Misc fixes and typos

2018-05-14 16:37:14 +01:00
parent 4333ecb989
commit b9fa1e3587
7 changed files with 31 additions and 25 deletions
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -8,7 +8,7 @@ USER_DIR             = File.expand_path(Dir.home) # ~/
 # Core WPScan directories
 CACHE_DIR            = File.join(USER_DIR, '.wpscan/cache') # ~/.wpscan/cache/
 DATA_DIR             = File.join(USER_DIR, '.wpscan/data') # ~/.wpscan/data/
-CONF_DIR             = File.join(ROOT_DIR, '.wpscan/conf') # ~/.wpscan/conf/
+CONF_DIR             = File.join(USER_DIR, '.wpscan/conf') # ~/.wpscan/conf/
 COMMON_LIB_DIR       = File.join(LIB_DIR, 'common') # wpscan/lib/common/
 UPDATER_LIB_DIR      = File.join(LIB_DIR, 'updater') # wpscan/lib/updater/ -  Not used ATM
 WPSCAN_LIB_DIR       = File.join(LIB_DIR, 'wpscan') # wpscan/lib/wpscan/
@@ -103,14 +103,14 @@ def extract_db_zip
  Zip::File.open(DATA_FILE) do |zip_file|
    zip_file.each do |f|
      # Feedback to the user
-      puts "[+] Extracting: #{File.basename(f.name)}" if verbose
+      #puts "[+] Extracting: #{File.basename(f.name)}"
      f_path = File.join(DATA_DIR, File.basename(f.name))

      # Create folder
      FileUtils.mkdir_p(File.dirname(f_path))

      # Delete if already there
-      puts "[+] Deleting: #{File.basename(f.name)}" if verbose and File.exist?(f_path)
+      #puts "[+] Deleting: #{File.basename(f.name)}" if File.exist?(f_path)
      FileUtils.rm(f_path) if File.exist?(f_path)

      # Extract
--- a/lib/wpscan/web_site.rb
+++ b/lib/wpscan/web_site.rb
@@ -1,16 +1,16 @@
 # encoding: UTF-8

-require 'web_site/robots_txt'
 require 'web_site/humans_txt'
-require 'web_site/security_txt'
 require 'web_site/interesting_headers'
+require 'web_site/robots_txt'
+require 'web_site/security_txt'
 require 'web_site/sitemap'

 class WebSite
-  include WebSite::RobotsTxt
  include WebSite::HumansTxt
-  include WebSite::SecurityTxt
  include WebSite::InterestingHeaders
+  include WebSite::RobotsTxt
+  include WebSite::SecurityTxt
  include WebSite::Sitemap

  attr_reader :uri
--- a/lib/wpscan/web_site/humans_txt.rb
+++ b/lib/wpscan/web_site/humans_txt.rb
@@ -18,11 +18,12 @@ class WebSite
    # Parse humans.txt
    # @return [ Array ] URLs generated from humans.txt
    def parse_humans_txt
-      return unless has_humans?
-
      return_object = []
      response = Browser.get(humans_url.to_s)
-      entries = response.body.split(/\n/)
+      body = response.body
+
+      entries = body.split(/\n/)
+
      if entries
        entries.flatten!
        entries.uniq!
--- a/lib/wpscan/web_site/robots_txt.rb
+++ b/lib/wpscan/web_site/robots_txt.rb
@@ -18,16 +18,18 @@ class WebSite
    # Parse robots.txt
    # @return [ Array ] URLs generated from robots.txt
    def parse_robots_txt
-      return unless has_robots?
-
      return_object = []
+
+      # Make request
      response = Browser.get(robots_url.to_s)
      body = response.body

      # Get all allow and disallow urls
      entries = body.scan(/^(?:dis)?allow:\s*(.*)$/i)
+
+      # Did we get something?
      if entries
-        #extract elements
+        # Extract elements
        entries.flatten!
        # Remove any leading/trailing spaces
        entries.collect{|x| x.strip || x }
@@ -77,6 +79,5 @@ class WebSite
        /wp-content/
      }
    end
-
  end
 end
--- a/lib/wpscan/web_site/security_txt.rb
+++ b/lib/wpscan/web_site/security_txt.rb
@@ -18,11 +18,13 @@ class WebSite
    # Parse security.txt
    # @return [ Array ] URLs generated from security.txt
    def parse_security_txt
-      return unless has_security?
-
      return_object = []
      response = Browser.get(security_url.to_s)
-      entries = response.body.split(/\n/)
+      body = response.body
+
+      # Get all non-comments
+      entries = body.split(/\n/)
+
      if entries
        entries.flatten!
        entries.uniq!
--- a/lib/wpscan/wp_target/wp_api.rb
+++ b/lib/wpscan/wp_target/wp_api.rb
@@ -66,14 +66,15 @@ class WpTarget < WebSite
        users << row
      end

-      # Sort and uniq
-      users = users.sort.uniq
+      if users
+        # Sort and uniq
+        users = users.sort.uniq

-      # Print results
-      table = Terminal::Table.new(headings: ['ID', 'Name', 'URL'],
-                                  rows: users)
-      puts table
+        # Print results
+        table = Terminal::Table.new(headings: ['ID', 'Name', 'URL'],
+                                    rows: users)
+        puts table
+      end
    end
-
  end
 end
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -268,7 +268,8 @@ def main
    end

    if wp_target.has_security?
-      puts info("security.txt available under: #{wp_target.security_url}")
+      code = get_http_status(wp_target.humans_url)
+      puts info("security.txt available under: #{wp_target.security_url}   [HTTP #{code}]")

      wp_target.parse_security_txt.each do |dir|
        puts info("Interesting entry from security.txt: #{dir}")