Skip to content

Commit

Permalink
Added test files for the wp_enum module
Browse files Browse the repository at this point in the history
  • Loading branch information
@RMI78 @bretfourbe
RMI78 authored and bretfourbe committed Aug 4, 2023
1 parent 2e81fb4 commit 44c0ada
Show file tree
Hide file tree
Showing 7 changed files with 1,728 additions and 0 deletions.
41 changes: 41 additions & 0 deletions tests/integration/docker-compose.setup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,44 @@ services:
volumes:
- ./test_mod_xss/php/src:/var/www/html/

# First, all the different databases required to run the containers
wp_db:
<<: [ *default_mysql_setup, *healthcheck_mysql ]
volumes:
- wp_db_data:/var/lib/mysql
- ./test_mod_wp_enum/mock_wp_db.sql:/docker-entrypoint-initdb.d/mock_wp_db.sql
restart: always
environment:
MYSQL_ROOT_PASSWORD: ${WP_MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: ${WP_MYSQL_DATABASE}
MYSQL_USER: ${WP_MYSQL_USER}
MYSQL_PASSWORD: ${WP_MYSQL_PASSWORD}

# Wordpress container
wordpress:
build:
context: ./test_mod_wp_enum/
dockerfile: Dockerfile
args:
WP_HASH_TAG: ${WP_HASH}
healthcheck:
test: ${DEFAULT_WEB_HEALTHCHECK_COMMAND}
interval: ${DEFAULT_HEALTHCHECKS_INTERVAL}
timeout: ${DEFAULT_HEALTHCHECKS_TIMEOUT}
start_period: ${DEFAULT_HEALTHCHECKS_START_PERIOD}
retries: 30
depends_on:
wp_db:
condition: service_healthy
restart: always
environment:
WORDPRESS_DB_HOST: wp_db:3306
WORDPRESS_DB_USER: ${WP_MYSQL_USER}
WORDPRESS_DB_PASSWORD: ${WP_MYSQL_PASSWORD}
WORDPRESS_DB_NAME: ${WP_MYSQL_DATABASE}
networks:
- test-network

# Wapiti container
# requires all the targets containers to work perfectly
wapiti:
Expand Down Expand Up @@ -420,10 +458,13 @@ services:
condition: service_healthy
http_headers:
condition: service_healthy
wordpress:
condition: service_healthy

volumes:
drupal9_db_data:
drupal10_db_data:
timesql_db_data:
wp_db_data:
networks:
test-network:
1 change: 1 addition & 0 deletions tests/integration/run.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ test_mod_ssrf \
test_mod_sql \
test_mod_timesql \
test_mod_wapp \
test_mod_wp_enum \
test_mod_xss \
test_mod_xxe "

Expand Down
35 changes: 35 additions & 0 deletions tests/integration/test_mod_wp_enum/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
ARG WP_HASH_TAG=":6.2.0"
FROM wordpress${WP_HASH_TAG}

ENV DEPENDENCIES "curl unzip"

# Install zip utility
RUN apt-get update -y &&\
apt-get install ${DEPENDENCIES} -y --no-install-recommends &&\
apt-get -y autoremove &&\
apt-get clean

# Pre-moving files for a lightest image
RUN rm -rf /var/www/html/* &&\
mv /usr/src/wordpress/* /var/www/html/

# Install Contact Form 7 plugin
# Yoast SEO plugin
# Jetpack plugin
# WorFence plugin
# WPForms plugin
# OceanWP Theme
RUN echo 'https://downloads.wordpress.org/plugin/contact-form-7.5.7.5.zip' \
'https://downloads.wordpress.org/plugin/wordpress-seo.19.7.1.zip' \
'https://downloads.wordpress.org/plugin/jetpack.11.9.zip' \
'https://downloads.wordpress.org/plugin/wordfence.7.5.0.zip' \
'https://downloads.wordpress.org/plugin/wpforms-lite.1.7.5.3.zip' \
'https://downloads.wordpress.org/theme/oceanwp.3.4.3.zip' \
| xargs -P 6 -I {} sh -c 'curl -o /tmp/$(basename {} | cut -d'.' -f1).zip -SL {} && \
unzip -o /tmp/$(basename {} | cut -d'.' -f1) -d /var/www/html/wp-content/$(echo {} | cut -d'/' -f4)s/ && \
rm /tmp/$(basename {} | cut -d'.' -f1).zip'



# Start Apache
CMD ["apache2-foreground"]
1 change: 1 addition & 0 deletions tests/integration/test_mod_wp_enum/assertions/check.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
../../check.sh
146 changes: 146 additions & 0 deletions tests/integration/test_mod_wp_enum/assertions/wordpress.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
{
"vulnerabilities": {
"Fingerprint web application framework": []
},
"additionals": {
"Fingerprint web technology": [
{
"method": "GET",
"path": "//wp-content/plugins/akismet/readme.txt",
"info": "{\"name\": \"akismet\", \"versions\": [\"\"], \"categories\": [\"WordPress plugins\"], \"groups\": [\"Add-ons\"]}",
"level": 0,
"parameter": "",
"module": "wp_enum",
"http_request": "GET //wp-content/plugins/akismet/readme.txt HTTP/1.1\nhost: wordpress\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"wstg": [
"WSTG-INFO-02",
"WSTG-INFO-08"
],
"detail": {
"response": {
"status_code": 403,
"headers": [
[
"connection",
"Keep-Alive"
],
[
"content-length",
"274"
],
[
"content-type",
"text/html; charset=iso-8859-1"
],
[
"server",
"Apache/2.4.56 (Debian)"
]
]
}
}
},
{
"method": "GET",
"path": "//wp-content/plugins/contact-form-7/readme.txt",
"info": "{\"name\": \"contact-form-7\", \"versions\": [\"5.7.5\"], \"categories\": [\"WordPress plugins\"], \"groups\": [\"Add-ons\"]}",
"level": 0,
"parameter": "",
"module": "wp_enum",
"http_request": "GET //wp-content/plugins/contact-form-7/readme.txt HTTP/1.1\nhost: wordpress\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"wstg": [
"WSTG-INFO-02",
"WSTG-INFO-08"
],
"detail": {
"response": {
"status_code": 200,
"headers": [
[
"accept-ranges",
"bytes"
],
[
"connection",
"Keep-Alive"
],
[
"content-length",
"1750"
],
[
"content-type",
"text/plain"
],
[
"server",
"Apache/2.4.56 (Debian)"
],
[
"vary",
"Accept-Encoding"
]
]
}
}
},
{
"method": "GET",
"path": "//wp-content/themes/twentytwentyone/readme.txt",
"info": "{\"name\": \"twentytwentyone\", \"versions\": [\"1.8\"], \"categories\": [\"WordPress themes\"], \"groups\": [\"Add-ons\"]}",
"level": 0,
"parameter": "",
"module": "wp_enum",
"http_request": "GET //wp-content/themes/twentytwentyone/readme.txt HTTP/1.1\nhost: wordpress\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"wstg": [
"WSTG-INFO-02",
"WSTG-INFO-08"
],
"detail": {
"response": {
"status_code": 200,
"headers": [
[
"accept-ranges",
"bytes"
],
[
"connection",
"Keep-Alive"
],
[
"content-length",
"1957"
],
[
"content-type",
"text/plain"
],
[
"server",
"Apache/2.4.56 (Debian)"
],
[
"vary",
"Accept-Encoding"
]
]
}
}
},
{
"method": "GET",
"path": "/feed/rss2/",
"info": "{\"name\": \"WordPress\", \"versions\": [], \"categories\": [\"CMS\", \"Blogs\"], \"groups\": [\"Content\"]}",
"level": 0,
"parameter": "",
"module": "wp_enum",
"http_request": "GET /feed/rss2/ HTTP/1.1\nhost: wordpress\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"wstg": [],
"detail": {
"response": null
}
}
]
}
}
Loading

0 comments on commit 44c0ada

Please sign in to comment.