Hello,
Im new to mailing lists so im not sure if this will be sent there.
I'll have a look into intergrating the script into w3af over the next
couple of days and hopefully have a working version by the weekend.
The script is quite simple once you have the gathered the nesesary
data. I went through versions 2.2 to 2.7.1 and manually found client
side differences in most of them, I also used the official changelogs
to help identify them.
The client side differences are in files such as CSS, javascript and
HTML. Some versions did not have any differences apart from having
extra files, which can easliy be identified with HTTP response codes.
It works as such...
Starting from version 2.7.1 (latest), the script tries to find
something that 2.7 doesnt have, if it finds that something then the
script stops and echos the version number.
If the script doesnt find the difference it moves onto identifying the
next version, i.e. does 2.7 have something the earlier version doesnt
have. and so on and so forth.
Ryan
2009/5/28 Andres Riancho <andres.rian...@gmail.com>:
> Ryan,
>
> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst <ryandewhu...@gmail.com> wrote:
>> Hello,
>> I have developed a python script that can detect the version of a
>> wordpress installation. I think it would fit well within w3af,
>
> Yes, it seems that it's something good to have in the framework.
>
> I have like a ton of questions about how it works, could you please
> send the script (as it is) to this mailing list for us to read it?
>
>> the
>> only problem being is that I have been unable to find a plugin
>> development manual to be able to implement my script.
>
> There is no development manual :(
>
> For the type of feature that you want to add, the correct thing is to
> use a discovery plugin. discovery plugins are simple, they follow
> these rules:
>
> - the entry point is the discover method
>
> - the discover method takes a fuzzable request object as a parameter,
> and returns a list of fuzzable requests
> (fuzzable requests are representations of GET/POST requests, which
> represent links, and forms)
>
> - the discover method is called several times in the same scan, with
> the different links that (for example) the webSpider finds.
>
> I think that the best thing you can do is to read one or two discovery
> plugins (my recommendations are discovery.crossDomain and
> discovery.userDir), and start building your own plugin based on one of
> those.
>
>> Is there a dev manual out there?
>
> No
>
>> Does any one have some tips/advice on writting a plugin?
>
> Yes, see above,
>
>> Does any one want me to send them the script for them to develop the plugin?
>
> You should develop the plugin yourself, is fun and good for the project =)
>
> Cheers,
>
>> Thank you,
>> Ryan
>>
>> ------------------------------------------------------------------------------
>> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
>> is a gathering of tech-side developers & brand creativity professionals. Meet
>> the minds behind Google Creative Lab, Visual Complexity, Processing, &
>> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
>> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
>> _______________________________________________
>> W3af-develop mailing list
>> W3af-develop@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
#!usr/bin/python
import httplib, urllib2, socket, sys
#wpurl = raw_input("Enter the WP URL you want to find the version of: ")
wpurl = sys.argv[1].replace("http://","";)
wpurl = wpurl.replace("www.","")
errors = '404'
def wp271():
url = wpurl + '/wp-includes/js/thickbox/thickbox.css'
# Get page HTML
try:
Request = urllib2.urlopen('http://' + url)
difference = '-ms-filter:'
if difference in Request.read():
return 'true'
except urllib2.HTTPError:
return 'false'
def wp27():
url = wpurl + '/wp-admin/css/farbtastic.css'
# Get page HTML
try:
Request = urllib2.urlopen('http://' + url)
difference = 'farbtastic'
if difference in Request.read():
return 'true'
except urllib2.HTTPError:
return 'false'
def wp26():
try:
url = wpurl + '/wp-includes/js/tinymce/wordpress.css'
# Get page HTML
Request = urllib2.urlopen('http://' + url)
difference = '-khtml-border-radius:'
if difference in Request.read():
return 'true'
except urllib2.HTTPError:
return 'false'
def wp251():
url = wpurl + '/wp-includes/js/tinymce/tiny_mce.js'
# Get page HTML
try:
Request = urllib2.urlopen('http://' + url)
difference = '0.7'
if difference in Request.read():
return 'true'
except urllib2.HTTPError:
return 'false'
def wp25():
url = wpurl + '/wp-admin/async-upload.php'
# Get page HTML
try:
Request = urllib2.urlopen('http://' + url)
return 'true'
except urllib2.HTTPError, e:
if e.code == 403:
return 'true'
else:
return 'false'
def wp231():
url = wpurl + '/wp-includes/images/rss.png'
# Get page HTML
try:
Request = urllib2.urlopen('http://' + url)
if errors in Request.read():
return 'false'
else:
return 'true'
except urllib2.HTTPError:
return 'false'
def wp23():
url = wpurl + '/readme.html'
# Get page HTML
try:
Request = urllib2.urlopen('http://' + url)
difference = '2.3'
if difference in Request.read():
return 'true'
except urllib2.HTTPError:
return 'false'
def wp223():
url = wpurl + '/wp-includes/rtl.css'
# Get page HTML
try:
Request = urllib2.urlopen('http://' + url)
difference = '#adminmenu a'
if difference in Request.read():
return 'true'
except urllib2.HTTPError:
return 'false'
def wp221():
url = wpurl + '/wp-includes/js/wp-ajax.js'
# Get page HTML
try:
Request = urllib2.urlopen('http://' + url)
difference = 'var a = $H();'
if difference in Request.read():
return 'true'
except urllib2.HTTPError:
return 'false'
def wp22():
url = wpurl + '/wp-app.php'
# Get page HTML
try:
Request = urllib2.urlopen('http://' + url)
if errors in Request.read():
return 'false'
else:
return 'true'
except urllib2.HTTPError:
return 'false'
while 1:
if wp271() == 'true':
print '+ OSVDB-0: Server is running WordPress 2.7.1 or later.'
break
if wp27() == 'true':
print '+ OSVDB-0: Server is running WordPress 2.7.'
break
if wp26() == 'true':
print '+ OSVDB-0: Server is running WordPress 2.6.1, 2.6.2, 2.6.3 or 2.6.5.'
break
if wp251() == 'true':
print '+ OSVDB-0: Server is running WordPress 2.5.1.'
break
if wp25() == 'true':
print '+ OSVDB-0: Server is running WordPress 2.5.'
break
if wp231() == 'true':
print '+ OSVDB-0: Server is running WordPress 2.3.1, 2.3.2 or 2.3.3'
break
if wp23() == 'true':
print '+ OSVDB-0: Server is running WordPress 2.3.'
break
if wp223() == 'true':
print '+ OSVDB-0: Server is running WordPress 2.2.3.'
break
if wp221() == 'true':
print '+ OSVDB-0: Server is running WordPress 2.2.1.'
break
if wp22() == 'true':
print '+ OSVDB-0: Server is running WordPress 2.2.'
break
else:
print '- WordPress version not found. Its either not WordPress or its a version lower than 2.2'
break
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
