garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merges with Master (and solves conflicts)

Browse Source
This commit is contained in:
erwanlr
2019-03-24 13:01:29 +00:00
parent 047a188b34 fa0582ce0b
commit f9435906e7
27 changed files with 245 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -21,3 +21,6 @@ doc/
# Old files from v2 # Old files from v2
cache/ cache/
data/ data/
# Profiling reports
bin/memprof*.report

17
app/finders/config_backups/known_filenames.rb
View File

@@ -5,7 +5,7 @@ module WPScan
module ConfigBackups module ConfigBackups
# Config Backup finder # Config Backup finder
class KnownFilenames < CMSScanner::Finders::Finder class KnownFilenames < CMSScanner::Finders::Finder
include CMSScanner::Finders::Finder::Enumerator include Finders::Finder::Enumerator
# @param [ Hash ] opts # @param [ Hash ] opts
# @option opts [ String ] :list # @option opts [ String ] :list
@@ -16,17 +16,20 @@ module WPScan
found = [] found = []
enumerate(potential_urls(opts), opts) do |res| enumerate(potential_urls(opts), opts) do |res|
# Might need to improve that found << Model::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
next unless res.body =~ /define/i && res.body !~ /<\s?html/i
found << Model::ConfigBackup.new(res.request.url,
found_by: DIRECT_ACCESS,
confidence: 100)
end end
found found
end end
def valid_response?(res, _exclude_content = nil)
return unless res.code == 200
full_res = Browser.get(res.effective_url)
full_res.body =~ /define/i && full_res.body !~ /<\s?html/i
end
# @param [ Hash ] opts # @param [ Hash ] opts
# @option opts [ String ] :list Mandatory # @option opts [ String ] :list Mandatory
# #

19
app/finders/db_exports/known_locations.rb
View File

@@ -6,7 +6,9 @@ module WPScan
# DB Exports finder # DB Exports finder
# See https://github.com/wpscanteam/wpscan-v3/issues/62 # See https://github.com/wpscanteam/wpscan-v3/issues/62
class KnownLocations < CMSScanner::Finders::Finder class KnownLocations < CMSScanner::Finders::Finder
include CMSScanner::Finders::Finder::Enumerator include Finders::Finder::Enumerator
SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
# @param [ Hash ] opts # @param [ Hash ] opts
# @option opts [ String ] :list # @option opts [ String ] :list
@@ -17,16 +19,21 @@ module WPScan
found = [] found = []
enumerate(potential_urls(opts), opts) do |res| enumerate(potential_urls(opts), opts) do |res|
next unless res.code == 200 && res.body =~ /INSERT INTO/ found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
found << Model::DbExport.new(res.request.url,
found_by: DIRECT_ACCESS,
confidence: 100)
end end
found found
end end
def valid_response?(res, _exclude_content = nil)
return false unless res.code == 200
return true if res.effective_url.end_with?('.zip') &&
res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
Browser.get(res.effective_url, headers: { 'Range' => 'bytes=0-3000' }).body =~ SQL_PATTERN ? true : false
end
# @param [ Hash ] opts # @param [ Hash ] opts
# @option opts [ String ] :list Mandatory # @option opts [ String ] :list Mandatory
# #

2
app/finders/interesting_findings/tmm_db_migrate.rb
View File

@@ -9,7 +9,7 @@ module WPScan
def aggressive(_opts = {}) def aggressive(_opts = {})
path = 'wp-content/uploads/tmm_db_migrate/tmm_db_migrate.zip' path = 'wp-content/uploads/tmm_db_migrate/tmm_db_migrate.zip'
url = target.url(path) url = target.url(path)
res = Browser.get(url) res = browser.forge_request(url, target.head_or_get_request_params).run
return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i

13
app/finders/interesting_findings/upload_sql_dump.rb
View File

@@ -5,24 +5,25 @@ module WPScan
module InterestingFindings module InterestingFindings
# UploadSQLDump finder # UploadSQLDump finder
class UploadSQLDump < CMSScanner::Finders::Finder class UploadSQLDump < CMSScanner::Finders::Finder
SQL_PATTERN = /(?:(?:(?:DROP|CREATE) TABLE)|INSERT INTO)/.freeze SQL_PATTERN = /(?:DROP|CREATE|(?:UN)?LOCK) TABLE|INSERT INTO/.freeze
# @return [ InterestingFinding ] # @return [ InterestingFinding ]
def aggressive(_opts = {}) def aggressive(_opts = {})
url = dump_url head_res = browser.forge_request(dump_url, target.head_or_get_request_params).run
res = Browser.get(url)
return unless res.code == 200 && res.body =~ SQL_PATTERN return unless head_res.code == 200
return unless Browser.get(dump_url, headers: { 'Range' => 'bytes=0-3000' }).body =~ SQL_PATTERN
Model::UploadSQLDump.new( Model::UploadSQLDump.new(
url, dump_url,
confidence: 100, confidence: 100,
found_by: DIRECT_ACCESS found_by: DIRECT_ACCESS
) )
end end
def dump_url def dump_url
target.url('wp-content/uploads/dump.sql') @dump_url ||= target.url('wp-content/uploads/dump.sql')
end end
end end
end end

4
app/finders/timthumbs/known_locations.rb
View File

@@ -30,9 +30,7 @@ module WPScan
def valid_response?(res, _exclude_content = nil) def valid_response?(res, _exclude_content = nil)
return false unless res.code == 400 return false unless res.code == 400
full_res = Browser.get(res.effective_url, cache_ttl: 0) Browser.get(res.effective_url).body =~ /no image specified/i ? true : false
full_res.body =~ /no image specified/i ? true : false
end end
# @param [ Hash ] opts # @param [ Hash ] opts

10
app/finders/users/rss_generator.rb
View File

@@ -19,20 +19,20 @@ module WPScan
begin begin
res.xml.xpath('//item/dc:creator').each do |node| res.xml.xpath('//item/dc:creator').each do |node|
potential_username = node.text.to_s username = node.text.to_s
# Ignoring potential username longer than 60 characters and containing accents # Ignoring potential username longer than 60 characters and containing accents
# as they are considered invalid. See https://github.com/wpscanteam/wpscan/issues/1215 # as they are considered invalid. See https://github.com/wpscanteam/wpscan/issues/1215
next if potential_username.length > 60 || potential_username =~ /[^\x00-\x7F]/ next if username.strip.empty? || username.length > 60 || username =~ /[^\x00-\x7F]/
potential_usernames << potential_username potential_usernames << username
end end
rescue Nokogiri::XML::XPath::SyntaxError rescue Nokogiri::XML::XPath::SyntaxError
next next
end end
potential_usernames.uniq.each do |potential_username| potential_usernames.uniq.each do |username|
found << Model::User.new(potential_username, found_by: found_by, confidence: 50) found << Model::User.new(username, found_by: found_by, confidence: 50)
end end
break break

10
app/finders/users/wp_json_api.rb
View File

@@ -55,7 +55,15 @@ module WPScan
# @return [ String ] The URL of the API listing the Users # @return [ String ] The URL of the API listing the Users
def api_url def api_url
@api_url ||= target.url('wp-json/wp/v2/users/') return @api_url if @api_url
target.in_scope_urls(target.homepage_res, "//link[@rel='https://api.w.org/']/@href").each do |url, _tag|
uri = Addressable::URI.parse(url.strip)
return @api_url = uri.join('wp/v2/users/').to_s if uri.path.include?('wp-json')
end
@api_url = target.url('wp-json/wp/v2/users/')
end end
end end
end end

9
app/models/wp_version.rb
View File

@@ -26,13 +26,12 @@ module WPScan
@all_numbers = [] @all_numbers = []
DB::Fingerprints.wp_fingerprints.each_value do |fp| DB::Fingerprints.wp_fingerprints.each_value do |fp|
fp.each_value do |versions| @all_numbers << fp.values
versions.each do |version|
@all_numbers << version unless @all_numbers.include?(version)
end
end
end end
# @all_numbers.flatten.uniq.sort! {} doesn't produce the same result here.
@all_numbers.flatten!
@all_numbers.uniq!
@all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) } @all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
end end

21
bin/wpscan-memprof Executable file
View File

@@ -0,0 +1,21 @@
#!/usr/bin/env ruby
require 'memory_profiler' # https://github.com/SamSaffron/memory_profiler
require 'wpscan'
report = MemoryProfiler.report(top: 15) do
WPScan::Scan.new do |s|
s.controllers <<
WPScan::Controller::CustomDirectories.new <<
WPScan::Controller::InterestingFindings.new <<
WPScan::Controller::WpVersion.new <<
WPScan::Controller::MainTheme.new <<
WPScan::Controller::Enumeration.new <<
WPScan::Controller::PasswordAttack.new <<
WPScan::Controller::Aliases.new
s.run
end
end
report.pretty_print(scale_bytes: true, to_file: 'memprof.report')

24
bin/wpscan-stackprof Executable file
View File

@@ -0,0 +1,24 @@
#!/usr/bin/env ruby
require 'stackprof' # https://github.com/tmm1/stackprof
require 'wpscan'
# The object mode produces a segfault currently: https://github.com/jfelchner/ruby-progressbar/issues/153
# StackProf.run(mode: :object, out: '/tmp/stackprof-object.dump') do
# StackProf.run(mode: :wall, out: '/tmp/stackprof-wall.dump') do
StackProf.run(mode: :cpu, out: '/tmp/stackprof-cpu.dump', interval: 500) do
# Couldn't we just load the ./wpscan here ?
# require_relative 'wpscan' doesn't work
WPScan::Scan.new do |s|
s.controllers <<
WPScan::Controller::CustomDirectories.new <<
WPScan::Controller::InterestingFindings.new <<
WPScan::Controller::WpVersion.new <<
WPScan::Controller::MainTheme.new <<
WPScan::Controller::Enumeration.new <<
WPScan::Controller::PasswordAttack.new <<
WPScan::Controller::Aliases.new
s.run
end
end

7
lib/wpscan/db/dynamic_finders/plugin.rb
View File

@@ -62,7 +62,7 @@ module WPScan
# @param [ String ] slug # @param [ String ] slug
# @return [ Constant ] # @return [ Constant ]
def self.maybe_create_modudle(slug) def self.maybe_create_module(slug)
# What about slugs such as js_composer which will be done as JsComposer, just like js-composer # What about slugs such as js_composer which will be done as JsComposer, just like js-composer
constant_name = classify_slug(slug) constant_name = classify_slug(slug)
@@ -75,10 +75,7 @@ module WPScan
def self.create_versions_finders def self.create_versions_finders
versions_finders_configs.each do |slug, finders| versions_finders_configs.each do |slug, finders|
# Kind of an issue here, module is created even if there is no valid classes mod = maybe_create_module(slug)
# Could put the #maybe_ directly in the #send() BUT it would be checked everytime,
# which is kind of a waste
mod = maybe_create_modudle(slug)
finders.each do |finder_class, config| finders.each do |finder_class, config|
klass = config['class'] || finder_class klass = config['class'] || finder_class

29
lib/wpscan/finders.rb
View File

@@ -41,9 +41,6 @@ module WPScan
# #
# @yield [ Typhoeus::Response, String ] # @yield [ Typhoeus::Response, String ]
def enumerate(urls, opts = {}) def enumerate(urls, opts = {})
determine_request_params(urls, opts)
# determine_valid_response_codes(opts)
create_progress_bar(opts.merge(total: urls.size)) create_progress_bar(opts.merge(total: urls.size))
urls.each do |url, slug| urls.each do |url, slug|
@@ -61,6 +58,11 @@ module WPScan
hydra.run hydra.run
end end
# @return [ Hash ]
def request_params
@request_params ||= target.head_or_get_request_params.merge(cache_ttl: 0)
end
# @param [ Typhoeus::Response ] res # @param [ Typhoeus::Response ] res
# @param [ Regexp,nil ] exclude_content # @param [ Regexp,nil ] exclude_content
# #
@@ -73,7 +75,9 @@ module WPScan
# Perform a full get to check if homepage or custom 404 # Perform a full get to check if homepage or custom 404
if res.code == 200 if res.code == 200
full_res = Browser.get(res.effective_url, cache_ttl: 0) # The cache is not disabled to avoid additional request/s when checking
# for directory listing
full_res = Browser.get(res.effective_url)
return false if target.homepage_or_404?(full_res) || return false if target.homepage_or_404?(full_res) ||
exclude_content && full_res.body.match(exclude_content) exclude_content && full_res.body.match(exclude_content)
@@ -83,23 +87,6 @@ module WPScan
end end
# rubocop:enable Metrics/PerceivedComplexity # rubocop:enable Metrics/PerceivedComplexity
# @return [ Hash ]
def request_params
@request_params ||= { cache_ttl: 0 }
end
# @param [ Hash ] urls
# @param [ Hash ] opts
def determine_request_params(urls, _opts)
head_res = Browser.head(urls.first[0], cache_ttl: 0)
@request_params = if head_res.code == 405
{ method: :get, maxfilesize: 1, cache_ttl: 0 }
else
{ method: :head, cache_ttl: 0 }
end
end
# @return [ Array<Integer> ] # @return [ Array<Integer> ]
def valid_response_codes def valid_response_codes
@valid_response_codes ||= [200, 401, 403, 301] @valid_response_codes ||= [200, 401, 403, 301]

9
lib/wpscan/target.rb
View File

@@ -7,6 +7,15 @@ module WPScan
class Target < CMSScanner::Target class Target < CMSScanner::Target
include Platform::WordPress include Platform::WordPress
# @return [ Hash ]
def head_or_get_request_params
@head_or_get_request_params ||= if Browser.head(url).code == 405
{ method: :get, maxfilesize: 1 }
else
{ method: :head }
end
end
# @return [ Boolean ] # @return [ Boolean ]
def vulnerable? def vulnerable?
[@wp_version, @main_theme, @plugins, @themes, @timthumbs].each do |e| [@wp_version, @main_theme, @plugins, @themes, @timthumbs].each do |e|

2
lib/wpscan/target/platform/wordpress/custom_directories.rb
View File

@@ -17,7 +17,7 @@ module WPScan
def content_dir def content_dir
unless @content_dir unless @content_dir
escaped_url = Regexp.escape(url).gsub(/https?/i, 'https?') escaped_url = Regexp.escape(url).gsub(/https?/i, 'https?')
pattern = %r{#{escaped_url}([^\/]+)\/(?:themes|plugins|uploads|cache)\/}i pattern = %r{#{escaped_url}([\w\s\-\/]+)\/(?:themes|plugins|uploads|cache)\/}i
in_scope_urls(homepage_res) do |url| in_scope_urls(homepage_res) do |url|
return @content_dir = Regexp.last_match[1] if url.match(pattern) return @content_dir = Regexp.last_match[1] if url.match(pattern)

11
spec/app/finders/config_backups/known_filenames_spec.rb
View File

@@ -10,10 +10,10 @@ describe WPScan::Finders::ConfigBackups::KnownFilenames do
describe '#aggressive' do describe '#aggressive' do
before do before do
expect(target).to receive(:sub_dir).at_least(1).and_return(false) expect(target).to receive(:sub_dir).at_least(1).and_return(false)
expect(target).to receive(:homepage_or_404?).at_least(1).and_return(false) expect(target).to receive(:head_or_get_request_params).and_return(method: :head)
finder.potential_urls(opts).each_key do |url| finder.potential_urls(opts).each_key do |url|
stub_request(:get, url).to_return(status: 404) stub_request(:head, url).to_return(status: 404)
end end
end end
@@ -24,11 +24,12 @@ describe WPScan::Finders::ConfigBackups::KnownFilenames do
end end
context 'when some files exist' do context 'when some files exist' do
let(:files) { ['%23wp-config.php%23', 'wp-config.bak'] } let(:found_files) { ['%23wp-config.php%23', 'wp-config.bak'] }
let(:config_backup) { File.read(fixtures.join('wp-config.php')) } let(:config_backup) { File.read(fixtures.join('wp-config.php')) }
before do before do
files.each do |file| found_files.each do |file|
stub_request(:head, "#{url}#{file}").to_return(status: 200)
stub_request(:get, "#{url}#{file}").to_return(body: config_backup) stub_request(:get, "#{url}#{file}").to_return(body: config_backup)
end end
end end
@@ -36,7 +37,7 @@ describe WPScan::Finders::ConfigBackups::KnownFilenames do
it 'returns the expected Array<ConfigBackup>' do it 'returns the expected Array<ConfigBackup>' do
expected = [] expected = []
files.each do |file| found_files.each do |file|
url = "#{target.url}#{file}" url = "#{target.url}#{file}"
expected << WPScan::Model::ConfigBackup.new( expected << WPScan::Model::ConfigBackup.new(
url, url,

20
spec/app/finders/db_exports/known_locations_spec.rb
View File

@@ -27,10 +27,10 @@ describe WPScan::Finders::DbExports::KnownLocations do
describe '#aggressive' do describe '#aggressive' do
before do before do
expect(target).to receive(:sub_dir).at_least(1).and_return(false) expect(target).to receive(:sub_dir).at_least(1).and_return(false)
expect(target).to receive(:homepage_or_404?).at_least(1).and_return(false) expect(target).to receive(:head_or_get_request_params).and_return(method: :head)
finder.potential_urls(opts).each_key do |url| finder.potential_urls(opts).each_key do |url|
stub_request(:get, url).to_return(status: 404) stub_request(:head, url).to_return(status: 404)
end end
end end
@@ -40,20 +40,28 @@ describe WPScan::Finders::DbExports::KnownLocations do
end end
end end
context 'when a zip returns a 200' do
xit
end
context 'when some files exist' do context 'when some files exist' do
let(:files) { %w[ex.sql backups/db_backup.sql] } let(:found_files) { %w[ex.sql backups/db_backup.sql] }
let(:db_export) { File.read(fixtures.join('dump.sql')) } let(:db_export) { File.read(fixtures.join('dump.sql')) }
before do before do
files.each do |file| found_files.each do |file|
stub_request(:get, "#{url}#{file}").to_return(body: db_export) stub_request(:head, "#{url}#{file}").to_return(status: 200)
stub_request(:get, "#{url}#{file}")
.with(headers: { 'Range' => 'bytes=0-3000' })
.to_return(body: db_export)
end end
end end
it 'returns the expected Array<DbExport>' do it 'returns the expected Array<DbExport>' do
expected = [] expected = []
files.each do |file| found_files.each do |file|
url = "#{target.url}#{file}" url = "#{target.url}#{file}"
expected << WPScan::Model::DbExport.new( expected << WPScan::Model::DbExport.new(
url, url,

12
spec/app/finders/interesting_findings/upload_sql_dump_spec.rb
View File

@@ -8,13 +8,16 @@ describe WPScan::Finders::InterestingFindings::UploadSQLDump do
let(:wp_content) { 'wp-content' } let(:wp_content) { 'wp-content' }
describe '#aggressive' do describe '#aggressive' do
before { expect(target).to receive(:content_dir).at_least(1).and_return(wp_content) } before do
expect(target).to receive(:content_dir).at_least(1).and_return(wp_content)
expect(target).to receive(:head_or_get_request_params).and_return(method: :head)
end
after { expect(finder.aggressive).to eql @expected } after { expect(finder.aggressive).to eql @expected }
context 'when not a 200' do context 'when not a 200' do
it 'returns nil' do it 'returns nil' do
stub_request(:get, finder.dump_url).to_return(status: 404) stub_request(:head, finder.dump_url).to_return(status: 404)
@expected = nil @expected = nil
end end
@@ -22,8 +25,11 @@ describe WPScan::Finders::InterestingFindings::UploadSQLDump do
context 'when a 200' do context 'when a 200' do
before do before do
stub_request(:head, finder.dump_url).to_return(status: 200)
stub_request(:get, finder.dump_url) stub_request(:get, finder.dump_url)
.to_return(status: 200, body: File.read(fixtures.join(fixture))) .with(headers: { 'Range' => 'bytes=0-3000' })
.to_return(body: File.read(fixtures.join(fixture)))
end end
context 'when the body does not match a SQL dump' do context 'when the body does not match a SQL dump' do

55
spec/app/finders/users/wp_json_api_spec.rb
View File

@@ -7,7 +7,10 @@ describe WPScan::Finders::Users::WpJsonApi do
let(:fixtures) { FINDERS_FIXTURES.join('users', 'wp_json_api') } let(:fixtures) { FINDERS_FIXTURES.join('users', 'wp_json_api') }
describe '#aggressive' do describe '#aggressive' do
before { allow(target).to receive(:sub_dir).and_return(false) } before do
allow(target).to receive(:sub_dir).and_return(false)
allow(finder).to receive(:api_url).and_return(target.url('wp-json/wp/v2/users/'))
end
context 'when only one page of results' do context 'when only one page of results' do
before do before do
@@ -80,4 +83,54 @@ describe WPScan::Finders::Users::WpJsonApi do
end end
end end
end end
describe '#api_url' do
let(:fixtures) { super().join('api_url') }
context 'when url in the homepage' do
{
in_scope: 'https://wp.lab/wp-json/wp/v2/users/',
out_of_scope: 'http://wp.lab/wp-json/wp/v2/users/'
}.each do |fixture, expected|
it "returns #{expected} for #{fixture}.html" do
stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{fixture}.html")))
expect(finder.api_url).to eql expected
end
end
context 'when subdir' do
before { allow(target).to receive(:subdir).and_return('cms') }
{
in_scope_subdir: 'https://wp.lab/cms/wp-json/wp/v2/users/',
in_scope_subdir_ignored: 'https://wp.lab/wp-json/wp/v2/users/'
}.each do |fixture, expected|
it "returns #{expected} for #{fixture}.html" do
stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{fixture}.html")))
expect(finder.api_url).to eql expected
end
end
end
end
context 'when not in the homepage' do
before { stub_request(:get, target.url) }
its(:api_url) { should eql target.url('wp-json/wp/v2/users/') }
end
context 'when api_url already found' do
before { allow(target).to receive(:sub_dir).and_return(false) }
it 'does not check the homepage again' do
url = target.url('wp-json/wp/v2/users/')
finder.instance_variable_set(:@api_url, url)
expect(finder.api_url).to eql url
end
end
end
end end

18
spec/fixtures/finders/users/rss_generator/feed.xml vendored
View File

@@ -59,5 +59,23 @@
<dc:creator><dc:creator><![CDATA[Michael Schrage. <p>Michael Schrage is a researcher at the MIT Sloan School of Management Initiative on the Digital Economy, where he does research and advisory work on how digital media transforms agency, human capital, and innovation.</p> <dc:creator><dc:creator><![CDATA[Michael Schrage. <p>Michael Schrage is a researcher at the MIT Sloan School of Management Initiative on the Digital Economy, where he does research and advisory work on how digital media transforms agency, human capital, and innovation.</p>
]]></dc:creator></dc:creator> ]]></dc:creator></dc:creator>
</item> </item>
<item>
<title>Hello world!</title>
<link>http://ex.lo/2018/09/23/hello-world/</link>
<comments>http://ex.lo/2018/09/23/hello-world/#comments</comments>
<pubDate>Sun, 23 Sep 2018 11:31:56 +0000</pubDate>
<!-- Should be ignored as empty username -->
<dc:creator><![CDATA[]]></dc:creator>
</item>
<item>
<title>Hello world!</title>
<link>http://ex.lo/2018/09/23/hello-world/</link>
<comments>http://ex.lo/2018/09/23/hello-world/#comments</comments>
<pubDate>Sun, 23 Sep 2018 11:31:56 +0000</pubDate>
<!-- Should be ignored as empty username -->
<dc:creator><![CDATA[ ]]></dc:creator>
</item>
</channel> </channel>
</rss> </rss>

1
spec/fixtures/finders/users/wp_json_api/api_url/in_scope.html vendored Normal file
View File

@@ -0,0 +1 @@
<link rel='https://api.w.org/' href='https://wp.lab/wp-json/' />

6
spec/fixtures/finders/users/wp_json_api/api_url/in_scope_subdir.html vendored Normal file
View File

@@ -0,0 +1,6 @@
<link rel='https://api.w.org/' href='https://wp.lab/cms/wp-json/' />
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://wp.lab/cms/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://wp.lab/cms/wp-includes/wlwmanifest.xml" />
<link rel='shortlink' href='https://wp.lab/' />
<link rel="alternate" type="application/json+oembed" href="https://wp.lab/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwp.lab%2F" />
<link rel="alternate" type="text/xml+oembed" href="https://wp.lab/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwp.lab%2F&#038;format=xml" />

6
spec/fixtures/finders/users/wp_json_api/api_url/in_scope_subdir_ignored.html vendored Normal file
View File

@@ -0,0 +1,6 @@
<link rel='https://api.w.org/' href='https://wp.lab/wp-json/' />
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://wp.lab/cms/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://wp.lab/cms/wp-includes/wlwmanifest.xml" />
<link rel='shortlink' href='https://wp.lab/' />
<link rel="alternate" type="application/json+oembed" href="https://wp.lab/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwp.lab%2F" />
<link rel="alternate" type="text/xml+oembed" href="https://wp.lab/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwp.lab%2F&#038;format=xml" />

1
spec/fixtures/finders/users/wp_json_api/api_url/out_of_scope.html vendored Normal file
View File

@@ -0,0 +1 @@
<link rel='https://api.w.org/' href='https://out-there.com/wp-json/' />

6
spec/fixtures/target/platform/wordpress/custom_directories/relative_two_sub_dir.html vendored Normal file
View File

@@ -0,0 +1,6 @@
<link rel='https://api.w.org/' href='https://ex.lo/wp-json/' />
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://ex.lo/cms/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://ex.lo/cms/wp-includes/wlwmanifest.xml" />
<link rel="shortcut icon" href="//ex.lo/cms/wp-content/uploads/2011/10/favicon.ico">
<link rel="apple-touch-icon-precomposed" href="//ex.lo/cms/wp-content/uploads/2011/10/favicon.ico">

4
spec/shared_examples/target/platform/wordpress/custom_directories.rb
View File

@@ -7,7 +7,7 @@ shared_examples 'WordPress::CustomDirectories' do
{ {
default: 'wp-content', https: 'wp-content', custom_w_spaces: 'custom content spaces', default: 'wp-content', https: 'wp-content', custom_w_spaces: 'custom content spaces',
relative_one: 'wp-content', relative_two: 'wp-content', cache: 'wp-content', relative_one: 'wp-content', relative_two: 'wp-content', cache: 'wp-content',
in_raw_js: 'wp-content', with_sub_dir: 'app' in_raw_js: 'wp-content', with_sub_dir: 'app', relative_two_sub_dir: 'cms/wp-content'
}.each do |file, expected| }.each do |file, expected|
it "returns #{expected} for #{file}.html" do it "returns #{expected} for #{file}.html" do
stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{file}.html"))) stub_request(:get, target.url).to_return(body: File.read(fixtures.join("#{file}.html")))
@@ -49,7 +49,7 @@ shared_examples 'WordPress::CustomDirectories' do
end end
describe '#sub_dir' do describe '#sub_dir' do
{ default: false, with_sub_dir: 'wp' }.each do |file, expected| { default: false, with_sub_dir: 'wp', relative_two_sub_dir: 'cms' }.each do |file, expected|
it "returns #{expected} for #{file}.html" do it "returns #{expected} for #{file}.html" do
fixture = File.join(fixtures, "#{file}.html") fixture = File.join(fixtures, "#{file}.html")

2
wpscan.gemspec
View File

@@ -25,10 +25,12 @@ Gem::Specification.new do |s|
s.add_development_dependency 'bundler', '>= 1.6' s.add_development_dependency 'bundler', '>= 1.6'
s.add_development_dependency 'coveralls', '~> 0.8.0' s.add_development_dependency 'coveralls', '~> 0.8.0'
s.add_development_dependency 'memory_profiler', '~> 0.9.13'
s.add_development_dependency 'rake', '~> 12.3' s.add_development_dependency 'rake', '~> 12.3'
s.add_development_dependency 'rspec', '~> 3.8.0' s.add_development_dependency 'rspec', '~> 3.8.0'
s.add_development_dependency 'rspec-its', '~> 1.2.0' s.add_development_dependency 'rspec-its', '~> 1.2.0'
s.add_development_dependency 'rubocop', '~> 0.66.0' s.add_development_dependency 'rubocop', '~> 0.66.0'
s.add_development_dependency 'simplecov', '~> 0.16.1' s.add_development_dependency 'simplecov', '~> 0.16.1'
s.add_development_dependency 'stackprof', '~> 0.2.12'
s.add_development_dependency 'webmock', '~> 3.5.1' s.add_development_dependency 'webmock', '~> 3.5.1'
end end