garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #103 from FireFart/xml

Browse Source 
Xml
This commit is contained in:
Ryan Dewhurst
2013-01-10 01:50:09 -08:00
parent 320e419518 5f0b96f3e9
commit 8726cba0b9
70 changed files with 858 additions and 2904 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
data/plugin_vulns.xml
View File

@@ -37,6 +37,7 @@ ryandewhurst at gmail
<vulnerability>
<title>Google Document Embedder Arbitrary File Disclosure</title>
<reference>http://www.exploit-db.com/exploits/23970/</reference>
<reference>http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/</reference>
<type>UNKNOWN</type>
</vulnerability>
</plugin>

803
data/plugins.txt
View File

File diff suppressed because it is too large Load Diff

0
data/wp_theme_vulns.xml → data/theme_vulns.xml
View File

24
doc/Browser.html
View File

@@ -289,7 +289,7 @@
<div class="method-source-code" id="instance-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 61</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">@@instance</span>
<span class="ruby-identifier">@@instance</span> = <span class="ruby-identifier">new</span>(<span class="ruby-identifier">options</span>)
@@ -322,7 +322,7 @@
<div class="method-source-code" id="reset-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 68</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 67</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">reset</span>
<span class="ruby-identifier">@@instance</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
@@ -358,7 +358,7 @@
<div class="method-source-code" id="forge_request-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 168</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 167</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-constant">Typhoeus</span><span class="ruby-operator">::</span><span class="ruby-constant">Request</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">url</span>.<span class="ruby-identifier">to_s</span>,
@@ -391,7 +391,7 @@
<div class="method-source-code" id="get-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 156</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 155</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-identifier">run_request</span>(
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:get</span>))
@@ -426,7 +426,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="load_config-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 128</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 127</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">load_config</span>(<span class="ruby-identifier">config_file</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-ivar">@config_file</span> = <span class="ruby-identifier">config_file</span> <span class="ruby-operator">||</span> <span class="ruby-ivar">@config_file</span>
@@ -464,7 +464,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="max_threads-3D-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 97</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 96</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">max_threads=</span>(<span class="ruby-identifier">max_threads</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">max_threads</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">max_threads</span> <span class="ruby-operator">&lt;=</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">max_threads</span> = <span class="ruby-value">1</span>
@@ -497,7 +497,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="merge_request_params-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 175</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 174</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@proxy</span>
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:proxy</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@proxy</span>)
@@ -562,7 +562,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="post-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 162</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 161</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">post</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-identifier">run_request</span>(
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:post</span>))
@@ -594,7 +594,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="proxy_auth-3D-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 104</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 103</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">proxy_auth=</span>(<span class="ruby-identifier">auth</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">auth</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">auth</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Hash</span>)
@@ -639,7 +639,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="raise_invalid_proxy_format-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 123</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 122</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">raise_invalid_proxy_format</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">&quot;Invalid proxy auth format, expected username:password or {:proxy_username =&gt; username, :proxy_password =&gt; password}&quot;</span>
<span class="ruby-keyword">end</span></pre>
@@ -669,7 +669,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="user_agent-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 85</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 84</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@user_agent_mode</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;semi-static&quot;</span>
@@ -707,7 +707,7 @@ browser object, hydra will not have the new @max_threads and
<div class="method-source-code" id="user_agent_mode-3D-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 72</span>
<pre><span class="ruby-comment"># File lib/browser.rb, line 71</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent_mode=</span>(<span class="ruby-identifier">ua_mode</span>)
<span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">||=</span> <span class="ruby-string">&quot;static&quot;</span>

37
doc/BruteForce.html
View File

@@ -213,7 +213,7 @@ on large wordlists, although bareable.</p>
<div class="method-source-code" id="lines_in_file-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 114</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 117</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">lines_in_file</span>(<span class="ruby-identifier">file_path</span>)
<span class="ruby-identifier">lines</span> = <span class="ruby-value">0</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file_path</span>, <span class="ruby-string">'r'</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">||</span> <span class="ruby-identifier">lines</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span> }
@@ -239,24 +239,27 @@ on large wordlists, although bareable.</p>
<div class="method-heading">
<span class="method-name">brute_force</span><span
class="method-args">(logins, wordlist_path)</span>
class="method-args">(logins, wordlist_path, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param array of string logins param string wordlist_path</p>
<p>param array of string logins param string wordlist_path param hash options</p>
<pre>boolean :show_progression If true, will output the details (Sucess, error etc)</pre>
<div class="method-source-code" id="brute_force-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">brute_force</span>(<span class="ruby-identifier">logins</span>, <span class="ruby-identifier">wordlist_path</span>)
<pre><span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">brute_force</span>(<span class="ruby-identifier">logins</span>, <span class="ruby-identifier">wordlist_path</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">hydra</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">number_of_passwords</span> = <span class="ruby-constant">BruteForce</span>.<span class="ruby-identifier">lines_in_file</span>(<span class="ruby-identifier">wordlist_path</span>)
<span class="ruby-identifier">login_url</span> = <span class="ruby-identifier">login_url</span>()
<span class="ruby-identifier">found</span> = []
<span class="ruby-identifier">show_progression</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progression</span>] <span class="ruby-operator">||</span> <span class="ruby-keyword">false</span>
<span class="ruby-identifier">logins</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">login</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
@@ -273,7 +276,7 @@ on large wordlists, although bareable.</p>
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-comment"># create local vars for on_complete call back, Issue 51.</span>
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">login</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">!=</span> <span class="ruby-string">'empty'</span> <span class="ruby-operator">?</span> <span class="ruby-identifier">login</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">login</span>.<span class="ruby-identifier">nickname</span> <span class="ruby-comment"># Issue #66 </span>
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">login</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">!=</span> <span class="ruby-string">'empty'</span> <span class="ruby-operator">?</span> <span class="ruby-identifier">login</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">login</span>.<span class="ruby-identifier">nickname</span> <span class="ruby-comment"># Issue #66</span>
<span class="ruby-identifier">password</span> = <span class="ruby-identifier">password</span>
<span class="ruby-comment"># the request object</span>
@@ -293,23 +296,23 @@ on large wordlists, although bareable.</p>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rlogin_error/</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\nIncorrect username and/or password.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">green</span>(<span class="ruby-string">&quot;[SUCCESS]&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; Username : #{username} Password : #{password}\n&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">green</span>(<span class="ruby-string">&quot;[SUCCESS]&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; Username : #{username} Password : #{password}\n&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> { <span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">username</span>, <span class="ruby-value">:password</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">password</span> }
<span class="ruby-identifier">password_found</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">timed_out?</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; Request timed out.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; Request timed out.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; No response from remote server. WAF/IPS?&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; No response from remote server. WAF/IPS?&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-comment"># code is a fixnum, needs a string for regex</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r^50/</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; Server error, try reducing the number of threads.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot; Server error, try reducing the number of threads.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n&quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; We recieved an unknown response for #{password}...&quot;</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;Code: #{response.code.to_s}&quot;</span>)
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;Body: #{response.body}&quot;</span>)
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n&quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">&quot;ERROR:&quot;</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; We recieved an unknown response for #{password}...&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-comment"># ugly method to get the coverage :/ (otherwise some output is present in the rspec)</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;Code: #{response.code.to_s}&quot;</span>) <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;Body: #{response.body}&quot;</span>) <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">puts</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
@@ -320,7 +323,7 @@ on large wordlists, although bareable.</p>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-comment"># progress indicator</span>
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\r Brute forcing user '#{username}' with #{number_of_passwords} passwords... #{(request_count * 100) / number_of_passwords}% complete.&quot;</span>
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\r Brute forcing user '#{username}' with #{number_of_passwords} passwords... #{(request_count * 100) / number_of_passwords}% complete.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-comment"># it can take a long time to queue 2 million requests,</span>
<span class="ruby-comment"># for that reason, we queue @threads, send @threads, queue @threads and so on.</span>

2
doc/CREDITS.html
View File

@@ -160,7 +160,7 @@ potential solutions to bugs. Callum Pember - Implemented proxy support -
callumpember at gmail.com g0tmi1k - Additional timthumb checks + bug
reports. Melvin Lammerts - Reported a couple of fake vulnerabilities -
melvin at 12k.nl Christian Mehlmauer - @<em>FireFart</em> - Theme
enumeration</p>
enumeration Paolo Perego - @thesp0nge - Basic authentification</p>
</div>

12
doc/Gemfile.html
View File

@@ -145,8 +145,16 @@
<p>source “<a href="https://rubygems.org">rubygems.org</a></p>
<p>gem “typhoeus”, “0.4.2” gem “rspec”, :require =&gt; “spec” gem “nokogiri”
gem “json” gem “webmock”, “1.8.11” gem “simplecov”</p>
<p>gem “typhoeus”, “0.4.2” gem “nokogiri” gem “json”</p>
<p>group :development, :test do</p>
<pre class="ruby"><span class="ruby-identifier">gem</span> <span class="ruby-string">&quot;webmock&quot;</span>, <span class="ruby-string">&quot;1.8.11&quot;</span>
<span class="ruby-identifier">gem</span> <span class="ruby-string">&quot;simplecov&quot;</span>
<span class="ruby-identifier">gem</span> <span class="ruby-string">&quot;rspec&quot;</span>, :<span class="ruby-identifier">require</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;spec&quot;</span>
</pre>
<p>end</p>
</div>

5
doc/Object.html
View File

@@ -539,9 +539,10 @@
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--wp-content-dir &lt;wp content dir&gt; WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--wp-plugins-dir &lt;wp plugins dir&gt; Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json).&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--proxy &lt;[protocol://]host:port&gt; Supply a proxy (will override the one from conf/browser.conf.json).&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot; HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--proxy-auth Supply the proxy login credentials in the format username:password (will override the one from conf/browser.conf.json).&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--proxy-auth &lt;username:password&gt; Supply the proxy login credentials (will override the one from conf/browser.conf.json).&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--basic-auth &lt;username:password&gt; Set the HTTP Basic authentification&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter and do the brute.&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--threads | -t &lt;number of threads&gt; The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;--username | -U &lt;username&gt; Only brute force the supplied username.&quot;</span>

31
doc/README.html
View File

@@ -193,23 +193,23 @@ href="http://www.gnu.org/licenses/">www.gnu.org/licenses/</a>&gt;.</p>
<span class="ruby-operator">-</span><span class="ruby-operator">&gt;</span> <span class="ruby-constant">Installing</span> <span class="ruby-identifier">on</span> <span class="ruby-constant">Debian</span><span class="ruby-operator">/</span><span class="ruby-constant">Ubuntu</span><span class="ruby-operator">:</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">apt</span><span class="ruby-operator">-</span><span class="ruby-identifier">get</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">libcurl4</span><span class="ruby-operator">-</span><span class="ruby-identifier">gnutls</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libopenssl</span><span class="ruby-operator">-</span><span class="ruby-identifier">ruby</span> <span class="ruby-identifier">libxml2</span> <span class="ruby-identifier">libxml2</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libxslt1</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">apt</span><span class="ruby-operator">-</span><span class="ruby-identifier">get</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">libcurl4</span><span class="ruby-operator">-</span><span class="ruby-identifier">gnutls</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libopenssl</span><span class="ruby-operator">-</span><span class="ruby-identifier">ruby</span> <span class="ruby-identifier">libxml2</span> <span class="ruby-identifier">libxml2</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libxslt1</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">ruby</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span>
<span class="ruby-identifier">git</span> <span class="ruby-identifier">clone</span> <span class="ruby-identifier">https</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rgithub.com/</span><span class="ruby-identifier">wpscanteam</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">git</span>
<span class="ruby-identifier">cd</span> <span class="ruby-identifier">wpscan</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">without</span> <span class="ruby-identifier">test</span> <span class="ruby-identifier">development</span>
<span class="ruby-operator">-</span><span class="ruby-operator">&gt;</span> <span class="ruby-constant">Installing</span> <span class="ruby-identifier">on</span> <span class="ruby-constant">Fedora</span><span class="ruby-operator">:</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">yum</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">libcurl</span><span class="ruby-operator">-</span><span class="ruby-identifier">devel</span>
<span class="ruby-identifier">git</span> <span class="ruby-identifier">clone</span> <span class="ruby-identifier">https</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rgithub.com/</span><span class="ruby-identifier">wpscanteam</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">git</span>
<span class="ruby-identifier">cd</span> <span class="ruby-identifier">wpscan</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">without</span> <span class="ruby-identifier">test</span> <span class="ruby-identifier">development</span>
<span class="ruby-operator">-</span><span class="ruby-operator">&gt;</span> <span class="ruby-constant">Installing</span> <span class="ruby-identifier">on</span> <span class="ruby-constant">Mac</span> <span class="ruby-constant">OS</span> <span class="ruby-constant">X</span><span class="ruby-operator">:</span>
<span class="ruby-identifier">git</span> <span class="ruby-identifier">clone</span> <span class="ruby-identifier">https</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rgithub.com/</span><span class="ruby-identifier">wpscanteam</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">git</span>
<span class="ruby-identifier">cd</span> <span class="ruby-identifier">wpscan</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">without</span> <span class="ruby-identifier">test</span> <span class="ruby-identifier">development</span>
</pre>
<h2 id="label-KNOWN+ISSUES%3D%3D">KNOWN ISSUES==</h2>
@@ -286,13 +286,15 @@ specified it. Subdirectories are allowed</p>
for the plugins directory. If not supplied, WPScan will use
wp-content-dir/plugins. Subdirectories are allowed</p>
<p>proxy Supply a proxy in the format host:port or protocol://host:port
(will override the one from conf/browser.conf.json). HTTP, SOCKS4 SOCKS4A
and SOCKS5 are supported. If no protocol is given (format host:port), HTTP
will be used</p>
<p>proxy &lt;[protocol://]host:port&gt; Supply a proxy (will override the
one from conf/browser.conf.json).</p>
<p>proxy-auth Supply the proxy login credentials in the format
username:password (will override the one from conf/browser.conf.json).</p>
<pre>HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used</pre>
<p>proxy-auth &lt;username:password&gt; Supply the proxy login credentials
(will override the one from conf/browser.conf.json).</p>
<p>basic-auth &lt;username:password&gt; Set the HTTP Basic authentification</p>
<p>wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter
and do the brute.</p>
@@ -331,7 +333,9 @@ conf/browser.conf.json)</p>
| -u Update to the latest revision. generate_plugin_list [number of
pages] Generate a new data/plugins.txt file. (supply number of
<strong>pages</strong> to parse, default : 150) gpl Alias for
generate_plugin_list</p>
generate_plugin_list check-local-vulnerable-files | clvf &lt;local
directory&gt; Perform a recursive scan in the &lt;local directory&gt; to
find vulnerable files or shells</p>
<h2 id="label-WPSTOOLS+EXAMPLES%3D%3D">WPSTOOLS EXAMPLES==</h2>
<ul><li>
@@ -339,6 +343,11 @@ pages] Generate a new data/plugins.txt file. (supply number of
</li></ul>
<p>ruby wpstools.rb generate_plugin_list 150</p>
<ul><li>
<p>Locally scan a wordpress installation for vulnerable files or shells :</p>
</li></ul>
<p>ruby wpstools.rb check-local-vulnerable-files /var/www/wordpress/</p>
<h3 id="label-PROJECT+HOME%3D%3D%3D">PROJECT HOME===</h3>

2
doc/Vulnerable.html
View File

@@ -261,7 +261,7 @@ be empty)</p>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-ivar">@vulns_xpath</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">vulnerabilities</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpVulnerability</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;title&quot;</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;reference&quot;</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;reference&quot;</span>).<span class="ruby-identifier">map</span>(&amp;<span class="ruby-value">:text</span>),
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">&quot;type&quot;</span>).<span class="ruby-identifier">text</span>
)
<span class="ruby-keyword">end</span>

267
doc/WebSite.html
View File

@@ -64,16 +64,24 @@
<ul class="link-list">
<li><a href="#method-c-page_hash">::page_hash</a>
<li><a href="#method-i-error_404_hash">#error_404_hash</a>
<li><a href="#method-i-has_basic_auth-3F">#has_basic_auth?</a>
<li><a href="#method-i-has_xml_rpc-3F">#has_xml_rpc?</a>
<li><a href="#method-i-is_online-3F">#is_online?</a>
<li><a href="#method-i-homepage_hash">#homepage_hash</a>
<li><a href="#method-i-is_wordpress-3F">#is_wordpress?</a>
<li><a href="#method-i-online-3F">#online?</a>
<li><a href="#method-i-redirection">#redirection</a>
<li><a href="#method-i-rss_url">#rss_url</a>
<li><a href="#method-i-wordpress-3F">#wordpress?</a>
<li><a href="#method-i-xml_rpc_url">#xml_rpc_url</a>
</ul>
@@ -200,10 +208,80 @@
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-page_hash" class="method-detail ">
<div class="method-heading">
<span class="method-name">page_hash</span><span
class="method-args">(url)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Return the MD5 hash of the page given by url</p>
<div class="method-source-code" id="page_hash-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 88</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">page_hash</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>).<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- page_hash-source -->
</div>
</div><!-- page_hash-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-error_404_hash" class="method-detail ">
<div class="method-heading">
<span class="method-name">error_404_hash</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Return the MD5 hash of a 404 page</p>
<div class="method-source-code" id="error_404_hash-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 100</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_404_hash</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@error_404_hash</span>
<span class="ruby-identifier">non_existant_page</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">rand</span>(<span class="ruby-value">9999999999</span>).<span class="ruby-identifier">to_s</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot;.html&quot;</span>
<span class="ruby-ivar">@error_404_hash</span> = <span class="ruby-constant">WebSite</span>.<span class="ruby-identifier">page_hash</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">non_existant_page</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@error_404_hash</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_404_hash-source -->
</div>
</div><!-- error_404_hash-method -->
<div id="method-i-has_basic_auth-3F" class="method-detail ">
<div class="method-heading">
@@ -220,7 +298,7 @@
<div class="method-source-code" id="has_basic_auth-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 69</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 26</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_basic_auth?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">401</span>
<span class="ruby-keyword">end</span></pre>
@@ -250,7 +328,7 @@
<div class="method-source-code" id="has_xml_rpc-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 60</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 56</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_xml_rpc?</span>
<span class="ruby-operator">!</span><span class="ruby-identifier">xml_rpc_url</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-keyword">end</span></pre>
@@ -264,10 +342,43 @@
</div><!-- has_xml_rpc-3F-method -->
<div id="method-i-is_online-3F" class="method-detail ">
<div id="method-i-homepage_hash" class="method-detail ">
<div class="method-heading">
<span class="method-name">is_online?</span><span
<span class="method-name">homepage_hash</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="homepage_hash-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 92</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">homepage_hash</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@homepage_hash</span>
<span class="ruby-ivar">@homepage_hash</span> = <span class="ruby-constant">WebSite</span>.<span class="ruby-identifier">page_hash</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@homepage_hash</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- homepage_hash-source -->
</div>
</div><!-- homepage_hash-method -->
<div id="method-i-online-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">online?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -279,69 +390,19 @@
<div class="method-source-code" id="is_online-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 65</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_online?</span>
<div class="method-source-code" id="online-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 22</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">online?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_online-3F-source -->
</div><!-- online-3F-source -->
</div>
</div><!-- is_online-3F-method -->
<div id="method-i-is_wordpress-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">is_wordpress?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>check if the remote website is actually running wordpress.</p>
<div class="method-source-code" id="is_wordpress-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_wordpress?</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
<span class="ruby-identifier">login_url</span>(),
{<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>}
)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{WordPress}</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
<span class="ruby-identifier">xml_rpc_url</span>,
{<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>}
)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{XML-RPC server accepts POST requests only}</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">wordpress</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_wordpress-3F-source -->
</div>
</div><!-- is_wordpress-3F-method -->
</div><!-- online-3F-method -->
<div id="method-i-redirection" class="method-detail ">
@@ -383,6 +444,88 @@ redirection or nil</p>
</div><!-- redirection-method -->
<div id="method-i-rss_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">rss_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Will try to find the rss url in the homepage Only the first one found iw
returned</p>
<div class="method-source-code" id="rss_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 110</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">rss_url</span>
<span class="ruby-identifier">homepage_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">homepage_body</span>[<span class="ruby-regexp">%r{&lt;link .* type=&quot;application/rss\+xml&quot; .* href=&quot;([^&quot;]+)&quot; /&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- rss_url-source -->
</div>
</div><!-- rss_url-method -->
<div id="method-i-wordpress-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">wordpress?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>check if the remote website is actually running wordpress.</p>
<div class="method-source-code" id="wordpress-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 32</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wordpress?</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
<span class="ruby-identifier">login_url</span>(),
{<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>}
)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{WordPress}</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
<span class="ruby-identifier">xml_rpc_url</span>,
{<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>}
)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{XML-RPC server accepts POST requests only}</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">wordpress</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wordpress-3F-source -->
</div>
</div><!-- wordpress-3F-method -->
<div id="method-i-xml_rpc_url" class="method-detail ">
<div class="method-heading">
@@ -399,7 +542,7 @@ redirection or nil</p>
<div class="method-source-code" id="xml_rpc_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 47</span>
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">xml_rpc_url</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@xmlrpc_url</span>
<span class="ruby-identifier">headers</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">headers_hash</span>

10
doc/WpEnumerator.html
View File

@@ -234,7 +234,7 @@
</li><li>
<p><code>filename</code> - filename in the data directory with paths</p>
</li><li>
<p><code>show_progress_bar</code> - Show a progress bar during enumeration</p>
<p><code>show_progression</code> - Show a progress bar during enumeration</p>
</li></ul>
@@ -260,6 +260,7 @@
<span class="ruby-identifier">enum_hydra</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">enumerate_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">exclude_regexp</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:exclude_content_based</span>] <span class="ruby-operator">?</span> <span class="ruby-node">%r{#{options[:exclude_content_based]}}</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">show_progression</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progression</span>] <span class="ruby-operator">||</span> <span class="ruby-keyword">false</span>
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_full_url</span>
@@ -268,11 +269,12 @@
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">page_hash</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\rChecking for #{enumerate_size} total #{options[:type]}... #{(request_count * 100) / enumerate_size}% complete.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progress_bar</span>]
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\rChecking for #{enumerate_size} total #{options[:type]}... #{(request_count * 100) / enumerate_size}% complete.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">WpTarget</span>.<span class="ruby-identifier">valid_response_codes</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>)
<span class="ruby-keyword">if</span> <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>) <span class="ruby-operator">!=</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>]
<span class="ruby-keyword">if</span> <span class="ruby-identifier">page_hash</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>] <span class="ruby-keyword">and</span> <span class="ruby-identifier">page_hash</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:homepage_hash</span>]
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:exclude_content_based</span>]
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-identifier">exclude_regexp</span>]
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">target</span>
@@ -328,7 +330,7 @@
<div class="method-source-code" id="generate_items-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_enumerator.rb, line 91</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_enumerator.rb, line 93</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">generate_items</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">only_vulnerable</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>]
<span class="ruby-identifier">file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>]

4
doc/WpOptions.html
View File

@@ -198,7 +198,7 @@
</li><li>
<p><code>wp_content_dir</code> - Name of the wp-content directory</p>
</li><li>
<p><code>show_progress_bar</code> - Show a progress bar during enumeration</p>
<p><code>show_progression</code> - Show a progress bar during enumeration</p>
</li><li>
<p><code>error_404_hash</code> - MD5 hash of a 404 page</p>
</li><li>
@@ -250,7 +250,7 @@
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xpath must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_xpath_2 must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;show_progress_bar must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progress_bar</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;show_progression must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progression</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;error_404_hash must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;type must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>

72
doc/WpTarget.html
View File

@@ -128,8 +128,6 @@
<li><a href="#method-i-debug_log_url">#debug_log_url</a>
<li><a href="#method-i-error_404_hash">#error_404_hash</a>
<li><a href="#method-i-has_debug_log-3F">#has_debug_log?</a>
<li><a href="#method-i-is_multisite-3F">#is_multisite?</a>
@@ -333,7 +331,7 @@
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 36</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">target_url</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-ivar">@uri</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">add_http_protocol</span>(<span class="ruby-identifier">target_url</span>)))
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:verbose</span>]
@@ -369,7 +367,7 @@
<div class="method-source-code" id="valid_response_codes-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 77</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 62</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">valid_response_codes</span>
[<span class="ruby-value">200</span>, <span class="ruby-value">301</span>, <span class="ruby-value">302</span>, <span class="ruby-value">401</span>, <span class="ruby-value">403</span>, <span class="ruby-value">500</span>]
<span class="ruby-keyword">end</span></pre>
@@ -405,7 +403,7 @@
<div class="method-source-code" id="debug_log_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 124</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 109</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">debug_log_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;#{wp_content_dir()}/debug.log&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
@@ -419,44 +417,6 @@
</div><!-- debug_log_url-method -->
<div id="method-i-error_404_hash" class="method-detail ">
<div class="method-heading">
<span class="method-name">error_404_hash</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Return the MD5 hash of a 404 page</p>
<div class="method-source-code" id="error_404_hash-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 64</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_404_hash</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@error_404_hash</span>
<span class="ruby-identifier">non_existant_page</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">rand</span>(<span class="ruby-value">9999999999</span>).<span class="ruby-identifier">to_s</span>) <span class="ruby-operator">+</span> <span class="ruby-string">&quot;.html&quot;</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">non_existant_page</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-ivar">@error_404_hash</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@error_404_hash</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_404_hash-source -->
</div>
</div><!-- error_404_hash-method -->
<div id="method-i-has_debug_log-3F" class="method-detail ">
<div class="method-heading">
@@ -473,7 +433,7 @@
<div class="method-source-code" id="has_debug_log-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 118</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 103</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_debug_log?</span>
<span class="ruby-comment"># We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)</span>
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">debug_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-string">&quot;range&quot;</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;bytes=0-700&quot;</span>}).<span class="ruby-identifier">body</span>
@@ -505,7 +465,7 @@
<div class="method-source-code" id="is_multisite-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 163</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 148</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_multisite?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@multisite</span>
<span class="ruby-comment"># when multi site, there is no redirection or a redirect to the site itself</span>
@@ -550,7 +510,7 @@
<div class="method-source-code" id="login_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 51</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">login_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-login.php&quot;</span>).<span class="ruby-identifier">to_s</span>
@@ -588,7 +548,7 @@
<div class="method-source-code" id="registration_enabled-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 141</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 126</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">registration_enabled?</span>
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">registration_url</span>)
<span class="ruby-comment"># redirect only on non multi sites</span>
@@ -632,7 +592,7 @@
<div class="method-source-code" id="registration_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 159</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 144</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">registration_url</span>
<span class="ruby-identifier">is_multisite?</span> <span class="ruby-operator">?</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-signup.php&quot;</span>) <span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;wp-login.php?action=register&quot;</span>)
<span class="ruby-keyword">end</span></pre>
@@ -662,7 +622,7 @@
<div class="method-source-code" id="search_replace_db_2_exists-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 135</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 120</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">search_replace_db_2_exists?</span>
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">search_replace_db_2_url</span>)
<span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%r{by interconnect}</span>]
@@ -695,7 +655,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"
<div class="method-source-code" id="search_replace_db_2_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 131</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 116</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">search_replace_db_2_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;searchreplacedb2.php&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
@@ -725,7 +685,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"
<div class="method-source-code" id="theme-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 82</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 67</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">theme</span>
<span class="ruby-constant">WpTheme</span>.<span class="ruby-identifier">find</span>(<span class="ruby-ivar">@uri</span>)
<span class="ruby-keyword">end</span></pre>
@@ -755,7 +715,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"
<div class="method-source-code" id="url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 47</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 45</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
@@ -785,7 +745,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"
<div class="method-source-code" id="version-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 87</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 72</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
<span class="ruby-constant">WpVersion</span>.<span class="ruby-identifier">find</span>(<span class="ruby-ivar">@uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-keyword">end</span></pre>
@@ -815,7 +775,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"
<div class="method-source-code" id="wp_content_dir-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 91</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 76</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_content_dir</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-identifier">index_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
@@ -857,7 +817,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"
<div class="method-source-code" id="wp_plugins_dir-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 107</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 92</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_plugins_dir</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-node">&quot;#{wp_content_dir}/plugins&quot;</span>
@@ -890,7 +850,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"
<div class="method-source-code" id="wp_plugins_dir_exists-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 114</span>
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 99</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir_exists?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">wp_plugins_dir</span>)).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">404</span>
<span class="ruby-keyword">end</span></pre>

2
doc/WpTheme.html
View File

@@ -295,7 +295,7 @@
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/wp_theme_vulns.xml&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/theme_vulns.xml&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;//theme[@name='$name$']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version</span>]

2
doc/WpThemes.html
View File

@@ -216,7 +216,7 @@
<span class="ruby-keyword">def</span> <span class="ruby-identifier">themes_from_aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> (<span class="ruby-identifier">options</span>[<span class="ruby-value">:full</span>] <span class="ruby-operator">?</span> <span class="ruby-node">&quot;#{DATA_DIR}/themes_full.txt&quot;</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#{DATA_DIR}/themes.txt&quot;</span>)
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/wp_theme_vulns.xml&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/theme_vulns.xml&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//theme[@name='#{@name}']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">&quot;//theme&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">&quot;themes&quot;</span>

2
doc/WpUsernames.html
View File

@@ -416,7 +416,7 @@ href="http://seclists.org/fulldisclosure/2011/May/493">seclists.org/fulldisclosu
<span class="ruby-identifier">username</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">301</span> <span class="ruby-comment"># username in location?</span>
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>][<span class="ruby-regexp">%r{/author/([^/]+)/}</span>, <span class="ruby-value">1</span>]
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>][<span class="ruby-regexp">%r{/author/([^/\b]+)/?}</span>, <span class="ruby-value">1</span>]
<span class="ruby-comment"># Get the real name from the redirect site</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">get_nickname_from_url</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-comment"># username in body?</span>

10
doc/WpVulnerability.html
View File

@@ -198,9 +198,9 @@
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-reference" class="method-detail">
<div id="attribute-i-references" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">reference</span><span
<span class="method-name">references</span><span
class="attribute-access-type">[RW]</span>
</div>
@@ -250,7 +250,7 @@
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(title, reference, type)</span>
class="method-args">(title, references, type)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
@@ -263,9 +263,9 @@
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_vulnerability.rb, line 22</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">title</span>, <span class="ruby-identifier">reference</span>, <span class="ruby-identifier">type</span>)
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">title</span>, <span class="ruby-identifier">references</span>, <span class="ruby-identifier">type</span>)
<span class="ruby-ivar">@title</span> = <span class="ruby-identifier">title</span>
<span class="ruby-ivar">@reference</span> = <span class="ruby-identifier">reference</span>
<span class="ruby-ivar">@references</span> = <span class="ruby-identifier">references</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">type</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->

86
doc/created.rid
View File

@@ -1,43 +1,43 @@
Thu, 13 Dec 2012 16:46:56 +0100
./CREDITS Tue, 25 Sep 2012 20:37:12 +0200
./Gemfile Thu, 06 Dec 2012 19:53:03 +0100
./lib/browser.rb Thu, 13 Dec 2012 11:04:19 +0100
./lib/cache_file_store.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/common_helper.rb Sat, 10 Nov 2012 09:50:17 +0100
./lib/environment.rb Fri, 23 Nov 2012 18:46:41 +0100
./lib/updater/git_updater.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/updater/svn_updater.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/updater/updater.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/updater/updater_factory.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/exploit.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/modules/brute_force.rb Thu, 06 Dec 2012 19:53:03 +0100
./lib/wpscan/modules/malwares.rb Sat, 10 Nov 2012 09:50:17 +0100
./lib/wpscan/modules/web_site.rb Thu, 13 Dec 2012 16:41:55 +0100
./lib/wpscan/modules/wp_config_backup.rb Tue, 16 Oct 2012 22:00:10 +0200
./lib/wpscan/modules/wp_full_path_disclosure.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/modules/wp_login_protection.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/modules/wp_plugins.rb Wed, 28 Nov 2012 20:07:48 +0100
./lib/wpscan/modules/wp_readme.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/modules/wp_themes.rb Wed, 28 Nov 2012 20:07:48 +0100
./lib/wpscan/modules/wp_timthumbs.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/modules/wp_usernames.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/msfrpc_client.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/vulnerable.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/wp_detector.rb Thu, 06 Dec 2012 19:53:03 +0100
./lib/wpscan/wp_enumerator.rb Thu, 06 Dec 2012 19:53:03 +0100
./lib/wpscan/wp_item.rb Sat, 10 Nov 2012 09:50:17 +0100
./lib/wpscan/wp_options.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/wp_plugin.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/wp_target.rb Thu, 13 Dec 2012 16:20:41 +0100
./lib/wpscan/wp_theme.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/wp_user.rb Thu, 06 Dec 2012 21:07:19 +0100
./lib/wpscan/wp_version.rb Thu, 13 Dec 2012 11:04:19 +0100
./lib/wpscan/wp_vulnerability.rb Tue, 25 Sep 2012 20:37:12 +0200
./lib/wpscan/wpscan_helper.rb Thu, 06 Dec 2012 19:53:03 +0100
./lib/wpscan/wpscan_options.rb Thu, 13 Dec 2012 11:04:19 +0100
./lib/wpstools/generate_list.rb Wed, 28 Nov 2012 20:07:48 +0100
./lib/wpstools/parse_svn.rb Sat, 10 Nov 2012 09:50:17 +0100
./lib/wpstools/wpstools_helper.rb Fri, 07 Dec 2012 20:17:22 +0100
./README Thu, 13 Dec 2012 11:04:19 +0100
./wpscan.rb Thu, 13 Dec 2012 16:23:41 +0100
./wpstools.rb Fri, 07 Dec 2012 20:17:22 +0100
Wed, 09 Jan 2013 23:03:38 +0100
./CREDITS Wed, 09 Jan 2013 21:31:44 +0100
./Gemfile Wed, 09 Jan 2013 21:31:44 +0100
./lib/browser.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/cache_file_store.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/common_helper.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/environment.rb Wed, 09 Jan 2013 21:33:11 +0100
./lib/updater/git_updater.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/updater/svn_updater.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/updater/updater.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/updater/updater_factory.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/exploit.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/modules/brute_force.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/modules/malwares.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/modules/web_site.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/modules/wp_config_backup.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/modules/wp_full_path_disclosure.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/modules/wp_login_protection.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/modules/wp_plugins.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/modules/wp_readme.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/modules/wp_themes.rb Wed, 09 Jan 2013 23:00:05 +0100
./lib/wpscan/modules/wp_timthumbs.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/modules/wp_usernames.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/msfrpc_client.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/vulnerable.rb Wed, 09 Jan 2013 22:46:41 +0100
./lib/wpscan/wp_detector.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/wp_enumerator.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/wp_item.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/wp_options.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/wp_plugin.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/wp_target.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/wp_theme.rb Wed, 09 Jan 2013 22:59:58 +0100
./lib/wpscan/wp_user.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/wp_version.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/wp_vulnerability.rb Wed, 09 Jan 2013 22:46:41 +0100
./lib/wpscan/wpscan_helper.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpscan/wpscan_options.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpstools/generate_list.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpstools/parse_svn.rb Wed, 09 Jan 2013 21:31:44 +0100
./lib/wpstools/wpstools_helper.rb Wed, 09 Jan 2013 21:33:11 +0100
./README Wed, 09 Jan 2013 21:33:11 +0100
./wpscan.rb Wed, 09 Jan 2013 22:46:41 +0100
./wpstools.rb Wed, 09 Jan 2013 22:59:49 +0100

114
doc/js/quicksearch.js
View File

@@ -1,114 +0,0 @@
/**
*
* JQuery QuickSearch - Hook up a form field to hide non-matching elements.
* $Id: quicksearch.js 53 2009-01-07 02:52:03Z deveiant $
*
* Author: Michael Granger <mgranger@laika.com>
*
*/
jQuery.fn.quicksearch = function( target, searchElems, options ) {
// console.debug( "Quicksearch fn" );
var settings = {
delay: 250,
clearButton: false,
highlightMatches: false,
focusOnLoad: false,
noSearchResultsIndicator: null
};
if ( options ) $.extend( settings, options );
return jQuery(this).each( function() {
// console.debug( "Creating a new quicksearch on %o for %o", this, searchElems );
new jQuery.quicksearch( this, searchElems, settings );
});
};
jQuery.quicksearch = function( searchBox, searchElems, settings ) {
var timeout;
var boxdiv = $(searchBox).parents('div').eq(0);
function init() {
setupKeyEventHandlers();
focusOnLoad();
};
function setupKeyEventHandlers() {
// console.debug( "Hooking up the 'keypress' event to %o", searchBox );
$(searchBox).
unbind( 'keyup' ).
keyup( function(e) { return onSearchKey( e.keyCode ); });
$(searchBox).
unbind( 'keypress' ).
keypress( function(e) {
switch( e.which ) {
// Execute the search on Enter, Tab, or Newline
case 9:
case 13:
case 10:
clearTimeout( timeout );
e.preventDefault();
doQuickSearch();
break;
// Allow backspace
case 8:
return true;
break;
// Only allow valid search characters
default:
return validQSChar( e.charCode );
}
});
};
function focusOnLoad() {
if ( !settings.focusOnLoad ) return false;
$(searchBox).focus();
};
function onSearchKey ( code ) {
clearTimeout( timeout );
// console.debug( "...scheduling search." );
timeout = setTimeout( doQuickSearch, settings.delay );
};
function validQSChar( code ) {
var c = String.fromCharCode( code );
return (
(c == ':') ||
(c >= 'a' && c <= 'z') ||
(c >= 'A' && c <= 'Z')
);
};
function doQuickSearch() {
var searchText = searchBox.value;
var pat = new RegExp( searchText, "im" );
var shownCount = 0;
if ( settings.noSearchResultsIndicator ) {
$('#' + settings.noSearchResultsIndicator).hide();
}
// All elements start out hidden
$(searchElems).each( function(index) {
var str = $(this).text();
if ( pat.test(str) ) {
shownCount += 1;
$(this).fadeIn();
} else {
$(this).hide();
}
});
if ( shownCount == 0 && settings.noSearchResultsIndicator ) {
$('#' + settings.noSearchResultsIndicator).slideDown();
}
};
init();
};

2
doc/js/search_index.js
View File

File diff suppressed because one or more lines are too long

10
doc/js/thickbox-compressed.js
View File

File diff suppressed because one or more lines are too long

52
doc/lib/browser_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: browser.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../rdoc.css" rel="stylesheet" />
<script src="../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

54
doc/lib/cache_file_store_rb.html
View File

@@ -1,54 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: cache_file_store.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../rdoc.css" rel="stylesheet" />
<script src="../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
<li>yaml</li>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/common_helper_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: common_helper.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../rdoc.css" rel="stylesheet" />
<script src="../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 18:38:13 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

82
doc/lib/environment_rb.html
View File

@@ -1,82 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: environment.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../rdoc.css" rel="stylesheet" />
<script src="../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
<li>rubygems</li>
<li>getoptlong</li>
<li>uri</li>
<li>time</li>
<li>resolv</li>
<li>xmlrpc/client</li>
<li>digest/md5</li>
<li>readline</li>
<li>base64</li>
<li>cgi</li>
<li>rbconfig</li>
<li>pp</li>
<li>typhoeus</li>
<li>json</li>
<li>nokogiri</li>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/updater/git_updater_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: git_updater.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/updater/svn_updater_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: svn_updater.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/updater/updater_factory_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: updater_factory.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/updater/updater_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: updater.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/exploit_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: exploit.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/brute_force_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: brute_force.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/malwares_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: malwares.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 16:21:49 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/web_site_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: web_site.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_config_backup_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_config_backup.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 16:18:23 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_full_path_disclosure_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_full_path_disclosure.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_login_protection_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_login_protection.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_plugins_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_plugins.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_readme_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_readme.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_themes_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_themes.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_timthumbs_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_timthumbs.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/modules/wp_usernames_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_usernames.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../../rdoc.css" rel="stylesheet" />
<script src="../../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/msfrpc_client_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: msfrpc_client.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/vulnerable_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: vulnerable.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_detector_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_detector.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_enumerator_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_enumerator.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_item_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_item.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_options_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_options.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_plugin_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_plugin.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_target_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_target.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 16:19:38 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_theme_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_theme.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_user_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_user.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_version_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_version.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wp_vulnerability_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wp_vulnerability.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wpscan_helper_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wpscan_helper.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpscan/wpscan_options_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wpscan_options.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 15:45:42 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpstools/generate_list_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: generate_list.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpstools/parse_svn_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: parse_svn.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/lib/wpstools/wpstools_helper_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wpstools_helper.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="../../rdoc.css" rel="stylesheet" />
<script src="../../js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="../../js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

76
doc/table_of_contents.html
View File

@@ -187,10 +187,10 @@
<li class="method"><a href="URI.html#method-c-escape">::escape &mdash; URI</a>
<li class="method"><a href="WpTheme.html#method-c-find">::find &mdash; WpTheme</a>
<li class="method"><a href="WpVersion.html#method-c-find">::find &mdash; WpVersion</a>
<li class="method"><a href="WpTheme.html#method-c-find">::find &mdash; WpTheme</a>
<li class="method"><a href="WpVersion.html#method-c-find_from_advanced_fingerprinting">::find_from_advanced_fingerprinting &mdash; WpVersion</a>
<li class="method"><a href="WpVersion.html#method-c-find_from_atom_generator">::find_from_atom_generator &mdash; WpVersion</a>
@@ -229,36 +229,38 @@
<li class="method"><a href="Malwares.html#method-c-malwares_file">::malwares_file &mdash; Malwares</a>
<li class="method"><a href="WpPlugin.html#method-c-new">::new &mdash; WpPlugin</a>
<li class="method"><a href="WpscanOptions.html#method-c-new">::new &mdash; WpscanOptions</a>
<li class="method"><a href="RpcClient.html#method-c-new">::new &mdash; RpcClient</a>
<li class="method"><a href="WpVersion.html#method-c-new">::new &mdash; WpVersion</a>
<li class="method"><a href="WpPlugin.html#method-c-new">::new &mdash; WpPlugin</a>
<li class="method"><a href="WpItem.html#method-c-new">::new &mdash; WpItem</a>
<li class="method"><a href="WpTarget.html#method-c-new">::new &mdash; WpTarget</a>
<li class="method"><a href="WpUser.html#method-c-new">::new &mdash; WpUser</a>
<li class="method"><a href="CacheFileStore.html#method-c-new">::new &mdash; CacheFileStore</a>
<li class="method"><a href="Updater.html#method-c-new">::new &mdash; Updater</a>
<li class="method"><a href="WpscanOptions.html#method-c-new">::new &mdash; WpscanOptions</a>
<li class="method"><a href="WpVulnerability.html#method-c-new">::new &mdash; WpVulnerability</a>
<li class="method"><a href="Generate_List.html#method-c-new">::new &mdash; Generate_List</a>
<li class="method"><a href="Exploit.html#method-c-new">::new &mdash; Exploit</a>
<li class="method"><a href="Svn_Parser.html#method-c-new">::new &mdash; Svn_Parser</a>
<li class="method"><a href="WpTarget.html#method-c-new">::new &mdash; WpTarget</a>
<li class="method"><a href="WpTheme.html#method-c-new">::new &mdash; WpTheme</a>
<li class="method"><a href="WpUser.html#method-c-new">::new &mdash; WpUser</a>
<li class="method"><a href="Updater.html#method-c-new">::new &mdash; Updater</a>
<li class="method"><a href="Exploit.html#method-c-new">::new &mdash; Exploit</a>
<li class="method"><a href="Generate_List.html#method-c-new">::new &mdash; Generate_List</a>
<li class="method"><a href="WpVulnerability.html#method-c-new">::new &mdash; WpVulnerability</a>
<li class="method"><a href="Svn_Parser.html#method-c-new">::new &mdash; Svn_Parser</a>
<li class="method"><a href="RpcClient.html#method-c-new">::new &mdash; RpcClient</a>
<li class="method"><a href="WpscanOptions.html#method-c-option_to_instance_variable_setter">::option_to_instance_variable_setter &mdash; WpscanOptions</a>
<li class="method"><a href="WebSite.html#method-c-page_hash">::page_hash &mdash; WebSite</a>
<li class="method"><a href="WpDetector.html#method-c-passive_detection">::passive_detection &mdash; WpDetector</a>
<li class="method"><a href="Browser.html#method-c-reset">::reset &mdash; Browser</a>
@@ -273,12 +275,12 @@
<li class="method"><a href="WpItem.html#method-i-3D-3D">#== &mdash; WpItem</a>
<li class="method"><a href="WpItem.html#method-i-3D-3D-3D">#=== &mdash; WpItem</a>
<li class="method"><a href="WpUser.html#method-i-3D-3D-3D">#=== &mdash; WpUser</a>
<li class="method"><a href="WpTheme.html#method-i-3D-3D-3D">#=== &mdash; WpTheme</a>
<li class="method"><a href="WpItem.html#method-i-3D-3D-3D">#=== &mdash; WpItem</a>
<li class="method"><a href="Array.html#method-i-_grep_">#_grep_ &mdash; Array</a>
<li class="method"><a href="Object.html#method-i-add_http_protocol">#add_http_protocol &mdash; Object</a>
@@ -329,7 +331,7 @@
<li class="method"><a href="WpUser.html#method-i-eql-3F">#eql? &mdash; WpUser</a>
<li class="method"><a href="WpTarget.html#method-i-error_404_hash">#error_404_hash &mdash; WpTarget</a>
<li class="method"><a href="WebSite.html#method-i-error_404_hash">#error_404_hash &mdash; WebSite</a>
<li class="method"><a href="WpPlugin.html#method-i-error_log-3F">#error_log? &mdash; WpPlugin</a>
@@ -407,10 +409,10 @@
<li class="method"><a href="WpscanOptions.html#method-i-has_options-3F">#has_options? &mdash; WpscanOptions</a>
<li class="method"><a href="WpItem.html#method-i-has_readme-3F">#has_readme? &mdash; WpItem</a>
<li class="method"><a href="WpReadme.html#method-i-has_readme-3F">#has_readme? &mdash; WpReadme</a>
<li class="method"><a href="WpItem.html#method-i-has_readme-3F">#has_readme? &mdash; WpItem</a>
<li class="method"><a href="WpLoginProtection.html#method-i-has_simple_login_lockdown_protection-3F">#has_simple_login_lockdown_protection? &mdash; WpLoginProtection</a>
<li class="method"><a href="WpTimthumbs.html#method-i-has_timthumbs-3F">#has_timthumbs? &mdash; WpTimthumbs</a>
@@ -419,22 +421,20 @@
<li class="method"><a href="Object.html#method-i-help">#help &mdash; Object</a>
<li class="method"><a href="WebSite.html#method-i-homepage_hash">#homepage_hash &mdash; WebSite</a>
<li class="method"><a href="WpUser.html#method-i-id">#id &mdash; WpUser</a>
<li class="method"><a href="WpUser.html#method-i-id-3D">#id= &mdash; WpUser</a>
<li class="method"><a href="SvnUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; SvnUpdater</a>
<li class="method"><a href="GitUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; GitUpdater</a>
<li class="method"><a href="Updater.html#method-i-is_installed-3F">#is_installed? &mdash; Updater</a>
<li class="method"><a href="SvnUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; SvnUpdater</a>
<li class="method"><a href="WpTarget.html#method-i-is_multisite-3F">#is_multisite? &mdash; WpTarget</a>
<li class="method"><a href="WebSite.html#method-i-is_online-3F">#is_online? &mdash; WebSite</a>
<li class="method"><a href="WebSite.html#method-i-is_wordpress-3F">#is_wordpress? &mdash; WebSite</a>
<li class="method"><a href="Exploit.html#method-i-job_id">#job_id &mdash; Exploit</a>
<li class="method"><a href="RpcClient.html#method-i-jobs">#jobs &mdash; RpcClient</a>
@@ -473,10 +473,10 @@
<li class="method"><a href="Exploit.html#method-i-meterpreter_read">#meterpreter_read &mdash; Exploit</a>
<li class="method"><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write &mdash; Exploit</a>
<li class="method"><a href="RpcClient.html#method-i-meterpreter_write">#meterpreter_write &mdash; RpcClient</a>
<li class="method"><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write &mdash; Exploit</a>
<li class="method"><a href="WpUser.html#method-i-name">#name &mdash; WpUser</a>
<li class="method"><a href="WpUser.html#method-i-name-3D">#name= &mdash; WpUser</a>
@@ -485,6 +485,8 @@
<li class="method"><a href="WpUser.html#method-i-nickname-3D">#nickname= &mdash; WpUser</a>
<li class="method"><a href="WebSite.html#method-i-online-3F">#online? &mdash; WebSite</a>
<li class="method"><a href="Svn_Parser.html#method-i-parse">#parse &mdash; Svn_Parser</a>
<li class="method"><a href="WpPlugins.html#method-i-plugins_from_aggressive_detection">#plugins_from_aggressive_detection &mdash; WpPlugins</a>
@@ -527,6 +529,8 @@
<li class="method"><a href="Object.html#method-i-require_files_from_directory">#require_files_from_directory &mdash; Object</a>
<li class="method"><a href="WebSite.html#method-i-rss_url">#rss_url &mdash; WebSite</a>
<li class="method"><a href="Generate_List.html#method-i-save">#save &mdash; Generate_List</a>
<li class="method"><a href="WpTarget.html#method-i-search_replace_db_2_exists-3F">#search_replace_db_2_exists? &mdash; WpTarget</a>
@@ -563,12 +567,12 @@
<li class="method"><a href="WpItem.html#method-i-to_s">#to_s &mdash; WpItem</a>
<li class="method"><a href="SvnUpdater.html#method-i-update">#update &mdash; SvnUpdater</a>
<li class="method"><a href="GitUpdater.html#method-i-update">#update &mdash; GitUpdater</a>
<li class="method"><a href="Updater.html#method-i-update">#update &mdash; Updater</a>
<li class="method"><a href="SvnUpdater.html#method-i-update">#update &mdash; SvnUpdater</a>
<li class="method"><a href="WpTarget.html#method-i-url">#url &mdash; WpTarget</a>
<li class="method"><a href="WpscanOptions.html#method-i-url-3D">#url= &mdash; WpscanOptions</a>
@@ -589,6 +593,8 @@
<li class="method"><a href="WpscanOptions.html#method-i-wordlist-3D">#wordlist= &mdash; WpscanOptions</a>
<li class="method"><a href="WebSite.html#method-i-wordpress-3F">#wordpress? &mdash; WebSite</a>
<li class="method"><a href="WpTarget.html#method-i-wp_content_dir">#wp_content_dir &mdash; WpTarget</a>
<li class="method"><a href="WpTarget.html#method-i-wp_plugins_dir">#wp_plugins_dir &mdash; WpTarget</a>

52
doc/wpscan_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wpscan.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet" />
<script src="./js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

52
doc/wpstools_rb.html
View File

@@ -1,52 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>File: wpstools.rb [RDoc Documentation]</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet" />
<script src="./js/jquery.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript"
charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript"
charset="utf-8"></script>
</head>
<body class="file file-popup">
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-10-23 12:20:01 +0200</dd>
<dt class="requires">Requires</dt>
<dd class="requires">
<ul>
</ul>
</dd>
</dl>
</div>
<div id="documentation">
<div class="description">
<h2>Description</h2>
</div>
</div>
</body>
</html>

2
lib/wpscan/modules/wp_themes.rb
View File

@@ -21,7 +21,7 @@ module WpThemes
def themes_from_aggressive_detection(options)
options[:file] = options[:file] || (options[:full] ? "#{DATA_DIR}/themes_full.txt" : "#{DATA_DIR}/themes.txt")
options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
options[:vulns_file] : DATA_DIR + "/wp_theme_vulns.xml"
options[:vulns_file] : DATA_DIR + "/theme_vulns.xml"
options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability"
options[:vulns_xpath_2] = "//theme"
options[:type] = "themes"

2
lib/wpscan/vulnerable.rb
View File

@@ -31,7 +31,7 @@ class Vulnerable
xml.xpath(@vulns_xpath).each do |node|
vulnerabilities << WpVulnerability.new(
node.search("title").text,
node.search("reference").text,
node.search("reference").map(&:text),
node.search("type").text
)
end

2
lib/wpscan/wp_theme.rb
View File

@@ -24,7 +24,7 @@ class WpTheme < WpItem
def initialize(options = {})
options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
options[:vulns_file] : DATA_DIR + "/wp_theme_vulns.xml"
options[:vulns_file] : DATA_DIR + "/theme_vulns.xml"
options[:vulns_xpath] = "//theme[@name='$name$']/vulnerability"
options[:type] = "themes"
@version = options[:version]

6
lib/wpscan/wp_vulnerability.rb
View File

@@ -17,11 +17,11 @@
#++
class WpVulnerability
attr_accessor :title, :reference, :type
attr_accessor :title, :references, :type
def initialize(title, reference, type)
def initialize(title, references, type)
@title = title
@reference = reference
@references = references
@type = type
end
end

20
wpscan.rb
View File

@@ -114,7 +114,9 @@ begin
theme_vulnerabilities.each do |vulnerability|
puts
puts " | " + red("* Title: #{vulnerability.title}")
puts " | " + red("* Reference: #{vulnerability.reference}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
end
puts
end
@@ -175,7 +177,9 @@ begin
version_vulnerabilities.each do |vulnerability|
puts
puts " | " + red("* Title: #{vulnerability.title}")
puts " | " + red("* Reference: #{vulnerability.reference}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
end
end
end
@@ -196,7 +200,9 @@ begin
plugin.vulnerabilities.each do |vulnerability|
puts " |"
puts " | " + red("[!] #{vulnerability.title}")
puts " | " + red("* Reference: #{vulnerability.reference}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
end
end
else
@@ -242,7 +248,9 @@ begin
puts " |"
puts " | " + red("[!] #{vulnerability.title}")
puts " | " + red("* Reference: #{vulnerability.reference}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
# This has been commented out as MSF are moving from
# XML-RPC to MessagePack.
@@ -297,7 +305,9 @@ begin
theme.vulnerabilities.each do |vulnerability|
puts " |"
puts " | " + red("[!] #{vulnerability.title}")
puts " | " + red("* Reference: #{vulnerability.reference}")
vulnerability.references.each do |r|
puts " | " + red("* Reference: #{r}")
end
# This has been commented out as MSF are moving from
# XML-RPC to MessagePack.

2
wpstools.rb
View File

@@ -132,7 +132,7 @@ begin
# seclists.org redirects to the homepage if the reference does not exist
# TODO : the special case above
if @check_vuln_ref_urls
vuln_ref_files = ["plugin_vulns.xml", "wp_theme_vulns.xml", "wp_vulns.xml"]
vuln_ref_files = ["plugin_vulns.xml", "theme_vulns.xml", "wp_vulns.xml"]
error_codes = [404, 500, 403]
not_found_regexp = %r{No Results Found|error 404|ID Invalid or Not Found}i