garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WPSTools updated to respect ruby standards according to rubocop

Browse Source
This commit is contained in:
erwanlr
2013-01-24 17:04:45 +01:00
parent ce9f073f26
commit b0dd9ba989
18 changed files with 261 additions and 231 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
lib/wpstools/plugins/checker/checker_plugin.rb
View File

@@ -1,3 +1,5 @@
# encoding: UTF-8
#
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
@@ -18,13 +20,11 @@
class CheckerPlugin < Plugin
def initialize
super(
:author => "@wpscanteam - @erwanlr"
)
super(author: 'WPScanTeam - @erwanlr')
register_options(
["--check-vuln-ref-urls", "--cvru", "Check all the vulnerabilities reference urls for 404"],
["--check-local-vulnerable-files LOCAL_DIRECTORY", "--clvf", "Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells"]
['--check-vuln-ref-urls', '--cvru', 'Check all the vulnerabilities reference urls for 404'],
['--check-local-vulnerable-files LOCAL_DIRECTORY', '--clvf', 'Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells']
)
end
@@ -39,11 +39,11 @@ class CheckerPlugin < Plugin
end
def check_vuln_ref_urls
vuln_ref_files = [ PLUGINS_VULNS_FILE , THEMES_VULNS_FILE, WP_VULNS_FILE ]
vuln_ref_files = [PLUGINS_VULNS_FILE, THEMES_VULNS_FILE, WP_VULNS_FILE]
error_codes = [404, 500, 403]
not_found_regexp = %r{No Results Found|error 404|ID Invalid or Not Found}i
puts "[+] Checking vulnerabilities reference urls"
puts '[+] Checking vulnerabilities reference urls'
vuln_ref_files.each do |vuln_ref_file|
xml = Nokogiri::XML(File.open(vuln_ref_file)) do |config|
@@ -51,7 +51,7 @@ class CheckerPlugin < Plugin
end
urls = []
xml.xpath("//reference").each { |node| urls << node.text }
xml.xpath('//reference').each { |node| urls << node.text }
urls.uniq!
@@ -63,7 +63,7 @@ class CheckerPlugin < Plugin
number_of_urls = urls.size
urls.each do |url|
request = browser.forge_request(url, { :cache_timeout => 0, :follow_location => true })
request = browser.forge_request(url, { cache_timeout: 0, follow_location: true })
request_count += 1
request.on_complete do |response|
@@ -95,11 +95,11 @@ class CheckerPlugin < Plugin
if Dir::exist?(dir_to_scan)
xml_file = LOCAL_FILES_FILE
local_hashes = {}
file_extension_to_scan = "*.{js,php,swf,html,htm}"
file_extension_to_scan = '*.{js,php,swf,html,htm}'
print "[+] Generating local hashes ... "
print '[+] Generating local hashes ... '
Dir[File::join(dir_to_scan, "**", file_extension_to_scan)].each do |filename|
Dir[File::join(dir_to_scan, '**', file_extension_to_scan)].each do |filename|
sha1sum = Digest::SHA1.file(filename).hexdigest
if local_hashes.has_key?(sha1sum)
@@ -109,36 +109,36 @@ class CheckerPlugin < Plugin
end
end
puts "done."
puts 'done.'
puts "[+] Checking for vulnerable files ..."
puts '[+] Checking for vulnerable files ...'
xml = Nokogiri::XML(File.open(xml_file)) do |config|
config.noblanks
end
xml.xpath("//hash").each do |node|
sha1sum = node.attribute("sha1").text
xml.xpath('//hash').each do |node|
sha1sum = node.attribute('sha1').text
if local_hashes.has_key?(sha1sum)
local_filenames = local_hashes[sha1sum]
vuln_title = node.search("title").text
vuln_filename = node.search("file").text
vuln_refrence = node.search("reference").text
vuln_title = node.search('title').text
vuln_filename = node.search('file').text
vuln_refrence = node.search('reference').text
puts " #{vuln_filename} found :"
puts " | Location(s):"
puts ' | Location(s):'
local_filenames.each do |file|
puts " | - #{file}"
end
puts " |"
puts ' |'
puts " | Title: #{vuln_title}"
puts " | Refrence: #{vuln_refrence}" if !vuln_refrence.empty?
puts
end
end
puts "done."
puts 'done.'
else
puts "The supplied directory '#{dir_to_scan}' does not exist"

55
lib/wpstools/plugins/list_generator/generate_list.rb
View File

@@ -1,5 +1,4 @@
#!/usr/bin/env ruby
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -26,14 +25,14 @@ class GenerateList
# type = themes | plugins
def initialize(type, verbose)
if type =~ /plugins/i
@type = "plugin"
@svn_url = "http://plugins.svn.wordpress.org/"
@popular_url = "http://wordpress.org/extend/plugins/browse/popular/"
@type = 'plugin'
@svn_url = 'http://plugins.svn.wordpress.org/'
@popular_url = 'http://wordpress.org/extend/plugins/browse/popular/'
@popular_regex = %r{<h3><a href="http://wordpress.org/extend/plugins/(.+)/">.+</a></h3>}i
elsif type =~ /themes/i
@type = "theme"
@svn_url = "http://themes.svn.wordpress.org/"
@popular_url = "http://wordpress.org/extend/themes/browse/popular/"
@type = 'theme'
@svn_url = 'http://themes.svn.wordpress.org/'
@popular_url = 'http://wordpress.org/extend/themes/browse/popular/'
@popular_regex = %r{<h3><a href="http://wordpress.org/extend/themes/(.+)">.+</a></h3>}i
else
raise "Type #{type} not defined"
@@ -45,24 +44,24 @@ class GenerateList
def set_file_name(type)
case @type
when "plugin"
case type
when :full
@file_name = PLUGINS_FULL_FILE
when :popular
@file_name = PLUGINS_FILE
else
raise "Unknown type"
end
when "theme"
case type
when :full
@file_name = THEMES_FULL_FILE
when :popular
@file_name = THEMES_FILE
else
raise "Unknown type"
end
when 'plugin'
case type
when :full
@file_name = PLUGINS_FULL_FILE
when :popular
@file_name = PLUGINS_FILE
else
raise 'Unknown type'
end
when 'theme'
case type
when :full
@file_name = THEMES_FULL_FILE
when :popular
@file_name = THEMES_FILE
else
raise 'Unknown type'
end
else
raise "Unknown type #@type"
end
@@ -87,7 +86,7 @@ class GenerateList
page_count = 1
queue_count = 0
(1...(pages.to_i+1)).each do |page|
(1...(pages.to_i + 1)).each do |page|
# First page has another URL
url = (page == 1) ? @popular_url : @popular_url + 'page/' + page.to_s + '/'
request = @browser.forge_request(url)
@@ -95,7 +94,7 @@ class GenerateList
queue_count += 1
request.on_complete do |response|
puts "[+] Parsing page " + page_count.to_s if @verbose
puts "[+] Parsing page #{page_count}" if @verbose
page_count += 1
response.body.scan(@popular_regex).each do |item|
puts "[+] Found popular #@type: #{item}" if @verbose

24
lib/wpstools/plugins/list_generator/list_generator_plugin.rb
View File

@@ -1,3 +1,5 @@
# encoding: UTF-8
#
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
@@ -18,18 +20,16 @@
class ListGeneratorPlugin < Plugin
def initialize
super(
:author => "WPScanTeam - @FireFart"
)
super(author: 'WPScanTeam - @FireFart')
register_options(
["--generate-plugin-list [NUMBER_OF_PAGES]", "--gpl", Integer, "Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)"],
["--generate-full-plugin-list", "--gfpl", "Generate a new full data/plugins.txt file"],
['--generate-plugin-list [NUMBER_OF_PAGES]', '--gpl', Integer, 'Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)'],
['--generate-full-plugin-list', '--gfpl', 'Generate a new full data/plugins.txt file'],
["--generate-theme-list [NUMBER_OF_PAGES]", "--gtl", Integer, "Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)"],
["--generate-full-theme-list", "--gftl", "Generate a new full data/themes.txt file"],
['--generate-theme-list [NUMBER_OF_PAGES]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)'],
['--generate-full-theme-list', '--gftl', 'Generate a new full data/themes.txt file'],
["--generate-all", "--ga", "Generate a new full plugins, full themes, popular plugins and popular themes list"],
['--generate-all', '--ga', 'Generate a new full plugins, full themes, popular plugins and popular themes list']
)
end
@@ -40,13 +40,13 @@ class ListGeneratorPlugin < Plugin
if options.has_key?(:generate_plugin_list) || generate_all
number_of_pages = options[:generate_plugin_list] || 150
puts "[+] Generating new most popular plugin list"
puts '[+] Generating new most popular plugin list'
puts
GenerateList.new('plugins', verbose).generate_popular_list(number_of_pages)
end
if options[:generate_full_plugin_list] || generate_all
puts "[+] Generating new full plugin list"
puts '[+] Generating new full plugin list'
puts
GenerateList.new('plugins', verbose).generate_full_list
end
@@ -54,13 +54,13 @@ class ListGeneratorPlugin < Plugin
if options.has_key?(:generate_theme_list) || generate_all
number_of_pages = options[:generate_theme_list] || 150
puts "[+] Generating new most popular theme list"
puts '[+] Generating new most popular theme list'
puts
GenerateList.new('themes', verbose).generate_popular_list(number_of_pages)
end
if options[:generate_full_theme_list] || generate_all
puts "[+] Generating new full theme list"
puts '[+] Generating new full theme list'
puts
GenerateList.new('themes', verbose).generate_full_list
end

15
lib/wpstools/plugins/list_generator/svn_parser.rb
View File

@@ -1,5 +1,4 @@
#!/usr/bin/env ruby
# encoding: UTF-8
#--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
@@ -24,12 +23,12 @@ class SvnParser
attr_accessor :verbose, :svn_root, :keep_empty_dirs
def initialize(svn_root)
@svn_root = svn_root
@svn_browser = Browser.instance
@svn_hydra = @svn_browser.hydra
@svn_root = svn_root
@svn_browser = Browser.instance
@svn_hydra = @svn_browser.hydra
end
def parse()
def parse
get_root_directories
end
@@ -38,11 +37,13 @@ class SvnParser
# Gets all directories in the SVN root
def get_root_directories
dirs = []
dirs = []
rootindex = @svn_browser.get(@svn_root).body
rootindex.scan(%r{<li><a href=".+">(.+)/</a></li>}i).each do |dir|
dirs << dir[0]
end
dirs.sort!
dirs.uniq
end