Merge branch 'json_data'

Conflicts:
	data/plugin_vulns.xml
	data/theme_vulns.xml

lib/common/collections/wp_items/detectable.rb

@@ -142,16 +142,17 @@ class WpItems < Array
     # @return [ Array<WpItem> ]
     def vulnerable_targets_items(wp_target, item_class, vulns_file)
       targets = []
-      xml     = xml(vulns_file)
+      json    = json(vulns_file)
 
-      xml.xpath(item_xpath).each do |node|
+      [*json].each do |item|
         targets << create_item(
           item_class,
-          node.attribute('name').text,
+          item.keys.inject,
           wp_target,
           vulns_file
         )
       end
+
       targets
     end
 
@@ -190,6 +191,7 @@ class WpItems < Array
           )
         end
       end
+
       targets
     end
 

lib/common/collections/wp_plugins/detectable.rb

@@ -9,9 +9,9 @@ class WpPlugins < WpItems
     end
 
     # @return [ String ]
-    def item_xpath
-      '//plugin'
-    end
+    # def item_xpath
+    #   '//plugin'
+    # end
 
     # @param [ WpTarget ] wp_target
     # @param [ Hash ] options

lib/common/collections/wp_themes/detectable.rb

@@ -9,9 +9,9 @@ class WpThemes < WpItems
     end
 
     # @return [ String ]
-    def item_xpath
-      '//theme'
-    end
+    # def item_xpath
+    #   '//theme'
+    # end
 
   end
 end

lib/common/common_helper.rb

@@ -22,14 +22,14 @@ WPSTOOLS_PLUGINS_DIR = File.join(WPSTOOLS_LIB_DIR, 'plugins')
 # Data files
 PLUGINS_FILE        = File.join(DATA_DIR, 'plugins.txt')
 PLUGINS_FULL_FILE   = File.join(DATA_DIR, 'plugins_full.txt')
-PLUGINS_VULNS_FILE  = File.join(DATA_DIR, 'plugin_vulns.xml')
+PLUGINS_VULNS_FILE  = File.join(DATA_DIR, 'plugin_vulns.json')
 THEMES_FILE         = File.join(DATA_DIR, 'themes.txt')
 THEMES_FULL_FILE    = File.join(DATA_DIR, 'themes_full.txt')
-THEMES_VULNS_FILE   = File.join(DATA_DIR, 'theme_vulns.xml')
-WP_VULNS_FILE       = File.join(DATA_DIR, 'wp_vulns.xml')
+THEMES_VULNS_FILE   = File.join(DATA_DIR, 'theme_vulns.json')
+WP_VULNS_FILE       = File.join(DATA_DIR, 'wp_vulns.json')
 WP_VERSIONS_FILE    = File.join(DATA_DIR, 'wp_versions.xml')
 LOCAL_FILES_FILE    = File.join(DATA_DIR, 'local_vulnerable_files.xml')
-VULNS_XSD           = File.join(DATA_DIR, 'vuln.xsd')
+# VULNS_XSD           = File.join(DATA_DIR, 'vuln.xsd')
 WP_VERSIONS_XSD     = File.join(DATA_DIR, 'wp_versions.xsd')
 LOCAL_FILES_XSD     = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
 USER_AGENTS_FILE    = File.join(DATA_DIR, 'user-agents.txt')
@@ -54,7 +54,7 @@ require 'environment'
 def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
   files = Dir[File.join(absolute_dir_path, files_pattern)]
 
-  # Files in the root dir are loaded first, then thoses in the subdirectories
+  # Files in the root dir are loaded first, then those in the subdirectories
   files.sort_by { |file| [file.count("/"), file] }.each do |f|
     f = File.expand_path(f)
     #puts "require #{f}" # Used for debug
@@ -64,14 +64,6 @@ end
 
 require_files_from_directory(COMMON_LIB_DIR, '**/*.rb')
 
-# Hook to check if the target if down during the scan
-# The target is considered down after 10 requests with status = 0
-down = 0
-Typhoeus.on_complete do |response|
-  down += 1 if response.code == 0
-  fail 'The target seems to be down' if down >= 10
-end
-
 # Add protocol
 def add_http_protocol(url)
   url =~ /^https?:/ ? url : "http://#{url}"
@@ -153,6 +145,17 @@ def xml(file)
   end
 end
 
+def json(file)
+  content = File.open(file).read
+
+  begin
+    JSON.parse(content)
+  rescue => e
+    puts "[ERROR] In JSON file parsing #{file} #{e}"
+    raise
+  end
+end
+
 def redefine_constant(constant, value)
   Object.send(:remove_const, constant)
   Object.const_set(constant, value)

lib/common/models/vulnerability.rb

@@ -35,27 +35,23 @@ class Vulnerability
   end
   # :nocov:
 
-  # Create the Vulnerability from the xml_node
+  # Create the Vulnerability from the json_item
   #
-  # @param [ Nokogiri::XML::Node ] xml_node
+  # @param [ Hash ] json_item
   #
   # @return [ Vulnerability ]
-  def self.load_from_xml_node(xml_node)
+  def self.load_from_json_item(json_item)
     references = {}
-    refs = xml_node.search('references')
-    if refs
-      references[:url] = refs.search('url').map(&:text)
-      references[:cve] = refs.search('cve').map(&:text)
-      references[:secunia] = refs.search('secunia').map(&:text)
-      references[:osvdb] = refs.search('osvdb').map(&:text)
-      references[:metasploit] = refs.search('metasploit').map(&:text)
-      references[:exploitdb] = refs.search('exploitdb').map(&:text)
+
+    [:url, :cve, :secunia, :osvdb, :metasploit, :exploitdb].each do |key|
+      references[key] = json_item[key.to_s].split(',') if json_item[key.to_s]
     end
+
     new(
-      xml_node.search('title').text,
-      xml_node.search('type').text,
+      json_item['title'],
+      json_item['type'],
       references,
-      xml_node.search('fixed_in').text,
+      json_item['fixed_in'],
     )
   end
 

lib/common/models/vulnerability/output.rb

@@ -14,7 +14,7 @@ class Vulnerability
           puts "    Reference: #{url}" if url
         end
       end
-      if !fixed_in.empty?
+      if !fixed_in.nil?
          puts "#{blue('[i]')} Fixed in: #{fixed_in}"
       end
     end

lib/common/models/wp_item/vulnerable.rb

@@ -2,22 +2,27 @@
 
 class WpItem
   module Vulnerable
-    attr_accessor :vulns_file, :vulns_xpath
+    attr_accessor :vulns_file, :identifier
 
     # Get the vulnerabilities associated to the WpItem
     # Filters out already fixed vulnerabilities
     #
     # @return [ Vulnerabilities ]
     def vulnerabilities
-      xml             = xml(vulns_file)
+      json            = json(vulns_file)
       vulnerabilities = Vulnerabilities.new
 
-      xml.xpath(vulns_xpath).each do |node|
-        vuln = Vulnerability.load_from_xml_node(node)
-        if vulnerable_to?(vuln)
-          vulnerabilities << vuln
+      json.each do |item|
+        asset = item[identifier]
+
+        if asset
+          asset['vulnerabilities'].each do |vulnerability|
+            vulnerability = Vulnerability.load_from_json_item(vulnerability)
+            vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
+          end
         end
       end
+
       vulnerabilities
     end
 
@@ -41,5 +46,4 @@ class WpItem
       return false
     end
   end
-
 end

lib/common/models/wp_plugin/vulnerable.rb

@@ -12,8 +12,8 @@ class WpPlugin < WpItem
     end
 
     # @return [ String ]
-    def vulns_xpath
-      "//plugin[@name='#{@name}']/vulnerability"
+    def identifier
+      @name
     end
 
   end

lib/common/models/wp_theme/vulnerable.rb

@@ -12,9 +12,8 @@ class WpTheme < WpItem
     end
 
     # @return [ String ]
-    def vulns_xpath
-      "//theme[@name='#{@name}']/vulnerability"
+    def identifier
+      @name
     end
-
   end
 end

lib/common/models/wp_version/vulnerable.rb

@@ -12,9 +12,14 @@ class WpVersion < WpItem
     end
 
     # @return [ String ]
-    def vulns_xpath
-      "//wordpress[@version='#{@number}']/vulnerability"
-    end
+    def identifier
+      @number
+    end  
+
+    # @return [ String ]
+    # def vulns_xpath
+    #   "//wordpress[@version='#{@number}']/vulnerability"
+    # end
 
   end
 end

lib/wpscan/wpscan_helper.rb

@@ -108,3 +108,11 @@ def help
   puts '--verbose  | -v                     Verbose output.'
   puts
 end
+
+# Hook to check if the target if down during the scan
+# The target is considered down after 10 requests with status = 0
+down = 0
+Typhoeus.on_complete do |response|
+  down += 1 if response.code == 0
+  fail 'The target seems to be down' if down >= 10
+end

lib/wpstools/plugins/checker/checker_plugin.rb

@@ -29,11 +29,18 @@ class CheckerPlugin < Plugin
     puts '[+] Checking vulnerabilities reference urls'
 
     vuln_ref_files.each do |vuln_ref_file|
-      xml = xml(vuln_ref_file)
+      json = json(vuln_ref_file)
 
       urls = []
-      xml.xpath('//references/url').each { |node| urls << node.text }
-
+      json.each do |asset|
+        asset[asset.keys.inject]['vulnerabilities'].each do |url|
+          unless url['url'].nil?
+            url['url'].split(',').each do |url|
+              urls << url
+            end
+          end
+        end
+      end
       urls.uniq!
 
       puts "[!] No URLs found in #{vuln_ref_file}!" if urls.empty?

lib/wpstools/plugins/stats/stats_plugin.rb

@@ -48,38 +48,39 @@ class StatsPlugin < Plugin
   end
 
   def vuln_core_count(file=WP_VULNS_FILE)
-    xml(file).xpath('count(//wordpress)').to_i
+    json(file).size
   end
 
   def vuln_plugin_count(file=PLUGINS_VULNS_FILE)
-    xml(file).xpath('count(//plugin)').to_i
+    json(file).size
   end
 
   def vuln_theme_count(file=THEMES_VULNS_FILE)
-    xml(file).xpath('count(//theme)').to_i
+    json(file).size
   end
 
   def version_vulns_count(file=WP_VULNS_FILE)
-    xml(file).xpath('count(//vulnerability)').to_i
+    asset_vulns_count(json(file))
   end
+
   def fix_version_count(file=WP_VULNS_FILE)
-    xml(file).xpath('count(//fixed_in)').to_i
+    asset_fixed_in_count(json(file))
   end
 
   def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
-    xml(file).xpath('count(//vulnerability)').to_i
+    asset_vulns_count(json(file))
   end
 
   def fix_plugin_count(file=PLUGINS_VULNS_FILE)
-    xml(file).xpath('count(//fixed_in)').to_i
+    asset_fixed_in_count(json(file))
   end
 
   def theme_vulns_count(file=THEMES_VULNS_FILE)
-    xml(file).xpath('count(//vulnerability)').to_i
+    asset_vulns_count(json(file))
   end
 
   def fix_theme_count(file=THEMES_VULNS_FILE)
-    xml(file).xpath('count(//fixed_in)').to_i
+    asset_fixed_in_count(json(file))
   end
 
   def total_plugins(file=PLUGINS_FULL_FILE)
@@ -94,4 +95,12 @@ class StatsPlugin < Plugin
     IO.readlines(file).size
   end
 
+  def asset_vulns_count(json)
+    json.map { |asset| asset[asset.keys.inject]['vulnerabilities'].size }.inject(:+)
+  end
+
+  def asset_fixed_in_count(json)
+    json.map { |asset| asset[asset.keys.inject]['vulnerabilities'].map {|a| a['fixed_in'].nil? ? 0 : 1 }.inject(:+) }.inject(:+)
+  end
+
 end