Ryan, On Sat, Jun 6, 2009 at 1:57 PM, Ryan Dewhurst <ryandewhu...@gmail.com> wrote: > I moved the wpvchecker.py file into the /plugin/discovery folder. When > I try to launch w3af I get an error (screenshot attached), the prompt > only lasts a few seconds so could not copy/paste the full error > output. > > When I remove the wpvchecker.py file out of the dir the error persists > and I have to un/re install w3af to get it working again.
Also delete the .pyc file, and no reinstall is needed. > Any ideas? Yes, many. You are missing some required methods, like setOptions, getOptions, getLongDescription, etc. Please see other plugins for a complete list, > Thanks again, > Ryan > > 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >> Ryan, >> >> On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst <ryandewhu...@gmail.com> >> wrote: >>> Hello, >>> Sorry its been so long with the wrodpress version checker plugin, had >>> some life problems. >> >> No problem man, I hope things are going better now. >> >>> Anyway... >>> >>> I have come to a logic problem which I cannot seem to solve and was >>> wondering if any one could give me some pointers... >>> >>> Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected by a >>> file/image being present i.e status 200 >>> >>> I cannot figure out how to check for this while using the >>> self._wp_fingerprint array. >> >> The for loop that works with the array looks like this: >> >> for data in self._wp_fingerprint: >> >> # Complete URL to test, url+file >> test_URL = urlParser.urlJoin( base_url, >> self._wp_fingerprint[0] ) >> >> if self._wp_fingerprint[1] in response: >> version = self._wp_fingerprint[2] >> break >> else: >> version = 'Version lower than 2.2' >> >> But there are some parts missing, like actually requesting to the >> server the test_URL. On the other part, the "200" logic could be >> easily done like this: >> >> if self._wp_fingerprint[1] == 200 and not >> is_404(response): >> # it was found! >> elif self._wp_fingerprint[1] in response: >> version = self._wp_fingerprint[2] >> break >> else: >> version = 'Version lower than 2.2' >> >> To make this work, you should change the '' in the fingerprint array >> by a 200, and it should all work. >> >>> Here is the code so far, I have not yet tested it out, but should give >>> you a basic idea of how it will run. >> >> Yes, and it makes much more sense to me this way. The older version >> was "ugly" :) >> >>> I was also thinking of >>> implementing a plugin version checker as there are many plugins with >>> vulns. >> >> Sure, but lets go step by step, lets finish this plugin, test it a >> little bit, and then we can go for the next one. >> >>> Thank you, >>> Ryan >>> >>> P.S. To test it through w3af, do I just pop the py file into the >>> plugin folder or is there any other code to be changed? >> >> Yes, you have to move this file to the discovery directory and that's it. >> >>> 2009/5/31 Ryan Dewhurst <ryandewhu...@gmail.com>: >>>> Just to let everyone know where I am with the plugin. >>>> >>>> I'm a complete n00b at re and couldnt get backbone's code to work, so >>>> I read a couple of manuals and finally got it working with: >>>> <meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)" /> >>>> >>>> An explanation of what the plugin will do: >>>> ----------------------------------------------------------- >>>> >>>> It will first check to see if the server has the following file >>>> "/wp-admin/index.php". >>>> >>>> If it does >>>> >>>> It will check to see whether or not the version is in the index header. >>>> >>>> If it finds the version it will store it in a variable. >>>> >>>> It will then run through the checks from my original code to try and >>>> guess the version. >>>> >>>> >>>> The output will be as follows: >>>> ------------------------------------------ >>>> >>>> If the version is not in the index and not found with the data = >>>> "version under 2.2" >>>> If the version is in the index and in the data are the same = >>>> "whatever version was found" >>>> If the version is in the index and in the data are different = >>>> ""Version shows as $version in index header however the data shows >>>> $version" >>>> >>>> I still need to implement the data checks however my girlfriend has >>>> fallen ill and has been admitted to hospital for an emergency >>>> operation. I don't think I will be able to finish the plugin this >>>> weekend as promised earlier however will still be working on it next >>>> week. >>>> >>>> I was also thinking on listing the vulnerabilitys for each version (if >>>> any) on the output. >>>> >>>> Ryan >>>> >>>> >>>> 2009/5/29 Andres Riancho <andres.rian...@gmail.com>: >>>>> Ryan, >>>>> >>>>> On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst <ryandewhu...@gmail.com> >>>>> wrote: >>>>>> Im loooking into searching the response html of the index page for the >>>>>> following string: >>>>>> <meta name="generator" content="WordPress $version" /> >>>>>> >>>>>> Ive tried with regular expressions and am unable to get it to work, >>>>> >>>>> backbone sent you a solution, >>>>> >>>>>> Ive read that re is bad for parsing HTML and that BeautifulSoup >>>>>> should be used. >>>>>> >>>>>> Does w3af already have BeautifulSoup in its dependency list? >>>>> >>>>> Yes, it's in the dependency list, but we aren't using it "for that". >>>>> Long story short, please use the re =) >>>>> >>>>>> Ryan >>>>>> >>>>>> P.S. Thanks for the advice backbone46, I'll have a look into that once >>>>>> Ive sorted this out. >>>>>> >>>>>> >>>>>> 2009/5/28 <backbon...@gmail.com>: >>>>>>> Sorry to bump in just like that in the discussion, about the meta tag >>>>>>> that >>>>>>> displays >>>>>>> the WordPress version. >>>>>>> >>>>>>> Only since version 2.7 the generator function is in the core of >>>>>>> WordPress, >>>>>>> on >>>>>>> earlier versions it was only in the theme. >>>>>>> >>>>>>> Just wanted to mention that. :) >>>>>>> >>>>>>> --- >>>>>>> http://insanesecurity.info >>>>>>> >>>>>>> >>>>>>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst <ryandewhu...@gmail.com> >>>>>>> wrote: >>>>>>>> >>>>>>>> Yes, I dont see why not. Should be easy enough tro implement. >>>>>>>> >>>>>>>> You mentioned during our email conversation that wordpress echos its >>>>>>>> version number in the page head. I managed to find an example of it. >>>>>>>> Your right I do have a security plugin installed which must have >>>>>>>> removed it from my blog. >>>>>>>> >>>>>>>> Here is an example: >>>>>>>> <meta name="generator" content="WordPress 2.7.1" /> >>>>>>>> >>>>>>>> >>>>>>>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>> > Ryan, >>>>>>>> > >>>>>>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho >>>>>>>> > <andres.rian...@gmail.com> wrote: >>>>>>>> >> Ryan, >>>>>>>> >> >>>>>>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst >>>>>>>> >> <ryandewhu...@gmail.com> >>>>>>>> >> wrote: >>>>>>>> >>> Hello, >>>>>>>> >>> Im new to mailing lists so im not sure if this will be sent there. >>>>>>>> >> >>>>>>>> >> It depends on the mailing list. This one is configured to accept >>>>>>>> >> attachments, >>>>>>>> >> >>>>>>>> >>> I'll have a look into intergrating the script into w3af over the >>>>>>>> >>> next >>>>>>>> >>> couple of days and hopefully have a working version by the weekend. >>>>>>>> >> >>>>>>>> >> Excellent, if you need ANY help, just let us know. >>>>>>>> >> >>>>>>>> >>> The script is quite simple once you have the gathered the nesesary >>>>>>>> >>> data. I went through versions 2.2 to 2.7.1 and manually found >>>>>>>> >>> client >>>>>>>> >>> side differences in most of them, I also used the official >>>>>>>> >>> changelogs >>>>>>>> >>> to help identify them. >>>>>>>> >> >>>>>>>> >> Ohhh, you are the guy that wrote that blog post with the "diffs" of >>>>>>>> >> different wordpress release packages? >>>>>>>> >> >>>>>>>> >>> The client side differences are in files such as CSS, javascript >>>>>>>> >>> and >>>>>>>> >>> HTML. Some versions did not have any differences apart from having >>>>>>>> >>> extra files, which can easliy be identified with HTTP response >>>>>>>> >>> codes. >>>>>>>> >>> >>>>>>>> >>> It works as such... >>>>>>>> >>> >>>>>>>> >>> Starting from version 2.7.1 (latest), the script tries to find >>>>>>>> >>> something that 2.7 doesnt have, if it finds that something then the >>>>>>>> >>> script stops and echos the version number. >>>>>>>> >>> >>>>>>>> >>> If the script doesnt find the difference it moves onto identifying >>>>>>>> >>> the >>>>>>>> >>> next version, i.e. does 2.7 have something the earlier version >>>>>>>> >>> doesnt >>>>>>>> >>> have. and so on and so forth. >>>>>>>> >> >>>>>>>> >> Ok, makes sense. >>>>>>>> >> >>>>>>>> >> Some comments regarding your code: >>>>>>>> >> >>>>>>>> >> - w3af uses PEP-8, with among other things says 4-spaces for >>>>>>>> >> indentations. Your code has 1-space (?) indentations. Please correct >>>>>>>> >> that. >>>>>>>> >> >>>>>>>> >> - The code is pretty simple, but i think it could be done in a >>>>>>>> >> better >>>>>>>> >> way. Having that many functions (wp22 to wp271) doesn't seem to be a >>>>>>>> >> good option. Do you think that the code could be changed a little >>>>>>>> >> bit, >>>>>>>> >> and create a database (which can be easily updated) and then use >>>>>>>> >> that >>>>>>>> >> database to store the information? Example of the databse >>>>>>>> >> >>>>>>>> >> self._wp_fingerprint = >>>>>>>> >> >>>>>>>> >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css', >>>>>>>> >> 'farbtastic')] >>>>>>>> >> >>>>>>>> >> - Also, by default wordpress publishes the version number in every >>>>>>>> >> page head. Maybe it would be a good idea to parse that, and compare >>>>>>>> >> it >>>>>>>> >> with the result of the fingerprinting. What do you think? >>>>>>>> > >>>>>>>> > A good idea would be to have a first step, before all the version >>>>>>>> > specific checks, that verifies something that's true for all >>>>>>>> > wordpress >>>>>>>> > installations (some X file has to be present) before even starting >>>>>>>> > the >>>>>>>> > fingerprinting. Could this be done? >>>>>>>> > >>>>>>>> >> Cheers, >>>>>>>> >> >>>>>>>> >>> Ryan >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>> >>>> Ryan, >>>>>>>> >>>> >>>>>>>> >>>> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst >>>>>>>> >>>> <ryandewhu...@gmail.com> wrote: >>>>>>>> >>>>> Hello, >>>>>>>> >>>>> I have developed a python script that can detect the version of a >>>>>>>> >>>>> wordpress installation. I think it would fit well within w3af, >>>>>>>> >>>> >>>>>>>> >>>> Yes, it seems that it's something good to have in the framework. >>>>>>>> >>>> >>>>>>>> >>>> I have like a ton of questions about how it works, could you >>>>>>>> >>>> please >>>>>>>> >>>> send the script (as it is) to this mailing list for us to read it? >>>>>>>> >>>> >>>>>>>> >>>>> the >>>>>>>> >>>>> only problem being is that I have been unable to find a plugin >>>>>>>> >>>>> development manual to be able to implement my script. >>>>>>>> >>>> >>>>>>>> >>>> There is no development manual :( >>>>>>>> >>>> >>>>>>>> >>>> For the type of feature that you want to add, the correct thing >>>>>>>> >>>> is to >>>>>>>> >>>> use a discovery plugin. discovery plugins are simple, they follow >>>>>>>> >>>> these rules: >>>>>>>> >>>> >>>>>>>> >>>> - the entry point is the discover method >>>>>>>> >>>> >>>>>>>> >>>> - the discover method takes a fuzzable request object as a >>>>>>>> >>>> parameter, >>>>>>>> >>>> and returns a list of fuzzable requests >>>>>>>> >>>> (fuzzable requests are representations of GET/POST requests, which >>>>>>>> >>>> represent links, and forms) >>>>>>>> >>>> >>>>>>>> >>>> - the discover method is called several times in the same scan, >>>>>>>> >>>> with >>>>>>>> >>>> the different links that (for example) the webSpider finds. >>>>>>>> >>>> >>>>>>>> >>>> I think that the best thing you can do is to read one or two >>>>>>>> >>>> discovery >>>>>>>> >>>> plugins (my recommendations are discovery.crossDomain and >>>>>>>> >>>> discovery.userDir), and start building your own plugin based on >>>>>>>> >>>> one >>>>>>>> >>>> of >>>>>>>> >>>> those. >>>>>>>> >>>> >>>>>>>> >>>>> Is there a dev manual out there? >>>>>>>> >>>> >>>>>>>> >>>> No >>>>>>>> >>>> >>>>>>>> >>>>> Does any one have some tips/advice on writting a plugin? >>>>>>>> >>>> >>>>>>>> >>>> Yes, see above, >>>>>>>> >>>> >>>>>>>> >>>>> Does any one want me to send them the script for them to develop >>>>>>>> >>>>> the >>>>>>>> >>>>> plugin? >>>>>>>> >>>> >>>>>>>> >>>> You should develop the plugin yourself, is fun and good for the >>>>>>>> >>>> project =) >>>>>>>> >>>> >>>>>>>> >>>> Cheers, >>>>>>>> >>>> >>>>>>>> >>>>> Thank you, >>>>>>>> >>>>> Ryan >>>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> >>>>> ------------------------------------------------------------------------------ >>>>>>>> >>>>> Register Now for Creativity and Technology (CaT), June 3rd, NYC. >>>>>>>> >>>>> CaT >>>>>>>> >>>>> is a gathering of tech-side developers & brand creativity >>>>>>>> >>>>> professionals. Meet >>>>>>>> >>>>> the minds behind Google Creative Lab, Visual Complexity, >>>>>>>> >>>>> Processing, >>>>>>>> >>>>> & >>>>>>>> >>>>> iPhoneDevCamp as they present alongside digital heavyweights like >>>>>>>> >>>>> Barbarian >>>>>>>> >>>>> Group, R/GA, & Big Spaceship. >>>>>>>> >>>>> http://p.sf.net/sfu/creativitycat-com >>>>>>>> >>>>> _______________________________________________ >>>>>>>> >>>>> W3af-develop mailing list >>>>>>>> >>>>> W3af-develop@lists.sourceforge.net >>>>>>>> >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>>> >>>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> -- >>>>>>>> >>>> Andrés Riancho >>>>>>>> >>>> Founder, Bonsai - Information Security >>>>>>>> >>>> http://www.bonsai-sec.com/ >>>>>>>> >>>> http://w3af.sf.net/ >>>>>>>> >>>> >>>>>>>> >>> >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> -- >>>>>>>> >> Andrés Riancho >>>>>>>> >> Founder, Bonsai - Information Security >>>>>>>> >> http://www.bonsai-sec.com/ >>>>>>>> >> http://w3af.sf.net/ >>>>>>>> >> >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > -- >>>>>>>> > Andrés Riancho >>>>>>>> > Founder, Bonsai - Information Security >>>>>>>> > http://www.bonsai-sec.com/ >>>>>>>> > http://w3af.sf.net/ >>>>>>>> > >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT >>>>>>>> is a gathering of tech-side developers & brand creativity >>>>>>>> professionals. >>>>>>>> Meet >>>>>>>> the minds behind Google Creative Lab, Visual Complexity, Processing, & >>>>>>>> iPhoneDevCamp as they present alongside digital heavyweights like >>>>>>>> Barbarian >>>>>>>> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com >>>>>>>> _______________________________________________ >>>>>>>> W3af-develop mailing list >>>>>>>> W3af-develop@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Andrés Riancho >>>>> Founder, Bonsai - Information Security >>>>> http://www.bonsai-sec.com/ >>>>> http://w3af.sf.net/ >>>>> >>>> >>> >> >> >> >> -- >> Andrés Riancho >> Founder, Bonsai - Information Security >> http://www.bonsai-sec.com/ >> http://w3af.sf.net/ >> > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop