- closes #21

- closes #23
iniqua · Nov 12, 2017 · 1a4a11b · 1a4a11b
1 parent 1545853
commit 1a4a11b
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 13 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.1.2
+1.1.3
diff --git a/plecost_lib/plecost.py → plecost_lib/__main__.py b/plecost_lib/plecost.py → plecost_lib/__main__.py
@@ -151,6 +151,10 @@ def main():
     gr_performance = parser.add_argument_group("advanced options")
     gr_performance.add_argument('-c', '--concurrency', dest="CONCURRENCY", type=int, help="number of parallel processes.",
                                 default=4)
+    gr_performance.add_argument('--ignore-403', dest="IGNORE_403",
+                                action="store_true",
+                                help="ignore 403 server responses",
+                                default=False)
     # gr_performance.add_argument('--proxy', dest="PROXY", help="proxy as format proxy:port.", default=None)
     gr_performance.add_argument('-nb', dest="NO_BANNER", action="store_true", help="don't display banner",
                                 default=False)
@@ -253,7 +257,7 @@ def main():
         # Set config
         config = PlecostOptions(target=args.target[0],
                                 hostname=args.HOSTNAME,
-                                # proxy=args.PROXY,
+                                ignore_403=args.IGNORE_403,
                                 concurrency=args.CONCURRENCY,
                                 verbosity=args.verbose,
                                 log_function=log,

diff --git a/plecost_lib/libs/data.py b/plecost_lib/libs/data.py
@@ -108,6 +108,7 @@ def __init__(self, **kwargs):
         self.__no_check_wordpress_version = kwargs.get("no_check_wordpress_version", False)
         self.__force_scan = kwargs.get("force_scan", False)
         self.__jackass = kwargs.get("jackass", False)
+        self.ignore_403 = kwargs.get("IGNORE_403", False)
 
         # Check types and default values
         if not isinstance(self.__target, str):

diff --git a/plecost_lib/libs/plugins_utils.py b/plecost_lib/libs/plugins_utils.py
@@ -75,7 +75,7 @@ def _url_generator(url_base, data):
     urls_plugin_regex = {
         "readme.txt": exp,
         "README.txt": exp,
-        }
+    }
 
     results = []
     # Test each URL with possible plugin version info
@@ -178,7 +178,7 @@ def _plugin_analyze(data_map, error_page, db, log, url, headers, status, content
         text = ("\n    <%(symbol)s> Plugin found: %(name)s\n"
                 "        |_Latest version: %(last)s\n"
                 "        |_Installed version: %(curr)s"
-               ) % {
+                ) % {
                    "symbol": colorize("!", "red") if plugin.is_outdated else "i",
                    "name": colorize(plugin.plugin_name, "blue"),
                    "last": colorize(plugin.latest_version),
@@ -200,7 +200,7 @@ def _plugin_analyze(data_map, error_page, db, log, url, headers, status, content
             text = (
                        "\n        |_CVEs: %(text)s"
                    ) % {"text": colorize("NO CVEs found for this plugin",
-                                        "green")}
+                                         "green")}
             log(text)
 
         return plugin  # Plugin found -> not more URL test for this plugin
@@ -218,6 +218,7 @@ def plugins_testing(url,
                     data_list,
                     db,
                     concurrency=4,
+                    ignore_403=False,
                     loop=None,
                     con=None):
     """
@@ -257,6 +258,7 @@ def plugins_testing(url,
                               session=session,
                               max_tasks=concurrency,
                               loop=loop,
+                              ignore_403=ignore_403,
                               max_redirects=0)
     cr.add_url_list(urls)
 

diff --git a/plecost_lib/libs/utils.py b/plecost_lib/libs/utils.py
@@ -319,6 +319,7 @@ def __init__(self,
                  session,
                  max_redirects=2,
                  max_tasks=10,
+                 ignore_403=False,
                  loop=None):
         """
         :param process_url_content: function to process URL content, after it is downloaded
@@ -336,6 +337,9 @@ def __init__(self,
         :param loop: optional event loop object
         :type loop: loop
 
+        :param ignore_403: Ignore 403 responses from server
+        :type ignore_403: bool
+
         :param connector: aioTCPConnector object
         :type connector: aiohttp.TCPConnector
 
@@ -347,6 +351,7 @@ def __init__(self,
         >>> loop.run_until_complete(v.run())
         """
         self.session = session
+        self.ignore_403 = ignore_403,
         self.max_redirects = max_redirects
         self.process_url_function = process_url_content or (lambda x: None)
         self.max_tasks = max_tasks
@@ -375,10 +380,13 @@ def _work(self):
                                                            max_redirect=self.max_redirects,
                                                            loop=self.loop)
 
-            # Processing response
-            _r = self.process_url_function(url, headers, status, content)
-            if _r is not None:
-                self.__results_append(_r)
+            if self.ignore_403 is True and status == 403:
+                continue
+            else:
+                # Processing response
+                _r = self.process_url_function(url, headers, status, content)
+                if _r is not None:
+                    self.__results_append(_r)
 
             del headers, status, content
 

diff --git a/plecost_lib/libs/versions.py b/plecost_lib/libs/versions.py
@@ -92,6 +92,7 @@ def find_versions(args):
     no_check_plugins = args.no_check_plugins
     no_check_wordpress_version = args.no_check_wordpress_version
     force_scan = args.force_scan
+    ignore_403 = args.ignore_403
     hostname = args.hostname
 
     # Jackass mode is set?
@@ -210,6 +211,7 @@ def find_versions(args):
                                                                cve_info,
                                                                db,
                                                                concurrency,
+                                                               ignore_403,
                                                                loop))
     log("\n[*] Done! \n")
 

diff --git a/setup.py b/setup.py
@@ -60,14 +60,15 @@
     version=VERSION,
     packages=find_packages(),
     long_description=readme,
+    include_package_data=True,
     install_requires=required,
     url='https://github.com/iniqua/plecost/tree/python3',
-    license='GPL2',
+    license='BSD',
     author='Plecost team',
     author_email='plecost@iniqua.com',
     entry_points={'console_scripts': [
-        'plecost = plecost_lib.plecost:main',
-        ]},
+        'plecost = plecost_lib.__main__:main',
+    ]},
     description='Wordpress finger printer tool and vulnerabilities searcher',
     classifiers=[
         'Environment :: Console',
@@ -79,5 +80,5 @@
         'Operating System :: POSIX',
         'Programming Language :: Python :: 3',
         'Topic :: Security',
-        ]
+    ]
 )