garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,849 Commits 17 Branches 73 Tags
965be1c0f350b0cbe8ae8f3fcd105ebbe590b4cd
Commit Graph

308 Commits

Author SHA1 Message Date
Christian Mehlmauer
d7975b6192 version detection 2015-01-20 15:14:32 +01:00
Christian Mehlmauer
0a0fe55427 improve regex and more samples 2015-01-20 00:35:46 +01:00
Christian Mehlmauer
9dd44808ec detect even more 2015-01-20 00:04:49 +01:00
Christian Mehlmauer
53f3ce8b1f advanced version detection 2015-01-19 23:38:26 +01:00
erwanlr
2d39e5b1fa Ensures timeouts given to Typhoeus are Integers - Fixes #753 2015-01-18 20:14:41 +01:00
erwanlr
71fdef45c9 Adds passive WP version detection from stylesheets. Fix #478 - Ref #750 2015-01-08 20:45:15 +01:00
dctabuyz
c0fe02efb9 Merge pull request #2 from dctabuyz/useActualRubyVersion 
use actual ruby interpreter
 2015-01-07 14:03:54 +05:00
dctabuyz
a9e161268c IDN support: encode non-ascii domain names 2015-01-07 12:55:26 +05:00
dctabuyz
cbad8857bd use actual ruby interpreter 2015-01-07 12:34:27 +05:00
erwanlr
42e8ab1680 Updates the version pattern to allow letters in the format - Ref #745 2015-01-01 20:13:33 +01:00
erwanlr
ab7b7de60a Detects version in a release date format - Fixes #745 2015-01-01 19:45:10 +01:00
Christian Mehlmauer
d988b6ccbf fix all the rspecs 2014-12-15 13:12:19 +01:00
erwanlr
e3ac331a71 Removes the theme version check from the readme, unrealistic scenario - Ref #737 2014-12-10 17:01:14 +01:00
erwanlr
e09b4cc76d Adds some readme files to check for plugin versions - Fixes #737 2014-12-10 16:55:00 +01:00
erwanlr
c24ed707ef Improves plugin/theme version detection by looking at the "Version: "- Fixes #732 2014-12-05 18:11:49 +01:00
Christian Mehlmauer
a8c55ddee3 remove malware folder 2014-12-03 23:51:01 +01:00
Christian Mehlmauer
2fe675abce remove malwares 2014-12-03 23:37:31 +01:00
erwanlr
8252cb486b Fixes #728 2014-11-25 17:36:11 +01:00
ethicalhack3r
d7488bd402 Fix bug in output 2014-09-21 21:05:49 +02:00
ethicalhack3r
884a19b13d Link to new vdb in references output 2014-09-18 10:24:55 +02:00
erwanlr
9d084a7b2f Merges the db-update branch 2014-09-17 16:12:12 +02:00
erwanlr
c31a06e255 Removes the source code updaters 2014-09-17 16:01:41 +02:00
erwanlr
cbe33caeef Removes the ListGenerator plugin from WPStools 2014-09-13 13:57:45 +02:00
erwanlr
8b44354fec Fixes travis failure 2014-09-12 20:47:47 +02:00
erwanlr
82367a81c9 Deletes the json spec (files to test not longer in the repo) 2014-09-12 12:50:46 +02:00
erwanlr
a6b0548426 Potenial fix for 'marshal data too short' error - Ref #685 2014-09-11 20:04:24 +02:00
erwanlr
f89463c4d8 Adds specs for relative URI in Location headers - Ref #686 2014-09-11 19:40:47 +02:00
erwanlr
44cb13644a Typo, sort of ... 2014-09-02 20:43:37 +02:00
erwanlr
bd8e6db092 Don't try to play with the comments in passive detection, just ignore them 2014-09-02 20:42:17 +02:00
erwanlr
96ae8ade5d Fixes the remove_conditional_comments function 2014-09-02 18:34:01 +02:00
erwanlr
04b1cee71e Factorises a crappy spec - Kudos to @hlissner for this one ;) 2014-09-02 17:12:56 +02:00
erwanlr
03618f38b5 Improves the Plugins & Themes passive detection, fixes #674 2014-09-01 18:28:09 +02:00
erwanlr
5f53297f58 Also ensure to not process empty Location headers 2014-08-15 23:00:42 +02:00
erwanlr
cebd808674 Ensures a nil location is not processed when enumerating usernames 2014-08-15 22:54:17 +02:00
ethicalhack3r
ca100ef7e9 Merge branch 'json_data' 
Conflicts:
	data/plugin_vulns.xml
	data/theme_vulns.xml
 2014-08-01 13:34:34 +02:00
ethicalhack3r
721cad75a2 Add file 2014-08-01 13:27:40 +02:00
ethicalhack3r
420ad6cd37 Fix rspecs for new json 2014-07-31 14:08:49 +02:00
ethicalhack3r
8d2ec115f5 Changed vuln data references to url 2014-07-31 11:56:14 +02:00
ethicalhack3r
14be7dead5 Work on json database file parsing, still needs some work. 2014-07-30 18:34:42 +02:00
erwanlr
ab2e368c6f Fixes #625 - Only parse styles when needed 2014-07-30 15:36:00 +01:00
erwanlr
1e6b5a1e4d Improves the version comparison 2014-07-30 12:11:04 +01:00
Christian Mehlmauer
26e0066c82 Only output if different from style_url 2014-07-16 18:38:39 +02:00
Christian Mehlmauer
6ebb9b6f66 Fixed false positive theme detection 2014-07-16 18:25:35 +02:00
erwanlr
98d9e87356 Changes VersionCompare#is_newer_or_same? by lesser_or_equal? 2014-07-03 12:33:27 +02:00
Christian Mehlmauer
586239292b Try to fix Travis 2014-06-17 10:59:02 +02:00
erwanlr
c8c126d444 Rspec 3.0 support 2014-06-02 22:06:49 +02:00
erwanlr
c12b1d0670 Pre-transpec 2014-06-02 22:02:44 +02:00
erwanlr
af0319cc66 Adds a --cookie option. Ref #485 2014-05-22 17:34:09 +02:00
Christian Mehlmauer
7b0cb29466 XML check rspecs 
Example output:
  1) XML content each plugin vuln needs a type node
     Failure/Error: @result.should have(0).items, "Items:\n#{@result.join("\n")}"
       Items:
       ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure
       Gallery Plugin 3.8.3 - gallery-plugin.php filename_1 Parameter Arbitrary File Access
       EZPZ One Click Backup <= 12.03.10 - OS Command Injection
       BulletProof Security - Security Log Script Insertion Vulnerability
       Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure
       HMS Testimonials 2.0.10 - CSRF
       HMS Testimonials 2.0.10 - XSS
       platinum_seo_pack.php - s Parameter Reflected XSS
       Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability
 2014-05-09 17:58:04 +02:00
erwanlr
8038e2e01a Ref #455 - Fails with a message if the target returns a 403 during the wordpress check 2014-04-15 17:02:22 +02:00