Merge pull request #21 from sergejmueller/0.6.1

v0.6.1
sergejmueller · Aug 2, 2016 · b8b49bb · b8b49bb
2 parents a7cb316 + b4684a3
commit b8b49bb
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,15 @@
 # wpscan / CHANGELOG
 
 
+### v0.6.1 (2016-08-02)
+
+##### Changes
+* Test: Verify filter naming output
+* Todo: Remove & restructure tasks
+* Readme: Text changes
+* package.json: Update `eslint` version
+
+
 ### v0.6.0 (2016-08-01)
 
 ##### New

diff --git a/HOWTO.md b/HOWTO.md
@@ -90,7 +90,7 @@ Modify `mod_php5.c` to `mod_php7.c` if PHP7 is installed on your server.
 
 ### Nice to have
 
-###### Move WordPress default folders
+##### Move WordPress default folders
 
 * [wp-content](https://codex.wordpress.org/Editing_wp-config.php#Moving_wp-content_folder)
 * [plugins](https://codex.wordpress.org/Editing_wp-config.php#Moving_plugin_folder)

diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@
   - WordPress installed in a subdirectory.
 - Changeable User-Agent string.
 - Silent mode displays warnings only.
-- Howto: [WordPress security best practices](HOWTO.md).
+- Fix issues: [WordPress security best practices](HOWTO.md).
 - Beginner friendly, easy to install.
 - Lightweight, cross plattform framework.
 - **Work in progress**, see [todos](TODO.md) and [changelog](CHANGELOG.md).
@@ -102,15 +102,16 @@ The power of `wpscan` is the flexibility: You can expand the tool functionality
   - must be stored as `.js` files
   - can be a `Node.js` script
   - can be a `npm` package
-  - need to be structured as follows:
+  - must have a exported function named `fire`
 
 ```javascript
 exports.fire = ( data ) => {
-  // console.log( data )
+    // Play with data
+    // console.log( data )
 }
 ```
 
-`wpscan` will run every custom rule file. The file naming does not matter. Feel free to create your own rules, enjoy!
+`wpscan` will run (technically `require`) every custom rule file. The file naming does not matter, short names are welcome. Feel free to create your own rules, enjoy!
 
 ##### Get inspired
 - [example custom rules](example/rules)

diff --git a/TODO.md b/TODO.md
@@ -1,13 +1,9 @@
 ### Open todos
 
-- [ ] Rule: Registration possibility
-- [ ] Rule: Default admin user
-- [ ] Rule: Available users
-- [ ] Rule: WordPress DB default prefix
-- [ ] Rule: Error display status
-- [ ] Rule: Directory browsing
-- [ ] Rule: WordPress version (e.g. `wp-links-opml.php`)
-- [ ] Rule: Theme version
-- [ ] Rule: Plugins versions
-- [ ] Rule: Vulnerabilities via https://wpvulndb.com
-- [ ] Nice: Output rule keys for a better search
+- [ ] Rule: Check for directory browsing
+- [ ] Rule: Check for registration possibility
+- [ ] Rule: Check for default admin user
+- [ ] Rule: Detect and compare WordPress version (from `wp-links-opml.php`, ...)
+- [ ] Rule: Detect and compare theme version
+- [ ] Rule: Detect and compare plugins versions
+- [ ] Rule: Get vulnerabilities from https://wpvulndb.com
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "wpscan",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "Vulnerability scanner for WordPress",
   "preferGlobal": true,
   "main": "index.js",
@@ -37,7 +37,7 @@
     "valid-url": "^1.0.9"
   },
   "devDependencies": {
-    "eslint": "^3.2.0",
+    "eslint": "^3.2.2",
     "must": "^0.13.2",
     "mocha": "^3.0.0",
     "child-process-promise": "^2.0.3"

diff --git a/test/test.js b/test/test.js
@@ -93,6 +93,10 @@ describe( 'wpscan CLI', () => {
             data.must.include( `${testURI}/wp-login.php is protected by HTTP Auth` )
             data.must.include( `${testURI} is not affected by FPD vulnerability` )
 
+            data.must.include( 'wp-login' )
+            data.must.include( 'sensitive-files' )
+            data.must.include( 'fpd-vulnerability' )
+
             done()
 
         } )