246 lines
7.7 KiB
Ruby
Executable File
246 lines
7.7 KiB
Ruby
Executable File
#!/usr/bin/env ruby
|
|
|
|
#--
|
|
# WPScan - WordPress Security Scanner
|
|
# Copyright (C) 2012
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#++
|
|
|
|
$: << '.'
|
|
require File.dirname(__FILE__) +'/lib/wpstools/wpstools_helper'
|
|
|
|
begin
|
|
|
|
banner()
|
|
|
|
if ARGV.length == 0
|
|
raise "No argument supplied\n#{usage()}"
|
|
end
|
|
|
|
# A better way to do that should be to create a wpstools_options.rb file like wpscan_options.rb
|
|
# and a wps_options.rb with common options code
|
|
options = GetoptLong.new(
|
|
["--help", "-h", GetoptLong::NO_ARGUMENT],
|
|
["--verbose", "-v", GetoptLong::NO_ARGUMENT],
|
|
["--generate_plugin_list", GetoptLong::OPTIONAL_ARGUMENT],
|
|
["--generate_full_plugin_list", GetoptLong::NO_ARGUMENT],
|
|
["--generate_theme_list", GetoptLong::OPTIONAL_ARGUMENT],
|
|
["--generate_full_theme_list", GetoptLong::NO_ARGUMENT],
|
|
["--generate_all", GetoptLong::NO_ARGUMENT],
|
|
["--gpl", GetoptLong::OPTIONAL_ARGUMENT], # Alias for --generate_plugin_list
|
|
["--gfpl", GetoptLong::OPTIONAL_ARGUMENT], # Alias for --generate_full_plugin_list
|
|
["--gtl", GetoptLong::OPTIONAL_ARGUMENT], # Alias for --generate_theme_list
|
|
["--gftl", GetoptLong::OPTIONAL_ARGUMENT], # Alias for --generate_full_theme_list
|
|
["--ga", GetoptLong::OPTIONAL_ARGUMENT], # Alias for --generate_all
|
|
["--update", "-u", GetoptLong::NO_ARGUMENT],
|
|
["--check-vuln-ref-urls", GetoptLong::NO_ARGUMENT],
|
|
["--cvru", GetoptLong::NO_ARGUMENT], # Alias for --check-vuln-ref-urls
|
|
["--check-local-vulnerable-files", GetoptLong::REQUIRED_ARGUMENT],
|
|
["--clvf", GetoptLong::REQUIRED_ARGUMENT] # Alias for --check-local-vulnerable-files
|
|
)
|
|
|
|
options.each do |option, argument|
|
|
case option
|
|
when "--help"
|
|
help()
|
|
exit
|
|
when "--verbose"
|
|
@verbose = true
|
|
when "--generate_plugin_list", "--gpl"
|
|
if argument == ''
|
|
puts "Number of pages not supplied, defaulting to 150 pages ..."
|
|
@number_of_pages = 150
|
|
else
|
|
@number_of_pages = argument.to_i
|
|
end
|
|
|
|
@generate_plugin_list = true
|
|
when "--generate_theme_list", "--gtl"
|
|
if argument == ''
|
|
puts "Number of pages not supplied, defaulting to 150 pages ..."
|
|
@number_of_pages = 150
|
|
else
|
|
@number_of_pages = argument.to_i
|
|
end
|
|
|
|
@generate_theme_list = true
|
|
when "--update"
|
|
@update = true
|
|
when "--generate_full_plugin_list", "--gfpl"
|
|
@generate_full_plugin_list = true
|
|
when "--generate_full_theme_list", "--gftl"
|
|
@generate_full_theme_list = true
|
|
when "--generate_all", "--ga"
|
|
@generate_plugin_list = true
|
|
@generate_theme_list = true
|
|
@number_of_pages = 150
|
|
@generate_full_theme_list = true
|
|
@generate_full_plugin_list = true
|
|
when "--check-vuln-ref-urls", "--cvru"
|
|
@check_vuln_ref_urls = true
|
|
when "--check-local-vulnerable-files", "--clvf"
|
|
@check_local_vulnerable_files = true
|
|
@dir_to_scan = argument
|
|
end
|
|
end
|
|
|
|
if @update
|
|
unless @updater.nil?
|
|
puts @updater.update()
|
|
else
|
|
puts "Svn / Git not installed, or wpscan has not been installed with one of them."
|
|
puts "Update aborted"
|
|
end
|
|
end
|
|
|
|
if @generate_plugin_list
|
|
puts "[+] Generating new most popular plugin list"
|
|
puts
|
|
Generate_List.new('plugins', @verbose).generate_popular_list(@number_of_pages)
|
|
end
|
|
|
|
if @generate_full_plugin_list
|
|
puts "[+] Generating new full plugin list"
|
|
puts
|
|
Generate_List.new('plugins', @verbose).generate_full_list
|
|
end
|
|
|
|
if @generate_theme_list
|
|
puts "[+] Generating new most popular theme list"
|
|
puts
|
|
Generate_List.new('themes', @verbose).generate_popular_list(@number_of_pages)
|
|
end
|
|
|
|
if @generate_full_theme_list
|
|
puts "[+] Generating new full theme list"
|
|
puts
|
|
Generate_List.new('themes', @verbose).generate_full_list
|
|
end
|
|
|
|
# seclists.org redirects to the homepage if the reference does not exist
|
|
# TODO : the special case above
|
|
if @check_vuln_ref_urls
|
|
vuln_ref_files = ["plugin_vulns.xml", "theme_vulns.xml", "wp_vulns.xml"]
|
|
error_codes = [404, 500, 403]
|
|
not_found_regexp = %r{No Results Found|error 404|ID Invalid or Not Found}i
|
|
|
|
puts "[+] Checking vulnerabilities reference urls"
|
|
|
|
vuln_ref_files.each do |vuln_ref_file|
|
|
xml = Nokogiri::XML(File.open(DATA_DIR + '/' + vuln_ref_file)) do |config|
|
|
config.noblanks
|
|
end
|
|
|
|
urls = []
|
|
xml.xpath("//reference").each { |node| urls << node.text }
|
|
|
|
urls.uniq!
|
|
|
|
dead_urls = []
|
|
queue_count = 0
|
|
request_count = 0
|
|
browser = Browser.instance
|
|
hydra = browser.hydra
|
|
number_of_urls = urls.size
|
|
|
|
urls.each do |url|
|
|
request = browser.forge_request(url, { :cache_timeout => 0, :follow_location => true })
|
|
request_count += 1
|
|
|
|
request.on_complete do |response|
|
|
print "\r [+] Checking #{vuln_ref_file} #{number_of_urls} total ... #{(request_count * 100) / number_of_urls}% complete."
|
|
|
|
if error_codes.include?(response.code) or not_found_regexp.match(response.body)
|
|
dead_urls << url
|
|
end
|
|
end
|
|
|
|
hydra.queue(request)
|
|
queue_count += 1
|
|
|
|
if queue_count == browser.max_threads
|
|
hydra.run
|
|
queue_count = 0
|
|
end
|
|
end
|
|
|
|
hydra.run
|
|
puts
|
|
unless dead_urls.empty?
|
|
dead_urls.each { |url| puts " Not Found #{url}" }
|
|
end
|
|
end
|
|
end
|
|
|
|
if @check_local_vulnerable_files
|
|
if Dir::exist?(@dir_to_scan)
|
|
xml_file = DATA_DIR + "/local_vulnerable_files.xml"
|
|
local_hashes = {}
|
|
file_extension_to_scan = "*.{js,php,swf,html,htm}"
|
|
|
|
print "[+] Generating local hashes ... "
|
|
|
|
Dir[File::join(@dir_to_scan, "**", file_extension_to_scan)].each do |filename|
|
|
sha1sum = Digest::SHA1.file(filename).hexdigest
|
|
|
|
if local_hashes.has_key?(sha1sum)
|
|
local_hashes[sha1sum] << filename
|
|
else
|
|
local_hashes[sha1sum] = [filename]
|
|
end
|
|
end
|
|
|
|
puts "done."
|
|
|
|
puts "[+] Checking for vulnerable files ..."
|
|
|
|
xml = Nokogiri::XML(File.open(xml_file)) do |config|
|
|
config.noblanks
|
|
end
|
|
|
|
xml.xpath("//hash").each do |node|
|
|
sha1sum = node.attribute("sha1").text
|
|
|
|
if local_hashes.has_key?(sha1sum)
|
|
local_filenames = local_hashes[sha1sum]
|
|
vuln_title = node.search("title").text
|
|
vuln_filename = node.search("file").text
|
|
vuln_refrence = node.search("reference").text
|
|
|
|
puts " #{vuln_filename} found :"
|
|
puts " | Location(s):"
|
|
local_filenames.each do |file|
|
|
puts " | - #{file}"
|
|
end
|
|
puts " |"
|
|
puts " | Title: #{vuln_title}"
|
|
puts " | Refrence: #{vuln_refrence}" if !vuln_refrence.empty?
|
|
puts
|
|
end
|
|
end
|
|
|
|
puts "done."
|
|
|
|
else
|
|
puts "The supplied directory '#{@dir_to_scan}' does not exist"
|
|
end
|
|
end
|
|
|
|
rescue => e
|
|
puts "[ERROR] #{e.message}"
|
|
puts "Trace :"
|
|
puts e.backtrace.join("\n")
|
|
end
|