New enumeration system

lib/common/models/wp_item/existable.rb

@@ -0,0 +1,55 @@
+# encoding: UTF-8
+
+# HACK
+module Typhoeus
+  class Response
+
+    # Compare the body hash to error_404_hash and homepage_hash
+    # returns true if they are different, false otherwise
+    #
+    # @return [ Boolean ]
+    def has_valid_hash?(error_404_hash, homepage_hash)
+      body_hash = Digest::MD5.hexdigest(self.body)
+
+      body_hash != error_404_hash && body_hash != homepage_hash
+    end
+  end
+end
+
+class WpItem
+  module Existable
+
+    def exists?(options = {}, response = nil)
+      unless response
+        response = Browser.instance.get(url)
+      end
+      exists_from_response?(response, options)
+    end
+
+    protected
+
+    # options:
+    #   :error_404_hash
+    #   :homepage_hash
+    #   :exclude_content REGEXP
+    #
+    # @return [ Boolean ]
+    def exists_from_response?(response, options = {})
+      # FIXME : The response is supposed to follow locations, so we should not have 301 or 302.
+      # However, due to an issue with Typhoeus or Webmock, the location is not followed in specs
+      if [200, 301, 302, 401, 403].include?(response.code)
+        if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash])
+          if options[:exclude_content]
+            unless response.body.match(options[:exclude_content])
+              return true
+            end
+          else
+            return true
+          end
+        end
+      end
+      false
+    end
+
+  end
+end

lib/common/models/wp_item/findable.rb

@@ -0,0 +1,15 @@
+# encoding: UTF-8
+
+class WpItem
+  attr_reader :found_from
+
+  #def allowed_options; super << :found_from end
+
+  def found_from=(method)
+    @found_from = method[%r{find_from_(.*)}, 1].gsub('_', ' ')
+  end
+
+  module Findable
+
+  end
+end

lib/common/models/wp_item/infos.rb

@@ -0,0 +1,58 @@
+# encoding: UTF-8
+
+class WpItem
+  module Infos
+
+    # @return [ Boolean ]
+    def has_readme?
+      Browser.instance.get(readme_url).code == 200 ? true : false
+    end
+
+    # @return [ String ]
+    def readme_url
+      @uri.merge('readme.txt').to_s
+    end
+
+    # @return [ String ]
+    def wordpress_url
+
+    end
+
+    def wordpress_org_item?
+
+    end
+
+    # @return [ Boolean ]
+    def has_changelog?
+      Browser.instance.get(changelog_url).code == 200 ? true : false
+    end
+
+    # @return [ String ]
+    def changelog_url
+      @uri.merge('changelog.txt').to_s
+    end
+
+    # @return [ Boolean ]
+    def has_directory_listing?
+      Browser.instance.get(@uri.to_s).body[%r{<title>Index of}] ? true : false
+    end
+
+    # Discover any error_log files created by WordPress
+    # These are created by the WordPress error_log() function
+    # They are normally found in the /plugins/ directory,
+    # however can also be found in their specific plugin dir.
+    # http://www.exploit-db.com/ghdb/3714/
+    #
+    # @return [ Boolean ]
+    def has_error_log?
+      response_body = Browser.instance.get(error_log_url, headers: {'range' => 'bytes=0-700'}).body
+      response_body[%r{PHP Fatal error}i] ? true : false
+    end
+
+    # @return [ String ]
+    def error_log_url
+      @uri.merge('error_log').to_s
+    end
+
+  end
+end

lib/common/models/wp_item/output.rb

@@ -0,0 +1,24 @@
+# encoding: UTF-8
+
+class WpItem
+  module Output
+
+    # @return [ Void ]
+    def output
+      puts
+      puts " | Name: #{self}" #this will also output the version number if detected
+      puts " | Location: #{url}"
+      #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
+      puts ' | Directory listing enabled: Yes' if has_directory_listing?
+      puts " | Readme: #{readme_url}" if has_readme?
+      puts " | Changelog: #{changelog_url}" if has_changelog?
+
+      vulnerabilities.output
+
+      if has_error_log?
+        puts ' | ' + red('[!]') + " An error_log file has been found : #{error_log_url}"
+      end
+    end
+
+  end
+end

lib/common/models/wp_item/versionable.rb

@@ -0,0 +1,25 @@
+# encoding: UTF-8
+
+class WpItem
+  attr_writer :version
+
+  #def allowed_options; super << :version end
+
+  module Versionable
+
+    # Get the version from the readme.txt
+    def version
+      unless @version
+        response = Browser.instance.get(readme_url)
+        @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
+      end
+      @version
+    end
+
+    def to_s
+      item_version = self.version
+      "#@name#{' v' + item_version.strip if item_version}"
+    end
+
+  end
+end

lib/common/models/wp_item/vulnerable.rb

@@ -0,0 +1,26 @@
+# encoding: UTF-8
+
+class WpItem
+
+  # moved this into the module ?
+  def vulns_file=(file)
+    if File.exists?(file)
+      @vulns_file = file
+    else
+      raise "The file #{file} does not exist"
+    end
+  end
+
+  module Vulnerable
+    # @return [ Vulnerabilities ]
+    def vulnerabilities
+      xml             = xml(vulns_file)
+      vulnerabilities = Vulnerabilities.new
+
+      xml.xpath(vulns_xpath).each do |node|
+        vulnerabilities << Vulnerability.load_from_xml_node(node)
+      end
+      vulnerabilities
+    end
+  end
+end