Browser::Actions (no specs)

lib/wpscan/web_site.rb

@@ -18,11 +18,11 @@ class WebSite
 
   # Checks if the remote website is up.
   def online?
-    Browser.instance.get(@uri.to_s).code != 0
+    Browser.get(@uri.to_s).code != 0
   end
 
   def has_basic_auth?
-    Browser.instance.get(@uri.to_s).code == 401
+    Browser.get(@uri.to_s).code == 401
   end
 
   def has_xml_rpc?
@@ -38,7 +38,7 @@ class WebSite
   end
 
   def xml_rpc_url_from_headers
-    headers    = Browser.instance.get(@uri.to_s).headers_hash
+    headers    = Browser.get(@uri.to_s).headers_hash
     xmlrpc_url = nil
 
     unless headers.nil?
@@ -51,7 +51,7 @@ class WebSite
   end
 
   def xml_rpc_url_from_body
-    body = Browser.instance.get(@uri.to_s).body
+    body = Browser.get(@uri.to_s).body
 
     body[%r{<link rel="pingback" href="([^"]+)" ?\/?>}, 1]
   end
@@ -62,7 +62,7 @@ class WebSite
   def redirection(url = nil)
     redirection = nil
     url ||= @uri.to_s
-    response = Browser.instance.get(url)
+    response = Browser.get(url)
 
     if response.code == 301 || response.code == 302
       redirection = response.headers_hash['location']
@@ -78,7 +78,7 @@ class WebSite
 
   # Return the MD5 hash of the page given by url
   def self.page_hash(url)
-    Digest::MD5.hexdigest(Browser.instance.get(url).body)
+    Digest::MD5.hexdigest(Browser.get(url).body)
   end
 
   def homepage_hash
@@ -100,13 +100,13 @@ class WebSite
   # Will try to find the rss url in the homepage
   # Only the first one found iw returned
   def rss_url
-    homepage_body = Browser.instance.get(@uri.to_s).body
+    homepage_body = Browser.get(@uri.to_s).body
     homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
   end
 
   # Checks if a robots.txt file exists
   def has_robots?
-    Browser.instance.get(robots_url).code == 200
+    Browser.get(robots_url).code == 200
   end
 
   # Gets a robots.txt URL

lib/wpscan/wp_target.rb

@@ -11,14 +11,14 @@ require 'wp_target/wp_custom_directories'
 require 'wp_target/wp_full_path_disclosure'
 
 class WpTarget < WebSite
-  include Malwares
-  include WpReadme
-  include BruteForce
-  include WpRegistrable
-  include WpConfigBackup
-  include WpLoginProtection
-  include WpCustomDirectories
-  include WpFullPathDisclosure
+  include WpTarget::Malwares
+  include WpTarget::WpReadme
+  include WpTarget::BruteForce
+  include WpTarget::WpRegistrable
+  include WpTarget::WpConfigBackup
+  include WpTarget::WpLoginProtection
+  include WpTarget::WpCustomDirectories
+  include WpTarget::WpFullPathDisclosure
 
   attr_reader :verbose
 
@@ -38,17 +38,17 @@ class WpTarget < WebSite
   def wordpress?
     wordpress = false
 
-    response = Browser.instance.get_and_follow_location(@uri.to_s)
+    response = Browser.get_and_follow_location(@uri.to_s)
 
     if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
       wordpress = true
     else
-      response = Browser.instance.get_and_follow_location(xml_rpc_url)
+      response = Browser.get_and_follow_location(xml_rpc_url)
 
       if response.body =~ %r{XML-RPC server accepts POST requests only}i
         wordpress = true
       else
-        response = Browser.instance.get_and_follow_location(login_url)
+        response = Browser.get_and_follow_location(login_url)
 
         if response.code == 200 && response.body =~ %r{WordPress}i
           wordpress = true
@@ -104,7 +104,7 @@ class WpTarget < WebSite
 
   def has_debug_log?
     # We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)
-    response_body = Browser.instance.get(debug_log_url(), headers: {'range' => 'bytes=0-700'}).body
+    response_body = Browser.get(debug_log_url(), headers: {'range' => 'bytes=0-700'}).body
     response_body[%r{\[[^\]]+\] PHP (?:Warning|Error|Notice):}] ? true : false
   end
 
@@ -120,7 +120,7 @@ class WpTarget < WebSite
   end
 
   def search_replace_db_2_exists?
-    resp = Browser.instance.get(search_replace_db_2_url)
+    resp = Browser.get(search_replace_db_2_url)
     resp.code == 200 && resp.body[%r{by interconnect}i]
   end
 end

lib/wpscan/wp_target/malwares.rb

@@ -17,7 +17,7 @@ class WpTarget < WebSite
       unless @malwares
         malwares_found = []
         malwares_file = Malwares.malwares_file(malwares_file_path)
-        index_page_body = Browser.instance.get(@uri.to_s).body
+        index_page_body = Browser.get(@uri.to_s).body
 
         File.open(malwares_file, 'r') do |file|
           file.readlines.collect do |url|

lib/wpscan/wp_target/wp_custom_directories.rb

@@ -6,7 +6,7 @@ class WpTarget < WebSite
     # @return [ String ] The wp-content directory
     def wp_content_dir
       unless @wp_content_dir
-        index_body = Browser.instance.get(@uri.to_s).body
+        index_body = Browser.get(@uri.to_s).body
         uri_path = @uri.path # Only use the path because domain can be text or an IP
 
         if index_body[/\/wp-content\/(?:themes|plugins)\//i] || default_wp_content_dir_exists?
@@ -22,7 +22,7 @@ class WpTarget < WebSite
 
     # @return [ Boolean ]
     def default_wp_content_dir_exists?
-      response = Browser.instance.get(@uri.merge('wp-content').to_s)
+      response = Browser.get(@uri.merge('wp-content').to_s)
       hash = Digest::MD5.hexdigest(response.body)
 
       if WpTarget.valid_response_codes.include?(response.code)
@@ -42,7 +42,7 @@ class WpTarget < WebSite
 
     # @return [ Boolean ]
     def wp_plugins_dir_exists?
-      Browser.instance.get(@uri.merge(wp_plugins_dir)).code != 404
+      Browser.get(@uri.merge(wp_plugins_dir).to_s).code != 404
     end
 
   end

lib/wpscan/wp_target/wp_full_path_disclosure.rb

@@ -7,7 +7,7 @@ class WpTarget < WebSite
     #
     # @return [ Boolean ]
     def has_full_path_disclosure?
-      response = Browser.instance.get(full_path_disclosure_url())
+      response = Browser.get(full_path_disclosure_url())
       response.body[%r{Fatal error}i] ? true : false
     end
 

lib/wpscan/wp_target/wp_login_protection.rb

@@ -38,17 +38,17 @@ class WpTarget < WebSite
     # Thanks to Alip Aswalid for providing this method.
     # http://wordpress.org/extend/plugins/login-lockdown/
     def has_login_lockdown_protection?
-      Browser.instance.get(login_url).body =~ %r{Login LockDown}i ? true : false
+      Browser.get(login_url).body =~ %r{Login LockDown}i ? true : false
     end
 
     # http://wordpress.org/extend/plugins/login-lock/
     def has_login_lock_protection?
-      Browser.instance.get(login_url).body =~ %r{LOGIN LOCK} ? true : false
+      Browser.get(login_url).body =~ %r{LOGIN LOCK} ? true : false
     end
 
     # http://wordpress.org/extend/plugins/better-wp-security/
     def has_better_wp_security_protection?
-      Browser.instance.get(better_wp_security_url).code != 404
+      Browser.get(better_wp_security_url).code != 404
     end
 
     def plugin_url(plugin_name)
@@ -66,7 +66,7 @@ class WpTarget < WebSite
 
     # http://wordpress.org/extend/plugins/simple-login-lockdown/
     def has_simple_login_lockdown_protection?
-      Browser.instance.get(simple_login_lockdown_url).code != 404
+      Browser.get(simple_login_lockdown_url).code != 404
     end
 
     def simple_login_lockdown_url
@@ -75,7 +75,7 @@ class WpTarget < WebSite
 
     # http://wordpress.org/extend/plugins/login-security-solution/
     def has_login_security_solution_protection?
-      Browser.instance.get(login_security_solution_url()).code != 404
+      Browser.get(login_security_solution_url()).code != 404
     end
 
     def login_security_solution_url
@@ -84,7 +84,7 @@ class WpTarget < WebSite
 
     # http://wordpress.org/extend/plugins/limit-login-attempts/
     def has_limit_login_attempts_protection?
-      Browser.instance.get(limit_login_attempts_url).code != 404
+      Browser.get(limit_login_attempts_url).code != 404
     end
 
     def limit_login_attempts_url
@@ -93,7 +93,7 @@ class WpTarget < WebSite
 
     # http://wordpress.org/extend/plugins/bluetrait-event-viewer/
     def has_bluetrait_event_viewer_protection?
-      Browser.instance.get(bluetrait_event_viewer_url).code != 404
+      Browser.get(bluetrait_event_viewer_url).code != 404
     end
 
     def bluetrait_event_viewer_url

lib/wpscan/wp_target/wp_readme.rb

@@ -10,7 +10,7 @@ class WpTarget < WebSite
     #
     # @return [ Boolean ]
     def has_readme?
-      response = Browser.instance.get(readme_url())
+      response = Browser.get(readme_url())
 
       unless response.code == 404
         return response.body =~ %r{wordpress}i ? true : false

lib/wpscan/wp_target/wp_registrable.rb

@@ -7,7 +7,7 @@ class WpTarget < WebSite
     #
     # @return [ Boolean ]
     def registration_enabled?
-      resp = Browser.instance.get(registration_url)
+      resp = Browser.get(registration_url)
       # redirect only on non multi sites
       if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/i
         enabled = false
@@ -34,8 +34,7 @@ class WpTarget < WebSite
       unless @multisite
         # when multi site, there is no redirection or a redirect to the site itself
         # otherwise redirect to wp-login.php
-        url = @uri.merge('wp-signup.php')
-        resp = Browser.instance.get(url)
+        resp = Browser.get(@uri.merge('wp-signup.php').to_s)
 
         if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/
           @multisite = false