New Plugin detection method

2013-01-19 19:38:25 +01:00
parent 8b9fbca73e
commit cbe439f0d7
7 changed files with 43454 additions and 33869 deletions
--- a/data/plugins.txt
+++ b/data/plugins.txt
--- a/data/plugins_full.txt
+++ b/data/plugins_full.txt
--- a/data/themes.txt
+++ b/data/themes.txt
--- a/data/themes_full.txt
+++ b/data/themes_full.txt
--- a/lib/wpscan/wp_enumerator.rb
+++ b/lib/wpscan/wp_enumerator.rb
@@ -104,11 +104,12 @@ class WpEnumerator
      # Open and parse the 'most popular' plugin list...
      File.open(file, "r") do |f|
        f.readlines.collect do |line|
          l = line.strip
          targets_url << WpItem.new(
            :base_url       => url,
-            :path           => line.strip,
+            :path           => l,
            :wp_content_dir => wp_content_dir,
-            :name           => File.dirname(line.strip),
+            :name           => l =~ /.+\/.+/ ? File.dirname(l) : l.sub(/\/$/, ""),
            :vulns_file     => vulns_file,
            :type           => type,
            :wp_plugins_dir => plugins_dir
--- a/lib/wpstools/plugins/list_generator/generate_list.rb
+++ b/lib/wpstools/plugins/list_generator/generate_list.rb
@@ -70,14 +70,13 @@ class GenerateList
  def generate_full_list
    set_file_name(:full)
-    items = SvnParser.new(@svn_url, @verbose).parse
+    items = SvnParser.new(@svn_url).parse
    save items
  end
  def generate_popular_list(pages)
    set_file_name(:popular)
-    popular = get_popular_items(pages)
+    items = get_popular_items(pages)
    items = SvnParser.new(@svn_url, @verbose).parse(popular)
    save items
  end
--- a/lib/wpstools/plugins/list_generator/svn_parser.rb
+++ b/lib/wpstools/plugins/list_generator/svn_parser.rb
@@ -23,20 +23,14 @@ class SvnParser
  attr_accessor :verbose, :svn_root, :keep_empty_dirs
-  def initialize(svn_root, verbose, keep_empty_dirs = false)
+  def initialize(svn_root)
    @svn_root         = svn_root
    @verbose          = verbose
    @keep_empty_dirs  = keep_empty_dirs
    @svn_browser      = Browser.instance
    @svn_hydra        = @svn_browser.hydra
  end
-  def parse(dirs=nil)
+  def parse()
-    if dirs == nil
+    get_root_directories
      dirs = get_root_directories
    end
    urls = get_svn_project_urls(dirs)
    get_svn_file_entries(urls)
  end
  #Private methods start here
@@ -52,84 +46,4 @@ class SvnParser
    dirs.sort!
    dirs.uniq
  end
  def get_svn_project_urls(dirs)
    urls = []
    queue_count = 0
    # First get all trunk or version directories
    dirs.each do |dir|
      svnurl = @svn_root + dir + "/"
      request = @svn_browser.forge_request(URI.encode(svnurl))
      request.on_complete do |response|
        # trunk folder present
        if contains_trunk(response)
          puts "[+] Adding trunk on #{dir}" if @verbose
          urls << {:name => dir, :folder => "trunk"}
          # no trunk folder. This is true on theme svn repos
        else
          folders = response.body.scan(%r{^\s*<li><a href="(.+)/">.+/</a></li>$}i)
          if folders != nil and folders.length > 0
            last_version = folders.last[0]
            puts "[+] Adding #{last_version} on #{dir}" if @verbose
            urls << {:name => dir, :folder => last_version}
          else
            puts "[+] No content in #{dir}" if @verbose
          end
        end
      end
      queue_count += 1
      @svn_hydra.queue(request)
      # the wordpress server stops
      # responding if we dont use this.
      if queue_count == @svn_browser.max_threads
        @svn_hydra.run
        queue_count = 0
      end
    end
    @svn_hydra.run
    urls
  end
  # Get a file in each directory
  # TODO: exclude files like Thumbs.db (Example: wordpress-23-related-posts-plugin/)
  def get_svn_file_entries(dirs)
    entries = []
    queue_count = 0
    dirs.each do |dir|
      url = @svn_root + dir[:name] + "/" + dir[:folder] + "/"
      request = @svn_browser.forge_request(URI.encode(url))
      request.on_complete do |response|
        puts "[+] Parsing url #{url} [#{response.code.to_s}]" if @verbose
        file = response.body[%r{<li><a href="(.+\.[^/]+)">.+</a></li>}i, 1]
        # TODO: recursive parsing of subdirectories if there is no file in the root directory
        path = dir[:name] + "/"
        if file
          path += file
          entries << path
          puts "[+] Added #{path}" if @verbose
        elsif @keep_empty_dirs
          entries << path
          puts "[+] Added #{path}" if @verbose
        end
      end
      queue_count += 1
      @svn_hydra.queue(request)
      # the wordpress server stops
      # responding if we dont use this.
      if queue_count == @svn_browser.max_threads
        @svn_hydra.run
        queue_count = 0
      end
    end
    @svn_hydra.run
    entries
  end
  def contains_trunk(body)
    contains = false
    if !!(body =~ %r[<li><a href="trunk/">trunk/</a></li>]i)
      contains = true
    end
    contains
  end
 end