Ryan, On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurst<ryandewhu...@gmail.com> wrote: >>Also delete the .pyc file, and no reinstall is needed. > > There was none. > >> Yes, many. >> You are missing some required methods, like setOptions, getOptions, >> getLongDescription, etc. Please see other plugins for a complete list, > > They are already in the code: > > # W3af options and output > def getOptions( self ): > ''' > �...@return: A list of option objects for this plugin. > ''' > ol = optionList() > return ol > > def setOptions( self, OptionList ): > ''' > This method sets all the options that are configured using the > user interface > generated by the framework using the result of getOptions(). > > �...@parameter OptionList: A dictionary with the options for the plugin. > �...@return: No value is returned. > ''' > pass > > def getPluginDeps( self ): > ''' > �...@return: A list with the names of the plugins that should be > runned before the > current one. > ''' > return [] > > def getLongDesc( self ): > ''' > �...@return: A DETAILED description of the plugin functions and > features. > ''' > return ''' > This plugin searches for client side differences between > different versions of WordPress. > '''
Then try to run w3af from a console: in cmd.exe run python w3af_console.py > > 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >> Ryan, >> >> On Sat, Jun 6, 2009 at 1:57 PM, Ryan Dewhurst <ryandewhu...@gmail.com> wrote: >>> I moved the wpvchecker.py file into the /plugin/discovery folder. When >>> I try to launch w3af I get an error (screenshot attached), the prompt >>> only lasts a few seconds so could not copy/paste the full error >>> output. >>> >>> When I remove the wpvchecker.py file out of the dir the error persists >>> and I have to un/re install w3af to get it working again. >> >> Also delete the .pyc file, and no reinstall is needed. >> >>> Any ideas? >> >> Yes, many. >> You are missing some required methods, like setOptions, getOptions, >> getLongDescription, etc. Please see other plugins for a complete list, >> >>> Thanks again, >>> Ryan >>> >>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >>>> Ryan, >>>> >>>> On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst <ryandewhu...@gmail.com> >>>> wrote: >>>>> Hello, >>>>> Sorry its been so long with the wrodpress version checker plugin, had >>>>> some life problems. >>>> >>>> No problem man, I hope things are going better now. >>>> >>>>> Anyway... >>>>> >>>>> I have come to a logic problem which I cannot seem to solve and was >>>>> wondering if any one could give me some pointers... >>>>> >>>>> Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected by a >>>>> file/image being present i.e status 200 >>>>> >>>>> I cannot figure out how to check for this while using the >>>>> self._wp_fingerprint array. >>>> >>>> The for loop that works with the array looks like this: >>>> >>>> for data in self._wp_fingerprint: >>>> >>>> # Complete URL to test, url+file >>>> test_URL = urlParser.urlJoin( base_url, >>>> self._wp_fingerprint[0] ) >>>> >>>> if self._wp_fingerprint[1] in response: >>>> version = self._wp_fingerprint[2] >>>> break >>>> else: >>>> version = 'Version lower than 2.2' >>>> >>>> But there are some parts missing, like actually requesting to the >>>> server the test_URL. On the other part, the "200" logic could be >>>> easily done like this: >>>> >>>> if self._wp_fingerprint[1] == 200 and not >>>> is_404(response): >>>> # it was found! >>>> elif self._wp_fingerprint[1] in response: >>>> version = self._wp_fingerprint[2] >>>> break >>>> else: >>>> version = 'Version lower than 2.2' >>>> >>>> To make this work, you should change the '' in the fingerprint array >>>> by a 200, and it should all work. >>>> >>>>> Here is the code so far, I have not yet tested it out, but should give >>>>> you a basic idea of how it will run. >>>> >>>> Yes, and it makes much more sense to me this way. The older version >>>> was "ugly" :) >>>> >>>>> I was also thinking of >>>>> implementing a plugin version checker as there are many plugins with >>>>> vulns. >>>> >>>> Sure, but lets go step by step, lets finish this plugin, test it a >>>> little bit, and then we can go for the next one. >>>> >>>>> Thank you, >>>>> Ryan >>>>> >>>>> P.S. To test it through w3af, do I just pop the py file into the >>>>> plugin folder or is there any other code to be changed? >>>> >>>> Yes, you have to move this file to the discovery directory and that's it. >>>> >>>>> 2009/5/31 Ryan Dewhurst <ryandewhu...@gmail.com>: >>>>>> Just to let everyone know where I am with the plugin. >>>>>> >>>>>> I'm a complete n00b at re and couldnt get backbone's code to work, so >>>>>> I read a couple of manuals and finally got it working with: >>>>>> <meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)" /> >>>>>> >>>>>> An explanation of what the plugin will do: >>>>>> ----------------------------------------------------------- >>>>>> >>>>>> It will first check to see if the server has the following file >>>>>> "/wp-admin/index.php". >>>>>> >>>>>> If it does >>>>>> >>>>>> It will check to see whether or not the version is in the index header. >>>>>> >>>>>> If it finds the version it will store it in a variable. >>>>>> >>>>>> It will then run through the checks from my original code to try and >>>>>> guess the version. >>>>>> >>>>>> >>>>>> The output will be as follows: >>>>>> ------------------------------------------ >>>>>> >>>>>> If the version is not in the index and not found with the data = >>>>>> "version under 2.2" >>>>>> If the version is in the index and in the data are the same = >>>>>> "whatever version was found" >>>>>> If the version is in the index and in the data are different = >>>>>> ""Version shows as $version in index header however the data shows >>>>>> $version" >>>>>> >>>>>> I still need to implement the data checks however my girlfriend has >>>>>> fallen ill and has been admitted to hospital for an emergency >>>>>> operation. I don't think I will be able to finish the plugin this >>>>>> weekend as promised earlier however will still be working on it next >>>>>> week. >>>>>> >>>>>> I was also thinking on listing the vulnerabilitys for each version (if >>>>>> any) on the output. >>>>>> >>>>>> Ryan >>>>>> >>>>>> >>>>>> 2009/5/29 Andres Riancho <andres.rian...@gmail.com>: >>>>>>> Ryan, >>>>>>> >>>>>>> On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst >>>>>>> <ryandewhu...@gmail.com> wrote: >>>>>>>> Im loooking into searching the response html of the index page for the >>>>>>>> following string: >>>>>>>> <meta name="generator" content="WordPress $version" /> >>>>>>>> >>>>>>>> Ive tried with regular expressions and am unable to get it to work, >>>>>>> >>>>>>> backbone sent you a solution, >>>>>>> >>>>>>>> Ive read that re is bad for parsing HTML and that BeautifulSoup >>>>>>>> should be used. >>>>>>>> >>>>>>>> Does w3af already have BeautifulSoup in its dependency list? >>>>>>> >>>>>>> Yes, it's in the dependency list, but we aren't using it "for that". >>>>>>> Long story short, please use the re =) >>>>>>> >>>>>>>> Ryan >>>>>>>> >>>>>>>> P.S. Thanks for the advice backbone46, I'll have a look into that once >>>>>>>> Ive sorted this out. >>>>>>>> >>>>>>>> >>>>>>>> 2009/5/28 <backbon...@gmail.com>: >>>>>>>>> Sorry to bump in just like that in the discussion, about the meta tag >>>>>>>>> that >>>>>>>>> displays >>>>>>>>> the WordPress version. >>>>>>>>> >>>>>>>>> Only since version 2.7 the generator function is in the core of >>>>>>>>> WordPress, >>>>>>>>> on >>>>>>>>> earlier versions it was only in the theme. >>>>>>>>> >>>>>>>>> Just wanted to mention that. :) >>>>>>>>> >>>>>>>>> --- >>>>>>>>> http://insanesecurity.info >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst >>>>>>>>> <ryandewhu...@gmail.com> >>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Yes, I dont see why not. Should be easy enough tro implement. >>>>>>>>>> >>>>>>>>>> You mentioned during our email conversation that wordpress echos its >>>>>>>>>> version number in the page head. I managed to find an example of it. >>>>>>>>>> Your right I do have a security plugin installed which must have >>>>>>>>>> removed it from my blog. >>>>>>>>>> >>>>>>>>>> Here is an example: >>>>>>>>>> <meta name="generator" content="WordPress 2.7.1" /> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>> > Ryan, >>>>>>>>>> > >>>>>>>>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho >>>>>>>>>> > <andres.rian...@gmail.com> wrote: >>>>>>>>>> >> Ryan, >>>>>>>>>> >> >>>>>>>>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst >>>>>>>>>> >> <ryandewhu...@gmail.com> >>>>>>>>>> >> wrote: >>>>>>>>>> >>> Hello, >>>>>>>>>> >>> Im new to mailing lists so im not sure if this will be sent >>>>>>>>>> >>> there. >>>>>>>>>> >> >>>>>>>>>> >> It depends on the mailing list. This one is configured to accept >>>>>>>>>> >> attachments, >>>>>>>>>> >> >>>>>>>>>> >>> I'll have a look into intergrating the script into w3af over the >>>>>>>>>> >>> next >>>>>>>>>> >>> couple of days and hopefully have a working version by the >>>>>>>>>> >>> weekend. >>>>>>>>>> >> >>>>>>>>>> >> Excellent, if you need ANY help, just let us know. >>>>>>>>>> >> >>>>>>>>>> >>> The script is quite simple once you have the gathered the >>>>>>>>>> >>> nesesary >>>>>>>>>> >>> data. I went through versions 2.2 to 2.7.1 and manually found >>>>>>>>>> >>> client >>>>>>>>>> >>> side differences in most of them, I also used the official >>>>>>>>>> >>> changelogs >>>>>>>>>> >>> to help identify them. >>>>>>>>>> >> >>>>>>>>>> >> Ohhh, you are the guy that wrote that blog post with the "diffs" >>>>>>>>>> >> of >>>>>>>>>> >> different wordpress release packages? >>>>>>>>>> >> >>>>>>>>>> >>> The client side differences are in files such as CSS, javascript >>>>>>>>>> >>> and >>>>>>>>>> >>> HTML. Some versions did not have any differences apart from >>>>>>>>>> >>> having >>>>>>>>>> >>> extra files, which can easliy be identified with HTTP response >>>>>>>>>> >>> codes. >>>>>>>>>> >>> >>>>>>>>>> >>> It works as such... >>>>>>>>>> >>> >>>>>>>>>> >>> Starting from version 2.7.1 (latest), the script tries to find >>>>>>>>>> >>> something that 2.7 doesnt have, if it finds that something then >>>>>>>>>> >>> the >>>>>>>>>> >>> script stops and echos the version number. >>>>>>>>>> >>> >>>>>>>>>> >>> If the script doesnt find the difference it moves onto >>>>>>>>>> >>> identifying the >>>>>>>>>> >>> next version, i.e. does 2.7 have something the earlier version >>>>>>>>>> >>> doesnt >>>>>>>>>> >>> have. and so on and so forth. >>>>>>>>>> >> >>>>>>>>>> >> Ok, makes sense. >>>>>>>>>> >> >>>>>>>>>> >> Some comments regarding your code: >>>>>>>>>> >> >>>>>>>>>> >> - w3af uses PEP-8, with among other things says 4-spaces for >>>>>>>>>> >> indentations. Your code has 1-space (?) indentations. Please >>>>>>>>>> >> correct >>>>>>>>>> >> that. >>>>>>>>>> >> >>>>>>>>>> >> - The code is pretty simple, but i think it could be done in a >>>>>>>>>> >> better >>>>>>>>>> >> way. Having that many functions (wp22 to wp271) doesn't seem to >>>>>>>>>> >> be a >>>>>>>>>> >> good option. Do you think that the code could be changed a little >>>>>>>>>> >> bit, >>>>>>>>>> >> and create a database (which can be easily updated) and then use >>>>>>>>>> >> that >>>>>>>>>> >> database to store the information? Example of the databse >>>>>>>>>> >> >>>>>>>>>> >> self._wp_fingerprint = >>>>>>>>>> >> >>>>>>>>>> >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css', >>>>>>>>>> >> 'farbtastic')] >>>>>>>>>> >> >>>>>>>>>> >> - Also, by default wordpress publishes the version number in every >>>>>>>>>> >> page head. Maybe it would be a good idea to parse that, and >>>>>>>>>> >> compare it >>>>>>>>>> >> with the result of the fingerprinting. What do you think? >>>>>>>>>> > >>>>>>>>>> > A good idea would be to have a first step, before all the version >>>>>>>>>> > specific checks, that verifies something that's true for all >>>>>>>>>> > wordpress >>>>>>>>>> > installations (some X file has to be present) before even starting >>>>>>>>>> > the >>>>>>>>>> > fingerprinting. Could this be done? >>>>>>>>>> > >>>>>>>>>> >> Cheers, >>>>>>>>>> >> >>>>>>>>>> >>> Ryan >>>>>>>>>> >>> >>>>>>>>>> >>> >>>>>>>>>> >>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>> >>>> Ryan, >>>>>>>>>> >>>> >>>>>>>>>> >>>> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst >>>>>>>>>> >>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>> >>>>> Hello, >>>>>>>>>> >>>>> I have developed a python script that can detect the version >>>>>>>>>> >>>>> of a >>>>>>>>>> >>>>> wordpress installation. I think it would fit well within w3af, >>>>>>>>>> >>>> >>>>>>>>>> >>>> Yes, it seems that it's something good to have in the framework. >>>>>>>>>> >>>> >>>>>>>>>> >>>> I have like a ton of questions about how it works, could you >>>>>>>>>> >>>> please >>>>>>>>>> >>>> send the script (as it is) to this mailing list for us to read >>>>>>>>>> >>>> it? >>>>>>>>>> >>>> >>>>>>>>>> >>>>> the >>>>>>>>>> >>>>> only problem being is that I have been unable to find a plugin >>>>>>>>>> >>>>> development manual to be able to implement my script. >>>>>>>>>> >>>> >>>>>>>>>> >>>> There is no development manual :( >>>>>>>>>> >>>> >>>>>>>>>> >>>> For the type of feature that you want to add, the correct thing >>>>>>>>>> >>>> is to >>>>>>>>>> >>>> use a discovery plugin. discovery plugins are simple, they >>>>>>>>>> >>>> follow >>>>>>>>>> >>>> these rules: >>>>>>>>>> >>>> >>>>>>>>>> >>>> - the entry point is the discover method >>>>>>>>>> >>>> >>>>>>>>>> >>>> - the discover method takes a fuzzable request object as a >>>>>>>>>> >>>> parameter, >>>>>>>>>> >>>> and returns a list of fuzzable requests >>>>>>>>>> >>>> (fuzzable requests are representations of GET/POST requests, >>>>>>>>>> >>>> which >>>>>>>>>> >>>> represent links, and forms) >>>>>>>>>> >>>> >>>>>>>>>> >>>> - the discover method is called several times in the same scan, >>>>>>>>>> >>>> with >>>>>>>>>> >>>> the different links that (for example) the webSpider finds. >>>>>>>>>> >>>> >>>>>>>>>> >>>> I think that the best thing you can do is to read one or two >>>>>>>>>> >>>> discovery >>>>>>>>>> >>>> plugins (my recommendations are discovery.crossDomain and >>>>>>>>>> >>>> discovery.userDir), and start building your own plugin based on >>>>>>>>>> >>>> one >>>>>>>>>> >>>> of >>>>>>>>>> >>>> those. >>>>>>>>>> >>>> >>>>>>>>>> >>>>> Is there a dev manual out there? >>>>>>>>>> >>>> >>>>>>>>>> >>>> No >>>>>>>>>> >>>> >>>>>>>>>> >>>>> Does any one have some tips/advice on writting a plugin? >>>>>>>>>> >>>> >>>>>>>>>> >>>> Yes, see above, >>>>>>>>>> >>>> >>>>>>>>>> >>>>> Does any one want me to send them the script for them to >>>>>>>>>> >>>>> develop the >>>>>>>>>> >>>>> plugin? >>>>>>>>>> >>>> >>>>>>>>>> >>>> You should develop the plugin yourself, is fun and good for the >>>>>>>>>> >>>> project =) >>>>>>>>>> >>>> >>>>>>>>>> >>>> Cheers, >>>>>>>>>> >>>> >>>>>>>>>> >>>>> Thank you, >>>>>>>>>> >>>>> Ryan >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> ------------------------------------------------------------------------------ >>>>>>>>>> >>>>> Register Now for Creativity and Technology (CaT), June 3rd, >>>>>>>>>> >>>>> NYC. CaT >>>>>>>>>> >>>>> is a gathering of tech-side developers & brand creativity >>>>>>>>>> >>>>> professionals. Meet >>>>>>>>>> >>>>> the minds behind Google Creative Lab, Visual Complexity, >>>>>>>>>> >>>>> Processing, >>>>>>>>>> >>>>> & >>>>>>>>>> >>>>> iPhoneDevCamp as they present alongside digital heavyweights >>>>>>>>>> >>>>> like >>>>>>>>>> >>>>> Barbarian >>>>>>>>>> >>>>> Group, R/GA, & Big Spaceship. >>>>>>>>>> >>>>> http://p.sf.net/sfu/creativitycat-com >>>>>>>>>> >>>>> _______________________________________________ >>>>>>>>>> >>>>> W3af-develop mailing list >>>>>>>>>> >>>>> W3af-develop@lists.sourceforge.net >>>>>>>>>> >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>>>>> >>>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> -- >>>>>>>>>> >>>> Andrés Riancho >>>>>>>>>> >>>> Founder, Bonsai - Information Security >>>>>>>>>> >>>> http://www.bonsai-sec.com/ >>>>>>>>>> >>>> http://w3af.sf.net/ >>>>>>>>>> >>>> >>>>>>>>>> >>> >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> >> -- >>>>>>>>>> >> Andrés Riancho >>>>>>>>>> >> Founder, Bonsai - Information Security >>>>>>>>>> >> http://www.bonsai-sec.com/ >>>>>>>>>> >> http://w3af.sf.net/ >>>>>>>>>> >> >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > -- >>>>>>>>>> > Andrés Riancho >>>>>>>>>> > Founder, Bonsai - Information Security >>>>>>>>>> > http://www.bonsai-sec.com/ >>>>>>>>>> > http://w3af.sf.net/ >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT >>>>>>>>>> is a gathering of tech-side developers & brand creativity >>>>>>>>>> professionals. >>>>>>>>>> Meet >>>>>>>>>> the minds behind Google Creative Lab, Visual Complexity, Processing, >>>>>>>>>> & >>>>>>>>>> iPhoneDevCamp as they present alongside digital heavyweights like >>>>>>>>>> Barbarian >>>>>>>>>> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com >>>>>>>>>> _______________________________________________ >>>>>>>>>> W3af-develop mailing list >>>>>>>>>> W3af-develop@lists.sourceforge.net >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Andrés Riancho >>>>>>> Founder, Bonsai - Information Security >>>>>>> http://www.bonsai-sec.com/ >>>>>>> http://w3af.sf.net/ >>>>>>> >>>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Andrés Riancho >>>> Founder, Bonsai - Information Security >>>> http://www.bonsai-sec.com/ >>>> http://w3af.sf.net/ >>>> >>> >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ >> > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
