Adds a --plugins-threshold and --themes-threshold options
This commit is contained in:
erwanlr
@@ -10,6 +10,8 @@ LineLength:
|
|||||||
Max: 120
|
Max: 120
|
||||||
MethodLength:
|
MethodLength:
|
||||||
Max: 20
|
Max: 20
|
||||||
|
Exclude:
|
||||||
|
- 'app/controllers/enumeration/cli_options.rb'
|
||||||
Lint/UriEscapeUnescape:
|
Lint/UriEscapeUnescape:
|
||||||
Enabled: false
|
Enabled: false
|
||||||
Metrics/AbcSize:
|
Metrics/AbcSize:
|
||||||
@@ -19,6 +21,8 @@ Metrics/BlockLength:
|
|||||||
- 'spec/**/*'
|
- 'spec/**/*'
|
||||||
Metrics/ClassLength:
|
Metrics/ClassLength:
|
||||||
Max: 150
|
Max: 150
|
||||||
|
Exclude:
|
||||||
|
- 'app/controllers/enumeration/cli_options.rb'
|
||||||
Metrics/CyclomaticComplexity:
|
Metrics/CyclomaticComplexity:
|
||||||
Max: 8
|
Max: 8
|
||||||
Style/Documentation:
|
Style/Documentation:
|
||||||
|
|||||||
@@ -11,7 +11,6 @@ module WPScan
|
|||||||
end
|
end
|
||||||
|
|
||||||
# @return [ Array<OptParseValidator::OptBase> ]
|
# @return [ Array<OptParseValidator::OptBase> ]
|
||||||
# rubocop:disable Metrics/MethodLength
|
|
||||||
def cli_enum_choices
|
def cli_enum_choices
|
||||||
[
|
[
|
||||||
OptMultiChoices.new(
|
OptMultiChoices.new(
|
||||||
@@ -45,7 +44,6 @@ module WPScan
|
|||||||
)
|
)
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
# rubocop:enable Metrics/MethodLength
|
|
||||||
|
|
||||||
# @return [ Array<OptParseValidator::OptBase> ]
|
# @return [ Array<OptParseValidator::OptBase> ]
|
||||||
def cli_plugins_opts
|
def cli_plugins_opts
|
||||||
@@ -67,6 +65,11 @@ module WPScan
|
|||||||
'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
|
'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
|
||||||
'or --plugins-detection modes.'],
|
'or --plugins-detection modes.'],
|
||||||
choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
|
choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
|
||||||
|
),
|
||||||
|
OptInteger.new(
|
||||||
|
['--plugins-threshold THRESHOLD',
|
||||||
|
'Raise an error when the number of detected plugins via known locations reaches the threshold. ' \
|
||||||
|
'Set to 0 to ignore the threshold.'], default: 100
|
||||||
)
|
)
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
@@ -91,6 +94,11 @@ module WPScan
|
|||||||
'Use the supplied mode to check themes versions instead of the --detection-mode ' \
|
'Use the supplied mode to check themes versions instead of the --detection-mode ' \
|
||||||
'or --themes-detection modes.'],
|
'or --themes-detection modes.'],
|
||||||
choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
|
choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
|
||||||
|
),
|
||||||
|
OptInteger.new(
|
||||||
|
['--themes-threshold THRESHOLD',
|
||||||
|
'Raise an error when the number of detected themes via known locations reaches the threshold. ' \
|
||||||
|
'Set to 0 to ignore the threshold.'], default: 50
|
||||||
)
|
)
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -62,6 +62,7 @@ module WPScan
|
|||||||
def enum_plugins
|
def enum_plugins
|
||||||
opts = default_opts('plugins').merge(
|
opts = default_opts('plugins').merge(
|
||||||
list: plugins_list_from_opts(ParsedCli.options),
|
list: plugins_list_from_opts(ParsedCli.options),
|
||||||
|
threshold: ParsedCli.plugins_threshold,
|
||||||
sort: true
|
sort: true
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -108,6 +109,7 @@ module WPScan
|
|||||||
def enum_themes
|
def enum_themes
|
||||||
opts = default_opts('themes').merge(
|
opts = default_opts('themes').merge(
|
||||||
list: themes_list_from_opts(ParsedCli.options),
|
list: themes_list_from_opts(ParsedCli.options),
|
||||||
|
threshold: ParsedCli.themes_threshold,
|
||||||
sort: true
|
sort: true
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -21,6 +21,8 @@ module WPScan
|
|||||||
|
|
||||||
enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
|
enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
|
||||||
found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
|
found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
|
||||||
|
|
||||||
|
raise Error::PluginsThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
|
||||||
end
|
end
|
||||||
|
|
||||||
found
|
found
|
||||||
|
|||||||
@@ -21,6 +21,8 @@ module WPScan
|
|||||||
|
|
||||||
enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
|
enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
|
||||||
found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
|
found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
|
||||||
|
|
||||||
|
raise Error::ThemesThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
|
||||||
end
|
end
|
||||||
|
|
||||||
found
|
found
|
||||||
|
|||||||
@@ -9,6 +9,7 @@ module WPScan
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
require_relative 'errors/enumeration'
|
||||||
require_relative 'errors/http'
|
require_relative 'errors/http'
|
||||||
require_relative 'errors/update'
|
require_relative 'errors/update'
|
||||||
require_relative 'errors/wordpress'
|
require_relative 'errors/wordpress'
|
||||||
|
|||||||
21
lib/wpscan/errors/enumeration.rb
Normal file
21
lib/wpscan/errors/enumeration.rb
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
module WPScan
|
||||||
|
module Error
|
||||||
|
class PluginsThresholdReached < Standard
|
||||||
|
def to_s
|
||||||
|
"The number of plugins detected reached the threshold of #{ParsedCli.plugins_threshold} " \
|
||||||
|
'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
|
||||||
|
'option to ignore the bad responses.'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
class ThemesThresholdReached < Standard
|
||||||
|
def to_s
|
||||||
|
"The number of themes detected reached the threshold of #{ParsedCli.themes_threshold} " \
|
||||||
|
'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
|
||||||
|
'option to ignore the bad responses.'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
@@ -70,8 +70,8 @@ describe WPScan::Controller::Enumeration do
|
|||||||
it 'contains the correct options' do
|
it 'contains the correct options' do
|
||||||
expect(controller.cli_options.map(&:to_sym)).to eql(
|
expect(controller.cli_options.map(&:to_sym)).to eql(
|
||||||
%i[enumerate exclude_content_based
|
%i[enumerate exclude_content_based
|
||||||
plugins_list plugins_detection plugins_version_all plugins_version_detection
|
plugins_list plugins_detection plugins_version_all plugins_version_detection plugins_threshold
|
||||||
themes_list themes_detection themes_version_all themes_version_detection
|
themes_list themes_detection themes_version_all themes_version_detection themes_threshold
|
||||||
timthumbs_list timthumbs_detection
|
timthumbs_list timthumbs_detection
|
||||||
config_backups_list config_backups_detection
|
config_backups_list config_backups_detection
|
||||||
db_exports_list db_exports_detection
|
db_exports_list db_exports_detection
|
||||||
|
|||||||
Reference in New Issue
Block a user