Ref #177 Passive detection of specific plugins (Dirty work)
This commit is contained in:
erwanlr
@@ -6,4 +6,9 @@ require 'common/collections/wp_items/output'
|
|||||||
class WpItems < Array
|
class WpItems < Array
|
||||||
extend WpItems::Detectable
|
extend WpItems::Detectable
|
||||||
include WpItems::Output
|
include WpItems::Output
|
||||||
|
|
||||||
|
def +(other)
|
||||||
|
other.each { |item| self << item }
|
||||||
|
self
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -74,11 +74,7 @@ class WpItems < Array
|
|||||||
item_class = self.item_class
|
item_class = self.item_class
|
||||||
type = self.to_s.gsub(/Wp/, '').downcase
|
type = self.to_s.gsub(/Wp/, '').downcase
|
||||||
response = Browser.get(wp_target.url)
|
response = Browser.get(wp_target.url)
|
||||||
item_options = {
|
item_options = self.item_options(wp_target)
|
||||||
wp_content_dir: wp_target.wp_content_dir,
|
|
||||||
wp_plugins_dir: wp_target.wp_plugins_dir,
|
|
||||||
vulns_file: self.vulns_file
|
|
||||||
}
|
|
||||||
|
|
||||||
regex1 = %r{(?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\\?/}
|
regex1 = %r{(?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\\?/}
|
||||||
regex2 = %r{\\?/}
|
regex2 = %r{\\?/}
|
||||||
@@ -96,6 +92,16 @@ class WpItems < Array
|
|||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
|
# @param [ WpTarget ] wp_target
|
||||||
|
#
|
||||||
|
# @return [ Hash ]
|
||||||
|
def item_options(wp_target)
|
||||||
|
{
|
||||||
|
wp_content_dir: wp_target.wp_content_dir,
|
||||||
|
wp_plugins_dir: wp_target.wp_plugins_dir,
|
||||||
|
vulns_file: self.vulns_file
|
||||||
|
}
|
||||||
|
end
|
||||||
# The default request parameters
|
# The default request parameters
|
||||||
#
|
#
|
||||||
# @return [ Hash ]
|
# @return [ Hash ]
|
||||||
|
|||||||
@@ -13,5 +13,62 @@ class WpPlugins < WpItems
|
|||||||
'//plugin'
|
'//plugin'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# @param [ WpTarget ] wp_target
|
||||||
|
# @param [ Hash ] options
|
||||||
|
#
|
||||||
|
# @return [ WpPlugins ]
|
||||||
|
def passive_detection(wp_target, options = {})
|
||||||
|
detected = super(wp_target, options)
|
||||||
|
|
||||||
|
detected += from_header(wp_target)
|
||||||
|
detected += from_content(wp_target)
|
||||||
|
|
||||||
|
detected.sort.uniq!
|
||||||
|
detected
|
||||||
|
end
|
||||||
|
|
||||||
|
protected
|
||||||
|
|
||||||
|
# X-Powered-By: W3 Total Cache/0.9.2.5
|
||||||
|
# @param [ Typhoeus::Response ] response
|
||||||
|
#
|
||||||
|
# @return [ WpPlugins ]
|
||||||
|
def from_header(wp_target)
|
||||||
|
wp_plugins = WpPlugins.new
|
||||||
|
response = Browser.get(wp_target.url)
|
||||||
|
|
||||||
|
if response.headers && powered_by = response.headers[:x_powered_by]
|
||||||
|
if powered_by =~ /W3 Total Cache\/([^0-9.]+)/i
|
||||||
|
wp_plugins << WpPlugin.new(
|
||||||
|
wp_target.uri,
|
||||||
|
self.item_options(wp_target).merge(name: 'w3-total-cache', version: $1)
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
wp_plugins
|
||||||
|
end
|
||||||
|
|
||||||
|
# <!-- Cached page generated by WP-Super-Cache on 2013-05-03 14:46:37 -->
|
||||||
|
# <!-- Performance optimized by W3 Total Cache.
|
||||||
|
# @param [ Typhoeus::Response ] response
|
||||||
|
#
|
||||||
|
# @return [ WpPlugins ]
|
||||||
|
def from_content(wp_target)
|
||||||
|
body = Browser.get(wp_target.url).body
|
||||||
|
wp_plugins = WpPlugins.new
|
||||||
|
options = self.item_options(wp_target)
|
||||||
|
|
||||||
|
if body =~ /wp-super-cache/i
|
||||||
|
wp_plugins << WpPlugin.new(wp_target.uri, options.merge(name: 'wp-super-cache'))
|
||||||
|
end
|
||||||
|
|
||||||
|
if body =~ /w3 total cache/i
|
||||||
|
wp_plugins << WpPlugin.new(wp_target.uri, options.merge(name: 'w3-total-cache'))
|
||||||
|
end
|
||||||
|
|
||||||
|
wp_plugins.uniq!
|
||||||
|
wp_plugins
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user