kawaiipunk/laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

installed plugin WPScan version 1.15.1

Browse Source
This commit is contained in:
KawaiiPunk
2021-05-13 11:27:50 +00:00
committed by Gitium
parent 2b403ab680
commit e0e2392c3c
193 changed files with 30878 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
wp-content/plugins/wpscan/security-checks/database-exports/assets/db_exports.txt Normal file
View File

@ -0,0 +1,36 @@
{domain_name}.sql
{domain_name}.sql.gz
{domain_name}.zip
db.sql
site.sql
database.sql
data.sql
dump.sql
db_backup.sql
dbdump.sql
wordpress.sql
mysql.sql
backup/{domain_name}.sql
backup/{domain_name}.sql.gz
backup/{domain_name}.zip
backup/db.sql
backup/site.sql
backup/database.sql
backup/data.sql
backup/dump.sql
backup/db_backup.sql
backup/dbdump.sql
backup/wordpress.sql
backup/mysql.sql
backups/{domain_name}.sql
backups/{domain_name}.sql.gz
backups/{domain_name}.zip
backups/db.sql
backups/site.sql
backups/database.sql
backups/data.sql
backups/dump.sql
backups/db_backup.sql
backups/dbdump.sql
backups/wordpress.sql
backups/mysql.sql

81
wp-content/plugins/wpscan/security-checks/database-exports/check.php Normal file
View File

@ -0,0 +1,81 @@
<?php
/**
* Classname: WPScan\Checks\databaseExports
*/
namespace WPScan\Checks;
// Exit if accessed directly.
defined( 'ABSPATH' ) || exit;
/**
* DatabaseExports.
*
* Checks for exported database files.
*
* @since 1.0.0
*/
class databaseExports extends Check {
/**
* Title.
*
* @since 1.0.0
* @access public
* @return string
*/
public function title() {
return __( 'Database Exports', 'wpscan' );
}
/**
* Description.
*
* @since 1.0.0
* @access public
* @return string
*/
public function description() {
return __( 'Search the file system for database export files that are publicly accessible.', 'wpscan' );
}
/**
* Success message.
*
* @since 1.0.0
* @access public
* @return string
*/
public function success_message() {
return __( 'No publicly accessible database export files were found', 'wpscan' );
}
/**
* Perform the check and save the results.
*
* @since 1.0.0
* @access public
* @return void
*/
public function perform() {
$vulnerabilities = $this->get_vulnerabilities();
$host = parse_url( get_site_url(), PHP_URL_HOST );
$text = file_get_contents( $this->dir . '/assets/db_exports.txt' );
$exports = str_replace( '{domain_name}', $host, $text );
$names = explode( PHP_EOL, $exports );
foreach ( $names as $name ) {
$path = ABSPATH . $name;
$url = esc_url( get_site_url() . '/' . $name );
if ( file_exists( $path ) ) {
$response = wp_remote_head( $url, array( 'timeout' => 5 ) );
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible database file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $name ), 'https://blog.wpscan.com/2021/01/28/wordpress-database-backup-files.html' );
}
}
}
}
}

75
wp-content/plugins/wpscan/security-checks/debuglog-files/check.php Normal file
View File

@ -0,0 +1,75 @@
<?php
/**
* Classname: WPScan\Checks\debuglogFiles
*/
namespace WPScan\Checks;
// Exit if accessed directly.
defined( 'ABSPATH' ) || exit;
/**
* DebuglogFiles.
*
* Checks for debug.log files.
*
* @since 1.0.0
*/
class debuglogFiles extends Check {
/**
* Title.
*
* @since 1.0.0
* @access public
* @return string
*/
public function title() {
return __( 'Debug Log Files', 'wpscan' );
}
/**
* Description.
*
* @since 1.0.0
* @access public
* @return string
*/
public function description() {
return __( 'Search the file system for debug log files that are publicly accessible.', 'wpscan' );
}
/**
* Success message.
*
* @since 1.0.0
* @access public
* @return string
*/
public function success_message() {
return __( 'No publicly accessible debug log files were found', 'wpscan' );
}
/**
* Perform the check and save the results.
*
* @since 1.0.0
* @access public
* @return void
*/
public function perform() {
$vulnerabilities = $this->get_vulnerabilities();
$file = ABSPATH . 'wp-content/debug.log';
if ( file_exists( $file ) ) {
$url = esc_url( get_site_url() . '/' . str_replace( ABSPATH, '', $file ) );
$response = wp_remote_head( $url, array( 'timeout' => 5 ) );
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible debug.log file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $file ), 'https://blog.wpscan.com/2021/03/18/wordpress-debug-log-files.html' );
}
}
}
}

72
wp-content/plugins/wpscan/security-checks/https/check.php Normal file
View File

@ -0,0 +1,72 @@
<?php
/**
* Classname: WPScan\Checks\https
*/
namespace WPScan\Checks;
// Exit if accessed directly.
defined( 'ABSPATH' ) || exit;
/**
* HTTPS.
*
* Checks if the website is using HTTPS.
*
* @since 1.14.0
*/
class https extends Check {
/**
* Title.
*
* @since 1.14.0
* @access public
* @return string
*/
public function title() {
return __( 'Website HTTPS', 'wpscan' );
}
/**
* Description.
*
* @since 1.14.0
* @access public
* @return string
*/
public function description() {
return __( 'Checks if your website is using HTTPS encryption for communications.', 'wpscan' );
}
/**
* Success message.
*
* @since 1.14.0
* @access public
* @return string
*/
public function success_message() {
return __( 'Your website seems to be using HTTPS', 'wpscan' );
}
/**
* Perform the check and save the results.
*
* @since 1.14.0
* @access public
* @return void
*/
public function perform() {
$vulnerabilities = $this->get_vulnerabilities();
$wp_url = get_bloginfo( 'wpurl' );
$site_url = get_bloginfo( 'url' );
// Check if the current page is using HTTPS.
if ( 'https' !== substr( $wp_url, 0, 5 ) || 'https' !== substr( $site_url, 0, 5 ) ) {
// No HTTPS used.
$this->add_vulnerability( __( 'The website does not seem to be using HTTPS (SSL/TLS) encryption for communications.', 'wpscan' ), 'high', 'https', 'https://blog.wpscan.com/2021/03/23/wordpress-ssl-tls-https.html' );
}
}
}

71
wp-content/plugins/wpscan/security-checks/secret-keys/check.php Normal file
View File

@ -0,0 +1,71 @@
<?php
/**
* Classname: WPScan\Checks\secretKeys
*/
namespace WPScan\Checks;
// Exit if accessed directly.
defined( 'ABSPATH' ) || exit;
/**
* SecretKeys.
*
* Checks for the use of WordPress secret keys.
*
* @since 1.0.0
*/
class secretKeys extends Check {
/**
* Title.
*
* @since 1.0.0
* @access public
* @return string
*/
public function title() {
return __( 'Secret Keys', 'wpscan' );
}
/**
* Description.
*
* @since 1.0.0
* @access public
* @return string
*/
public function description() {
return __( 'Check if the WordPress secret keys have been changed.', 'wpscan' );
}
/**
* Success message.
*
* @since 1.0.0
* @access public
* @return string
*/
public function success_message() {
return __( 'The WordPress secret keys were not the default values', 'wpscan' );
}
/**
* Perform the check and save the results.
*
* @since 1.0.0
* @access public
* @return void
*/
public function perform() {
$vulnerabilities = $this->get_vulnerabilities();
$keys = array( 'AUTH_KEY', 'SECURE_AUTH_KEY', 'LOGGED_IN_KEY', 'NONCE_KEY', 'AUTH_SALT', 'SECURE_AUTH_SALT', 'LOGGED_IN_SALT', 'NONCE_SALT' );
foreach ( $keys as $key ) {
if ( defined( $key ) && constant( $key ) === 'put your unique phrase here' ) {
$this->add_vulnerability( __( 'The ' . esc_html( $key ) . ' secret key in the wp-config.php file was the default key. It should be changed to a random value using', 'wpscan' ) . " <a href='https://api.wordpress.org/secret-key/1.1/salt/' target='_blank'>https://api.wordpress.org/secret-key/1.1/salt/</a>.", 'high', sanitize_title( $key ), 'https://blog.wpscan.com/2021/03/23/wordpress-secret-keys.html' );
}
}
}
}

78
wp-content/plugins/wpscan/security-checks/version-control/check.php Normal file
View File

@ -0,0 +1,78 @@
<?php
/**
* Classname: WPScan\Checks\versionControl
*/
namespace WPScan\Checks;
// Exit if accessed directly.
defined( 'ABSPATH' ) || exit;
/**
* VersionControl.
*
* Checks for version control files, such as .git and .svn.
*
* @since 1.0.0
*/
class versionControl extends Check {
/**
* Title.
*
* @since 1.0.0
* @access public
* @return string
*/
public function title() {
return __( 'Version Control Files', 'wpscan' );
}
/**
* Description.
*
* @since 1.0.0
* @access public
* @return string
*/
public function description() {
return __( 'Check if version control files, such as .git or .svn, are publicly accessible.', 'wpscan' );
}
/**
* Success message.
*
* @since 1.0.0
* @access public
* @return string
*/
public function success_message() {
return __( 'No version control files were found in the web root', 'wpscan' );
}
/**
* Perform the check and save the results.
*
* @since 1.0.0
* @access public
* @return void
*/
public function perform() {
$vulnerabilities = $this->get_vulnerabilities();
$files = array( '.svn', '.git' );
foreach ( $files as $file ) {
$url = esc_html( get_site_url() . '/' . $file );
if ( file_exists( ABSPATH . $file ) ) {
$response = wp_remote_head( $url, array( 'timeout' => 5 ) );
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible ' . esc_html( $file ) . ' file was found. The file could expose your websites\'s source code.', 'wpscan' ), 'high', sanitize_title( $file ), 'https://blog.wpscan.com/2021/03/23/wordpress-version-control-files.html' );
}
}
}
}
}

208
wp-content/plugins/wpscan/security-checks/weak-passwords/assets/passwords.txt Normal file
View File

@ -0,0 +1,208 @@
123456
password
123456789
12345678
12345
qwerty
123123
111111
abc123
1234567
dragon
1q2w3e4r
sunshine
654321
master
1234
football
1234567890
000000
computer
666666
superman
michael
internet
iloveyou
daniel
1qaz2wsx
monkey
shadow
jessica
letmein
baseball
whatever
princess
abcd1234
123321
starwars
121212
thomas
zxcvbnm
trustno1
killer
welcome
jordan
aaaaaa
123qwe
freedom
password1
charlie
batman
jennifer
7777777
michelle
diamond
oliver
mercedes
benjamin
11111111
snoopy
samantha
victoria
matrix
george
alexander
secret
cookie
asdfgh
987654321
123abc
orange
fuckyou
asdf1234
pepper
hunter
silver
joshua
banana
1q2w3e
chelsea
1234qwer
summer
qwertyuiop
phoenix
andrew
q1w2e3r4
elephant
rainbow
mustang
merlin
london
garfield
robert
chocolate
112233
samsung
qazwsx
matthew
buster
jonathan
ginger
flower
555555
test
caroline
amanda
maverick
midnight
martin
junior
88888888
anthony
jasmine
creative
patrick
mickey
123
qwerty123
cocacola
chicken
passw0rd
forever
william
nicole
hello
yellow
nirvana
justin
friends
cheese
tigger
mother
liverpool
blink182
asdfghjkl
andrea
spider
scooter
richard
soccer
rachel
purple
morgan
melissa
jackson
arsenal
222222
qwe123
gabriel
ferrari
jasper
danielle
bandit
angela
scorpion
prince
maggie
austin
veronica
nicholas
monster
dexter
carlos
thunder
success
hannah
ashley
131313
stella
brandon
pokemon
joseph
asdfasdf
999999
metallica
december
chester
taylor
sophie
samuel
rabbit
crystal
barney
xxxxxx
steven
ranger
patricia
christian
asshole
spiderman
sandra
hockey
angels
security
parker
heather
888888
victor
harley
333333
system
slipknot
november
jordan23
canada
tennis
qwertyui
casper
admin

96
wp-content/plugins/wpscan/security-checks/weak-passwords/check.php Normal file
View File

@ -0,0 +1,96 @@
<?php
/**
* Classname: WPScan\Checks\weakPasswords
*/
namespace WPScan\Checks;
// Exit if accessed directly.
defined( 'ABSPATH' ) || exit;
/**
* WeakPasswords.
*
* Checks if privileged users are using weak passwords.
*
* @since 1.14.0
*/
class weakPasswords extends Check {
/**
* Title.
*
* @since 1.14.0
* @access public
* @return string
*/
public function title() {
return __( 'Weak Passwords', 'wpscan' );
}
/**
* Description.
*
* @since 1.14.0
* @access public
* @return string
*/
public function description() {
return __( 'Checks if privileged users are using any passwords from our weak password list.', 'wpscan' );
}
/**
* Success message.
*
* @since 1.14.0
* @access public
* @return string
*/
public function success_message() {
return __( 'We were not able to brute force the password of any privileged user', 'wpscan' );
}
/**
* Perform the check and save the results.
*
* @since 1.14.0
* @access public
* @return void
*/
public function perform() {
$vulnerabilities = $this->get_vulnerabilities();
// Password list from: https://github.com/danielmiessler/SecLists/blob/master/Passwords/probable-v2-top207.txt.
$users = get_users( array( 'role__in' => array( 'super_admin', 'administrator', 'editor', 'author', 'contributor' ) ) );
$passwords = file( $this->dir . '/assets/passwords.txt', FILE_IGNORE_NEW_LINES );
$found = array();
foreach ( $users as $user ) {
$username = $user->user_login;
foreach ( $passwords as $password ) {
if ( wp_check_password( $password, $user->data->user_pass, $user->ID ) ) {
array_push( $found, $username );
break;
}
}
}
if ( ! empty( $found ) ) {
if ( 1 === count( $found ) ) {
$text = sprintf(
__( 'The %s user was found to have a weak password. The user\'s password should be updated immediately.', 'wpscan' ),
esc_html( $found[0] )
);
} else {
$found = implode( ', ', $found );
$text = sprintf(
__( 'The %s users were found to have weak passwords. The users\' passwords should be updated immediately.', 'wpscan' ),
esc_html( $found )
);
}
$this->add_vulnerability( $text, 'high', 'weak-passwords', 'https://blog.wpscan.com/wpscan/2019/09/17/wpscan-brute-force.html' );
}
}
}

81
wp-content/plugins/wpscan/security-checks/wpconfig-backups/check.php Normal file
View File

@ -0,0 +1,81 @@
<?php
/**
* Classname: WPScan\Checks\wpconfigBackups
*/
namespace WPScan\Checks;
// Exit if accessed directly.
defined( 'ABSPATH' ) || exit;
/**
* WPconfigBackups.
*
* Checks for wp-config.php backed up files.
*
* @since 1.0.0
*/
class wpconfigBackups extends Check {
/**
* Title.
*
* @since 1.0.0
* @access public
* @return string
*/
public function title() {
return __( 'Configuration Backups', 'wpscan' );
}
/**
* Description.
*
* @since 1.0.0
* @access public
* @return string
*/
public function description() {
return __( 'Search the file system for wp-config.php backup files that are publicly accessible.', 'wpscan' );
}
/**
* Success message.
*
* @since 1.0.0
* @access public
* @return string
*/
public function success_message() {
return __( 'No publicly accessible wp-config.php backup files were found', 'wpscan' );
}
/**
* Perform the check and save the results.
*
* @since 1.0.0
* @access public
* @return void
*/
public function perform() {
$vulnerabilities = $this->get_vulnerabilities();
$config_files = str_replace( ABSPATH, '', glob( ABSPATH . 'wp-config.*' ) );
foreach ( $config_files as $config_file ) {
if ( 'wp-config.php' === $config_file ) continue; // Ignore wp-config.php file.
$path = ABSPATH . $config_file;
$url = esc_url( get_site_url() . '/' . $config_file );
if ( file_exists( $path ) ) {
$response = wp_remote_head( $url, array( 'timeout' => 5 ) );
$code = wp_remote_retrieve_response_code( $response );
if ( 200 === $code ) {
$this->add_vulnerability( __( 'A publicly accessible wp-config.php backup file was found in', 'wpscan' ) . " <a href='$url' target='_blank'>$url</a>.", 'high', sanitize_title( $path ), 'https://blog.wpscan.com/2021/04/01/wordpress-wp-config-backup-file.html' );
}
}
}
}
}

91
wp-content/plugins/wpscan/security-checks/xmlrpc-enabled/check.php Normal file
View File

@ -0,0 +1,91 @@
<?php
/**
* Classname: WPScan\Checks\xmlrpcEnabled
*/
namespace WPScan\Checks;
// Exit if accessed directly.
defined( 'ABSPATH' ) || exit;
/**
* XMLrpcEnabled.
*
* Checks if XML-RPC is enabled.
*
* @since 1.0.0
*/
class xmlrpcEnabled extends Check {
/**
* Title.
*
* @since 1.0.0
* @access public
* @return string
*/
public function title() {
return __( 'XML-RPC Enabled', 'wpscan' );
}
/**
* Description.
*
* @since 1.0.0
* @access public
* @return string
*/
public function description() {
return __( 'Check if the WordPress XML-RPC is enabled', 'wpscan' );
}
/**
* Success message.
*
* @since 1.0.0
* @access public
* @return string
*/
public function success_message() {
return __( 'XML-RPC was found to be disabled', 'wpscan' );
}
/**
* Perform the check and save the results.
*
* @since 1.0.0
* @access public
* @return void
*/
public function perform() {
$vulnerabilities = $this->get_vulnerabilities();
$url = get_site_url() . '/xmlrpc.php';
// First check if the xmlrpc.php file returns a 405 code.
$is_available = wp_remote_get( $url, array( 'timeout' => 5 ) );
$is_available_code = wp_remote_retrieve_response_code( $is_available );
if ( 405 !== $is_available_code ) return;
// Try an authenticated request.
$authenticated_body = '<?xml version="1.0" encoding="iso-8859-1"?><methodCall><methodName>wp.getUsers</methodName><params><param><value>1</value></param><param><value>username</value></param><param><value>password</value></param></params></methodCall>';
$authenticated_response = wp_remote_post( $url, array( 'body' => $authenticated_body ) );
if ( is_wp_error( $authenticated_response ) ) {
// The authenticated_response returned a WP_Error.
error_log( $authenticated_response->get_error_message() );
} else {
if ( preg_match( '/<string>Incorrect username or password.<\/string>/', $authenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is enabled. This significantly increases your site\'s attack surface.', 'wpscan' ), 'medium', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' );
return;
} else {
// Try an unauthenticated request.
$unauthenticated_body = '<?xml version="1.0" encoding="iso-8859-1"?><methodCall><methodName>demo.sayHello</methodName><params><param></param></params></methodCall>';
$unauthenticated_response = wp_remote_post( $url, array( 'body' => $unauthenticated_body ) );
if ( preg_match( '/<string>Hello!<\/string>/', $unauthenticated_response['body'] ) ) {
$this->add_vulnerability( __( 'The XML-RPC interface is partly disabled, but still allows unauthenticated requests.', 'wpscan' ), 'low', sanitize_title( $url ), 'https://blog.wpscan.com/2021/01/25/wordpress-xmlrpc-security.html' );
}
}
}
}
}