Wpscan statistics

lib/wpscan/modules/wp_plugins.rb

@@ -69,10 +69,4 @@ module WpPlugins
     plugins.sort_by { |p| p.name }
   end
 
-  def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
-    xml = Nokogiri::XML(File.open(file)) do |config|
-      config.noblanks
-    end
-    xml.xpath("count(//plugin)").to_i
-  end
 end

lib/wpscan/modules/wp_themes.rb

@@ -56,10 +56,4 @@ module WpThemes
     themes.sort_by { |t| t.name }
   end
 
-  def theme_vulns_count(file=THEMES_VULNS_FILE)
-    xml = Nokogiri::XML(File.open(file)) do |config|
-      config.noblanks
-    end
-    xml.xpath("count(//theme)").to_i
-  end
 end

lib/wpscan/wpscan_stats.rb

@@ -0,0 +1,70 @@
+# encoding: UTF-8
+#--
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012-2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#++
+
+class WpscanStats
+
+  def self.vuln_plugin_count(file=PLUGINS_VULNS_FILE)
+    xml = Nokogiri::XML(File.open(file)) do |config|
+      config.noblanks
+    end
+    xml.xpath("count(//plugin)").to_i
+  end
+
+  def self.vuln_theme_count(file=THEMES_VULNS_FILE)
+    xml = Nokogiri::XML(File.open(file)) do |config|
+      config.noblanks
+    end
+    xml.xpath("count(//theme)").to_i
+  end
+
+  def self.plugin_vulns_count(file=PLUGINS_VULNS_FILE)
+    xml = Nokogiri::XML(File.open(file)) do |config|
+      config.noblanks
+    end
+    xml.xpath("count(//vulnerability)").to_i
+  end
+
+  def self.theme_vulns_count(file=THEMES_VULNS_FILE)
+    xml = Nokogiri::XML(File.open(file)) do |config|
+      config.noblanks
+    end
+    xml.xpath("count(//vulnerability)").to_i
+  end
+
+  def self.total_plugins(file=PLUGINS_FULL_FILE, xml=PLUGINS_VULNS_FILE)
+    options = {}
+    options[:only_vulnerable_ones] = false
+    options[:file] = file
+    options[:vulns_file] = xml
+    options[:base_url] = "http://localhost"
+    options[:type] = "plugins"
+    WpEnumerator.generate_items(options).count
+  end
+
+  def self.total_themes(file=THEMES_FULL_FILE, xml=THEMES_VULNS_FILE)
+    options = {}
+    options[:only_vulnerable_ones] = false
+    options[:file] = file
+    options[:vulns_file] = xml
+    options[:base_url] = "http://localhost"
+    options[:type] = "themes"
+    WpEnumerator.generate_items(options).count
+  end
+
+end

spec/lib/wpscan/modules/wp_plugins_spec.rb

@@ -194,10 +194,4 @@ shared_examples_for 'WpPlugins' do
     end
   end
 
-  describe '#plugin_vulns_count' do
-    it 'should return the correct number' do
-      xml = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/vulnerabilities/plugin_vulns.xml"
-      @module.plugin_vulns_count(xml).should === 2
-    end
-  end
 end

spec/lib/wpscan/modules/wp_themes_spec.rb

@@ -208,10 +208,4 @@ shared_examples_for 'WpThemes' do
     end
   end
 
-  describe '#theme_vulns_count' do
-    it 'should return the correct number' do
-      xml = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/vulnerabilities/theme_vulns.xml"
-      @module.theme_vulns_count(xml).should === 2
-    end
-  end
 end

spec/lib/wpscan/wpscan_stats_spec.rb

@@ -0,0 +1,62 @@
+# encoding: UTF-8
+#--
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012-2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#++
+
+require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
+
+describe 'WpscanStats' do
+  describe '#vuln_plugin_count' do
+    it 'should return the correct number' do
+      xml = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/vulnerabilities/plugin_vulns.xml"
+      WpscanStats.vuln_plugin_count(xml).should == 2
+    end
+  end
+
+  describe '#vuln_theme_count' do
+    it 'should return the correct number' do
+      xml = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/vulnerabilities/theme_vulns.xml"
+      WpscanStats.vuln_theme_count(xml).should == 2
+    end
+  end
+
+  describe '#plugin_vulns_count' do
+    it 'should return the correct number' do
+      xml = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/vulnerabilities/plugin_vulns.xml"
+      WpscanStats.plugin_vulns_count(xml).should == 3
+    end
+  end
+
+  describe '#theme_vulns_count' do
+    it 'should return the correct number' do
+      xml = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/vulnerabilities/theme_vulns.xml"
+      WpscanStats.theme_vulns_count(xml).should == 3
+    end
+  end
+
+  describe '#total_plugins' do
+    xml = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/vulnerabilities/plugin_vulns.xml"
+    file = "#{SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR}/plugins.txt"
+    WpscanStats.total_plugins(file, xml).should == 4
+  end
+
+  describe '#total_themes' do
+    xml = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/vulnerabilities/theme_vulns.xml"
+    file = "#{SPEC_FIXTURES_WPSCAN_WP_THEME_DIR}/themes.txt"
+    WpscanStats.total_themes(file, xml).should == 5
+  end
+end

spec/samples/wpscan/wp_plugin/plugins.txt

@@ -0,0 +1,4 @@
+plugin1
+plugin2
+plugin3
+plugin4

spec/samples/wpscan/wp_theme/themes.txt

@@ -0,0 +1,5 @@
+theme1
+theme2
+theme3
+theme4
+theme5

spec/samples/wpscan/wp_theme/vulnerabilities/theme_vulns.xml

@@ -6,6 +6,11 @@
       <reference>http://1337day.com/exploit/20027</reference>
       <type>FPD</type>
     </vulnerability>
+    <vulnerability>
+      <title>onepagewebsite Full Path Disclosure vulnerability</title>
+      <reference>http://1337day.com/exploit/20027</reference>
+      <type>FPD</type>
+    </vulnerability>
   </theme>
   <theme name="vithy">
     <vulnerability>

wpscan.rb

@@ -55,6 +55,15 @@ end
 File.delete(LOG_FILE) if File.exist?(LOG_FILE) and !File.symlink?(LOG_FILE)
 
 banner()
+# Stats
+puts "Wpscan Databse Statistics:"
+puts "\tTotal vulnerable plugins: #{WpscanStats.vuln_plugin_count}"
+puts "\tTotal vulnerable themes: #{WpscanStats.vuln_theme_count}"
+puts "\tTotal plugin vulnerabilities: #{WpscanStats.plugin_vulns_count}"
+puts "\tTotal theme vulnerabilities: #{WpscanStats.theme_vulns_count}"
+puts "\tTotal plugins to enumerate: #{WpscanStats.total_plugins}"
+puts "\tTotal themes to enumerate: #{WpscanStats.total_themes}"
+puts
 
 begin
   wpscan_options = WpscanOptions.load_from_arguments
@@ -146,8 +155,6 @@ begin
   start_time = Time.now
   puts "| URL: #{wp_target.url}"
   puts "| Started on #{start_time.asctime}"
-  puts "| Total vulnerable plugins: #{wp_target.plugin_vulns_count}"
-  puts "| Total vulnerable themes: #{wp_target.theme_vulns_count}"
   puts
 
   if wp_target.has_robots?