wapiti-scanner · OussamaBeng · Apr 26, 2024
diff --git a/wapitiCore/attack/cms/cms_common.py b/wapitiCore/attack/cms/cms_common.py
@@ -4,6 +4,8 @@
 from os.path import join as path_join
 
 from typing import Tuple
+from urllib.parse import urlparse
+
 from httpx import RequestError
 
 from wapitiCore.attack.attack import Attack
@@ -27,6 +29,12 @@ class CommonCMS(Attack):
     name = "cms"
     versions = []
 
+    def get_root_url(self, url):
+        parsed_url = urlparse(url)
+        # Reconstruct the root URL without the path
+        root_url = parsed_url.scheme + '://' + parsed_url.netloc + '/'
+        return root_url
+
     def get_hashes(self, payloads_hash):
         with open(path_join(self.DATA_DIR, payloads_hash), errors="ignore", encoding='utf-8') as hashes:
             data = json.load(hashes)

diff --git a/wapitiCore/attack/cms/mod_drupal_enum.py b/wapitiCore/attack/cms/mod_drupal_enum.py
@@ -1,5 +1,7 @@
 import json
 from typing import Optional
+from urllib.parse import urljoin
+
 from httpx import RequestError
 
 from wapitiCore.net import Request
@@ -21,7 +23,8 @@ class ModuleDrupalEnum(CommonCMS):
     async def check_drupal(self, url):
         check_list = ['core/misc/drupal.js', 'misc/drupal.js']
         for item in check_list:
-            request = Request(f'{url}{item}', 'GET')
+            item_url = urljoin(url, item)
+            request = Request(item_url, 'GET')
             try:
                 response: Response = await self.crawler.async_send(request, follow_redirects=True)
             except RequestError:
@@ -48,32 +51,44 @@ async def must_attack(self, request: Request, response: Optional[Response] = Non
 
     async def attack(self, request: Request, response: Optional[Response] = None):
         self.finished = True
-        request_to_root = Request(request.url)
+        is_drupal_detected = False
+        target_url = [request.url]
+        root_url = self.get_root_url(request.url)
+        if request.url != root_url:
+            target_url.append(root_url)
+
+        request_to_root = request
 
-        if await self.check_drupal(request_to_root.url):
-            await self.detect_version(self.PAYLOADS_HASH, request_to_root.url)  # Call the method on the instance
-            self.versions = sorted(self.versions, key=lambda x: x.split('.')) if self.versions else []
+        for url in target_url:
+            request_to_root = Request(url)
 
-            drupal_detected = {
-                "name": "Drupal",
-                "versions": self.versions,
-                "categories": ["CMS Drupal"],
-                "groups": ["Content"]
-            }
+            if await self.check_drupal(request_to_root.url):
+                is_drupal_detected = True
+                await self.detect_version(self.PAYLOADS_HASH, request_to_root.url)  # Call the method on the instance
+                self.versions = sorted(self.versions, key=lambda x: x.split('.')) if self.versions else []
+                if self.versions:
+                    break
 
+        drupal_detected = {
+            "name": "Drupal",
+            "versions": self.versions,
+            "categories": ["CMS Drupal"],
+            "groups": ["Content"]
+        }
+
+        if self.versions:
+            await self.add_vuln_info(
+                category=WEB_APP_VERSIONED,
+                request=request_to_root,
+                info=json.dumps(drupal_detected),
+                wstg=WEB_WSTG_CODE
+            )
+        if is_drupal_detected:
             log_blue(
                 MSG_TECHNO_VERSIONED,
                 "Drupal",
                 self.versions
             )
-
-            if self.versions:
-                await self.add_vuln_info(
-                    category=WEB_APP_VERSIONED,
-                    request=request_to_root,
-                    info=json.dumps(drupal_detected),
-                    wstg=WEB_WSTG_CODE
-                )
             await self.add_addition(
                 category=TECHNO_DETECTED,
                 request=request_to_root,

diff --git a/wapitiCore/attack/cms/mod_joomla_enum.py b/wapitiCore/attack/cms/mod_joomla_enum.py
@@ -20,7 +20,7 @@ class ModuleJoomlaEnum(CommonCMS):
 
     async def check_joomla(self, url):
 
-        request = Request(f'{url}', 'GET')
+        request = Request(url, 'GET')
         try:
             response: Response = await self.crawler.async_send(request, follow_redirects=True)
         except RequestError:
@@ -47,37 +47,49 @@ async def must_attack(self, request: Request, response: Optional[Response] = Non
 
     async def attack(self, request: Request, response: Optional[Response] = None):
         self.finished = True
-        request_to_root = Request(request.url)
+        is_joomla_detected = False
+        target_url = [request.url]
+        root_url = self.get_root_url(request.url)
+        if request.url != root_url:
+            target_url.append(root_url)
 
-        if await self.check_joomla(request_to_root.url):
-            await self.detect_version(self.PAYLOADS_HASH, request_to_root.url)
-            self.versions = sorted(self.versions, key=lambda x: x.split('.')) if self.versions else []
+        request_to_root = request
 
-            joomla_detected = {
-                "name": "Joomla!",
-                "versions": self.versions,
-                "categories": ["CMS Joomla"],
-                "groups": ["Content"]
-            }
+        for url in target_url:
+            request_to_root = Request(url)
 
+            if await self.check_joomla(request_to_root.url):
+                is_joomla_detected = True
+                await self.detect_version(self.PAYLOADS_HASH, request_to_root.url)
+                self.versions = sorted(self.versions, key=lambda x: x.split('.')) if self.versions else []
+                if self.versions:
+                    break
+
+        joomla_detected = {
+            "name": "Joomla!",
+            "versions": self.versions,
+            "categories": ["CMS Joomla"],
+            "groups": ["Content"]
+        }
+
+        if self.versions:
+            await self.add_vuln_info(
+                category=WEB_APP_VERSIONED,
+                request=request_to_root,
+                info=json.dumps(joomla_detected),
+                wstg=WEB_WSTG_CODE
+            )
+        if is_joomla_detected:
             log_blue(
                 MSG_TECHNO_VERSIONED,
                 "Joomla!",
                 self.versions
             )
-
-            if self.versions:
-                await self.add_vuln_info(
-                    category=WEB_APP_VERSIONED,
-                    request=request_to_root,
-                    info=json.dumps(joomla_detected),
-                    wstg=WEB_WSTG_CODE
-                )
             await self.add_addition(
                 category=TECHNO_DETECTED,
                 request=request_to_root,
                 info=json.dumps(joomla_detected),
                 wstg=WSTG_CODE
-            )
+                )
         else:
             log_blue(MSG_NO_JOOMLA)
diff --git a/wapitiCore/attack/cms/mod_prestashop_enum.py b/wapitiCore/attack/cms/mod_prestashop_enum.py
@@ -21,7 +21,7 @@ class ModulePrestashopEnum(CommonCMS):
 
     async def check_prestashop(self, url):
 
-        request = Request(f'{url}', 'GET')
+        request = Request(url, 'GET')
         try:
             response: Response = await self.crawler.async_send(request, follow_redirects=True)
         except RequestError:
@@ -62,32 +62,46 @@ async def must_attack(self, request: Request, response: Optional[Response] = Non
 
     async def attack(self, request: Request, response: Optional[Response] = None):
         self.finished = True
-        request_to_root = Request(request.url)
-
-        if await self.check_prestashop(request_to_root.url):
-            await self.detect_version(self.PAYLOADS_HASH, request_to_root.url)
-            self.versions = sorted(self.versions, key=lambda x: x.split('.')) if self.versions else []
-
-            prestashop_detected = {
-                "name": "PrestaShop",
-                "versions": self.versions,
-                "categories": ["CMS PrestaShop"],
-                "groups": ["Content"]
-            }
-
+        is_prestashop_detected = False
+        target_url = [request.url]
+        root_url = self.get_root_url(request.url)
+        if request.url != root_url:
+            target_url.append(root_url)
+
+        request_to_root = request
+
+        for url in target_url:
+            request_to_root = Request(url)
+
+            if await self.check_prestashop(request_to_root.url):
+                is_prestashop_detected = True
+                await self.detect_version(self.PAYLOADS_HASH, request_to_root.url)
+                self.versions = sorted(self.versions, key=lambda x: x.split('.')) if self.versions else []
+                if self.versions:
+                    break
+
+        prestashop_detected = {
+            "name": "PrestaShop",
+            "versions": self.versions,
+            "categories": ["CMS PrestaShop"],
+            "groups": ["Content"]
+        }
+
+
+        if self.versions:
+            await self.add_vuln_info(
+                category=WEB_APP_VERSIONED,
+                request=request_to_root,
+                info=json.dumps(prestashop_detected),
+                wstg=WEB_WSTG_CODE
+            )
+        if is_prestashop_detected:
             log_blue(
                 MSG_TECHNO_VERSIONED,
                 "PrestaShop",
                 self.versions
             )
 
-            if self.versions:
-                await self.add_vuln_info(
-                    category=WEB_APP_VERSIONED,
-                    request=request_to_root,
-                    info=json.dumps(prestashop_detected),
-                    wstg=WEB_WSTG_CODE
-                )
             await self.add_addition(
                 category=TECHNO_DETECTED,
                 request=request_to_root,

diff --git a/wapitiCore/attack/cms/mod_spip_enum.py b/wapitiCore/attack/cms/mod_spip_enum.py
@@ -22,7 +22,7 @@ class ModuleSpipEnum(CommonCMS):
 
     async def check_spip(self, url):
 
-        request = Request(f'{url}', 'GET')
+        request = Request(url, 'GET')
         try:
             response: Response = await self.crawler.async_send(request, follow_redirects=True)
         except RequestError:
@@ -57,32 +57,44 @@ async def must_attack(self, request: Request, response: Optional[Response] = Non
 
     async def attack(self, request: Request, response: Optional[Response] = None):
         self.finished = True
-        request_to_root = Request(request.url)
-
-        if await self.check_spip(request_to_root.url):
-            await self.detect_version(self.PAYLOADS_HASH, request_to_root.url)  # Call the method on the instance
-            self.versions = sorted(self.versions, key=lambda x: x.split('.')) if self.versions else []
-
-            spip_detected = {
-                "name": "SPIP",
-                "versions": self.versions,
-                "categories": ["CMS SPIP"],
-                "groups": ["Content"]
-            }
-
+        is_spip_detectd = False
+        target_url = [request.url]
+        root_url = self.get_root_url(request.url)
+        if request.url != root_url:
+            target_url.append(root_url)
+
+        request_to_root = request
+
+        for url in target_url:
+            request_to_root = Request(url)
+
+            if await self.check_spip(request_to_root.url):
+                is_spip_detectd = True
+                await self.detect_version(self.PAYLOADS_HASH, request_to_root.url)  # Call the method on the instance
+                self.versions = sorted(self.versions, key=lambda x: x.split('.')) if self.versions else []
+                if self.versions:
+                    break
+
+        spip_detected = {
+            "name": "SPIP",
+            "versions": self.versions,
+            "categories": ["CMS SPIP"],
+            "groups": ["Content"]
+        }
+
+        if self.versions:
+            await self.add_vuln_info(
+                category=WEB_APP_VERSIONED,
+                request=request_to_root,
+                info=json.dumps(spip_detected),
+                wstg=WEB_WSTG_CODE
+            )
+        if is_spip_detectd:
             log_blue(
                 MSG_TECHNO_VERSIONED,
                 "SPIP",
                 self.versions
             )
-
-            if self.versions:
-                await self.add_vuln_info(
-                    category=WEB_APP_VERSIONED,
-                    request=request_to_root,
-                    info=json.dumps(spip_detected),
-                    wstg=WEB_WSTG_CODE
-                )
             await self.add_addition(
                 category=TECHNO_DETECTED,
                 request=request_to_root,