garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Detect and output parent theme

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-12-07 22:04:51 +01:00
parent 2fd11cba15
commit fffcd61cc4
5 changed files with 92 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/common/models/wp_theme.rb
View File

@@ -5,23 +5,25 @@ require 'wp_theme/versionable'
require 'wp_theme/vulnerable' require 'wp_theme/vulnerable'
require 'wp_theme/info' require 'wp_theme/info'
require 'wp_theme/output' require 'wp_theme/output'
require 'wp_theme/childtheme'
class WpTheme < WpItem class WpTheme < WpItem
extend WpTheme::Findable extend WpTheme::Findable
include WpTheme::Versionable include WpTheme::Versionable
include WpTheme::Vulnerable include WpTheme::Vulnerable
include WpTheme::Info include WpTheme::Info
include WpTheme::Output include WpTheme::Output
include WpTheme::Childtheme
attr_writer :style_url attr_writer :style_url
def allowed_options; super << :style_url end def allowed_options; super << :style_url end
def initialize(*args) def initialize(*args)
super(*args) super(*args)
parse_style parse_style
end end
# Sets the @uri # Sets the @uri
# #
@@ -38,6 +40,6 @@ class WpTheme < WpItem
@style_url = uri.merge('style.css').to_s @style_url = uri.merge('style.css').to_s
end end
@style_url @style_url
end end
end end

33
lib/common/models/wp_theme/childtheme.rb Normal file
View File

@@ -0,0 +1,33 @@
# encoding: UTF-8
class WpTheme < WpItem
module Childtheme
def is_child_theme?
return true unless @theme_template.nil?
false
end
def get_parent_theme_style_url
if is_child_theme?
return style_url.sub("/#{name}/style.css", "/#@theme_template/style.css")
end
nil
end
def get_parent_theme
if is_child_theme?
base_url = @uri.clone
base_url.path = base_url.path.sub(/(?<url>.*\/)#{Regexp.escape(@wp_content_dir)}\/.+/, '\k<url>')
return WpTheme.new(base_url,
{
name: @theme_template,
style_url: get_parent_theme_style_url,
wp_content_dir: @wp_content_dir
})
end
nil
end
end
end

50
lib/common/models/wp_theme/info.rb
View File

@@ -1,34 +1,34 @@
# encoding: UTF-8 # encoding: UTF-8
class WpTheme < WpItem class WpTheme < WpItem
module Info module Info
attr_reader :theme_name, :theme_uri, :theme_description, attr_reader :theme_name, :theme_uri, :theme_description,
:theme_author, :theme_author_uri, :theme_template, :theme_author, :theme_author_uri, :theme_template,
:theme_license, :theme_license_uri, :theme_tags, :theme_license, :theme_license_uri, :theme_tags,
:theme_text_domain :theme_text_domain
def parse_style def parse_style
style = Browser.get(style_url).body style = Browser.get(style_url).body
@theme_name = parse_style_tag(style, 'Theme Name') @theme_name = parse_style_tag(style, 'Theme Name')
@theme_uri = parse_style_tag(style, 'Theme URI') @theme_uri = parse_style_tag(style, 'Theme URI')
@theme_description = parse_style_tag(style, 'Description') @theme_description = parse_style_tag(style, 'Description')
@theme_author = parse_style_tag(style, 'Author') @theme_author = parse_style_tag(style, 'Author')
@theme_author_uri = parse_style_tag(style, 'Author URI') @theme_author_uri = parse_style_tag(style, 'Author URI')
@theme_template = parse_style_tag(style, 'Template') @theme_template = parse_style_tag(style, 'Template')
@theme_license = parse_style_tag(style, 'License') @theme_license = parse_style_tag(style, 'License')
@theme_license_uri = parse_style_tag(style, 'License URI') @theme_license_uri = parse_style_tag(style, 'License URI')
@theme_tags = parse_style_tag(style, 'Tags') @theme_tags = parse_style_tag(style, 'Tags')
@theme_text_domain = parse_style_tag(style, 'Text Domain') @theme_text_domain = parse_style_tag(style, 'Text Domain')
end end
private private
def parse_style_tag(style, tag) def parse_style_tag(style, tag)
value = style[/^\s*#{Regexp.escape(tag)}:\s*(.*)/i, 1] value = style[/^\s*#{Regexp.escape(tag)}:\s*(.*)/i, 1]
return value.strip if value return value.strip if value
nil nil
end end
end end
end end

30
lib/common/models/wp_theme/output.rb
View File

@@ -1,21 +1,21 @@
# encoding: UTF-8 # encoding: UTF-8
class WpTheme class WpTheme
module Output module Output
# @return [ Void ] # @return [ Void ]
def additional_output def additional_output
puts " | Style URL: #{style_url}" puts " | Style URL: #{style_url}"
puts " | Theme Name: #@theme_name" if @theme_name puts " | Theme Name: #@theme_name" if @theme_name
puts " | Theme URI: #@theme_uri" if @theme_uri puts " | Theme URI: #@theme_uri" if @theme_uri
puts " | Description: #@theme_description" if @theme_description puts " | Description: #@theme_description" if @theme_description
puts " | Author: #@theme_author" if @theme_author puts " | Author: #@theme_author" if @theme_author
puts " | Author URI: #@theme_author_uri" if @theme_author_uri puts " | Author URI: #@theme_author_uri" if @theme_author_uri
puts " | Template: #@theme_template" if @theme_template puts " | Template: #@theme_template" if @theme_template
puts " | License: #@theme_license" if @theme_license_uri puts " | License: #@theme_license" if @theme_license_uri
puts " | Tags: #@theme_tags" if @theme_tags puts " | Tags: #@theme_tags" if @theme_tags
puts " | Text Domain: #@theme_text_domain" if @theme_text_domain puts " | Text Domain: #@theme_text_domain" if @theme_text_domain
end end
end end
end end

10
wpscan.rb
View File

@@ -194,6 +194,16 @@ def main
# Theme version is handled in #to_s # Theme version is handled in #to_s
puts green('[+]') + " WordPress theme in use: #{wp_theme}" puts green('[+]') + " WordPress theme in use: #{wp_theme}"
wp_theme.output wp_theme.output
# Check for parent Themes
while wp_theme.is_child_theme?
parent = wp_theme.get_parent_theme
puts
puts green('[+]') + " Detected parent theme: #{parent}"
parent.output
wp_theme = parent
end
end end
if wpscan_options.enumerate_plugins == nil and wpscan_options.enumerate_only_vulnerable_plugins == nil if wpscan_options.enumerate_plugins == nil and wpscan_options.enumerate_only_vulnerable_plugins == nil