CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
#!/usr/bin/env ruby
2
# -*- coding: binary -*-
3

4
#
5
# Update modules/auxiliary/scanner/http/wordpress_scanner.rb to have the most
6
# up to date list of vuln components based on exploits/scanners in the framework
7
#
8
# by h00die
9
#
10

11
require 'optparse'
12

13
options = {}
14
optparse = OptionParser.new do |opts|
15
  opts.banner = 'Usage: update_wordpress_vulnerabilities.rb [options]'
16
  opts.on('-h', '--help', 'Display this screen.') do
17
    puts opts
18
    exit
19
  end
20
end
21
optparse.parse!
22

23
# colors and puts templates from msftidy.rb
24

25
class String
26
  def red
27
    "\e[1;31;40m#{self}\e[0m"
28
  end
29

30
  def yellow
31
    "\e[1;33;40m#{self}\e[0m"
32
  end
33

34
  def green
35
    "\e[1;32;40m#{self}\e[0m"
36
  end
37

38
  def cyan
39
    "\e[1;36;40m#{self}\e[0m"
40
  end
41
end
42

43
#
44
# Display an error message, given some text
45
#
46
def error(txt)
47
  puts "[#{'ERROR'.red}] #{cleanup_text(txt)}"
48
end
49

50
#
51
# Display a warning message, given some text
52
#
53
def warning(txt)
54
  puts "[#{'WARNING'.yellow}] #{cleanup_text(txt)}"
55
end
56

57
#
58
# Display a info message, given some text
59
#
60
def info(txt)
61
  puts "[#{'INFO'.cyan}] #{cleanup_text(txt)}"
62
end
63

64
def cleanup_text(txt)
65
  # remove line breaks
66
  txt = txt.gsub(/[\r\n]/, ' ')
67
  # replace multiple spaces by one space
68
  txt.gsub(/\s{2,}/, ' ')
69
end
70

71
plugins = []
72
themes = []
73
path = File.expand_path('../../', File.dirname(__FILE__))
74
Dir.glob(path + '/modules/**/*.rb').each do |file|
75
  next unless file.include?('exploits') || file.include?('auxiliary')
76

77
  str = File.read(file)
78
  match = str.match(/check_plugin_version_from_readme\(['"]([^'"]+)['"]/)
79
  unless match.nil?
80
    plugins.append(match[1])
81
    info("#{file} contains plugin '#{match[1]}'")
82
  end
83
  match = str.match(/check_theme_version_from_readme\(['"]([^'"]+)['"]/)
84
  unless match.nil?
85
    themes.append(match[1])
86
    info("#{file} contains theme '#{match[1]}'")
87
  end
88
end
89

90
info('Updating wp-exploitable-themes.txt')
91
wp_list = path + '/data/wordlists/wp-exploitable-themes.txt'
92

93
File.open(wp_list, 'w+') do |f|
94
  f.puts(themes)
95
end
96

97
info('Updating wp-exploitable-plugins.txt')
98
wp_list = path + '/data/wordlists/wp-exploitable-plugins.txt'
99

100
File.open(wp_list, 'w+') do |f|
101
  f.puts(plugins)
102
end
103

104