2009/6/8 Andres Riancho <andres.rian...@gmail.com>: > Ryan, > > On Mon, Jun 8, 2009 at 10:18 AM, Ryan Dewhurst<ryandewhu...@gmail.com> wrote: >> 2009/6/7 Andres Riancho <andres.rian...@gmail.com>: >>> Ryan, >>> >>> On Sun, Jun 7, 2009 at 12:31 PM, Ryan Dewhurst<ryandewhu...@gmail.com> >>> wrote: >>>> Here is the final version. (I hope) >>> >>> I just tried your plugin with http://www.bonsai-sec.com/blog/ as a >>> target, and it's failing to find anything. I think that the problem is >>> in: >>> >>> base_url = urlParser.baseUrl( fuzzableRequest.getURL() ) >>> wp_unique_url = urlParser.urlJoin( base_url , '/wp-login.php' ) >>> >>> Which will always return http://host.tld/wp-login.php , no matter what >>> the fuzzableRequest.getURL() was: in my case it was >>> http://www.bonsai-sec.com/blog/ . >>> >> >> Fixed this with: >> >> wp_unique_url = fuzzableRequest.getURL() + '/wp-login.php' >> response = self._urlOpener.GET( wp_unique_url, useCache=True ) > > If the URL is http://www.bonsai-sec.com/blog/ and you perform that, > you end up with http://www.bonsai-sec.com/blog//wp-login.php , which > is not what you want. I think that the solution was this one: > > base_url = urlParser.getDomainPath( fuzzableRequest.getURL() ) > wp_unique_url = urlParser.urlJoin( base_url , 'wp-login.php' ) > > But I'm not sure, you should test it.
I tried this yesterday and had no luck however I will give it another go as I did not spend too much time on it. > >>> And also on the way that self._exec is ALWAYS set to false. I think >>> that self._exec should be set to false only after actually finding a >>> wordpress installation and fingerprinting it. >>> >> >> Implemented this. > > Cool, > >>> Please test the plugin a little more with different wordpress >>> installs, and then let us know how it worked out =) >>> >> >> Tested on about 5 different installations so far, all working. > > Cool, > >>> PS: Please use inline for answering emails, top posting sucks. >>> >> >> Sorry, always forget about this, lol. >> >> Any other changes/feedback let me know. Attached is the latest version. :) > > I think we're almost ready to put it in the trunk, what do you think? > Yup! :-) As soon as I have fixed the URL issue I dont see why not. One thing I would like you to look at is the output, is it accurately worded to the w3af style? Does it have too little or too much output? >>>> 2009/6/7 Ryan Dewhurst <ryandewhu...@gmail.com>: >>>>> Found a bug that I am working on now. >>>>> >>>>> 2009/6/7 Ryan Dewhurst <ryandewhu...@gmail.com>: >>>>>> w00t w00t! >>>>>> >>>>>> All tested and working! >>>>>> >>>>>> Thanks to everyone for their help especially Andres for putting up >>>>>> with my noobness. I will look into implementing the vulns for each >>>>>> version and then eventually a wp plugin version finder. >>>>>> >>>>>> Feedback and suggestions welcome! :-) >>>>>> >>>>>> 2009/6/7 Andres Riancho <andres.rian...@gmail.com>: >>>>>>> Ryan, >>>>>>> >>>>>>> On Sat, Jun 6, 2009 at 10:20 PM, Ryan Dewhurst<ryandewhu...@gmail.com> >>>>>>> wrote: >>>>>>>> I decided to move over to my Linux box for the development of the >>>>>>>> plugin. One of the reasons I could not get the plugin to run through >>>>>>>> w3af was that the plugin file name was not the same as the class name. >>>>>>> >>>>>>> Ok, makes sense, >>>>>>> >>>>>>>> It now runs through w3af with out any errors. The only thing is that >>>>>>>> the info output is not showing in kb. >>>>>>> >>>>>>> Are you saving it to the kb? >>>>>>> >>>>>>>> Im using this which I found in another plugin: >>>>>>>> >>>>>>>> # Save it to the kb! >>>>>>>> i = info.info() >>>>>>>> i.setName('WordPress version') >>>>>>>> i.setURL( wp_index_url ) >>>>>>>> i.setId( http_response.id ) >>>>>>>> i.setDesc( 'WordPress version "'+ self._version +'" found in the >>>>>>>> index header.' ) >>>>>>>> kb.kb.append( self, 'WordPress version', i ) >>>>>>>> om.out.information( i.getDesc() ) >>>>>>> >>>>>>> That seems to be enough to save the version to the kb, >>>>>>> >>>>>>>> Attached is the latest version. >>>>>>> >>>>>>> I applied some minor changes: >>>>>>> >>>>>>> - Changed the name of the plugin to wordpress_plugin, because >>>>>>> wpvChecker is cryptic to users. >>>>>>> - The code has some serious errors, that are possibly the reason you >>>>>>> don't see anything: >>>>>>> >>>>>>> ...@brick:~/w3af/w3af/trunk$ pylint >>>>>>> --rcfile=../extras/misc/pylint.rc /tmp/wordpress_version.py -e >>>>>>> ************* Module wordpress_version >>>>>>> E: 98:wordpress_version.discover: Undefined variable 're' >>>>>>> E:109:wordpress_version.discover: Undefined variable 'http_response' >>>>>>> E:150:wordpress_version.discover: Undefined variable 'http_response' >>>>>>> >>>>>>> Have you tested the plugin? Do you get a big traceback when running it? >>>>>>> >>>>>>> - This line in the fingerprint DB: >>>>>>> >>>>>>> ('/wp-admin/async-upload.php','200','2.5'), >>>>>>> >>>>>>> Doesn't match this line: >>>>>>> >>>>>>> if self._wp_fingerprint[1] == 200 and not >>>>>>> is_404(response): >>>>>>> >>>>>>> '200' and 200 aren't equal in python: >>>>>>> >>>>>>> >>> '200' == 200 >>>>>>> False >>>>>>> >>>>>>> You should change your database to 200, instead of '200' where >>>>>>> necessary. >>>>>>> >>>>>>> - One more detail, is that it would be nice to compare the version in >>>>>>> the HTML header, with the fingerprinted version, and report if they >>>>>>> differ. >>>>>>> >>>>>>> You're on the right path, I think that with these recommendations >>>>>>> you'll be able to complete the development of your first w3af plugin >>>>>>> =) >>>>>>> >>>>>>> PS: You should answer inline. >>>>>>> >>>>>>>> Ryan >>>>>>>> >>>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>> Ryan, >>>>>>>>> >>>>>>>>> On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurst<ryandewhu...@gmail.com> >>>>>>>>> wrote: >>>>>>>>>>>Also delete the .pyc file, and no reinstall is needed. >>>>>>>>>> >>>>>>>>>> There was none. >>>>>>>>>> >>>>>>>>>>> Yes, many. >>>>>>>>>>> You are missing some required methods, like setOptions, getOptions, >>>>>>>>>>> getLongDescription, etc. Please see other plugins for a complete >>>>>>>>>>> list, >>>>>>>>>> >>>>>>>>>> They are already in the code: >>>>>>>>>> >>>>>>>>>> # W3af options and output >>>>>>>>>> def getOptions( self ): >>>>>>>>>> ''' >>>>>>>>>> �...@return: A list of option objects for this plugin. >>>>>>>>>> ''' >>>>>>>>>> ol = optionList() >>>>>>>>>> return ol >>>>>>>>>> >>>>>>>>>> def setOptions( self, OptionList ): >>>>>>>>>> ''' >>>>>>>>>> This method sets all the options that are configured using the >>>>>>>>>> user interface >>>>>>>>>> generated by the framework using the result of getOptions(). >>>>>>>>>> >>>>>>>>>> �...@parameter OptionList: A dictionary with the options for >>>>>>>>>> the plugin. >>>>>>>>>> �...@return: No value is returned. >>>>>>>>>> ''' >>>>>>>>>> pass >>>>>>>>>> >>>>>>>>>> def getPluginDeps( self ): >>>>>>>>>> ''' >>>>>>>>>> �...@return: A list with the names of the plugins that should >>>>>>>>>> be >>>>>>>>>> runned before the >>>>>>>>>> current one. >>>>>>>>>> ''' >>>>>>>>>> return [] >>>>>>>>>> >>>>>>>>>> def getLongDesc( self ): >>>>>>>>>> ''' >>>>>>>>>> �...@return: A DETAILED description of the plugin functions >>>>>>>>>> and features. >>>>>>>>>> ''' >>>>>>>>>> return ''' >>>>>>>>>> This plugin searches for client side differences between >>>>>>>>>> different versions of WordPress. >>>>>>>>>> ''' >>>>>>>>> >>>>>>>>> Then try to run w3af from a console: >>>>>>>>> >>>>>>>>> in cmd.exe run python w3af_console.py >>>>>>>>> >>>>>>>>>> >>>>>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>> Ryan, >>>>>>>>>>> >>>>>>>>>>> On Sat, Jun 6, 2009 at 1:57 PM, Ryan Dewhurst >>>>>>>>>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>>> I moved the wpvchecker.py file into the /plugin/discovery folder. >>>>>>>>>>>> When >>>>>>>>>>>> I try to launch w3af I get an error (screenshot attached), the >>>>>>>>>>>> prompt >>>>>>>>>>>> only lasts a few seconds so could not copy/paste the full error >>>>>>>>>>>> output. >>>>>>>>>>>> >>>>>>>>>>>> When I remove the wpvchecker.py file out of the dir the error >>>>>>>>>>>> persists >>>>>>>>>>>> and I have to un/re install w3af to get it working again. >>>>>>>>>>> >>>>>>>>>>> Also delete the .pyc file, and no reinstall is needed. >>>>>>>>>>> >>>>>>>>>>>> Any ideas? >>>>>>>>>>> >>>>>>>>>>> Yes, many. >>>>>>>>>>> You are missing some required methods, like setOptions, getOptions, >>>>>>>>>>> getLongDescription, etc. Please see other plugins for a complete >>>>>>>>>>> list, >>>>>>>>>>> >>>>>>>>>>>> Thanks again, >>>>>>>>>>>> Ryan >>>>>>>>>>>> >>>>>>>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>>> Ryan, >>>>>>>>>>>>> >>>>>>>>>>>>> On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst >>>>>>>>>>>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>> Sorry its been so long with the wrodpress version checker >>>>>>>>>>>>>> plugin, had >>>>>>>>>>>>>> some life problems. >>>>>>>>>>>>> >>>>>>>>>>>>> No problem man, I hope things are going better now. >>>>>>>>>>>>> >>>>>>>>>>>>>> Anyway... >>>>>>>>>>>>>> >>>>>>>>>>>>>> I have come to a logic problem which I cannot seem to solve and >>>>>>>>>>>>>> was >>>>>>>>>>>>>> wondering if any one could give me some pointers... >>>>>>>>>>>>>> >>>>>>>>>>>>>> Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected >>>>>>>>>>>>>> by a >>>>>>>>>>>>>> file/image being present i.e status 200 >>>>>>>>>>>>>> >>>>>>>>>>>>>> I cannot figure out how to check for this while using the >>>>>>>>>>>>>> self._wp_fingerprint array. >>>>>>>>>>>>> >>>>>>>>>>>>> The for loop that works with the array looks like this: >>>>>>>>>>>>> >>>>>>>>>>>>> for data in self._wp_fingerprint: >>>>>>>>>>>>> >>>>>>>>>>>>> # Complete URL to test, url+file >>>>>>>>>>>>> test_URL = urlParser.urlJoin( base_url, >>>>>>>>>>>>> self._wp_fingerprint[0] ) >>>>>>>>>>>>> >>>>>>>>>>>>> if self._wp_fingerprint[1] in response: >>>>>>>>>>>>> version = self._wp_fingerprint[2] >>>>>>>>>>>>> break >>>>>>>>>>>>> else: >>>>>>>>>>>>> version = 'Version lower than 2.2' >>>>>>>>>>>>> >>>>>>>>>>>>> But there are some parts missing, like actually requesting to the >>>>>>>>>>>>> server the test_URL. On the other part, the "200" logic could be >>>>>>>>>>>>> easily done like this: >>>>>>>>>>>>> >>>>>>>>>>>>> if self._wp_fingerprint[1] == 200 and not >>>>>>>>>>>>> is_404(response): >>>>>>>>>>>>> # it was found! >>>>>>>>>>>>> elif self._wp_fingerprint[1] in response: >>>>>>>>>>>>> version = self._wp_fingerprint[2] >>>>>>>>>>>>> break >>>>>>>>>>>>> else: >>>>>>>>>>>>> version = 'Version lower than 2.2' >>>>>>>>>>>>> >>>>>>>>>>>>> To make this work, you should change the '' in the fingerprint >>>>>>>>>>>>> array >>>>>>>>>>>>> by a 200, and it should all work. >>>>>>>>>>>>> >>>>>>>>>>>>>> Here is the code so far, I have not yet tested it out, but >>>>>>>>>>>>>> should give >>>>>>>>>>>>>> you a basic idea of how it will run. >>>>>>>>>>>>> >>>>>>>>>>>>> Yes, and it makes much more sense to me this way. The older >>>>>>>>>>>>> version >>>>>>>>>>>>> was "ugly" :) >>>>>>>>>>>>> >>>>>>>>>>>>>> I was also thinking of >>>>>>>>>>>>>> implementing a plugin version checker as there are many plugins >>>>>>>>>>>>>> with >>>>>>>>>>>>>> vulns. >>>>>>>>>>>>> >>>>>>>>>>>>> Sure, but lets go step by step, lets finish this plugin, test it a >>>>>>>>>>>>> little bit, and then we can go for the next one. >>>>>>>>>>>>> >>>>>>>>>>>>>> Thank you, >>>>>>>>>>>>>> Ryan >>>>>>>>>>>>>> >>>>>>>>>>>>>> P.S. To test it through w3af, do I just pop the py file into the >>>>>>>>>>>>>> plugin folder or is there any other code to be changed? >>>>>>>>>>>>> >>>>>>>>>>>>> Yes, you have to move this file to the discovery directory and >>>>>>>>>>>>> that's it. >>>>>>>>>>>>> >>>>>>>>>>>>>> 2009/5/31 Ryan Dewhurst <ryandewhu...@gmail.com>: >>>>>>>>>>>>>>> Just to let everyone know where I am with the plugin. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I'm a complete n00b at re and couldnt get backbone's code to >>>>>>>>>>>>>>> work, so >>>>>>>>>>>>>>> I read a couple of manuals and finally got it working with: >>>>>>>>>>>>>>> <meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)" >>>>>>>>>>>>>>> /> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> An explanation of what the plugin will do: >>>>>>>>>>>>>>> ----------------------------------------------------------- >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> It will first check to see if the server has the following file >>>>>>>>>>>>>>> "/wp-admin/index.php". >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> If it does >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> It will check to see whether or not the version is in the index >>>>>>>>>>>>>>> header. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> If it finds the version it will store it in a variable. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> It will then run through the checks from my original code to >>>>>>>>>>>>>>> try and >>>>>>>>>>>>>>> guess the version. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The output will be as follows: >>>>>>>>>>>>>>> ------------------------------------------ >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> If the version is not in the index and not found with the data = >>>>>>>>>>>>>>> "version under 2.2" >>>>>>>>>>>>>>> If the version is in the index and in the data are the same = >>>>>>>>>>>>>>> "whatever version was found" >>>>>>>>>>>>>>> If the version is in the index and in the data are different = >>>>>>>>>>>>>>> ""Version shows as $version in index header however the data >>>>>>>>>>>>>>> shows >>>>>>>>>>>>>>> $version" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I still need to implement the data checks however my girlfriend >>>>>>>>>>>>>>> has >>>>>>>>>>>>>>> fallen ill and has been admitted to hospital for an emergency >>>>>>>>>>>>>>> operation. I don't think I will be able to finish the plugin >>>>>>>>>>>>>>> this >>>>>>>>>>>>>>> weekend as promised earlier however will still be working on it >>>>>>>>>>>>>>> next >>>>>>>>>>>>>>> week. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I was also thinking on listing the vulnerabilitys for each >>>>>>>>>>>>>>> version (if >>>>>>>>>>>>>>> any) on the output. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Ryan >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 2009/5/29 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>>>>>> Ryan, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst >>>>>>>>>>>>>>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>>>>>>>> Im loooking into searching the response html of the index >>>>>>>>>>>>>>>>> page for the >>>>>>>>>>>>>>>>> following string: >>>>>>>>>>>>>>>>> <meta name="generator" content="WordPress $version" /> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Ive tried with regular expressions and am unable to get it to >>>>>>>>>>>>>>>>> work, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> backbone sent you a solution, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Ive read that re is bad for parsing HTML and that >>>>>>>>>>>>>>>>> BeautifulSoup >>>>>>>>>>>>>>>>> should be used. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Does w3af already have BeautifulSoup in its dependency list? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Yes, it's in the dependency list, but we aren't using it "for >>>>>>>>>>>>>>>> that". >>>>>>>>>>>>>>>> Long story short, please use the re =) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Ryan >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> P.S. Thanks for the advice backbone46, I'll have a look into >>>>>>>>>>>>>>>>> that once >>>>>>>>>>>>>>>>> Ive sorted this out. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> 2009/5/28 <backbon...@gmail.com>: >>>>>>>>>>>>>>>>>> Sorry to bump in just like that in the discussion, about the >>>>>>>>>>>>>>>>>> meta tag that >>>>>>>>>>>>>>>>>> displays >>>>>>>>>>>>>>>>>> the WordPress version. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Only since version 2.7 the generator function is in the core >>>>>>>>>>>>>>>>>> of WordPress, >>>>>>>>>>>>>>>>>> on >>>>>>>>>>>>>>>>>> earlier versions it was only in the theme. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Just wanted to mention that. :) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> --- >>>>>>>>>>>>>>>>>> http://insanesecurity.info >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst >>>>>>>>>>>>>>>>>> <ryandewhu...@gmail.com> >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Yes, I dont see why not. Should be easy enough tro >>>>>>>>>>>>>>>>>>> implement. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> You mentioned during our email conversation that wordpress >>>>>>>>>>>>>>>>>>> echos its >>>>>>>>>>>>>>>>>>> version number in the page head. I managed to find an >>>>>>>>>>>>>>>>>>> example of it. >>>>>>>>>>>>>>>>>>> Your right I do have a security plugin installed which must >>>>>>>>>>>>>>>>>>> have >>>>>>>>>>>>>>>>>>> removed it from my blog. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Here is an example: >>>>>>>>>>>>>>>>>>> <meta name="generator" content="WordPress 2.7.1" /> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>>>>>>>>> > Ryan, >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho >>>>>>>>>>>>>>>>>>> > <andres.rian...@gmail.com> wrote: >>>>>>>>>>>>>>>>>>> >> Ryan, >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst >>>>>>>>>>>>>>>>>>> >> <ryandewhu...@gmail.com> >>>>>>>>>>>>>>>>>>> >> wrote: >>>>>>>>>>>>>>>>>>> >>> Hello, >>>>>>>>>>>>>>>>>>> >>> Im new to mailing lists so im not sure if this will be >>>>>>>>>>>>>>>>>>> >>> sent there. >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> It depends on the mailing list. This one is configured >>>>>>>>>>>>>>>>>>> >> to accept >>>>>>>>>>>>>>>>>>> >> attachments, >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >>> I'll have a look into intergrating the script into w3af >>>>>>>>>>>>>>>>>>> >>> over the next >>>>>>>>>>>>>>>>>>> >>> couple of days and hopefully have a working version by >>>>>>>>>>>>>>>>>>> >>> the weekend. >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> Excellent, if you need ANY help, just let us know. >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >>> The script is quite simple once you have the gathered >>>>>>>>>>>>>>>>>>> >>> the nesesary >>>>>>>>>>>>>>>>>>> >>> data. I went through versions 2.2 to 2.7.1 and manually >>>>>>>>>>>>>>>>>>> >>> found client >>>>>>>>>>>>>>>>>>> >>> side differences in most of them, I also used the >>>>>>>>>>>>>>>>>>> >>> official changelogs >>>>>>>>>>>>>>>>>>> >>> to help identify them. >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> Ohhh, you are the guy that wrote that blog post with the >>>>>>>>>>>>>>>>>>> >> "diffs" of >>>>>>>>>>>>>>>>>>> >> different wordpress release packages? >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >>> The client side differences are in files such as CSS, >>>>>>>>>>>>>>>>>>> >>> javascript and >>>>>>>>>>>>>>>>>>> >>> HTML. Some versions did not have any differences apart >>>>>>>>>>>>>>>>>>> >>> from having >>>>>>>>>>>>>>>>>>> >>> extra files, which can easliy be identified with HTTP >>>>>>>>>>>>>>>>>>> >>> response codes. >>>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>>> >>> It works as such... >>>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>>> >>> Starting from version 2.7.1 (latest), the script tries >>>>>>>>>>>>>>>>>>> >>> to find >>>>>>>>>>>>>>>>>>> >>> something that 2.7 doesnt have, if it finds that >>>>>>>>>>>>>>>>>>> >>> something then the >>>>>>>>>>>>>>>>>>> >>> script stops and echos the version number. >>>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>>> >>> If the script doesnt find the difference it moves onto >>>>>>>>>>>>>>>>>>> >>> identifying the >>>>>>>>>>>>>>>>>>> >>> next version, i.e. does 2.7 have something the earlier >>>>>>>>>>>>>>>>>>> >>> version doesnt >>>>>>>>>>>>>>>>>>> >>> have. and so on and so forth. >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> Ok, makes sense. >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> Some comments regarding your code: >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> - w3af uses PEP-8, with among other things says 4-spaces >>>>>>>>>>>>>>>>>>> >> for >>>>>>>>>>>>>>>>>>> >> indentations. Your code has 1-space (?) indentations. >>>>>>>>>>>>>>>>>>> >> Please correct >>>>>>>>>>>>>>>>>>> >> that. >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> - The code is pretty simple, but i think it could be >>>>>>>>>>>>>>>>>>> >> done in a better >>>>>>>>>>>>>>>>>>> >> way. Having that many functions (wp22 to wp271) doesn't >>>>>>>>>>>>>>>>>>> >> seem to be a >>>>>>>>>>>>>>>>>>> >> good option. Do you think that the code could be changed >>>>>>>>>>>>>>>>>>> >> a little bit, >>>>>>>>>>>>>>>>>>> >> and create a database (which can be easily updated) and >>>>>>>>>>>>>>>>>>> >> then use that >>>>>>>>>>>>>>>>>>> >> database to store the information? Example of the databse >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> self._wp_fingerprint = >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css', >>>>>>>>>>>>>>>>>>> >> 'farbtastic')] >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> - Also, by default wordpress publishes the version >>>>>>>>>>>>>>>>>>> >> number in every >>>>>>>>>>>>>>>>>>> >> page head. Maybe it would be a good idea to parse that, >>>>>>>>>>>>>>>>>>> >> and compare it >>>>>>>>>>>>>>>>>>> >> with the result of the fingerprinting. What do you think? >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > A good idea would be to have a first step, before all the >>>>>>>>>>>>>>>>>>> > version >>>>>>>>>>>>>>>>>>> > specific checks, that verifies something that's true for >>>>>>>>>>>>>>>>>>> > all wordpress >>>>>>>>>>>>>>>>>>> > installations (some X file has to be present) before even >>>>>>>>>>>>>>>>>>> > starting the >>>>>>>>>>>>>>>>>>> > fingerprinting. Could this be done? >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> >> Cheers, >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >>> Ryan >>>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>>> >>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>: >>>>>>>>>>>>>>>>>>> >>>> Ryan, >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst >>>>>>>>>>>>>>>>>>> >>>> <ryandewhu...@gmail.com> wrote: >>>>>>>>>>>>>>>>>>> >>>>> Hello, >>>>>>>>>>>>>>>>>>> >>>>> I have developed a python script that can detect the >>>>>>>>>>>>>>>>>>> >>>>> version of a >>>>>>>>>>>>>>>>>>> >>>>> wordpress installation. I think it would fit well >>>>>>>>>>>>>>>>>>> >>>>> within w3af, >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> Yes, it seems that it's something good to have in the >>>>>>>>>>>>>>>>>>> >>>> framework. >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> I have like a ton of questions about how it works, >>>>>>>>>>>>>>>>>>> >>>> could you please >>>>>>>>>>>>>>>>>>> >>>> send the script (as it is) to this mailing list for us >>>>>>>>>>>>>>>>>>> >>>> to read it? >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>>> the >>>>>>>>>>>>>>>>>>> >>>>> only problem being is that I have been unable to find >>>>>>>>>>>>>>>>>>> >>>>> a plugin >>>>>>>>>>>>>>>>>>> >>>>> development manual to be able to implement my script. >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> There is no development manual :( >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> For the type of feature that you want to add, the >>>>>>>>>>>>>>>>>>> >>>> correct thing is to >>>>>>>>>>>>>>>>>>> >>>> use a discovery plugin. discovery plugins are simple, >>>>>>>>>>>>>>>>>>> >>>> they follow >>>>>>>>>>>>>>>>>>> >>>> these rules: >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> - the entry point is the discover method >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> - the discover method takes a fuzzable request object >>>>>>>>>>>>>>>>>>> >>>> as a parameter, >>>>>>>>>>>>>>>>>>> >>>> and returns a list of fuzzable requests >>>>>>>>>>>>>>>>>>> >>>> (fuzzable requests are representations of GET/POST >>>>>>>>>>>>>>>>>>> >>>> requests, which >>>>>>>>>>>>>>>>>>> >>>> represent links, and forms) >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> - the discover method is called several times in the >>>>>>>>>>>>>>>>>>> >>>> same scan, with >>>>>>>>>>>>>>>>>>> >>>> the different links that (for example) the webSpider >>>>>>>>>>>>>>>>>>> >>>> finds. >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> I think that the best thing you can do is to read one >>>>>>>>>>>>>>>>>>> >>>> or two >>>>>>>>>>>>>>>>>>> >>>> discovery >>>>>>>>>>>>>>>>>>> >>>> plugins (my recommendations are discovery.crossDomain >>>>>>>>>>>>>>>>>>> >>>> and >>>>>>>>>>>>>>>>>>> >>>> discovery.userDir), and start building your own plugin >>>>>>>>>>>>>>>>>>> >>>> based on one >>>>>>>>>>>>>>>>>>> >>>> of >>>>>>>>>>>>>>>>>>> >>>> those. >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>>> Is there a dev manual out there? >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> No >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>>> Does any one have some tips/advice on writting a >>>>>>>>>>>>>>>>>>> >>>>> plugin? >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> Yes, see above, >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>>> Does any one want me to send them the script for them >>>>>>>>>>>>>>>>>>> >>>>> to develop the >>>>>>>>>>>>>>>>>>> >>>>> plugin? >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> You should develop the plugin yourself, is fun and >>>>>>>>>>>>>>>>>>> >>>> good for the >>>>>>>>>>>>>>>>>>> >>>> project =) >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> Cheers, >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>>> Thank you, >>>>>>>>>>>>>>>>>>> >>>>> Ryan >>>>>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>>>>> >>>>> ------------------------------------------------------------------------------ >>>>>>>>>>>>>>>>>>> >>>>> Register Now for Creativity and Technology (CaT), >>>>>>>>>>>>>>>>>>> >>>>> June 3rd, NYC. CaT >>>>>>>>>>>>>>>>>>> >>>>> is a gathering of tech-side developers & brand >>>>>>>>>>>>>>>>>>> >>>>> creativity >>>>>>>>>>>>>>>>>>> >>>>> professionals. Meet >>>>>>>>>>>>>>>>>>> >>>>> the minds behind Google Creative Lab, Visual >>>>>>>>>>>>>>>>>>> >>>>> Complexity, Processing, >>>>>>>>>>>>>>>>>>> >>>>> & >>>>>>>>>>>>>>>>>>> >>>>> iPhoneDevCamp as they present alongside digital >>>>>>>>>>>>>>>>>>> >>>>> heavyweights like >>>>>>>>>>>>>>>>>>> >>>>> Barbarian >>>>>>>>>>>>>>>>>>> >>>>> Group, R/GA, & Big Spaceship. >>>>>>>>>>>>>>>>>>> >>>>> http://p.sf.net/sfu/creativitycat-com >>>>>>>>>>>>>>>>>>> >>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>> >>>>> W3af-develop mailing list >>>>>>>>>>>>>>>>>>> >>>>> W3af-develop@lists.sourceforge.net >>>>>>>>>>>>>>>>>>> >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>>>>>>>>>>>>>> >>>>> >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>>> -- >>>>>>>>>>>>>>>>>>> >>>> Andrés Riancho >>>>>>>>>>>>>>>>>>> >>>> Founder, Bonsai - Information Security >>>>>>>>>>>>>>>>>>> >>>> http://www.bonsai-sec.com/ >>>>>>>>>>>>>>>>>>> >>>> http://w3af.sf.net/ >>>>>>>>>>>>>>>>>>> >>>> >>>>>>>>>>>>>>>>>>> >>> >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> >> -- >>>>>>>>>>>>>>>>>>> >> Andrés Riancho >>>>>>>>>>>>>>>>>>> >> Founder, Bonsai - Information Security >>>>>>>>>>>>>>>>>>> >> http://www.bonsai-sec.com/ >>>>>>>>>>>>>>>>>>> >> http://w3af.sf.net/ >>>>>>>>>>>>>>>>>>> >> >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > -- >>>>>>>>>>>>>>>>>>> > Andrés Riancho >>>>>>>>>>>>>>>>>>> > Founder, Bonsai - Information Security >>>>>>>>>>>>>>>>>>> > http://www.bonsai-sec.com/ >>>>>>>>>>>>>>>>>>> > http://w3af.sf.net/ >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>>>>>>>>>>>> Register Now for Creativity and Technology (CaT), June 3rd, >>>>>>>>>>>>>>>>>>> NYC. CaT >>>>>>>>>>>>>>>>>>> is a gathering of tech-side developers & brand creativity >>>>>>>>>>>>>>>>>>> professionals. >>>>>>>>>>>>>>>>>>> Meet >>>>>>>>>>>>>>>>>>> the minds behind Google Creative Lab, Visual Complexity, >>>>>>>>>>>>>>>>>>> Processing, & >>>>>>>>>>>>>>>>>>> iPhoneDevCamp as they present alongside digital >>>>>>>>>>>>>>>>>>> heavyweights like >>>>>>>>>>>>>>>>>>> Barbarian >>>>>>>>>>>>>>>>>>> Group, R/GA, & Big Spaceship. >>>>>>>>>>>>>>>>>>> http://p.sf.net/sfu/creativitycat-com >>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>> W3af-develop mailing list >>>>>>>>>>>>>>>>>>> W3af-develop@lists.sourceforge.net >>>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> Andrés Riancho >>>>>>>>>>>>>>>> Founder, Bonsai - Information Security >>>>>>>>>>>>>>>> http://www.bonsai-sec.com/ >>>>>>>>>>>>>>>> http://w3af.sf.net/ >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Andrés Riancho >>>>>>>>>>>>> Founder, Bonsai - Information Security >>>>>>>>>>>>> http://www.bonsai-sec.com/ >>>>>>>>>>>>> http://w3af.sf.net/ >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Andrés Riancho >>>>>>>>>>> Founder, Bonsai - Information Security >>>>>>>>>>> http://www.bonsai-sec.com/ >>>>>>>>>>> http://w3af.sf.net/ >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Andrés Riancho >>>>>>>>> Founder, Bonsai - Information Security >>>>>>>>> http://www.bonsai-sec.com/ >>>>>>>>> http://w3af.sf.net/ >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Andrés Riancho >>>>>>> Founder, Bonsai - Information Security >>>>>>> http://www.bonsai-sec.com/ >>>>>>> http://w3af.sf.net/ >>>>>>> >>>>>> >>>>> >>>> >>> >>> >>> >>> -- >>> Andrés Riancho >>> Founder, Bonsai - Information Security >>> http://www.bonsai-sec.com/ >>> http://w3af.sf.net/ >>> >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop