garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-01-27 01:16:44 +01:00
parent 60a6f16ddd
commit 1afe12657f
38 changed files with 3644 additions and 437 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/Array.html
View File

@@ -226,7 +226,7 @@
<div class="method-source-code" id="_grep_-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 106</span>
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 111</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">_grep_</span>(<span class="ruby-identifier">regexp</span>)
<span class="ruby-identifier">matches</span> = []
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">value</span><span class="ruby-operator">|</span>

66
doc/Browser.html
View File

@@ -88,7 +88,7 @@
<li><a href="#method-i-proxy_auth-3D">#proxy_auth=</a>
<li><a href="#method-i-raise_invalid_proxy_format">#raise_invalid_proxy_format</a>
<li><a href="#method-i-raise_invalid_proxy_auth_format">#raise_invalid_proxy_auth_format</a>
<li><a href="#method-i-user_agent">#user_agent</a>
@@ -297,7 +297,7 @@
<div class="method-source-code" id="instance-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 60</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 64</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">@@instance</span>
<span class="ruby-identifier">@@instance</span> = <span class="ruby-identifier">new</span>(<span class="ruby-identifier">options</span>)
@@ -330,7 +330,7 @@
<div class="method-source-code" id="reset-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 67</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 71</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">reset</span>
<span class="ruby-identifier">@@instance</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
@@ -366,7 +366,7 @@
<div class="method-source-code" id="forge_request-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 167</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 178</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-constant">Typhoeus</span><span class="ruby-operator">::</span><span class="ruby-constant">Request</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">url</span>.<span class="ruby-identifier">to_s</span>,
@@ -399,7 +399,7 @@
<div class="method-source-code" id="get-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 155</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 166</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-identifier">run_request</span>(
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:get</span>))
@@ -434,7 +434,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="load_config-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 127</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 136</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">load_config</span>(<span class="ruby-identifier">config_file</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-ivar">@config_file</span> = <span class="ruby-identifier">config_file</span> <span class="ruby-operator">||</span> <span class="ruby-ivar">@config_file</span>
@@ -472,7 +472,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="max_threads-3D-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 96</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 101</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">max_threads=</span>(<span class="ruby-identifier">max_threads</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">max_threads</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">max_threads</span> <span class="ruby-operator">&lt;=</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">max_threads</span> = <span class="ruby-value">1</span>
@@ -505,7 +505,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="merge_request_params-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 174</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 185</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@proxy</span>
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:proxy</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@proxy</span>)
@@ -570,7 +570,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="post-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 161</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 172</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">post</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-identifier">run_request</span>(
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:post</span>))
@@ -602,7 +602,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="proxy_auth-3D-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 103</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 108</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">proxy_auth=</span>(<span class="ruby-identifier">auth</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">auth</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">auth</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Hash</span>)
@@ -612,12 +612,15 @@ browser object, hydra will not have the new @max_threads and
<span class="ruby-ivar">@proxy_auth</span> = <span class="ruby-identifier">auth</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">auth</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">String</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%r{([^:]+):(.*)}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">auth</span>)
<span class="ruby-ivar">@proxy_auth</span> = {<span class="ruby-value">:proxy_username</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>], <span class="ruby-value">:proxy_password</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]}
<span class="ruby-ivar">@proxy_auth</span> = {
<span class="ruby-identifier">proxy_username</span><span class="ruby-operator">:</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>],
<span class="ruby-identifier">proxy_password</span><span class="ruby-operator">:</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
}
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise_invalid_proxy_format</span>()
<span class="ruby-identifier">raise_invalid_proxy_auth_format</span>()
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise_invalid_proxy_format</span>()
<span class="ruby-identifier">raise_invalid_proxy_auth_format</span>()
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
@@ -631,10 +634,10 @@ browser object, hydra will not have the new @max_threads and
</div><!-- proxy_auth-3D-method -->
<div id="method-i-raise_invalid_proxy_format" class="method-detail ">
<div id="method-i-raise_invalid_proxy_auth_format" class="method-detail ">
<div class="method-heading">
<span class="method-name">raise_invalid_proxy_format</span><span
<span class="method-name">raise_invalid_proxy_auth_format</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -646,19 +649,19 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="raise_invalid_proxy_format-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 122</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">raise_invalid_proxy_format</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Invalid proxy auth format, expected username:password or {:proxy_username =&gt; username, :proxy_password =&gt; password}&quot;</span>
<div class="method-source-code" id="raise_invalid_proxy_auth_format-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 130</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">raise_invalid_proxy_auth_format</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Invalid proxy auth format, expected username:password or {proxy_username: username, proxy_password: password}'</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- raise_invalid_proxy_format-source -->
</div><!-- raise_invalid_proxy_auth_format-source -->
</div>
</div><!-- raise_invalid_proxy_format-method -->
</div><!-- raise_invalid_proxy_auth_format-method -->
<div id="method-i-user_agent" class="method-detail ">
@@ -677,15 +680,15 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="user_agent-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 84</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 89</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@user_agent_mode</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;semi-static&quot;</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@user_agent</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-ivar">@available_user_agents</span>.<span class="ruby-identifier">sample</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;random&quot;</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'semi-static'</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@user_agent</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-ivar">@available_user_agents</span>.<span class="ruby-identifier">sample</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'random'</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-ivar">@available_user_agents</span>.<span class="ruby-identifier">sample</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@user_agent</span>
<span class="ruby-keyword">end</span></pre>
@@ -715,14 +718,15 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="user_agent_mode-3D-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 71</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 75</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent_mode=</span>(<span class="ruby-identifier">ua_mode</span>)
<span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">||=</span> <span class="ruby-string">&quot;static&quot;</span>
<span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">||=</span> <span class="ruby-string">'static'</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">USER_AGENT_MODES</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">ua_mode</span>)
<span class="ruby-ivar">@user_agent_mode</span> = <span class="ruby-identifier">ua_mode</span>
<span class="ruby-comment"># For semi-static user agent mode, the user agent has to be nil the first time (it will be set with the getter)</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-keyword">nil</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">===</span> <span class="ruby-string">&quot;semi-static&quot;</span>
<span class="ruby-comment"># For semi-static user agent mode, the user agent has to</span>
<span class="ruby-comment"># be nil the first time (it will be set with the getter)</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-keyword">nil</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">===</span> <span class="ruby-string">'semi-static'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Unknow user agent mode : '#{ua_mode}'&quot;</span>
<span class="ruby-keyword">end</span>

26
doc/BruteForce.html
View File

@@ -224,7 +224,7 @@ on large wordlists, although bareable.</p>
<pre><span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 117</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">lines_in_file</span>(<span class="ruby-identifier">file_path</span>)
<span class="ruby-identifier">lines</span> = <span class="ruby-value">0</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file_path</span>, <span class="ruby-string">'r'</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">||</span> <span class="ruby-identifier">lines</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span> }
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file_path</span>, <span class="ruby-string">'r'</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">_</span><span class="ruby-operator">|</span> <span class="ruby-identifier">lines</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span> }
<span class="ruby-identifier">lines</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- lines_in_file-source -->
@@ -274,10 +274,10 @@ on large wordlists, although bareable.</p>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">password_found</span> = <span class="ruby-keyword">false</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">wordlist_path</span>, <span class="ruby-string">&quot;r&quot;</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">password</span><span class="ruby-operator">|</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">wordlist_path</span>, <span class="ruby-string">'r'</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">password</span><span class="ruby-operator">|</span>
<span class="ruby-comment"># ignore file comments, but will miss passwords if they start with a hash...</span>
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">password</span>[<span class="ruby-value">0</span>,<span class="ruby-value">1</span>] <span class="ruby-operator">==</span> <span class="ruby-node">&quot;#&quot;</span>
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">password</span>[<span class="ruby-value">0</span>, <span class="ruby-value">1</span>] <span class="ruby-operator">==</span> <span class="ruby-string">'#'</span>
<span class="ruby-comment"># keep a count of the amount of requests to be sent</span>
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
@@ -290,9 +290,9 @@ on large wordlists, although bareable.</p>
<span class="ruby-comment"># the request object</span>
<span class="ruby-identifier">request</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">login_url</span>,
{
<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:post</span>,
<span class="ruby-value">:params</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-value">:log</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">username</span>, <span class="ruby-value">:pwd</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">password</span>},
<span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">method</span><span class="ruby-operator">:</span> <span class="ruby-value">:post</span>,
<span class="ruby-identifier">params</span><span class="ruby-operator">:</span> { <span class="ruby-identifier">log</span><span class="ruby-operator">:</span> <span class="ruby-constant">URI</span><span class="ruby-operator">::</span><span class="ruby-identifier">encode</span>(<span class="ruby-identifier">username</span>), <span class="ruby-identifier">pwd</span><span class="ruby-operator">:</span> <span class="ruby-constant">URI</span><span class="ruby-operator">::</span><span class="ruby-identifier">encode</span>(<span class="ruby-identifier">password</span>) },
<span class="ruby-identifier">cache_timeout</span><span class="ruby-operator">:</span> <span class="ruby-value">0</span>
}
)
@@ -304,20 +304,20 @@ on large wordlists, although bareable.</p>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rlogin_error/</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\nIncorrect username and/or password.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">green</span>(<span class="ruby-string">&quot;[SUCCESS]&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; Username : #{username} Password : #{password}\n&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> { <span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">username</span>, <span class="ruby-value">:password</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">password</span> }
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">green</span>(<span class="ruby-string">'[SUCCESS]'</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; Username : #{username} Password : #{password}\n&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> { <span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">username</span>, <span class="ruby-identifier">password</span><span class="ruby-operator">:</span> <span class="ruby-identifier">password</span> }
<span class="ruby-identifier">password_found</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">timed_out?</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; Request timed out.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">'ERROR:'</span>) <span class="ruby-operator">+</span> <span class="ruby-string">' Request timed out.'</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; No response from remote server. WAF/IPS?&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">'ERROR:'</span>) <span class="ruby-operator">+</span> <span class="ruby-string">' No response from remote server. WAF/IPS?'</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-comment"># code is a fixnum, needs a string for regex</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r^50/</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; Server error, try reducing the number of threads.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">'ERROR:'</span>) <span class="ruby-operator">+</span> <span class="ruby-string">' Server error, try reducing the number of threads.'</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n&quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; We recieved an unknown response for #{password}...&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n&quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">'ERROR:'</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; We recieved an unknown response for #{password}...&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-comment"># ugly method to get the coverage :/ (otherwise some output is present in the rspec)</span>
<span class="ruby-comment"># HACK to get the coverage :/ (otherwise some output is present in the rspec)</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;Code: #{response.code.to_s}&quot;</span>) <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;Body: #{response.body}&quot;</span>) <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">puts</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>

22
doc/CacheFileStore.html
View File

@@ -260,19 +260,23 @@
<div class="method-description">
<p>The serializer must have the 2 methods .load and .dump (Marshal and YAML
have them) YAML is Human Readable, contrary to Marshal which store in a
binary format Marshal does not need any “require”</p>
<p>The serializer must have the 2 methods .load and .dump</p>
<pre>(Marshal and YAML have them)</pre>
<p>YAML is Human Readable, contrary to Marshal which store in a binary format
Marshal does not need any “require”</p>
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 34</span>
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 36</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">storage_path</span>, <span class="ruby-identifier">serializer</span> = <span class="ruby-constant">Marshal</span>)
<span class="ruby-ivar">@storage_path</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">expand_path</span>(<span class="ruby-identifier">storage_path</span>)
<span class="ruby-ivar">@serializer</span> = <span class="ruby-identifier">serializer</span>
<span class="ruby-comment"># File.directory? for ruby &lt;= 1.9 otherwise, it makes more sense to do Dir.exist? :/</span>
<span class="ruby-comment"># File.directory? for ruby &lt;= 1.9 otherwise,</span>
<span class="ruby-comment"># it makes more sense to do Dir.exist? :/</span>
<span class="ruby-keyword">unless</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">directory?</span>(<span class="ruby-ivar">@storage_path</span>)
<span class="ruby-constant">Dir</span>.<span class="ruby-identifier">mkdir</span>(<span class="ruby-ivar">@storage_path</span>)
<span class="ruby-keyword">end</span>
@@ -309,7 +313,7 @@ binary format Marshal does not need any “require”</p>
<div class="method-source-code" id="clean-source">
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 44</span>
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 47</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">clean</span>
<span class="ruby-constant">Dir</span>[<span class="ruby-constant">File</span>.<span class="ruby-identifier">join</span>(<span class="ruby-ivar">@storage_path</span>, <span class="ruby-string">'*'</span>)].<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">f</span>)
@@ -341,7 +345,7 @@ binary format Marshal does not need any “require”</p>
<div class="method-source-code" id="get_entry_file_path-source">
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 66</span>
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_entry_file_path</span>(<span class="ruby-identifier">key</span>)
<span class="ruby-ivar">@storage_path</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/'</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">key</span>
<span class="ruby-keyword">end</span></pre>
@@ -371,7 +375,7 @@ binary format Marshal does not need any “require”</p>
<div class="method-source-code" id="read_entry-source">
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 50</span>
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 53</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">read_entry</span>(<span class="ruby-identifier">key</span>)
<span class="ruby-identifier">entry_file_path</span> = <span class="ruby-identifier">get_entry_file_path</span>(<span class="ruby-identifier">key</span>)
@@ -405,7 +409,7 @@ binary format Marshal does not need any “require”</p>
<div class="method-source-code" id="write_entry-source">
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 58</span>
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">write_entry</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">data_to_store</span>, <span class="ruby-identifier">cache_timeout</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">cache_timeout</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">get_entry_file_path</span>(<span class="ruby-identifier">key</span>), <span class="ruby-string">'w'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>

483
doc/CheckerPlugin.html Normal file
View File

@@ -0,0 +1,483 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class CheckerPlugin - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpstools/plugins/checker/checker_plugin.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Plugin.html">Plugin</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-check_local_vulnerable_files">#check_local_vulnerable_files</a>
<li><a href="#method-i-check_vuln_ref_urls">#check_vuln_ref_urls</a>
<li><a href="#method-i-run">#run</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class CheckerPlugin</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">author</span><span class="ruby-operator">:</span> <span class="ruby-string">'WPScanTeam - @erwanlr'</span>)
<span class="ruby-identifier">register_options</span>(
[<span class="ruby-string">'--check-vuln-ref-urls'</span>, <span class="ruby-string">'--cvru'</span>, <span class="ruby-string">'Check all the vulnerabilities reference urls for 404'</span>],
[<span class="ruby-string">'--check-local-vulnerable-files LOCAL_DIRECTORY'</span>, <span class="ruby-string">'--clvf'</span>, <span class="ruby-string">'Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells'</span>]
)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-check_local_vulnerable_files" class="method-detail ">
<div class="method-heading">
<span class="method-name">check_local_vulnerable_files</span><span
class="method-args">(dir_to_scan)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="check_local_vulnerable_files-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 93</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">check_local_vulnerable_files</span>(<span class="ruby-identifier">dir_to_scan</span>)
<span class="ruby-keyword">if</span> <span class="ruby-constant">Dir</span><span class="ruby-operator">::</span><span class="ruby-identifier">exist?</span>(<span class="ruby-identifier">dir_to_scan</span>)
<span class="ruby-identifier">xml_file</span> = <span class="ruby-constant">LOCAL_FILES_FILE</span>
<span class="ruby-identifier">local_hashes</span> = {}
<span class="ruby-identifier">file_extension_to_scan</span> = <span class="ruby-string">'*.{js,php,swf,html,htm}'</span>
<span class="ruby-identifier">print</span> <span class="ruby-string">'[+] Generating local hashes ... '</span>
<span class="ruby-constant">Dir</span>[<span class="ruby-constant">File</span><span class="ruby-operator">::</span><span class="ruby-identifier">join</span>(<span class="ruby-identifier">dir_to_scan</span>, <span class="ruby-string">'**'</span>, <span class="ruby-identifier">file_extension_to_scan</span>)].<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">filename</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">sha1sum</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA1</span>.<span class="ruby-identifier">file</span>(<span class="ruby-identifier">filename</span>).<span class="ruby-identifier">hexdigest</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">local_hashes</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-identifier">sha1sum</span>)
<span class="ruby-identifier">local_hashes</span>[<span class="ruby-identifier">sha1sum</span>] <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">filename</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">local_hashes</span>[<span class="ruby-identifier">sha1sum</span>] = [<span class="ruby-identifier">filename</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'done.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Checking for vulnerable files ...'</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">xml_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">'//hash'</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">sha1sum</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'sha1'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">local_hashes</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-identifier">sha1sum</span>)
<span class="ruby-identifier">local_filenames</span> = <span class="ruby-identifier">local_hashes</span>[<span class="ruby-identifier">sha1sum</span>]
<span class="ruby-identifier">vuln_title</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'title'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">vuln_filename</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'file'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">vuln_refrence</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'reference'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; #{vuln_filename} found :&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' | Location(s):'</span>
<span class="ruby-identifier">local_filenames</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; | - #{file}&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' |'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; | Title: #{vuln_title}&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; | Refrence: #{vuln_refrence}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">vuln_refrence</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'done.'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;The supplied directory '#{dir_to_scan}' does not exist&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- check_local_vulnerable_files-source -->
</div>
</div><!-- check_local_vulnerable_files-method -->
<div id="method-i-check_vuln_ref_urls" class="method-detail ">
<div class="method-heading">
<span class="method-name">check_vuln_ref_urls</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="check_vuln_ref_urls-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 40</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">check_vuln_ref_urls</span>
<span class="ruby-identifier">vuln_ref_files</span> = [<span class="ruby-constant">PLUGINS_VULNS_FILE</span>, <span class="ruby-constant">THEMES_VULNS_FILE</span>, <span class="ruby-constant">WP_VULNS_FILE</span>]
<span class="ruby-identifier">error_codes</span> = [<span class="ruby-value">404</span>, <span class="ruby-value">500</span>, <span class="ruby-value">403</span>]
<span class="ruby-identifier">not_found_regexp</span> = <span class="ruby-regexp">%r{No Results Found|error 404|ID Invalid or Not Found}</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Checking vulnerabilities reference urls'</span>
<span class="ruby-identifier">vuln_ref_files</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">vuln_ref_file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">vuln_ref_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">urls</span> = []
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">'//reference'</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span> <span class="ruby-identifier">urls</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">node</span>.<span class="ruby-identifier">text</span> }
<span class="ruby-identifier">urls</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-identifier">dead_urls</span> = []
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">hydra</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">number_of_urls</span> = <span class="ruby-identifier">urls</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">urls</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">url</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-identifier">cache_timeout</span><span class="ruby-operator">:</span> <span class="ruby-value">0</span>, <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span> })
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\r [+] Checking #{vuln_ref_file} #{number_of_urls} total ... #{(request_count * 100) / number_of_urls}% complete.&quot;</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">error_codes</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>) <span class="ruby-keyword">or</span> <span class="ruby-identifier">not_found_regexp</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-identifier">dead_urls</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">url</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">dead_urls</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-identifier">dead_urls</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">url</span><span class="ruby-operator">|</span> <span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; Not Found #{url}&quot;</span> }
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- check_vuln_ref_urls-source -->
</div>
</div><!-- check_vuln_ref_urls-method -->
<div id="method-i-run" class="method-detail ">
<div class="method-heading">
<span class="method-name">run</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="run-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 30</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">run</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:check_vuln_ref_urls</span>]
<span class="ruby-identifier">check_vuln_ref_urls</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:check_local_vulnerable_files</span>]
<span class="ruby-identifier">check_local_vulnerable_files</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:check_local_vulnerable_files</span>])
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- run-source -->
</div>
</div><!-- run-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

474
doc/CustomOptionParser.html Normal file
View File

@@ -0,0 +1,474 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class CustomOptionParser - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/common/custom_option_parser.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link">OptionParser
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-c-option_to_symbol">::option_to_symbol</a>
<li><a href="#method-i-add">#add</a>
<li><a href="#method-i-add_option">#add_option</a>
<li><a href="#method-i-results">#results</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class CustomOptionParser</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-symbols_used" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">symbols_used</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(banner = nil, width = 32, indent = ' ' * 4)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/common/custom_option_parser.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">banner</span> = <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">width</span> = <span class="ruby-value">32</span>, <span class="ruby-identifier">indent</span> = <span class="ruby-string">' '</span> * <span class="ruby-value">4</span>)
<span class="ruby-ivar">@results</span> = {}
<span class="ruby-ivar">@symbols_used</span> = []
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">banner</span>, <span class="ruby-identifier">width</span>, <span class="ruby-identifier">indent</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="protected-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="method-c-option_to_symbol" class="method-detail ">
<div class="method-heading">
<span class="method-name">option_to_symbol</span><span
class="method-args">(option)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param <a href="Array.html">Array</a> option</p>
<div class="method-source-code" id="option_to_symbol-source">
<pre><span class="ruby-comment"># File lib/common/custom_option_parser.rb, line 73</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">option_to_symbol</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-identifier">option_name</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">option</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">option_attr</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">option_attr</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r^--/</span>
<span class="ruby-identifier">option_name</span> = <span class="ruby-identifier">option_attr</span>
<span class="ruby-keyword">break</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">option_name</span>
<span class="ruby-identifier">option_name</span> = <span class="ruby-identifier">option_name</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">%r^--/</span>, <span class="ruby-string">''</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">%r-/</span>, <span class="ruby-string">'_'</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">%r .*$/</span>, <span class="ruby-string">''</span>)
<span class="ruby-value">:&quot;#{option_name}&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Could not find the option name for #{option}&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- option_to_symbol-source -->
</div>
</div><!-- option_to_symbol-method -->
</section><!-- protected-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-add" class="method-detail ">
<div class="method-heading">
<span class="method-name">add</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param Array(<a href="Array.html">Array</a>) or <a
href="Array.html">Array</a> options</p>
<div class="method-source-code" id="add-source">
<pre><span class="ruby-comment"># File lib/common/custom_option_parser.rb, line 31</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">add</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Array</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">0</span>].<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Array</span>)
<span class="ruby-identifier">options</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">option</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">add_option</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">add_option</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Options must be at least an Array, or an Array(Array). #{options.class} supplied&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- add-source -->
</div>
</div><!-- add-method -->
<div id="method-i-add_option" class="method-detail ">
<div class="method-heading">
<span class="method-name">add_option</span><span
class="method-args">(option)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param <a href="Array.html">Array</a> option</p>
<div class="method-source-code" id="add_option-source">
<pre><span class="ruby-comment"># File lib/common/custom_option_parser.rb, line 46</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">add_option</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">option</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Array</span>)
<span class="ruby-identifier">option_symbol</span> = <span class="ruby-constant">CustomOptionParser</span><span class="ruby-operator">::</span><span class="ruby-identifier">option_to_symbol</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@symbols_used</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">option_symbol</span>)
<span class="ruby-ivar">@symbols_used</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">option_symbol</span>
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">on</span>(*<span class="ruby-identifier">option</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">arg</span><span class="ruby-operator">|</span>
<span class="ruby-ivar">@results</span>[<span class="ruby-identifier">option_symbol</span>] = <span class="ruby-identifier">arg</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;The option #{option_symbol} is already used !&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;The option must be an array, #{option.class} supplied : '#{option}'&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- add_option-source -->
</div>
</div><!-- add_option-method -->
<div id="method-i-results" class="method-detail ">
<div class="method-heading">
<span class="method-name">results</span><span
class="method-args">(argv = default_argv)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return Hash</p>
<div class="method-source-code" id="results-source">
<pre><span class="ruby-comment"># File lib/common/custom_option_parser.rb, line 65</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">results</span>(<span class="ruby-identifier">argv</span> = <span class="ruby-identifier">default_argv</span>)
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">parse!</span>(<span class="ruby-identifier">argv</span>) <span class="ruby-keyword">if</span> <span class="ruby-ivar">@results</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-ivar">@results</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- results-source -->
</div>
</div><!-- results-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

518
doc/GenerateList.html Normal file
View File

@@ -0,0 +1,518 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class GenerateList - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpstools/plugins/list_generator/generate_list.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-generate_full_list">#generate_full_list</a>
<li><a href="#method-i-generate_popular_list">#generate_popular_list</a>
<li><a href="#method-i-get_popular_items">#get_popular_items</a>
<li><a href="#method-i-save">#save</a>
<li><a href="#method-i-set_file_name">#set_file_name</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class GenerateList</h1>
<div id="description" class="description">
<p>This tool generates a list to use for plugin and theme enumeration</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-verbose" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">verbose</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(type, verbose)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>type = themes | plugins</p>
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">type</span>, <span class="ruby-identifier">verbose</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rplugins/</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-string">'plugin'</span>
<span class="ruby-ivar">@svn_url</span> = <span class="ruby-string">'http://plugins.svn.wordpress.org/'</span>
<span class="ruby-ivar">@popular_url</span> = <span class="ruby-string">'http://wordpress.org/extend/plugins/browse/popular/'</span>
<span class="ruby-ivar">@popular_regex</span> = <span class="ruby-regexp">%r{&lt;h3&gt;&lt;a href=&quot;http://wordpress.org/extend/plugins/(.+)/&quot;&gt;.+&lt;/a&gt;&lt;/h3&gt;}</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rthemes/</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-string">'theme'</span>
<span class="ruby-ivar">@svn_url</span> = <span class="ruby-string">'http://themes.svn.wordpress.org/'</span>
<span class="ruby-ivar">@popular_url</span> = <span class="ruby-string">'http://wordpress.org/extend/themes/browse/popular/'</span>
<span class="ruby-ivar">@popular_regex</span> = <span class="ruby-regexp">%r{&lt;h3&gt;&lt;a href=&quot;http://wordpress.org/extend/themes/(.+)&quot;&gt;.+&lt;/a&gt;&lt;/h3&gt;}</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Type #{type} not defined&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">verbose</span>
<span class="ruby-ivar">@browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-ivar">@hydra</span> = <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-generate_full_list" class="method-detail ">
<div class="method-heading">
<span class="method-name">generate_full_list</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="generate_full_list-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">generate_full_list</span>
<span class="ruby-identifier">set_file_name</span>(<span class="ruby-value">:full</span>)
<span class="ruby-identifier">items</span> = <span class="ruby-constant">SvnParser</span>.<span class="ruby-identifier">new</span>(<span class="ruby-ivar">@svn_url</span>).<span class="ruby-identifier">parse</span>
<span class="ruby-identifier">save</span> <span class="ruby-identifier">items</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- generate_full_list-source -->
</div>
</div><!-- generate_full_list-method -->
<div id="method-i-generate_popular_list" class="method-detail ">
<div class="method-heading">
<span class="method-name">generate_popular_list</span><span
class="method-args">(pages)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="generate_popular_list-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 75</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">generate_popular_list</span>(<span class="ruby-identifier">pages</span>)
<span class="ruby-identifier">set_file_name</span>(<span class="ruby-value">:popular</span>)
<span class="ruby-identifier">items</span> = <span class="ruby-identifier">get_popular_items</span>(<span class="ruby-identifier">pages</span>)
<span class="ruby-identifier">save</span> <span class="ruby-identifier">items</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- generate_popular_list-source -->
</div>
</div><!-- generate_popular_list-method -->
<div id="method-i-get_popular_items" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_popular_items</span><span
class="method-args">(pages)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Send a HTTP request to the WordPress most popular theme or plugin webpage
parse the response for the names.</p>
<div class="method-source-code" id="get_popular_items-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 83</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_popular_items</span>(<span class="ruby-identifier">pages</span>)
<span class="ruby-identifier">found_items</span> = []
<span class="ruby-identifier">page_count</span> = <span class="ruby-value">1</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
(<span class="ruby-value">1</span><span class="ruby-operator">...</span>(<span class="ruby-identifier">pages</span>.<span class="ruby-identifier">to_i</span> <span class="ruby-operator">+</span> <span class="ruby-value">1</span>)).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">page</span><span class="ruby-operator">|</span>
<span class="ruby-comment"># First page has another URL</span>
<span class="ruby-identifier">url</span> = (<span class="ruby-identifier">page</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@popular_url</span> <span class="ruby-operator">:</span> <span class="ruby-ivar">@popular_url</span> <span class="ruby-operator">+</span> <span class="ruby-string">'page/'</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">page</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/'</span>
<span class="ruby-identifier">request</span> = <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;[+] Parsing page #{page_count}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">page_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-ivar">@popular_regex</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;[+] Found popular #@type: #{item}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">found_items</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">item</span>[<span class="ruby-value">0</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">found_items</span>.<span class="ruby-identifier">sort!</span>
<span class="ruby-identifier">found_items</span>.<span class="ruby-identifier">uniq</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_popular_items-source -->
</div>
</div><!-- get_popular_items-method -->
<div id="method-i-save" class="method-detail ">
<div class="method-heading">
<span class="method-name">save</span><span
class="method-args">(items)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Save the file</p>
<div class="method-source-code" id="save-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 120</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">save</span>(<span class="ruby-identifier">items</span>)
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">sort!</span>
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;[*] We have parsed #{items.length} #@types&quot;</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-ivar">@file_name</span>, <span class="ruby-string">'w'</span>) { <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span> <span class="ruby-identifier">f</span>.<span class="ruby-identifier">puts</span>(<span class="ruby-identifier">items</span>) }
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;New #@file_name file created&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- save-source -->
</div>
</div><!-- save-method -->
<div id="method-i-set_file_name" class="method-detail ">
<div class="method-heading">
<span class="method-name">set_file_name</span><span
class="method-args">(type)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="set_file_name-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 44</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">set_file_name</span>(<span class="ruby-identifier">type</span>)
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'plugin'</span>
<span class="ruby-keyword">case</span> <span class="ruby-identifier">type</span>
<span class="ruby-keyword">when</span> <span class="ruby-value">:full</span>
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">PLUGINS_FULL_FILE</span>
<span class="ruby-keyword">when</span> <span class="ruby-value">:popular</span>
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">PLUGINS_FILE</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Unknown type'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'theme'</span>
<span class="ruby-keyword">case</span> <span class="ruby-identifier">type</span>
<span class="ruby-keyword">when</span> <span class="ruby-value">:full</span>
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">THEMES_FULL_FILE</span>
<span class="ruby-keyword">when</span> <span class="ruby-value">:popular</span>
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">THEMES_FILE</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Unknown type'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Unknown type #@type&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- set_file_name-source -->
</div>
</div><!-- set_file_name-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

10
doc/GitUpdater.html
View File

@@ -234,7 +234,7 @@
<div class="method-source-code" id="has_local_changes-3F-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 37</span>
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 38</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_local_changes?</span>
<span class="ruby-node">%x[git #{repo_directory_arguments()} diff --exit-code 2&gt;&amp;1]</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rdiff/</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
@@ -295,7 +295,7 @@ the last commit hash</p>
<div class="method-source-code" id="local_revision_number-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 28</span>
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 29</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">local_revision_number</span>
<span class="ruby-identifier">git_log</span> = <span class="ruby-node">%x[git #{repo_directory_arguments()} log -1 2&gt;&amp;1]</span>
<span class="ruby-identifier">git_log</span>[<span class="ruby-regexp">%rcommit ([0-9a-z]{7})/</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">to_s</span>
@@ -326,7 +326,7 @@ the last commit hash</p>
<div class="method-source-code" id="reset_head-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 41</span>
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 42</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">reset_head</span>
<span class="ruby-node">%x[git #{repo_directory_arguments()} reset --hard HEAD]</span>
<span class="ruby-keyword">end</span></pre>
@@ -356,7 +356,7 @@ the last commit hash</p>
<div class="method-source-code" id="update-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 33</span>
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">update</span>
<span class="ruby-node">%x[git #{repo_directory_arguments()} pull]</span>
<span class="ruby-keyword">end</span></pre>
@@ -392,7 +392,7 @@ the last commit hash</p>
<div class="method-source-code" id="repo_directory_arguments-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 46</span>
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 47</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">repo_directory_arguments</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@repo_directory</span>
<span class="ruby-keyword">return</span> <span class="ruby-node">&quot;--git-dir=\&quot;#{@repo_directory}/.git\&quot; --work-tree=\&quot;#{@repo_directory}\&quot;&quot;</span>

348
doc/ListGeneratorPlugin.html Normal file
View File

@@ -0,0 +1,348 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class ListGeneratorPlugin - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpstools/plugins/list_generator/list_generator_plugin.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Plugin.html">Plugin</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-run">#run</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class ListGeneratorPlugin</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/list_generator_plugin.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">author</span><span class="ruby-operator">:</span> <span class="ruby-string">'WPScanTeam - @FireFart'</span>)
<span class="ruby-identifier">register_options</span>(
[<span class="ruby-string">'--generate-plugin-list [NUMBER_OF_PAGES]'</span>, <span class="ruby-string">'--gpl'</span>, <span class="ruby-constant">Integer</span>, <span class="ruby-string">'Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)'</span>],
[<span class="ruby-string">'--generate-full-plugin-list'</span>, <span class="ruby-string">'--gfpl'</span>, <span class="ruby-string">'Generate a new full data/plugins.txt file'</span>],
[<span class="ruby-string">'--generate-theme-list [NUMBER_OF_PAGES]'</span>, <span class="ruby-string">'--gtl'</span>, <span class="ruby-constant">Integer</span>, <span class="ruby-string">'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)'</span>],
[<span class="ruby-string">'--generate-full-theme-list'</span>, <span class="ruby-string">'--gftl'</span>, <span class="ruby-string">'Generate a new full data/themes.txt file'</span>],
[<span class="ruby-string">'--generate-all'</span>, <span class="ruby-string">'--ga'</span>, <span class="ruby-string">'Generate a new full plugins, full themes, popular plugins and popular themes list'</span>]
)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-run" class="method-detail ">
<div class="method-heading">
<span class="method-name">run</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="run-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/list_generator_plugin.rb, line 35</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">run</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">verbose</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:verbose</span>] <span class="ruby-operator">||</span> <span class="ruby-keyword">false</span>
<span class="ruby-identifier">generate_all</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:generate_all</span>] <span class="ruby-operator">||</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:generate_plugin_list</span>) <span class="ruby-operator">||</span> <span class="ruby-identifier">generate_all</span>
<span class="ruby-identifier">number_of_pages</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:generate_plugin_list</span>] <span class="ruby-operator">||</span> <span class="ruby-value">150</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Generating new most popular plugin list'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-constant">GenerateList</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'plugins'</span>, <span class="ruby-identifier">verbose</span>).<span class="ruby-identifier">generate_popular_list</span>(<span class="ruby-identifier">number_of_pages</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:generate_full_plugin_list</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">generate_all</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Generating new full plugin list'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-constant">GenerateList</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'plugins'</span>, <span class="ruby-identifier">verbose</span>).<span class="ruby-identifier">generate_full_list</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:generate_theme_list</span>) <span class="ruby-operator">||</span> <span class="ruby-identifier">generate_all</span>
<span class="ruby-identifier">number_of_pages</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:generate_theme_list</span>] <span class="ruby-operator">||</span> <span class="ruby-value">150</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Generating new most popular theme list'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-constant">GenerateList</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'themes'</span>, <span class="ruby-identifier">verbose</span>).<span class="ruby-identifier">generate_popular_list</span>(<span class="ruby-identifier">number_of_pages</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:generate_full_theme_list</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">generate_all</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Generating new full theme list'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-constant">GenerateList</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'themes'</span>, <span class="ruby-identifier">verbose</span>).<span class="ruby-identifier">generate_full_list</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- run-source -->
</div>
</div><!-- run-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

8
doc/Malwares.html
View File

@@ -224,7 +224,7 @@
<div class="method-source-code" id="malware_pattern-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 56</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 59</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">malware_pattern</span>(<span class="ruby-identifier">url_regex</span>)
<span class="ruby-comment"># no need to escape regex here, because malware.txt contains regex</span>
<span class="ruby-node">%r{&lt;(?:script|iframe).* src=(?:&quot;|')(#{url_regex}[^&quot;']*)(?:&quot;|')[^&gt;]*&gt;}</span>
@@ -255,7 +255,7 @@
<div class="method-source-code" id="malwares_file-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 52</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 55</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">malwares_file</span>(<span class="ruby-identifier">malwares_file_path</span>)
<span class="ruby-identifier">malwares_file_path</span> <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/malwares.txt'</span>
<span class="ruby-keyword">end</span></pre>
@@ -291,7 +291,7 @@
<div class="method-source-code" id="has_malwares-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 23</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 26</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_malwares?</span>(<span class="ruby-identifier">malwares_file_path</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-operator">!</span><span class="ruby-identifier">malwares</span>(<span class="ruby-identifier">malwares_file_path</span>).<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">end</span></pre>
@@ -321,7 +321,7 @@
<div class="method-source-code" id="malwares-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 28</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 31</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">malwares</span>(<span class="ruby-identifier">malwares_file_path</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@malwares</span>
<span class="ruby-identifier">malwares_found</span> = []

189
doc/Object.html
View File

@@ -261,6 +261,16 @@
<dd class="description">
<dt id="LOCAL_FILES_FILE">LOCAL_FILES_FILE
<dd class="description">
<dt id="LOCAL_FILES_XSD">LOCAL_FILES_XSD
<dd class="description">
<dt id="LOG_FILE">LOG_FILE
<dd class="description">
@@ -311,6 +321,11 @@
<dd class="description">
<dt id="VULNS_XSD">VULNS_XSD
<dd class="description">
<dt id="WPSCAN_LIB_DIR">WPSCAN_LIB_DIR
<dd class="description">
@@ -336,6 +351,16 @@
<dd class="description">
<dt id="WP_VERSIONS_FILE">WP_VERSIONS_FILE
<dd class="description">
<dt id="WP_VERSIONS_XSD">WP_VERSIONS_XSD
<dd class="description">
<dt id="WP_VULNS_FILE">WP_VULNS_FILE
<dd class="description">
@@ -369,7 +394,7 @@
<div class="method-source-code" id="add_http_protocol-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 60</span>
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 65</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">add_http_protocol</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">url</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r^https?:/</span> <span class="ruby-operator">?</span> <span class="ruby-identifier">url</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;http://#{url}&quot;</span>
<span class="ruby-keyword">end</span></pre>
@@ -399,7 +424,7 @@
<div class="method-source-code" id="add_trailing_slash-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 64</span>
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">url</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r\/$/</span> <span class="ruby-operator">?</span> <span class="ruby-identifier">url</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#{url}/&quot;</span>
<span class="ruby-keyword">end</span></pre>
@@ -429,22 +454,22 @@
<div class="method-source-code" id="banner-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 130</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">banner</span>()
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 135</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">banner</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'____________________________________________________'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; __ _______ _____ &quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; \\ \\ / / __ \\ / ____| &quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; \\ \\ /\\ / /| |__) | (___ ___ __ _ _ __ &quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; \\ \\/ \\/ / | ___/ \\___ \\ / __|/ _` | '_ \\ &quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; \\ /\\ / | | ____) | (__| (_| | | | |&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' __ _______ _____ '</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' \ \ / / __ \ / ____| '</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' \ \ /\ / /| |__) | (___ ___ __ _ _ __ '</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' \ \/ \/ / | ___/ \___ \ / __|/ _` | \_ \ '</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' \ /\ / | | ____) | (__| (_| | | | |'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; \\/ \\/ |_| |_____/ \\___|\\__,_|_| |_| v#{WPSCAN_VERSION}r#{REVISION}&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; WordPress Security Scanner by the WPScan Team&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; Sponsored by the RandomStorm Open Source Initiative&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' WordPress Security Scanner by the WPScan Team'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' Sponsored by the RandomStorm Open Source Initiative'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'_____________________________________________________'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">RUBY_VERSION</span> <span class="ruby-operator">&lt;</span> <span class="ruby-string">&quot;1.9&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[WARNING] Ruby &lt; 1.9 not officially supported, please upgrade.&quot;</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">RUBY_VERSION</span> <span class="ruby-operator">&lt;</span> <span class="ruby-string">'1.9'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[WARNING] Ruby &lt; 1.9 not officially supported, please upgrade.'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
@@ -474,7 +499,7 @@
<div class="method-source-code" id="colorize-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 149</span>
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 154</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-identifier">color_code</span>)
<span class="ruby-node">&quot;\e[#{color_code}m#{text}\e[0m&quot;</span>
<span class="ruby-keyword">end</span></pre>
@@ -492,7 +517,7 @@
<div class="method-heading">
<span class="method-name">get_equal_string_end</span><span
class="method-args">(stringarray = [""])</span>
class="method-args">(stringarray = [''])</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -504,9 +529,9 @@
<div class="method-source-code" id="get_equal_string_end-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_equal_string_end</span>(<span class="ruby-identifier">stringarray</span> = [<span class="ruby-string">&quot;&quot;</span>])
<span class="ruby-identifier">already_found</span> = <span class="ruby-string">&quot;&quot;</span>
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 74</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_equal_string_end</span>(<span class="ruby-identifier">stringarray</span> = [<span class="ruby-string">''</span>])
<span class="ruby-identifier">already_found</span> = <span class="ruby-string">''</span>
<span class="ruby-identifier">looping</span> = <span class="ruby-keyword">true</span>
<span class="ruby-identifier">counter</span> = <span class="ruby-value">-1</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">stringarray</span>.<span class="ruby-identifier">kind_of?</span> <span class="ruby-constant">Array</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">stringarray</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">1</span>
@@ -554,10 +579,10 @@
<div class="method-source-code" id="get_metasploit_url-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 161</span>
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 166</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_metasploit_url</span>(<span class="ruby-identifier">module_path</span>)
<span class="ruby-comment"># remove leading slash</span>
<span class="ruby-identifier">module_path</span> = <span class="ruby-identifier">module_path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-identifier">module_path</span> = <span class="ruby-identifier">module_path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">''</span>)
<span class="ruby-node">&quot;http://www.metasploit.com/modules/#{module_path}&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_metasploit_url-source -->
@@ -586,7 +611,7 @@
<div class="method-source-code" id="green-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 157</span>
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 162</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">green</span>(<span class="ruby-identifier">text</span>)
<span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-value">32</span>)
<span class="ruby-keyword">end</span></pre>
@@ -617,44 +642,44 @@
<div class="method-source-code" id="help-source">
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_helper.rb, line 73</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">help</span>()
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Help :&quot;</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">help</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'Help :'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Some values are settable in conf/browser.conf.json :&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; user-agent, proxy, proxy-auth, threads, cache timeout and request timeout&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'Some values are settable in conf/browser.conf.json :'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--update Update to the latest revision&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--url | -u &lt;target url&gt; The WordPress URL/domain to scan.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--force | -f Forces WPScan to not check if the remote site is running WordPress.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--enumerate | -e [option(s)] Enumeration.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; option :&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; u usernames from id 1 to 10&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; u[10-20] usernames from id 10 to 20 (you must write [] chars)&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; p plugins&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; vp only vulnerable plugins&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; ap all plugins (can take a long time)&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; tt timthumbs&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; t themes&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; vt only vulnerable themes&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; at all themes (can take a long time)&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; If no option is supplied, the default is 'vt,tt,u,vp'&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--update Update to the latest revision'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--url | -u &lt;target url&gt; The WordPress URL/domain to scan.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--force | -f Forces WPScan to not check if the remote site is running WordPress.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--enumerate | -e [option(s)] Enumeration.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' option :'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' u usernames from id 1 to 10'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' u[10-20] usernames from id 10 to 20 (you must write [] chars)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' p plugins'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' vp only vulnerable plugins'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' ap all plugins (can take a long time)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' tt timthumbs'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' t themes'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' vt only vulnerable themes'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' at all themes (can take a long time)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' Multiple values are allowed : &quot;-e t,p&quot; will enumerate timthumbs and plugins'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' If no option is supplied, the default is &quot;vt,tt,u,vp&quot;'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--exclude-content-based '&lt;regexp or string&gt;' Used with the enumeration option, will exclude all occurence based on the regexp or string supplied&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--config-file | -c &lt;config file&gt; Use the specified config file&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--wp-content-dir &lt;wp content dir&gt; WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--wp-plugins-dir &lt;wp plugins dir&gt; Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--proxy &lt;[protocol://]host:port&gt; Supply a proxy (will override the one from conf/browser.conf.json).&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--proxy-auth &lt;username:password&gt; Supply the proxy login credentials (will override the one from conf/browser.conf.json).&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--basic-auth &lt;username:password&gt; Set the HTTP Basic authentification&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter and do the brute.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--threads | -t &lt;number of threads&gt; The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--username | -U &lt;username&gt; Only brute force the supplied username.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--help | -h This help screen.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--verbose | -v Verbose output.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--exclude-content-based &quot;&lt;regexp or string&gt;&quot; Used with the enumeration option, will exclude all occurence based on the regexp or string supplied'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--config-file | -c &lt;config file&gt; Use the specified config file'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--wp-content-dir &lt;wp content dir&gt; WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--wp-plugins-dir &lt;wp plugins dir&gt; Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--proxy &lt;[protocol://]host:port&gt; Supply a proxy (will override the one from conf/browser.conf.json).'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--proxy-auth &lt;username:password&gt; Supply the proxy login credentials (will override the one from conf/browser.conf.json).'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--basic-auth &lt;username:password&gt; Set the HTTP Basic authentification'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter and do the brute.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--threads | -t &lt;number of threads&gt; The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--username | -U &lt;username&gt; Only brute force the supplied username.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--help | -h This help screen.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--verbose | -v Verbose output.'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- help-source -->
@@ -687,12 +712,12 @@
<span class="ruby-keyword">def</span> <span class="ruby-identifier">output_vulnerabilities</span>(<span class="ruby-identifier">vulns</span>)
<span class="ruby-identifier">vulns</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">vulnerability</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; | &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;* Title: #{vulnerability.title}&quot;</span>)
<span class="ruby-identifier">puts</span> <span class="ruby-string">' | '</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;* Title: #{vulnerability.title}&quot;</span>)
<span class="ruby-identifier">vulnerability</span>.<span class="ruby-identifier">references</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; | &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;* Reference: #{r}&quot;</span>)
<span class="ruby-identifier">puts</span> <span class="ruby-string">' | '</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;* Reference: #{r}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">vulnerability</span>.<span class="ruby-identifier">metasploit_modules</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">m</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; | &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;* Metasploit module: #{get_metasploit_url(m)}&quot;</span>)
<span class="ruby-identifier">puts</span> <span class="ruby-string">' | '</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;* Metasploit module: #{get_metasploit_url(m)}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
@@ -710,7 +735,7 @@
<div class="method-heading">
<span class="method-name">puts</span><span
class="method-args">(o = "")</span>
class="method-args">(o = '')</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -722,12 +747,12 @@
<div class="method-source-code" id="puts-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 168</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">puts</span>(<span class="ruby-identifier">o</span> = <span class="ruby-string">&quot;&quot;</span>)
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 173</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">puts</span>(<span class="ruby-identifier">o</span> = <span class="ruby-string">''</span>)
<span class="ruby-comment"># remove color for logging</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">o</span>.<span class="ruby-identifier">respond_to?</span>(<span class="ruby-string">&quot;gsub&quot;</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">o</span>.<span class="ruby-identifier">respond_to?</span>(<span class="ruby-string">'gsub'</span>)
<span class="ruby-identifier">temp</span> = <span class="ruby-identifier">o</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">%r\e\[\d+m(.*)?\e\[0m/</span>, <span class="ruby-string">'\1'</span>)
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-constant">LOG_FILE</span>, <span class="ruby-string">&quot;a+&quot;</span>) { <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span> <span class="ruby-identifier">f</span>.<span class="ruby-identifier">puts</span>(<span class="ruby-identifier">temp</span>) }
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-constant">LOG_FILE</span>, <span class="ruby-string">'a+'</span>) { <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span> <span class="ruby-identifier">f</span>.<span class="ruby-identifier">puts</span>(<span class="ruby-identifier">temp</span>) }
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">o</span>)
<span class="ruby-keyword">end</span></pre>
@@ -757,7 +782,7 @@
<div class="method-source-code" id="red-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 153</span>
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 158</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">red</span>(<span class="ruby-identifier">text</span>)
<span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-value">31</span>)
<span class="ruby-keyword">end</span></pre>
@@ -775,7 +800,7 @@
<div class="method-heading">
<span class="method-name">require_files_from_directory</span><span
class="method-args">(absolute_dir_path, files_pattern = "*.rb")</span>
class="method-args">(absolute_dir_path, files_pattern = '*.rb')</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -787,8 +812,8 @@
<div class="method-source-code" id="require_files_from_directory-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 48</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">require_files_from_directory</span>(<span class="ruby-identifier">absolute_dir_path</span>, <span class="ruby-identifier">files_pattern</span> = <span class="ruby-string">&quot;*.rb&quot;</span>)
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 53</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">require_files_from_directory</span>(<span class="ruby-identifier">absolute_dir_path</span>, <span class="ruby-identifier">files_pattern</span> = <span class="ruby-string">'*.rb'</span>)
<span class="ruby-constant">Dir</span>[<span class="ruby-constant">File</span>.<span class="ruby-identifier">join</span>(<span class="ruby-identifier">absolute_dir_path</span>, <span class="ruby-identifier">files_pattern</span>)].<span class="ruby-identifier">sort</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">expand_path</span>(<span class="ruby-identifier">f</span>)
<span class="ruby-identifier">require</span> <span class="ruby-identifier">f</span>
@@ -822,51 +847,51 @@
<div class="method-source-code" id="usage-source">
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_helper.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">usage</span>()
<span class="ruby-keyword">def</span> <span class="ruby-identifier">usage</span>
<span class="ruby-identifier">script_name</span> = <span class="ruby-identifier">$0</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Examples :&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'Examples :'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Further help ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Further help ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --help&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Do 'non-intrusive' checks ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Do wordlist password brute force on enumerated users using 50 threads ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Do wordlist password brute force on enumerated users using 50 threads ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Do wordlist password brute force on the 'admin' username only ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Enumerate installed plugins ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Enumerate installed plugins ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate p&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Enumerate installed themes ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Enumerate installed themes ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate t&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Enumerate users ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Enumerate users ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate u&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Enumerate installed timthumbs ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Enumerate installed timthumbs ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate tt&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Use a HTTP proxy ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Use a HTTP proxy ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Use a SOCKS5 proxy ... (cURL &gt;= v7.21.7 needed)&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Use a SOCKS5 proxy ... (cURL &gt;= v7.21.7 needed)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Use custom content directory ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Use custom content directory ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} -u www.example.com --wp-content-dir custom-content&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Use custom plugins directory ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Use custom plugins directory ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Update ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Update ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --update&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;See README for further information.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'See README for further information.'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- usage-source -->

379
doc/Plugin.html Normal file
View File

@@ -0,0 +1,379 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class Plugin - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/common/plugins/plugin.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-register_options">#register_options</a>
<li><a href="#method-i-run">#run</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class Plugin</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-author" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">author</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-registered_options" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">registered_options</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(infos = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugin.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">infos</span> = {})
<span class="ruby-ivar">@author</span> = <span class="ruby-identifier">infos</span>[<span class="ruby-value">:author</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-register_options" class="method-detail ">
<div class="method-heading">
<span class="method-name">register_options</span><span
class="method-args">(*options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param <a href="Array.html">Array</a> options</p>
<div class="method-source-code" id="register_options-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugin.rb, line 32</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">register_options</span>(*<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">options</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">option</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">option</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Array</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Each option must be an array, #{option.class} supplied&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@registered_options</span> = <span class="ruby-identifier">options</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- register_options-source -->
</div>
</div><!-- register_options-method -->
<div id="method-i-run" class="method-detail ">
<div class="method-heading">
<span class="method-name">run</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="run-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugin.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">run</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">raise</span> <span class="ruby-constant">NotImplementedError</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- run-source -->
</div>
</div><!-- run-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

380
doc/Plugins.html Normal file
View File

@@ -0,0 +1,380 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class Plugins - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/common/plugins/plugins.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Array.html">Array</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-register">#register</a>
<li><a href="#method-i-register_plugin">#register_plugin</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class Plugins</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-option_parser" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">option_parser</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(option_parser = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugins.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">option_parser</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">option_parser</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">option_parser</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">CustomOptionParser</span>)
<span class="ruby-ivar">@option_parser</span> = <span class="ruby-identifier">option_parser</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;The parser must be an instance of CustomOptionParser, #{option_parser.class} supplied&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@option_parser</span> = <span class="ruby-constant">CustomOptionParser</span>.<span class="ruby-identifier">new</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-register" class="method-detail ">
<div class="method-heading">
<span class="method-name">register</span><span
class="method-args">(*plugins)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param Array(<a href="Plugin.html">Plugin</a>) plugins</p>
<div class="method-source-code" id="register-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugins.rb, line 36</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">register</span>(*<span class="ruby-identifier">plugins</span>)
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">plugin</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">register_plugin</span>(<span class="ruby-identifier">plugin</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- register-source -->
</div>
</div><!-- register-method -->
<div id="method-i-register_plugin" class="method-detail ">
<div class="method-heading">
<span class="method-name">register_plugin</span><span
class="method-args">(plugin)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param <a href="Plugin.html">Plugin</a> plugin</p>
<div class="method-source-code" id="register_plugin-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugins.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">register_plugin</span>(<span class="ruby-identifier">plugin</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">plugin</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Plugin</span>)
<span class="ruby-keyword">self</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">plugin</span>
<span class="ruby-comment"># A plugin may not have options</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">plugin_options</span> = <span class="ruby-identifier">plugin</span>.<span class="ruby-identifier">registered_options</span>
<span class="ruby-ivar">@option_parser</span>.<span class="ruby-identifier">add</span>(<span class="ruby-identifier">plugin_options</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;The argument must be an instance of Plugin, #{plugin.class} supplied&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- register_plugin-source -->
</div>
</div><!-- register_plugin-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

341
doc/SvnParser.html Normal file
View File

@@ -0,0 +1,341 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class SvnParser - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpstools/plugins/list_generator/svn_parser.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-parse">#parse</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class SvnParser</h1>
<div id="description" class="description">
<p>This Class Parses SVN Repositories via HTTP</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-keep_empty_dirs" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">keep_empty_dirs</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-svn_root" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">svn_root</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-verbose" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">verbose</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(svn_root)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/svn_parser.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">svn_root</span>)
<span class="ruby-ivar">@svn_root</span> = <span class="ruby-identifier">svn_root</span>
<span class="ruby-ivar">@svn_browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-ivar">@svn_hydra</span> = <span class="ruby-ivar">@svn_browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-parse" class="method-detail ">
<div class="method-heading">
<span class="method-name">parse</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="parse-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/svn_parser.rb, line 30</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">parse</span>
<span class="ruby-identifier">get_root_directories</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- parse-source -->
</div>
</div><!-- parse-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

4
doc/URI.html
View File

@@ -218,9 +218,9 @@
<div class="method-source-code" id="escape-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 97</span>
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 102</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">escape</span>(<span class="ruby-identifier">str</span>)
<span class="ruby-constant">URI</span>.<span class="ruby-identifier">encode_www_form_component</span>(<span class="ruby-identifier">str</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-string">&quot;+&quot;</span>, <span class="ruby-string">&quot;%20&quot;</span>)
<span class="ruby-constant">URI</span>.<span class="ruby-identifier">encode_www_form_component</span>(<span class="ruby-identifier">str</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-string">'+'</span>, <span class="ruby-string">'%20'</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- escape-source -->

8
doc/Vulnerable.html
View File

@@ -268,10 +268,10 @@ be empty)</p>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-ivar">@vulns_xpath</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">vulnerabilities</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpVulnerability</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;title&quot;</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;reference&quot;</span>).<span class="ruby-identifier">map</span>(&amp;<span class="ruby-value">:text</span>),
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;type&quot;</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;metasploit&quot;</span>).<span class="ruby-identifier">map</span>(&amp;<span class="ruby-value">:text</span>)
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'title'</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'reference'</span>).<span class="ruby-identifier">map</span>(&amp;<span class="ruby-value">:text</span>),
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'type'</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'metasploit'</span>).<span class="ruby-identifier">map</span>(&amp;<span class="ruby-value">:text</span>)
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">vulnerabilities</span>

8
doc/WebSite.html
View File

@@ -275,7 +275,7 @@
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 106</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_404_hash</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@error_404_hash</span>
<span class="ruby-identifier">non_existant_page</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">rand</span>(<span class="ruby-value">9999999999</span>).<span class="ruby-identifier">to_s</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot;.html&quot;</span>
<span class="ruby-identifier">non_existant_page</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">rand</span>(<span class="ruby-value">999_999_999</span>).<span class="ruby-identifier">to_s</span>) <span class="ruby-operator">+</span> <span class="ruby-string">'.html'</span>
<span class="ruby-ivar">@error_404_hash</span> = <span class="ruby-constant">WebSite</span>.<span class="ruby-identifier">page_hash</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">non_existant_page</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@error_404_hash</span>
@@ -511,7 +511,7 @@ returned</p>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
<span class="ruby-identifier">login_url</span>(),
{<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>}
{ <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> }
)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{WordPress}</span>
@@ -519,7 +519,7 @@ returned</p>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
<span class="ruby-identifier">xml_rpc_url</span>,
{<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>}
{ <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> }
)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{XML-RPC server accepts POST requests only}</span>
@@ -559,7 +559,7 @@ returned</p>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">xml_rpc_url</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@xmlrpc_url</span>
<span class="ruby-identifier">headers</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">headers_hash</span>
<span class="ruby-identifier">value</span> = <span class="ruby-identifier">headers</span>[<span class="ruby-string">&quot;x-pingback&quot;</span>]
<span class="ruby-identifier">value</span> = <span class="ruby-identifier">headers</span>[<span class="ruby-string">'x-pingback'</span>]
<span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">value</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-ivar">@xmlrpc_url</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">else</span>

12
doc/WpDetector.html
View File

@@ -298,12 +298,12 @@
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">items</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">type</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;#{item}/&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">url</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>,
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-identifier">type</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-node">&quot;#{item}/&quot;</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">vulns_file</span><span class="ruby-operator">:</span> <span class="ruby-string">''</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">items</span>

34
doc/WpEnumerator.html
View File

@@ -273,7 +273,7 @@
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span> })
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-identifier">cache_timeout</span><span class="ruby-operator">:</span> <span class="ruby-value">0</span>, <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span> })
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
@@ -351,17 +351,17 @@
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">only_vulnerable</span>
<span class="ruby-comment"># Open and parse the 'most popular' plugin list...</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">&quot;r&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">'r'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">line</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">l</span> = <span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">l</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">l</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r.+\/.+/</span> <span class="ruby-operator">?</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">l</span>) <span class="ruby-operator">:</span> <span class="ruby-identifier">l</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\/$/</span>, <span class="ruby-string">&quot;&quot;</span>),
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">vulns_file</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">type</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">plugins_dir</span>
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">url</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">l</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">l</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r.+\/.+/</span> <span class="ruby-operator">?</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">l</span>) <span class="ruby-operator">:</span> <span class="ruby-identifier">l</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\/$/</span>, <span class="ruby-string">''</span>),
<span class="ruby-identifier">vulns_file</span><span class="ruby-operator">:</span> <span class="ruby-identifier">vulns_file</span>,
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-identifier">type</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
@@ -375,15 +375,15 @@
<span class="ruby-comment"># We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>]).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">name</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">&quot;name&quot;</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">name</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'name'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">vulns_file</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">type</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">plugins_dir</span>
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">url</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">name</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">name</span>,
<span class="ruby-identifier">vulns_file</span><span class="ruby-operator">:</span> <span class="ruby-identifier">vulns_file</span>,
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-identifier">type</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>

2
doc/WpFullPathDisclosure.html
View File

@@ -222,7 +222,7 @@
<div class="method-source-code" id="full_path_disclosure_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_full_path_disclosure.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">full_path_disclosure_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-includes/rss-functions.php&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-includes/rss-functions.php'</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- full_path_disclosure_url-source -->

70
doc/WpItem.html
View File

@@ -370,7 +370,7 @@
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\/$/</span>, <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">:</span> <span class="ruby-string">&quot;wp-content&quot;</span>
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">''</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\/$/</span>, <span class="ruby-string">''</span>) <span class="ruby-operator">:</span> <span class="ruby-string">'wp-content'</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-node">&quot;#@wp_content_dir/plugins&quot;</span>
<span class="ruby-ivar">@base_url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-ivar">@path</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
@@ -378,12 +378,12 @@
<span class="ruby-ivar">@vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
<span class="ruby-ivar">@vulns_xpath</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\$name\$/</span>, <span class="ruby-ivar">@name</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@base_url</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_file not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_file</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;type not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@type</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'base_url not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@base_url</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'path not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'wp_content_dir not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'name not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'vulns_file not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_file</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'type not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
@@ -509,7 +509,7 @@
<div class="method-source-code" id="changelog_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 159</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;changelog.txt&quot;</span>)
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'changelog.txt'</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- changelog_url-source -->
@@ -600,15 +600,15 @@
<div class="method-source-code" id="get_full_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 84</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@base_url/&quot;</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">'/'</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@base_url/&quot;</span>
<span class="ruby-comment"># remove first and last /</span>
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\/$/</span>, <span class="ruby-string">''</span>)
<span class="ruby-comment"># remove first /</span>
<span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span><span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">''</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">'plugins'</span>
<span class="ruby-comment"># plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-constant">URI</span>.<span class="ruby-identifier">encode</span>(<span class="ruby-node">&quot;#{url}#@wp_plugins_dir/#{path}&quot;</span>))
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">'timthumbs'</span>
<span class="ruby-comment"># timthumbs have folder in path variable</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-constant">URI</span>.<span class="ruby-identifier">encode</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>))
<span class="ruby-keyword">else</span>
@@ -645,13 +645,13 @@
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 70</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_sub_folder</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-comment"># not needed</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;unknown type #@type&quot;</span>)
<span class="ruby-keyword">when</span> <span class="ruby-string">'themes'</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-string">'themes'</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'timthumbs'</span>
<span class="ruby-comment"># not needed</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;unknown type #@type&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">folder</span>
<span class="ruby-keyword">end</span></pre>
@@ -786,7 +786,7 @@
<div class="method-source-code" id="readme_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 154</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>)
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'readme.txt'</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- readme_url-source -->
@@ -848,7 +848,7 @@
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 113</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'readme.txt'</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{stable tag: #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@version</span>
@@ -882,14 +882,14 @@
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 57</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_org_item?</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-identifier">file</span> = <span class="ruby-constant">THEMES_FULL_FILE</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-identifier">file</span> = <span class="ruby-constant">PLUGINS_FULL_FILE</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;Unknown type #@type&quot;</span>)
<span class="ruby-keyword">when</span> <span class="ruby-string">'themes'</span>
<span class="ruby-identifier">file</span> = <span class="ruby-constant">THEMES_FULL_FILE</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'plugins'</span>
<span class="ruby-identifier">file</span> = <span class="ruby-constant">PLUGINS_FULL_FILE</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;Unknown type #@type&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">f</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">readlines</span>(<span class="ruby-identifier">file</span>).<span class="ruby-identifier">grep</span>(<span class="ruby-node">%r^#{Regexp.escape(@name)}$/</span>)
<span class="ruby-identifier">f</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">readlines</span>(<span class="ruby-identifier">file</span>, <span class="ruby-identifier">encoding</span><span class="ruby-operator">:</span> <span class="ruby-string">'UTF-8'</span>).<span class="ruby-identifier">grep</span>(<span class="ruby-node">%r^#{Regexp.escape(@name)}$/</span>)
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">empty?</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">false</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wp_org_item-3F-source -->
@@ -922,12 +922,12 @@ href="https://github.com/wpscanteam/wpscan/issues/100">github.com/wpscanteam/wps
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 45</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_org_url</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-constant">URI</span>(<span class="ruby-string">&quot;http://wordpress.org/extend/themes/&quot;</span>).<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;#@name/&quot;</span>)
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-constant">URI</span>(<span class="ruby-string">&quot;http://wordpress.org/extend/plugins/&quot;</span>).<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;#@name/&quot;</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;No Wordpress URL for #@type&quot;</span>)
<span class="ruby-keyword">when</span> <span class="ruby-string">'themes'</span>
<span class="ruby-keyword">return</span> <span class="ruby-constant">URI</span>(<span class="ruby-string">'http://wordpress.org/extend/themes/'</span>).<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;#@name/&quot;</span>)
<span class="ruby-keyword">when</span> <span class="ruby-string">'plugins'</span>
<span class="ruby-keyword">return</span> <span class="ruby-constant">URI</span>(<span class="ruby-string">'http://wordpress.org/extend/plugins/'</span>).<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;#@name/&quot;</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;No Wordpress URL for #@type&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wp_org_url-source -->

48
doc/WpLoginProtection.html
View File

@@ -299,10 +299,10 @@ found</p>
<span class="ruby-identifier">plugin_name</span> = <span class="ruby-identifier">symbol_to_call</span>[<span class="ruby-constant">LOGIN_PROTECTION_METHOD_PATTERN</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">gsub</span>(<span class="ruby-string">'_'</span>, <span class="ruby-string">'-'</span>)
<span class="ruby-keyword">return</span> <span class="ruby-ivar">@login_protection_plugin</span> = <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">plugin_name</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;/plugins/#{plugin_name}/&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">plugin_name</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-node">&quot;/plugins/#{plugin_name}/&quot;</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
@@ -344,10 +344,10 @@ found</p>
<div class="method-source-code" id="better_wp_security_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">better_wp_security_url</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;/plugins/better-wp-security/&quot;</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;better-wp-security&quot;</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">'/plugins/better-wp-security/'</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'better-wp-security'</span>
).<span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- better_wp_security_url-source -->
@@ -378,10 +378,10 @@ found</p>
<div class="method-source-code" id="bluetrait_event_viewer_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 121</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">bluetrait_event_viewer_url</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;/plugins/bluetrait-event-viewer/&quot;</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;bluetrait-event-viewer&quot;</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">'/plugins/bluetrait-event-viewer/'</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'bluetrait-event-viewer'</span>
).<span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- bluetrait_event_viewer_url-source -->
@@ -629,10 +629,10 @@ href="http://wordpress.org/extend/plugins/simple-login-lockdown/">wordpress.org/
<div class="method-source-code" id="limit_login_attempts_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 108</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">limit_login_attempts_url</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;/plugins/limit-login-attempts/&quot;</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;limit-login-attempts&quot;</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">'/plugins/limit-login-attempts/'</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'limit-login-attempts'</span>
).<span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- limit_login_attempts_url-source -->
@@ -663,10 +663,10 @@ href="http://wordpress.org/extend/plugins/simple-login-lockdown/">wordpress.org/
<div class="method-source-code" id="login_security_solution_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 95</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">login_security_solution_url</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;/plugins/login-security-solution/&quot;</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;login-security-solution&quot;</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">'/plugins/login-security-solution/'</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'login-security-solution'</span>
).<span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- login_security_solution_url-source -->
@@ -697,10 +697,10 @@ href="http://wordpress.org/extend/plugins/simple-login-lockdown/">wordpress.org/
<div class="method-source-code" id="simple_login_lockdown_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 82</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">simple_login_lockdown_url</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;/plugins/simple-login-lockdown/&quot;</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;simple-login-lockdown&quot;</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">'/plugins/simple-login-lockdown/'</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'simple-login-lockdown'</span>
).<span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- simple_login_lockdown_url-source -->

20
doc/WpOptions.html
View File

@@ -251,16 +251,16 @@
<div class="method-source-code" id="check_options-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_options.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;only_vulnerable_ones must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;file must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_file must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xpath must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xpath_2 must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;show_progression must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progression</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;error_404_hash must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;type must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'base_url must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'only_vulnerable_ones must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'file must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'vulns_file must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'vulns_xpath must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'vulns_xpath_2 must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'wp_content_dir must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'show_progression must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progression</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'error_404_hash must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'type must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rplugins/</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rthemes/</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rtimthumbs/</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;Unknown type #{options[:type]}&quot;</span>)

19
doc/WpPlugin.html
View File

@@ -230,11 +230,14 @@
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 20</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">PLUGINS_VULNS_FILE</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">==</span> <span class="ruby-string">''</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-constant">PLUGINS_VULNS_FILE</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;//plugin[@name='$name$']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">&quot;//plugin&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">'//plugin'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'plugins'</span>
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
@@ -272,9 +275,9 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
<div class="method-source-code" id="error_log-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 34</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 37</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log?</span>
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">error_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-string">&quot;range&quot;</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;bytes=0-700&quot;</span>}).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">error_log_url</span>(), <span class="ruby-identifier">headers</span><span class="ruby-operator">:</span> {<span class="ruby-string">'range'</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">'bytes=0-700'</span>}).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">response_body</span>[<span class="ruby-regexp">%r{PHP Fatal error}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_log-3F-source -->
@@ -303,9 +306,9 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
<div class="method-source-code" id="error_log_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 39</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 42</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log_url</span>
<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'error_log'</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_log_url-source -->

38
doc/WpPlugins.html
View File

@@ -224,22 +224,24 @@
<div class="method-source-code" id="plugins_from_aggressive_detection-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">==</span> <span class="ruby-string">''</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-constant">PLUGINS_VULNS_FILE</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> (<span class="ruby-identifier">options</span>[<span class="ruby-value">:full</span>] <span class="ruby-operator">?</span> <span class="ruby-constant">PLUGINS_FULL_FILE</span> <span class="ruby-operator">:</span> <span class="ruby-constant">PLUGINS_FILE</span>)
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">PLUGINS_VULNS_FILE</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//plugin[@name='#{@name}']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">&quot;//plugin&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">'//plugin'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'plugins'</span>
<span class="ruby-identifier">result</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugins_dir</span>
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-string">'plugins'</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
@@ -278,19 +280,19 @@ plugins can be found in the source code :</p>
<div class="method-source-code" id="plugins_from_passive_detection-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 52</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 54</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_passive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">'plugins'</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-string">'plugins'</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }

2
doc/WpReadme.html
View File

@@ -259,7 +259,7 @@ reinstated with an upgrade.</p>
<div class="method-source-code" id="readme_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_readme.rb, line 33</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.html&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'readme.html'</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- readme_url-source -->

20
doc/WpTarget.html
View File

@@ -444,7 +444,7 @@
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 103</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_debug_log?</span>
<span class="ruby-comment"># We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)</span>
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">debug_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-string">&quot;range&quot;</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;bytes=0-700&quot;</span>}).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">debug_log_url</span>(), <span class="ruby-identifier">headers</span><span class="ruby-operator">:</span> {<span class="ruby-string">'range'</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">'bytes=0-700'</span>}).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">response_body</span>[<span class="ruby-regexp">%r{\[[^\]]+\] PHP (?:Warning|Error|Notice):}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_debug_log-3F-source -->
@@ -478,11 +478,11 @@
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@multisite</span>
<span class="ruby-comment"># when multi site, there is no redirection or a redirect to the site itself</span>
<span class="ruby-comment"># otherwise redirect to wp-login.php</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-signup.php&quot;</span>)
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-signup.php'</span>)
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">&quot;location&quot;</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rwp-login\.php\?action=register/</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rwp-login\.php\?action=register/</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">false</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">&quot;location&quot;</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rwp-signup\.php/</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rwp-signup\.php/</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">true</span>
@@ -520,7 +520,7 @@
<div class="method-source-code" id="login_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">login_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-login.php&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-login.php'</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-comment"># Let's check if the login url is redirected (to https url for example)</span>
<span class="ruby-identifier">redirection</span> = <span class="ruby-identifier">redirection</span>(<span class="ruby-identifier">url</span>)
@@ -560,7 +560,7 @@
<span class="ruby-keyword">def</span> <span class="ruby-identifier">registration_enabled?</span>
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">registration_url</span>)
<span class="ruby-comment"># redirect only on non multi sites</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">&quot;location&quot;</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rwp-login\.php\?registration=disabled/</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rwp-login\.php\?registration=disabled/</span>
<span class="ruby-identifier">enabled</span> = <span class="ruby-keyword">false</span>
<span class="ruby-comment"># multi site registration form</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r&lt;form id=&quot;setupform&quot; method=&quot;post&quot; action=&quot;[^&quot;]*wp-signup\.php[^&quot;]*&quot;&gt;/</span>
@@ -602,7 +602,7 @@
<div class="method-source-code" id="registration_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 144</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">registration_url</span>
<span class="ruby-identifier">is_multisite?</span> <span class="ruby-operator">?</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-signup.php&quot;</span>) <span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-login.php?action=register&quot;</span>)
<span class="ruby-identifier">is_multisite?</span> <span class="ruby-operator">?</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-signup.php'</span>) <span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-login.php?action=register'</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- registration_url-source -->
@@ -665,7 +665,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"
<div class="method-source-code" id="search_replace_db_2_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 116</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">search_replace_db_2_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;searchreplacedb2.php&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'searchreplacedb2.php'</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- search_replace_db_2_url-source -->
@@ -791,9 +791,9 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"
<span class="ruby-identifier">uri_path</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">path</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">index_body</span>[<span class="ruby-regexp">%r\/wp-content\/(?:themes|plugins)\//</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-string">&quot;wp-content&quot;</span>
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-string">'wp-content'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">domains_excluded</span> = <span class="ruby-string">&quot;(?:www\.)?(facebook|twitter)\.com&quot;</span>
<span class="ruby-identifier">domains_excluded</span> = <span class="ruby-string">'(?:www\.)?(facebook|twitter)\.com'</span>
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">index_body</span>[<span class="ruby-node">%r(?:href|src)\s*=\s*(?:&quot;|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^&quot;']+)\/(?:themes|plugins)\/.*(?:&quot;|')/</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>

41
doc/WpTheme.html
View File

@@ -265,7 +265,7 @@
<div class="method-source-code" id="find-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 44</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 47</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">%rfind_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">theme</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">target_uri</span>)
@@ -302,12 +302,15 @@
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">THEMES_VULNS_FILE</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">==</span> <span class="ruby-string">''</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-constant">THEMES_VULNS_FILE</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;//theme[@name='$name$']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'themes'</span>
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version</span>]
<span class="ruby-ivar">@style_url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:style_url</span>]
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
@@ -342,9 +345,9 @@
<div class="method-source-code" id="find_from_css_link-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 60</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 63</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_css_link</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%r{https?://[^&quot;']+/([^/]+)/themes/([^&quot;']+)/style.css}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span>
@@ -352,11 +355,12 @@
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
<span class="ruby-identifier">theme_name</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-value">:style_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-identifier">style_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
@@ -387,7 +391,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
<div class="method-source-code" id="find_from_wooframework-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 79</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 83</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_wooframework</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-identifier">body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">regexp</span> = <span class="ruby-regexp">%r{&lt;meta name=&quot;generator&quot; content=&quot;([^\s&quot;]+)\s?([^&quot;]+)?&quot; /&gt;\s+&lt;meta name=&quot;generator&quot; content=&quot;WooFramework\s?([^&quot;]+)?&quot; /&gt;}</span>
@@ -398,11 +402,12 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
<span class="ruby-identifier">woo_theme_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
<span class="ruby-identifier">woo_framework_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">3</span>] <span class="ruby-comment"># Not used at this time</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_name</span>,
<span class="ruby-value">:version</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_version</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">woo_theme_name</span>,
<span class="ruby-identifier">version</span><span class="ruby-operator">:</span> <span class="ruby-identifier">woo_theme_version</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">''</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-string">''</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
@@ -438,7 +443,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
<div class="method-source-code" id="3D-3D-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 53</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 56</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">wp_theme</span>)
<span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">version</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@version</span>
<span class="ruby-keyword">end</span></pre>

30
doc/WpThemes.html
View File

@@ -222,20 +222,22 @@
<div class="method-source-code" id="themes_from_aggressive_detection-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_themes.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">themes_from_aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">==</span> <span class="ruby-string">''</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-constant">THEMES_VULNS_FILE</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> (<span class="ruby-identifier">options</span>[<span class="ruby-value">:full</span>] <span class="ruby-operator">?</span> <span class="ruby-constant">THEMES_FULL_FILE</span> <span class="ruby-operator">:</span> <span class="ruby-constant">THEMES_FILE</span>)
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">THEMES_VULNS_FILE</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//theme[@name='#{@name}']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">&quot;//theme&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">'//theme'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'themes'</span>
<span class="ruby-identifier">result</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">themes</span> = []
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">themes</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpTheme</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">themes</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }
@@ -266,17 +268,17 @@
<div class="method-source-code" id="themes_from_passive_detection-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_themes.rb, line 41</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_themes.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">themes_from_passive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">themes</span> = []
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">&quot;themes&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">'themes'</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">themes</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpTheme</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">themes</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }

30
doc/WpTimthumbs.html
View File

@@ -222,7 +222,7 @@
<div class="method-source-code" id="has_timthumbs-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 24</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_timthumbs?</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-operator">!</span><span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>).<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">end</span></pre>
@@ -252,15 +252,15 @@
<div class="method-source-code" id="timthumbs-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 28</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 31</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">theme_name</span> = <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@wp_timthumbs</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'timthumbs'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/timthumbs.txt&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-string">&quot;xxx&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;xxx&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">&quot;xxx&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/timthumbs.txt'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-string">'xxx'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">'xxx'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">'xxx'</span>
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">theme_name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
@@ -304,7 +304,7 @@
<div class="method-source-code" id="targets_url_from_theme-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 49</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 52</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">targets_url_from_theme</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-identifier">targets</span> = []
<span class="ruby-identifier">theme_name</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">escape</span>(<span class="ruby-identifier">theme_name</span>)
@@ -314,13 +314,13 @@
scripts/timthumb.php tools/timthumb.php functions/timthumb.php
}</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;themes/#{theme_name}/#{file}&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;XX&quot;</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;timthumbs&quot;</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>],
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-node">&quot;themes/#{theme_name}/#{file}&quot;</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-identifier">vulns_file</span><span class="ruby-operator">:</span> <span class="ruby-string">'XX'</span>,
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-string">'timthumbs'</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">targets</span>

24
doc/WpUser.html
View File

@@ -268,7 +268,7 @@
<div class="method-heading">
<span class="method-name">&lt;=&gt;</span><span
class="method-args">(item)</span>
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -281,8 +281,8 @@
<div class="method-source-code" id="3C-3D-3E-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">item</span>)
<span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3C-3D-3E-source -->
@@ -298,7 +298,7 @@
<div class="method-heading">
<span class="method-name">===</span><span
class="method-args">(item)</span>
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -311,8 +311,8 @@
<div class="method-source-code" id="3D-3D-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 64</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">item</span>)
<span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">id</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">nickname</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">id</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">nickname</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3D-3D-3D-source -->
@@ -328,7 +328,7 @@
<div class="method-heading">
<span class="method-name">eql?</span><span
class="method-args">(item)</span>
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -341,8 +341,8 @@
<div class="method-source-code" id="eql-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 68</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">eql?</span>(<span class="ruby-identifier">item</span>)
<span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">id</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">nickname</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">eql?</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">id</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">nickname</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- eql-3F-source -->
@@ -373,7 +373,7 @@
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 32</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">id</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@id</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@id</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">strip</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">return</span> <span class="ruby-string">&quot;empty&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-string">'empty'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@id</span>
<span class="ruby-keyword">end</span></pre>
@@ -436,7 +436,7 @@
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">name</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@name</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@name</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">strip</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">return</span> <span class="ruby-string">&quot;empty&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-string">'empty'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@name</span>
<span class="ruby-keyword">end</span></pre>
@@ -499,7 +499,7 @@
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@nickname</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@nickname</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">strip</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">return</span> <span class="ruby-string">&quot;empty&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-string">'empty'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@nickname</span>
<span class="ruby-keyword">end</span></pre>

10
doc/WpUsernames.html
View File

@@ -324,7 +324,7 @@
<div class="method-source-code" id="get_nickname_from_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_nickname_from_url</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">nickname</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">extract_nickname_from_body</span>(<span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span>)
@@ -360,21 +360,21 @@
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 81</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">remove_junk_from_nickname</span>(<span class="ruby-identifier">usernames</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">kind_of?</span> <span class="ruby-constant">Array</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;Need an array as input&quot;</span>)
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'Need an array as input'</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">nicknames</span> = []
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">kind_of?</span> <span class="ruby-constant">WpUser</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;Items must be of type WpUser&quot;</span>)
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'Items must be of type WpUser'</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">nickname</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;empty&quot;</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">nickname</span> <span class="ruby-operator">==</span> <span class="ruby-string">'empty'</span>
<span class="ruby-identifier">nicknames</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">junk</span> = <span class="ruby-identifier">get_equal_string_end</span>(<span class="ruby-identifier">nicknames</span>)
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-node">%r#{Regexp.escape(junk)}$/</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-node">%r#{Regexp.escape(junk)}$/</span>, <span class="ruby-string">''</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">usernames</span>
<span class="ruby-keyword">end</span></pre>

24
doc/WpVersion.html
View File

@@ -291,14 +291,14 @@ etc)</p>
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 39</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-identifier">options</span> = {
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>
}
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">%rfind_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">version</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">version</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-identifier">version</span>, <span class="ruby-value">:discovery_method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">method_to_call</span>[<span class="ruby-regexp">%r{find_from_(.*)}</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">gsub</span>(<span class="ruby-string">'_'</span>, <span class="ruby-string">' '</span>))
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-identifier">version</span>, <span class="ruby-identifier">discovery_method</span><span class="ruby-operator">:</span> <span class="ruby-identifier">method_to_call</span>[<span class="ruby-regexp">%r{find_from_(.*)}</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">gsub</span>(<span class="ruby-string">'_'</span>, <span class="ruby-string">' '</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">nil</span>
@@ -376,12 +376,12 @@ etc)</p>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_advanced_fingerprinting</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-comment"># needed for rpsec tests</span>
<span class="ruby-identifier">version_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/wp_versions.xml&quot;</span>
<span class="ruby-identifier">version_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">WP_VERSIONS_FILE</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">version_xml</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">&quot;//file&quot;</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">'//file'</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">wp_content</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-identifier">wp_plugins</span> = <span class="ruby-node">&quot;#{wp_content}/plugins&quot;</span>
<span class="ruby-identifier">file_url</span> = <span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'src'</span>).<span class="ruby-identifier">text</span>).<span class="ruby-identifier">to_s</span>
@@ -427,7 +427,7 @@ source.</p>
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 99</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_atom_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;feed/atom/&quot;</span>).<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'feed/atom/'</span>).<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{&lt;generator uri=&quot;http://wordpress.org/&quot; version=&quot;#{WpVersion.version_pattern}&quot;&gt;WordPress&lt;/generator&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
@@ -460,7 +460,7 @@ source.</p>
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 164</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_links_opml</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-links-opml.php&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-links-opml.php'</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_links_opml-source -->
@@ -495,7 +495,7 @@ upgrade.</p>
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_meta_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{name=&quot;generator&quot; content=&quot;wordpress #{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
@@ -529,7 +529,7 @@ source.</p>
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 79</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rdf_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;feed/rdf/&quot;</span>).<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'feed/rdf/'</span>).<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{&lt;admin:generatorAgent rdf:resource=&quot;http://wordpress.org/\?v=#{WpVersion.version_pattern}&quot; /&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
@@ -562,7 +562,7 @@ source.</p>
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 150</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_readme</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.html&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{&lt;br /&gt;\sversion #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'readme.html'</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{&lt;br /&gt;\sversion #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_readme-source -->
@@ -594,7 +594,7 @@ feed source.</p>
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 70</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rss_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;feed/&quot;</span>).<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'feed/'</span>).<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{&lt;generator&gt;http://wordpress.org/\?v=#{WpVersion.version_pattern}&lt;/generator&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
@@ -630,7 +630,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 158</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_sitemap_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;sitemap.xml&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'sitemap.xml'</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_sitemap_generator-source -->

60
doc/WpscanOptions.html
View File

@@ -394,23 +394,23 @@ any remaining - by _</p>
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 232</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">get_opt_long</span>
<span class="ruby-constant">GetoptLong</span>.<span class="ruby-identifier">new</span>(
[<span class="ruby-string">&quot;--url&quot;</span>, <span class="ruby-string">&quot;-u&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--enumerate&quot;</span>, <span class="ruby-string">&quot;-e&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">OPTIONAL_ARGUMENT</span>],
[<span class="ruby-string">&quot;--username&quot;</span>, <span class="ruby-string">&quot;-U&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--wordlist&quot;</span>, <span class="ruby-string">&quot;-w&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--threads&quot;</span>, <span class="ruby-string">&quot;-t&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--force&quot;</span>, <span class="ruby-string">&quot;-f&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">&quot;--help&quot;</span>, <span class="ruby-string">&quot;-h&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">&quot;--verbose&quot;</span>, <span class="ruby-string">&quot;-v&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">&quot;--proxy&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--proxy-auth&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--update&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">&quot;--follow-redirection&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">&quot;--wp-content-dir&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--wp-plugins-dir&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--config-file&quot;</span>, <span class="ruby-string">&quot;-c&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--exclude-content-based&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--basic-auth&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>]
[<span class="ruby-string">'--url'</span>, <span class="ruby-string">'-u'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">'--enumerate'</span>, <span class="ruby-string">'-e'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">OPTIONAL_ARGUMENT</span>],
[<span class="ruby-string">'--username'</span>, <span class="ruby-string">'-U'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">'--wordlist'</span>, <span class="ruby-string">'-w'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">'--threads'</span>, <span class="ruby-string">'-t'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">'--force'</span>, <span class="ruby-string">'-f'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">'--help'</span>, <span class="ruby-string">'-h'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">'--verbose'</span>, <span class="ruby-string">'-v'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">'--proxy'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">'--proxy-auth'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">'--update'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">'--follow-redirection'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">'--wp-content-dir'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">'--wp-plugins-dir'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">'--config-file'</span>, <span class="ruby-string">'-c'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">'--exclude-content-based'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">'--basic-auth'</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>]
)
<span class="ruby-keyword">end</span></pre>
</div><!-- get_opt_long-source -->
@@ -510,7 +510,7 @@ any remaining - by _</p>
<div class="method-source-code" id="basic_auth-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 140</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">basic_auth=</span>(<span class="ruby-identifier">basic_auth</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Invalid basic authentication format, login:password expected&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">basic_auth</span>.<span class="ruby-identifier">index</span>(<span class="ruby-string">':'</span>).<span class="ruby-identifier">nil?</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Invalid basic authentication format, login:password expected'</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">basic_auth</span>.<span class="ruby-identifier">index</span>(<span class="ruby-string">':'</span>).<span class="ruby-identifier">nil?</span>
<span class="ruby-ivar">@basic_auth</span> = <span class="ruby-node">&quot;Basic #{Base64.encode64(basic_auth).chomp}&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- basic_auth-3D-source -->
@@ -542,7 +542,7 @@ any remaining - by _</p>
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 108</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_all_plugins=</span>(<span class="ruby-identifier">enumerate_all_plugins</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">enumerate_all_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">and</span> (<span class="ruby-ivar">@enumerate_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@enumerate_only_vulnerable_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Please choose only one plugin enumeration option&quot;</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Please choose only one plugin enumeration option'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@enumerate_all_plugins</span> = <span class="ruby-identifier">enumerate_all_plugins</span>
<span class="ruby-keyword">end</span>
@@ -576,7 +576,7 @@ any remaining - by _</p>
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 132</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_all_themes=</span>(<span class="ruby-identifier">enumerate_all_themes</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">enumerate_all_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">and</span> (<span class="ruby-ivar">@enumerate_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@enumerate_only_vulnerable_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Please choose only one theme enumeration option&quot;</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Please choose only one theme enumeration option'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@enumerate_all_themes</span> = <span class="ruby-identifier">enumerate_all_themes</span>
<span class="ruby-keyword">end</span>
@@ -610,7 +610,7 @@ any remaining - by _</p>
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 100</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_only_vulnerable_plugins=</span>(<span class="ruby-identifier">enumerate_only_vulnerable_plugins</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">enumerate_only_vulnerable_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">and</span> (<span class="ruby-ivar">@enumerate_all_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@enumerate_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Please choose only one plugin enumeration option&quot;</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Please choose only one plugin enumeration option'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@enumerate_only_vulnerable_plugins</span> = <span class="ruby-identifier">enumerate_only_vulnerable_plugins</span>
<span class="ruby-keyword">end</span>
@@ -644,7 +644,7 @@ any remaining - by _</p>
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 124</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_only_vulnerable_themes=</span>(<span class="ruby-identifier">enumerate_only_vulnerable_themes</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">enumerate_only_vulnerable_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">and</span> (<span class="ruby-ivar">@enumerate_all_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@enumerate_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Please choose only one theme enumeration option&quot;</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Please choose only one theme enumeration option'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@enumerate_only_vulnerable_themes</span> = <span class="ruby-identifier">enumerate_only_vulnerable_themes</span>
<span class="ruby-keyword">end</span>
@@ -683,7 +683,7 @@ href="http://1-10">u</a> will enumerate usernames from 1 to 10</p>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_options_from_string</span>(<span class="ruby-identifier">value</span>)
<span class="ruby-comment"># Usage of self is mandatory because there are overridden setters</span>
<span class="ruby-identifier">value</span> = <span class="ruby-identifier">value</span>.<span class="ruby-identifier">split</span>(<span class="ruby-string">','</span>).<span class="ruby-identifier">map</span>{ <span class="ruby-operator">|</span><span class="ruby-identifier">c</span><span class="ruby-operator">|</span> <span class="ruby-identifier">c</span>.<span class="ruby-identifier">downcase</span> }
<span class="ruby-identifier">value</span> = <span class="ruby-identifier">value</span>.<span class="ruby-identifier">split</span>(<span class="ruby-string">','</span>).<span class="ruby-identifier">map</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">c</span><span class="ruby-operator">|</span> <span class="ruby-identifier">c</span>.<span class="ruby-identifier">downcase</span> }
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">enumerate_only_vulnerable_plugins</span> = <span class="ruby-keyword">true</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-string">'vp'</span>)
@@ -738,7 +738,7 @@ href="http://1-10">u</a> will enumerate usernames from 1 to 10</p>
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 92</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_plugins=</span>(<span class="ruby-identifier">enumerate_plugins</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">enumerate_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">and</span> (<span class="ruby-ivar">@enumerate_all_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@enumerate_only_vulnerable_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Please choose only one plugin enumeration option&quot;</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Please choose only one plugin enumeration option'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@enumerate_plugins</span> = <span class="ruby-identifier">enumerate_plugins</span>
<span class="ruby-keyword">end</span>
@@ -772,7 +772,7 @@ href="http://1-10">u</a> will enumerate usernames from 1 to 10</p>
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 116</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_themes=</span>(<span class="ruby-identifier">enumerate_themes</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">enumerate_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">and</span> (<span class="ruby-ivar">@enumerate_all_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@enumerate_only_vulnerable_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Please choose only one theme enumeration option&quot;</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Please choose only one theme enumeration option'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@enumerate_themes</span> = <span class="ruby-identifier">enumerate_themes</span>
<span class="ruby-keyword">end</span>
@@ -836,7 +836,7 @@ href="http://1-10">u</a> will enumerate usernames from 1 to 10</p>
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 76</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">proxy=</span>(<span class="ruby-identifier">proxy</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">proxy</span>.<span class="ruby-identifier">index</span>(<span class="ruby-string">':'</span>) <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Invalid proxy format. Should be host:port.&quot;</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Invalid proxy format. Should be host:port.'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@proxy</span> = <span class="ruby-identifier">proxy</span>
<span class="ruby-keyword">end</span>
@@ -870,7 +870,7 @@ href="http://1-10">u</a> will enumerate usernames from 1 to 10</p>
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 84</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">proxy_auth=</span>(<span class="ruby-identifier">auth</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">auth</span>.<span class="ruby-identifier">index</span>(<span class="ruby-string">':'</span>) <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Invalid proxy auth format, username:password expected&quot;</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Invalid proxy auth format, username:password expected'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@proxy_auth</span> = <span class="ruby-identifier">auth</span>
<span class="ruby-keyword">end</span>
@@ -910,9 +910,9 @@ value</p>
<span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">option_to_instance_variable_setter</span>(<span class="ruby-identifier">cli_option</span>),
<span class="ruby-identifier">cli_value</span>
)
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">cli_option</span> <span class="ruby-operator">===</span> <span class="ruby-string">&quot;--enumerate&quot;</span> <span class="ruby-comment"># Special cases</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">cli_option</span> <span class="ruby-operator">===</span> <span class="ruby-string">'--enumerate'</span> <span class="ruby-comment"># Special cases</span>
<span class="ruby-comment"># Default value if no argument is given</span>
<span class="ruby-identifier">cli_value</span> = <span class="ruby-string">&quot;vt,tt,u,vp&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">cli_value</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">cli_value</span> = <span class="ruby-string">'vt,tt,u,vp'</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">cli_value</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">enumerate_options_from_string</span>(<span class="ruby-identifier">cli_value</span>)
<span class="ruby-keyword">else</span>
@@ -1016,7 +1016,7 @@ value</p>
<div class="method-source-code" id="url-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 58</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">url=</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Empty URL given&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">url</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Empty URL given'</span> <span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">url</span>
<span class="ruby-ivar">@url</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">add_http_protocol</span>(<span class="ruby-identifier">url</span>)).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>

88
doc/created.rid
View File

@@ -1,47 +1,47 @@
Sat, 19 Jan 2013 21:42:06 +0100
Sun, 27 Jan 2013 01:14:27 +0100
./CREDITS Fri, 11 Jan 2013 21:40:57 +0100
./Gemfile Wed, 09 Jan 2013 21:35:00 +0100
./lib/browser.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/cache_file_store.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/common/custom_option_parser.rb Sat, 19 Jan 2013 12:52:13 +0100
./lib/common/plugins/plugin.rb Sat, 19 Jan 2013 12:52:13 +0100
./lib/common/plugins/plugins.rb Sat, 19 Jan 2013 12:52:13 +0100
./lib/common_helper.rb Sat, 19 Jan 2013 21:27:22 +0100
./lib/environment.rb Sat, 19 Jan 2013 12:52:13 +0100
./lib/updater/git_updater.rb Sun, 13 Jan 2013 21:08:52 +0100
./lib/updater/svn_updater.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/updater/updater.rb Mon, 14 Jan 2013 12:42:10 +0100
./lib/updater/updater_factory.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/modules/brute_force.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/modules/malwares.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/modules/web_site.rb Sat, 19 Jan 2013 18:50:05 +0100
./lib/wpscan/modules/wp_config_backup.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/modules/wp_full_path_disclosure.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/modules/wp_login_protection.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/modules/wp_plugins.rb Sat, 19 Jan 2013 21:26:26 +0100
./lib/wpscan/modules/wp_readme.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/modules/wp_themes.rb Sat, 19 Jan 2013 21:29:48 +0100
./lib/wpscan/modules/wp_timthumbs.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/modules/wp_usernames.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/vulnerable.rb Sun, 13 Jan 2013 20:53:11 +0100
./lib/wpscan/wp_detector.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/wp_enumerator.rb Sat, 19 Jan 2013 20:52:04 +0100
./lib/wpscan/wp_item.rb Sat, 19 Jan 2013 21:29:12 +0100
./lib/wpscan/wp_options.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/wp_plugin.rb Sat, 19 Jan 2013 21:26:18 +0100
./lib/wpscan/wp_target.rb Sat, 19 Jan 2013 18:50:29 +0100
./lib/wpscan/wp_theme.rb Sat, 19 Jan 2013 21:29:43 +0100
./lib/wpscan/wp_user.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/wp_version.rb Sat, 19 Jan 2013 21:30:10 +0100
./lib/wpscan/wp_vulnerability.rb Sun, 13 Jan 2013 20:53:26 +0100
./lib/wpscan/wpscan_helper.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpscan/wpscan_options.rb Fri, 11 Jan 2013 21:40:57 +0100
./lib/wpstools/plugins/checker/checker_plugin.rb Sat, 19 Jan 2013 21:27:43 +0100
./lib/wpstools/plugins/list_generator/generate_list.rb Sat, 19 Jan 2013 21:29:25 +0100
./lib/wpstools/plugins/list_generator/list_generator_plugin.rb Sat, 19 Jan 2013 12:52:13 +0100
./lib/wpstools/plugins/list_generator/svn_parser.rb Sat, 19 Jan 2013 20:52:04 +0100
./lib/wpstools/wpstools_helper.rb Sat, 19 Jan 2013 12:52:13 +0100
./log.txt Sat, 19 Jan 2013 21:33:28 +0100
./lib/browser.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/cache_file_store.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/common/custom_option_parser.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/common/plugins/plugin.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/common/plugins/plugins.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/common_helper.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/environment.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/updater/git_updater.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/updater/svn_updater.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/updater/updater.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/updater/updater_factory.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/brute_force.rb Sun, 27 Jan 2013 00:31:13 +0100
./lib/wpscan/modules/malwares.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/web_site.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_config_backup.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_full_path_disclosure.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_login_protection.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_plugins.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_readme.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_themes.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_timthumbs.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_usernames.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/vulnerable.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_detector.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_enumerator.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_item.rb Fri, 25 Jan 2013 22:39:51 +0100
./lib/wpscan/wp_options.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_plugin.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_target.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_theme.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_user.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_version.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_vulnerability.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wpscan_helper.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wpscan_options.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpstools/plugins/checker/checker_plugin.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpstools/plugins/list_generator/generate_list.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpstools/plugins/list_generator/list_generator_plugin.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpstools/plugins/list_generator/svn_parser.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpstools/wpstools_helper.rb Thu, 24 Jan 2013 22:19:29 +0100
./log.txt Sun, 27 Jan 2013 00:31:06 +0100
./README Sat, 19 Jan 2013 18:50:05 +0100
./wpscan.rb Sat, 19 Jan 2013 21:10:11 +0100
./wpstools.rb Sat, 19 Jan 2013 13:13:52 +0100
./wpscan.rb Thu, 24 Jan 2013 22:19:29 +0100
./wpstools.rb Thu, 24 Jan 2013 22:19:29 +0100

2
doc/js/search_index.js
View File

File diff suppressed because one or more lines are too long

239
doc/log_txt.html Normal file
View File

@@ -0,0 +1,239 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>log - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body class="file">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation" class="description">
<p><em>__</em></p>
<pre>__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v2.0r60a6f16
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative</pre>
<p><em>_</em></p>
<p>Examples :</p>
<p>-Further help … ruby /Users/firefart/Coding/wpscan_master/wpscan.rb help</p>
<p>-Do non-intrusive checks … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a></p>
<p>-Do wordlist password brute force on enumerated users using 50 threads …
ruby /Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> wordlist darkc0de.lst
threads 50</p>
<p>-Do wordlist password brute force on the admin username only … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> wordlist darkc0de.lst
username admin</p>
<p>-Enumerate installed plugins … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> enumerate p</p>
<p>-Enumerate installed themes … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> enumerate t</p>
<p>-Enumerate users … ruby /Users/firefart/Coding/wpscan_master/wpscan.rb url
<a href="http://www.example.com">www.example.com</a> enumerate u</p>
<p>-Enumerate installed timthumbs … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> enumerate tt</p>
<p>-Use a HTTP proxy … ruby /Users/firefart/Coding/wpscan_master/wpscan.rb
url <a href="http://www.example.com">www.example.com</a> proxy
127.0.0.1:8118</p>
<p>-Use a SOCKS5 proxy … (cURL &gt;= v7.21.7 needed) ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> proxy
socks5://127.0.0.1:9000</p>
<p>-Use custom content directory … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb -u <a
href="http://www.example.com">www.example.com</a> wp-content-dir
custom-content</p>
<p>-Use custom plugins directory … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb -u <a
href="http://www.example.com">www.example.com</a> wp-plugins-dir
wp-content/custom-plugins</p>
<p>-Update … ruby /Users/firefart/Coding/wpscan_master/wpscan.rb update</p>
<p>See <a href="README.html">README</a> for further information.</p>
<p>[<a href="http://ERROR">31m</a> No argument supplied  Trace :
/Users/firefart/Coding/wpscan_master/wpscan.rb:46:in `&lt;main&gt;
Coverage report generated for RSpec to
/Users/firefart/Coding/wpscan_master/coverage. 1040 / 1113 LOC (93.44%)
covered.</p>
</div>
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

2
doc/table_of_contents.html
View File

@@ -501,7 +501,7 @@
<li class="method"><a href="Object.html#method-i-puts">#puts &mdash; Object</a>
<li class="method"><a href="Browser.html#method-i-raise_invalid_proxy_format">#raise_invalid_proxy_format &mdash; Browser</a>
<li class="method"><a href="Browser.html#method-i-raise_invalid_proxy_auth_format">#raise_invalid_proxy_auth_format &mdash; Browser</a>
<li class="method"><a href="CacheFileStore.html#method-i-read_entry">#read_entry &mdash; CacheFileStore</a>