search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.37k stars 1.24k forks source link

Add an option to set url for get plugins list from custom wordpress api #1843

Open z-avanes opened 1 month ago

z-avanes commented 1 month ago

Hi, The current method for estimating installed plugins is not 100% accurate. I think if we create a plugin that, after installation, exposes the list of installed plugins through a custom API then WPScan can get that list and process it and the result going to 100% accurate.

Sample command wp --url http://test.com --plugins-url http://test.com/wp-json/custom/v1/plugins?key=test Sample of plugin code


class Custom_Plugins_API
{
    const API_KEY = '';

    public function __construct()
    {
        add_action('rest_api_init', [$this, 'register_routes']);
    }

    public function register_routes()
    {
        register_rest_route('custom/v1', '/plugins', array(
            'methods' => 'GET',
            'callback' => [$this, 'get_installed_plugins'],
            'permission_callback' => [$this, 'validate_api_key'],
        ));
    }

    public function validate_api_key($request)
    {
        $api_key = $request->get_param('key');
        return $api_key && $api_key === self::API_KEY;
    }

    public function get_installed_plugins()
    {
        if (!function_exists('get_plugins')) {
            require_once ABSPATH . 'wp-admin/includes/plugin.php';
        }

        $all_plugins = get_plugins();
        $plugins_info = array();

        foreach ($all_plugins as $plugin_file => $plugin_data) {
            $plugins_info[] = array(
                'name' => $plugin_data['Name'],
                'version' => $plugin_data['Version'],
            );
        }

        return new \WP_REST_Response($plugins_info, 200);
    }
}

new Custom_Plugins_API();