From bc28750750e5bcf21c65beacbf0dc7e813f8de98 Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Fri, 8 Feb 2013 10:31:55 +0100 Subject: [PATCH] Wpscan statistics --- lib/wpscan/modules/wp_plugins.rb | 6 -- lib/wpscan/modules/wp_themes.rb | 6 -- lib/wpscan/wpscan_stats.rb | 70 +++++++++++++++++++ spec/lib/wpscan/modules/wp_plugins_spec.rb | 6 -- spec/lib/wpscan/modules/wp_themes_spec.rb | 6 -- spec/lib/wpscan/wpscan_stats_spec.rb | 62 ++++++++++++++++ spec/samples/wpscan/wp_plugin/plugins.txt | 4 ++ spec/samples/wpscan/wp_theme/themes.txt | 5 ++ .../wp_theme/vulnerabilities/theme_vulns.xml | 5 ++ wpscan.rb | 11 ++- 10 files changed, 155 insertions(+), 26 deletions(-) create mode 100644 lib/wpscan/wpscan_stats.rb create mode 100644 spec/lib/wpscan/wpscan_stats_spec.rb create mode 100644 spec/samples/wpscan/wp_plugin/plugins.txt create mode 100644 spec/samples/wpscan/wp_theme/themes.txt diff --git a/lib/wpscan/modules/wp_plugins.rb b/lib/wpscan/modules/wp_plugins.rb index 17a7190b..f1634cc7 100644 --- a/lib/wpscan/modules/wp_plugins.rb +++ b/lib/wpscan/modules/wp_plugins.rb @@ -69,10 +69,4 @@ module WpPlugins plugins.sort_by { |p| p.name } end - def plugin_vulns_count(file=PLUGINS_VULNS_FILE) - xml = Nokogiri::XML(File.open(file)) do |config| - config.noblanks - end - xml.xpath("count(//plugin)").to_i - end end diff --git a/lib/wpscan/modules/wp_themes.rb b/lib/wpscan/modules/wp_themes.rb index 9dd4f33b..3a9d0a7d 100644 --- a/lib/wpscan/modules/wp_themes.rb +++ b/lib/wpscan/modules/wp_themes.rb @@ -56,10 +56,4 @@ module WpThemes themes.sort_by { |t| t.name } end - def theme_vulns_count(file=THEMES_VULNS_FILE) - xml = Nokogiri::XML(File.open(file)) do |config| - config.noblanks - end - xml.xpath("count(//theme)").to_i - end end diff --git a/lib/wpscan/wpscan_stats.rb b/lib/wpscan/wpscan_stats.rb new file mode 100644 index 00000000..898eb115 --- /dev/null +++ b/lib/wpscan/wpscan_stats.rb @@ -0,0 +1,70 @@ +# encoding: UTF-8 +#-- +# WPScan - WordPress Security Scanner +# Copyright (C) 2012-2013 +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +#++ + +class WpscanStats + + def self.vuln_plugin_count(file=PLUGINS_VULNS_FILE) + xml = Nokogiri::XML(File.open(file)) do |config| + config.noblanks + end + xml.xpath("count(//plugin)").to_i + end + + def self.vuln_theme_count(file=THEMES_VULNS_FILE) + xml = Nokogiri::XML(File.open(file)) do |config| + config.noblanks + end + xml.xpath("count(//theme)").to_i + end + + def self.plugin_vulns_count(file=PLUGINS_VULNS_FILE) + xml = Nokogiri::XML(File.open(file)) do |config| + config.noblanks + end + xml.xpath("count(//vulnerability)").to_i + end + + def self.theme_vulns_count(file=THEMES_VULNS_FILE) + xml = Nokogiri::XML(File.open(file)) do |config| + config.noblanks + end + xml.xpath("count(//vulnerability)").to_i + end + + def self.total_plugins(file=PLUGINS_FULL_FILE, xml=PLUGINS_VULNS_FILE) + options = {} + options[:only_vulnerable_ones] = false + options[:file] = file + options[:vulns_file] = xml + options[:base_url] = "http://localhost" + options[:type] = "plugins" + WpEnumerator.generate_items(options).count + end + + def self.total_themes(file=THEMES_FULL_FILE, xml=THEMES_VULNS_FILE) + options = {} + options[:only_vulnerable_ones] = false + options[:file] = file + options[:vulns_file] = xml + options[:base_url] = "http://localhost" + options[:type] = "themes" + WpEnumerator.generate_items(options).count + end + +end diff --git a/spec/lib/wpscan/modules/wp_plugins_spec.rb b/spec/lib/wpscan/modules/wp_plugins_spec.rb index 809f2663..75e5a196 100644 --- a/spec/lib/wpscan/modules/wp_plugins_spec.rb +++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb @@ -194,10 +194,4 @@ shared_examples_for 'WpPlugins' do end end - describe '#plugin_vulns_count' do - it 'should return the correct number' do - xml = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/vulnerabilities/plugin_vulns.xml" - @module.plugin_vulns_count(xml).should === 2 - end - end end diff --git a/spec/lib/wpscan/modules/wp_themes_spec.rb b/spec/lib/wpscan/modules/wp_themes_spec.rb index 4b8725c5..ac0a8c0f 100644 --- a/spec/lib/wpscan/modules/wp_themes_spec.rb +++ b/spec/lib/wpscan/modules/wp_themes_spec.rb @@ -208,10 +208,4 @@ shared_examples_for 'WpThemes' do end end - describe '#theme_vulns_count' do - it 'should return the correct number' do - xml = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/vulnerabilities/theme_vulns.xml" - @module.theme_vulns_count(xml).should === 2 - end - end end diff --git a/spec/lib/wpscan/wpscan_stats_spec.rb b/spec/lib/wpscan/wpscan_stats_spec.rb new file mode 100644 index 00000000..a66e774d --- /dev/null +++ b/spec/lib/wpscan/wpscan_stats_spec.rb @@ -0,0 +1,62 @@ +# encoding: UTF-8 +#-- +# WPScan - WordPress Security Scanner +# Copyright (C) 2012-2013 +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +#++ + +require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') + +describe 'WpscanStats' do + describe '#vuln_plugin_count' do + it 'should return the correct number' do + xml = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/vulnerabilities/plugin_vulns.xml" + WpscanStats.vuln_plugin_count(xml).should == 2 + end + end + + describe '#vuln_theme_count' do + it 'should return the correct number' do + xml = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/vulnerabilities/theme_vulns.xml" + WpscanStats.vuln_theme_count(xml).should == 2 + end + end + + describe '#plugin_vulns_count' do + it 'should return the correct number' do + xml = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/vulnerabilities/plugin_vulns.xml" + WpscanStats.plugin_vulns_count(xml).should == 3 + end + end + + describe '#theme_vulns_count' do + it 'should return the correct number' do + xml = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/vulnerabilities/theme_vulns.xml" + WpscanStats.theme_vulns_count(xml).should == 3 + end + end + + describe '#total_plugins' do + xml = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/vulnerabilities/plugin_vulns.xml" + file = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/plugins.txt" + WpscanStats.total_plugins(file, xml).should == 4 + end + + describe '#total_themes' do + xml = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/vulnerabilities/theme_vulns.xml" + file = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/themes.txt" + WpscanStats.total_themes(file, xml).should == 5 + end +end \ No newline at end of file diff --git a/spec/samples/wpscan/wp_plugin/plugins.txt b/spec/samples/wpscan/wp_plugin/plugins.txt new file mode 100644 index 00000000..c72ea779 --- /dev/null +++ b/spec/samples/wpscan/wp_plugin/plugins.txt @@ -0,0 +1,4 @@ +plugin1 +plugin2 +plugin3 +plugin4 diff --git a/spec/samples/wpscan/wp_theme/themes.txt b/spec/samples/wpscan/wp_theme/themes.txt new file mode 100644 index 00000000..f1f61dc6 --- /dev/null +++ b/spec/samples/wpscan/wp_theme/themes.txt @@ -0,0 +1,5 @@ +theme1 +theme2 +theme3 +theme4 +theme5 diff --git a/spec/samples/wpscan/wp_theme/vulnerabilities/theme_vulns.xml b/spec/samples/wpscan/wp_theme/vulnerabilities/theme_vulns.xml index 0b64d85e..47c9c57c 100644 --- a/spec/samples/wpscan/wp_theme/vulnerabilities/theme_vulns.xml +++ b/spec/samples/wpscan/wp_theme/vulnerabilities/theme_vulns.xml @@ -6,6 +6,11 @@ http://1337day.com/exploit/20027 FPD + + onepagewebsite Full Path Disclosure vulnerability + http://1337day.com/exploit/20027 + FPD + diff --git a/wpscan.rb b/wpscan.rb index 6901474c..f21a00b7 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -55,6 +55,15 @@ end File.delete(LOG_FILE) if File.exist?(LOG_FILE) and !File.symlink?(LOG_FILE) banner() +# Stats +puts "Wpscan Databse Statistics:" +puts "\tTotal vulnerable plugins: #{WpscanStats.vuln_plugin_count}" +puts "\tTotal vulnerable themes: #{WpscanStats.vuln_theme_count}" +puts "\tTotal plugin vulnerabilities: #{WpscanStats.plugin_vulns_count}" +puts "\tTotal theme vulnerabilities: #{WpscanStats.theme_vulns_count}" +puts "\tTotal plugins to enumerate: #{WpscanStats.total_plugins}" +puts "\tTotal themes to enumerate: #{WpscanStats.total_themes}" +puts begin wpscan_options = WpscanOptions.load_from_arguments @@ -146,8 +155,6 @@ begin start_time = Time.now puts "| URL: #{wp_target.url}" puts "| Started on #{start_time.asctime}" - puts "| Total vulnerable plugins: #{wp_target.plugin_vulns_count}" - puts "| Total vulnerable themes: #{wp_target.theme_vulns_count}" puts if wp_target.has_robots?