New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expand wordpress_scanner to look for themes & plugins #14423
Conversation
@@ -188,29 +188,29 @@ def extract_and_check_version(body, type, item_type, fixed_version = nil, vuln_i | |||
if fixed_version.nil? | |||
if vuln_introduced_version.nil? | |||
# All versions are vulnerable | |||
return Msf::Exploit::CheckCode::Appears | |||
return Msf::Exploit::CheckCode::Appears(details:version) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love it, you're using the new CheckCode details I added. Would it be better though to update this to details: {version: version}
to allow additional keys to be added to the check code details in the future? It may make sense to include a list of plugins someday. Using a hash with a version
key would mean that we wouldn't need to refactor a bunch of things and cross our fingers that we got them all if in the future we want to add more data.
documentation/modules/auxiliary/scanner/http/wordpress_scanner.md
Outdated
Show resolved
Hide resolved
should be good! |
travis check this please as the results look like a github failure |
It looks like all the feedback has been addressed except for the details being the raw version string instead of a hash containing the version string per this comment. |
sometimes you forget to |
So I was confused why the unit tests passed after the details was updated to a hash and I found out why:
Looks like the CheckCodes do not compare the details when it comes to equality checks. This makes sense so Safe always equals Safe even if the details contain different versions or whatever. What that means for this PR however is the specs should be updated to drop the details since they're not being compared. I'll go ahead and handle that after testing this. |
Well it took a couple of hours to run but this finished successfully and added all the proper notes. I'll go ahead and fix the unit tests, wait for travis to pass and then land this. Travis has been extra slow lately so it maybe 24 hours after I push the test changes but I'll handle it from here. Thanks a lot @h00die, this is an awesome improvement for the scanner. Testing Output
|
awesome! glad to hear its working |
Release NotesUpdated the Wordpress Scanner module to also identify common themes and plugins. |
Remember that time in #14419 where we added updates to
wp-plugins.txt
andwp-themes.txt
? Yea, well:We have these files, which are huge, and aren't used. Instead of removing them, lets use them!
This PR updates
wordpress_scanner
to also enumerate themes and plugins. It also modifies the theme/plugin version wordpress lib to return the version in the details thanks to #14294 . Also a rubocop, and msftidy_docs.Verification
msfconsole
use auxiliary/scanner/http/wordpress_version
set rhosts [ip]
run
Is it worth adding a note? The version part does that, I was 50/50 if it was worth the effort, not sure many people actually use notes. I'll take input.