Added .temp and core __init__.pyc to gitignore, functionality to scan…

… plugins from given repo URL or ZIP arhive

.gitignore

@@ -4,3 +4,5 @@ core/__pycache__/*.pyc
 Modules/__pycache__/*.pyc
 test/Modules/__pycache__
 test/__pycache__
+.temp
+core/__init__.pyc

Modules/ArbitraryFileUpload.py

@@ -0,0 +1,14 @@
+from core.modules import BaseClass
+
+
+class ArbitraryFileUpload(BaseClass):
+
+    name = "Arbitrary File Upload"
+
+    severity = "High"
+
+    functions = [
+        "move_uploaded_file"
+    ]
+
+    blacklist = []

Modules/__init__.py

@@ -7,6 +7,7 @@
 from .LDAPInjection import LDAPInjection
 from .HeaderInjection import HeaderInjection
 from .OptionsUpdate import OptionsUpdate
+from .ArbitraryFileUpload import ArbitraryFileUpload
 
 classes = {
     'CommandExecution': CommandExecution,
@@ -17,5 +18,6 @@
     'LDAPInjection': LDAPInjection,
     'OptionsUpdate': OptionsUpdate,
     'SQLInjection': SQLInjection,
-    'XPATHInjection': XPATHInjection
+    'XPATHInjection': XPATHInjection,
+    'ArbitraryFileUpload': ArbitraryFileUpload
 }

core/scanner.py

@@ -2,18 +2,43 @@
 import os
 from core import passive_check
 from core.passive_check import passive_check as passive_check_processor
-
+import requests
+import re
+import zipfile
+import io
 from terminaltables import AsciiTable, DoubleTable, SingleTable
 from colorama import Fore, Back, Style
 import copy
+import shutil
 
 
 CODE_VULNERABILITIES = [
     ['Severity', 'Vulnerability', 'File', 'Info']
 ]
 
+
 # Main function to handle files processing
 def scan(args):
+
+    # Delete .temp folder from previous scan
+    try:
+        shutil.rmtree('.temp')
+    except FileNotFoundError:
+        pass
+
+    # Plugin repository URL
+    if args.path[:7] in ['https:/', 'http://'] and args.path[-4:] != ".zip":
+        print('URL given')
+        download_url = scrape_plugin_download_url(args.path)
+        download_plugin(download_url)
+        args.path = ".temp/"
+
+    # Plugin ZIP download URL
+    if args.path[:7] in ['https:/', 'http://'] and args.path[-4:] == ".zip":
+        print("ZIP file given")
+        download_plugin(args.path)
+        args.path = ".temp/"
+
     modules = {
         'enabled': [x.strip() for x in args.enabled.split(',')],
         'disabled': [x.strip() for x in args.disabled.split(',')]
@@ -45,6 +70,11 @@ def scan(args):
     print(table_instance.table)
     print()
 
+    # Cleanup
+    if args.cleanup:
+        print("Doing cleanup")
+        shutil.rmtree('.temp')
+
 def check_file(file,r, modules):
     path = os.path.join(r, file)
     content = read_file(path)
@@ -72,3 +102,16 @@ def read_file(path):
     if f.mode == 'r':
        contents = f.read()
        return contents
+
+
+def scrape_plugin_download_url(plugin_url):
+    r = requests.get(plugin_url)
+    response = r.text
+    download_url = re.search('\"downloadUrl\": \"(.+)\",', response)[1].replace("\\", "")
+    return download_url
+
+
+def download_plugin(download_url):
+    r = requests.get(download_url)
+    z = zipfile.ZipFile(io.BytesIO(r.content))
+    z.extractall(".temp")

requirements.txt

@@ -1,3 +1,8 @@
+certifi==2019.3.9
+chardet==3.0.4
 colorama==0.4.1
+idna==2.8
+requests==2.21.0
 tabulate==0.8.3
 terminaltables==3.1.0
+urllib3==1.24.2

wpbullet.py

@@ -18,6 +18,8 @@ def main():
     parser.add_argument('--path', type=str, dest='path', help='Path to plugin to analyze')
     parser.add_argument('--enabled', type=str, dest='enabled', help='Modules to enable', default="")
     parser.add_argument('--disabled', type=str, dest='disabled', help='Modules to disable', default="")
+    parser.add_argument('--cleanup', type=bool, dest='cleanup', help='Clean .temp folder after scanning remotely '
+                                                                     'downloaded plugin', default=False)
 
     args = parser.parse_args()