custom plugins directory
This commit is contained in:
Christian Mehlmauer
@@ -85,6 +85,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
|
||||
@@ -101,6 +101,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -226,6 +228,11 @@
|
||||
<dd class="description"></dd>
|
||||
|
||||
|
||||
<dt><a name="USER_AGENT_MODES">USER_AGENT_MODES</a></dt>
|
||||
|
||||
<dd class="description"></dd>
|
||||
|
||||
|
||||
</dl>
|
||||
</div>
|
||||
|
||||
@@ -294,7 +301,7 @@
|
||||
|
||||
<div class="method-source-code" id="instance-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 57</span>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 58</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance</span>(<span class="ruby-identifier">options</span> = {})
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">@@instance</span>
|
||||
<span class="ruby-identifier">@@instance</span> = <span class="ruby-identifier">new</span>(<span class="ruby-identifier">options</span>)
|
||||
@@ -330,7 +337,7 @@
|
||||
|
||||
<div class="method-source-code" id="reset-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 64</span>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 65</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">reset</span>
|
||||
<span class="ruby-identifier">@@instance</span> = <span class="ruby-keyword">nil</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -369,11 +376,11 @@
|
||||
|
||||
<div class="method-source-code" id="forge_request-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 140</span>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 142</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
|
||||
<span class="ruby-constant">Typhoeus</span><span class="ruby-operator">::</span><span class="ruby-constant">Request</span>.<span class="ruby-identifier">new</span>(
|
||||
<span class="ruby-identifier">url</span>.<span class="ruby-identifier">to_s</span>,
|
||||
<span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span>)
|
||||
<span class="ruby-identifier">url</span>.<span class="ruby-identifier">to_s</span>,
|
||||
<span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span>)
|
||||
)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- forge_request-source -->
|
||||
@@ -405,10 +412,10 @@
|
||||
|
||||
<div class="method-source-code" id="get-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 128</span>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 130</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
|
||||
<span class="ruby-identifier">run_request</span>(
|
||||
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">></span> <span class="ruby-value">:get</span>))
|
||||
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">></span> <span class="ruby-value">:get</span>))
|
||||
)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- get-source -->
|
||||
@@ -443,7 +450,7 @@ browser object, hydra will not have the new @max_threads and
|
||||
|
||||
<div class="method-source-code" id="load_config-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 101</span>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 102</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">load_config</span>(<span class="ruby-identifier">config_file</span> = <span class="ruby-keyword">nil</span>)
|
||||
<span class="ruby-ivar">@config_file</span> = <span class="ruby-identifier">config_file</span> <span class="ruby-operator">||</span> <span class="ruby-ivar">@config_file</span>
|
||||
|
||||
@@ -484,7 +491,7 @@ browser object, hydra will not have the new @max_threads and
|
||||
|
||||
<div class="method-source-code" id="max_threads-3D-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 93</span>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 94</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">max_threads=</span>(<span class="ruby-identifier">max_threads</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">max_threads</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">max_threads</span> <span class="ruby-operator"><=</span> <span class="ruby-value">0</span>
|
||||
<span class="ruby-identifier">max_threads</span> = <span class="ruby-value">1</span>
|
||||
@@ -520,17 +527,17 @@ browser object, hydra will not have the new @max_threads and
|
||||
|
||||
<div class="method-source-code" id="merge_request_params-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 147</span>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 149</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span> = {})
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@proxy</span>
|
||||
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:proxy</span> =<span class="ruby-operator">></span> <span class="ruby-ivar">@proxy</span>)
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:disable_ssl_host_verification</span>)
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:disable_ssl_host_verification</span>)
|
||||
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:disable_ssl_host_verification</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>)
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:disable_ssl_peer_verification</span>)
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:disable_ssl_peer_verification</span>)
|
||||
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:disable_ssl_peer_verification</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>)
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
@@ -541,7 +548,7 @@ browser object, hydra will not have the new @max_threads and
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
<span class="ruby-comment"># Used to enable the cache system if :cache_timeout > 0</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:cache_timeout</span>)
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:cache_timeout</span>)
|
||||
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">></span> <span class="ruby-ivar">@cache_timeout</span>)
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
@@ -576,10 +583,10 @@ browser object, hydra will not have the new @max_threads and
|
||||
|
||||
<div class="method-source-code" id="post-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 134</span>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 136</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">post</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
|
||||
<span class="ruby-identifier">run_request</span>(
|
||||
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">></span> <span class="ruby-value">:post</span>))
|
||||
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">></span> <span class="ruby-value">:post</span>))
|
||||
)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- post-source -->
|
||||
@@ -611,15 +618,15 @@ browser object, hydra will not have the new @max_threads and
|
||||
|
||||
<div class="method-source-code" id="user_agent-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 81</span>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 82</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent</span>
|
||||
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@user_agent_mode</span>
|
||||
<span class="ruby-keyword">when</span> <span class="ruby-string">"semi-static"</span>
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@user_agent</span>
|
||||
<span class="ruby-keyword">when</span> <span class="ruby-string">"semi-static"</span>
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@user_agent</span>
|
||||
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-ivar">@available_user_agents</span>.<span class="ruby-identifier">sample</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">when</span> <span class="ruby-string">"random"</span>
|
||||
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-ivar">@available_user_agents</span>.<span class="ruby-identifier">sample</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">when</span> <span class="ruby-string">"random"</span>
|
||||
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-ivar">@available_user_agents</span>.<span class="ruby-identifier">sample</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-ivar">@user_agent</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -652,11 +659,11 @@ browser object, hydra will not have the new @max_threads and
|
||||
|
||||
<div class="method-source-code" id="user_agent_mode-3D-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 68</span>
|
||||
<span class="ruby-comment"># File lib/browser.rb, line 69</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent_mode=</span>(<span class="ruby-identifier">ua_mode</span>)
|
||||
<span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">||=</span> <span class="ruby-string">"static"</span>
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">@@user_agent_modes</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">ua_mode</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-constant">USER_AGENT_MODES</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">ua_mode</span>)
|
||||
<span class="ruby-ivar">@user_agent_mode</span> = <span class="ruby-identifier">ua_mode</span>
|
||||
<span class="ruby-comment"># For semi-static user agent mode, the user agent has to be nil the first time (it will be set with the getter)</span>
|
||||
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-keyword">nil</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">===</span> <span class="ruby-string">"semi-static"</span>
|
||||
|
||||
@@ -77,6 +77,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -304,21 +306,21 @@ on large wordlists, although bareable.</p>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/login_error/</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-string">"\nIncorrect username and/or password."</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
|
||||
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-node">"\n [SUCCESS] Username : #{username} Password : #{password}\n"</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-string">"\n "</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">green</span>(<span class="ruby-string">"[SUCCESS]"</span>) <span class="ruby-operator">+</span> <span class="ruby-node">" Username : #{username} Password : #{password}\n"</span>
|
||||
<span class="ruby-identifier">found</span> <span class="ruby-operator"><<</span> { <span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">username</span>, <span class="ruby-value">:password</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">password</span> }
|
||||
<span class="ruby-identifier">password_found</span> = <span class="ruby-keyword">true</span>
|
||||
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">timed_out?</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-string">"ERROR: Request timed out."</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">"ERROR:"</span>) <span class="ruby-operator">+</span> <span class="ruby-string">" Request timed out."</span>
|
||||
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-string">"ERROR: No response from remote server. WAF/IPS?"</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">"ERROR:"</span>) <span class="ruby-operator">+</span> <span class="ruby-string">" No response from remote server. WAF/IPS?"</span>
|
||||
<span class="ruby-comment"># code is a fixnum, needs a string for regex</span>
|
||||
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/^50/</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-string">"ERROR: Server error, try reducing the number of threads."</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">"ERROR:"</span>) <span class="ruby-operator">+</span> <span class="ruby-string">" Server error, try reducing the number of threads."</span>
|
||||
<span class="ruby-keyword">else</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-node">"\nERROR: We recieved an unknown response for #{password}..."</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-string">"\n"</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">"ERROR:"</span>) <span class="ruby-operator">+</span> <span class="ruby-node">" We recieved an unknown response for #{password}..."</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-node">"Code: #{response.code.to_s}"</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-node">"Body: #{response.body}"</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">"Code: #{response.code.to_s}"</span>)
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">"Body: #{response.body}"</span>)
|
||||
<span class="ruby-identifier">puts</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
@@ -41,6 +41,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
|
||||
@@ -91,6 +91,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -276,10 +278,10 @@ binary format Marshal does not need any “require”</p>
|
||||
<span class="ruby-comment"># File lib/cache_file_store.rb, line 34</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">storage_path</span>, <span class="ruby-identifier">serializer</span> = <span class="ruby-constant">Marshal</span>)
|
||||
<span class="ruby-ivar">@storage_path</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">expand_path</span>(<span class="ruby-identifier">storage_path</span>)
|
||||
<span class="ruby-ivar">@serializer</span> = <span class="ruby-identifier">serializer</span>
|
||||
<span class="ruby-ivar">@serializer</span> = <span class="ruby-identifier">serializer</span>
|
||||
|
||||
<span class="ruby-comment"># File.directory? for ruby <= 1.9 otherwise, it makes more sense to do Dir.exist? :/</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-constant">File</span>.<span class="ruby-identifier">directory?</span>(<span class="ruby-ivar">@storage_path</span>)
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">directory?</span>(<span class="ruby-ivar">@storage_path</span>)
|
||||
<span class="ruby-constant">Dir</span>.<span class="ruby-identifier">mkdir</span>(<span class="ruby-ivar">@storage_path</span>)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -425,7 +427,7 @@ binary format Marshal does not need any “require”</p>
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/cache_file_store.rb, line 58</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">write_entry</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">data_to_store</span>, <span class="ruby-identifier">cache_timeout</span>)
|
||||
<span class="ruby-keyword">if</span> (<span class="ruby-identifier">cache_timeout</span> <span class="ruby-operator">></span> <span class="ruby-value">0</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">cache_timeout</span> <span class="ruby-operator">></span> <span class="ruby-value">0</span>
|
||||
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">get_entry_file_path</span>(<span class="ruby-identifier">key</span>), <span class="ruby-string">'w'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">write</span>(<span class="ruby-ivar">@serializer</span>.<span class="ruby-identifier">dump</span>(<span class="ruby-identifier">data_to_store</span>))
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
@@ -109,6 +109,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -441,7 +443,7 @@
|
||||
<span class="ruby-identifier">session_spawn_timer</span> = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">new</span>
|
||||
<span class="ruby-keyword">while</span> <span class="ruby-identifier">sessions</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">sessions</span>.<span class="ruby-identifier">empty?</span>
|
||||
<span class="ruby-comment"># wait for a session to spawn with a timeout of 1 minute</span>
|
||||
<span class="ruby-keyword">if</span> (<span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span> <span class="ruby-operator">-</span> <span class="ruby-identifier">session_spawn_timer</span> <span class="ruby-operator">></span> <span class="ruby-value">60</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span> <span class="ruby-operator">-</span> <span class="ruby-identifier">session_spawn_timer</span> <span class="ruby-operator">></span> <span class="ruby-value">60</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-string">"[ERROR] Session was not created... exiting."</span>
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
@@ -91,6 +91,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -263,23 +265,23 @@
|
||||
<span class="ruby-comment"># File lib/wpstools/generate_list.rb, line 27</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">type</span>, <span class="ruby-identifier">verbose</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/plugins/</span>
|
||||
<span class="ruby-ivar">@type</span> = <span class="ruby-string">"plugin"</span>
|
||||
<span class="ruby-ivar">@svn_url</span> = <span class="ruby-string">'http://plugins.svn.wordpress.org/'</span>
|
||||
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/plugins.txt'</span>
|
||||
<span class="ruby-ivar">@popular_url</span> = <span class="ruby-string">'http://wordpress.org/extend/plugins/browse/popular/'</span>
|
||||
<span class="ruby-ivar">@popular_regex</span> = <span class="ruby-regexp">%{<h3><a href="http://wordpress.org/extend/plugins/(.+)/">.+</a></h3>}</span>
|
||||
<span class="ruby-ivar">@type</span> = <span class="ruby-string">"plugin"</span>
|
||||
<span class="ruby-ivar">@svn_url</span> = <span class="ruby-string">'http://plugins.svn.wordpress.org/'</span>
|
||||
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/plugins.txt'</span>
|
||||
<span class="ruby-ivar">@popular_url</span> = <span class="ruby-string">'http://wordpress.org/extend/plugins/browse/popular/'</span>
|
||||
<span class="ruby-ivar">@popular_regex</span> = <span class="ruby-regexp">%{<h3><a href="http://wordpress.org/extend/plugins/(.+)/">.+</a></h3>}</span>
|
||||
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/themes/</span>
|
||||
<span class="ruby-ivar">@type</span> = <span class="ruby-string">"theme"</span>
|
||||
<span class="ruby-ivar">@svn_url</span> = <span class="ruby-string">'http://themes.svn.wordpress.org/'</span>
|
||||
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/themes.txt'</span>
|
||||
<span class="ruby-ivar">@popular_url</span> = <span class="ruby-string">'http://wordpress.org/extend/themes/browse/popular/'</span>
|
||||
<span class="ruby-ivar">@popular_regex</span> = <span class="ruby-regexp">%{<h3><a href="http://wordpress.org/extend/themes/(.+)">.+</a></h3>}</span>
|
||||
<span class="ruby-ivar">@type</span> = <span class="ruby-string">"theme"</span>
|
||||
<span class="ruby-ivar">@svn_url</span> = <span class="ruby-string">'http://themes.svn.wordpress.org/'</span>
|
||||
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/themes.txt'</span>
|
||||
<span class="ruby-ivar">@popular_url</span> = <span class="ruby-string">'http://wordpress.org/extend/themes/browse/popular/'</span>
|
||||
<span class="ruby-ivar">@popular_regex</span> = <span class="ruby-regexp">%{<h3><a href="http://wordpress.org/extend/themes/(.+)">.+</a></h3>}</span>
|
||||
<span class="ruby-keyword">else</span>
|
||||
<span class="ruby-identifier">raise</span> <span class="ruby-node">"Type #{type} not defined"</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">verbose</span>
|
||||
<span class="ruby-ivar">@browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
|
||||
<span class="ruby-ivar">@hydra</span> = <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">hydra</span>
|
||||
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">verbose</span>
|
||||
<span class="ruby-ivar">@browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
|
||||
<span class="ruby-ivar">@hydra</span> = <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">hydra</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- new-source -->
|
||||
|
||||
@@ -411,17 +413,16 @@ parse the response for the names.</p>
|
||||
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">max_threads</span>
|
||||
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">run</span>
|
||||
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">run</span>
|
||||
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">run</span>
|
||||
|
||||
<span class="ruby-identifier">found_items</span>.<span class="ruby-identifier">sort!</span>
|
||||
<span class="ruby-identifier">found_items</span>.<span class="ruby-identifier">uniq!</span>
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">found_items</span>
|
||||
<span class="ruby-identifier">found_items</span>.<span class="ruby-identifier">uniq</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- get_popular_items-source -->
|
||||
|
||||
@@ -452,7 +453,7 @@ parse the response for the names.</p>
|
||||
|
||||
<div class="method-source-code" id="save-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpstools/generate_list.rb, line 100</span>
|
||||
<span class="ruby-comment"># File lib/wpstools/generate_list.rb, line 99</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">save</span>(<span class="ruby-identifier">items</span>)
|
||||
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">sort!</span>
|
||||
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">uniq!</span>
|
||||
|
||||
@@ -89,6 +89,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
|
||||
@@ -81,6 +81,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -333,8 +335,8 @@
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 28</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">malwares</span>(<span class="ruby-identifier">malwares_file_path</span> = <span class="ruby-keyword">nil</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@malwares</span>.<span class="ruby-identifier">nil?</span>
|
||||
<span class="ruby-identifier">malwares_found</span> = []
|
||||
<span class="ruby-identifier">malwares_file</span> = <span class="ruby-constant">Malwares</span>.<span class="ruby-identifier">malwares_file</span>(<span class="ruby-identifier">malwares_file_path</span>)
|
||||
<span class="ruby-identifier">malwares_found</span> = []
|
||||
<span class="ruby-identifier">malwares_file</span> = <span class="ruby-constant">Malwares</span>.<span class="ruby-identifier">malwares_file</span>(<span class="ruby-identifier">malwares_file_path</span>)
|
||||
<span class="ruby-identifier">index_page_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
|
||||
|
||||
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">malwares_file</span>, <span class="ruby-string">'r'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
|
||||
|
||||
111
doc/Object.html
111
doc/Object.html
@@ -77,10 +77,16 @@
|
||||
|
||||
<li><a href="#method-i-banner">#banner</a></li>
|
||||
|
||||
<li><a href="#method-i-colorize">#colorize</a></li>
|
||||
|
||||
<li><a href="#method-i-get_equal_string_end">#get_equal_string_end</a></li>
|
||||
|
||||
<li><a href="#method-i-green">#green</a></li>
|
||||
|
||||
<li><a href="#method-i-help">#help</a></li>
|
||||
|
||||
<li><a href="#method-i-red">#red</a></li>
|
||||
|
||||
<li><a href="#method-i-require_files_from_directory">#require_files_from_directory</a></li>
|
||||
|
||||
<li><a href="#method-i-usage">#usage</a></li>
|
||||
@@ -101,6 +107,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -372,7 +380,7 @@
|
||||
|
||||
<div class="method-source-code" id="banner-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/common_helper.rb, line 105</span>
|
||||
<span class="ruby-comment"># File lib/common_helper.rb, line 106</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">banner</span>()
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-string">'____________________________________________________'</span>
|
||||
<span class="ruby-identifier">puts</span> <span class="ruby-string">" __ _______ _____ "</span>
|
||||
@@ -401,6 +409,39 @@
|
||||
</div><!-- banner-method -->
|
||||
|
||||
|
||||
<div id="colorize-method" class="method-detail ">
|
||||
<a name="method-i-colorize"></a>
|
||||
|
||||
|
||||
<div class="method-heading">
|
||||
<span class="method-name">colorize</span><span
|
||||
class="method-args">(text, color_code)</span>
|
||||
<span class="method-click-advice">click to toggle source</span>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="method-description">
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<div class="method-source-code" id="colorize-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/common_helper.rb, line 125</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-identifier">color_code</span>)
|
||||
<span class="ruby-node">"\e[#{color_code}m#{text}\e[0m"</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- colorize-source -->
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
|
||||
</div><!-- colorize-method -->
|
||||
|
||||
|
||||
<div id="get_equal_string_end-method" class="method-detail ">
|
||||
<a name="method-i-get_equal_string_end"></a>
|
||||
|
||||
@@ -435,7 +476,7 @@
|
||||
<span class="ruby-keyword">break</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">looping</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">false</span> <span class="ruby-keyword">or</span> (<span class="ruby-identifier">counter</span> * <span class="ruby-value">-1</span> ) <span class="ruby-operator">></span> <span class="ruby-identifier">base</span>.<span class="ruby-identifier">length</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">looping</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">false</span> <span class="ruby-keyword">or</span> (<span class="ruby-identifier">counter</span> * <span class="ruby-value">-1</span>) <span class="ruby-operator">></span> <span class="ruby-identifier">base</span>.<span class="ruby-identifier">length</span>
|
||||
<span class="ruby-keyword">break</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-identifier">already_found</span> = <span class="ruby-node">"#{character if character}#{already_found}"</span>
|
||||
@@ -454,6 +495,39 @@
|
||||
</div><!-- get_equal_string_end-method -->
|
||||
|
||||
|
||||
<div id="green-method" class="method-detail ">
|
||||
<a name="method-i-green"></a>
|
||||
|
||||
|
||||
<div class="method-heading">
|
||||
<span class="method-name">green</span><span
|
||||
class="method-args">(text)</span>
|
||||
<span class="method-click-advice">click to toggle source</span>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="method-description">
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<div class="method-source-code" id="green-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/common_helper.rb, line 133</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">green</span>(<span class="ruby-identifier">text</span>)
|
||||
<span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-value">32</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- green-source -->
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
|
||||
</div><!-- green-method -->
|
||||
|
||||
|
||||
<div id="help-method" class="method-detail ">
|
||||
<a name="method-i-help"></a>
|
||||
|
||||
@@ -518,6 +592,39 @@
|
||||
</div><!-- help-method -->
|
||||
|
||||
|
||||
<div id="red-method" class="method-detail ">
|
||||
<a name="method-i-red"></a>
|
||||
|
||||
|
||||
<div class="method-heading">
|
||||
<span class="method-name">red</span><span
|
||||
class="method-args">(text)</span>
|
||||
<span class="method-click-advice">click to toggle source</span>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="method-description">
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<div class="method-source-code" id="red-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/common_helper.rb, line 129</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">red</span>(<span class="ruby-identifier">text</span>)
|
||||
<span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-value">31</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- red-source -->
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
|
||||
</div><!-- red-method -->
|
||||
|
||||
|
||||
<div id="require_files_from_directory-method" class="method-detail ">
|
||||
<a name="method-i-require_files_from_directory"></a>
|
||||
|
||||
|
||||
@@ -41,6 +41,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
|
||||
@@ -109,6 +109,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -344,11 +346,10 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
|
||||
<div class="method-source-code" id="exploit-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 96</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 93</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">exploit</span>(<span class="ruby-identifier">name</span>, <span class="ruby-identifier">opts</span>)
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.execute'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-string">'exploit'</span>, <span class="ruby-identifier">name</span>, <span class="ruby-identifier">opts</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.execute'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-string">'exploit'</span>, <span class="ruby-identifier">name</span>, <span class="ruby-identifier">opts</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- exploit-source -->
|
||||
|
||||
@@ -382,8 +383,7 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 72</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_exploit_info</span>(<span class="ruby-identifier">name</span>)
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.info'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-string">'exploit'</span>, <span class="ruby-identifier">name</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.info'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-string">'exploit'</span>, <span class="ruby-identifier">name</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- get_exploit_info-source -->
|
||||
|
||||
@@ -414,11 +414,10 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
|
||||
<div class="method-source-code" id="get_options-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 80</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 79</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_options</span>(<span class="ruby-identifier">name</span>)
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.options'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-string">'exploit'</span>,<span class="ruby-identifier">name</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.options'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-string">'exploit'</span>,<span class="ruby-identifier">name</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- get_options-source -->
|
||||
|
||||
@@ -449,11 +448,10 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
|
||||
<div class="method-source-code" id="get_payloads-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 88</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 86</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_payloads</span>(<span class="ruby-identifier">name</span>)
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.compatible_payloads'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">name</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'module.compatible_payloads'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">name</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- get_payloads-source -->
|
||||
|
||||
@@ -484,11 +482,10 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
|
||||
<div class="method-source-code" id="jobs-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 104</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 100</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">jobs</span>()
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'job.list'</span>, <span class="ruby-ivar">@auth_token</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'job.list'</span>, <span class="ruby-ivar">@auth_token</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- jobs-source -->
|
||||
|
||||
@@ -519,11 +516,10 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
|
||||
<div class="method-source-code" id="kill_session-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 120</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 114</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">kill_session</span>(<span class="ruby-identifier">id</span>)
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.stop'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.stop'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- kill_session-source -->
|
||||
|
||||
@@ -597,11 +593,10 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
|
||||
<div class="method-source-code" id="meterpreter_read-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 142</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 133</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">meterpreter_read</span>(<span class="ruby-identifier">id</span>)
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.meterpreter_read'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.meterpreter_read'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- meterpreter_read-source -->
|
||||
|
||||
@@ -632,11 +627,10 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
|
||||
<div class="method-source-code" id="meterpreter_write-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 148</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 138</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">meterpreter_write</span>(<span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.meterpreter_write'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.meterpreter_write'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- meterpreter_write-source -->
|
||||
|
||||
@@ -667,11 +661,10 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
|
||||
<div class="method-source-code" id="read_shell-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 128</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 121</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">read_shell</span>(<span class="ruby-identifier">id</span>)
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.shell_read'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.shell_read'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- read_shell-source -->
|
||||
|
||||
@@ -702,11 +695,10 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
|
||||
<div class="method-source-code" id="sessions-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 112</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 107</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">sessions</span>()
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.list'</span>, <span class="ruby-ivar">@auth_token</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.list'</span>, <span class="ruby-ivar">@auth_token</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- sessions-source -->
|
||||
|
||||
@@ -737,11 +729,10 @@ wpscan -P wpscan -f -t Web -u /RPC2 name = exploit/unix/webapp/php_include</p>
|
||||
|
||||
<div class="method-source-code" id="write_shell-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 136</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/msfrpc_client.rb, line 128</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">write_shell</span>(<span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
|
||||
<span class="ruby-identifier">authenticate</span>()
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.shell_write'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">result</span>
|
||||
<span class="ruby-ivar">@server</span>.<span class="ruby-identifier">call</span>(<span class="ruby-string">'session.shell_write'</span>, <span class="ruby-ivar">@auth_token</span>, <span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- write_shell-source -->
|
||||
|
||||
|
||||
@@ -87,6 +87,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -202,6 +204,24 @@
|
||||
|
||||
|
||||
|
||||
<!-- Constants -->
|
||||
<div id="constants-list" class="section">
|
||||
<h3 class="section-header">Constants</h3>
|
||||
<dl>
|
||||
|
||||
<dt><a name="REVISION_PATTERN">REVISION_PATTERN</a></dt>
|
||||
|
||||
<dd class="description"></dd>
|
||||
|
||||
|
||||
<dt><a name="TRUNK_URL">TRUNK_URL</a></dt>
|
||||
|
||||
<dd class="description"></dd>
|
||||
|
||||
|
||||
</dl>
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -232,7 +252,7 @@
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/updater/svn_updater.rb, line 26</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_installed?</span>
|
||||
<span class="ruby-node">%[svn info "#{@repo_directory}" --xml 2>&1]</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/revision=/</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
|
||||
<span class="ruby-node">%[svn info "#@repo_directory" --xml 2>&1]</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/revision=/</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- is_installed-3F-source -->
|
||||
|
||||
@@ -265,8 +285,8 @@
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/updater/svn_updater.rb, line 30</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">local_revision_number</span>
|
||||
<span class="ruby-identifier">local_revision</span> = <span class="ruby-node">%[svn info "#{@repo_directory}" --xml 2>&1]</span>
|
||||
<span class="ruby-identifier">local_revision</span>[<span class="ruby-identifier">@@revision_pattern</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">to_s</span>
|
||||
<span class="ruby-identifier">local_revision</span> = <span class="ruby-node">%[svn info "#@repo_directory" --xml 2>&1]</span>
|
||||
<span class="ruby-identifier">local_revision</span>[<span class="ruby-constant">REVISION_PATTERN</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">to_s</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- local_revision_number-source -->
|
||||
|
||||
@@ -299,7 +319,7 @@
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/updater/svn_updater.rb, line 35</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">update</span>
|
||||
<span class="ruby-node">%[svn up "#{@repo_directory}"]</span>
|
||||
<span class="ruby-node">%[svn up "#@repo_directory"]</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- update-source -->
|
||||
|
||||
|
||||
@@ -85,6 +85,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -290,11 +292,11 @@
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpstools/parse_svn.rb, line 26</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">svn_root</span>, <span class="ruby-identifier">verbose</span>, <span class="ruby-identifier">keep_empty_dirs</span> = <span class="ruby-keyword">false</span>)
|
||||
<span class="ruby-ivar">@svn_root</span> = <span class="ruby-identifier">svn_root</span>
|
||||
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">verbose</span>
|
||||
<span class="ruby-ivar">@keep_empty_dirs</span> = <span class="ruby-identifier">keep_empty_dirs</span>
|
||||
<span class="ruby-ivar">@svn_browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
|
||||
<span class="ruby-ivar">@svn_hydra</span> = <span class="ruby-ivar">@svn_browser</span>.<span class="ruby-identifier">hydra</span>
|
||||
<span class="ruby-ivar">@svn_root</span> = <span class="ruby-identifier">svn_root</span>
|
||||
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">verbose</span>
|
||||
<span class="ruby-ivar">@keep_empty_dirs</span> = <span class="ruby-identifier">keep_empty_dirs</span>
|
||||
<span class="ruby-ivar">@svn_browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
|
||||
<span class="ruby-ivar">@svn_hydra</span> = <span class="ruby-ivar">@svn_browser</span>.<span class="ruby-identifier">hydra</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- new-source -->
|
||||
|
||||
@@ -337,8 +339,7 @@
|
||||
<span class="ruby-identifier">dirs</span> = <span class="ruby-identifier">get_root_directories</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-identifier">urls</span> = <span class="ruby-identifier">get_svn_project_urls</span>(<span class="ruby-identifier">dirs</span>)
|
||||
<span class="ruby-identifier">entries</span> = <span class="ruby-identifier">get_svn_file_entries</span>(<span class="ruby-identifier">urls</span>)
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">entries</span>
|
||||
<span class="ruby-identifier">get_svn_file_entries</span>(<span class="ruby-identifier">urls</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- parse-source -->
|
||||
|
||||
|
||||
@@ -91,6 +91,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
|
||||
@@ -85,6 +85,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
|
||||
@@ -83,6 +83,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -205,11 +207,11 @@
|
||||
<h3 class="section-header">Attributes</h3>
|
||||
|
||||
|
||||
<div id="vulns_xml-attribute-method" class="method-detail">
|
||||
<a name="vulns_xml"></a>
|
||||
<div id="vulns_file-attribute-method" class="method-detail">
|
||||
<a name="vulns_file"></a>
|
||||
|
||||
<div class="method-heading attribute-method-heading">
|
||||
<span class="method-name">vulns_xml</span><span
|
||||
<span class="method-name">vulns_file</span><span
|
||||
class="attribute-access-type">[R]</span>
|
||||
</div>
|
||||
|
||||
@@ -268,7 +270,7 @@ be empty)</p>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">vulnerabilities</span>
|
||||
<span class="ruby-identifier">vulnerabilities</span> = []
|
||||
|
||||
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-ivar">@vulns_xml</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-ivar">@vulns_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
|
||||
@@ -81,6 +81,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -224,7 +226,7 @@
|
||||
|
||||
<div class="method-source-code" id="is_online-3F-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 50</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 52</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_online?</span>
|
||||
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">0</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -261,15 +263,17 @@
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_wordpress?</span>
|
||||
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">false</span>
|
||||
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">login_url</span>(),
|
||||
{ <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span> }
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
|
||||
<span class="ruby-identifier">login_url</span>(),
|
||||
{<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span>}
|
||||
)
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%{WordPress}</span>
|
||||
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">true</span>
|
||||
<span class="ruby-keyword">else</span>
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">xmlrpc_url</span>(),
|
||||
{ <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span> }
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
|
||||
<span class="ruby-identifier">xmlrpc_url</span>(),
|
||||
{<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span>}
|
||||
)
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%{XML-RPC server accepts POST requests only}</span>
|
||||
@@ -309,8 +313,9 @@ redirection or nil</p>
|
||||
|
||||
<div class="method-source-code" id="redirection-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 56</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 58</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">redirection</span>(<span class="ruby-identifier">url</span> = <span class="ruby-keyword">nil</span>)
|
||||
<span class="ruby-identifier">redirection</span> = <span class="ruby-keyword">nil</span>
|
||||
<span class="ruby-identifier">url</span> <span class="ruby-operator">||=</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>)
|
||||
|
||||
@@ -349,7 +354,7 @@ redirection or nil</p>
|
||||
|
||||
<div class="method-source-code" id="xmlrpc_url-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 45</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 47</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">xmlrpc_url</span>
|
||||
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">"xmlrpc.php"</span>).<span class="ruby-identifier">to_s</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
|
||||
@@ -77,6 +77,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -222,10 +224,11 @@
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/wp_config_backup.rb, line 49</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">config_backup_files</span>
|
||||
[
|
||||
<span class="ruby-string">'wp-config.php~'</span>,<span class="ruby-string">'#wp-config.php#'</span>,<span class="ruby-string">'wp-config.php.save'</span>,<span class="ruby-string">'wp-config.php.swp'</span>,<span class="ruby-string">'wp-config.php.swo'</span>,<span class="ruby-string">'wp-config.php_bak'</span>,
|
||||
<span class="ruby-string">'wp-config.bak'</span>, <span class="ruby-string">'wp-config.php.bak'</span>, <span class="ruby-string">'wp-config.save'</span>
|
||||
] <span class="ruby-comment"># thanks to Feross.org for these</span>
|
||||
<span class="ruby-node">%{
|
||||
wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
|
||||
wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
|
||||
wp-config.orig wp-config.php.original wp-config.original
|
||||
}</span> <span class="ruby-comment"># thanks to Feross.org for these</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- config_backup_files-source -->
|
||||
|
||||
@@ -266,14 +269,14 @@ an array of backup config files url</p>
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/wp_config_backup.rb, line 24</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">config_backup</span>
|
||||
<span class="ruby-identifier">found</span> = []
|
||||
<span class="ruby-identifier">backups</span> = <span class="ruby-constant">WpConfigBackup</span>.<span class="ruby-identifier">config_backup_files</span>
|
||||
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
|
||||
<span class="ruby-identifier">hydra</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">hydra</span>
|
||||
<span class="ruby-identifier">found</span> = []
|
||||
<span class="ruby-identifier">backups</span> = <span class="ruby-constant">WpConfigBackup</span>.<span class="ruby-identifier">config_backup_files</span>
|
||||
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
|
||||
<span class="ruby-identifier">hydra</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">hydra</span>
|
||||
|
||||
<span class="ruby-identifier">backups</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">file_url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-constant">URI</span>.<span class="ruby-identifier">escape</span>(<span class="ruby-identifier">file</span>)).<span class="ruby-identifier">to_s</span>
|
||||
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">file_url</span>)
|
||||
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">file_url</span>)
|
||||
|
||||
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{define}</span>] <span class="ruby-keyword">and</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{<\s?html}</span>]
|
||||
|
||||
@@ -85,6 +85,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -242,12 +244,12 @@
|
||||
<span class="ruby-identifier">already_present</span> = <span class="ruby-keyword">false</span>
|
||||
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-comment"># Already found via passive detection</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">==</span> <span class="ruby-identifier">enum_result</span>[<span class="ruby-value">:name</span>]
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">enum_result</span>.<span class="ruby-identifier">name</span>
|
||||
<span class="ruby-identifier">already_present</span> = <span class="ruby-keyword">true</span>
|
||||
<span class="ruby-keyword">break</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">already_present</span>
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">already_present</span>
|
||||
<span class="ruby-identifier">result</span> <span class="ruby-operator"><<</span> <span class="ruby-identifier">enum_result</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
@@ -300,12 +302,14 @@
|
||||
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">uniq!</span>
|
||||
|
||||
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">items</span> <span class="ruby-operator"><<</span> {
|
||||
<span class="ruby-identifier">items</span> <span class="ruby-operator"><<</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
|
||||
<span class="ruby-value">:url</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">url</span>,
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">item</span>,
|
||||
<span class="ruby-value">:path</span> =<span class="ruby-operator">></span> <span class="ruby-node">"#{type}/#{item}/"</span>,
|
||||
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">wp_content_dir</span>
|
||||
}
|
||||
<span class="ruby-value">:type</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">type</span>,
|
||||
<span class="ruby-value">:path</span> =<span class="ruby-operator">></span> <span class="ruby-node">"#{item}/"</span>,
|
||||
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">wp_content_dir</span>,
|
||||
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">></span> <span class="ruby-string">""</span>
|
||||
)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-identifier">items</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
|
||||
@@ -85,6 +85,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -271,11 +273,7 @@
|
||||
<span class="ruby-identifier">enumerate_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
|
||||
|
||||
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-comment"># Timthumb files have no /timthumbs/ directory</span>
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">/timthumbs/</span>
|
||||
<span class="ruby-identifier">target</span>[<span class="ruby-value">:path</span>] = <span class="ruby-node">"#{options[:type]}/#{target[:path]}"</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-identifier">url</span> = <span class="ruby-node">"#{target[:url]}#{target[:wp_content_dir]}/#{target[:path]}"</span>
|
||||
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_url</span>
|
||||
|
||||
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">></span> <span class="ruby-value">0</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span> })
|
||||
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
|
||||
@@ -338,7 +336,7 @@
|
||||
|
||||
<div class="method-source-code" id="generate_items-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_enumerator.rb, line 88</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_enumerator.rb, line 84</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">generate_items</span>(<span class="ruby-identifier">options</span> = {})
|
||||
<span class="ruby-identifier">only_vulnerable</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>]
|
||||
<span class="ruby-identifier">file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>]
|
||||
@@ -346,18 +344,22 @@
|
||||
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
|
||||
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
|
||||
<span class="ruby-identifier">type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
|
||||
<span class="ruby-identifier">plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
|
||||
<span class="ruby-identifier">targets_url</span> = []
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">only_vulnerable</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">false</span>
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">only_vulnerable</span>
|
||||
<span class="ruby-comment"># Open and parse the 'most popular' plugin list...</span>
|
||||
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">'r'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">"r"</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">line</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator"><<</span> {
|
||||
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator"><<</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
|
||||
<span class="ruby-value">:url</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">url</span>,
|
||||
<span class="ruby-value">:path</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>,
|
||||
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">wp_content_dir</span>,
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>)
|
||||
}
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>),
|
||||
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">vulns_file</span>,
|
||||
<span class="ruby-value">:type</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">type</span>,
|
||||
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">plugins_dir</span>
|
||||
)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
@@ -371,17 +373,20 @@
|
||||
<span class="ruby-comment"># We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it</span>
|
||||
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>]).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">name</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">"name"</span>).<span class="ruby-identifier">text</span>
|
||||
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator"><<</span> {
|
||||
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator"><<</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
|
||||
<span class="ruby-value">:url</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">url</span>,
|
||||
<span class="ruby-value">:path</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">name</span>,
|
||||
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">wp_content_dir</span>,
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">name</span>
|
||||
}
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">name</span>,
|
||||
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">vulns_file</span>,
|
||||
<span class="ruby-value">:type</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">type</span>,
|
||||
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">plugins_dir</span>
|
||||
)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">flatten!</span>
|
||||
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">uniq!</span>
|
||||
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">flatten!</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }
|
||||
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">uniq!</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }
|
||||
<span class="ruby-comment"># randomize the plugins array to *maybe* help in some crappy IDS/IPS/WAF detection</span>
|
||||
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">sort_by!</span> { <span class="ruby-identifier">rand</span> }
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
|
||||
@@ -77,6 +77,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
|
||||
143
doc/WpItem.html
143
doc/WpItem.html
@@ -79,6 +79,8 @@
|
||||
|
||||
<li><a href="#method-i-extract_name_from_url">#extract_name_from_url</a></li>
|
||||
|
||||
<li><a href="#method-i-get_sub_folder">#get_sub_folder</a></li>
|
||||
|
||||
<li><a href="#method-i-get_url">#get_url</a></li>
|
||||
|
||||
<li><a href="#method-i-get_url_without_filename">#get_url_without_filename</a></li>
|
||||
@@ -109,6 +111,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -262,6 +266,23 @@
|
||||
|
||||
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="type-attribute-method" class="method-detail">
|
||||
<a name="type"></a>
|
||||
|
||||
<a name="type="></a>
|
||||
|
||||
<div class="method-heading attribute-method-heading">
|
||||
<span class="method-name">type</span><span
|
||||
class="attribute-access-type">[RW]</span>
|
||||
</div>
|
||||
|
||||
<div class="method-description">
|
||||
|
||||
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -282,13 +303,13 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="vulns_xml-attribute-method" class="method-detail">
|
||||
<a name="vulns_xml"></a>
|
||||
<div id="vulns_file-attribute-method" class="method-detail">
|
||||
<a name="vulns_file"></a>
|
||||
|
||||
<a name="vulns_xml="></a>
|
||||
<a name="vulns_file="></a>
|
||||
|
||||
<div class="method-heading attribute-method-heading">
|
||||
<span class="method-name">vulns_xml</span><span
|
||||
<span class="method-name">vulns_file</span><span
|
||||
class="attribute-access-type">[RW]</span>
|
||||
</div>
|
||||
|
||||
@@ -330,6 +351,23 @@
|
||||
|
||||
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="wp_plugin_dir-attribute-method" class="method-detail">
|
||||
<a name="wp_plugin_dir"></a>
|
||||
|
||||
<a name="wp_plugin_dir="></a>
|
||||
|
||||
<div class="method-heading attribute-method-heading">
|
||||
<span class="method-name">wp_plugin_dir</span><span
|
||||
class="attribute-access-type">[RW]</span>
|
||||
</div>
|
||||
|
||||
<div class="method-description">
|
||||
|
||||
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -348,7 +386,7 @@
|
||||
|
||||
<div class="method-heading">
|
||||
<span class="method-name">new</span><span
|
||||
class="method-args">(options = {})</span>
|
||||
class="method-args">(options)</span>
|
||||
<span class="method-click-advice">click to toggle source</span>
|
||||
</div>
|
||||
|
||||
@@ -362,19 +400,22 @@
|
||||
<div class="method-source-code" id="new-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 25</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
|
||||
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-string">"wp-content"</span>
|
||||
<span class="ruby-ivar">@wp_plugin_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-string">"plugins"</span>
|
||||
<span class="ruby-ivar">@url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
|
||||
<span class="ruby-ivar">@path</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
|
||||
<span class="ruby-ivar">@name</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>
|
||||
<span class="ruby-ivar">@vulns_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>]
|
||||
<span class="ruby-ivar">@vulns_xpath</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\$name\$/</span>, <span class="ruby-ivar">@name</span>)
|
||||
<span class="ruby-ivar">@vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
|
||||
<span class="ruby-ivar">@vulns_xpath</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\$name\$/</span>, <span class="ruby-ivar">@name</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
|
||||
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-string">"url not set"</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-string">"path not set"</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-string">"url not set"</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-string">"path not set"</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-string">"wp_content_dir not set"</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-string">"name not set"</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-string">"vulns_xml not set"</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_xml</span>
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-string">"name not set"</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-string">"vulns_file not set"</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_file</span>
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-string">"type not set"</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@type</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- new-source -->
|
||||
|
||||
@@ -411,7 +452,7 @@
|
||||
|
||||
<div class="method-source-code" id="3C-3D-3E-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 97</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 121</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-operator"><=></span>(<span class="ruby-identifier">other</span>)
|
||||
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator"><=></span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -444,7 +485,7 @@
|
||||
|
||||
<div class="method-source-code" id="3D-3D-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 87</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 111</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-operator">==</span>(<span class="ruby-identifier">other</span>)
|
||||
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -477,7 +518,7 @@
|
||||
|
||||
<div class="method-source-code" id="3D-3D-3D-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 92</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 116</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">other</span>)
|
||||
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -510,7 +551,7 @@
|
||||
|
||||
<div class="method-source-code" id="changelog_url-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 107</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 131</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
|
||||
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">"changelog.txt"</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -543,7 +584,7 @@
|
||||
|
||||
<div class="method-source-code" id="directory_listing-3F-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 70</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 94</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">directory_listing?</span>
|
||||
<span class="ruby-comment"># Need to remove to file part from the url</span>
|
||||
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url_without_filename</span>).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{<title>Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
|
||||
@@ -577,7 +618,7 @@
|
||||
|
||||
<div class="method-source-code" id="extract_name_from_url-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 76</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 100</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>
|
||||
<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -591,6 +632,50 @@
|
||||
</div><!-- extract_name_from_url-method -->
|
||||
|
||||
|
||||
<div id="get_sub_folder-method" class="method-detail ">
|
||||
<a name="method-i-get_sub_folder"></a>
|
||||
|
||||
|
||||
<div class="method-heading">
|
||||
<span class="method-name">get_sub_folder</span><span
|
||||
class="method-args">()</span>
|
||||
<span class="method-click-advice">click to toggle source</span>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="method-description">
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<div class="method-source-code" id="get_sub_folder-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 43</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_sub_folder</span>
|
||||
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
|
||||
<span class="ruby-keyword">when</span> <span class="ruby-string">"plugins"</span>
|
||||
<span class="ruby-identifier">folder</span> = <span class="ruby-ivar">@wp_plugin_dir</span>
|
||||
<span class="ruby-keyword">when</span> <span class="ruby-string">"themes"</span>
|
||||
<span class="ruby-identifier">folder</span> = <span class="ruby-string">"themes"</span>
|
||||
<span class="ruby-keyword">when</span> <span class="ruby-string">"timthumbs"</span>
|
||||
<span class="ruby-comment"># not needed</span>
|
||||
<span class="ruby-identifier">folder</span> = <span class="ruby-keyword">nil</span>
|
||||
<span class="ruby-keyword">else</span>
|
||||
<span class="ruby-identifier">raise</span>(<span class="ruby-node">"unknown type #@type"</span>)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-identifier">folder</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- get_sub_folder-source -->
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
|
||||
</div><!-- get_sub_folder-method -->
|
||||
|
||||
|
||||
<div id="get_url-method" class="method-detail ">
|
||||
<a name="method-i-get_url"></a>
|
||||
|
||||
@@ -610,14 +695,20 @@
|
||||
|
||||
<div class="method-source-code" id="get_url-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 41</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 59</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url</span>
|
||||
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">"/"</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">"#@url/"</span>
|
||||
<span class="ruby-comment"># remove first and last /</span>
|
||||
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">""</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">""</span>)
|
||||
<span class="ruby-comment"># remove first /</span>
|
||||
<span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">""</span>)
|
||||
<span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">"#{url}#{wp_content_dir}/#{path}"</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">"timthumbs"</span>
|
||||
<span class="ruby-comment"># timthumbs have folder in path variable</span>
|
||||
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">"#{url}#{wp_content_dir}/#{path}"</span>)
|
||||
<span class="ruby-keyword">else</span>
|
||||
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">"#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}"</span>)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-identifier">ret</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- get_url-source -->
|
||||
|
||||
@@ -648,7 +739,7 @@
|
||||
|
||||
<div class="method-source-code" id="get_url_without_filename-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 51</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 75</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url_without_filename</span>
|
||||
<span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>
|
||||
<span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
|
||||
@@ -686,7 +777,7 @@
|
||||
|
||||
<div class="method-source-code" id="has_changelog-3F-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 121</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 145</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_changelog?</span>
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@changelog</span>
|
||||
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">changelog_url</span>).<span class="ruby-identifier">code</span>
|
||||
@@ -723,7 +814,7 @@
|
||||
|
||||
<div class="method-source-code" id="has_readme-3F-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 112</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 136</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@readme</span>
|
||||
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>).<span class="ruby-identifier">code</span>
|
||||
@@ -760,7 +851,7 @@
|
||||
|
||||
<div class="method-source-code" id="readme_url-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 102</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 126</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
|
||||
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">"readme.txt"</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -793,7 +884,7 @@
|
||||
|
||||
<div class="method-source-code" id="to_s-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 81</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 105</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
|
||||
<span class="ruby-identifier">item_version</span> = <span class="ruby-identifier">version</span>
|
||||
<span class="ruby-node">"#@name#{' v' + item_version.strip if item_version}"</span>
|
||||
@@ -827,7 +918,7 @@
|
||||
|
||||
<div class="method-source-code" id="version-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 61</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 85</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">"readme.txt"</span>).<span class="ruby-identifier">to_s</span>)
|
||||
|
||||
@@ -83,6 +83,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
|
||||
@@ -87,6 +87,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -232,7 +234,8 @@
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 20</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/plugin_vulns.xml'</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">""</span>) <span class="ruby-operator">?</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">"/plugin_vulns.xml"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">"//plugin[@name='$name$']/vulnerability"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">"//plugin"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">"plugins"</span>
|
||||
@@ -276,9 +279,9 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
|
||||
|
||||
<div class="method-source-code" id="error_log-3F-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 33</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 34</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log?</span>
|
||||
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">error_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">></span> { <span class="ruby-string">"range"</span> =<span class="ruby-operator">></span> <span class="ruby-string">"bytes=0-700"</span>}).<span class="ruby-identifier">body</span>
|
||||
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">error_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">></span> {<span class="ruby-string">"range"</span> =<span class="ruby-operator">></span> <span class="ruby-string">"bytes=0-700"</span>}).<span class="ruby-identifier">body</span>
|
||||
<span class="ruby-identifier">response_body</span>[<span class="ruby-regexp">%{PHP Fatal error}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- error_log-3F-source -->
|
||||
@@ -310,7 +313,7 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
|
||||
|
||||
<div class="method-source-code" id="error_log_url-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 38</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 39</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log_url</span>
|
||||
<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">"error_log"</span>).<span class="ruby-identifier">to_s</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
|
||||
@@ -77,6 +77,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -229,14 +231,16 @@
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">"//plugin[@name='#{@name}']/vulnerability"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">"//plugin"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">"plugins"</span>
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-identifier">result</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-identifier">plugins</span> = []
|
||||
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">plugins</span> <span class="ruby-operator"><<</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
|
||||
<span class="ruby-value">:url</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:url</span>],
|
||||
<span class="ruby-value">:path</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:path</span>],
|
||||
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:wp_content_dir</span>],
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">r</span>[<span class="ruby-value">:name</span>]
|
||||
<span class="ruby-value">:url</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">url</span>,
|
||||
<span class="ruby-value">:path</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
|
||||
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>,
|
||||
<span class="ruby-value">:type</span> =<span class="ruby-operator">></span> <span class="ruby-string">"plugins"</span>,
|
||||
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugin_dir</span>
|
||||
)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
|
||||
@@ -278,17 +282,19 @@ plugins can be found in the source code :</p>
|
||||
|
||||
<div class="method-source-code" id="plugins_from_passive_detection-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 49</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 51</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_passive_detection</span>(<span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-identifier">plugins</span> = []
|
||||
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>], <span class="ruby-string">"plugins"</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
|
||||
|
||||
<span class="ruby-identifier">temp</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">plugins</span> <span class="ruby-operator"><<</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
|
||||
<span class="ruby-value">:url</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">item</span>[<span class="ruby-value">:url</span>],
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">item</span>[<span class="ruby-value">:name</span>],
|
||||
<span class="ruby-value">:path</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">item</span>[<span class="ruby-value">:path</span>],
|
||||
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
|
||||
<span class="ruby-value">:url</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">url</span>,
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
|
||||
<span class="ruby-value">:path</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
|
||||
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
|
||||
<span class="ruby-value">:type</span> =<span class="ruby-operator">></span> <span class="ruby-string">"plugins"</span>,
|
||||
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugin_dir</span>]
|
||||
)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
|
||||
|
||||
@@ -77,6 +77,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
|
||||
@@ -159,6 +159,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -493,7 +495,7 @@
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 112</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_debug_log?</span>
|
||||
<span class="ruby-comment"># We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)</span>
|
||||
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">debug_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">></span> { <span class="ruby-string">"range"</span> =<span class="ruby-operator">></span> <span class="ruby-string">"bytes=0-700"</span>}).<span class="ruby-identifier">body</span>
|
||||
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">debug_log_url</span>(), <span class="ruby-value">:headers</span> =<span class="ruby-operator">></span> {<span class="ruby-string">"range"</span> =<span class="ruby-operator">></span> <span class="ruby-string">"bytes=0-700"</span>}).<span class="ruby-identifier">body</span>
|
||||
<span class="ruby-identifier">response_body</span>[<span class="ruby-regexp">%{\[[^\]]+\] PHP (?:Warning|Error|Notice):}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- has_debug_log-3F-source -->
|
||||
@@ -778,7 +780,7 @@
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 105</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir</span>
|
||||
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_plugins_dir</span>
|
||||
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-identifier">wp_content_dir</span>() <span class="ruby-operator">+</span> <span class="ruby-string">"/plugins"</span>
|
||||
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-string">"plugins"</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-ivar">@wp_plugins_dir</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
|
||||
@@ -91,6 +91,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -286,7 +288,7 @@
|
||||
|
||||
<div class="method-source-code" id="find-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 42</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 44</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>)
|
||||
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/find_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">theme</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">target_uri</span>)
|
||||
@@ -326,8 +328,10 @@
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 25</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/wp_theme_vulns.xml'</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = (<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-string">""</span>) <span class="ruby-operator">?</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">:</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">"/wp_theme_vulns.xml"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">"//theme[@name='$name$']/vulnerability"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">"themes"</span>
|
||||
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version</span>]
|
||||
<span class="ruby-ivar">@style_url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:style_url</span>]
|
||||
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
|
||||
@@ -367,11 +371,12 @@
|
||||
|
||||
<div class="method-source-code" id="find_from_css_link-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 58</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 60</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_css_link</span>(<span class="ruby-identifier">target_uri</span>)
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, { <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span> })
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span>})
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%{https?://[^"']+/themes/([^"']+)/style.css}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
|
||||
<span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%{https?://[^"']+/themes/([^"']+)/style.css}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span>
|
||||
<span class="ruby-identifier">style_url</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>]
|
||||
<span class="ruby-identifier">theme_name</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
|
||||
|
||||
@@ -413,14 +418,15 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
|
||||
|
||||
<div class="method-source-code" id="find_from_wooframework-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 75</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 78</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_wooframework</span>(<span class="ruby-identifier">target_uri</span>)
|
||||
<span class="ruby-identifier">body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
|
||||
<span class="ruby-identifier">regexp</span> = <span class="ruby-regexp">%{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}</span>
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span> = <span class="ruby-identifier">regexp</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">body</span>)
|
||||
<span class="ruby-identifier">woo_theme_name</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
|
||||
<span class="ruby-identifier">woo_theme_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
|
||||
<span class="ruby-identifier">matches</span> = <span class="ruby-identifier">regexp</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">body</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span>
|
||||
<span class="ruby-identifier">woo_theme_name</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
|
||||
<span class="ruby-identifier">woo_theme_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
|
||||
<span class="ruby-identifier">woo_framework_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">3</span>] <span class="ruby-comment"># Not used at this time</span>
|
||||
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">woo_theme_name</span>,
|
||||
@@ -466,7 +472,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
|
||||
|
||||
<div class="method-source-code" id="3D-3D-3D-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 51</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 53</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">wp_theme</span>)
|
||||
<span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">version</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@version</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
|
||||
@@ -79,6 +79,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -258,12 +260,12 @@
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 28</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">theme_name</span> = <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">options</span> = {})
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@wp_timthumbs</span>.<span class="ruby-identifier">nil?</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">"timthumbs"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] = <span class="ruby-keyword">false</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">"/timthumbs.txt"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-string">"xxx"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">"xxx"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">"xxx"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">"timthumbs"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] = <span class="ruby-keyword">false</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">"/timthumbs.txt"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-string">"xxx"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">"xxx"</span>
|
||||
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">"xxx"</span>
|
||||
|
||||
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">theme_name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
|
||||
@@ -312,19 +314,22 @@
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 49</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">targets_url_from_theme</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-identifier">targets</span> = []
|
||||
<span class="ruby-identifier">targets</span> = []
|
||||
<span class="ruby-identifier">theme_name</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">escape</span>(<span class="ruby-identifier">theme_name</span>)
|
||||
|
||||
<span class="ruby-node">%{
|
||||
timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
|
||||
scripts/timthumb.php tools/timthumb.php functions/timthumb.php
|
||||
}</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">targets</span> <span class="ruby-operator"><<</span> {
|
||||
<span class="ruby-identifier">targets</span> <span class="ruby-operator"><<</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
|
||||
<span class="ruby-value">:url</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>],
|
||||
<span class="ruby-value">:path</span> =<span class="ruby-operator">></span> <span class="ruby-node">"themes/#{theme_name}/#{file}"</span>,
|
||||
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>]
|
||||
}
|
||||
<span class="ruby-value">:name</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">theme_name</span>,
|
||||
<span class="ruby-value">:vulns_file</span> =<span class="ruby-operator">></span> <span class="ruby-string">"XX"</span>,
|
||||
<span class="ruby-value">:type</span> =<span class="ruby-operator">></span> <span class="ruby-string">"timthumbs"</span>,
|
||||
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
|
||||
)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-identifier">targets</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
|
||||
@@ -85,6 +85,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -333,7 +335,7 @@
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 60</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_nickname_from_url</span>(<span class="ruby-identifier">url</span>)
|
||||
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span> })
|
||||
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span>})
|
||||
<span class="ruby-identifier">nickname</span> = <span class="ruby-keyword">nil</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span>
|
||||
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">extract_nickname_from_body</span>(<span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span>)
|
||||
@@ -428,9 +430,9 @@ href="http://seclists.org/fulldisclosure/2011/May/493">seclists.org/fulldisclosu
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 28</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">usernames</span>(<span class="ruby-identifier">options</span> = {})
|
||||
<span class="ruby-identifier">range</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:range</span>] <span class="ruby-operator">||</span> (<span class="ruby-value">1</span><span class="ruby-operator">..</span><span class="ruby-value">10</span>)
|
||||
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
|
||||
<span class="ruby-identifier">usernames</span> = []
|
||||
<span class="ruby-identifier">range</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:range</span>] <span class="ruby-operator">||</span> (<span class="ruby-value">1</span><span class="ruby-operator">..</span><span class="ruby-value">10</span>)
|
||||
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
|
||||
<span class="ruby-identifier">usernames</span> = []
|
||||
|
||||
<span class="ruby-identifier">range</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">author_id</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">author_url</span>(<span class="ruby-identifier">author_id</span>)
|
||||
|
||||
@@ -97,6 +97,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -336,7 +338,7 @@ etc)</p>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">number</span>, <span class="ruby-identifier">options</span> = {})
|
||||
<span class="ruby-ivar">@number</span> = <span class="ruby-identifier">number</span>
|
||||
<span class="ruby-ivar">@discovery_method</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:discovery_method</span>]
|
||||
<span class="ruby-ivar">@vulns_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/wp_vulns.xml'</span>
|
||||
<span class="ruby-ivar">@vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/wp_vulns.xml'</span>
|
||||
<span class="ruby-ivar">@vulns_xpath</span> = <span class="ruby-node">"//wordpress[@version='#{@number}']/vulnerability"</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- new-source -->
|
||||
@@ -392,7 +394,9 @@ file across all versions of wordpress.</p>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 94</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_advanced_fingerprinting</span>(<span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
|
||||
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/wp_versions.xml'</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-comment"># needed for rpsec tests</span>
|
||||
<span class="ruby-identifier">version_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">"/wp_versions.xml"</span>
|
||||
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">version_xml</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
@@ -402,11 +406,11 @@ file across all versions of wordpress.</p>
|
||||
<span class="ruby-identifier">file_url</span> = <span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'src'</span>).<span class="ruby-identifier">text</span>).<span class="ruby-identifier">to_s</span>
|
||||
<span class="ruby-identifier">file_url</span> = <span class="ruby-identifier">file_url</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/\$wp-plugins\$/</span>, <span class="ruby-identifier">wp_plugins</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/\$wp-content\$/</span>, <span class="ruby-identifier">wp_content</span>)
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">file_url</span>)
|
||||
<span class="ruby-identifier">md5sum</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
|
||||
<span class="ruby-identifier">md5sum</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
|
||||
|
||||
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'hash'</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">hash</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">hash</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'md5'</span>).<span class="ruby-identifier">text</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">md5sum</span>
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">hash</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'versions'</span>).<span class="ruby-identifier">text</span>
|
||||
<span class="ruby-keyword">return</span> <span class="ruby-identifier">hash</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'versions'</span>).<span class="ruby-identifier">text</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
@@ -448,7 +452,7 @@ upgrade.</p>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 61</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_meta_generator</span>(<span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, { <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span> })
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span>})
|
||||
|
||||
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{name="generator" content="wordpress ([^"]+)"}</span>, <span class="ruby-value">1</span>]
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -481,7 +485,7 @@ upgrade.</p>
|
||||
|
||||
<div class="method-source-code" id="find_from_readme-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 117</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 119</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_readme</span>(<span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
|
||||
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">"readme.html"</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{<br />\sversion #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
|
||||
@@ -518,7 +522,7 @@ upgrade.</p>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 68</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rss_generator</span>(<span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">"feed/"</span>).<span class="ruby-identifier">to_s</span>, { <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span> })
|
||||
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">"feed/"</span>).<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">></span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">></span> <span class="ruby-value">2</span>})
|
||||
|
||||
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{<generator>http://wordpress.org/\?v=([^<]+)</generator>}</span>, <span class="ruby-value">1</span>]
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -552,7 +556,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
|
||||
|
||||
<div class="method-source-code" id="find_from_sitemap_generator-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 123</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 125</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_sitemap_generator</span>(<span class="ruby-identifier">options</span>)
|
||||
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
|
||||
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">"sitemap.xml"</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{generator="wordpress/#{WpVersion.version_pattern}"}</span>, <span class="ruby-value">1</span>]
|
||||
@@ -587,7 +591,7 @@ one ‘.’</p>
|
||||
|
||||
<div class="method-source-code" id="version_pattern-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 129</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 131</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">version_pattern</span>
|
||||
<span class="ruby-string">'(.*(?=.)(?=.*\d)(?=.*[.]).*)'</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
|
||||
@@ -83,6 +83,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -286,9 +288,9 @@
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wp_vulnerability.rb, line 22</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">title</span>, <span class="ruby-identifier">reference</span>, <span class="ruby-identifier">type</span>)
|
||||
<span class="ruby-ivar">@title</span> = <span class="ruby-identifier">title</span>
|
||||
<span class="ruby-ivar">@reference</span> = <span class="ruby-identifier">reference</span>
|
||||
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">type</span>
|
||||
<span class="ruby-ivar">@title</span> = <span class="ruby-identifier">title</span>
|
||||
<span class="ruby-ivar">@reference</span> = <span class="ruby-identifier">reference</span>
|
||||
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">type</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- new-source -->
|
||||
|
||||
|
||||
@@ -117,6 +117,8 @@
|
||||
|
||||
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="./README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -280,7 +282,7 @@ href="WpscanOptions.html">WpscanOptions</a></p>
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-constant">ARGV</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">></span> <span class="ruby-value">0</span>
|
||||
<span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">get_opt_long</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">opt</span>, <span class="ruby-identifier">arg</span><span class="ruby-operator">|</span>
|
||||
<span class="ruby-identifier">wpscan_options</span>.<span class="ruby-identifier">set_option_from_cli</span>(<span class="ruby-identifier">opt</span>, <span class="ruby-identifier">arg</span>)
|
||||
<span class="ruby-identifier">wpscan_options</span>.<span class="ruby-identifier">set_option_from_cli</span>(<span class="ruby-identifier">opt</span>, <span class="ruby-identifier">arg</span>)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
|
||||
@@ -357,7 +359,7 @@ any remaining ‘-’ by ‘_’</p>
|
||||
|
||||
<div class="method-source-code" id="clean_option-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 216</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 217</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">clean_option</span>(<span class="ruby-identifier">option</span>)
|
||||
<span class="ruby-identifier">cleaned_option</span> = <span class="ruby-identifier">option</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/^--?/</span>, <span class="ruby-string">''</span>)
|
||||
<span class="ruby-identifier">cleaned_option</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/-/</span>, <span class="ruby-string">'_'</span>)
|
||||
@@ -392,23 +394,23 @@ any remaining ‘-’ by ‘_’</p>
|
||||
|
||||
<div class="method-source-code" id="get_opt_long-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 188</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 189</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">get_opt_long</span>
|
||||
<span class="ruby-constant">GetoptLong</span>.<span class="ruby-identifier">new</span>(
|
||||
[<span class="ruby-string">"--url"</span>, <span class="ruby-string">"-u"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--enumerate"</span>, <span class="ruby-string">"-e"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">OPTIONAL_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--username"</span>, <span class="ruby-string">"-U"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--wordlist"</span>, <span class="ruby-string">"-w"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--threads"</span>, <span class="ruby-string">"-t"</span>,<span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--force"</span>, <span class="ruby-string">"-f"</span>,<span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--help"</span>, <span class="ruby-string">"-h"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--verbose"</span>, <span class="ruby-string">"-v"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>] ,
|
||||
[<span class="ruby-string">"--proxy"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">OPTIONAL_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--update"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--follow-redirection"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--wp-content-dir"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--wp-plugins-dir"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--config-file"</span>, <span class="ruby-string">"-c"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>]
|
||||
[<span class="ruby-string">"--url"</span>, <span class="ruby-string">"-u"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--enumerate"</span>, <span class="ruby-string">"-e"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">OPTIONAL_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--username"</span>, <span class="ruby-string">"-U"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--wordlist"</span>, <span class="ruby-string">"-w"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--threads"</span>, <span class="ruby-string">"-t"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--force"</span>, <span class="ruby-string">"-f"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--help"</span>, <span class="ruby-string">"-h"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--verbose"</span>, <span class="ruby-string">"-v"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--proxy"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">OPTIONAL_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--update"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--follow-redirection"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">NO_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--wp-content-dir"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--wp-plugins-dir"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>],
|
||||
[<span class="ruby-string">"--config-file"</span>, <span class="ruby-string">"-c"</span>, <span class="ruby-constant">GetoptLong</span><span class="ruby-operator">::</span><span class="ruby-constant">REQUIRED_ARGUMENT</span>]
|
||||
)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
</div><!-- get_opt_long-source -->
|
||||
@@ -440,7 +442,7 @@ any remaining ‘-’ by ‘_’</p>
|
||||
|
||||
<div class="method-source-code" id="is_long_option-3F-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 207</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 208</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">is_long_option?</span>(<span class="ruby-identifier">option</span>)
|
||||
<span class="ruby-constant">ACCESSOR_OPTIONS</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-value">:"#{WpscanOptions.clean_option(option)}"</span>)
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -473,10 +475,10 @@ any remaining ‘-’ by ‘_’</p>
|
||||
|
||||
<div class="method-source-code" id="option_to_instance_variable_setter-source">
|
||||
<pre>
|
||||
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 221</span>
|
||||
<span class="ruby-comment"># File lib/wpscan/wpscan_options.rb, line 222</span>
|
||||
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">option_to_instance_variable_setter</span>(<span class="ruby-identifier">option</span>)
|
||||
<span class="ruby-identifier">cleaned_option</span> = <span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">clean_option</span>(<span class="ruby-identifier">option</span>)
|
||||
<span class="ruby-identifier">option_syms</span> = <span class="ruby-constant">ACCESSOR_OPTIONS</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-node">%{^#{cleaned_option}}</span>)
|
||||
<span class="ruby-identifier">option_syms</span> = <span class="ruby-constant">ACCESSOR_OPTIONS</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-node">%{^#{cleaned_option}}</span>)
|
||||
|
||||
<span class="ruby-identifier">option_syms</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span> <span class="ruby-operator">?</span> <span class="ruby-value">:"#{option_syms.at(0)}="</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">nil</span>
|
||||
<span class="ruby-keyword">end</span></pre>
|
||||
@@ -609,7 +611,8 @@ href="http://1-10">u</a> will enumerate usernames from 1 to 10</p>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/u/</span>
|
||||
<span class="ruby-ivar">@enumerate_usernames</span> = <span class="ruby-keyword">true</span>
|
||||
<span class="ruby-comment"># Check for usernames range</span>
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%{\[([\d]+)-([\d]+)\]}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">value</span>)
|
||||
<span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%{\[([\d]+)-([\d]+)\]}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">value</span>)
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span>
|
||||
<span class="ruby-ivar">@enumerate_usernames_range</span> = (<span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>].<span class="ruby-identifier">to_i</span><span class="ruby-operator">..</span><span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>].<span class="ruby-identifier">to_i</span>)
|
||||
<span class="ruby-keyword">end</span>
|
||||
<span class="ruby-keyword">end</span>
|
||||
@@ -794,11 +797,11 @@ value</p>
|
||||
|
||||
<span class="ruby-keyword">if</span> <span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">is_long_option?</span>(<span class="ruby-identifier">cli_option</span>)
|
||||
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(
|
||||
<span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">option_to_instance_variable_setter</span>(<span class="ruby-identifier">cli_option</span>),
|
||||
<span class="ruby-identifier">cli_value</span>
|
||||
<span class="ruby-constant">WpscanOptions</span>.<span class="ruby-identifier">option_to_instance_variable_setter</span>(<span class="ruby-identifier">cli_option</span>),
|
||||
<span class="ruby-identifier">cli_value</span>
|
||||
)
|
||||
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">cli_option</span> <span class="ruby-operator">===</span> <span class="ruby-string">"--enumerate"</span> <span class="ruby-comment"># Special cases</span>
|
||||
<span class="ruby-comment"># Default value if no argument is given</span>
|
||||
<span class="ruby-comment"># Default value if no argument is given</span>
|
||||
<span class="ruby-identifier">cli_value</span> = <span class="ruby-string">"T!tup!"</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">cli_value</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
|
||||
|
||||
<span class="ruby-identifier">enumerate_options_from_string</span>(<span class="ruby-identifier">cli_value</span>)
|
||||
|
||||
@@ -1,42 +1,43 @@
|
||||
Fri, 21 Sep 2012 22:09:53 +0200
|
||||
Sat, 22 Sep 2012 23:49:14 +0200
|
||||
./CREDITS Mon, 17 Sep 2012 20:18:24 +0200
|
||||
./lib/browser.rb Sun, 16 Sep 2012 15:18:58 +0200
|
||||
./lib/cache_file_store.rb Sat, 15 Sep 2012 08:04:03 +0200
|
||||
./lib/common_helper.rb Fri, 21 Sep 2012 19:02:49 +0200
|
||||
./lib/environment.rb Thu, 20 Sep 2012 22:12:57 +0200
|
||||
./Gemfile Sat, 22 Sep 2012 00:14:07 +0200
|
||||
./lib/browser.rb Sat, 22 Sep 2012 15:51:15 +0200
|
||||
./lib/cache_file_store.rb Sat, 22 Sep 2012 15:00:03 +0200
|
||||
./lib/common_helper.rb Sat, 22 Sep 2012 16:08:50 +0200
|
||||
./lib/environment.rb Sat, 22 Sep 2012 09:22:22 +0200
|
||||
./lib/updater/git_updater.rb Sat, 15 Sep 2012 08:00:23 +0200
|
||||
./lib/updater/svn_updater.rb Sat, 15 Sep 2012 08:00:34 +0200
|
||||
./lib/updater/svn_updater.rb Sat, 22 Sep 2012 15:04:12 +0200
|
||||
./lib/updater/updater.rb Sat, 15 Sep 2012 08:00:40 +0200
|
||||
./lib/updater/updater_factory.rb Sat, 15 Sep 2012 08:00:46 +0200
|
||||
./lib/wpscan/exploit.rb Sat, 15 Sep 2012 08:02:16 +0200
|
||||
./lib/wpscan/modules/brute_force.rb Fri, 21 Sep 2012 20:51:52 +0200
|
||||
./lib/wpscan/modules/malwares.rb Thu, 20 Sep 2012 22:23:58 +0200
|
||||
./lib/wpscan/modules/web_site.rb Wed, 19 Sep 2012 21:33:46 +0200
|
||||
./lib/wpscan/modules/wp_config_backup.rb Sat, 15 Sep 2012 08:01:11 +0200
|
||||
./lib/wpscan/exploit.rb Fri, 21 Sep 2012 23:23:55 +0200
|
||||
./lib/wpscan/modules/brute_force.rb Sat, 22 Sep 2012 00:10:17 +0200
|
||||
./lib/wpscan/modules/malwares.rb Sat, 22 Sep 2012 15:01:32 +0200
|
||||
./lib/wpscan/modules/web_site.rb Sat, 22 Sep 2012 16:18:55 +0200
|
||||
./lib/wpscan/modules/wp_config_backup.rb Sat, 22 Sep 2012 15:01:32 +0200
|
||||
./lib/wpscan/modules/wp_full_path_disclosure.rb Sat, 15 Sep 2012 08:01:17 +0200
|
||||
./lib/wpscan/modules/wp_login_protection.rb Tue, 18 Sep 2012 17:51:20 +0200
|
||||
./lib/wpscan/modules/wp_plugins.rb Fri, 21 Sep 2012 15:27:28 +0200
|
||||
./lib/wpscan/modules/wp_login_protection.rb Sat, 22 Sep 2012 16:18:32 +0200
|
||||
./lib/wpscan/modules/wp_plugins.rb Sat, 22 Sep 2012 21:05:32 +0200
|
||||
./lib/wpscan/modules/wp_readme.rb Sat, 15 Sep 2012 08:01:52 +0200
|
||||
./lib/wpscan/modules/wp_themes.rb Fri, 21 Sep 2012 15:27:28 +0200
|
||||
./lib/wpscan/modules/wp_timthumbs.rb Wed, 19 Sep 2012 15:03:22 +0200
|
||||
./lib/wpscan/modules/wp_usernames.rb Fri, 21 Sep 2012 18:48:29 +0200
|
||||
./lib/wpscan/msfrpc_client.rb Sat, 15 Sep 2012 08:02:28 +0200
|
||||
./lib/wpscan/vulnerable.rb Wed, 19 Sep 2012 22:21:47 +0200
|
||||
./lib/wpscan/wp_detector.rb Fri, 21 Sep 2012 15:27:28 +0200
|
||||
./lib/wpscan/wp_enumerator.rb Fri, 21 Sep 2012 15:27:28 +0200
|
||||
./lib/wpscan/wp_item.rb Fri, 21 Sep 2012 15:27:28 +0200
|
||||
./lib/wpscan/wp_options.rb Fri, 21 Sep 2012 15:27:28 +0200
|
||||
./lib/wpscan/wp_plugin.rb Fri, 21 Sep 2012 15:27:28 +0200
|
||||
./lib/wpscan/wp_target.rb Thu, 20 Sep 2012 22:16:44 +0200
|
||||
./lib/wpscan/wp_theme.rb Fri, 21 Sep 2012 15:27:28 +0200
|
||||
./lib/wpscan/wp_user.rb Fri, 21 Sep 2012 18:00:14 +0200
|
||||
./lib/wpscan/wp_version.rb Wed, 19 Sep 2012 21:33:07 +0200
|
||||
./lib/wpscan/wp_vulnerability.rb Sat, 15 Sep 2012 08:03:09 +0200
|
||||
./lib/wpscan/modules/wp_themes.rb Sat, 22 Sep 2012 21:32:34 +0200
|
||||
./lib/wpscan/modules/wp_timthumbs.rb Sat, 22 Sep 2012 23:24:13 +0200
|
||||
./lib/wpscan/modules/wp_usernames.rb Sat, 22 Sep 2012 15:01:32 +0200
|
||||
./lib/wpscan/msfrpc_client.rb Fri, 21 Sep 2012 23:32:27 +0200
|
||||
./lib/wpscan/vulnerable.rb Sat, 22 Sep 2012 21:23:01 +0200
|
||||
./lib/wpscan/wp_detector.rb Sat, 22 Sep 2012 21:23:10 +0200
|
||||
./lib/wpscan/wp_enumerator.rb Sat, 22 Sep 2012 23:22:53 +0200
|
||||
./lib/wpscan/wp_item.rb Sat, 22 Sep 2012 23:38:11 +0200
|
||||
./lib/wpscan/wp_options.rb Sat, 22 Sep 2012 20:33:35 +0200
|
||||
./lib/wpscan/wp_plugin.rb Sat, 22 Sep 2012 21:24:14 +0200
|
||||
./lib/wpscan/wp_target.rb Sat, 22 Sep 2012 23:47:42 +0200
|
||||
./lib/wpscan/wp_theme.rb Sat, 22 Sep 2012 21:24:57 +0200
|
||||
./lib/wpscan/wp_user.rb Sat, 22 Sep 2012 16:12:25 +0200
|
||||
./lib/wpscan/wp_version.rb Sat, 22 Sep 2012 21:25:11 +0200
|
||||
./lib/wpscan/wp_vulnerability.rb Sat, 22 Sep 2012 16:11:58 +0200
|
||||
./lib/wpscan/wpscan_helper.rb Sat, 15 Sep 2012 21:19:30 +0200
|
||||
./lib/wpscan/wpscan_options.rb Fri, 21 Sep 2012 22:04:11 +0200
|
||||
./lib/wpstools/generate_list.rb Sat, 15 Sep 2012 08:03:43 +0200
|
||||
./lib/wpstools/parse_svn.rb Sat, 15 Sep 2012 23:36:25 +0200
|
||||
./lib/wpstools/wpstools_helper.rb Sat, 15 Sep 2012 08:03:49 +0200
|
||||
./lib/wpscan/wpscan_options.rb Sat, 22 Sep 2012 15:01:32 +0200
|
||||
./lib/wpstools/generate_list.rb Sat, 22 Sep 2012 16:10:07 +0200
|
||||
./lib/wpstools/parse_svn.rb Sat, 22 Sep 2012 16:10:30 +0200
|
||||
./lib/wpstools/wpstools_helper.rb Sat, 22 Sep 2012 15:00:03 +0200
|
||||
./README Thu, 13 Sep 2012 22:54:08 +0200
|
||||
./wpscan.rb Fri, 21 Sep 2012 18:13:48 +0200
|
||||
./wpstools.rb Sat, 15 Sep 2012 08:06:35 +0200
|
||||
./wpscan.rb Sat, 22 Sep 2012 23:46:46 +0200
|
||||
./wpstools.rb Sat, 22 Sep 2012 14:59:30 +0200
|
||||
|
||||
@@ -32,6 +32,8 @@
|
||||
|
||||
<li class="file"><a href="CREDITS.html">CREDITS</a></li>
|
||||
|
||||
<li class="file"><a href="Gemfile.html">Gemfile</a></li>
|
||||
|
||||
<li class="file"><a href="README.html">README</a></li>
|
||||
|
||||
</ul>
|
||||
@@ -163,34 +165,34 @@
|
||||
|
||||
<li><a href="Malwares.html#method-c-malwares_file">::malwares_file — Malwares</a></li>
|
||||
|
||||
<li><a href="WpVersion.html#method-c-new">::new — WpVersion</a></li>
|
||||
|
||||
<li><a href="RpcClient.html#method-c-new">::new — RpcClient</a></li>
|
||||
|
||||
<li><a href="WpPlugin.html#method-c-new">::new — WpPlugin</a></li>
|
||||
|
||||
<li><a href="Exploit.html#method-c-new">::new — Exploit</a></li>
|
||||
<li><a href="WpTheme.html#method-c-new">::new — WpTheme</a></li>
|
||||
|
||||
<li><a href="Svn_Parser.html#method-c-new">::new — Svn_Parser</a></li>
|
||||
|
||||
<li><a href="WpUser.html#method-c-new">::new — WpUser</a></li>
|
||||
|
||||
<li><a href="Generate_List.html#method-c-new">::new — Generate_List</a></li>
|
||||
|
||||
<li><a href="Updater.html#method-c-new">::new — Updater</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-c-new">::new — WpItem</a></li>
|
||||
|
||||
<li><a href="CacheFileStore.html#method-c-new">::new — CacheFileStore</a></li>
|
||||
|
||||
<li><a href="WpVulnerability.html#method-c-new">::new — WpVulnerability</a></li>
|
||||
|
||||
<li><a href="WpTheme.html#method-c-new">::new — WpTheme</a></li>
|
||||
<li><a href="WpVersion.html#method-c-new">::new — WpVersion</a></li>
|
||||
|
||||
<li><a href="WpscanOptions.html#method-c-new">::new — WpscanOptions</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-c-new">::new — WpItem</a></li>
|
||||
|
||||
<li><a href="WpTarget.html#method-c-new">::new — WpTarget</a></li>
|
||||
|
||||
<li><a href="CacheFileStore.html#method-c-new">::new — CacheFileStore</a></li>
|
||||
|
||||
<li><a href="RpcClient.html#method-c-new">::new — RpcClient</a></li>
|
||||
|
||||
<li><a href="Exploit.html#method-c-new">::new — Exploit</a></li>
|
||||
|
||||
<li><a href="Updater.html#method-c-new">::new — Updater</a></li>
|
||||
|
||||
<li><a href="Generate_List.html#method-c-new">::new — Generate_List</a></li>
|
||||
|
||||
<li><a href="WpPlugin.html#method-c-new">::new — WpPlugin</a></li>
|
||||
|
||||
<li><a href="WpUser.html#method-c-new">::new — WpUser</a></li>
|
||||
|
||||
<li><a href="WpscanOptions.html#method-c-option_to_instance_variable_setter">::option_to_instance_variable_setter — WpscanOptions</a></li>
|
||||
|
||||
<li><a href="WpDetector.html#method-c-passive_detection">::passive_detection — WpDetector</a></li>
|
||||
@@ -201,18 +203,18 @@
|
||||
|
||||
<li><a href="WpVersion.html#method-c-version_pattern">::version_pattern — WpVersion</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-i-3C-3D-3E">#<=> — WpItem</a></li>
|
||||
|
||||
<li><a href="WpUser.html#method-i-3C-3D-3E">#<=> — WpUser</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-i-3D-3D">#== — WpItem</a></li>
|
||||
<li><a href="WpItem.html#method-i-3C-3D-3E">#<=> — WpItem</a></li>
|
||||
|
||||
<li><a href="WpUser.html#method-i-3D-3D-3D">#=== — WpUser</a></li>
|
||||
<li><a href="WpItem.html#method-i-3D-3D">#== — WpItem</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-i-3D-3D-3D">#=== — WpItem</a></li>
|
||||
|
||||
<li><a href="WpTheme.html#method-i-3D-3D-3D">#=== — WpTheme</a></li>
|
||||
|
||||
<li><a href="WpUser.html#method-i-3D-3D-3D">#=== — WpUser</a></li>
|
||||
|
||||
<li><a href="Array.html#method-i-_grep_">#_grep_ — Array</a></li>
|
||||
|
||||
<li><a href="Object.html#method-i-add_http_protocol">#add_http_protocol — Object</a></li>
|
||||
@@ -237,6 +239,8 @@
|
||||
|
||||
<li><a href="CacheFileStore.html#method-i-clean">#clean — CacheFileStore</a></li>
|
||||
|
||||
<li><a href="Object.html#method-i-colorize">#colorize — Object</a></li>
|
||||
|
||||
<li><a href="WpConfigBackup.html#method-i-config_backup">#config_backup — WpConfigBackup</a></li>
|
||||
|
||||
<li><a href="WpTarget.html#method-i-debug_log_url">#debug_log_url — WpTarget</a></li>
|
||||
@@ -297,10 +301,14 @@
|
||||
|
||||
<li><a href="Generate_List.html#method-i-get_popular_items">#get_popular_items — Generate_List</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-i-get_sub_folder">#get_sub_folder — WpItem</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-i-get_url">#get_url — WpItem</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-i-get_url_without_filename">#get_url_without_filename — WpItem</a></li>
|
||||
|
||||
<li><a href="Object.html#method-i-green">#green — Object</a></li>
|
||||
|
||||
<li><a href="Array.html#method-i-grep">#grep — Array</a></li>
|
||||
|
||||
<li><a href="WpLoginProtection.html#method-i-has_better_wp_security_protection-3F">#has_better_wp_security_protection? — WpLoginProtection</a></li>
|
||||
@@ -327,22 +335,22 @@
|
||||
|
||||
<li><a href="WpscanOptions.html#method-i-has_options-3F">#has_options? — WpscanOptions</a></li>
|
||||
|
||||
<li><a href="WpReadme.html#method-i-has_readme-3F">#has_readme? — WpReadme</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-i-has_readme-3F">#has_readme? — WpItem</a></li>
|
||||
|
||||
<li><a href="WpReadme.html#method-i-has_readme-3F">#has_readme? — WpReadme</a></li>
|
||||
|
||||
<li><a href="WpLoginProtection.html#method-i-has_simple_login_lockdown_protection-3F">#has_simple_login_lockdown_protection? — WpLoginProtection</a></li>
|
||||
|
||||
<li><a href="WpTimthumbs.html#method-i-has_timthumbs-3F">#has_timthumbs? — WpTimthumbs</a></li>
|
||||
|
||||
<li><a href="Object.html#method-i-help">#help — Object</a></li>
|
||||
|
||||
<li><a href="SvnUpdater.html#method-i-is_installed-3F">#is_installed? — SvnUpdater</a></li>
|
||||
|
||||
<li><a href="Updater.html#method-i-is_installed-3F">#is_installed? — Updater</a></li>
|
||||
|
||||
<li><a href="GitUpdater.html#method-i-is_installed-3F">#is_installed? — GitUpdater</a></li>
|
||||
|
||||
<li><a href="SvnUpdater.html#method-i-is_installed-3F">#is_installed? — SvnUpdater</a></li>
|
||||
|
||||
<li><a href="WebSite.html#method-i-is_online-3F">#is_online? — WebSite</a></li>
|
||||
|
||||
<li><a href="WebSite.html#method-i-is_wordpress-3F">#is_wordpress? — WebSite</a></li>
|
||||
@@ -351,22 +359,22 @@
|
||||
|
||||
<li><a href="RpcClient.html#method-i-jobs">#jobs — RpcClient</a></li>
|
||||
|
||||
<li><a href="RpcClient.html#method-i-kill_session">#kill_session — RpcClient</a></li>
|
||||
|
||||
<li><a href="Exploit.html#method-i-kill_session">#kill_session — Exploit</a></li>
|
||||
|
||||
<li><a href="RpcClient.html#method-i-kill_session">#kill_session — RpcClient</a></li>
|
||||
|
||||
<li><a href="Exploit.html#method-i-last_session_id">#last_session_id — Exploit</a></li>
|
||||
|
||||
<li><a href="WpLoginProtection.html#method-i-limit_login_attempts_url">#limit_login_attempts_url — WpLoginProtection</a></li>
|
||||
|
||||
<li><a href="Browser.html#method-i-load_config">#load_config — Browser</a></li>
|
||||
|
||||
<li><a href="GitUpdater.html#method-i-local_revision_number">#local_revision_number — GitUpdater</a></li>
|
||||
|
||||
<li><a href="Updater.html#method-i-local_revision_number">#local_revision_number — Updater</a></li>
|
||||
|
||||
<li><a href="SvnUpdater.html#method-i-local_revision_number">#local_revision_number — SvnUpdater</a></li>
|
||||
|
||||
<li><a href="GitUpdater.html#method-i-local_revision_number">#local_revision_number — GitUpdater</a></li>
|
||||
|
||||
<li><a href="RpcClient.html#method-i-login">#login — RpcClient</a></li>
|
||||
|
||||
<li><a href="WpLoginProtection.html#method-i-login_protection_plugin">#login_protection_plugin — WpLoginProtection</a></li>
|
||||
@@ -385,10 +393,10 @@
|
||||
|
||||
<li><a href="Exploit.html#method-i-meterpreter_read">#meterpreter_read — Exploit</a></li>
|
||||
|
||||
<li><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write — Exploit</a></li>
|
||||
|
||||
<li><a href="RpcClient.html#method-i-meterpreter_write">#meterpreter_write — RpcClient</a></li>
|
||||
|
||||
<li><a href="Exploit.html#method-i-meterpreter_write">#meterpreter_write — Exploit</a></li>
|
||||
|
||||
<li><a href="Svn_Parser.html#method-i-parse">#parse — Svn_Parser</a></li>
|
||||
|
||||
<li><a href="WpPlugins.html#method-i-plugins_from_aggressive_detection">#plugins_from_aggressive_detection — WpPlugins</a></li>
|
||||
@@ -403,14 +411,16 @@
|
||||
|
||||
<li><a href="CacheFileStore.html#method-i-read_entry">#read_entry — CacheFileStore</a></li>
|
||||
|
||||
<li><a href="Exploit.html#method-i-read_shell">#read_shell — Exploit</a></li>
|
||||
|
||||
<li><a href="RpcClient.html#method-i-read_shell">#read_shell — RpcClient</a></li>
|
||||
|
||||
<li><a href="Exploit.html#method-i-read_shell">#read_shell — Exploit</a></li>
|
||||
|
||||
<li><a href="WpReadme.html#method-i-readme_url">#readme_url — WpReadme</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-i-readme_url">#readme_url — WpItem</a></li>
|
||||
|
||||
<li><a href="Object.html#method-i-red">#red — Object</a></li>
|
||||
|
||||
<li><a href="WebSite.html#method-i-redirection">#redirection — WebSite</a></li>
|
||||
|
||||
<li><a href="WpTarget.html#method-i-registration_enabled-3F">#registration_enabled? — WpTarget</a></li>
|
||||
@@ -453,10 +463,10 @@
|
||||
|
||||
<li><a href="WpItem.html#method-i-to_s">#to_s — WpItem</a></li>
|
||||
|
||||
<li><a href="Updater.html#method-i-update">#update — Updater</a></li>
|
||||
|
||||
<li><a href="SvnUpdater.html#method-i-update">#update — SvnUpdater</a></li>
|
||||
|
||||
<li><a href="Updater.html#method-i-update">#update — Updater</a></li>
|
||||
|
||||
<li><a href="GitUpdater.html#method-i-update">#update — GitUpdater</a></li>
|
||||
|
||||
<li><a href="WpTarget.html#method-i-url">#url — WpTarget</a></li>
|
||||
@@ -471,10 +481,10 @@
|
||||
|
||||
<li><a href="WpUsernames.html#method-i-usernames">#usernames — WpUsernames</a></li>
|
||||
|
||||
<li><a href="WpTarget.html#method-i-version">#version — WpTarget</a></li>
|
||||
|
||||
<li><a href="WpItem.html#method-i-version">#version — WpItem</a></li>
|
||||
|
||||
<li><a href="WpTarget.html#method-i-version">#version — WpTarget</a></li>
|
||||
|
||||
<li><a href="Vulnerable.html#method-i-vulnerabilities">#vulnerabilities — Vulnerable</a></li>
|
||||
|
||||
<li><a href="WpscanOptions.html#method-i-wordlist-3D">#wordlist= — WpscanOptions</a></li>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-16 15:18:58 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 15:51:15 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-15 08:04:03 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 15:00:03 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 19:02:49 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 16:08:50 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-20 22:12:57 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 09:22:22 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-15 08:00:34 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 15:04:12 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-15 08:02:16 +0200</dd>
|
||||
<dd class="modified-date">2012-09-21 23:23:55 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 20:51:52 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 00:10:17 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-20 22:23:58 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 15:01:32 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-19 21:33:46 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 16:18:55 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-15 08:01:11 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 15:01:32 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 15:27:28 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 21:05:32 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-19 15:03:22 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 23:24:13 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 18:48:29 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 15:01:32 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-15 08:02:28 +0200</dd>
|
||||
<dd class="modified-date">2012-09-21 23:32:27 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-19 22:21:47 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 21:23:01 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 15:27:28 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 21:23:10 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 15:27:28 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 23:22:53 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 15:27:28 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 20:33:35 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 15:27:28 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 21:24:14 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-20 22:16:44 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 23:47:42 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 15:27:28 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 21:24:57 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-19 21:33:07 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 21:25:11 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-15 08:03:09 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 16:11:58 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 22:04:11 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 15:01:32 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-15 08:03:43 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 16:10:07 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-15 23:36:25 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 16:10:30 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-15 08:03:49 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 15:00:03 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-21 18:13:48 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 23:46:46 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
<div id="metadata">
|
||||
<dl>
|
||||
<dt class="modified-date">Last Modified</dt>
|
||||
<dd class="modified-date">2012-09-15 08:06:35 +0200</dd>
|
||||
<dd class="modified-date">2012-09-22 14:59:30 +0200</dd>
|
||||
|
||||
|
||||
<dt class="requires">Requires</dt>
|
||||
|
||||
Reference in New Issue
Block a user