Ryan, On Mon, Jun 8, 2009 at 10:18 AM, Ryan Dewhurst<ryandewhu...@gmail.com> wrote: > 2009/6/7 Andres Riancho <andres.rian...@gmail.com>: >> Ryan, >> >> On Sun, Jun 7, 2009 at 12:31 PM, Ryan Dewhurst<ryandewhu...@gmail.com> wrote: >>> Here is the final version. (I hope) >> >> I just tried your plugin with http://www.bonsai-sec.com/blog/ as a >> target, and it's failing to find anything. I think that the problem is >> in: >> >> base_url = urlParser.baseUrl( fuzzableRequest.getURL() ) >> wp_unique_url = urlParser.urlJoin( base_url , '/wp-login.php' ) >> >> Which will always return http://host.tld/wp-login.php , no matter what >> the fuzzableRequest.getURL() was: in my case it was >> http://www.bonsai-sec.com/blog/ . >> > > Fixed this with: > > wp_unique_url = fuzzableRequest.getURL() + '/wp-login.php' > response = self._urlOpener.GET( wp_unique_url, useCache=True )
If the URL is http://www.bonsai-sec.com/blog/ and you perform that, you end up with http://www.bonsai-sec.com/blog//wp-login.php , which is not what you want. I think that the solution was this one: base_url = urlParser.getDomainPath( fuzzableRequest.getURL() ) wp_unique_url = urlParser.urlJoin( base_url , 'wp-login.php' ) But I'm not sure, you should test it. >> And also on the way that self._exec is ALWAYS set to false. I think >> that self._exec should be set to false only after actually finding a >> wordpress installation and fingerprinting it. >> > > Implemented this. Cool, >> Please test the plugin a little more with different wordpress >> installs, and then let us know how it worked out =) >> > > Tested on about 5 different installations so far, all working. Cool, >> PS: Please use inline for answering emails, top posting sucks. >> > > Sorry, always forget about this, lol. > > Any other changes/feedback let me know. Attached is the latest version. :) I think we're almost ready to put it in the trunk, what do you think? >>> 2009/6/7 Ryan Dewhurst <ryandewhu...@gmail.com>: >>>> Found a bug that I am working on now. >>>> >>>> 2009/6/7 Ryan Dewhurst <ryandewhu...@gmail.com>: >>>>> w00t w00t! >>>>> >>>>> All tested and working! >>>>> >>>>> Thanks to everyone for their help especially Andres for putting up >>>>> with my noobness. I will look into implementing the vulns for each >>>>> version and then eventually a wp plugin version finder. >>>>> >>>>> Feedback and suggestions welcome! :-) >>>>> >>>>> 2009/6/7 Andres Riancho <andres.rian...@gmail.com>: >>>>>> Ryan, >>>>>> >>>>>> On Sat, Jun 6, 2009 at 10:20 PM, Ryan Dewhurst<ryandewhu...@gmail.com> >>>>>> wrote: >>>>>>> I decided to move over to my Linux box for the development of the >>>>>>> plugin. One of the reasons I could not get the plugin to run through >>>>>>> w3af was that the plugin file name was not the same as the class name. >>>>>> >>>>>> Ok, makes sense, >>>>>> >>>>>>> It now runs through w3af with out any errors. The only thing is that >>>>>>> the info output is not showing in kb. >>>>>> >>>>>> Are you saving it to the kb? >>>>>> >>>>>>> Im using this which I found in another plugin: >>>>>>> >>>>>>> # Save it to the kb! >>>>>>> i = info.info() >>>>>>> i.setName('WordPress version') >>>>>>> i.setURL( wp_index_url ) >>>>>>> i.setId( http_response.id ) >>>>>>> i.setDesc( 'WordPress version "'+ self._version +'" found in the >>>>>>> index header.' ) >>>>>>> kb.kb.append( self, 'WordPress version', i ) >>>>>>> om.out.information( i.getDesc() ) >>>>>> >>>>>> That seems to be enough to save the version to the kb, >>>>>> >>>>>>> Attached is the latest version. >>>>>> >>>>>> I applied some minor changes: >>>>>> >>>>>> - Changed the name of the plugin to wordpress_plugin, because >>>>>> wpvChecker is cryptic to users. >>>>>> - The code has some serious errors, that are possibly the reason you >>>>>> don't see anything: >>>>>> >>>>>> ...@brick:~/w3af/w3af/trunk$ pylint >>>>>> --rcfile=../extras/misc/pylint.rc /tmp/wordpress_version.py -e >>>>>> ************* Module wordpress_version >>>>>> E: 98:wordpress_version.discover: Undefined variable 're' >>>>>> E:109:wordpress_version.discover: Undefined variable 'http_response' >>>>>> E:150:wordpress_version.discover: Undefined variable 'http_response' >>>>>> >>>>>> Have you tested the plugin? Do you get a big traceback when running it? >>>>>> >>>>>> - This line in the fingerprint DB: >>>>>> >>>>>> ('/wp-admin/async-upload.php','200','2.5'), >>>>>> >>>>>> Doesn't match this line: >>>>>> >>>>>> if self._wp_fingerprint[1] == 200 and not >>>>>> is_404(response): >>>>>> >>>>>> '200' and 200 aren't equal in python: >>>>>> >>>>>> >>> '200' == 200 >>>>>> False >>>>>> >>>>>> You should change your database to 200, instead of '200' where necessary. >>>>>> >>>>>> - One more detail, is that it would be nice to compare the version in >>>>>> the HTML header, with the fingerprinted version, and report if they >>>>>> differ. >>>>>> >>>>>> You're on the right path, I think that with these recommendations >>>>>> you'll be able to complete the development of your first w3af plugin >>>>>> =) >>>>>> >>>>>> PS: You should answer inline. >>>>>> >>>>>>> Ryan >>>>>>> >>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>> Ryan, >>>>>>>> >>>>>>>> On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurst<ryandewhu...@gmail.com> >>>>>>>> wrote: >>>>>>>>>>Also delete the .pyc file, and no reinstall is needed. >>>>>>>>> >>>>>>>>> There was none. >>>>>>>>> >>>>>>>>>> Yes, many. >>>>>>>>>> You are missing some required methods, like setOptions, getOptions, >>>>>>>>>> getLongDescription, etc. Please see other plugins for a complete >>>>>>>>>> list, >>>>>>>>> >>>>>>>>> They are already in the code: >>>>>>>>> >>>>>>>>> # W3af options and output >>>>>>>>> def getOptions( self ): >>>>>>>>> ''' >>>>>>>>> �...@return: A list of option objects for this plugin. >>>>>>>>> ''' >>>>>>>>> ol = optionList() >>>>>>>>> return ol >>>>>>>>> >>>>>>>>> def setOptions( self, OptionList ): >>>>>>>>> ''' >>>>>>>>> This method sets all the options that are configured using the >>>>>>>>> user interface >>>>>>>>> generated by the framework using the result of getOptions(). >>>>>>>>> >>>>>>>>> �...@parameter OptionList: A dictionary with the options for >>>>>>>>> the plugin. >>>>>>>>> �...@return: No value is returned. >>>>>>>>> ''' >>>>>>>>> pass >>>>>>>>> >>>>>>>>> def getPluginDeps( self ): >>>>>>>>> ''' >>>>>>>>> �...@return: A list with the names of the plugins that should be >>>>>>>>> runned before the >>>>>>>>> current one. >>>>>>>>> ''' >>>>>>>>> return [] >>>>>>>>> >>>>>>>>> def getLongDesc( self ): >>>>>>>>> ''' >>>>>>>>> �...@return: A DETAILED description of the plugin functions and >>>>>>>>> features. >>>>>>>>> ''' >>>>>>>>> return ''' >>>>>>>>> This plugin searches for client side differences between >>>>>>>>> different versions of WordPress. >>>>>>>>> ''' >>>>>>>> >>>>>>>> Then try to run w3af from a console: >>>>>>>> >>>>>>>> in cmd.exe run python w3af_console.py >>>>>>>> >>>>>>>>> >>>>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>> Ryan, >>>>>>>>>> >>>>>>>>>> On Sat, Jun 6, 2009 at 1:57 PM, Ryan Dewhurst >>>>>>>>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>> I moved the wpvchecker.py file into the /plugin/discovery folder. >>>>>>>>>>> When >>>>>>>>>>> I try to launch w3af I get an error (screenshot attached), the >>>>>>>>>>> prompt >>>>>>>>>>> only lasts a few seconds so could not copy/paste the full error >>>>>>>>>>> output. >>>>>>>>>>> >>>>>>>>>>> When I remove the wpvchecker.py file out of the dir the error >>>>>>>>>>> persists >>>>>>>>>>> and I have to un/re install w3af to get it working again. >>>>>>>>>> >>>>>>>>>> Also delete the .pyc file, and no reinstall is needed. >>>>>>>>>> >>>>>>>>>>> Any ideas? >>>>>>>>>> >>>>>>>>>> Yes, many. >>>>>>>>>> You are missing some required methods, like setOptions, getOptions, >>>>>>>>>> getLongDescription, etc. Please see other plugins for a complete >>>>>>>>>> list, >>>>>>>>>> >>>>>>>>>>> Thanks again, >>>>>>>>>>> Ryan >>>>>>>>>>> >>>>>>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>> Ryan, >>>>>>>>>>>> >>>>>>>>>>>> On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst >>>>>>>>>>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>>>> Hello, >>>>>>>>>>>>> Sorry its been so long with the wrodpress version checker plugin, >>>>>>>>>>>>> had >>>>>>>>>>>>> some life problems. >>>>>>>>>>>> >>>>>>>>>>>> No problem man, I hope things are going better now. >>>>>>>>>>>> >>>>>>>>>>>>> Anyway... >>>>>>>>>>>>> >>>>>>>>>>>>> I have come to a logic problem which I cannot seem to solve and >>>>>>>>>>>>> was >>>>>>>>>>>>> wondering if any one could give me some pointers... >>>>>>>>>>>>> >>>>>>>>>>>>> Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected by >>>>>>>>>>>>> a >>>>>>>>>>>>> file/image being present i.e status 200 >>>>>>>>>>>>> >>>>>>>>>>>>> I cannot figure out how to check for this while using the >>>>>>>>>>>>> self._wp_fingerprint array. >>>>>>>>>>>> >>>>>>>>>>>> The for loop that works with the array looks like this: >>>>>>>>>>>> >>>>>>>>>>>> for data in self._wp_fingerprint: >>>>>>>>>>>> >>>>>>>>>>>> # Complete URL to test, url+file >>>>>>>>>>>> test_URL = urlParser.urlJoin( base_url, >>>>>>>>>>>> self._wp_fingerprint[0] ) >>>>>>>>>>>> >>>>>>>>>>>> if self._wp_fingerprint[1] in response: >>>>>>>>>>>> version = self._wp_fingerprint[2] >>>>>>>>>>>> break >>>>>>>>>>>> else: >>>>>>>>>>>> version = 'Version lower than 2.2' >>>>>>>>>>>> >>>>>>>>>>>> But there are some parts missing, like actually requesting to the >>>>>>>>>>>> server the test_URL. On the other part, the "200" logic could be >>>>>>>>>>>> easily done like this: >>>>>>>>>>>> >>>>>>>>>>>> if self._wp_fingerprint[1] == 200 and not >>>>>>>>>>>> is_404(response): >>>>>>>>>>>> # it was found! >>>>>>>>>>>> elif self._wp_fingerprint[1] in response: >>>>>>>>>>>> version = self._wp_fingerprint[2] >>>>>>>>>>>> break >>>>>>>>>>>> else: >>>>>>>>>>>> version = 'Version lower than 2.2' >>>>>>>>>>>> >>>>>>>>>>>> To make this work, you should change the '' in the fingerprint >>>>>>>>>>>> array >>>>>>>>>>>> by a 200, and it should all work. >>>>>>>>>>>> >>>>>>>>>>>>> Here is the code so far, I have not yet tested it out, but should >>>>>>>>>>>>> give >>>>>>>>>>>>> you a basic idea of how it will run. >>>>>>>>>>>> >>>>>>>>>>>> Yes, and it makes much more sense to me this way. The older version >>>>>>>>>>>> was "ugly" :) >>>>>>>>>>>> >>>>>>>>>>>>> I was also thinking of >>>>>>>>>>>>> implementing a plugin version checker as there are many plugins >>>>>>>>>>>>> with >>>>>>>>>>>>> vulns. >>>>>>>>>>>> >>>>>>>>>>>> Sure, but lets go step by step, lets finish this plugin, test it a >>>>>>>>>>>> little bit, and then we can go for the next one. >>>>>>>>>>>> >>>>>>>>>>>>> Thank you, >>>>>>>>>>>>> Ryan >>>>>>>>>>>>> >>>>>>>>>>>>> P.S. To test it through w3af, do I just pop the py file into the >>>>>>>>>>>>> plugin folder or is there any other code to be changed? >>>>>>>>>>>> >>>>>>>>>>>> Yes, you have to move this file to the discovery directory and >>>>>>>>>>>> that's it. >>>>>>>>>>>> >>>>>>>>>>>>> 2009/5/31 Ryan Dewhurst <ryandewhu...@gmail.com>: >>>>>>>>>>>>>> Just to let everyone know where I am with the plugin. >>>>>>>>>>>>>> >>>>>>>>>>>>>> I'm a complete n00b at re and couldnt get backbone's code to >>>>>>>>>>>>>> work, so >>>>>>>>>>>>>> I read a couple of manuals and finally got it working with: >>>>>>>>>>>>>> <meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)" >>>>>>>>>>>>>> /> >>>>>>>>>>>>>> >>>>>>>>>>>>>> An explanation of what the plugin will do: >>>>>>>>>>>>>> ----------------------------------------------------------- >>>>>>>>>>>>>> >>>>>>>>>>>>>> It will first check to see if the server has the following file >>>>>>>>>>>>>> "/wp-admin/index.php". >>>>>>>>>>>>>> >>>>>>>>>>>>>> If it does >>>>>>>>>>>>>> >>>>>>>>>>>>>> It will check to see whether or not the version is in the index >>>>>>>>>>>>>> header. >>>>>>>>>>>>>> >>>>>>>>>>>>>> If it finds the version it will store it in a variable. >>>>>>>>>>>>>> >>>>>>>>>>>>>> It will then run through the checks from my original code to try >>>>>>>>>>>>>> and >>>>>>>>>>>>>> guess the version. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> The output will be as follows: >>>>>>>>>>>>>> ------------------------------------------ >>>>>>>>>>>>>> >>>>>>>>>>>>>> If the version is not in the index and not found with the data = >>>>>>>>>>>>>> "version under 2.2" >>>>>>>>>>>>>> If the version is in the index and in the data are the same = >>>>>>>>>>>>>> "whatever version was found" >>>>>>>>>>>>>> If the version is in the index and in the data are different = >>>>>>>>>>>>>> ""Version shows as $version in index header however the data >>>>>>>>>>>>>> shows >>>>>>>>>>>>>> $version" >>>>>>>>>>>>>> >>>>>>>>>>>>>> I still need to implement the data checks however my girlfriend >>>>>>>>>>>>>> has >>>>>>>>>>>>>> fallen ill and has been admitted to hospital for an emergency >>>>>>>>>>>>>> operation. I don't think I will be able to finish the plugin this >>>>>>>>>>>>>> weekend as promised earlier however will still be working on it >>>>>>>>>>>>>> next >>>>>>>>>>>>>> week. >>>>>>>>>>>>>> >>>>>>>>>>>>>> I was also thinking on listing the vulnerabilitys for each >>>>>>>>>>>>>> version (if >>>>>>>>>>>>>> any) on the output. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Ryan >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2009/5/29 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>>>>> Ryan, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst >>>>>>>>>>>>>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>>>>>>> Im loooking into searching the response html of the index page >>>>>>>>>>>>>>>> for the >>>>>>>>>>>>>>>> following string: >>>>>>>>>>>>>>>> <meta name="generator" content="WordPress $version" /> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Ive tried with regular expressions and am unable to get it to >>>>>>>>>>>>>>>> work, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> backbone sent you a solution, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Ive read that re is bad for parsing HTML and that BeautifulSoup >>>>>>>>>>>>>>>> should be used. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Does w3af already have BeautifulSoup in its dependency list? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Yes, it's in the dependency list, but we aren't using it "for >>>>>>>>>>>>>>> that". >>>>>>>>>>>>>>> Long story short, please use the re =) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Ryan >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> P.S. Thanks for the advice backbone46, I'll have a look into >>>>>>>>>>>>>>>> that once >>>>>>>>>>>>>>>> Ive sorted this out. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 2009/5/28 <backbon...@gmail.com>: >>>>>>>>>>>>>>>>> Sorry to bump in just like that in the discussion, about the >>>>>>>>>>>>>>>>> meta tag that >>>>>>>>>>>>>>>>> displays >>>>>>>>>>>>>>>>> the WordPress version. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Only since version 2.7 the generator function is in the core >>>>>>>>>>>>>>>>> of WordPress, >>>>>>>>>>>>>>>>> on >>>>>>>>>>>>>>>>> earlier versions it was only in the theme. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Just wanted to mention that. :) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>>> http://insanesecurity.info >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst >>>>>>>>>>>>>>>>> <ryandewhu...@gmail.com> >>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Yes, I dont see why not. Should be easy enough tro implement. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> You mentioned during our email conversation that wordpress >>>>>>>>>>>>>>>>>> echos its >>>>>>>>>>>>>>>>>> version number in the page head. I managed to find an >>>>>>>>>>>>>>>>>> example of it. >>>>>>>>>>>>>>>>>> Your right I do have a security plugin installed which must >>>>>>>>>>>>>>>>>> have >>>>>>>>>>>>>>>>>> removed it from my blog. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Here is an example: >>>>>>>>>>>>>>>>>> <meta name="generator" content="WordPress 2.7.1" /> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>>>>>>>> > Ryan, >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho >>>>>>>>>>>>>>>>>> > <andres.rian...@gmail.com> wrote: >>>>>>>>>>>>>>>>>> >> Ryan, >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst >>>>>>>>>>>>>>>>>> >> <ryandewhu...@gmail.com> >>>>>>>>>>>>>>>>>> >> wrote: >>>>>>>>>>>>>>>>>> >>> Hello, >>>>>>>>>>>>>>>>>> >>> Im new to mailing lists so im not sure if this will be >>>>>>>>>>>>>>>>>> >>> sent there. >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> It depends on the mailing list. This one is configured to >>>>>>>>>>>>>>>>>> >> accept >>>>>>>>>>>>>>>>>> >> attachments, >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >>> I'll have a look into intergrating the script into w3af >>>>>>>>>>>>>>>>>> >>> over the next >>>>>>>>>>>>>>>>>> >>> couple of days and hopefully have a working version by >>>>>>>>>>>>>>>>>> >>> the weekend. >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> Excellent, if you need ANY help, just let us know. >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >>> The script is quite simple once you have the gathered >>>>>>>>>>>>>>>>>> >>> the nesesary >>>>>>>>>>>>>>>>>> >>> data. I went through versions 2.2 to 2.7.1 and manually >>>>>>>>>>>>>>>>>> >>> found client >>>>>>>>>>>>>>>>>> >>> side differences in most of them, I also used the >>>>>>>>>>>>>>>>>> >>> official changelogs >>>>>>>>>>>>>>>>>> >>> to help identify them. >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> Ohhh, you are the guy that wrote that blog post with the >>>>>>>>>>>>>>>>>> >> "diffs" of >>>>>>>>>>>>>>>>>> >> different wordpress release packages? >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >>> The client side differences are in files such as CSS, >>>>>>>>>>>>>>>>>> >>> javascript and >>>>>>>>>>>>>>>>>> >>> HTML. Some versions did not have any differences apart >>>>>>>>>>>>>>>>>> >>> from having >>>>>>>>>>>>>>>>>> >>> extra files, which can easliy be identified with HTTP >>>>>>>>>>>>>>>>>> >>> response codes. >>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>> >>> It works as such... >>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>> >>> Starting from version 2.7.1 (latest), the script tries >>>>>>>>>>>>>>>>>> >>> to find >>>>>>>>>>>>>>>>>> >>> something that 2.7 doesnt have, if it finds that >>>>>>>>>>>>>>>>>> >>> something then the >>>>>>>>>>>>>>>>>> >>> script stops and echos the version number. >>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>> >>> If the script doesnt find the difference it moves onto >>>>>>>>>>>>>>>>>> >>> identifying the >>>>>>>>>>>>>>>>>> >>> next version, i.e. does 2.7 have something the earlier >>>>>>>>>>>>>>>>>> >>> version doesnt >>>>>>>>>>>>>>>>>> >>> have. and so on and so forth. >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> Ok, makes sense. >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> Some comments regarding your code: >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> - w3af uses PEP-8, with among other things says 4-spaces >>>>>>>>>>>>>>>>>> >> for >>>>>>>>>>>>>>>>>> >> indentations. Your code has 1-space (?) indentations. >>>>>>>>>>>>>>>>>> >> Please correct >>>>>>>>>>>>>>>>>> >> that. >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> - The code is pretty simple, but i think it could be done >>>>>>>>>>>>>>>>>> >> in a better >>>>>>>>>>>>>>>>>> >> way. Having that many functions (wp22 to wp271) doesn't >>>>>>>>>>>>>>>>>> >> seem to be a >>>>>>>>>>>>>>>>>> >> good option. Do you think that the code could be changed >>>>>>>>>>>>>>>>>> >> a little bit, >>>>>>>>>>>>>>>>>> >> and create a database (which can be easily updated) and >>>>>>>>>>>>>>>>>> >> then use that >>>>>>>>>>>>>>>>>> >> database to store the information? Example of the databse >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> self._wp_fingerprint = >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css', >>>>>>>>>>>>>>>>>> >> 'farbtastic')] >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> - Also, by default wordpress publishes the version number >>>>>>>>>>>>>>>>>> >> in every >>>>>>>>>>>>>>>>>> >> page head. Maybe it would be a good idea to parse that, >>>>>>>>>>>>>>>>>> >> and compare it >>>>>>>>>>>>>>>>>> >> with the result of the fingerprinting. What do you think? >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > A good idea would be to have a first step, before all the >>>>>>>>>>>>>>>>>> > version >>>>>>>>>>>>>>>>>> > specific checks, that verifies something that's true for >>>>>>>>>>>>>>>>>> > all wordpress >>>>>>>>>>>>>>>>>> > installations (some X file has to be present) before even >>>>>>>>>>>>>>>>>> > starting the >>>>>>>>>>>>>>>>>> > fingerprinting. Could this be done? >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> >> Cheers, >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >>> Ryan >>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>> >>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>>>>>>>> >>>> Ryan, >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst >>>>>>>>>>>>>>>>>> >>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>>>>>>>>> >>>>> Hello, >>>>>>>>>>>>>>>>>> >>>>> I have developed a python script that can detect the >>>>>>>>>>>>>>>>>> >>>>> version of a >>>>>>>>>>>>>>>>>> >>>>> wordpress installation. I think it would fit well >>>>>>>>>>>>>>>>>> >>>>> within w3af, >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> Yes, it seems that it's something good to have in the >>>>>>>>>>>>>>>>>> >>>> framework. >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> I have like a ton of questions about how it works, >>>>>>>>>>>>>>>>>> >>>> could you please >>>>>>>>>>>>>>>>>> >>>> send the script (as it is) to this mailing list for us >>>>>>>>>>>>>>>>>> >>>> to read it? >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>>> the >>>>>>>>>>>>>>>>>> >>>>> only problem being is that I have been unable to find >>>>>>>>>>>>>>>>>> >>>>> a plugin >>>>>>>>>>>>>>>>>> >>>>> development manual to be able to implement my script. >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> There is no development manual :( >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> For the type of feature that you want to add, the >>>>>>>>>>>>>>>>>> >>>> correct thing is to >>>>>>>>>>>>>>>>>> >>>> use a discovery plugin. discovery plugins are simple, >>>>>>>>>>>>>>>>>> >>>> they follow >>>>>>>>>>>>>>>>>> >>>> these rules: >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> - the entry point is the discover method >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> - the discover method takes a fuzzable request object >>>>>>>>>>>>>>>>>> >>>> as a parameter, >>>>>>>>>>>>>>>>>> >>>> and returns a list of fuzzable requests >>>>>>>>>>>>>>>>>> >>>> (fuzzable requests are representations of GET/POST >>>>>>>>>>>>>>>>>> >>>> requests, which >>>>>>>>>>>>>>>>>> >>>> represent links, and forms) >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> - the discover method is called several times in the >>>>>>>>>>>>>>>>>> >>>> same scan, with >>>>>>>>>>>>>>>>>> >>>> the different links that (for example) the webSpider >>>>>>>>>>>>>>>>>> >>>> finds. >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> I think that the best thing you can do is to read one >>>>>>>>>>>>>>>>>> >>>> or two >>>>>>>>>>>>>>>>>> >>>> discovery >>>>>>>>>>>>>>>>>> >>>> plugins (my recommendations are discovery.crossDomain >>>>>>>>>>>>>>>>>> >>>> and >>>>>>>>>>>>>>>>>> >>>> discovery.userDir), and start building your own plugin >>>>>>>>>>>>>>>>>> >>>> based on one >>>>>>>>>>>>>>>>>> >>>> of >>>>>>>>>>>>>>>>>> >>>> those. >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>>> Is there a dev manual out there? >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> No >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>>> Does any one have some tips/advice on writting a >>>>>>>>>>>>>>>>>> >>>>> plugin? >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> Yes, see above, >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>>> Does any one want me to send them the script for them >>>>>>>>>>>>>>>>>> >>>>> to develop the >>>>>>>>>>>>>>>>>> >>>>> plugin? >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> You should develop the plugin yourself, is fun and good >>>>>>>>>>>>>>>>>> >>>> for the >>>>>>>>>>>>>>>>>> >>>> project =) >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> Cheers, >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>>> Thank you, >>>>>>>>>>>>>>>>>> >>>>> Ryan >>>>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>>>> >>>>> ------------------------------------------------------------------------------ >>>>>>>>>>>>>>>>>> >>>>> Register Now for Creativity and Technology (CaT), June >>>>>>>>>>>>>>>>>> >>>>> 3rd, NYC. CaT >>>>>>>>>>>>>>>>>> >>>>> is a gathering of tech-side developers & brand >>>>>>>>>>>>>>>>>> >>>>> creativity >>>>>>>>>>>>>>>>>> >>>>> professionals. Meet >>>>>>>>>>>>>>>>>> >>>>> the minds behind Google Creative Lab, Visual >>>>>>>>>>>>>>>>>> >>>>> Complexity, Processing, >>>>>>>>>>>>>>>>>> >>>>> & >>>>>>>>>>>>>>>>>> >>>>> iPhoneDevCamp as they present alongside digital >>>>>>>>>>>>>>>>>> >>>>> heavyweights like >>>>>>>>>>>>>>>>>> >>>>> Barbarian >>>>>>>>>>>>>>>>>> >>>>> Group, R/GA, & Big Spaceship. >>>>>>>>>>>>>>>>>> >>>>> http://p.sf.net/sfu/creativitycat-com >>>>>>>>>>>>>>>>>> >>>>> _______________________________________________ >>>>>>>>>>>>>>>>>> >>>>> W3af-develop mailing list >>>>>>>>>>>>>>>>>> >>>>> W3af-develop@lists.sourceforge.net >>>>>>>>>>>>>>>>>> >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>>> -- >>>>>>>>>>>>>>>>>> >>>> Andrés Riancho >>>>>>>>>>>>>>>>>> >>>> Founder, Bonsai - Information Security >>>>>>>>>>>>>>>>>> >>>> http://www.bonsai-sec.com/ >>>>>>>>>>>>>>>>>> >>>> http://w3af.sf.net/ >>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> >> -- >>>>>>>>>>>>>>>>>> >> Andrés Riancho >>>>>>>>>>>>>>>>>> >> Founder, Bonsai - Information Security >>>>>>>>>>>>>>>>>> >> http://www.bonsai-sec.com/ >>>>>>>>>>>>>>>>>> >> http://w3af.sf.net/ >>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > -- >>>>>>>>>>>>>>>>>> > Andrés Riancho >>>>>>>>>>>>>>>>>> > Founder, Bonsai - Information Security >>>>>>>>>>>>>>>>>> > http://www.bonsai-sec.com/ >>>>>>>>>>>>>>>>>> > http://w3af.sf.net/ >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>>>>>>>>> Register Now for Creativity and Technology (CaT), June 3rd, >>>>>>>>>>>>>>>>>> NYC. CaT >>>>>>>>>>>>>>>>>> is a gathering of tech-side developers & brand creativity >>>>>>>>>>>>>>>>>> professionals. >>>>>>>>>>>>>>>>>> Meet >>>>>>>>>>>>>>>>>> the minds behind Google Creative Lab, Visual Complexity, >>>>>>>>>>>>>>>>>> Processing, & >>>>>>>>>>>>>>>>>> iPhoneDevCamp as they present alongside digital heavyweights >>>>>>>>>>>>>>>>>> like >>>>>>>>>>>>>>>>>> Barbarian >>>>>>>>>>>>>>>>>> Group, R/GA, & Big Spaceship. >>>>>>>>>>>>>>>>>> http://p.sf.net/sfu/creativitycat-com >>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>> W3af-develop mailing list >>>>>>>>>>>>>>>>>> W3af-develop@lists.sourceforge.net >>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Andrés Riancho >>>>>>>>>>>>>>> Founder, Bonsai - Information Security >>>>>>>>>>>>>>> http://www.bonsai-sec.com/ >>>>>>>>>>>>>>> http://w3af.sf.net/ >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Andrés Riancho >>>>>>>>>>>> Founder, Bonsai - Information Security >>>>>>>>>>>> http://www.bonsai-sec.com/ >>>>>>>>>>>> http://w3af.sf.net/ >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Andrés Riancho >>>>>>>>>> Founder, Bonsai - Information Security >>>>>>>>>> http://www.bonsai-sec.com/ >>>>>>>>>> http://w3af.sf.net/ >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Andrés Riancho >>>>>>>> Founder, Bonsai - Information Security >>>>>>>> http://www.bonsai-sec.com/ >>>>>>>> http://w3af.sf.net/ >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Andrés Riancho >>>>>> Founder, Bonsai - Information Security >>>>>> http://www.bonsai-sec.com/ >>>>>> http://w3af.sf.net/ >>>>>> >>>>> >>>> >>> >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ >> > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
