garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

show_progress_bar renamed to show_progression

Browse Source
This commit is contained in:
erwanlr
2013-01-04 15:15:14 +01:00
parent e2bb5dc24f
commit c0eadd22db
7 changed files with 63 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/wpscan/wp_enumerator.rb
View File

@@ -29,7 +29,7 @@ class WpEnumerator
# * * +:path+ - Path to plugin # * * +:path+ - Path to plugin
# * +type+ - "plugins" or "themes", item to enumerate # * +type+ - "plugins" or "themes", item to enumerate
# * +filename+ - filename in the data directory with paths # * +filename+ - filename in the data directory with paths
# * +show_progress_bar+ - Show a progress bar during enumeration # * +show_progression+ - Show a progress bar during enumeration
def self.enumerate(options = {}, items = nil) def self.enumerate(options = {}, items = nil)
WpOptions.check_options(options) WpOptions.check_options(options)
@@ -42,13 +42,14 @@ class WpEnumerator
end end
end end
found = [] found = []
queue_count = 0 queue_count = 0
request_count = 0 request_count = 0
enum_browser = Browser.instance enum_browser = Browser.instance
enum_hydra = enum_browser.hydra enum_hydra = enum_browser.hydra
enumerate_size = targets.size enumerate_size = targets.size
exclude_regexp = options[:exclude_content_based] ? %r{#{options[:exclude_content_based]}} : nil exclude_regexp = options[:exclude_content_based] ? %r{#{options[:exclude_content_based]}} : nil
show_progression = options[:show_progression] || false
targets.each do |target| targets.each do |target|
url = target.get_full_url url = target.get_full_url
@@ -59,7 +60,7 @@ class WpEnumerator
request.on_complete do |response| request.on_complete do |response|
page_hash = Digest::MD5.hexdigest(response.body) page_hash = Digest::MD5.hexdigest(response.body)
print "\rChecking for #{enumerate_size} total #{options[:type]}... #{(request_count * 100) / enumerate_size}% complete." if options[:show_progress_bar] print "\rChecking for #{enumerate_size} total #{options[:type]}... #{(request_count * 100) / enumerate_size}% complete." if show_progression
if WpTarget.valid_response_codes.include?(response.code) if WpTarget.valid_response_codes.include?(response.code)
if page_hash != options[:error_404_hash] and page_hash != options[:homepage_hash] if page_hash != options[:error_404_hash] and page_hash != options[:homepage_hash]

4
lib/wpscan/wp_options.rb
View File

@@ -27,7 +27,7 @@
# * +vulns_xpath+ - XPath for vulnerability XML file # * +vulns_xpath+ - XPath for vulnerability XML file
# * +vulns_xpath_2+ - XPath for vulnerability XML file # * +vulns_xpath_2+ - XPath for vulnerability XML file
# * +wp_content_dir+ - Name of the wp-content directory # * +wp_content_dir+ - Name of the wp-content directory
# * +show_progress_bar+ - Show a progress bar during enumeration # * +show_progression+ - Show a progress bar during enumeration
# * +error_404_hash+ - MD5 hash of a 404 page # * +error_404_hash+ - MD5 hash of a 404 page
# * +type+ - Type: plugins, themes # * +type+ - Type: plugins, themes
class WpOptions class WpOptions
@@ -39,7 +39,7 @@ class WpOptions
raise("vulns_xpath must be set") unless options[:vulns_xpath] != nil and options[:vulns_xpath].length > 0 raise("vulns_xpath must be set") unless options[:vulns_xpath] != nil and options[:vulns_xpath].length > 0
raise("vulns_xpath_2 must be set") unless options[:vulns_xpath_2] != nil and options[:vulns_xpath_2].length > 0 raise("vulns_xpath_2 must be set") unless options[:vulns_xpath_2] != nil and options[:vulns_xpath_2].length > 0
raise("wp_content_dir must be set") unless options[:wp_content_dir] != nil and options[:wp_content_dir].length > 0 raise("wp_content_dir must be set") unless options[:wp_content_dir] != nil and options[:wp_content_dir].length > 0
raise("show_progress_bar must be set") unless options[:show_progress_bar] != nil raise("show_progression must be set") unless options[:show_progression] != nil
raise("error_404_hash must be set") unless options[:error_404_hash] != nil and options[:error_404_hash].length > 0 raise("error_404_hash must be set") unless options[:error_404_hash] != nil and options[:error_404_hash].length > 0
raise("type must be set") unless options[:type] != nil and options[:type].length > 0 raise("type must be set") unless options[:type] != nil and options[:type].length > 0

2
spec/lib/wpscan/modules/wp_plugins_spec.rb
View File

@@ -35,7 +35,7 @@ shared_examples_for "WpPlugins" do
@options = { @options = {
:base_url => @wp_url, :base_url => @wp_url,
:only_vulnerable_ones => false, :only_vulnerable_ones => false,
:show_progress_bar => false, :show_progression => false,
:error_404_hash => @module.error_404_hash, :error_404_hash => @module.error_404_hash,
:homepage_hash => @module.homepage_hash, :homepage_hash => @module.homepage_hash,
:vulns_file => @plugin_vulns_file, :vulns_file => @plugin_vulns_file,

19
spec/lib/wpscan/modules/wp_themes_spec.rb
View File

@@ -31,15 +31,16 @@ shared_examples_for "WpThemes" do
@module.error_404_hash = Digest::MD5.hexdigest("Error 404!") @module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
@module.extend(WpThemes) @module.extend(WpThemes)
@options = {:base_url => @wp_url, @options = {
:only_vulnerable_ones => false, :base_url => @wp_url,
:show_progress_bar => false, :only_vulnerable_ones => false,
:error_404_hash => Digest::MD5.hexdigest("Error 404!"), :show_progression => false,
:vulns_file => @theme_vulns_file, :error_404_hash => Digest::MD5.hexdigest("Error 404!"),
:file => @themes_file, :vulns_file => @theme_vulns_file,
:type => "themes", :file => @themes_file,
:wp_content_dir => "wp-content", :type => "themes",
:vulns_xpath_2 => "//theme" :wp_content_dir => "wp-content",
:vulns_xpath_2 => "//theme"
} }
File.exist?(@theme_vulns_file).should == true File.exist?(@theme_vulns_file).should == true
File.exist?(@themes_file).should == true File.exist?(@themes_file).should == true

47
spec/lib/wpscan/modules/wp_timthumbs_spec.rb
View File

@@ -19,35 +19,34 @@
shared_examples_for "WpTimthumbs" do shared_examples_for "WpTimthumbs" do
before :each do before :each do
@options = {} @options = {}
@url = "http://example.localhost/" @url = "http://example.localhost/"
@theme_name = "bueno" @theme_name = "bueno"
@options[:base_url] = @url @options[:base_url] = @url
@options[:wp_content_dir] = "wp-content" @options[:wp_content_dir] = "wp-content"
@options[:name] = @theme_name @options[:name] = @theme_name
@options[:error_404_hash] = "xx" @options[:error_404_hash] = "xx"
@options[:show_progress_bar] = false @options[:show_progression] = false
@options[:only_vulnerable_ones] = false @options[:only_vulnerable_ones] = false
@options[:vulns_file] = "xx" @options[:vulns_file] = "xx"
@options[:type] = "timthumbs" @options[:type] = "timthumbs"
@module = WpScanModuleSpec.new(@url) @module = WpScanModuleSpec.new(@url)
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/wp_timthumbs" @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/wp_timthumbs"
@timthumbs_file = @fixtures_dir + "/timthumbs.txt" @timthumbs_file = @fixtures_dir + "/timthumbs.txt"
@targets_from_file = @targets_from_file = %w{
%w{
http://example.localhost/wp-content/plugins/fotoslide/timthumb.php http://example.localhost/wp-content/plugins/fotoslide/timthumb.php
http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php
} }
@targets_from_theme = @targets_from_theme =
[ [
"http://example.localhost/wp-content/themes/" + @theme_name + "/timthumb.php", "http://example.localhost/wp-content/themes/" + @theme_name + "/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/lib/timthumb.php", "http://example.localhost/wp-content/themes/" + @theme_name + "/lib/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/inc/timthumb.php", "http://example.localhost/wp-content/themes/" + @theme_name + "/inc/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/includes/timthumb.php", "http://example.localhost/wp-content/themes/" + @theme_name + "/includes/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/scripts/timthumb.php", "http://example.localhost/wp-content/themes/" + @theme_name + "/scripts/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/tools/timthumb.php", "http://example.localhost/wp-content/themes/" + @theme_name + "/tools/timthumb.php",
"http://example.localhost/wp-content/themes/" + @theme_name + "/functions/timthumb.php" "http://example.localhost/wp-content/themes/" + @theme_name + "/functions/timthumb.php"
] ]
@module.extend(WpTimthumbs) @module.extend(WpTimthumbs)
end end

28
spec/lib/wpscan/wp_options_spec.rb
View File

@@ -21,17 +21,17 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpOptions do describe WpOptions do
describe "#check_options" do describe "#check_options" do
before :each do before :each do
@options = {} @options = {}
@options[:base_url] = "url" @options[:base_url] = "url"
@options[:only_vulnerable_ones] = false @options[:only_vulnerable_ones] = false
@options[:file] = "file" @options[:file] = "file"
@options[:vulns_file] = "vulns_file" @options[:vulns_file] = "vulns_file"
@options[:vulns_xpath] = "vulns_xpath" @options[:vulns_xpath] = "vulns_xpath"
@options[:vulns_xpath_2] = "vulns_xpath_2" @options[:vulns_xpath_2] = "vulns_xpath_2"
@options[:wp_content_dir] = "wp_content_dir" @options[:wp_content_dir] = "wp_content_dir"
@options[:show_progress_bar] = true @options[:show_progression] = true
@options[:error_404_hash] = "error_404_hash" @options[:error_404_hash] = "error_404_hash"
@options[:type] = "type" @options[:type] = "type"
@message = "" @message = ""
end end
@@ -105,9 +105,9 @@ describe WpOptions do
@message = "wp_content_dir must be set" @message = "wp_content_dir must be set"
end end
it "should raise an exception (show_progress_bar nil)" do it "should raise an exception (show_progression nil)" do
@options[:show_progress_bar] = nil @options[:show_progression] = nil
@message = "show_progress_bar must be set" @message = "show_progression must be set"
end end
it "should raise an exception (error_404_hash empty)" do it "should raise an exception (error_404_hash empty)" do
@@ -135,4 +135,4 @@ describe WpOptions do
@message = "Unknown type unknown" @message = "Unknown type unknown"
end end
end end
end end

6
wpscan.rb
View File

@@ -213,7 +213,7 @@ begin
options = { options = {
:base_url => wp_target.uri, :base_url => wp_target.uri,
:only_vulnerable_ones => wpscan_options.enumerate_only_vulnerable_plugins || false, :only_vulnerable_ones => wpscan_options.enumerate_only_vulnerable_plugins || false,
:show_progress_bar => true, :show_progression => true,
:wp_content_dir => wp_target.wp_content_dir, :wp_content_dir => wp_target.wp_content_dir,
:error_404_hash => wp_target.error_404_hash, :error_404_hash => wp_target.error_404_hash,
:homepage_hash => wp_target.homepage_hash, :homepage_hash => wp_target.homepage_hash,
@@ -272,7 +272,7 @@ begin
options = { options = {
:base_url => wp_target.uri, :base_url => wp_target.uri,
:only_vulnerable_ones => wpscan_options.enumerate_only_vulnerable_themes || false, :only_vulnerable_ones => wpscan_options.enumerate_only_vulnerable_themes || false,
:show_progress_bar => true, :show_progression => true,
:wp_content_dir => wp_target.wp_content_dir, :wp_content_dir => wp_target.wp_content_dir,
:error_404_hash => wp_target.error_404_hash, :error_404_hash => wp_target.error_404_hash,
:homepage_hash => wp_target.homepage_hash, :homepage_hash => wp_target.homepage_hash,
@@ -321,7 +321,7 @@ begin
options = { options = {
:base_url => wp_target.uri, :base_url => wp_target.uri,
:show_progress_bar => true, :show_progression => true,
:wp_content_dir => wp_target.wp_content_dir, :wp_content_dir => wp_target.wp_content_dir,
:error_404_hash => wp_target.error_404_hash, :error_404_hash => wp_target.error_404_hash,
:homepage_hash => wp_target.homepage_hash, :homepage_hash => wp_target.homepage_hash,