>Also delete the .pyc file, and no reinstall is needed.
There was none.
> Yes, many.
> You are missing some required methods, like setOptions, getOptions,
> getLongDescription, etc. Please see other plugins for a complete list,
They are already in the code:
# W3af options and output
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
ol = optionList()
return ol
def setOptions( self, OptionList ):
'''
This method sets all the options that are configured using the
user interface
generated by the framework using the result of getOptions().
@parameter OptionList: A dictionary with the options for the plugin.
@return: No value is returned.
'''
pass
def getPluginDeps( self ):
'''
@return: A list with the names of the plugins that should be
runned before the
current one.
'''
return []
def getLongDesc( self ):
'''
@return: A DETAILED description of the plugin functions and features.
'''
return '''
This plugin searches for client side differences between
different versions of WordPress.
'''
2009/6/6 Andres Riancho <andres.rian...@gmail.com>:
> Ryan,
>
> On Sat, Jun 6, 2009 at 1:57 PM, Ryan Dewhurst <ryandewhu...@gmail.com> wrote:
>> I moved the wpvchecker.py file into the /plugin/discovery folder. When
>> I try to launch w3af I get an error (screenshot attached), the prompt
>> only lasts a few seconds so could not copy/paste the full error
>> output.
>>
>> When I remove the wpvchecker.py file out of the dir the error persists
>> and I have to un/re install w3af to get it working again.
>
> Also delete the .pyc file, and no reinstall is needed.
>
>> Any ideas?
>
> Yes, many.
> You are missing some required methods, like setOptions, getOptions,
> getLongDescription, etc. Please see other plugins for a complete list,
>
>> Thanks again,
>> Ryan
>>
>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>:
>>> Ryan,
>>>
>>> On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst <ryandewhu...@gmail.com>
>>> wrote:
>>>> Hello,
>>>> Sorry its been so long with the wrodpress version checker plugin, had
>>>> some life problems.
>>>
>>> No problem man, I hope things are going better now.
>>>
>>>> Anyway...
>>>>
>>>> I have come to a logic problem which I cannot seem to solve and was
>>>> wondering if any one could give me some pointers...
>>>>
>>>> Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected by a
>>>> file/image being present i.e status 200
>>>>
>>>> I cannot figure out how to check for this while using the
>>>> self._wp_fingerprint array.
>>>
>>> The for loop that works with the array looks like this:
>>>
>>> for data in self._wp_fingerprint:
>>>
>>> # Complete URL to test, url+file
>>> test_URL = urlParser.urlJoin( base_url,
>>> self._wp_fingerprint[0] )
>>>
>>> if self._wp_fingerprint[1] in response:
>>> version = self._wp_fingerprint[2]
>>> break
>>> else:
>>> version = 'Version lower than 2.2'
>>>
>>> But there are some parts missing, like actually requesting to the
>>> server the test_URL. On the other part, the "200" logic could be
>>> easily done like this:
>>>
>>> if self._wp_fingerprint[1] == 200 and not
>>> is_404(response):
>>> # it was found!
>>> elif self._wp_fingerprint[1] in response:
>>> version = self._wp_fingerprint[2]
>>> break
>>> else:
>>> version = 'Version lower than 2.2'
>>>
>>> To make this work, you should change the '' in the fingerprint array
>>> by a 200, and it should all work.
>>>
>>>> Here is the code so far, I have not yet tested it out, but should give
>>>> you a basic idea of how it will run.
>>>
>>> Yes, and it makes much more sense to me this way. The older version
>>> was "ugly" :)
>>>
>>>> I was also thinking of
>>>> implementing a plugin version checker as there are many plugins with
>>>> vulns.
>>>
>>> Sure, but lets go step by step, lets finish this plugin, test it a
>>> little bit, and then we can go for the next one.
>>>
>>>> Thank you,
>>>> Ryan
>>>>
>>>> P.S. To test it through w3af, do I just pop the py file into the
>>>> plugin folder or is there any other code to be changed?
>>>
>>> Yes, you have to move this file to the discovery directory and that's it.
>>>
>>>> 2009/5/31 Ryan Dewhurst <ryandewhu...@gmail.com>:
>>>>> Just to let everyone know where I am with the plugin.
>>>>>
>>>>> I'm a complete n00b at re and couldnt get backbone's code to work, so
>>>>> I read a couple of manuals and finally got it working with:
>>>>> <meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)" />
>>>>>
>>>>> An explanation of what the plugin will do:
>>>>> -----------------------------------------------------------
>>>>>
>>>>> It will first check to see if the server has the following file
>>>>> "/wp-admin/index.php".
>>>>>
>>>>> If it does
>>>>>
>>>>> It will check to see whether or not the version is in the index header.
>>>>>
>>>>> If it finds the version it will store it in a variable.
>>>>>
>>>>> It will then run through the checks from my original code to try and
>>>>> guess the version.
>>>>>
>>>>>
>>>>> The output will be as follows:
>>>>> ------------------------------------------
>>>>>
>>>>> If the version is not in the index and not found with the data =
>>>>> "version under 2.2"
>>>>> If the version is in the index and in the data are the same =
>>>>> "whatever version was found"
>>>>> If the version is in the index and in the data are different =
>>>>> ""Version shows as $version in index header however the data shows
>>>>> $version"
>>>>>
>>>>> I still need to implement the data checks however my girlfriend has
>>>>> fallen ill and has been admitted to hospital for an emergency
>>>>> operation. I don't think I will be able to finish the plugin this
>>>>> weekend as promised earlier however will still be working on it next
>>>>> week.
>>>>>
>>>>> I was also thinking on listing the vulnerabilitys for each version (if
>>>>> any) on the output.
>>>>>
>>>>> Ryan
>>>>>
>>>>>
>>>>> 2009/5/29 Andres Riancho <andres.rian...@gmail.com>:
>>>>>> Ryan,
>>>>>>
>>>>>> On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst <ryandewhu...@gmail.com>
>>>>>> wrote:
>>>>>>> Im loooking into searching the response html of the index page for the
>>>>>>> following string:
>>>>>>> <meta name="generator" content="WordPress $version" />
>>>>>>>
>>>>>>> Ive tried with regular expressions and am unable to get it to work,
>>>>>>
>>>>>> backbone sent you a solution,
>>>>>>
>>>>>>> Ive read that re is bad for parsing HTML and that BeautifulSoup
>>>>>>> should be used.
>>>>>>>
>>>>>>> Does w3af already have BeautifulSoup in its dependency list?
>>>>>>
>>>>>> Yes, it's in the dependency list, but we aren't using it "for that".
>>>>>> Long story short, please use the re =)
>>>>>>
>>>>>>> Ryan
>>>>>>>
>>>>>>> P.S. Thanks for the advice backbone46, I'll have a look into that once
>>>>>>> Ive sorted this out.
>>>>>>>
>>>>>>>
>>>>>>> 2009/5/28 <backbon...@gmail.com>:
>>>>>>>> Sorry to bump in just like that in the discussion, about the meta tag
>>>>>>>> that
>>>>>>>> displays
>>>>>>>> the WordPress version.
>>>>>>>>
>>>>>>>> Only since version 2.7 the generator function is in the core of
>>>>>>>> WordPress,
>>>>>>>> on
>>>>>>>> earlier versions it was only in the theme.
>>>>>>>>
>>>>>>>> Just wanted to mention that. :)
>>>>>>>>
>>>>>>>> ---
>>>>>>>> http://insanesecurity.info
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst
>>>>>>>> <ryandewhu...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Yes, I dont see why not. Should be easy enough tro implement.
>>>>>>>>>
>>>>>>>>> You mentioned during our email conversation that wordpress echos its
>>>>>>>>> version number in the page head. I managed to find an example of it.
>>>>>>>>> Your right I do have a security plugin installed which must have
>>>>>>>>> removed it from my blog.
>>>>>>>>>
>>>>>>>>> Here is an example:
>>>>>>>>> <meta name="generator" content="WordPress 2.7.1" />
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>:
>>>>>>>>> > Ryan,
>>>>>>>>> >
>>>>>>>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho
>>>>>>>>> > <andres.rian...@gmail.com> wrote:
>>>>>>>>> >> Ryan,
>>>>>>>>> >>
>>>>>>>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst
>>>>>>>>> >> <ryandewhu...@gmail.com>
>>>>>>>>> >> wrote:
>>>>>>>>> >>> Hello,
>>>>>>>>> >>> Im new to mailing lists so im not sure if this will be sent there.
>>>>>>>>> >>
>>>>>>>>> >> It depends on the mailing list. This one is configured to accept
>>>>>>>>> >> attachments,
>>>>>>>>> >>
>>>>>>>>> >>> I'll have a look into intergrating the script into w3af over the
>>>>>>>>> >>> next
>>>>>>>>> >>> couple of days and hopefully have a working version by the
>>>>>>>>> >>> weekend.
>>>>>>>>> >>
>>>>>>>>> >> Excellent, if you need ANY help, just let us know.
>>>>>>>>> >>
>>>>>>>>> >>> The script is quite simple once you have the gathered the nesesary
>>>>>>>>> >>> data. I went through versions 2.2 to 2.7.1 and manually found
>>>>>>>>> >>> client
>>>>>>>>> >>> side differences in most of them, I also used the official
>>>>>>>>> >>> changelogs
>>>>>>>>> >>> to help identify them.
>>>>>>>>> >>
>>>>>>>>> >> Ohhh, you are the guy that wrote that blog post with the "diffs" of
>>>>>>>>> >> different wordpress release packages?
>>>>>>>>> >>
>>>>>>>>> >>> The client side differences are in files such as CSS, javascript
>>>>>>>>> >>> and
>>>>>>>>> >>> HTML. Some versions did not have any differences apart from having
>>>>>>>>> >>> extra files, which can easliy be identified with HTTP response
>>>>>>>>> >>> codes.
>>>>>>>>> >>>
>>>>>>>>> >>> It works as such...
>>>>>>>>> >>>
>>>>>>>>> >>> Starting from version 2.7.1 (latest), the script tries to find
>>>>>>>>> >>> something that 2.7 doesnt have, if it finds that something then
>>>>>>>>> >>> the
>>>>>>>>> >>> script stops and echos the version number.
>>>>>>>>> >>>
>>>>>>>>> >>> If the script doesnt find the difference it moves onto
>>>>>>>>> >>> identifying the
>>>>>>>>> >>> next version, i.e. does 2.7 have something the earlier version
>>>>>>>>> >>> doesnt
>>>>>>>>> >>> have. and so on and so forth.
>>>>>>>>> >>
>>>>>>>>> >> Ok, makes sense.
>>>>>>>>> >>
>>>>>>>>> >> Some comments regarding your code:
>>>>>>>>> >>
>>>>>>>>> >> - w3af uses PEP-8, with among other things says 4-spaces for
>>>>>>>>> >> indentations. Your code has 1-space (?) indentations. Please
>>>>>>>>> >> correct
>>>>>>>>> >> that.
>>>>>>>>> >>
>>>>>>>>> >> - The code is pretty simple, but i think it could be done in a
>>>>>>>>> >> better
>>>>>>>>> >> way. Having that many functions (wp22 to wp271) doesn't seem to be
>>>>>>>>> >> a
>>>>>>>>> >> good option. Do you think that the code could be changed a little
>>>>>>>>> >> bit,
>>>>>>>>> >> and create a database (which can be easily updated) and then use
>>>>>>>>> >> that
>>>>>>>>> >> database to store the information? Example of the databse
>>>>>>>>> >>
>>>>>>>>> >> self._wp_fingerprint =
>>>>>>>>> >>
>>>>>>>>> >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css',
>>>>>>>>> >> 'farbtastic')]
>>>>>>>>> >>
>>>>>>>>> >> - Also, by default wordpress publishes the version number in every
>>>>>>>>> >> page head. Maybe it would be a good idea to parse that, and
>>>>>>>>> >> compare it
>>>>>>>>> >> with the result of the fingerprinting. What do you think?
>>>>>>>>> >
>>>>>>>>> > A good idea would be to have a first step, before all the version
>>>>>>>>> > specific checks, that verifies something that's true for all
>>>>>>>>> > wordpress
>>>>>>>>> > installations (some X file has to be present) before even starting
>>>>>>>>> > the
>>>>>>>>> > fingerprinting. Could this be done?
>>>>>>>>> >
>>>>>>>>> >> Cheers,
>>>>>>>>> >>
>>>>>>>>> >>> Ryan
>>>>>>>>> >>>
>>>>>>>>> >>>
>>>>>>>>> >>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>:
>>>>>>>>> >>>> Ryan,
>>>>>>>>> >>>>
>>>>>>>>> >>>> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst
>>>>>>>>> >>>> <ryandewhu...@gmail.com> wrote:
>>>>>>>>> >>>>> Hello,
>>>>>>>>> >>>>> I have developed a python script that can detect the version of
>>>>>>>>> >>>>> a
>>>>>>>>> >>>>> wordpress installation. I think it would fit well within w3af,
>>>>>>>>> >>>>
>>>>>>>>> >>>> Yes, it seems that it's something good to have in the framework.
>>>>>>>>> >>>>
>>>>>>>>> >>>> I have like a ton of questions about how it works, could you
>>>>>>>>> >>>> please
>>>>>>>>> >>>> send the script (as it is) to this mailing list for us to read
>>>>>>>>> >>>> it?
>>>>>>>>> >>>>
>>>>>>>>> >>>>> the
>>>>>>>>> >>>>> only problem being is that I have been unable to find a plugin
>>>>>>>>> >>>>> development manual to be able to implement my script.
>>>>>>>>> >>>>
>>>>>>>>> >>>> There is no development manual :(
>>>>>>>>> >>>>
>>>>>>>>> >>>> For the type of feature that you want to add, the correct thing
>>>>>>>>> >>>> is to
>>>>>>>>> >>>> use a discovery plugin. discovery plugins are simple, they follow
>>>>>>>>> >>>> these rules:
>>>>>>>>> >>>>
>>>>>>>>> >>>> - the entry point is the discover method
>>>>>>>>> >>>>
>>>>>>>>> >>>> - the discover method takes a fuzzable request object as a
>>>>>>>>> >>>> parameter,
>>>>>>>>> >>>> and returns a list of fuzzable requests
>>>>>>>>> >>>> (fuzzable requests are representations of GET/POST requests,
>>>>>>>>> >>>> which
>>>>>>>>> >>>> represent links, and forms)
>>>>>>>>> >>>>
>>>>>>>>> >>>> - the discover method is called several times in the same scan,
>>>>>>>>> >>>> with
>>>>>>>>> >>>> the different links that (for example) the webSpider finds.
>>>>>>>>> >>>>
>>>>>>>>> >>>> I think that the best thing you can do is to read one or two
>>>>>>>>> >>>> discovery
>>>>>>>>> >>>> plugins (my recommendations are discovery.crossDomain and
>>>>>>>>> >>>> discovery.userDir), and start building your own plugin based on
>>>>>>>>> >>>> one
>>>>>>>>> >>>> of
>>>>>>>>> >>>> those.
>>>>>>>>> >>>>
>>>>>>>>> >>>>> Is there a dev manual out there?
>>>>>>>>> >>>>
>>>>>>>>> >>>> No
>>>>>>>>> >>>>
>>>>>>>>> >>>>> Does any one have some tips/advice on writting a plugin?
>>>>>>>>> >>>>
>>>>>>>>> >>>> Yes, see above,
>>>>>>>>> >>>>
>>>>>>>>> >>>>> Does any one want me to send them the script for them to
>>>>>>>>> >>>>> develop the
>>>>>>>>> >>>>> plugin?
>>>>>>>>> >>>>
>>>>>>>>> >>>> You should develop the plugin yourself, is fun and good for the
>>>>>>>>> >>>> project =)
>>>>>>>>> >>>>
>>>>>>>>> >>>> Cheers,
>>>>>>>>> >>>>
>>>>>>>>> >>>>> Thank you,
>>>>>>>>> >>>>> Ryan
>>>>>>>>> >>>>>
>>>>>>>>> >>>>>
>>>>>>>>> >>>>> ------------------------------------------------------------------------------
>>>>>>>>> >>>>> Register Now for Creativity and Technology (CaT), June 3rd,
>>>>>>>>> >>>>> NYC. CaT
>>>>>>>>> >>>>> is a gathering of tech-side developers & brand creativity
>>>>>>>>> >>>>> professionals. Meet
>>>>>>>>> >>>>> the minds behind Google Creative Lab, Visual Complexity,
>>>>>>>>> >>>>> Processing,
>>>>>>>>> >>>>> &
>>>>>>>>> >>>>> iPhoneDevCamp as they present alongside digital heavyweights
>>>>>>>>> >>>>> like
>>>>>>>>> >>>>> Barbarian
>>>>>>>>> >>>>> Group, R/GA, & Big Spaceship.
>>>>>>>>> >>>>> http://p.sf.net/sfu/creativitycat-com
>>>>>>>>> >>>>> _______________________________________________
>>>>>>>>> >>>>> W3af-develop mailing list
>>>>>>>>> >>>>> W3af-develop@lists.sourceforge.net
>>>>>>>>> >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>>>>>>> >>>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>>
>>>>>>>>> >>>> --
>>>>>>>>> >>>> Andrés Riancho
>>>>>>>>> >>>> Founder, Bonsai - Information Security
>>>>>>>>> >>>> http://www.bonsai-sec.com/
>>>>>>>>> >>>> http://w3af.sf.net/
>>>>>>>>> >>>>
>>>>>>>>> >>>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >>
>>>>>>>>> >> --
>>>>>>>>> >> Andrés Riancho
>>>>>>>>> >> Founder, Bonsai - Information Security
>>>>>>>>> >> http://www.bonsai-sec.com/
>>>>>>>>> >> http://w3af.sf.net/
>>>>>>>>> >>
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>> > --
>>>>>>>>> > Andrés Riancho
>>>>>>>>> > Founder, Bonsai - Information Security
>>>>>>>>> > http://www.bonsai-sec.com/
>>>>>>>>> > http://w3af.sf.net/
>>>>>>>>> >
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
>>>>>>>>> is a gathering of tech-side developers & brand creativity
>>>>>>>>> professionals.
>>>>>>>>> Meet
>>>>>>>>> the minds behind Google Creative Lab, Visual Complexity, Processing, &
>>>>>>>>> iPhoneDevCamp as they present alongside digital heavyweights like
>>>>>>>>> Barbarian
>>>>>>>>> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
>>>>>>>>> _______________________________________________
>>>>>>>>> W3af-develop mailing list
>>>>>>>>> W3af-develop@lists.sourceforge.net
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Andrés Riancho
>>>>>> Founder, Bonsai - Information Security
>>>>>> http://www.bonsai-sec.com/
>>>>>> http://w3af.sf.net/
>>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Andrés Riancho
>>> Founder, Bonsai - Information Security
>>> http://www.bonsai-sec.com/
>>> http://w3af.sf.net/
>>>
>>
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
