garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'json_data'

Browse Source 
Conflicts:
	data/plugin_vulns.xml
	data/theme_vulns.xml
This commit is contained in:
ethicalhack3r
2014-08-01 13:34:34 +02:00
parent c3110a4ab7 721cad75a2
commit ca100ef7e9
50 changed files with 560 additions and 23055 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
data/plugin_vulns.json Normal file
View File

File diff suppressed because one or more lines are too long

13894
data/plugin_vulns.xml
View File

File diff suppressed because it is too large Load Diff

1
data/theme_vulns.json Normal file
View File

File diff suppressed because one or more lines are too long

3596
data/theme_vulns.xml
View File

File diff suppressed because it is too large Load Diff

1
data/wp_vulns.json Normal file
View File

File diff suppressed because one or more lines are too long

5196
data/wp_vulns.xml
View File

File diff suppressed because it is too large Load Diff

8
lib/common/collections/wp_items/detectable.rb
View File

@@ -142,16 +142,17 @@ class WpItems < Array
# @return [ Array<WpItem> ]
def vulnerable_targets_items(wp_target, item_class, vulns_file)
targets = []
xml = xml(vulns_file)
json = json(vulns_file)
xml.xpath(item_xpath).each do |node|
[*json].each do |item|
targets << create_item(
item_class,
node.attribute('name').text,
item.keys.inject,
wp_target,
vulns_file
)
end
targets
end
@@ -190,6 +191,7 @@ class WpItems < Array
)
end
end
targets
end

6
lib/common/collections/wp_plugins/detectable.rb
View File

@@ -9,9 +9,9 @@ class WpPlugins < WpItems
end
# @return [ String ]
def item_xpath
'//plugin'
end
# def item_xpath
# '//plugin'
# end
# @param [ WpTarget ] wp_target
# @param [ Hash ] options

6
lib/common/collections/wp_themes/detectable.rb
View File

@@ -9,9 +9,9 @@ class WpThemes < WpItems
end
# @return [ String ]
def item_xpath
'//theme'
end
# def item_xpath
# '//theme'
# end
end
end

29
lib/common/common_helper.rb
View File

@@ -22,14 +22,14 @@ WPSTOOLS_PLUGINS_DIR = File.join(WPSTOOLS_LIB_DIR, 'plugins')
# Data files
PLUGINS_FILE = File.join(DATA_DIR, 'plugins.txt')
PLUGINS_FULL_FILE = File.join(DATA_DIR, 'plugins_full.txt')
PLUGINS_VULNS_FILE = File.join(DATA_DIR, 'plugin_vulns.xml')
PLUGINS_VULNS_FILE = File.join(DATA_DIR, 'plugin_vulns.json')
THEMES_FILE = File.join(DATA_DIR, 'themes.txt')
THEMES_FULL_FILE = File.join(DATA_DIR, 'themes_full.txt')
THEMES_VULNS_FILE = File.join(DATA_DIR, 'theme_vulns.xml')
WP_VULNS_FILE = File.join(DATA_DIR, 'wp_vulns.xml')
THEMES_VULNS_FILE = File.join(DATA_DIR, 'theme_vulns.json')
WP_VULNS_FILE = File.join(DATA_DIR, 'wp_vulns.json')
WP_VERSIONS_FILE = File.join(DATA_DIR, 'wp_versions.xml')
LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml')
VULNS_XSD = File.join(DATA_DIR, 'vuln.xsd')
# VULNS_XSD = File.join(DATA_DIR, 'vuln.xsd')
WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd')
LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
USER_AGENTS_FILE = File.join(DATA_DIR, 'user-agents.txt')
@@ -54,7 +54,7 @@ require 'environment'
def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
files = Dir[File.join(absolute_dir_path, files_pattern)]
# Files in the root dir are loaded first, then thoses in the subdirectories
# Files in the root dir are loaded first, then those in the subdirectories
files.sort_by { |file| [file.count("/"), file] }.each do |f|
f = File.expand_path(f)
#puts "require #{f}" # Used for debug
@@ -64,14 +64,6 @@ end
require_files_from_directory(COMMON_LIB_DIR, '**/*.rb')
# Hook to check if the target if down during the scan
# The target is considered down after 10 requests with status = 0
down = 0
Typhoeus.on_complete do |response|
down += 1 if response.code == 0
fail 'The target seems to be down' if down >= 10
end
# Add protocol
def add_http_protocol(url)
url =~ /^https?:/ ? url : "http://#{url}"
@@ -153,6 +145,17 @@ def xml(file)
end
end
def json(file)
content = File.open(file).read
begin
JSON.parse(content)
rescue => e
puts "[ERROR] In JSON file parsing #{file} #{e}"
raise
end
end
def redefine_constant(constant, value)
Object.send(:remove_const, constant)
Object.const_set(constant, value)

24
lib/common/models/vulnerability.rb
View File

@@ -35,27 +35,23 @@ class Vulnerability
end
# :nocov:
# Create the Vulnerability from the xml_node
# Create the Vulnerability from the json_item
#
# @param [ Nokogiri::XML::Node ] xml_node
# @param [ Hash ] json_item
#
# @return [ Vulnerability ]
def self.load_from_xml_node(xml_node)
def self.load_from_json_item(json_item)
references = {}
refs = xml_node.search('references')
if refs
references[:url] = refs.search('url').map(&:text)
references[:cve] = refs.search('cve').map(&:text)
references[:secunia] = refs.search('secunia').map(&:text)
references[:osvdb] = refs.search('osvdb').map(&:text)
references[:metasploit] = refs.search('metasploit').map(&:text)
references[:exploitdb] = refs.search('exploitdb').map(&:text)
[:url, :cve, :secunia, :osvdb, :metasploit, :exploitdb].each do |key|
references[key] = json_item[key.to_s].split(',') if json_item[key.to_s]
end
new(
xml_node.search('title').text,
xml_node.search('type').text,
json_item['title'],
json_item['type'],
references,
xml_node.search('fixed_in').text,
json_item['fixed_in'],
)
end

2
lib/common/models/vulnerability/output.rb
View File

@@ -14,7 +14,7 @@ class Vulnerability
puts " Reference: #{url}" if url
end
end
if !fixed_in.empty?
if !fixed_in.nil?
puts "#{blue('[i]')} Fixed in: #{fixed_in}"
end
end

18
lib/common/models/wp_item/vulnerable.rb
View File

@@ -2,22 +2,27 @@
class WpItem
module Vulnerable
attr_accessor :vulns_file, :vulns_xpath
attr_accessor :vulns_file, :identifier
# Get the vulnerabilities associated to the WpItem
# Filters out already fixed vulnerabilities
#
# @return [ Vulnerabilities ]
def vulnerabilities
xml = xml(vulns_file)
json = json(vulns_file)
vulnerabilities = Vulnerabilities.new
xml.xpath(vulns_xpath).each do |node|
vuln = Vulnerability.load_from_xml_node(node)
if vulnerable_to?(vuln)
vulnerabilities << vuln
json.each do |item|
asset = item[identifier]
if asset
asset['vulnerabilities'].each do |vulnerability|
vulnerability = Vulnerability.load_from_json_item(vulnerability)
vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
end
end
end
vulnerabilities
end
@@ -41,5 +46,4 @@ class WpItem
return false
end
end
end

4
lib/common/models/wp_plugin/vulnerable.rb
View File

@@ -12,8 +12,8 @@ class WpPlugin < WpItem
end
# @return [ String ]
def vulns_xpath
"//plugin[@name='#{@name}']/vulnerability"
def identifier
@name
end
end

5
lib/common/models/wp_theme/vulnerable.rb
View File

@@ -12,9 +12,8 @@ class WpTheme < WpItem
end
# @return [ String ]
def vulns_xpath
"//theme[@name='#{@name}']/vulnerability"
def identifier
@name
end
end
end

11
lib/common/models/wp_version/vulnerable.rb
View File

@@ -12,9 +12,14 @@ class WpVersion < WpItem
end
# @return [ String ]
def vulns_xpath
"//wordpress[@version='#{@number}']/vulnerability"
end
def identifier
@number
end
# @return [ String ]
# def vulns_xpath
# "//wordpress[@version='#{@number}']/vulnerability"
# end
end
end

8
lib/wpscan/wpscan_helper.rb
View File

@@ -108,3 +108,11 @@ def help
puts '--verbose | -v Verbose output.'
puts
end
# Hook to check if the target if down during the scan
# The target is considered down after 10 requests with status = 0
down = 0
Typhoeus.on_complete do |response|
down += 1 if response.code == 0
fail 'The target seems to be down' if down >= 10
end

13
lib/wpstools/plugins/checker/checker_plugin.rb
View File

@@ -29,11 +29,18 @@ class CheckerPlugin < Plugin
puts '[+] Checking vulnerabilities reference urls'
vuln_ref_files.each do |vuln_ref_file|
xml = xml(vuln_ref_file)
json = json(vuln_ref_file)
urls = []
xml.xpath('//references/url').each { |node| urls << node.text }
json.each do |asset|
asset[asset.keys.inject]['vulnerabilities'].each do |url|
unless url['url'].nil?
url['url'].split(',').each do |url|
urls << url
end
end
end
end
urls.uniq!
puts "[!] No URLs found in #{vuln_ref_file}!" if urls.empty?

27
lib/wpstools/plugins/stats/stats_plugin.rb
View File

@@ -48,38 +48,39 @@ class StatsPlugin < Plugin
end
def vuln_core_count(file=WP_VULNS_FILE)
xml(file).xpath('count(//wordpress)').to_i
json(file).size
end
def vuln_plugin_count(file=PLUGINS_VULNS_FILE)
xml(file).xpath('count(//plugin)').to_i
json(file).size
end
def vuln_theme_count(file=THEMES_VULNS_FILE)
xml(file).xpath('count(//theme)').to_i
json(file).size
end
def version_vulns_count(file=WP_VULNS_FILE)
xml(file).xpath('count(//vulnerability)').to_i
asset_vulns_count(json(file))
end
def fix_version_count(file=WP_VULNS_FILE)
xml(file).xpath('count(//fixed_in)').to_i
asset_fixed_in_count(json(file))
end
def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
xml(file).xpath('count(//vulnerability)').to_i
asset_vulns_count(json(file))
end
def fix_plugin_count(file=PLUGINS_VULNS_FILE)
xml(file).xpath('count(//fixed_in)').to_i
asset_fixed_in_count(json(file))
end
def theme_vulns_count(file=THEMES_VULNS_FILE)
xml(file).xpath('count(//vulnerability)').to_i
asset_vulns_count(json(file))
end
def fix_theme_count(file=THEMES_VULNS_FILE)
xml(file).xpath('count(//fixed_in)').to_i
asset_fixed_in_count(json(file))
end
def total_plugins(file=PLUGINS_FULL_FILE)
@@ -94,4 +95,12 @@ class StatsPlugin < Plugin
IO.readlines(file).size
end
def asset_vulns_count(json)
json.map { |asset| asset[asset.keys.inject]['vulnerabilities'].size }.inject(:+)
end
def asset_fixed_in_count(json)
json.map { |asset| asset[asset.keys.inject]['vulnerabilities'].map {|a| a['fixed_in'].nil? ? 0 : 1 }.inject(:+) }.inject(:+)
end
end

45
spec/json_checks_spec.rb Normal file
View File

@@ -0,0 +1,45 @@
# encoding: UTF-8
require 'spec_helper'
describe 'JSON checks' do
after :each do
expect(FileTest.exists?(@file)).to be_truthy
expect { JSON.parse(File.open(@file).read) }.not_to raise_error
end
it 'check plugin_vulns.json for syntax errors' do
@file = PLUGINS_VULNS_FILE
end
it 'check theme_vulns.json for syntax errors' do
@file = THEMES_VULNS_FILE
end
it 'check wp_vulns.json for syntax errors' do
@file = WP_VULNS_FILE
end
end
describe 'JSON content' do
before :all do
@vuln_plugins = json(PLUGINS_VULNS_FILE)
@vuln_themes = json(THEMES_VULNS_FILE)
@vulnerabilities = @vuln_plugins + @vuln_themes
end
after :each do
expect(@result.size).to eq(0), "Items:\n#{@result.join("\n")}"
end
it 'each asset vuln needs a title node' do
@result = []
@vulnerabilities.each do |plugin|
plugin[plugin.keys.inject]['vulnerabilities'].each do |vulnerability|
@result << vulnerability['title'] if vulnerability['title'].nil?
end
end
end
end

8
spec/lib/common/models/vulnerability_spec.rb
View File

@@ -30,10 +30,10 @@ describe Vulnerability do
end
describe '::load_from_xml_node' do
subject(:vulnerability) { Vulnerability.load_from_xml_node(node) }
let(:node) {
xml(MODELS_FIXTURES + '/vulnerability/xml_node.xml').xpath('//vulnerability')
describe '::load_from_json_item' do
subject(:vulnerability) { Vulnerability.load_from_json_item(item) }
let(:item) {
json(MODELS_FIXTURES + '/vulnerability/json_item.json')
}
expected_refs = {

4
spec/lib/common/models/wp_item_spec.rb
View File

@@ -11,8 +11,8 @@ describe WpItem do
end
it_behaves_like 'WpItem::Versionable'
it_behaves_like 'WpItem::Vulnerable' do
let(:vulns_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.xml' }
let(:vulns_xpath) { "//item[@name='neo']/vulnerability" }
let(:vulns_file) { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' }
let(:identifier) { 'neo' }
let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'],

2
spec/lib/common/models/wp_plugin_spec.rb
View File

@@ -6,7 +6,7 @@ describe WpPlugin do
it_behaves_like 'WpPlugin::Vulnerable'
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'white-rabbit' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.xml' }
let(:vulns_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' }
let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'],

2
spec/lib/common/models/wp_theme_spec.rb
View File

@@ -7,7 +7,7 @@ describe WpTheme do
it_behaves_like 'WpTheme::Vulnerable'
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { name: 'the-oracle' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.xml' }
let(:vulns_file) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'],

2
spec/lib/common/models/wp_version_spec.rb
View File

@@ -6,7 +6,7 @@ describe WpVersion do
it_behaves_like 'WpVersion::Vulnerable'
it_behaves_like 'WpItem::Vulnerable' do
let(:options) { { number: '3.2' } }
let(:vulns_file) { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.xml' }
let(:vulns_file) { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.json' }
let(:expected_refs) { {
:url => ['Ref 1', 'Ref 2'],
:cve => ['2011-001'],

4
spec/lib/wpstools/plugins/stats/stats_plugin_spec.rb
View File

@@ -4,8 +4,8 @@ require File.expand_path(File.dirname(__FILE__) + '/../../wpstools_helper')
describe 'StatsPlugin' do
subject(:stats) { StatsPlugin.new }
let(:plugins_vulns) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.xml' }
let(:themes_vulns) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.xml' }
let(:plugins_vulns) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' }
let(:themes_vulns) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
let(:plugins_file) { COLLECTIONS_FIXTURES + '/wp_plugins/detectable/targets.txt' }
let(:themes_file) { COLLECTIONS_FIXTURES + '/wp_themes/detectable/targets.txt'}

58
spec/samples/common/collections/wp_items/detectable/vulns.json Normal file
View File

@@ -0,0 +1,58 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

7
spec/samples/common/collections/wp_items/detectable/vulns.xml
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed -->
<vulnerabilities>
<item name="mr-smith"/>
<not-valid name='I should not appear in the results'/>
<item name="neo"/>
</vulnerabilities>

58
spec/samples/common/collections/wp_plugins/detectable/vulns.json Normal file
View File

@@ -0,0 +1,58 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

7
spec/samples/common/collections/wp_plugins/detectable/vulns.xml
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed -->
<vulnerabilities>
<plugin name="mr-smith"/>
<not-valid name='I should not appear in the results'/>
<plugin name="neo"/>
</vulnerabilities>

58
spec/samples/common/collections/wp_themes/detectable/vulns.json Normal file
View File

@@ -0,0 +1,58 @@
[
{
"shopperpress":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
},
{
"id":2990,
"title":"Potential Authentication Cookie Forgery",
"references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
"osvdb":"105620",
"cve":"2014-0166",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2991,
"title":"Privilege escalation: contributors publishing posts",
"references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
"osvdb":"105630",
"cve":"2014-0165",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
},
{
"id":2992,
"title":"Plupload Unspecified XSS",
"osvdb":"105622",
"secunia":"57769",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z",
"fixed_in":"3.8.2"
}
]
}
},
{
"webfolio":{
"vulnerabilities":[
{
"id":2993,
"title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
"references":"http://seclists.org/fulldisclosure/2013/Dec/135",
"osvdb":"101101",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

7
spec/samples/common/collections/wp_themes/detectable/vulns.xml
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- the vulnerability node is not needed -->
<themes>
<theme name="shopperpress"/>
<not-valid name="wise"/>
<theme name="webfolio"/>
</themes>

14
spec/samples/common/models/vulnerability/json_item.json Normal file
View File

@@ -0,0 +1,14 @@
{
"id": "3911",
"title": "Vuln Title",
"url": "Ref 1,Ref 2",
"secunia": "secunia",
"osvdb": "osvdb",
"cve": "2011-001",
"metasploit": "exploit/ex1",
"exploitdb": "exploitdb",
"created_at": "2014-07-28T12:10:45.000Z",
"updated_at": "2014-07-28T12:10:45.000Z",
"type": "CSRF",
"fixed_in": "1.0"
}

14
spec/samples/common/models/vulnerability/xml_node.xml
View File

@@ -1,14 +0,0 @@
<vulnerability>
<title>Vuln Title</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>CSRF</type>
<fixed_in>1.0</fixed_in>
</vulnerability>

1
spec/samples/common/models/wp_item/vulnerable/empty.json Normal file
View File

@@ -0,0 +1 @@
{}

5
spec/samples/common/models/wp_item/vulnerable/empty.xml
View File

@@ -1,5 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
</vulnerabilities>

35
spec/samples/common/models/wp_item/vulnerable/items_vulns.json Normal file
View File

@@ -0,0 +1,35 @@
[
{
"not-this-one":{
"vulnerabilities":[
{
"id":2989,
"title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
"url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:43:41.000Z"
}
]
}
},
{
"neo":{
"vulnerabilities":[
{
"id":2993,
"title":"I'm the one",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

37
spec/samples/common/models/wp_item/vulnerable/items_vulns.xml
View File

@@ -1,37 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<item name="not-this-one">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>RFI</type>
</vulnerability>
</item>
<item name="neo">
<vulnerability>
<title>I'm the one</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</item>
</vulnerabilities>

56
spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json Normal file
View File

@@ -0,0 +1,56 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"white-rabbit":{
"vulnerabilities":[
{
"id":2993,
"title":"Follow me!",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"REDIRECT",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

48
spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.xml
View File

@@ -1,48 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<plugin name="mr-smith">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>RCE</type>
</vulnerability>
<vulnerability>
<title>Neither do I</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>FPD</type>
</vulnerability>
</plugin>
<plugin name="white-rabbit">
<vulnerability>
<title>Follow me!</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>REDIRECT</type>
</vulnerability>
</plugin>
</vulnerabilities>

56
spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json Normal file
View File

@@ -0,0 +1,56 @@
[
{
"mr-smith":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
},
{
"id":2989,
"title":"Neither do I",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"the-oracle":{
"vulnerabilities":[
{
"id":2993,
"title":"I see you",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"FPD",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

48
spec/samples/common/models/wp_theme/vulnerable/themes_vulns.xml
View File

@@ -1,48 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<theme name="not-this-one">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
<vulnerability>
<title>Neither do I</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</theme>
<theme name="the-oracle">
<vulnerability>
<title>I see you</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>FPD</type>
</vulnerability>
</theme>
</vulnerabilities>

42
spec/samples/common/models/wp_version/vulnerable/versions_vulns.json Normal file
View File

@@ -0,0 +1,42 @@
[
{
"3.5":{
"vulnerabilities":[
{
"id":2989,
"title":"I should not appear in the results",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"XSS",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
},
{
"3.2":{
"vulnerabilities":[
{
"id":2993,
"title":"Here I Am",
"url":"Ref 1,Ref 2",
"osvdb":"osvdb",
"cve":"2011-001",
"secunia":"secunia",
"metasploit":"exploit/ex1",
"exploitdb":"exploitdb",
"type":"SQLI",
"fixed_in":"",
"created_at":"2014-07-28T12:10:07.000Z",
"updated_at":"2014-07-28T12:10:07.000Z"
}
]
}
}
]

35
spec/samples/common/models/wp_version/vulnerable/versions_vulns.xml
View File

@@ -1,35 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<vulnerabilities>
<wordpress version="3.5">
<vulnerability>
<title>I should not appear in the results</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>XSS</type>
</vulnerability>
</wordpress>
<wordpress version="3.2">
<vulnerability>
<title>Here I Am</title>
<references>
<metasploit>exploit/ex1</metasploit>
<url>Ref 1</url>
<url>Ref 2</url>
<cve>2011-001</cve>
<secunia>secunia</secunia>
<osvdb>osvdb</osvdb>
<exploitdb>exploitdb</exploitdb>
</references>
<type>SQLI</type>
</vulnerability>
</wordpress>
</vulnerabilities>

4
spec/shared_examples/wp_item_vulnerable.rb
View File

@@ -10,7 +10,7 @@ shared_examples 'WpItem::Vulnerable' do
# let(:vulns_xpath) { }
describe '#vulnerabilities' do
let(:empty_file) { MODELS_FIXTURES + '/wp_item/vulnerable/empty.xml' }
let(:empty_file) { MODELS_FIXTURES + '/wp_item/vulnerable/empty.json' }
before do
stub_request(:get, /.*\/readme\.txt/i)
@@ -19,7 +19,7 @@ shared_examples 'WpItem::Vulnerable' do
after do
subject.vulns_file = @vulns_file
subject.vulns_xpath = vulns_xpath if defined?(vulns_xpath)
subject.identifier = identifier if defined?(identifier)
result = subject.vulnerabilities
expect(result).to be_a Vulnerabilities

28
spec/shared_examples/wp_items_detectable.rb
View File

@@ -3,7 +3,7 @@
require WPSCAN_LIB_DIR + '/wp_target'
shared_examples 'WpItems::Detectable' do
let(:vulns_file) { fixtures_dir + '/vulns.xml' }
let(:vulns_file) { fixtures_dir + '/vulns.json' }
let(:targets_items_file) { fixtures_dir + '/targets.txt' }
let(:wp_content_dir) { 'wp-content' }
let(:wp_plugins_dir) { wp_content_dir + '/plugins' }
@@ -52,13 +52,14 @@ shared_examples 'WpItems::Detectable' do
end
end
context 'when an empty file' do
let(:file) { empty_file }
# should raise error.
# context 'when an empty file' do
# let(:file) { empty_file }
it 'returns an empty Array' do
@expected = []
end
end
# it 'returns an empty Array' do
# @expected = []
# end
# end
context 'when a file' do
let(:file) { targets_items_file }
@@ -82,13 +83,14 @@ shared_examples 'WpItems::Detectable' do
end
end
context 'when an empty file' do
let(:vulns_file) { empty_file }
# should raise error.
# context 'when an empty file' do
# let(:file) { empty_file }
it 'returns an empty Array' do
@expected = []
end
end
# it 'returns an empty Array' do
# @expected = []
# end
# end
context 'when a file' do
it 'returns the expected Array of WpItem' do

6
spec/shared_examples/wp_plugin_vulnerable.rb
View File

@@ -13,14 +13,14 @@ shared_examples 'WpPlugin::Vulnerable' do
context 'when the :vulns_file is already set' do
it 'returns it' do
@expected = 'test.xml'
@expected = 'test.json'
subject.vulns_file = @expected
end
end
end
describe '#vulns_xpath' do
its(:vulns_xpath) { is_expected.to eq "//plugin[@name='plugin-name']/vulnerability" }
describe '#identifier' do
its(:identifier) { is_expected.to eq 'plugin-name' }
end
end

6
spec/shared_examples/wp_theme_vulnerable.rb
View File

@@ -13,14 +13,14 @@ shared_examples 'WpTheme::Vulnerable' do
context 'when the :vulns_file is already set' do
it 'returns it' do
@expected = 'test.xml'
@expected = 'test.json'
subject.vulns_file = @expected
end
end
end
describe '#vulns_xpath' do
its(:vulns_xpath) { is_expected.to eq "//theme[@name='theme-name']/vulnerability" }
describe '#identifier' do
its(:identifier) { is_expected.to eq 'theme-name' }
end
end

6
spec/shared_examples/wp_version_vulnerable.rb
View File

@@ -13,14 +13,14 @@ shared_examples 'WpVersion::Vulnerable' do
context 'when the :vulns_file is already set' do
it 'returns it' do
@expected = 'test.xml'
@expected = 'test.json'
subject.vulns_file = @expected
end
end
end
describe '#vulns_xpath' do
its(:vulns_xpath) { is_expected.to eq "//wordpress[@version='1.2']/vulnerability" }
describe '#identifier' do
its(:identifier) { is_expected.to eq '1.2' }
end
end

62
spec/xml_checks_spec.rb
View File

@@ -20,26 +20,11 @@ describe 'XSD checks' do
end
end
it 'check plugin_vulns.xml for syntax errors' do
@file = PLUGINS_VULNS_FILE
@xsd = VULNS_XSD
end
it 'check theme_vulns.xml for syntax errors' do
@file = THEMES_VULNS_FILE
@xsd = VULNS_XSD
end
it 'check wp_versions.xml for syntax errors' do
@file = WP_VERSIONS_FILE
@xsd = WP_VERSIONS_XSD
end
it 'check wp_vulns.xml for syntax errors' do
@file = WP_VULNS_FILE
@xsd = VULNS_XSD
end
it 'check local_vulnerable_files.xml for syntax errors' do
@file = LOCAL_FILES_FILE
@xsd = LOCAL_FILES_XSD
@@ -57,58 +42,11 @@ describe 'Well formed XML checks' do
end
end
it 'check plugin_vulns.xml for syntax errors' do
@file = PLUGINS_VULNS_FILE
end
it 'check theme_vulns.xml for syntax errors' do
@file = THEMES_VULNS_FILE
end
it 'check wp_versions.xml for syntax errors' do
@file = WP_VERSIONS_FILE
end
it 'check wp_vulns.xml for syntax errors' do
@file = WP_VULNS_FILE
end
it 'check local_vulnerable_files.xml for syntax errors' do
@file = LOCAL_FILES_FILE
end
end
describe 'XML content' do
before :all do
@vuln_plugins = xml(PLUGINS_VULNS_FILE)
@vuln_themes = xml(THEMES_VULNS_FILE)
end
after :each do
expect(@result.size).to eq(0), "Items:\n#{@result.join("\n")}"
end
it 'each plugin vuln needs a type node' do
@result = @vuln_plugins.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
end
it 'each theme vuln needs a type node' do
@result = @vuln_themes.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
end
it 'each plugin vuln needs a title node' do
@result = @vuln_plugins.xpath('//vulnerability[not(title)]/../@name').map(&:text)
end
it 'each theme vuln needs a title node' do
@result = @vuln_themes.xpath('//vulnerability[not(title)]/../@name').map(&:text)
end
it 'each plugin vuln needs a references node' do
@result = @vuln_plugins.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
end
it 'each theme vuln needs a references node' do
@result = @vuln_themes.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
end
end