garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rdoc

Browse Source
This commit is contained in:
Christian Mehlmauer
2012-09-16 23:51:31 +02:00
parent fc23265f11
commit 42f05db7ca
21 changed files with 329 additions and 291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
doc/Browser.html
View File

@@ -81,8 +81,6 @@
<li><a href="#method-i-post">#post</a></li>
<li><a href="#method-i-replace_variables_in_url">#replace_variables_in_url</a></li>
<li><a href="#method-i-user_agent">#user_agent</a></li>
<li><a href="#method-i-user_agent_mode-3D">#user_agent_mode=</a></li>
@@ -294,7 +292,7 @@
<div class="method-source-code" id="instance-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 58</span>
<span class="ruby-comment"># File lib/browser.rb, line 57</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">@@instance</span>
<span class="ruby-identifier">@@instance</span> = <span class="ruby-identifier">new</span>(<span class="ruby-identifier">options</span>)
@@ -330,7 +328,7 @@
<div class="method-source-code" id="reset-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 65</span>
<span class="ruby-comment"># File lib/browser.rb, line 64</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">reset</span>
<span class="ruby-identifier">@@instance</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
@@ -369,10 +367,10 @@
<div class="method-source-code" id="forge_request-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 141</span>
<span class="ruby-comment"># File lib/browser.rb, line 140</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-constant">Typhoeus</span><span class="ruby-operator">::</span><span class="ruby-constant">Request</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">replace_variables_in_url</span>(<span class="ruby-identifier">url</span>),
<span class="ruby-identifier">url</span>.<span class="ruby-identifier">to_s</span>,
<span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span>)
)
<span class="ruby-keyword">end</span></pre>
@@ -405,7 +403,7 @@
<div class="method-source-code" id="get-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 129</span>
<span class="ruby-comment"># File lib/browser.rb, line 128</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-identifier">run_request</span>(
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:get</span>))
@@ -443,7 +441,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="load_config-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 102</span>
<span class="ruby-comment"># File lib/browser.rb, line 101</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">load_config</span>(<span class="ruby-identifier">config_file</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-ivar">@config_file</span> = <span class="ruby-identifier">config_file</span> <span class="ruby-operator">||</span> <span class="ruby-ivar">@config_file</span>
@@ -484,7 +482,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="max_threads-3D-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 94</span>
<span class="ruby-comment"># File lib/browser.rb, line 93</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">max_threads=</span>(<span class="ruby-identifier">max_threads</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">max_threads</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">max_threads</span> <span class="ruby-operator">&lt;=</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">max_threads</span> = <span class="ruby-value">1</span>
@@ -520,7 +518,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="merge_request_params-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 159</span>
<span class="ruby-comment"># File lib/browser.rb, line 147</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@proxy</span>
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:proxy</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@proxy</span>)
@@ -576,7 +574,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="post-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 135</span>
<span class="ruby-comment"># File lib/browser.rb, line 134</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">post</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-identifier">run_request</span>(
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:post</span>))
@@ -611,7 +609,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="user_agent-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 82</span>
<span class="ruby-comment"># File lib/browser.rb, line 81</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@user_agent_mode</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;semi-static&quot;</span>
@@ -652,7 +650,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="user_agent_mode-3D-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 69</span>
<span class="ruby-comment"># File lib/browser.rb, line 68</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent_mode=</span>(<span class="ruby-identifier">ua_mode</span>)
<span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">||=</span> <span class="ruby-string">&quot;static&quot;</span>
@@ -676,50 +674,6 @@ browser object, hydra will not have the new @max_threads and
</div><!-- public-instance-method-details -->
<div id="protected-instance-method-details" class="method-section section">
<h3 class="section-header">Protected Instance Methods</h3>
<div id="replace_variables_in_url-method" class="method-detail ">
<a name="method-i-replace_variables_in_url"></a>
<div class="method-heading">
<span class="method-name">replace_variables_in_url</span><span
class="method-args">(url)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return string</p>
<div class="method-source-code" id="replace_variables_in_url-source">
<pre>
<span class="ruby-comment"># File lib/browser.rb, line 149</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">replace_variables_in_url</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-ivar">@variables_to_replace_in_url</span> <span class="ruby-operator">||=</span> {}
<span class="ruby-ivar">@variables_to_replace_in_url</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">subject</span>, <span class="ruby-identifier">replacement</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span>.<span class="ruby-identifier">gsub!</span>(<span class="ruby-identifier">subject</span>, <span class="ruby-identifier">replacement</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">url</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- replace_variables_in_url-source -->
</div>
</div><!-- replace_variables_in_url-method -->
</div><!-- protected-instance-method-details -->
</div><!-- 5Buntitled-5D -->

11
doc/WpDetector.html
View File

@@ -231,7 +231,7 @@
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">items</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">items</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">items</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-keyword">end</span>
@@ -240,7 +240,7 @@
<span class="ruby-identifier">already_present</span> = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-comment"># Already found via passive detection</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">enum_result</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">==</span> <span class="ruby-identifier">enum_result</span>[<span class="ruby-value">:name</span>]
<span class="ruby-identifier">already_present</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">break</span>
<span class="ruby-keyword">end</span>
@@ -298,7 +298,12 @@
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">items</span> <span class="ruby-operator">&lt;&lt;</span> { <span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>, <span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>, <span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;#{type}/#{item}&quot;</span> }
<span class="ruby-identifier">items</span> <span class="ruby-operator">&lt;&lt;</span> {
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;#{type}/#{item}/&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>
}
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">items</span>
<span class="ruby-keyword">end</span></pre>

16
doc/WpEnumerator.html
View File

@@ -213,7 +213,7 @@
<div class="method-heading">
<span class="method-name">enumerate</span><span
class="method-args">(options = {})</span>
class="method-args">(options = {}, items = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -247,12 +247,18 @@
<div class="method-source-code" id="enumerate-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_enumerator.rb, line 33</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span> = {}, <span class="ruby-identifier">items</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">targets</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">generate_items</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">i</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">i</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">found</span> = []
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
@@ -261,7 +267,11 @@
<span class="ruby-identifier">enumerate_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_url</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/timthumbs/</span>
<span class="ruby-identifier">url</span> = <span class="ruby-node">&quot;#{target[:url]}#{target[:wp_content_dir]}/#{target[:path]}&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">url</span> = <span class="ruby-node">&quot;#{target[:url]}#{target[:wp_content_dir]}/#{options[:type]}/#{target[:path]}&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>)
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>

173
doc/WpItem.html
View File

@@ -61,6 +61,8 @@
<li><a href="#method-i-3D-3D">#==</a></li>
<li><a href="#method-i-changelog_url">#changelog_url</a></li>
<li><a href="#method-i-directory_listing-3F">#directory_listing?</a></li>
<li><a href="#method-i-extract_name_from_url">#extract_name_from_url</a></li>
@@ -69,8 +71,14 @@
<li><a href="#method-i-get_url_without_filename">#get_url_without_filename</a></li>
<li><a href="#method-i-has_changelog-3F">#has_changelog?</a></li>
<li><a href="#method-i-has_readme-3F">#has_readme?</a></li>
<li><a href="#method-i-location_uri_from_file_url">#location_uri_from_file_url</a></li>
<li><a href="#method-i-readme_url">#readme_url</a></li>
<li><a href="#method-i-to_s">#to_s</a></li>
<li><a href="#method-i-version">#version</a></li>
@@ -290,7 +298,7 @@
<div class="method-source-code" id="3C-3D-3E-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 59</span>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 64</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">item</span>)
<span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-ivar">@name</span>
<span class="ruby-keyword">end</span></pre>
@@ -323,7 +331,7 @@
<div class="method-source-code" id="3D-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 55</span>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">==</span>(<span class="ruby-identifier">item</span>)
<span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-ivar">@name</span>
<span class="ruby-keyword">end</span></pre>
@@ -337,6 +345,39 @@
</div><!-- 3D-3D-method -->
<div id="changelog_url-method" class="method-detail ">
<a name="method-i-changelog_url"></a>
<div class="method-heading">
<span class="method-name">changelog_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="changelog_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 80</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;changelog.txt&quot;</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- changelog_url-source -->
</div>
</div><!-- changelog_url-method -->
<div id="directory_listing-3F-method" class="method-detail ">
<a name="method-i-directory_listing-3F"></a>
@@ -356,7 +397,7 @@
<div class="method-source-code" id="directory_listing-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 41</span>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 46</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">directory_listing?</span>
<span class="ruby-comment"># Need to remove to file part from the url</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">location_uri_from_file_url</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>)).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
@@ -390,7 +431,7 @@
<div class="method-source-code" id="extract_name_from_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 46</span>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 51</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
<span class="ruby-keyword">end</span></pre>
@@ -458,8 +499,13 @@
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-identifier">uri</span> = <span class="ruby-identifier">get_url</span>
<span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{uri.scheme}://#{uri.host}#{File.dirname(uri.path)}&quot;</span>)
<span class="ruby-identifier">matches</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">match</span>(<span class="ruby-regexp">%{^(.*/).*$}</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">matches</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&lt;</span> <span class="ruby-value">2</span>
<span class="ruby-identifier">dirname</span> = <span class="ruby-ivar">@path</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">dirname</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{@url.to_s}#@wp_content_dir/#{dirname}&quot;</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- get_url_without_filename-source -->
@@ -471,6 +517,80 @@
</div><!-- get_url_without_filename-method -->
<div id="has_changelog-3F-method" class="method-detail ">
<a name="method-i-has_changelog-3F"></a>
<div class="method-heading">
<span class="method-name">has_changelog?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_changelog-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 92</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_changelog?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@changelog</span>
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">changelog_url</span>).<span class="ruby-identifier">code</span>
<span class="ruby-ivar">@changelog</span> = <span class="ruby-identifier">status</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@changelog</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_changelog-3F-source -->
</div>
</div><!-- has_changelog-3F-method -->
<div id="has_readme-3F-method" class="method-detail ">
<a name="method-i-has_readme-3F"></a>
<div class="method-heading">
<span class="method-name">has_readme?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_readme-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 84</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@readme</span>
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>).<span class="ruby-identifier">code</span>
<span class="ruby-ivar">@readme</span> = <span class="ruby-identifier">status</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@readme</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_readme-3F-source -->
</div>
</div><!-- has_readme-3F-method -->
<div id="location_uri_from_file_url-method" class="method-detail ">
<a name="method-i-location_uri_from_file_url"></a>
@@ -490,7 +610,7 @@
<div class="method-source-code" id="location_uri_from_file_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 63</span>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 68</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">location_uri_from_file_url</span>(<span class="ruby-identifier">location_url</span>)
<span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
@@ -508,6 +628,39 @@
</div><!-- location_uri_from_file_url-method -->
<div id="readme_url-method" class="method-detail ">
<a name="method-i-readme_url"></a>
<div class="method-heading">
<span class="method-name">readme_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="readme_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 76</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- readme_url-source -->
</div>
</div><!-- readme_url-method -->
<div id="to_s-method" class="method-detail ">
<a name="method-i-to_s"></a>
@@ -527,10 +680,10 @@
<div class="method-source-code" id="to_s-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 50</span>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 55</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">item_version</span> = <span class="ruby-identifier">version</span>
<span class="ruby-node">&quot;#@name#{' v' + item_version if item_version}&quot;</span>
<span class="ruby-node">&quot;#@name#{' v' + item_version.strip if item_version}&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- to_s-source -->
@@ -561,7 +714,7 @@
<div class="method-source-code" id="version-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 32</span>
<span class="ruby-comment"># File lib/wpscan/modules/wp_item.rb, line 37</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)

2
doc/WpOptions.html
View File

@@ -264,7 +264,7 @@
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;error_404_hash must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;type must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/plugins/</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/themes/</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/plugins/</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/themes/</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/timthumbs/</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;Unknown type #{options[:type]}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>

15
doc/WpPlugins.html
View File

@@ -227,8 +227,17 @@
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//plugin[@name='#{@name}']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">&quot;//plugin&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-identifier">result</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-identifier">result</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:url</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:path</span>],
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:name</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- plugins_from_aggressive_detection-source -->
@@ -267,7 +276,7 @@ plugins can be found in the source code :</p>
<div class="method-source-code" id="plugins_from_passive_detection-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 40</span>
<span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_passive_detection</span>(<span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">url</span>(), <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">wp_content_dir</span>)

2
doc/WpTarget.html
View File

@@ -628,7 +628,7 @@
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 86</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
<span class="ruby-constant">WpVersion</span>.<span class="ruby-identifier">find</span>(<span class="ruby-ivar">@uri</span>)
<span class="ruby-constant">WpVersion</span>.<span class="ruby-identifier">find</span>(<span class="ruby-ivar">@uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- version-source -->

161
doc/WpTimthumbs.html
View File

@@ -57,16 +57,12 @@
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-timthumbs_file">::timthumbs_file</a></li>
<li><a href="#method-i-has_timthumbs-3F">#has_timthumbs?</a></li>
<li><a href="#method-i-targets_url_from_theme">#targets_url_from_theme</a></li>
<li><a href="#method-i-timthumbs">#timthumbs</a></li>
<li><a href="#method-i-timthumbs_targets_url">#timthumbs_targets_url</a></li>
</ul>
</div>
@@ -201,45 +197,6 @@
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="timthumbs_file-method" class="method-detail ">
<a name="method-c-timthumbs_file"></a>
<div class="method-heading">
<span class="method-name">timthumbs_file</span><span
class="method-args">(timthumbs_file_path = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="timthumbs_file-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 88</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">timthumbs_file</span>(<span class="ruby-identifier">timthumbs_file_path</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-identifier">timthumbs_file_path</span> <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/timthumbs.txt&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- timthumbs_file-source -->
</div>
</div><!-- timthumbs_file-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
@@ -250,7 +207,7 @@
<div class="method-heading">
<span class="method-name">has_timthumbs?</span><span
class="method-args">(options = {})</span>
class="method-args">(theme_name, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -264,8 +221,8 @@
<div class="method-source-code" id="has_timthumbs-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_timthumbs?</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-operator">!</span><span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">options</span>).<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_timthumbs?</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-operator">!</span><span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>).<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_timthumbs-3F-source -->
@@ -283,61 +240,36 @@
<div class="method-heading">
<span class="method-name">timthumbs</span><span
class="method-args">(options = {})</span>
class="method-args">(theme_name = nil, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Available options :</p>
<pre>:theme_name
:timthumbs_file
:show_progress_bar - default false</pre>
<p>return array of string (url of timthumbs found), can be empty</p>
<div class="method-source-code" id="timthumbs-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 28</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">theme_name</span> = <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@wp_timthumbs</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">hydra</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">found_timthumbs</span> = []
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">targets_url</span> = <span class="ruby-identifier">timthumbs_targets_url</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">show_progress_bar</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progress_bar</span>] <span class="ruby-operator">||</span> <span class="ruby-keyword">false</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/timthumbs.txt&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-string">&quot;xxx&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;xxx&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">&quot;xxx&quot;</span>
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target_url</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">target_url</span>, <span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>)
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">print</span> <span class="ruby-string">&quot;\rChecking for &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">size</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-node">&quot; total timthumb files... #{(request_count * 100) / targets_url.size}% complete.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progress_bar</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/no image specified/</span>
<span class="ruby-identifier">found_timthumbs</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">target_url</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span>
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">theme_name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">custom_items</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">custom_items</span> = <span class="ruby-identifier">targets_url_from_theme</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-ivar">@wp_timthumbs</span> = <span class="ruby-identifier">found_timthumbs</span>
<span class="ruby-ivar">@wp_timthumbs</span> = <span class="ruby-constant">WpEnumerator</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span>, <span class="ruby-identifier">custom_items</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_timthumbs</span>
<span class="ruby-keyword">end</span></pre>
@@ -351,50 +283,6 @@
</div><!-- timthumbs-method -->
<div id="timthumbs_targets_url-method" class="method-detail ">
<a name="method-i-timthumbs_targets_url"></a>
<div class="method-heading">
<span class="method-name">timthumbs_targets_url</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Available options :</p>
<pre>:theme_name
:timthumbs_file</pre>
<p>retrun array of string</p>
<div class="method-source-code" id="timthumbs_targets_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 78</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">timthumbs_targets_url</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">targets</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:theme_name</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">targets_url_from_theme</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:theme_name</span>]) <span class="ruby-operator">:</span> []
<span class="ruby-identifier">timthumbs_file</span> = <span class="ruby-constant">WpTimthumbs</span>.<span class="ruby-identifier">timthumbs_file</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:timthumbs_file</span>])
<span class="ruby-identifier">targets</span> <span class="ruby-operator">+=</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">timthumbs_file</span>, <span class="ruby-string">'r'</span>) {<span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span> <span class="ruby-identifier">file</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span>{<span class="ruby-operator">|</span><span class="ruby-identifier">line</span><span class="ruby-operator">|</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">line</span>.<span class="ruby-identifier">chomp</span>).<span class="ruby-identifier">to_s</span>}}
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-comment"># randomize the array to *maybe* help in some crappy IDS/IPS/WAF evasion</span>
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">sort_by!</span> { <span class="ruby-identifier">rand</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- timthumbs_targets_url-source -->
</div>
</div><!-- timthumbs_targets_url-method -->
</div><!-- public-instance-method-details -->
<div id="protected-instance-method-details" class="method-section section">
@@ -407,7 +295,7 @@
<div class="method-heading">
<span class="method-name">targets_url_from_theme</span><span
class="method-args">(theme_name)</span>
class="method-args">(theme_name, options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -420,8 +308,8 @@
<div class="method-source-code" id="targets_url_from_theme-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 93</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">targets_url_from_theme</span>(<span class="ruby-identifier">theme_name</span>)
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">targets_url_from_theme</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-identifier">targets</span> = []
<span class="ruby-identifier">theme_name</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">escape</span>(<span class="ruby-identifier">theme_name</span>)
@@ -429,7 +317,12 @@
<span class="ruby-string">'timthumb.php'</span>, <span class="ruby-string">'lib/timthumb.php'</span>, <span class="ruby-string">'inc/timthumb.php'</span>, <span class="ruby-string">'includes/timthumb.php'</span>,
<span class="ruby-string">'scripts/timthumb.php'</span>, <span class="ruby-string">'tools/timthumb.php'</span>, <span class="ruby-string">'functions/timthumb.php'</span>
].<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;wp-content/themes/#{theme_name}/#{file}&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> {
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;themes/#{theme_name}/#{file}&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>]
}
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">targets</span>
<span class="ruby-keyword">end</span></pre>

50
doc/WpVersion.html
View File

@@ -262,7 +262,7 @@
<div class="method-heading">
<span class="method-name">find</span><span
class="method-args">(target_uri)</span>
class="method-args">(target_uri, wp_content_dir)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -287,9 +287,13 @@ etc)</p>
<div class="method-source-code" id="find-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 39</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-identifier">options</span> = {
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>
}
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/find_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">version</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">target_uri</span>)
<span class="ruby-identifier">version</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">version</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-identifier">version</span>, <span class="ruby-value">:discovery_method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">method_to_call</span>[<span class="ruby-regexp">%{find_from_(.*)}</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">gsub</span>(<span class="ruby-string">'_'</span>, <span class="ruby-string">' '</span>))
@@ -355,7 +359,7 @@ etc)</p>
<div class="method-heading">
<span class="method-name">find_from_advanced_fingerprinting</span><span
class="method-args">(target_uri)</span>
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -383,14 +387,18 @@ file across all versions of wordpress.</p>
<div class="method-source-code" id="find_from_advanced_fingerprinting-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 88</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_advanced_fingerprinting</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 94</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_advanced_fingerprinting</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/wp_versions.xml'</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">&quot;//file&quot;</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">wp_content</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-identifier">wp_plugins</span> = <span class="ruby-node">&quot;#{wp_content}/plugins&quot;</span>
<span class="ruby-identifier">file_url</span> = <span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'src'</span>).<span class="ruby-identifier">text</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">file_url</span> = <span class="ruby-identifier">file_url</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/\$wp-plugins\$/</span>, <span class="ruby-identifier">wp_plugins</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/\$wp-content\$/</span>, <span class="ruby-identifier">wp_content</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">file_url</span>)
<span class="ruby-identifier">md5sum</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
@@ -418,7 +426,7 @@ file across all versions of wordpress.</p>
<div class="method-heading">
<span class="method-name">find_from_meta_generator</span><span
class="method-args">(target_uri)</span>
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -435,8 +443,9 @@ upgrade.</p>
<div class="method-source-code" id="find_from_meta_generator-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 57</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_meta_generator</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_meta_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>)
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{name=&quot;generator&quot; content=&quot;wordpress ([^&quot;]+)&quot;}</span>, <span class="ruby-value">1</span>]
@@ -457,7 +466,7 @@ upgrade.</p>
<div class="method-heading">
<span class="method-name">find_from_readme</span><span
class="method-args">(target_uri)</span>
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -470,8 +479,9 @@ upgrade.</p>
<div class="method-source-code" id="find_from_readme-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 107</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_readme</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 117</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_readme</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.html&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{&lt;br /&gt;\sversion #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_readme-source -->
@@ -490,7 +500,7 @@ upgrade.</p>
<div class="method-heading">
<span class="method-name">find_from_rss_generator</span><span
class="method-args">(target_uri)</span>
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -503,8 +513,9 @@ upgrade.</p>
<div class="method-source-code" id="find_from_rss_generator-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 63</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rss_generator</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 68</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rss_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;feed/&quot;</span>).<span class="ruby-identifier">to_s</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>)
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;generator&gt;http://wordpress.org/\?v=([^&lt;]+)&lt;/generator&gt;}</span>, <span class="ruby-value">1</span>]
@@ -525,7 +536,7 @@ upgrade.</p>
<div class="method-heading">
<span class="method-name">find_from_sitemap_generator</span><span
class="method-args">(target_uri)</span>
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -539,8 +550,9 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
<div class="method-source-code" id="find_from_sitemap_generator-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 112</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_sitemap_generator</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 123</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_sitemap_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;sitemap.xml&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_sitemap_generator-source -->
@@ -573,7 +585,7 @@ one .</p>
<div class="method-source-code" id="version_pattern-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 117</span>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 129</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">version_pattern</span>
<span class="ruby-string">'(.*(?=.)(?=.*\d)(?=.*[.]).*)'</span>
<span class="ruby-keyword">end</span></pre>

24
doc/created.rid
View File

@@ -1,6 +1,6 @@
Sun, 16 Sep 2012 10:27:57 +0200
Sun, 16 Sep 2012 23:51:12 +0200
./CREDITS Thu, 13 Sep 2012 22:54:08 +0200
./lib/browser.rb Sat, 15 Sep 2012 08:03:56 +0200
./lib/browser.rb Sun, 16 Sep 2012 15:18:58 +0200
./lib/cache_file_store.rb Sat, 15 Sep 2012 08:04:03 +0200
./lib/common_helper.rb Sat, 15 Sep 2012 08:04:08 +0200
./lib/environment.rb Sat, 15 Sep 2012 08:04:16 +0200
@@ -14,22 +14,22 @@ Sun, 16 Sep 2012 10:27:57 +0200
./lib/wpscan/modules/web_site.rb Sat, 15 Sep 2012 08:01:06 +0200
./lib/wpscan/modules/wp_config_backup.rb Sat, 15 Sep 2012 08:01:11 +0200
./lib/wpscan/modules/wp_full_path_disclosure.rb Sat, 15 Sep 2012 08:01:17 +0200
./lib/wpscan/modules/wp_item.rb Sun, 16 Sep 2012 10:26:21 +0200
./lib/wpscan/modules/wp_item.rb Sun, 16 Sep 2012 16:42:37 +0200
./lib/wpscan/modules/wp_login_protection.rb Sun, 16 Sep 2012 10:26:51 +0200
./lib/wpscan/modules/wp_plugins.rb Sun, 16 Sep 2012 10:27:05 +0200
./lib/wpscan/modules/wp_plugins.rb Sun, 16 Sep 2012 12:02:47 +0200
./lib/wpscan/modules/wp_readme.rb Sat, 15 Sep 2012 08:01:52 +0200
./lib/wpscan/modules/wp_themes.rb Sun, 16 Sep 2012 10:27:17 +0200
./lib/wpscan/modules/wp_timthumbs.rb Sat, 15 Sep 2012 08:01:58 +0200
./lib/wpscan/modules/wp_themes.rb Sun, 16 Sep 2012 12:03:41 +0200
./lib/wpscan/modules/wp_timthumbs.rb Sun, 16 Sep 2012 23:27:21 +0200
./lib/wpscan/modules/wp_usernames.rb Sat, 15 Sep 2012 08:02:04 +0200
./lib/wpscan/msfrpc_client.rb Sat, 15 Sep 2012 08:02:28 +0200
./lib/wpscan/vulnerable.rb Sat, 15 Sep 2012 08:02:37 +0200
./lib/wpscan/wp_detector.rb Sun, 16 Sep 2012 10:25:30 +0200
./lib/wpscan/wp_enumerator.rb Sun, 16 Sep 2012 10:25:41 +0200
./lib/wpscan/wp_options.rb Sat, 15 Sep 2012 23:15:59 +0200
./lib/wpscan/wp_detector.rb Sun, 16 Sep 2012 12:45:39 +0200
./lib/wpscan/wp_enumerator.rb Sun, 16 Sep 2012 23:22:48 +0200
./lib/wpscan/wp_options.rb Sun, 16 Sep 2012 23:02:21 +0200
./lib/wpscan/wp_plugin.rb Sun, 16 Sep 2012 10:27:39 +0200
./lib/wpscan/wp_target.rb Sat, 15 Sep 2012 23:32:52 +0200
./lib/wpscan/wp_target.rb Sun, 16 Sep 2012 23:48:55 +0200
./lib/wpscan/wp_theme.rb Sun, 16 Sep 2012 10:27:45 +0200
./lib/wpscan/wp_version.rb Sat, 15 Sep 2012 08:03:04 +0200
./lib/wpscan/wp_version.rb Sun, 16 Sep 2012 23:48:18 +0200
./lib/wpscan/wp_vulnerability.rb Sat, 15 Sep 2012 08:03:09 +0200
./lib/wpscan/wpscan_helper.rb Sat, 15 Sep 2012 21:19:30 +0200
./lib/wpscan/wpscan_options.rb Sun, 16 Sep 2012 10:10:51 +0200
@@ -37,5 +37,5 @@ Sun, 16 Sep 2012 10:27:57 +0200
./lib/wpstools/parse_svn.rb Sat, 15 Sep 2012 23:36:25 +0200
./lib/wpstools/wpstools_helper.rb Sat, 15 Sep 2012 08:03:49 +0200
./README Thu, 13 Sep 2012 22:54:08 +0200
./wpscan.rb Sun, 16 Sep 2012 10:23:36 +0200
./wpscan.rb Sun, 16 Sep 2012 23:28:12 +0200
./wpstools.rb Sat, 15 Sep 2012 08:06:35 +0200

76
doc/index.html
View File

@@ -125,10 +125,10 @@
<li><a href="WpEnumerator.html#method-c-enumerate">::enumerate &mdash; WpEnumerator</a></li>
<li><a href="WpTheme.html#method-c-find">::find &mdash; WpTheme</a></li>
<li><a href="WpVersion.html#method-c-find">::find &mdash; WpVersion</a></li>
<li><a href="WpTheme.html#method-c-find">::find &mdash; WpTheme</a></li>
<li><a href="WpVersion.html#method-c-find_from_advanced_fingerprinting">::find_from_advanced_fingerprinting &mdash; WpVersion</a></li>
<li><a href="WpTheme.html#method-c-find_from_css_link">::find_from_css_link &mdash; WpTheme</a></li>
@@ -161,38 +161,36 @@
<li><a href="Malwares.html#method-c-malwares_file">::malwares_file &mdash; Malwares</a></li>
<li><a href="Exploit.html#method-c-new">::new &mdash; Exploit</a></li>
<li><a href="WpTarget.html#method-c-new">::new &mdash; WpTarget</a></li>
<li><a href="WpPlugin.html#method-c-new">::new &mdash; WpPlugin</a></li>
<li><a href="WpscanOptions.html#method-c-new">::new &mdash; WpscanOptions</a></li>
<li><a href="WpVersion.html#method-c-new">::new &mdash; WpVersion</a></li>
<li><a href="CacheFileStore.html#method-c-new">::new &mdash; CacheFileStore</a></li>
<li><a href="Updater.html#method-c-new">::new &mdash; Updater</a></li>
<li><a href="Generate_List.html#method-c-new">::new &mdash; Generate_List</a></li>
<li><a href="WpVulnerability.html#method-c-new">::new &mdash; WpVulnerability</a></li>
<li><a href="RpcClient.html#method-c-new">::new &mdash; RpcClient</a></li>
<li><a href="WpPlugin.html#method-c-new">::new &mdash; WpPlugin</a></li>
<li><a href="CacheFileStore.html#method-c-new">::new &mdash; CacheFileStore</a></li>
<li><a href="WpVersion.html#method-c-new">::new &mdash; WpVersion</a></li>
<li><a href="Generate_List.html#method-c-new">::new &mdash; Generate_List</a></li>
<li><a href="Updater.html#method-c-new">::new &mdash; Updater</a></li>
<li><a href="WpTheme.html#method-c-new">::new &mdash; WpTheme</a></li>
<li><a href="Svn_Parser.html#method-c-new">::new &mdash; Svn_Parser</a></li>
<li><a href="WpTarget.html#method-c-new">::new &mdash; WpTarget</a></li>
<li><a href="Exploit.html#method-c-new">::new &mdash; Exploit</a></li>
<li><a href="WpTheme.html#method-c-new">::new &mdash; WpTheme</a></li>
<li><a href="WpscanOptions.html#method-c-option_to_instance_variable_setter">::option_to_instance_variable_setter &mdash; WpscanOptions</a></li>
<li><a href="WpDetector.html#method-c-passive_detection">::passive_detection &mdash; WpDetector</a></li>
<li><a href="Browser.html#method-c-reset">::reset &mdash; Browser</a></li>
<li><a href="WpTimthumbs.html#method-c-timthumbs_file">::timthumbs_file &mdash; WpTimthumbs</a></li>
<li><a href="WpTarget.html#method-c-valid_response_codes">::valid_response_codes &mdash; WpTarget</a></li>
<li><a href="WpVersion.html#method-c-version_pattern">::version_pattern &mdash; WpVersion</a></li>
@@ -221,6 +219,8 @@
<li><a href="BruteForce.html#method-i-brute_force">#brute_force &mdash; BruteForce</a></li>
<li><a href="WpItem.html#method-i-changelog_url">#changelog_url &mdash; WpItem</a></li>
<li><a href="Exploit.html#method-i-choose_session">#choose_session &mdash; Exploit</a></li>
<li><a href="CacheFileStore.html#method-i-clean">#clean &mdash; CacheFileStore</a></li>
@@ -285,6 +285,8 @@
<li><a href="WpLoginProtection.html#method-i-has_bluetrait_event_viewer_protection-3F">#has_bluetrait_event_viewer_protection? &mdash; WpLoginProtection</a></li>
<li><a href="WpItem.html#method-i-has_changelog-3F">#has_changelog? &mdash; WpItem</a></li>
<li><a href="WpTarget.html#method-i-has_debug_log-3F">#has_debug_log? &mdash; WpTarget</a></li>
<li><a href="WpFullPathDisclosure.html#method-i-has_full_path_disclosure-3F">#has_full_path_disclosure? &mdash; WpFullPathDisclosure</a></li>
@@ -305,6 +307,8 @@
<li><a href="WpReadme.html#method-i-has_readme-3F">#has_readme? &mdash; WpReadme</a></li>
<li><a href="WpItem.html#method-i-has_readme-3F">#has_readme? &mdash; WpItem</a></li>
<li><a href="WpLoginProtection.html#method-i-has_simple_login_lockdown_protection-3F">#has_simple_login_lockdown_protection? &mdash; WpLoginProtection</a></li>
<li><a href="WpTimthumbs.html#method-i-has_timthumbs-3F">#has_timthumbs? &mdash; WpTimthumbs</a></li>
@@ -325,22 +329,22 @@
<li><a href="RpcClient.html#method-i-jobs">#jobs &mdash; RpcClient</a></li>
<li><a href="RpcClient.html#method-i-kill_session">#kill_session &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-kill_session">#kill_session &mdash; Exploit</a></li>
<li><a href="RpcClient.html#method-i-kill_session">#kill_session &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-last_session_id">#last_session_id &mdash; Exploit</a></li>
<li><a href="WpLoginProtection.html#method-i-limit_login_attempts_url">#limit_login_attempts_url &mdash; WpLoginProtection</a></li>
<li><a href="Browser.html#method-i-load_config">#load_config &mdash; Browser</a></li>
<li><a href="SvnUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; SvnUpdater</a></li>
<li><a href="GitUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; GitUpdater</a></li>
<li><a href="Updater.html#method-i-local_revision_number">#local_revision_number &mdash; Updater</a></li>
<li><a href="SvnUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; SvnUpdater</a></li>
<li><a href="WpItem.html#method-i-location_uri_from_file_url">#location_uri_from_file_url &mdash; WpItem</a></li>
<li><a href="RpcClient.html#method-i-login">#login &mdash; RpcClient</a></li>
@@ -361,10 +365,10 @@
<li><a href="Exploit.html#method-i-meterpreter_read">#meterpreter_read &mdash; Exploit</a></li>
<li><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write &mdash; Exploit</a></li>
<li><a href="RpcClient.html#method-i-meterpreter_write">#meterpreter_write &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write &mdash; Exploit</a></li>
<li><a href="Svn_Parser.html#method-i-parse">#parse &mdash; Svn_Parser</a></li>
<li><a href="WpPlugins.html#method-i-plugins_from_aggressive_detection">#plugins_from_aggressive_detection &mdash; WpPlugins</a></li>
@@ -379,15 +383,15 @@
<li><a href="CacheFileStore.html#method-i-read_entry">#read_entry &mdash; CacheFileStore</a></li>
<li><a href="Exploit.html#method-i-read_shell">#read_shell &mdash; Exploit</a></li>
<li><a href="RpcClient.html#method-i-read_shell">#read_shell &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-read_shell">#read_shell &mdash; Exploit</a></li>
<li><a href="WpReadme.html#method-i-readme_url">#readme_url &mdash; WpReadme</a></li>
<li><a href="WebSite.html#method-i-redirection">#redirection &mdash; WebSite</a></li>
<li><a href="WpItem.html#method-i-readme_url">#readme_url &mdash; WpItem</a></li>
<li><a href="Browser.html#method-i-replace_variables_in_url">#replace_variables_in_url &mdash; Browser</a></li>
<li><a href="WebSite.html#method-i-redirection">#redirection &mdash; WebSite</a></li>
<li><a href="GitUpdater.html#method-i-repo_directory_arguments">#repo_directory_arguments &mdash; GitUpdater</a></li>
@@ -419,20 +423,18 @@
<li><a href="WpTimthumbs.html#method-i-timthumbs">#timthumbs &mdash; WpTimthumbs</a></li>
<li><a href="WpTimthumbs.html#method-i-timthumbs_targets_url">#timthumbs_targets_url &mdash; WpTimthumbs</a></li>
<li><a href="WpscanOptions.html#method-i-to_h">#to_h &mdash; WpscanOptions</a></li>
<li><a href="WpItem.html#method-i-to_s">#to_s &mdash; WpItem</a></li>
<li><a href="WpTheme.html#method-i-to_s">#to_s &mdash; WpTheme</a></li>
<li><a href="WpItem.html#method-i-to_s">#to_s &mdash; WpItem</a></li>
<li><a href="Updater.html#method-i-update">#update &mdash; Updater</a></li>
<li><a href="GitUpdater.html#method-i-update">#update &mdash; GitUpdater</a></li>
<li><a href="SvnUpdater.html#method-i-update">#update &mdash; SvnUpdater</a></li>
<li><a href="GitUpdater.html#method-i-update">#update &mdash; GitUpdater</a></li>
<li><a href="WpTarget.html#method-i-url">#url &mdash; WpTarget</a></li>
<li><a href="WpscanOptions.html#method-i-url-3D">#url= &mdash; WpscanOptions</a></li>
@@ -459,10 +461,10 @@
<li><a href="CacheFileStore.html#method-i-write_entry">#write_entry &mdash; CacheFileStore</a></li>
<li><a href="RpcClient.html#method-i-write_shell">#write_shell &mdash; RpcClient</a></li>
<li><a href="Exploit.html#method-i-write_shell">#write_shell &mdash; Exploit</a></li>
<li><a href="RpcClient.html#method-i-write_shell">#write_shell &mdash; RpcClient</a></li>
<li><a href="WebSite.html#method-i-xmlrpc_url">#xmlrpc_url &mdash; WebSite</a></li>
</ul>

2
doc/lib/browser_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-15 08:03:56 +0200</dd>
<dd class="modified-date">2012-09-16 15:18:58 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/modules/wp_item_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-16 10:26:21 +0200</dd>
<dd class="modified-date">2012-09-16 16:42:37 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/modules/wp_plugins_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-16 10:27:05 +0200</dd>
<dd class="modified-date">2012-09-16 12:02:47 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/modules/wp_timthumbs_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-15 08:01:58 +0200</dd>
<dd class="modified-date">2012-09-16 23:27:21 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_detector_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-16 10:25:30 +0200</dd>
<dd class="modified-date">2012-09-16 12:45:39 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_enumerator_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-16 10:25:41 +0200</dd>
<dd class="modified-date">2012-09-16 23:22:48 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_options_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-15 23:15:59 +0200</dd>
<dd class="modified-date">2012-09-16 23:02:21 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_target_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-15 23:32:52 +0200</dd>
<dd class="modified-date">2012-09-16 23:48:55 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_version_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-15 08:03:04 +0200</dd>
<dd class="modified-date">2012-09-16 23:48:18 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/wpscan_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-16 10:23:36 +0200</dd>
<dd class="modified-date">2012-09-16 23:28:12 +0200</dd>
<dt class="requires">Requires</dt>