-
-
+
+
-
-
-
-
-
+
diff --git a/doc_rdoc/Plugin.html b/doc_rdoc/Plugin.html
new file mode 100644
index 00000000..66082445
--- /dev/null
+++ b/doc_rdoc/Plugin.html
@@ -0,0 +1,469 @@
+
+
+
+
+
+
+
class Plugin - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class Plugin
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ author [R]
+
+
+
+
+
+
+
+
+
+ registered_options [R]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ new (infos = {})
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def initialize (infos = {})
+ @author = infos [:author ]
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ register_options (*options)
+
+ click to toggle source
+
+
+
+
+
+
+
param Array options
+
+
+
+
+
+
+def register_options (* options )
+ options .each do | option |
+ unless option .is_a? (Array )
+ raise "Each option must be an array, #{option.class} supplied"
+ end
+ end
+ @registered_options = options
+end
+
+
+
+
+
+
+
+
+
+
+ run (options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def run (options = {})
+ raise NotImplementedError
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Plugins.html b/doc_rdoc/Plugins.html
new file mode 100644
index 00000000..7f7dd892
--- /dev/null
+++ b/doc_rdoc/Plugins.html
@@ -0,0 +1,470 @@
+
+
+
+
+
+
+
class Plugins - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class Plugins
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ option_parser [R]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ new (option_parser = nil)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def initialize (option_parser = nil )
+ if option_parser
+ if option_parser .is_a? (CustomOptionParser )
+ @option_parser = option_parser
+ else
+ raise "The parser must be an instance of CustomOptionParser, #{option_parser.class} supplied"
+ end
+ else
+ @option_parser = CustomOptionParser .new
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ register (*plugins)
+
+ click to toggle source
+
+
+
+
+
+
+
param Array(Plugin) plugins
+
+
+
+
+
+
+def register (* plugins )
+ plugins .each do | plugin |
+ register_plugin (plugin )
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ register_plugin (plugin)
+
+ click to toggle source
+
+
+
+
+
+
+
param Plugin plugin
+
+
+
+
+
+
+def register_plugin (plugin )
+ if plugin .is_a? (Plugin )
+ self << plugin
+
+
+ if plugin_options = plugin .registered_options
+ @option_parser .add (plugin_options )
+ end
+ else
+ raise "The argument must be an instance of Plugin, #{plugin.class} supplied"
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/README.html b/doc_rdoc/README.html
new file mode 100644
index 00000000..a3c5a1ac
--- /dev/null
+++ b/doc_rdoc/README.html
@@ -0,0 +1,525 @@
+
+
+
+
+
+
+
README - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
__
+
+
__ _______ _____
+\ \ / / __ \ / ____|
+ \ \ /\ / /| |__) | (___ ___ __ _ _ __
+ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
+ \ /\ / | | ____) | (__| (_| | | | |
+ \/ \/ |_| |_____/ \___|\__,_|_| |_|
+
+
__
+
+
LICENSE==¶ ↑
+
+
WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team
+
+
This program is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the Free
+Software Foundation, either version 3 of the License, or (at your option)
+any later version.
+
+
This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+more details.
+
+
You should have received a copy of the GNU General Public License along
+with this program. If not, see <www.gnu.org/licenses />.
+
+
ryandewhurst at gmail
+
+
INSTALL==¶ ↑
+
+
WPScan comes pre - installed on the following Linux distributions :
+
+ * BackBox Linux
+ * BackTrack Linux (outdated WPScan installed , update needed )
+ * Pentoo
+ * SamuraiWTF
+
+Prerequisites :
+
+ * Windows not supported
+ * Ruby => 1.9
+ * RubyGems
+ * Git
+
+- > Installing on Debian / Ubuntu :
+
+ sudo apt - get install libcurl4 - gnutls - dev libopenssl - ruby libxml2 libxml2 - dev libxslt1 - dev ruby - dev
+ git clone https :/ /github.com/ wpscanteam / wpscan .git
+ cd wpscan
+ sudo gem install bundler && bundle install - - without test development
+
+- > Installing on Fedora :
+
+ sudo yum install libcurl - devel
+ git clone https :/ /github.com/ wpscanteam / wpscan .git
+ cd wpscan
+ sudo gem install bundler && bundle install - - without test development
+
+- > Installing on Archlinux :
+
+ pacman - Sy ruby
+ pacman - Sy libyaml
+
+ git clone https :/ /github.com/ wpscanteam / wpscan .git
+ cd wpscan
+ sudo gem install bundler && bundle install - - without test development
+
+ gem install typhoeus
+ gem install nokogiri
+
+- > Installing on Mac OS X :
+
+ git clone https :/ /github.com/ wpscanteam / wpscan .git
+ cd wpscan
+ sudo gem install bundler && bundle install - - without test development
+
+
+
KNOWN ISSUES==¶ ↑
+
+
- Typhoeus segmentation fault :
+ Update cURL to version => 7.21 (may have to install from source )
+ See http :/ /code.google.com/ p / wpscan / issues / detail? id =81
+
+- Proxy not working :
+ Update cURL to version => 7.21 .7 (may have to install from source ).
+
+ Installation from sources :
+ - Grab the sources from http :/ /curl.haxx.se/ download .html
+ - Decompress the archive
+ - Open the folder with the extracted files
+ - Run ./ configure
+ - Run make
+ - Run sudo make install
+ - Run sudo ldconfig
+
+- cannot load such file - - readline :
+ Run sudo aptitude install libreadline5 - dev libncurses5 - dev
+
+ Then , open the directory of the readline gem (you have to locate it )
+
+ cd ~ /.rvm/ rc / ruby - 1.9 .2 - p180 / ext / readline
+ ruby extconf .rb
+ make
+ make install
+
+ See http :/ /vvv.tobiassjosten.net/ ruby - on - rails / fixing - readline - for - the - ruby - on - rails - console / for more details
+
+- no such file to load - - rubygems
+ Run update - alternatives - - config ruby
+ And select your ruby version
+
+ See https :/ /github.com/ wpscanteam / wpscan / issues / 148
+
+
+
WPSCAN ARGUMENTS==¶ ↑
+
+
–update Update to the latest revision
+
+
–url | -u <target url> The WordPress URL/domain to scan.
+
+
–force | -f Forces WPScan to not check if the remote site is running
+WordPress.
+
+
–enumerate | -e [option(s)] Enumeration.
+
+
option :
+ u usernames from id 1 to 10
+ u[10-20] usernames from id 10 to 20 (you must write [] chars)
+ p plugins
+ vp only vulnerable plugins
+ ap all plugins (can take a long time)
+ tt timthumbs
+ t themes
+ vp only vulnerable themes
+ at all themes (can take a long time)
+Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+If no option is supplied, the default is 'vt,tt,u,vp'
+
+
–exclude-content-based ‘<regexp or string>’ Used with the
+enumeration option, will exclude all occurrences based on the regexp or
+string supplied
+
+
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+
+
–config-file | -c <config file> Use the specified config file
+
+
–follow-redirection If the target url has a redirection, it will be
+followed without asking if you wanted to do so or not
+
+
–wp-content-dir <wp content dir> WPScan try to find the content
+directory (ie wp-content) by scanning the index page, however you can
+specified it. Subdirectories are allowed
+
+
–wp-plugins-dir <wp plugins dir> Same thing than –wp-content-dir but
+for the plugins directory. If not supplied, WPScan will use
+wp-content-dir/plugins. Subdirectories are allowed
+
+
–proxy <[protocol://]host:port> Supply a proxy (will override the
+one from conf/browser.conf.json ).
+
+
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+
+
–proxy-auth <username:password> Supply the proxy login credentials
+(will override the one from conf/browser.conf.json ).
+
+
–basic-auth <username:password> Set the HTTP Basic authentication
+
+
–wordlist | -w <wordlist> Supply a wordlist for the password bruter
+and do the brute.
+
+
–threads | -t <number of threads> The number of threads to use when
+multi-threading requests. (will override the value from conf/browser.conf.json )
+
+
–username | -U <username> Only brute force the supplied username.
+
+
–help | -h This help screen.
+
+
–verbose | -v Verbose output.
+
+
WPSCAN EXAMPLES==¶ ↑
+
+
Do ‘non-intrusive’ checks…
+
+
ruby wpscan.rb --url www.example.com
+
+
Do wordlist password brute force on enumerated users using 50 threads…
+
+
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
+
+
Do wordlist password brute force on the ‘admin’ username only…
+
+
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
+
+
Enumerate installed plugins…
+
+
ruby wpscan.rb --url www.example.com --enumerate p
+
+
+
+
–help | -h This help screen. –Verbose | -v Verbose output. –update
+| -u Update to the latest revision. –generate_plugin_list [number of
+pages] Generate a new data/plugins.txt file. (supply number of
+pages to parse, default : 150) –gpl Alias for
+–generate_plugin_list –check-local-vulnerable-files | –clvf <local
+directory> Perform a recursive scan in the <local directory> to
+find vulnerable files or shells
+
+
+
+
+
ruby wpstools.rb –generate_plugin_list 150
+
+
+
ruby wpstools.rb –check-local-vulnerable-files /var/www/wordpress/
+
+
PROJECT HOME===¶ ↑
+
+
www.wpscan.org
+
+
REPOSITORY===¶ ↑
+
+
github.com/wpscanteam/wpscan
+
+
ISSUES===¶ ↑
+
+
github.com/wpscanteam/wpscan/issues
+
+
+
+
WPScan is sponsored by the RandomStorm Open Source Initiative.
+
+
Visit RandomStorm at www.randomstorm.com
+
+
+
+
+
+
+
diff --git a/doc_rdoc/README_md.html b/doc_rdoc/README_md.html
new file mode 100644
index 00000000..9b255245
--- /dev/null
+++ b/doc_rdoc/README_md.html
@@ -0,0 +1,537 @@
+
+
+
+
+
+
+
README - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
WPScan - WordPress Security Scanner Copyright (C), 2011-2013 The WPScan
+Team
+
+
This program is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the Free
+Software Foundation, either version 3 of the License, or (at your option)
+any later version.
+
+
This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+more details.
+
+
You should have received a copy of the GNU General Public License along
+with this program. If not, see www.gnu.org/licenses /.
+
+
ryandewhurst at gmail
+
+
INSTALL¶ ↑
+
+
WPScan comes pre-installed on the following Linux distributions:
+
+
+
Prerequisites:
+
+Windows not supported
+
+Ruby => 1.9
+
+RubyGems
+
+Git
+
+
+
Installing on Debian/Ubuntu:
+
+
apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+
+
clone https://github.com/wpscanteam/wpscan.git
+
+
wpscan
+
+
gem install bundler && bundle install --without test development
+
+
Installing on Fedora:
+
+
yum install libcurl-devel
+
+
clone https://github.com/wpscanteam/wpscan.git
+
+
wpscan
+
+
gem install bundler && bundle install --without test development
+
+
Installing on Archlinux:
+
+
-Sy ruby
+
+
-Sy libyaml
+
+
clone https://github.com/wpscanteam/wpscan.git
+
+
wpscan
+
+
gem install bundler && bundle install --without test development
+
+
install typhoeus
+
+
install nokogiri
+
+
Installing on Mac OSX:
+
+
clone https://github.com/wpscanteam/wpscan.git
+
+
wpscan
+
+
gem install bundler && bundle install --without test development
+
+
KNOWN ISSUES¶ ↑
+
+Typhoeus segmentation fault
+
+Update cURL to version => 7.21 (may have to install from source) See
+code.google.com/p/wpscan/issues/detail?id=81
+
+Proxy not working
+
+Update cURL to version => 7.21.7 (may have to install from source).
+
+Installation from sources : Grab the sources from
+http://curl.haxx.se/download.html Decompress the archive Open the
+folder with the extracted files Run ./configure Run make Run
+sudo make install Run sudo ldconfig
+
+cannot load such file -- readline:
+
+sudo aptitude install libreadline5-dev libncurses5-dev
+
+Then, open the directory of the readline gem (you have to locate it)
+ cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline ruby extconf.rb
+make make install
+
+See vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console /
+for more details
+
+no such file to load -- rubygems
+
+update-alternatives --config ruby
+
+And select your ruby version
+
+See github.com/wpscanteam/wpscan/issues/148
+
+
+
WPSCAN ARGUMENTS¶ ↑
+
+
--update Update to the latest revision
+
+--url | -u <target url> The WordPress URL/domain to scan.
+
+--force | -f Forces WPScan to not check if the remote site is running WordPress.
+
+--enumerate | -e [option(s)] Enumeration.
+ option :
+ u usernames from id 1 to 10
+ u[10-20] usernames from id 10 to 20 (you must write [] chars)
+ p plugins
+ vp only vulnerable plugins
+ ap all plugins (can take a long time)
+ tt timthumbs
+ t themes
+ vt only vulnerable themes
+ at all themes (can take a long time)
+Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+If no option is supplied, the default is 'vt,tt,u,vp'
+
+--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+ You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+
+--config-file | -c <config file> Use the specified config file
+
+--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not
+
+--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
+
+--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
+
+--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
+ HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+
+--proxy-auth <username:password> Supply the proxy login credentials (will override the one from conf/browser.conf.json).
+
+--basic-auth <username:password> Set the HTTP Basic authentication
+
+--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.
+
+--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+
+--username | -U <username> Only brute force the supplied username.
+
+--help | -h This help screen.
+
+--verbose | -v Verbose output.
+
+
WPSCAN EXAMPLES¶ ↑
+
+
Do ‘non-intrusive’ checks…
+
+
wpscan .rb - - url www .example .com
+
+
+
Do wordlist password brute force on enumerated users using 50 threads…
+
+
wpscan .rb - - url www .example .com - - wordlist darkc0de .lst - - threads 50
+
+
+
Do wordlist password brute force on the ‘admin’ username only…
+
+
wpscan .rb - - url www .example .com - - wordlist darkc0de .lst - - username admin
+
+
+
Enumerate installed plugins…
+
+
wpscan .rb - - url www .example .com - - enumerate p
+
+
+
Run all enumeration tools…
+
+
wpscan .rb - - url www .example .com - - enumerate
+
+
+
Use custom content directory…
+
+
wpscan .rb - u www .example .com - - wp - content - dir custom - content
+
+
+
Update WPScan…
+
+
wpscan .rb - - update
+
+
+
+
+
--help | -h This help screen.
+--Verbose | -v Verbose output.
+--update | -u Update to the latest revision.
+--generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
+--gpl Alias for --generate_plugin_list
+--check-local-vulnerable-files | --clvf <local directory> Perform a recursive scan in the <local directory> to find vulnerable files or shells
+
+
+
+
Generate a new ‘most popular’ plugin list, up to 150 pages…
+
+
wpstools .rb - - generate_plugin_list 150
+
+
+
Locally scan a wordpress installation for vulnerable files or shells :
+ruby wpstools.rb --check-local-vulnerable-files
+/var/www/wordpress/
+
+
PROJECT HOME¶ ↑
+
+
www.wpscan.org
+
+
GIT REPOSITORY¶ ↑
+
+
github.com/wpscanteam/wpscan
+
+
ISSUES¶ ↑
+
+
github.com/wpscanteam/wpscan/issues
+
+
+
+
WPScan is sponsored by the RandomStorm Open Source Initiative.
+
+
+
+
+
+
+
diff --git a/doc_rdoc/StatsPlugin.html b/doc_rdoc/StatsPlugin.html
new file mode 100644
index 00000000..a6a49192
--- /dev/null
+++ b/doc_rdoc/StatsPlugin.html
@@ -0,0 +1,660 @@
+
+
+
+
+
+
+
class StatsPlugin - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class StatsPlugin
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ new ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+def initialize
+ super (author : 'WPScanTeam - Christian Mehlmauer' )
+
+ register_options (
+ ['--stats' , '--s' , 'Show WpScan Database statistics' ]
+ )
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ lines_in_file (file)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def lines_in_file (file )
+ IO .readlines (file ).size
+end
+
+
+
+
+
+
+
+
+
+
+ plugin_vulns_count (file=PLUGINS_VULNS_FILE)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def plugin_vulns_count (file =PLUGINS_VULNS_FILE )
+ xml (file ).xpath ("count(//vulnerability)" ).to_i
+end
+
+
+
+
+
+
+
+
+
+
+ run (options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def run (options = {})
+ if options [:stats ]
+ puts "Wpscan Databse Statistics:"
+ puts "--------------------------"
+ puts "[#] Total vulnerable plugins: #{vuln_plugin_count}"
+ puts "[#] Total vulnerable themes: #{vuln_theme_count}"
+ puts "[#] Total plugin vulnerabilities: #{plugin_vulns_count}"
+ puts "[#] Total theme vulnerabilities: #{theme_vulns_count}"
+ puts "[#] Total plugins to enumerate: #{total_plugins}"
+ puts "[#] Total themes to enumerate: #{total_themes}"
+ puts
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ theme_vulns_count (file=THEMES_VULNS_FILE)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def theme_vulns_count (file =THEMES_VULNS_FILE )
+ xml (file ).xpath ("count(//vulnerability)" ).to_i
+end
+
+
+
+
+
+
+
+
+
+
+ total_plugins (file=PLUGINS_FULL_FILE)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def total_plugins (file =PLUGINS_FULL_FILE )
+ lines_in_file (file )
+end
+
+
+
+
+
+
+
+
+
+
+ total_themes (file=THEMES_FULL_FILE)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def total_themes (file =THEMES_FULL_FILE )
+ lines_in_file (file )
+end
+
+
+
+
+
+
+
+
+
+
+ vuln_plugin_count (file=PLUGINS_VULNS_FILE)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def vuln_plugin_count (file =PLUGINS_VULNS_FILE )
+ xml (file ).xpath ("count(//plugin)" ).to_i
+end
+
+
+
+
+
+
+
+
+
+
+ vuln_theme_count (file=THEMES_VULNS_FILE)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def vuln_theme_count (file =THEMES_VULNS_FILE )
+ xml (file ).xpath ("count(//theme)" ).to_i
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/SvnParser.html b/doc_rdoc/SvnParser.html
new file mode 100644
index 00000000..6c89448b
--- /dev/null
+++ b/doc_rdoc/SvnParser.html
@@ -0,0 +1,444 @@
+
+
+
+
+
+
+
class SvnParser - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class SvnParser
+
+
+
+
This Class Parses SVN Repositories via HTTP
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ keep_empty_dirs [RW]
+
+
+
+
+
+
+
+
+
+ svn_root [RW]
+
+
+
+
+
+
+
+
+
+ verbose [RW]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ new (svn_root)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def initialize (svn_root )
+ @svn_root = svn_root
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ parse ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def parse
+ get_root_directories
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/SvnUpdater.html b/doc_rdoc/SvnUpdater.html
new file mode 100644
index 00000000..8b5e45d0
--- /dev/null
+++ b/doc_rdoc/SvnUpdater.html
@@ -0,0 +1,444 @@
+
+
+
+
+
+
+
class SvnUpdater - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class SvnUpdater
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ REVISION_PATTERN
+
+
+
+
+ TRUNK_URL
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ is_installed? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def is_installed?
+ %x[svn info "#@repo_directory" --xml 2>&1] =~ /revision=/ ? true : false
+end
+
+
+
+
+
+
+
+
+
+
+ local_revision_number ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def local_revision_number
+ local_revision = %x[svn info "#@repo_directory" --xml 2>&1]
+ local_revision [REVISION_PATTERN , 1 ].to_s
+end
+
+
+
+
+
+
+
+
+
+
+ update ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def update
+ %x[svn up "#@repo_directory"]
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Terminal.html b/doc_rdoc/Terminal.html
new file mode 100644
index 00000000..75bf995d
--- /dev/null
+++ b/doc_rdoc/Terminal.html
@@ -0,0 +1,300 @@
+
+
+
+
+
+
+
module Terminal - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module Terminal
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Terminal/Table.html b/doc_rdoc/Terminal/Table.html
new file mode 100644
index 00000000..b52da836
--- /dev/null
+++ b/doc_rdoc/Terminal/Table.html
@@ -0,0 +1,401 @@
+
+
+
+
+
+
+
class Terminal::Table - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class Terminal::Table
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ render ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def render
+ separator = Separator .new (self )
+ buffer = [separator ]
+ unless @title .nil?
+ buffer << Row .new (self , [title_cell_options ])
+ buffer << separator
+ end
+ unless @headings .cells .empty?
+ buffer << @headings
+ buffer << separator
+ end
+ buffer += @rows
+ buffer << separator
+ buffer .map { | r | style .margin_left + r .render }.join ("\n" )
+end
+
+
+
+
+
+
+ Also aliased as:
to_s
+
+
+
+
+
+
+
+ to_s ()
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Terminal/Table/Style.html b/doc_rdoc/Terminal/Table/Style.html
new file mode 100644
index 00000000..24a93057
--- /dev/null
+++ b/doc_rdoc/Terminal/Table/Style.html
@@ -0,0 +1,417 @@
+
+
+
+
+
+
+
class Terminal::Table::Style - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class Terminal::Table::Style
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ alignment [RW]
+
+
+
+
+
+
+
+
+
+ border_i [RW]
+
+
+
+
+
+
+
+
+
+ border_x [RW]
+
+
+
+
+
+
+
+
+
+ border_y [RW]
+
+
+
+
+
+
+
+
+
+ margin_left [RW]
+
+
+
+
+
+
+
+
+
+ padding_left [RW]
+
+
+
+
+
+
+
+
+
+ padding_right [RW]
+
+
+
+
+
+
+
+
+
+ width [RW]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Typhoeus.html b/doc_rdoc/Typhoeus.html
new file mode 100644
index 00000000..6f012595
--- /dev/null
+++ b/doc_rdoc/Typhoeus.html
@@ -0,0 +1,307 @@
+
+
+
+
+
+
+
module Typhoeus - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module Typhoeus
+
+
+
+
This is used in WpItem::Existable
+
+
Implementaion of a cache_key (Typhoeus::Request#hash has too many options)
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Typhoeus/Request.html b/doc_rdoc/Typhoeus/Request.html
new file mode 100644
index 00000000..904b8c71
--- /dev/null
+++ b/doc_rdoc/Typhoeus/Request.html
@@ -0,0 +1,306 @@
+
+
+
+
+
+
+
class Typhoeus::Request - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class Typhoeus::Request
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Typhoeus/Request/Cacheable.html b/doc_rdoc/Typhoeus/Request/Cacheable.html
new file mode 100644
index 00000000..eea925df
--- /dev/null
+++ b/doc_rdoc/Typhoeus/Request/Cacheable.html
@@ -0,0 +1,349 @@
+
+
+
+
+
+
+
module Typhoeus::Request::Cacheable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module Typhoeus::Request::Cacheable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ cache_key ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def cache_key
+ Digest :: SHA2 .hexdigest ("#{url}-#{options[:body]}-#{options[:method]}" )[0 .. 32 ]
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Typhoeus/Response.html b/doc_rdoc/Typhoeus/Response.html
new file mode 100644
index 00000000..afe27dfb
--- /dev/null
+++ b/doc_rdoc/Typhoeus/Response.html
@@ -0,0 +1,360 @@
+
+
+
+
+
+
+
class Typhoeus::Response - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class Typhoeus::Response
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ has_valid_hash? (error_404_hash, homepage_hash)
+
+ click to toggle source
+
+
+
+
+
+
+
Compare the body hash to error_404_hash and homepage_hash returns true if
+they are different, false otherwise
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def has_valid_hash? (error_404_hash , homepage_hash )
+ body_hash = WebSite .page_hash (self )
+
+ body_hash != error_404_hash && body_hash != homepage_hash
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/TyphoeusCache.html b/doc_rdoc/TyphoeusCache.html
new file mode 100644
index 00000000..8daa55cb
--- /dev/null
+++ b/doc_rdoc/TyphoeusCache.html
@@ -0,0 +1,390 @@
+
+
+
+
+
+
+
class TyphoeusCache - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class TyphoeusCache
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ get (request)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def get (request )
+ read_entry (request .cache_key )
+end
+
+
+
+
+
+
+
+
+
+
+ set (request, response)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def set (request , response )
+ write_entry (request .cache_key , response , request .cache_ttl )
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/URI.html b/doc_rdoc/URI.html
new file mode 100644
index 00000000..387f77cf
--- /dev/null
+++ b/doc_rdoc/URI.html
@@ -0,0 +1,383 @@
+
+
+
+
+
+
+
module URI - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module URI
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ encode (str)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ escape (str)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def escape (str )
+ URI :: Parser .new .escape (str )
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Updater.html b/doc_rdoc/Updater.html
new file mode 100644
index 00000000..d99ccae1
--- /dev/null
+++ b/doc_rdoc/Updater.html
@@ -0,0 +1,490 @@
+
+
+
+
+
+
+
class Updater - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class Updater
+
+
+
+
This class act as an absract one
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ repo_directory [R]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ new (repo_directory = nil)
+
+ click to toggle source
+
+
+
+
+
+
+
TODO : add a last ‘/ to #repo_directory if it’s
+not present
+
+
+
+
+
+
+def initialize (repo_directory = nil )
+ @repo_directory = repo_directory
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ is_installed? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def is_installed?
+ raise NotImplementedError
+end
+
+
+
+
+
+
+
+
+
+
+ local_revision_number ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def local_revision_number
+ raise NotImplementedError
+end
+
+
+
+
+
+
+
+
+
+
+ update ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def update
+ raise NotImplementedError
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/UpdaterFactory.html b/doc_rdoc/UpdaterFactory.html
new file mode 100644
index 00000000..b7ef43c4
--- /dev/null
+++ b/doc_rdoc/UpdaterFactory.html
@@ -0,0 +1,403 @@
+
+
+
+
+
+
+
class UpdaterFactory - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class UpdaterFactory
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ get_updater (repo_directory)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def self .get_updater (repo_directory )
+ self .available_updaters_classes ().each do | updater_symbol |
+ updater = Object .const_get (updater_symbol ).new (repo_directory )
+
+ if updater .is_installed?
+ return updater
+ end
+ end
+ nil
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ available_updaters_classes ()
+
+ click to toggle source
+
+
+
+
+
+
+
return array of class symbols
+
+
+
+
+
+
+def self .available_updaters_classes
+ Object .constants .grep (/^.+Updater$/ )
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Vulnerabilities.html b/doc_rdoc/Vulnerabilities.html
new file mode 100644
index 00000000..950fc040
--- /dev/null
+++ b/doc_rdoc/Vulnerabilities.html
@@ -0,0 +1,319 @@
+
+
+
+
+
+
+
class Vulnerabilities - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class Vulnerabilities
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Vulnerabilities/Output.html b/doc_rdoc/Vulnerabilities/Output.html
new file mode 100644
index 00000000..7ec2ea5d
--- /dev/null
+++ b/doc_rdoc/Vulnerabilities/Output.html
@@ -0,0 +1,351 @@
+
+
+
+
+
+
+
module Vulnerabilities::Output - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module Vulnerabilities::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ output ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def output
+ self .each do | v |
+ v .output
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Vulnerability.html b/doc_rdoc/Vulnerability.html
new file mode 100644
index 00000000..8cde243e
--- /dev/null
+++ b/doc_rdoc/Vulnerability.html
@@ -0,0 +1,523 @@
+
+
+
+
+
+
+
class Vulnerability - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class Vulnerability
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ references [RW]
+
+
+
+
+
+
+
+
+
+ title [RW]
+
+
+
+
+
+
+
+
+
+ type [RW]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ load_from_xml_node (xml_node)
+
+ click to toggle source
+
+
+
+
+
+
+
Create the Vulnerability from the xml_node
+
+
@param [ Nokogiri::XML::Node ] xml_node
+
+
@return [ Vulnerability ]
+
+
+
+
+
+
+def self .load_from_xml_node (xml_node )
+ new (
+ xml_node .search ('title' ).text ,
+ xml_node .search ('type' ).text ,
+ xml_node .search ('reference' ).map (& :text ),
+ xml_node .search ('metasploit' ).map (& :text )
+ )
+end
+
+
+
+
+
+
+
+
+
+
+ new (title, type, references, metasploit_modules = [])
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ String ] title The title of the vulnerability @param [ String ]
+type The type of the vulnerability @param [ Array
+] references References urls @param [ Array ] #metasploit_modules
+Metasploit modules for the vulnerability
+
+
@return [ Vulnerability ]
+
+
+
+
+
+
+def initialize (title , type , references , metasploit_modules = [])
+ @title = title
+ @type = type
+ @references = references
+ @metasploit_modules = metasploit_modules
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ == (other)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ Vulnerability ] other
+
+
@return [ Boolean ] :nocov:
+
+
+
+
+
+
+def == (other )
+ title == other .title && type == other .type && references == other .references
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/Vulnerability/Output.html b/doc_rdoc/Vulnerability/Output.html
new file mode 100644
index 00000000..e377cee2
--- /dev/null
+++ b/doc_rdoc/Vulnerability/Output.html
@@ -0,0 +1,399 @@
+
+
+
+
+
+
+
module Vulnerability::Output - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module Vulnerability::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ output ()
+
+ click to toggle source
+
+
+
+
+
+
+
output the vulnerability
+
+
+
+
+
+
+def output
+ puts ' |'
+ puts ' | ' + red ("* Title: #{title}" )
+ references .each do | r |
+ puts ' | ' + red ("* Reference: #{r}" )
+ end
+ metasploit_modules .each do | m |
+ puts ' | ' + red ("* Metasploit module: #{Output.metasploit_module_url(m)}" )
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WebSite.html b/doc_rdoc/WebSite.html
new file mode 100644
index 00000000..2d3f5802
--- /dev/null
+++ b/doc_rdoc/WebSite.html
@@ -0,0 +1,995 @@
+
+
+
+
+
+
+
class WebSite - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WebSite
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ uri [R]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ has_log? (log_url, pattern)
+
+ click to toggle source
+
+
+
+
+
+
+
Only the first 700 bytes are checked to avoid the download of the whole
+file which can be very huge (like 2 Go)
+
+
@param [ String ] log_url @param [ RegEx ] pattern
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def self .has_log? (log_url , pattern )
+ log_body = Browser .get (log_url , headers : {'range' => 'bytes=0-700' }).body
+ log_body [pattern ] ? true : false
+end
+
+
+
+
+
+
+
+
+
+
+ new (site_url)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def initialize (site_url )
+ self .url = site_url
+end
+
+
+
+
+
+
+
+
+
+
+ page_hash (page)
+
+ click to toggle source
+
+
+
+
+
+
+
Compute the MD5 of the page Comments are deleted from the page to avoid
+cache generation details
+
+
@param [ String, Typhoeus::Response ]
+page The url of the response of the page
+
+
@return [ String ] The MD5 hash of the page
+
+
+
+
+
+
+def self .page_hash (page )
+ page = Browser .get (page ) unless page .is_a? (Typhoeus :: Response )
+
+ Digest :: MD5 .hexdigest (page .body .gsub (/<!--.*?-->/ , '' ))
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ error_404_hash ()
+
+ click to toggle source
+
+
+
+
+
+
+
Return the MD5 hash of a 404 page
+
+
+
+
+
+
+def error_404_hash
+ unless @error_404_hash
+ non_existant_page = Digest :: MD5 .hexdigest (rand (999_999_999 ).to_s ) + '.html'
+ @error_404_hash = WebSite .page_hash (@uri .merge (non_existant_page ).to_s )
+ end
+ @error_404_hash
+end
+
+
+
+
+
+
+
+
+
+
+ has_basic_auth? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def has_basic_auth?
+ Browser .get (@uri .to_s ).code == 401
+end
+
+
+
+
+
+
+
+
+
+
+ has_robots? ()
+
+ click to toggle source
+
+
+
+
+
+
+
Checks if a robots.txt file exists
+
+
+
+
+
+
+def has_robots?
+ Browser .get (robots_url ).code == 200
+end
+
+
+
+
+
+
+
+
+
+
+ has_xml_rpc? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def has_xml_rpc?
+ ! xml_rpc_url .nil?
+end
+
+
+
+
+
+
+
+
+
+
+ homepage_hash ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def homepage_hash
+ unless @homepage_hash
+ @homepage_hash = WebSite .page_hash (@uri .to_s )
+ end
+ @homepage_hash
+end
+
+
+
+
+
+
+
+
+
+
+ online? ()
+
+ click to toggle source
+
+
+
+
+
+
+
Checks if the remote website is up.
+
+
+
+
+
+
+def online?
+ Browser .get (@uri .to_s ).code != 0
+end
+
+
+
+
+
+
+
+
+
+
+ redirection (url = nil)
+
+ click to toggle source
+
+
+
+
+
+
+
See if the remote url returns 30x redirect This method is recursive Return
+a string with the redirection or nil
+
+
+
+
+
+
+def redirection (url = nil )
+ redirection = nil
+ url ||= @uri .to_s
+ response = Browser .get (url )
+
+ if response .code == 301 || response .code == 302
+ redirection = response .headers_hash ['location' ]
+
+
+ if other_redirection = redirection (redirection )
+ redirection = other_redirection
+ end
+ end
+
+ redirection
+end
+
+
+
+
+
+
+
+
+
+
+ robots_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
Gets a robots.txt URL
+
+
@return [ String ]
+
+
+
+
+
+
+def robots_url
+ @uri .merge ('robots.txt' ).to_s
+end
+
+
+
+
+
+
+
+
+
+
+ url ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def url
+ @uri .to_s
+end
+
+
+
+
+
+
+
+
+
+
+ url= (url)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def url= (url )
+ @uri = URI .parse (add_trailing_slash (add_http_protocol (url )))
+end
+
+
+
+
+
+
+
+
+
+
+ xml_rpc_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+ xml_rpc_url_from_body ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def xml_rpc_url_from_body
+ body = Browser .get (@uri .to_s ).body
+
+ body [%r{<link rel="pingback" href="([^"]+)" ?\/?>} , 1 ]
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpItem.html b/doc_rdoc/WpItem.html
new file mode 100644
index 00000000..f394025f
--- /dev/null
+++ b/doc_rdoc/WpItem.html
@@ -0,0 +1,832 @@
+
+
+
+
+
+
+
class WpItem - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpItem
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ found_from [R]
+
+
+
+
+
+
+
+
+
+ name [RW]
+
+
+
+
+
+
+
+
+
+ path [R]
+
+
+
+
+
+
+
+
+
+ version [W]
+
+
+
+
+
+
+
+
+
+ wp_content_dir [RW]
+
+
+
+
+
+
+
+
+
+ wp_plugins_dir [RW]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ new (target_base_uri, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ URI ] target_base_uri @param [ Hash ]
+options See allowed_option
+
+
@return [ WpItem ]
+
+
+
+
+
+
+def initialize (target_base_uri , options = {})
+
+ options [:wp_content_dir ] ||= 'wp-content'
+ options [:wp_plugins_dir ] ||= options [:wp_content_dir ] + '/plugins'
+
+ set_options (options )
+ forge_uri (target_base_uri )
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ <=> (other)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpItem ] other
+
+
+
+
+
+
+def <=> (other )
+ name <=> other .name
+end
+
+
+
+
+
+
+
+
+
+
+ == (other)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpItem ] other
+
+
+
+
+
+
+def == (other )
+ name === other .name
+end
+
+
+
+
+
+
+
+
+
+
+ === (other)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpItem ] other
+
+
+
+
+
+
+def === (other )
+ self == other && version === other .version
+end
+
+
+
+
+
+
+
+
+
+
+ allowed_options ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Array ] Make it private ?
+
+
+
+
+
+
+def allowed_options
+ [:name , :wp_content_dir , :wp_plugins_dir , :path , :version , :vulns_file ]
+end
+
+
+
+
+
+
+
+
+
+
+ forge_uri (target_base_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ URI ] target_base_uri
+
+
@return [ void ]
+
+
+
+
+
+
+def forge_uri (target_base_uri )
+ @uri = target_base_uri
+end
+
+
+
+
+
+
+
+
+
+
+ found_from= (method)
+
+ click to toggle source
+
+
+
+
+
+
+
Sets the #found_from
+attribute
+
+
@param [ String ] method The method which found the WpItem
+
+
@return [ void ]
+
+
+
+
+
+
+def found_from= (method )
+ found = method [%r{find_from_(.*)} , 1 ]
+ @found_from = found .gsub ('_' , ' ' ) if found
+end
+
+
+
+
+
+
+
+
+
+
+ path= (path)
+
+ click to toggle source
+
+
+
+
+
+
+
Sets the path
+
+
Variable, such as $wp-plugins$ and $wp-content$ can be used and will be
+replace by their value
+
+
@param [ String ] path
+
+
@return [ void ]
+
+
+
+
+
+
+def path= (path )
+ @path = URI .encode (
+ path .gsub (/\$wp-plugins\$/ , wp_plugins_dir ).gsub (/\$wp-content\$/ , wp_content_dir )
+ )
+end
+
+
+
+
+
+
+
+
+
+
+ uri ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ URI ] The uri to the WpItem , with the path if present
+
+
+
+
+
+
+def uri
+ path ? @uri .merge (path ) : @uri
+end
+
+
+
+
+
+
+
+
+
+
+ url ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The url to the WpItem
+
+
+
+
+
+
+def url ; uri .to_s end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpItem/Existable.html b/doc_rdoc/WpItem/Existable.html
new file mode 100644
index 00000000..11456169
--- /dev/null
+++ b/doc_rdoc/WpItem/Existable.html
@@ -0,0 +1,419 @@
+
+
+
+
+
+
+
module WpItem::Existable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpItem::Existable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ exists? (options = {}, response = nil)
+
+ click to toggle source
+
+
+
+
+
+
+
Check the existence of the WpItem If the
+response is supplied, it’s used for the verification Otherwise a new
+request is done
+
+
@param [ Hash ] options See exists_from_response? @param [ Typhoeus::Response ] response
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def exists? (options = {}, response = nil )
+ unless response
+ response = Browser .get (url )
+ end
+ exists_from_response? (response , options )
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ exists_from_response? (response, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ Typhoeus::Response ]
+response @param [ options ] options
+
+
@option options [ Hash ] :error_404_hash The hash of the error 404 page
+@option options [ Hash ] :homepage_hash The hash of the homepage @option
+options [ Hash ] :exclude_content A regexp with the pattern to exclude from
+the body of the response
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def exists_from_response? (response , options = {})
+ if [200 , 401 , 403 ].include? (response .code )
+ if response .has_valid_hash? (options [:error_404_hash ], options [:homepage_hash ])
+ if options [:exclude_content ]
+ unless response .body .match (options [:exclude_content ])
+ return true
+ end
+ else
+ return true
+ end
+ end
+ end
+ false
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpItem/Findable.html b/doc_rdoc/WpItem/Findable.html
new file mode 100644
index 00000000..c88dd56e
--- /dev/null
+++ b/doc_rdoc/WpItem/Findable.html
@@ -0,0 +1,300 @@
+
+
+
+
+
+
+
module WpItem::Findable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpItem::Findable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpItem/Infos.html b/doc_rdoc/WpItem/Infos.html
new file mode 100644
index 00000000..23b8c1cd
--- /dev/null
+++ b/doc_rdoc/WpItem/Infos.html
@@ -0,0 +1,609 @@
+
+
+
+
+
+
+
module WpItem::Infos - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpItem::Infos
+
+
+
+
@uri is used instead of uri to avoid the presence of the :path into it
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ changelog_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The url to the changelog file
+
+
+
+
+
+
+def changelog_url
+ @uri .merge ('changelog.txt' ).to_s
+end
+
+
+
+
+
+
+
+
+
+
+ error_log_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The url to the error_log file
+
+
+
+
+
+
+def error_log_url
+ @uri .merge ('error_log' ).to_s
+end
+
+
+
+
+
+
+
+
+
+
+ has_changelog? ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def has_changelog?
+ url_is_200? (changelog_url )
+end
+
+
+
+
+
+
+
+
+
+
+ has_directory_listing? ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def has_directory_listing?
+ Browser .get (@uri .to_s ).body [%r{<title>Index of} ] ? true : false
+end
+
+
+
+
+
+
+
+
+
+
+ has_error_log? ()
+
+ click to toggle source
+
+
+
+
+
+
+
Discover any error_log files created by WordPress These are created by the
+WordPress error_log() function They are normally found in the /plugins/
+directory, however can also be found in their specific plugin dir. www.exploit-db.com/ghdb/3714 /
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def has_error_log?
+ WebSite .has_log? (error_log_url , %r{PHP Fatal error} )
+end
+
+
+
+
+
+
+
+
+
+
+ has_readme? ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def has_readme?
+ ! readme_url .nil?
+end
+
+
+
+
+
+
+
+
+
+
+ readme_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String,nil ] The url to the readme file, nil if not found
+
+
+
+
+
+
+def readme_url
+ %w{readme.txt README.txt} .each do | readme |
+ url = @uri .merge (readme ).to_s
+ return url if url_is_200? (url )
+ end
+ nil
+end
+
+
+
+
+
+
+
+
+
+
+ url_is_200? (url)
+
+ click to toggle source
+
+
+
+
+
+
+
Checks if the url status code is 200
+
+
@param [ String ] url
+
+
@return [ Boolean ] True if the url status is 200
+
+
+
+
+
+
+def url_is_200? (url )
+ Browser .get (url ).code == 200
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpItem/Output.html b/doc_rdoc/WpItem/Output.html
new file mode 100644
index 00000000..8209f056
--- /dev/null
+++ b/doc_rdoc/WpItem/Output.html
@@ -0,0 +1,361 @@
+
+
+
+
+
+
+
module WpItem::Output - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpItem::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ output ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Void ]
+
+
+
+
+
+
+def output
+ puts
+ puts " | Name: #{self}"
+ puts " | Location: #{url}"
+
+ puts ' | Directory listing enabled: Yes' if has_directory_listing?
+ puts " | Readme: #{readme_url}" if has_readme?
+ puts " | Changelog: #{changelog_url}" if has_changelog?
+
+ vulnerabilities .output
+
+ if has_error_log?
+ puts ' | ' + red ('[!]' ) + " An error_log file has been found : #{error_log_url}"
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpItem/Versionable.html b/doc_rdoc/WpItem/Versionable.html
new file mode 100644
index 00000000..abfc4daa
--- /dev/null
+++ b/doc_rdoc/WpItem/Versionable.html
@@ -0,0 +1,391 @@
+
+
+
+
+
+
+
module WpItem::Versionable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpItem::Versionable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ to_s ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def to_s
+ item_version = self .version
+ "#@name#{' v' + item_version.strip if item_version}"
+end
+
+
+
+
+
+
+
+
+
+
+ version ()
+
+ click to toggle source
+
+
+
+
+
+
+
Get the version from the readme.txt
+
+
@return [ String ] The version number
+
+
+
+
+
+
+def version
+ unless @version
+ response = Browser .get (readme_url )
+ @version = response .body [%r{stable tag: #{WpVersion.version_pattern}} , 1 ]
+ end
+ @version
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpItem/Vulnerable.html b/doc_rdoc/WpItem/Vulnerable.html
new file mode 100644
index 00000000..d55e14b1
--- /dev/null
+++ b/doc_rdoc/WpItem/Vulnerable.html
@@ -0,0 +1,391 @@
+
+
+
+
+
+
+
module WpItem::Vulnerable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpItem::Vulnerable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ vulns_file [RW]
+
+
+
+
+
+
+
+
+
+ vulns_xpath [RW]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ vulnerabilities ()
+
+ click to toggle source
+
+
+
+
+
+
+
Get the vulnerabilities associated to the WpItem
+
+
@return [ Vulnerabilities ]
+
+
+
+
+
+
+def vulnerabilities
+ xml = xml (vulns_file )
+ vulnerabilities = Vulnerabilities .new
+
+ xml .xpath (vulns_xpath ).each do | node |
+ vulnerabilities << Vulnerability .load_from_xml_node (node )
+ end
+ vulnerabilities
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpItems.html b/doc_rdoc/WpItems.html
new file mode 100644
index 00000000..d0e9bcbb
--- /dev/null
+++ b/doc_rdoc/WpItems.html
@@ -0,0 +1,332 @@
+
+
+
+
+
+
+
class WpItems - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpItems
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpItems/Detectable.html b/doc_rdoc/WpItems/Detectable.html
new file mode 100644
index 00000000..3ad1ab78
--- /dev/null
+++ b/doc_rdoc/WpItems/Detectable.html
@@ -0,0 +1,798 @@
+
+
+
+
+
+
+
module WpItems::Detectable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpItems::Detectable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ item_xpath [R]
+
+
+
+
+
+
+
+
+
+ vulns_file [R]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ aggressive_detection (wp_target, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpTarget ] wp_target @param [ Hash
+] options @option options [ Boolean ] :show_progression Whether or not
+output the progress bar @option options [ Boolean ] :only_vulnerable Only
+check for vulnerable items @option options [ String ] :exclude_content
+
+
@return [ WpItems ]
+
+
+
+
+
+
+def aggressive_detection (wp_target , options = {})
+ browser = Browser .instance
+ hydra = browser .hydra
+ targets = targets_items (wp_target , options )
+ progress_bar = progress_bar (targets .size , options )
+ exist_options = {
+ error_404_hash : wp_target .error_404_hash ,
+ homepage_hash : wp_target .homepage_hash ,
+ exclude_content : options [:exclude_content ] ? %r{#{options[:exclude_content]}} : nil
+ }
+
+
+
+ results = options [:only_vulnerable ] ? new : passive_detection (wp_target , options )
+
+ targets .each do | target_item |
+ request = browser .forge_request (target_item .url , request_params )
+
+ request .on_complete do | response |
+ progress_bar .progress += 1 if options [:show_progression ]
+
+ if target_item .exists? (exist_options , response )
+ if ! results .include? (target_item )
+ results << target_item
+ end
+ end
+ end
+
+ hydra .queue (request )
+ end
+
+ hydra .run
+ results .sort!
+ results
+end
+
+
+
+
+
+
+
+
+
+
+ passive_detection (wp_target, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpTarget ] wp_target @param [ Hash
+] options
+
+
@return [ WpItems ]
+
+
+
+
+
+
+def passive_detection (wp_target , options = {})
+ results = new
+ item_class = self .item_class
+ type = self .to_s .gsub (/Wp/ , '' ).downcase
+ response = Browser .get (wp_target .url )
+ item_options = {
+ wp_content_dir : wp_target .wp_content_dir ,
+ wp_plugins_dir : wp_target .wp_plugins_dir ,
+ vulns_file : self .vulns_file
+ }
+
+ regex1 = %r{(?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\?/}
+ regex2 = %r{\?/}
+ regex3 = %r{\?/([^/\"']+)\?(?:/|"|')}
+
+ names = response .body .scan (/#{regex1}#{Regexp.escape(wp_target.wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/ )
+
+ names .flatten .uniq .each do | name |
+ results << item_class .new (wp_target .uri , item_options .merge (name : name ))
+ end
+
+ results .sort!
+ results
+end
+
+
+
+
+
+
+
+
+
+
+ progress_bar (targets_size, options)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ Integer ] targets_size @param [ Hash ] options
+
+
@return [ ProgressBar ] :nocov:
+
+
+
+
+
+
+def progress_bar (targets_size , options )
+ if options [:show_progression ]
+ ProgressBar .create (
+ format : '%t %a <%B> (%c / %C) %P%% %e' ,
+ title : ' ' ,
+ length : 120 ,
+ total : targets_size
+ )
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ create_item (klass, name, wp_target, vulns_file = nil)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ Class ] klass @param [ String ] name @param [ WpTarget ] wp_target @option [ String ] #vulns_file
+
+
@return [ WpItem ]
+
+
+
+
+
+
+def create_item (klass , name , wp_target , vulns_file = nil )
+ klass .new (
+ wp_target .uri ,
+ name : name ,
+ vulns_file : vulns_file ,
+ wp_content_dir : wp_target .wp_content_dir ,
+ wp_plugins_dir : wp_target .wp_plugins_dir
+ )
+end
+
+
+
+
+
+
+
+
+
+
+ item_class ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Class ]
+
+
+
+
+
+
+def item_class
+ Object .const_get (self .to_s .gsub (/.$/ , '' ))
+end
+
+
+
+
+
+
+
+
+
+
+ request_params ()
+
+ click to toggle source
+
+
+
+
+
+
+
The default request parameters
+
+
@return [ Hash ]
+
+
+
+
+
+
+def request_params ; { cache_ttl : 0 , followlocation : true } end
+
+
+
+
+
+
+
+
+
+
+ targets_items (wp_target, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpTarget ] wp_target @param [
+options ] options @option options [ Boolean ] :only_vulnerable @option
+options [ String ] :file The path to the file containing the targets
+
+
@return [ Array <WpItem> ]
+
+
+
+
+
+
+def targets_items (wp_target , options = {})
+ item_class = self .item_class
+ vulns_file = self .vulns_file
+
+ targets = vulnerable_targets_items (wp_target , item_class , vulns_file )
+
+ unless options [:only_vulnerable ]
+ unless options [:file ]
+ raise 'A file must be supplied'
+ end
+
+ targets += targets_items_from_file (options [:file ], wp_target , item_class , vulns_file )
+ end
+
+ targets .uniq! { | t | t .name }
+ targets .sort_by { rand }
+end
+
+
+
+
+
+
+
+
+
+
+ targets_items_from_file (file, wp_target, item_class, vulns_file)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ String ] file @param [ WpTarget ]
+wp_target @param [ Class ] #item_class @param [ String
+] #vulns_file
+
+
@return [ WpItem ]
+
+
+
+
+
+
+def targets_items_from_file (file , wp_target , item_class , vulns_file )
+ targets = []
+
+ File .open (file , 'r' ) do | f |
+ f .readlines .collect do | item_name |
+ targets << create_item (
+ item_class ,
+ item_name .strip ,
+ wp_target ,
+ vulns_file
+ )
+ end
+ end
+ targets
+end
+
+
+
+
+
+
+
+
+
+
+ vulnerable_targets_items (wp_target, item_class, vulns_file)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpTarget ] wp_target @param [ Class
+] #item_class @param [
+String ] #vulns_file
+
+
@return [ Array <WpItem> ]
+
+
+
+
+
+
+def vulnerable_targets_items (wp_target , item_class , vulns_file )
+ targets = []
+ xml = xml (vulns_file )
+
+ xml .xpath (item_xpath ).each do | node |
+ targets << create_item (
+ item_class ,
+ node .attribute ('name' ).text ,
+ wp_target ,
+ vulns_file
+ )
+ end
+ targets
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpItems/Output.html b/doc_rdoc/WpItems/Output.html
new file mode 100644
index 00000000..7e0d3d53
--- /dev/null
+++ b/doc_rdoc/WpItems/Output.html
@@ -0,0 +1,349 @@
+
+
+
+
+
+
+
module WpItems::Output - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpItems::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ output ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def output
+ self .each { | item | item .output }
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpPlugin.html b/doc_rdoc/WpPlugin.html
new file mode 100644
index 00000000..b9cc88ba
--- /dev/null
+++ b/doc_rdoc/WpPlugin.html
@@ -0,0 +1,373 @@
+
+
+
+
+
+
+
class WpPlugin - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpPlugin
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ forge_uri (target_base_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
Sets the @uri
+
+
@param [ URI ] target_base_uri The URI of the wordpress blog
+
+
@return [ void ]
+
+
+
+
+
+
+def forge_uri (target_base_uri )
+ @uri = target_base_uri .merge (URI .encode (wp_plugins_dir + '/' + name + '/' ))
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpPlugin/Vulnerable.html b/doc_rdoc/WpPlugin/Vulnerable.html
new file mode 100644
index 00000000..d44098f6
--- /dev/null
+++ b/doc_rdoc/WpPlugin/Vulnerable.html
@@ -0,0 +1,387 @@
+
+
+
+
+
+
+
module WpPlugin::Vulnerable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpPlugin::Vulnerable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ vulns_file ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The path to the file containing vulnerabilities
+
+
+
+
+
+
+def vulns_file
+ unless @vulns_file
+ @vulns_file = PLUGINS_VULNS_FILE
+ end
+ @vulns_file
+end
+
+
+
+
+
+
+
+
+
+
+ vulns_xpath ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def vulns_xpath
+ "//plugin[@name='#{@name}']/vulnerability"
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpPlugins.html b/doc_rdoc/WpPlugins.html
new file mode 100644
index 00000000..8bc41586
--- /dev/null
+++ b/doc_rdoc/WpPlugins.html
@@ -0,0 +1,319 @@
+
+
+
+
+
+
+
class WpPlugins - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpPlugins
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpPlugins/Detectable.html b/doc_rdoc/WpPlugins/Detectable.html
new file mode 100644
index 00000000..55f227a2
--- /dev/null
+++ b/doc_rdoc/WpPlugins/Detectable.html
@@ -0,0 +1,384 @@
+
+
+
+
+
+
+
module WpPlugins::Detectable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpPlugins::Detectable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ item_xpath ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def item_xpath
+ '//plugin'
+end
+
+
+
+
+
+
+
+
+
+
+ vulns_file ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def vulns_file
+ PLUGINS_VULNS_FILE
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTarget.html b/doc_rdoc/WpTarget.html
new file mode 100644
index 00000000..5e563647
--- /dev/null
+++ b/doc_rdoc/WpTarget.html
@@ -0,0 +1,832 @@
+
+
+
+
+
+
+
class WpTarget - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpTarget
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ verbose [R]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ new (target_url, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+def initialize (target_url , options = {})
+ super (target_url )
+
+ @verbose = options [:verbose ]
+ @wp_content_dir = options [:wp_content_dir ]
+ @wp_plugins_dir = options [:wp_plugins_dir ]
+ @multisite = nil
+
+ Browser .instance (options .merge (:max_threads => options [:threads ]))
+end
+
+
+
+
+
+
+
+
+
+
+ valid_response_codes ()
+
+ click to toggle source
+
+
+
+
+
+
+
Valid HTTP return codes
+
+
+
+
+
+
+def self .valid_response_codes
+ [200 , 301 , 302 , 401 , 403 , 500 , 400 ]
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ debug_log_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def debug_log_url
+ @uri .merge ("#{wp_content_dir()}/debug.log" ).to_s
+end
+
+
+
+
+
+
+
+
+
+
+ has_debug_log? ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def has_debug_log?
+ WebSite .has_log? (debug_log_url , %r{\[[^\]]+\] PHP (?:Warning|Error|Notice):} )
+end
+
+
+
+
+
+
+
+
+
+
+ has_plugin? (name, version = nil)
+
+ click to toggle source
+
+
+
+
+
+
+
The version is not yet considerated
+
+
@param [ String ] name @param [ String ] version
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def has_plugin? (name , version = nil )
+ WpPlugin .new (
+ @uri ,
+ name : name ,
+ version : version ,
+ wp_content_dir : wp_content_dir ,
+ wp_plugins_dir : wp_plugins_dir
+ ).exists?
+end
+
+
+
+
+
+
+
+
+
+
+ login_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def login_url
+ url = @uri .merge ('wp-login.php' ).to_s
+
+
+ redirection = redirection (url )
+ if redirection
+ url = redirection
+ end
+
+ url
+end
+
+
+
+
+
+
+
+
+
+
+ search_replace_db_2_exists? ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def search_replace_db_2_exists?
+ resp = Browser .get (search_replace_db_2_url )
+ resp .code == 200 && resp .body [%r{by interconnect} ]
+end
+
+
+
+
+
+
+
+
+
+
+ search_replace_db_2_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+ theme ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ WpTheme ] :nocov:
+
+
+
+
+
+
+def theme
+ WpTheme .find (@uri )
+end
+
+
+
+
+
+
+
+
+
+
+ version (versions_xml)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ String ] versions_xml
+
+
@return [ WpVersion ] :nocov:
+
+
+
+
+
+
+def version (versions_xml )
+ WpVersion .find (@uri , wp_content_dir , wp_plugins_dir , versions_xml )
+end
+
+
+
+
+
+
+
+
+
+
+ wordpress? ()
+
+ click to toggle source
+
+
+
+
+
+
+
check if the target website is actually running wordpress.
+
+
+
+
+
+
+def wordpress?
+ wordpress = false
+
+ response = Browser .get_and_follow_location (@uri .to_s )
+
+ if response .body =~ /["'][^"']*\/wp-content\/[^"']*["']/
+ wordpress = true
+ else
+ response = Browser .get_and_follow_location (xml_rpc_url )
+
+ if response .body =~ %r{XML-RPC server accepts POST requests only}
+ wordpress = true
+ else
+ response = Browser .get_and_follow_location (login_url )
+
+ if response .code == 200 && response .body =~ %r{WordPress}
+ wordpress = true
+ end
+ end
+ end
+
+ wordpress
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTarget/Malwares.html b/doc_rdoc/WpTarget/Malwares.html
new file mode 100644
index 00000000..9db54326
--- /dev/null
+++ b/doc_rdoc/WpTarget/Malwares.html
@@ -0,0 +1,481 @@
+
+
+
+
+
+
+
module WpTarget::Malwares - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTarget::Malwares
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ malware_pattern (url_regex)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def self .malware_pattern (url_regex )
+
+ %r{<(?:script|iframe).* src=(?:"|')(#{url_regex}[^"']*)(?:"|')[^>]*>}
+end
+
+
+
+
+
+
+
+
+
+
+ malwares_file (malwares_file_path)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def self .malwares_file (malwares_file_path )
+ malwares_file_path || DATA_DIR + '/malwares.txt'
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ has_malwares? (malwares_file_path = nil)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def has_malwares? (malwares_file_path = nil )
+ ! malwares (malwares_file_path ).empty?
+end
+
+
+
+
+
+
+
+
+
+
+ malwares (malwares_file_path = nil)
+
+ click to toggle source
+
+
+
+
+
+
+
return array of string (url of malwares found)
+
+
+
+
+
+
+def malwares (malwares_file_path = nil )
+ unless @malwares
+ malwares_found = []
+ malwares_file = Malwares .malwares_file (malwares_file_path )
+ index_page_body = Browser .get (@uri .to_s ).body
+
+ File .open (malwares_file , 'r' ) do | file |
+ file .readlines .collect do | url |
+ chomped_url = url .chomp
+
+ if chomped_url .length > 0
+ malwares_found += index_page_body .scan (Malwares .malware_pattern (chomped_url ))
+ end
+ end
+ end
+
+ malwares_found .flatten!
+ malwares_found .uniq!
+
+ @malwares = malwares_found
+ end
+ @malwares
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTarget/WpConfigBackup.html b/doc_rdoc/WpTarget/WpConfigBackup.html
new file mode 100644
index 00000000..7a833c53
--- /dev/null
+++ b/doc_rdoc/WpTarget/WpConfigBackup.html
@@ -0,0 +1,423 @@
+
+
+
+
+
+
+
module WpTarget::WpConfigBackup - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTarget::WpConfigBackup
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ config_backup_files ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return Array
+
+
+
+
+
+
+def self .config_backup_files
+ %w{
+ wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
+ wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
+ wp-config.orig wp-config.php.original wp-config.original wp-config.txt
+ }
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ config_backup ()
+
+ click to toggle source
+
+
+
+
+
+
+
Checks to see if wp-config.php has a backup See www.feross.org/cmsploit / return
+an array of backup config files url
+
+
+
+
+
+
+def config_backup
+ found = []
+ backups = WpConfigBackup .config_backup_files
+ browser = Browser .instance
+ hydra = browser .hydra
+ queue_count = 0
+
+ backups .each do | file |
+ file_url = @uri .merge (URI .escape (file )).to_s
+ request = browser .forge_request (file_url )
+
+ request .on_complete do | response |
+ if response .body [%r{define} ] and not response .body [%r{<\s?html} ]
+ found << file_url
+ end
+ end
+
+ hydra .queue (request )
+ queue_count += 1
+
+ if queue_count == browser .max_threads
+ hydra .run
+ queue_count = 0
+ end
+ end
+
+ hydra .run
+
+ found
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTarget/WpCustomDirectories.html b/doc_rdoc/WpTarget/WpCustomDirectories.html
new file mode 100644
index 00000000..6b3f3a9f
--- /dev/null
+++ b/doc_rdoc/WpTarget/WpCustomDirectories.html
@@ -0,0 +1,476 @@
+
+
+
+
+
+
+
module WpTarget::WpCustomDirectories - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTarget::WpCustomDirectories
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ default_wp_content_dir_exists? ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def default_wp_content_dir_exists?
+ response = Browser .get (@uri .merge ('wp-content' ).to_s )
+ hash = Digest :: MD5 .hexdigest (response .body )
+
+ if WpTarget .valid_response_codes .include? (response .code )
+ return true if hash != error_404_hash and hash != homepage_hash
+ end
+
+ false
+end
+
+
+
+
+
+
+
+
+
+
+ wp_content_dir ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The wp-content directory
+
+
+
+
+
+
+def wp_content_dir
+ unless @wp_content_dir
+ index_body = Browser .get (@uri .to_s ).body
+ uri_path = @uri .path
+
+ if index_body [/\/wp-content\/(?:themes|plugins)\// ] || default_wp_content_dir_exists?
+ @wp_content_dir = 'wp-content'
+ else
+ domains_excluded = '(?:www\.)?(facebook|twitter)\.com'
+ @wp_content_dir = index_body [/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^"']+)\/(?:themes|plugins)\/.*(?:"|')/ , 1 ]
+ end
+ end
+
+ @wp_content_dir
+end
+
+
+
+
+
+
+
+
+
+
+ wp_plugins_dir ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The wp-plugins directory
+
+
+
+
+
+
+def wp_plugins_dir
+ unless @wp_plugins_dir
+ @wp_plugins_dir = "#{wp_content_dir}/plugins"
+ end
+ @wp_plugins_dir
+end
+
+
+
+
+
+
+
+
+
+
+ wp_plugins_dir_exists? ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def wp_plugins_dir_exists?
+ Browser .get (@uri .merge (wp_plugins_dir ).to_s ).code != 404
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTarget/WpFullPathDisclosure.html b/doc_rdoc/WpTarget/WpFullPathDisclosure.html
new file mode 100644
index 00000000..102c2a10
--- /dev/null
+++ b/doc_rdoc/WpTarget/WpFullPathDisclosure.html
@@ -0,0 +1,387 @@
+
+
+
+
+
+
+
module WpTarget::WpFullPathDisclosure - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTarget::WpFullPathDisclosure
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ full_path_disclosure_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def full_path_disclosure_url
+ @uri .merge ('wp-includes/rss-functions.php' ).to_s
+end
+
+
+
+
+
+
+
+
+
+
+ has_full_path_disclosure? ()
+
+ click to toggle source
+
+
+
+
+
+
+
Check for Full Path Disclosure (FPD)
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def has_full_path_disclosure?
+ response = Browser .get (full_path_disclosure_url ())
+ response .body [%r{Fatal error} ] ? true : false
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTarget/WpLoginProtection.html b/doc_rdoc/WpTarget/WpLoginProtection.html
new file mode 100644
index 00000000..ead20506
--- /dev/null
+++ b/doc_rdoc/WpTarget/WpLoginProtection.html
@@ -0,0 +1,889 @@
+
+
+
+
+
+
+
module WpTarget::WpLoginProtection - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTarget::WpLoginProtection
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ LOGIN_PROTECTION_METHOD_PATTERN
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ has_login_protection? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def has_login_protection?
+ ! login_protection_plugin ().nil?
+end
+
+
+
+
+
+
+
+
+
+
+ login_protection_plugin ()
+
+ click to toggle source
+
+
+
+
+
+
+
Checks if a login protection plugin is enabled code.google.com/p/wpscan/issues/detail?id=111
+return a WpPlugin object or nil if no one is
+found
+
+
+
+
+
+
+def login_protection_plugin
+ unless @login_protection_plugin
+ protected_methods .grep (LOGIN_PROTECTION_METHOD_PATTERN ).each do | symbol_to_call |
+
+ if send (symbol_to_call )
+ plugin_name = symbol_to_call [LOGIN_PROTECTION_METHOD_PATTERN , 1 ].gsub ('_' , '-' )
+
+ return @login_protection_plugin = WpPlugin .new (
+ @uri ,
+ name : plugin_name ,
+ wp_content_dir : wp_content_dir ,
+ wp_plugins_dir : wp_plugins_dir
+ )
+ end
+ end
+ @login_protection_plugin = nil
+ end
+ @login_protection_plugin
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ better_wp_security_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def better_wp_security_url
+ plugin_url ('better-wp-security/' )
+end
+
+
+
+
+
+
+
+
+
+
+ bluetrait_event_viewer_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def bluetrait_event_viewer_url
+ plugin_url ('bluetrait-event-viewer' )
+end
+
+
+
+
+
+
+
+
+
+
+ has_better_wp_security_protection? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+ has_bluetrait_event_viewer_protection? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+ has_limit_login_attempts_protection? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+ has_login_lock_protection? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+ has_login_lockdown_protection? ()
+
+ click to toggle source
+
+
+
+
+
+
+
Thanks to Alip Aswalid for providing this method. wordpress.org/extend/plugins/login-lockdown /
+
+
+
+
+
+
+def has_login_lockdown_protection?
+ Browser .get (login_url ).body =~ %r{Login LockDown} ? true : false
+end
+
+
+
+
+
+
+
+
+
+
+ has_login_security_solution_protection? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+ has_simple_login_lockdown_protection? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+ limit_login_attempts_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def limit_login_attempts_url
+ plugin_url ('limit-login-attempts' )
+end
+
+
+
+
+
+
+
+
+
+
+ login_security_solution_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def login_security_solution_url
+ plugin_url ('login-security-solution' )
+end
+
+
+
+
+
+
+
+
+
+
+ plugin_url (plugin_name)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def plugin_url (plugin_name )
+ WpPlugin .new (
+ @uri ,
+ name : plugin_name ,
+ wp_content_dir : wp_content_dir ,
+ wp_plugins_dir : wp_plugins_dir
+ ).url
+end
+
+
+
+
+
+
+
+
+
+
+ simple_login_lockdown_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def simple_login_lockdown_url
+ plugin_url ('simple-login-lockdown/' )
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTarget/WpReadme.html b/doc_rdoc/WpTarget/WpReadme.html
new file mode 100644
index 00000000..7787f07e
--- /dev/null
+++ b/doc_rdoc/WpTarget/WpReadme.html
@@ -0,0 +1,394 @@
+
+
+
+
+
+
+
module WpTarget::WpReadme - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTarget::WpReadme
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ has_readme? ()
+
+ click to toggle source
+
+
+
+
+
+
+
Checks to see if the readme.html file exists
+
+
This file comes by default in a wordpress installation, and if deleted is
+reinstated with an upgrade.
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def has_readme?
+ response = Browser .get (readme_url ())
+
+ unless response .code == 404
+ return response .body =~ %r{wordpress} ? true : false
+ end
+ false
+end
+
+
+
+
+
+
+
+
+
+
+ readme_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The readme URL
+
+
+
+
+
+
+def readme_url
+ @uri .merge ('readme.html' ).to_s
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTarget/WpRegistrable.html b/doc_rdoc/WpTarget/WpRegistrable.html
new file mode 100644
index 00000000..d261f9f6
--- /dev/null
+++ b/doc_rdoc/WpTarget/WpRegistrable.html
@@ -0,0 +1,450 @@
+
+
+
+
+
+
+
module WpTarget::WpRegistrable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTarget::WpRegistrable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ multisite? ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def multisite?
+ unless @multisite
+
+
+ resp = Browser .get (@uri .merge ('wp-signup.php' ).to_s )
+
+ if resp .code == 302 and resp .headers_hash ['location' ] =~ /wp-login\.php\?action=register/
+ @multisite = false
+ elsif resp .code == 302 and resp .headers_hash ['location' ] =~ /wp-signup\.php/
+ @multisite = true
+ elsif resp .code == 200
+ @multisite = true
+ else
+ @multisite = false
+ end
+ end
+ @multisite
+end
+
+
+
+
+
+
+
+
+
+
+ registration_enabled? ()
+
+ click to toggle source
+
+
+
+
+
+
+
Should check wp-login.php if registration is enabled or not
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def registration_enabled?
+ resp = Browser .get (registration_url )
+
+ if resp .code == 302 and resp .headers_hash ['location' ] =~ /wp-login\.php\?registration=disabled/
+ enabled = false
+
+ elsif resp .code == 200 and resp .body =~ /<form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*">/
+ enabled = true
+
+ elsif resp .code == 200 and resp .body =~ /<form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*"/
+ enabled = true
+
+ else
+ enabled = false
+ end
+ enabled
+end
+
+
+
+
+
+
+
+
+
+
+ registration_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The registration URL
+
+
+
+
+
+
+def registration_url
+ multisite? ? @uri .merge ('wp-signup.php' ).to_s : @uri .merge ('wp-login.php?action=register' ).to_s
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTheme.html b/doc_rdoc/WpTheme.html
new file mode 100644
index 00000000..ae8c13ba
--- /dev/null
+++ b/doc_rdoc/WpTheme.html
@@ -0,0 +1,487 @@
+
+
+
+
+
+
+
class WpTheme - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpTheme
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ style_url [W]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ allowed_options ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+def allowed_options ; super << :style_url end
+
+
+
+
+
+
+
+
+
+
+ forge_uri (target_base_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
Sets the @uri
+
+
@param [ URI ] target_base_uri The URI of the wordpress blog
+
+
@return [ void ]
+
+
+
+
+
+
+def forge_uri (target_base_uri )
+ @uri = target_base_uri .merge (URI .encode (wp_content_dir + '/themes/' + name + '/' ))
+end
+
+
+
+
+
+
+
+
+
+
+ style_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The url to the theme stylesheet
+
+
+
+
+
+
+def style_url
+ unless @style_url
+ @style_url = uri .merge ('style.css' ).to_s
+ end
+ @style_url
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTheme/Findable.html b/doc_rdoc/WpTheme/Findable.html
new file mode 100644
index 00000000..2938468f
--- /dev/null
+++ b/doc_rdoc/WpTheme/Findable.html
@@ -0,0 +1,474 @@
+
+
+
+
+
+
+
module WpTheme::Findable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTheme::Findable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ find (target_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
Find the main theme of the blog
+
+
@param [ URI ] target_uri
+
+
@return [ WpTheme ]
+
+
+
+
+
+
+def find (target_uri )
+ methods .grep (/^find_from_/ ).each do | method |
+ if wp_theme = self .send (method , target_uri )
+ wp_theme .found_from = method
+
+ return wp_theme
+ end
+ end
+ nil
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ find_from_css_link (target_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
Discover the wordpress theme by parsing the css link rel
+
+
@param [ URI ] target_uri
+
+
@return [ WpTheme ]
+
+
+
+
+
+
+def find_from_css_link (target_uri )
+ response = Browser .get_and_follow_location (target_uri .to_s )
+
+
+ matches = %r{(?:https?://[^"']+)?/([^/]+)/themes/([^"']+)/style.css} .match (response .body )
+ if matches
+ return new (
+ target_uri ,
+ {
+ name : matches [2 ],
+ style_url : matches [0 ],
+ wp_content_dir : matches [1 ]
+ }
+ )
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ find_from_wooframework (target_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
code.google.com/p/wpscan/issues/detail?id=141
+
+
@param [ URI ] target_uri
+
+
@return [ WpTheme ]
+
+
+
+
+
+
+def find_from_wooframework (target_uri )
+ body = Browser .get (target_uri .to_s ).body
+ regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}
+
+
+ if matches = regexp .match (body )
+ woo_theme_name = matches [1 ]
+ woo_theme_version = matches [2 ]
+
+
+ return new (
+ target_uri ,
+ {
+ name : woo_theme_name ,
+ version : woo_theme_version
+ }
+ )
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTheme/Versionable.html b/doc_rdoc/WpTheme/Versionable.html
new file mode 100644
index 00000000..3f44cabf
--- /dev/null
+++ b/doc_rdoc/WpTheme/Versionable.html
@@ -0,0 +1,360 @@
+
+
+
+
+
+
+
module WpTheme::Versionable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTheme::Versionable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ version ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+ Calls superclass method
+
+
+
+
+
+
+
+def version
+ unless @version
+ @version = Browser .get (style_url ).body [%r{Version:\s([^\s]+)} , 1 ]
+
+
+ @version ||= super
+ end
+ @version
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTheme/Vulnerable.html b/doc_rdoc/WpTheme/Vulnerable.html
new file mode 100644
index 00000000..0e6e18e8
--- /dev/null
+++ b/doc_rdoc/WpTheme/Vulnerable.html
@@ -0,0 +1,387 @@
+
+
+
+
+
+
+
module WpTheme::Vulnerable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTheme::Vulnerable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ vulns_file ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The path to the file containing vulnerabilities
+
+
+
+
+
+
+def vulns_file
+ unless @vulns_file
+ @vulns_file = THEMES_VULNS_FILE
+ end
+ @vulns_file
+end
+
+
+
+
+
+
+
+
+
+
+ vulns_xpath ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def vulns_xpath
+ "//theme[@name='#{@name}']/vulnerability"
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpThemes.html b/doc_rdoc/WpThemes.html
new file mode 100644
index 00000000..056d59ed
--- /dev/null
+++ b/doc_rdoc/WpThemes.html
@@ -0,0 +1,319 @@
+
+
+
+
+
+
+
class WpThemes - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpThemes
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpThemes/Detectable.html b/doc_rdoc/WpThemes/Detectable.html
new file mode 100644
index 00000000..c178e5cf
--- /dev/null
+++ b/doc_rdoc/WpThemes/Detectable.html
@@ -0,0 +1,384 @@
+
+
+
+
+
+
+
module WpThemes::Detectable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpThemes::Detectable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ item_xpath ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def item_xpath
+ '//theme'
+end
+
+
+
+
+
+
+
+
+
+
+ vulns_file ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def vulns_file
+ THEMES_VULNS_FILE
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTimthumb.html b/doc_rdoc/WpTimthumb.html
new file mode 100644
index 00000000..b371394c
--- /dev/null
+++ b/doc_rdoc/WpTimthumb.html
@@ -0,0 +1,380 @@
+
+
+
+
+
+
+
class WpTimthumb - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpTimthumb
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ == (other)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpTimthumb ] other
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def == (other )
+ url == other .url
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTimthumb/Existable.html b/doc_rdoc/WpTimthumb/Existable.html
new file mode 100644
index 00000000..fbac3816
--- /dev/null
+++ b/doc_rdoc/WpTimthumb/Existable.html
@@ -0,0 +1,352 @@
+
+
+
+
+
+
+
module WpTimthumb::Existable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTimthumb::Existable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ exists_from_response? (response, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ Typhoeus::Response ]
+response @param [ Hash ] options
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def exists_from_response? (response , options = {})
+ response .code == 400 && response .body =~ /no image specified/ ? true : false
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTimthumb/Output.html b/doc_rdoc/WpTimthumb/Output.html
new file mode 100644
index 00000000..762aa171
--- /dev/null
+++ b/doc_rdoc/WpTimthumb/Output.html
@@ -0,0 +1,349 @@
+
+
+
+
+
+
+
module WpTimthumb::Output - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTimthumb::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ output ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def output
+ puts ' | ' + red ('[!]' ) + " #{self}"
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTimthumb/Versionable.html b/doc_rdoc/WpTimthumb/Versionable.html
new file mode 100644
index 00000000..61c61827
--- /dev/null
+++ b/doc_rdoc/WpTimthumb/Versionable.html
@@ -0,0 +1,391 @@
+
+
+
+
+
+
+
module WpTimthumb::Versionable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTimthumb::Versionable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ to_s ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def to_s
+ "#{url}#{ ' v' + version if version}"
+end
+
+
+
+
+
+
+
+
+
+
+ version ()
+
+ click to toggle source
+
+
+
+
+
+
+
Get the version from the body of an invalid request See code.google.com/p/timthumb/source/browse/trunk/timthumb.php#426
+
+
@return [ String ] The version
+
+
+
+
+
+
+def version
+ unless @version
+ response = Browser .get (url )
+ @version = response .body [%r{TimThumb version\s*: ([^<]+)} , 1 ]
+ end
+ @version
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTimthumbs.html b/doc_rdoc/WpTimthumbs.html
new file mode 100644
index 00000000..a3506259
--- /dev/null
+++ b/doc_rdoc/WpTimthumbs.html
@@ -0,0 +1,319 @@
+
+
+
+
+
+
+
class WpTimthumbs - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpTimthumbs
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpTimthumbs/Detectable.html b/doc_rdoc/WpTimthumbs/Detectable.html
new file mode 100644
index 00000000..2ebd830b
--- /dev/null
+++ b/doc_rdoc/WpTimthumbs/Detectable.html
@@ -0,0 +1,544 @@
+
+
+
+
+
+
+
module WpTimthumbs::Detectable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpTimthumbs::Detectable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ passive_detection (wp_target, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
No passive detection
+
+
@param [ WpTarget ] wp_target @param [ Hash
+] options
+
+
@return [ WpTimthumbs ]
+
+
+
+
+
+
+def passive_detection (wp_target , options = {})
+ new
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ create_item (wp_target, path = nil)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpTarget ] wp_target @option [
+String ] path
+
+
@return [ WpTimthumb ]
+
+
+
+
+
+
+def create_item (wp_target , path = nil )
+ options = {
+ wp_content_dir : wp_target .wp_content_dir ,
+ wp_plugins_dir : wp_target .wp_plugins_dir
+ }
+
+ options .merge! (path : path ) if path
+
+ WpTimthumb .new (wp_target .uri , options )
+end
+
+
+
+
+
+
+
+
+
+
+ targets_items (wp_target, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpTarget ] wp_target @param [ Hash
+] options @option options [ String ] :file The path to the file containing
+the targets @option options [ String ] :theme_name
+
+
@return [ Array <WpTimthumb> ]
+
+
+
+
+
+
+def targets_items (wp_target , options = {})
+ targets = options [:theme_name ] ? theme_timthumbs (options [:theme_name ], wp_target ) : []
+
+ if options [:file ]
+ targets += targets_items_from_file (options [:file ], wp_target )
+ end
+
+ targets .uniq { | i | i .url }
+end
+
+
+
+
+
+
+
+
+
+
+ targets_items_from_file (file, wp_target)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ String ] file @param [ WpTarget ]
+wp_target
+
+
@return [ Array <WpTimthumb> ]
+
+
+
+
+
+
+def targets_items_from_file (file , wp_target )
+ targets = []
+
+ File .open (file , 'r' ) do | f |
+ f .readlines .collect do | path |
+ targets << create_item (wp_target , path .strip )
+ end
+ end
+ targets
+end
+
+
+
+
+
+
+
+
+
+
+ theme_timthumbs (theme_name, wp_target)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ String ] theme_name @param [ WpTarget ] wp_target
+
+
@return [ Array <WpTimthumb> ]
+
+
+
+
+
+
+def theme_timthumbs (theme_name , wp_target )
+ targets = []
+ wp_timthumb = create_item (wp_target )
+
+ %w{
+ timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
+ scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+ } .each do | path |
+ wp_timthumb .path = "$wp-content$/themes/#{theme_name}/#{path}"
+
+ targets << wp_timthumb .dup
+ end
+ targets
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpUser.html b/doc_rdoc/WpUser.html
new file mode 100644
index 00000000..42d4399a
--- /dev/null
+++ b/doc_rdoc/WpUser.html
@@ -0,0 +1,651 @@
+
+
+
+
+
+
+
class WpUser - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpUser
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ display_name [RW]
+
+
+
+
+
+
+
+
+
+ id [RW]
+
+
+
+
+
+
+
+
+
+ login [RW]
+
+
+
+
+
+
+
+
+
+ password [RW]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ <=> (other)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpUser ] other
+
+
+
+
+
+
+def <=> (other )
+ id <=> other .id
+end
+
+
+
+
+
+
+
+
+
+
+ == (other)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpUser ] other
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def == (other )
+ self === other
+end
+
+
+
+
+
+
+
+
+
+
+ === (other)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpUser ] other
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def === (other )
+ id === other .id && login === other .login
+end
+
+
+
+
+
+
+
+
+
+
+ allowed_options ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Array <Symbol> ]
+
+
+
+
+
+
+def allowed_options ; [:id , :login , :display_name , :password ] end
+
+
+
+
+
+
+
+
+
+
+ login_url ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def login_url
+ @uri .merge ('wp-login.php' ).to_s
+end
+
+
+
+
+
+
+
+
+
+
+ to_s ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def to_s
+ s = "#{id}"
+ s += " | #{login}" if login
+ s += " | #{display_name}" if display_name
+ s
+end
+
+
+
+
+
+
+
+
+
+
+ uri ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ URI ] The uri to the auhor page
+
+
+
+
+
+
+def uri
+ if id
+ return @uri .merge ("?author=#{id}" )
+ else
+ raise 'The id is nil'
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpUser/BruteForcable.html b/doc_rdoc/WpUser/BruteForcable.html
new file mode 100644
index 00000000..88cbb5da
--- /dev/null
+++ b/doc_rdoc/WpUser/BruteForcable.html
@@ -0,0 +1,607 @@
+
+
+
+
+
+
+
module WpUser::BruteForcable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpUser::BruteForcable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ passwords_from_wordlist (wordlist)
+
+ click to toggle source
+
+
+
+
+
+
+
Load the passwords from the wordlist, which can be a file path or an array
+or passwords
+
+
File comments are ignored, but will miss
+passwords if they start with a hash...
+
+
@param [ String, Array <String> ] wordlist
+
+
@return [ Array <String> ]
+
+
+
+
+
+
+def self .passwords_from_wordlist (wordlist )
+ if wordlist .is_a? (String )
+ passwords = []
+ charset = File .charset (wordlist ).upcase
+ opt = "r:#{charset}"
+
+
+ opt += ':UTF-8' if charset != 'UTF-8'
+
+ File .open (wordlist , opt ).each do | line |
+ next if line [0 ,1 ] == '#'
+
+ passwords << line .strip
+ end
+ elsif wordlist .is_a? (Array )
+ passwords = wordlist
+ else
+ raise 'Invalid wordlist, expected String or Array'
+ end
+
+ passwords
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ brute_force (wordlist, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
Brute force the user with the wordlist supplied
+
+
It can take a long time to queue 2 million requests, for that reason, we
+queue browser.max_threads, send browser.max_threads, queue
+browser.max_threads and so on.
+
+
hydra.run only returns when it has recieved all of its, responses. This
+means that while we are waiting for browser.max_threads, responses, we are
+waiting…
+
+
@param [ String, Array <String> ] wordlist
+The wordlist path @param [ Hash ] options @option options [ Boolean ]
+:verbose @option options [ Boolean ] :show_progression
+
+
@return [ void ]
+
+
+
+
+
+
+def brute_force (wordlist , options = {})
+ browser = Browser .instance
+ hydra = browser .hydra
+ passwords = BruteForcable .passwords_from_wordlist (wordlist )
+ queue_count = 0
+ found = false
+ progress_bar = self .progress_bar (passwords .size , options )
+
+ passwords .each do | password |
+ request = login_request (password )
+
+ request .on_complete do | response |
+ progress_bar .progress += 1 if options [:show_progression ] && ! found
+
+ puts "\n Trying Username : #{login} Password : #{password}" if options [:verbose ]
+
+ if valid_password? (response , password , options )
+ found = true
+ self .password = password
+ return
+ end
+ end
+
+ hydra .queue (request )
+ queue_count += 1
+
+ if queue_count >= browser .max_threads
+ hydra .run
+ queue_count = 0
+ puts "Sent #{browser.max_threads} requests ..." if options [:verbose ]
+ end
+ end
+
+
+ hydra .run
+end
+
+
+
+
+
+
+
+
+
+
+ login_request (password)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ String ] password
+
+
@return [ Typhoeus::Request ]
+
+
+
+
+
+
+def login_request (password )
+ Browser .instance .forge_request (login_url ,
+ method : :post ,
+ body : { log : login , pwd : password },
+ cache_ttl : 0
+ )
+end
+
+
+
+
+
+
+
+
+
+
+ progress_bar (passwords_size, options)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ Integer ] targets_size @param [ Hash ] options
+
+
@return [ ProgressBar ] :nocov:
+
+
+
+
+
+
+def progress_bar (passwords_size , options )
+ if options [:show_progression ]
+ ProgressBar .create (
+ format : '%t %a <%B> (%c / %C) %P%% %e' ,
+ title : " Brute Forcing '#{login}'" ,
+ length : 120 ,
+ total : passwords_size
+ )
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ valid_password? (response, password, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ Typhoeus::Response ]
+response @param [ String ] password @param [ Hash ] options @option options
+[ Boolean ] :verbose @option options [ Boolean ] :show_progression
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def valid_password? (response , password , options = {})
+ if response .code == 302
+ progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
+ valid = true
+ elsif response .body =~ /login_error/
+ verbose = "\n Incorrect login and/or password."
+ elsif response .timed_out?
+ progression = "#{red('ERROR:')} Request timed out."
+ elsif response .code == 0
+ progression = "#{red('ERROR:')} No response from remote server. WAF/IPS?"
+ elsif response .code .to_s =~ /^50/
+ progression = "#{red('ERROR:')} Server error, try reducing the number of threads."
+ else
+ progression = "#{red('ERROR:')} We received an unknown response for #{password}..."
+ verbose = red (" Code: #{response.code}\n Body: #{response.body}\n" )
+ end
+
+ puts "\n " + progression if progression && options [:show_progression ]
+ puts verbose if verbose && options [:verbose ]
+
+ valid || false
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpUser/Existable.html b/doc_rdoc/WpUser/Existable.html
new file mode 100644
index 00000000..0d3243d8
--- /dev/null
+++ b/doc_rdoc/WpUser/Existable.html
@@ -0,0 +1,493 @@
+
+
+
+
+
+
+
module WpUser::Existable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpUser::Existable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ display_name_from_body (body)
+
+ click to toggle source
+
+
+
+
+
+
+
@note Some bodies are encoded in ASCII-8BIT, and Nokogiri doesn’t support
+it
+
+
So it's forced to UTF-8 when this encoding is detected
+
+
@param [ String ] body
+
+
@return [ String ] The display_name
+
+
+
+
+
+
+def self .display_name_from_body (body )
+ if title_tag = body [%r{<title>([^<]+)</title>} , 1 ]
+ title_tag .force_encoding ('UTF-8' ) if title_tag .encoding == Encoding :: ASCII_8BIT
+ title_tag = Nokogiri :: HTML :: DocumentFragment .parse (title_tag ).to_s
+
+ title_tag .sub! ('&' , '&' )
+
+ name = title_tag [%r{([^|«]+) } , 1 ]
+
+ return name .strip if name
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ login_from_author_pattern (text)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ String ] text
+
+
@return [ String ] The login
+
+
+
+
+
+
+def self .login_from_author_pattern (text )
+ text [%r{/author/([^/\b]+)/?} , 1 ]
+end
+
+
+
+
+
+
+
+
+
+
+ login_from_body (body)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ String ] body
+
+
@return [ String ] The login
+
+
+
+
+
+
+def self .login_from_body (body )
+
+ login = WpUser :: Existable .login_from_author_pattern (body )
+
+ unless login
+
+ login = body [%r{<body class="archive author author-([^\s]+) author-(\d+)} , 1 ]
+ end
+
+ login
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ exists_from_response? (response, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ Typhoeus::Response ]
+response @param [ Hash ] options
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def exists_from_response? (response , options = {})
+ load_from_response (response )
+
+ @login ? true : false
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpUsers.html b/doc_rdoc/WpUsers.html
new file mode 100644
index 00000000..8382c72b
--- /dev/null
+++ b/doc_rdoc/WpUsers.html
@@ -0,0 +1,337 @@
+
+
+
+
+
+
+
class WpUsers - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpUsers
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpUsers/BruteForcable.html b/doc_rdoc/WpUsers/BruteForcable.html
new file mode 100644
index 00000000..3fa96aba
--- /dev/null
+++ b/doc_rdoc/WpUsers/BruteForcable.html
@@ -0,0 +1,360 @@
+
+
+
+
+
+
+
module WpUsers::BruteForcable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpUsers::BruteForcable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ brute_force (wordlist, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
Brute force each wp_user
+
+
To avoid loading the wordlist each time in the wp_user instance It’s loaded
+here, and given to the wp_user
+
+
@param [ String, Array <String> ] wordlist
+@param [ Hash ] options See WpUser::BruteForcable#brute_force
+
+
@return [ void ]
+
+
+
+
+
+
+def brute_force (wordlist , options = {})
+ passwords = WpUser :: BruteForcable .passwords_from_wordlist (wordlist )
+
+ self .each { | wp_user | wp_user .brute_force (passwords , options ) }
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpUsers/Detectable.html b/doc_rdoc/WpUsers/Detectable.html
new file mode 100644
index 00000000..61722c1c
--- /dev/null
+++ b/doc_rdoc/WpUsers/Detectable.html
@@ -0,0 +1,434 @@
+
+
+
+
+
+
+
module WpUsers::Detectable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpUsers::Detectable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ passive_detection (wp_target, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
No passive detection
+
+
@return [ WpUsers ]
+
+
+
+
+
+
+def passive_detection (wp_target , options = {})
+ new
+end
+
+
+
+
+
+
+
+
+
+
+ request_params ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Hash ]
+
+
+
+
+
+
+def request_params ; {} end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ targets_items (wp_target, options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpTarget ] wp_target @param [ Hash
+] options @option options [ Range ] :range ((1..10))
+
+
@return [ Array <WpUser> ]
+
+
+
+
+
+
+def targets_items (wp_target , options = {})
+ range = options [:range ] || (1 .. 10 )
+ targets = []
+
+ range .each do | user_id |
+ targets << WpUser .new (wp_target .uri , id : user_id )
+ end
+ targets
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpUsers/Output.html b/doc_rdoc/WpUsers/Output.html
new file mode 100644
index 00000000..32f03d98
--- /dev/null
+++ b/doc_rdoc/WpUsers/Output.html
@@ -0,0 +1,364 @@
+
+
+
+
+
+
+
module WpUsers::Output - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpUsers::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ output (options = {})
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ Hash ] options @option options[ Boolean ] :show_password Output the password column
+
+
@return [ void ]
+
+
+
+
+
+
+def output (options = {})
+ rows = []
+ headings = ['Id' , 'Login' , 'Name' ]
+ headings << 'Password' if options [:show_password ]
+
+ self .each do | wp_user |
+ row = [wp_user .id , wp_user .login , wp_user .display_name ]
+ row << wp_user .password if options [:show_password ]
+ rows << row
+ end
+
+ puts Terminal :: Table .new (headings : headings ,
+ rows : rows ,
+ style : { margin_left : options [:margin_left ] || '' })
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpVersion.html b/doc_rdoc/WpVersion.html
new file mode 100644
index 00000000..97e65d90
--- /dev/null
+++ b/doc_rdoc/WpVersion.html
@@ -0,0 +1,446 @@
+
+
+
+
+
+
+
class WpVersion - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpVersion
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ number [RW]
+
+
+
+
+
The version number
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ == (other)
+
+ click to toggle source
+
+
+
+
+
+
+
@param [ WpVersion ] other
+
+
@return [ Boolean ]
+
+
+
+
+
+
+def == (other )
+ number == other .number
+end
+
+
+
+
+
+
+
+
+
+
+ allowed_options ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ Array ]
+
+
+
+
+
+
+
+
+def allowed_options ; super << :number << :found_from end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpVersion/Findable.html b/doc_rdoc/WpVersion/Findable.html
new file mode 100644
index 00000000..0e634274
--- /dev/null
+++ b/doc_rdoc/WpVersion/Findable.html
@@ -0,0 +1,828 @@
+
+
+
+
+
+
+
module WpVersion::Findable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpVersion::Findable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ find (target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+
+ click to toggle source
+
+
+
+
+
+
+
Find the version of the blog designated from target_uri
+
+
@param [ URI ] target_uri @param [ String ]
+wp_content_dir @param [ String ] wp_plugins_dir
+
+
@return [ WpVersion ]
+
+
+
+
+
+
+def find (target_uri , wp_content_dir , wp_plugins_dir , versions_xml )
+ methods .grep (/find_from_/ ).each do | method |
+
+ if method === :find_from_advanced_fingerprinting
+ version = send (method , target_uri , wp_content_dir , wp_plugins_dir , versions_xml )
+ else
+ version = send (method , target_uri )
+ end
+
+ if version
+ return new (target_uri , number : version , found_from : method )
+ end
+ end
+ nil
+end
+
+
+
+
+
+
+
+
+
+
+ version_pattern ()
+
+ click to toggle source
+
+
+
+
+
+
+
Used to check if the version is correct: must contain at least one dot.
+
+
@return [ String ]
+
+
+
+
+
+
+def version_pattern
+ '([^\r\n"\]+\.[^\r\n"\]+)'
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ find_from_advanced_fingerprinting (target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+
+ click to toggle source
+
+
+
+
+
+
+
Uses data/wp_versions.xml to try to identify a wordpress version.
+
+
It does this by using client side file hashing
+
+
/!\ Warning : this method might return false positive if the file used for
+fingerprinting is part of a theme (they can be updated)
+
+
@param [ URI ] target_uri @param [ String ]
+wp_content_dir @param [ String ] wp_plugins_dir @param [ String ]
+versions_xml The path to the xml containing all versions
+
+
@return [ String ] The version number
+
+
+
+
+
+
+def find_from_advanced_fingerprinting (target_uri , wp_content_dir , wp_plugins_dir , versions_xml )
+ xml = xml (versions_xml )
+
+
+
+ wp_item = WpItem .new (target_uri ,
+ wp_content_dir : wp_content_dir ,
+ wp_plugins_dir : wp_plugins_dir )
+
+ xml .xpath ('//file' ).each do | node |
+ wp_item .path = node .attribute ('src' ).text
+
+ response = Browser .get (wp_item .url )
+ md5sum = Digest :: MD5 .hexdigest (response .body )
+
+ node .search ('hash' ).each do | hash |
+ if hash .attribute ('md5' ).text == md5sum
+ return hash .search ('version' ).text
+ end
+ end
+ end
+ nil
+end
+
+
+
+
+
+
+
+
+
+
+ find_from_atom_generator (target_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
Attempts to find the WordPress version from, the generator tag in the Atom
+source.
+
+
@param [ URI ] target_uri
+
+
@return [ String ] The version number
+
+
+
+
+
+
+def find_from_atom_generator (target_uri )
+ scan_url (
+ target_uri ,
+ %r{<generator uri="http://wordpress.org/" version="#{version_pattern}">WordPress</generator>} ,
+ 'feed/atom/'
+ )
+end
+
+
+
+
+
+
+
+
+
+
+ find_from_links_opml (target_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
Attempts to find the WordPress version from the p-links-opml.php file.
+
+
@param [ URI ] target_uri
+
+
@return [ String ] The version number
+
+
+
+
+
+
+def find_from_links_opml (target_uri )
+ scan_url (
+ target_uri ,
+ %r{generator="wordpress/#{version_pattern}"} ,
+ 'wp-links-opml.php'
+ )
+end
+
+
+
+
+
+
+
+
+
+
+ find_from_rdf_generator (target_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
Attempts to find WordPress version from, the generator tag in the RDF feed
+source.
+
+
@param [ URI ] target_uri
+
+
@return [ String ] The version number
+
+
+
+
+
+
+def find_from_rdf_generator (target_uri )
+ scan_url (
+ target_uri ,
+ %r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{version_pattern}" />} ,
+ 'feed/rdf/'
+ )
+end
+
+
+
+
+
+
+
+
+
+
+ find_from_readme (target_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
Attempts to find the WordPress version from the readme.html file.
+
+
@param [ URI ] target_uri
+
+
@return [ String ] The version number
+
+
+
+
+
+
+def find_from_readme (target_uri )
+ scan_url (
+ target_uri ,
+ %r{<br />\sversion #{version_pattern}} ,
+ 'readme.html'
+ )
+end
+
+
+
+
+
+
+
+
+
+
+ find_from_sitemap_generator (target_uri)
+
+ click to toggle source
+
+
+
+
+
+
+
Attempts to find the WordPress version from the sitemap.xml file.
+
+
See: code.google.com/p/wpscan/issues/detail?id=109
+
+
@param [ URI ] target_uri
+
+
@return [ String ] The version number
+
+
+
+
+
+
+def find_from_sitemap_generator (target_uri )
+ scan_url (
+ target_uri ,
+ %r{generator="wordpress/#{version_pattern}"} ,
+ 'sitemap.xml'
+ )
+end
+
+
+
+
+
+
+
+
+
+
+ scan_url (target_uri, pattern, path = nil)
+
+ click to toggle source
+
+
+
+
+
+
+
Returns the first match of <pattern> in the body of the url
+
+
@param [ URI ] target_uri @param [ Regex ]
+pattern @param [ String ] path
+
+
@return [ String ]
+
+
+
+
+
+
+def scan_url (target_uri , pattern , path = nil )
+ url = path ? target_uri .merge (path ).to_s : target_uri .to_s
+ response = Browser .get_and_follow_location (url )
+
+ response .body [pattern , 1 ]
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpVersion/Output.html b/doc_rdoc/WpVersion/Output.html
new file mode 100644
index 00000000..a5c3af02
--- /dev/null
+++ b/doc_rdoc/WpVersion/Output.html
@@ -0,0 +1,358 @@
+
+
+
+
+
+
+
module WpVersion::Output - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpVersion::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ output ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def output
+ puts green ('[+]' ) + " WordPress version #{self.number} identified from #{self.found_from}"
+
+ vulnerabilities = self .vulnerabilities
+
+ unless vulnerabilities .empty?
+ puts
+ puts red ('[!]' ) + " We have identified #{vulnerabilities.size} vulnerabilities from the version number :"
+
+ vulnerabilities .output
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpVersion/Vulnerable.html b/doc_rdoc/WpVersion/Vulnerable.html
new file mode 100644
index 00000000..45650fa7
--- /dev/null
+++ b/doc_rdoc/WpVersion/Vulnerable.html
@@ -0,0 +1,387 @@
+
+
+
+
+
+
+
module WpVersion::Vulnerable - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
module WpVersion::Vulnerable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ vulns_file ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ] The path to the file containing vulnerabilities
+
+
+
+
+
+
+def vulns_file
+ unless @vulns_file
+ @vulns_file = WP_VULNS_FILE
+ end
+ @vulns_file
+end
+
+
+
+
+
+
+
+
+
+
+ vulns_xpath ()
+
+ click to toggle source
+
+
+
+
+
+
+
@return [ String ]
+
+
+
+
+
+
+def vulns_xpath
+ "//wordpress[@version='#{@number}']/vulnerability"
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/WpscanOptions.html b/doc_rdoc/WpscanOptions.html
new file mode 100644
index 00000000..578487db
--- /dev/null
+++ b/doc_rdoc/WpscanOptions.html
@@ -0,0 +1,1244 @@
+
+
+
+
+
+
+
class WpscanOptions - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
class WpscanOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ACCESSOR_OPTIONS
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ load_from_arguments ()
+
+ click to toggle source
+
+
+
+
+
+
+
Will load the options from ARGV return WpscanOptions
+
+
+
+
+
+
+def self .load_from_arguments
+ wpscan_options = WpscanOptions .new
+
+ if ARGV .length > 0
+ WpscanOptions .get_opt_long .each do | opt , arg |
+ wpscan_options .set_option_from_cli (opt , arg )
+ end
+ end
+
+ wpscan_options
+end
+
+
+
+
+
+
+
+
+
+
+ new ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def initialize
+ ACCESSOR_OPTIONS .each do | option |
+ instance_variable_set ("@#{option}" , nil )
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ clean_option (option)
+
+ click to toggle source
+
+
+
+
+
+
+
Will removed the ‘-’ or ‘–’ chars at the beginning of option and replace
+any remaining ‘-’ by ‘_’
+
+
param string option return string
+
+
+
+
+
+
+def self .clean_option (option )
+ cleaned_option = option .gsub (/^--?/ , '' )
+ cleaned_option .gsub (/-/ , '_' )
+end
+
+
+
+
+
+
+
+
+
+
+ get_opt_long ()
+
+ click to toggle source
+
+
+
+
+
+
+
Even if a short option is given (IE : -u), the long one will be returned
+(IE : –url)
+
+
+
+
+
+
+def self .get_opt_long
+ GetoptLong .new (
+ ['--url' , '-u' , GetoptLong :: REQUIRED_ARGUMENT ],
+ ['--enumerate' , '-e' , GetoptLong :: OPTIONAL_ARGUMENT ],
+ ['--username' , '-U' , GetoptLong :: REQUIRED_ARGUMENT ],
+ ['--wordlist' , '-w' , GetoptLong :: REQUIRED_ARGUMENT ],
+ ['--threads' , '-t' , GetoptLong :: REQUIRED_ARGUMENT ],
+ ['--force' , '-f' , GetoptLong :: NO_ARGUMENT ],
+ ['--help' , '-h' , GetoptLong :: NO_ARGUMENT ],
+ ['--verbose' , '-v' , GetoptLong :: NO_ARGUMENT ],
+ ['--proxy' , GetoptLong :: REQUIRED_ARGUMENT ],
+ ['--proxy-auth' , GetoptLong :: REQUIRED_ARGUMENT ],
+ ['--update' , GetoptLong :: NO_ARGUMENT ],
+ ['--follow-redirection' , GetoptLong :: NO_ARGUMENT ],
+ ['--wp-content-dir' , GetoptLong :: REQUIRED_ARGUMENT ],
+ ['--wp-plugins-dir' , GetoptLong :: REQUIRED_ARGUMENT ],
+ ['--config-file' , '-c' , GetoptLong :: REQUIRED_ARGUMENT ],
+ ['--exclude-content-based' , GetoptLong :: REQUIRED_ARGUMENT ],
+ ['--basic-auth' , GetoptLong :: REQUIRED_ARGUMENT ]
+ )
+end
+
+
+
+
+
+
+
+
+
+
+ is_long_option? (option)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def self .is_long_option? (option )
+ ACCESSOR_OPTIONS .include? (:"#{WpscanOptions.clean_option(option)}" )
+end
+
+
+
+
+
+
+
+
+
+
+ option_to_instance_variable_setter (option)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def self .option_to_instance_variable_setter (option )
+ cleaned_option = WpscanOptions .clean_option (option )
+ option_syms = ACCESSOR_OPTIONS .grep (%r{^#{cleaned_option}$} )
+
+ option_syms .length == 1 ? :"#{option_syms.at(0)}=" : nil
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ basic_auth= (basic_auth)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def basic_auth= (basic_auth )
+ raise 'Invalid basic authentication format, login:password expected' if basic_auth .index (':' ).nil?
+ @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
+end
+
+
+
+
+
+
+
+
+
+
+ enumerate_all_plugins= (enumerate_all_plugins)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def enumerate_all_plugins= (enumerate_all_plugins )
+ if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true )
+ raise 'Please choose only one plugin enumeration option'
+ else
+ @enumerate_all_plugins = enumerate_all_plugins
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ enumerate_all_themes= (enumerate_all_themes)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def enumerate_all_themes= (enumerate_all_themes )
+ if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true )
+ raise 'Please choose only one theme enumeration option'
+ else
+ @enumerate_all_themes = enumerate_all_themes
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ enumerate_only_vulnerable_plugins= (enumerate_only_vulnerable_plugins)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def enumerate_only_vulnerable_plugins= (enumerate_only_vulnerable_plugins )
+ if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true )
+ raise 'Please choose only one plugin enumeration option'
+ else
+ @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ enumerate_only_vulnerable_themes= (enumerate_only_vulnerable_themes)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def enumerate_only_vulnerable_themes= (enumerate_only_vulnerable_themes )
+ if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true )
+ raise 'Please choose only one theme enumeration option'
+ else
+ @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ enumerate_options_from_string (value)
+
+ click to toggle source
+
+
+
+
+
+
+
Will set enumerate_* from the string value IE : if value = vp =>
+:enumerate_only_vulnerable_plugins will be set to true multiple enumeration
+are possible : ‘u,p’ => :enumerate_usernames and :enumerate_plugins
+Special case for usernames, a range is possible : u will enumerate usernames from 1 to 10
+
+
+
+
+
+
+def enumerate_options_from_string (value )
+
+
+ value = value .split (',' ).map { | c | c .downcase }
+
+ self .enumerate_only_vulnerable_plugins = true if value .include? ('vp' )
+
+ self .enumerate_plugins = true if value .include? ('p' )
+
+ self .enumerate_all_plugins = true if value .include? ('ap' )
+
+ @enumerate_timthumbs = true if value .include? ('tt' )
+
+ self .enumerate_only_vulnerable_themes = true if value .include? ('vt' )
+
+ self .enumerate_themes = true if value .include? ('t' )
+
+ self .enumerate_all_themes = true if value .include? ('at' )
+
+ value .grep (/^u/ ) do | username_enum_value |
+ @enumerate_usernames = true
+
+ matches = %r{\[([\d]+)-([\d]+)\]} .match (username_enum_value )
+ if matches
+ @enumerate_usernames_range = (matches [1 ].to_i .. matches [2 ].to_i )
+ end
+ end
+
+end
+
+
+
+
+
+
+
+
+
+
+ enumerate_plugins= (enumerate_plugins)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def enumerate_plugins= (enumerate_plugins )
+ if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true )
+ raise 'Please choose only one plugin enumeration option'
+ else
+ @enumerate_plugins = enumerate_plugins
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ enumerate_themes= (enumerate_themes)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def enumerate_themes= (enumerate_themes )
+ if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true )
+ raise 'Please choose only one theme enumeration option'
+ else
+ @enumerate_themes = enumerate_themes
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ has_options? ()
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def has_options?
+ ! to_h .empty?
+end
+
+
+
+
+
+
+
+
+
+
+ proxy= (proxy)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def proxy= (proxy )
+ if proxy .index (':' ) == nil
+ raise 'Invalid proxy format. Should be host:port.'
+ else
+ @proxy = proxy
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ proxy_auth= (auth)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def proxy_auth= (auth )
+ if auth .index (':' ) == nil
+ raise 'Invalid proxy auth format, username:password expected'
+ else
+ @proxy_auth = auth
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ set_option_from_cli (cli_option, cli_value)
+
+ click to toggle source
+
+
+
+
+
+
+
string cli_option : –url, -u, –proxy etc string cli_value : the option
+value
+
+
+
+
+
+
+def set_option_from_cli (cli_option , cli_value )
+
+ if WpscanOptions .is_long_option? (cli_option )
+ self .send (
+ WpscanOptions .option_to_instance_variable_setter (cli_option ),
+ cli_value
+ )
+ elsif cli_option === '--enumerate'
+
+ cli_value = 'vt,tt,u,vp' if cli_value .length == 0
+
+ enumerate_options_from_string (cli_value )
+ else
+ raise "Unknow option : #{cli_option} with value #{cli_value}"
+ end
+end
+
+
+
+
+
+
+
+
+
+
+ threads= (threads)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def threads= (threads )
+ @threads = threads .is_a? (Integer ) ? threads : threads .to_i
+end
+
+
+
+
+
+
+
+
+
+
+ to_h ()
+
+ click to toggle source
+
+
+
+
+
+
+
return Hash
+
+
+
+
+
+
+def to_h
+ options = {}
+
+ ACCESSOR_OPTIONS .each do | option |
+ instance_variable = instance_variable_get ("@#{option}" )
+
+ unless instance_variable .nil?
+ options [:"#{option}" ] = instance_variable
+ end
+ end
+ options
+end
+
+
+
+
+
+
+
+
+
+
+ url= (url)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def url= (url )
+ raise 'Empty URL given' if ! url
+
+ @url = URI .parse (add_http_protocol (url )).to_s
+end
+
+
+
+
+
+
+
+
+
+
+ wordlist= (wordlist)
+
+ click to toggle source
+
+
+
+
+
+
+
+
+
+
+
+
+
+def wordlist= (wordlist )
+ if File .exists? (wordlist )
+ @wordlist = wordlist
+ else
+ raise "The file #{wordlist} does not exist"
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/doc_rdoc/conf/browser_conf_json.html b/doc_rdoc/conf/browser_conf_json.html
new file mode 100644
index 00000000..765f3b92
--- /dev/null
+++ b/doc_rdoc/conf/browser_conf_json.html
@@ -0,0 +1,327 @@
+
+
+
+
+
+
+
browser.conf.json - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
{
+
+
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
+ Modes :
+ static : will use the defined user_agent for each request
+ semi-static : will randomly choose a user agent into available_user_agents before each scan
+ random : each request will choose a random user agent in available_user_agents
+
+"user_agent_mode": "static",
+
+/* Uncomment the "proxy" line to use the proxy
+ SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
+ If you do not specify the protocol, http will be used
+ /
+//"proxy": "127.0.0.1:3128",
+//"proxy_auth": "username:password",
+
+"cache_ttl": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
+
+"request_timeout": 2000, // 2s
+
+"max_threads": 20,
+
+// Some user_agents can be found there http://techpatterns.com/downloads/firefox/useragentswitcher.xml (thx to Gianluca Brindisi)
+"available_user_agents":
+[
+ // Windows
+ "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5",
+ "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14",
+ "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27",
+ "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1",
+ "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)",
+ "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
+ "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
+ "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1",
+ "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6",
+ "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1",
+ "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0",
+ "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1",
+ "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
+ "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
+ "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)",
+ "Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00",
+ "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5",
+
+ // MAC
+ "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13",
+ "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15",
+ "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
+ "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3",
+ "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3",
+ "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1",
+ "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10",
+
+ // Linux
+ "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1",
+ "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24",
+ "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9",
+ "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0",
+ "Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0",
+ "Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00",
+ "Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0"
+]
+
+
}
+
+
+
+
+
+
+
diff --git a/doc_rdoc/created.rid b/doc_rdoc/created.rid
new file mode 100644
index 00000000..077284c4
--- /dev/null
+++ b/doc_rdoc/created.rid
@@ -0,0 +1,115 @@
+Tue, 30 Apr 2013 23:04:59 +0200
+./cache/browser/09f0520775fb560e8a3abb502a38c2e98 Sat, 20 Apr 2013 00:35:49 +0200
+./cache/browser/0f850086150e0e9f56dea802cff5f2feb Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/1146bfec38da8af3e97f2185ae41b9ff1 Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/26c91b2384fcca14b01e96940a4067eeb Sat, 20 Apr 2013 00:35:51 +0200
+./cache/browser/2b31ffbdccdbaef3a6315f9008d16b464 Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/2dcd5ba55475eb8388f4bb7d338ee9cc2 Sat, 20 Apr 2013 00:35:49 +0200
+./cache/browser/347304d8084272523028ffe3a08e3ddff Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/3ee936c559fa4c330fc17ea0371815582 Sat, 20 Apr 2013 00:35:51 +0200
+./cache/browser/5a248b48f7307ac55bbcf7cfdc941432b Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/6167eb1a37fe3d9623181ecaab96eb09e Sat, 20 Apr 2013 00:35:46 +0200
+./cache/browser/72ef549df602ed67e1cc6536b2868b9af Sat, 20 Apr 2013 00:35:47 +0200
+./cache/browser/783e567fcf6af33e79f125b449e92c060 Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/7f14a8adafe752468fcc29e24c22cdcd2 Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/91060b991e36291fa0b6d5e918fe3d9f4 Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/964703cf98798b122f5d4689af655663b Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/97d941a6fd31abe267df81d64c83e716d Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/9f5f09f5b6d12dd5cd5ce764b551bf524 Sat, 20 Apr 2013 00:35:47 +0200
+./cache/browser/a170ec391867993d9d849a3dd5b1b42b1 Sat, 20 Apr 2013 00:35:46 +0200
+./cache/browser/a4edb3b5b18ef73b6f71ba316462a1e82 Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/aa7285a9219756d31d0c8addf72007eb2 Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/adadd70f16850eb0c8522dc03269887c9 Sat, 20 Apr 2013 00:35:53 +0200
+./cache/browser/b2b72c433f98ef3d38228449951da14bb Sat, 20 Apr 2013 00:35:52 +0200
+./cache/browser/b716ffe57fcfed5ba8966dcccf1933c56 Sat, 20 Apr 2013 00:35:53 +0200
+./cache/browser/c29d0f7e6586edafab07f69ef781212ba Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/c66f18deb4c4f4b8f9aaf16d98e61ee42 Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/c7d4f021aa5b0ebd39a59d7e09b7d1aef Sat, 20 Apr 2013 00:35:53 +0200
+./cache/browser/dbe30d0f12f38003cd47eabe80b57dfd4 Sat, 20 Apr 2013 00:35:48 +0200
+./cache/browser/de582ceb283b8c55c839ff36345bc3213 Sat, 20 Apr 2013 00:35:47 +0200
+./cache/browser/e35c3e8db2aa51ef3e70c320ce71444ce Sat, 20 Apr 2013 00:35:52 +0200
+./cache/browser/e872ae19990091fb24da44351fd218a2a Sat, 20 Apr 2013 00:35:50 +0200
+./cache/browser/efd044cf07a8430febdee6238d2020da8 Sat, 20 Apr 2013 00:35:48 +0200
+./conf/browser.conf.json Mon, 01 Apr 2013 23:09:01 +0200
+./CREDITS Mon, 01 Apr 2013 23:09:01 +0200
+./Gemfile Wed, 17 Apr 2013 21:56:58 +0200
+./Gemfile.lock Sat, 20 Apr 2013 00:33:10 +0200
+./generate_doc.sh Tue, 30 Apr 2013 23:02:36 +0200
+./lib/common/browser/actions.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/browser/options.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/browser.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/cache_file_store.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/vulnerabilities/output.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/vulnerabilities.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/wp_items/detectable.rb Sat, 20 Apr 2013 00:32:41 +0200
+./lib/common/collections/wp_items/output.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/wp_items.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/wp_plugins/detectable.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/wp_plugins.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/wp_themes/detectable.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/wp_themes.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/wp_timthumbs/detectable.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/wp_timthumbs.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/wp_users/brute_forcable.rb Wed, 17 Apr 2013 21:56:58 +0200
+./lib/common/collections/wp_users/detectable.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/collections/wp_users/output.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/collections/wp_users.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/common_helper.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/custom_option_parser.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/hacks.rb Wed, 17 Apr 2013 21:56:58 +0200
+./lib/common/models/vulnerability/output.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/models/vulnerability.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_item/existable.rb Sat, 20 Apr 2013 00:32:41 +0200
+./lib/common/models/wp_item/findable.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_item/infos.rb Sat, 20 Apr 2013 00:32:41 +0200
+./lib/common/models/wp_item/output.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_item/versionable.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/models/wp_item/vulnerable.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_item.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_plugin/vulnerable.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_plugin.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_theme/findable.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/models/wp_theme/versionable.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/models/wp_theme/vulnerable.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_theme.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_timthumb/existable.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_timthumb/output.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_timthumb/versionable.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/models/wp_timthumb.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_user/brute_forcable.rb Wed, 17 Apr 2013 21:56:58 +0200
+./lib/common/models/wp_user/existable.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/models/wp_user.rb Wed, 17 Apr 2013 21:56:58 +0200
+./lib/common/models/wp_version/findable.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/common/models/wp_version/output.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_version/vulnerable.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/models/wp_version.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/plugins/plugin.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/plugins/plugins.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/typhoeus_cache.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/updater/git_updater.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/updater/svn_updater.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/updater/updater.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/common/updater/updater_factory.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/environment.rb Wed, 17 Apr 2013 21:56:58 +0200
+./lib/wpscan/web_site.rb Sat, 20 Apr 2013 00:32:41 +0200
+./lib/wpscan/wp_target/malwares.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/wpscan/wp_target/wp_config_backup.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/wpscan/wp_target/wp_custom_directories.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/wpscan/wp_target/wp_full_path_disclosure.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/wpscan/wp_target/wp_login_protection.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/wpscan/wp_target/wp_readme.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/wpscan/wp_target/wp_registrable.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/wpscan/wp_target.rb Sat, 20 Apr 2013 00:32:41 +0200
+./lib/wpscan/wpscan_helper.rb Sun, 14 Apr 2013 10:46:08 +0200
+./lib/wpscan/wpscan_options.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/wpstools/plugins/checker/checker_plugin.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/wpstools/plugins/list_generator/generate_list.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/wpstools/plugins/list_generator/list_generator_plugin.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/wpstools/plugins/list_generator/svn_parser.rb Wed, 17 Apr 2013 21:56:58 +0200
+./lib/wpstools/plugins/stats/stats_plugin.rb Fri, 05 Apr 2013 20:07:17 +0200
+./lib/wpstools/wpstools_helper.rb Fri, 05 Apr 2013 20:07:17 +0200
+./LICENSE Fri, 05 Apr 2013 20:07:17 +0200
+./README Mon, 01 Apr 2013 23:11:37 +0200
+./README.md Mon, 01 Apr 2013 23:11:37 +0200
+./wpscan.rb Wed, 17 Apr 2013 21:56:58 +0200
+./wpstools.rb Wed, 17 Apr 2013 21:56:58 +0200
diff --git a/doc_rdoc/generate_doc_sh.html b/doc_rdoc/generate_doc_sh.html
new file mode 100644
index 00000000..470884f6
--- /dev/null
+++ b/doc_rdoc/generate_doc_sh.html
@@ -0,0 +1,267 @@
+
+
+
+
+
+
+
generate_doc.sh - RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#!/bin/bash DIR=“$( cd ”$( dirname “${BASH_SOURCE }”
+)“ && pwd )” rm -rf $DIR/doc_rdoc/ rm -rf $DIR/doc_yard/ rdoc
+–root=“$DIR” -x $DIR/cache/ -x spec/ -x data/ -x coverage/ -x doc_rdoc/ -x
+log.txt -o $DIR/doc_rdoc yard doc –protected –private -o $DIR/doc_yard/
+–exclude “/(doc_.+?|cache|spec|data|coverage)/” –exclude “log.txt”
+
+
+
+
+
+
+
diff --git a/doc_rdoc/images/add.png b/doc_rdoc/images/add.png
new file mode 100755
index 00000000..6332fefe
Binary files /dev/null and b/doc_rdoc/images/add.png differ
diff --git a/doc_rdoc/images/arrow_up.png b/doc_rdoc/images/arrow_up.png
new file mode 100755
index 00000000..1ebb1932
Binary files /dev/null and b/doc_rdoc/images/arrow_up.png differ
diff --git a/doc/images/brick.png b/doc_rdoc/images/brick.png
similarity index 100%
rename from doc/images/brick.png
rename to doc_rdoc/images/brick.png
diff --git a/doc/images/brick_link.png b/doc_rdoc/images/brick_link.png
similarity index 100%
rename from doc/images/brick_link.png
rename to doc_rdoc/images/brick_link.png
diff --git a/doc/images/bug.png b/doc_rdoc/images/bug.png
similarity index 100%
rename from doc/images/bug.png
rename to doc_rdoc/images/bug.png
diff --git a/doc/images/bullet_black.png b/doc_rdoc/images/bullet_black.png
similarity index 100%
rename from doc/images/bullet_black.png
rename to doc_rdoc/images/bullet_black.png
diff --git a/doc/images/bullet_toggle_minus.png b/doc_rdoc/images/bullet_toggle_minus.png
similarity index 100%
rename from doc/images/bullet_toggle_minus.png
rename to doc_rdoc/images/bullet_toggle_minus.png
diff --git a/doc/images/bullet_toggle_plus.png b/doc_rdoc/images/bullet_toggle_plus.png
similarity index 100%
rename from doc/images/bullet_toggle_plus.png
rename to doc_rdoc/images/bullet_toggle_plus.png
diff --git a/doc/images/date.png b/doc_rdoc/images/date.png
similarity index 100%
rename from doc/images/date.png
rename to doc_rdoc/images/date.png
diff --git a/doc_rdoc/images/delete.png b/doc_rdoc/images/delete.png
new file mode 100755
index 00000000..08f24936
Binary files /dev/null and b/doc_rdoc/images/delete.png differ
diff --git a/doc/images/find.png b/doc_rdoc/images/find.png
similarity index 100%
rename from doc/images/find.png
rename to doc_rdoc/images/find.png
diff --git a/doc/images/loadingAnimation.gif b/doc_rdoc/images/loadingAnimation.gif
similarity index 100%
rename from doc/images/loadingAnimation.gif
rename to doc_rdoc/images/loadingAnimation.gif
diff --git a/doc/images/macFFBgHack.png b/doc_rdoc/images/macFFBgHack.png
similarity index 100%
rename from doc/images/macFFBgHack.png
rename to doc_rdoc/images/macFFBgHack.png
diff --git a/doc/images/package.png b/doc_rdoc/images/package.png
similarity index 100%
rename from doc/images/package.png
rename to doc_rdoc/images/package.png
diff --git a/doc/images/page_green.png b/doc_rdoc/images/page_green.png
similarity index 100%
rename from doc/images/page_green.png
rename to doc_rdoc/images/page_green.png
diff --git a/doc/images/page_white_text.png b/doc_rdoc/images/page_white_text.png
similarity index 100%
rename from doc/images/page_white_text.png
rename to doc_rdoc/images/page_white_text.png
diff --git a/doc/images/page_white_width.png b/doc_rdoc/images/page_white_width.png
similarity index 100%
rename from doc/images/page_white_width.png
rename to doc_rdoc/images/page_white_width.png
diff --git a/doc/images/plugin.png b/doc_rdoc/images/plugin.png
similarity index 100%
rename from doc/images/plugin.png
rename to doc_rdoc/images/plugin.png
diff --git a/doc/images/ruby.png b/doc_rdoc/images/ruby.png
similarity index 100%
rename from doc/images/ruby.png
rename to doc_rdoc/images/ruby.png
diff --git a/doc_rdoc/images/tag_blue.png b/doc_rdoc/images/tag_blue.png
new file mode 100755
index 00000000..3f02b5f8
Binary files /dev/null and b/doc_rdoc/images/tag_blue.png differ
diff --git a/doc/images/tag_green.png b/doc_rdoc/images/tag_green.png
similarity index 100%
rename from doc/images/tag_green.png
rename to doc_rdoc/images/tag_green.png
diff --git a/doc_rdoc/images/transparent.png b/doc_rdoc/images/transparent.png
new file mode 100644
index 00000000..d665e179
Binary files /dev/null and b/doc_rdoc/images/transparent.png differ
diff --git a/doc/images/wrench.png b/doc_rdoc/images/wrench.png
similarity index 100%
rename from doc/images/wrench.png
rename to doc_rdoc/images/wrench.png
diff --git a/doc/images/wrench_orange.png b/doc_rdoc/images/wrench_orange.png
similarity index 100%
rename from doc/images/wrench_orange.png
rename to doc_rdoc/images/wrench_orange.png
diff --git a/doc/images/zoom.png b/doc_rdoc/images/zoom.png
similarity index 100%
rename from doc/images/zoom.png
rename to doc_rdoc/images/zoom.png
diff --git a/doc_rdoc/index.html b/doc_rdoc/index.html
new file mode 100644
index 00000000..513aebc4
--- /dev/null
+++ b/doc_rdoc/index.html
@@ -0,0 +1,258 @@
+
+
+
+
+
+
+
RDoc Documentation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
This is the API documentation for RDoc Documentation.
+
+
+
+
+
diff --git a/doc_rdoc/js/darkfish.js b/doc_rdoc/js/darkfish.js
new file mode 100644
index 00000000..f26fd45d
--- /dev/null
+++ b/doc_rdoc/js/darkfish.js
@@ -0,0 +1,155 @@
+/**
+ *
+ * Darkfish Page Functions
+ * $Id: darkfish.js 53 2009-01-07 02:52:03Z deveiant $
+ *
+ * Author: Michael Granger
+ *
+ */
+
+/* Provide console simulation for firebug-less environments */
+if (!("console" in window) || !("firebug" in console)) {
+ var names = ["log", "debug", "info", "warn", "error", "assert", "dir", "dirxml",
+ "group", "groupEnd", "time", "timeEnd", "count", "trace", "profile", "profileEnd"];
+
+ window.console = {};
+ for (var i = 0; i < names.length; ++i)
+ window.console[names[i]] = function() {};
+};
+
+
+/**
+ * Unwrap the first element that matches the given @expr@ from the targets and return them.
+ */
+$.fn.unwrap = function( expr ) {
+ return this.each( function() {
+ $(this).parents( expr ).eq( 0 ).after( this ).remove();
+ });
+};
+
+
+function showSource( e ) {
+ var target = e.target;
+ var codeSections = $(target).
+ parents('.method-detail').
+ find('.method-source-code');
+
+ $(target).
+ parents('.method-detail').
+ find('.method-source-code').
+ slideToggle();
+};
+
+function hookSourceViews() {
+ $('.method-heading').click( showSource );
+};
+
+function toggleDebuggingSection() {
+ $('.debugging-section').slideToggle();
+};
+
+function hookDebuggingToggle() {
+ $('#debugging-toggle img').click( toggleDebuggingSection );
+};
+
+function hookTableOfContentsToggle() {
+ $('.indexpage li .toc-toggle').each( function() {
+ $(this).click( function() {
+ $(this).toggleClass('open');
+ });
+
+ var section = $(this).next();
+
+ $(this).click( function() {
+ section.slideToggle();
+ });
+ });
+}
+
+function hookSearch() {
+ var input = $('#search-field').eq(0);
+ var result = $('#search-results').eq(0);
+ $(result).show();
+
+ var search_section = $('#search-section').get(0);
+ $(search_section).show();
+
+ var search = new Search(search_data, input, result);
+
+ search.renderItem = function(result) {
+ var li = document.createElement('li');
+ var html = '';
+
+ // TODO add relative path to
+
+
+
+
+
+
+
+
+
+
+Table of Contents - RDoc Documentation
+
+Pages
+
+
+Classes/Modules
+
+
+Methods
+
+
+
+
+
diff --git a/doc_yard/Array.html b/doc_yard/Array.html
new file mode 100644
index 00000000..db60a943
--- /dev/null
+++ b/doc_yard/Array.html
@@ -0,0 +1,209 @@
+
+
+
+
+ Class: Array
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Array
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/hacks.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) _grep_ (regexp)
+
+
+
+ Also known as:
+ grep
+
+
+
+
+
+
+
+
+
+20
+21
+22
+23
+24
+25
+26
+27
+
+
+ # File 'lib/common/hacks.rb', line 20
+
+def _grep_ ( regexp )
+ matches = [ ]
+ self . each do | value |
+ value = value . to_s
+ matches << value if value . match ( regexp )
+ end
+ matches
+end
+
+
+
+
+
+
+
+ Class: Browser
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Browser
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ show all
+
+
+
+
+
+
+ Extended by:
+ Actions Includes:
+ Options Defined in:
+ lib/common/browser.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Actions Options
+
+
Constant Summary
+
+
+
+ OPTIONS =
+
+
+ [
+ :available_user_agents ,
+ :basic_auth ,
+ :cache_ttl ,
+ :max_threads ,
+ :user_agent ,
+ :user_agent_mode ,
+ :proxy ,
+ :proxy_auth
+] @@instance =
+
+
+ nil
+
+
+
+
+
+
+
Constants included
+ from Options
+
Options::USER_AGENT_MODES
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) cache_dir
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute cache_dir.
+
+
+
+
+
+
+ - (Object) config_file
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute config_file.
+
+
+
+
+
+
+ - (Object) hydra
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute hydra.
+
+
+
+
+
+
+
+
+
+
Attributes included from Options
+
#available_user_agents #basic_auth #cache_ttl #proxy #proxy_auth #user_agent #user_agent_mode
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods included from Actions
+
get get_and_follow_location post process
+
+
+
+
+
+
+
+
+
+
Methods included from Options
+
#invalid_proxy_auth_format #max_threads #max_threads= #override_config
+
+
Constructor Details
+
+
+
+
+ - (Browser initialize (options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+
+
+ # File 'lib/common/browser.rb', line 29
+
+def initialize ( options = { } )
+ @config_file = options [ :config_file ] || CONF_DIR + ' /browser.conf.json ' @cache_dir = options [ :cache_dir ] || CACHE_DIR + ' /browser ' load_config ( )
+ override_config ( options )
+
+ unless @hydra
+ @hydra = Typhoeus :: Hydra . new ( max_concurrency: self . max_threads )
+ end
+
+ @cache = TyphoeusCache . new ( @cache_dir )
+ @cache . clean
+
+ Typhoeus :: Config . cache = @cache
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) cache_dir
+
+
+
+
+
+
+
+
+
Returns the value of attribute cache_dir
+
+
+
+
+
+
+
+
+
+
+
+
+
+24
+25
+26
+
+
+ # File 'lib/common/browser.rb', line 24
+
+def cache_dir
+ @cache_dir
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) config_file
+
+
+
+
+
+
+
+
+
Returns the value of attribute config_file
+
+
+
+
+
+
+
+
+
+
+
+
+
+24
+25
+26
+
+
+ # File 'lib/common/browser.rb', line 24
+
+def config_file
+ @config_file
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) hydra
+
+
+
+
+
+
+
+
+
Returns the value of attribute hydra
+
+
+
+
+
+
+
+
+
+
+
+
+
+24
+25
+26
+
+
+ # File 'lib/common/browser.rb', line 24
+
+def hydra
+ @hydra
+end
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+
+
+
+
+
+143
+144
+145
+146
+147
+148
+149
+150
+
+
+ # File 'lib/common/browser.rb', line 143
+
+def self . ( params = { } , field , field_value )
+ if ! params . has_key? ( :headers )
+ params = params . merge ( :headers => { field => field_value } )
+ elsif ! params [ :headers ] . has_key? ( field )
+ params [ :headers ] [ field ] = field_value
+ end
+ params
+end
+
+
+
+
+
+
+
+ + (Browser instance (options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+51
+52
+53
+54
+55
+56
+
+
+ # File 'lib/common/browser.rb', line 51
+
+def self . instance ( options = { } )
+ unless @@instance
+ @@instance = new ( options )
+ end
+ @@instance
+end
+
+
+
+
+
+
+
+ + (Object ) reset
+
+
+
+
+
+
+
+
+
+
+
+58
+59
+60
+
+
+ # File 'lib/common/browser.rb', line 58
+
+def self . reset
+ @@instance = nil
+end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Typhoeus::Request forge_request (url, params = {})
+
+
+
+
+
+
+
+
+
+
+
+
+91
+92
+93
+
+
+ # File 'lib/common/browser.rb', line 91
+
+def forge_request ( url , params = { } )
+ Typhoeus :: Request . new ( url , merge_request_params ( params ) )
+end
+
+
+
+
+
+
+
+ - (void ) load_config (config_file = nil)
+
+
+
+
+
+
+
+
This method returns an undefined value.
+
If an option was set but is not in the new config_file it's value is kept
+
+
+
+
+
+
+
+
+
+
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+
+
+ # File 'lib/common/browser.rb', line 69
+
+def load_config ( config_file = nil )
+ @config_file = config_file || @config_file
+
+ if File . symlink? ( @config_file )
+ raise " [ERROR] Config file is a symlink. " else
+ data = JSON . parse ( File . read ( @config_file ) )
+ end
+
+ OPTIONS . each do | option |
+ option_name = option . to_s
+
+ unless data [ option_name ] . nil?
+ self . send ( :#{ option_name } = " , data [ option_name ] )
+ end
+ end
+end
+
+
+
+
+
+
+
+ - (Hash ) merge_request_params (params = {})
+
+
+
+
+
+
+
+
+
+
+
+
+98
+99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+
+
+ # File 'lib/common/browser.rb', line 98
+
+def merge_request_params ( params = { } )
+ params = Browser . (
+ params ,
+ ' User-Agent ' ,
+ self . user_agent
+ )
+
+ if @proxy
+ params = params . merge ( proxy: @proxy )
+
+ if @proxy_auth
+ params = params . merge ( proxyauth: @proxy_auth )
+ end
+ end
+
+ if @basic_auth
+ params = Browser . (
+ params ,
+ ' Authorization ' ,
+ @basic_auth
+ )
+ end
+
+ unless params . has_key? ( :cache_ttl )
+ params = params . merge ( cache_ttl: @cache_ttl )
+ end
+
+ params . merge! ( ssl_verifypeer: false )
+ params . merge! ( ssl_verifyhost: 0 )
+
+ params . merge! ( cookiejar: @cache_dir + ' /cookie-jar ' )
+ params . merge! ( cookiefile: @cache_dir + ' /cookie-jar ' )
+
+ params
+end
+
+
+
+
+
+
+
+ Module: Browser::Actions
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: Browser::Actions
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ Browser Defined in:
+ lib/common/browser/actions.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Typhoeus::Response get (url, params = {})
+
+
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+
+
+ # File 'lib/common/browser/actions.rb', line 10
+
+def get ( url , params = { } )
+ process ( url , params . merge ( method: :get ) )
+end
+
+
+
+
+
+
+
+ - (Typhoeus::Response get_and_follow_location (url, params = {})
+
+
+
+
+
+
+
+
+
+
+
+
+26
+27
+28
+29
+30
+
+
+ # File 'lib/common/browser/actions.rb', line 26
+
+def get_and_follow_location ( url , params = { } )
+ params [ :maxredirs ] ||= 2
+
+ get ( url , params . merge ( followlocation: true ) )
+end
+
+
+
+
+
+
+
+ - (Typhoeus::Response post (url, params = {})
+
+
+
+
+
+
+
+
+
+
+
+
+18
+19
+20
+
+
+ # File 'lib/common/browser/actions.rb', line 18
+
+def post ( url , params = { } )
+ process ( url , params . merge ( method: :post ) )
+end
+
+
+
+
+
+
+
+ - (Typhoeus::Response process (url, params)
+
+
+
+
+
+
+
+
+
+
+
+
+38
+39
+40
+
+
+ # File 'lib/common/browser/actions.rb', line 38
+
+def process ( url , params )
+ Typhoeus :: Request . new ( url , Browser . instance . merge_request_params ( params ) ) . run
+end
+
+
+
+
+
+
+
+ Module: Browser::Options
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: Browser::Options
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ Browser Defined in:
+ lib/common/browser/options.rb
+
+
+
+
+
+
Constant Summary
+
+
+
+ USER_AGENT_MODES =
+
+
+ %w{ static semi-static random }
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) available_user_agents
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute available_user_agents.
+
+
+
+
+
+
+ - (Object) basic_auth
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute basic_auth.
+
+
+
+
+
+
+ - (Object) cache_ttl
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute cache_ttl.
+
+
+
+
+
+
+ - (Object) proxy
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute proxy.
+
+
+
+
+
+
+ - (Object) proxy_auth
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute proxy_auth.
+
+
+
+
+
+
+ - (String) user_agent
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
The user agent, according to the user_agent_mode.
+
+
+
+
+
+
+ - (Object) user_agent_mode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute user_agent_mode.
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) available_user_agents
+
+
+
+
+
+
+
+
+
Returns the value of attribute available_user_agents
+
+
+
+
+
+
+
+
+
+
+
+
+
+8
+9
+10
+
+
+ # File 'lib/common/browser/options.rb', line 8
+
+def available_user_agents
+ @available_user_agents
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) basic_auth
+
+
+
+
+
+
+
+
+
Returns the value of attribute basic_auth
+
+
+
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+
+
+ # File 'lib/common/browser/options.rb', line 9
+
+def basic_auth
+ @basic_auth
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) cache_ttl
+
+
+
+
+
+
+
+
+
Returns the value of attribute cache_ttl
+
+
+
+
+
+
+
+
+
+
+
+
+
+8
+9
+10
+
+
+ # File 'lib/common/browser/options.rb', line 8
+
+def cache_ttl
+ @cache_ttl
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) proxy
+
+
+
+
+
+
+
+
+
Returns the value of attribute proxy
+
+
+
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+
+
+ # File 'lib/common/browser/options.rb', line 9
+
+def proxy
+ @proxy
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) proxy_auth
+
+
+
+
+
+
+
+
+
Returns the value of attribute proxy_auth
+
+
+
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+
+
+ # File 'lib/common/browser/options.rb', line 9
+
+def proxy_auth
+ @proxy_auth
+end
+
+
+
+
+
+
+
+
+
+ - (String ) user_agent
+
+
+
+
+
+
+
+
+
The user agent, according to the user_agent_mode
+
+
+
+
+
+
+
+
+
+
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+
+
+ # File 'lib/common/browser/options.rb', line 68
+
+def user_agent
+ case @user_agent_mode
+ when ' semi-static ' unless @user_agent
+ @user_agent = @available_user_agents . sample
+ end
+ when ' random ' @user_agent = @available_user_agents . sample
+ end
+ @user_agent
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) user_agent_mode
+
+
+
+
+
+
+
+
+
Returns the value of attribute user_agent_mode
+
+
+
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+
+
+ # File 'lib/common/browser/options.rb', line 9
+
+def user_agent_mode
+ @user_agent_mode
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+
+
+
+
+120
+121
+122
+
+
+ # File 'lib/common/browser/options.rb', line 120
+
+def invalid_proxy_auth_format
+ ' Invalid proxy auth format, expected username:password or {proxy_username: username, proxy_password: password} ' end
+
+
+
+
+
+
+
+ - (Integer ) max_threads
+
+
+
+
+
+
+
+
+
+
+
+
+31
+32
+33
+
+
+ # File 'lib/common/browser/options.rb', line 31
+
+def max_threads
+ @max_threads || 1
+end
+
+
+
+
+
+
+
+ - (Object ) max_threads= (threads)
+
+
+
+
+
+
+
+
+
+
+
+35
+36
+37
+38
+39
+40
+41
+42
+
+
+ # File 'lib/common/browser/options.rb', line 35
+
+def max_threads= ( threads )
+ if threads . is_a? ( Integer ) && threads > 0
+ @max_threads = threads
+ @hydra = Typhoeus :: Hydra . new ( max_concurrency: threads )
+ else
+ raise ' max_threads must be an Integer > 0 ' end
+end
+
+
+
+
+
+
+
+ - (void ) override_config (options = {})
+
+
+
+
+
+
+
+
This method returns an undefined value.
+
Override with the options if they are set
+
+
+
+
+
+
+
+
+
+
+128
+129
+130
+131
+132
+133
+134
+
+
+ # File 'lib/common/browser/options.rb', line 128
+
+def override_config ( options = { } )
+ options . each do | option , value |
+ if value != nil and OPTIONS . include? ( option )
+ self . send ( :#{ option } = " , value )
+ end
+ end
+end
+
+
+
+
+
+
+
+ Class: CacheFileStore
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: CacheFileStore
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ CacheFileStore
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/cache_file_store.rb
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) serializer
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute serializer.
+
+
+
+
+
+
+ - (Object) storage_path
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute storage_path.
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
Constructor Details
+
+
+
+
+ - (CacheFileStore initialize (storage_path, serializer = Marshal)
+
+
+
+
+
+
+
+
+
The serializer must have the 2 methods .load and .dump
+
+
( Marshal and YAML have them )
+
+
YAML is Human Readable, contrary to Marshal which store in a binary format
+Marshal does not need any "require"
+
+
+
+
+
+
+
+
+
+
+
+
+
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+
+
+ # File 'lib/common/cache_file_store.rb', line 20
+
+def initialize ( storage_path , serializer = Marshal )
+ @storage_path = File . expand_path ( storage_path )
+ @serializer = serializer
+
+ unless File . directory? ( @storage_path )
+ Dir . mkdir ( @storage_path )
+ end
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) serializer
+
+
+
+
+
+
+
+
+
Returns the value of attribute serializer
+
+
+
+
+
+
+
+
+
+
+
+
+
+14
+15
+16
+
+
+ # File 'lib/common/cache_file_store.rb', line 14
+
+def serializer
+ @serializer
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) storage_path
+
+
+
+
+
+
+
+
+
Returns the value of attribute storage_path
+
+
+
+
+
+
+
+
+
+
+
+
+
+14
+15
+16
+
+
+ # File 'lib/common/cache_file_store.rb', line 14
+
+def storage_path
+ @storage_path
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) clean
+
+
+
+
+
+
+
+
+
+
+
+31
+32
+33
+34
+35
+
+
+ # File 'lib/common/cache_file_store.rb', line 31
+
+def clean
+ Dir [ File . join ( @storage_path , ' * ' ) ] . each do | f |
+ File . delete ( f ) unless File . symlink? ( f )
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) get_entry_file_path (key)
+
+
+
+
+
+
+
+
+
+
+
+53
+54
+55
+
+
+ # File 'lib/common/cache_file_store.rb', line 53
+
+def get_entry_file_path ( key )
+ File :: join ( @storage_path , key )
+end
+
+
+
+
+
+
+
+ - (Object ) read_entry (key)
+
+
+
+
+
+
+
+
+
+
+
+37
+38
+39
+40
+41
+42
+43
+
+
+ # File 'lib/common/cache_file_store.rb', line 37
+
+def read_entry ( key )
+ entry_file_path = get_entry_file_path ( key )
+
+ if File . exists? ( entry_file_path )
+ return @serializer . load ( File . read ( entry_file_path ) )
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) write_entry (key, data_to_store, cache_ttl)
+
+
+
+
+
+
+
+
+
+
+
+45
+46
+47
+48
+49
+50
+51
+
+
+ # File 'lib/common/cache_file_store.rb', line 45
+
+def write_entry ( key , data_to_store , cache_ttl )
+ if cache_ttl > 0
+ File . open ( get_entry_file_path ( key ) , ' w ' ) do | f |
+ f . write ( @serializer . dump ( data_to_store ) )
+ end
+ end
+end
+
+
+
+
+
+
+
+ Class: CheckerPlugin
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: CheckerPlugin
+
+
+
+
+
+
+
+ Inherits:
+
+ Plugin
+ Object
+
+ Plugin CheckerPlugin
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/wpstools/plugins/checker/checker_plugin.rb
+
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
Attributes inherited from Plugin
+
#author #registered_options
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods inherited from Plugin
+
#register_options
+
+
Constructor Details
+
+
+
+
+ - (CheckerPlugin initialize
+
+
+
+
+
+
+
+
+
A new instance of CheckerPlugin
+
+
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+8
+9
+10
+11
+12
+
+
+ # File 'lib/wpstools/plugins/checker/checker_plugin.rb', line 5
+
+def initialize
+ super ( author: ' WPScanTeam - @erwanlr ' )
+
+ register_options (
+ [ ' --check-vuln-ref-urls ' , ' --cvru ' , ' Check all the vulnerabilities reference urls for 404 ' ] ,
+ [ ' --check-local-vulnerable-files LOCAL_DIRECTORY ' , ' --clvf ' , ' Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells ' ]
+ )
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) check_local_vulnerable_files (dir_to_scan)
+
+
+
+
+
+
+
+
+
+
+
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+
+
+ # File 'lib/wpstools/plugins/checker/checker_plugin.rb', line 75
+
+def check_local_vulnerable_files ( dir_to_scan )
+ if Dir :: exist? ( dir_to_scan )
+ xml_file = LOCAL_FILES_FILE
+ local_hashes = { }
+ file_extension_to_scan = ' *.{js,php,swf,html,htm} ' print ' [+] Generating local hashes ... ' Dir [ File :: join ( dir_to_scan , ' ** ' , file_extension_to_scan ) ] . each do | filename |
+ sha1sum = Digest :: SHA1 . file ( filename ) . hexdigest
+
+ if local_hashes . has_key? ( sha1sum )
+ local_hashes [ sha1sum ] << filename
+ else
+ local_hashes [ sha1sum ] = [ filename ]
+ end
+ end
+
+ puts ' done. ' puts ' [+] Checking for vulnerable files ... ' xml = xml ( xml_file )
+
+ xml . xpath ( ' //hash ' ) . each do | node |
+ sha1sum = node . attribute ( ' sha1 ' ) . text
+
+ if local_hashes . has_key? ( sha1sum )
+ local_filenames = local_hashes [ sha1sum ]
+ vuln_title = node . search ( ' title ' ) . text
+ vuln_filename = node . search ( ' file ' ) . text
+ vuln_refrence = node . search ( ' reference ' ) . text
+
+ puts " #{ vuln_filename } found : " puts ' | Location(s): ' local_filenames . each do | file |
+ puts " | - #{ file } " end
+ puts ' | ' puts " | Title: #{ vuln_title } " puts " | Refrence: #{ vuln_refrence } " if ! vuln_refrence . empty?
+ puts
+ end
+ end
+
+ puts ' done. ' else
+ puts " The supplied directory ' #{ dir_to_scan } ' does not exist " end
+end
+
+
+
+
+
+
+
+ - (Object ) check_vuln_ref_urls
+
+
+
+
+
+
+
+
+
+
+
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+
+
+ # File 'lib/wpstools/plugins/checker/checker_plugin.rb', line 24
+
+def check_vuln_ref_urls
+ vuln_ref_files = [ PLUGINS_VULNS_FILE , THEMES_VULNS_FILE , WP_VULNS_FILE ]
+ error_codes = [ 404 , 500 , 403 ]
+ not_found_regexp = %r{ No Results Found|error 404|ID Invalid or Not Found }i puts ' [+] Checking vulnerabilities reference urls ' vuln_ref_files . each do | vuln_ref_file |
+ xml = xml ( vuln_ref_file )
+
+ urls = [ ]
+ xml . xpath ( ' //reference ' ) . each { | node | urls << node . text }
+
+ urls . uniq!
+
+ dead_urls = [ ]
+ queue_count = 0
+ request_count = 0
+ browser = Browser . instance
+ hydra = browser . hydra
+ number_of_urls = urls . size
+
+ urls . each do | url |
+ request = browser . forge_request ( url , { cache_ttl: 0 , followlocation: true } )
+ request_count += 1
+
+ request . on_complete do | response |
+ print " \r [+] Checking #{ vuln_ref_file } #{ number_of_urls } total ... #{ ( request_count * 100 ) / number_of_urls } % complete. " if error_codes . include? ( response . code ) or not_found_regexp . match ( response . body )
+ dead_urls << url
+ end
+ end
+
+ hydra . queue ( request )
+ queue_count += 1
+
+ if queue_count == browser . max_threads
+ hydra . run
+ queue_count = 0
+ end
+ end
+
+ hydra . run
+ puts
+ unless dead_urls . empty?
+ dead_urls . each { | url | puts " Not Found #{ url } " }
+ end
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) run (options = {})
+
+
+
+
+
+
+
+
+
+
+
+14
+15
+16
+17
+18
+19
+20
+21
+22
+
+
+ # File 'lib/wpstools/plugins/checker/checker_plugin.rb', line 14
+
+def run ( options = { } )
+ if options [ :check_vuln_ref_urls ]
+ check_vuln_ref_urls
+ end
+
+ if options [ :check_local_vulnerable_files ]
+ check_local_vulnerable_files ( options [ :check_local_vulnerable_files ] )
+ end
+end
+
+
+
+
+
+
+
+ Class: CustomOptionParser
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: CustomOptionParser
+
+
+
+
+
+
+
+ Inherits:
+
+ OptionParser
+
+
+ Object
+
+ OptionParser
+
+ CustomOptionParser
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/custom_option_parser.rb
+
+
+
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) symbols_used
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute symbols_used.
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
Constructor Details
+
+
+
+
+ - (CustomOptionParser initialize (banner = nil, width = 32, indent = ' ' * 4)
+
+
+
+
+
+
+
+
+
A new instance of CustomOptionParser
+
+
+
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+10
+11
+
+
+ # File 'lib/common/custom_option_parser.rb', line 7
+
+def initialize ( banner = nil , width = 32 , indent = ' ' * 4 )
+ @results = { }
+ @symbols_used = [ ]
+ super ( banner , width , indent )
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) symbols_used
+
+
+
+
+
+
+
+
+
Returns the value of attribute symbols_used
+
+
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+
+
+ # File 'lib/common/custom_option_parser.rb', line 5
+
+def symbols_used
+ @symbols_used
+end
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (Object ) option_to_symbol (option)
+
+
+
+
+
+
+
+
+
param Array option
+
+
+
+
+
+
+
+
+
+
+
+
+
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+
+
+ # File 'lib/common/custom_option_parser.rb', line 57
+
+def self . option_to_symbol ( option )
+ option_name = nil
+
+ option . each do | option_attr |
+ if option_attr =~ / ^-- / option_name = option_attr
+ break
+ end
+ end
+
+ if option_name
+ option_name = option_name . gsub ( / ^-- / , ' ' ) . gsub ( / - / , ' _ ' ) . gsub ( / .*$ / , ' ' )
+ :#{ option_name } "
+ else
+ raise " Could not find the option name for #{ option } " end
+end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) add (options)
+
+
+
+
+
+
+
+
+
param Array(Array) or Array options
+
+
+
+
+
+
+
+
+
+
+
+
+
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+
+
+ # File 'lib/common/custom_option_parser.rb', line 15
+
+def add ( options )
+ if options . is_a? ( Array )
+ if options [ 0 ] . is_a? ( Array )
+ options . each do | option |
+ add_option ( option )
+ end
+ else
+ add_option ( options )
+ end
+ else
+ raise " Options must be at least an Array, or an Array(Array). #{ options . class } supplied " end
+end
+
+
+
+
+
+
+
+ - (Object ) add_option (option)
+
+
+
+
+
+
+
+
+
param Array option
+
+
+
+
+
+
+
+
+
+
+
+
+
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+
+
+ # File 'lib/common/custom_option_parser.rb', line 30
+
+def add_option ( option )
+ if option . is_a? ( Array )
+ option_symbol = CustomOptionParser :: option_to_symbol ( option )
+
+ if ! @symbols_used . include? ( option_symbol )
+ @symbols_used << option_symbol
+
+ self . on ( * option ) do | arg |
+ @results [ option_symbol ] = arg
+ end
+ else
+ raise " The option #{ option_symbol } is already used ! " end
+ else
+ raise " The option must be an array, #{ option . class } supplied : ' #{ option } ' " end
+end
+
+
+
+
+
+
+
+ - (Object ) results (argv = default_argv)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+49
+50
+51
+52
+53
+
+
+ # File 'lib/common/custom_option_parser.rb', line 49
+
+def results ( argv = default_argv )
+ self . parse! ( argv ) if @results . empty?
+
+ @results
+end
+
+
+
+
+
+
+
+ Module: Ethon
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: Ethon
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/hacks.rb
+
+
+
+
+
Defined Under Namespace
+
+
+
+
+
+ Classes: Easy
+
+
+
+
+
+
+
+
+
+
+ Class: Ethon::Easy
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Ethon::Easy
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ Ethon::Easy
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/hacks.rb
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Options
+
+
+
+
+
+
+
+
+
+
+ Module: Ethon::Easy::Options
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: Ethon::Easy::Options
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/hacks.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) cookiefile= (value)
+
+
+
+
+
+
+
+
+
+
+
+57
+58
+59
+
+
+ # File 'lib/common/hacks.rb', line 57
+
+def cookiefile= ( value )
+ Curl . set_option ( :cookiefile , value_for ( value , :string ) , handle )
+end
+
+
+
+
+
+
+
+ - (Object ) cookiejar= (value)
+
+
+
+
+
+
+
+
+
+
+
+53
+54
+55
+
+
+ # File 'lib/common/hacks.rb', line 53
+
+def cookiejar= ( value )
+ Curl . set_option ( :cookiejar , value_for ( value , :string ) , handle )
+end
+
+
+
+
+
+
+
+ Class: File
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: File
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/hacks.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (String ) charset (file_path)
+
+
+
+
+
+
+
+
+
The charset of the file
+
+
+
+
+
+
+
+
+
+
+78
+79
+80
+
+
+ # File 'lib/common/hacks.rb', line 78
+
+def self . charset ( file_path )
+ %x{ file --mime #{ file_path } } [ %r{ charset=([^\n]+)\n } , 1 ]
+end
+
+
+
+
+
+
+
+ Class: GenerateList
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: GenerateList
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ GenerateList
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/wpstools/plugins/list_generator/generate_list.rb
+
+
+
+
+
Overview
+
+
+
This tool generates a list to use for plugin and theme enumeration
+
+
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) verbose
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute verbose.
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
Constructor Details
+
+
+
+
+ - (GenerateList initialize (type, verbose)
+
+
+
+
+
+
+
+
+
type = themes | plugins
+
+
+
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+
+
+ # File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 9
+
+def initialize ( type , verbose )
+ if type =~ / plugins /i @type = ' plugin ' @svn_url = ' http://plugins.svn.wordpress.org/ ' @popular_url = ' http://wordpress.org/extend/plugins/browse/popular/ ' @popular_regex = %r{ <h3><a href="http://wordpress.org/extend/plugins/(.+)/">.+</a></h3> }i elsif type =~ / themes /i @type = ' theme ' @svn_url = ' http://themes.svn.wordpress.org/ ' @popular_url = ' http://wordpress.org/extend/themes/browse/popular/ ' @popular_regex = %r{ <h3><a href="http://wordpress.org/extend/themes/(.+)">.+</a></h3> }i else
+ raise " Type #{ type } not defined " end
+ @verbose = verbose
+ @browser = Browser . instance
+ @hydra = @browser . hydra
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) verbose
+
+
+
+
+
+
+
+
+
Returns the value of attribute verbose
+
+
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+
+
+ # File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 6
+
+def verbose
+ @verbose
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) generate_full_list
+
+
+
+
+
+
+
+
+
+
+
+53
+54
+55
+56
+57
+
+
+ # File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 53
+
+def generate_full_list
+ set_file_name ( :full )
+ items = SvnParser . new ( @svn_url ) . parse
+ save items
+end
+
+
+
+
+
+
+
+ - (Object ) generate_popular_list (pages)
+
+
+
+
+
+
+
+
+
+
+
+59
+60
+61
+62
+63
+
+
+ # File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 59
+
+def generate_popular_list ( pages )
+ set_file_name ( :popular )
+ items = get_popular_items ( pages )
+ save items
+end
+
+
+
+
+
+
+
+ - (Object ) get_popular_items (pages)
+
+
+
+
+
+
+
+
+
Send a HTTP request to the WordPress most popular theme or plugin webpage
+parse the response for the names.
+
+
+
+
+
+
+
+
+
+
+
+
+
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+100
+101
+
+
+ # File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 67
+
+def get_popular_items ( pages )
+ found_items = [ ]
+ page_count = 1
+ queue_count = 0
+
+ ( 1 ... ( pages . to_i + 1 ) ) . each do | page |
+ url = ( page == 1 ) ? @popular_url : @popular_url + ' page/ ' + page . to_s + ' / ' request = @browser . forge_request ( url )
+
+ queue_count += 1
+
+ request . on_complete do | response |
+ puts " [+] Parsing page #{ page_count } " if @verbose
+ page_count += 1
+ response . body . scan ( @popular_regex ) . each do | item |
+ puts " [+] Found popular # @type : #{ item } " if @verbose
+ found_items << item [ 0 ]
+ end
+ end
+
+ @hydra . queue ( request )
+
+ if queue_count == @browser . max_threads
+ @hydra . run
+ queue_count = 0
+ end
+
+ end
+
+ @hydra . run
+
+ found_items . sort!
+ found_items . uniq
+end
+
+
+
+
+
+
+
+ - (Object ) save (items)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+104
+105
+106
+107
+108
+109
+110
+
+
+ # File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 104
+
+def save ( items )
+ items . sort!
+ items . uniq!
+ puts " [*] We have parsed #{ items . length } # @types " File . open ( @file_name , ' w ' ) { | f | f . puts ( items ) }
+ puts " New # @file_name file created " end
+
+
+
+
+
+
+
+ - (Object ) set_file_name (type)
+
+
+
+
+
+
+
+
+
+
+
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+
+
+ # File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 28
+
+def set_file_name ( type )
+ case @type
+ when ' plugin ' case type
+ when :full
+ @file_name = PLUGINS_FULL_FILE
+ when :popular
+ @file_name = PLUGINS_FILE
+ else
+ raise ' Unknown type ' end
+ when ' theme ' case type
+ when :full
+ @file_name = THEMES_FULL_FILE
+ when :popular
+ @file_name = THEMES_FILE
+ else
+ raise ' Unknown type ' end
+ else
+ raise " Unknown type # @type " end
+end
+
+
+
+
+
+
+
+ Class: GitUpdater
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: GitUpdater
+
+
+
+
+
+
+
+ Inherits:
+
+ Updater
+ Object
+
+ Updater GitUpdater
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/updater/git_updater.rb
+
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
Attributes inherited from Updater
+
#repo_directory
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods inherited from Updater
+
#initialize
+
+
Constructor Details
+
+
This class inherits a constructor from Updater
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) has_local_changes?
+
+
+
+
+
+
+
+
+
+
+
+
+22
+23
+24
+
+
+ # File 'lib/common/updater/git_updater.rb', line 22
+
+def has_local_changes?
+ %x[ git #{ repo_directory_arguments ( ) } diff --exit-code 2>&1 ] =~ / diff / ? true : false
+end
+
+
+
+
+
+
+
+ - (Boolean ) is_installed?
+
+
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+
+
+ # File 'lib/common/updater/git_updater.rb', line 7
+
+def is_installed?
+ %x[ git #{ repo_directory_arguments ( ) } status 2>&1 ] =~ / On branch / ? true : false
+end
+
+
+
+
+
+
+
+ - (Object ) local_revision_number
+
+
+
+
+
+
+
+
+
Git has not a revsion number like SVN, so we will take the 7 first chars of
+the last commit hash
+
+
+
+
+
+
+
+
+
+
+
+
+
+13
+14
+15
+16
+
+
+ # File 'lib/common/updater/git_updater.rb', line 13
+
+def local_revision_number
+ git_log = %x[ git #{ repo_directory_arguments ( ) } log -1 2>&1 ]
+ git_log [ / commit ([0-9a-z]{7}) /i , 1 ] . to_s
+end
+
+
+
+
+
+
+
+ - (Object ) repo_directory_arguments
+
+
+
+
+
+
+
+
+
+
+
+31
+32
+33
+34
+35
+
+
+ # File 'lib/common/updater/git_updater.rb', line 31
+
+def repo_directory_arguments
+ if @repo_directory
+ return " --git-dir=\" #{ @repo_directory } /.git\" --work-tree=\" #{ @repo_directory } \" " end
+end
+
+
+
+
+
+
+
+ - (Object ) reset_head
+
+
+
+
+
+
+
+
+
+
+
+26
+27
+28
+
+
+ # File 'lib/common/updater/git_updater.rb', line 26
+
+def reset_head
+ %x[ git #{ repo_directory_arguments ( ) } reset --hard HEAD ]
+end
+
+
+
+
+
+
+
+ - (Object ) update
+
+
+
+
+
+
+
+
+
+
+
+18
+19
+20
+
+
+ # File 'lib/common/updater/git_updater.rb', line 18
+
+def update
+ %x[ git #{ repo_directory_arguments ( ) } pull ]
+end
+
+
+
+
+
+
+
+ Class: ListGeneratorPlugin
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: ListGeneratorPlugin
+
+
+
+
+
+
+
+ Inherits:
+
+ Plugin
+ Object
+
+ Plugin ListGeneratorPlugin
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/wpstools/plugins/list_generator/list_generator_plugin.rb
+
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
Attributes inherited from Plugin
+
#author #registered_options
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods inherited from Plugin
+
#register_options
+
+
Constructor Details
+
+
+
+
+
+
A new instance of ListGeneratorPlugin
+
+
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+
+
+ # File 'lib/wpstools/plugins/list_generator/list_generator_plugin.rb', line 5
+
+def initialize
+ super ( author: ' WPScanTeam - @FireFart ' )
+
+ register_options (
+ [ ' --generate-plugin-list [NUMBER_OF_PAGES] ' , ' --gpl ' , Integer , ' Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150) ' ] ,
+ [ ' --generate-full-plugin-list ' , ' --gfpl ' , ' Generate a new full data/plugins.txt file ' ] ,
+
+ [ ' --generate-theme-list [NUMBER_OF_PAGES] ' , ' --gtl ' , Integer , ' Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150) ' ] ,
+ [ ' --generate-full-theme-list ' , ' --gftl ' , ' Generate a new full data/themes.txt file ' ] ,
+
+ [ ' --generate-all ' , ' --ga ' , ' Generate a new full plugins, full themes, popular plugins and popular themes list ' ]
+ )
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) full (type)
+
+
+
+
+
+
+
+
+
+
+
+48
+49
+50
+51
+52
+
+
+ # File 'lib/wpstools/plugins/list_generator/list_generator_plugin.rb', line 48
+
+def full ( type )
+ puts " [+] Generating new full #{ type } list " puts
+ GenerateList . new ( type + ' s ' , @verbose ) . generate_full_list
+end
+
+
+
+
+
+
+
+ - (Object ) most_popular (type, number_of_pages)
+
+
+
+
+
+
+
+
+
+
+
+42
+43
+44
+45
+46
+
+
+ # File 'lib/wpstools/plugins/list_generator/list_generator_plugin.rb', line 42
+
+def most_popular ( type , number_of_pages )
+ puts " [+] Generating new most popular #{ type } list " puts
+ GenerateList . new ( type + ' s ' , @verbose ) . generate_popular_list ( number_of_pages )
+end
+
+
+
+
+
+
+
+ - (Object ) run (options = {})
+
+
+
+
+
+
+
+
+
+
+
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+
+
+ # File 'lib/wpstools/plugins/list_generator/list_generator_plugin.rb', line 19
+
+def run ( options = { } )
+ @verbose = options [ :verbose ] || false
+ generate_all = options [ :generate_all ] || false
+
+ if options . has_key? ( :generate_plugin_list ) || generate_all
+ most_popular ( ' plugin ' , options [ :generate_plugin_list ] || 150 )
+ end
+
+ if options [ :generate_full_plugin_list ] || generate_all
+ full ( ' plugin ' )
+ end
+
+ if options . has_key? ( :generate_theme_list ) || generate_all
+ most_popular ( ' theme ' , options [ :generate_theme_list ] || 150 )
+ end
+
+ if options [ :generate_full_theme_list ] || generate_all
+ full ( ' theme ' )
+ end
+end
+
+
+
+
+
+
+
+ Class: Plugin
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Plugin
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/plugins/plugin.rb
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) author
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute author.
+
+
+
+
+
+
+ - (Object) registered_options
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute registered_options.
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
Constructor Details
+
+
+
+
+ - (Plugin initialize (infos = {})
+
+
+
+
+
+
+
+
+
A new instance of Plugin
+
+
+
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+
+
+ # File 'lib/common/plugins/plugin.rb', line 7
+
+def initialize ( infos = { } )
+ @author = infos [ :author ]
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) author
+
+
+
+
+
+
+
+
+
Returns the value of attribute author
+
+
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+
+
+ # File 'lib/common/plugins/plugin.rb', line 5
+
+def author
+ @author
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) registered_options
+
+
+
+
+
+
+
+
+
Returns the value of attribute registered_options
+
+
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+
+
+ # File 'lib/common/plugins/plugin.rb', line 5
+
+def registered_options
+ @registered_options
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) register_options (*options)
+
+
+
+
+
+
+
+
+
param Array options
+
+
+
+
+
+
+
+
+
+
+
+
+
+16
+17
+18
+19
+20
+21
+22
+23
+
+
+ # File 'lib/common/plugins/plugin.rb', line 16
+
+def register_options ( * options )
+ options . each do | option |
+ unless option . is_a? ( Array )
+ raise " Each option must be an array, #{ option . class } supplied " end
+ end
+ @registered_options = options
+end
+
+
+
+
+
+
+
+ - (Object ) run (options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+11
+12
+13
+
+
+ # File 'lib/common/plugins/plugin.rb', line 11
+
+def run ( options = { } )
+ raise NotImplementedError
+end
+
+
+
+
+
+
+
+ Class: Plugins
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Plugins
+
+
+
+
+
+
+
+ Inherits:
+
+ Array
+ Object
+
+ Array Plugins
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/plugins/plugins.rb
+
+
+
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) option_parser
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute option_parser.
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods inherited from Array
+
#_grep_
+
+
Constructor Details
+
+
+
+
+ - (Plugins initialize (option_parser = nil)
+
+
+
+
+
+
+
+
+
A new instance of Plugins
+
+
+
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+
+
+ # File 'lib/common/plugins/plugins.rb', line 7
+
+def initialize ( option_parser = nil )
+ if option_parser
+ if option_parser . is_a? ( CustomOptionParser )
+ @option_parser = option_parser
+ else
+ raise " The parser must be an instance of CustomOptionParser, #{ option_parser . class } supplied " end
+ else
+ @option_parser = CustomOptionParser . new
+ end
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) option_parser
+
+
+
+
+
+
+
+
+
Returns the value of attribute option_parser
+
+
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+
+
+ # File 'lib/common/plugins/plugins.rb', line 5
+
+def option_parser
+ @option_parser
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) register (*plugins)
+
+
+
+
+
+
+
+
+
param Array(Plugin) plugins
+
+
+
+
+
+
+
+
+
+
+
+
+
+20
+21
+22
+23
+24
+
+
+ # File 'lib/common/plugins/plugins.rb', line 20
+
+def register ( * plugins )
+ plugins . each do | plugin |
+ register_plugin ( plugin )
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) register_plugin (plugin)
+
+
+
+
+
+
+
+
+
param Plugin plugin
+
+
+
+
+
+
+
+
+
+
+
+
+
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+
+
+ # File 'lib/common/plugins/plugins.rb', line 27
+
+def register_plugin ( plugin )
+ if plugin . is_a? ( Plugin )
+ self << plugin
+
+ if plugin_options = plugin . registered_options
+ @option_parser . add ( plugin_options )
+ end
+ else
+ raise " The argument must be an instance of Plugin, #{ plugin . class } supplied " end
+end
+
+
+
+
+
+
+
+ Class: StatsPlugin
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: StatsPlugin
+
+
+
+
+
+
+
+ Inherits:
+
+ Plugin
+ Object
+
+ Plugin StatsPlugin
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/wpstools/plugins/stats/stats_plugin.rb
+
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
Attributes inherited from Plugin
+
#author #registered_options
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods inherited from Plugin
+
#register_options
+
+
Constructor Details
+
+
+
+
+ - (StatsPlugin initialize
+
+
+
+
+
+
+
+
+
A new instance of StatsPlugin
+
+
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+8
+9
+10
+11
+
+
+ # File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 5
+
+def initialize
+ super ( author: ' WPScanTeam - Christian Mehlmauer ' )
+
+ register_options (
+ [ ' --stats ' , ' --s ' , ' Show WpScan Database statistics ' ]
+ )
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) lines_in_file (file)
+
+
+
+
+
+
+
+
+
+
+
+51
+52
+53
+
+
+ # File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 51
+
+def lines_in_file ( file )
+ IO . readlines ( file ) . size
+end
+
+
+
+
+
+
+
+ - (Object ) plugin_vulns_count (file = PLUGINS_VULNS_FILE)
+
+
+
+
+
+
+
+
+
+
+
+35
+36
+37
+
+
+ # File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 35
+
+def plugin_vulns_count ( file = PLUGINS_VULNS_FILE )
+ xml ( file ) . xpath ( " count(//vulnerability) " ) . to_i
+end
+
+
+
+
+
+
+
+ - (Object ) run (options = {})
+
+
+
+
+
+
+
+
+
+
+
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+
+
+ # File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 13
+
+def run ( options = { } )
+ if options [ :stats ]
+ puts " Wpscan Databse Statistics: " puts " -------------------------- " puts " [#] Total vulnerable plugins: #{ vuln_plugin_count } " puts " [#] Total vulnerable themes: #{ vuln_theme_count } " puts " [#] Total plugin vulnerabilities: #{ plugin_vulns_count } " puts " [#] Total theme vulnerabilities: #{ theme_vulns_count } " puts " [#] Total plugins to enumerate: #{ total_plugins } " puts " [#] Total themes to enumerate: #{ total_themes } " puts
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) theme_vulns_count (file = THEMES_VULNS_FILE)
+
+
+
+
+
+
+
+
+
+
+
+39
+40
+41
+
+
+ # File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 39
+
+def theme_vulns_count ( file = THEMES_VULNS_FILE )
+ xml ( file ) . xpath ( " count(//vulnerability) " ) . to_i
+end
+
+
+
+
+
+
+
+ - (Object ) total_plugins (file = PLUGINS_FULL_FILE)
+
+
+
+
+
+
+
+
+
+
+
+43
+44
+45
+
+
+ # File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 43
+
+def total_plugins ( file = PLUGINS_FULL_FILE )
+ lines_in_file ( file )
+end
+
+
+
+
+
+
+
+ - (Object ) total_themes (file = THEMES_FULL_FILE)
+
+
+
+
+
+
+
+
+
+
+
+47
+48
+49
+
+
+ # File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 47
+
+def total_themes ( file = THEMES_FULL_FILE )
+ lines_in_file ( file )
+end
+
+
+
+
+
+
+
+ - (Object ) vuln_plugin_count (file = PLUGINS_VULNS_FILE)
+
+
+
+
+
+
+
+
+
+
+
+27
+28
+29
+
+
+ # File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 27
+
+def vuln_plugin_count ( file = PLUGINS_VULNS_FILE )
+ xml ( file ) . xpath ( " count(//plugin) " ) . to_i
+end
+
+
+
+
+
+
+
+ - (Object ) vuln_theme_count (file = THEMES_VULNS_FILE)
+
+
+
+
+
+
+
+
+
+
+
+31
+32
+33
+
+
+ # File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 31
+
+def vuln_theme_count ( file = THEMES_VULNS_FILE )
+ xml ( file ) . xpath ( " count(//theme) " ) . to_i
+end
+
+
+
+
+
+
+
+ Class: SvnParser
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: SvnParser
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ SvnParser
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/wpstools/plugins/list_generator/svn_parser.rb
+
+
+
+
+
Overview
+
+
+
This Class Parses SVN Repositories via HTTP
+
+
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) keep_empty_dirs
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute keep_empty_dirs.
+
+
+
+
+
+
+ - (Object) svn_root
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute svn_root.
+
+
+
+
+
+
+ - (Object) verbose
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute verbose.
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
Constructor Details
+
+
+
+
+ - (SvnParser initialize (svn_root)
+
+
+
+
+
+
+
+
+
A new instance of SvnParser
+
+
+
+
+
+
+
+
+
+
+
+
+
+8
+9
+10
+
+
+ # File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 8
+
+def initialize ( svn_root )
+ @svn_root = svn_root
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) keep_empty_dirs
+
+
+
+
+
+
+
+
+
Returns the value of attribute keep_empty_dirs
+
+
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+
+
+ # File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 6
+
+def keep_empty_dirs
+ @keep_empty_dirs
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) svn_root
+
+
+
+
+
+
+
+
+
Returns the value of attribute svn_root
+
+
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+
+
+ # File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 6
+
+def svn_root
+ @svn_root
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) verbose
+
+
+
+
+
+
+
+
+
Returns the value of attribute verbose
+
+
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+
+
+ # File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 6
+
+def verbose
+ @verbose
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) get_root_directories
+
+
+
+
+
+
+
+
+
Gets all directories in the SVN root
+
+
+
+
+
+
+
+
+
+
+
+
+
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+
+
+ # File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 20
+
+def get_root_directories
+ dirs = [ ]
+ rootindex = Browser . get ( @svn_root ) . body
+
+ rootindex . scan ( %r{ <li><a href=".+">(.+)/</a></li> }i ) . each do | dir |
+ dirs << dir [ 0 ]
+ end
+
+ dirs . sort!
+ dirs . uniq
+end
+
+
+
+
+
+
+
+ - (Object ) parse
+
+
+
+
+
+
+
+
+
+
+
+12
+13
+14
+
+
+ # File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 12
+
+def parse
+ get_root_directories
+end
+
+
+
+
+
+
+
+ Class: SvnUpdater
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: SvnUpdater
+
+
+
+
+
+
+
+ Inherits:
+
+ Updater
+ Object
+
+ Updater SvnUpdater
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/updater/svn_updater.rb
+
+
+
+
+
+
Constant Summary
+
+
+
+ REVISION_PATTERN =
+
+
+ / revision="(\d+)" /i TRUNK_URL =
+
+
+ ' https://github.com/wpscanteam/wpscan '
+
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
Attributes inherited from Updater
+
#repo_directory
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods inherited from Updater
+
#initialize
+
+
Constructor Details
+
+
This class inherits a constructor from Updater
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) is_installed?
+
+
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+
+
+ # File 'lib/common/updater/svn_updater.rb', line 10
+
+def is_installed?
+ %x[ svn info " # @repo_directory " --xml 2>&1 ] =~ / revision= / ? true : false
+end
+
+
+
+
+
+
+
+ - (Object ) local_revision_number
+
+
+
+
+
+
+
+
+
+
+
+14
+15
+16
+17
+
+
+ # File 'lib/common/updater/svn_updater.rb', line 14
+
+def local_revision_number
+ local_revision = %x[ svn info " # @repo_directory " --xml 2>&1 ]
+ local_revision [ REVISION_PATTERN , 1 ] . to_s
+end
+
+
+
+
+
+
+
+ - (Object ) update
+
+
+
+
+
+
+
+
+
+
+
+19
+20
+21
+
+
+ # File 'lib/common/updater/svn_updater.rb', line 19
+
+def update
+ %x[ svn up " # @repo_directory " ]
+end
+
+
+
+
+
+
+
+ Module: Terminal
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: Terminal
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/hacks.rb
+
+
+
+
+
Defined Under Namespace
+
+
+
+
+
+ Classes: Table
+
+
+
+
+
+
+
+
+
+
+ Class: Terminal::Table
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Terminal::Table
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ Terminal::Table
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/hacks.rb
+
+
+
+
+
Defined Under Namespace
+
+
+
+
+
+ Classes: Style
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) render
+
+
+
+ Also known as:
+ to_s
+
+
+
+
+
+
+
+
+
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+
+
+ # File 'lib/common/hacks.rb', line 85
+
+def render
+ separator = Separator . new ( self )
+ buffer = [ separator ]
+ unless @title . nil?
+ buffer << Row . new ( self , [ title_cell_options ] )
+ buffer << separator
+ end
+ unless @headings . cells . empty?
+ buffer << @headings
+ buffer << separator
+ end
+ buffer += @rows
+ buffer << separator
+ buffer . map { | r | style . margin_left + r . render } . join ( " \n " )
+end
+
+
+
+
+
+
+
+ Class: Terminal::Table::Style
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Terminal::Table::Style
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ Terminal::Table::Style
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/hacks.rb
+
+
+
+
+
+
Constant Summary
+
+
+
+ @@defaults =
+
+
+ {
+ :border_x => " - " , :border_y => " | " , :border_i => " + " ,
+ :padding_left => 1 , :padding_right => 1 ,
+ :margin_left => ' ' ,
+ :width => nil , :alignment => nil
+}
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) alignment
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute alignment.
+
+
+
+
+
+
+ - (Object) border_i
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute border_i.
+
+
+
+
+
+
+ - (Object) border_x
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute border_x.
+
+
+
+
+
+
+ - (Object) border_y
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute border_y.
+
+
+
+
+
+
+ - (Object) margin_left
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute margin_left.
+
+
+
+
+
+
+ - (Object) padding_left
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute padding_left.
+
+
+
+
+
+
+ - (Object) padding_right
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute padding_right.
+
+
+
+
+
+
+ - (Object) width
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute width.
+
+
+
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) alignment
+
+
+
+
+
+
+
+
+
Returns the value of attribute alignment
+
+
+
+
+
+
+
+
+
+
+
+
+
+119
+120
+121
+
+
+ # File 'lib/common/hacks.rb', line 119
+
+def alignment
+ @alignment
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) border_i
+
+
+
+
+
+
+
+
+
Returns the value of attribute border_i
+
+
+
+
+
+
+
+
+
+
+
+
+
+113
+114
+115
+
+
+ # File 'lib/common/hacks.rb', line 113
+
+def border_i
+ @border_i
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) border_x
+
+
+
+
+
+
+
+
+
Returns the value of attribute border_x
+
+
+
+
+
+
+
+
+
+
+
+
+
+111
+112
+113
+
+
+ # File 'lib/common/hacks.rb', line 111
+
+def border_x
+ @border_x
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) border_y
+
+
+
+
+
+
+
+
+
Returns the value of attribute border_y
+
+
+
+
+
+
+
+
+
+
+
+
+
+112
+113
+114
+
+
+ # File 'lib/common/hacks.rb', line 112
+
+def border_y
+ @border_y
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) margin_left
+
+
+
+
+
+
+
+
+
Returns the value of attribute margin_left
+
+
+
+
+
+
+
+
+
+
+
+
+
+110
+111
+112
+
+
+ # File 'lib/common/hacks.rb', line 110
+
+def margin_left
+ @margin_left
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) padding_left
+
+
+
+
+
+
+
+
+
Returns the value of attribute padding_left
+
+
+
+
+
+
+
+
+
+
+
+
+
+115
+116
+117
+
+
+ # File 'lib/common/hacks.rb', line 115
+
+def padding_left
+ @padding_left
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) padding_right
+
+
+
+
+
+
+
+
+
Returns the value of attribute padding_right
+
+
+
+
+
+
+
+
+
+
+
+
+
+116
+117
+118
+
+
+ # File 'lib/common/hacks.rb', line 116
+
+def padding_right
+ @padding_right
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) width
+
+
+
+
+
+
+
+
+
Returns the value of attribute width
+
+
+
+
+
+
+
+
+
+
+
+
+
+118
+119
+120
+
+
+ # File 'lib/common/hacks.rb', line 118
+
+def width
+ @width
+end
+
+
+
+
+
+
+
+
+ Module: Typhoeus
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: Typhoeus
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/hacks.rb,
+
+
+
+
+
+
Overview
+
+
+
Implementaion of a cache_key (Typhoeus::Request#hash has too many options)
+
+
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+
+
+ Classes: Request Response
+
+
+
+
+
+
+
+
+
+
+ Class: Typhoeus::Request
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Typhoeus::Request
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ Typhoeus::Request
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/typhoeus_cache.rb
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Cacheable
+
+
+
+
+
+
+
+
+
+
+ Module: Typhoeus::Request::Cacheable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: Typhoeus::Request::Cacheable
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/typhoeus_cache.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) cache_key
+
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+
+
+ # File 'lib/common/typhoeus_cache.rb', line 9
+
+def cache_key
+ Digest :: SHA2 . hexdigest ( " #{ url } - #{ options [ :body ] } - #{ options [ :method ] } " ) [ 0 .. 32 ]
+end
+
+
+
+
+
+
+
+ Class: Typhoeus::Response
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Typhoeus::Response
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ Typhoeus::Response
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/hacks.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) has_valid_hash? (error_404_hash, homepage_hash)
+
+
+
+
+
+
+
+
+
Compare the body hash to error_404_hash and homepage_hash returns true if
+they are different, false otherwise
+
+
+
+
+
+
+
+
+
+
+41
+42
+43
+44
+45
+
+
+ # File 'lib/common/hacks.rb', line 41
+
+def has_valid_hash? ( error_404_hash , homepage_hash )
+ body_hash = WebSite . page_hash ( self )
+
+ body_hash != error_404_hash && body_hash != homepage_hash
+end
+
+
+
+
+
+
+
+ Class: TyphoeusCache
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: TyphoeusCache
+
+
+
+
+
+
+
+ Inherits:
+
+ CacheFileStore show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/typhoeus_cache.rb
+
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
+
#serializer #storage_path
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#clean #get_entry_file_path #initialize #read_entry #write_entry
+
+
Constructor Details
+
+
This class inherits a constructor from CacheFileStore
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) get (request)
+
+
+
+
+
+
+
+
+
+
+
+18
+19
+20
+
+
+ # File 'lib/common/typhoeus_cache.rb', line 18
+
+def get ( request )
+ read_entry ( request . cache_key )
+end
+
+
+
+
+
+
+
+ - (Object ) set (request, response)
+
+
+
+
+
+
+
+
+
+
+
+22
+23
+24
+
+
+ # File 'lib/common/typhoeus_cache.rb', line 22
+
+def set ( request , response )
+ write_entry ( request . cache_key , response , request . cache_ttl )
+end
+
+
+
+
+
+
+
+ Module: URI
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: URI
+
+
+
+
+
+
+
+
+
+ Extended by:
+ URI Included in:
+ URI Defined in:
+ lib/common/hacks.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) escape (str)
+
+
+
+ Also known as:
+ encode
+
+
+
+
+
+
+
+
+
+9
+10
+11
+
+
+ # File 'lib/common/hacks.rb', line 9
+
+def escape ( str )
+ URI :: Parser . new . escape ( str )
+end
+
+
+
+
+
+
+
+ Class: Updater
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Updater
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/updater/updater.rb
+
+
+
+
+
Overview
+
+
+
This class act as an absract one
+
+
+
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) repo_directory
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute repo_directory.
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
Constructor Details
+
+
+
+
+ - (Updater initialize (repo_directory = nil)
+
+
+
+
+
+
+
+
+
TODO : add a last '/ to repo_directory if it's not present
+
+
+
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+
+
+ # File 'lib/common/updater/updater.rb', line 9
+
+def initialize ( repo_directory = nil )
+ @repo_directory = repo_directory
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) repo_directory
+
+
+
+
+
+
+
+
+
Returns the value of attribute repo_directory
+
+
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+
+
+ # File 'lib/common/updater/updater.rb', line 6
+
+def repo_directory
+ @repo_directory
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) is_installed?
+
+
+
+
+
+
+
+
+
+
+
+
+13
+14
+15
+
+
+ # File 'lib/common/updater/updater.rb', line 13
+
+def is_installed?
+ raise NotImplementedError
+end
+
+
+
+
+
+
+
+ - (Object ) local_revision_number
+
+
+
+
+
+
+
+
+
+
+
+
+17
+18
+19
+
+
+ # File 'lib/common/updater/updater.rb', line 17
+
+def local_revision_number
+ raise NotImplementedError
+end
+
+
+
+
+
+
+
+ - (Object ) update
+
+
+
+
+
+
+
+
+
+
+
+
+21
+22
+23
+
+
+ # File 'lib/common/updater/updater.rb', line 21
+
+def update
+ raise NotImplementedError
+end
+
+
+
+
+
+
+
+ Class: UpdaterFactory
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: UpdaterFactory
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ UpdaterFactory
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/common/updater/updater_factory.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (Object ) available_updaters_classes
+
+
+
+
+
+
+
+
+
return array of class symbols
+
+
+
+
+
+
+
+
+
+
+
+
+
+19
+20
+21
+
+
+ # File 'lib/common/updater/updater_factory.rb', line 19
+
+def self . available_updaters_classes
+ Object . constants . grep ( / ^.+Updater$ / )
+end
+
+
+
+
+
+
+
+ + (Object ) get_updater (repo_directory)
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+8
+9
+10
+11
+12
+13
+14
+
+
+ # File 'lib/common/updater/updater_factory.rb', line 5
+
+def self . get_updater ( repo_directory )
+ self . available_updaters_classes ( ) . each do | updater_symbol |
+ updater = Object . const_get ( updater_symbol ) . new ( repo_directory )
+
+ if updater . is_installed?
+ return updater
+ end
+ end
+ nil
+end
+
+
+
+
+
+
+
+ Class: Vulnerabilities
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Vulnerabilities
+
+
+
+
+
+
+
+ Inherits:
+
+ Array
+ Object
+
+ Array Vulnerabilities
+
+
+ show all
+
+
+
+
+
+
+
+
+ Includes:
+ Output Defined in:
+ lib/common/collections/vulnerabilities.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Method Summary
+
+
Methods included from Output
+
#output
+
+
+
+
+
+
+
+
+
+
Methods inherited from Array
+
#_grep_
+
+
+
+ Module: Vulnerabilities::Output
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: Vulnerabilities::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ Vulnerabilities Defined in:
+ lib/common/collections/vulnerabilities/output.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) output
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+9
+10
+
+
+ # File 'lib/common/collections/vulnerabilities/output.rb', line 6
+
+def output
+ self . each do | v |
+ v . output
+ end
+end
+
+
+
+
+
+
+
+ Class: Vulnerability
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: Vulnerability
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ Vulnerability
+
+
+ show all
+
+
+
+
+
+
+
+
+ Includes:
+ Output Defined in:
+ lib/common/models/vulnerability.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Output
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) metasploit_modules
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute metasploit_modules.
+
+
+
+
+
+
+ - (Object) references
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute references.
+
+
+
+
+
+
+ - (Object) title
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute title.
+
+
+
+
+
+
+ - (Object) type
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute type.
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods included from Output
+
metasploit_module_url #output
+
+
Constructor Details
+
+
+
+
+ - (Vulnerability initialize (title, type, references, metasploit_modules = [])
+
+
+
+
+
+
+
+
+
+
+
+
+17
+18
+19
+20
+21
+22
+
+
+ # File 'lib/common/models/vulnerability.rb', line 17
+
+def initialize ( title , type , references , metasploit_modules = [ ] )
+ @title = title
+ @type = type
+ @references = references
+ @metasploit_modules = metasploit_modules
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+
+
Returns the value of attribute metasploit_modules
+
+
+
+
+
+
+
+
+
+
+
+
+
+8
+9
+10
+
+
+ # File 'lib/common/models/vulnerability.rb', line 8
+
+def metasploit_modules
+ @metasploit_modules
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) references
+
+
+
+
+
+
+
+
+
Returns the value of attribute references
+
+
+
+
+
+
+
+
+
+
+
+
+
+8
+9
+10
+
+
+ # File 'lib/common/models/vulnerability.rb', line 8
+
+def references
+ @references
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) title
+
+
+
+
+
+
+
+
+
Returns the value of attribute title
+
+
+
+
+
+
+
+
+
+
+
+
+
+8
+9
+10
+
+
+ # File 'lib/common/models/vulnerability.rb', line 8
+
+def title
+ @title
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) type
+
+
+
+
+
+
+
+
+
Returns the value of attribute type
+
+
+
+
+
+
+
+
+
+
+
+
+
+8
+9
+10
+
+
+ # File 'lib/common/models/vulnerability.rb', line 8
+
+def type
+ @type
+end
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (Vulnerability load_from_xml_node (xml_node)
+
+
+
+
+
+
+
+
+
Create the Vulnerability from the xml_node
+
+
+
+
+
+
+
+
+
+
+38
+39
+40
+41
+42
+43
+44
+45
+
+
+ # File 'lib/common/models/vulnerability.rb', line 38
+
+def self . load_from_xml_node ( xml_node )
+ new (
+ xml_node . search ( ' title ' ) . text ,
+ xml_node . search ( ' type ' ) . text ,
+ xml_node . search ( ' reference ' ) . map ( & :text ) ,
+ xml_node . search ( ' metasploit ' ) . map ( & :text )
+ )
+end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) == (other)
+
+
+
+
+
+
+
+
+
+
+
+
+28
+29
+30
+
+
+ # File 'lib/common/models/vulnerability.rb', line 28
+
+def == ( other )
+ title == other . title && type == other . type && references == other . references
+end
+
+
+
+
+
+
+
+ Module: Vulnerability::Output
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: Vulnerability::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ Vulnerability Defined in:
+ lib/common/models/vulnerability/output.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+ - (Object) output
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
output the vulnerability.
+
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+
+
The url to the metasploit module page
+
+
+
+
+
+
+
+
+
+
+19
+20
+21
+22
+23
+
+
+ # File 'lib/common/models/vulnerability/output.rb', line 19
+
+def self . metasploit_module_url ( module_path )
+ module_path = module_path . sub ( / ^\/ / , ' ' )
+ " http://www.metasploit.com/modules/ #{ module_path } " end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) output
+
+
+
+
+
+
+
+
+
output the vulnerability
+
+
+
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+
+
+ # File 'lib/common/models/vulnerability/output.rb', line 7
+
+def output
+ puts ' | ' puts ' | ' + red ( " * Title: #{ title } " )
+ references . each do | r |
+ puts ' | ' + red ( " * Reference: #{ r } " )
+ end
+ metasploit_modules . each do | m |
+ puts ' | ' + red ( " * Metasploit module: #{ Output . metasploit_module_url ( m ) } " )
+ end
+end
+
+
+
+
+
+
+
+ Class: WebSite
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WebSite
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/wpscan/web_site.rb
+
+
+
+
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) uri
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute uri.
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+
+
+ + (Boolean) has_log? (log_url, pattern)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Only the first 700 bytes are checked to avoid the download of the whole
+file which can be very huge (like 2 Go).
+
+
+
+
+
+
+ + (String) page_hash (page)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Compute the MD5 of the page Comments are deleted from the page to avoid
+cache generation details.
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
Constructor Details
+
+
+
+
+ - (WebSite initialize (site_url)
+
+
+
+
+
+
+
+
+
A new instance of WebSite
+
+
+
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+
+
+ # File 'lib/wpscan/web_site.rb', line 7
+
+def initialize ( site_url )
+ self . url = site_url
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) uri
+
+
+
+
+
+
+
+
+
Returns the value of attribute uri
+
+
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+
+
+ # File 'lib/wpscan/web_site.rb', line 5
+
+def uri
+ @uri
+end
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (Boolean ) has_log? (log_url, pattern)
+
+
+
+
+
+
+
+
+
Only the first 700 bytes are checked to avoid the download of the whole
+file which can be very huge (like 2 Go)
+
+
+
+
+
+
+
+
+
+
+133
+134
+135
+136
+
+
+ # File 'lib/wpscan/web_site.rb', line 133
+
+def self . has_log? ( log_url , pattern )
+ log_body = Browser . get ( log_url , headers: { ' range ' => ' bytes=0-700 ' } ) . body
+ log_body [ pattern ] ? true : false
+end
+
+
+
+
+
+
+
+ + (String ) page_hash (page)
+
+
+
+
+
+
+
+
+
Compute the MD5 of the page Comments are deleted from the page to avoid
+cache generation details
+
+
+
+
+
+
+
+
+
+
+85
+86
+87
+88
+89
+
+
+ # File 'lib/wpscan/web_site.rb', line 85
+
+def self . page_hash ( page )
+ page = Browser . get ( page ) unless page . is_a? ( Typhoeus :: Response )
+
+ Digest :: MD5 . hexdigest ( page . body . gsub ( / <!--.*?--> /m , ' ' ) )
+end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) error_404_hash
+
+
+
+
+
+
+
+
+
Return the MD5 hash of a 404 page
+
+
+
+
+
+
+
+
+
+
+
+
+
+99
+100
+101
+102
+103
+104
+105
+
+
+ # File 'lib/wpscan/web_site.rb', line 99
+
+def error_404_hash
+ unless @error_404_hash
+ non_existant_page = Digest :: MD5 . hexdigest ( rand ( 999_999_999 ) . to_s ) + ' .html ' @error_404_hash = WebSite . page_hash ( @uri . merge ( non_existant_page ) . to_s )
+ end
+ @error_404_hash
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_basic_auth?
+
+
+
+
+
+
+
+
+
+
+
+
+24
+25
+26
+
+
+ # File 'lib/wpscan/web_site.rb', line 24
+
+def has_basic_auth?
+ Browser . get ( @uri . to_s ) . code == 401
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_robots?
+
+
+
+
+
+
+
+
+
Checks if a robots.txt file exists
+
+
+
+
+
+
+
+
+
+
+115
+116
+117
+
+
+ # File 'lib/wpscan/web_site.rb', line 115
+
+def has_robots?
+ Browser . get ( robots_url ) . code == 200
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_xml_rpc?
+
+
+
+
+
+
+
+
+
+
+
+
+28
+29
+30
+
+
+ # File 'lib/wpscan/web_site.rb', line 28
+
+def has_xml_rpc?
+ ! xml_rpc_url . nil?
+end
+
+
+
+
+
+
+
+ - (Object ) homepage_hash
+
+
+
+
+
+
+
+
+
+
+
+91
+92
+93
+94
+95
+96
+
+
+ # File 'lib/wpscan/web_site.rb', line 91
+
+def homepage_hash
+ unless @homepage_hash
+ @homepage_hash = WebSite . page_hash ( @uri . to_s )
+ end
+ @homepage_hash
+end
+
+
+
+
+
+
+
+ - (Boolean ) online?
+
+
+
+
+
+
+
+
+
Checks if the remote website is up.
+
+
+
+
+
+
+
+
+
+
+20
+21
+22
+
+
+ # File 'lib/wpscan/web_site.rb', line 20
+
+def online?
+ Browser . get ( @uri . to_s ) . code != 0
+end
+
+
+
+
+
+
+
+ - (Object ) redirection (url = nil)
+
+
+
+
+
+
+
+
+
See if the remote url returns 30x redirect This method is recursive Return
+a string with the redirection or nil
+
+
+
+
+
+
+
+
+
+
+
+
+
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+
+
+ # File 'lib/wpscan/web_site.rb', line 62
+
+def redirection ( url = nil )
+ redirection = nil
+ url ||= @uri . to_s
+ response = Browser . get ( url )
+
+ if response . code == 301 || response . code == 302
+ redirection = response . [ ' location ' ]
+
+ if other_redirection = redirection ( redirection )
+ redirection = other_redirection
+ end
+ end
+
+ redirection
+end
+
+
+
+
+
+
+
+ - (String ) robots_url
+
+
+
+
+
+
+
+
+
Gets a robots.txt URL
+
+
+
+
+
+
+
+
+
+
+122
+123
+124
+
+
+ # File 'lib/wpscan/web_site.rb', line 122
+
+def robots_url
+ @uri . merge ( ' robots.txt ' ) . to_s
+end
+
+
+
+
+
+
+
+
+
Will try to find the rss url in the homepage Only the first one found iw
+returned
+
+
+
+
+
+
+
+
+
+
+
+
+
+109
+110
+111
+112
+
+
+ # File 'lib/wpscan/web_site.rb', line 109
+
+def
+ homepage_body = Browser . get ( @uri . to_s ) . body
+ homepage_body [ %r{ <link .* type="application/rss\+xml" .* href="([^"]+)" /> } , 1 ]
+end
+
+
+
+
+
+
+
+ - (Object ) url
+
+
+
+
+
+
+
+
+
+
+
+15
+16
+17
+
+
+ # File 'lib/wpscan/web_site.rb', line 15
+
+def url
+ @uri . to_s
+end
+
+
+
+
+
+
+
+ - (Object ) url= (url)
+
+
+
+
+
+
+
+
+
+
+
+11
+12
+13
+
+
+ # File 'lib/wpscan/web_site.rb', line 11
+
+def url= ( url )
+ @uri = URI . parse ( add_trailing_slash ( add_http_protocol ( url ) ) )
+end
+
+
+
+
+
+
+
+ - (Object ) xml_rpc_url
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+33
+34
+35
+36
+37
+38
+
+
+ # File 'lib/wpscan/web_site.rb', line 33
+
+def xml_rpc_url
+ unless @xmlrpc_url
+ @xmlrpc_url = ( ) || xml_rpc_url_from_body ( )
+ end
+ @xmlrpc_url
+end
+
+
+
+
+
+
+
+ - (Object ) xml_rpc_url_from_body
+
+
+
+
+
+
+
+
+
+
+
+53
+54
+55
+56
+57
+
+
+ # File 'lib/wpscan/web_site.rb', line 53
+
+def xml_rpc_url_from_body
+ body = Browser . get ( @uri . to_s ) . body
+
+ body [ %r{ <link rel="pingback" href="([^"]+)" ?\/?> } , 1 ]
+end
+
+
+
+
+
+
+
+
+
+
+
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+
+
+ # File 'lib/wpscan/web_site.rb', line 40
+
+def
+ = Browser . get ( @uri . to_s ) .
+ xmlrpc_url = nil
+
+ unless . nil?
+ pingback_url = [ ' X-Pingback ' ]
+ unless pingback_url . nil? || pingback_url . empty?
+ xmlrpc_url = pingback_url
+ end
+ end
+ xmlrpc_url
+end
+
+
+
+
+
+
+
+ Class: WpItem
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpItem
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ show all
+
+
+
+
+
+
+ Extended by:
+ Findable Includes:
+ Existable Infos Output Versionable Vulnerable Defined in:
+ lib/common/models/wp_item.rb,
+
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Existable Findable Infos Output Versionable Vulnerable
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) found_from
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute found_from.
+
+
+
+
+
+
+ - (Object) name
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute name.
+
+
+
+
+
+
+ - (Object) path
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute path.
+
+
+
+
+
+
+ - (Object) version
+
+
+
+
+
+
+
+
+
+ writeonly
+
+
+
+
+
+
+
+
+
+
Sets the attribute version.
+
+
+
+
+
+
+ - (Object) wp_content_dir
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute wp_content_dir.
+
+
+
+
+
+
+ - (Object) wp_plugins_dir
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute wp_plugins_dir.
+
+
+
+
+
+
+
+
+
+
Attributes included from Vulnerable
+
#vulns_file #vulns_xpath
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods included from Output
+
#output
+
+
+
+
+
+
+
+
+
+
Methods included from Infos
+
#changelog_url #error_log_url #has_changelog? #has_directory_listing? #has_error_log? #has_readme? #readme_url #url_is_200?
+
+
+
+
+
+
+
+
+
+
Methods included from Existable
+
#exists? #exists_from_response?
+
+
+
+
+
+
+
+
+
+
Methods included from Vulnerable
+
#vulnerabilities
+
+
+
+
+
+
+
+
+
+
+
#to_s #version
+
+
Constructor Details
+
+
+
+
+ - (WpItem initialize (target_base_uri, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+32
+33
+34
+35
+36
+37
+38
+39
+
+
+ # File 'lib/common/models/wp_item.rb', line 32
+
+def initialize ( target_base_uri , options = { } )
+
+ options [ :wp_content_dir ] ||= ' wp-content ' options [ :wp_plugins_dir ] ||= options [ :wp_content_dir ] + ' /plugins ' set_options ( options )
+ forge_uri ( target_base_uri )
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) found_from
+
+
+
+
+
+
+
+
+
Returns the value of attribute found_from
+
+
+
+
+
+
+
+
+
+
+
+
+
+4
+5
+6
+
+
+ # File 'lib/common/models/wp_item/findable.rb', line 4
+
+def found_from
+ @found_from
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) name
+
+
+
+
+
+
+
+
+
Returns the value of attribute name
+
+
+
+
+
+
+
+
+
+
+
+
+
+20
+21
+22
+
+
+ # File 'lib/common/models/wp_item.rb', line 20
+
+def name
+ @name
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) path
+
+
+
+
+
+
+
+
+
Returns the value of attribute path
+
+
+
+
+
+
+
+
+
+
+
+
+
+19
+20
+21
+
+
+ # File 'lib/common/models/wp_item.rb', line 19
+
+def path
+ @path
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) version= (value)
+
+
+
+
+
+
+
+
+
Sets the attribute version
+
+
+
+
+
+
+
+
+
+
+4
+5
+6
+
+
+ # File 'lib/common/models/wp_item/versionable.rb', line 4
+
+def version= ( value )
+ @version = value
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) wp_content_dir
+
+
+
+
+
+
+
+
+
Returns the value of attribute wp_content_dir
+
+
+
+
+
+
+
+
+
+
+
+
+
+20
+21
+22
+
+
+ # File 'lib/common/models/wp_item.rb', line 20
+
+def wp_content_dir
+ @wp_content_dir
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) wp_plugins_dir
+
+
+
+
+
+
+
+
+
Returns the value of attribute wp_plugins_dir
+
+
+
+
+
+
+
+
+
+
+
+
+
+20
+21
+22
+
+
+ # File 'lib/common/models/wp_item.rb', line 20
+
+def wp_plugins_dir
+ @wp_plugins_dir
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) <=> (other)
+
+
+
+
+
+
+
+
+
+
+
+
+89
+90
+91
+
+
+ # File 'lib/common/models/wp_item.rb', line 89
+
+def <=> ( other )
+ name <=> other . name
+end
+
+
+
+
+
+
+
+ - (Object ) == (other)
+
+
+
+
+
+
+
+
+
+
+
+
+94
+95
+96
+
+
+ # File 'lib/common/models/wp_item.rb', line 94
+
+def == ( other )
+ name === other . name
+end
+
+
+
+
+
+
+
+ - (Object ) === (other)
+
+
+
+
+
+
+
+
+
+
+
+
+99
+100
+101
+
+
+ # File 'lib/common/models/wp_item.rb', line 99
+
+def === ( other )
+ self == other && version === other . version
+end
+
+
+
+
+
+
+
+ - (Array allowed_options
+
+
+
+
+
+
+
+
+
Make it private ?
+
+
+
+
+
+
+
+
+
+
+24
+25
+26
+
+
+ # File 'lib/common/models/wp_item.rb', line 24
+
+def allowed_options
+ [ :name , :wp_content_dir , :wp_plugins_dir , :path , :version , :vulns_file ]
+end
+
+
+
+
+
+
+
+ - (void ) forge_uri (target_base_uri)
+
+
+
+
+
+
+
+
This method returns an undefined value.
+
+
+
+
+
+
+
+
+
+62
+63
+64
+
+
+ # File 'lib/common/models/wp_item.rb', line 62
+
+def forge_uri ( target_base_uri )
+ @uri = target_base_uri
+end
+
+
+
+
+
+
+
+ - (void ) set_options (options)
+
+
+
+
+
+
+
+
This method returns an undefined value.
+
+
+
+
+
+
+
+
+
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+
+
+ # File 'lib/common/models/wp_item.rb', line 44
+
+def set_options ( options )
+ allowed_options . each do | allowed_option |
+ if options . has_key? ( allowed_option )
+ method = :#{ allowed_option } = "
+
+ if self . respond_to? ( method )
+ self . send ( method , options [ allowed_option ] )
+ else
+ raise " #{ self . class } does not respond to #{ method } " end
+ end
+ end
+end
+
+
+
+
+
+
+
+ - (URI uri
+
+
+
+
+
+
+
+
+
The uri to the WpItem, with the path if present
+
+
+
+
+
+
+
+
+
+
+67
+68
+69
+
+
+ # File 'lib/common/models/wp_item.rb', line 67
+
+def uri
+ path ? @uri . merge ( path ) : @uri
+end
+
+
+
+
+
+
+
+ - (String ) url
+
+
+
+
+
+
+
+
+
The url to the WpItem
+
+
+
+
+
+
+
+
+
+
+72
+
+
+ # File 'lib/common/models/wp_item.rb', line 72
+
+def url ; uri . to_s end
+
+
+
+
+
+
+
+ Module: WpItem::Existable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpItem::Existable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpItem Defined in:
+ lib/common/models/wp_item/existable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) exists? (options = {}, response = nil)
+
+
+
+
+
+
+
+
+
Check the existence of the WpItem If the response is supplied, it's used
+for the verification Otherwise a new request is done
+
+
+
+
+
+
+
+
+
+
+14
+15
+16
+17
+18
+19
+
+
+ # File 'lib/common/models/wp_item/existable.rb', line 14
+
+def exists? ( options = { } , response = nil )
+ unless response
+ response = Browser . get ( url )
+ end
+ exists_from_response? ( response , options )
+end
+
+
+
+
+
+
+
+ - (Boolean ) exists_from_response? (response, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+
+
+ # File 'lib/common/models/wp_item/existable.rb', line 31
+
+def exists_from_response? ( response , options = { } )
+ if [ 200 , 401 , 403 ] . include? ( response . code )
+ if response . has_valid_hash? ( options [ :error_404_hash ] , options [ :homepage_hash ] )
+ if options [ :exclude_content ]
+ unless response . body . match ( options [ :exclude_content ] )
+ return true
+ end
+ else
+ return true
+ end
+ end
+ end
+ false
+end
+
+
+
+
+
+
+
+ Module: WpItem::Findable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpItem::Findable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpItem Defined in:
+ lib/common/models/wp_item/findable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Module: WpItem::Infos
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpItem::Infos
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpItem Defined in:
+ lib/common/models/wp_item/infos.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (String ) changelog_url
+
+
+
+
+
+
+
+
+
The url to the changelog file
+
+
+
+
+
+
+
+
+
+
+37
+38
+39
+
+
+ # File 'lib/common/models/wp_item/infos.rb', line 37
+
+def changelog_url
+ @uri . merge ( ' changelog.txt ' ) . to_s
+end
+
+
+
+
+
+
+
+ - (String ) error_log_url
+
+
+
+
+
+
+
+
+
The url to the error_log file
+
+
+
+
+
+
+
+
+
+
+58
+59
+60
+
+
+ # File 'lib/common/models/wp_item/infos.rb', line 58
+
+def error_log_url
+ @uri . merge ( ' error_log ' ) . to_s
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_changelog?
+
+
+
+
+
+
+
+
+
+
+
+
+23
+24
+25
+
+
+ # File 'lib/common/models/wp_item/infos.rb', line 23
+
+def has_changelog?
+ url_is_200? ( changelog_url )
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_directory_listing?
+
+
+
+
+
+
+
+
+
+
+
+
+42
+43
+44
+
+
+ # File 'lib/common/models/wp_item/infos.rb', line 42
+
+def has_directory_listing?
+ Browser . get ( @uri . to_s ) . body [ %r{ <title>Index of } ] ? true : false
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_error_log?
+
+
+
+
+
+
+
+
+
Discover any error_log files created by WordPress These are created by the
+WordPress error_log() function They are normally found in the /plugins/
+directory, however can also be found in their specific plugin dir. www.exploit-db.com/ghdb/3714 /
+
+
+
+
+
+
+
+
+
+
+53
+54
+55
+
+
+ # File 'lib/common/models/wp_item/infos.rb', line 53
+
+def has_error_log?
+ WebSite . has_log? ( error_log_url , %r{ PHP Fatal error }i )
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_readme?
+
+
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+
+
+ # File 'lib/common/models/wp_item/infos.rb', line 9
+
+def has_readme?
+ ! readme_url . nil?
+end
+
+
+
+
+
+
+
+ - (String ? ) readme_url
+
+
+
+
+
+
+
+
+
The url to the readme file, nil if not found
+
+
+
+
+
+
+
+
+
+
+14
+15
+16
+17
+18
+19
+20
+
+
+ # File 'lib/common/models/wp_item/infos.rb', line 14
+
+def readme_url
+ %w{ readme.txt README.txt } . each do | readme |
+ url = @uri . merge ( readme ) . to_s
+ return url if url_is_200? ( url )
+ end
+ nil
+end
+
+
+
+
+
+
+
+ - (Boolean ) url_is_200? (url)
+
+
+
+
+
+
+
+
+
Checks if the url status code is 200
+
+
+
+
+
+
+
+
+
+
+32
+33
+34
+
+
+ # File 'lib/common/models/wp_item/infos.rb', line 32
+
+def url_is_200? ( url )
+ Browser . get ( url ) . code == 200
+end
+
+
+
+
+
+
+
+ Module: WpItem::Output
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpItem::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpItem Defined in:
+ lib/common/models/wp_item/output.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Void ) output
+
+
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+
+
+ # File 'lib/common/models/wp_item/output.rb', line 7
+
+def output
+ puts
+ puts " | Name: #{ self } " puts " | Location: #{ url } " puts ' | Directory listing enabled: Yes ' if has_directory_listing?
+ puts " | Readme: #{ readme_url } " if has_readme?
+ puts " | Changelog: #{ changelog_url } " if has_changelog?
+
+ vulnerabilities . output
+
+ if has_error_log?
+ puts ' | ' + red ( ' [!] ' ) + " An error_log file has been found : #{ error_log_url } " end
+end
+
+
+
+
+
+
+
+ Module: WpItem::Versionable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpItem::Versionable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpItem Defined in:
+ lib/common/models/wp_item/versionable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+ - (String) to_s
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ - (String) version
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Get the version from the readme.txt.
+
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (String ) to_s
+
+
+
+
+
+
+
+
+
+
+
+
+20
+21
+22
+23
+
+
+ # File 'lib/common/models/wp_item/versionable.rb', line 20
+
+def to_s
+ item_version = self . version
+ " # @name #{ ' v ' + item_version . strip if item_version } " end
+
+
+
+
+
+
+
+ - (String ) version
+
+
+
+
+
+
+
+
+
Get the version from the readme.txt
+
+
+
+
+
+
+
+
+
+
+11
+12
+13
+14
+15
+16
+17
+
+
+ # File 'lib/common/models/wp_item/versionable.rb', line 11
+
+def version
+ unless @version
+ response = Browser . get ( readme_url )
+ @version = response . body [ %r{ stable tag: #{ WpVersion . version_pattern } }i , 1 ]
+ end
+ @version
+end
+
+
+
+
+
+
+
+ Module: WpItem::Vulnerable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpItem::Vulnerable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpItem Defined in:
+ lib/common/models/wp_item/vulnerable.rb
+
+
+
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) vulns_file
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute vulns_file.
+
+
+
+
+
+
+ - (Object) vulns_xpath
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute vulns_xpath.
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) vulns_file
+
+
+
+
+
+
+
+
+
Returns the value of attribute vulns_file
+
+
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+
+
+ # File 'lib/common/models/wp_item/vulnerable.rb', line 5
+
+def vulns_file
+ @vulns_file
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) vulns_xpath
+
+
+
+
+
+
+
+
+
Returns the value of attribute vulns_xpath
+
+
+
+
+
+
+
+
+
+
+
+
+
+5
+6
+7
+
+
+ # File 'lib/common/models/wp_item/vulnerable.rb', line 5
+
+def vulns_xpath
+ @vulns_xpath
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Vulnerabilities vulnerabilities
+
+
+
+
+
+
+
+
+
Get the vulnerabilities associated to the WpItem
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+13
+14
+15
+16
+17
+18
+
+
+ # File 'lib/common/models/wp_item/vulnerable.rb', line 10
+
+def vulnerabilities
+ xml = xml ( vulns_file )
+ vulnerabilities = Vulnerabilities . new
+
+ xml . xpath ( vulns_xpath ) . each do | node |
+ vulnerabilities << Vulnerability . load_from_xml_node ( node )
+ end
+ vulnerabilities
+end
+
+
+
+
+
+
+
+ Class: WpItems
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpItems
+
+
+
+
+
+
+
+ Inherits:
+
+ Array
+ Object
+
+ Array WpItems
+
+
+ show all
+
+
+
+
+
+
+ Extended by:
+ Detectable Includes:
+ Output Defined in:
+ lib/common/collections/wp_items.rb,
+
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Detectable Output
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
Attributes included from Detectable
+
#item_xpath #vulns_file
+
+
+
+
+
+
+
+
+
+
Method Summary
+
+
Methods included from Detectable
+
aggressive_detection create_item item_class passive_detection progress_bar request_params targets_items targets_items_from_file vulnerable_targets_items
+
+
+
+
+
+
+
+
+
+
Methods included from Output
+
#output
+
+
+
+
+
+
+
+
+
+
Methods inherited from Array
+
#_grep_
+
+
+
+ Module: WpItems::Detectable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpItems::Detectable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpItems Defined in:
+ lib/common/collections/wp_items/detectable.rb
+
+
+
+
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) item_xpath
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute item_xpath.
+
+
+
+
+
+
+ - (Object) vulns_file
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute vulns_file.
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+ - (WpItems) aggressive_detection (wp_target, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ - (WpItem) create_item (klass, name, wp_target, vulns_file = nil)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
+
+
+
+
+ - (Class) item_class
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
+
+
+
+
+ - (WpItems) passive_detection (wp_target, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ - (ProgressBar) progress_bar (targets_size, options)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ - (Hash) request_params
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
The default request parameters.
+
+
+
+
+
+
+ - (Array<WpItem>) targets_items (wp_target, options = {})
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
+
+
+
+
+ - (WpItem) targets_items_from_file (file, wp_target, item_class, vulns_file)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
+
+
+
+
+ - (Array<WpItem>) vulnerable_targets_items (wp_target, item_class, vulns_file)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) item_xpath
+
+
+
+
+
+
+
+
+
Returns the value of attribute item_xpath
+
+
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 6
+
+def item_xpath
+ @item_xpath
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) vulns_file
+
+
+
+
+
+
+
+
+
Returns the value of attribute vulns_file
+
+
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 6
+
+def vulns_file
+ @vulns_file
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (WpItems aggressive_detection (wp_target, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 15
+
+def aggressive_detection ( wp_target , options = { } )
+ browser = Browser . instance
+ hydra = browser . hydra
+ targets = targets_items ( wp_target , options )
+ progress_bar = progress_bar ( targets . size , options )
+ exist_options = {
+ error_404_hash: wp_target . error_404_hash ,
+ homepage_hash: wp_target . homepage_hash ,
+ exclude_content: options [ :exclude_content ] ? %r{ #{ options [ :exclude_content ] } } : nil
+ }
+
+ results = options [ :only_vulnerable ] ? new : passive_detection ( wp_target , options )
+
+ targets . each do | target_item |
+ request = browser . forge_request ( target_item . url , request_params )
+
+ request . on_complete do | response |
+ progress_bar . progress += 1 if options [ :show_progression ]
+
+ if target_item . exists? ( exist_options , response )
+ if ! results . include? ( target_item )
+ results << target_item
+ end
+ end
+ end
+
+ hydra . queue ( request )
+ end
+
+ hydra . run
+ results . sort!
+ results end
+
+
+
+
+
+
+
+ - (WpItem create_item (klass, name, wp_target, vulns_file = nil)
+
+
+
+
+
+
+
+
+
+
+
+
+154
+155
+156
+157
+158
+159
+160
+161
+162
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 154
+
+def create_item ( klass , name , wp_target , vulns_file = nil )
+ klass . new (
+ wp_target . uri ,
+ name: name ,
+ vulns_file: vulns_file ,
+ wp_content_dir: wp_target . wp_content_dir ,
+ wp_plugins_dir: wp_target . wp_plugins_dir
+ )
+end
+
+
+
+
+
+
+
+ - (Class ) item_class
+
+
+
+
+
+
+
+
+
+
+
+
+187
+188
+189
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 187
+
+def item_class
+ Object . const_get ( self . to_s . gsub ( / .$ / , ' ' ) )
+end
+
+
+
+
+
+
+
+ - (WpItems passive_detection (wp_target, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 72
+
+def passive_detection ( wp_target , options = { } )
+ results = new
+ item_class = self . item_class
+ type = self . to_s . gsub ( / Wp / , ' ' ) . downcase
+ response = Browser . get ( wp_target . url )
+ item_options = {
+ wp_content_dir: wp_target . wp_content_dir ,
+ wp_plugins_dir: wp_target . wp_plugins_dir ,
+ vulns_file: self . vulns_file
+ }
+
+ regex1 = %r{ (?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\\?/ } regex2 = %r{ \\?/ } regex3 = %r{ \\?/([^/\\"']+)\\?(?:/|"|') } names = response . body . scan ( / #{ regex1 } #{ Regexp . escape ( wp_target . wp_content_dir ) } #{ regex2 } #{ Regexp . escape ( type ) } #{ regex3 } /i )
+
+ names . flatten . uniq . each do | name |
+ results << item_class . new ( wp_target . uri , item_options . merge ( name: name ) )
+ end
+
+ results . sort!
+ results
+end
+
+
+
+
+
+
+
+ - (ProgressBar ) progress_bar (targets_size, options)
+
+
+
+
+
+
+
+
+
+
+
+
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 56
+
+def progress_bar ( targets_size , options )
+ if options [ :show_progression ]
+ ProgressBar . create (
+ format: ' %t %a <%B> (%c / %C) %P%% %e ' ,
+ title: ' ' , length: 120 ,
+ total: targets_size
+ )
+ end
+end
+
+
+
+
+
+
+
+ - (Hash ) request_params
+
+
+
+
+
+
+
+
+
The default request parameters
+
+
+
+
+
+
+
+
+
+
+102
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 102
+
+def request_params ; { cache_ttl: 0 , followlocation: true } end
+
+
+
+
+
+
+
+ - (Array WpItem targets_items (wp_target, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 110
+
+def targets_items ( wp_target , options = { } )
+ item_class = self . item_class
+ vulns_file = self . vulns_file
+
+ targets = vulnerable_targets_items ( wp_target , item_class , vulns_file )
+
+ unless options [ :only_vulnerable ]
+ unless options [ :file ]
+ raise ' A file must be supplied ' end
+
+ targets += targets_items_from_file ( options [ :file ] , wp_target , item_class , vulns_file )
+ end
+
+ targets . uniq! { | t | t . name }
+ targets . sort_by { rand }
+end
+
+
+
+
+
+
+
+ - (WpItem targets_items_from_file (file, wp_target, item_class, vulns_file)
+
+
+
+
+
+
+
+
+
+
+
+
+170
+171
+172
+173
+174
+175
+176
+177
+178
+179
+180
+181
+182
+183
+184
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 170
+
+def targets_items_from_file ( file , wp_target , item_class , vulns_file )
+ targets = [ ]
+
+ File . open ( file , ' r ' ) do | f |
+ f . readlines . collect do | item_name |
+ targets << create_item (
+ item_class ,
+ item_name . strip ,
+ wp_target ,
+ vulns_file
+ )
+ end
+ end
+ targets
+end
+
+
+
+
+
+
+
+ - (Array WpItem vulnerable_targets_items (wp_target, item_class, vulns_file)
+
+
+
+
+
+
+
+
+
+
+
+
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+
+
+ # File 'lib/common/collections/wp_items/detectable.rb', line 133
+
+def vulnerable_targets_items ( wp_target , item_class , vulns_file )
+ targets = [ ]
+ xml = xml ( vulns_file )
+
+ xml . xpath ( item_xpath ) . each do | node |
+ targets << create_item (
+ item_class ,
+ node . attribute ( ' name ' ) . text ,
+ wp_target ,
+ vulns_file
+ )
+ end
+ targets
+end
+
+
+
+
+
+
+
+ Module: WpItems::Output
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpItems::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpItems Defined in:
+ lib/common/collections/wp_items/output.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) output
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+
+
+ # File 'lib/common/collections/wp_items/output.rb', line 6
+
+def output
+ self . each { | item | item . output }
+end
+
+
+
+
+
+
+
+ Class: WpPlugin
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpPlugin
+
+
+
+
+
+
+
+ Inherits:
+
+ WpItem
+ Object
+
+ WpItem WpPlugin
+
+
+ show all
+
+
+
+
+
+
+
+
+ Includes:
+ Vulnerable Defined in:
+ lib/common/models/wp_plugin.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Vulnerable
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
Attributes inherited from WpItem
+
#found_from #name #path #version #wp_content_dir #wp_plugins_dir
+
+
+
+
+
#vulns_file #vulns_xpath
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods included from Vulnerable
+
#vulns_file #vulns_xpath
+
+
+
+
+
+
+
+
+
+
Methods inherited from WpItem
+
#<=> #== #=== #allowed_options #initialize #set_options #uri #url
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#output
+
+
+
+
+
+
+
+
+
+
+
#changelog_url #error_log_url #has_changelog? #has_directory_listing? #has_error_log? #has_readme? #readme_url #url_is_200?
+
+
+
+
+
+
+
+
+
+
+
#exists? #exists_from_response?
+
+
+
+
+
+
+
+
+
+
+
#vulnerabilities
+
+
+
+
+
+
+
+
+
+
+
#to_s #version
+
+
Constructor Details
+
+
This class inherits a constructor from WpItem
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (void ) forge_uri (target_base_uri)
+
+
+
+
+
+
+
+
This method returns an undefined value.
+
Sets the @uri
+
+
+
+
+
+
+
+
+
+
+13
+14
+15
+
+
+ # File 'lib/common/models/wp_plugin.rb', line 13
+
+def forge_uri ( target_base_uri )
+ @uri = target_base_uri . merge ( URI . encode ( wp_plugins_dir + ' / ' + name + ' / ' ) )
+end
+
+
+
+
+
+
+
+ Module: WpPlugin::Vulnerable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpPlugin::Vulnerable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpPlugin Defined in:
+ lib/common/models/wp_plugin/vulnerable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (String ) vulns_file
+
+
+
+
+
+
+
+
+
The path to the file containing vulnerabilities
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+10
+11
+12
+
+
+ # File 'lib/common/models/wp_plugin/vulnerable.rb', line 7
+
+def vulns_file
+ unless @vulns_file
+ @vulns_file = PLUGINS_VULNS_FILE
+ end
+ @vulns_file
+end
+
+
+
+
+
+
+
+ - (String ) vulns_xpath
+
+
+
+
+
+
+
+
+
+
+
+
+15
+16
+17
+
+
+ # File 'lib/common/models/wp_plugin/vulnerable.rb', line 15
+
+def vulns_xpath
+ " //plugin[@name=' #{ @name } ']/vulnerability " end
+
+
+
+
+
+
+
+ Class: WpPlugins
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpPlugins
+
+
+
+
+
+
+
+ Inherits:
+
+ WpItems show all
+
+
+
+
+
+
+ Extended by:
+ Detectable Defined in:
+ lib/common/collections/wp_plugins.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Detectable
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
+
#item_xpath #vulns_file
+
+
+
+
+
+
+
+
+
+
Method Summary
+
+
Methods included from Detectable
+
item_xpath vulns_file
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#aggressive_detection #create_item #item_class #passive_detection #progress_bar #request_params #targets_items #targets_items_from_file #vulnerable_targets_items
+
+
+
+
+
+
+
+
+
+
+
#output
+
+
+
+
+
+
+
+
+
+
Methods inherited from Array
+
#_grep_
+
+
+
+ Module: WpPlugins::Detectable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpPlugins::Detectable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpPlugins Defined in:
+ lib/common/collections/wp_plugins/detectable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (String ) item_xpath
+
+
+
+
+
+
+
+
+
+
+
+
+12
+13
+14
+
+
+ # File 'lib/common/collections/wp_plugins/detectable.rb', line 12
+
+def item_xpath
+ ' //plugin ' end
+
+
+
+
+
+
+
+ - (String ) vulns_file
+
+
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+
+
+ # File 'lib/common/collections/wp_plugins/detectable.rb', line 7
+
+def vulns_file
+ PLUGINS_VULNS_FILE
+end
+
+
+
+
+
+
+
+ Class: WpTarget
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpTarget
+
+
+
+
+
+
+
+ Inherits:
+
+ WebSite
+ Object
+
+ WebSite WpTarget
+
+
+ show all
+
+
+
+
+
+
+
+
+ Includes:
+ Malwares WpConfigBackup WpCustomDirectories WpFullPathDisclosure WpLoginProtection WpReadme WpRegistrable Defined in:
+ lib/wpscan/wp_target.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Malwares WpConfigBackup WpCustomDirectories WpFullPathDisclosure WpLoginProtection WpReadme WpRegistrable
+
+
Constant Summary
+
+
+
+
+
Constant Summary
+
+
+
WpLoginProtection::LOGIN_PROTECTION_METHOD_PATTERN
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) verbose
+
+
+
+
+
+
+
+
+ readonly
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute verbose.
+
+
+
+
+
+
+
+
+
+
Attributes inherited from WebSite
+
#uri
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#full_path_disclosure_url #has_full_path_disclosure?
+
+
+
+
+
+
+
+
+
+
+
#default_wp_content_dir_exists? #wp_content_dir #wp_plugins_dir #wp_plugins_dir_exists?
+
+
+
+
+
+
+
+
+
+
+
#better_wp_security_url #bluetrait_event_viewer_url #has_better_wp_security_protection? #has_bluetrait_event_viewer_protection? #has_limit_login_attempts_protection? #has_login_lock_protection? #has_login_lockdown_protection? #has_login_protection? #has_login_security_solution_protection? #has_simple_login_lockdown_protection? #limit_login_attempts_url #login_protection_plugin #login_security_solution_url #plugin_url #simple_login_lockdown_url
+
+
+
+
+
+
+
+
+
+
+
#config_backup config_backup_files
+
+
+
+
+
+
+
+
+
+
+
#multisite? #registration_enabled? #registration_url
+
+
+
+
+
+
+
+
+
+
Methods included from WpReadme
+
#has_readme? #readme_url
+
+
+
+
+
+
+
+
+
+
Methods included from Malwares
+
#has_malwares? malware_pattern #malwares malwares_file
+
+
+
+
+
+
+
+
+
+
Methods inherited from WebSite
+
#error_404_hash #has_basic_auth? has_log? #has_robots? #has_xml_rpc? #homepage_hash #online? page_hash #redirection #robots_url #rss_url #url #url= #xml_rpc_url #xml_rpc_url_from_body #xml_rpc_url_from_headers
+
+
Constructor Details
+
+
+
+
+ - (WpTarget initialize (target_url, options = {})
+
+
+
+
+
+
+
+
+
A new instance of WpTarget
+
+
+
+
+
+
+
+
+
+
+
+
+
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+
+
+ # File 'lib/wpscan/wp_target.rb', line 23
+
+def initialize ( target_url , options = { } )
+ super ( target_url )
+
+ @verbose = options [ :verbose ]
+ @wp_content_dir = options [ :wp_content_dir ]
+ @wp_plugins_dir = options [ :wp_plugins_dir ]
+ @multisite = nil
+
+ Browser . instance ( options . merge ( :max_threads => options [ :threads ] ) )
+end
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) verbose
+
+
+
+
+
+
+
+
+
Returns the value of attribute verbose
+
+
+
+
+
+
+
+
+
+
+
+
+
+21
+22
+23
+
+
+ # File 'lib/wpscan/wp_target.rb', line 21
+
+def verbose
+ @verbose
+end
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (Object ) valid_response_codes
+
+
+
+
+
+
+
+
+
Valid HTTP return codes
+
+
+
+
+
+
+
+
+
+
+
+
+
+73
+74
+75
+
+
+ # File 'lib/wpscan/wp_target.rb', line 73
+
+def self . valid_response_codes
+ [ 200 , 301 , 302 , 401 , 403 , 500 , 400 ]
+end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (String ) debug_log_url
+
+
+
+
+
+
+
+
+
+
+
+
+115
+116
+117
+
+
+ # File 'lib/wpscan/wp_target.rb', line 115
+
+def debug_log_url
+ @uri . merge ( " #{ wp_content_dir ( ) } /debug.log " ) . to_s
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_debug_log?
+
+
+
+
+
+
+
+
+
+
+
+
+110
+111
+112
+
+
+ # File 'lib/wpscan/wp_target.rb', line 110
+
+def has_debug_log?
+ WebSite . has_log? ( debug_log_url , %r{ \[[^\]]+\] PHP (?:Warning|Error|Notice): } )
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_plugin? (name, version = nil)
+
+
+
+
+
+
+
+
+
The version is not yet considerated
+
+
+
+
+
+
+
+
+
+
+99
+100
+101
+102
+103
+104
+105
+106
+107
+
+
+ # File 'lib/wpscan/wp_target.rb', line 99
+
+def has_plugin? ( name , version = nil )
+ WpPlugin . new (
+ @uri ,
+ name: name ,
+ version: version ,
+ wp_content_dir: wp_content_dir ,
+ wp_plugins_dir: wp_plugins_dir
+ ) . exists?
+end
+
+
+
+
+
+
+
+ - (Object ) login_url
+
+
+
+
+
+
+
+
+
+
+
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+
+
+ # File 'lib/wpscan/wp_target.rb', line 60
+
+def login_url
+ url = @uri . merge ( ' wp-login.php ' ) . to_s
+
+ redirection = redirection ( url )
+ if redirection
+ url = redirection
+ end
+
+ url
+end
+
+
+
+
+
+
+
+ - (Boolean ) search_replace_db_2_exists?
+
+
+
+
+
+
+
+
+
+
+
+
+129
+130
+131
+132
+
+
+ # File 'lib/wpscan/wp_target.rb', line 129
+
+def search_replace_db_2_exists?
+ resp = Browser . get ( search_replace_db_2_url )
+ resp . code == 200 && resp . body [ %r{ by interconnect }i ]
+end
+
+
+
+
+
+
+
+ - (String ) search_replace_db_2_url
+
+
+
+
+
+
+
+
+
+
+
+
+124
+125
+126
+
+
+ # File 'lib/wpscan/wp_target.rb', line 124
+
+def search_replace_db_2_url
+ @uri . merge ( ' searchreplacedb2.php ' ) . to_s
+end
+
+
+
+
+
+
+
+ - (WpTheme theme
+
+
+
+
+
+
+
+
+
+
+
+
+79
+80
+81
+
+
+ # File 'lib/wpscan/wp_target.rb', line 79
+
+def theme
+ WpTheme . find ( @uri )
+end
+
+
+
+
+
+
+
+ - (WpVersion version (versions_xml)
+
+
+
+
+
+
+
+
+
+
+
+
+88
+89
+90
+
+
+ # File 'lib/wpscan/wp_target.rb', line 88
+
+def version ( versions_xml )
+ WpVersion . find ( @uri , wp_content_dir , wp_plugins_dir , versions_xml )
+end
+
+
+
+
+
+
+
+ - (Boolean ) wordpress?
+
+
+
+
+
+
+
+
+
check if the target website is actually running wordpress.
+
+
+
+
+
+
+
+
+
+
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+58
+
+
+ # File 'lib/wpscan/wp_target.rb', line 36
+
+def wordpress?
+ wordpress = false
+
+ response = Browser . get_and_follow_location ( @uri . to_s )
+
+ if response . body =~ / ["'][^"']*\/wp-content\/[^"']*["'] /i wordpress = true
+ else
+ response = Browser . get_and_follow_location ( xml_rpc_url )
+
+ if response . body =~ %r{ XML-RPC server accepts POST requests only }i wordpress = true
+ else
+ response = Browser . get_and_follow_location ( login_url )
+
+ if response . code == 200 && response . body =~ %r{ WordPress }i wordpress = true
+ end
+ end
+ end
+
+ wordpress
+end
+
+
+
+
+
+
+
+ Module: WpTarget::Malwares
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTarget::Malwares
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTarget Defined in:
+ lib/wpscan/wp_target/malwares.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (Object ) malware_pattern (url_regex)
+
+
+
+
+
+
+
+
+
+
+
+44
+45
+46
+47
+
+
+ # File 'lib/wpscan/wp_target/malwares.rb', line 44
+
+def self . malware_pattern ( url_regex )
+ %r{ <(?:script|iframe).* src=(?:"|')( #{ url_regex } [^"']*)(?:"|')[^>]*> }i end
+
+
+
+
+
+
+
+ + (Object ) malwares_file (malwares_file_path)
+
+
+
+
+
+
+
+
+
+
+
+40
+41
+42
+
+
+ # File 'lib/wpscan/wp_target/malwares.rb', line 40
+
+def self . malwares_file ( malwares_file_path )
+ malwares_file_path || DATA_DIR + ' /malwares.txt ' end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) has_malwares? (malwares_file_path = nil)
+
+
+
+
+
+
+
+
+
+
+
+
+11
+12
+13
+
+
+ # File 'lib/wpscan/wp_target/malwares.rb', line 11
+
+def has_malwares? ( malwares_file_path = nil )
+ ! malwares ( malwares_file_path ) . empty?
+end
+
+
+
+
+
+
+
+ - (Object ) malwares (malwares_file_path = nil)
+
+
+
+
+
+
+
+
+
return array of string (url of malwares found)
+
+
+
+
+
+
+
+
+
+
+
+
+
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+
+
+ # File 'lib/wpscan/wp_target/malwares.rb', line 16
+
+def malwares ( malwares_file_path = nil )
+ unless @malwares
+ malwares_found = [ ]
+ malwares_file = Malwares . malwares_file ( malwares_file_path )
+ index_page_body = Browser . get ( @uri . to_s ) . body
+
+ File . open ( malwares_file , ' r ' ) do | file |
+ file . readlines . collect do | url |
+ chomped_url = url . chomp
+
+ if chomped_url . length > 0
+ malwares_found += index_page_body . scan ( Malwares . malware_pattern ( chomped_url ) )
+ end
+ end
+ end
+
+ malwares_found . flatten!
+ malwares_found . uniq!
+
+ @malwares = malwares_found
+ end
+ @malwares
+end
+
+
+
+
+
+
+
+ Module: WpTarget::WpConfigBackup
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTarget::WpConfigBackup
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTarget Defined in:
+ lib/wpscan/wp_target/wp_config_backup.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (Object ) config_backup_files
+
+
+
+
+
+
+
+
+
+
+
+
+41
+42
+43
+44
+45
+46
+47
+
+
+ # File 'lib/wpscan/wp_target/wp_config_backup.rb', line 41
+
+def self . config_backup_files
+ %w{
+ wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
+ wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
+ wp-config.orig wp-config.php.original wp-config.original wp-config.txt
+ } end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) config_backup
+
+
+
+
+
+
+
+
+
Checks to see if wp-config.php has a backup See www.feross.org/cmsploit / return
+an array of backup config files url
+
+
+
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+
+
+ # File 'lib/wpscan/wp_target/wp_config_backup.rb', line 9
+
+def config_backup
+ found = [ ]
+ backups = WpConfigBackup . config_backup_files
+ browser = Browser . instance
+ hydra = browser . hydra
+ queue_count = 0
+
+ backups . each do | file |
+ file_url = @uri . merge ( URI . escape ( file ) ) . to_s
+ request = browser . forge_request ( file_url )
+
+ request . on_complete do | response |
+ if response . body [ %r{ define }i ] and not response . body [ %r{ <\s?html }i ]
+ found << file_url
+ end
+ end
+
+ hydra . queue ( request )
+ queue_count += 1
+
+ if queue_count == browser . max_threads
+ hydra . run
+ queue_count = 0
+ end
+ end
+
+ hydra . run
+
+ found
+end
+
+
+
+
+
+
+
+ Module: WpTarget::WpCustomDirectories
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTarget::WpCustomDirectories
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTarget Defined in:
+ lib/wpscan/wp_target/wp_custom_directories.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) default_wp_content_dir_exists?
+
+
+
+
+
+
+
+
+
+
+
+
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+
+
+ # File 'lib/wpscan/wp_target/wp_custom_directories.rb', line 24
+
+def default_wp_content_dir_exists?
+ response = Browser . get ( @uri . merge ( ' wp-content ' ) . to_s )
+ hash = Digest :: MD5 . hexdigest ( response . body )
+
+ if WpTarget . valid_response_codes . include? ( response . code )
+ return true if hash != error_404_hash and hash != homepage_hash
+ end
+
+ false
+end
+
+
+
+
+
+
+
+ - (String ) wp_content_dir
+
+
+
+
+
+
+
+
+
The wp-content directory
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+
+
+ # File 'lib/wpscan/wp_target/wp_custom_directories.rb', line 7
+
+def wp_content_dir
+ unless @wp_content_dir
+ index_body = Browser . get ( @uri . to_s ) . body
+ uri_path = @uri . path
+ if index_body [ / \/wp-content\/(?:themes|plugins)\/ /i ] || default_wp_content_dir_exists?
+ @wp_content_dir = ' wp-content ' else
+ domains_excluded = ' (?:www\.)?(facebook|twitter)\.com ' @wp_content_dir = index_body [ / (?:href|src)\s*=\s*(?:"|').+ #{ Regexp . escape ( uri_path ) } ((?! #{ domains_excluded } )[^"']+)\/(?:themes|plugins)\/.*(?:"|') /i , 1 ]
+ end
+ end
+
+ @wp_content_dir
+end
+
+
+
+
+
+
+
+ - (String ) wp_plugins_dir
+
+
+
+
+
+
+
+
+
The wp-plugins directory
+
+
+
+
+
+
+
+
+
+
+36
+37
+38
+39
+40
+41
+
+
+ # File 'lib/wpscan/wp_target/wp_custom_directories.rb', line 36
+
+def wp_plugins_dir
+ unless @wp_plugins_dir
+ @wp_plugins_dir = " #{ wp_content_dir } /plugins " end
+ @wp_plugins_dir
+end
+
+
+
+
+
+
+
+ - (Boolean ) wp_plugins_dir_exists?
+
+
+
+
+
+
+
+
+
+
+
+
+44
+45
+46
+
+
+ # File 'lib/wpscan/wp_target/wp_custom_directories.rb', line 44
+
+def wp_plugins_dir_exists?
+ Browser . get ( @uri . merge ( wp_plugins_dir ) . to_s ) . code != 404
+end
+
+
+
+
+
+
+
+ Module: WpTarget::WpFullPathDisclosure
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTarget::WpFullPathDisclosure
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTarget Defined in:
+ lib/wpscan/wp_target/wp_full_path_disclosure.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (String ) full_path_disclosure_url
+
+
+
+
+
+
+
+
+
+
+
+
+15
+16
+17
+
+
+ # File 'lib/wpscan/wp_target/wp_full_path_disclosure.rb', line 15
+
+def full_path_disclosure_url
+ @uri . merge ( ' wp-includes/rss-functions.php ' ) . to_s
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_full_path_disclosure?
+
+
+
+
+
+
+
+
+
Check for Full Path Disclosure (FPD)
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+12
+
+
+ # File 'lib/wpscan/wp_target/wp_full_path_disclosure.rb', line 9
+
+def has_full_path_disclosure?
+ response = Browser . get ( full_path_disclosure_url ( ) )
+ response . body [ %r{ Fatal error }i ] ? true : false
+end
+
+
+
+
+
+
+
+ Module: WpTarget::WpLoginProtection
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTarget::WpLoginProtection
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTarget Defined in:
+ lib/wpscan/wp_target/wp_login_protection.rb
+
+
+
+
+
+
Constant Summary
+
+
+
+ LOGIN_PROTECTION_METHOD_PATTERN =
+
+
+ / ^has_(.*)_protection\? /i
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) better_wp_security_url
+
+
+
+
+
+
+
+
+
+
+
+63
+64
+65
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 63
+
+def better_wp_security_url
+ plugin_url ( ' better-wp-security/ ' )
+end
+
+
+
+
+
+
+
+ - (Object ) bluetrait_event_viewer_url
+
+
+
+
+
+
+
+
+
+
+
+99
+100
+101
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 99
+
+def bluetrait_event_viewer_url
+ plugin_url ( ' bluetrait-event-viewer ' )
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_better_wp_security_protection?
+
+
+
+
+
+
+
+
+
+
+
+
+50
+51
+52
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 50
+
+def has_better_wp_security_protection?
+ Browser . get ( better_wp_security_url ) . code != 404
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_bluetrait_event_viewer_protection?
+
+
+
+
+
+
+
+
+
+
+
+
+95
+96
+97
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 95
+
+def has_bluetrait_event_viewer_protection?
+ Browser . get ( bluetrait_event_viewer_url ) . code != 404
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_limit_login_attempts_protection?
+
+
+
+
+
+
+
+
+
+
+
+
+86
+87
+88
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 86
+
+def has_limit_login_attempts_protection?
+ Browser . get ( limit_login_attempts_url ) . code != 404
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_login_lock_protection?
+
+
+
+
+
+
+
+
+
+
+
+
+45
+46
+47
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 45
+
+def has_login_lock_protection?
+ Browser . get ( login_url ) . body =~ %r{ LOGIN LOCK } ? true : false
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_login_lockdown_protection?
+
+
+
+
+
+
+
+
+
+
+
+
+40
+41
+42
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 40
+
+def has_login_lockdown_protection?
+ Browser . get ( login_url ) . body =~ %r{ Login LockDown }i ? true : false
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_login_protection?
+
+
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 10
+
+def has_login_protection?
+ ! login_protection_plugin ( ) . nil?
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_login_security_solution_protection?
+
+
+
+
+
+
+
+
+
+
+
+
+77
+78
+79
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 77
+
+def has_login_security_solution_protection?
+ Browser . get ( login_security_solution_url ( ) ) . code != 404
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_simple_login_lockdown_protection?
+
+
+
+
+
+
+
+
+
+
+
+
+68
+69
+70
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 68
+
+def has_simple_login_lockdown_protection?
+ Browser . get ( simple_login_lockdown_url ) . code != 404
+end
+
+
+
+
+
+
+
+ - (Object ) limit_login_attempts_url
+
+
+
+
+
+
+
+
+
+
+
+90
+91
+92
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 90
+
+def limit_login_attempts_url
+ plugin_url ( ' limit-login-attempts ' )
+end
+
+
+
+
+
+
+
+ - (Object ) login_protection_plugin
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 17
+
+def login_protection_plugin
+ unless @login_protection_plugin
+ protected_methods . grep ( LOGIN_PROTECTION_METHOD_PATTERN ) . each do | symbol_to_call |
+
+ if send ( symbol_to_call )
+ plugin_name = symbol_to_call [ LOGIN_PROTECTION_METHOD_PATTERN , 1 ] . gsub ( ' _ ' , ' - ' )
+
+ return @login_protection_plugin = WpPlugin . new (
+ @uri ,
+ name: plugin_name ,
+ wp_content_dir: wp_content_dir ,
+ wp_plugins_dir: wp_plugins_dir
+ )
+ end
+ end
+ @login_protection_plugin = nil
+ end
+ @login_protection_plugin
+end
+
+
+
+
+
+
+
+ - (Object ) login_security_solution_url
+
+
+
+
+
+
+
+
+
+
+
+81
+82
+83
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 81
+
+def login_security_solution_url
+ plugin_url ( ' login-security-solution ' )
+end
+
+
+
+
+
+
+
+ - (Object ) plugin_url (plugin_name)
+
+
+
+
+
+
+
+
+
+
+
+54
+55
+56
+57
+58
+59
+60
+61
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 54
+
+def plugin_url ( plugin_name )
+ WpPlugin . new (
+ @uri ,
+ name: plugin_name ,
+ wp_content_dir: wp_content_dir ,
+ wp_plugins_dir: wp_plugins_dir
+ ) . url
+end
+
+
+
+
+
+
+
+ - (Object ) simple_login_lockdown_url
+
+
+
+
+
+
+
+
+
+
+
+72
+73
+74
+
+
+ # File 'lib/wpscan/wp_target/wp_login_protection.rb', line 72
+
+def simple_login_lockdown_url
+ plugin_url ( ' simple-login-lockdown/ ' )
+end
+
+
+
+
+
+
+
+ Module: WpTarget::WpReadme
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTarget::WpReadme
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTarget Defined in:
+ lib/wpscan/wp_target/wp_readme.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) has_readme?
+
+
+
+
+
+
+
+
+
Checks to see if the readme.html file exists
+
+
This file comes by default in a wordpress installation, and if deleted is
+reinstated with an upgrade.
+
+
+
+
+
+
+
+
+
+
+12
+13
+14
+15
+16
+17
+18
+19
+
+
+ # File 'lib/wpscan/wp_target/wp_readme.rb', line 12
+
+def has_readme?
+ response = Browser . get ( readme_url ( ) )
+
+ unless response . code == 404
+ return response . body =~ %r{ wordpress }i ? true : false
+ end
+ false
+end
+
+
+
+
+
+
+
+ - (String ) readme_url
+
+
+
+
+
+
+
+
+
+
+
+
+22
+23
+24
+
+
+ # File 'lib/wpscan/wp_target/wp_readme.rb', line 22
+
+def readme_url
+ @uri . merge ( ' readme.html ' ) . to_s
+end
+
+
+
+
+
+
+
+ Module: WpTarget::WpRegistrable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTarget::WpRegistrable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTarget Defined in:
+ lib/wpscan/wp_target/wp_registrable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) multisite?
+
+
+
+
+
+
+
+
+
+
+
+
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+
+
+ # File 'lib/wpscan/wp_target/wp_registrable.rb', line 33
+
+def multisite?
+ unless @multisite
+ resp = Browser . get ( @uri . merge ( ' wp-signup.php ' ) . to_s )
+
+ if resp . code == 302 and resp . [ ' location ' ] =~ / wp-login\.php\?action=register / @multisite = false
+ elsif resp . code == 302 and resp . [ ' location ' ] =~ / wp-signup\.php / @multisite = true
+ elsif resp . code == 200
+ @multisite = true
+ else
+ @multisite = false
+ end
+ end
+ @multisite
+end
+
+
+
+
+
+
+
+ - (Boolean ) registration_enabled?
+
+
+
+
+
+
+
+
+
Should check wp-login.php if registration is enabled or not
+
+
+
+
+
+
+
+
+
+
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+
+
+ # File 'lib/wpscan/wp_target/wp_registrable.rb', line 9
+
+def registration_enabled?
+ resp = Browser . get ( registration_url )
+ if resp . code == 302 and resp . [ ' location ' ] =~ / wp-login\.php\?registration=disabled /i enabled = false
+ elsif resp . code == 200 and resp . body =~ / <form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*"> /i enabled = true
+ elsif resp . code == 200 and resp . body =~ / <form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*" /i enabled = true
+ else
+ enabled = false
+ end
+ enabled
+end
+
+
+
+
+
+
+
+ - (String ) registration_url
+
+
+
+
+
+
+
+
+
The registration URL
+
+
+
+
+
+
+
+
+
+
+28
+29
+30
+
+
+ # File 'lib/wpscan/wp_target/wp_registrable.rb', line 28
+
+def registration_url
+ multisite? ? @uri . merge ( ' wp-signup.php ' ) . to_s : @uri . merge ( ' wp-login.php?action=register ' ) . to_s
+end
+
+
+
+
+
+
+
+ Class: WpTheme
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpTheme
+
+
+
+
+
+
+
+ Inherits:
+
+ WpItem
+ Object
+
+ WpItem WpTheme
+
+
+ show all
+
+
+
+
+
+
+ Extended by:
+ Findable Includes:
+ Versionable Vulnerable Defined in:
+ lib/common/models/wp_theme.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Findable Versionable Vulnerable
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (String) style_url
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
The url to the theme stylesheet.
+
+
+
+
+
+
+
+
+
+
Attributes inherited from WpItem
+
#found_from #name #path #version #wp_content_dir #wp_plugins_dir
+
+
+
+
+
#vulns_file #vulns_xpath
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods included from Findable
+
find find_from_css_link find_from_wooframework
+
+
+
+
+
+
+
+
+
+
Methods included from Vulnerable
+
#vulns_file #vulns_xpath
+
+
+
+
+
+
+
+
+
+
+
#version
+
+
+
+
+
+
+
+
+
+
Methods inherited from WpItem
+
#<=> #== #=== #initialize #set_options #uri #url
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#output
+
+
+
+
+
+
+
+
+
+
+
#changelog_url #error_log_url #has_changelog? #has_directory_listing? #has_error_log? #has_readme? #readme_url #url_is_200?
+
+
+
+
+
+
+
+
+
+
+
#exists? #exists_from_response?
+
+
+
+
+
+
+
+
+
+
+
#vulnerabilities
+
+
+
+
+
+
+
+
+
+
+
#to_s #version
+
+
Constructor Details
+
+
This class inherits a constructor from WpItem
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (String ) style_url
+
+
+
+
+
+
+
+
+
The url to the theme stylesheet
+
+
+
+
+
+
+
+
+
+
+26
+27
+28
+29
+30
+31
+
+
+ # File 'lib/common/models/wp_theme.rb', line 26
+
+def style_url
+ unless @style_url
+ @style_url = uri . merge ( ' style.css ' ) . to_s
+ end
+ @style_url
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) allowed_options
+
+
+
+
+
+
+
+
+
+
+
+14
+
+
+ # File 'lib/common/models/wp_theme.rb', line 14
+
+def allowed_options ; super << :style_url end
+
+
+
+
+
+
+
+ - (void ) forge_uri (target_base_uri)
+
+
+
+
+
+
+
+
This method returns an undefined value.
+
Sets the @uri
+
+
+
+
+
+
+
+
+
+
+21
+22
+23
+
+
+ # File 'lib/common/models/wp_theme.rb', line 21
+
+def forge_uri ( target_base_uri )
+ @uri = target_base_uri . merge ( URI . encode ( wp_content_dir + ' /themes/ ' + name + ' / ' ) )
+end
+
+
+
+
+
+
+
+ Module: WpTheme::Findable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTheme::Findable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTheme Defined in:
+ lib/common/models/wp_theme/findable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (WpTheme find (target_uri)
+
+
+
+
+
+
+
+
+
Find the main theme of the blog
+
+
+
+
+
+
+
+
+
+
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+
+
+ # File 'lib/common/models/wp_theme/findable.rb', line 11
+
+def find ( target_uri )
+ methods . grep ( / ^find_from_ / ) . each do | method |
+ if wp_theme = self . send ( method , target_uri )
+ wp_theme . found_from = method
+
+ return wp_theme
+ end
+ end
+ nil
+end
+
+
+
+
+
+
+
+ - (WpTheme find_from_css_link (target_uri)
+
+
+
+
+
+
+
+
+
Discover the wordpress theme by parsing the css link rel
+
+
+
+
+
+
+
+
+
+
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+
+
+ # File 'lib/common/models/wp_theme/findable.rb', line 29
+
+def find_from_css_link ( target_uri )
+ response = Browser . get_and_follow_location ( target_uri . to_s )
+
+ matches = %r{ (?:https?://[^"']+)?/([^/]+)/themes/([^"']+)/style.css }i . match ( response . body )
+ if matches
+ return new (
+ target_uri ,
+ {
+ name: matches [ 2 ] ,
+ style_url: matches [ 0 ] ,
+ wp_content_dir: matches [ 1 ]
+ }
+ )
+ end
+end
+
+
+
+
+
+
+
+ - (WpTheme find_from_wooframework (target_uri)
+
+
+
+
+
+
+
+
+
+
+
+
+51
+52
+53
+54
+55
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+
+
+ # File 'lib/common/models/wp_theme/findable.rb', line 51
+
+def find_from_wooframework ( target_uri )
+ body = Browser . get ( target_uri . to_s ) . body
+ regexp = %r{ <meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" /> } if matches = regexp . match ( body )
+ woo_theme_name = matches [ 1 ]
+ woo_theme_version = matches [ 2 ]
+
+ return new (
+ target_uri ,
+ {
+ name: woo_theme_name ,
+ version: woo_theme_version
+ }
+ )
+ end
+end
+
+
+
+
+
+
+
+ Module: WpTheme::Versionable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTheme::Versionable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTheme Defined in:
+ lib/common/models/wp_theme/versionable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) version
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+9
+10
+11
+12
+13
+14
+
+
+ # File 'lib/common/models/wp_theme/versionable.rb', line 6
+
+def version
+ unless @version
+ @version = Browser . get ( style_url ) . body [ %r{ Version:\s([^\s]+) }i , 1 ]
+
+ @version ||= super
+ end
+ @version
+end
+
+
+
+
+
+
+
+ Module: WpTheme::Vulnerable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTheme::Vulnerable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTheme Defined in:
+ lib/common/models/wp_theme/vulnerable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (String ) vulns_file
+
+
+
+
+
+
+
+
+
The path to the file containing vulnerabilities
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+10
+11
+12
+
+
+ # File 'lib/common/models/wp_theme/vulnerable.rb', line 7
+
+def vulns_file
+ unless @vulns_file
+ @vulns_file = THEMES_VULNS_FILE
+ end
+ @vulns_file
+end
+
+
+
+
+
+
+
+ - (String ) vulns_xpath
+
+
+
+
+
+
+
+
+
+
+
+
+15
+16
+17
+
+
+ # File 'lib/common/models/wp_theme/vulnerable.rb', line 15
+
+def vulns_xpath
+ " //theme[@name=' #{ @name } ']/vulnerability " end
+
+
+
+
+
+
+
+ Class: WpThemes
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpThemes
+
+
+
+
+
+
+
+ Inherits:
+
+ WpItems show all
+
+
+
+
+
+
+ Extended by:
+ Detectable Defined in:
+ lib/common/collections/wp_themes.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Detectable
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
+
#item_xpath #vulns_file
+
+
+
+
+
+
+
+
+
+
Method Summary
+
+
Methods included from Detectable
+
item_xpath vulns_file
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#aggressive_detection #create_item #item_class #passive_detection #progress_bar #request_params #targets_items #targets_items_from_file #vulnerable_targets_items
+
+
+
+
+
+
+
+
+
+
+
#output
+
+
+
+
+
+
+
+
+
+
Methods inherited from Array
+
#_grep_
+
+
+
+ Module: WpThemes::Detectable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpThemes::Detectable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpThemes Defined in:
+ lib/common/collections/wp_themes/detectable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (String ) item_xpath
+
+
+
+
+
+
+
+
+
+
+
+
+12
+13
+14
+
+
+ # File 'lib/common/collections/wp_themes/detectable.rb', line 12
+
+def item_xpath
+ ' //theme ' end
+
+
+
+
+
+
+
+ - (String ) vulns_file
+
+
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+
+
+ # File 'lib/common/collections/wp_themes/detectable.rb', line 7
+
+def vulns_file
+ THEMES_VULNS_FILE
+end
+
+
+
+
+
+
+
+ Class: WpTimthumb
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpTimthumb
+
+
+
+
+
+
+
+ Inherits:
+
+ WpItem
+ Object
+
+ WpItem WpTimthumb
+
+
+ show all
+
+
+
+
+
+
+
+
+ Includes:
+ Existable Output Versionable Defined in:
+ lib/common/models/wp_timthumb.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Existable Output Versionable
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
Attributes inherited from WpItem
+
#found_from #name #path #version #wp_content_dir #wp_plugins_dir
+
+
+
+
+
#vulns_file #vulns_xpath
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods included from Output
+
#output
+
+
+
+
+
+
+
+
+
+
Methods included from Existable
+
#exists_from_response?
+
+
+
+
+
+
+
+
+
+
+
#to_s #version
+
+
+
+
+
+
+
+
+
+
Methods inherited from WpItem
+
#<=> #=== #allowed_options #forge_uri #initialize #set_options #uri #url
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#output
+
+
+
+
+
+
+
+
+
+
+
#changelog_url #error_log_url #has_changelog? #has_directory_listing? #has_error_log? #has_readme? #readme_url #url_is_200?
+
+
+
+
+
+
+
+
+
+
+
#exists? #exists_from_response?
+
+
+
+
+
+
+
+
+
+
+
#vulnerabilities
+
+
+
+
+
+
+
+
+
+
+
#to_s #version
+
+
Constructor Details
+
+
This class inherits a constructor from WpItem
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) == (other)
+
+
+
+
+
+
+
+
+
+
+
+
+15
+16
+17
+
+
+ # File 'lib/common/models/wp_timthumb.rb', line 15
+
+def == ( other )
+ url == other . url
+end
+
+
+
+
+
+
+
+ Module: WpTimthumb::Existable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTimthumb::Existable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTimthumb Defined in:
+ lib/common/models/wp_timthumb/existable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) exists_from_response? (response, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+
+
+ # File 'lib/common/models/wp_timthumb/existable.rb', line 10
+
+def exists_from_response? ( response , options = { } )
+ response . code == 400 && response . body =~ / no image specified /i ? true : false
+end
+
+
+
+
+
+
+
+ Module: WpTimthumb::Output
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTimthumb::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTimthumb Defined in:
+ lib/common/models/wp_timthumb/output.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) output
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+
+
+ # File 'lib/common/models/wp_timthumb/output.rb', line 6
+
+def output
+ puts ' | ' + red ( ' [!] ' ) + " #{ self } " end
+
+
+
+
+
+
+
+ Module: WpTimthumb::Versionable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTimthumb::Versionable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTimthumb Defined in:
+ lib/common/models/wp_timthumb/versionable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (String ) to_s
+
+
+
+
+
+
+
+
+
+
+
+
+19
+20
+21
+
+
+ # File 'lib/common/models/wp_timthumb/versionable.rb', line 19
+
+def to_s
+ " #{ url } #{ ' v ' + version if version } " end
+
+
+
+
+
+
+
+ - (String ) version
+
+
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+13
+14
+15
+16
+
+
+ # File 'lib/common/models/wp_timthumb/versionable.rb', line 10
+
+def version
+ unless @version
+ response = Browser . get ( url )
+ @version = response . body [ %r{ TimThumb version\s*: ([^<]+) } , 1 ]
+ end
+ @version
+end
+
+
+
+
+
+
+
+ Class: WpTimthumbs
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpTimthumbs
+
+
+
+
+
+
+
+ Inherits:
+
+ WpItems show all
+
+
+
+
+
+
+ Extended by:
+ Detectable Defined in:
+ lib/common/collections/wp_timthumbs.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Detectable
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
+
#item_xpath #vulns_file
+
+
+
+
+
+
+
+
+
+
Method Summary
+
+
Methods included from Detectable
+
create_item passive_detection targets_items targets_items_from_file theme_timthumbs
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#aggressive_detection #create_item #item_class #passive_detection #progress_bar #request_params #targets_items #targets_items_from_file #vulnerable_targets_items
+
+
+
+
+
+
+
+
+
+
+
#output
+
+
+
+
+
+
+
+
+
+
Methods inherited from Array
+
#_grep_
+
+
+
+ Module: WpTimthumbs::Detectable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpTimthumbs::Detectable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpTimthumbs Defined in:
+ lib/common/collections/wp_timthumbs/detectable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (WpTimthumb create_item (wp_target, path = nil)
+
+
+
+
+
+
+
+
+
+
+
+
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+
+
+ # File 'lib/common/collections/wp_timthumbs/detectable.rb', line 72
+
+def create_item ( wp_target , path = nil )
+ options = {
+ wp_content_dir: wp_target . wp_content_dir ,
+ wp_plugins_dir: wp_target . wp_plugins_dir
+ }
+
+ options . merge! ( path: path ) if path
+
+ WpTimthumb . new ( wp_target . uri , options )
+end
+
+
+
+
+
+
+
+ - (WpTimthumbs passive_detection (wp_target, options = {})
+
+
+
+
+
+
+
+
+
No passive detection
+
+
+
+
+
+
+
+
+
+
+12
+13
+14
+
+
+ # File 'lib/common/collections/wp_timthumbs/detectable.rb', line 12
+
+def passive_detection ( wp_target , options = { } )
+ new
+end
+
+
+
+
+
+
+
+ - (Array WpTimthumb targets_items (wp_target, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+24
+25
+26
+27
+28
+29
+30
+31
+32
+
+
+ # File 'lib/common/collections/wp_timthumbs/detectable.rb', line 24
+
+def targets_items ( wp_target , options = { } )
+ targets = options [ :theme_name ] ? theme_timthumbs ( options [ :theme_name ] , wp_target ) : [ ]
+
+ if options [ :file ]
+ targets += targets_items_from_file ( options [ :file ] , wp_target )
+ end
+
+ targets . uniq { | i | i . url }
+end
+
+
+
+
+
+
+
+ - (Array WpTimthumb targets_items_from_file (file, wp_target)
+
+
+
+
+
+
+
+
+
+
+
+
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+
+
+ # File 'lib/common/collections/wp_timthumbs/detectable.rb', line 57
+
+def targets_items_from_file ( file , wp_target )
+ targets = [ ]
+
+ File . open ( file , ' r ' ) do | f |
+ f . readlines . collect do | path |
+ targets << create_item ( wp_target , path . strip )
+ end
+ end
+ targets
+end
+
+
+
+
+
+
+
+ - (Array WpTimthumb theme_timthumbs (theme_name, wp_target)
+
+
+
+
+
+
+
+
+
+
+
+
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+
+
+ # File 'lib/common/collections/wp_timthumbs/detectable.rb', line 38
+
+def theme_timthumbs ( theme_name , wp_target )
+ targets = [ ]
+ wp_timthumb = create_item ( wp_target )
+
+ %w{
+ timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
+ scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+ } . each do | path |
+ wp_timthumb . path = " $wp-content$/themes/ #{ theme_name } / #{ path } " targets << wp_timthumb . dup
+ end
+ targets
+end
+
+
+
+
+
+
+
+ Class: WpUser
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpUser
+
+
+
+
+
+
+
+ Inherits:
+
+ WpItem
+ Object
+
+ WpItem WpUser
+
+
+ show all
+
+
+
+
+
+
+
+
+ Includes:
+ BruteForcable Existable Defined in:
+ lib/common/models/wp_user.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: BruteForcable Existable
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+ - (Object) display_name
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute display_name.
+
+
+
+
+
+
+ - (Object) id
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute id.
+
+
+
+
+
+
+ - (Object) login
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute login.
+
+
+
+
+
+
+ - (Object) password
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns the value of attribute password.
+
+
+
+
+
+
+
+
+
+
Attributes inherited from WpItem
+
#found_from #name #path #version #wp_content_dir #wp_plugins_dir
+
+
+
+
+
#vulns_file #vulns_xpath
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#brute_force #login_request passwords_from_wordlist #progress_bar #valid_password?
+
+
+
+
+
+
+
+
+
+
Methods included from Existable
+
display_name_from_body #exists_from_response? #load_from_response login_from_author_pattern login_from_body
+
+
+
+
+
+
+
+
+
+
Methods inherited from WpItem
+
#forge_uri #initialize #set_options #url
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#output
+
+
+
+
+
+
+
+
+
+
+
#changelog_url #error_log_url #has_changelog? #has_directory_listing? #has_error_log? #has_readme? #readme_url #url_is_200?
+
+
+
+
+
+
+
+
+
+
+
#exists? #exists_from_response?
+
+
+
+
+
+
+
+
+
+
+
#vulnerabilities
+
+
+
+
+
+
+
+
+
+
+
#version
+
+
Constructor Details
+
+
This class inherits a constructor from WpItem
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) display_name
+
+
+
+
+
+
+
+
+
Returns the value of attribute display_name
+
+
+
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+
+
+ # File 'lib/common/models/wp_user.rb', line 10
+
+def display_name
+ @display_name
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) id
+
+
+
+
+
+
+
+
+
Returns the value of attribute id
+
+
+
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+
+
+ # File 'lib/common/models/wp_user.rb', line 10
+
+def id
+ @id
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) login
+
+
+
+
+
+
+
+
+
Returns the value of attribute login
+
+
+
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+
+
+ # File 'lib/common/models/wp_user.rb', line 10
+
+def login
+ @login
+end
+
+
+
+
+
+
+
+
+
+ - (Object ) password
+
+
+
+
+
+
+
+
+
Returns the value of attribute password
+
+
+
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+
+
+ # File 'lib/common/models/wp_user.rb', line 10
+
+def password
+ @password
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) <=> (other)
+
+
+
+
+
+
+
+
+
+
+
+
+38
+39
+40
+
+
+ # File 'lib/common/models/wp_user.rb', line 38
+
+def <=> ( other )
+ id <=> other . id
+end
+
+
+
+
+
+
+
+ - (Boolean ) == (other)
+
+
+
+
+
+
+
+
+
+
+
+
+45
+46
+47
+
+
+ # File 'lib/common/models/wp_user.rb', line 45
+
+def == ( other )
+ self === other
+end
+
+
+
+
+
+
+
+ - (Boolean ) === (other)
+
+
+
+
+
+
+
+
+
+
+
+
+52
+53
+54
+
+
+ # File 'lib/common/models/wp_user.rb', line 52
+
+def === ( other )
+ id === other . id && login === other . login
+end
+
+
+
+
+
+
+
+ - (Array allowed_options
+
+
+
+
+
+
+
+
+
+
+
+
+13
+
+
+ # File 'lib/common/models/wp_user.rb', line 13
+
+def allowed_options ; [ :id , :login , :display_name , :password ] end
+
+
+
+
+
+
+
+ - (String ) login_url
+
+
+
+
+
+
+
+
+
+
+
+
+25
+26
+27
+
+
+ # File 'lib/common/models/wp_user.rb', line 25
+
+def login_url
+ @uri . merge ( ' wp-login.php ' ) . to_s
+end
+
+
+
+
+
+
+
+ - (String ) to_s
+
+
+
+
+
+
+
+
+
+
+
+
+30
+31
+32
+33
+34
+35
+
+
+ # File 'lib/common/models/wp_user.rb', line 30
+
+def to_s
+ s = " #{ id } " s += " | #{ login } " if login
+ s += " | #{ display_name } " if display_name
+ s
+end
+
+
+
+
+
+
+
+ - (URI uri
+
+
+
+
+
+
+
+
+
The uri to the auhor page
+
+
+
+
+
+
+
+
+
+
+16
+17
+18
+19
+20
+21
+22
+
+
+ # File 'lib/common/models/wp_user.rb', line 16
+
+def uri
+ if id
+ return @uri . merge ( " ?author= #{ id } " )
+ else
+ raise ' The id is nil ' end
+end
+
+
+
+
+
+
+
+ Module: WpUser::BruteForcable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpUser::BruteForcable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpUser Defined in:
+ lib/common/models/wp_user/brute_forcable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (Array passwords_from_wordlist (wordlist)
+
+
+
+
+
+
+
+
+
Load the passwords from the wordlist, which can be a file path or an array
+or passwords
+
+
File comments are ignored, but will miss passwords if they start with a
+hash...
+
+
+
+
+
+
+
+
+
+
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+
+
+ # File 'lib/common/models/wp_user/brute_forcable.rb', line 125
+
+def self . passwords_from_wordlist ( wordlist )
+ if wordlist . is_a? ( String )
+ passwords = [ ]
+ charset = File . charset ( wordlist ) . upcase
+ opt = " r: #{ charset } " opt += ' :UTF-8 ' if charset != ' UTF-8 ' File . open ( wordlist , opt ) . each do | line |
+ next if line [ 0 , 1 ] == ' # ' passwords << line . strip
+ end
+ elsif wordlist . is_a? ( Array )
+ passwords = wordlist
+ else
+ raise ' Invalid wordlist, expected String or Array ' end
+
+ passwords
+end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (void ) brute_force (wordlist, options = {})
+
+
+
+
+
+
+
+
This method returns an undefined value.
+
Brute force the user with the wordlist supplied
+
+
It can take a long time to queue 2 million requests, for that reason, we
+queue browser.max_threads, send browser.max_threads, queue
+browser.max_threads and so on.
+
+
hydra.run only returns when it has recieved all of its, responses. This
+means that while we are waiting for browser.max_threads, responses, we are
+waiting...
+
+
+
+
+
+
+
+
+
+
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+
+
+ # File 'lib/common/models/wp_user/brute_forcable.rb', line 22
+
+def brute_force ( wordlist , options = { } )
+ browser = Browser . instance
+ hydra = browser . hydra
+ passwords = BruteForcable . passwords_from_wordlist ( wordlist )
+ queue_count = 0
+ found = false
+ progress_bar = self . progress_bar ( passwords . size , options )
+
+ passwords . each do | password |
+ request = login_request ( password )
+
+ request . on_complete do | response |
+ progress_bar . progress += 1 if options [ :show_progression ] && ! found
+
+ puts " \n Trying Username : #{ login } Password : #{ password } " if options [ :verbose ]
+
+ if valid_password? ( response , password , options )
+ found = true
+ self . password = password
+ return
+ end
+ end
+
+ hydra . queue ( request )
+ queue_count += 1
+
+ if queue_count >= browser . max_threads
+ hydra . run
+ queue_count = 0
+ puts " Sent #{ browser . max_threads } requests ... " if options [ :verbose ]
+ end
+ end
+
+ hydra . run
+end
+
+
+
+
+
+
+
+ - (Typhoeus::Request login_request (password)
+
+
+
+
+
+
+
+
+
+
+
+
+79
+80
+81
+82
+83
+84
+85
+
+
+ # File 'lib/common/models/wp_user/brute_forcable.rb', line 79
+
+def login_request ( password )
+ Browser . instance . forge_request ( login_url ,
+ method: :post ,
+ body: { log: login , pwd: password } ,
+ cache_ttl: 0
+ )
+end
+
+
+
+
+
+
+
+ - (ProgressBar ) progress_bar (passwords_size, options)
+
+
+
+
+
+
+
+
+
+
+
+
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+
+
+ # File 'lib/common/models/wp_user/brute_forcable.rb', line 64
+
+def progress_bar ( passwords_size , options )
+ if options [ :show_progression ]
+ ProgressBar . create (
+ format: ' %t %a <%B> (%c / %C) %P%% %e ' ,
+ title: " Brute Forcing ' #{ login } ' " ,
+ length: 120 ,
+ total: passwords_size
+ )
+ end
+end
+
+
+
+
+
+
+
+ - (Boolean ) valid_password? (response, password, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+94
+95
+96
+97
+98
+99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+
+
+ # File 'lib/common/models/wp_user/brute_forcable.rb', line 94
+
+def valid_password? ( response , password , options = { } )
+ if response . code == 302
+ progression = " #{ green ( ' [SUCCESS] ' ) } Login : #{ login } Password : #{ password } \n\n " valid = true
+ elsif response . body =~ / login_error /i verbose = " \n Incorrect login and/or password. " elsif response . timed_out?
+ progression = " #{ red ( ' ERROR: ' ) } Request timed out. " elsif response . code == 0
+ progression = " #{ red ( ' ERROR: ' ) } No response from remote server. WAF/IPS? " elsif response . code . to_s =~ / ^50 / progression = " #{ red ( ' ERROR: ' ) } Server error, try reducing the number of threads. " else
+ progression = " #{ red ( ' ERROR: ' ) } We received an unknown response for #{ password } ... " verbose = red ( " Code: #{ response . code } \n Body: #{ response . body } \n " )
+ end
+
+ puts " \n " + progression if progression && options [ :show_progression ]
+ puts verbose if verbose && options [ :verbose ]
+
+ valid || false
+end
+
+
+
+
+
+
+
+ Module: WpUser::Existable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpUser::Existable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpUser Defined in:
+ lib/common/models/wp_user/existable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (String ) display_name_from_body (body)
+
+
+
+
+
+
+
+
+
+
Note:
+
+
Some bodies are encoded in ASCII-8BIT, and Nokogiri doesn’t support it So
+it’s forced to UTF-8 when this encoding is detected
+
+
+
+
+
The display_name
+
+
+
+
+
+
+
+
+
+
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+
+
+ # File 'lib/common/models/wp_user/existable.rb', line 64
+
+def self . display_name_from_body ( body )
+ if title_tag = body [ %r{ <title>([^<]+)</title> }i , 1 ]
+ title_tag . force_encoding ( ' UTF-8 ' ) if title_tag . encoding == Encoding :: ASCII_8BIT
+ title_tag = Nokogiri :: HTML :: DocumentFragment . parse ( title_tag ) . to_s
+ title_tag . sub! ( ' & ' , ' & ' )
+
+ name = title_tag [ %r{ ([^|«]+) } , 1 ]
+
+ return name . strip if name
+ end
+end
+
+
+
+
+
+
+
+ + (String ) login_from_author_pattern (text)
+
+
+
+
+
+
+
+
+
+
+
+
+39
+40
+41
+
+
+ # File 'lib/common/models/wp_user/existable.rb', line 39
+
+def self . login_from_author_pattern ( text )
+ text [ %r{ /author/([^/\b]+)/? }i , 1 ]
+end
+
+
+
+
+
+
+
+ + (String ) login_from_body (body)
+
+
+
+
+
+
+
+
+
+
+
+
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+
+
+ # File 'lib/common/models/wp_user/existable.rb', line 46
+
+def self . login_from_body ( body )
+ login = WpUser :: Existable . login_from_author_pattern ( body )
+
+ unless login
+ login = body [ %r{ <body class="archive author author-([^\s]+) author-(\d+) }i , 1 ]
+ end
+
+ login
+end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) exists_from_response? (response, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+10
+11
+12
+13
+14
+
+
+ # File 'lib/common/models/wp_user/existable.rb', line 10
+
+def exists_from_response? ( response , options = { } )
+ load_from_response ( response )
+
+ @login ? true : false
+end
+
+
+
+
+
+
+
+ - (void ) load_from_response (response)
+
+
+
+
+
+
+
+
This method returns an undefined value.
+
Load the login and display_name from the response
+
+
+
+
+
+
+
+
+
+
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+
+
+ # File 'lib/common/models/wp_user/existable.rb', line 21
+
+def load_from_response ( response )
+ if response . code == 301 location = response . [ ' Location ' ]
+
+ @login = Existable . login_from_author_pattern ( location )
+ @display_name = Existable . display_name_from_body (
+ Browser . get ( location ) . body
+ )
+ elsif response . code == 200 @login = Existable . login_from_body ( response . body )
+ @display_name = Existable . display_name_from_body ( response . body )
+ end
+end
+
+
+
+
+
+
+
+ Class: WpUsers
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpUsers
+
+
+
+
+
+
+
+ Inherits:
+
+ WpItems show all
+
+
+
+
+
+
+ Extended by:
+ Detectable Includes:
+ BruteForcable Output Defined in:
+ lib/common/collections/wp_users.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: BruteForcable Detectable Output
+
+
+
+
+
+
+
Instance Attribute Summary
+
+
+
#item_xpath #vulns_file
+
+
+
+
+
+
+
+
+
+
Method Summary
+
+
Methods included from Detectable
+
passive_detection request_params targets_items
+
+
+
+
+
+
+
+
+
+
+
#brute_force
+
+
+
+
+
+
+
+
+
+
Methods included from Output
+
#output
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#aggressive_detection #create_item #item_class #passive_detection #progress_bar #request_params #targets_items #targets_items_from_file #vulnerable_targets_items
+
+
+
+
+
+
+
+
+
+
+
#output
+
+
+
+
+
+
+
+
+
+
Methods inherited from Array
+
#_grep_
+
+
+
+ Module: WpUsers::BruteForcable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpUsers::BruteForcable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpUsers Defined in:
+ lib/common/collections/wp_users/brute_forcable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (void ) brute_force (wordlist, options = {})
+
+
+
+
+
+
+
+
This method returns an undefined value.
+
Brute force each wp_user
+
+
To avoid loading the wordlist each time in the wp_user instance It's loaded
+here, and given to the wp_user
+
+
+
+
+
+
+
+
+
+
+15
+16
+17
+18
+19
+
+
+ # File 'lib/common/collections/wp_users/brute_forcable.rb', line 15
+
+def brute_force ( wordlist , options = { } )
+ passwords = WpUser :: BruteForcable . passwords_from_wordlist ( wordlist )
+
+ self . each { | wp_user | wp_user . brute_force ( passwords , options ) }
+end
+
+
+
+
+
+
+
+ Module: WpUsers::Detectable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpUsers::Detectable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpUsers Defined in:
+ lib/common/collections/wp_users/detectable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (WpUsers passive_detection (wp_target, options = {})
+
+
+
+
+
+
+
+
+
No passive detection
+
+
+
+
+
+
+
+
+
+
+12
+13
+14
+
+
+ # File 'lib/common/collections/wp_users/detectable.rb', line 12
+
+def passive_detection ( wp_target , options = { } )
+ new
+end
+
+
+
+
+
+
+
+ - (Hash ) request_params
+
+
+
+
+
+
+
+
+
+
+
+
+7
+
+
+ # File 'lib/common/collections/wp_users/detectable.rb', line 7
+
+def request_params ; { } end
+
+
+
+
+
+
+
+ - (Array WpUser targets_items (wp_target, options = {})
+
+
+
+
+
+
+
+
+
+
+
+
+23
+24
+25
+26
+27
+28
+29
+30
+31
+
+
+ # File 'lib/common/collections/wp_users/detectable.rb', line 23
+
+def targets_items ( wp_target , options = { } )
+ range = options [ :range ] || ( 1 .. 10 )
+ targets = [ ]
+
+ range . each do | user_id |
+ targets << WpUser . new ( wp_target . uri , id: user_id )
+ end
+ targets
+end
+
+
+
+
+
+
+
+ Module: WpUsers::Output
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpUsers::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpUsers Defined in:
+ lib/common/collections/wp_users/output.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (void ) output (options = {})
+
+
+
+
+
+
+
+
This method returns an undefined value.
+
+
+
+
+
+
+
+
+
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+
+
+ # File 'lib/common/collections/wp_users/output.rb', line 10
+
+def output ( options = { } )
+ rows = [ ]
+ headings = [ ' Id ' , ' Login ' , ' Name ' ]
+ headings << ' Password ' if options [ :show_password ]
+
+ self . each do | wp_user |
+ row = [ wp_user . id , wp_user . login , wp_user . display_name ]
+ row << wp_user . password if options [ :show_password ]
+ rows << row
+ end
+
+ puts Terminal :: Table . new ( headings: headings ,
+ rows: rows ,
+ style: { margin_left: options [ :margin_left ] || ' ' } )
+end
+
+
+
+
+
+
+
+ Class: WpVersion
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpVersion
+
+
+
+
+
+
+
+ Inherits:
+
+ WpItem
+ Object
+
+ WpItem WpVersion
+
+
+ show all
+
+
+
+
+
+
+ Extended by:
+ Findable Includes:
+ Output Vulnerable Defined in:
+ lib/common/models/wp_version.rb,
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Findable Output Vulnerable
+
+
+
+
+
Instance Attribute Summary (collapse )
+
+
+
+
+
+
+
Attributes inherited from WpItem
+
#found_from #name #path #version #wp_content_dir #wp_plugins_dir
+
+
+
+
+
#vulns_file #vulns_xpath
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Methods included from Findable
+
find find_from_advanced_fingerprinting find_from_atom_generator find_from_links_opml find_from_meta_generator find_from_rdf_generator find_from_readme find_from_rss_generator find_from_sitemap_generator scan_url version_pattern
+
+
+
+
+
+
+
+
+
+
Methods included from Output
+
#output
+
+
+
+
+
+
+
+
+
+
Methods included from Vulnerable
+
#vulns_file #vulns_xpath
+
+
+
+
+
+
+
+
+
+
Methods inherited from WpItem
+
#<=> #=== #forge_uri #initialize #set_options #uri #url
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#output
+
+
+
+
+
+
+
+
+
+
+
#changelog_url #error_log_url #has_changelog? #has_directory_listing? #has_error_log? #has_readme? #readme_url #url_is_200?
+
+
+
+
+
+
+
+
+
+
+
#exists? #exists_from_response?
+
+
+
+
+
+
+
+
+
+
+
#vulnerabilities
+
+
+
+
+
+
+
+
+
+
+
#to_s #version
+
+
Constructor Details
+
+
This class inherits a constructor from WpItem
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ - (Object ) number
+
+
+
+
+
+
+
+
+
The version number
+
+
+
+
+
+
+
+
+
+
+
+
+
+14
+15
+16
+
+
+ # File 'lib/common/models/wp_version.rb', line 14
+
+def number
+ @number
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Boolean ) == (other)
+
+
+
+
+
+
+
+
+
+
+
+
+22
+23
+24
+
+
+ # File 'lib/common/models/wp_version.rb', line 22
+
+def == ( other )
+ number == other . number
+end
+
+
+
+
+
+
+
+ - (Array allowed_options
+
+
+
+
+
+
+
+
+
+
+
+
+17
+
+
+ # File 'lib/common/models/wp_version.rb', line 17
+
+def allowed_options ; super << :number << :found_from end
+
+
+
+
+
+
+
+ Module: WpVersion::Findable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpVersion::Findable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpVersion Defined in:
+ lib/common/models/wp_version/findable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+ - (WpVersion) find (target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Find the version of the blog designated from target_uri.
+
+
+
+
+
+
+ - (String) find_from_advanced_fingerprinting (target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
Uses data/wp_versions.xml to try to identify a wordpress version.
+
+
+
+
+
+
+ - (String) find_from_atom_generator (target_uri)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
Attempts to find the WordPress version from, the generator tag in the Atom
+source.
+
+
+
+
+
+
+ - (String) find_from_links_opml (target_uri)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
Attempts to find the WordPress version from the p-links-opml.php file.
+
+
+
+
+
+
+ - (String) find_from_meta_generator (target_uri)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
Attempts to find the wordpress version from, the generator meta tag in the
+html source.
+
+
+
+
+
+
+ - (String) find_from_rdf_generator (target_uri)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
Attempts to find WordPress version from, the generator tag in the RDF feed
+source.
+
+
+
+
+
+
+ - (String) find_from_readme (target_uri)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
Attempts to find the WordPress version from the readme.html file.
+
+
+
+
+
+
+ - (String) find_from_rss_generator (target_uri)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
Attempts to find the WordPress version from, the generator tag in the RSS
+feed source.
+
+
+
+
+
+
+ - (String) find_from_sitemap_generator (target_uri)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
Attempts to find the WordPress version from the sitemap.xml file.
+
+
+
+
+
+
+ - (String) scan_url (target_uri, pattern, path = nil)
+
+
+
+
+
+
+
+ protected
+
+
+
+
+
+
+
Returns the first match of in the body of the url.
+
+
+
+
+
+
+ - (String) version_pattern
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Used to check if the version is correct: must contain at least one dot.
+
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (WpVersion find (target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+
+
+
+
+
+
+
+
+
Find the version of the blog designated from target_uri
+
+
+
+
+
+
+
+
+
+
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 14
+
+def find ( target_uri , wp_content_dir , wp_plugins_dir , versions_xml )
+ methods . grep ( / find_from_ / ) . each do | method |
+
+ if method === :find_from_advanced_fingerprinting
+ version = send ( method , target_uri , wp_content_dir , wp_plugins_dir , versions_xml )
+ else
+ version = send ( method , target_uri )
+ end
+
+ if version
+ return new ( target_uri , number: version , found_from: method )
+ end
+ end
+ nil
+end
+
+
+
+
+
+
+
+ - (String ) find_from_advanced_fingerprinting (target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+
+
+
+
+
+
+
+
+
Uses data/wp_versions.xml to try to identify a wordpress version.
+
+
It does this by using client side file hashing
+
+
/!\ Warning : this method might return false positive if the file used for
+fingerprinting is part of a theme (they can be updated)
+
+
+
+
+
+
+
+
+
+
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 154
+
+def find_from_advanced_fingerprinting ( target_uri , wp_content_dir , wp_plugins_dir , versions_xml )
+ xml = xml ( versions_xml )
+
+ wp_item = WpItem . new ( target_uri ,
+ wp_content_dir: wp_content_dir ,
+ wp_plugins_dir: wp_plugins_dir )
+
+ xml . xpath ( ' //file ' ) . each do | node |
+ wp_item . path = node . attribute ( ' src ' ) . text
+
+ response = Browser . get ( wp_item . url )
+ md5sum = Digest :: MD5 . hexdigest ( response . body )
+
+ node . search ( ' hash ' ) . each do | hash |
+ if hash . attribute ( ' md5 ' ) . text == md5sum
+ return hash . search ( ' version ' ) . text
+ end
+ end
+ end
+ nil
+end
+
+
+
+
+
+
+
+ - (String ) find_from_atom_generator (target_uri)
+
+
+
+
+
+
+
+
+
Attempts to find the WordPress version from, the generator tag in the Atom
+source.
+
+
+
+
+
+
+
+
+
+
+121
+122
+123
+124
+125
+126
+127
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 121
+
+def find_from_atom_generator ( target_uri )
+ scan_url (
+ target_uri ,
+ %r{ <generator uri="http://wordpress.org/" version=" #{ version_pattern } ">WordPress</generator> }i ,
+ ' feed/atom/ ' )
+end
+
+
+
+
+
+
+
+ - (String ) find_from_links_opml (target_uri)
+
+
+
+
+
+
+
+
+
Attempts to find the WordPress version from the p-links-opml.php file.
+
+
+
+
+
+
+
+
+
+
+211
+212
+213
+214
+215
+216
+217
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 211
+
+def find_from_links_opml ( target_uri )
+ scan_url (
+ target_uri ,
+ %r{ generator="wordpress/ #{ version_pattern } " }i ,
+ ' wp-links-opml.php ' )
+end
+
+
+
+
+
+
+
+
+
Attempts to find the wordpress version from, the generator meta tag in the
+html source.
+
+
The meta tag can be removed however it seems, that it is reinstated on
+upgrade.
+
+
+
+
+
+
+
+
+
+
+68
+69
+70
+71
+72
+73
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 68
+
+def find_from_meta_generator ( target_uri )
+ scan_url (
+ target_uri ,
+ %r{ name="generator" content="wordpress #{ version_pattern } " }i )
+end
+
+
+
+
+
+
+
+ - (String ) find_from_rdf_generator (target_uri)
+
+
+
+
+
+
+
+
+
Attempts to find WordPress version from, the generator tag in the RDF feed
+source.
+
+
+
+
+
+
+
+
+
+
+95
+96
+97
+98
+99
+100
+101
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 95
+
+def find_from_rdf_generator ( target_uri )
+ scan_url (
+ target_uri ,
+ %r{ <admin:generatorAgent rdf:resource="http://wordpress.org/\?v= #{ version_pattern } " /> }i ,
+ ' feed/rdf/ ' )
+end
+
+
+
+
+
+
+
+ - (String ) find_from_readme (target_uri)
+
+
+
+
+
+
+
+
+
Attempts to find the WordPress version from the readme.html file.
+
+
+
+
+
+
+
+
+
+
+183
+184
+185
+186
+187
+188
+189
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 183
+
+def find_from_readme ( target_uri )
+ scan_url (
+ target_uri ,
+ %r{ <br />\sversion #{ version_pattern } }i ,
+ ' readme.html ' )
+end
+
+
+
+
+
+
+
+
+
Attempts to find the WordPress version from, the generator tag in the RSS
+feed source.
+
+
+
+
+
+
+
+
+
+
+81
+82
+83
+84
+85
+86
+87
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 81
+
+def ( target_uri )
+ scan_url (
+ target_uri ,
+ %r{ <generator>http://wordpress.org/\?v= #{ version_pattern } </generator> }i ,
+ ' feed/ ' )
+end
+
+
+
+
+
+
+
+ - (String ) find_from_sitemap_generator (target_uri)
+
+
+
+
+
+
+
+
+
+
+
+
+198
+199
+200
+201
+202
+203
+204
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 198
+
+def find_from_sitemap_generator ( target_uri )
+ scan_url (
+ target_uri ,
+ %r{ generator="wordpress/ #{ version_pattern } " }i ,
+ ' sitemap.xml ' )
+end
+
+
+
+
+
+
+
+ - (String ) scan_url (target_uri, pattern, path = nil)
+
+
+
+
+
+
+
+
+
Returns the first match of <pattern> in the body of the url
+
+
+
+
+
+
+
+
+
+
+46
+47
+48
+49
+50
+51
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 46
+
+def scan_url ( target_uri , pattern , path = nil )
+ url = path ? target_uri . merge ( path ) . to_s : target_uri . to_s
+ response = Browser . get_and_follow_location ( url )
+
+ response . body [ pattern , 1 ]
+end
+
+
+
+
+
+
+
+ - (String ) version_pattern
+
+
+
+
+
+
+
+
+
Used to check if the version is correct: must contain at least one dot.
+
+
+
+
+
+
+
+
+
+
+33
+34
+35
+
+
+ # File 'lib/common/models/wp_version/findable.rb', line 33
+
+def version_pattern
+ ' ([^\r\n"\']+\.[^\r\n"\']+) ' end
+
+
+
+
+
+
+
+ Module: WpVersion::Output
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpVersion::Output
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpVersion Defined in:
+ lib/common/models/wp_version/output.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) output
+
+
+
+
+
+
+
+
+
+
+
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+
+
+ # File 'lib/common/models/wp_version/output.rb', line 6
+
+def output
+ puts green ( ' [+] ' ) + " WordPress version #{ self . number } identified from #{ self . found_from } " vulnerabilities = self . vulnerabilities
+
+ unless vulnerabilities . empty?
+ puts
+ puts red ( ' [!] ' ) + " We have identified #{ vulnerabilities . size } vulnerabilities from the version number : " vulnerabilities . output
+ end
+end
+
+
+
+
+
+
+
+ Module: WpVersion::Vulnerable
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Module: WpVersion::Vulnerable
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Included in:
+ WpVersion Defined in:
+ lib/common/models/wp_version/vulnerable.rb
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (String ) vulns_file
+
+
+
+
+
+
+
+
+
The path to the file containing vulnerabilities
+
+
+
+
+
+
+
+
+
+
+7
+8
+9
+10
+11
+12
+
+
+ # File 'lib/common/models/wp_version/vulnerable.rb', line 7
+
+def vulns_file
+ unless @vulns_file
+ @vulns_file = WP_VULNS_FILE
+ end
+ @vulns_file
+end
+
+
+
+
+
+
+
+ - (String ) vulns_xpath
+
+
+
+
+
+
+
+
+
+
+
+
+15
+16
+17
+
+
+ # File 'lib/common/models/wp_version/vulnerable.rb', line 15
+
+def vulns_xpath
+ " //wordpress[@version=' #{ @number } ']/vulnerability " end
+
+
+
+
+
+
+
+ Class: WpscanOptions
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Class: WpscanOptions
+
+
+
+
+
+
+
+ Inherits:
+
+ Object
+
+
+ Object
+
+ WpscanOptions
+
+
+ show all
+
+
+
+
+
+
+
+
+
+
+
+ Defined in:
+ lib/wpscan/wpscan_options.rb
+
+
+
+
+
+
Constant Summary
+
+
+
+ ACCESSOR_OPTIONS =
+
+
+ [
+ :enumerate_plugins ,
+ :enumerate_only_vulnerable_plugins ,
+ :enumerate_all_plugins ,
+ :enumerate_themes ,
+ :enumerate_only_vulnerable_themes ,
+ :enumerate_all_themes ,
+ :enumerate_timthumbs ,
+ :enumerate_usernames ,
+ :enumerate_usernames_range ,
+ :proxy ,
+ :proxy_auth ,
+ :threads ,
+ :url ,
+ :wordlist ,
+ :force ,
+ :update ,
+ :verbose ,
+ :username ,
+ :password ,
+ :follow_redirection ,
+ :wp_content_dir ,
+ :wp_plugins_dir ,
+ :help ,
+ :config_file ,
+ :exclude_content_based ,
+ :basic_auth
+]
+
+
+
+
+
+
+
+
+
+
+ Class Method Summary
+ (collapse )
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
Constructor Details
+
+
+
+
+ - (WpscanOptions initialize
+
+
+
+
+
+
+
+
+
A new instance of WpscanOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+36
+37
+38
+39
+40
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 36
+
+def initialize
+ ACCESSOR_OPTIONS . each do | option |
+ instance_variable_set ( " @ #{ option } " , nil )
+ end
+end
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ + (Object ) clean_option (option)
+
+
+
+
+
+
+
+
+
Will removed the '-' or '--' chars at the beginning of option and replace
+any remaining '-' by '_'
+
+
param string option return string
+
+
+
+
+
+
+
+
+
+
+
+
+
+247
+248
+249
+250
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 247
+
+def self . clean_option ( option )
+ cleaned_option = option . gsub ( / ^--? / , ' ' )
+ cleaned_option . gsub ( / - / , ' _ ' )
+end
+
+
+
+
+
+
+
+ + (Object ) get_opt_long
+
+
+
+
+
+
+
+
+
Even if a short option is given (IE : -u), the long one will be returned
+(IE : --url)
+
+
+
+
+
+
+
+
+
+
+
+
+
+216
+217
+218
+219
+220
+221
+222
+223
+224
+225
+226
+227
+228
+229
+230
+231
+232
+233
+234
+235
+236
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 216
+
+def self . get_opt_long
+ GetoptLong . new (
+ [ ' --url ' , ' -u ' , GetoptLong :: REQUIRED_ARGUMENT ] ,
+ [ ' --enumerate ' , ' -e ' , GetoptLong :: OPTIONAL_ARGUMENT ] ,
+ [ ' --username ' , ' -U ' , GetoptLong :: REQUIRED_ARGUMENT ] ,
+ [ ' --wordlist ' , ' -w ' , GetoptLong :: REQUIRED_ARGUMENT ] ,
+ [ ' --threads ' , ' -t ' , GetoptLong :: REQUIRED_ARGUMENT ] ,
+ [ ' --force ' , ' -f ' , GetoptLong :: NO_ARGUMENT ] ,
+ [ ' --help ' , ' -h ' , GetoptLong :: NO_ARGUMENT ] ,
+ [ ' --verbose ' , ' -v ' , GetoptLong :: NO_ARGUMENT ] ,
+ [ ' --proxy ' , GetoptLong :: REQUIRED_ARGUMENT ] ,
+ [ ' --proxy-auth ' , GetoptLong :: REQUIRED_ARGUMENT ] ,
+ [ ' --update ' , GetoptLong :: NO_ARGUMENT ] ,
+ [ ' --follow-redirection ' , GetoptLong :: NO_ARGUMENT ] ,
+ [ ' --wp-content-dir ' , GetoptLong :: REQUIRED_ARGUMENT ] ,
+ [ ' --wp-plugins-dir ' , GetoptLong :: REQUIRED_ARGUMENT ] ,
+ [ ' --config-file ' , ' -c ' , GetoptLong :: REQUIRED_ARGUMENT ] ,
+ [ ' --exclude-content-based ' , GetoptLong :: REQUIRED_ARGUMENT ] ,
+ [ ' --basic-auth ' , GetoptLong :: REQUIRED_ARGUMENT ]
+ )
+end
+
+
+
+
+
+
+
+ + (Boolean ) is_long_option? (option)
+
+
+
+
+
+
+
+
+
+
+
+
+238
+239
+240
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 238
+
+def self . is_long_option? ( option )
+ ACCESSOR_OPTIONS . include? ( :#{ WpscanOptions . clean_option ( option ) } " )
+end
+
+
+
+
+
+
+
+ + (Object ) load_from_arguments
+
+
+
+
+
+
+
+
+
Will load the options from ARGV return WpscanOptions
+
+
+
+
+
+
+
+
+
+
+
+
+
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 149
+
+def self . load_from_arguments
+ wpscan_options = WpscanOptions . new
+
+ if ARGV . length > 0
+ WpscanOptions . get_opt_long . each do | opt , arg |
+ wpscan_options . set_option_from_cli ( opt , arg )
+ end
+ end
+
+ wpscan_options
+end
+
+
+
+
+
+
+
+ + (Object ) option_to_instance_variable_setter (option)
+
+
+
+
+
+
+
+
+
+
+
+252
+253
+254
+255
+256
+257
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 252
+
+def self . option_to_instance_variable_setter ( option )
+ cleaned_option = WpscanOptions . clean_option ( option )
+ option_syms = ACCESSOR_OPTIONS . grep ( %r{ ^ #{ cleaned_option } $ } )
+
+ option_syms . length == 1 ? :#{ option_syms . at ( 0 ) } = " : nil
+end
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) basic_auth= (basic_auth)
+
+
+
+
+
+
+
+
+
+
+
+124
+125
+126
+127
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 124
+
+def basic_auth= ( basic_auth )
+ raise ' Invalid basic authentication format, login:password expected ' if basic_auth . index ( ' : ' ) . nil?
+ @basic_auth = " Basic #{ Base64 . encode64 ( basic_auth ) . chomp } " end
+
+
+
+
+
+
+
+ - (Object ) enumerate_all_plugins= (enumerate_all_plugins)
+
+
+
+
+
+
+
+
+
+
+
+92
+93
+94
+95
+96
+97
+98
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 92
+
+def enumerate_all_plugins= ( enumerate_all_plugins )
+ if enumerate_all_plugins === true and ( @enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true )
+ raise ' Please choose only one plugin enumeration option ' else
+ @enumerate_all_plugins = enumerate_all_plugins
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) enumerate_all_themes= (enumerate_all_themes)
+
+
+
+
+
+
+
+
+
+
+
+116
+117
+118
+119
+120
+121
+122
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 116
+
+def enumerate_all_themes= ( enumerate_all_themes )
+ if enumerate_all_themes === true and ( @enumerate_themes === true or @enumerate_only_vulnerable_themes === true )
+ raise ' Please choose only one theme enumeration option ' else
+ @enumerate_all_themes = enumerate_all_themes
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) enumerate_only_vulnerable_plugins= (enumerate_only_vulnerable_plugins)
+
+
+
+
+
+
+
+
+
+
+
+84
+85
+86
+87
+88
+89
+90
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 84
+
+def enumerate_only_vulnerable_plugins= ( enumerate_only_vulnerable_plugins )
+ if enumerate_only_vulnerable_plugins === true and ( @enumerate_all_plugins === true or @enumerate_plugins === true )
+ raise ' Please choose only one plugin enumeration option ' else
+ @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) enumerate_only_vulnerable_themes= (enumerate_only_vulnerable_themes)
+
+
+
+
+
+
+
+
+
+
+
+108
+109
+110
+111
+112
+113
+114
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 108
+
+def enumerate_only_vulnerable_themes= ( enumerate_only_vulnerable_themes )
+ if enumerate_only_vulnerable_themes === true and ( @enumerate_all_themes === true or @enumerate_themes === true )
+ raise ' Please choose only one theme enumeration option ' else
+ @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) enumerate_options_from_string (value)
+
+
+
+
+
+
+
+
+
Will set enumerate_* from the string value IE : if value = vp =>
+:enumerate_only_vulnerable_plugins will be set to true multiple enumeration
+are possible : 'u,p' => :enumerate_usernames and :enumerate_plugins
+Special case for usernames, a range is possible : u will enumerate usernames from 1 to 10
+
+
+
+
+
+
+
+
+
+
+
+
+
+184
+185
+186
+187
+188
+189
+190
+191
+192
+193
+194
+195
+196
+197
+198
+199
+200
+201
+202
+203
+204
+205
+206
+207
+208
+209
+210
+211
+212
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 184
+
+def enumerate_options_from_string ( value )
+
+ value = value . split ( ' , ' ) . map { | c | c . downcase }
+
+ self . enumerate_only_vulnerable_plugins = true if value . include? ( ' vp ' )
+
+ self . enumerate_plugins = true if value . include? ( ' p ' )
+
+ self . enumerate_all_plugins = true if value . include? ( ' ap ' )
+
+ @enumerate_timthumbs = true if value . include? ( ' tt ' )
+
+ self . enumerate_only_vulnerable_themes = true if value . include? ( ' vt ' )
+
+ self . enumerate_themes = true if value . include? ( ' t ' )
+
+ self . enumerate_all_themes = true if value . include? ( ' at ' )
+
+ value . grep ( / ^u / ) do | username_enum_value |
+ @enumerate_usernames = true
+ matches = %r{ \[([\d]+)-([\d]+)\] } . match ( username_enum_value )
+ if matches
+ @enumerate_usernames_range = ( matches [ 1 ] . to_i .. matches [ 2 ] . to_i )
+ end
+ end
+
+end
+
+
+
+
+
+
+
+ - (Object ) enumerate_plugins= (enumerate_plugins)
+
+
+
+
+
+
+
+
+
+
+
+76
+77
+78
+79
+80
+81
+82
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 76
+
+def enumerate_plugins= ( enumerate_plugins )
+ if enumerate_plugins === true and ( @enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true )
+ raise ' Please choose only one plugin enumeration option ' else
+ @enumerate_plugins = enumerate_plugins
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) enumerate_themes= (enumerate_themes)
+
+
+
+
+
+
+
+
+
+
+
+100
+101
+102
+103
+104
+105
+106
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 100
+
+def enumerate_themes= ( enumerate_themes )
+ if enumerate_themes === true and ( @enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true )
+ raise ' Please choose only one theme enumeration option ' else
+ @enumerate_themes = enumerate_themes
+ end
+end
+
+
+
+
+
+
+
+ - (Boolean ) has_options?
+
+
+
+
+
+
+
+
+
+
+
+
+129
+130
+131
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 129
+
+def has_options?
+ ! to_h . empty?
+end
+
+
+
+
+
+
+
+ - (Object ) proxy= (proxy)
+
+
+
+
+
+
+
+
+
+
+
+60
+61
+62
+63
+64
+65
+66
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 60
+
+def proxy= ( proxy )
+ if proxy . index ( ' : ' ) == nil
+ raise ' Invalid proxy format. Should be host:port. ' else
+ @proxy = proxy
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) proxy_auth= (auth)
+
+
+
+
+
+
+
+
+
+
+
+68
+69
+70
+71
+72
+73
+74
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 68
+
+def proxy_auth= ( auth )
+ if auth . index ( ' : ' ) == nil
+ raise ' Invalid proxy auth format, username:password expected ' else
+ @proxy_auth = auth
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) set_option_from_cli (cli_option, cli_value)
+
+
+
+
+
+
+
+
+
string cli_option : --url, -u, --proxy etc string cli_value : the option
+value
+
+
+
+
+
+
+
+
+
+
+
+
+
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+177
+178
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 163
+
+def set_option_from_cli ( cli_option , cli_value )
+
+ if WpscanOptions . is_long_option? ( cli_option )
+ self . send (
+ WpscanOptions . option_to_instance_variable_setter ( cli_option ) ,
+ cli_value
+ )
+ elsif cli_option === ' --enumerate ' cli_value = ' vt,tt,u,vp ' if cli_value . length == 0
+
+ enumerate_options_from_string ( cli_value )
+ else
+ raise " Unknow option : #{ cli_option } with value #{ cli_value } " end
+end
+
+
+
+
+
+
+
+ - (Object ) threads= (threads)
+
+
+
+
+
+
+
+
+
+
+
+48
+49
+50
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 48
+
+def threads= ( threads )
+ @threads = threads . is_a? ( Integer ) ? threads : threads . to_i
+end
+
+
+
+
+
+
+
+ - (Object ) to_h
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 134
+
+def to_h
+ options = { }
+
+ ACCESSOR_OPTIONS . each do | option |
+ instance_variable = instance_variable_get ( " @ #{ option } " )
+
+ unless instance_variable . nil?
+ options [ :#{ option } " ] = instance_variable
+ end
+ end
+ options
+end
+
+
+
+
+
+
+
+ - (Object ) url= (url)
+
+
+
+
+
+
+
+
+
+
+
+42
+43
+44
+45
+46
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 42
+
+def url= ( url )
+ raise ' Empty URL given ' if ! url
+
+ @url = URI . parse ( add_http_protocol ( url ) ) . to_s
+end
+
+
+
+
+
+
+
+ - (Object ) wordlist= (wordlist)
+
+
+
+
+
+
+
+
+
+
+
+52
+53
+54
+55
+56
+57
+58
+
+
+ # File 'lib/wpscan/wpscan_options.rb', line 52
+
+def wordlist= ( wordlist )
+ if File . exists? ( wordlist )
+ @wordlist = wordlist
+ else
+ raise " The file #{ wordlist } does not exist " end
+end
+
+
+
+
+
+
+
+ Documentation by YARD 0.8.6.1
+
+
+
+ Documentation by YARD 0.8.6.1
+
+
Alphabetic Index
+
+
File Listing
+
+
+
+
Namespace Listing A-Z
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ I
+
+
+
+ Infos (WpItem)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ O
+
+
+
+ Options (Ethon::Easy)
+
+
+
+
+ Options (Browser)
+
+
+
+
+ Output (Vulnerabilities)
+
+
+
+
+ Output (Vulnerability)
+
+
+
+
+ Output (WpItem)
+
+
+
+
+ Output (WpUsers)
+
+
+
+
+ Output (WpTimthumb)
+
+
+
+
+ Output (WpVersion)
+
+
+
+
+ Output (WpItems)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
*/
+#filecontents table, .docstring table { border-collapse: collapse; }
+#filecontents table th, #filecontents table td,
+.docstring table th, .docstring table td { border: 1px solid #ccc; padding: 8px; padding-right: 17px; }
+#filecontents table tr:nth-child(odd),
+.docstring table tr:nth-child(odd) { background: #eee; }
+#filecontents table tr:nth-child(even),
+.docstring table tr:nth-child(even) { background: #fff; }
+#filecontents table th, .docstring table th { background: #fff; }
+
+/* style for */
+#filecontents li > p, .docstring li > p { margin: 0px; }
+#filecontents ul, .docstring ul { padding-left: 20px; }
+/* style for */
+#filecontents dl, .docstring dl { border: 1px solid #ccc; }
+#filecontents dt, .docstring dt { background: #ddd; font-weight: bold; padding: 3px 5px; }
+#filecontents dd, .docstring dd { padding: 5px 0px; margin-left: 18px; }
+#filecontents dd > p, .docstring dd > p { margin: 0px; }
+
+.note {
+ color: #222;
+ -moz-border-radius: 3px; -webkit-border-radius: 3px;
+ background: #e3e4e3; border: 1px solid #d5d5d5; padding: 7px 10px;
+ display: block;
+}
+.note.todo { background: #ffffc5; border-color: #ececaa; }
+.note.returns_void { background: #efefef; }
+.note.deprecated { background: #ffe5e5; border-color: #e9dada; }
+.note.private { background: #ffffc5; border-color: #ececaa; }
+.note.title { padding: 1px 5px; font-size: 0.9em; font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; display: inline; }
+.summary_signature + .note.title { margin-left: 7px; }
+h1 .note.title { font-size: 0.5em; font-weight: normal; padding: 3px 5px; position: relative; top: -3px; text-transform: capitalize; }
+.note.title.constructor { color: #fff; background: #6a98d6; border-color: #6689d6; }
+.note.title.writeonly { color: #fff; background: #45a638; border-color: #2da31d; }
+.note.title.readonly { color: #fff; background: #6a98d6; border-color: #6689d6; }
+.note.title.private { background: #d5d5d5; border-color: #c5c5c5; }
+.note.title.not_defined_here { background: transparent; border: none; font-style: italic; }
+.discussion .note { margin-top: 6px; }
+.discussion .note:first-child { margin-top: 0; }
+
+h3.inherited {
+ font-style: italic;
+ font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif;
+ font-weight: normal;
+ padding: 0;
+ margin: 0;
+ margin-top: 12px;
+ margin-bottom: 3px;
+ font-size: 13px;
+}
+p.inherited {
+ padding: 0;
+ margin: 0;
+ margin-left: 25px;
+}
+
+#filecontents dl.box, dl.box {
+ border: 0;
+ width: 520px;
+ font-size: 1em;
+}
+#filecontents dl.box dt, dl.box dt {
+ float: left;
+ display: block;
+ width: 100px;
+ margin: 0;
+ text-align: right;
+ font-weight: bold;
+ background: transparent;
+ border: 1px solid #aaa;
+ border-width: 1px 0px 0px 1px;
+ padding: 6px 0;
+ padding-right: 10px;
+}
+#filecontents dl.box dd, dl.box dd {
+ float: left;
+ display: block;
+ width: 380px;
+ margin: 0;
+ padding: 6px 0;
+ padding-right: 20px;
+ border: 1px solid #aaa;
+ border-width: 1px 1px 0 0;
+}
+#filecontents dl.box .last, dl.box .last {
+ border-bottom: 1px solid #aaa;
+}
+#filecontents dl.box .r1, dl.box .r1 { background: #eee; }
+
+ul.toplevel { list-style: none; padding-left: 0; font-size: 1.1em; }
+.index_inline_list { padding-left: 0; font-size: 1.1em; }
+.index_inline_list li { list-style: none; display: inline; padding: 7px 12px; line-height: 35px; }
+
+dl.constants { margin-left: 40px; }
+dl.constants dt { font-weight: bold; font-size: 1.1em; margin-bottom: 5px; }
+dl.constants dd { width: 75%; white-space: pre; font-family: monospace; margin-bottom: 18px; }
+
+.summary_desc { margin-left: 32px; display: block; font-family: sans-serif; }
+.summary_desc tt { font-size: 0.9em; }
+dl.constants .note { padding: 2px 6px; padding-right: 12px; margin-top: 6px; }
+dl.constants .docstring { margin-left: 32px; font-size: 0.9em; font-weight: normal; }
+dl.constants .tags { padding-left: 32px; font-size: 0.9em; line-height: 0.8em; }
+dl.constants .discussion *:first-child { margin-top: 0; }
+dl.constants .discussion *:last-child { margin-bottom: 0; }
+
+.method_details { border-top: 1px dotted #aaa; margin-top: 15px; padding-top: 0; }
+.method_details.first { border: 0; }
+p.signature, h3.signature {
+ font-size: 1.1em; font-weight: normal; font-family: Monaco, Consolas, Courier, monospace;
+ padding: 6px 10px; margin-top: 18px;
+ background: #e5e8ff; border: 1px solid #d8d8e5; -moz-border-radius: 3px; -webkit-border-radius: 3px;
+}
+p.signature tt,
+h3.signature tt { font-family: Monaco, Consolas, Courier, monospace; }
+p.signature .overload,
+h3.signature .overload { display: block; }
+p.signature .extras,
+h3.signature .extras { font-weight: normal; font-family: sans-serif; color: #444; font-size: 1em; }
+p.signature .not_defined_here,
+h3.signature .not_defined_here,
+p.signature .aliases,
+h3.signature .aliases { display: block; font-weight: normal; font-size: 0.9em; font-family: sans-serif; margin-top: 0px; color: #555; }
+p.signature .aliases .names,
+h3.signature .aliases .names { font-family: Monaco, Consolas, Courier, monospace; font-weight: bold; color: #000; font-size: 1.2em; }
+
+.tags .tag_title { font-size: 1em; margin-bottom: 0; font-weight: bold; }
+.tags ul { margin-top: 5px; padding-left: 30px; list-style: square; }
+.tags ul li { margin-bottom: 3px; }
+.tags ul .name { font-family: monospace; font-weight: bold; }
+.tags ul .note { padding: 3px 6px; }
+.tags { margin-bottom: 12px; }
+
+.tags .examples .tag_title { margin-bottom: 10px; font-weight: bold; }
+.tags .examples .inline p { padding: 0; margin: 0; margin-left: 15px; font-weight: bold; font-size: 0.9em; }
+
+.tags .overload .overload_item { list-style: none; margin-bottom: 25px; }
+.tags .overload .overload_item .signature {
+ padding: 2px 8px;
+ background: #e5e8ff; border: 1px solid #d8d8e5; -moz-border-radius: 3px; -webkit-border-radius: 3px;
+}
+.tags .overload .signature { margin-left: -15px; font-family: monospace; display: block; font-size: 1.1em; }
+.tags .overload .docstring { margin-top: 15px; }
+
+.defines { display: none; }
+
+#method_missing_details .notice.this { position: relative; top: -8px; color: #888; padding: 0; margin: 0; }
+
+.showSource { font-size: 0.9em; }
+.showSource a:link, .showSource a:visited { text-decoration: none; color: #666; }
+
+#content a:link, #content a:visited { text-decoration: none; color: #05a; }
+#content a:hover { background: #ffffa5; }
+div.docstring, p.docstring { margin-right: 6em; }
+
+ul.summary {
+ list-style: none;
+ font-family: monospace;
+ font-size: 1em;
+ line-height: 1.5em;
+}
+ul.summary a:link, ul.summary a:visited {
+ text-decoration: none; font-size: 1.1em;
+}
+ul.summary li { margin-bottom: 5px; }
+.summary .summary_signature {
+ padding: 1px 10px;
+ background: #eaeaff; border: 1px solid #dfdfe5;
+ -moz-border-radius: 3px; -webkit-border-radius: 3px;
+}
+.summary_signature:hover { background: #eeeeff; cursor: pointer; }
+ul.summary.compact li { display: inline-block; margin: 0px 5px 0px 0px; line-height: 2.6em;}
+ul.summary.compact .summary_signature { padding: 5px 7px; padding-right: 4px; }
+#content .summary_signature:hover a:link,
+#content .summary_signature:hover a:visited {
+ background: transparent;
+ color: #48f;
+}
+
+p.inherited a { font-family: monospace; font-size: 0.9em; }
+p.inherited { word-spacing: 5px; font-size: 1.2em; }
+
+p.children { font-size: 1.2em; }
+p.children a { font-size: 0.9em; }
+p.children strong { font-size: 0.8em; }
+p.children strong.modules { padding-left: 5px; }
+
+ul.fullTree { display: none; padding-left: 0; list-style: none; margin-left: 0; margin-bottom: 10px; }
+ul.fullTree ul { margin-left: 0; padding-left: 0; list-style: none; }
+ul.fullTree li { text-align: center; padding-top: 18px; padding-bottom: 12px; background: url(data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHtJREFUeNqMzrEJAkEURdGzuhgZbSoYWcAWoBVsB4JgZAGmphsZCZYzTQgWNCYrDN9RvMmHx+X916SUBFbo8CzD1idXrLErw1mQttgXtyrOcQ/Ny5p4Qh+2XqLYYazsPWNTiuMkRxa4vcV+evuNAUOLIx5+c2hyzv7hNQC67Q+/HHmlEwAAAABJRU5ErkJggg==) no-repeat top center; }
+ul.fullTree li:first-child { padding-top: 0; background: transparent; }
+ul.fullTree li:last-child { padding-bottom: 0; }
+.showAll ul.fullTree { display: block; }
+.showAll .inheritName { display: none; }
+
+#search { position: absolute; right: 14px; top: 0px; }
+#search a:link, #search a:visited {
+ display: block; float: left; margin-right: 4px;
+ padding: 8px 10px; text-decoration: none; color: #05a;
+ border: 1px solid #d8d8e5;
+ -moz-border-radius-bottomleft: 3px; -moz-border-radius-bottomright: 3px;
+ -webkit-border-bottom-left-radius: 3px; -webkit-border-bottom-right-radius: 3px;
+ background: #eaf0ff;
+ -webkit-box-shadow: -1px 1px 3px #ddd;
+}
+#search a:hover { background: #f5faff; color: #06b; }
+#search a.active {
+ background: #568; padding-bottom: 20px; color: #fff; border: 1px solid #457;
+ -moz-border-radius-topleft: 5px; -moz-border-radius-topright: 5px;
+ -webkit-border-top-left-radius: 5px; -webkit-border-top-right-radius: 5px;
+}
+#search a.inactive { color: #999; }
+.frames #search { display: none; }
+.inheritanceTree, .toggleDefines { float: right; }
+
+#menu { font-size: 1.3em; color: #bbb; top: -5px; position: relative; }
+#menu .title, #menu a { font-size: 0.7em; }
+#menu .title a { font-size: 1em; }
+#menu .title { color: #555; }
+#menu a:link, #menu a:visited { color: #333; text-decoration: none; border-bottom: 1px dotted #bbd; }
+#menu a:hover { color: #05a; }
+#menu .noframes { display: inline; }
+.frames #menu .noframes { display: inline; float: right; }
+
+#footer { margin-top: 15px; border-top: 1px solid #ccc; text-align: center; padding: 7px 0; color: #999; }
+#footer a:link, #footer a:visited { color: #444; text-decoration: none; border-bottom: 1px dotted #bbd; }
+#footer a:hover { color: #05a; }
+
+#listing ul.alpha { font-size: 1.1em; }
+#listing ul.alpha { margin: 0; padding: 0; padding-bottom: 10px; list-style: none; }
+#listing ul.alpha li.letter { font-size: 1.4em; padding-bottom: 10px; }
+#listing ul.alpha ul { margin: 0; padding-left: 15px; }
+#listing ul small { color: #666; font-size: 0.7em; }
+
+li.r1 { background: #f0f0f0; }
+li.r2 { background: #fafafa; }
+
+#search_frame {
+ z-index: 9999;
+ background: #fff;
+ display: none;
+ position: absolute;
+ top: 36px;
+ right: 18px;
+ width: 500px;
+ height: 80%;
+ overflow-y: scroll;
+ border: 1px solid #999;
+ border-collapse: collapse;
+ -webkit-box-shadow: -7px 5px 25px #aaa;
+ -moz-box-shadow: -7px 5px 25px #aaa;
+ -moz-border-radius: 2px;
+ -webkit-border-radius: 2px;
+}
+
+#content ul.summary li.deprecated .summary_signature a:link,
+#content ul.summary li.deprecated .summary_signature a:visited { text-decoration: line-through; font-style: italic; }
+
+#toc {
+ padding: 20px; padding-right: 30px; border: 1px solid #ddd; float: right; background: #fff; margin-left: 20px; margin-bottom: 20px;
+ max-width: 300px;
+ -webkit-box-shadow: -2px 2px 6px #bbb;
+ -moz-box-shadow: -2px 2px 6px #bbb;
+ z-index: 5000;
+ position: relative;
+}
+#toc.nofloat { float: none; max-width: none; border: none; padding: 0; margin: 20px 0; -webkit-box-shadow: none; -moz-box-shadow: none; }
+#toc.nofloat.hidden { padding: 0; background: 0; margin-bottom: 5px; }
+#toc .title { margin: 0; }
+#toc ol { padding-left: 1.8em; }
+#toc li { font-size: 1.1em; line-height: 1.7em; }
+#toc > ol > li { font-size: 1.1em; font-weight: bold; }
+#toc ol > ol { font-size: 0.9em; }
+#toc ol ol > ol { padding-left: 2.3em; }
+#toc ol + li { margin-top: 0.3em; }
+#toc.hidden { padding: 10px; background: #f6f6f6; -webkit-box-shadow: none; -moz-box-shadow: none; }
+#filecontents h1 + #toc.nofloat { margin-top: 0; }
+
+/* syntax highlighting */
+.source_code { display: none; padding: 3px 8px; border-left: 8px solid #ddd; margin-top: 5px; }
+#filecontents pre.code, .docstring pre.code, .source_code pre { font-family: monospace; }
+#filecontents pre.code, .docstring pre.code { display: block; }
+.source_code .lines { padding-right: 12px; color: #555; text-align: right; }
+#filecontents pre.code, .docstring pre.code,
+.tags pre.example { padding: 5px 12px; margin-top: 4px; border: 1px solid #eef; background: #f5f5ff; }
+pre.code { color: #000; }
+pre.code .info.file { color: #555; }
+pre.code .val { color: #036A07; }
+pre.code .tstring_content,
+pre.code .heredoc_beg, pre.code .heredoc_end,
+pre.code .qwords_beg, pre.code .qwords_end,
+pre.code .tstring, pre.code .dstring { color: #036A07; }
+pre.code .fid, pre.code .rubyid_new, pre.code .rubyid_to_s,
+pre.code .rubyid_to_sym, pre.code .rubyid_to_f,
+pre.code .dot + pre.code .id,
+pre.code .rubyid_to_i pre.code .rubyid_each { color: #0085FF; }
+pre.code .comment { color: #0066FF; }
+pre.code .const, pre.code .constant { color: #585CF6; }
+pre.code .symbol { color: #C5060B; }
+pre.code .kw,
+pre.code .label,
+pre.code .rubyid_require,
+pre.code .rubyid_extend,
+pre.code .rubyid_include { color: #0000FF; }
+pre.code .ivar { color: #318495; }
+pre.code .gvar,
+pre.code .rubyid_backref,
+pre.code .rubyid_nth_ref { color: #6D79DE; }
+pre.code .regexp, .dregexp { color: #036A07; }
+pre.code a { border-bottom: 1px dotted #bbf; }
diff --git a/doc_yard/file.README.html b/doc_yard/file.README.html
new file mode 100644
index 00000000..874e4243
--- /dev/null
+++ b/doc_yard/file.README.html
@@ -0,0 +1,315 @@
+
+
+
+
+ File: README
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+
+
__
+
+
__ _______ _____
+\ \ / / __ \ / ____|
+ \ \ /\ / /| |__) | (___ ___ __ _ _ __
+ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
+ \ /\ / | | ____) | (__| (_| | | | |
+ \/ \/ |_| |_____/ \___|\__,_|_| |_|
+
+
__
+
+
LICENSE==
+
+
WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team
+
+
This program is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the Free
+Software Foundation, either version 3 of the License, or (at your option)
+any later version.
+
+
This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+more details.
+
+
You should have received a copy of the GNU General Public License along
+with this program. If not, see <www.gnu.org/licenses />.
+
+
ryandewhurst at gmail
+
+
INSTALL==
+
+
WPScan comes pre-installed on the following Linux distributions:
+
+ * BackBox Linux
+ * BackTrack Linux (outdated WPScan installed, update needed)
+ * Pentoo
+ * SamuraiWTF
+
+Prerequisites:
+
+ * Windows not supported
+ * Ruby => 1.9
+ * RubyGems
+ * Git
+
+-> Installing on Debian/Ubuntu:
+
+ sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+ git clone https://github.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install --without test development
+
+-> Installing on Fedora:
+
+ sudo yum install libcurl-devel
+ git clone https://github.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install --without test development
+
+-> Installing on Archlinux:
+
+ pacman -Sy ruby
+ pacman -Sy libyaml
+
+ git clone https://github.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install --without test development
+
+ gem install typhoeus
+ gem install nokogiri
+
+-> Installing on Mac OS X:
+
+ git clone https://github.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install --without test development
+
+
KNOWN ISSUES==
+
+
- Typhoeus segmentation fault:
+ Update cURL to version => 7.21 (may have to install from source)
+ See http://code.google.com/p/wpscan/issues/detail?id=81
+
+- Proxy not working:
+ Update cURL to version => 7.21.7 (may have to install from source).
+
+ Installation from sources :
+ - Grab the sources from http://curl.haxx.se/download.html
+ - Decompress the archive
+ - Open the folder with the extracted files
+ - Run ./configure
+ - Run make
+ - Run sudo make install
+ - Run sudo ldconfig
+
+- cannot load such file -- readline:
+ Run sudo aptitude install libreadline5-dev libncurses5-dev
+
+ Then, open the directory of the readline gem (you have to locate it)
+
+ cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
+ ruby extconf.rb
+ make
+ make install
+
+ See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
+
+- no such file to load -- rubygems
+ Run update-alternatives --config ruby
+ And select your ruby version
+
+ See https://github.com/wpscanteam/wpscan/issues/148
+
+
WPSCAN ARGUMENTS==
+
+
--update Update to the latest revision
+
+
--url | -u <target url> The WordPress URL/domain to scan.
+
+
--force | -f Forces WPScan to not check if the remote site is running
+WordPress.
+
+
--enumerate | -e [option(s)] Enumeration.
+
+
option :
+ u usernames from id 1 to 10
+ u[10-20] usernames from id 10 to 20 (you must write [] chars)
+ p plugins
+ vp only vulnerable plugins
+ ap all plugins (can take a long time)
+ tt timthumbs
+ t themes
+ vp only vulnerable themes
+ at all themes (can take a long time)
+Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+If no option is supplied, the default is 'vt,tt,u,vp'
+
+
--exclude-content-based '<regexp or string>' Used with the
+enumeration option, will exclude all occurrences based on the regexp or
+string supplied
+
+
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+
+
--config-file | -c <config file> Use the specified config file
+
+
--follow-redirection If the target url has a redirection, it will be
+followed without asking if you wanted to do so or not
+
+
--wp-content-dir <wp content dir> WPScan try to find the content
+directory (ie wp-content) by scanning the index page, however you can
+specified it. Subdirectories are allowed
+
+
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir
+but for the plugins directory. If not supplied, WPScan will use
+wp-content-dir/plugins. Subdirectories are allowed
+
+
--proxy <[protocol://]host:port> Supply a proxy (will override the
+one from conf/browser.conf.json).
+
+
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+
+
--proxy-auth <username:password> Supply the proxy login credentials
+(will override the one from conf/browser.conf.json).
+
+
--basic-auth <username:password> Set the HTTP Basic authentication
+
+
--wordlist | -w <wordlist> Supply a wordlist for the password bruter
+and do the brute.
+
+
--threads | -t <number of threads> The number of threads to use
+when multi-threading requests. (will override the value from
+conf/browser.conf.json)
+
+
--username | -U <username> Only brute force the supplied username.
+
+
--help | -h This help screen.
+
+
--verbose | -v Verbose output.
+
+
WPSCAN EXAMPLES==
+
+
Do 'non-intrusive' checks...
+
+
ruby wpscan.rb --url www.example.com
+
+
Do wordlist password brute force on enumerated users using 50 threads...
+
+
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
+
+
Do wordlist password brute force on the 'admin' username only...
+
+
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
+
+
Enumerate installed plugins...
+
+
ruby wpscan.rb --url www.example.com --enumerate p
+
+
WPSTOOLS ARGUMENTS==
+
+
--help | -h This help screen. --Verbose | -v Verbose output.
+--update | -u Update to the latest revision. --generate_plugin_list
+[number of pages] Generate a new data/plugins.txt file. (supply number of
+pages to parse, default : 150) --gpl Alias for
+--generate_plugin_list --check-local-vulnerable-files | --clvf <local
+directory> Perform a recursive scan in the <local directory> to
+find vulnerable files or shells
+
+
WPSTOOLS EXAMPLES==
+
+
+
ruby wpstools.rb --generate_plugin_list 150
+
+
+
ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/
+
+
PROJECT HOME===
+
+
www.wpscan.org
+
+
REPOSITORY===
+
+
github.com/wpscanteam/wpscan
+
+
ISSUES===
+
+
github.com/wpscanteam/wpscan/issues
+
+
SPONSOR===
+
+
WPScan is sponsored by the RandomStorm Open Source Initiative.
+
+
Visit RandomStorm at www.randomstorm.com
+
Documentation by YARD 0.8.6.1
+
+
+
+
+
+
+
diff --git a/doc_yard/index.html b/doc_yard/index.html
new file mode 100644
index 00000000..874e4243
--- /dev/null
+++ b/doc_yard/index.html
@@ -0,0 +1,315 @@
+
+
+
+
+ File: README
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+
+
__
+
+
__ _______ _____
+\ \ / / __ \ / ____|
+ \ \ /\ / /| |__) | (___ ___ __ _ _ __
+ \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
+ \ /\ / | | ____) | (__| (_| | | | |
+ \/ \/ |_| |_____/ \___|\__,_|_| |_|
+
+
__
+
+
LICENSE==
+
+
WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team
+
+
This program is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the Free
+Software Foundation, either version 3 of the License, or (at your option)
+any later version.
+
+
This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+more details.
+
+
You should have received a copy of the GNU General Public License along
+with this program. If not, see <www.gnu.org/licenses />.
+
+
ryandewhurst at gmail
+
+
INSTALL==
+
+
WPScan comes pre-installed on the following Linux distributions:
+
+ * BackBox Linux
+ * BackTrack Linux (outdated WPScan installed, update needed)
+ * Pentoo
+ * SamuraiWTF
+
+Prerequisites:
+
+ * Windows not supported
+ * Ruby => 1.9
+ * RubyGems
+ * Git
+
+-> Installing on Debian/Ubuntu:
+
+ sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+ git clone https://github.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install --without test development
+
+-> Installing on Fedora:
+
+ sudo yum install libcurl-devel
+ git clone https://github.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install --without test development
+
+-> Installing on Archlinux:
+
+ pacman -Sy ruby
+ pacman -Sy libyaml
+
+ git clone https://github.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install --without test development
+
+ gem install typhoeus
+ gem install nokogiri
+
+-> Installing on Mac OS X:
+
+ git clone https://github.com/wpscanteam/wpscan.git
+ cd wpscan
+ sudo gem install bundler && bundle install --without test development
+
+
KNOWN ISSUES==
+
+
- Typhoeus segmentation fault:
+ Update cURL to version => 7.21 (may have to install from source)
+ See http://code.google.com/p/wpscan/issues/detail?id=81
+
+- Proxy not working:
+ Update cURL to version => 7.21.7 (may have to install from source).
+
+ Installation from sources :
+ - Grab the sources from http://curl.haxx.se/download.html
+ - Decompress the archive
+ - Open the folder with the extracted files
+ - Run ./configure
+ - Run make
+ - Run sudo make install
+ - Run sudo ldconfig
+
+- cannot load such file -- readline:
+ Run sudo aptitude install libreadline5-dev libncurses5-dev
+
+ Then, open the directory of the readline gem (you have to locate it)
+
+ cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
+ ruby extconf.rb
+ make
+ make install
+
+ See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
+
+- no such file to load -- rubygems
+ Run update-alternatives --config ruby
+ And select your ruby version
+
+ See https://github.com/wpscanteam/wpscan/issues/148
+
+
WPSCAN ARGUMENTS==
+
+
--update Update to the latest revision
+
+
--url | -u <target url> The WordPress URL/domain to scan.
+
+
--force | -f Forces WPScan to not check if the remote site is running
+WordPress.
+
+
--enumerate | -e [option(s)] Enumeration.
+
+
option :
+ u usernames from id 1 to 10
+ u[10-20] usernames from id 10 to 20 (you must write [] chars)
+ p plugins
+ vp only vulnerable plugins
+ ap all plugins (can take a long time)
+ tt timthumbs
+ t themes
+ vp only vulnerable themes
+ at all themes (can take a long time)
+Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+If no option is supplied, the default is 'vt,tt,u,vp'
+
+
--exclude-content-based '<regexp or string>' Used with the
+enumeration option, will exclude all occurrences based on the regexp or
+string supplied
+
+
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+
+
--config-file | -c <config file> Use the specified config file
+
+
--follow-redirection If the target url has a redirection, it will be
+followed without asking if you wanted to do so or not
+
+
--wp-content-dir <wp content dir> WPScan try to find the content
+directory (ie wp-content) by scanning the index page, however you can
+specified it. Subdirectories are allowed
+
+
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir
+but for the plugins directory. If not supplied, WPScan will use
+wp-content-dir/plugins. Subdirectories are allowed
+
+
--proxy <[protocol://]host:port> Supply a proxy (will override the
+one from conf/browser.conf.json).
+
+
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+
+
--proxy-auth <username:password> Supply the proxy login credentials
+(will override the one from conf/browser.conf.json).
+
+
--basic-auth <username:password> Set the HTTP Basic authentication
+
+
--wordlist | -w <wordlist> Supply a wordlist for the password bruter
+and do the brute.
+
+
--threads | -t <number of threads> The number of threads to use
+when multi-threading requests. (will override the value from
+conf/browser.conf.json)
+
+
--username | -U <username> Only brute force the supplied username.
+
+
--help | -h This help screen.
+
+
--verbose | -v Verbose output.
+
+
WPSCAN EXAMPLES==
+
+
Do 'non-intrusive' checks...
+
+
ruby wpscan.rb --url www.example.com
+
+
Do wordlist password brute force on enumerated users using 50 threads...
+
+
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
+
+
Do wordlist password brute force on the 'admin' username only...
+
+
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
+
+
Enumerate installed plugins...
+
+
ruby wpscan.rb --url www.example.com --enumerate p
+
+
WPSTOOLS ARGUMENTS==
+
+
--help | -h This help screen. --Verbose | -v Verbose output.
+--update | -u Update to the latest revision. --generate_plugin_list
+[number of pages] Generate a new data/plugins.txt file. (supply number of
+pages to parse, default : 150) --gpl Alias for
+--generate_plugin_list --check-local-vulnerable-files | --clvf <local
+directory> Perform a recursive scan in the <local directory> to
+find vulnerable files or shells
+
+
WPSTOOLS EXAMPLES==
+
+
+
ruby wpstools.rb --generate_plugin_list 150
+
+
+
ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/
+
+
PROJECT HOME===
+
+
www.wpscan.org
+
+
REPOSITORY===
+
+
github.com/wpscanteam/wpscan
+
+
ISSUES===
+
+
github.com/wpscanteam/wpscan/issues
+
+
SPONSOR===
+
+
WPScan is sponsored by the RandomStorm Open Source Initiative.
+
+
Visit RandomStorm at www.randomstorm.com
+
[View source ] ");
+ $('.toggleSource').toggle(function() {
+ $(this).parent().nextAll('.source_code').slideDown(100);
+ $(this).text("Hide source");
+ },
+ function() {
+ $(this).parent().nextAll('.source_code').slideUp(100);
+ $(this).text("View source");
+ });
+}
+
+function createDefineLinks() {
+ var tHeight = 0;
+ $('.defines').after(" more... ");
+ $('.toggleDefines').toggle(function() {
+ tHeight = $(this).parent().prev().height();
+ $(this).prev().show();
+ $(this).parent().prev().height($(this).parent().height());
+ $(this).text("(less)");
+ },
+ function() {
+ $(this).prev().hide();
+ $(this).parent().prev().height(tHeight);
+ $(this).text("more...");
+ });
+}
+
+function createFullTreeLinks() {
+ var tHeight = 0;
+ $('.inheritanceTree').toggle(function() {
+ tHeight = $(this).parent().prev().height();
+ $(this).parent().toggleClass('showAll');
+ $(this).text("(hide)");
+ $(this).parent().prev().height($(this).parent().height());
+ },
+ function() {
+ $(this).parent().toggleClass('showAll');
+ $(this).parent().prev().height(tHeight);
+ $(this).text("show all");
+ });
+}
+
+function fixBoxInfoHeights() {
+ $('dl.box dd.r1, dl.box dd.r2').each(function() {
+ $(this).prev().height($(this).height());
+ });
+}
+
+function searchFrameLinks() {
+ $('.full_list_link').click(function() {
+ toggleSearchFrame(this, $(this).attr('href'));
+ return false;
+ });
+}
+
+function toggleSearchFrame(id, link) {
+ var frame = $('#search_frame');
+ $('#search a').removeClass('active').addClass('inactive');
+ if (frame.attr('src') == link && frame.css('display') != "none") {
+ frame.slideUp(100);
+ $('#search a').removeClass('active inactive');
+ }
+ else {
+ $(id).addClass('active').removeClass('inactive');
+ frame.attr('src', link).slideDown(100);
+ }
+}
+
+function linkSummaries() {
+ $('.summary_signature').click(function() {
+ document.location = $(this).find('a').attr('href');
+ });
+}
+
+function framesInit() {
+ if (hasFrames) {
+ document.body.className = 'frames';
+ $('#menu .noframes a').attr('href', document.location);
+ window.top.document.title = $('html head title').text();
+ }
+ else {
+ $('#menu .noframes a').text('frames').attr('href', framesUrl);
+ }
+}
+
+function keyboardShortcuts() {
+ if (window.top.frames.main) return;
+ $(document).keypress(function(evt) {
+ if (evt.altKey || evt.ctrlKey || evt.metaKey || evt.shiftKey) return;
+ if (typeof evt.target !== "undefined" &&
+ (evt.target.nodeName == "INPUT" ||
+ evt.target.nodeName == "TEXTAREA")) return;
+ switch (evt.charCode) {
+ case 67: case 99: $('#class_list_link').click(); break; // 'c'
+ case 77: case 109: $('#method_list_link').click(); break; // 'm'
+ case 70: case 102: $('#file_list_link').click(); break; // 'f'
+ default: break;
+ }
+ });
+}
+
+function summaryToggle() {
+ $('.summary_toggle').click(function() {
+ if (localStorage) {
+ localStorage.summaryCollapsed = $(this).text();
+ }
+ $('.summary_toggle').each(function() {
+ $(this).text($(this).text() == "collapse" ? "expand" : "collapse");
+ var next = $(this).parent().parent().nextAll('ul.summary').first();
+ if (next.hasClass('compact')) {
+ next.toggle();
+ next.nextAll('ul.summary').first().toggle();
+ }
+ else if (next.hasClass('summary')) {
+ var list = $('');
+ list.html(next.html());
+ list.find('.summary_desc, .note').remove();
+ list.find('a').each(function() {
+ $(this).html($(this).find('strong').html());
+ $(this).parent().html($(this)[0].outerHTML);
+ });
+ next.before(list);
+ next.toggle();
+ }
+ });
+ return false;
+ });
+ if (localStorage) {
+ if (localStorage.summaryCollapsed == "collapse") {
+ $('.summary_toggle').first().click();
+ }
+ else localStorage.summaryCollapsed = "expand";
+ }
+}
+
+function fixOutsideWorldLinks() {
+ $('a').each(function() {
+ if (window.location.host != this.host) this.target = '_parent';
+ });
+}
+
+function generateTOC() {
+ if ($('#filecontents').length === 0) return;
+ var _toc = $(' ' + title + '
");
+}
+
+var lastRowClass = '';
+function searchItem() {
+ for (var i = 0; i < searchCache.length / 50; i++) {
+ var item = searchCache[searchIndex];
+ var searchName = (searchString.indexOf('::') != -1 ? item.fullName : item.name);
+ var matchString = regexSearchString;
+ var matchRegexp = new RegExp(matchString, caseSensitiveMatch ? "" : "i");
+ if (searchName.match(matchRegexp) == null) {
+ item.node.removeClass('found');
+ }
+ else {
+ item.node.css('padding-left', '10px').addClass('found');
+ item.node.parents().addClass('search_uncollapsed');
+ item.node.removeClass(lastRowClass).addClass(lastRowClass == 'r1' ? 'r2' : 'r1');
+ lastRowClass = item.node.hasClass('r1') ? 'r1' : 'r2';
+ item.link.html(item.name.replace(matchRegexp, "$& "));
+ }
+
+ if (searchCache.length === searchIndex + 1) {
+ searchDone();
+ return;
+ }
+ else {
+ searchIndex++;
+ }
+ }
+ inSearch = setTimeout('searchItem()', 0);
+}
+
+function searchDone() {
+ highlight(true);
+ if ($('#full_list li:visible').size() === 0) {
+ $('#noresults').text('No results were found.').hide().fadeIn();
+ }
+ else {
+ $('#noresults').text('');
+ }
+ $('#content').removeClass('insearch');
+ clearTimeout(inSearch);
+ inSearch = null;
+}
+
+clicked = null;
+function linkList() {
+ $('#full_list li, #full_list li a:last').click(function(evt) {
+ if ($(this).hasClass('toggle')) return true;
+ if ($(this).find('.object_link a').length === 0) {
+ $(this).children('a.toggle').click();
+ return false;
+ }
+ if (this.tagName.toLowerCase() == "li") {
+ var toggle = $(this).children('a.toggle');
+ if (toggle.size() > 0 && evt.pageX < toggle.offset().left) {
+ toggle.click();
+ return false;
+ }
+ }
+ if (clicked) clicked.removeClass('clicked');
+ var win = window.top.frames.main ? window.top.frames.main : window.parent;
+ if (this.tagName.toLowerCase() == "a") {
+ clicked = $(this).parent('li').addClass('clicked');
+ win.location = this.href;
+ }
+ else {
+ clicked = $(this).addClass('clicked');
+ win.location = $(this).find('a:last').attr('href');
+ }
+ return false;
+ });
+}
+
+function collapse() {
+ if (!$('#full_list').hasClass('class')) return;
+ $('#full_list.class a.toggle').click(function() {
+ $(this).parent().toggleClass('collapsed').next().toggleClass('collapsed');
+ highlight();
+ return false;
+ });
+ $('#full_list.class ul').each(function() {
+ $(this).addClass('collapsed').prev().addClass('collapsed');
+ });
+ $('#full_list.class').children().removeClass('collapsed');
+ highlight();
+}
+
+function highlight(no_padding) {
+ var n = 1;
+ $('#full_list li:visible').each(function() {
+ var next = n == 1 ? 2 : 1;
+ $(this).removeClass("r" + next).addClass("r" + n);
+ if (!no_padding && $('#full_list').hasClass('class')) {
+ $(this).css('padding-left', (10 + $(this).parents('ul').size() * 15) + 'px');
+ }
+ n = next;
+ });
+}
+
+function escapeShortcut() {
+ $(document).keydown(function(evt) {
+ if (evt.which == 27) {
+ $('#search_frame', window.top.document).slideUp(100);
+ $('#search a', window.top.document).removeClass('active inactive');
+ $(window.top).focus();
+ }
+ });
+}
+
+$(escapeShortcut);
+$(fullListSearch);
+$(linkList);
+$(collapse);
diff --git a/doc_yard/js/jquery.js b/doc_yard/js/jquery.js
new file mode 100644
index 00000000..198b3ff0
--- /dev/null
+++ b/doc_yard/js/jquery.js
@@ -0,0 +1,4 @@
+/*! jQuery v1.7.1 jquery.com | jquery.org/license */
+(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"":"")+""),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,"display"),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ci(){try{return new a.XMLHttpRequest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){if(c!=="border")for(;g=0===c})}function S(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function K(){return!0}function J(){return!1}function n(a,b,c){var d=b+"defer",e=b+"queue",g=b+"mark",h=f._data(a,d);h&&(c==="queue"||!f._data(a,e))&&(c==="mark"||!f._data(a,g))&&setTimeout(function(){!f._data(a,e)&&!f._data(a,g)&&(f.removeData(a,d,!0),h.fire())},0)}function m(a){for(var b in a){if(b==="data"&&f.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function l(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(k,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNumeric(d)?parseFloat(d):j.test(d)?f.parseJSON(d):d}catch(g){}f.data(a,c,d)}else d=b}return d}function h(a){var b=g[a]={},c,d;a=a.split(/\s+/);for(c=0,d=a.length;c)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,n=/^[\],:{}\s]*$/,o=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,p=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,q=/(?:^|:|,)(?:\s*\[)+/g,r=/(webkit)[ \/]([\w.]+)/,s=/(opera)(?:.*version)?[ \/]([\w.]+)/,t=/(msie) ([\w.]+)/,u=/(mozilla)(?:.*? rv:([\w.]+))?/,v=/-([a-z]|[0-9])/ig,w=/^-ms-/,x=function(a,b){return(b+"").toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=m.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.7.1",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.add(a);return this},eq:function(a){a=+a;return a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),"slice",F.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;A.fireWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").off("ready")}},bindReady:function(){if(!A){A=e.Callbacks("once memory");if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",B,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",B),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):I[C.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!D.call(a,"constructor")&&!D.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||D.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw new Error(a)},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(n.test(b.replace(o,"@").replace(p,"]").replace(q,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,"ms-").replace(v,x)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?i.call(arguments,0):b,j.notifyWith(k,e)}}function l(a){return function(c){b[a]=arguments.length>1?i.call(arguments,0):c,--g||j.resolveWith(j,b)}}var b=i.call(arguments,0),c=0,d=b.length,e=Array(d),g=d,h=d,j=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred(),k=j.promise();if(d>1){for(;ca
",b.shrinkWrapBlocks=q.offsetWidth!==2),q.style.cssText=k+m,q.innerHTML=o,d=q.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,i={doesNotAddBorder:e.offsetTop!==5,doesAddBorderForTableAndCells:h.offsetTop===5},e.style.position="fixed",e.style.top="20px",i.fixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",i.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,i.doesNotIncludeMarginInBodyOffset=r.offsetTop!==j,r.removeChild(a),q=a=null,f.extend(b,i))});return b}();var j=/^(?:\{.*\}|\[.*\])$/,k=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expando,k=typeof c=="string",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c==="events";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.uuid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArray(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,g=b.length;e-1)return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType===1){e?h=a.call(this,d,g.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}if(g){c=f.valHooks[g.nodeName.toLowerCase()]||f.valHooks[g.type];if(c&&"get"in c&&(d=c.get(g,"value"))!==b)return d;d=g.value;return typeof d=="string"?d.replace(q,""):d==null?"":d}}}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selectedIndex,h=[],i=a.options,j=a.type==="select-one";if(g<0)return null;c=j?g:0,d=j?g+1:i.length;for(;c=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a)[c](d);if(typeof a.getAttribute=="undefined")return f.prop(a,c,d);i=j!==1||!f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b){if(d===null){f.removeAttr(a,c);return}if(h&&"set"in h&&i&&(g=h.set(a,d,c))!==b)return g;a.setAttribute(c,""+d);return d}if(h&&"get"in h&&i&&(g=h.get(a,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:function(a,b){var c,d,e,g,h=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d.length;for(;h=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\.]*)?(?:\.(.+))?$/,B=/\bhover(\.\S+)?\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(?:focusinfocus|focusoutblur)$/,F=/^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/,G=function(a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.id||{}).value===b[2])&&(!b[3]||b[3].test((c["class"]||{}).value))},I=function(a){return f.event.special.hover?a:a.replace(B,"mouseenter$1 mouseleave$1")};
+f.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(h.handle=i=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).split(" ");for(k=0;k=0&&(h=h.slice(0,-1),k=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if((!e||f.event.customEvent[h])&&!f.event.global[h])return;c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)"):null,o=h.indexOf(":")<0?"on"+h:"";if(!e){j=f.cache;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.elem,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.unshift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)return;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;le&&i.push({elem:this,matches:d.slice(e)});for(j=0;j0?this.on(b,null,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHooks),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(a,b,c,e,f,g){for(var h=0,i=e.length;h0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length;h+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d="sizcache"+(Math.random()+"").replace(".",""),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\/g,k=/\r\n/g,l=/\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(""),i=a.exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.relative[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.shift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.length===1&&(w[0]==="~"||w[0]==="+")&&d.parentNode?d.parentNode:d,v),j=n.expr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop(),r=q,o.relative[q]?r=w.pop():q="",r==null&&(r=d),o.relative[q](k,r,v)}else k=w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)==="[object Array]")if(!u)e.push.apply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(j,"")},TAG:function(a,b){return a[1].replace(j,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||m.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.error(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(j,"");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(j,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!m(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||n([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||!!a.nodeName&&a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":!f&&m.attr?d!=null:f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=o.match.POS,q=function(a,b){return"\\"+(b-0+1)};for(var r in o.match)o.match[r]=new RegExp(o.match[r].source+/(?![^\[]*\])(?![^\(]*\))/.source),o.leftMatch[r]=new RegExp(/(^(?:.|\r|\n)*?)/.source+o.match[r].source.replace(/\\(\d+)/g,q));var s=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var c=0,d=b||[];if(g.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var e=a.length;c
";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){m=function(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)return s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var k=e,l=e.getAttribute("id"),n=l||d,p=e.parentNode,q=/^\s*[+~]/.test(b);l?n=n.replace(/'/g,"\\$&"):e.setAttribute("id",n),q&&p&&(e=e.parentNode);try{if(!q||p)return s(e.querySelectorAll("[id='"+n+"'] "+b),f)}catch(r){}finally{l||k.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)m[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}m.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;o.order.splice(1,0,"CLASS"),o.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.contains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var y=function(a,b,c){var d,e=[],f="",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace(o.match.PSEUDO,"");a=o.relative[a]?a+"*":a;for(var h=0,i=g.length;h0)for(h=g;h=0:f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c);L.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.unique(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pushStack(e,a,P.call(arguments).join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var V="abbr|article|aside|audio|canvas|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/",""],legend:[1,""," "],thead:[1,""],tr:[2,""],td:[3,""],col:[2,""],area:[1,""," "],_default:[0,"",""]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.caption=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,"div","
"]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.each(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f.clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function()
+{for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!bg[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(var c=0,d=this.length;c1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d,e,g,h=f.support.html5Clone||!bc.test("<"+a.nodeName)?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h),d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=bg[l]||bg._default,n=m[0],o=b.createElement("div");b===c?bh.appendChild(o):U(b).appendChild(o),o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===""&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return br.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNumeric(b)?"alpha(opacity="+b*100+")":"",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bq,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bq.test(g)?g.replace(bq,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bz(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bA=function(a,b){var c,d,e;b=b.replace(bs,"-$1").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.getComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===""&&!f.contains(a.ownerDocument.documentElement,a)&&(c=f.style(a,b)));return c}),c.documentElement.currentStyle&&(bB=function(a,b){var c,d,e,f=a.currentStyle&&a.currentStyle[b],g=a.style;f===null&&g&&(e=g[b])&&(f=e),!bt.test(f)&&bu.test(f)&&(c=g.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.left=b==="fontSize"?"1em":f||0,f=g.pixelLeft+"px",g.left=c,d&&(a.runtimeStyle.left=d));return f===""?"auto":f}),bz=bA||bB,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bD=/%20/g,bE=/\[\]$/,bF=/\r?\n/g,bG=/#.*$/,bH=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bI=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bJ=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bK=/^(?:GET|HEAD)$/,bL=/^\/\//,bM=/\?/,bN=/)<[^<]*)*<\/script>/gi,bO=/^(?:select|textarea)/i,bP=/\s+/,bQ=/([?&])_=[^&]*/,bR=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bS=f.fn.load,bT={},bU={},bV,bW,bX=["*/"]+["*"];try{bV=e.href}catch(bY){bV=c.createElement("a"),bV.href="",bV=bV.href}bW=bR.exec(bV.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bS)return bS.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("").append(c.replace(bN,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bO.test(this.nodeName)||bI.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bF,"\r\n")}}):{name:b.name,value:c.replace(bF,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?b_(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b_(a,b);return a},ajaxSettings:{url:bV,isLocal:bJ.test(bW[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bX},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bZ(bT),ajaxTransport:bZ(bU),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?cb(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=cc(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks("once memory"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bH.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bG,"").replace(bL,bW[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bP),d.crossDomain==null&&(r=bR.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bW[1]&&r[2]==bW[2]&&(r[3]||(r[1]==="http:"?80:443))==(bW[3]||(bW[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),b$(bT,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bK.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bM.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bQ,"$1_="+x);d.url=y+(y===d.url?(bM.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bX+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=b$(bU,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)ca(g,a[g],c,e);return d.join("&").replace(bD,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var cd=f.now(),ce=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+cd++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ce.test(b.url)||e&&ce.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ce,l),b.url===j&&(e&&(k=k.replace(ce,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cf=a.ActiveXObject?function(){for(var a in ch)ch[a](0,1)}:!1,cg=0,ch;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ci()||cj()}:ci,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cf&&delete ch[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cg,cf&&(ch||(ch={},f(a).unload(cf)),ch[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var ck={},cl,cm,cn=/^(?:toggle|show|hide)$/,co=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cp,cq=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cr;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cu("show",3),a,b,c);for(var g=0,h=this.length;g
=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){h.style["overflow"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,"fxshow"+b,!0),f.removeData(h,"toggle"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cy(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cy(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,d,"padding")):this[d]():null},f.fn["outer"+c]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,d,a?"margin":"border")):this[d]():null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNumeric(j)?j:i}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return f})})(window);
\ No newline at end of file
diff --git a/doc_yard/method_list.html b/doc_yard/method_list.html
new file mode 100644
index 00000000..acdc85a1
--- /dev/null
+++ b/doc_yard/method_list.html
@@ -0,0 +1,2020 @@
+
+
+
+
+ Top Level Namespace
+
+ — Documentation by YARD 0.8.6.1
+
+
+
+ Top Level Namespace
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Defined Under Namespace
+
+
+
+ Modules: Ethon Terminal Typhoeus URI Classes: Array Browser CacheFileStore CheckerPlugin CustomOptionParser File GenerateList GitUpdater ListGeneratorPlugin Plugin Plugins StatsPlugin SvnParser SvnUpdater TyphoeusCache Updater UpdaterFactory Vulnerabilities Vulnerability WebSite WpItem WpItems WpPlugin WpPlugins WpTarget WpTheme WpThemes WpTimthumb WpTimthumbs WpUser WpUsers WpVersion WpscanOptions
+
+
Constant Summary
+
+
+
+ LIB_DIR =
+
+
+ File . expand_path ( File . dirname ( __FILE__ ) + ' /.. ' ) ROOT_DIR =
+
+
+
+
expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
+
+
+
+
+
+
+
+
+ File . expand_path ( LIB_DIR + ' /.. ' ) DATA_DIR =
+
+
+ ROOT_DIR + ' /data ' CONF_DIR =
+
+
+ ROOT_DIR + ' /conf ' CACHE_DIR =
+
+
+ ROOT_DIR + ' /cache ' WPSCAN_LIB_DIR =
+
+
+ LIB_DIR + ' /wpscan ' WPSTOOLS_LIB_DIR =
+
+
+ LIB_DIR + ' /wpstools ' UPDATER_LIB_DIR =
+
+
+ LIB_DIR + ' /updater ' COMMON_LIB_DIR =
+
+
+ LIB_DIR + ' /common ' MODELS_LIB_DIR =
+
+
+ COMMON_LIB_DIR + ' /models ' COLLECTIONS_LIB_DIR =
+
+
+ COMMON_LIB_DIR + ' /collections ' LOG_FILE =
+
+
+ ROOT_DIR + ' /log.txt ' COMMON_PLUGINS_DIR =
+
+
+
+
Plugins directories
+
+
+
+
+
+
+
+
+ COMMON_LIB_DIR + ' /plugins ' WPSCAN_PLUGINS_DIR =
+
+
+
+
+
+
+ WPSCAN_LIB_DIR + ' /plugins ' WPSTOOLS_PLUGINS_DIR =
+
+
+ WPSTOOLS_LIB_DIR + ' /plugins ' PLUGINS_FILE =
+
+
+
+
+
+
+ DATA_DIR + ' /plugins.txt ' PLUGINS_FULL_FILE =
+
+
+ DATA_DIR + ' /plugins_full.txt ' PLUGINS_VULNS_FILE =
+
+
+ DATA_DIR + ' /plugin_vulns.xml ' THEMES_FILE =
+
+
+ DATA_DIR + ' /themes.txt ' THEMES_FULL_FILE =
+
+
+ DATA_DIR + ' /themes_full.txt ' THEMES_VULNS_FILE =
+
+
+ DATA_DIR + ' /theme_vulns.xml ' WP_VULNS_FILE =
+
+
+ DATA_DIR + ' /wp_vulns.xml ' WP_VERSIONS_FILE =
+
+
+ DATA_DIR + ' /wp_versions.xml ' LOCAL_FILES_FILE =
+
+
+ DATA_DIR + ' /local_vulnerable_files.xml ' VULNS_XSD =
+
+
+ DATA_DIR + ' /vuln.xsd ' WP_VERSIONS_XSD =
+
+
+ DATA_DIR + ' /wp_versions.xsd ' LOCAL_FILES_XSD =
+
+
+ DATA_DIR + ' /local_vulnerable_files.xsd ' WPSCAN_VERSION =
+
+
+ ' 2.1 ' REVISION =
+
+
+ ' NA '
+
+
+
+
+
+
+
+
+
+
+ Instance Method Summary
+ (collapse )
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ - (Object ) add_http_protocol (url)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+59
+60
+61
+
+
+ # File 'lib/common/common_helper.rb', line 59
+
+def add_http_protocol ( url )
+ url =~ / ^https?: / ? url : " http:// #{ url } " end
+
+
+
+
+
+
+
+ - (Object ) add_trailing_slash (url)
+
+
+
+
+
+
+
+
+
+
+
+63
+64
+65
+
+
+ # File 'lib/common/common_helper.rb', line 63
+
+def add_trailing_slash ( url )
+ url =~ / \/$ / ? url : " #{ url } / " end
+
+
+
+
+
+
+
+ - (Object ) banner
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+
+
+ # File 'lib/common/common_helper.rb', line 78
+
+def banner
+ puts ' ____________________________________________________ ' puts ' __ _______ _____ ' puts ' \\ \\ / / __ \\ / ____| ' puts ' \\ \\ /\\ / /| |__) | (___ ___ __ _ _ __ ' puts ' \\ \\/ \\/ / | ___/ \\___ \\ / __|/ _` | \'_ \\ ' puts ' \\ /\\ / | | ____) | (__| (_| | | | | ' puts " \\/ \\/ |_| |_____/ \\___|\\__,_|_| |_| v #{ WPSCAN_VERSION } r #{ REVISION } " puts
+ puts ' WordPress Security Scanner by the WPScan Team ' puts ' Sponsored by the RandomStorm Open Source Initiative ' puts ' _____________________________________________________ ' puts
+end
+
+
+
+
+
+
+
+ - (Object ) colorize (text, color_code)
+
+
+
+
+
+
+
+
+
+
+
+93
+94
+95
+
+
+ # File 'lib/common/common_helper.rb', line 93
+
+def colorize ( text , color_code )
+ " \e[ #{ color_code } m #{ text } \e[0m " end
+
+
+
+
+
+
+
+ - (Object ) green (text)
+
+
+
+
+
+
+
+
+
+
+
+101
+102
+103
+
+
+ # File 'lib/common/common_helper.rb', line 101
+
+def green ( text )
+ colorize ( text , 32 )
+end
+
+
+
+
+
+
+
+ - (Object ) help
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+
+
+ # File 'lib/wpscan/wpscan_helper.rb', line 57
+
+def help
+ puts ' Help : ' puts
+ puts ' Some values are settable in conf/browser.conf.json : ' puts ' user-agent, proxy, proxy-auth, threads, cache timeout and request timeout ' puts
+ puts ' --update Update to the latest revision ' puts ' --url | -u <target url> The WordPress URL/domain to scan. ' puts ' --force | -f Forces WPScan to not check if the remote site is running WordPress. ' puts ' --enumerate | -e [option(s)] Enumeration. ' puts ' option : ' puts ' u usernames from id 1 to 10 ' puts ' u[10-20] usernames from id 10 to 20 (you must write [] chars) ' puts ' p plugins ' puts ' vp only vulnerable plugins ' puts ' ap all plugins (can take a long time) ' puts ' tt timthumbs ' puts ' t themes ' puts ' vt only vulnerable themes ' puts ' at all themes (can take a long time) ' puts ' Multiple values are allowed : "-e t,p" will enumerate timthumbs and plugins ' puts ' If no option is supplied, the default is "vt,tt,u,vp" ' puts
+ puts ' --exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied ' puts ' You do not need to provide the regexp delimiters, but you must write the quotes (simple or double) ' puts ' --config-file | -c <config file> Use the specified config file ' puts ' --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not ' puts ' --wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed ' puts ' --wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed ' puts ' --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json). ' puts ' HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used ' puts ' --proxy-auth <username:password> Supply the proxy login credentials (will override the one from conf/browser.conf.json). ' puts ' --basic-auth <username:password> Set the HTTP Basic authentication ' puts ' --wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute. ' puts ' --threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json) ' puts ' --username | -U <username> Only brute force the supplied username. ' puts ' --help | -h This help screen. ' puts ' --verbose | -v Verbose output. ' puts
+end
+
+
+
+
+
+
+
+ - (Object ) puts (o = '')
+
+
+
+
+
+
+
+
+
Override for puts to enable logging
+
+
+
+
+
+
+
+
+
+
+
+
+
+65
+66
+67
+68
+69
+70
+71
+72
+
+
+ # File 'lib/common/hacks.rb', line 65
+
+def puts ( o = ' ' )
+ if o . respond_to? ( :gsub )
+ temp = o . gsub ( / \e\[\d+m(.*)?\e\[0m / , ' \1 ' )
+ File . open ( LOG_FILE , ' a+ ' ) { | f | f . puts ( temp ) }
+ end
+ super ( o )
+end
+
+
+
+
+
+
+
+ - (Object ) red (text)
+
+
+
+
+
+
+
+
+
+
+
+97
+98
+99
+
+
+ # File 'lib/common/common_helper.rb', line 97
+
+def red ( text )
+ colorize ( text , 31 )
+end
+
+
+
+
+
+
+
+ - (Object ) redefine_constant (constant, value)
+
+
+
+
+
+
+
+
+
+
+
+111
+112
+113
+114
+
+
+ # File 'lib/common/common_helper.rb', line 111
+
+def redefine_constant ( constant , value )
+ Object . send ( :remove_const , constant )
+ Object . const_set ( constant , value )
+end
+
+
+
+
+
+
+
+ - (Object ) require_files_from_directory (absolute_dir_path, files_pattern = '*.rb')
+
+
+
+
+
+
+
+
+
TODO : add an exclude pattern ?
+
+
+
+
+
+
+
+
+
+
+
+
+
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+
+
+ # File 'lib/common/common_helper.rb', line 45
+
+def require_files_from_directory ( absolute_dir_path , files_pattern = ' *.rb ' )
+ files = Dir [ File . join ( absolute_dir_path , files_pattern ) ]
+
+ files . sort_by { | file | [ file . count ( " / " ) , file ] } . each do | f |
+ f = File . expand_path ( f )
+ require f
+ end
+end
+
+
+
+
+
+
+
+ - (Object ) usage
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+
+
+ # File 'lib/wpscan/wpscan_helper.rb', line 8
+
+def usage
+ script_name = $0
+ puts
+ puts ' Examples : ' puts
+ puts ' -Further help ... ' puts " ruby #{ script_name } --help " puts
+ puts " -Do 'non-intrusive' checks ... " puts " ruby #{ script_name } --url www.example.com " puts
+ puts ' -Do wordlist password brute force on enumerated users using 50 threads ... ' puts " ruby #{ script_name } --url www.example.com --wordlist darkc0de.lst --threads 50 " puts
+ puts " -Do wordlist password brute force on the 'admin' username only ... " puts " ruby #{ script_name } --url www.example.com --wordlist darkc0de.lst --username admin " puts
+ puts ' -Enumerate installed plugins ... ' puts " ruby #{ script_name } --url www.example.com --enumerate p " puts
+ puts ' -Enumerate installed themes ... ' puts " ruby #{ script_name } --url www.example.com --enumerate t " puts
+ puts ' -Enumerate users ... ' puts " ruby #{ script_name } --url www.example.com --enumerate u " puts
+ puts ' -Enumerate installed timthumbs ... ' puts " ruby #{ script_name } --url www.example.com --enumerate tt " puts
+ puts ' -Use a HTTP proxy ... ' puts " ruby #{ script_name } --url www.example.com --proxy 127.0.0.1:8118 " puts
+ puts ' -Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed) ' puts " ruby #{ script_name } --url www.example.com --proxy socks5://127.0.0.1:9000 " puts
+ puts ' -Use custom content directory ... ' puts " ruby #{ script_name } -u www.example.com --wp-content-dir custom-content " puts
+ puts ' -Use custom plugins directory ... ' puts " ruby #{ script_name } -u www.example.com --wp-plugins-dir wp-content/custom-plugins " puts
+ puts ' -Update ... ' puts " ruby #{ script_name } --update " puts
+ puts ' See README for further information. ' puts
+end
+
+
+
+
+
+
+
+ - (Object ) xml (file)
+
+
+
+
+
+
+
+
+
+
+
+105
+106
+107
+108
+109
+
+
+ # File 'lib/common/common_helper.rb', line 105
+
+def xml ( file )
+ Nokogiri :: XML ( File . open ( file ) ) do | config |
+ config . noblanks
+ end
+end
+
+
+
+
+
+
+
![[+]](./images/find.png "show/hide quicksearch")
![[+]](../images/find.png "show/hide quicksearch"){kind=small}
![[+]](../../images/find.png "show/hide quicksearch"){kind=small}