garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Misc fixes and typos

Browse Source
This commit is contained in:
g0tmi1k
2018-05-14 16:37:14 +01:00
parent 4333ecb989
commit b9fa1e3587
7 changed files with 31 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/common/common_helper.rb
View File

@@ -8,7 +8,7 @@ USER_DIR = File.expand_path(Dir.home) # ~/
# Core WPScan directories # Core WPScan directories
CACHE_DIR = File.join(USER_DIR, '.wpscan/cache') # ~/.wpscan/cache/ CACHE_DIR = File.join(USER_DIR, '.wpscan/cache') # ~/.wpscan/cache/
DATA_DIR = File.join(USER_DIR, '.wpscan/data') # ~/.wpscan/data/ DATA_DIR = File.join(USER_DIR, '.wpscan/data') # ~/.wpscan/data/
CONF_DIR = File.join(ROOT_DIR, '.wpscan/conf') # ~/.wpscan/conf/ CONF_DIR = File.join(USER_DIR, '.wpscan/conf') # ~/.wpscan/conf/
COMMON_LIB_DIR = File.join(LIB_DIR, 'common') # wpscan/lib/common/ COMMON_LIB_DIR = File.join(LIB_DIR, 'common') # wpscan/lib/common/
UPDATER_LIB_DIR = File.join(LIB_DIR, 'updater') # wpscan/lib/updater/ - Not used ATM UPDATER_LIB_DIR = File.join(LIB_DIR, 'updater') # wpscan/lib/updater/ - Not used ATM
WPSCAN_LIB_DIR = File.join(LIB_DIR, 'wpscan') # wpscan/lib/wpscan/ WPSCAN_LIB_DIR = File.join(LIB_DIR, 'wpscan') # wpscan/lib/wpscan/
@@ -103,14 +103,14 @@ def extract_db_zip
Zip::File.open(DATA_FILE) do |zip_file| Zip::File.open(DATA_FILE) do |zip_file|
zip_file.each do |f| zip_file.each do |f|
# Feedback to the user # Feedback to the user
puts "[+] Extracting: #{File.basename(f.name)}" if verbose #puts "[+] Extracting: #{File.basename(f.name)}"
f_path = File.join(DATA_DIR, File.basename(f.name)) f_path = File.join(DATA_DIR, File.basename(f.name))
# Create folder # Create folder
FileUtils.mkdir_p(File.dirname(f_path)) FileUtils.mkdir_p(File.dirname(f_path))
# Delete if already there # Delete if already there
puts "[+] Deleting: #{File.basename(f.name)}" if verbose and File.exist?(f_path) #puts "[+] Deleting: #{File.basename(f.name)}" if File.exist?(f_path)
FileUtils.rm(f_path) if File.exist?(f_path) FileUtils.rm(f_path) if File.exist?(f_path)
# Extract # Extract

8
lib/wpscan/web_site.rb
View File

@@ -1,16 +1,16 @@
# encoding: UTF-8 # encoding: UTF-8
require 'web_site/robots_txt'
require 'web_site/humans_txt' require 'web_site/humans_txt'
require 'web_site/security_txt'
require 'web_site/interesting_headers' require 'web_site/interesting_headers'
require 'web_site/robots_txt'
require 'web_site/security_txt'
require 'web_site/sitemap' require 'web_site/sitemap'
class WebSite class WebSite
include WebSite::RobotsTxt
include WebSite::HumansTxt include WebSite::HumansTxt
include WebSite::SecurityTxt
include WebSite::InterestingHeaders include WebSite::InterestingHeaders
include WebSite::RobotsTxt
include WebSite::SecurityTxt
include WebSite::Sitemap include WebSite::Sitemap
attr_reader :uri attr_reader :uri

7
lib/wpscan/web_site/humans_txt.rb
View File

@@ -18,11 +18,12 @@ class WebSite
# Parse humans.txt # Parse humans.txt
# @return [ Array ] URLs generated from humans.txt # @return [ Array ] URLs generated from humans.txt
def parse_humans_txt def parse_humans_txt
return unless has_humans?
return_object = [] return_object = []
response = Browser.get(humans_url.to_s) response = Browser.get(humans_url.to_s)
entries = response.body.split(/\n/) body = response.body
entries = body.split(/\n/)
if entries if entries
entries.flatten! entries.flatten!
entries.uniq! entries.uniq!

9
lib/wpscan/web_site/robots_txt.rb
View File

@@ -18,16 +18,18 @@ class WebSite
# Parse robots.txt # Parse robots.txt
# @return [ Array ] URLs generated from robots.txt # @return [ Array ] URLs generated from robots.txt
def parse_robots_txt def parse_robots_txt
return unless has_robots?
return_object = [] return_object = []
# Make request
response = Browser.get(robots_url.to_s) response = Browser.get(robots_url.to_s)
body = response.body body = response.body
# Get all allow and disallow urls # Get all allow and disallow urls
entries = body.scan(/^(?:dis)?allow:\s*(.*)$/i) entries = body.scan(/^(?:dis)?allow:\s*(.*)$/i)
# Did we get something?
if entries if entries
#extract elements # Extract elements
entries.flatten! entries.flatten!
# Remove any leading/trailing spaces # Remove any leading/trailing spaces
entries.collect{|x| x.strip || x } entries.collect{|x| x.strip || x }
@@ -77,6 +79,5 @@ class WebSite
/wp-content/ /wp-content/
} }
end end
end end
end end

8
lib/wpscan/web_site/security_txt.rb
View File

@@ -18,11 +18,13 @@ class WebSite
# Parse security.txt # Parse security.txt
# @return [ Array ] URLs generated from security.txt # @return [ Array ] URLs generated from security.txt
def parse_security_txt def parse_security_txt
return unless has_security?
return_object = [] return_object = []
response = Browser.get(security_url.to_s) response = Browser.get(security_url.to_s)
entries = response.body.split(/\n/) body = response.body
# Get all non-comments
entries = body.split(/\n/)
if entries if entries
entries.flatten! entries.flatten!
entries.uniq! entries.uniq!

15
lib/wpscan/wp_target/wp_api.rb
View File

@@ -66,14 +66,15 @@ class WpTarget < WebSite
users << row users << row
end end
# Sort and uniq if users
users = users.sort.uniq # Sort and uniq
users = users.sort.uniq
# Print results # Print results
table = Terminal::Table.new(headings: ['ID', 'Name', 'URL'], table = Terminal::Table.new(headings: ['ID', 'Name', 'URL'],
rows: users) rows: users)
puts table puts table
end
end end
end end
end end

3
wpscan.rb
View File

@@ -268,7 +268,8 @@ def main
end end
if wp_target.has_security? if wp_target.has_security?
puts info("security.txt available under: #{wp_target.security_url}") code = get_http_status(wp_target.humans_url)
puts info("security.txt available under: #{wp_target.security_url} [HTTP #{code}]")
wp_target.parse_security_txt.each do |dir| wp_target.parse_security_txt.each do |dir|
puts info("Interesting entry from security.txt: #{dir}") puts info("Interesting entry from security.txt: #{dir}")