garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New Plugin detection method

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-01-19 19:38:25 +01:00
parent 8b9fbca73e
commit cbe439f0d7
7 changed files with 43454 additions and 33869 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/wpscan/wp_enumerator.rb
View File

@@ -104,11 +104,12 @@ class WpEnumerator
# Open and parse the 'most popular' plugin list...
File.open(file, "r") do |f|
f.readlines.collect do |line|
l = line.strip
targets_url << WpItem.new(
:base_url => url,
:path => line.strip,
:path => l,
:wp_content_dir => wp_content_dir,
:name => File.dirname(line.strip),
:name => l =~ /.+\/.+/ ? File.dirname(l) : l.sub(/\/$/, ""),
:vulns_file => vulns_file,
:type => type,
:wp_plugins_dir => plugins_dir

5
lib/wpstools/plugins/list_generator/generate_list.rb
View File

@@ -70,14 +70,13 @@ class GenerateList
def generate_full_list
set_file_name(:full)
items = SvnParser.new(@svn_url, @verbose).parse
items = SvnParser.new(@svn_url).parse
save items
end
def generate_popular_list(pages)
set_file_name(:popular)
popular = get_popular_items(pages)
items = SvnParser.new(@svn_url, @verbose).parse(popular)
items = get_popular_items(pages)
save items
end

92
lib/wpstools/plugins/list_generator/svn_parser.rb
View File

@@ -23,20 +23,14 @@ class SvnParser
attr_accessor :verbose, :svn_root, :keep_empty_dirs
def initialize(svn_root, verbose, keep_empty_dirs = false)
def initialize(svn_root)
@svn_root = svn_root
@verbose = verbose
@keep_empty_dirs = keep_empty_dirs
@svn_browser = Browser.instance
@svn_hydra = @svn_browser.hydra
end
def parse(dirs=nil)
if dirs == nil
dirs = get_root_directories
end
urls = get_svn_project_urls(dirs)
get_svn_file_entries(urls)
def parse()
get_root_directories
end
#Private methods start here
@@ -52,84 +46,4 @@ class SvnParser
dirs.sort!
dirs.uniq
end
def get_svn_project_urls(dirs)
urls = []
queue_count = 0
# First get all trunk or version directories
dirs.each do |dir|
svnurl = @svn_root + dir + "/"
request = @svn_browser.forge_request(URI.encode(svnurl))
request.on_complete do |response|
# trunk folder present
if contains_trunk(response)
puts "[+] Adding trunk on #{dir}" if @verbose
urls << {:name => dir, :folder => "trunk"}
# no trunk folder. This is true on theme svn repos
else
folders = response.body.scan(%r{^\s*<li><a href="(.+)/">.+/</a></li>$}i)
if folders != nil and folders.length > 0
last_version = folders.last[0]
puts "[+] Adding #{last_version} on #{dir}" if @verbose
urls << {:name => dir, :folder => last_version}
else
puts "[+] No content in #{dir}" if @verbose
end
end
end
queue_count += 1
@svn_hydra.queue(request)
# the wordpress server stops
# responding if we dont use this.
if queue_count == @svn_browser.max_threads
@svn_hydra.run
queue_count = 0
end
end
@svn_hydra.run
urls
end
# Get a file in each directory
# TODO: exclude files like Thumbs.db (Example: wordpress-23-related-posts-plugin/)
def get_svn_file_entries(dirs)
entries = []
queue_count = 0
dirs.each do |dir|
url = @svn_root + dir[:name] + "/" + dir[:folder] + "/"
request = @svn_browser.forge_request(URI.encode(url))
request.on_complete do |response|
puts "[+] Parsing url #{url} [#{response.code.to_s}]" if @verbose
file = response.body[%r{<li><a href="(.+\.[^/]+)">.+</a></li>}i, 1]
# TODO: recursive parsing of subdirectories if there is no file in the root directory
path = dir[:name] + "/"
if file
path += file
entries << path
puts "[+] Added #{path}" if @verbose
elsif @keep_empty_dirs
entries << path
puts "[+] Added #{path}" if @verbose
end
end
queue_count += 1
@svn_hydra.queue(request)
# the wordpress server stops
# responding if we dont use this.
if queue_count == @svn_browser.max_threads
@svn_hydra.run
queue_count = 0
end
end
@svn_hydra.run
entries
end
def contains_trunk(body)
contains = false
if !!(body =~ %r[<li><a href="trunk/">trunk/</a></li>]i)
contains = true
end
contains
end
end