garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e65c4f44973c1cf8b3e11b48a9fcd73f40c885a2
wpscan/doc/CheckerPlugin.html
Christian Mehlmauer 1afe12657f docs
2013-01-27 01:16:44 +01:00

484 lines
23 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class CheckerPlugin - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpstools/plugins/checker/checker_plugin.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Plugin.html">Plugin</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-check_local_vulnerable_files">#check_local_vulnerable_files</a>
<li><a href="#method-i-check_vuln_ref_urls">#check_vuln_ref_urls</a>
<li><a href="#method-i-run">#run</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class CheckerPlugin</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">author</span><span class="ruby-operator">:</span> <span class="ruby-string">'WPScanTeam - @erwanlr'</span>)
<span class="ruby-identifier">register_options</span>(
[<span class="ruby-string">'--check-vuln-ref-urls'</span>, <span class="ruby-string">'--cvru'</span>, <span class="ruby-string">'Check all the vulnerabilities reference urls for 404'</span>],
[<span class="ruby-string">'--check-local-vulnerable-files LOCAL_DIRECTORY'</span>, <span class="ruby-string">'--clvf'</span>, <span class="ruby-string">'Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells'</span>]
)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-check_local_vulnerable_files" class="method-detail ">
<div class="method-heading">
<span class="method-name">check_local_vulnerable_files</span><span
class="method-args">(dir_to_scan)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="check_local_vulnerable_files-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 93</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">check_local_vulnerable_files</span>(<span class="ruby-identifier">dir_to_scan</span>)
<span class="ruby-keyword">if</span> <span class="ruby-constant">Dir</span><span class="ruby-operator">::</span><span class="ruby-identifier">exist?</span>(<span class="ruby-identifier">dir_to_scan</span>)
<span class="ruby-identifier">xml_file</span> = <span class="ruby-constant">LOCAL_FILES_FILE</span>
<span class="ruby-identifier">local_hashes</span> = {}
<span class="ruby-identifier">file_extension_to_scan</span> = <span class="ruby-string">'*.{js,php,swf,html,htm}'</span>
<span class="ruby-identifier">print</span> <span class="ruby-string">'[+] Generating local hashes ... '</span>
<span class="ruby-constant">Dir</span>[<span class="ruby-constant">File</span><span class="ruby-operator">::</span><span class="ruby-identifier">join</span>(<span class="ruby-identifier">dir_to_scan</span>, <span class="ruby-string">'**'</span>, <span class="ruby-identifier">file_extension_to_scan</span>)].<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">filename</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">sha1sum</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA1</span>.<span class="ruby-identifier">file</span>(<span class="ruby-identifier">filename</span>).<span class="ruby-identifier">hexdigest</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">local_hashes</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-identifier">sha1sum</span>)
<span class="ruby-identifier">local_hashes</span>[<span class="ruby-identifier">sha1sum</span>] <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">filename</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">local_hashes</span>[<span class="ruby-identifier">sha1sum</span>] = [<span class="ruby-identifier">filename</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'done.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Checking for vulnerable files ...'</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">xml_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">'//hash'</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">sha1sum</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'sha1'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">local_hashes</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-identifier">sha1sum</span>)
<span class="ruby-identifier">local_filenames</span> = <span class="ruby-identifier">local_hashes</span>[<span class="ruby-identifier">sha1sum</span>]
<span class="ruby-identifier">vuln_title</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'title'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">vuln_filename</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'file'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">vuln_refrence</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'reference'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; #{vuln_filename} found :&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' | Location(s):'</span>
<span class="ruby-identifier">local_filenames</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; | - #{file}&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' |'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; | Title: #{vuln_title}&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; | Refrence: #{vuln_refrence}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">vuln_refrence</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'done.'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;The supplied directory '#{dir_to_scan}' does not exist&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- check_local_vulnerable_files-source -->
</div>
</div><!-- check_local_vulnerable_files-method -->
<div id="method-i-check_vuln_ref_urls" class="method-detail ">
<div class="method-heading">
<span class="method-name">check_vuln_ref_urls</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="check_vuln_ref_urls-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 40</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">check_vuln_ref_urls</span>
<span class="ruby-identifier">vuln_ref_files</span> = [<span class="ruby-constant">PLUGINS_VULNS_FILE</span>, <span class="ruby-constant">THEMES_VULNS_FILE</span>, <span class="ruby-constant">WP_VULNS_FILE</span>]
<span class="ruby-identifier">error_codes</span> = [<span class="ruby-value">404</span>, <span class="ruby-value">500</span>, <span class="ruby-value">403</span>]
<span class="ruby-identifier">not_found_regexp</span> = <span class="ruby-regexp">%r{No Results Found|error 404|ID Invalid or Not Found}</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Checking vulnerabilities reference urls'</span>
<span class="ruby-identifier">vuln_ref_files</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">vuln_ref_file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">vuln_ref_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">urls</span> = []
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">'//reference'</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span> <span class="ruby-identifier">urls</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">node</span>.<span class="ruby-identifier">text</span> }
<span class="ruby-identifier">urls</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-identifier">dead_urls</span> = []
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">hydra</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">number_of_urls</span> = <span class="ruby-identifier">urls</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">urls</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">url</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-identifier">cache_timeout</span><span class="ruby-operator">:</span> <span class="ruby-value">0</span>, <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span> })
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\r [+] Checking #{vuln_ref_file} #{number_of_urls} total ... #{(request_count * 100) / number_of_urls}% complete.&quot;</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">error_codes</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>) <span class="ruby-keyword">or</span> <span class="ruby-identifier">not_found_regexp</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-identifier">dead_urls</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">url</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">dead_urls</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-identifier">dead_urls</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">url</span><span class="ruby-operator">|</span> <span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; Not Found #{url}&quot;</span> }
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- check_vuln_ref_urls-source -->
</div>
</div><!-- check_vuln_ref_urls-method -->
<div id="method-i-run" class="method-detail ">
<div class="method-heading">
<span class="method-name">run</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="run-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 30</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">run</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:check_vuln_ref_urls</span>]
<span class="ruby-identifier">check_vuln_ref_urls</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:check_local_vulnerable_files</span>]
<span class="ruby-identifier">check_local_vulnerable_files</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:check_local_vulnerable_files</span>])
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- run-source -->
</div>
</div><!-- run-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>
Reference in New Issue View Git Blame Copy Permalink