# File lib/wpscan/wp_item.rb, line 122 +# File lib/wpscan/wp_item.rb, line 128 def <=>(other) other.name <=> self.name end@@ -435,7 +437,7 @@-# File lib/wpscan/wp_item.rb, line 112 +# File lib/wpscan/wp_item.rb, line 118 def ==(other) other.name == self.name end@@ -465,7 +467,7 @@-# File lib/wpscan/wp_item.rb, line 117 +# File lib/wpscan/wp_item.rb, line 123 def ===(other) other.name == self.name end@@ -495,7 +497,7 @@-# File lib/wpscan/wp_item.rb, line 132 +# File lib/wpscan/wp_item.rb, line 138 def changelog_url get_url_without_filename.merge("changelog.txt") end@@ -525,7 +527,7 @@-# File lib/wpscan/wp_item.rb, line 95 +# File lib/wpscan/wp_item.rb, line 101 def directory_listing? # Need to remove to file part from the url Browser.instance.get(get_url_without_filename).body[%r{<title>Index of}] ? true : false @@ -556,7 +558,7 @@-# File lib/wpscan/wp_item.rb, line 101 +# File lib/wpscan/wp_item.rb, line 107 def extract_name_from_url get_full_url.to_s[%r{^(https?://.*/([^/]+)/)}, 2] end@@ -586,7 +588,7 @@-# File lib/wpscan/wp_item.rb, line 57 +# File lib/wpscan/wp_item.rb, line 63 def get_full_url url = @base_url.to_s.end_with?("/") ? @base_url.to_s : "#@base_url/" # remove first and last / @@ -630,7 +632,7 @@-# File lib/wpscan/wp_item.rb, line 43 +# File lib/wpscan/wp_item.rb, line 49 def get_sub_folder case @type when "themes" @@ -669,7 +671,7 @@-# File lib/wpscan/wp_item.rb, line 76 +# File lib/wpscan/wp_item.rb, line 82 def get_url_without_filename location_url = get_full_url.to_s valid_location_url = location_url[%r{^(https?://.*/)[^.]+\.[^/]+$}, 1] @@ -704,7 +706,7 @@-# File lib/wpscan/wp_item.rb, line 146 +# File lib/wpscan/wp_item.rb, line 152 def has_changelog? unless @changelog status = Browser.instance.get(changelog_url).code @@ -738,7 +740,7 @@-# File lib/wpscan/wp_item.rb, line 137 +# File lib/wpscan/wp_item.rb, line 143 def has_readme? unless @readme status = Browser.instance.get(readme_url).code @@ -772,7 +774,7 @@-# File lib/wpscan/wp_item.rb, line 127 +# File lib/wpscan/wp_item.rb, line 133 def readme_url get_url_without_filename.merge("readme.txt") end@@ -802,7 +804,7 @@-# File lib/wpscan/wp_item.rb, line 106 +# File lib/wpscan/wp_item.rb, line 112 def to_s item_version = version "#@name#{' v' + item_version.strip if item_version}" @@ -833,7 +835,7 @@-+# File lib/wpscan/wp_item.rb, line 86 +# File lib/wpscan/wp_item.rb, line 92 def version unless @version response = Browser.instance.get(get_full_url.merge("readme.txt").to_s) @@ -851,6 +853,37 @@+ ++ + diff --git a/doc/WpPlugin.html b/doc/WpPlugin.html index 77888833..274ff07f 100644 --- a/doc/WpPlugin.html +++ b/doc/WpPlugin.html @@ -223,7 +223,7 @@+ wp_org_url() + click to toggle source ++ + ++ ++ + + + +The wordpress.org plugins directory URL See: github.com/wpscanteam/wpscan/issues/100
+ + + +++ +# File lib/wpscan/wp_item.rb, line 45 +def wp_org_url + URI('http://wordpress.org/extend/plugins/').merge("#@name/") +end+# File lib/wpscan/wp_plugin.rb, line 20 def initialize(options = {}) options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? - options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml" + options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml" options[:vulns_xpath] = "//plugin[@name='$name$']/vulnerability" options[:vulns_xpath_2] = "//plugin" options[:type] = "plugins" diff --git a/doc/WpPlugins.html b/doc/WpPlugins.html index 5aad8562..fd762ba4 100644 --- a/doc/WpPlugins.html +++ b/doc/WpPlugins.html @@ -218,7 +218,7 @@ def plugins_from_aggressive_detection(options) options[:file] = options[:file] || (options[:full] ? "#{DATA_DIR}/plugins_full.txt" : "#{DATA_DIR}/plugins.txt") options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? - options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml" + options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml" options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability" options[:vulns_xpath_2] = "//plugin" options[:type] = "plugins" diff --git a/doc/created.rid b/doc/created.rid index 81a32dcf..28f3e42a 100644 --- a/doc/created.rid +++ b/doc/created.rid @@ -1,43 +1,43 @@ -Wed, 09 Jan 2013 23:03:38 +0100 -./CREDITS Wed, 09 Jan 2013 21:31:44 +0100 -./Gemfile Wed, 09 Jan 2013 21:31:44 +0100 -./lib/browser.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/cache_file_store.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/common_helper.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/environment.rb Wed, 09 Jan 2013 21:33:11 +0100 -./lib/updater/git_updater.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/updater/svn_updater.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/updater/updater.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/updater/updater_factory.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/exploit.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/modules/brute_force.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/modules/malwares.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/modules/web_site.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/modules/wp_config_backup.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/modules/wp_full_path_disclosure.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/modules/wp_login_protection.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/modules/wp_plugins.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/modules/wp_readme.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/modules/wp_themes.rb Wed, 09 Jan 2013 23:00:05 +0100 -./lib/wpscan/modules/wp_timthumbs.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/modules/wp_usernames.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/msfrpc_client.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/vulnerable.rb Wed, 09 Jan 2013 22:46:41 +0100 -./lib/wpscan/wp_detector.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/wp_enumerator.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/wp_item.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/wp_options.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/wp_plugin.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/wp_target.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/wp_theme.rb Wed, 09 Jan 2013 22:59:58 +0100 -./lib/wpscan/wp_user.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/wp_version.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/wp_vulnerability.rb Wed, 09 Jan 2013 22:46:41 +0100 -./lib/wpscan/wpscan_helper.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpscan/wpscan_options.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpstools/generate_list.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpstools/parse_svn.rb Wed, 09 Jan 2013 21:31:44 +0100 -./lib/wpstools/wpstools_helper.rb Wed, 09 Jan 2013 21:33:11 +0100 -./README Wed, 09 Jan 2013 21:33:11 +0100 -./wpscan.rb Wed, 09 Jan 2013 22:46:41 +0100 -./wpstools.rb Wed, 09 Jan 2013 22:59:49 +0100 +Fri, 11 Jan 2013 17:41:24 +0100 +./CREDITS Fri, 11 Jan 2013 17:33:10 +0100 +./Gemfile Fri, 11 Jan 2013 17:33:10 +0100 +./lib/browser.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/cache_file_store.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/common_helper.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/environment.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/updater/git_updater.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/updater/svn_updater.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/updater/updater.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/updater/updater_factory.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/exploit.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/brute_force.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/malwares.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/web_site.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/wp_config_backup.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/wp_full_path_disclosure.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/wp_login_protection.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/wp_plugins.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/wp_readme.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/wp_themes.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/wp_timthumbs.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/modules/wp_usernames.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/msfrpc_client.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/vulnerable.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wp_detector.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wp_enumerator.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wp_item.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wp_options.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wp_plugin.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wp_target.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wp_theme.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wp_user.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wp_version.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wp_vulnerability.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wpscan_helper.rb Fri, 11 Jan 2013 17:40:04 +0100 +./lib/wpscan/wpscan_options.rb Fri, 11 Jan 2013 17:40:05 +0100 +./lib/wpstools/generate_list.rb Fri, 11 Jan 2013 17:40:05 +0100 +./lib/wpstools/parse_svn.rb Fri, 11 Jan 2013 17:40:05 +0100 +./lib/wpstools/wpstools_helper.rb Fri, 11 Jan 2013 17:40:05 +0100 +./README Fri, 11 Jan 2013 17:33:10 +0100 +./wpscan.rb Fri, 11 Jan 2013 17:34:28 +0100 +./wpstools.rb Fri, 11 Jan 2013 17:34:28 +0100 diff --git a/doc/js/search_index.js b/doc/js/search_index.js index 4fe26b00..b0bb0073 100644 --- a/doc/js/search_index.js +++ b/doc/js/search_index.js @@ -1 +1 @@ -var search_data = {"index":{"searchIndex":["array","browser","bruteforce","cachefilestore","exploit","generate_list","gitupdater","malwares","object","rpcclient","svnupdater","svn_parser","uri","updater","updaterfactory","vulnerable","website","wpconfigbackup","wpdetector","wpenumerator","wpfullpathdisclosure","wpitem","wploginprotection","wpoptions","wpplugin","wpplugins","wpreadme","wptarget","wptheme","wpthemes","wptimthumbs","wpuser","wpusernames","wpversion","wpvulnerability","wpscanoptions","<=>()","<=>()","==()","===()","===()","===()","_grep_()","add_http_protocol()","add_trailing_slash()","aggressive_detection()","authenticate()","author_url()","available_updaters_classes()","banner()","basic_auth=()","better_wp_security_url()","bluetrait_event_viewer_url()","brute_force()","changelog_url()","check_options()","choose_session()","clean()","clean_option()","colorize()","config_backup()","config_backup_files()","debug_log_url()","directory_listing?()","enumerate()","enumerate_all_plugins=()","enumerate_all_themes=()","enumerate_only_vulnerable_plugins=()","enumerate_only_vulnerable_themes=()","enumerate_options_from_string()","enumerate_plugins=()","enumerate_themes=()","eql?()","error_404_hash()","error_log?()","error_log_url()","escape()","exploit()","exploit()","exploit_info()","extract_name_from_url()","extract_nickname_from_body()","find()","find()","find_from_advanced_fingerprinting()","find_from_atom_generator()","find_from_css_link()","find_from_links_opml()","find_from_meta_generator()","find_from_rdf_generator()","find_from_readme()","find_from_rss_generator()","find_from_sitemap_generator()","find_from_wooframework()","forge_request()","full_path_disclosure_url()","generate_full_list()","generate_items()","generate_popular_list()","get()","get_entry_file_path()","get_equal_string_end()","get_exploit_info()","get_full_url()","get_nickname_from_response()","get_nickname_from_url()","get_opt_long()","get_options()","get_payloads()","get_popular_items()","get_sub_folder()","get_updater()","get_url_without_filename()","green()","grep()","has_basic_auth?()","has_better_wp_security_protection?()","has_bluetrait_event_viewer_protection?()","has_changelog?()","has_debug_log?()","has_full_path_disclosure?()","has_limit_login_attempts_protection?()","has_login_lock_protection?()","has_login_lockdown_protection?()","has_login_protection?()","has_login_security_solution_protection?()","has_malwares?()","has_options?()","has_readme?()","has_readme?()","has_simple_login_lockdown_protection?()","has_timthumbs?()","has_xml_rpc?()","help()","homepage_hash()","id()","id=()","instance()","is_installed?()","is_installed?()","is_installed?()","is_long_option?()","is_multisite?()","job_id()","jobs()","kill_session()","kill_session()","last_session_id()","limit_login_attempts_url()","lines_in_file()","load_config()","load_from_arguments()","local_revision_number()","local_revision_number()","local_revision_number()","login()","login_protection_plugin()","login_security_solution_url()","login_url()","malware_pattern()","malwares()","malwares_file()","max_threads=()","merge_request_params()","meterpreter_read()","meterpreter_read()","meterpreter_write()","meterpreter_write()","name()","name=()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","nickname()","nickname=()","online?()","option_to_instance_variable_setter()","page_hash()","parse()","passive_detection()","plugins_from_aggressive_detection()","plugins_from_passive_detection()","post()","proxy=()","proxy_auth=()","proxy_auth=()","raise_invalid_proxy_format()","raise_must_be_implemented()","read_entry()","read_shell()","read_shell()","readme_url()","readme_url()","red()","redirection()","registration_enabled?()","registration_url()","remove_junk_from_nickname()","repo_directory_arguments()","require_files_from_directory()","reset()","rss_url()","save()","search_replace_db_2_exists?()","search_replace_db_2_url()","session_count()","sessions()","sessions()","set_file_name()","set_option_from_cli()","simple_login_lockdown_url()","start()","targets_url_from_theme()","theme()","themes_from_aggressive_detection()","themes_from_passive_detection()","threads=()","timthumbs()","to_h()","to_s()","update()","update()","update()","url()","url=()","usage()","user_agent()","user_agent_mode=()","usernames()","valid_response_codes()","version()","version()","version_pattern()","vulnerabilities()","wordlist=()","wordpress?()","wp_content_dir()","wp_plugins_dir()","wp_plugins_dir_exists?()","write_entry()","write_shell()","write_shell()","xml_rpc_url()","credits","gemfile","readme"],"longSearchIndex":["array","browser","bruteforce","cachefilestore","exploit","generate_list","gitupdater","malwares","object","rpcclient","svnupdater","svn_parser","uri","updater","updaterfactory","vulnerable","website","wpconfigbackup","wpdetector","wpenumerator","wpfullpathdisclosure","wpitem","wploginprotection","wpoptions","wpplugin","wpplugins","wpreadme","wptarget","wptheme","wpthemes","wptimthumbs","wpuser","wpusernames","wpversion","wpvulnerability","wpscanoptions","wpitem#<=>()","wpuser#<=>()","wpitem#==()","wpitem#===()","wptheme#===()","wpuser#===()","array#_grep_()","object#add_http_protocol()","object#add_trailing_slash()","wpdetector::aggressive_detection()","rpcclient#authenticate()","wpusernames#author_url()","updaterfactory::available_updaters_classes()","object#banner()","wpscanoptions#basic_auth=()","wploginprotection#better_wp_security_url()","wploginprotection#bluetrait_event_viewer_url()","bruteforce#brute_force()","wpitem#changelog_url()","wpoptions::check_options()","exploit#choose_session()","cachefilestore#clean()","wpscanoptions::clean_option()","object#colorize()","wpconfigbackup#config_backup()","wpconfigbackup::config_backup_files()","wptarget#debug_log_url()","wpitem#directory_listing?()","wpenumerator::enumerate()","wpscanoptions#enumerate_all_plugins=()","wpscanoptions#enumerate_all_themes=()","wpscanoptions#enumerate_only_vulnerable_plugins=()","wpscanoptions#enumerate_only_vulnerable_themes=()","wpscanoptions#enumerate_options_from_string()","wpscanoptions#enumerate_plugins=()","wpscanoptions#enumerate_themes=()","wpuser#eql?()","website#error_404_hash()","wpplugin#error_log?()","wpplugin#error_log_url()","uri::escape()","exploit#exploit()","rpcclient#exploit()","exploit#exploit_info()","wpitem#extract_name_from_url()","wpusernames#extract_nickname_from_body()","wptheme::find()","wpversion::find()","wpversion::find_from_advanced_fingerprinting()","wpversion::find_from_atom_generator()","wptheme::find_from_css_link()","wpversion::find_from_links_opml()","wpversion::find_from_meta_generator()","wpversion::find_from_rdf_generator()","wpversion::find_from_readme()","wpversion::find_from_rss_generator()","wpversion::find_from_sitemap_generator()","wptheme::find_from_wooframework()","browser#forge_request()","wpfullpathdisclosure#full_path_disclosure_url()","generate_list#generate_full_list()","wpenumerator::generate_items()","generate_list#generate_popular_list()","browser#get()","cachefilestore#get_entry_file_path()","object#get_equal_string_end()","rpcclient#get_exploit_info()","wpitem#get_full_url()","wpusernames#get_nickname_from_response()","wpusernames#get_nickname_from_url()","wpscanoptions::get_opt_long()","rpcclient#get_options()","rpcclient#get_payloads()","generate_list#get_popular_items()","wpitem#get_sub_folder()","updaterfactory::get_updater()","wpitem#get_url_without_filename()","object#green()","array#grep()","website#has_basic_auth?()","wploginprotection#has_better_wp_security_protection?()","wploginprotection#has_bluetrait_event_viewer_protection?()","wpitem#has_changelog?()","wptarget#has_debug_log?()","wpfullpathdisclosure#has_full_path_disclosure?()","wploginprotection#has_limit_login_attempts_protection?()","wploginprotection#has_login_lock_protection?()","wploginprotection#has_login_lockdown_protection?()","wploginprotection#has_login_protection?()","wploginprotection#has_login_security_solution_protection?()","malwares#has_malwares?()","wpscanoptions#has_options?()","wpitem#has_readme?()","wpreadme#has_readme?()","wploginprotection#has_simple_login_lockdown_protection?()","wptimthumbs#has_timthumbs?()","website#has_xml_rpc?()","object#help()","website#homepage_hash()","wpuser#id()","wpuser#id=()","browser::instance()","gitupdater#is_installed?()","svnupdater#is_installed?()","updater#is_installed?()","wpscanoptions::is_long_option?()","wptarget#is_multisite?()","exploit#job_id()","rpcclient#jobs()","exploit#kill_session()","rpcclient#kill_session()","exploit#last_session_id()","wploginprotection#limit_login_attempts_url()","bruteforce::lines_in_file()","browser#load_config()","wpscanoptions::load_from_arguments()","gitupdater#local_revision_number()","svnupdater#local_revision_number()","updater#local_revision_number()","rpcclient#login()","wploginprotection#login_protection_plugin()","wploginprotection#login_security_solution_url()","wptarget#login_url()","malwares::malware_pattern()","malwares#malwares()","malwares::malwares_file()","browser#max_threads=()","browser#merge_request_params()","exploit#meterpreter_read()","rpcclient#meterpreter_read()","exploit#meterpreter_write()","rpcclient#meterpreter_write()","wpuser#name()","wpuser#name=()","cachefilestore::new()","exploit::new()","generate_list::new()","rpcclient::new()","svn_parser::new()","updater::new()","wpitem::new()","wpplugin::new()","wptarget::new()","wptheme::new()","wpuser::new()","wpversion::new()","wpvulnerability::new()","wpscanoptions::new()","wpuser#nickname()","wpuser#nickname=()","website#online?()","wpscanoptions::option_to_instance_variable_setter()","website::page_hash()","svn_parser#parse()","wpdetector::passive_detection()","wpplugins#plugins_from_aggressive_detection()","wpplugins#plugins_from_passive_detection()","browser#post()","wpscanoptions#proxy=()","browser#proxy_auth=()","wpscanoptions#proxy_auth=()","browser#raise_invalid_proxy_format()","updater#raise_must_be_implemented()","cachefilestore#read_entry()","exploit#read_shell()","rpcclient#read_shell()","wpitem#readme_url()","wpreadme#readme_url()","object#red()","website#redirection()","wptarget#registration_enabled?()","wptarget#registration_url()","wpusernames#remove_junk_from_nickname()","gitupdater#repo_directory_arguments()","object#require_files_from_directory()","browser::reset()","website#rss_url()","generate_list#save()","wptarget#search_replace_db_2_exists?()","wptarget#search_replace_db_2_url()","exploit#session_count()","exploit#sessions()","rpcclient#sessions()","generate_list#set_file_name()","wpscanoptions#set_option_from_cli()","wploginprotection#simple_login_lockdown_url()","exploit#start()","wptimthumbs#targets_url_from_theme()","wptarget#theme()","wpthemes#themes_from_aggressive_detection()","wpthemes#themes_from_passive_detection()","wpscanoptions#threads=()","wptimthumbs#timthumbs()","wpscanoptions#to_h()","wpitem#to_s()","gitupdater#update()","svnupdater#update()","updater#update()","wptarget#url()","wpscanoptions#url=()","object#usage()","browser#user_agent()","browser#user_agent_mode=()","wpusernames#usernames()","wptarget::valid_response_codes()","wpitem#version()","wptarget#version()","wpversion::version_pattern()","vulnerable#vulnerabilities()","wpscanoptions#wordlist=()","website#wordpress?()","wptarget#wp_content_dir()","wptarget#wp_plugins_dir()","wptarget#wp_plugins_dir_exists?()","cachefilestore#write_entry()","exploit#write_shell()","rpcclient#write_shell()","website#xml_rpc_url()","","",""],"info":[["Array","","Array.html","",""],["Browser","","Browser.html","",""],["BruteForce","","BruteForce.html","",""],["CacheFileStore","","CacheFileStore.html","",""],["Exploit","","Exploit.html","","This library should contain all methods for exploitation.\n"],["Generate_List","","Generate_List.html","","
This tool generates a list to use for plugin and theme enumeration\n"],["GitUpdater","","GitUpdater.html","",""],["Malwares","","Malwares.html","",""],["Object","","Object.html","",""],["RpcClient","","RpcClient.html","","
This library should contain all methods to communicate with msfrpc. See\nframework/documentation/msfrpc.txt …\n"],["SvnUpdater","","SvnUpdater.html","",""],["Svn_Parser","","Svn_Parser.html","","
This Class Parses SVN Repositories via HTTP\n"],["URI","","URI.html","",""],["Updater","","Updater.html","","
This class act as an absract one\n"],["UpdaterFactory","","UpdaterFactory.html","",""],["Vulnerable","","Vulnerable.html","",""],["WebSite","","WebSite.html","",""],["WpConfigBackup","","WpConfigBackup.html","",""],["WpDetector","","WpDetector.html","",""],["WpEnumerator","","WpEnumerator.html","","
Enumerate over a given set of items and check if they exist\n"],["WpFullPathDisclosure","","WpFullPathDisclosure.html","",""],["WpItem","","WpItem.html","",""],["WpLoginProtection","","WpLoginProtection.html","",""],["WpOptions","","WpOptions.html","","
Options Hash\n
Options\n
url- The base URL of the WordPress site\n"],["WpPlugin","","WpPlugin.html","",""],["WpPlugins","","WpPlugins.html","",""],["WpReadme","","WpReadme.html","",""],["WpTarget","","WpTarget.html","",""],["WpTheme","","WpTheme.html","",""],["WpThemes","","WpThemes.html","",""],["WpTimthumbs","","WpTimthumbs.html","",""],["WpUser","","WpUser.html","",""],["WpUsernames","","WpUsernames.html","",""],["WpVersion","","WpVersion.html","",""],["WpVulnerability","","WpVulnerability.html","",""],["WpscanOptions","","WpscanOptions.html","",""],["<=>","WpItem","WpItem.html#method-i-3C-3D-3E","(other)","Compare\n"],["<=>","WpUser","WpUser.html#method-i-3C-3D-3E","(item)",""],["==","WpItem","WpItem.html#method-i-3D-3D","(other)","
Compare\n"],["===","WpItem","WpItem.html#method-i-3D-3D-3D","(other)","
Compare\n"],["===","WpTheme","WpTheme.html#method-i-3D-3D-3D","(wp_theme)",""],["===","WpUser","WpUser.html#method-i-3D-3D-3D","(item)",""],["_grep_","Array","Array.html#method-i-_grep_","(regexp)","
Fix for grep with symbols in ruby <= 1.8.7\n"],["add_http_protocol","Object","Object.html#method-i-add_http_protocol","(url)","
Add protocol\n"],["add_trailing_slash","Object","Object.html#method-i-add_trailing_slash","(url)",""],["aggressive_detection","WpDetector","WpDetector.html#method-c-aggressive_detection","(options, items = [])",""],["authenticate","RpcClient","RpcClient.html#method-i-authenticate","()","
check authentication\n"],["author_url","WpUsernames","WpUsernames.html#method-i-author_url","(author_id)",""],["available_updaters_classes","UpdaterFactory","UpdaterFactory.html#method-c-available_updaters_classes","()","
return array of class symbols\n"],["banner","Object","Object.html#method-i-banner","()","
our 1337 banner\n"],["basic_auth=","WpscanOptions","WpscanOptions.html#method-i-basic_auth-3D","(basic_auth)",""],["better_wp_security_url","WpLoginProtection","WpLoginProtection.html#method-i-better_wp_security_url","()",""],["bluetrait_event_viewer_url","WpLoginProtection","WpLoginProtection.html#method-i-bluetrait_event_viewer_url","()",""],["brute_force","BruteForce","BruteForce.html#method-i-brute_force","(logins, wordlist_path, options = {})","
param array of string logins param string wordlist_path param hash options\n\n
boolean :show_progression If ...\n"],["changelog_url","WpItem","WpItem.html#method-i-changelog_url","()","Url for changelog.txt\n"],["check_options","WpOptions","WpOptions.html#method-c-check_options","(options)",""],["choose_session","Exploit","Exploit.html#method-i-choose_session","()","
if there is more than 1 session, allow the user to choose one.\n"],["clean","CacheFileStore","CacheFileStore.html#method-i-clean","()",""],["clean_option","WpscanOptions","WpscanOptions.html#method-c-clean_option","(option)","
Will removed the ‘-’ or ‘–’ chars at the beginning of option and replace\nany remaining ‘-’ by ‘_’\n
param …\n"],["colorize","Object","Object.html#method-i-colorize","(text, color_code)",""],["config_backup","WpConfigBackup","WpConfigBackup.html#method-i-config_backup","()","
Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/\nreturn an array of backup config …\n"],["config_backup_files","WpConfigBackup","WpConfigBackup.html#method-c-config_backup_files","()","
@return Array\n"],["debug_log_url","WpTarget","WpTarget.html#method-i-debug_log_url","()",""],["directory_listing?","WpItem","WpItem.html#method-i-directory_listing-3F","()","
Is directory listing enabled?\n"],["enumerate","WpEnumerator","WpEnumerator.html#method-c-enumerate","(options = {}, items = nil)","
Enumerate the given Targets\n
Attributes\n
targets- targets to enumerate\n"],["enumerate_all_plugins=","WpscanOptions","WpscanOptions.html#method-i-enumerate_all_plugins-3D","(enumerate_all_plugins)",""],["enumerate_all_themes=","WpscanOptions","WpscanOptions.html#method-i-enumerate_all_themes-3D","(enumerate_all_themes)",""],["enumerate_only_vulnerable_plugins=","WpscanOptions","WpscanOptions.html#method-i-enumerate_only_vulnerable_plugins-3D","(enumerate_only_vulnerable_plugins)",""],["enumerate_only_vulnerable_themes=","WpscanOptions","WpscanOptions.html#method-i-enumerate_only_vulnerable_themes-3D","(enumerate_only_vulnerable_themes)",""],["enumerate_options_from_string","WpscanOptions","WpscanOptions.html#method-i-enumerate_options_from_string","(value)","Will set enumerate_* from the string value IE : if value = vp =>\n:enumerate_only_vulnerable_plugins …\n"],["enumerate_plugins=","WpscanOptions","WpscanOptions.html#method-i-enumerate_plugins-3D","(enumerate_plugins)",""],["enumerate_themes=","WpscanOptions","WpscanOptions.html#method-i-enumerate_themes-3D","(enumerate_themes)",""],["eql?","WpUser","WpUser.html#method-i-eql-3F","(item)",""],["error_404_hash","WebSite","WebSite.html#method-i-error_404_hash","()","
Return the MD5 hash of a 404 page\n"],["error_log?","WpPlugin","WpPlugin.html#method-i-error_log-3F","()","
Discover any error_log files created by WordPress These are created by the\nWordPress error_log() function …\n"],["error_log_url","WpPlugin","WpPlugin.html#method-i-error_log_url","()",""],["escape","URI","URI.html#method-c-escape","(str)",""],["exploit","Exploit","Exploit.html#method-i-exploit","(msf_module, payload)","
exploit\n"],["exploit","RpcClient","RpcClient.html#method-i-exploit","(name, opts)","
execute exploit\n"],["exploit_info","Exploit","Exploit.html#method-i-exploit_info","(msf_module,payload)","
output our exploit data\n"],["extract_name_from_url","WpItem","WpItem.html#method-i-extract_name_from_url","()","
Extract item name from a url\n"],["extract_nickname_from_body","WpUsernames","WpUsernames.html#method-i-extract_nickname_from_body","(body)",""],["find","WpTheme","WpTheme.html#method-c-find","(target_uri)",""],["find","WpVersion","WpVersion.html#method-c-find","(target_uri, wp_content_dir)","
Will use all method self.find_from_* to try to detect the version Once the\nversion is found, it will …\n"],["find_from_advanced_fingerprinting","WpVersion","WpVersion.html#method-c-find_from_advanced_fingerprinting","(options)","
Uses data/wp_versions.xml to try to identify a wordpress version.\n
It does this by using client side file …\n"],["find_from_atom_generator","WpVersion","WpVersion.html#method-c-find_from_atom_generator","(options)","
Attempts to find the WordPress version from, the generator tag in the Atom\nsource.\n"],["find_from_css_link","WpTheme","WpTheme.html#method-c-find_from_css_link","(target_uri)","
Discover the wordpress theme name by parsing the css link rel\n"],["find_from_links_opml","WpVersion","WpVersion.html#method-c-find_from_links_opml","(options)","
Attempts to find the WordPress version from the p-links-opml.php file.\n"],["find_from_meta_generator","WpVersion","WpVersion.html#method-c-find_from_meta_generator","(options)","
Attempts to find the wordpress version from, the generator meta tag in the\nhtml source.\n
The meta tag can …\n"],["find_from_rdf_generator","WpVersion","WpVersion.html#method-c-find_from_rdf_generator","(options)","
Attempts to find WordPress version from, the generator tag in the RDF feed\nsource.\n"],["find_from_readme","WpVersion","WpVersion.html#method-c-find_from_readme","(options)","
Attempts to find the WordPress version from the readme.html file.\n"],["find_from_rss_generator","WpVersion","WpVersion.html#method-c-find_from_rss_generator","(options)","
Attempts to find the WordPress version from, the generator tag in the RSS\nfeed source.\n"],["find_from_sitemap_generator","WpVersion","WpVersion.html#method-c-find_from_sitemap_generator","(options)","
Attempts to find the WordPress version from the sitemap.xml file.\n
See: code.google.com/p/wpscan/issues/detail?id=109 …\n"],["find_from_wooframework","WpTheme","WpTheme.html#method-c-find_from_wooframework","(target_uri)","
code.google.com/p/wpscan/issues/detail?id=141\n"],["forge_request","Browser","Browser.html#method-i-forge_request","(url, params = {})",""],["full_path_disclosure_url","WpFullPathDisclosure","WpFullPathDisclosure.html#method-i-full_path_disclosure_url","()",""],["generate_full_list","Generate_List","Generate_List.html#method-i-generate_full_list","()",""],["generate_items","WpEnumerator","WpEnumerator.html#method-c-generate_items","(options = {})",""],["generate_popular_list","Generate_List","Generate_List.html#method-i-generate_popular_list","(pages)",""],["get","Browser","Browser.html#method-i-get","(url, params = {})",""],["get_entry_file_path","CacheFileStore","CacheFileStore.html#method-i-get_entry_file_path","(key)",""],["get_equal_string_end","Object","Object.html#method-i-get_equal_string_end","(stringarray = [\"\"])","
Gets the string all elements in stringarray ends with\n"],["get_exploit_info","RpcClient","RpcClient.html#method-i-get_exploit_info","(name)","
retrieve information about the exploit\n"],["get_full_url","WpItem","WpItem.html#method-i-get_full_url","()","
Get the full url for this item\n"],["get_nickname_from_response","WpUsernames","WpUsernames.html#method-i-get_nickname_from_response","(resp)",""],["get_nickname_from_url","WpUsernames","WpUsernames.html#method-i-get_nickname_from_url","(url)",""],["get_opt_long","WpscanOptions","WpscanOptions.html#method-c-get_opt_long","()","
Even if a short option is given (IE : -u), the long one will be returned\n(IE : –url)\n"],["get_options","RpcClient","RpcClient.html#method-i-get_options","(name)","
retrieve exploit options\n"],["get_payloads","RpcClient","RpcClient.html#method-i-get_payloads","(name)","
retrieve the exploit payloads\n"],["get_popular_items","Generate_List","Generate_List.html#method-i-get_popular_items","(pages)","
Send a HTTP request to the WordPress most popular theme or plugin webpage\nparse the response for the …\n"],["get_sub_folder","WpItem","WpItem.html#method-i-get_sub_folder","()",""],["get_updater","UpdaterFactory","UpdaterFactory.html#method-c-get_updater","(repo_directory)",""],["get_url_without_filename","WpItem","WpItem.html#method-i-get_url_without_filename","()","
Gets the full url for this item without filenames\n"],["green","Object","Object.html#method-i-green","(text)",""],["grep","Array","Array.html#method-i-grep","(regexp)",""],["has_basic_auth?","WebSite","WebSite.html#method-i-has_basic_auth-3F","()",""],["has_better_wp_security_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_better_wp_security_protection-3F","()","
wordpress.org/extend/plugins/better-wp-security/\n"],["has_bluetrait_event_viewer_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_bluetrait_event_viewer_protection-3F","()","
wordpress.org/extend/plugins/bluetrait-event-viewer/\n"],["has_changelog?","WpItem","WpItem.html#method-i-has_changelog-3F","()","
changelog.txt present?\n"],["has_debug_log?","WpTarget","WpTarget.html#method-i-has_debug_log-3F","()",""],["has_full_path_disclosure?","WpFullPathDisclosure","WpFullPathDisclosure.html#method-i-has_full_path_disclosure-3F","()","
Check for Full Path Disclosure (FPD)\n"],["has_limit_login_attempts_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_limit_login_attempts_protection-3F","()","
wordpress.org/extend/plugins/limit-login-attempts/\n"],["has_login_lock_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_lock_protection-3F","()","
wordpress.org/extend/plugins/login-lock/\n"],["has_login_lockdown_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_lockdown_protection-3F","()","
Thanks to Alip Aswalid for providing this method.\nwordpress.org/extend/plugins/login-lockdown/\n"],["has_login_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_protection-3F","()",""],["has_login_security_solution_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_security_solution_protection-3F","()","
wordpress.org/extend/plugins/login-security-solution/\n"],["has_malwares?","Malwares","Malwares.html#method-i-has_malwares-3F","(malwares_file_path = nil)",""],["has_options?","WpscanOptions","WpscanOptions.html#method-i-has_options-3F","()",""],["has_readme?","WpItem","WpItem.html#method-i-has_readme-3F","()","
readme.txt present?\n"],["has_readme?","WpReadme","WpReadme.html#method-i-has_readme-3F","()","
Checks to see if the readme.html file exists\n
This file comes by default in a wordpress installation, and …\n"],["has_simple_login_lockdown_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_simple_login_lockdown_protection-3F","()","
wordpress.org/extend/plugins/simple-login-lockdown/\n"],["has_timthumbs?","WpTimthumbs","WpTimthumbs.html#method-i-has_timthumbs-3F","(theme_name, options = {})",""],["has_xml_rpc?","WebSite","WebSite.html#method-i-has_xml_rpc-3F","()",""],["help","Object","Object.html#method-i-help","()","
command help\n"],["homepage_hash","WebSite","WebSite.html#method-i-homepage_hash","()",""],["id","WpUser","WpUser.html#method-i-id","()",""],["id=","WpUser","WpUser.html#method-i-id-3D","(new_id)",""],["instance","Browser","Browser.html#method-c-instance","(options = {})",""],["is_installed?","GitUpdater","GitUpdater.html#method-i-is_installed-3F","()",""],["is_installed?","SvnUpdater","SvnUpdater.html#method-i-is_installed-3F","()",""],["is_installed?","Updater","Updater.html#method-i-is_installed-3F","()",""],["is_long_option?","WpscanOptions","WpscanOptions.html#method-c-is_long_option-3F","(option)",""],["is_multisite?","WpTarget","WpTarget.html#method-i-is_multisite-3F","()",""],["job_id","Exploit","Exploit.html#method-i-job_id","()","
not sure if this is needed?! not used.\n"],["jobs","RpcClient","RpcClient.html#method-i-jobs","()","
list msf jobs\n"],["kill_session","Exploit","Exploit.html#method-i-kill_session","(id)","
kill a session by session id\n"],["kill_session","RpcClient","RpcClient.html#method-i-kill_session","(id)","
kill msf session\n"],["last_session_id","Exploit","Exploit.html#method-i-last_session_id","()","
the last active session id created\n"],["limit_login_attempts_url","WpLoginProtection","WpLoginProtection.html#method-i-limit_login_attempts_url","()",""],["lines_in_file","BruteForce","BruteForce.html#method-c-lines_in_file","(file_path)","
Counts the number of lines in the wordlist It can take a couple of minutes\non large wordlists, although …\n"],["load_config","Browser","Browser.html#method-i-load_config","(config_file = nil)","
TODO reload hydra (if the .load_config is called on a browser object, hydra\nwill not have the new @max_threads …\n"],["load_from_arguments","WpscanOptions","WpscanOptions.html#method-c-load_from_arguments","()","
Will load the options from ARGV return WpscanOptions\n"],["local_revision_number","GitUpdater","GitUpdater.html#method-i-local_revision_number","()","
Git has not a revsion number like SVN, so we will take the 7 first chars of\nthe last commit hash\n"],["local_revision_number","SvnUpdater","SvnUpdater.html#method-i-local_revision_number","()",""],["local_revision_number","Updater","Updater.html#method-i-local_revision_number","()",""],["login","RpcClient","RpcClient.html#method-i-login","()","
login to msfrpcd\n"],["login_protection_plugin","WpLoginProtection","WpLoginProtection.html#method-i-login_protection_plugin","()","
Checks if a login protection plugin is enabled\ncode.google.com/p/wpscan/issues/detail?id=111 return a …\n"],["login_security_solution_url","WpLoginProtection","WpLoginProtection.html#method-i-login_security_solution_url","()",""],["login_url","WpTarget","WpTarget.html#method-i-login_url","()",""],["malware_pattern","Malwares","Malwares.html#method-c-malware_pattern","(url_regex)",""],["malwares","Malwares","Malwares.html#method-i-malwares","(malwares_file_path = nil)","
return array of string (url of malwares found)\n"],["malwares_file","Malwares","Malwares.html#method-c-malwares_file","(malwares_file_path)",""],["max_threads=","Browser","Browser.html#method-i-max_threads-3D","(max_threads)",""],["merge_request_params","Browser","Browser.html#method-i-merge_request_params","(params = {})",""],["meterpreter_read","Exploit","Exploit.html#method-i-meterpreter_read","(id)","
read data from a meterpreter session data must be base64 decoded.\n"],["meterpreter_read","RpcClient","RpcClient.html#method-i-meterpreter_read","(id)",""],["meterpreter_write","Exploit","Exploit.html#method-i-meterpreter_write","(id, data)","
write data to a meterpreter session data must be base64 encoded.\n"],["meterpreter_write","RpcClient","RpcClient.html#method-i-meterpreter_write","(id, data)",""],["name","WpUser","WpUser.html#method-i-name","()",""],["name=","WpUser","WpUser.html#method-i-name-3D","(new_name)",""],["new","CacheFileStore","CacheFileStore.html#method-c-new","(storage_path, serializer = Marshal)","
The serializer must have the 2 methods .load and .dump (Marshal and YAML\nhave them) YAML is Human Readable …\n"],["new","Exploit","Exploit.html#method-c-new","(wp_url, type, uri, postdata, use_proxy, proxy_addr, proxy_port)",""],["new","Generate_List","Generate_List.html#method-c-new","(type, verbose)","
type = themes | plugins\n"],["new","RpcClient","RpcClient.html#method-c-new","()",""],["new","Svn_Parser","Svn_Parser.html#method-c-new","(svn_root, verbose, keep_empty_dirs = false)",""],["new","Updater","Updater.html#method-c-new","(repo_directory = nil)","
TODO : add a last ‘/ to repo_directory if it’s not present\n"],["new","WpItem","WpItem.html#method-c-new","(options)",""],["new","WpPlugin","WpPlugin.html#method-c-new","(options = {})",""],["new","WpTarget","WpTarget.html#method-c-new","(target_url, options = {})",""],["new","WpTheme","WpTheme.html#method-c-new","(options = {})",""],["new","WpUser","WpUser.html#method-c-new","(name, id, nickname)",""],["new","WpVersion","WpVersion.html#method-c-new","(number, options = {})",""],["new","WpVulnerability","WpVulnerability.html#method-c-new","(title, references, type)",""],["new","WpscanOptions","WpscanOptions.html#method-c-new","()",""],["nickname","WpUser","WpUser.html#method-i-nickname","()",""],["nickname=","WpUser","WpUser.html#method-i-nickname-3D","(new_nickname)",""],["online?","WebSite","WebSite.html#method-i-online-3F","()","
Checks if the remote website is up.\n"],["option_to_instance_variable_setter","WpscanOptions","WpscanOptions.html#method-c-option_to_instance_variable_setter","(option)",""],["page_hash","WebSite","WebSite.html#method-c-page_hash","(url)","
Return the MD5 hash of the page given by url\n"],["parse","Svn_Parser","Svn_Parser.html#method-i-parse","(dirs=nil)",""],["passive_detection","WpDetector","WpDetector.html#method-c-passive_detection","(url, type, wp_content_dir)","
plugins and themes can be found in the source code :\n\n
<script src='http://example.com/wp-content/plugins/s2member/...' ...\n"],["plugins_from_aggressive_detection","WpPlugins","WpPlugins.html#method-i-plugins_from_aggressive_detection","(options)","Enumerate installed plugins.\n
return array of WpPlugin\n"],["plugins_from_passive_detection","WpPlugins","WpPlugins.html#method-i-plugins_from_passive_detection","(options)","
code.google.com/p/wpscan/issues/detail?id=42 plugins can be found in the\nsource code :\n\n
<script src='http://example.com/wp-content/plugins/s2member/...' ...\n"],["post","Browser","Browser.html#method-i-post","(url, params = {})",""],["proxy=","WpscanOptions","WpscanOptions.html#method-i-proxy-3D","(proxy)",""],["proxy_auth=","Browser","Browser.html#method-i-proxy_auth-3D","(auth)",""],["proxy_auth=","WpscanOptions","WpscanOptions.html#method-i-proxy_auth-3D","(auth)",""],["raise_invalid_proxy_format","Browser","Browser.html#method-i-raise_invalid_proxy_format","()",""],["raise_must_be_implemented","Updater","Updater.html#method-i-raise_must_be_implemented","()",""],["read_entry","CacheFileStore","CacheFileStore.html#method-i-read_entry","(key)",""],["read_shell","Exploit","Exploit.html#method-i-read_shell","(id)","read data from a shell, meterpreter is not classed as a shell.\n"],["read_shell","RpcClient","RpcClient.html#method-i-read_shell","(id)","
reads any pending output from session\n"],["readme_url","WpItem","WpItem.html#method-i-readme_url","()","
Url for readme.txt\n"],["readme_url","WpReadme","WpReadme.html#method-i-readme_url","()",""],["red","Object","Object.html#method-i-red","(text)",""],["redirection","WebSite","WebSite.html#method-i-redirection","(url = nil)","
see if the remote url returns 30x redirect return a string with the\nredirection or nil\n"],["registration_enabled?","WpTarget","WpTarget.html#method-i-registration_enabled-3F","()","
Should check wp-login.php if registration is enabled or not\n"],["registration_url","WpTarget","WpTarget.html#method-i-registration_url","()",""],["remove_junk_from_nickname","WpUsernames","WpUsernames.html#method-i-remove_junk_from_nickname","(usernames)",""],["repo_directory_arguments","GitUpdater","GitUpdater.html#method-i-repo_directory_arguments","()",""],["require_files_from_directory","Object","Object.html#method-i-require_files_from_directory","(absolute_dir_path, files_pattern = \"*.rb\")","
TODO : add an exclude pattern ?\n"],["reset","Browser","Browser.html#method-c-reset","()",""],["rss_url","WebSite","WebSite.html#method-i-rss_url","()","
Will try to find the rss url in the homepage Only the first one found iw\nreturned\n"],["save","Generate_List","Generate_List.html#method-i-save","(items)","
Save the file\n"],["search_replace_db_2_exists?","WpTarget","WpTarget.html#method-i-search_replace_db_2_exists-3F","()",""],["search_replace_db_2_url","WpTarget","WpTarget.html#method-i-search_replace_db_2_url","()","
Script for replacing strings in wordpress databases reveals databse\ncredentials after hitting submit …\n"],["session_count","Exploit","Exploit.html#method-i-session_count","()","
a count of the amount of active sessions\n"],["sessions","Exploit","Exploit.html#method-i-sessions","()","
all sessions and related session data\n"],["sessions","RpcClient","RpcClient.html#method-i-sessions","()","
list msf sessions\n"],["set_file_name","Generate_List","Generate_List.html#method-i-set_file_name","(type)",""],["set_option_from_cli","WpscanOptions","WpscanOptions.html#method-i-set_option_from_cli","(cli_option, cli_value)","
string cli_option : –url, -u, –proxy etc string cli_value : the option\nvalue\n"],["simple_login_lockdown_url","WpLoginProtection","WpLoginProtection.html#method-i-simple_login_lockdown_url","()",""],["start","Exploit","Exploit.html#method-i-start","()","
figure out what to exploit\n"],["targets_url_from_theme","WpTimthumbs","WpTimthumbs.html#method-i-targets_url_from_theme","(theme_name, options)",""],["theme","WpTarget","WpTarget.html#method-i-theme","()","
return WpTheme\n"],["themes_from_aggressive_detection","WpThemes","WpThemes.html#method-i-themes_from_aggressive_detection","(options)",""],["themes_from_passive_detection","WpThemes","WpThemes.html#method-i-themes_from_passive_detection","(options)",""],["threads=","WpscanOptions","WpscanOptions.html#method-i-threads-3D","(threads)",""],["timthumbs","WpTimthumbs","WpTimthumbs.html#method-i-timthumbs","(theme_name = nil, options = {})",""],["to_h","WpscanOptions","WpscanOptions.html#method-i-to_h","()","
return Hash\n"],["to_s","WpItem","WpItem.html#method-i-to_s","()","
To string. Adds a version number if detected\n"],["update","GitUpdater","GitUpdater.html#method-i-update","()",""],["update","SvnUpdater","SvnUpdater.html#method-i-update","()",""],["update","Updater","Updater.html#method-i-update","()",""],["url","WpTarget","WpTarget.html#method-i-url","()","
Alias of @uri.to_s\n"],["url=","WpscanOptions","WpscanOptions.html#method-i-url-3D","(url)",""],["usage","Object","Object.html#method-i-usage","()","
wpscan usage\n"],["user_agent","Browser","Browser.html#method-i-user_agent","()","
return the user agent, according to the user_agent_mode\n"],["user_agent_mode=","Browser","Browser.html#method-i-user_agent_mode-3D","(ua_mode)",""],["usernames","WpUsernames","WpUsernames.html#method-i-usernames","(options = {})","
Enumerate wordpress usernames by using Veronica Valeros’s technique:\nseclists.org/fulldisclosure/2011/May/493 …\n"],["valid_response_codes","WpTarget","WpTarget.html#method-c-valid_response_codes","()","
Valid HTTP return codes\n"],["version","WpItem","WpItem.html#method-i-version","()","
Returns version number from readme.txt if it exists\n"],["version","WpTarget","WpTarget.html#method-i-version","()","
return WpVersion\n"],["version_pattern","WpVersion","WpVersion.html#method-c-version_pattern","()","
Used to check if the version is correct: must contain at least one dot.\n"],["vulnerabilities","Vulnerable","Vulnerable.html#method-i-vulnerabilities","()","
@return an array of WpVulnerability (can be empty)\n"],["wordlist=","WpscanOptions","WpscanOptions.html#method-i-wordlist-3D","(wordlist)",""],["wordpress?","WebSite","WebSite.html#method-i-wordpress-3F","()","
check if the remote website is actually running wordpress.\n"],["wp_content_dir","WpTarget","WpTarget.html#method-i-wp_content_dir","()",""],["wp_plugins_dir","WpTarget","WpTarget.html#method-i-wp_plugins_dir","()",""],["wp_plugins_dir_exists?","WpTarget","WpTarget.html#method-i-wp_plugins_dir_exists-3F","()",""],["write_entry","CacheFileStore","CacheFileStore.html#method-i-write_entry","(key, data_to_store, cache_timeout)",""],["write_shell","Exploit","Exploit.html#method-i-write_shell","(id, data)","
write data to a shell, meterpreter is not classed as a shell.\n"],["write_shell","RpcClient","RpcClient.html#method-i-write_shell","(id, data)","
writes the specified input into the session\n"],["xml_rpc_url","WebSite","WebSite.html#method-i-xml_rpc_url","()",""],["CREDITS","","CREDITS.html","","
*CREDITS*\n
This file is to give credit to WPScan’s contributors. If you feel your name\nshould be in here, …\n"],["Gemfile","","Gemfile.html","","
source “rubygems.org”\n
gem “typhoeus”, “0.4.2” gem “nokogiri” gem …\n"],["README","","README.html","","
__\n\n
__ _______ _____\n\\ \\ / / __ \\ / ____|\n \\ \\ /\\ / /| |__) | (___ ___ __ _ _ __ ...\n"]]}} \ No newline at end of file +var search_data = {"index":{"searchIndex":["array","browser","bruteforce","cachefilestore","exploit","generate_list","gitupdater","malwares","object","rpcclient","svnupdater","svn_parser","uri","updater","updaterfactory","vulnerable","website","wpconfigbackup","wpdetector","wpenumerator","wpfullpathdisclosure","wpitem","wploginprotection","wpoptions","wpplugin","wpplugins","wpreadme","wptarget","wptheme","wpthemes","wptimthumbs","wpuser","wpusernames","wpversion","wpvulnerability","wpscanoptions","<=>()","<=>()","==()","===()","===()","===()","_grep_()","add_http_protocol()","add_trailing_slash()","aggressive_detection()","authenticate()","author_url()","available_updaters_classes()","banner()","basic_auth=()","better_wp_security_url()","bluetrait_event_viewer_url()","brute_force()","changelog_url()","check_options()","choose_session()","clean()","clean_option()","colorize()","config_backup()","config_backup_files()","debug_log_url()","directory_listing?()","enumerate()","enumerate_all_plugins=()","enumerate_all_themes=()","enumerate_only_vulnerable_plugins=()","enumerate_only_vulnerable_themes=()","enumerate_options_from_string()","enumerate_plugins=()","enumerate_themes=()","eql?()","error_404_hash()","error_log?()","error_log_url()","escape()","exploit()","exploit()","exploit_info()","extract_name_from_url()","extract_nickname_from_body()","find()","find()","find_from_advanced_fingerprinting()","find_from_atom_generator()","find_from_css_link()","find_from_links_opml()","find_from_meta_generator()","find_from_rdf_generator()","find_from_readme()","find_from_rss_generator()","find_from_sitemap_generator()","find_from_wooframework()","forge_request()","full_path_disclosure_url()","generate_full_list()","generate_items()","generate_popular_list()","get()","get_entry_file_path()","get_equal_string_end()","get_exploit_info()","get_full_url()","get_nickname_from_response()","get_nickname_from_url()","get_opt_long()","get_options()","get_payloads()","get_popular_items()","get_sub_folder()","get_updater()","get_url_without_filename()","green()","grep()","has_basic_auth?()","has_better_wp_security_protection?()","has_bluetrait_event_viewer_protection?()","has_changelog?()","has_debug_log?()","has_full_path_disclosure?()","has_limit_login_attempts_protection?()","has_login_lock_protection?()","has_login_lockdown_protection?()","has_login_protection?()","has_login_security_solution_protection?()","has_malwares?()","has_options?()","has_readme?()","has_readme?()","has_simple_login_lockdown_protection?()","has_timthumbs?()","has_xml_rpc?()","help()","homepage_hash()","id()","id=()","instance()","is_installed?()","is_installed?()","is_installed?()","is_long_option?()","is_multisite?()","job_id()","jobs()","kill_session()","kill_session()","last_session_id()","limit_login_attempts_url()","lines_in_file()","load_config()","load_from_arguments()","local_revision_number()","local_revision_number()","local_revision_number()","login()","login_protection_plugin()","login_security_solution_url()","login_url()","malware_pattern()","malwares()","malwares_file()","max_threads=()","merge_request_params()","meterpreter_read()","meterpreter_read()","meterpreter_write()","meterpreter_write()","name()","name=()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","nickname()","nickname=()","online?()","option_to_instance_variable_setter()","page_hash()","parse()","passive_detection()","plugins_from_aggressive_detection()","plugins_from_passive_detection()","post()","proxy=()","proxy_auth=()","proxy_auth=()","raise_invalid_proxy_format()","raise_must_be_implemented()","read_entry()","read_shell()","read_shell()","readme_url()","readme_url()","red()","redirection()","registration_enabled?()","registration_url()","remove_junk_from_nickname()","repo_directory_arguments()","require_files_from_directory()","reset()","rss_url()","save()","search_replace_db_2_exists?()","search_replace_db_2_url()","session_count()","sessions()","sessions()","set_file_name()","set_option_from_cli()","simple_login_lockdown_url()","start()","targets_url_from_theme()","theme()","themes_from_aggressive_detection()","themes_from_passive_detection()","threads=()","timthumbs()","to_h()","to_s()","update()","update()","update()","url()","url=()","usage()","user_agent()","user_agent_mode=()","usernames()","valid_response_codes()","version()","version()","version_pattern()","vulnerabilities()","wordlist=()","wordpress?()","wp_content_dir()","wp_org_url()","wp_plugins_dir()","wp_plugins_dir_exists?()","write_entry()","write_shell()","write_shell()","xml_rpc_url()","credits","gemfile","readme"],"longSearchIndex":["array","browser","bruteforce","cachefilestore","exploit","generate_list","gitupdater","malwares","object","rpcclient","svnupdater","svn_parser","uri","updater","updaterfactory","vulnerable","website","wpconfigbackup","wpdetector","wpenumerator","wpfullpathdisclosure","wpitem","wploginprotection","wpoptions","wpplugin","wpplugins","wpreadme","wptarget","wptheme","wpthemes","wptimthumbs","wpuser","wpusernames","wpversion","wpvulnerability","wpscanoptions","wpitem#<=>()","wpuser#<=>()","wpitem#==()","wpitem#===()","wptheme#===()","wpuser#===()","array#_grep_()","object#add_http_protocol()","object#add_trailing_slash()","wpdetector::aggressive_detection()","rpcclient#authenticate()","wpusernames#author_url()","updaterfactory::available_updaters_classes()","object#banner()","wpscanoptions#basic_auth=()","wploginprotection#better_wp_security_url()","wploginprotection#bluetrait_event_viewer_url()","bruteforce#brute_force()","wpitem#changelog_url()","wpoptions::check_options()","exploit#choose_session()","cachefilestore#clean()","wpscanoptions::clean_option()","object#colorize()","wpconfigbackup#config_backup()","wpconfigbackup::config_backup_files()","wptarget#debug_log_url()","wpitem#directory_listing?()","wpenumerator::enumerate()","wpscanoptions#enumerate_all_plugins=()","wpscanoptions#enumerate_all_themes=()","wpscanoptions#enumerate_only_vulnerable_plugins=()","wpscanoptions#enumerate_only_vulnerable_themes=()","wpscanoptions#enumerate_options_from_string()","wpscanoptions#enumerate_plugins=()","wpscanoptions#enumerate_themes=()","wpuser#eql?()","website#error_404_hash()","wpplugin#error_log?()","wpplugin#error_log_url()","uri::escape()","exploit#exploit()","rpcclient#exploit()","exploit#exploit_info()","wpitem#extract_name_from_url()","wpusernames#extract_nickname_from_body()","wptheme::find()","wpversion::find()","wpversion::find_from_advanced_fingerprinting()","wpversion::find_from_atom_generator()","wptheme::find_from_css_link()","wpversion::find_from_links_opml()","wpversion::find_from_meta_generator()","wpversion::find_from_rdf_generator()","wpversion::find_from_readme()","wpversion::find_from_rss_generator()","wpversion::find_from_sitemap_generator()","wptheme::find_from_wooframework()","browser#forge_request()","wpfullpathdisclosure#full_path_disclosure_url()","generate_list#generate_full_list()","wpenumerator::generate_items()","generate_list#generate_popular_list()","browser#get()","cachefilestore#get_entry_file_path()","object#get_equal_string_end()","rpcclient#get_exploit_info()","wpitem#get_full_url()","wpusernames#get_nickname_from_response()","wpusernames#get_nickname_from_url()","wpscanoptions::get_opt_long()","rpcclient#get_options()","rpcclient#get_payloads()","generate_list#get_popular_items()","wpitem#get_sub_folder()","updaterfactory::get_updater()","wpitem#get_url_without_filename()","object#green()","array#grep()","website#has_basic_auth?()","wploginprotection#has_better_wp_security_protection?()","wploginprotection#has_bluetrait_event_viewer_protection?()","wpitem#has_changelog?()","wptarget#has_debug_log?()","wpfullpathdisclosure#has_full_path_disclosure?()","wploginprotection#has_limit_login_attempts_protection?()","wploginprotection#has_login_lock_protection?()","wploginprotection#has_login_lockdown_protection?()","wploginprotection#has_login_protection?()","wploginprotection#has_login_security_solution_protection?()","malwares#has_malwares?()","wpscanoptions#has_options?()","wpitem#has_readme?()","wpreadme#has_readme?()","wploginprotection#has_simple_login_lockdown_protection?()","wptimthumbs#has_timthumbs?()","website#has_xml_rpc?()","object#help()","website#homepage_hash()","wpuser#id()","wpuser#id=()","browser::instance()","gitupdater#is_installed?()","svnupdater#is_installed?()","updater#is_installed?()","wpscanoptions::is_long_option?()","wptarget#is_multisite?()","exploit#job_id()","rpcclient#jobs()","exploit#kill_session()","rpcclient#kill_session()","exploit#last_session_id()","wploginprotection#limit_login_attempts_url()","bruteforce::lines_in_file()","browser#load_config()","wpscanoptions::load_from_arguments()","gitupdater#local_revision_number()","svnupdater#local_revision_number()","updater#local_revision_number()","rpcclient#login()","wploginprotection#login_protection_plugin()","wploginprotection#login_security_solution_url()","wptarget#login_url()","malwares::malware_pattern()","malwares#malwares()","malwares::malwares_file()","browser#max_threads=()","browser#merge_request_params()","exploit#meterpreter_read()","rpcclient#meterpreter_read()","exploit#meterpreter_write()","rpcclient#meterpreter_write()","wpuser#name()","wpuser#name=()","cachefilestore::new()","exploit::new()","generate_list::new()","rpcclient::new()","svn_parser::new()","updater::new()","wpitem::new()","wpplugin::new()","wptarget::new()","wptheme::new()","wpuser::new()","wpversion::new()","wpvulnerability::new()","wpscanoptions::new()","wpuser#nickname()","wpuser#nickname=()","website#online?()","wpscanoptions::option_to_instance_variable_setter()","website::page_hash()","svn_parser#parse()","wpdetector::passive_detection()","wpplugins#plugins_from_aggressive_detection()","wpplugins#plugins_from_passive_detection()","browser#post()","wpscanoptions#proxy=()","browser#proxy_auth=()","wpscanoptions#proxy_auth=()","browser#raise_invalid_proxy_format()","updater#raise_must_be_implemented()","cachefilestore#read_entry()","exploit#read_shell()","rpcclient#read_shell()","wpitem#readme_url()","wpreadme#readme_url()","object#red()","website#redirection()","wptarget#registration_enabled?()","wptarget#registration_url()","wpusernames#remove_junk_from_nickname()","gitupdater#repo_directory_arguments()","object#require_files_from_directory()","browser::reset()","website#rss_url()","generate_list#save()","wptarget#search_replace_db_2_exists?()","wptarget#search_replace_db_2_url()","exploit#session_count()","exploit#sessions()","rpcclient#sessions()","generate_list#set_file_name()","wpscanoptions#set_option_from_cli()","wploginprotection#simple_login_lockdown_url()","exploit#start()","wptimthumbs#targets_url_from_theme()","wptarget#theme()","wpthemes#themes_from_aggressive_detection()","wpthemes#themes_from_passive_detection()","wpscanoptions#threads=()","wptimthumbs#timthumbs()","wpscanoptions#to_h()","wpitem#to_s()","gitupdater#update()","svnupdater#update()","updater#update()","wptarget#url()","wpscanoptions#url=()","object#usage()","browser#user_agent()","browser#user_agent_mode=()","wpusernames#usernames()","wptarget::valid_response_codes()","wpitem#version()","wptarget#version()","wpversion::version_pattern()","vulnerable#vulnerabilities()","wpscanoptions#wordlist=()","website#wordpress?()","wptarget#wp_content_dir()","wpitem#wp_org_url()","wptarget#wp_plugins_dir()","wptarget#wp_plugins_dir_exists?()","cachefilestore#write_entry()","exploit#write_shell()","rpcclient#write_shell()","website#xml_rpc_url()","","",""],"info":[["Array","","Array.html","",""],["Browser","","Browser.html","",""],["BruteForce","","BruteForce.html","",""],["CacheFileStore","","CacheFileStore.html","",""],["Exploit","","Exploit.html","","This library should contain all methods for exploitation.\n"],["Generate_List","","Generate_List.html","","
This tool generates a list to use for plugin and theme enumeration\n"],["GitUpdater","","GitUpdater.html","",""],["Malwares","","Malwares.html","",""],["Object","","Object.html","",""],["RpcClient","","RpcClient.html","","
This library should contain all methods to communicate with msfrpc. See\nframework/documentation/msfrpc.txt …\n"],["SvnUpdater","","SvnUpdater.html","",""],["Svn_Parser","","Svn_Parser.html","","
This Class Parses SVN Repositories via HTTP\n"],["URI","","URI.html","",""],["Updater","","Updater.html","","
This class act as an absract one\n"],["UpdaterFactory","","UpdaterFactory.html","",""],["Vulnerable","","Vulnerable.html","",""],["WebSite","","WebSite.html","",""],["WpConfigBackup","","WpConfigBackup.html","",""],["WpDetector","","WpDetector.html","",""],["WpEnumerator","","WpEnumerator.html","","
Enumerate over a given set of items and check if they exist\n"],["WpFullPathDisclosure","","WpFullPathDisclosure.html","",""],["WpItem","","WpItem.html","",""],["WpLoginProtection","","WpLoginProtection.html","",""],["WpOptions","","WpOptions.html","","
Options Hash\n
Options\n
url- The base URL of the WordPress site\n"],["WpPlugin","","WpPlugin.html","",""],["WpPlugins","","WpPlugins.html","",""],["WpReadme","","WpReadme.html","",""],["WpTarget","","WpTarget.html","",""],["WpTheme","","WpTheme.html","",""],["WpThemes","","WpThemes.html","",""],["WpTimthumbs","","WpTimthumbs.html","",""],["WpUser","","WpUser.html","",""],["WpUsernames","","WpUsernames.html","",""],["WpVersion","","WpVersion.html","",""],["WpVulnerability","","WpVulnerability.html","",""],["WpscanOptions","","WpscanOptions.html","",""],["<=>","WpItem","WpItem.html#method-i-3C-3D-3E","(other)","Compare\n"],["<=>","WpUser","WpUser.html#method-i-3C-3D-3E","(item)",""],["==","WpItem","WpItem.html#method-i-3D-3D","(other)","
Compare\n"],["===","WpItem","WpItem.html#method-i-3D-3D-3D","(other)","
Compare\n"],["===","WpTheme","WpTheme.html#method-i-3D-3D-3D","(wp_theme)",""],["===","WpUser","WpUser.html#method-i-3D-3D-3D","(item)",""],["_grep_","Array","Array.html#method-i-_grep_","(regexp)","
Fix for grep with symbols in ruby <= 1.8.7\n"],["add_http_protocol","Object","Object.html#method-i-add_http_protocol","(url)","
Add protocol\n"],["add_trailing_slash","Object","Object.html#method-i-add_trailing_slash","(url)",""],["aggressive_detection","WpDetector","WpDetector.html#method-c-aggressive_detection","(options, items = [])",""],["authenticate","RpcClient","RpcClient.html#method-i-authenticate","()","
check authentication\n"],["author_url","WpUsernames","WpUsernames.html#method-i-author_url","(author_id)",""],["available_updaters_classes","UpdaterFactory","UpdaterFactory.html#method-c-available_updaters_classes","()","
return array of class symbols\n"],["banner","Object","Object.html#method-i-banner","()","
our 1337 banner\n"],["basic_auth=","WpscanOptions","WpscanOptions.html#method-i-basic_auth-3D","(basic_auth)",""],["better_wp_security_url","WpLoginProtection","WpLoginProtection.html#method-i-better_wp_security_url","()",""],["bluetrait_event_viewer_url","WpLoginProtection","WpLoginProtection.html#method-i-bluetrait_event_viewer_url","()",""],["brute_force","BruteForce","BruteForce.html#method-i-brute_force","(logins, wordlist_path, options = {})","
param array of string logins param string wordlist_path param hash options\n\n
boolean :show_progression If ...\n"],["changelog_url","WpItem","WpItem.html#method-i-changelog_url","()","Url for changelog.txt\n"],["check_options","WpOptions","WpOptions.html#method-c-check_options","(options)",""],["choose_session","Exploit","Exploit.html#method-i-choose_session","()","
if there is more than 1 session, allow the user to choose one.\n"],["clean","CacheFileStore","CacheFileStore.html#method-i-clean","()",""],["clean_option","WpscanOptions","WpscanOptions.html#method-c-clean_option","(option)","
Will removed the ‘-’ or ‘–’ chars at the beginning of option and replace\nany remaining ‘-’ by ‘_’\n
param …\n"],["colorize","Object","Object.html#method-i-colorize","(text, color_code)",""],["config_backup","WpConfigBackup","WpConfigBackup.html#method-i-config_backup","()","
Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/\nreturn an array of backup config …\n"],["config_backup_files","WpConfigBackup","WpConfigBackup.html#method-c-config_backup_files","()","
@return Array\n"],["debug_log_url","WpTarget","WpTarget.html#method-i-debug_log_url","()",""],["directory_listing?","WpItem","WpItem.html#method-i-directory_listing-3F","()","
Is directory listing enabled?\n"],["enumerate","WpEnumerator","WpEnumerator.html#method-c-enumerate","(options = {}, items = nil)","
Enumerate the given Targets\n
Attributes\n
targets- targets to enumerate\n"],["enumerate_all_plugins=","WpscanOptions","WpscanOptions.html#method-i-enumerate_all_plugins-3D","(enumerate_all_plugins)",""],["enumerate_all_themes=","WpscanOptions","WpscanOptions.html#method-i-enumerate_all_themes-3D","(enumerate_all_themes)",""],["enumerate_only_vulnerable_plugins=","WpscanOptions","WpscanOptions.html#method-i-enumerate_only_vulnerable_plugins-3D","(enumerate_only_vulnerable_plugins)",""],["enumerate_only_vulnerable_themes=","WpscanOptions","WpscanOptions.html#method-i-enumerate_only_vulnerable_themes-3D","(enumerate_only_vulnerable_themes)",""],["enumerate_options_from_string","WpscanOptions","WpscanOptions.html#method-i-enumerate_options_from_string","(value)","Will set enumerate_* from the string value IE : if value = vp =>\n:enumerate_only_vulnerable_plugins …\n"],["enumerate_plugins=","WpscanOptions","WpscanOptions.html#method-i-enumerate_plugins-3D","(enumerate_plugins)",""],["enumerate_themes=","WpscanOptions","WpscanOptions.html#method-i-enumerate_themes-3D","(enumerate_themes)",""],["eql?","WpUser","WpUser.html#method-i-eql-3F","(item)",""],["error_404_hash","WebSite","WebSite.html#method-i-error_404_hash","()","
Return the MD5 hash of a 404 page\n"],["error_log?","WpPlugin","WpPlugin.html#method-i-error_log-3F","()","
Discover any error_log files created by WordPress These are created by the\nWordPress error_log() function …\n"],["error_log_url","WpPlugin","WpPlugin.html#method-i-error_log_url","()",""],["escape","URI","URI.html#method-c-escape","(str)",""],["exploit","Exploit","Exploit.html#method-i-exploit","(msf_module, payload)","
exploit\n"],["exploit","RpcClient","RpcClient.html#method-i-exploit","(name, opts)","
execute exploit\n"],["exploit_info","Exploit","Exploit.html#method-i-exploit_info","(msf_module,payload)","
output our exploit data\n"],["extract_name_from_url","WpItem","WpItem.html#method-i-extract_name_from_url","()","
Extract item name from a url\n"],["extract_nickname_from_body","WpUsernames","WpUsernames.html#method-i-extract_nickname_from_body","(body)",""],["find","WpTheme","WpTheme.html#method-c-find","(target_uri)",""],["find","WpVersion","WpVersion.html#method-c-find","(target_uri, wp_content_dir)","
Will use all method self.find_from_* to try to detect the version Once the\nversion is found, it will …\n"],["find_from_advanced_fingerprinting","WpVersion","WpVersion.html#method-c-find_from_advanced_fingerprinting","(options)","
Uses data/wp_versions.xml to try to identify a wordpress version.\n
It does this by using client side file …\n"],["find_from_atom_generator","WpVersion","WpVersion.html#method-c-find_from_atom_generator","(options)","
Attempts to find the WordPress version from, the generator tag in the Atom\nsource.\n"],["find_from_css_link","WpTheme","WpTheme.html#method-c-find_from_css_link","(target_uri)","
Discover the wordpress theme name by parsing the css link rel\n"],["find_from_links_opml","WpVersion","WpVersion.html#method-c-find_from_links_opml","(options)","
Attempts to find the WordPress version from the p-links-opml.php file.\n"],["find_from_meta_generator","WpVersion","WpVersion.html#method-c-find_from_meta_generator","(options)","
Attempts to find the wordpress version from, the generator meta tag in the\nhtml source.\n
The meta tag can …\n"],["find_from_rdf_generator","WpVersion","WpVersion.html#method-c-find_from_rdf_generator","(options)","
Attempts to find WordPress version from, the generator tag in the RDF feed\nsource.\n"],["find_from_readme","WpVersion","WpVersion.html#method-c-find_from_readme","(options)","
Attempts to find the WordPress version from the readme.html file.\n"],["find_from_rss_generator","WpVersion","WpVersion.html#method-c-find_from_rss_generator","(options)","
Attempts to find the WordPress version from, the generator tag in the RSS\nfeed source.\n"],["find_from_sitemap_generator","WpVersion","WpVersion.html#method-c-find_from_sitemap_generator","(options)","
Attempts to find the WordPress version from the sitemap.xml file.\n
See: code.google.com/p/wpscan/issues/detail?id=109 …\n"],["find_from_wooframework","WpTheme","WpTheme.html#method-c-find_from_wooframework","(target_uri)","
code.google.com/p/wpscan/issues/detail?id=141\n"],["forge_request","Browser","Browser.html#method-i-forge_request","(url, params = {})",""],["full_path_disclosure_url","WpFullPathDisclosure","WpFullPathDisclosure.html#method-i-full_path_disclosure_url","()",""],["generate_full_list","Generate_List","Generate_List.html#method-i-generate_full_list","()",""],["generate_items","WpEnumerator","WpEnumerator.html#method-c-generate_items","(options = {})",""],["generate_popular_list","Generate_List","Generate_List.html#method-i-generate_popular_list","(pages)",""],["get","Browser","Browser.html#method-i-get","(url, params = {})",""],["get_entry_file_path","CacheFileStore","CacheFileStore.html#method-i-get_entry_file_path","(key)",""],["get_equal_string_end","Object","Object.html#method-i-get_equal_string_end","(stringarray = [\"\"])","
Gets the string all elements in stringarray ends with\n"],["get_exploit_info","RpcClient","RpcClient.html#method-i-get_exploit_info","(name)","
retrieve information about the exploit\n"],["get_full_url","WpItem","WpItem.html#method-i-get_full_url","()","
Get the full url for this item\n"],["get_nickname_from_response","WpUsernames","WpUsernames.html#method-i-get_nickname_from_response","(resp)",""],["get_nickname_from_url","WpUsernames","WpUsernames.html#method-i-get_nickname_from_url","(url)",""],["get_opt_long","WpscanOptions","WpscanOptions.html#method-c-get_opt_long","()","
Even if a short option is given (IE : -u), the long one will be returned\n(IE : –url)\n"],["get_options","RpcClient","RpcClient.html#method-i-get_options","(name)","
retrieve exploit options\n"],["get_payloads","RpcClient","RpcClient.html#method-i-get_payloads","(name)","
retrieve the exploit payloads\n"],["get_popular_items","Generate_List","Generate_List.html#method-i-get_popular_items","(pages)","
Send a HTTP request to the WordPress most popular theme or plugin webpage\nparse the response for the …\n"],["get_sub_folder","WpItem","WpItem.html#method-i-get_sub_folder","()",""],["get_updater","UpdaterFactory","UpdaterFactory.html#method-c-get_updater","(repo_directory)",""],["get_url_without_filename","WpItem","WpItem.html#method-i-get_url_without_filename","()","
Gets the full url for this item without filenames\n"],["green","Object","Object.html#method-i-green","(text)",""],["grep","Array","Array.html#method-i-grep","(regexp)",""],["has_basic_auth?","WebSite","WebSite.html#method-i-has_basic_auth-3F","()",""],["has_better_wp_security_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_better_wp_security_protection-3F","()","
wordpress.org/extend/plugins/better-wp-security/\n"],["has_bluetrait_event_viewer_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_bluetrait_event_viewer_protection-3F","()","
wordpress.org/extend/plugins/bluetrait-event-viewer/\n"],["has_changelog?","WpItem","WpItem.html#method-i-has_changelog-3F","()","
changelog.txt present?\n"],["has_debug_log?","WpTarget","WpTarget.html#method-i-has_debug_log-3F","()",""],["has_full_path_disclosure?","WpFullPathDisclosure","WpFullPathDisclosure.html#method-i-has_full_path_disclosure-3F","()","
Check for Full Path Disclosure (FPD)\n"],["has_limit_login_attempts_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_limit_login_attempts_protection-3F","()","
wordpress.org/extend/plugins/limit-login-attempts/\n"],["has_login_lock_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_lock_protection-3F","()","
wordpress.org/extend/plugins/login-lock/\n"],["has_login_lockdown_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_lockdown_protection-3F","()","
Thanks to Alip Aswalid for providing this method.\nwordpress.org/extend/plugins/login-lockdown/\n"],["has_login_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_protection-3F","()",""],["has_login_security_solution_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_security_solution_protection-3F","()","
wordpress.org/extend/plugins/login-security-solution/\n"],["has_malwares?","Malwares","Malwares.html#method-i-has_malwares-3F","(malwares_file_path = nil)",""],["has_options?","WpscanOptions","WpscanOptions.html#method-i-has_options-3F","()",""],["has_readme?","WpItem","WpItem.html#method-i-has_readme-3F","()","
readme.txt present?\n"],["has_readme?","WpReadme","WpReadme.html#method-i-has_readme-3F","()","
Checks to see if the readme.html file exists\n
This file comes by default in a wordpress installation, and …\n"],["has_simple_login_lockdown_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_simple_login_lockdown_protection-3F","()","
wordpress.org/extend/plugins/simple-login-lockdown/\n"],["has_timthumbs?","WpTimthumbs","WpTimthumbs.html#method-i-has_timthumbs-3F","(theme_name, options = {})",""],["has_xml_rpc?","WebSite","WebSite.html#method-i-has_xml_rpc-3F","()",""],["help","Object","Object.html#method-i-help","()","
command help\n"],["homepage_hash","WebSite","WebSite.html#method-i-homepage_hash","()",""],["id","WpUser","WpUser.html#method-i-id","()",""],["id=","WpUser","WpUser.html#method-i-id-3D","(new_id)",""],["instance","Browser","Browser.html#method-c-instance","(options = {})",""],["is_installed?","GitUpdater","GitUpdater.html#method-i-is_installed-3F","()",""],["is_installed?","SvnUpdater","SvnUpdater.html#method-i-is_installed-3F","()",""],["is_installed?","Updater","Updater.html#method-i-is_installed-3F","()",""],["is_long_option?","WpscanOptions","WpscanOptions.html#method-c-is_long_option-3F","(option)",""],["is_multisite?","WpTarget","WpTarget.html#method-i-is_multisite-3F","()",""],["job_id","Exploit","Exploit.html#method-i-job_id","()","
not sure if this is needed?! not used.\n"],["jobs","RpcClient","RpcClient.html#method-i-jobs","()","
list msf jobs\n"],["kill_session","Exploit","Exploit.html#method-i-kill_session","(id)","
kill a session by session id\n"],["kill_session","RpcClient","RpcClient.html#method-i-kill_session","(id)","
kill msf session\n"],["last_session_id","Exploit","Exploit.html#method-i-last_session_id","()","
the last active session id created\n"],["limit_login_attempts_url","WpLoginProtection","WpLoginProtection.html#method-i-limit_login_attempts_url","()",""],["lines_in_file","BruteForce","BruteForce.html#method-c-lines_in_file","(file_path)","
Counts the number of lines in the wordlist It can take a couple of minutes\non large wordlists, although …\n"],["load_config","Browser","Browser.html#method-i-load_config","(config_file = nil)","
TODO reload hydra (if the .load_config is called on a browser object, hydra\nwill not have the new @max_threads …\n"],["load_from_arguments","WpscanOptions","WpscanOptions.html#method-c-load_from_arguments","()","
Will load the options from ARGV return WpscanOptions\n"],["local_revision_number","GitUpdater","GitUpdater.html#method-i-local_revision_number","()","
Git has not a revsion number like SVN, so we will take the 7 first chars of\nthe last commit hash\n"],["local_revision_number","SvnUpdater","SvnUpdater.html#method-i-local_revision_number","()",""],["local_revision_number","Updater","Updater.html#method-i-local_revision_number","()",""],["login","RpcClient","RpcClient.html#method-i-login","()","
login to msfrpcd\n"],["login_protection_plugin","WpLoginProtection","WpLoginProtection.html#method-i-login_protection_plugin","()","
Checks if a login protection plugin is enabled\ncode.google.com/p/wpscan/issues/detail?id=111 return a …\n"],["login_security_solution_url","WpLoginProtection","WpLoginProtection.html#method-i-login_security_solution_url","()",""],["login_url","WpTarget","WpTarget.html#method-i-login_url","()",""],["malware_pattern","Malwares","Malwares.html#method-c-malware_pattern","(url_regex)",""],["malwares","Malwares","Malwares.html#method-i-malwares","(malwares_file_path = nil)","
return array of string (url of malwares found)\n"],["malwares_file","Malwares","Malwares.html#method-c-malwares_file","(malwares_file_path)",""],["max_threads=","Browser","Browser.html#method-i-max_threads-3D","(max_threads)",""],["merge_request_params","Browser","Browser.html#method-i-merge_request_params","(params = {})",""],["meterpreter_read","Exploit","Exploit.html#method-i-meterpreter_read","(id)","
read data from a meterpreter session data must be base64 decoded.\n"],["meterpreter_read","RpcClient","RpcClient.html#method-i-meterpreter_read","(id)",""],["meterpreter_write","Exploit","Exploit.html#method-i-meterpreter_write","(id, data)","
write data to a meterpreter session data must be base64 encoded.\n"],["meterpreter_write","RpcClient","RpcClient.html#method-i-meterpreter_write","(id, data)",""],["name","WpUser","WpUser.html#method-i-name","()",""],["name=","WpUser","WpUser.html#method-i-name-3D","(new_name)",""],["new","CacheFileStore","CacheFileStore.html#method-c-new","(storage_path, serializer = Marshal)","
The serializer must have the 2 methods .load and .dump (Marshal and YAML\nhave them) YAML is Human Readable …\n"],["new","Exploit","Exploit.html#method-c-new","(wp_url, type, uri, postdata, use_proxy, proxy_addr, proxy_port)",""],["new","Generate_List","Generate_List.html#method-c-new","(type, verbose)","
type = themes | plugins\n"],["new","RpcClient","RpcClient.html#method-c-new","()",""],["new","Svn_Parser","Svn_Parser.html#method-c-new","(svn_root, verbose, keep_empty_dirs = false)",""],["new","Updater","Updater.html#method-c-new","(repo_directory = nil)","
TODO : add a last ‘/ to repo_directory if it’s not present\n"],["new","WpItem","WpItem.html#method-c-new","(options)",""],["new","WpPlugin","WpPlugin.html#method-c-new","(options = {})",""],["new","WpTarget","WpTarget.html#method-c-new","(target_url, options = {})",""],["new","WpTheme","WpTheme.html#method-c-new","(options = {})",""],["new","WpUser","WpUser.html#method-c-new","(name, id, nickname)",""],["new","WpVersion","WpVersion.html#method-c-new","(number, options = {})",""],["new","WpVulnerability","WpVulnerability.html#method-c-new","(title, references, type)",""],["new","WpscanOptions","WpscanOptions.html#method-c-new","()",""],["nickname","WpUser","WpUser.html#method-i-nickname","()",""],["nickname=","WpUser","WpUser.html#method-i-nickname-3D","(new_nickname)",""],["online?","WebSite","WebSite.html#method-i-online-3F","()","
Checks if the remote website is up.\n"],["option_to_instance_variable_setter","WpscanOptions","WpscanOptions.html#method-c-option_to_instance_variable_setter","(option)",""],["page_hash","WebSite","WebSite.html#method-c-page_hash","(url)","
Return the MD5 hash of the page given by url\n"],["parse","Svn_Parser","Svn_Parser.html#method-i-parse","(dirs=nil)",""],["passive_detection","WpDetector","WpDetector.html#method-c-passive_detection","(url, type, wp_content_dir)","
plugins and themes can be found in the source code :\n\n
<script src='http://example.com/wp-content/plugins/s2member/...' ...\n"],["plugins_from_aggressive_detection","WpPlugins","WpPlugins.html#method-i-plugins_from_aggressive_detection","(options)","Enumerate installed plugins.\n
return array of WpPlugin\n"],["plugins_from_passive_detection","WpPlugins","WpPlugins.html#method-i-plugins_from_passive_detection","(options)","
code.google.com/p/wpscan/issues/detail?id=42 plugins can be found in the\nsource code :\n\n
<script src='http://example.com/wp-content/plugins/s2member/...' ...\n"],["post","Browser","Browser.html#method-i-post","(url, params = {})",""],["proxy=","WpscanOptions","WpscanOptions.html#method-i-proxy-3D","(proxy)",""],["proxy_auth=","Browser","Browser.html#method-i-proxy_auth-3D","(auth)",""],["proxy_auth=","WpscanOptions","WpscanOptions.html#method-i-proxy_auth-3D","(auth)",""],["raise_invalid_proxy_format","Browser","Browser.html#method-i-raise_invalid_proxy_format","()",""],["raise_must_be_implemented","Updater","Updater.html#method-i-raise_must_be_implemented","()",""],["read_entry","CacheFileStore","CacheFileStore.html#method-i-read_entry","(key)",""],["read_shell","Exploit","Exploit.html#method-i-read_shell","(id)","read data from a shell, meterpreter is not classed as a shell.\n"],["read_shell","RpcClient","RpcClient.html#method-i-read_shell","(id)","
reads any pending output from session\n"],["readme_url","WpItem","WpItem.html#method-i-readme_url","()","
Url for readme.txt\n"],["readme_url","WpReadme","WpReadme.html#method-i-readme_url","()",""],["red","Object","Object.html#method-i-red","(text)",""],["redirection","WebSite","WebSite.html#method-i-redirection","(url = nil)","
see if the remote url returns 30x redirect return a string with the\nredirection or nil\n"],["registration_enabled?","WpTarget","WpTarget.html#method-i-registration_enabled-3F","()","
Should check wp-login.php if registration is enabled or not\n"],["registration_url","WpTarget","WpTarget.html#method-i-registration_url","()",""],["remove_junk_from_nickname","WpUsernames","WpUsernames.html#method-i-remove_junk_from_nickname","(usernames)",""],["repo_directory_arguments","GitUpdater","GitUpdater.html#method-i-repo_directory_arguments","()",""],["require_files_from_directory","Object","Object.html#method-i-require_files_from_directory","(absolute_dir_path, files_pattern = \"*.rb\")","
TODO : add an exclude pattern ?\n"],["reset","Browser","Browser.html#method-c-reset","()",""],["rss_url","WebSite","WebSite.html#method-i-rss_url","()","
Will try to find the rss url in the homepage Only the first one found iw\nreturned\n"],["save","Generate_List","Generate_List.html#method-i-save","(items)","
Save the file\n"],["search_replace_db_2_exists?","WpTarget","WpTarget.html#method-i-search_replace_db_2_exists-3F","()",""],["search_replace_db_2_url","WpTarget","WpTarget.html#method-i-search_replace_db_2_url","()","
Script for replacing strings in wordpress databases reveals databse\ncredentials after hitting submit …\n"],["session_count","Exploit","Exploit.html#method-i-session_count","()","
a count of the amount of active sessions\n"],["sessions","Exploit","Exploit.html#method-i-sessions","()","
all sessions and related session data\n"],["sessions","RpcClient","RpcClient.html#method-i-sessions","()","
list msf sessions\n"],["set_file_name","Generate_List","Generate_List.html#method-i-set_file_name","(type)",""],["set_option_from_cli","WpscanOptions","WpscanOptions.html#method-i-set_option_from_cli","(cli_option, cli_value)","
string cli_option : –url, -u, –proxy etc string cli_value : the option\nvalue\n"],["simple_login_lockdown_url","WpLoginProtection","WpLoginProtection.html#method-i-simple_login_lockdown_url","()",""],["start","Exploit","Exploit.html#method-i-start","()","
figure out what to exploit\n"],["targets_url_from_theme","WpTimthumbs","WpTimthumbs.html#method-i-targets_url_from_theme","(theme_name, options)",""],["theme","WpTarget","WpTarget.html#method-i-theme","()","
return WpTheme\n"],["themes_from_aggressive_detection","WpThemes","WpThemes.html#method-i-themes_from_aggressive_detection","(options)",""],["themes_from_passive_detection","WpThemes","WpThemes.html#method-i-themes_from_passive_detection","(options)",""],["threads=","WpscanOptions","WpscanOptions.html#method-i-threads-3D","(threads)",""],["timthumbs","WpTimthumbs","WpTimthumbs.html#method-i-timthumbs","(theme_name = nil, options = {})",""],["to_h","WpscanOptions","WpscanOptions.html#method-i-to_h","()","
return Hash\n"],["to_s","WpItem","WpItem.html#method-i-to_s","()","
To string. Adds a version number if detected\n"],["update","GitUpdater","GitUpdater.html#method-i-update","()",""],["update","SvnUpdater","SvnUpdater.html#method-i-update","()",""],["update","Updater","Updater.html#method-i-update","()",""],["url","WpTarget","WpTarget.html#method-i-url","()","
Alias of @uri.to_s\n"],["url=","WpscanOptions","WpscanOptions.html#method-i-url-3D","(url)",""],["usage","Object","Object.html#method-i-usage","()","
wpscan usage\n"],["user_agent","Browser","Browser.html#method-i-user_agent","()","
return the user agent, according to the user_agent_mode\n"],["user_agent_mode=","Browser","Browser.html#method-i-user_agent_mode-3D","(ua_mode)",""],["usernames","WpUsernames","WpUsernames.html#method-i-usernames","(options = {})","
Enumerate wordpress usernames by using Veronica Valeros’s technique:\nseclists.org/fulldisclosure/2011/May/493 …\n"],["valid_response_codes","WpTarget","WpTarget.html#method-c-valid_response_codes","()","
Valid HTTP return codes\n"],["version","WpItem","WpItem.html#method-i-version","()","
Returns version number from readme.txt if it exists\n"],["version","WpTarget","WpTarget.html#method-i-version","()","
return WpVersion\n"],["version_pattern","WpVersion","WpVersion.html#method-c-version_pattern","()","
Used to check if the version is correct: must contain at least one dot.\n"],["vulnerabilities","Vulnerable","Vulnerable.html#method-i-vulnerabilities","()","
@return an array of WpVulnerability (can be empty)\n"],["wordlist=","WpscanOptions","WpscanOptions.html#method-i-wordlist-3D","(wordlist)",""],["wordpress?","WebSite","WebSite.html#method-i-wordpress-3F","()","
check if the remote website is actually running wordpress.\n"],["wp_content_dir","WpTarget","WpTarget.html#method-i-wp_content_dir","()",""],["wp_org_url","WpItem","WpItem.html#method-i-wp_org_url","()","
The wordpress.org plugins directory URL See:\ngithub.com/wpscanteam/wpscan/issues/100\n"],["wp_plugins_dir","WpTarget","WpTarget.html#method-i-wp_plugins_dir","()",""],["wp_plugins_dir_exists?","WpTarget","WpTarget.html#method-i-wp_plugins_dir_exists-3F","()",""],["write_entry","CacheFileStore","CacheFileStore.html#method-i-write_entry","(key, data_to_store, cache_timeout)",""],["write_shell","Exploit","Exploit.html#method-i-write_shell","(id, data)","
write data to a shell, meterpreter is not classed as a shell.\n"],["write_shell","RpcClient","RpcClient.html#method-i-write_shell","(id, data)","
writes the specified input into the session\n"],["xml_rpc_url","WebSite","WebSite.html#method-i-xml_rpc_url","()",""],["CREDITS","","CREDITS.html","","
*CREDITS*\n
This file is to give credit to WPScan’s contributors. If you feel your name\nshould be in here, …\n"],["Gemfile","","Gemfile.html","","
source “rubygems.org”\n
gem “typhoeus”, “0.4.2” gem “nokogiri” gem …\n"],["README","","README.html","","
__\n\n
__ _______ _____\n\\ \\ / / __ \\ / ____|\n \\ \\ /\\ / /| |__) | (___ ___ __ _ _ __ ...\n"]]}} \ No newline at end of file diff --git a/doc/table_of_contents.html b/doc/table_of_contents.html index d50626a3..e7030919 100644 --- a/doc/table_of_contents.html +++ b/doc/table_of_contents.html @@ -229,33 +229,33 @@::malwares_file — Malwares - ::new — WpVersion - ::new — WpPlugin - ::new — WpItem - - ::new — CacheFileStore - ::new — WpscanOptions + ::new — WpVulnerability + + ::new — WpVersion + + ::new — WpItem + ::new — WpTarget - ::new — WpTheme - ::new — WpUser + ::new — CacheFileStore + ::new — Updater ::new — Exploit - ::new — Generate_List + ::new — RpcClient - ::new — WpVulnerability + ::new — Generate_List ::new — Svn_Parser - ::new — RpcClient + ::new — WpTheme ::option_to_instance_variable_setter — WpscanOptions @@ -409,10 +409,10 @@ #has_options? — WpscanOptions - #has_readme? — WpReadme - #has_readme? — WpItem + #has_readme? — WpReadme + #has_simple_login_lockdown_protection? — WpLoginProtection #has_timthumbs? — WpTimthumbs @@ -427,22 +427,22 @@ #id= — WpUser - #is_installed? — GitUpdater - #is_installed? — Updater #is_installed? — SvnUpdater + #is_installed? — GitUpdater + #is_multisite? — WpTarget #job_id — Exploit #jobs — RpcClient - #kill_session — RpcClient - #kill_session — Exploit + #kill_session — RpcClient + #last_session_id — Exploit #limit_login_attempts_url — WpLoginProtection @@ -511,10 +511,10 @@ #read_shell — RpcClient - #readme_url — WpItem - #readme_url — WpReadme + #readme_url — WpItem + #red — Object #redirection — WebSite @@ -569,10 +569,10 @@ #update — SvnUpdater - #update — GitUpdater - #update — Updater + #update — GitUpdater + #url — WpTarget #url= — WpscanOptions @@ -585,10 +585,10 @@ #usernames — WpUsernames - #version — WpTarget - #version — WpItem + #version — WpTarget + #vulnerabilities — Vulnerable #wordlist= — WpscanOptions @@ -597,16 +597,18 @@ #wp_content_dir — WpTarget + #wp_org_url — WpItem + #wp_plugins_dir — WpTarget #wp_plugins_dir_exists? — WpTarget #write_entry — CacheFileStore - #write_shell — Exploit - #write_shell — RpcClient + #write_shell — Exploit + #xml_rpc_url — WebSite diff --git a/lib/browser.rb b/lib/browser.rb index dd064165..2fe039d6 100644 --- a/lib/browser.rb +++ b/lib/browser.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/cache_file_store.rb b/lib/cache_file_store.rb index d6914e19..6bb49954 100644 --- a/lib/cache_file_store.rb +++ b/lib/cache_file_store.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/common_helper.rb b/lib/common_helper.rb index d645ddb4..28ee88e8 100644 --- a/lib/common_helper.rb +++ b/lib/common_helper.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/environment.rb b/lib/environment.rb index f0c7edd5..3b611cca 100644 --- a/lib/environment.rb +++ b/lib/environment.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/updater/git_updater.rb b/lib/updater/git_updater.rb index 7c8ce418..0cfdecac 100644 --- a/lib/updater/git_updater.rb +++ b/lib/updater/git_updater.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/updater/svn_updater.rb b/lib/updater/svn_updater.rb index 3388209a..cfedcf6e 100644 --- a/lib/updater/svn_updater.rb +++ b/lib/updater/svn_updater.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/updater/updater.rb b/lib/updater/updater.rb index 683ff125..a511605c 100644 --- a/lib/updater/updater.rb +++ b/lib/updater/updater.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/updater/updater_factory.rb b/lib/updater/updater_factory.rb index 8ff0e5ab..bb736487 100644 --- a/lib/updater/updater_factory.rb +++ b/lib/updater/updater_factory.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/exploit.rb b/lib/wpscan/exploit.rb index b5ecabc3..f6cf1ec4 100644 --- a/lib/wpscan/exploit.rb +++ b/lib/wpscan/exploit.rb @@ -2,7 +2,7 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/brute_force.rb b/lib/wpscan/modules/brute_force.rb index 8ab5822e..185d59a7 100644 --- a/lib/wpscan/modules/brute_force.rb +++ b/lib/wpscan/modules/brute_force.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/malwares.rb b/lib/wpscan/modules/malwares.rb index b190f7c2..1659d4cc 100644 --- a/lib/wpscan/modules/malwares.rb +++ b/lib/wpscan/modules/malwares.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/web_site.rb b/lib/wpscan/modules/web_site.rb index 8c972907..2449d295 100644 --- a/lib/wpscan/modules/web_site.rb +++ b/lib/wpscan/modules/web_site.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/wp_config_backup.rb b/lib/wpscan/modules/wp_config_backup.rb index 1fec156b..b97d556c 100644 --- a/lib/wpscan/modules/wp_config_backup.rb +++ b/lib/wpscan/modules/wp_config_backup.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/wp_full_path_disclosure.rb b/lib/wpscan/modules/wp_full_path_disclosure.rb index e1303245..b028a2af 100644 --- a/lib/wpscan/modules/wp_full_path_disclosure.rb +++ b/lib/wpscan/modules/wp_full_path_disclosure.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/wp_login_protection.rb b/lib/wpscan/modules/wp_login_protection.rb index 39102a7e..bf20da66 100644 --- a/lib/wpscan/modules/wp_login_protection.rb +++ b/lib/wpscan/modules/wp_login_protection.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/wp_plugins.rb b/lib/wpscan/modules/wp_plugins.rb index 553da49f..ae7f445f 100644 --- a/lib/wpscan/modules/wp_plugins.rb +++ b/lib/wpscan/modules/wp_plugins.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/wp_readme.rb b/lib/wpscan/modules/wp_readme.rb index 45389ee1..aadce114 100644 --- a/lib/wpscan/modules/wp_readme.rb +++ b/lib/wpscan/modules/wp_readme.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/wp_themes.rb b/lib/wpscan/modules/wp_themes.rb index 84f010f7..b9f85ab7 100644 --- a/lib/wpscan/modules/wp_themes.rb +++ b/lib/wpscan/modules/wp_themes.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/wp_timthumbs.rb b/lib/wpscan/modules/wp_timthumbs.rb index 95f47391..7d7319de 100644 --- a/lib/wpscan/modules/wp_timthumbs.rb +++ b/lib/wpscan/modules/wp_timthumbs.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/modules/wp_usernames.rb b/lib/wpscan/modules/wp_usernames.rb index 7c120974..72e3e512 100644 --- a/lib/wpscan/modules/wp_usernames.rb +++ b/lib/wpscan/modules/wp_usernames.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/msfrpc_client.rb b/lib/wpscan/msfrpc_client.rb index 49d3a980..7261fa43 100644 --- a/lib/wpscan/msfrpc_client.rb +++ b/lib/wpscan/msfrpc_client.rb @@ -2,7 +2,7 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/vulnerable.rb b/lib/wpscan/vulnerable.rb index 8be68ecf..0353bc0b 100644 --- a/lib/wpscan/vulnerable.rb +++ b/lib/wpscan/vulnerable.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wp_detector.rb b/lib/wpscan/wp_detector.rb index a9e323df..e6a5f670 100644 --- a/lib/wpscan/wp_detector.rb +++ b/lib/wpscan/wp_detector.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wp_enumerator.rb b/lib/wpscan/wp_enumerator.rb index 996d2dfd..e049b40c 100644 --- a/lib/wpscan/wp_enumerator.rb +++ b/lib/wpscan/wp_enumerator.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wp_item.rb b/lib/wpscan/wp_item.rb index 69a1da4a..3bd2e093 100644 --- a/lib/wpscan/wp_item.rb +++ b/lib/wpscan/wp_item.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wp_options.rb b/lib/wpscan/wp_options.rb index 281ffeed..09ba9b03 100644 --- a/lib/wpscan/wp_options.rb +++ b/lib/wpscan/wp_options.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wp_plugin.rb b/lib/wpscan/wp_plugin.rb index e6d7177b..25345193 100644 --- a/lib/wpscan/wp_plugin.rb +++ b/lib/wpscan/wp_plugin.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb index 082a25d6..182b04a0 100644 --- a/lib/wpscan/wp_target.rb +++ b/lib/wpscan/wp_target.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wp_theme.rb b/lib/wpscan/wp_theme.rb index 3f1f2596..cb6916a5 100644 --- a/lib/wpscan/wp_theme.rb +++ b/lib/wpscan/wp_theme.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wp_user.rb b/lib/wpscan/wp_user.rb index 1b592235..6db02605 100644 --- a/lib/wpscan/wp_user.rb +++ b/lib/wpscan/wp_user.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wp_version.rb b/lib/wpscan/wp_version.rb index c18e50bf..e81bfae6 100644 --- a/lib/wpscan/wp_version.rb +++ b/lib/wpscan/wp_version.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wp_vulnerability.rb b/lib/wpscan/wp_vulnerability.rb index eedb23ef..adaa7fc7 100644 --- a/lib/wpscan/wp_vulnerability.rb +++ b/lib/wpscan/wp_vulnerability.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wpscan_helper.rb b/lib/wpscan/wpscan_helper.rb index 47b52592..96966103 100644 --- a/lib/wpscan/wpscan_helper.rb +++ b/lib/wpscan/wpscan_helper.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb index 8c8e5829..a6d518b5 100644 --- a/lib/wpscan/wpscan_options.rb +++ b/lib/wpscan/wpscan_options.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpstools/generate_list.rb b/lib/wpstools/generate_list.rb index 79179a7c..7c52f933 100644 --- a/lib/wpstools/generate_list.rb +++ b/lib/wpstools/generate_list.rb @@ -2,7 +2,7 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpstools/parse_svn.rb b/lib/wpstools/parse_svn.rb index 49803868..b67243cd 100644 --- a/lib/wpstools/parse_svn.rb +++ b/lib/wpstools/parse_svn.rb @@ -2,7 +2,7 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/wpstools/wpstools_helper.rb b/lib/wpstools/wpstools_helper.rb index 3ff84bad..fac49420 100644 --- a/lib/wpstools/wpstools_helper.rb +++ b/lib/wpstools/wpstools_helper.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/browser_spec.rb b/spec/lib/browser_spec.rb index 15c66971..1db4ff94 100644 --- a/spec/lib/browser_spec.rb +++ b/spec/lib/browser_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/cache_file_store_spec.rb b/spec/lib/cache_file_store_spec.rb index 55e9234c..c1805b47 100644 --- a/spec/lib/cache_file_store_spec.rb +++ b/spec/lib/cache_file_store_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/common_helper_spec.rb b/spec/lib/common_helper_spec.rb index fadc4531..ea3fd012 100644 --- a/spec/lib/common_helper_spec.rb +++ b/spec/lib/common_helper_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/modules/brute_force_spec.rb b/spec/lib/wpscan/modules/brute_force_spec.rb index 5cad2e47..42de6c31 100644 --- a/spec/lib/wpscan/modules/brute_force_spec.rb +++ b/spec/lib/wpscan/modules/brute_force_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/modules/malwares_spec.rb b/spec/lib/wpscan/modules/malwares_spec.rb index 8ed26a42..c7c9f590 100644 --- a/spec/lib/wpscan/modules/malwares_spec.rb +++ b/spec/lib/wpscan/modules/malwares_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/modules/web_site_spec.rb b/spec/lib/wpscan/modules/web_site_spec.rb index d056f334..fe2a3caa 100644 --- a/spec/lib/wpscan/modules/web_site_spec.rb +++ b/spec/lib/wpscan/modules/web_site_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/modules/wp_config_backup_spec.rb b/spec/lib/wpscan/modules/wp_config_backup_spec.rb index 8862d9f0..eec689f6 100644 --- a/spec/lib/wpscan/modules/wp_config_backup_spec.rb +++ b/spec/lib/wpscan/modules/wp_config_backup_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -31,7 +31,7 @@ shared_examples_for "WpConfigBackup" do # set all @config_backup_files to point to a 404 before :each do @config_backup_files.each do |backup_file| - file_url = @module.uri.merge(URI.encode(backup_file)).to_s + file_url = @module.uri.merge(URI.escape(backup_file)).to_s stub_request(:get, file_url). to_return(:status => 404, :body => "") @@ -46,7 +46,7 @@ shared_examples_for "WpConfigBackup" do expected = [] @config_backup_files.sample(1).each do |backup_file| - file_url = @module.uri.merge(backup_file).to_s + file_url = @module.uri.merge(URI.escape(backup_file)).to_s expected << file_url stub_request(:get, file_url). @@ -63,7 +63,7 @@ shared_examples_for "WpConfigBackup" do expected = [] @config_backup_files.sample(2).each do |backup_file| - file_url = @module.uri.merge(backup_file).to_s + file_url = @module.uri.merge(URI.escape(backup_file)).to_s expected << file_url stub_request(:get, file_url). diff --git a/spec/lib/wpscan/modules/wp_full_path_disclosure_spec.rb b/spec/lib/wpscan/modules/wp_full_path_disclosure_spec.rb index 2261597f..7eda8130 100644 --- a/spec/lib/wpscan/modules/wp_full_path_disclosure_spec.rb +++ b/spec/lib/wpscan/modules/wp_full_path_disclosure_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/modules/wp_login_protection_spec.rb b/spec/lib/wpscan/modules/wp_login_protection_spec.rb index 2349ded2..01c029a8 100644 --- a/spec/lib/wpscan/modules/wp_login_protection_spec.rb +++ b/spec/lib/wpscan/modules/wp_login_protection_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/modules/wp_plugins_spec.rb b/spec/lib/wpscan/modules/wp_plugins_spec.rb index 77e03c77..0d6c80ae 100644 --- a/spec/lib/wpscan/modules/wp_plugins_spec.rb +++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/modules/wp_readme_spec.rb b/spec/lib/wpscan/modules/wp_readme_spec.rb index 0124bc43..cdc60c58 100644 --- a/spec/lib/wpscan/modules/wp_readme_spec.rb +++ b/spec/lib/wpscan/modules/wp_readme_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/modules/wp_themes_spec.rb b/spec/lib/wpscan/modules/wp_themes_spec.rb index 0a36d911..33cbc171 100644 --- a/spec/lib/wpscan/modules/wp_themes_spec.rb +++ b/spec/lib/wpscan/modules/wp_themes_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb index 56a952a8..0871ae4e 100644 --- a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb +++ b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/modules/wp_usernames_spec.rb b/spec/lib/wpscan/modules/wp_usernames_spec.rb index 6d5cd2cf..713f30b4 100644 --- a/spec/lib/wpscan/modules/wp_usernames_spec.rb +++ b/spec/lib/wpscan/modules/wp_usernames_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wp_detector_spec.rb b/spec/lib/wpscan/wp_detector_spec.rb index d80bdbd1..b9f34158 100644 --- a/spec/lib/wpscan/wp_detector_spec.rb +++ b/spec/lib/wpscan/wp_detector_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wp_enumerator_spec.rb b/spec/lib/wpscan/wp_enumerator_spec.rb index aa5f52d0..02d675f9 100644 --- a/spec/lib/wpscan/wp_enumerator_spec.rb +++ b/spec/lib/wpscan/wp_enumerator_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wp_item_spec.rb b/spec/lib/wpscan/wp_item_spec.rb index 2ccb4627..3d9ca07d 100644 --- a/spec/lib/wpscan/wp_item_spec.rb +++ b/spec/lib/wpscan/wp_item_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wp_options_spec.rb b/spec/lib/wpscan/wp_options_spec.rb index 17df6626..2447360d 100644 --- a/spec/lib/wpscan/wp_options_spec.rb +++ b/spec/lib/wpscan/wp_options_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wp_plugin_spec.rb b/spec/lib/wpscan/wp_plugin_spec.rb index 28c1a536..f25813d8 100644 --- a/spec/lib/wpscan/wp_plugin_spec.rb +++ b/spec/lib/wpscan/wp_plugin_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb index cf1bc743..d5dcdf56 100644 --- a/spec/lib/wpscan/wp_target_spec.rb +++ b/spec/lib/wpscan/wp_target_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wp_theme_spec.rb b/spec/lib/wpscan/wp_theme_spec.rb index 336d8e15..d9a1e343 100644 --- a/spec/lib/wpscan/wp_theme_spec.rb +++ b/spec/lib/wpscan/wp_theme_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wp_user_spec.rb b/spec/lib/wpscan/wp_user_spec.rb index b4f865e2..fa9fc524 100644 --- a/spec/lib/wpscan/wp_user_spec.rb +++ b/spec/lib/wpscan/wp_user_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wp_version_spec.rb b/spec/lib/wpscan/wp_version_spec.rb index 1a1d663f..429ce97a 100644 --- a/spec/lib/wpscan/wp_version_spec.rb +++ b/spec/lib/wpscan/wp_version_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wpscan_helper.rb b/spec/lib/wpscan/wpscan_helper.rb index da277eae..ce106c95 100644 --- a/spec/lib/wpscan/wpscan_helper.rb +++ b/spec/lib/wpscan/wpscan_helper.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpscan/wpscan_options_spec.rb b/spec/lib/wpscan/wpscan_options_spec.rb index a890a32b..a13871d8 100644 --- a/spec/lib/wpscan/wpscan_options_spec.rb +++ b/spec/lib/wpscan/wpscan_options_spec.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/lib/wpstools/wpstools_helper.rb b/spec/lib/wpstools/wpstools_helper.rb index 93d7620a..842946ff 100644 --- a/spec/lib/wpstools/wpstools_helper.rb +++ b/spec/lib/wpstools/wpstools_helper.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index d370a3ff..140965e8 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,6 +1,6 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/wpscan.rb b/wpscan.rb index 5e032d93..ad171315 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -2,7 +2,7 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -54,6 +54,14 @@ begin raise "The WordPress URL supplied '#{wp_target.uri}' seems to be down." end + if wpscan_options.proxy + proxy_reponse = Browser.instance.get(wp_target.url) + + unless WpTarget::valid_response_codes.include?(proxy_reponse.code) + raise "Proxy Error :\r\n#{proxy_reponse.headers}" + end + end + redirection = wp_target.redirection if redirection if wpscan_options.follow_redirection diff --git a/wpstools.rb b/wpstools.rb index 82b8caea..5fd2a62d 100755 --- a/wpstools.rb +++ b/wpstools.rb @@ -2,7 +2,7 @@ #-- # WPScan - WordPress Security Scanner -# Copyright (C) 2012 +# Copyright (C) 2012-2013 # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by