Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/tools/dev/update_wordpress_vulnerabilities.rb
19934 views
1
#!/usr/bin/env ruby

2
# -*- coding: binary -*-

3


4
#

5
# by h00die

6
#

7


8
require 'optparse'

9


10
options = {}

11
optparse = OptionParser.new do |opts|

12
  opts.banner = 'Usage: ruby tools/dev/update_wordpress_vulnerabilities.rb [options]'

13
  opts.separator "This program updates data/wordlists/wp-exploitable-themes.txt and wp-exploitable-plugins.txt which are used by modules/auxiliary/scanner/http/wordpress_scanner.rb to have the most up-to-date list of vuln components"

14
  opts.separator ""

15
  opts.on('-h', '--help', 'Display this screen.') do

16
    puts opts

17
    exit

18
  end

19
end

20
optparse.parse!

21


22
# colors and puts templates from msftidy.rb

23


24
class String

25
  def red

26
    "\e[1;31;40m#{self}\e[0m"

27
  end

28


29
  def yellow

30
    "\e[1;33;40m#{self}\e[0m"

31
  end

32


33
  def green

34
    "\e[1;32;40m#{self}\e[0m"

35
  end

36


37
  def cyan

38
    "\e[1;36;40m#{self}\e[0m"

39
  end

40
end

41


42
#

43
# Display an error message, given some text

44
#

45
def error(txt)

46
  puts "[#{'ERROR'.red}] #{cleanup_text(txt)}"

47
end

48


49
#

50
# Display a warning message, given some text

51
#

52
def warning(txt)

53
  puts "[#{'WARNING'.yellow}] #{cleanup_text(txt)}"

54
end

55


56
#

57
# Display a info message, given some text

58
#

59
def info(txt)

60
  puts "[#{'INFO'.cyan}] #{cleanup_text(txt)}"

61
end

62


63
def cleanup_text(txt)

64
  # remove line breaks

65
  txt = txt.gsub(/[\r\n]/, ' ')

66
  # replace multiple spaces by one space

67
  txt.gsub(/\s{2,}/, ' ')

68
end

69


70
plugins = []

71
themes = []

72
path = File.expand_path('../../', File.dirname(__FILE__))

73
Dir.glob(path + '/modules/**/*.rb').each do |file|

74
  next unless file.include?('exploits') || file.include?('auxiliary')

75


76
  str = File.read(file)

77
  match = str.match(/check_plugin_version_from_readme\(['"]([^'"]+)['"]/)

78
  unless match.nil?

79
    plugins.append(match[1])

80
    info("#{file} contains plugin '#{match[1]}'")

81
  end

82
  match = str.match(/check_theme_version_from_readme\(['"]([^'"]+)['"]/)

83
  unless match.nil?

84
    themes.append(match[1])

85
    info("#{file} contains theme '#{match[1]}'")

86
  end

87
  match = str.match(/check_theme_version_from_style\(['"]([^'"]+)['"]/)

88
  unless match.nil?

89
    themes.append(match[1])

90
    info("#{file} contains theme '#{match[1]}'")

91
  end

92
end

93


94
info('Updating wp-exploitable-themes.txt')

95
wp_list = path + '/data/wordlists/wp-exploitable-themes.txt'

96


97
File.open(wp_list, 'w+') do |f|

98
  f.puts(themes.sort)

99
end

100


101
info('Updating wp-exploitable-plugins.txt')

102
wp_list = path + '/data/wordlists/wp-exploitable-plugins.txt'

103


104
File.open(wp_list, 'w+') do |f|

105
  f.puts(plugins.sort)

106
end

107


108