garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes #1232

Browse Source
This commit is contained in:
erwanlr
2018-11-02 19:33:38 +00:00
parent e4f3e9d11c
commit c5e6752f75
20 changed files with 59 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/finders/interesting_findings/backup_db.rb
View File

@@ -11,7 +11,7 @@ module WPScan
return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
WPScan::InterestingFinding.new(
WPScan::BackupDB.new(
url,
confidence: 70,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/debug_log.rb
View File

@@ -9,7 +9,7 @@ module WPScan
return unless target.debug_log?(path)
WPScan::InterestingFinding.new(
WPScan::DebugLog.new(
target.url(path),
confidence: 100, found_by: DIRECT_ACCESS
)

2
app/finders/interesting_findings/duplicator_installer_log.rb
View File

@@ -10,7 +10,7 @@ module WPScan
return unless res.body =~ /DUPLICATOR INSTALL-LOG/
WPScan::InterestingFinding.new(
WPScan::DuplicatorInstallerLog.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/emergency_pwd_reset_script.rb
View File

@@ -10,7 +10,7 @@ module WPScan
return unless res.code == 200 && !target.homepage_or_404?(res)
WPScan::InterestingFinding.new(
WPScan::EmergencyPwdResetScript.new(
url,
confidence: res.body =~ /password/i ? 100 : 40,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/full_path_disclosure.rb
View File

@@ -10,7 +10,7 @@ module WPScan
return if fpd_entries.empty?
WPScan::InterestingFinding.new(
WPScan::FullPathDisclosure.new(
target.url(path),
confidence: 100,
found_by: DIRECT_ACCESS,

4
app/finders/interesting_findings/mu_plugins.rb
View File

@@ -12,7 +12,7 @@ module WPScan
url = target.url('wp-content/mu-plugins/')
return WPScan::InterestingFinding.new(
return WPScan::MuPlugins.new(
url,
confidence: 70,
found_by: 'URLs In Homepage (Passive Detection)',
@@ -35,7 +35,7 @@ module WPScan
target.mu_plugins = true
WPScan::InterestingFinding.new(
WPScan::MuPlugins.new(
url,
confidence: 80,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/multisite.rb
View File

@@ -15,7 +15,7 @@ module WPScan
target.multisite = true
WPScan::InterestingFinding.new(
WPScan::Multisite.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/readme.rb
View File

@@ -10,7 +10,7 @@ module WPScan
res = Browser.get(url)
if res.code == 200 && res.body =~ /wordpress/i
return WPScan::InterestingFinding.new(url, confidence: 100, found_by: DIRECT_ACCESS)
return WPScan::Readme.new(url, confidence: 100, found_by: DIRECT_ACCESS)
end
end
nil

2
app/finders/interesting_findings/registration.rb
View File

@@ -18,7 +18,7 @@ module WPScan
target.registration_enabled = true
WPScan::InterestingFinding.new(
WPScan::Registration.new(
res.effective_url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/tmm_db_migrate.rb
View File

@@ -11,7 +11,7 @@ module WPScan
return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
WPScan::InterestingFinding.new(
WPScan::TmmDbMigrate.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/upload_directory_listing.rb
View File

@@ -11,7 +11,7 @@ module WPScan
url = target.url(path)
WPScan::InterestingFinding.new(
WPScan::UploadDirectoryListing.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS,

2
app/finders/interesting_findings/upload_sql_dump.rb
View File

@@ -12,7 +12,7 @@ module WPScan
return unless res.code == 200 && res.body =~ SQL_PATTERN
WPScan::InterestingFinding.new(
WPScan::UploadSQLDump.new(
url,
confidence: 100,
found_by: DIRECT_ACCESS

39
app/models/interesting_finding.rb
View File

@@ -3,4 +3,43 @@ module WPScan
class InterestingFinding < CMSScanner::InterestingFinding
include References
end
#
# Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
#
class BackupDB < InterestingFinding
end
class DebugLog < InterestingFinding
end
class DuplicatorInstallerLog < InterestingFinding
end
class EmergencyPwdResetScript < InterestingFinding
end
class FullPathDisclosure < InterestingFinding
end
class MuPlugins < InterestingFinding
end
class Multisite < InterestingFinding
end
class Readme < InterestingFinding
end
class Registration < InterestingFinding
end
class TmmDbMigrate < InterestingFinding
end
class UploadDirectoryListing < InterestingFinding
end
class UploadSQLDump < InterestingFinding
end
end

2
spec/app/finders/interesting_findings/backup_db_spec.rb
View File

@@ -37,7 +37,7 @@ describe WPScan::Finders::InterestingFindings::BackupDB do
after do
found = finder.aggressive
expect(found).to eql WPScan::InterestingFinding.new(
expect(found).to eql WPScan::BackupDB.new(
dir_url,
confidence: 70,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/debug_log_spec.rb
View File

@@ -23,7 +23,7 @@ describe WPScan::Finders::InterestingFindings::DebugLog do
let(:body) { File.read(File.join(fixtures, 'debug.log')) }
it 'returns the InterestingFinding' do
expect(finder.aggressive).to eql WPScan::InterestingFinding.new(
expect(finder.aggressive).to eql WPScan::DebugLog.new(
log_url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/duplicator_installer_log_spec.rb
View File

@@ -24,7 +24,7 @@ describe WPScan::Finders::InterestingFindings::DuplicatorInstallerLog do
let(:body) { File.read(File.join(fixtures, filename)) }
it 'returns the InterestingFinding' do
expect(finder.aggressive).to eql WPScan::InterestingFinding.new(
expect(finder.aggressive).to eql WPScan::DuplicatorInstallerLog.new(
log_url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/full_path_disclosure_spec.rb
View File

@@ -25,7 +25,7 @@ describe WPScan::Finders::InterestingFindings::FullPathDisclosure do
it 'returns the InterestingFinding' do
found = finder.aggressive
expect(found).to eql WPScan::InterestingFinding.new(
expect(found).to eql WPScan::FullPathDisclosure.new(
file_url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/readme_spec.rb
View File

@@ -27,7 +27,7 @@ describe WPScan::Finders::InterestingFindings::Readme do
before { stub_request(:get, target.url(file)).to_return(body: readme) }
it 'returns the expected InterestingFinding' do
expected = WPScan::InterestingFinding.new(
expected = WPScan::Readme.new(
target.url(file),
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
spec/app/finders/interesting_findings/upload_sql_dump_spec.rb
View File

@@ -38,7 +38,7 @@ describe WPScan::Finders::InterestingFindings::UploadSQLDump do
let(:fixture) { 'dump.sql' }
it 'returns the interesting findings' do
@expected = WPScan::InterestingFinding.new(
@expected = WPScan::UploadSQLDump.new(
finder.dump_url,
confidence: 100,
found_by: described_class::DIRECT_ACCESS

2
wpscan.gemspec
View File

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
s.executables = ['wpscan']
s.require_paths = ['lib']
s.add_dependency 'cms_scanner', '~> 0.0.40.2'
s.add_dependency 'cms_scanner', '~> 0.0.40.3'
# Already required by CMSScanner, so version restrictions loosen
s.add_dependency 'activesupport', '~> 5.2'