garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added the wordpress.org plugin URL. See issue #100.

Browse Source
This commit is contained in:
ethicalhack3r
2013-01-10 11:59:47 +01:00
parent 5133b6b579
commit db2e127c4e
5 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/wpscan/modules/wp_plugins.rb
View File

@@ -24,7 +24,7 @@ module WpPlugins
def plugins_from_aggressive_detection(options) def plugins_from_aggressive_detection(options)
options[:file] = options[:file] || (options[:full] ? "#{DATA_DIR}/plugins_full.txt" : "#{DATA_DIR}/plugins.txt") options[:file] = options[:file] || (options[:full] ? "#{DATA_DIR}/plugins_full.txt" : "#{DATA_DIR}/plugins.txt")
options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml" options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml"
options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability" options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability"
options[:vulns_xpath_2] = "//plugin" options[:vulns_xpath_2] = "//plugin"
options[:type] = "plugins" options[:type] = "plugins"

6
lib/wpscan/wp_item.rb
View File

@@ -40,6 +40,12 @@ class WpItem < Vulnerable
raise("type not set") unless @type raise("type not set") unless @type
end end
# The wordpress.org plugins directory URL
# See: https://github.com/wpscanteam/wpscan/issues/100
def wp_org_url
URI('http://wordpress.org/extend/plugins/').merge("#@name/")
end
def get_sub_folder def get_sub_folder
case @type case @type
when "themes" when "themes"

2
lib/wpscan/wp_plugin.rb
View File

@@ -19,7 +19,7 @@
class WpPlugin < WpItem class WpPlugin < WpItem
def initialize(options = {}) def initialize(options = {})
options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml" options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml"
options[:vulns_xpath] = "//plugin[@name='$name$']/vulnerability" options[:vulns_xpath] = "//plugin[@name='$name$']/vulnerability"
options[:vulns_xpath_2] = "//plugin" options[:vulns_xpath_2] = "//plugin"
options[:type] = "plugins" options[:type] = "plugins"

17
spec/lib/wpscan/wp_item_spec.rb
View File

@@ -436,4 +436,21 @@ describe WpPlugin do
@instance.has_changelog?.should == false @instance.has_changelog?.should == false
end end
end end
describe "#wp_org_url" do
before :each do
@instance = WpItem.new(
:base_url => "http://sub.example.com/path/to/wordpress/",
:path => "test/asdf.php",
:vulns_file => "XXX.xml",
:name => "test",
:vulns_xpath => "XX",
:type => "plugins"
)
end
it "should return the correct url" do
@expected = "http://wordpress.org/extend/plugins/test/"
end
end
end end

2
wpscan.rb
View File

@@ -193,9 +193,11 @@ begin
puts "#{plugins.size} found :" puts "#{plugins.size} found :"
plugins.each do |plugin| plugins.each do |plugin|
p plugin
puts puts
puts " | Name: #{plugin.name}" puts " | Name: #{plugin.name}"
puts " | Location: #{plugin.get_full_url}" puts " | Location: #{plugin.get_full_url}"
puts " | WordPress: #{plugin.wp_org_url}"
plugin.vulnerabilities.each do |vulnerability| plugin.vulnerabilities.each do |vulnerability|
puts " |" puts " |"