2009/6/8 Andres Riancho <andres.rian...@gmail.com>:
> Ryan,
>
> On Mon, Jun 8, 2009 at 10:18 AM, Ryan Dewhurst<ryandewhu...@gmail.com> wrote:
>> 2009/6/7 Andres Riancho <andres.rian...@gmail.com>:
>>> Ryan,
>>>
>>> On Sun, Jun 7, 2009 at 12:31 PM, Ryan Dewhurst<ryandewhu...@gmail.com>
>>> wrote:
>>>> Here is the final version. (I hope)
>>>
>>> I just tried your plugin with http://www.bonsai-sec.com/blog/ as a
>>> target, and it's failing to find anything. I think that the problem is
>>> in:
>>>
>>> base_url = urlParser.baseUrl( fuzzableRequest.getURL() )
>>> wp_unique_url = urlParser.urlJoin( base_url , '/wp-login.php' )
>>>
>>> Which will always return http://host.tld/wp-login.php , no matter what
>>> the fuzzableRequest.getURL() was: in my case it was
>>> http://www.bonsai-sec.com/blog/ .
>>>
>>
>> Fixed this with:
>>
>> wp_unique_url = fuzzableRequest.getURL() + '/wp-login.php'
>> response = self._urlOpener.GET( wp_unique_url, useCache=True )
>
> If the URL is http://www.bonsai-sec.com/blog/ and you perform that,
> you end up with http://www.bonsai-sec.com/blog//wp-login.php , which
> is not what you want. I think that the solution was this one:
>
> base_url = urlParser.getDomainPath( fuzzableRequest.getURL() )
> wp_unique_url = urlParser.urlJoin( base_url , 'wp-login.php' )
>
> But I'm not sure, you should test it.
I tried this yesterday and had no luck however I will give it another
go as I did not spend too much time on it.
>
>>> And also on the way that self._exec is ALWAYS set to false. I think
>>> that self._exec should be set to false only after actually finding a
>>> wordpress installation and fingerprinting it.
>>>
>>
>> Implemented this.
>
> Cool,
>
>>> Please test the plugin a little more with different wordpress
>>> installs, and then let us know how it worked out =)
>>>
>>
>> Tested on about 5 different installations so far, all working.
>
> Cool,
>
>>> PS: Please use inline for answering emails, top posting sucks.
>>>
>>
>> Sorry, always forget about this, lol.
>>
>> Any other changes/feedback let me know. Attached is the latest version. :)
>
> I think we're almost ready to put it in the trunk, what do you think?
>
Yup! :-)
As soon as I have fixed the URL issue I dont see why not. One thing I
would like you to look at is the output, is it accurately worded to
the w3af style? Does it have too little or too much output?
>>>> 2009/6/7 Ryan Dewhurst <ryandewhu...@gmail.com>:
>>>>> Found a bug that I am working on now.
>>>>>
>>>>> 2009/6/7 Ryan Dewhurst <ryandewhu...@gmail.com>:
>>>>>> w00t w00t!
>>>>>>
>>>>>> All tested and working!
>>>>>>
>>>>>> Thanks to everyone for their help especially Andres for putting up
>>>>>> with my noobness. I will look into implementing the vulns for each
>>>>>> version and then eventually a wp plugin version finder.
>>>>>>
>>>>>> Feedback and suggestions welcome! :-)
>>>>>>
>>>>>> 2009/6/7 Andres Riancho <andres.rian...@gmail.com>:
>>>>>>> Ryan,
>>>>>>>
>>>>>>> On Sat, Jun 6, 2009 at 10:20 PM, Ryan Dewhurst<ryandewhu...@gmail.com>
>>>>>>> wrote:
>>>>>>>> I decided to move over to my Linux box for the development of the
>>>>>>>> plugin. One of the reasons I could not get the plugin to run through
>>>>>>>> w3af was that the plugin file name was not the same as the class name.
>>>>>>>
>>>>>>> Ok, makes sense,
>>>>>>>
>>>>>>>> It now runs through w3af with out any errors. The only thing is that
>>>>>>>> the info output is not showing in kb.
>>>>>>>
>>>>>>> Are you saving it to the kb?
>>>>>>>
>>>>>>>> Im using this which I found in another plugin:
>>>>>>>>
>>>>>>>> # Save it to the kb!
>>>>>>>> i = info.info()
>>>>>>>> i.setName('WordPress version')
>>>>>>>> i.setURL( wp_index_url )
>>>>>>>> i.setId( http_response.id )
>>>>>>>> i.setDesc( 'WordPress version "'+ self._version +'" found in the
>>>>>>>> index header.' )
>>>>>>>> kb.kb.append( self, 'WordPress version', i )
>>>>>>>> om.out.information( i.getDesc() )
>>>>>>>
>>>>>>> That seems to be enough to save the version to the kb,
>>>>>>>
>>>>>>>> Attached is the latest version.
>>>>>>>
>>>>>>> I applied some minor changes:
>>>>>>>
>>>>>>> - Changed the name of the plugin to wordpress_plugin, because
>>>>>>> wpvChecker is cryptic to users.
>>>>>>> - The code has some serious errors, that are possibly the reason you
>>>>>>> don't see anything:
>>>>>>>
>>>>>>> ...@brick:~/w3af/w3af/trunk$ pylint
>>>>>>> --rcfile=../extras/misc/pylint.rc /tmp/wordpress_version.py -e
>>>>>>> ************* Module wordpress_version
>>>>>>> E: 98:wordpress_version.discover: Undefined variable 're'
>>>>>>> E:109:wordpress_version.discover: Undefined variable 'http_response'
>>>>>>> E:150:wordpress_version.discover: Undefined variable 'http_response'
>>>>>>>
>>>>>>> Have you tested the plugin? Do you get a big traceback when running it?
>>>>>>>
>>>>>>> - This line in the fingerprint DB:
>>>>>>>
>>>>>>> ('/wp-admin/async-upload.php','200','2.5'),
>>>>>>>
>>>>>>> Doesn't match this line:
>>>>>>>
>>>>>>> if self._wp_fingerprint[1] == 200 and not
>>>>>>> is_404(response):
>>>>>>>
>>>>>>> '200' and 200 aren't equal in python:
>>>>>>>
>>>>>>> >>> '200' == 200
>>>>>>> False
>>>>>>>
>>>>>>> You should change your database to 200, instead of '200' where
>>>>>>> necessary.
>>>>>>>
>>>>>>> - One more detail, is that it would be nice to compare the version in
>>>>>>> the HTML header, with the fingerprinted version, and report if they
>>>>>>> differ.
>>>>>>>
>>>>>>> You're on the right path, I think that with these recommendations
>>>>>>> you'll be able to complete the development of your first w3af plugin
>>>>>>> =)
>>>>>>>
>>>>>>> PS: You should answer inline.
>>>>>>>
>>>>>>>> Ryan
>>>>>>>>
>>>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>:
>>>>>>>>> Ryan,
>>>>>>>>>
>>>>>>>>> On Sat, Jun 6, 2009 at 6:22 PM, Ryan Dewhurst<ryandewhu...@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>>>Also delete the .pyc file, and no reinstall is needed.
>>>>>>>>>>
>>>>>>>>>> There was none.
>>>>>>>>>>
>>>>>>>>>>> Yes, many.
>>>>>>>>>>> You are missing some required methods, like setOptions, getOptions,
>>>>>>>>>>> getLongDescription, etc. Please see other plugins for a complete
>>>>>>>>>>> list,
>>>>>>>>>>
>>>>>>>>>> They are already in the code:
>>>>>>>>>>
>>>>>>>>>> # W3af options and output
>>>>>>>>>> def getOptions( self ):
>>>>>>>>>> '''
>>>>>>>>>> �...@return: A list of option objects for this plugin.
>>>>>>>>>> '''
>>>>>>>>>> ol = optionList()
>>>>>>>>>> return ol
>>>>>>>>>>
>>>>>>>>>> def setOptions( self, OptionList ):
>>>>>>>>>> '''
>>>>>>>>>> This method sets all the options that are configured using the
>>>>>>>>>> user interface
>>>>>>>>>> generated by the framework using the result of getOptions().
>>>>>>>>>>
>>>>>>>>>> �...@parameter OptionList: A dictionary with the options for
>>>>>>>>>> the plugin.
>>>>>>>>>> �...@return: No value is returned.
>>>>>>>>>> '''
>>>>>>>>>> pass
>>>>>>>>>>
>>>>>>>>>> def getPluginDeps( self ):
>>>>>>>>>> '''
>>>>>>>>>> �...@return: A list with the names of the plugins that should
>>>>>>>>>> be
>>>>>>>>>> runned before the
>>>>>>>>>> current one.
>>>>>>>>>> '''
>>>>>>>>>> return []
>>>>>>>>>>
>>>>>>>>>> def getLongDesc( self ):
>>>>>>>>>> '''
>>>>>>>>>> �...@return: A DETAILED description of the plugin functions
>>>>>>>>>> and features.
>>>>>>>>>> '''
>>>>>>>>>> return '''
>>>>>>>>>> This plugin searches for client side differences between
>>>>>>>>>> different versions of WordPress.
>>>>>>>>>> '''
>>>>>>>>>
>>>>>>>>> Then try to run w3af from a console:
>>>>>>>>>
>>>>>>>>> in cmd.exe run python w3af_console.py
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>:
>>>>>>>>>>> Ryan,
>>>>>>>>>>>
>>>>>>>>>>> On Sat, Jun 6, 2009 at 1:57 PM, Ryan Dewhurst
>>>>>>>>>>> <ryandewhu...@gmail.com> wrote:
>>>>>>>>>>>> I moved the wpvchecker.py file into the /plugin/discovery folder.
>>>>>>>>>>>> When
>>>>>>>>>>>> I try to launch w3af I get an error (screenshot attached), the
>>>>>>>>>>>> prompt
>>>>>>>>>>>> only lasts a few seconds so could not copy/paste the full error
>>>>>>>>>>>> output.
>>>>>>>>>>>>
>>>>>>>>>>>> When I remove the wpvchecker.py file out of the dir the error
>>>>>>>>>>>> persists
>>>>>>>>>>>> and I have to un/re install w3af to get it working again.
>>>>>>>>>>>
>>>>>>>>>>> Also delete the .pyc file, and no reinstall is needed.
>>>>>>>>>>>
>>>>>>>>>>>> Any ideas?
>>>>>>>>>>>
>>>>>>>>>>> Yes, many.
>>>>>>>>>>> You are missing some required methods, like setOptions, getOptions,
>>>>>>>>>>> getLongDescription, etc. Please see other plugins for a complete
>>>>>>>>>>> list,
>>>>>>>>>>>
>>>>>>>>>>>> Thanks again,
>>>>>>>>>>>> Ryan
>>>>>>>>>>>>
>>>>>>>>>>>> 2009/6/6 Andres Riancho <andres.rian...@gmail.com>:
>>>>>>>>>>>>> Ryan,
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Sat, Jun 6, 2009 at 10:59 AM, Ryan Dewhurst
>>>>>>>>>>>>> <ryandewhu...@gmail.com> wrote:
>>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>> Sorry its been so long with the wrodpress version checker
>>>>>>>>>>>>>> plugin, had
>>>>>>>>>>>>>> some life problems.
>>>>>>>>>>>>>
>>>>>>>>>>>>> No problem man, I hope things are going better now.
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Anyway...
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I have come to a logic problem which I cannot seem to solve and
>>>>>>>>>>>>>> was
>>>>>>>>>>>>>> wondering if any one could give me some pointers...
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Versions '2.5', '2.3.1, 2.3.2 or 2.3.3' and '2.2' are detected
>>>>>>>>>>>>>> by a
>>>>>>>>>>>>>> file/image being present i.e status 200
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I cannot figure out how to check for this while using the
>>>>>>>>>>>>>> self._wp_fingerprint array.
>>>>>>>>>>>>>
>>>>>>>>>>>>> The for loop that works with the array looks like this:
>>>>>>>>>>>>>
>>>>>>>>>>>>> for data in self._wp_fingerprint:
>>>>>>>>>>>>>
>>>>>>>>>>>>> # Complete URL to test, url+file
>>>>>>>>>>>>> test_URL = urlParser.urlJoin( base_url,
>>>>>>>>>>>>> self._wp_fingerprint[0] )
>>>>>>>>>>>>>
>>>>>>>>>>>>> if self._wp_fingerprint[1] in response:
>>>>>>>>>>>>> version = self._wp_fingerprint[2]
>>>>>>>>>>>>> break
>>>>>>>>>>>>> else:
>>>>>>>>>>>>> version = 'Version lower than 2.2'
>>>>>>>>>>>>>
>>>>>>>>>>>>> But there are some parts missing, like actually requesting to the
>>>>>>>>>>>>> server the test_URL. On the other part, the "200" logic could be
>>>>>>>>>>>>> easily done like this:
>>>>>>>>>>>>>
>>>>>>>>>>>>> if self._wp_fingerprint[1] == 200 and not
>>>>>>>>>>>>> is_404(response):
>>>>>>>>>>>>> # it was found!
>>>>>>>>>>>>> elif self._wp_fingerprint[1] in response:
>>>>>>>>>>>>> version = self._wp_fingerprint[2]
>>>>>>>>>>>>> break
>>>>>>>>>>>>> else:
>>>>>>>>>>>>> version = 'Version lower than 2.2'
>>>>>>>>>>>>>
>>>>>>>>>>>>> To make this work, you should change the '' in the fingerprint
>>>>>>>>>>>>> array
>>>>>>>>>>>>> by a 200, and it should all work.
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Here is the code so far, I have not yet tested it out, but
>>>>>>>>>>>>>> should give
>>>>>>>>>>>>>> you a basic idea of how it will run.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Yes, and it makes much more sense to me this way. The older
>>>>>>>>>>>>> version
>>>>>>>>>>>>> was "ugly" :)
>>>>>>>>>>>>>
>>>>>>>>>>>>>> I was also thinking of
>>>>>>>>>>>>>> implementing a plugin version checker as there are many plugins
>>>>>>>>>>>>>> with
>>>>>>>>>>>>>> vulns.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Sure, but lets go step by step, lets finish this plugin, test it a
>>>>>>>>>>>>> little bit, and then we can go for the next one.
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thank you,
>>>>>>>>>>>>>> Ryan
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> P.S. To test it through w3af, do I just pop the py file into the
>>>>>>>>>>>>>> plugin folder or is there any other code to be changed?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Yes, you have to move this file to the discovery directory and
>>>>>>>>>>>>> that's it.
>>>>>>>>>>>>>
>>>>>>>>>>>>>> 2009/5/31 Ryan Dewhurst <ryandewhu...@gmail.com>:
>>>>>>>>>>>>>>> Just to let everyone know where I am with the plugin.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I'm a complete n00b at re and couldnt get backbone's code to
>>>>>>>>>>>>>>> work, so
>>>>>>>>>>>>>>> I read a couple of manuals and finally got it working with:
>>>>>>>>>>>>>>> <meta name="generator" content="[Ww]ord[Pp]ress (\d\.\d\.?\d?)"
>>>>>>>>>>>>>>> />
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> An explanation of what the plugin will do:
>>>>>>>>>>>>>>> -----------------------------------------------------------
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> It will first check to see if the server has the following file
>>>>>>>>>>>>>>> "/wp-admin/index.php".
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If it does
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> It will check to see whether or not the version is in the index
>>>>>>>>>>>>>>> header.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If it finds the version it will store it in a variable.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> It will then run through the checks from my original code to
>>>>>>>>>>>>>>> try and
>>>>>>>>>>>>>>> guess the version.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> The output will be as follows:
>>>>>>>>>>>>>>> ------------------------------------------
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If the version is not in the index and not found with the data =
>>>>>>>>>>>>>>> "version under 2.2"
>>>>>>>>>>>>>>> If the version is in the index and in the data are the same =
>>>>>>>>>>>>>>> "whatever version was found"
>>>>>>>>>>>>>>> If the version is in the index and in the data are different =
>>>>>>>>>>>>>>> ""Version shows as $version in index header however the data
>>>>>>>>>>>>>>> shows
>>>>>>>>>>>>>>> $version"
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I still need to implement the data checks however my girlfriend
>>>>>>>>>>>>>>> has
>>>>>>>>>>>>>>> fallen ill and has been admitted to hospital for an emergency
>>>>>>>>>>>>>>> operation. I don't think I will be able to finish the plugin
>>>>>>>>>>>>>>> this
>>>>>>>>>>>>>>> weekend as promised earlier however will still be working on it
>>>>>>>>>>>>>>> next
>>>>>>>>>>>>>>> week.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I was also thinking on listing the vulnerabilitys for each
>>>>>>>>>>>>>>> version (if
>>>>>>>>>>>>>>> any) on the output.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Ryan
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 2009/5/29 Andres Riancho <andres.rian...@gmail.com>:
>>>>>>>>>>>>>>>> Ryan,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Thu, May 28, 2009 at 10:11 PM, Ryan Dewhurst
>>>>>>>>>>>>>>>> <ryandewhu...@gmail.com> wrote:
>>>>>>>>>>>>>>>>> Im loooking into searching the response html of the index
>>>>>>>>>>>>>>>>> page for the
>>>>>>>>>>>>>>>>> following string:
>>>>>>>>>>>>>>>>> <meta name="generator" content="WordPress $version" />
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Ive tried with regular expressions and am unable to get it to
>>>>>>>>>>>>>>>>> work,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> backbone sent you a solution,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Ive read that re is bad for parsing HTML and that
>>>>>>>>>>>>>>>>> BeautifulSoup
>>>>>>>>>>>>>>>>> should be used.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Does w3af already have BeautifulSoup in its dependency list?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Yes, it's in the dependency list, but we aren't using it "for
>>>>>>>>>>>>>>>> that".
>>>>>>>>>>>>>>>> Long story short, please use the re =)
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Ryan
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> P.S. Thanks for the advice backbone46, I'll have a look into
>>>>>>>>>>>>>>>>> that once
>>>>>>>>>>>>>>>>> Ive sorted this out.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 2009/5/28 <backbon...@gmail.com>:
>>>>>>>>>>>>>>>>>> Sorry to bump in just like that in the discussion, about the
>>>>>>>>>>>>>>>>>> meta tag that
>>>>>>>>>>>>>>>>>> displays
>>>>>>>>>>>>>>>>>> the WordPress version.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Only since version 2.7 the generator function is in the core
>>>>>>>>>>>>>>>>>> of WordPress,
>>>>>>>>>>>>>>>>>> on
>>>>>>>>>>>>>>>>>> earlier versions it was only in the theme.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Just wanted to mention that. :)
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> ---
>>>>>>>>>>>>>>>>>> http://insanesecurity.info
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Thu, May 28, 2009 at 10:53 PM, Ryan Dewhurst
>>>>>>>>>>>>>>>>>> <ryandewhu...@gmail.com>
>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Yes, I dont see why not. Should be easy enough tro
>>>>>>>>>>>>>>>>>>> implement.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> You mentioned during our email conversation that wordpress
>>>>>>>>>>>>>>>>>>> echos its
>>>>>>>>>>>>>>>>>>> version number in the page head. I managed to find an
>>>>>>>>>>>>>>>>>>> example of it.
>>>>>>>>>>>>>>>>>>> Your right I do have a security plugin installed which must
>>>>>>>>>>>>>>>>>>> have
>>>>>>>>>>>>>>>>>>> removed it from my blog.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Here is an example:
>>>>>>>>>>>>>>>>>>> <meta name="generator" content="WordPress 2.7.1" />
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>:
>>>>>>>>>>>>>>>>>>> > Ryan,
>>>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>>>> > On Wed, May 27, 2009 at 10:18 PM, Andres Riancho
>>>>>>>>>>>>>>>>>>> > <andres.rian...@gmail.com> wrote:
>>>>>>>>>>>>>>>>>>> >> Ryan,
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> On Wed, May 27, 2009 at 9:58 PM, Ryan Dewhurst
>>>>>>>>>>>>>>>>>>> >> <ryandewhu...@gmail.com>
>>>>>>>>>>>>>>>>>>> >> wrote:
>>>>>>>>>>>>>>>>>>> >>> Hello,
>>>>>>>>>>>>>>>>>>> >>> Im new to mailing lists so im not sure if this will be
>>>>>>>>>>>>>>>>>>> >>> sent there.
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> It depends on the mailing list. This one is configured
>>>>>>>>>>>>>>>>>>> >> to accept
>>>>>>>>>>>>>>>>>>> >> attachments,
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >>> I'll have a look into intergrating the script into w3af
>>>>>>>>>>>>>>>>>>> >>> over the next
>>>>>>>>>>>>>>>>>>> >>> couple of days and hopefully have a working version by
>>>>>>>>>>>>>>>>>>> >>> the weekend.
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> Excellent, if you need ANY help, just let us know.
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >>> The script is quite simple once you have the gathered
>>>>>>>>>>>>>>>>>>> >>> the nesesary
>>>>>>>>>>>>>>>>>>> >>> data. I went through versions 2.2 to 2.7.1 and manually
>>>>>>>>>>>>>>>>>>> >>> found client
>>>>>>>>>>>>>>>>>>> >>> side differences in most of them, I also used the
>>>>>>>>>>>>>>>>>>> >>> official changelogs
>>>>>>>>>>>>>>>>>>> >>> to help identify them.
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> Ohhh, you are the guy that wrote that blog post with the
>>>>>>>>>>>>>>>>>>> >> "diffs" of
>>>>>>>>>>>>>>>>>>> >> different wordpress release packages?
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >>> The client side differences are in files such as CSS,
>>>>>>>>>>>>>>>>>>> >>> javascript and
>>>>>>>>>>>>>>>>>>> >>> HTML. Some versions did not have any differences apart
>>>>>>>>>>>>>>>>>>> >>> from having
>>>>>>>>>>>>>>>>>>> >>> extra files, which can easliy be identified with HTTP
>>>>>>>>>>>>>>>>>>> >>> response codes.
>>>>>>>>>>>>>>>>>>> >>>
>>>>>>>>>>>>>>>>>>> >>> It works as such...
>>>>>>>>>>>>>>>>>>> >>>
>>>>>>>>>>>>>>>>>>> >>> Starting from version 2.7.1 (latest), the script tries
>>>>>>>>>>>>>>>>>>> >>> to find
>>>>>>>>>>>>>>>>>>> >>> something that 2.7 doesnt have, if it finds that
>>>>>>>>>>>>>>>>>>> >>> something then the
>>>>>>>>>>>>>>>>>>> >>> script stops and echos the version number.
>>>>>>>>>>>>>>>>>>> >>>
>>>>>>>>>>>>>>>>>>> >>> If the script doesnt find the difference it moves onto
>>>>>>>>>>>>>>>>>>> >>> identifying the
>>>>>>>>>>>>>>>>>>> >>> next version, i.e. does 2.7 have something the earlier
>>>>>>>>>>>>>>>>>>> >>> version doesnt
>>>>>>>>>>>>>>>>>>> >>> have. and so on and so forth.
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> Ok, makes sense.
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> Some comments regarding your code:
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> - w3af uses PEP-8, with among other things says 4-spaces
>>>>>>>>>>>>>>>>>>> >> for
>>>>>>>>>>>>>>>>>>> >> indentations. Your code has 1-space (?) indentations.
>>>>>>>>>>>>>>>>>>> >> Please correct
>>>>>>>>>>>>>>>>>>> >> that.
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> - The code is pretty simple, but i think it could be
>>>>>>>>>>>>>>>>>>> >> done in a better
>>>>>>>>>>>>>>>>>>> >> way. Having that many functions (wp22 to wp271) doesn't
>>>>>>>>>>>>>>>>>>> >> seem to be a
>>>>>>>>>>>>>>>>>>> >> good option. Do you think that the code could be changed
>>>>>>>>>>>>>>>>>>> >> a little bit,
>>>>>>>>>>>>>>>>>>> >> and create a database (which can be easily updated) and
>>>>>>>>>>>>>>>>>>> >> then use that
>>>>>>>>>>>>>>>>>>> >> database to store the information? Example of the databse
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> self._wp_fingerprint =
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> [('/wp-includes/js/thickbox/thickbox.css','-ms-filter:'),('/wp-admin/css/farbtastic.css',
>>>>>>>>>>>>>>>>>>> >> 'farbtastic')]
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> - Also, by default wordpress publishes the version
>>>>>>>>>>>>>>>>>>> >> number in every
>>>>>>>>>>>>>>>>>>> >> page head. Maybe it would be a good idea to parse that,
>>>>>>>>>>>>>>>>>>> >> and compare it
>>>>>>>>>>>>>>>>>>> >> with the result of the fingerprinting. What do you think?
>>>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>>>> > A good idea would be to have a first step, before all the
>>>>>>>>>>>>>>>>>>> > version
>>>>>>>>>>>>>>>>>>> > specific checks, that verifies something that's true for
>>>>>>>>>>>>>>>>>>> > all wordpress
>>>>>>>>>>>>>>>>>>> > installations (some X file has to be present) before even
>>>>>>>>>>>>>>>>>>> > starting the
>>>>>>>>>>>>>>>>>>> > fingerprinting. Could this be done?
>>>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>>>> >> Cheers,
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >>> Ryan
>>>>>>>>>>>>>>>>>>> >>>
>>>>>>>>>>>>>>>>>>> >>>
>>>>>>>>>>>>>>>>>>> >>> 2009/5/28 Andres Riancho <andres.rian...@gmail.com>:
>>>>>>>>>>>>>>>>>>> >>>> Ryan,
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> On Wed, May 27, 2009 at 5:07 PM, Ryan Dewhurst
>>>>>>>>>>>>>>>>>>> >>>> <ryandewhu...@gmail.com> wrote:
>>>>>>>>>>>>>>>>>>> >>>>> Hello,
>>>>>>>>>>>>>>>>>>> >>>>> I have developed a python script that can detect the
>>>>>>>>>>>>>>>>>>> >>>>> version of a
>>>>>>>>>>>>>>>>>>> >>>>> wordpress installation. I think it would fit well
>>>>>>>>>>>>>>>>>>> >>>>> within w3af,
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> Yes, it seems that it's something good to have in the
>>>>>>>>>>>>>>>>>>> >>>> framework.
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> I have like a ton of questions about how it works,
>>>>>>>>>>>>>>>>>>> >>>> could you please
>>>>>>>>>>>>>>>>>>> >>>> send the script (as it is) to this mailing list for us
>>>>>>>>>>>>>>>>>>> >>>> to read it?
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>>> the
>>>>>>>>>>>>>>>>>>> >>>>> only problem being is that I have been unable to find
>>>>>>>>>>>>>>>>>>> >>>>> a plugin
>>>>>>>>>>>>>>>>>>> >>>>> development manual to be able to implement my script.
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> There is no development manual :(
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> For the type of feature that you want to add, the
>>>>>>>>>>>>>>>>>>> >>>> correct thing is to
>>>>>>>>>>>>>>>>>>> >>>> use a discovery plugin. discovery plugins are simple,
>>>>>>>>>>>>>>>>>>> >>>> they follow
>>>>>>>>>>>>>>>>>>> >>>> these rules:
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> - the entry point is the discover method
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> - the discover method takes a fuzzable request object
>>>>>>>>>>>>>>>>>>> >>>> as a parameter,
>>>>>>>>>>>>>>>>>>> >>>> and returns a list of fuzzable requests
>>>>>>>>>>>>>>>>>>> >>>> (fuzzable requests are representations of GET/POST
>>>>>>>>>>>>>>>>>>> >>>> requests, which
>>>>>>>>>>>>>>>>>>> >>>> represent links, and forms)
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> - the discover method is called several times in the
>>>>>>>>>>>>>>>>>>> >>>> same scan, with
>>>>>>>>>>>>>>>>>>> >>>> the different links that (for example) the webSpider
>>>>>>>>>>>>>>>>>>> >>>> finds.
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> I think that the best thing you can do is to read one
>>>>>>>>>>>>>>>>>>> >>>> or two
>>>>>>>>>>>>>>>>>>> >>>> discovery
>>>>>>>>>>>>>>>>>>> >>>> plugins (my recommendations are discovery.crossDomain
>>>>>>>>>>>>>>>>>>> >>>> and
>>>>>>>>>>>>>>>>>>> >>>> discovery.userDir), and start building your own plugin
>>>>>>>>>>>>>>>>>>> >>>> based on one
>>>>>>>>>>>>>>>>>>> >>>> of
>>>>>>>>>>>>>>>>>>> >>>> those.
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>>> Is there a dev manual out there?
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> No
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>>> Does any one have some tips/advice on writting a
>>>>>>>>>>>>>>>>>>> >>>>> plugin?
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> Yes, see above,
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>>> Does any one want me to send them the script for them
>>>>>>>>>>>>>>>>>>> >>>>> to develop the
>>>>>>>>>>>>>>>>>>> >>>>> plugin?
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> You should develop the plugin yourself, is fun and
>>>>>>>>>>>>>>>>>>> >>>> good for the
>>>>>>>>>>>>>>>>>>> >>>> project =)
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> Cheers,
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>>> Thank you,
>>>>>>>>>>>>>>>>>>> >>>>> Ryan
>>>>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>>>>>>>>>>> >>>>> ------------------------------------------------------------------------------
>>>>>>>>>>>>>>>>>>> >>>>> Register Now for Creativity and Technology (CaT),
>>>>>>>>>>>>>>>>>>> >>>>> June 3rd, NYC. CaT
>>>>>>>>>>>>>>>>>>> >>>>> is a gathering of tech-side developers & brand
>>>>>>>>>>>>>>>>>>> >>>>> creativity
>>>>>>>>>>>>>>>>>>> >>>>> professionals. Meet
>>>>>>>>>>>>>>>>>>> >>>>> the minds behind Google Creative Lab, Visual
>>>>>>>>>>>>>>>>>>> >>>>> Complexity, Processing,
>>>>>>>>>>>>>>>>>>> >>>>> &
>>>>>>>>>>>>>>>>>>> >>>>> iPhoneDevCamp as they present alongside digital
>>>>>>>>>>>>>>>>>>> >>>>> heavyweights like
>>>>>>>>>>>>>>>>>>> >>>>> Barbarian
>>>>>>>>>>>>>>>>>>> >>>>> Group, R/GA, & Big Spaceship.
>>>>>>>>>>>>>>>>>>> >>>>> http://p.sf.net/sfu/creativitycat-com
>>>>>>>>>>>>>>>>>>> >>>>> _______________________________________________
>>>>>>>>>>>>>>>>>>> >>>>> W3af-develop mailing list
>>>>>>>>>>>>>>>>>>> >>>>> W3af-develop@lists.sourceforge.net
>>>>>>>>>>>>>>>>>>> >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>>>>>>>>>>>>>>>>> >>>>>
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>> --
>>>>>>>>>>>>>>>>>>> >>>> Andrés Riancho
>>>>>>>>>>>>>>>>>>> >>>> Founder, Bonsai - Information Security
>>>>>>>>>>>>>>>>>>> >>>> http://www.bonsai-sec.com/
>>>>>>>>>>>>>>>>>>> >>>> http://w3af.sf.net/
>>>>>>>>>>>>>>>>>>> >>>>
>>>>>>>>>>>>>>>>>>> >>>
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >> --
>>>>>>>>>>>>>>>>>>> >> Andrés Riancho
>>>>>>>>>>>>>>>>>>> >> Founder, Bonsai - Information Security
>>>>>>>>>>>>>>>>>>> >> http://www.bonsai-sec.com/
>>>>>>>>>>>>>>>>>>> >> http://w3af.sf.net/
>>>>>>>>>>>>>>>>>>> >>
>>>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>>>> > --
>>>>>>>>>>>>>>>>>>> > Andrés Riancho
>>>>>>>>>>>>>>>>>>> > Founder, Bonsai - Information Security
>>>>>>>>>>>>>>>>>>> > http://www.bonsai-sec.com/
>>>>>>>>>>>>>>>>>>> > http://w3af.sf.net/
>>>>>>>>>>>>>>>>>>> >
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>>>>>>>>>> Register Now for Creativity and Technology (CaT), June 3rd,
>>>>>>>>>>>>>>>>>>> NYC. CaT
>>>>>>>>>>>>>>>>>>> is a gathering of tech-side developers & brand creativity
>>>>>>>>>>>>>>>>>>> professionals.
>>>>>>>>>>>>>>>>>>> Meet
>>>>>>>>>>>>>>>>>>> the minds behind Google Creative Lab, Visual Complexity,
>>>>>>>>>>>>>>>>>>> Processing, &
>>>>>>>>>>>>>>>>>>> iPhoneDevCamp as they present alongside digital
>>>>>>>>>>>>>>>>>>> heavyweights like
>>>>>>>>>>>>>>>>>>> Barbarian
>>>>>>>>>>>>>>>>>>> Group, R/GA, & Big Spaceship.
>>>>>>>>>>>>>>>>>>> http://p.sf.net/sfu/creativitycat-com
>>>>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>>>> W3af-develop mailing list
>>>>>>>>>>>>>>>>>>> W3af-develop@lists.sourceforge.net
>>>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>> Andrés Riancho
>>>>>>>>>>>>>>>> Founder, Bonsai - Information Security
>>>>>>>>>>>>>>>> http://www.bonsai-sec.com/
>>>>>>>>>>>>>>>> http://w3af.sf.net/
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Andrés Riancho
>>>>>>>>>>>>> Founder, Bonsai - Information Security
>>>>>>>>>>>>> http://www.bonsai-sec.com/
>>>>>>>>>>>>> http://w3af.sf.net/
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Andrés Riancho
>>>>>>>>>>> Founder, Bonsai - Information Security
>>>>>>>>>>> http://www.bonsai-sec.com/
>>>>>>>>>>> http://w3af.sf.net/
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Andrés Riancho
>>>>>>>>> Founder, Bonsai - Information Security
>>>>>>>>> http://www.bonsai-sec.com/
>>>>>>>>> http://w3af.sf.net/
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Andrés Riancho
>>>>>>> Founder, Bonsai - Information Security
>>>>>>> http://www.bonsai-sec.com/
>>>>>>> http://w3af.sf.net/
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Andrés Riancho
>>> Founder, Bonsai - Information Security
>>> http://www.bonsai-sec.com/
>>> http://w3af.sf.net/
>>>
>>
>
>
>
> --
> Andrés Riancho
> Founder, Bonsai - Information Security
> http://www.bonsai-sec.com/
> http://w3af.sf.net/
>
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
