garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WPSTools plugins mode activated

Browse Source
This commit is contained in:
erwanlr
2013-01-17 13:08:01 +01:00
parent 1d7923c7b7
commit d9fd20c6fe
17 changed files with 749 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
lib/wpstools/plugins/checker/checker_plugin.rb Normal file
View File

@@ -0,0 +1,148 @@
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
class CheckerPlugin < Plugin
def initialize
super(
:author => "@wpscanteam - @erwanlr"
)
register_options(
["--check-vuln-ref-urls", "--cvru", "Check all the vulnerabilities reference urls for 404"],
["--check-local-vulnerable-files LOCAL_DIRECTORY", "--clvf", "Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells"]
)
end
def run(options = {})
if options[:check_vuln_ref_urls]
check_vuln_ref_urls
end
if options[:check_local_vulnerable_files]
check_local_vulnerable_files(options[:check_local_vulnerable_files])
end
end
def check_vuln_ref_urls
vuln_ref_files = ["plugin_vulns.xml", "theme_vulns.xml", "wp_vulns.xml"]
error_codes = [404, 500, 403]
not_found_regexp = %r{No Results Found|error 404|ID Invalid or Not Found}i
puts "[+] Checking vulnerabilities reference urls"
vuln_ref_files.each do |vuln_ref_file|
xml = Nokogiri::XML(File.open(DATA_DIR + '/' + vuln_ref_file)) do |config|
config.noblanks
end
urls = []
xml.xpath("//reference").each { |node| urls << node.text }
urls.uniq!
dead_urls = []
queue_count = 0
request_count = 0
browser = Browser.instance
hydra = browser.hydra
number_of_urls = urls.size
urls.each do |url|
request = browser.forge_request(url, { :cache_timeout => 0, :follow_location => true })
request_count += 1
request.on_complete do |response|
print "\r [+] Checking #{vuln_ref_file} #{number_of_urls} total ... #{(request_count * 100) / number_of_urls}% complete."
if error_codes.include?(response.code) or not_found_regexp.match(response.body)
dead_urls << url
end
end
hydra.queue(request)
queue_count += 1
if queue_count == browser.max_threads
hydra.run
queue_count = 0
end
end
hydra.run
puts
unless dead_urls.empty?
dead_urls.each { |url| puts " Not Found #{url}" }
end
end
end
def check_local_vulnerable_files(dir_to_scan)
if Dir::exist?(dir_to_scan)
xml_file = DATA_DIR + "/local_vulnerable_files.xml"
local_hashes = {}
file_extension_to_scan = "*.{js,php,swf,html,htm}"
print "[+] Generating local hashes ... "
Dir[File::join(dir_to_scan, "**", file_extension_to_scan)].each do |filename|
sha1sum = Digest::SHA1.file(filename).hexdigest
if local_hashes.has_key?(sha1sum)
local_hashes[sha1sum] << filename
else
local_hashes[sha1sum] = [filename]
end
end
puts "done."
puts "[+] Checking for vulnerable files ..."
xml = Nokogiri::XML(File.open(xml_file)) do |config|
config.noblanks
end
xml.xpath("//hash").each do |node|
sha1sum = node.attribute("sha1").text
if local_hashes.has_key?(sha1sum)
local_filenames = local_hashes[sha1sum]
vuln_title = node.search("title").text
vuln_filename = node.search("file").text
vuln_refrence = node.search("reference").text
puts " #{vuln_filename} found :"
puts " | Location(s):"
local_filenames.each do |file|
puts " | - #{file}"
end
puts " |"
puts " | Title: #{vuln_title}"
puts " | Refrence: #{vuln_refrence}" if !vuln_refrence.empty?
puts
end
end
puts "done."
else
puts "The supplied directory '#{dir_to_scan}' does not exist"
end
end
end

6
lib/wpstools/generate_list.rb → lib/wpstools/plugins/list_generator/generate_list.rb
View File

@@ -19,7 +19,7 @@
#++
# This tool generates a list to use for plugin and theme enumeration
class Generate_List
class GenerateList
attr_accessor :verbose
@@ -70,14 +70,14 @@ class Generate_List
def generate_full_list
set_file_name(:full)
items = Svn_Parser.new(@svn_url, @verbose).parse
items = SvnParser.new(@svn_url, @verbose).parse
save items
end
def generate_popular_list(pages)
set_file_name(:popular)
popular = get_popular_items(pages)
items = Svn_Parser.new(@svn_url, @verbose).parse(popular)
items = SvnParser.new(@svn_url, @verbose).parse(popular)
save items
end

69
lib/wpstools/plugins/list_generator/list_generator_plugin.rb Normal file
View File

@@ -0,0 +1,69 @@
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#++
class ListGeneratorPlugin < Plugin
def initialize
super(
:author => "WPScanTeam - @FireFart"
)
register_options(
["--generate-plugin-list [NUMBER_OF_PAGES]", "--gpl", Integer, "Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)"],
["--generate-full-plugin-list", "--gfpl", "Generate a new full data/plugins.txt file"],
["--generate-theme-list [NUMBER_OF_PAGES]", "--gtl", Integer, "Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)"],
["--generate-full-theme-list", "--gftl", "Generate a new full data/themes.txt file"],
["--generate-all", "--ga", "Generate a new full plugins, full themes, popular plugins and popular themes list"],
)
end
def run(options = {})
verbose = options[:verbose] || false
generate_all = options[:generate_all] || false
if options.has_key?(:generate_plugin_list) || generate_all
number_of_pages = options[:generate_plugin_list] || 150
puts "[+] Generating new most popular plugin list"
puts
GenerateList.new('plugins', verbose).generate_popular_list(number_of_pages)
end
if options[:generate_full_plugin_list] || generate_all
puts "[+] Generating new full plugin list"
puts
GenerateList.new('plugins', verbose).generate_full_list
end
if options.has_key?(:generate_theme_list) || generate_all
number_of_pages = options[:generate_theme_list] || 150
puts "[+] Generating new most popular theme list"
puts
GenerateList.new('themes', verbose).generate_popular_list(number_of_pages)
end
if options[:generate_full_theme_list] || generate_all
puts "[+] Generating new full theme list"
puts
GenerateList.new('themes', verbose).generate_full_list
end
end
end

2
lib/wpstools/parse_svn.rb → lib/wpstools/plugins/list_generator/svn_parser.rb
View File

@@ -19,7 +19,7 @@
#++
# This Class Parses SVN Repositories via HTTP
class Svn_Parser
class SvnParser
attr_accessor :verbose, :svn_root, :keep_empty_dirs

32
lib/wpstools/wpstools_helper.rb
View File

@@ -19,6 +19,7 @@
require File.expand_path(File.dirname(__FILE__) + '/../common_helper')
require_files_from_directory(WPSTOOLS_LIB_DIR)
require_files_from_directory(WPSTOOLS_PLUGINS_DIR, "**/*.rb")
def usage()
script_name = $0
@@ -28,19 +29,19 @@ def usage()
puts "Examples:"
puts
puts "- Generate a new 'most popular' plugin list, up to 150 pages ..."
puts "ruby #{script_name} --generate_plugin_list 150"
puts "ruby #{script_name} --generate-plugin-list 150"
puts
puts "- Generate a new full plugin list"
puts "ruby #{script_name} --generate_full_plugin_list"
puts "ruby #{script_name} --generate-full-plugin-list"
puts
puts "- Generate a new 'most popular' theme list, up to 150 pages ..."
puts "ruby #{script_name} --generate_theme_list 150"
puts "ruby #{script_name} --generate-theme-list 150"
puts
puts "- Generate a new full theme list"
puts "ruby #{script_name} --generate_full_theme_list"
puts "ruby #{script_name} --generate-full-theme-list"
puts
puts "- Generate all list"
puts "ruby #{script_name} --generate_all"
puts "ruby #{script_name} --generate-all"
puts
puts "Locally scan a wordpress installation for vulnerable files or shells"
puts "ruby #{script_name} --check-local-vulnerable-files /var/www/wordpress/"
@@ -48,24 +49,3 @@ def usage()
puts "See README for further information."
puts
end
def help()
puts "Help :"
puts
puts "--help | -h This help screen."
puts "--Verbose | -v Verbose output."
puts "--update | -u Update to the latest revision."
puts "--generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)"
puts "--gpl Alias for --generate_plugin_list"
puts "--generate_full_plugin_list Generate a new full data/plugins.txt file"
puts "--gfpl Alias for --generate_full_plugin_list"
puts "--generate_theme_list [number of pages] Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)"
puts "--gtl Alias for --generate_theme_list"
puts "--generate_full_theme_list Generate a new full data/themes.txt file"
puts "--gftl Alias for --generate_full_theme_list"
puts "--generate_all Generate a new full plugins, full themes, popular plugins and popular themes list"
puts "--ga Alias for --generate_all"
puts "--check-vuln-ref-urls | --cvru Check all the vulnerabilities reference urls for 404"
puts "--check-local-vulnerable-files | --clvf <local directory> Perform a recursive scan in the <local directory> to find vulnerable files or shells"
puts
end