garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

-) custom plugins directory (outside of wp-content)

Browse Source 
-) feedback from ewanlr
-) Regex fix for version detection from readme.txt due to false positives (tag-cloud-widget plugin)
This commit is contained in:
Christian Mehlmauer
2012-09-23 21:50:41 +02:00
parent 9b6a2805d7
commit a15028793e
46 changed files with 560 additions and 415 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
doc/WpEnumerator.html
View File

@@ -232,7 +232,7 @@
<ul><li>
<p><tt>targets</tt> - targets to enumerate</p>
</li><li><ul><li>
<p><tt>:url</tt> - Base URL</p>
<p><tt>:base_url</tt> - Base URL</p>
</li></ul>
</li><li><ul><li>
<p><tt>:wp_content</tt> - wp-content directory</p>
@@ -273,7 +273,7 @@
<span class="ruby-identifier">enumerate_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span> })
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
@@ -342,7 +342,7 @@
<span class="ruby-identifier">file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>]
<span class="ruby-identifier">vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
<span class="ruby-identifier">plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
<span class="ruby-identifier">targets_url</span> = []
@@ -352,7 +352,7 @@
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">&quot;r&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">line</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>),
@@ -374,7 +374,7 @@
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>]).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">name</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">&quot;name&quot;</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-value">:url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:base_url</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
<span class="ruby-value">:path</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
<span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,