Merge pull request #18 from sergejmueller/0.5.4

v0.5.4
sergejmueller · Jul 27, 2016 · 8d2231a · 8d2231a
2 parents 0218ff4 + f382ab7
commit 8d2231a
Show file tree

Hide file tree

Showing 8 changed files with 137 additions and 130 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,12 @@
+### v0.5.4 (2016-07-27)
+
+##### Changes
+* Core: Refactor `file-exists.js` rule library
+* Test: Extract testcase domain into `config/test.json`
+* package.json: Add `config` to the `files` array
+* package.json: Set `preferGlobal` to `true`
+
+
 ### v0.5.3 (2016-07-26)
 
 ##### Changes

diff --git a/config/test.json b/config/test.json
@@ -0,0 +1,3 @@
+{
+    "testURI": "testcase.ebiene.de"
+}
diff --git a/example/rules/custom-rule.js b/example/rules/custom-rule.js
@@ -14,7 +14,7 @@
 
 exports.fire = ( data ) => {
 
-    console.log( 'Custom wpscan rule fired!' )
+    console.log( 'Custom wpscan rule is fired' )
 
     console.log( data )
 

diff --git a/lib/app.js b/lib/app.js
@@ -24,20 +24,17 @@ module.exports.wpscan = ( data ) => {
         return require( './help' )
     }
 
-    // URL sources
-    let sources = data._
-
     // Bulk file
     if ( data.b ) {
         try {
-            sources = [...sources, ...finder.readFileLines( data.b ) ]
+            data._.push( ...finder.readFileLines( data.b ) )
         } catch( error ) {
             log.warn( error )
         }
     }
 
     // Loop sources
-    return sources.forEach( url => {
+    return data._.forEach( url => {
 
         init( {
             'wpURL': url,
@@ -115,9 +112,9 @@ const lookupSiteURL = ( data ) => {
 
         // Request
         request( {
-            url: siteURL,
-            method: 'HEAD',
-            headers: { 'User-Agent': userAgent }
+            'url': siteURL,
+            'method': 'HEAD',
+            'headers': { 'User-Agent': userAgent }
         }, ( error, response ) => {
 
             // Handle errors
@@ -166,13 +163,13 @@ const lookupWpURL = ( data ) => {
         const { wpURL, siteURL, userAgent, silentMode } = data
 
         // Test file URL
-        const targetURL = `${siteURL}${config.testFile}`
+        const targetURL = siteURL + config.testFile
 
         // Request
         request( {
-            url: targetURL,
-            method: 'HEAD',
-            headers: { 'User-Agent': userAgent }
+            'url': targetURL,
+            'method': 'HEAD',
+            'headers': { 'User-Agent': userAgent }
         }, ( error, response ) => {
 
             // Extract URL from page content
@@ -221,9 +218,9 @@ const extractWpURL = ( data ) => {
 
         // Request
         request( {
-            url: wpURL,
-            method: 'GET',
-            headers: { 'User-Agent': userAgent }
+            'url': wpURL,
+            'method': 'GET',
+            'headers': { 'User-Agent': userAgent }
         }, ( error, response, body ) => {
 
             // Handle errors

diff --git a/lib/rules/files-exists.js b/lib/rules/files-exists.js
@@ -25,70 +25,68 @@ exports.fire = ( data ) => {
     // Constants from data
     const { wpURL, siteURL, userAgent, silentMode } = data
 
-    // Targets
-    const targets = {
-        'GET': new Map( [
-            [ 'DB_PASSWORD', `${wpURL}/wp-config.php` ],
-            [ 'repair.php', `${wpURL}/wp-admin/maint/repair.php` ]
-        ] ),
-        'HEAD': [
-            // Apache files
-            `${siteURL}/.htaccess`,
-            `${siteURL}/.htpasswd`,
-
-            // Sensitive dotfiles
-            `${siteURL}/.ssh`,
-            `${siteURL}/.npmrc`,
-            `${siteURL}/.gitconfig`,
-            `${siteURL}/config.json`,
-            `${siteURL}/config.gypi`,
-
-            // WordPress files
-            `${wpURL}/wp-config-sample.php`,
-            `${wpURL}/wp-content/debug.log`
-        ]
-    }
-
-    // Loop HEAD requests
-    targets.HEAD.forEach( targetURL => {
+    // Destinations
+    const targets = [
+        {
+            'url': `${wpURL}/wp-config.php`,
+            'method': 'HEAD',
+            'pattern': 'DB_PASSWORD'
+        },
+        {
+            'url': `${wpURL}/wp-admin/maint/repair.php`,
+            'method': 'HEAD',
+            'pattern': 'repair.php'
+        },
+        {
+            'url': `${siteURL}/.htaccess`
+        },
+        {
+            'url': `${siteURL}/.htpasswd`
+        },
+        {
+            'url': `${siteURL}/.ssh`
+        },
+        {
+            'url': `${siteURL}/.npmrc`
+        },
+        {
+            'url': `${siteURL}/.gitconfig`
+        },
+        {
+            'url': `${siteURL}/config.json`
+        },
+        {
+            'url': `${wpURL}/wp-config-sample.php`
+        },
+        {
+            'url': `${wpURL}/wp-content/debug.log`
+        }
+    ]
+
+    targets.forEach( ( { url, method = 'GET', pattern = null } ) => {
 
         request( {
-            url: targetURL,
-            method: 'HEAD',
-            headers: { 'User-Agent': userAgent }
-        }, ( error, response ) => {
+            'url': url,
+            'method': method,
+            'headers': { 'User-Agent': userAgent }
+        }, ( error, response, body ) => {
 
             if ( error || response.statusCode !== 200 ) {
-                return log.ok( `${targetURL} is not public`, silentMode )
+                return log.ok( `${url} is not public`, silentMode )
             }
 
-            return log.warn( `${targetURL} is public` )
-
-        } )
-
-    } )
-
-    // Loop GET requests
-    for( let [ident, targetURL] of targets.GET.entries() ) {
-
-        request( {
-            url: targetURL,
-            method: 'GET',
-            headers: { 'User-Agent': userAgent }
-        }, ( error, response, body ) => {
-
-            if ( error || response.statusCode !== 200 ) {
-                return log.ok( `${targetURL} is not public`, silentMode )
+            if ( ! pattern ) {
+                return log.warn( `${url} is public` )
             }
 
-            if ( ! body.includes( ident ) ) {
-                return log.info( `${targetURL} is public but safe`, silentMode )
+            if ( ! body.includes( pattern ) ) {
+                return log.info( `${url} is public but safe`, silentMode )
             }
 
-            return log.warn( `${targetURL} is public and not safe` )
+            return log.warn( `${url} is public and not safe` )
 
         } )
 
-    }
+    } )
 
 }
diff --git a/lib/rules/wp-login.js b/lib/rules/wp-login.js
@@ -30,9 +30,9 @@ exports.fire = ( data ) => {
 
     // Request
     request( {
-        url: targetURL,
-        method: 'HEAD',
-        headers: { 'User-Agent': userAgent }
+        'url': targetURL,
+        'method': 'HEAD',
+        'headers': { 'User-Agent': userAgent }
     }, ( error, response ) => {
 
         // Availability check

diff --git a/package.json b/package.json
@@ -1,15 +1,16 @@
 {
   "name": "wpscan",
-  "version": "0.5.3",
+  "version": "0.5.4",
   "description": "Vulnerability scanner for WordPress",
+  "preferGlobal": true,
   "main": "index.js",
   "bin": {
     "wpscan": "./index.js"
   },
   "files": [
     "lib",
-    "index.js",
-    "config.json"
+    "config",
+    "index.js"
   ],
   "keywords": [
     "wordpress",