Add check for .sql backup files

2018-06-07 17:17:39 +02:00
parent 85b491472a
commit 0e73774bd9
3 changed files with 40 additions and 0 deletions
--- a/lib/wpscan/web_site.rb
+++ b/lib/wpscan/web_site.rb
@@ -5,6 +5,7 @@ require 'web_site/interesting_headers'
 require 'web_site/robots_txt'
 require 'web_site/security_txt'
 require 'web_site/sitemap'
+require 'web_site/sql_file_export'

 class WebSite
  include WebSite::HumansTxt
@@ -12,6 +13,7 @@ class WebSite
  include WebSite::RobotsTxt
  include WebSite::SecurityTxt
  include WebSite::Sitemap
+  include WebSite::SqlFileExport

  attr_reader :uri

--- a/lib/wpscan/web_site/sql_file_export.rb
+++ b/lib/wpscan/web_site/sql_file_export.rb
@@ -0,0 +1,32 @@
+# encoding: UTF-8
+
+class WebSite
+  module SqlFileExport
+
+    # Checks if a .sql file exists
+    # @return [ Array ]
+    def sql_file_export
+      backup_files = []
+
+      self.sql_file_export_urls.each do |url|
+        response = Browser.get(url)
+        backup_files << url if response.code == 200 && response.body =~ /INSERT INTO/
+      end
+
+      backup_files
+    end
+
+    # Gets a .sql export file URL
+    # @return [ Array ]
+    def sql_file_export_urls
+      urls  = []
+      files = ["#{@uri.host[/(^[\w|-]+)/,1]}.sql", 'backup.sql', 'database.sql', 'dump.sql']
+
+      files.each do |file|
+        urls << @uri.clone.merge(file).to_s
+      end
+
+      urls
+    end
+  end
+end