Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star
tools/dev/update_wordpress_vulnerabilities.rb

Summary

Maintainability
A
15 mins
Test Coverage
#!/usr/bin/env ruby
# -*- coding: binary -*-

#
# Update modules/auxiliary/scanner/http/wordpress_scanner.rb to have the most
# up to date list of vuln components based on exploits/scanners in the framework
#
# by h00die
#

require 'optparse'

options = {}
optparse = OptionParser.new do |opts|
  opts.banner = 'Usage: update_wordpress_vulnerabilities.rb [options]'
  opts.on('-h', '--help', 'Display this screen.') do
    puts opts
    exit
  end
end
optparse.parse!

# colors and puts templates from msftidy.rb

class String
  def red
    "\e[1;31;40m#{self}\e[0m"
  end

  def yellow
    "\e[1;33;40m#{self}\e[0m"
  end

  def green
    "\e[1;32;40m#{self}\e[0m"
  end

  def cyan
    "\e[1;36;40m#{self}\e[0m"
  end
end

#
# Display an error message, given some text
#
def error(txt)
  puts "[#{'ERROR'.red}] #{cleanup_text(txt)}"
end

#
# Display a warning message, given some text
#
def warning(txt)
  puts "[#{'WARNING'.yellow}] #{cleanup_text(txt)}"
end

#
# Display a info message, given some text
#
def info(txt)
  puts "[#{'INFO'.cyan}] #{cleanup_text(txt)}"
end

def cleanup_text(txt)
  # remove line breaks
  txt = txt.gsub(/[\r\n]/, ' ')
  # replace multiple spaces by one space
  txt.gsub(/\s{2,}/, ' ')
end

plugins = []
themes = []
path = File.expand_path('../../', File.dirname(__FILE__))
Dir.glob(path + '/modules/**/*.rb').each do |file|
  next unless file.include?('exploits') || file.include?('auxiliary')

  str = File.read(file)
  match = str.match(/check_plugin_version_from_readme\(['"]([^'"]+)['"]/)
  unless match.nil?
    plugins.append(match[1])
    info("#{file} contains plugin '#{match[1]}'")
  end
  match = str.match(/check_theme_version_from_readme\(['"]([^'"]+)['"]/)
  unless match.nil?
    themes.append(match[1])
    info("#{file} contains theme '#{match[1]}'")
  end
end

info('Updating wp-exploitable-themes.txt')
wp_list = path + '/data/wordlists/wp-exploitable-themes.txt'

File.open(wp_list, 'w+') do |f|
  f.puts(themes)
end

info('Updating wp-exploitable-plugins.txt')
wp_list = path + '/data/wordlists/wp-exploitable-plugins.txt'

File.open(wp_list, 'w+') do |f|
  f.puts(plugins)
end