garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HELLO v3!!!

Browse Source
This commit is contained in:
Ryan Dewhurst
2018-09-26 21:12:01 +02:00
parent 28b9c15256
commit d268a86795
1871 changed files with 988118 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
spec/shared_examples/views/enumeration.rb Normal file
View File

@@ -0,0 +1,20 @@
require_relative 'enumeration/users'
require_relative 'enumeration/medias'
require_relative 'enumeration/themes'
require_relative 'enumeration/plugins'
require_relative 'enumeration/timthumbs'
require_relative 'enumeration/config_backups'
require_relative 'enumeration/db_exports'
shared_examples 'App::Views::Enumeration' do
let(:controller) { WPScan::Controller::Enumeration.new }
let(:tpl_vars) { { url: target_url } }
it_behaves_like 'App::Views::Enumeration::Users'
it_behaves_like 'App::Views::Enumeration::Medias'
it_behaves_like 'App::Views::Enumeration::Themes'
it_behaves_like 'App::Views::Enumeration::Plugins'
it_behaves_like 'App::Views::Enumeration::Timthumbs'
it_behaves_like 'App::Views::Enumeration::ConfigBackups'
it_behaves_like 'App::Views::Enumeration::DbExports'
end

18
spec/shared_examples/views/enumeration/config_backups.rb Normal file
View File

@@ -0,0 +1,18 @@
shared_examples 'App::Views::Enumeration::ConfigBackups' do
let(:view) { 'config_backups' }
let(:config_backup) { WPScan::ConfigBackup }
describe 'config_backups' do
context 'when no backups found' do
let(:expected_view) { File.join(view, 'none_found') }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(config_backups: [])
end
end
context 'when backups found' do
xit
end
end
end

18
spec/shared_examples/views/enumeration/db_exports.rb Normal file
View File

@@ -0,0 +1,18 @@
shared_examples 'App::Views::Enumeration::DbExports' do
let(:view) { 'db_exports' }
let(:db_export) { WPScan::DbExport }
describe 'db_exports' do
context 'when no file found' do
let(:expected_view) { File.join(view, 'none_found') }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(db_exports: [])
end
end
context 'when files found' do
xit
end
end
end

25
spec/shared_examples/views/enumeration/medias.rb Normal file
View File

@@ -0,0 +1,25 @@
shared_examples 'App::Views::Enumeration::Medias' do
let(:view) { 'medias' }
let(:media) { WPScan::Media }
describe 'medias' do
context 'when no medias found' do
let(:expected_view) { File.join(view, 'none_found') }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(medias: [])
end
end
context 'when medias found' do
let(:m1) { media.new(target_url + '?attachment_id=1', found_by: 'Attachment Brute Forcing') }
let(:m2) { media.new(target_url + '?attachment_id=5', found_by: 'Attachment Brute Forcing') }
let(:medias) { [m1, m2] }
let(:expected_view) { File.join(view, 'medias') }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(medias: medias)
end
end
end
end

18
spec/shared_examples/views/enumeration/plugins.rb Normal file
View File

@@ -0,0 +1,18 @@
shared_examples 'App::Views::Enumeration::Plugins' do
let(:view) { 'plugins' }
let(:plugin) { WPScan::Plugin }
describe 'plugins' do
context 'when no plugins found' do
let(:expected_view) { File.join(view, 'none_found') }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(plugins: [])
end
end
context 'when plugins found' do
xit
end
end
end

18
spec/shared_examples/views/enumeration/themes.rb Normal file
View File

@@ -0,0 +1,18 @@
shared_examples 'App::Views::Enumeration::Themes' do
let(:view) { 'themes' }
let(:plugin) { WPScan::Theme }
describe 'themes' do
context 'when no themes found' do
let(:expected_view) { File.join(view, 'none_found') }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(themes: [])
end
end
context 'when themes found' do
xit
end
end
end

43
spec/shared_examples/views/enumeration/timthumbs.rb Normal file
View File

@@ -0,0 +1,43 @@
shared_examples 'App::Views::Enumeration::Timthumbs' do
let(:view) { 'timthumbs' }
let(:timthumb) { WPScan::Timthumb }
let(:version) { WPScan::Version.new('2.8.14', found_by: 'Bad Request') }
describe 'timthumbs' do
context 'when no timthumbs found' do
let(:expected_view) { File.join(view, 'none_found') }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(timthumbs: [])
end
end
context 'when timthumbs found' do
let(:tt) { timthumb.new(target_url + 'tt.php', found_by: 'Known Locations') }
let(:tt2) { timthumb.new(target_url + 'tt2.php', found_by: 'Known Locations') }
let(:timthumbs) { [tt, tt2] }
context 'when not vulnerable' do
let(:expected_view) { File.join(view, 'no_vulns') }
it 'outputs the expected string' do
expect(timthumbs[0]).to receive(:version).at_least(1).and_return(version)
expect(timthumbs[1]).to receive(:version).at_least(1).and_return(version)
@tpl_vars = tpl_vars.merge(timthumbs: timthumbs)
end
end
context 'when vulnerable' do
let(:expected_view) { File.join(view, 'with_vulns') }
it 'outputs the expected string' do
expect(timthumbs[0]).to receive(:version).at_least(1).and_return(false)
expect(timthumbs[1]).to receive(:version).at_least(1).and_return(version)
@tpl_vars = tpl_vars.merge(timthumbs: timthumbs)
end
end
end
end
end

21
spec/shared_examples/views/enumeration/users.rb Normal file
View File

@@ -0,0 +1,21 @@
shared_examples 'App::Views::Enumeration::Users' do
let(:view) { 'users' }
let(:user) { CMSScanner::User }
describe 'users' do
context 'when no users found' do
let(:expected_view) { File.join(view, 'none_found') }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(users: [])
end
end
context 'when users found' do
let(:expected_view) { File.join(view, 'users') }
xit 'outputs the expected string' do
end
end
end
end

57
spec/shared_examples/views/main_theme.rb Normal file
View File

@@ -0,0 +1,57 @@
shared_examples 'App::Views::MainTheme' do
let(:controller) { WPScan::Controller::MainTheme.new }
let(:tpl_vars) { { url: target_url } }
let(:theme) { WPScan::Theme.new(theme_name, target, found_by: 'rspec') }
describe 'main_theme' do
let(:view) { 'theme' }
context 'when no theme found' do
let(:expected_view) { 'not_found' }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(theme: nil)
end
end
context 'when a theme found' do
let(:theme_name) { 'test' }
before do
expect(target).to receive(:content_dir).at_least(1).and_return('wp-content')
stub_request(:get, /.*/)
stub_request(:get, /.*\.css\z/)
.to_return(body: File.read(File.join(FIXTURES, 'models', 'theme', 'style.css')))
end
context 'when no verbose' do
let(:expected_view) { 'no_verbose' }
it 'outputs the expected string' do
expect(theme).to receive(:version).at_least(1)
@tpl_vars = tpl_vars.merge(theme: theme)
end
end
context 'when verbose' do
let(:expected_view) { 'verbose' }
it 'outputs the expected string' do
expect(theme).to receive(:version).at_least(1).and_return(WPScan::Version.new('3.2', found_by: 'style'))
@tpl_vars = tpl_vars.merge(theme: theme, verbose: true)
end
end
context 'when vulnerable' do
let(:expected_view) { 'vulnerable' }
let(:theme_name) { 'dignitas-themes' }
it 'outputs the expected string' do
expect(theme).to receive(:version).at_least(1)
@tpl_vars = tpl_vars.merge(theme: theme, verbose: true)
end
end
end
end
end

84
spec/shared_examples/views/wp_version.rb Normal file
View File

@@ -0,0 +1,84 @@
shared_examples 'App::Views::WpVersion' do
let(:controller) { WPScan::Controller::WpVersion.new }
let(:tpl_vars) { { url: target_url } }
describe 'version' do
let(:view) { 'version' }
context 'when the version is nil' do
let(:expected_view) { 'not_found' }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(version: nil)
end
end
context 'when the version is not nil' do
let(:version) { WPScan::WpVersion.new('4.0', found_by: 'rspec') }
context 'when confirmed_by is empty' do
context 'when no interesting_entries' do
let(:expected_view) { 'not_confirmed_no_entries' }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(version: version)
end
end
context 'when interesting_entries' do
let(:expected_view) { 'not_confirmed_entries' }
it 'outputs the expected string' do
version.interesting_entries << 'IE1' << 'IE2'
@tpl_vars = tpl_vars.merge(version: version)
end
end
end
context 'when confirmed_by is not empty' do
let(:confirmed_1) do
v = version.dup
v.found_by = 'Confirmed 1'
v.interesting_entries << 'IE1'
v
end
let(:confirmed_2) do
v = version.dup
v.found_by = 'Confirmed 2'
v.interesting_entries << 'IE1' << 'IE2'
v
end
context 'when one confirmed_by' do
let(:expected_view) { 'confirmed_one' }
it 'outputs the expected string' do
f = WPScan::Finders::Findings.new << version << confirmed_1
@tpl_vars = tpl_vars.merge(version: f.first)
end
end
context 'when multiple confirmed_by' do
let(:expected_view) { 'confirmed_multiples' }
it 'outputs the expected string' do
f = WPScan::Finders::Findings.new << version << confirmed_1 << confirmed_2
@tpl_vars = tpl_vars.merge(version: f.first)
end
end
end
end
context 'when the version is vulnerable' do
let(:expected_view) { 'with_vulns' }
it 'outputs the expected string' do
@tpl_vars = tpl_vars.merge(version: WPScan::WpVersion.new('3.8.1', found_by: 'rspec'))
end
end
end
end