garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

-) custom plugins directory (outside of wp-content)

Browse Source 
-) feedback from ewanlr
-) Regex fix for version detection from readme.txt due to false positives (tag-cloud-widget plugin)
This commit is contained in:
Christian Mehlmauer
2012-09-23 21:50:41 +02:00
parent 9b6a2805d7
commit a15028793e
46 changed files with 560 additions and 415 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
doc/WpDetector.html
View File

@@ -236,7 +236,7 @@
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">items</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">items</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">enum_results</span> = <span class="ruby-constant">WpEnumerator</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span>)
@@ -303,7 +303,7 @@
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">items</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">type</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;#{item}/&quot;</span>,

10
doc/WpEnumerator.html
View File

@@ -232,7 +232,7 @@
<ul><li>
<p><tt>targets</tt> - targets to enumerate</p>
</li><li><ul><li>
<p><tt>:url</tt> - Base URL</p>
<p><tt>:base_url</tt> - Base URL</p>
</li></ul>
</li><li><ul><li>
<p><tt>:wp_content</tt> - wp-content directory</p>
@@ -273,7 +273,7 @@
<span class="ruby-identifier">enumerate_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span> })
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
@@ -342,7 +342,7 @@
<span class="ruby-identifier">file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>]
<span class="ruby-identifier">vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
<span class="ruby-identifier">plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
<span class="ruby-identifier">targets_url</span> = []
@@ -352,7 +352,7 @@
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">&quot;r&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">line</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>),
@@ -374,7 +374,7 @@
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>]).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">name</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">&quot;name&quot;</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,

201
doc/WpItem.html
View File

@@ -79,9 +79,9 @@
<li><a href="#method-i-extract_name_from_url">#extract_name_from_url</a></li>
<li><a href="#method-i-get_sub_folder">#get_sub_folder</a></li>
<li><a href="#method-i-get_full_url">#get_full_url</a></li>
<li><a href="#method-i-get_url">#get_url</a></li>
<li><a href="#method-i-get_sub_folder">#get_sub_folder</a></li>
<li><a href="#method-i-get_url_without_filename">#get_url_without_filename</a></li>
@@ -235,14 +235,27 @@
<h3 class="section-header">Attributes</h3>
<div id="base_url-attribute-method" class="method-detail">
<a name="base_url"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">base_url</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="name-attribute-method" class="method-detail">
<a name="name"></a>
<a name="name="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">name</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -255,11 +268,9 @@
<div id="path-attribute-method" class="method-detail">
<a name="path"></a>
<a name="path="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">path</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -272,28 +283,9 @@
<div id="type-attribute-method" class="method-detail">
<a name="type"></a>
<a name="type="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">type</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="url-attribute-method" class="method-detail">
<a name="url"></a>
<a name="url="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">url</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -306,11 +298,9 @@
<div id="vulns_file-attribute-method" class="method-detail">
<a name="vulns_file"></a>
<a name="vulns_file="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_file</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -323,11 +313,9 @@
<div id="vulns_xpath-attribute-method" class="method-detail">
<a name="vulns_xpath"></a>
<a name="vulns_xpath="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_xpath</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -340,11 +328,9 @@
<div id="wp_content_dir-attribute-method" class="method-detail">
<a name="wp_content_dir"></a>
<a name="wp_content_dir="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">wp_content_dir</span><span
class="attribute-access-type">[RW]</span>
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -354,14 +340,12 @@
</div>
</div>
<div id="wp_plugin_dir-attribute-method" class="method-detail">
<a name="wp_plugin_dir"></a>
<a name="wp_plugin_dir="></a>
<div id="wp_plugins_dir-attribute-method" class="method-detail">
<a name="wp_plugins_dir"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">wp_plugin_dir</span><span
class="attribute-access-type">[RW]</span>
<span class="method-name">wp_plugins_dir</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
@@ -402,15 +386,15 @@
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-string">&quot;wp-content&quot;</span>
<span class="ruby-ivar">@wp_plugin_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-ivar">@url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">:</span> <span class="ruby-string">&quot;wp-content&quot;</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-node">&quot;#@wp_content_dir/plugins&quot;</span>
<span class="ruby-ivar">@base_url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-ivar">@path</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
<span class="ruby-ivar">@name</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>
<span class="ruby-ivar">@vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
<span class="ruby-ivar">@vulns_xpath</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\$name\$/</span>, <span class="ruby-ivar">@name</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@base_url</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
@@ -452,7 +436,7 @@
<div class="method-source-code" id="3C-3D-3E-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 121</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 122</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
@@ -485,7 +469,7 @@
<div class="method-source-code" id="3D-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 111</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 112</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">==</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
@@ -518,7 +502,7 @@
<div class="method-source-code" id="3D-3D-3D-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 116</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 117</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
@@ -551,7 +535,7 @@
<div class="method-source-code" id="changelog_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 131</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 132</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;changelog.txt&quot;</span>)
<span class="ruby-keyword">end</span></pre>
@@ -584,7 +568,7 @@
<div class="method-source-code" id="directory_listing-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 94</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 95</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">directory_listing?</span>
<span class="ruby-comment"># Need to remove to file part from the url</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url_without_filename</span>).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
@@ -618,9 +602,9 @@
<div class="method-source-code" id="extract_name_from_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 100</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 101</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>
<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- extract_name_from_url-source -->
@@ -632,6 +616,53 @@
</div><!-- extract_name_from_url-method -->
<div id="get_full_url-method" class="method-detail ">
<a name="method-i-get_full_url"></a>
<div class="method-heading">
<span class="method-name">get_full_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Get the full url for this item</p>
<div class="method-source-code" id="get_full_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 57</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@base_url/&quot;</span>
<span class="ruby-comment"># remove first and last /</span>
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-comment"># remove first /</span>
<span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span><span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-comment"># plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#@wp_plugins_dir/#{path}&quot;</span>)
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-comment"># timthumbs have folder in path variable</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">ret</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_full_url-source -->
</div>
</div><!-- get_full_url-method -->
<div id="get_sub_folder-method" class="method-detail ">
<a name="method-i-get_sub_folder"></a>
@@ -654,8 +685,6 @@
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_sub_folder</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-ivar">@wp_plugin_dir</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-string">&quot;themes&quot;</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
@@ -676,50 +705,6 @@
</div><!-- get_sub_folder-method -->
<div id="get_url-method" class="method-detail ">
<a name="method-i-get_url"></a>
<div class="method-heading">
<span class="method-name">get_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Get the full url for this item</p>
<div class="method-source-code" id="get_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 59</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@url/&quot;</span>
<span class="ruby-comment"># remove first and last /</span>
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-comment"># remove first /</span>
<span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
<span class="ruby-comment"># timthumbs have folder in path variable</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">ret</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_url-source -->
</div>
</div><!-- get_url-method -->
<div id="get_url_without_filename-method" class="method-detail ">
<a name="method-i-get_url_without_filename"></a>
@@ -739,9 +724,9 @@
<div class="method-source-code" id="get_url_without_filename-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 75</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 76</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
<span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">location_url</span>)
@@ -777,7 +762,7 @@
<div class="method-source-code" id="has_changelog-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 145</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 146</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_changelog?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@changelog</span>
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">changelog_url</span>).<span class="ruby-identifier">code</span>
@@ -814,7 +799,7 @@
<div class="method-source-code" id="has_readme-3F-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 136</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 137</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@readme</span>
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>).<span class="ruby-identifier">code</span>
@@ -851,7 +836,7 @@
<div class="method-source-code" id="readme_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 126</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 127</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>)
<span class="ruby-keyword">end</span></pre>
@@ -884,7 +869,7 @@
<div class="method-source-code" id="to_s-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 105</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 106</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">item_version</span> = <span class="ruby-identifier">version</span>
<span class="ruby-node">&quot;#@name#{' v' + item_version.strip if item_version}&quot;</span>
@@ -918,10 +903,10 @@
<div class="method-source-code" id="version-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 85</span>
<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 86</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%{stable tag: #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@version</span>

2
doc/WpOptions.html
View File

@@ -255,7 +255,7 @@
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_options.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;only_vulnerable_ones must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;file must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_file must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>

2
doc/WpPlugin.html
View File

@@ -315,7 +315,7 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 39</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log_url</span>
<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_log_url-source -->

10
doc/WpPlugins.html
View File

@@ -235,12 +235,12 @@
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugin_dir</span>
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
@@ -285,16 +285,16 @@ plugins can be found in the source code :</p>
<span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 51</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_passive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>], <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-value">:type</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugin_dir</span>]
<span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }

2
doc/WpTarget.html
View File

@@ -780,7 +780,7 @@
<span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 105</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_plugins_dir</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-string">&quot;plugins&quot;</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-node">&quot;#{wp_content_dir}/plugins&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_plugins_dir</span>
<span class="ruby-keyword">end</span></pre>

19
doc/WpTheme.html
View File

@@ -215,21 +215,6 @@
<h3 class="section-header">Attributes</h3>
<div id="name-attribute-method" class="method-detail">
<a name="name"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">name</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="style_url-attribute-method" class="method-detail">
<a name="style_url"></a>
@@ -382,7 +367,7 @@
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-value">:style_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
)
@@ -431,7 +416,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_name</span>,
<span class="ruby-value">:version</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_version</span>,
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
)

2
doc/WpTimthumbs.html
View File

@@ -322,7 +322,7 @@
scripts/timthumb.php tools/timthumb.php functions/timthumb.php
}</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>],
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>],
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;themes/#{theme_name}/#{file}&quot;</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,

17
doc/WpVersion.html
View File

@@ -293,7 +293,7 @@ etc)</p>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 39</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-identifier">options</span> = {
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>
}
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/find_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
@@ -393,7 +393,7 @@ file across all versions of wordpress.</p>
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 94</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_advanced_fingerprinting</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-comment"># needed for rpsec tests</span>
<span class="ruby-identifier">version_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/wp_versions.xml&quot;</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">version_xml</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
@@ -451,7 +451,7 @@ upgrade.</p>
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_meta_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{name=&quot;generator&quot; content=&quot;wordpress ([^&quot;]+)&quot;}</span>, <span class="ruby-value">1</span>]
@@ -487,7 +487,7 @@ upgrade.</p>
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 119</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_readme</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.html&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{&lt;br /&gt;\sversion #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_readme-source -->
@@ -521,7 +521,7 @@ upgrade.</p>
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 68</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rss_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;feed/&quot;</span>).<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;generator&gt;http://wordpress.org/\?v=([^&lt;]+)&lt;/generator&gt;}</span>, <span class="ruby-value">1</span>]
@@ -558,7 +558,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 125</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_sitemap_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;sitemap.xml&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_sitemap_generator-source -->
@@ -584,8 +584,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
<div class="method-description">
<p>Used to check if the version is correct : should be numeric with at least
one .</p>
<p>Used to check if the version is correct : must contain at least one .</p>
@@ -593,7 +592,7 @@ one .</p>
<pre>
<span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 131</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">version_pattern</span>
<span class="ruby-string">'(.*(?=.)(?=.*\d)(?=.*[.]).*)'</span>
<span class="ruby-string">'([^\r\n]+[\.][^\r\n]+)'</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- version_pattern-source -->

28
doc/created.rid
View File

@@ -1,4 +1,4 @@
Sat, 22 Sep 2012 23:49:14 +0200
Sun, 23 Sep 2012 21:48:18 +0200
./CREDITS Mon, 17 Sep 2012 20:18:24 +0200
./Gemfile Sat, 22 Sep 2012 00:14:07 +0200
./lib/browser.rb Sat, 22 Sep 2012 15:51:15 +0200
@@ -15,23 +15,23 @@ Sat, 22 Sep 2012 23:49:14 +0200
./lib/wpscan/modules/web_site.rb Sat, 22 Sep 2012 16:18:55 +0200
./lib/wpscan/modules/wp_config_backup.rb Sat, 22 Sep 2012 15:01:32 +0200
./lib/wpscan/modules/wp_full_path_disclosure.rb Sat, 15 Sep 2012 08:01:17 +0200
./lib/wpscan/modules/wp_login_protection.rb Sat, 22 Sep 2012 16:18:32 +0200
./lib/wpscan/modules/wp_plugins.rb Sat, 22 Sep 2012 21:05:32 +0200
./lib/wpscan/modules/wp_login_protection.rb Sun, 23 Sep 2012 19:38:40 +0200
./lib/wpscan/modules/wp_plugins.rb Sun, 23 Sep 2012 20:20:17 +0200
./lib/wpscan/modules/wp_readme.rb Sat, 15 Sep 2012 08:01:52 +0200
./lib/wpscan/modules/wp_themes.rb Sat, 22 Sep 2012 21:32:34 +0200
./lib/wpscan/modules/wp_timthumbs.rb Sat, 22 Sep 2012 23:24:13 +0200
./lib/wpscan/modules/wp_themes.rb Sun, 23 Sep 2012 19:41:17 +0200
./lib/wpscan/modules/wp_timthumbs.rb Sun, 23 Sep 2012 19:40:38 +0200
./lib/wpscan/modules/wp_usernames.rb Sat, 22 Sep 2012 15:01:32 +0200
./lib/wpscan/msfrpc_client.rb Fri, 21 Sep 2012 23:32:27 +0200
./lib/wpscan/vulnerable.rb Sat, 22 Sep 2012 21:23:01 +0200
./lib/wpscan/wp_detector.rb Sat, 22 Sep 2012 21:23:10 +0200
./lib/wpscan/wp_enumerator.rb Sat, 22 Sep 2012 23:22:53 +0200
./lib/wpscan/wp_item.rb Sat, 22 Sep 2012 23:38:11 +0200
./lib/wpscan/wp_options.rb Sat, 22 Sep 2012 20:33:35 +0200
./lib/wpscan/wp_plugin.rb Sat, 22 Sep 2012 21:24:14 +0200
./lib/wpscan/wp_target.rb Sat, 22 Sep 2012 23:47:42 +0200
./lib/wpscan/wp_theme.rb Sat, 22 Sep 2012 21:24:57 +0200
./lib/wpscan/wp_detector.rb Sun, 23 Sep 2012 19:40:56 +0200
./lib/wpscan/wp_enumerator.rb Sun, 23 Sep 2012 19:58:52 +0200
./lib/wpscan/wp_item.rb Sun, 23 Sep 2012 21:47:56 +0200
./lib/wpscan/wp_options.rb Sun, 23 Sep 2012 19:35:16 +0200
./lib/wpscan/wp_plugin.rb Sun, 23 Sep 2012 19:59:17 +0200
./lib/wpscan/wp_target.rb Sun, 23 Sep 2012 20:07:45 +0200
./lib/wpscan/wp_theme.rb Sun, 23 Sep 2012 19:56:18 +0200
./lib/wpscan/wp_user.rb Sat, 22 Sep 2012 16:12:25 +0200
./lib/wpscan/wp_version.rb Sat, 22 Sep 2012 21:25:11 +0200
./lib/wpscan/wp_version.rb Sun, 23 Sep 2012 21:26:24 +0200
./lib/wpscan/wp_vulnerability.rb Sat, 22 Sep 2012 16:11:58 +0200
./lib/wpscan/wpscan_helper.rb Sat, 15 Sep 2012 21:19:30 +0200
./lib/wpscan/wpscan_options.rb Sat, 22 Sep 2012 15:01:32 +0200
@@ -39,5 +39,5 @@ Sat, 22 Sep 2012 23:49:14 +0200
./lib/wpstools/parse_svn.rb Sat, 22 Sep 2012 16:10:30 +0200
./lib/wpstools/wpstools_helper.rb Sat, 22 Sep 2012 15:00:03 +0200
./README Thu, 13 Sep 2012 22:54:08 +0200
./wpscan.rb Sat, 22 Sep 2012 23:46:46 +0200
./wpscan.rb Sun, 23 Sep 2012 19:58:44 +0200
./wpstools.rb Sat, 22 Sep 2012 14:59:30 +0200

4
doc/index.html
View File

@@ -291,6 +291,8 @@
<li><a href="RpcClient.html#method-i-get_exploit_info">#get_exploit_info &mdash; RpcClient</a></li>
<li><a href="WpItem.html#method-i-get_full_url">#get_full_url &mdash; WpItem</a></li>
<li><a href="WpUsernames.html#method-i-get_nickname_from_response">#get_nickname_from_response &mdash; WpUsernames</a></li>
<li><a href="WpUsernames.html#method-i-get_nickname_from_url">#get_nickname_from_url &mdash; WpUsernames</a></li>
@@ -303,8 +305,6 @@
<li><a href="WpItem.html#method-i-get_sub_folder">#get_sub_folder &mdash; WpItem</a></li>
<li><a href="WpItem.html#method-i-get_url">#get_url &mdash; WpItem</a></li>
<li><a href="WpItem.html#method-i-get_url_without_filename">#get_url_without_filename &mdash; WpItem</a></li>
<li><a href="Object.html#method-i-green">#green &mdash; Object</a></li>

2
doc/lib/wpscan/modules/wp_plugins_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:05:32 +0200</dd>
<dd class="modified-date">2012-09-23 20:20:17 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/modules/wp_timthumbs_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 23:24:13 +0200</dd>
<dd class="modified-date">2012-09-23 19:40:38 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_detector_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:23:10 +0200</dd>
<dd class="modified-date">2012-09-23 19:40:56 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_enumerator_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 23:22:53 +0200</dd>
<dd class="modified-date">2012-09-23 19:58:52 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_options_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 20:33:35 +0200</dd>
<dd class="modified-date">2012-09-23 19:35:16 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_plugin_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:24:14 +0200</dd>
<dd class="modified-date">2012-09-23 19:59:17 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_target_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 23:47:42 +0200</dd>
<dd class="modified-date">2012-09-23 20:07:45 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_theme_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:24:57 +0200</dd>
<dd class="modified-date">2012-09-23 19:56:18 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/lib/wpscan/wp_version_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 21:25:11 +0200</dd>
<dd class="modified-date">2012-09-23 21:26:24 +0200</dd>
<dt class="requires">Requires</dt>

2
doc/wpscan_rb.html
View File

@@ -24,7 +24,7 @@
<div id="metadata">
<dl>
<dt class="modified-date">Last Modified</dt>
<dd class="modified-date">2012-09-22 23:46:46 +0200</dd>
<dd class="modified-date">2012-09-23 19:58:44 +0200</dd>
<dt class="requires">Requires</dt>