
</div><!-- #site-generator -->
</div><!-- #colophon -->
</div><!-- #footer -->
</div><!-- #wrapper -->
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/contact-form-7/includes/js/jquery.form.js?ver=3.14'></script>
<script type='text/javascript'>
/* <![CDATA[ */
var _wpcf7 = {"loaderUrl":"http:\/\/10.211.55.8\/wordpress\/wp-content\/plugins\/contact-form-7\/images\/ajax-loader.gif","sending":"Sending ..."};
/* ]]> */
</script>
<script type='text/javascript' src='http://10.211.55.8/wordpress/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.2.1'></script>
</body>
</html>

26
spec/fixtures/wpscan/modules/wp_themes/passive_detection/various_themes.htm vendored Normal file
View File

@@ -0,0 +1,26 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="fr-FR">
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta property="fb:page_id" content="18968879441564"/>
<title>Example.com</title>
<link rel="alternate" type="application/rss+xml" title="Example RSS Feed" href="http://example.com/feed"/>
<link rel="alternate" type="application/atom+xml" title="Example Atom Feed" href="http://example.com/feed/atom"/>
<link rel="pingback" href="http://example.com/xmlrpc.php"/>
<link type="text/css" rel="stylesheet" href="http://example.localhost/wp-content/themes/theme1/style.css" />
<link type="text/css" rel="stylesheet" href="http://example.localhost/wp-content/themes/theme2/javascript.js" />
<link type="text/css" rel="stylesheet" href="http://example.localhost/wp-content/themes/theme3/test.png" />
</head>
<body>
<div class="top">
<div class="header">
<h1 class="logo">
Blablabla
</h1>
</div>
</div>
</body>
<script type='text/javascript' src='http://platform.twitter.com/widgets.js?ver=1.0.0'></script>
</html>

25
spec/fixtures/wpscan/modules/wp_themes/theme_vulns.xml vendored Normal file
View File

@@ -0,0 +1,25 @@
<themes>
<theme name="shopperpress">
<vulnerability>
<title>ShopperPress WordPress Theme 2.7 Cross Site Scripting</title>
<reference>http://packetstormsecurity.org/files/115630/</reference>
<type>XSS</type>
</vulnerability>
</theme>
<theme name="wise">
<vulnerability>
<title>Site5 Wordpress Themes Email Spoofing</title>
<reference>http://packetstormsecurity.org/files/114750/</reference>
<type>UNKNOWN</type>
</vulnerability>
</theme>
<theme name="webfolio">
<vulnerability>
<title>Site5 Wordpress Themes Email Spoofing</title>
<reference>http://packetstormsecurity.org/files/114750/</reference>
<type>UNKNOWN</type>
</vulnerability>
</theme>
</themes>

10
spec/fixtures/wpscan/modules/wp_themes/themes.txt vendored Normal file
View File

@@ -0,0 +1,10 @@
zenpro/404.php
zeta-zip/404.php
zfirst/404.php
zgrey/404.php
zindi-ii/404.php
zindi/404.php
zombie-apocalypse/404.php
zsofa/404.php
zwei-seiten/404.php
twentyten/404.php

2
spec/lib/wpscan/modules/web_site_spec.rb
View File

@@ -85,7 +85,7 @@ shared_examples_for "WebSite" do
[301, 302].each do |status_code|
it "should return http://new-location.com if the status code is #{status_code}" do
stub_request(:get, @module.url).
to_return(:status => status_code, :headers => { :location => "http://new-location.com" })
to_return(:status => status_code, :headers => {:location => "http://new-location.com"})
@module.redirection.should === "http://new-location.com"
end

50
spec/lib/wpscan/modules/wp_plugins_spec.rb
View File

@@ -31,7 +31,7 @@ shared_examples_for "WpPlugins" do
@module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
@module.extend(WpPlugins)
@options = { :url => @wp_url,
@options = {:url => @wp_url,
:only_vulnerable_ones => false,
:show_progress_bar => false,
:error_404_hash => Digest::MD5.hexdigest("Error 404!"),
@@ -43,30 +43,30 @@ shared_examples_for "WpPlugins" do
}
File.exist?(@plugin_vulns_file).should == true
File.exist?(@plugins_file).should == true
@targets = [WpPlugin.new({:url=>"http://example.localhost/",
:path=>"plugins/exclude-pages/exclude_pages.php",
:wp_content_dir=>"wp-content",
:name=>"exclude-pages"}),
WpPlugin.new({:url=>"http://example.localhost/",
:path=>"plugins/display-widgets/display-widgets.php",
:wp_content_dir=>"wp-content",
:name=>"display-widgets"}),
WpPlugin.new({:url=>"http://example.localhost/",
:path=>"plugins/media-library",
:wp_content_dir=>"wp-content",
:name=>"media-library"}),
WpPlugin.new({:url=>"http://example.localhost/",
:path=>"plugins/deans",
:wp_content_dir=>"wp-content",
:name=>"deans"}),
WpPlugin.new({:url=>"http://example.localhost/",
:path=>"plugins/formidable/formidable.php",
:wp_content_dir=>"wp-content",
:name=>"formidable"}),
WpPlugin.new({:url=>"http://example.localhost/",
:path=>"plugins/regenerate-thumbnails/readme.txt",
:wp_content_dir=>"wp-content",
:name=>"regenerate-thumbnails"})]
@targets = [WpPlugin.new({:url => "http://example.localhost/",
:path => "plugins/exclude-pages/exclude_pages.php",
:wp_content_dir => "wp-content",
:name => "exclude-pages"}),
WpPlugin.new({:url => "http://example.localhost/",
:path => "plugins/display-widgets/display-widgets.php",
:wp_content_dir => "wp-content",
:name => "display-widgets"}),
WpPlugin.new({:url => "http://example.localhost/",
:path => "plugins/media-library",
:wp_content_dir => "wp-content",
:name => "media-library"}),
WpPlugin.new({:url => "http://example.localhost/",
:path => "plugins/deans",
:wp_content_dir => "wp-content",
:name => "deans"}),
WpPlugin.new({:url => "http://example.localhost/",
:path => "plugins/formidable/formidable.php",
:wp_content_dir => "wp-content",
:name => "formidable"}),
WpPlugin.new({:url => "http://example.localhost/",
:path => "plugins/regenerate-thumbnails/readme.txt",
:wp_content_dir => "wp-content",
:name => "regenerate-thumbnails"})]
end
describe "#plugins_from_passive_detection" do

176
spec/lib/wpscan/modules/wp_themes_spec.rb Normal file
View File

@@ -0,0 +1,176 @@
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
shared_examples_for "WpThemes" do
before :all do
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_themes'
@themes_file = @fixtures_dir + "/themes.txt"
@theme_vulns_file = @fixtures_dir + "/theme_vulns.xml"
@wp_url = "http://example.localhost/"
end
before :each do
@module = WpScanModuleSpec.new(@wp_url)
@module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
@module.extend(WpThemes)
@options = {:url => @wp_url,
:only_vulnerable_ones => false,
:show_progress_bar => false,
:error_404_hash => Digest::MD5.hexdigest("Error 404!"),
:vulns_file => @theme_vulns_file,
:file => @themes_file,
:type => "themes",
:wp_content_dir => "wp-content",
:vulns_xpath_2 => "//theme"
}
File.exist?(@theme_vulns_file).should == true
File.exist?(@themes_file).should == true
@targets = [WpTheme.new({:url => "http://example.localhost/",
:path => "themes/zenpro/404.php",
:wp_content_dir => "wp-content",
:name => "zenpro"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/zeta-zip/404.php",
:wp_content_dir => "wp-content",
:name => "zeta-zip"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/zfirst/404.php",
:wp_content_dir => "wp-content",
:name => "zfirst"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/zgrey/404.php",
:wp_content_dir => "wp-content",
:name => "zgrey"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/zindi-ii/404.php",
:wp_content_dir => "wp-content",
:name => "zindi-ii"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/zindi/404.php",
:wp_content_dir => "wp-content",
:name => "zindi"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/zombie-apocalypse/404.php",
:wp_content_dir => "wp-content",
:name => "zombie-apocalypse"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/zsofa/404.php",
:wp_content_dir => "wp-content",
:name => "zsofa"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/zwei-seiten/404.php",
:wp_content_dir => "wp-content",
:name => "zwei-seiten"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/twentyten/404.php",
:wp_content_dir => "wp-content",
:name => "twentyten"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/shopperpress",
:wp_content_dir => "wp-content",
:name => "shopperpress"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/wise",
:wp_content_dir => "wp-content",
:name => "wise"}),
WpTheme.new({:url => "http://example.localhost/",
:path => "themes/webfolio",
:wp_content_dir => "wp-content",
:name => "webfolio"})]
end
describe "#themes_from_passive_detection" do
let(:passive_detection_fixtures) { @fixtures_dir + '/passive_detection' }
it "should return an empty array" do
stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_theme.htm'))
themes = @module.themes_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
themes.should be_empty
end
it "should return the expected themes" do
stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/various_themes.htm'))
expected_theme_names = %w{ theme1 theme2 theme3 }
expected_themes = []
expected_theme_names.each do |theme_name|
expected_themes << WpTheme.new(:url => @module.url,
:path => "/themes/#{theme_name}/",
:name => theme_name)
end
themes = @module.themes_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
themes.should_not be_empty
themes.length.should == expected_themes.length
themes.sort.should == expected_themes.sort
end
end
describe "#themes_from_aggressive_detection" do
before :each do
stub_request(:get, @module.uri.to_s).to_return(:status => 200)
# Point all targets to a 404
@targets.each do |target|
stub_request(:get, target.get_url.to_s).to_return(:status => 404)
# to_s calls readme_url
stub_request(:get, target.readme_url.to_s).to_return(:status => 404)
end
end
after :each do
@passive_detection_fixture = SPEC_FIXTURES_DIR + "/empty-file" unless @passive_detection_fixture
stub_request_to_fixture(:url => "#{@module.uri}/".sub(/\/\/$/, "/"), :fixture => @passive_detection_fixture)
detected = @module.themes_from_aggressive_detection(@options)
detected.length.should == @expected_themes.length
detected.sort.should == @expected_themes.sort
end
it "should return an empty array" do
@expected_themes = []
end
it "should return an array with 3 WpTheme (1 detected from passive method)" do
@passive_detection_fixture = @fixtures_dir + "/passive_detection/one_theme.htm"
@expected_themes = @targets.sample(2)
@expected_themes.each do |p|
stub_request(:get, p.get_url.to_s).to_return(:status => 200)
end
new_theme = WpTheme.new(:url => "http://example.localhost/",
:path => "/themes/custom-twentyten/",
:name => "custom-twentyten")
stub_request(:get, new_theme.readme_url.to_s).to_return(:status => 200)
@expected_themes << new_theme
end
# testing response codes
WpTarget.valid_response_codes.each do |valid_response_code|
it "should detect the theme if the reponse.code is #{valid_response_code}" do
@expected_themes = []
theme_url = [@targets.sample(1)[0]]
theme_url.should_not be_nil
theme_url.length.should == 1
@expected_themes = theme_url
stub_request(:get, theme_url[0].get_url.to_s).to_return(:status => valid_response_code)
end
end
end
end

6
spec/lib/wpscan/modules/wp_usernames_spec.rb
View File

@@ -45,7 +45,7 @@ shared_examples_for "WpUsernames" do
it "should return an array with 1 username (from header location)" do
stub_request(:get, @module.author_url(3)).
to_return(:status => 301, :headers => { 'location' => '/author/Youhou/'})
to_return(:status => 301, :headers => {'location' => '/author/Youhou/'})
usernames = @module.usernames
usernames.should_not be_empty
@@ -66,7 +66,7 @@ shared_examples_for "WpUsernames" do
it "should return an array with 2 usernames (one is a duplicate and should not be present twice)" do
stub_request(:get, @module.author_url(4)).
to_return(:status => 301, :headers => { 'location' => '/author/Youhou/'})
to_return(:status => 301, :headers => {'location' => '/author/Youhou/'})
stub_request(:get, @module.author_url(2)).
to_return(:status => 200, :body => File.new(@fixtures_dir + '/admin.htm'))
@@ -76,7 +76,7 @@ shared_examples_for "WpUsernames" do
expected = [WpUser.new("admin", 2, "admin | Wordpress 3.3.2"),
WpUser.new("Youhou", 4, "empty")]
usernames.sort_by {|u| u.name}.eql?(expected.sort_by {|u| u.name}).should be_true
usernames.sort_by { |u| u.name }.eql?(expected.sort_by { |u| u.name }).should be_true
end
end

1
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -41,6 +41,7 @@ describe WpTarget do
it_should_behave_like "WpUsernames"
it_should_behave_like "WpTimthumbs"
it_should_behave_like "WpPlugins"
it_should_behave_like "WpThemes"
describe "#initialize" do
it "should raise an error if the target_url is nil or empty" do

4
spec/lib/wpscan/wp_user_spec.rb
View File

@@ -73,13 +73,13 @@ describe WpUser do
it "should return true" do
user1 = WpUser.new("a", "id", "nick")
user2 = WpUser.new("a", "id", "nick")
(user1.eql?user2).should be_true
(user1.eql? user2).should be_true
end
it "should return false" do
user1 = WpUser.new("a", "id", "nick")
user2 = WpUser.new("b", "id", "nick")
(user1.eql?user2).should be_false
(user1.eql? user2).should be_false
end
end
end

2
spec/lib/wpscan/wp_version_spec.rb
View File

@@ -154,7 +154,7 @@ describe WpVersion do
describe "#initialize" do
it "should initialize a WpVersion object" do
v = WpVersion.new(1, { :discovery_method => "method", :vulns_xml => "asdf.xml" })
v = WpVersion.new(1, {:discovery_method => "method", :vulns_xml => "asdf.xml"})
v.number.should == 1
v.discovery_method.should == "method"
end

6
wpscan.rb
View File

@@ -323,9 +323,9 @@ begin
puts green("[+]") + " We found the following #{usernames.length.to_s} username/s :"
puts
max_id_length = usernames.sort{|a,b| a.id <=> b.id}.last.id.to_s.length
max_name_length = usernames.sort{|a,b| a.name <=> b.name}.last.name.length
max_nickname_length = usernames.sort{|a,b| a.nickname <=> b.nickname}.last.nickname.length
max_id_length = usernames.sort { |a, b| a.id <=> b.id }.last.id.to_s.length
max_name_length = usernames.sort { |a, b| a.name <=> b.name }.last.name.length
max_nickname_length = usernames.sort { |a, b| a.nickname <=> b.nickname }.last.nickname.length
space = 1
usernames.each do |u|