refactoring

2012-09-21 23:37:31 +02:00
parent 3590f5ed2f
commit 082235abb5
14 changed files with 47 additions and 56 deletions
--- a/lib/wpscan/exploit.rb
+++ b/lib/wpscan/exploit.rb
@@ -74,7 +74,7 @@ class Exploit
      session_spawn_timer = Time.new
      while sessions.nil? or sessions.empty?
        # wait for a session to spawn with a timeout of 1 minute
-        if (Time.now - session_spawn_timer > 60)
+        if Time.now - session_spawn_timer > 60
          puts "[ERROR] Session was not created... exiting."
          return false
        end
--- a/lib/wpscan/modules/web_site.rb
+++ b/lib/wpscan/modules/web_site.rb
@@ -54,6 +54,7 @@ module WebSite
  # see if the remote url returns 30x redirect
  # return a string with the redirection or nil
  def redirection(url = nil)
+    redirection = nil
    url ||= @uri.to_s
    response = Browser.instance.get(url)

--- a/lib/wpscan/modules/wp_config_backup.rb
+++ b/lib/wpscan/modules/wp_config_backup.rb
@@ -47,10 +47,11 @@ module WpConfigBackup

  # @return Array
  def self.config_backup_files
-    [
-      'wp-config.php~','#wp-config.php#','wp-config.php.save','wp-config.php.swp','wp-config.php.swo','wp-config.php_bak',
-      'wp-config.bak', 'wp-config.php.bak', 'wp-config.save'
-    ] # thanks to Feross.org for these
+    %w{
+      wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
+      wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
+      wp-config.org wp-config.php.original wp-config.original
+    } # thanks to Feross.org for these
  end

 end
--- a/lib/wpscan/modules/wp_login_protection.rb
+++ b/lib/wpscan/modules/wp_login_protection.rb
@@ -18,7 +18,7 @@

 module WpLoginProtection

-  @@login_protection_method_pattern = /^has_(.*)_protection\?/i
+  LOGIN_PROTECTION_METHOD_PATTERN = /^has_(.*)_protection\?/i
  # Used as cache
  @login_protection_plugin = nil

@@ -31,10 +31,10 @@ module WpLoginProtection
  # return a WpPlugin object or nil if no one is found
  def login_protection_plugin
    unless @login_protection_plugin
-      protected_methods.grep(@@login_protection_method_pattern).each do |symbol_to_call|
+      protected_methods.grep(LOGIN_PROTECTION_METHOD_PATTERN).each do |symbol_to_call|

        if send(symbol_to_call)
-          plugin_name = symbol_to_call[@@login_protection_method_pattern, 1].gsub('_', '-')
+          plugin_name = symbol_to_call[LOGIN_PROTECTION_METHOD_PATTERN, 1].gsub('_', '-')

          return @login_protection_plugin = WpPlugin.new(
              :name => plugin_name,
--- a/lib/wpscan/msfrpc_client.rb
+++ b/lib/wpscan/msfrpc_client.rb
@@ -71,84 +71,73 @@ class RpcClient

  def get_exploit_info(name)
    authenticate()
-    result = @server.call('module.info', @auth_token, 'exploit', name)
-    return result
+    @server.call('module.info', @auth_token, 'exploit', name)
  end

  # retrieve exploit options

  def get_options(name)
    authenticate()
-    result = @server.call('module.options', @auth_token, 'exploit',name)
-    return result
+    @server.call('module.options', @auth_token, 'exploit',name)
  end

  # retrieve the exploit payloads

  def get_payloads(name)
    authenticate()
-    result = @server.call('module.compatible_payloads', @auth_token, name)
-    return result
+    @server.call('module.compatible_payloads', @auth_token, name)
  end

  # execute exploit

  def exploit(name, opts)
    authenticate()
-    result = @server.call('module.execute', @auth_token, 'exploit', name, opts)
-    return result
+    @server.call('module.execute', @auth_token, 'exploit', name, opts)
  end
 
  # list msf jobs

  def jobs()
    authenticate()
-    result = @server.call('job.list', @auth_token)
-    return result
+    @server.call('job.list', @auth_token)
  end

  # list msf sessions

  def sessions()
    authenticate()
-    result = @server.call('session.list', @auth_token)
-    return result
+    @server.call('session.list', @auth_token)
  end

  # kill msf session

  def kill_session(id)
    authenticate()
-    result = @server.call('session.stop', @auth_token, id)
-    return result
+    @server.call('session.stop', @auth_token, id)
  end

  # reads any pending output from session

  def read_shell(id)
    authenticate()
-    result = @server.call('session.shell_read', @auth_token, id)
-    return result
+    @server.call('session.shell_read', @auth_token, id)
  end

  # writes the specified input into the session

  def write_shell(id, data)
    authenticate()
-    result = @server.call('session.shell_write', @auth_token, id, data)
-    return result
+    @server.call('session.shell_write', @auth_token, id, data)
  end

  def meterpreter_read(id)
    authenticate()
-    result = @server.call('session.meterpreter_read', @auth_token, id)
-    return result
+    @server.call('session.meterpreter_read', @auth_token, id)
  end

  def meterpreter_write(id, data)
    authenticate()
-    result = @server.call('session.meterpreter_write', @auth_token, id, data)
-    return result
+    @server.call('session.meterpreter_write', @auth_token, id, data)
  end

 end
--- a/lib/wpscan/wp_detector.rb
+++ b/lib/wpscan/wp_detector.rb
@@ -36,7 +36,7 @@ class WpDetector
          break
        end
      end
-      if not already_present
+      unless already_present
        result << enum_result
      end
    end
--- a/lib/wpscan/wp_enumerator.rb
+++ b/lib/wpscan/wp_enumerator.rb
@@ -94,7 +94,7 @@ class WpEnumerator
    type              = options[:type]
    targets_url       = []

-    if only_vulnerable == false
+    unless only_vulnerable
      # Open and parse the 'most popular' plugin list...
      File.open(file, 'r') do |f|
        f.readlines.collect do |line|
--- a/lib/wpscan/wp_theme.rb
+++ b/lib/wpscan/wp_theme.rb
@@ -58,7 +58,8 @@ class WpTheme < WpItem
  def self.find_from_css_link(target_uri)
    response = Browser.instance.get(target_uri.to_s, { :follow_location => true, :max_redirects => 2 })

-    if matches = %r{https?://[^"']+/themes/([^"']+)/style.css}i.match(response.body)
+    matches = %r{https?://[^"']+/themes/([^"']+)/style.css}i.match(response.body)
+    if matches
      style_url = matches[0]
      theme_name = matches[1]

@@ -76,7 +77,8 @@ class WpTheme < WpItem
    body = Browser.instance.get(target_uri.to_s).body
    regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}

-    if matches = regexp.match(body)
+    matches = regexp.match(body)
+    if matches
      woo_theme_name        = matches[1]
      woo_theme_version     = matches[2]
      woo_framework_version = matches[3] # Not used at this time
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -176,7 +176,8 @@ class WpscanOptions
    if value =~ /u/
      @enumerate_usernames = true
      # Check for usernames range
-      if matches = %r{\[([\d]+)-([\d]+)\]}.match(value)
+      matches = %r{\[([\d]+)-([\d]+)\]}.match(value)
+      if matches
        @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i)
      end
    end