HELLO v3!!!

2018-09-26 21:12:01 +02:00
parent 28b9c15256
commit d268a86795
1871 changed files with 988118 additions and 0 deletions
--- a/spec/shared_examples/views/enumeration/config_backups.rb
+++ b/spec/shared_examples/views/enumeration/config_backups.rb
@@ -0,0 +1,18 @@
+shared_examples 'App::Views::Enumeration::ConfigBackups' do
+  let(:view)          { 'config_backups' }
+  let(:config_backup) { WPScan::ConfigBackup }
+
+  describe 'config_backups' do
+    context 'when no backups found' do
+      let(:expected_view) { File.join(view, 'none_found') }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(config_backups: [])
+      end
+    end
+
+    context 'when backups found' do
+      xit
+    end
+  end
+end
--- a/spec/shared_examples/views/enumeration/db_exports.rb
+++ b/spec/shared_examples/views/enumeration/db_exports.rb
@@ -0,0 +1,18 @@
+shared_examples 'App::Views::Enumeration::DbExports' do
+  let(:view)      { 'db_exports' }
+  let(:db_export) { WPScan::DbExport }
+
+  describe 'db_exports' do
+    context 'when no file found' do
+      let(:expected_view) { File.join(view, 'none_found') }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(db_exports: [])
+      end
+    end
+
+    context 'when files found' do
+      xit
+    end
+  end
+end
--- a/spec/shared_examples/views/enumeration/medias.rb
+++ b/spec/shared_examples/views/enumeration/medias.rb
@@ -0,0 +1,25 @@
+shared_examples 'App::Views::Enumeration::Medias' do
+  let(:view)  { 'medias' }
+  let(:media) { WPScan::Media }
+
+  describe 'medias' do
+    context 'when no medias found' do
+      let(:expected_view) { File.join(view, 'none_found') }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(medias: [])
+      end
+    end
+
+    context 'when medias found' do
+      let(:m1)     { media.new(target_url + '?attachment_id=1', found_by: 'Attachment Brute Forcing') }
+      let(:m2)     { media.new(target_url + '?attachment_id=5', found_by: 'Attachment Brute Forcing') }
+      let(:medias) { [m1, m2] }
+      let(:expected_view) { File.join(view, 'medias') }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(medias: medias)
+      end
+    end
+  end
+end
--- a/spec/shared_examples/views/enumeration/plugins.rb
+++ b/spec/shared_examples/views/enumeration/plugins.rb
@@ -0,0 +1,18 @@
+shared_examples 'App::Views::Enumeration::Plugins' do
+  let(:view)   { 'plugins' }
+  let(:plugin) { WPScan::Plugin }
+
+  describe 'plugins' do
+    context 'when no plugins found' do
+      let(:expected_view) { File.join(view, 'none_found') }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(plugins: [])
+      end
+    end
+
+    context 'when plugins found' do
+      xit
+    end
+  end
+end
--- a/spec/shared_examples/views/enumeration/themes.rb
+++ b/spec/shared_examples/views/enumeration/themes.rb
@@ -0,0 +1,18 @@
+shared_examples 'App::Views::Enumeration::Themes' do
+  let(:view)   { 'themes' }
+  let(:plugin) { WPScan::Theme }
+
+  describe 'themes' do
+    context 'when no themes found' do
+      let(:expected_view) { File.join(view, 'none_found') }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(themes: [])
+      end
+    end
+
+    context 'when themes found' do
+      xit
+    end
+  end
+end
--- a/spec/shared_examples/views/enumeration/timthumbs.rb
+++ b/spec/shared_examples/views/enumeration/timthumbs.rb
@@ -0,0 +1,43 @@
+shared_examples 'App::Views::Enumeration::Timthumbs' do
+  let(:view)     { 'timthumbs' }
+  let(:timthumb) { WPScan::Timthumb }
+  let(:version)  { WPScan::Version.new('2.8.14', found_by: 'Bad Request') }
+
+  describe 'timthumbs' do
+    context 'when no timthumbs found' do
+      let(:expected_view) { File.join(view, 'none_found') }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(timthumbs: [])
+      end
+    end
+
+    context 'when timthumbs found' do
+      let(:tt)        { timthumb.new(target_url + 'tt.php', found_by: 'Known Locations') }
+      let(:tt2)       { timthumb.new(target_url + 'tt2.php', found_by: 'Known Locations') }
+      let(:timthumbs) { [tt, tt2] }
+
+      context 'when not vulnerable' do
+        let(:expected_view) { File.join(view, 'no_vulns') }
+
+        it 'outputs the expected string' do
+          expect(timthumbs[0]).to receive(:version).at_least(1).and_return(version)
+          expect(timthumbs[1]).to receive(:version).at_least(1).and_return(version)
+
+          @tpl_vars = tpl_vars.merge(timthumbs: timthumbs)
+        end
+      end
+
+      context 'when vulnerable' do
+        let(:expected_view) { File.join(view, 'with_vulns') }
+
+        it 'outputs the expected string' do
+          expect(timthumbs[0]).to receive(:version).at_least(1).and_return(false)
+          expect(timthumbs[1]).to receive(:version).at_least(1).and_return(version)
+
+          @tpl_vars = tpl_vars.merge(timthumbs: timthumbs)
+        end
+      end
+    end
+  end
+end
--- a/spec/shared_examples/views/enumeration/users.rb
+++ b/spec/shared_examples/views/enumeration/users.rb
@@ -0,0 +1,21 @@
+shared_examples 'App::Views::Enumeration::Users' do
+  let(:view)  { 'users' }
+  let(:user)  { CMSScanner::User }
+
+  describe 'users' do
+    context 'when no users found' do
+      let(:expected_view) { File.join(view, 'none_found') }
+
+      it 'outputs the expected string' do
+        @tpl_vars = tpl_vars.merge(users: [])
+      end
+    end
+
+    context 'when users found' do
+      let(:expected_view) { File.join(view, 'users') }
+
+      xit 'outputs the expected string' do
+      end
+    end
+  end
+end