Skip to content

Commit

Permalink
Merge pull request #36 from LMCv3/master
Browse files Browse the repository at this point in the history 
Added Hashes for WP 4.9.8 & Multiple fixes and enhancements
  • Loading branch information
@mattyrob
mattyrob committed Aug 27, 2018
2 parents 361ee7d + b1c56e0 commit 70ae9d9
Show file tree
Hide file tree
Showing 31 changed files with 29,209 additions and 27,864 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@

# Ignore WordPress archive
latest.zip
wordpress-*.zip
.DS_Store
339 changes: 169 additions & 170 deletions esahg/esahg.php
100755 → 100644
View file
Original file line number Diff line number Diff line change
@@ -1,170 +1,169 @@
<?php
/*
Plugin Name: Exploit Scanner Auto Hash Generator
Plugin URI: https://github.com/mattyrob
Description: Checks for and then automatically generates hash files for use in the Exploit Scanner plugin for WordPress.
Version: 1.0b
Author: Matthew Robinson
Author URI: https://github.com/mattyrob
Licence: GPL3
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=2387904
Text Domain: esahg
*/

define( 'ESAHGDIR', trailingslashit( plugin_basename( dirname( __FILE__ ) ) ) );
define( 'ESAHGPATH', WP_CONTENT_DIR . '/' . ESAHGDIR );
add_action( 'admin_menu', 'esahg_admin' );

function esahg_admin() {
load_plugin_textdomain( 'eashg', 'wp-content/plugins/' . ESAHGDIR, '/' . ESAHGDIR );
add_management_page( __( 'Exploit Scanner Auto Hash Generator', 'eashg' ), __( 'Exploit Scanner Auto Hash Generator', 'eashg' ), apply_filters( 'eashg_capability', 'manage_options' ), 'eashg', 'eashg_menu' );
} // end eashg_admin()

function eashg_menu() {
global $wpdb;
echo '<div class="wrap">';
echo '<h2>' . __( 'Exploit Scanner Automatic Hash File Generator', 'esahg' ) . '</h2>';
if ( ! is_plugin_active( 'exploit-scanner/exploit-scanner.php' ) ) {
$exit_msg = sprintf( __( '%s is not active on this site, please download and activate it.', 'esahg' ), '<a href="https://wordpress.org/plugins/exploit-scanner/">Exploit Scanner</a>' );
exit( $exit_msg );
}
require( ABSPATH . WPINC . '/version.php' );
$es_path = WP_CONTENT_DIR . '/plugins/exploit-scanner/';
$hash_filename = sanitize_file_name( 'hashes-' . $wp_version . '.php' );
$file = $es_path . $hash_filename;

// instantiate WordPress file system for later
$creds = request_filesystem_credentials( site_url() . '/wp-admin/', '', false, false, array() );
if ( ! WP_Filesystem( $creds ) ) {
echo '<p>' . __( 'Unable to enable the WordPress Filesystem.', 'esahg' ) . '</p>';
exit;
}
global $wp_filesystem;

if ( ! is_readable( $file ) ) {
// attempt to get hashes from Wordpress.org API
$response = wp_safe_remote_get( esc_url( 'https://api.wordpress.org/core/checksums/1.0/?version=' . $GLOBALS['wp_version'] ) );
$checksums = json_decode( wp_remote_retrieve_body( $response ) );

if ( false !== $checksums->{'checksums'}->{$GLOBALS['wp_version']} ) {
$hashes_arr = array();
foreach ( $checksums->{'checksums'}->{$GLOBALS['wp_version']} as $filename => $checksum ) {
if ( false === strstr( $filename, 'wp-content/plugins/' ) && false === strstr( $filename, 'wp-content/themes/' ) ) {
$hashes_arr[ $filename ] = $checksum;
}
}
$hashes = '<?php' . "\r\n" . '$filehashes = array(' . "\r\n";
foreach ( $hashes_arr as $filename => $hash ) {
$hashes .= "'" . $filename . "' => '" . $hash . "',\r\n";
}
$hashes .= ");\r\n?>";
} else {
// fall back to zip file download if checksums are not returned
global $download_to;
$zip_filename = sanitize_file_name( 'wordpress-' . $wp_version . '.zip' );
if ( wp_mkdir_p( ESAHGPATH . 'wpzip' ) ) {
$download_to = ESAHGPATH . 'wpzip';
chdir( $download_to );
} else {
$download_to = '/tmp';
chdir( $download_to );
}
if ( ! is_readable( $download_to . '/' . $zip_filename ) ) {
if ( ! copy( 'http://wordpress.org/' . $zip_filename, $download_to . '/' . $zip_filename ) ) {
echo '<p>' . sprintf( __( 'Unable to download the required zip file from WordPress.org, manually download it and upload to %s.', 'esahg' ), ESAHGPATH ) . '</p>';
}
} else {
echo '<p>' . sprintf( __( 'WordPress Zip file located at %s.', 'esahg' ), $download_to . '/' . $zip_filename ) . '</p>';
}

if ( function_exists( 'zip_open' ) ) {
$hashes = esahg_zip( $zip_filename );
} else {
$hashes = esahg_nozip( $zip_filename );
}
}
} else {
echo '<p>' . sprintf( __( 'You appear to be using version %s of WordPress. A hash file for this version of WordPress already exists.', 'esahg' ), $wp_version ) . '</p>';
exit;
}

if ( ! $wp_filesystem->put_contents( $file, $hashes, FS_CHMOD_FILE ) ) {
echo '<p>' . __( 'Unable to write hashes file please create it manually with the following content:', 'esahg' ) . '</p>';
echo '<textarea>' . $hashes . '</textarea>';
} else {
echo '<p>' . sprintf( __( 'A Hash file called %s was successfully created!', 'esahg' ), $hash_filename ) . '</p>';
}
echo '</div>';
} // end eashg_menu()

function esahg_zip( $zip_filename ) {
$zip = zip_open( getcwd() . '/' . $zip_filename );
if ( is_resource( $zip ) ) {
while ( $zip_entry = zip_read( $zip ) ) {
zip_entry_open( $zip, $zip_entry, 'r' );
$wp_file = zip_entry_read( $zip_entry, zip_entry_filesize( $zip_entry ) );
if ( substr( zip_entry_name( $zip_entry ), -1, 1 ) !== '/' && false === strstr( zip_entry_name( $zip_entry ), 'wp-content/plugins/' ) && false === strstr( zip_entry_name( $zip_entry ), 'wp-content/themes/' ) ) {
$files[] = zip_entry_name( $zip_entry );
}
zip_entry_close( $zip_entry );
}
zip_close( $zip );
}

return hash_files( $files );
} // end esahg_zip()

function esahg_nozip( $zip_filename ) {
if ( is_readable( $download_to . '/' . $zip_filename ) ) {
$unzipfile = unzip_file( $download_to . '/' . $zip_filename, $download_to );
if ( is_wp_error( $unzipfile ) ) {
echo $unzipfile->get_error_message();
exit;
} else {
echo '<p>' . __( 'WordPress zip file unpacked.', 'esahg' ) . '</p>';
$files = array();
$files = walk_wp_directory( $download_to . '/wordpress' );
return hash_files( $files );
}
$wp_filesystem->delete( $download_to . '/wordpress/', true );
} else {
echo '<p>' . __( 'Sorry, unable to locate the WordPress zip archive.', 'esahg' ) . '</p>';
exit;
}
}

function walk_wp_directory( $dir ) {
global $download_to, $files;
if ( $handle = @opendir( $dir ) ) {
while ( false !== ( $file = readdir( $handle ) ) ) {
if ( '.' !== $file && '..' !== $file ) {
$file = $dir . '/' . $file;
if ( is_dir( $file ) ) {
walk_wp_directory( $file );
} elseif ( is_file( $file ) ) {
if ( false === strstr( $file, 'wp-content/plugins/' ) && false === strstr( $file, 'wp-content/themes/' ) ) {
$files[] = $file;
}
}
}
}
closedir( $handle );
return $files;
} else {
echo '<p>' . sprintf( __( 'Apologies, it seems the zip file has disappeared, please manually download it to %s or try again.', 'esahg' ), ESAHGPATH );
}
} // end walk_wp_directory()

function hash_files( $files = array() ) {
if ( empty( $files ) ) { return false; }

global $download_to;
sort( $files );
$file_hashes = '<?php' . "\r\n" . '$filehashes = array(' . "\r\n";
foreach ( $files as $file ) {
$file_hashes .= "'" . str_replace( $download_to . '/wordpress/', '', $file ) . "' => '" . md5( $file ) . "',\r\n";
}
$file_hashes .= ");\r\n?>";

return $file_hashes;
} // end hash_files()
<?php
/*
Plugin Name: Exploit Scanner Auto Hash Generator
Plugin URI: https://github.com/mattyrob
Description: Checks for and then automatically generates hash files for use in the Exploit Scanner plugin for WordPress.
Version: 1.0b
Author: Matthew Robinson
Author URI: https://github.com/mattyrob
Licence: GPL3
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&amp;hosted_button_id=2387904
Text Domain: esahg
*/

define( 'ESAHGDIR', trailingslashit( plugin_basename( dirname( __FILE__ ) ) ) );
define( 'ESAHGPATH', WP_CONTENT_DIR . '/' . ESAHGDIR );
add_action( 'admin_menu', 'esahg_admin' );

function esahg_admin() {
load_plugin_textdomain( 'eashg', 'wp-content/plugins/' . ESAHGDIR, '/' . ESAHGDIR );
add_management_page( __( 'Exploit Scanner Auto Hash Generator', 'eashg' ), __( 'Exploit Scanner Auto Hash Generator', 'eashg' ), apply_filters( 'eashg_capability', 'manage_options' ), 'eashg', 'eashg_menu' );
} // end eashg_admin()

function eashg_menu() {
global $wpdb;
echo '<div class="wrap">';
echo '<h2>' . __( 'Exploit Scanner Automatic Hash File Generator', 'esahg' ) . '</h2>';
if ( ! is_plugin_active( 'exploit-scanner/exploit-scanner.php' ) ) {
$exit_msg = sprintf( __( '%s is not active on this site, please download and activate it.', 'esahg' ), '<a href="https://wordpress.org/plugins/exploit-scanner/">Exploit Scanner</a>' );
wp_die( $exit_msg );
}
require( ABSPATH . WPINC . '/version.php' );
$es_path = WP_CONTENT_DIR . '/plugins/exploit-scanner/';
$hash_filename = sanitize_file_name( 'hashes-' . $wp_version . '.php' );
$file = $es_path . $hash_filename;

// instantiate WordPress file system for later
$creds = request_filesystem_credentials( site_url() . '/wp-admin/', '', false, false, array() );
if ( ! WP_Filesystem( $creds ) ) {
wp_die( '<p>' . __( 'Unable to enable the WordPress Filesystem.', 'esahg' ) . '</p>' );
}
global $wp_filesystem;

if ( ! is_readable( $file ) ) {
// attempt to get hashes from Wordpress.org API
$response = wp_safe_remote_get( esc_url( 'https://api.wordpress.org/core/checksums/1.0/?version=' . $GLOBALS['wp_version'] ) );
$checksums = json_decode( wp_remote_retrieve_body( $response ) );

if ( false !== $checksums->{'checksums'}->{$GLOBALS['wp_version']} ) {
$hashes_arr = array();
foreach ( $checksums->{'checksums'}->{$GLOBALS['wp_version']} as $filename => $checksum ) {
if ( false === strstr( $filename, 'wp-content/plugins/' ) && false === strstr( $filename, 'wp-content/themes/' ) ) {
$hashes_arr[ $filename ] = $checksum;
}
}
$hashes = '<?php' . "\r\n" . '$filehashes = array(' . "\r\n";
foreach ( $hashes_arr as $filename => $hash ) {
$hashes .= "'" . $filename . "' => '" . $hash . "',\r\n";
}
$hashes .= ");\r\n?>";
} else {
// fall back to zip file download if checksums are not returned
global $download_to;
$zip_filename = sanitize_file_name( 'wordpress-' . $wp_version . '.zip' );
if ( wp_mkdir_p( ESAHGPATH . 'wpzip' ) ) {
$download_to = ESAHGPATH . 'wpzip';
chdir( $download_to );
} else {
$download_to = '/tmp';
chdir( $download_to );
}
if ( ! is_readable( $download_to . '/' . $zip_filename ) ) {
if ( ! copy( 'http://wordpress.org/' . $zip_filename, $download_to . '/' . $zip_filename ) ) {
echo '<p>' . sprintf( __( 'Unable to download the required zip file from WordPress.org, manually download it and upload to %s.', 'esahg' ), ESAHGPATH ) . '</p>';
}
} else {
echo '<p>' . sprintf( __( 'WordPress Zip file located at %s.', 'esahg' ), $download_to . '/' . $zip_filename ) . '</p>';
}

if ( function_exists( 'zip_open' ) ) {
$hashes = esahg_zip( $zip_filename );
} else {
$hashes = esahg_nozip( $zip_filename );
}
}
} else {
echo '<p>' . sprintf( __( 'You appear to be using version %s of WordPress. A hash file for this version of WordPress already exists.', 'esahg' ), $wp_version ) . '</p>';
exit;
}

if ( ! $wp_filesystem->put_contents( $file, $hashes, FS_CHMOD_FILE ) ) {
echo '<p>' . __( 'Unable to write hashes file please create it manually with the following content:', 'esahg' ) . '</p>';
echo '<textarea>' . $hashes . '</textarea>';
} else {
echo '<p>' . sprintf( __( 'A Hash file called %s was successfully created!', 'esahg' ), $hash_filename ) . '</p>';
}
echo '</div>';
} // end eashg_menu()

function esahg_zip( $zip_filename ) {
$zip = zip_open( getcwd() . '/' . $zip_filename );
if ( is_resource( $zip ) ) {
while ( $zip_entry = zip_read( $zip ) ) {
zip_entry_open( $zip, $zip_entry, 'r' );
$wp_file = zip_entry_read( $zip_entry, zip_entry_filesize( $zip_entry ) );
if ( substr( zip_entry_name( $zip_entry ), -1, 1 ) !== '/' && false === strstr( zip_entry_name( $zip_entry ), 'wp-content/plugins/' ) && false === strstr( zip_entry_name( $zip_entry ), 'wp-content/themes/' ) ) {
$files[] = zip_entry_name( $zip_entry );
}
zip_entry_close( $zip_entry );
}
zip_close( $zip );
}

return hash_files( $files );
} // end esahg_zip()

function esahg_nozip( $zip_filename ) {
if ( is_readable( $download_to . '/' . $zip_filename ) ) {
$unzipfile = unzip_file( $download_to . '/' . $zip_filename, $download_to );
if ( is_wp_error( $unzipfile ) ) {
echo $unzipfile->get_error_message();
exit;
} else {
echo '<p>' . __( 'WordPress zip file unpacked.', 'esahg' ) . '</p>';
$files = array();
$files = walk_wp_directory( $download_to . '/wordpress' );
return hash_files( $files );
}
$wp_filesystem->delete( $download_to . '/wordpress/', true );
} else {
echo '<p>' . __( 'Sorry, unable to locate the WordPress zip archive.', 'esahg' ) . '</p>';
exit;
}
}

function walk_wp_directory( $dir ) {
global $download_to, $files;
if ( $handle = @opendir( $dir ) ) {
while ( false !== ( $file = readdir( $handle ) ) ) {
if ( '.' !== $file && '..' !== $file ) {
$file = $dir . '/' . $file;
if ( is_dir( $file ) ) {
walk_wp_directory( $file );
} elseif ( is_file( $file ) ) {
if ( false === strstr( $file, 'wp-content/plugins/' ) && false === strstr( $file, 'wp-content/themes/' ) ) {
$files[] = $file;
}
}
}
}
closedir( $handle );
return $files;
} else {
echo '<p>' . sprintf( __( 'Apologies, it seems the zip file has disappeared, please manually download it to %s or try again.', 'esahg' ), ESAHGPATH );
}
} // end walk_wp_directory()

function hash_files( $files = array() ) {
if ( empty( $files ) ) { return false; }

global $download_to;
sort( $files );
$file_hashes = '<?php' . "\n" . '$filehashes = array(' . "\n";
foreach ( $files as $file ) {
$file_hashes .= "'" . str_replace( $download_to . '/wordpress/', '', $file ) . "' => '" . md5( $file ) . "',\n";
}
$file_hashes .= ");\n?>";

return $file_hashes;
} // end hash_files()
Loading

0 comments on commit 70ae9d9

Please sign in to comment.