garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removes all files from data/

Browse Source
This commit is contained in:
erwanlr
2014-09-12 18:46:30 +02:00
parent 82367a81c9
commit f818778e0a
13 changed files with 6 additions and 56770 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,6 +1,5 @@
cache cache
coverage coverage
data/*_vulns.json
.bundle .bundle
.DS_Store .DS_Store
.DS_Store? .DS_Store?

48
data/local_vulnerable_files.xml
View File

@@ -1,48 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Only he following extensions are scanned : js, php, swf, html, htm
If you want to add one, modify the variable file_extension_to_scan, line 191 in wpstools.rb
-->
<hashes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="local_vulnerable_files.xsd">
<hash sha1="17c372678aafb3bc1a7b37320b5cc1d8af433527">
<title>XSS in swfupload.swf</title>
<file>swfupload.swf</file>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
</hash>
<hash sha1="775dc1089829ef07838406def28a4d8bfef69d66">
<title>Arbitrary File Upload Vulnerability</title>
<file>php.php</file>
<reference>http://packetstormsecurity.com/files/119241/wpvalums-shell.txt</reference>
</hash>
<!-- This one a is the same as above, but the postSize verification has been removed -->
<hash sha1="5e8f0d5a917d2937318a9bafd0529135bd473e70">
<title>Arbitrary File Upload Vulnerability</title>
<file>php.php</file>
<reference>http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt</reference>
</hash>
<hash sha1="3f9ad05b05b65ee2b6efa1373f708293dd2005c7">
<title>Arbitrary File Upload Vulnerability</title>
<file>uploadify.php</file>
<reference>http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt</reference>
</hash>
<hash sha1="ac638cc38f011b74a8d9a4e7d3d60358e472166c">
<title>Inline phpinfo()</title>
<file>phpinfo.php</file>
<reference>http://php.net/manual/en/function.phpinfo.php</reference>
</hash>
<hash sha1="012ee25cceff745e681fbb3697a06f3712f55554">
<title>phpinfo()</title>
<file>phpinfo.php</file>
<reference>http://php.net/manual/en/function.phpinfo.php</reference>
</hash>
</hashes>

42
data/local_vulnerable_files.xsd
View File

@@ -1,42 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
<xs:restriction base="xs:string">
<xs:whiteSpace value="preserve" />
<xs:minLength value="1" />
<xs:pattern value="[^\s].+[^\s]|[^\s]"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="uritype">
<xs:restriction base="xs:anyURI">
<xs:minLength value="1" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="sha1type">
<xs:restriction base="stringtype">
<xs:pattern value="[0-9a-f]{40}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="hashtype">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="title" type="stringtype"/>
<xs:element name="file" type="stringtype"/>
<xs:element name="reference" type="uritype"/>
</xs:sequence>
<xs:attribute type="sha1type" name="sha1" use="required"/>
</xs:complexType>
<xs:element name="hashes">
<xs:complexType>
<xs:sequence>
<xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>

3
data/malwares.txt
View File

@@ -1,3 +0,0 @@
http://.*\.rr\.nu
http://www\.thesea\.org/media\.php

2189
data/plugins.txt
View File

File diff suppressed because it is too large Load Diff

42954
data/plugins_full.txt
View File

File diff suppressed because it is too large Load Diff

299
data/themes.txt
View File

@@ -1,299 +0,0 @@
aadya
abaris
academica
adamos
adelle
adventure
advertica-lite
aldehyde
alexandria
analytical-lite
apprise
arcade-basic
asteria-lite
atahualpa
attitude
base-wp
beach
bearded
bizark
bizflare
bizkit
biznez-lite
bizstudio-lite
blackbird
blankslate
blox
boldr-lite
boot-store
bootstrap-ultimate
bouquet
bresponzive
brightnews
briks
business-lite
business-pro
busiprof
butterbelly
buzz
capture
careta
catch-box
catch-everest
catch-evolution
catch-kathmandu
celestial-lite
chaostheory
church
circumference-lite
cirrus
clean-retina
coller
colorway
contango
coraline
corpo
count-down
crangasi
custom-community
customizr
cyberchimps
dark-tt
dazzling
decode
designfolio
desk-mess-mirrored
destro
discover
dms
duena
dusk-to-dawn
duster
dw-minion
dw-timeline
dw-wallpress
eclipse
engrave-lite
enough
esell
esplanade
esquire
evolve
expert
expound
family
faq
fashionistas
fifteen
fine
firmasite
flat
flounder
focus
forever
formation
fresh-lite
frisco-for-buddypress
frontier
fruitful
gamepress
govpress
graphene
graphy
gridster-lite
hatch
hazen
health-center-lite
hemingway
hiero
highwind
hueman
i-transform
iconic-one
ifeature
ignite
imprint
independent-publisher
infinite
infoway
inkness
inkzine
interface
intuition
invert-lite
iribbon
isis
italian-restaurant
itek
jbst
jbst-masonary
journal-lite
justwrite
kavya
klasik
landscape
leatherdiary
lingonberry
looki-lite
lupercalia
madeini
magazine-basic
magazine-style
magazino
mantra
market
marketer
match
matheson
max-magazine
meadowhill
mesocolumn
mh-magazine-lite
midnightcity
minima-lite
minimatica
minimize
mn-flow
modern-business
monaco
montezuma
naturefox
neighborly
neuro
newgamer
news-flash
newspress-lite
next-saturday
nictitate
omega
one-page
onetone
openstrap
opulus-sombre
origami
origin
oxygen
p2
padhang
pagelines
papercuts
parabola
parallax
parament
phonix
pilcrow
pilot-fish
pinbin
pinboard
pink-touch-2
pisces
platform
point
portfolio-press
pr-news
preference-lite
presentation-lite
preus
primo-lite
promax
quark
radiant
radiate
raindrops
rambo
raptor
raven
ready-review
resolution
responsive
restaurante
restaurateur
restimpo
reviewgine-affiliate
rewind
ridizain
road-fighter
sampression-lite
seismic-manhattan
sensitive
sequel
shamatha
shopping
siempel
silver-quantum
simple-catch
simply-vision
singl
sixteen
skt-full-width
sliding-door
smpl-skeleton
snaps
snapshot
sneak-lite
sorbet
spacious
sparkling
spartan
spasalon
sporty
spun
squirrel
stairway
stargazer
start-point
steira
storefront-paper
story
suevafree
suffusion
sugar-and-spice
sundance
sunrain
sunspot
superhero
supernova
surfarama
swift-basic
taraza
tatva-lite
teal
tempera
temptation
terrifico
the-newswire
thematic
theron-lite
tiny-forge
tonal
tonic
travelify
twentyeleven
twentyfourteen
twentyten
twentythirteen
twentytwelve
typal-makewp005
unite
untitled
vantage
venom
viper
virtue
vision
visual
vryn-restaurant
ward
weaver-ii
wilson
wp-creativix
wp-opulus
wp-simple
wpchimp-countdown
wpstart
writr
x2
xin-magazine
yoko
zeedynamic
zeeflow

8355
data/themes_full.txt
View File

File diff suppressed because it is too large Load Diff

2565
data/timthumbs.txt
View File

File diff suppressed because it is too large Load Diff

36
data/user-agents.txt
View File

@@ -1,36 +0,0 @@
# Windows
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1
Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)
Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)
Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
# MAC
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13
Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
# Linux
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0
Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00
Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0

236
data/wp_versions.xml
View File

@@ -1,236 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file contains identification data to identify WordPress versions.
http://wordpress.org/download/release-archive/
Position is important, DO NOT change anything unless you know what you are doing :p
-->
<wp-versions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="wp_versions.xsd">
<file src="readme.html">
<hash md5="f00855fca05f89294d0fcee6bebea64a">
<version>4.0</version>
</hash>
<hash md5="dfb2d2be1648ee220bf9bd3c03694ed8">
<version>3.9.2</version>
</hash>
<hash md5="cdbf9b18e3729b3553437fc4e9b6baad">
<version>3.9.1</version>
</hash>
<hash md5="84b54c54aa48ae72e633685c17e67457">
<version>3.9</version>
</hash>
<hash md5="fb73e4ab558adc3948adf2653e28d880">
<version>3.8.4</version>
</hash>
<hash md5="c6de8fc70a18be7e5c36198cd0f99a64">
<version>3.8.3</version>
</hash>
<hash md5="e01a2663475f6a7a8363a7c75a73fe23">
<version>3.8.2</version>
</hash>
<hash md5="0d0eb101038124a108f608d419387b92">
<version>3.8.1</version>
</hash>
<hash md5="38ee273095b8f25b9ffd5ce5018fc4f0">
<version>3.8</version>
</hash>
<hash md5="dc09e38cb48fbbec5b5f990513b491e4">
<version>3.7.4</version>
</hash>
<hash md5="813e06052daa0692036e60d76d7141d3">
<version>3.7.3</version>
</hash>
<hash md5="b3a05c7a344c2f53cb6b680fd65a91e8">
<version>3.7.2</version>
</hash>
<hash md5="e82f4fe7d3c1166afb4c00856b875f16">
<version>3.6.1</version>
</hash>
<hash md5="477f1e652f31dae76a38e3559c91deb9">
<version>3.6</version>
</hash>
<hash md5="caf7946275c3e885419b1d36b22cb5f3">
<version>3.5.2</version>
</hash>
<hash md5="05d50a04ef19bd4b0a280362469bf22f">
<version>3.5.1</version>
</hash>
<hash md5="066cfc0f9b29ae6d491aa342ebfb1b71">
<version>3.5</version>
</hash>
<hash md5="36b2b72a0f22138a921a38db890d18c1">
<version>3.3.3</version>
</hash>
<hash md5="628419c327ca5ed8685ae3af6f753eb8">
<version>3.3.2</version>
</hash>
<hash md5="c1ed266e26a829b772362d5135966bc3">
<version>3.3.1</version>
</hash>
<hash md5="9ea06ab0184049bf4ea2410bf51ce402">
<version>3.0</version>
</hash>
</file>
<file src="wp-includes/css/buttons-rtl.css">
<hash md5="adf3b5ecfe050b4e66e2a0d08e944444">
<version>4.0</version>
</hash>
<hash md5="71c13ab1693b45fb3d7712e540c4dfe0">
<version>3.8</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/wp-tinymce.js.gz">
<hash md5="1d52314b1767c557b7232ae192c80318">
<version>3.9</version>
</hash>
<!-- Note: 3.7.1 has no unique file (the hash below is the same than the 3.7.2) -->
<hash md5="44d281b0d84cc494e2b095a6d2202f4d">
<version>3.7.1</version>
</hash>
<hash md5="b0bcf8091516db358ee9c833afd73175">
<version>3.7</version>
</hash>
<hash md5="cf4bbd562430a9bcbe735062be851be1">
<version>3.6.1</version>
</hash>
<hash md5="42ce18e88f1c21d4e991fcd431bcb606">
<version>3.6</version>
</hash>
<hash md5="a58dd12608659503cf087e879e720354">
<version>3.5.2</version>
</hash>
<hash md5="55c80a4794624ce9b94aa3631ad46c0b">
<version>3.5.1</version>
</hash>
<hash md5="8e529a971610d7ebe7851339c5cb3d67">
<version>3.5</version>
</hash>
<hash md5="ff19e44be975f89b647274d85b70f821">
<version>3.4.2</version>
</hash>
</file>
<file src="wp-admin/js/customize-controls.js">
<hash md5="aa0d38bd6f590ad8c3126074145b1bf1">
<version>3.4.1</version>
</hash>
</file>
<file src="wp-includes/js/customize-preview.js">
<hash md5="da36bc2dfcb13350c799b62de68dfa4b">
<version>3.4</version>
</hash>
</file>
<file src="wp-includes/js/plupload/plupload.js">
<hash md5="85199c05db63fcb5880de4af8be7b571">
<version>3.3.2</version>
</hash>
</file>
<file src="wp-admin/js/common.js">
<hash md5="4516252d47a73630280869994d510180">
<version>3.3</version>
</hash>
</file>
<file src="wp-admin/js/wp-fullscreen.js">
<hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
<version>3.2.1</version>
</hash>
<hash md5="7b423e0b7c9221092737ad5271d09863">
<version>3.2</version>
</hash>
</file>
<file src="wp-includes/css/admin-bar.css">
<hash md5="181250fab3a7e2549a7e7fa21c2e6079">
<version>3.1</version>
</hash>
</file>
<file src="$wp-content$/themes/twentyten/style.css">
<hash md5="6211e2ac1463bf99e98f28ab63e47c54">
<version>3.0</version>
</hash>
</file>
<file src="$wp-plugins$/akismet/readme.txt">
<hash md5="4d5e52da417aa0101054bd41e6243389">
<version>2.8.6</version>
</hash>
<hash md5="58e086dea9d24ed074fe84ba87386c69">
<version>2.8.5</version>
</hash>
<hash md5="48c52025b5f28731e9a0c864c189c2e7">
<version>2.8.2</version>
</hash>
</file>
<file src="wp-includes/js/wp-ajax-response.js">
<hash md5="0289d1c13821599764774d55516ab81a">
<version>2.7.1</version>
</hash>
</file>
<file src="wp-includes/js/thickbox/thickbox.css">
<hash md5="9c2bd2be0893adbe02a0f864526734c2">
<version>2.7</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js">
<hash md5="5b140ddf0f08034402ae78b31d8a1a28">
<version>2.6</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/themes/advanced/js/image.js">
<hash md5="088245408531c58bb52cc092294cc384">
<version>2.5.1</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/themes/advanced/js/link.js">
<hash md5="19c6f3118728c38eb7779aab4847d2d9">
<version>2.5</version>
</hash>
</file>
<file src="wp-includes/js/wp-ajax.js">
<hash md5="c5dbce0c3232c477033e0ce486c62755">
<version>2.2</version>
</hash>
</file>
<file src="$wp-content$/themes/default/style.css">
<hash md5="e44545f529a54de88209ce588676231c">
<version>2.0.1</version>
</hash>
<hash md5="f786f66d3a40846aa22dcdfeb44fa562">
<version>2.0</version>
</hash>
</file>
<file src="wp-layout.css">
<hash md5="7140e06c00ed03d2bb3dad7672557510">
<version>1.2.1</version>
</hash>
<hash md5="1bcc9253506c067eb130c9fc4f211a2f">
<version>1.2-delta</version>
</hash>
</file>
<file src="layout2b.css">
<hash md5="baec6b6ccbf71d8dced9f1bf67c751e1">
<version>0.71-gold</version>
</hash>
</file>
</wp-versions>

41
data/wp_versions.xsd
View File

@@ -1,41 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
<xs:restriction base="xs:string">
<xs:whiteSpace value="preserve" />
<xs:minLength value="1" />
<xs:pattern value="[^\s].+[^\s]|[^\s]"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="filetype">
<xs:sequence>
<xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
</xs:sequence>
<xs:attribute type="stringtype" name="src" use="required"/>
</xs:complexType>
<xs:simpleType name="md5type">
<xs:restriction base="stringtype">
<xs:pattern value="[0-9a-f]{32}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="hashtype">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="version" type="stringtype"/>
</xs:sequence>
<xs:attribute type="md5type" name="md5" use="required"/>
</xs:complexType>
<xs:element name="wp-versions">
<xs:complexType>
<xs:sequence>
<xs:element name="file" type="filetype" maxOccurs="unbounded" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>

7
lib/common/updater/db_updater.rb
View File

@@ -4,7 +4,12 @@ require 'common/updater/updater'
# Updater for the Database (currently only 3 .json) # Updater for the Database (currently only 3 .json)
class DbUpdater < Updater class DbUpdater < Updater
FILES = %w(plugin_vulns.json theme_vulns.json wp_vulns.json) FILES = %w(
local_vulnerable_files.xml local_vulnerable_files.xsd malwares.txt
plugins_full.txt plugins.txt themes_full.txt themes.txt
timthumbs.txt user-agents.txt wp_versions.xml wp_versions.xsd
plugin_vulns.json theme_vulns.json wp_vulns.json
)
attr_reader :repo_directory attr_reader :repo_directory