swisskyrepo
/
Wordpresscan
mirror of https://github.com/swisskyrepo/Wordpresscan.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ping,readme,debuglog and backup file detection

pull/4/head
Swissky 2017-02-23 12:00:48 +01:00
parent 95f6d6bbd3
commit 29fed7781d
19 changed files with 1010 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1 +1,4 @@
TODO/
*.pyc
engine/*.pyc
plugin/*.pyc

8
README.md
View File

@ -1,9 +1,11 @@
# Wordpresscan
Work in progress
```
WORK IN PROGRESS - DO NOT USE
```
A simple Wordpress scanner written in python
## Install & Launch
```
```bash
git clone https://github.com/swisskyrepo/Wordpresscan.git
cd Wordpresscan
chmod +x main.py

BIN
database/LICENSE Normal file
View File

Binary file not shown.

48
database/local_vulnerable_files.xml Normal file
View File

@ -0,0 +1,48 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Only he following extensions are scanned : js, php, swf, html, htm
If you want to add one, modify the variable file_extension_to_scan, line 191 in wpstools.rb
-->
<hashes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="local_vulnerable_files.xsd">
<hash sha1="17c372678aafb3bc1a7b37320b5cc1d8af433527">
<title>XSS in swfupload.swf</title>
<file>swfupload.swf</file>
<reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
</hash>
<hash sha1="775dc1089829ef07838406def28a4d8bfef69d66">
<title>Arbitrary File Upload Vulnerability</title>
<file>php.php</file>
<reference>http://packetstormsecurity.com/files/119241/wpvalums-shell.txt</reference>
</hash>
<!-- This one a is the same as above, but the postSize verification has been removed -->
<hash sha1="5e8f0d5a917d2937318a9bafd0529135bd473e70">
<title>Arbitrary File Upload Vulnerability</title>
<file>php.php</file>
<reference>http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt</reference>
</hash>
<hash sha1="3f9ad05b05b65ee2b6efa1373f708293dd2005c7">
<title>Arbitrary File Upload Vulnerability</title>
<file>uploadify.php</file>
<reference>http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt</reference>
</hash>
<hash sha1="ac638cc38f011b74a8d9a4e7d3d60358e472166c">
<title>Inline phpinfo()</title>
<file>phpinfo.php</file>
<reference>http://php.net/manual/en/function.phpinfo.php</reference>
</hash>
<hash sha1="012ee25cceff745e681fbb3697a06f3712f55554">
<title>phpinfo()</title>
<file>phpinfo.php</file>
<reference>http://php.net/manual/en/function.phpinfo.php</reference>
</hash>
</hashes>

42
database/local_vulnerable_files.xsd Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
<xs:restriction base="xs:string">
<xs:whiteSpace value="preserve" />
<xs:minLength value="1" />
<xs:pattern value="[^\s].+[^\s]|[^\s]"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="uritype">
<xs:restriction base="xs:anyURI">
<xs:minLength value="1" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="sha1type">
<xs:restriction base="stringtype">
<xs:pattern value="[0-9a-f]{40}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="hashtype">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="title" type="stringtype"/>
<xs:element name="file" type="stringtype"/>
<xs:element name="reference" type="uritype"/>
</xs:sequence>
<xs:attribute type="sha1type" name="sha1" use="required"/>
</xs:complexType>
<xs:element name="hashes">
<xs:complexType>
<xs:sequence>
<xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>

1
database/plugins.json Normal file
View File

File diff suppressed because one or more lines are too long

1
database/themes.json Normal file
View File

File diff suppressed because one or more lines are too long

BIN
database/timthumbs.txt Normal file
View File

Binary file not shown.

BIN
database/user-agents.txt Normal file
View File

Binary file not shown.

1
database/wordpresses.json Normal file
View File

File diff suppressed because one or more lines are too long

678
database/wp_versions.xml Normal file
View File

@ -0,0 +1,678 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file contains identification data to identify WordPress versions.
http://wordpress.org/download/release-archive/
Position is important, DO NOT change anything unless you know what you are doing :p
-->
<wp-versions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="wp_versions.xsd">
<file src="readme.html">
<hash md5="997cfaa41d14c329574ab63128a6d8ef">
<version>4.6.3</version>
</hash>
<hash md5="43c6fcf7a5e24ed469e6ff13b03fe7a3">
<version>4.6.2</version>
</hash>
<hash md5="df0f4d66b59b3338a5d012d52bc435fa">
<version>4.6.1</version>
</hash>
<hash md5="49e8cd983673db23788eab8cfd68b6ce">
<version>4.5.6</version>
</hash>
<hash md5="34945973736fe4690ad8bfd98e6536e0">
<version>4.5.5</version>
</hash>
<hash md5="03f530e9ec1ab1735e062d38149ff4ab">
<version>4.5.4</version>
</hash>
<hash md5="29c8aa59c025e67a8ac1d7a2270859ae">
<version>4.5.3</version>
</hash>
<hash md5="51ddc54e156a2eb1178dde690701afe3">
<version>4.5.2</version>
</hash>
<hash md5="5a06021dcac8af1d9790c5a3927d5235">
<version>4.5.1</version>
</hash>
<hash md5="7abbf8d3edc718acefcbe963ecb4eb61">
<version>4.5</version>
</hash>
<hash md5="c17af93c54f5e0f82f7d522b23254a01">
<version>4.4.7</version>
</hash>
<hash md5="95cf7c3c42b0fba340e4ba9c7c637dfc">
<version>4.4.6</version>
</hash>
<hash md5="d7d38b02f37be897fca290cfacfba50a">
<version>4.4.5</version>
</hash>
<hash md5="02c45477bc7ab7d9ab792919f41833cc">
<version>4.4.4</version>
</hash>
<hash md5="bb98b2cfe4e40d32280f8e79f18a3171">
<version>4.4.3</version>
</hash>
<hash md5="c17664e85bfe1b94a71597f49af06f77">
<version>4.4.2</version>
</hash>
<hash md5="4aa090adebb81f9d0aeb38e1fd9ce2ec">
<version>4.4.1</version>
</hash>
<hash md5="30d62b21a621e81280b10e73945a5c38">
<version>4.4</version>
</hash>
<hash md5="2a7f4dc8bd52d5d2e0cdea58d5949bff">
<version>4.3.8</version>
</hash>
<hash md5="01d23a48d9f2397d36dffd8d3cd2a83a">
<version>4.3.7</version>
</hash>
<hash md5="3d896637a80f2816b92684ae9276cddd">
<version>4.3.6</version>
</hash>
<hash md5="f957307acd12e95204a2c383272ce0fd">
<version>4.3.5</version>
</hash>
<hash md5="06c8085308f4e22411c477710338518c">
<version>4.3.4</version>
</hash>
<hash md5="324635de8b1d97e1e51d22b2dd79d472">
<version>4.3.3</version>
</hash>
<hash md5="80e2027d2ae1394172820adc117d51af">
<version>4.3.2</version>
</hash>
<hash md5="29c26e3150a452ccea556ee308935691">
<version>4.3.1</version>
</hash>
<hash md5="0d302db33ba0e49aaac1698423ef4b54">
<version>4.3</version>
</hash>
<hash md5="6cdc477ceb7d6bba951928c2445823aa">
<version>4.2.12</version>
</hash>
<hash md5="ddf7eb2aae278ab3a355aa248f9d8209">
<version>4.2.11</version>
</hash>
<hash md5="162ee7badad63243dfe7c4679af1c019">
<version>4.2.10</version>
</hash>
<hash md5="7346ab0a4d46d23cef6b6888a0727260">
<version>4.2.9</version>
</hash>
<hash md5="6adca796716ba77896b2a68c16ae99f2">
<version>4.2.8</version>
</hash>
<hash md5="60598928e506e91491f9322e94cf52a6">
<version>4.2.7</version>
</hash>
<hash md5="3296a741eaf6388b41f2b1e3d78783b8">
<version>4.2.6</version>
</hash>
<hash md5="37e612ca4b342f682e0ad48b78de6cc9">
<version>4.2.5</version>
</hash>
<hash md5="31053c9e79e9e63bc76b8eb92f68ec75">
<version>4.2.4</version>
</hash>
<hash md5="3ed7c1a6e718ccce554978fdaab6526a">
<version>4.2.3</version>
</hash>
<hash md5="8592124f91d6da8273fc42b419f384b0">
<version>4.2.2</version>
</hash>
<hash md5="f18dcf7c554efc0b197d2a320e5cd248">
<version>4.2.1</version>
</hash>
<hash md5="ded215e7acec9f6d04f3e370f486d3aa">
<version>4.2</version>
</hash>
<hash md5="f2ed0468d9ca40932e96ebe77e773762">
<version>4.1.15</version>
</hash>
<hash md5="93d4cbf103b49ad6998f6a480519ced6">
<version>4.1.14</version>
</hash>
<hash md5="fb4c2052b147355ba0b658d7860c37a5">
<version>4.1.13</version>
</hash>
<hash md5="b0289dd7b86fb56f07708bb14f3795fc">
<version>4.1.11</version>
</hash>
<hash md5="6c1415726fe2f04ad0157c6174d1f734">
<version>4.1.12</version>
</hash>
<hash md5="04815654ef433ae5b019786e7c3753f1">
<version>4.1.10</version>
</hash>
<hash md5="db5c7b4f7bab8f481dbc78262bb92c2b">
<version>4.1.9</version>
</hash>
<hash md5="97fa4d86c9b424b8810f872d1803d118">
<version>4.1.8</version>
</hash>
<hash md5="f91912f2fad5f1383927c9e98d3a7746">
<version>4.1.7</version>
</hash>
<hash md5="0b91870a4cc0857bbcd9c140791ddede">
<version>4.1.6</version>
</hash>
<hash md5="30215f440132ce7414c4c48d1f520767">
<version>4.1.5</version>
</hash>
<hash md5="21584d9435d82fd371904611a7e25289">
<version>4.1.4</version>
</hash>
<hash md5="60ce7d3fed721c23cc46c7aaa77c1df8">
<version>4.1.3</version>
</hash>
<hash md5="58c2fe4eb8b7866abb8912dc7fc2f616">
<version>4.1.2</version>
</hash>
<hash md5="ce78b2213f70701834658c9007f0c947">
<version>4.1.1</version>
</hash>
<hash md5="321aad4ba63043f888cb072cedf9ef78">
<version>4.1</version>
</hash>
<hash md5="e53f13483b321b874cdb48b644a83ed1">
<version>4.0.15</version>
</hash>
<hash md5="84d35f2059bd5466c4f95cb632e710f3">
<version>4.0.14</version>
</hash>
<hash md5="01054cfb251b2bd00dc51f3a1c4beb5d">
<version>4.0.13</version>
</hash>
<hash md5="21a788d3e8b7945c20a47b975b3fc915">
<version>4.0.12</version>
</hash>
<hash md5="1b7fdd91e1cea1cb18779262e7b13dd0">
<version>4.0.11</version>
</hash>
<hash md5="ac4edd239f424cd811d0bb0097354405">
<version>4.0.10</version>
</hash>
<hash md5="288f36185879e687f7cae3a7a41f8d6c">
<version>4.0.9</version>
</hash>
<hash md5="009dd49817e70b9859b50d7d7e2b8152">
<version>4.0.8</version>
</hash>
<hash md5="4ad554f864ffaf1ac491a610ba054e49">
<version>4.0.7</version>
</hash>
<hash md5="62a283e6ecb4bb247123392312469b40">
<version>4.0.6</version>
</hash>
<hash md5="1adf30a1d6fe172f37da7dca83496c7d">
<version>4.0.5</version>
</hash>
<hash md5="85a6b662f1733509acb224c273897b24">
<version>4.0.4</version>
</hash>
<hash md5="411d19aaa3bb5d45f8aa8714575ee48b">
<version>4.0.3</version>
</hash>
<hash md5="ed8777afffc86285afc57984da43fdbd">
<version>4.0.2</version>
</hash>
<hash md5="70cdb035f3dd51138d5997eaa4d93798">
<version>4.0.1</version>
</hash>
<hash md5="f00855fca05f89294d0fcee6bebea64a">
<version>4.0</version>
</hash>
<hash md5="8f4d451aeead063e6367c9d5dcd02ee7">
<version>3.9.16</version>
</hash>
<hash md5="e61db9d4bdf4493d01f93b7f2d31b7aa">
<version>3.9.15</version>
</hash>
<hash md5="38cbc7bd229691e2f7570f39e2ed79f0">
<version>3.9.14</version>
</hash>
<hash md5="ae364ca23dae20cbdbfa5f861aa70e13">
<version>3.9.13</version>
</hash>
<hash md5="5cb6e5fcb570702e99792352d0288a8a">
<version>3.9.12</version>
</hash>
<hash md5="342344249a8f5cbfb205262aaf353a16">
<version>3.9.11</version>
</hash>
<hash md5="d517492c730895ce405875758f5942b3">
<version>3.9.10</version>
</hash>
<hash md5="87f4b1dd4ea5e17b30233722077adb0c">
<version>3.9.9</version>
</hash>
<hash md5="c4371f9433505dd8cea5f03bf5e6c328">
<version>3.9.8</version>
</hash>
<hash md5="1a6acdaa1de27568ce672ff9748914e0">
<version>3.9.7</version>
</hash>
<hash md5="2e7463a0999c6495b6d1c79a48c81d46">
<version>3.9.6</version>
</hash>
<hash md5="57b9f0931f2da4389af92e07bc702505">
<version>3.9.5</version>
</hash>
<hash md5="38466bbd5205e09d8bbb4e46bfd4aec5">
<version>3.9.4</version>
</hash>
<hash md5="62a78170a740a4460a8d25e00c1839f5">
<version>3.9.3</version>
</hash>
<hash md5="dfb2d2be1648ee220bf9bd3c03694ed8">
<version>3.9.2</version>
</hash>
<hash md5="cdbf9b18e3729b3553437fc4e9b6baad">
<version>3.9.1</version>
</hash>
<hash md5="84b54c54aa48ae72e633685c17e67457">
<version>3.9</version>
</hash>
<hash md5="39364ff8391782cbd182e7061b3db3fe">
<version>3.8.18</version>
</hash>
<hash md5="3c06b96336ba61373c24ad5f6c4f6e52">
<version>3.8.17</version>
</hash>
<hash md5="fbf520feecde27820e9f27ed409440d5">
<version>3.8.16</version>
</hash>
<hash md5="3abfa03d4f3a5a52f55ddc31fc536933">
<version>3.8.15</version>
</hash>
<hash md5="e55306288cf2edc63e25414fbb22de37">
<version>3.8.14</version>
</hash>
<hash md5="6d479ec8dfb4917d96f3cee805cd36ae">
<version>3.8.13</version>
</hash>
<hash md5="2d2914c37b51e6f266ab50b561574dd6">
<version>3.8.12</version>
</hash>
<hash md5="5bbd02dd56f85902dfe6f79081bc1e14">
<version>3.8.11</version>
</hash>
<hash md5="ebdf3445a03dca2d2f3d4097a3db9e30">
<version>3.8.10</version>
</hash>
<hash md5="38ce781f075385a61979a705ee120de6">
<version>3.8.9</version>
</hash>
<hash md5="eef2236f174830a5ea4ef6346c9b6d23">
<version>3.8.8</version>
</hash>
<hash md5="0f74cf5708da39cb3c86dc49c8f276c8">
<version>3.8.7</version>
</hash>
<hash md5="ad646c841cf11f2dc8a8f76f65e4ca42">
<version>3.8.6</version>
</hash>
<hash md5="4821f33f92f597623a524a34f3be4651">
<version>3.8.5</version>
</hash>
<hash md5="fb73e4ab558adc3948adf2653e28d880">
<version>3.8.4</version>
</hash>
<hash md5="c6de8fc70a18be7e5c36198cd0f99a64">
<version>3.8.3</version>
</hash>
<hash md5="e01a2663475f6a7a8363a7c75a73fe23">
<version>3.8.2</version>
</hash>
<hash md5="0d0eb101038124a108f608d419387b92">
<version>3.8.1</version>
</hash>
<hash md5="38ee273095b8f25b9ffd5ce5018fc4f0">
<version>3.8</version>
</hash>
<hash md5="7b43ecac59a1bfe0f1a943bcccc827ef">
<version>3.7.18</version>
</hash>
<hash md5="fffe9145a1435352e5fda177eb7ab8d8">
<version>3.7.17</version>
</hash>
<hash md5="c6719b2bf475a6adfc49fd309935d0f4">
<version>3.7.16</version>
</hash>
<hash md5="43687e50ed6f31595eb912e27716c130">
<version>3.7.15</version>
</hash>
<hash md5="87926a66b3e42919c6d47fe9d8655287">
<version>3.7.14</version>
</hash>
<hash md5="81fc07a5d7ffed7de5523d31787718ae">
<version>3.7.13</version>
</hash>
<hash md5="848745041001ecc0833a5cb09d9e1240">
<version>3.7.12</version>
</hash>
<hash md5="375f2e632c542152037551a335fda8c4">
<version>3.7.11</version>
</hash>
<hash md5="985a1a42445325fc2f7d6bd121d19696">
<version>3.7.10</version>
</hash>
<hash md5="24316a634083214fd1c4b99472ef8fbd">
<version>3.7.9</version>
</hash>
<hash md5="2bc39c43b8540a7fedeb7bbd9de1ce58">
<version>3.7.8</version>
</hash>
<hash md5="c40340aad98640725093e05797056bd2">
<version>3.7.7</version>
</hash>
<hash md5="b9ebf4eb4a24be0bd82094da0baf13cf">
<version>3.7.6</version>
</hash>
<hash md5="61f1e5fbbd9ecb69c90cb96a19160ae5">
<version>3.7.5</version>
</hash>
<hash md5="dc09e38cb48fbbec5b5f990513b491e4">
<version>3.7.4</version>
</hash>
<hash md5="813e06052daa0692036e60d76d7141d3">
<version>3.7.3</version>
</hash>
<hash md5="b3a05c7a344c2f53cb6b680fd65a91e8">
<version>3.7.2</version>
</hash>
<hash md5="e82f4fe7d3c1166afb4c00856b875f16">
<version>3.6.1</version>
</hash>
<hash md5="477f1e652f31dae76a38e3559c91deb9">
<version>3.6</version>
</hash>
<hash md5="caf7946275c3e885419b1d36b22cb5f3">
<version>3.5.2</version>
</hash>
<hash md5="05d50a04ef19bd4b0a280362469bf22f">
<version>3.5.1</version>
</hash>
<hash md5="066cfc0f9b29ae6d491aa342ebfb1b71">
<version>3.5</version>
</hash>
<hash md5="36b2b72a0f22138a921a38db890d18c1">
<version>3.3.3</version>
</hash>
<hash md5="628419c327ca5ed8685ae3af6f753eb8">
<version>3.3.2</version>
</hash>
<hash md5="c1ed266e26a829b772362d5135966bc3">
<version>3.3.1</version>
</hash>
<hash md5="e0f97110b60c3a3c71dcd1d4d923495a">
<version>3.3</version>
</hash>
<hash md5="98d3f05ff1e321dbd58ad154cc95e569">
<version>3.2.1</version>
</hash>
<hash md5="573e79628d2ee07670e889569059669e">
<version>3.2</version>
</hash>
<hash md5="fbebf5899944a9d7aedd00250bb71745">
<version>3.1.4</version>
</hash>
<hash md5="ccc403368e01b3c3b0caf28079a710a5">
<version>3.1.3</version>
</hash>
<hash md5="20f882b08b2804bc7431c0866a8999d1">
<version>3.1.2</version>
</hash>
<hash md5="5be6140fc3f44126b476dfff5bc0c658">
<version>3.1.1</version>
</hash>
<hash md5="f01635ffca23e49e01f47e98553ea75d">
<version>3.1</version>
</hash>
<hash md5="45119882b8d576a3462f76708b6bc1c5">
<version>3.0.6</version>
</hash>
<hash md5="ed20f283f2c1b775219bdb12e5c6ba93">
<version>3.0.5</version>
</hash>
<hash md5="c7a01d814ffbbb790ee5f4f8f3631903">
<version>3.0.4</version>
</hash>
<hash md5="0eb4f7981c3de98df925b3020c147a61">
<version>3.0.3</version>
</hash>
<hash md5="0538342b887f11ed4a306d3e7c7d6ea7">
<version>3.0.2</version>
</hash>
<hash md5="a73cac84b8b9a99377917a6974c9eea2">
<version>3.0.1</version>
</hash>
<hash md5="9ea06ab0184049bf4ea2410bf51ce402">
<version>3.0</version>
</hash>
</file>
<file src="wp-includes/js/wp-api.min.js">
<hash md5="632a0df5fc4f02477aa93f838530c4e0">
<version>4.7</version>
</hash>
</file>
<file src="wp-includes/css/buttons-rtl.css">
<hash md5="71c13ab1693b45fb3d7712e540c4dfe0">
<version>3.8</version>
</hash>
</file>
<file src="wp-includes/css/editor.min.css">
<hash md5="eeae1118610e5531c31ba2bcb9307e53">
<version>4.6.1</version>
</hash>
<hash md5="7f1d9aa97951aa4ef795807cacd48ed8">
<version>4.6</version>
</hash>
</file>
<file src="wp-includes/js/wp-emoji-loader.min.js">
<hash md5="4499553cf177cb964b0df8c445ebc798">
<version>4.5</version>
</hash>
<hash md5="d528caab721209ac3e971fd97384379d">
<version>4.4.3</version>
</hash>
<hash md5="2a684c8e10b5294903e28dcd9cac377b">
<version>4.4.2</version>
</hash>
<hash md5="8569719eaedca791a2136e7bad07de29">
<version>4.4.1</version>
</hash>
<hash md5="05fa167592d86e9c03dc30b4f868c00d">
<version>4.4</version>
</hash>
</file>
<file src="wp-includes/js/mediaelement/mediaelement-and-player.min.js">
<hash md5="7c839ada5992116eb525cabad56fec5a">
<version>4.3.4</version>
</hash>
<hash md5="906a6c1b6d7568099ef0358ecafdd754">
<version>4.2.8</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/wp-tinymce.js.gz">
<hash md5="40de3da265b56fb06463a946ccc6aa40">
<version>4.5</version>
</hash>
<hash md5="b8177e0d45cb3b1f1f369148b64e9cdb">
<version>4.3</version>
</hash>
<hash md5="937d1ec0bf894d9686332fc3f71e6d22">
<version>4.2.2</version>
</hash>
<hash md5="66ff6b408c58c3207ff4b20e75ec5e68">
<version>4.1</version>
</hash>
<hash md5="21f15ceb6c245e6dc0edc510761049ba">
<version>4.0</version>
</hash>
<hash md5="1d52314b1767c557b7232ae192c80318">
<version>3.9</version>
</hash>
<!-- Note: 3.7.1 has no unique file (the hash below is the same than the 3.7.2) -->
<hash md5="44d281b0d84cc494e2b095a6d2202f4d">
<version>3.7.1</version>
</hash>
<hash md5="b0bcf8091516db358ee9c833afd73175">
<version>3.7</version>
</hash>
<hash md5="cf4bbd562430a9bcbe735062be851be1">
<version>3.6.1</version>
</hash>
<hash md5="42ce18e88f1c21d4e991fcd431bcb606">
<version>3.6</version>
</hash>
<hash md5="a58dd12608659503cf087e879e720354">
<version>3.5.2</version>
</hash>
<hash md5="55c80a4794624ce9b94aa3631ad46c0b">
<version>3.5.1</version>
</hash>
<hash md5="8e529a971610d7ebe7851339c5cb3d67">
<version>3.5</version>
</hash>
<hash md5="ff19e44be975f89b647274d85b70f821">
<version>3.4.2</version>
</hash>
</file>
<file src="wp-admin/js/customize-nav-menus.min.js">
<hash md5="0bc26c3f8248b01d3431b73ac6d886a7">
<version>4.3.2</version>
</hash>
<hash md5="b19dec30505b46afbc06a72e9fc175e6">
<version>4.3.1</version>
</hash>
</file>
<file src="wp-admin/js/customize-controls.js">
<hash md5="aa0d38bd6f590ad8c3126074145b1bf1">
<version>3.4.1</version>
</hash>
</file>
<file src="wp-includes/js/customize-preview.js">
<hash md5="da36bc2dfcb13350c799b62de68dfa4b">
<version>3.4</version>
</hash>
</file>
<file src="wp-includes/js/plupload/plupload.js">
<hash md5="85199c05db63fcb5880de4af8be7b571">
<version>3.3.2</version>
</hash>
</file>
<file src="wp-admin/js/common.js">
<hash md5="4516252d47a73630280869994d510180">
<version>3.3</version>
</hash>
</file>
<file src="wp-admin/js/wp-fullscreen.js">
<hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
<version>3.2.1</version>
</hash>
<hash md5="7b423e0b7c9221092737ad5271d09863">
<version>3.2</version>
</hash>
</file>
<file src="wp-includes/css/admin-bar.css">
<hash md5="181250fab3a7e2549a7e7fa21c2e6079">
<version>3.1</version>
</hash>
</file>
<file src="$wp-content$/themes/twentyten/style.css">
<hash md5="6211e2ac1463bf99e98f28ab63e47c54">
<version>3.0</version>
</hash>
</file>
<file src="$wp-plugins$/akismet/readme.txt">
<hash md5="4d5e52da417aa0101054bd41e6243389">
<version>2.8.6</version>
</hash>
<hash md5="58e086dea9d24ed074fe84ba87386c69">
<version>2.8.5</version>
</hash>
<hash md5="48c52025b5f28731e9a0c864c189c2e7">
<version>2.8.2</version>
</hash>
</file>
<file src="wp-includes/js/wp-ajax-response.js">
<hash md5="0289d1c13821599764774d55516ab81a">
<version>2.7.1</version>
</hash>
</file>
<file src="wp-includes/js/thickbox/thickbox.css">
<hash md5="9c2bd2be0893adbe02a0f864526734c2">
<version>2.7</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js">
<hash md5="5b140ddf0f08034402ae78b31d8a1a28">
<version>2.6</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/themes/advanced/js/image.js">
<hash md5="088245408531c58bb52cc092294cc384">
<version>2.5.1</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/themes/advanced/js/link.js">
<hash md5="19c6f3118728c38eb7779aab4847d2d9">
<version>2.5</version>
</hash>
</file>
<file src="wp-includes/js/wp-ajax.js">
<hash md5="c5dbce0c3232c477033e0ce486c62755">
<version>2.2</version>
</hash>
</file>
<file src="$wp-content$/themes/default/style.css">
<hash md5="e44545f529a54de88209ce588676231c">
<version>2.0.1</version>
</hash>
<hash md5="f786f66d3a40846aa22dcdfeb44fa562">
<version>2.0</version>
</hash>
</file>
<file src="wp-layout.css">
<hash md5="7140e06c00ed03d2bb3dad7672557510">
<version>1.2.1</version>
</hash>
<hash md5="1bcc9253506c067eb130c9fc4f211a2f">
<version>1.2-delta</version>
</hash>
</file>
<file src="layout2b.css">
<hash md5="baec6b6ccbf71d8dced9f1bf67c751e1">
<version>0.71-gold</version>
</hash>
</file>
</wp-versions>

41
database/wp_versions.xsd Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
<xs:restriction base="xs:string">
<xs:whiteSpace value="preserve" />
<xs:minLength value="1" />
<xs:pattern value="[^\s].+[^\s]|[^\s]"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="filetype">
<xs:sequence>
<xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
</xs:sequence>
<xs:attribute type="stringtype" name="src" use="required"/>
</xs:complexType>
<xs:simpleType name="md5type">
<xs:restriction base="stringtype">
<xs:pattern value="[0-9a-f]{32}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="hashtype">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="version" type="stringtype"/>
</xs:sequence>
<xs:attribute type="md5type" name="md5" use="required"/>
</xs:complexType>
<xs:element name="wp-versions">
<xs:complexType>
<xs:sequence>
<xs:element name="file" type="filetype" maxOccurs="unbounded" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>

3
engine/__init__.py Normal file
View File

@ -0,0 +1,3 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-

58
engine/core.py
View File

@ -1,4 +1,60 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
import requests
import os
import time
# database_update
"""
name : notice(msg), critical(msg), warning(msg), info(msg)
description : add color to message based on their impact
return : string
"""
def notice(msg):
return "\033[1m" + msg + "\033[0m"
def critical(msg):
return "\033[91;1m/!\ " + msg + "\033[0m"
def warning(msg):
return "\033[92m" + msg + "\033[0m"
def info(msg):
return "\033[93m" + msg + "\033[0m"
"""
name : database_update()
description : download and update the database from wpscan website
"""
def database_update():
print "\033[93mUpdating database\033[92m - Last update: \033[0m" + database_last_date('database/local_vulnerable_files.xml')
update_url = "https://data.wpscan.org/"
update_files = [ 'local_vulnerable_files.xml', 'local_vulnerable_files.xsd',
'timthumbs.txt', 'user-agents.txt', 'wp_versions.xml', 'wp_versions.xsd',
'wordpresses.json', 'plugins.json', 'themes.json', 'LICENSE']
for f in update_files:
print "\t\033[93mDownloading \033[0m"+ f +" \033[92mFile updated !\033[0m"
source = requests.get( update_url+f, stream=True).raw
# Write the file
with open( 'database/'+f, 'wb' ) as ddl_file:
progress = 0
while True:
length = 16*1024
buf = source.read(length)
if not buf:
break
ddl_file.write(buf)
progress += len(buf)
print('\tDownloaded : %.2f Mo\r' % (float(progress)/(1024*1024))),
"""
name : database_last_date()
description : get the date of the last update through file modification date
return : string
"""
def database_last_date(filename):
(mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.stat(filename)
return time.ctime(mtime)

2
engine/load_plugins.py
View File

@ -0,0 +1,2 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-

0
engine/plugins.py Normal file
View File

0
engine/themes.py Normal file
View File

99
engine/wordpress.py Normal file
View File

@ -0,0 +1,99 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
import requests
import re
from core import *
class Wordpress:
url = "http://wp-example.com"
version = "0.0.0"
plugins = False
themes = False
def __init__(self, url):
self.url = url
self.is_up_and_installed()
self.is_readme()
self.is_debug_log()
self.is_backup_file()
"""
name : is_up_and_installed()
description : check if a website is up or down, then check the installation and a forced redirect
"""
def is_up_and_installed(self):
try:
r = requests.get(self.url, allow_redirects=False)
if 'location' in r.headers:
# Install is not complete
if "wp-admin/install.php" in r.headers['location']:
print critical("The Website is not fully configured and currently in install mode. Call it to create a new admin user.")
exit()
# Redirect
print notice("The remote host tried to redirect to: %s" % r.headers['location'])
user_input = str(raw_input("[?] Do you want follow the redirection ? [Y]es [N]o, "))
if user_input == "Y":
self.url = r.headers['location']
else:
print critical("Redirection not followed - End of the scan !")
exit()
except Exception as e:
print critical("Website down!"),e
exit()
"""
name : is_readme()
description : get the readme file and extract the version is there is any
"""
def is_readme(self):
r = requests.get(self.url + '/readme.html').text
regex = 'Version (.*)'
regex = re.compile(regex)
matches = regex.findall(r)
if matches[0] != None and matches[0] != "":
self.version = matches[0]
print warning("The wordpress %s file exposing a version number %s" % (self.url+'/readme.html', matches[0]))
"""
name : is_debug_log()
description : determine if there is a debug.log file
"""
def is_debug_log(self):
r = requests.get(self.url + '/debug.log')
if "200" in str(r) and not "404" in r.text :
print critical( "Debug log file found: %s" % (self.url + '/debug.log') )
"""
name : is_backup_file()
description : determine
"""
def is_backup_file(self):
backup = ['wp-config.php~', 'wp-config.php.save', '.wp-config.php.swp', 'wp-config.php.swp', '.wp-config.php.swp', 'wp-config.php.swp', 'wp-config.php.swo', 'wp-config.php_bak', 'wp-config.bak', 'wp-config.php.bak', 'wp-config.save', 'wp-config.old', 'wp-config.php.old', 'wp-config.php.orig', 'wp-config.orig', 'wp-config.php.original', 'wp-config.original', 'wp-config.txt']
for b in backup:
r = requests.get(self.url + "/" + b)
if "200" in str(r) and not "404" in r.text :
print critical("A wp-config.php backup file has been found in: %s" % (self.url + "/" + b) )
"""
name : to_string()
description : display a debug view of the object
"""
def to_string(self):
print "--------WORDPRESS----------"
print "URL : %s" % self.url
print "Version : %s" % self.version
print "Plugins : %s" % self.plugins
print "Themes : %s" % self.themes
print "---------------------------"

31
main.py
View File

@ -2,10 +2,37 @@
# -*- coding: utf-8 -*-
import requests
import argparse
from engine.core import *
from engine.load_plugins import *
from engine.wordpress import *
if __name__ == "__main__":
print "\033[1mWordpresscan\033[0m"
# TODO parse -u
print " _ _ _ "
print "| | | | | | "
print "| | | | ___ _ __ __| |_ __ _ __ ___ ___ ___ ___ __ _ _ __ "
print "| |/\| |/ _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|/ __/ _` | '_ \ "
print "\ /\ / (_) | | | (_| | |_) | | | __/\__ \__ \ (_| (_| | | | |"
print " \/ \/ \___/|_| \__,_| .__/|_| \___||___/___/\___\__,_|_| |_|"
print " | | "
print " |_| "
parser = argparse.ArgumentParser()
parser.add_argument('-u', action ='store', dest='url', help="Wordpress URL")
parser.add_argument('--update', action ='store_const', const='update', dest='update', help="Update the database")
results = parser.parse_args()
# Check wordpress url
if results.url != None:
print "Target: " + results.url
# Update scripts
if results.update != None:
database_update()
# Build a new wordpress object
wp = Wordpress(results.url)
wp.to_string()
else:
parser.print_help()