little refactoring, added regex pattern matching to wordpress version…

… identification plugin
metachris · Dec 9, 2011 · 1fbcbcb · 1fbcbcb
1 parent 43b2e3f
commit 1fbcbcb
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 6 deletions.
diff --git a/scanner/plugins/prototype.py b/scanner/plugins/prototype.py
@@ -19,3 +19,8 @@ def log(self, s):
 
     def logv(self, s):
         self.scanner.logv(s)
+
+    @property
+    def info(self):
+        """Dictionary with collected data (including already run plugins)"""
+        return self.scanner.info
diff --git a/scanner/plugins/remote_version.py b/scanner/plugins/remote_version.py
@@ -1,12 +1,14 @@
 """Plugin to find the used wordpress version of a remote installation"""
 
+import re
+import hashlib
 from prototype import Prototype
 
 HASH_MD5 = 0
 CONTAINS = 1
 
 # Identifiers for wordpress versions can either be specific file hashes, or
-# strings that have to be contained in a file.
+# regex patterns that have to be contained in a file.
 VERSIONS = {
     "3.2.1": [
         ("/wp-content/themes/twentyeleven/style.css", HASH_MD5,
@@ -32,11 +34,24 @@ class Plugin(Prototype):
     remote = True
 
     def start(self):
-        self.log("Trying to find out the exact wordpress version...")
+        self.log("Trying to find the exact wordpress version...")
+        self.info["version"] = self.find_version()
+        self.log("- Wordpress version: %s" % self.info["version"] or "unknown")
+
+    def find_version(self):
         versions = VERSIONS.keys()
         versions.sort(reverse=True)
         for v in versions:
             for identifyer in VERSIONS[v]:
                 self.logv("- Checking for %s..." % v)
                 url, id_type, token = identifyer
                 r = self.request(url)
+                if r.status_code in [200, 403]:
+                    if id_type == HASH_MD5:
+                        md5 = hashlib.md5(r.content).hexdigest()
+                        if md5 == token:
+                            return v
+                    elif id_type == CONTAINS:
+                        pattern = re.compile(token)
+                        if pattern.search(r.content):
+                            return v
diff --git a/scanner/scanner.py b/scanner/scanner.py
@@ -16,19 +16,21 @@
 import os.path
 import imp
 import urlparse
-
 import requests
 
 
 class Scanner(object):
-    plugins = []
-    results = {}
+    """Plugin based wordpress scanner module"""
     remote = None
+    verbose = False
+    location = None
 
+    info = {}
+    plugins = []
     request_buffer = {}
 
-    """Plugin based wordpress scanner module"""
     def __init__(self, location, verbose):
+        """Instantiate class and load plugins"""
         self.verbose = verbose
         self.location = location
         self.remote = not os.path.exists(self.location)
@@ -44,6 +46,7 @@ def logv(self, s):
             self.log(s)
 
     def load_plugins(self):
+        """Load plugins from the plugins/ subdirectory"""
         self.logv("Loading plugins")
         pluginpath = os.path.join(imp.find_module("scanner")[1], "plugins/")
         pluginfiles = [fname[:-3] for fname in os.listdir(pluginpath) if \
@@ -70,8 +73,10 @@ def start(self):
                 "local", self.location))
         for plugin in self.plugins:
             plugin.start()
+        self.logv(self.info)
 
     def request(self, url, method="GET", data=None, headers=None):
+        """HTTP requests with cache"""
         key = str((url, method, data, headers))
         if key in self.request_buffer:
             return self.request_buffer[key]