Just to let everyone know where I am with the plugin. I'm a complete n00b at re and couldnt get backbone's code to work, so I read a couple of manuals and finally got it working with: <meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)" />
An explanation of what the plugin will do: ----------------------------------------------------------- It will first check to see if the server has the following file "/wp-admin/index.php". If it does It will check to see whether or not the version is in the index header. If it finds the version it will store it in a variable. It will then run through the checks from my original code to try and guess the version. The output will be as follows: ------------------------------------------ If the version is not in the index and not found with the data = "version under 2.2" If the version is in the index and in the data are the same = "whatever version was found" If the version is in the index and in the data are different = ""Version shows as $version in index header however the data shows $version" I still need to implement the data checks however my girlfriend has fallen ill and has been admitted to hospital for an emergency operation. I don't think I will be able to finish the plugin this weekend as promised earlier however will still be working on it next week. I was also thinking on listing the vulnerabilitys for each version (if any) on the output. Ryan 2009/5/29 Andres Riancho <andres.rian...@gmail.com>: > Ryan, > > On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst <ryandewhu...@gmail.com> > wrote: >> Im loooking into searching the response html of the index page for the >> following string: >> <meta name="generator" content="WordPress $version" /> >> >> Ive tried with regular expressions and am unable to get it to work, > > backbone sent you a solution, > >> Ive read that re is bad for parsing HTML and that BeautifulSoup >> should be used. >> >> Does w3af already have BeautifulSoup in its dependency list? > > Yes, it's in the dependency list, but we aren't using it "for that". > Long story short, please use the re =) > >> Ryan >> >> P.S. Thanks for the advice backbone46, I'll have a look into that once >> Ive sorted this out. >> >> >> 2009/5/28 <backbon...@gmail.com>: >>> Sorry to bump in just like that in the discussion, about the meta tag that >>> displays >>> the WordPress version. >>> >>> Only since version 2.7 the generator function is in the core of WordPress, >>> on >>> earlier versions it was only in the theme. >>> >>> Just wanted to mention that. :) >>> >>> --- >>> http://insanesecurity.info >>> >>> >>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst <ryandewhu...@gmail.com> >>> wrote: >>>> >>>> Yes, I dont see why not. Should be easy enough tro implement. >>>> >>>> You mentioned during our email conversation that wordpress echos its >>>> version number in the page head. I managed to find an example of it. >>>> Your right I do have a security plugin installed which must have >>>> removed it from my blog. >>>> >>>> Here is an example: >>>> <meta name="generator" content="WordPress 2.7.1" /> >>>> >>>> >>>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>> > Ryan, >>>> > >>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho >>>> > <andres.rian...@gmail.com> wrote: >>>> >> Ryan, >>>> >> >>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst <ryandewhu...@gmail.com> >>>> >> wrote: >>>> >>> Hello, >>>> >>> Im new to mailing lists so im not sure if this will be sent there. >>>> >> >>>> >> It depends on the mailing list. This one is configured to accept >>>> >> attachments, >>>> >> >>>> >>> I'll have a look into intergrating the script into w3af over the next >>>> >>> couple of days and hopefully have a working version by the weekend. >>>> >> >>>> >> Excellent, if you need ANY help, just let us know. >>>> >> >>>> >>> The script is quite simple once you have the gathered the nesesary >>>> >>> data. I went through versions 2.2 to 2.7.1 and manually found client >>>> >>> side differences in most of them, I also used the official changelogs >>>> >>> to help identify them. >>>> >> >>>> >> Ohhh, you are the guy that wrote that blog post with the "diffs" of >>>> >> different wordpress release packages? >>>> >> >>>> >>> The client side differences are in files such as CSS, javascript and >>>> >>> HTML. Some versions did not have any differences apart from having >>>> >>> extra files, which can easliy be identified with HTTP response codes. >>>> >>> >>>> >>> It works as such... >>>> >>> >>>> >>> Starting from version 2.7.1 (latest), the script tries to find >>>> >>> something that 2.7 doesnt have, if it finds that something then the >>>> >>> script stops and echos the version number. >>>> >>> >>>> >>> If the script doesnt find the difference it moves onto identifying the >>>> >>> next version, i.e. does 2.7 have something the earlier version doesnt >>>> >>> have. and so on and so forth. >>>> >> >>>> >> Ok, makes sense. >>>> >> >>>> >> Some comments regarding your code: >>>> >> >>>> >> - w3af uses PEP-8, with among other things says 4-spaces for >>>> >> indentations. Your code has 1-space (?) indentations. Please correct >>>> >> that. >>>> >> >>>> >> - The code is pretty simple, but i think it could be done in a better >>>> >> way. Having that many functions (wp22 to wp271) doesn't seem to be a >>>> >> good option. Do you think that the code could be changed a little bit, >>>> >> and create a database (which can be easily updated) and then use that >>>> >> database to store the information? Example of the databse >>>> >> >>>> >> self._wp_fingerprint = >>>> >> >>>> >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css', >>>> >> 'farbtastic')] >>>> >> >>>> >> - Also, by default wordpress publishes the version number in every >>>> >> page head. Maybe it would be a good idea to parse that, and compare it >>>> >> with the result of the fingerprinting. What do you think? >>>> > >>>> > A good idea would be to have a first step, before all the version >>>> > specific checks, that verifies something that's true for all wordpress >>>> > installations (some X file has to be present) before even starting the >>>> > fingerprinting. Could this be done? >>>> > >>>> >> Cheers, >>>> >> >>>> >>> Ryan >>>> >>> >>>> >>> >>>> >>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>> >>>> Ryan, >>>> >>>> >>>> >>>> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst >>>> >>>> <ryandewhu...@gmail.com> wrote: >>>> >>>>> Hello, >>>> >>>>> I have developed a python script that can detect the version of a >>>> >>>>> wordpress installation. I think it would fit well within w3af, >>>> >>>> >>>> >>>> Yes, it seems that it's something good to have in the framework. >>>> >>>> >>>> >>>> I have like a ton of questions about how it works, could you please >>>> >>>> send the script (as it is) to this mailing list for us to read it? >>>> >>>> >>>> >>>>> the >>>> >>>>> only problem being is that I have been unable to find a plugin >>>> >>>>> development manual to be able to implement my script. >>>> >>>> >>>> >>>> There is no development manual :( >>>> >>>> >>>> >>>> For the type of feature that you want to add, the correct thing is to >>>> >>>> use a discovery plugin. discovery plugins are simple, they follow >>>> >>>> these rules: >>>> >>>> >>>> >>>> - the entry point is the discover method >>>> >>>> >>>> >>>> - the discover method takes a fuzzable request object as a parameter, >>>> >>>> and returns a list of fuzzable requests >>>> >>>> (fuzzable requests are representations of GET/POST requests, which >>>> >>>> represent links, and forms) >>>> >>>> >>>> >>>> - the discover method is called several times in the same scan, with >>>> >>>> the different links that (for example) the webSpider finds. >>>> >>>> >>>> >>>> I think that the best thing you can do is to read one or two >>>> >>>> discovery >>>> >>>> plugins (my recommendations are discovery.crossDomain and >>>> >>>> discovery.userDir), and start building your own plugin based on one >>>> >>>> of >>>> >>>> those. >>>> >>>> >>>> >>>>> Is there a dev manual out there? >>>> >>>> >>>> >>>> No >>>> >>>> >>>> >>>>> Does any one have some tips/advice on writting a plugin? >>>> >>>> >>>> >>>> Yes, see above, >>>> >>>> >>>> >>>>> Does any one want me to send them the script for them to develop the >>>> >>>>> plugin? >>>> >>>> >>>> >>>> You should develop the plugin yourself, is fun and good for the >>>> >>>> project =) >>>> >>>> >>>> >>>> Cheers, >>>> >>>> >>>> >>>>> Thank you, >>>> >>>>> Ryan >>>> >>>>> >>>> >>>>> >>>> >>>>> ------------------------------------------------------------------------------ >>>> >>>>> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT >>>> >>>>> is a gathering of tech-side developers & brand creativity >>>> >>>>> professionals. Meet >>>> >>>>> the minds behind Google Creative Lab, Visual Complexity, Processing, >>>> >>>>> & >>>> >>>>> iPhoneDevCamp as they present alongside digital heavyweights like >>>> >>>>> Barbarian >>>> >>>>> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com >>>> >>>>> _______________________________________________ >>>> >>>>> W3af-develop mailing list >>>> >>>>> W3af-develop@lists.sourceforge.net >>>> >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Andrés Riancho >>>> >>>> Founder, Bonsai - Information Security >>>> >>>> http://www.bonsai-sec.com/ >>>> >>>> http://w3af.sf.net/ >>>> >>>> >>>> >>> >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> Andrés Riancho >>>> >> Founder, Bonsai - Information Security >>>> >> http://www.bonsai-sec.com/ >>>> >> http://w3af.sf.net/ >>>> >> >>>> > >>>> > >>>> > >>>> > -- >>>> > Andrés Riancho >>>> > Founder, Bonsai - Information Security >>>> > http://www.bonsai-sec.com/ >>>> > http://w3af.sf.net/ >>>> > >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT >>>> is a gathering of tech-side developers & brand creativity professionals. >>>> Meet >>>> the minds behind Google Creative Lab, Visual Complexity, Processing, & >>>> iPhoneDevCamp as they present alongside digital heavyweights like >>>> Barbarian >>>> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com >>>> _______________________________________________ >>>> W3af-develop mailing list >>>> W3af-develop@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>> >>> >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
