Path: blob/master/tools/dev/update_wordpress_vulnerabilities.rb
19664 views
#!/usr/bin/env ruby1# -*- coding: binary -*-23#4# by h00die5#67require 'optparse'89options = {}10optparse = OptionParser.new do |opts|11opts.banner = 'Usage: ruby tools/dev/update_wordpress_vulnerabilities.rb [options]'12opts.separator "This program updates data/wordlists/wp-exploitable-themes.txt and wp-exploitable-plugins.txt which are used by modules/auxiliary/scanner/http/wordpress_scanner.rb to have the most up-to-date list of vuln components"13opts.separator ""14opts.on('-h', '--help', 'Display this screen.') do15puts opts16exit17end18end19optparse.parse!2021# colors and puts templates from msftidy.rb2223class String24def red25"\e[1;31;40m#{self}\e[0m"26end2728def yellow29"\e[1;33;40m#{self}\e[0m"30end3132def green33"\e[1;32;40m#{self}\e[0m"34end3536def cyan37"\e[1;36;40m#{self}\e[0m"38end39end4041#42# Display an error message, given some text43#44def error(txt)45puts "[#{'ERROR'.red}] #{cleanup_text(txt)}"46end4748#49# Display a warning message, given some text50#51def warning(txt)52puts "[#{'WARNING'.yellow}] #{cleanup_text(txt)}"53end5455#56# Display a info message, given some text57#58def info(txt)59puts "[#{'INFO'.cyan}] #{cleanup_text(txt)}"60end6162def cleanup_text(txt)63# remove line breaks64txt = txt.gsub(/[\r\n]/, ' ')65# replace multiple spaces by one space66txt.gsub(/\s{2,}/, ' ')67end6869plugins = []70themes = []71path = File.expand_path('../../', File.dirname(__FILE__))72Dir.glob(path + '/modules/**/*.rb').each do |file|73next unless file.include?('exploits') || file.include?('auxiliary')7475str = File.read(file)76match = str.match(/check_plugin_version_from_readme\(['"]([^'"]+)['"]/)77unless match.nil?78plugins.append(match[1])79info("#{file} contains plugin '#{match[1]}'")80end81match = str.match(/check_theme_version_from_readme\(['"]([^'"]+)['"]/)82unless match.nil?83themes.append(match[1])84info("#{file} contains theme '#{match[1]}'")85end86match = str.match(/check_theme_version_from_style\(['"]([^'"]+)['"]/)87unless match.nil?88themes.append(match[1])89info("#{file} contains theme '#{match[1]}'")90end91end9293info('Updating wp-exploitable-themes.txt')94wp_list = path + '/data/wordlists/wp-exploitable-themes.txt'9596File.open(wp_list, 'w+') do |f|97f.puts(themes.sort)98end99100info('Updating wp-exploitable-plugins.txt')101wp_list = path + '/data/wordlists/wp-exploitable-plugins.txt'102103File.open(wp_list, 'w+') do |f|104f.puts(plugins.sort)105end106107108