Initial attempt at implementing apiv2 #853

2015-08-14 00:19:22 +02:00
parent cc737090a2
commit c4aed0ec89
15 changed files with 81 additions and 65 deletions
--- a/.rspec
+++ b/.rspec
@@ -1,2 +1,2 @@
 --color
--fail-fast
+#--fail-fast
--- a/lib/common/collections/wp_items.rb
+++ b/lib/common/collections/wp_items.rb
@@ -67,6 +67,7 @@ class WpItems < Array
  end
  protected
  # @return [ Class ]
  def item_class
    Object.const_get(self.class.to_s.gsub(/.$/, ''))
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -155,15 +155,7 @@ class WpItems < Array
      item_class = self.item_class
      vulns_file = self.vulns_file
-      targets = vulnerable_targets_items(wp_target, item_class, vulns_file)
+      targets = target_items(wp_target, item_class, vulns_file, options[:type])
      unless options[:only_vulnerable]
        unless options[:file]
          raise 'A file must be supplied'
        end
        targets += targets_items_from_file(options[:file], wp_target, item_class, vulns_file)
      end
      targets.uniq! { |t| t.name }
      targets.sort_by { rand }
@@ -174,14 +166,25 @@ class WpItems < Array
    # @param [ String ] vulns_file
    #
    # @return [ Array<WpItem> ]
-    def vulnerable_targets_items(wp_target, item_class, vulns_file)
+    def target_items(wp_target, item_class, vulns_file, type)
      targets = []
      json    = json(vulns_file)
-      [*json].each do |item|
+      case type
      when :vulnerable
        item_names = json.select { |item| !item['vulnerabilities'].empty? }.map {|item| item['name'] }
      when :popular
        item_names = json.select { |item| item['popular'] == true }.map {|item| item['name'] }
      when :all
        item_names = [*json].map { |item| item['name'] }
      else
        raise "Known type #{type}"
      end
      item_names.each do |item_name|
        targets << create_item(
          item_class,
-          item.keys.inject,
+          item_name,
          wp_target,
          vulns_file
        )
@@ -233,6 +236,5 @@ class WpItems < Array
    def item_class
      Object.const_get(self.to_s.gsub(/.$/, ''))
    end
  end
 end
--- a/lib/common/collections/wp_plugins/detectable.rb
+++ b/lib/common/collections/wp_plugins/detectable.rb
@@ -2,17 +2,11 @@
 class WpPlugins < WpItems
  module Detectable
    # @return [ String ]
    def vulns_file
-      PLUGINS_VULNS_FILE
+      PLUGINS_FILE
    end
    # @return [ String ]
    # def item_xpath
    #   '//plugin'
    # end
    # @param [ WpTarget ] wp_target
    # @param [ Hash ] options
    #
--- a/lib/common/collections/wp_themes/detectable.rb
+++ b/lib/common/collections/wp_themes/detectable.rb
@@ -5,13 +5,7 @@ class WpThemes < WpItems
    # @return [ String ]
    def vulns_file
-      THEMES_VULNS_FILE
+      THEMES_FILE
    end
    # @return [ String ]
    # def item_xpath
    #   '//theme'
    # end
  end
 end
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -18,20 +18,15 @@ COMMON_PLUGINS_DIR   = File.join(COMMON_LIB_DIR, 'plugins')
 WPSCAN_PLUGINS_DIR   = File.join(WPSCAN_LIB_DIR, 'plugins') # Not used ATM
 # Data files
-PLUGINS_FILE        = File.join(DATA_DIR, 'plugins.txt')
+WORDPRESSES_FILE  = File.join(DATA_DIR, 'wordpresses.json')
-PLUGINS_FULL_FILE   = File.join(DATA_DIR, 'plugins_full.txt')
+PLUGINS_FILE      = File.join(DATA_DIR, 'plugins.json')
-PLUGINS_VULNS_FILE  = File.join(DATA_DIR, 'plugin_vulns.json')
+THEMES_FILE       = File.join(DATA_DIR, 'themes.json')
-THEMES_FILE         = File.join(DATA_DIR, 'themes.txt')
+WP_VERSIONS_FILE  = File.join(DATA_DIR, 'wp_versions.xml')
-THEMES_FULL_FILE    = File.join(DATA_DIR, 'themes_full.txt')
+LOCAL_FILES_FILE  = File.join(DATA_DIR, 'local_vulnerable_files.xml')
-THEMES_VULNS_FILE   = File.join(DATA_DIR, 'theme_vulns.json')
+WP_VERSIONS_XSD   = File.join(DATA_DIR, 'wp_versions.xsd')
-WP_VULNS_FILE       = File.join(DATA_DIR, 'wp_vulns.json')
+LOCAL_FILES_XSD   = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
-WP_VERSIONS_FILE    = File.join(DATA_DIR, 'wp_versions.xml')
+USER_AGENTS_FILE  = File.join(DATA_DIR, 'user-agents.txt')
-LOCAL_FILES_FILE    = File.join(DATA_DIR, 'local_vulnerable_files.xml')
+LAST_UPDATE_FILE  = File.join(DATA_DIR, '.last_update')
 # VULNS_XSD           = File.join(DATA_DIR, 'vuln.xsd')
 WP_VERSIONS_XSD     = File.join(DATA_DIR, 'wp_versions.xsd')
 LOCAL_FILES_XSD     = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
 USER_AGENTS_FILE    = File.join(DATA_DIR, 'user-agents.txt')
 LAST_UPDATE_FILE    = File.join(DATA_DIR, '.last_update')
 WPSCAN_VERSION       = '2.8'
--- a/lib/common/db_updater.rb
+++ b/lib/common/db_updater.rb
@@ -4,9 +4,8 @@
 class DbUpdater
  FILES = %w(
    local_vulnerable_files.xml local_vulnerable_files.xsd
    plugins_full.txt plugins.txt themes_full.txt themes.txt
    timthumbs.txt user-agents.txt wp_versions.xml wp_versions.xsd
-    plugin_vulns.json theme_vulns.json wp_vulns.json LICENSE
+    wordpresses.json plugins.json themes.json LICENSE
  )
  attr_reader :repo_directory
--- a/lib/common/models/vulnerability.rb
+++ b/lib/common/models/vulnerability.rb
@@ -42,11 +42,12 @@ class Vulnerability
  # @return [ Vulnerability ]
  def self.load_from_json_item(json_item)
    references = {}
    references['id'] = [json_item['id']]
-    %w(id url cve secunia osvdb metasploit exploitdb).each do |key|
+    %w(url cve secunia osvdb metasploit exploitdb).each do |key|
-      if json_item[key]
+      if json_item['references'][key]
-        json_item[key]  = [json_item[key]] if json_item[key].class != Array
+        json_item['references'][key] = [json_item['references'][key]] if json_item['references'][key].class != Array
-        references[key] = json_item[key]
+        references[key] = json_item['references'][key]
      end
    end
@@ -54,7 +55,7 @@ class Vulnerability
      json_item['title'],
      json_item['type'],
      references,
-      json_item['fixed_in'],
+      json_item['fixed_in']
    )
  end
--- a/lib/common/models/vulnerability/output.rb
+++ b/lib/common/models/vulnerability/output.rb
@@ -2,22 +2,22 @@
 class Vulnerability
  module Output
    # output the vulnerability
    def output(verbose = false)
      puts
      puts critical("Title: #{title}")
      references.each do |key, urls|
        methodname = "url_#{key}"
        urls.each do |u|
          next unless respond_to?(methodname)
          url = send(methodname, u)
          puts "    Reference: #{url}" if url
        end
      end
-      unless fixed_in.nil?
+      
-        puts notice("Fixed in: #{fixed_in}")
+      puts notice("Fixed in: #{fixed_in}") if fixed_in
      end
    end
  end
 end
--- a/lib/common/models/wp_item/output.rb
+++ b/lib/common/models/wp_item/output.rb
@@ -7,6 +7,8 @@ class WpItem
    def output(verbose = false)
      puts
      puts info("Name: #{self}") #this will also output the version number if detected
      puts " |  Latest version:"
      puts " |  Last updated:"
      puts " |  Location: #{url}"
      #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
      puts " |  Readme: #{readme_url}" if has_readme?
--- a/lib/common/models/wp_item/vulnerable.rb
+++ b/lib/common/models/wp_item/vulnerable.rb
@@ -9,15 +9,16 @@ class WpItem
    #
    # @return [ Vulnerabilities ]
    def vulnerabilities
-      json            = json(vulns_file)
+      json            = json(vulns_file).select { |item| !item['vulnerabilities'].empty? }
      vulnerabilities = Vulnerabilities.new
      json.each do |item|
-        asset = item[identifier]
+        asset = item['version'][identifier] if item['version']
        asset = item['name'][identifier] if item['name']
        next unless asset
-        asset['vulnerabilities'].each do |vulnerability|
+        item['vulnerabilities'].each do |vulnerability|
          vulnerability = Vulnerability.load_from_json_item(vulnerability)
          vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
        end
--- a/lib/common/models/wp_plugin/vulnerable.rb
+++ b/lib/common/models/wp_plugin/vulnerable.rb
@@ -6,7 +6,7 @@ class WpPlugin < WpItem
    # @return [ String ] The path to the file containing vulnerabilities
    def vulns_file
      unless @vulns_file
-        @vulns_file = PLUGINS_VULNS_FILE
+        @vulns_file = PLUGINS_FILE
      end
      @vulns_file
    end
--- a/lib/common/models/wp_theme/vulnerable.rb
+++ b/lib/common/models/wp_theme/vulnerable.rb
@@ -6,7 +6,7 @@ class WpTheme < WpItem
    # @return [ String ] The path to the file containing vulnerabilities
    def vulns_file
      unless @vulns_file
-        @vulns_file = THEMES_VULNS_FILE
+        @vulns_file = THEMES_FILE
      end
      @vulns_file
    end
--- a/lib/common/models/wp_version/vulnerable.rb
+++ b/lib/common/models/wp_version/vulnerable.rb
@@ -6,7 +6,7 @@ class WpVersion < WpItem
    # @return [ String ] The path to the file containing vulnerabilities
    def vulns_file
      unless @vulns_file
-        @vulns_file = WP_VULNS_FILE
+        @vulns_file = WORDPRESSES_FILE
      end
      @vulns_file
    end
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -273,15 +273,29 @@ def main
    # Enumerate the installed plugins
    if wpscan_options.enumerate_plugins or wpscan_options.enumerate_only_vulnerable_plugins or wpscan_options.enumerate_all_plugins
      puts
-      puts info("Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ...")
+      if wpscan_options.enumerate_only_vulnerable_plugins
        puts info('Enumerating installed plugins (only ones with known vulnerabilities) ...')
        plugin_enumeration_type = :vulnerable
      end
      if wpscan_options.enumerate_plugins
        puts info('Enumerating installed plugins (only ones marked as popular) ...')
        plugin_enumeration_type = :popular
      end
      if wpscan_options.enumerate_all_plugins
        puts info('Enumerating all plugins (may take a while and use a lot of system resources) ...')
        plugin_enumeration_type = :all
      end
      puts
      wp_plugins = WpPlugins.aggressive_detection(wp_target,
        enum_options.merge(
-          file: wpscan_options.enumerate_all_plugins ? PLUGINS_FULL_FILE : PLUGINS_FILE,
+          file: PLUGINS_FILE,
-          only_vulnerable: wpscan_options.enumerate_only_vulnerable_plugins || false
+          type: plugin_enumeration_type
        )
      )
      puts
      if !wp_plugins.empty?
        puts info("We found #{wp_plugins.size} plugins:")
@@ -295,13 +309,26 @@ def main
    # Enumerate installed themes
    if wpscan_options.enumerate_themes or wpscan_options.enumerate_only_vulnerable_themes or wpscan_options.enumerate_all_themes
      puts
-      puts info("Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ...")
+      if wpscan_options.enumerate_only_vulnerable_themes
        puts info('Enumerating installed themes (only ones with known vulnerabilities) ...')
        theme_enumeration_type = :vulnerable
      end
      if wpscan_options.enumerate_themes
        puts info('Enumerating installed themes (only ones marked as popular) ...')
        theme_enumeration_type = :popular
      end
      if wpscan_options.enumerate_all_themes
        puts info('Enumerating all themes (may take a while and use a lot of system resources) ...')
        theme_enumeration_type = :all
      end
      puts
      wp_themes = WpThemes.aggressive_detection(wp_target,
        enum_options.merge(
-          file: wpscan_options.enumerate_all_themes ? THEMES_FULL_FILE : THEMES_FILE,
+          file: THEMES_FILE,
-          only_vulnerable: wpscan_options.enumerate_only_vulnerable_themes || false
+          type: theme_enumeration_type
        )
      )
      puts
`@@ -1,2 +1,2 @@`
	`--color`	`--color`
	`--fail-fast`	`#--fail-fast`