Add RSS author information

2018-05-14 13:44:02 +01:00
parent ae3c164350
commit 9450ba6cc5
4 changed files with 73 additions and 7 deletions
--- a/lib/wpscan/web_site.rb
+++ b/lib/wpscan/web_site.rb
@@ -125,13 +125,6 @@ class WebSite
    @error_404_hash
  end

-  # Will try to find the rss url in the homepage
-  # Only the first one found is returned
-  def rss_url
-    homepage_body = Browser.get(@uri.to_s).body
-    homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
-  end
-
  # Only the first 700 bytes are checked to avoid the download
  # of the whole file which can be very huge (like 2 Go)
  #
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -9,6 +9,7 @@ require 'wp_target/wp_login_protection'
 require 'wp_target/wp_must_use_plugins'
 require 'wp_target/wp_readme'
 require 'wp_target/wp_registrable'
+require 'wp_target/wp_rss'

 class WpTarget < WebSite
  include WpTarget::WpAPI
@@ -19,6 +20,7 @@ class WpTarget < WebSite
  include WpTarget::WpMustUsePlugins
  include WpTarget::WpReadme
  include WpTarget::WpRegistrable
+  include WpTarget::WpRSS

  attr_reader :verbose

--- a/lib/wpscan/wp_target/wp_rss.rb
+++ b/lib/wpscan/wp_target/wp_rss.rb
@@ -0,0 +1,59 @@
+# encoding: UTF-8
+
+class WpTarget < WebSite
+  module WpRSS
+
+    # Checks to see if there is an rss feed
+    # Will try to find the rss url in the homepage
+    # Only the first one found is returned
+    #
+    # This file comes by default in a WordPress installation
+    #
+    # @return [ Boolean ]
+    def rss_url
+      homepage_body = Browser.get(@uri.to_s).body
+      # Format: <link rel="alternate" type="application/rss+xml" title=".*" href=".*" />
+      homepage_body[%r{<link\s*.*\s*type=['|"]application\/rss\+xml['|"]\s*.*\stitle=".*" href=['|"]([^"]+)['|"]\s*\/?>}i, 1]
+    end
+
+
+    # Gets all the authors from the RSS feed
+    #
+    # @return [ string ]
+    def rss_authors(url)
+      # Variables
+      users = []
+
+      # Make the request
+      response = Browser.get(url)
+
+      # Valid repose to view? HTTP 200?
+      return false unless response.code == 200
+
+      # Get output
+      data = response.body
+
+      # Read in RSS/XML
+      xml = Nokogiri::XML(data)
+
+      # Look for <dc:creator> item
+      xml.xpath('//item/dc:creator').each do |node|
+        #Format: <dc:creator><![CDATA[.*]]></dc:creator>
+        users << [%r{.*}i.match(node).to_s]
+      end
+
+      if users
+        # Feedback
+        puts warning("Detected users from RSS feed:")
+
+        # Sort and uniq
+        users = users.sort_by { |user| user.to_s.downcase }.uniq
+
+        # Print results
+        table = Terminal::Table.new(headings: ['Name'],
+                                    rows: users)
+        puts table
+      end
+    end
+  end
+end
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -323,6 +323,18 @@ def main
      spacer()
    end

+    # Get RSS
+    rss = wp_target.rss_url
+    if rss
+      # Feedback
+      puts info("RSS Feed: #{rss}")
+
+      # Print users from RSS feed
+      wp_target.rss_authors(rss)
+
+      spacer()
+    end
+
    if wp_target.has_full_path_disclosure?
      puts warning("Full Path Disclosure (FPD) in '#{wp_target.full_path_disclosure_url}': #{wp_target.full_path_disclosure_data}")
      spacer()