From a38c709d749686c58bbb2e3ecb845c20c6055d80 Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Tue, 30 Apr 2013 23:06:37 +0200 Subject: [PATCH] Updated documentation --- doc/Array.html | 372 --- doc/Browser.html | 901 -------- doc/BruteForce.html | 457 ---- doc/CREDITS.html | 247 -- doc/CacheFileStore.html | 537 ----- doc/CustomOptionParser.html | 549 ----- doc/Gemfile.html | 240 -- doc/GenerateList.html | 616 ----- doc/GitUpdater.html | 517 ----- doc/LICENSE.html | 244 -- doc/ListGeneratorPlugin.html | 400 ---- doc/Malwares.html | 456 ---- doc/Plugin.html | 450 ---- doc/Plugins.html | 449 ---- doc/README.html | 471 ---- doc/StatsPlugin.html | 632 ------ doc/SvnParser.html | 435 ---- doc/SvnUpdater.html | 421 ---- doc/Typhoeus.html | 295 --- doc/Typhoeus/Request.html | 293 --- doc/Typhoeus/Request/Cacheable.html | 324 --- doc/Typhoeus/Response.html | 337 --- doc/TyphoeusCache.html | 367 --- doc/URI.html | 359 --- doc/Updater.html | 469 ---- doc/UpdaterFactory.html | 380 ---- doc/Vulnerabilities.html | 308 --- doc/Vulnerabilities/Output.html | 326 --- doc/Vulnerability.html | 528 ----- doc/Vulnerability/Output.html | 374 --- doc/WebSite.html | 925 -------- doc/WpConfigBackup.html | 398 ---- doc/WpFullPathDisclosure.html | 360 --- doc/WpItem.html | 849 ------- doc/WpItem/Existable.html | 397 ---- doc/WpItem/Findable.html | 275 --- doc/WpItem/Infos.html | 545 ----- doc/WpItem/Output.html | 336 --- doc/WpItem/Versionable.html | 366 --- doc/WpItem/Vulnerable.html | 374 --- doc/WpItems.html | 313 --- doc/WpItems/Detectable.html | 744 ------ doc/WpItems/Output.html | 324 --- doc/WpLoginProtection.html | 864 ------- doc/WpPlugin.html | 362 --- doc/WpPlugin/Vulnerable.html | 362 --- doc/WpPlugins.html | 296 --- doc/WpPlugins/Detectable.html | 359 --- doc/WpReadme.html | 366 --- doc/WpTarget.html | 1086 --------- doc/WpTheme.html | 471 ---- doc/WpTheme/Findable.html | 449 ---- doc/WpTheme/Versionable.html | 330 --- doc/WpTheme/Vulnerable.html | 362 --- doc/WpThemes.html | 296 --- doc/WpThemes/Detectable.html | 359 --- doc/WpTimthumb.html | 377 --- doc/WpTimthumb/Existable.html | 327 --- doc/WpTimthumb/Output.html | 324 --- doc/WpTimthumb/Versionable.html | 366 --- doc/WpTimthumbs.html | 296 --- doc/WpTimthumbs/Detectable.html | 519 ----- doc/WpUser.html | 616 ----- doc/WpUser/Existable.html | 468 ---- doc/WpUsers.html | 313 --- doc/WpUsers/Detectable.html | 409 ---- doc/WpUsers/Output.html | 341 --- doc/WpVersion.html | 430 ---- doc/WpVersion/Findable.html | 803 ------- doc/WpVersion/Output.html | 333 --- doc/WpVersion/Vulnerable.html | 362 --- doc/WpscanOptions.html | 1221 ---------- doc/created.rid | 75 - doc/index.html | 728 ------ doc/js/darkfish.js | 116 - doc/js/jquery.js | 32 - doc/js/quicksearch.js | 114 - doc/js/thickbox-compressed.js | 10 - doc/lib/common/browser_rb.html | 54 - doc/lib/common/cache_file_store_rb.html | 61 - .../vulnerabilities/output_rb.html | 52 - .../collections/vulnerabilities_rb.html | 54 - .../collections/wp_items/detectable_rb.html | 52 - .../collections/wp_items/output_rb.html | 52 - doc/lib/common/collections/wp_items_rb.html | 56 - .../collections/wp_plugins/detectable_rb.html | 52 - doc/lib/common/collections/wp_plugins_rb.html | 54 - .../collections/wp_themes/detectable_rb.html | 52 - doc/lib/common/collections/wp_themes_rb.html | 54 - .../wp_timthumbs/detectable_rb.html | 52 - .../common/collections/wp_timthumbs_rb.html | 54 - .../collections/wp_users/detectable_rb.html | 52 - .../collections/wp_users/output_rb.html | 52 - doc/lib/common/collections/wp_users_rb.html | 56 - doc/lib/common/common_helper_rb.html | 54 - doc/lib/common/custom_option_parser_rb.html | 52 - doc/lib/common/hacks_rb.html | 57 - .../models/vulnerability/output_rb.html | 52 - doc/lib/common/models/vulnerability_rb.html | 54 - .../common/models/wp_item/existable_rb.html | 52 - .../common/models/wp_item/findable_rb.html | 52 - doc/lib/common/models/wp_item/infos_rb.html | 52 - doc/lib/common/models/wp_item/output_rb.html | 52 - .../common/models/wp_item/versionable_rb.html | 52 - .../common/models/wp_item/vulnerable_rb.html | 52 - doc/lib/common/models/wp_item_rb.html | 64 - .../models/wp_plugin/vulnerable_rb.html | 52 - doc/lib/common/models/wp_plugin_rb.html | 54 - .../common/models/wp_theme/findable_rb.html | 52 - .../models/wp_theme/versionable_rb.html | 52 - .../common/models/wp_theme/vulnerable_rb.html | 52 - doc/lib/common/models/wp_theme_rb.html | 58 - .../models/wp_timthumb/existable_rb.html | 52 - .../common/models/wp_timthumb/output_rb.html | 52 - .../models/wp_timthumb/versionable_rb.html | 52 - doc/lib/common/models/wp_timthumb_rb.html | 58 - .../common/models/wp_user/existable_rb.html | 52 - doc/lib/common/models/wp_user_rb.html | 54 - .../common/models/wp_version/findable_rb.html | 52 - .../common/models/wp_version/output_rb.html | 52 - .../models/wp_version/vulnerable_rb.html | 52 - doc/lib/common/models/wp_version_rb.html | 58 - doc/lib/common/plugins/plugin_rb.html | 52 - doc/lib/common/plugins/plugins_rb.html | 52 - doc/lib/common/typhoeus_cache_rb.html | 54 - doc/lib/common/updater/git_updater_rb.html | 54 - doc/lib/common/updater/svn_updater_rb.html | 54 - .../common/updater/updater_factory_rb.html | 52 - doc/lib/common/updater/updater_rb.html | 54 - doc/lib/environment_rb.html | 90 - doc/lib/wpscan/modules/brute_force_rb.html | 52 - doc/lib/wpscan/modules/malwares_rb.html | 52 - .../wpscan/modules/wp_config_backup_rb.html | 52 - .../modules/wp_full_path_disclosure_rb.html | 52 - .../modules/wp_login_protection_rb.html | 52 - doc/lib/wpscan/modules/wp_readme_rb.html | 52 - doc/lib/wpscan/web_site_rb.html | 52 - doc/lib/wpscan/wp_target_rb.html | 66 - doc/lib/wpscan/wpscan_helper_rb.html | 52 - doc/lib/wpscan/wpscan_options_rb.html | 52 - .../plugins/checker/checker_plugin_rb.html | 52 - .../list_generator/generate_list_rb.html | 54 - .../list_generator_plugin_rb.html | 52 - .../plugins/list_generator/svn_parser_rb.html | 54 - .../plugins/stats/stats_plugin_rb.html | 52 - doc/lib/wpstools/wpstools_helper_rb.html | 52 - doc/wpscan_rb.html | 52 - doc/wpstools_rb.html | 52 - doc_rdoc/Array.html | 394 ++++ doc_rdoc/Browser.html | 650 ++++++ doc_rdoc/Browser/Actions.html | 470 ++++ doc_rdoc/Browser/Options.html | 828 +++++++ doc_rdoc/CREDITS.html | 280 +++ doc_rdoc/CacheFileStore.html | 556 +++++ {doc => doc_rdoc}/CheckerPlugin.html | 786 +++---- doc_rdoc/CustomOptionParser.html | 574 +++++ doc_rdoc/Ethon.html | 300 +++ doc_rdoc/Ethon/Easy.html | 306 +++ doc_rdoc/Ethon/Easy/Options.html | 384 ++++ doc_rdoc/File.html | 358 +++ doc_rdoc/Gem.html | 300 +++ doc_rdoc/Gemfile.html | 276 +++ doc_rdoc/Gemfile_lock.html | 312 +++ doc_rdoc/GenerateList.html | 635 ++++++ doc_rdoc/GitUpdater.html | 540 +++++ doc_rdoc/LICENSE.html | 277 +++ doc_rdoc/ListGeneratorPlugin.html | 428 ++++ {doc => doc_rdoc}/Object.html | 1632 ++++++------- doc_rdoc/Plugin.html | 469 ++++ doc_rdoc/Plugins.html | 470 ++++ doc_rdoc/README.html | 525 +++++ doc_rdoc/README_md.html | 537 +++++ doc_rdoc/StatsPlugin.html | 660 ++++++ doc_rdoc/SvnParser.html | 444 ++++ doc_rdoc/SvnUpdater.html | 444 ++++ doc_rdoc/Terminal.html | 300 +++ doc_rdoc/Terminal/Table.html | 401 ++++ doc_rdoc/Terminal/Table/Style.html | 417 ++++ doc_rdoc/Typhoeus.html | 307 +++ doc_rdoc/Typhoeus/Request.html | 306 +++ doc_rdoc/Typhoeus/Request/Cacheable.html | 349 +++ doc_rdoc/Typhoeus/Response.html | 360 +++ doc_rdoc/TyphoeusCache.html | 390 ++++ doc_rdoc/URI.html | 383 ++++ doc_rdoc/Updater.html | 490 ++++ doc_rdoc/UpdaterFactory.html | 403 ++++ doc_rdoc/Vulnerabilities.html | 319 +++ doc_rdoc/Vulnerabilities/Output.html | 351 +++ doc_rdoc/Vulnerability.html | 523 +++++ doc_rdoc/Vulnerability/Output.html | 399 ++++ doc_rdoc/WebSite.html | 995 ++++++++ doc_rdoc/WpItem.html | 832 +++++++ doc_rdoc/WpItem/Existable.html | 419 ++++ doc_rdoc/WpItem/Findable.html | 300 +++ doc_rdoc/WpItem/Infos.html | 609 +++++ doc_rdoc/WpItem/Output.html | 361 +++ doc_rdoc/WpItem/Versionable.html | 391 ++++ doc_rdoc/WpItem/Vulnerable.html | 391 ++++ doc_rdoc/WpItems.html | 332 +++ doc_rdoc/WpItems/Detectable.html | 798 +++++++ doc_rdoc/WpItems/Output.html | 349 +++ doc_rdoc/WpPlugin.html | 373 +++ doc_rdoc/WpPlugin/Vulnerable.html | 387 ++++ doc_rdoc/WpPlugins.html | 319 +++ doc_rdoc/WpPlugins/Detectable.html | 384 ++++ doc_rdoc/WpTarget.html | 832 +++++++ doc_rdoc/WpTarget/Malwares.html | 481 ++++ doc_rdoc/WpTarget/WpConfigBackup.html | 423 ++++ doc_rdoc/WpTarget/WpCustomDirectories.html | 476 ++++ doc_rdoc/WpTarget/WpFullPathDisclosure.html | 387 ++++ doc_rdoc/WpTarget/WpLoginProtection.html | 889 ++++++++ doc_rdoc/WpTarget/WpReadme.html | 394 ++++ doc_rdoc/WpTarget/WpRegistrable.html | 450 ++++ doc_rdoc/WpTheme.html | 487 ++++ doc_rdoc/WpTheme/Findable.html | 474 ++++ doc_rdoc/WpTheme/Versionable.html | 360 +++ doc_rdoc/WpTheme/Vulnerable.html | 387 ++++ doc_rdoc/WpThemes.html | 319 +++ doc_rdoc/WpThemes/Detectable.html | 384 ++++ doc_rdoc/WpTimthumb.html | 380 ++++ doc_rdoc/WpTimthumb/Existable.html | 352 +++ doc_rdoc/WpTimthumb/Output.html | 349 +++ doc_rdoc/WpTimthumb/Versionable.html | 391 ++++ doc_rdoc/WpTimthumbs.html | 319 +++ doc_rdoc/WpTimthumbs/Detectable.html | 544 +++++ doc_rdoc/WpUser.html | 651 ++++++ doc_rdoc/WpUser/BruteForcable.html | 607 +++++ doc_rdoc/WpUser/Existable.html | 493 ++++ doc_rdoc/WpUsers.html | 337 +++ doc_rdoc/WpUsers/BruteForcable.html | 360 +++ doc_rdoc/WpUsers/Detectable.html | 434 ++++ doc_rdoc/WpUsers/Output.html | 364 +++ doc_rdoc/WpVersion.html | 446 ++++ doc_rdoc/WpVersion/Findable.html | 828 +++++++ doc_rdoc/WpVersion/Output.html | 358 +++ doc_rdoc/WpVersion/Vulnerable.html | 387 ++++ doc_rdoc/WpscanOptions.html | 1244 ++++++++++ doc_rdoc/conf/browser_conf_json.html | 327 +++ doc_rdoc/created.rid | 115 + doc_rdoc/generate_doc_sh.html | 267 +++ doc_rdoc/images/add.png | Bin 0 -> 733 bytes doc_rdoc/images/arrow_up.png | Bin 0 -> 372 bytes {doc => doc_rdoc}/images/brick.png | Bin {doc => doc_rdoc}/images/brick_link.png | Bin {doc => doc_rdoc}/images/bug.png | Bin {doc => doc_rdoc}/images/bullet_black.png | Bin .../images/bullet_toggle_minus.png | Bin .../images/bullet_toggle_plus.png | Bin {doc => doc_rdoc}/images/date.png | Bin doc_rdoc/images/delete.png | Bin 0 -> 715 bytes {doc => doc_rdoc}/images/find.png | Bin {doc => doc_rdoc}/images/loadingAnimation.gif | Bin {doc => doc_rdoc}/images/macFFBgHack.png | Bin {doc => doc_rdoc}/images/package.png | Bin {doc => doc_rdoc}/images/page_green.png | Bin {doc => doc_rdoc}/images/page_white_text.png | Bin {doc => doc_rdoc}/images/page_white_width.png | Bin {doc => doc_rdoc}/images/plugin.png | Bin {doc => doc_rdoc}/images/ruby.png | Bin doc_rdoc/images/tag_blue.png | Bin 0 -> 1880 bytes {doc => doc_rdoc}/images/tag_green.png | Bin doc_rdoc/images/transparent.png | Bin 0 -> 97 bytes {doc => doc_rdoc}/images/wrench.png | Bin {doc => doc_rdoc}/images/wrench_orange.png | Bin {doc => doc_rdoc}/images/zoom.png | Bin doc_rdoc/index.html | 258 +++ doc_rdoc/js/darkfish.js | 155 ++ doc_rdoc/js/jquery.js | 18 + doc_rdoc/js/navigation.js | 142 ++ doc_rdoc/js/search.js | 94 + doc_rdoc/js/search_index.js | 1 + doc_rdoc/js/searcher.js | 228 ++ {doc => doc_rdoc}/rdoc.css | 532 ++--- doc_rdoc/table_of_contents.html | 916 ++++++++ doc_yard/Array.html | 209 ++ doc_yard/Browser.html | 1210 ++++++++++ doc_yard/Browser/Actions.html | 536 +++++ doc_yard/Browser/Options.html | 950 ++++++++ doc_yard/CacheFileStore.html | 613 +++++ doc_yard/CheckerPlugin.html | 594 +++++ doc_yard/CustomOptionParser.html | 652 ++++++ doc_yard/Ethon.html | 115 + doc_yard/Ethon/Easy.html | 130 ++ doc_yard/Ethon/Easy/Options.html | 226 ++ doc_yard/File.html | 235 ++ doc_yard/GenerateList.html | 739 ++++++ doc_yard/GitUpdater.html | 538 +++++ doc_yard/ListGeneratorPlugin.html | 444 ++++ doc_yard/Plugin.html | 515 +++++ doc_yard/Plugins.html | 471 ++++ doc_yard/StatsPlugin.html | 670 ++++++ doc_yard/SvnParser.html | 572 +++++ doc_yard/SvnUpdater.html | 358 +++ doc_yard/Terminal.html | 115 + doc_yard/Terminal/Table.html | 229 ++ doc_yard/Terminal/Table/Style.html | 707 ++++++ doc_yard/Typhoeus.html | 128 ++ doc_yard/Typhoeus/Request.html | 130 ++ doc_yard/Typhoeus/Request/Cacheable.html | 174 ++ doc_yard/Typhoeus/Response.html | 221 ++ doc_yard/TyphoeusCache.html | 265 +++ doc_yard/URI.html | 188 ++ doc_yard/Updater.html | 540 +++++ doc_yard/UpdaterFactory.html | 268 +++ doc_yard/Vulnerabilities.html | 160 ++ doc_yard/Vulnerabilities/Output.html | 182 ++ doc_yard/Vulnerability.html | 808 +++++++ doc_yard/Vulnerability/Output.html | 307 +++ doc_yard/WebSite.html | 1504 ++++++++++++ doc_yard/WpItem.html | 1429 ++++++++++++ doc_yard/WpItem/Existable.html | 421 ++++ doc_yard/WpItem/Findable.html | 109 + doc_yard/WpItem/Infos.html | 786 +++++++ doc_yard/WpItem/Output.html | 224 ++ doc_yard/WpItem/Versionable.html | 293 +++ doc_yard/WpItem/Vulnerable.html | 366 +++ doc_yard/WpItems.html | 184 ++ doc_yard/WpItems/Detectable.html | 1493 ++++++++++++ doc_yard/WpItems/Output.html | 178 ++ doc_yard/WpPlugin.html | 339 +++ doc_yard/WpPlugin/Vulnerable.html | 289 +++ doc_yard/WpPlugins.html | 195 ++ doc_yard/WpPlugins/Detectable.html | 274 +++ doc_yard/WpTarget.html | 1285 +++++++++++ doc_yard/WpTarget/Malwares.html | 426 ++++ doc_yard/WpTarget/WpConfigBackup.html | 355 +++ doc_yard/WpTarget/WpCustomDirectories.html | 484 ++++ doc_yard/WpTarget/WpFullPathDisclosure.html | 280 +++ doc_yard/WpTarget/WpLoginProtection.html | 1194 ++++++++++ doc_yard/WpTarget/WpReadme.html | 300 +++ doc_yard/WpTarget/WpRegistrable.html | 419 ++++ doc_yard/WpTheme.html | 517 +++++ doc_yard/WpTheme/Findable.html | 479 ++++ doc_yard/WpTheme/Versionable.html | 190 ++ doc_yard/WpTheme/Vulnerable.html | 289 +++ doc_yard/WpThemes.html | 195 ++ doc_yard/WpThemes/Detectable.html | 274 +++ doc_yard/WpTimthumb.html | 365 +++ doc_yard/WpTimthumb/Existable.html | 228 ++ doc_yard/WpTimthumb/Output.html | 178 ++ doc_yard/WpTimthumb/Versionable.html | 293 +++ doc_yard/WpTimthumbs.html | 195 ++ doc_yard/WpTimthumbs/Detectable.html | 740 ++++++ doc_yard/WpUser.html | 1124 +++++++++ doc_yard/WpUser/BruteForcable.html | 875 +++++++ doc_yard/WpUser/Existable.html | 684 ++++++ doc_yard/WpUsers.html | 221 ++ doc_yard/WpUsers/BruteForcable.html | 231 ++ doc_yard/WpUsers/Detectable.html | 411 ++++ doc_yard/WpUsers/Output.html | 248 ++ doc_yard/WpVersion.html | 519 +++++ doc_yard/WpVersion/Findable.html | 1401 ++++++++++++ doc_yard/WpVersion/Output.html | 196 ++ doc_yard/WpVersion/Vulnerable.html | 289 +++ doc_yard/WpscanOptions.html | 1730 ++++++++++++++ doc_yard/_index.html | 742 ++++++ doc_yard/class_list.html | 53 + doc_yard/css/common.css | 1 + doc_yard/css/full_list.css | 57 + doc_yard/css/style.css | 338 +++ doc_yard/file.README.html | 315 +++ doc_yard/file_list.html | 55 + doc_yard/frames.html | 28 + doc_yard/index.html | 315 +++ doc_yard/js/app.js | 214 ++ doc_yard/js/full_list.js | 178 ++ doc_yard/js/jquery.js | 4 + doc_yard/method_list.html | 2020 +++++++++++++++++ doc_yard/top-level-namespace.html | 1243 ++++++++++ generate_doc.sh | 6 + generate_rdoc.sh | 2 - 371 files changed, 88362 insertions(+), 38796 deletions(-) delete mode 100644 doc/Array.html delete mode 100644 doc/Browser.html delete mode 100644 doc/BruteForce.html delete mode 100644 doc/CREDITS.html delete mode 100644 doc/CacheFileStore.html delete mode 100644 doc/CustomOptionParser.html delete mode 100644 doc/Gemfile.html delete mode 100644 doc/GenerateList.html delete mode 100644 doc/GitUpdater.html delete mode 100644 doc/LICENSE.html delete mode 100644 doc/ListGeneratorPlugin.html delete mode 100644 doc/Malwares.html delete mode 100644 doc/Plugin.html delete mode 100644 doc/Plugins.html delete mode 100644 doc/README.html delete mode 100644 doc/StatsPlugin.html delete mode 100644 doc/SvnParser.html delete mode 100644 doc/SvnUpdater.html delete mode 100644 doc/Typhoeus.html delete mode 100644 doc/Typhoeus/Request.html delete mode 100644 doc/Typhoeus/Request/Cacheable.html delete mode 100644 doc/Typhoeus/Response.html delete mode 100644 doc/TyphoeusCache.html delete mode 100644 doc/URI.html delete mode 100644 doc/Updater.html delete mode 100644 doc/UpdaterFactory.html delete mode 100644 doc/Vulnerabilities.html delete mode 100644 doc/Vulnerabilities/Output.html delete mode 100644 doc/Vulnerability.html delete mode 100644 doc/Vulnerability/Output.html delete mode 100644 doc/WebSite.html delete mode 100644 doc/WpConfigBackup.html delete mode 100644 doc/WpFullPathDisclosure.html delete mode 100644 doc/WpItem.html delete mode 100644 doc/WpItem/Existable.html delete mode 100644 doc/WpItem/Findable.html delete mode 100644 doc/WpItem/Infos.html delete mode 100644 doc/WpItem/Output.html delete mode 100644 doc/WpItem/Versionable.html delete mode 100644 doc/WpItem/Vulnerable.html delete mode 100644 doc/WpItems.html delete mode 100644 doc/WpItems/Detectable.html delete mode 100644 doc/WpItems/Output.html delete mode 100644 doc/WpLoginProtection.html delete mode 100644 doc/WpPlugin.html delete mode 100644 doc/WpPlugin/Vulnerable.html delete mode 100644 doc/WpPlugins.html delete mode 100644 doc/WpPlugins/Detectable.html delete mode 100644 doc/WpReadme.html delete mode 100644 doc/WpTarget.html delete mode 100644 doc/WpTheme.html delete mode 100644 doc/WpTheme/Findable.html delete mode 100644 doc/WpTheme/Versionable.html delete mode 100644 doc/WpTheme/Vulnerable.html delete mode 100644 doc/WpThemes.html delete mode 100644 doc/WpThemes/Detectable.html delete mode 100644 doc/WpTimthumb.html delete mode 100644 doc/WpTimthumb/Existable.html delete mode 100644 doc/WpTimthumb/Output.html delete mode 100644 doc/WpTimthumb/Versionable.html delete mode 100644 doc/WpTimthumbs.html delete mode 100644 doc/WpTimthumbs/Detectable.html delete mode 100644 doc/WpUser.html delete mode 100644 doc/WpUser/Existable.html delete mode 100644 doc/WpUsers.html delete mode 100644 doc/WpUsers/Detectable.html delete mode 100644 doc/WpUsers/Output.html delete mode 100644 doc/WpVersion.html delete mode 100644 doc/WpVersion/Findable.html delete mode 100644 doc/WpVersion/Output.html delete mode 100644 doc/WpVersion/Vulnerable.html delete mode 100644 doc/WpscanOptions.html delete mode 100644 doc/created.rid delete mode 100644 doc/index.html delete mode 100644 doc/js/darkfish.js delete mode 100644 doc/js/jquery.js delete mode 100644 doc/js/quicksearch.js delete mode 100644 doc/js/thickbox-compressed.js delete mode 100644 doc/lib/common/browser_rb.html delete mode 100644 doc/lib/common/cache_file_store_rb.html delete mode 100644 doc/lib/common/collections/vulnerabilities/output_rb.html delete mode 100644 doc/lib/common/collections/vulnerabilities_rb.html delete mode 100644 doc/lib/common/collections/wp_items/detectable_rb.html delete mode 100644 doc/lib/common/collections/wp_items/output_rb.html delete mode 100644 doc/lib/common/collections/wp_items_rb.html delete mode 100644 doc/lib/common/collections/wp_plugins/detectable_rb.html delete mode 100644 doc/lib/common/collections/wp_plugins_rb.html delete mode 100644 doc/lib/common/collections/wp_themes/detectable_rb.html delete mode 100644 doc/lib/common/collections/wp_themes_rb.html delete mode 100644 doc/lib/common/collections/wp_timthumbs/detectable_rb.html delete mode 100644 doc/lib/common/collections/wp_timthumbs_rb.html delete mode 100644 doc/lib/common/collections/wp_users/detectable_rb.html delete mode 100644 doc/lib/common/collections/wp_users/output_rb.html delete mode 100644 doc/lib/common/collections/wp_users_rb.html delete mode 100644 doc/lib/common/common_helper_rb.html delete mode 100644 doc/lib/common/custom_option_parser_rb.html delete mode 100644 doc/lib/common/hacks_rb.html delete mode 100644 doc/lib/common/models/vulnerability/output_rb.html delete mode 100644 doc/lib/common/models/vulnerability_rb.html delete mode 100644 doc/lib/common/models/wp_item/existable_rb.html delete mode 100644 doc/lib/common/models/wp_item/findable_rb.html delete mode 100644 doc/lib/common/models/wp_item/infos_rb.html delete mode 100644 doc/lib/common/models/wp_item/output_rb.html delete mode 100644 doc/lib/common/models/wp_item/versionable_rb.html delete mode 100644 doc/lib/common/models/wp_item/vulnerable_rb.html delete mode 100644 doc/lib/common/models/wp_item_rb.html delete mode 100644 doc/lib/common/models/wp_plugin/vulnerable_rb.html delete mode 100644 doc/lib/common/models/wp_plugin_rb.html delete mode 100644 doc/lib/common/models/wp_theme/findable_rb.html delete mode 100644 doc/lib/common/models/wp_theme/versionable_rb.html delete mode 100644 doc/lib/common/models/wp_theme/vulnerable_rb.html delete mode 100644 doc/lib/common/models/wp_theme_rb.html delete mode 100644 doc/lib/common/models/wp_timthumb/existable_rb.html delete mode 100644 doc/lib/common/models/wp_timthumb/output_rb.html delete mode 100644 doc/lib/common/models/wp_timthumb/versionable_rb.html delete mode 100644 doc/lib/common/models/wp_timthumb_rb.html delete mode 100644 doc/lib/common/models/wp_user/existable_rb.html delete mode 100644 doc/lib/common/models/wp_user_rb.html delete mode 100644 doc/lib/common/models/wp_version/findable_rb.html delete mode 100644 doc/lib/common/models/wp_version/output_rb.html delete mode 100644 doc/lib/common/models/wp_version/vulnerable_rb.html delete mode 100644 doc/lib/common/models/wp_version_rb.html delete mode 100644 doc/lib/common/plugins/plugin_rb.html delete mode 100644 doc/lib/common/plugins/plugins_rb.html delete mode 100644 doc/lib/common/typhoeus_cache_rb.html delete mode 100644 doc/lib/common/updater/git_updater_rb.html delete mode 100644 doc/lib/common/updater/svn_updater_rb.html delete mode 100644 doc/lib/common/updater/updater_factory_rb.html delete mode 100644 doc/lib/common/updater/updater_rb.html delete mode 100644 doc/lib/environment_rb.html delete mode 100644 doc/lib/wpscan/modules/brute_force_rb.html delete mode 100644 doc/lib/wpscan/modules/malwares_rb.html delete mode 100644 doc/lib/wpscan/modules/wp_config_backup_rb.html delete mode 100644 doc/lib/wpscan/modules/wp_full_path_disclosure_rb.html delete mode 100644 doc/lib/wpscan/modules/wp_login_protection_rb.html delete mode 100644 doc/lib/wpscan/modules/wp_readme_rb.html delete mode 100644 doc/lib/wpscan/web_site_rb.html delete mode 100644 doc/lib/wpscan/wp_target_rb.html delete mode 100644 doc/lib/wpscan/wpscan_helper_rb.html delete mode 100644 doc/lib/wpscan/wpscan_options_rb.html delete mode 100644 doc/lib/wpstools/plugins/checker/checker_plugin_rb.html delete mode 100644 doc/lib/wpstools/plugins/list_generator/generate_list_rb.html delete mode 100644 doc/lib/wpstools/plugins/list_generator/list_generator_plugin_rb.html delete mode 100644 doc/lib/wpstools/plugins/list_generator/svn_parser_rb.html delete mode 100644 doc/lib/wpstools/plugins/stats/stats_plugin_rb.html delete mode 100644 doc/lib/wpstools/wpstools_helper_rb.html delete mode 100644 doc/wpscan_rb.html delete mode 100644 doc/wpstools_rb.html create mode 100644 doc_rdoc/Array.html create mode 100644 doc_rdoc/Browser.html create mode 100644 doc_rdoc/Browser/Actions.html create mode 100644 doc_rdoc/Browser/Options.html create mode 100644 doc_rdoc/CREDITS.html create mode 100644 doc_rdoc/CacheFileStore.html rename {doc => doc_rdoc}/CheckerPlugin.html (51%) create mode 100644 doc_rdoc/CustomOptionParser.html create mode 100644 doc_rdoc/Ethon.html create mode 100644 doc_rdoc/Ethon/Easy.html create mode 100644 doc_rdoc/Ethon/Easy/Options.html create mode 100644 doc_rdoc/File.html create mode 100644 doc_rdoc/Gem.html create mode 100644 doc_rdoc/Gemfile.html create mode 100644 doc_rdoc/Gemfile_lock.html create mode 100644 doc_rdoc/GenerateList.html create mode 100644 doc_rdoc/GitUpdater.html create mode 100644 doc_rdoc/LICENSE.html create mode 100644 doc_rdoc/ListGeneratorPlugin.html rename {doc => doc_rdoc}/Object.html (67%) create mode 100644 doc_rdoc/Plugin.html create mode 100644 doc_rdoc/Plugins.html create mode 100644 doc_rdoc/README.html create mode 100644 doc_rdoc/README_md.html create mode 100644 doc_rdoc/StatsPlugin.html create mode 100644 doc_rdoc/SvnParser.html create mode 100644 doc_rdoc/SvnUpdater.html create mode 100644 doc_rdoc/Terminal.html create mode 100644 doc_rdoc/Terminal/Table.html create mode 100644 doc_rdoc/Terminal/Table/Style.html create mode 100644 doc_rdoc/Typhoeus.html create mode 100644 doc_rdoc/Typhoeus/Request.html create mode 100644 doc_rdoc/Typhoeus/Request/Cacheable.html create mode 100644 doc_rdoc/Typhoeus/Response.html create mode 100644 doc_rdoc/TyphoeusCache.html create mode 100644 doc_rdoc/URI.html create mode 100644 doc_rdoc/Updater.html create mode 100644 doc_rdoc/UpdaterFactory.html create mode 100644 doc_rdoc/Vulnerabilities.html create mode 100644 doc_rdoc/Vulnerabilities/Output.html create mode 100644 doc_rdoc/Vulnerability.html create mode 100644 doc_rdoc/Vulnerability/Output.html create mode 100644 doc_rdoc/WebSite.html create mode 100644 doc_rdoc/WpItem.html create mode 100644 doc_rdoc/WpItem/Existable.html create mode 100644 doc_rdoc/WpItem/Findable.html create mode 100644 doc_rdoc/WpItem/Infos.html create mode 100644 doc_rdoc/WpItem/Output.html create mode 100644 doc_rdoc/WpItem/Versionable.html create mode 100644 doc_rdoc/WpItem/Vulnerable.html create mode 100644 doc_rdoc/WpItems.html create mode 100644 doc_rdoc/WpItems/Detectable.html create mode 100644 doc_rdoc/WpItems/Output.html create mode 100644 doc_rdoc/WpPlugin.html create mode 100644 doc_rdoc/WpPlugin/Vulnerable.html create mode 100644 doc_rdoc/WpPlugins.html create mode 100644 doc_rdoc/WpPlugins/Detectable.html create mode 100644 doc_rdoc/WpTarget.html create mode 100644 doc_rdoc/WpTarget/Malwares.html create mode 100644 doc_rdoc/WpTarget/WpConfigBackup.html create mode 100644 doc_rdoc/WpTarget/WpCustomDirectories.html create mode 100644 doc_rdoc/WpTarget/WpFullPathDisclosure.html create mode 100644 doc_rdoc/WpTarget/WpLoginProtection.html create mode 100644 doc_rdoc/WpTarget/WpReadme.html create mode 100644 doc_rdoc/WpTarget/WpRegistrable.html create mode 100644 doc_rdoc/WpTheme.html create mode 100644 doc_rdoc/WpTheme/Findable.html create mode 100644 doc_rdoc/WpTheme/Versionable.html create mode 100644 doc_rdoc/WpTheme/Vulnerable.html create mode 100644 doc_rdoc/WpThemes.html create mode 100644 doc_rdoc/WpThemes/Detectable.html create mode 100644 doc_rdoc/WpTimthumb.html create mode 100644 doc_rdoc/WpTimthumb/Existable.html create mode 100644 doc_rdoc/WpTimthumb/Output.html create mode 100644 doc_rdoc/WpTimthumb/Versionable.html create mode 100644 doc_rdoc/WpTimthumbs.html create mode 100644 doc_rdoc/WpTimthumbs/Detectable.html create mode 100644 doc_rdoc/WpUser.html create mode 100644 doc_rdoc/WpUser/BruteForcable.html create mode 100644 doc_rdoc/WpUser/Existable.html create mode 100644 doc_rdoc/WpUsers.html create mode 100644 doc_rdoc/WpUsers/BruteForcable.html create mode 100644 doc_rdoc/WpUsers/Detectable.html create mode 100644 doc_rdoc/WpUsers/Output.html create mode 100644 doc_rdoc/WpVersion.html create mode 100644 doc_rdoc/WpVersion/Findable.html create mode 100644 doc_rdoc/WpVersion/Output.html create mode 100644 doc_rdoc/WpVersion/Vulnerable.html create mode 100644 doc_rdoc/WpscanOptions.html create mode 100644 doc_rdoc/conf/browser_conf_json.html create mode 100644 doc_rdoc/created.rid create mode 100644 doc_rdoc/generate_doc_sh.html create mode 100755 doc_rdoc/images/add.png create mode 100755 doc_rdoc/images/arrow_up.png rename {doc => doc_rdoc}/images/brick.png (100%) rename {doc => doc_rdoc}/images/brick_link.png (100%) rename {doc => doc_rdoc}/images/bug.png (100%) rename {doc => doc_rdoc}/images/bullet_black.png (100%) rename {doc => doc_rdoc}/images/bullet_toggle_minus.png (100%) rename {doc => doc_rdoc}/images/bullet_toggle_plus.png (100%) rename {doc => doc_rdoc}/images/date.png (100%) create mode 100755 doc_rdoc/images/delete.png rename {doc => doc_rdoc}/images/find.png (100%) rename {doc => doc_rdoc}/images/loadingAnimation.gif (100%) rename {doc => doc_rdoc}/images/macFFBgHack.png (100%) rename {doc => doc_rdoc}/images/package.png (100%) rename {doc => doc_rdoc}/images/page_green.png (100%) rename {doc => doc_rdoc}/images/page_white_text.png (100%) rename {doc => doc_rdoc}/images/page_white_width.png (100%) rename {doc => doc_rdoc}/images/plugin.png (100%) rename {doc => doc_rdoc}/images/ruby.png (100%) create mode 100755 doc_rdoc/images/tag_blue.png rename {doc => doc_rdoc}/images/tag_green.png (100%) create mode 100644 doc_rdoc/images/transparent.png rename {doc => doc_rdoc}/images/wrench.png (100%) rename {doc => doc_rdoc}/images/wrench_orange.png (100%) rename {doc => doc_rdoc}/images/zoom.png (100%) create mode 100644 doc_rdoc/index.html create mode 100644 doc_rdoc/js/darkfish.js create mode 100644 doc_rdoc/js/jquery.js create mode 100644 doc_rdoc/js/navigation.js create mode 100644 doc_rdoc/js/search.js create mode 100644 doc_rdoc/js/search_index.js create mode 100644 doc_rdoc/js/searcher.js rename {doc => doc_rdoc}/rdoc.css (55%) create mode 100644 doc_rdoc/table_of_contents.html create mode 100644 doc_yard/Array.html create mode 100644 doc_yard/Browser.html create mode 100644 doc_yard/Browser/Actions.html create mode 100644 doc_yard/Browser/Options.html create mode 100644 doc_yard/CacheFileStore.html create mode 100644 doc_yard/CheckerPlugin.html create mode 100644 doc_yard/CustomOptionParser.html create mode 100644 doc_yard/Ethon.html create mode 100644 doc_yard/Ethon/Easy.html create mode 100644 doc_yard/Ethon/Easy/Options.html create mode 100644 doc_yard/File.html create mode 100644 doc_yard/GenerateList.html create mode 100644 doc_yard/GitUpdater.html create mode 100644 doc_yard/ListGeneratorPlugin.html create mode 100644 doc_yard/Plugin.html create mode 100644 doc_yard/Plugins.html create mode 100644 doc_yard/StatsPlugin.html create mode 100644 doc_yard/SvnParser.html create mode 100644 doc_yard/SvnUpdater.html create mode 100644 doc_yard/Terminal.html create mode 100644 doc_yard/Terminal/Table.html create mode 100644 doc_yard/Terminal/Table/Style.html create mode 100644 doc_yard/Typhoeus.html create mode 100644 doc_yard/Typhoeus/Request.html create mode 100644 doc_yard/Typhoeus/Request/Cacheable.html create mode 100644 doc_yard/Typhoeus/Response.html create mode 100644 doc_yard/TyphoeusCache.html create mode 100644 doc_yard/URI.html create mode 100644 doc_yard/Updater.html create mode 100644 doc_yard/UpdaterFactory.html create mode 100644 doc_yard/Vulnerabilities.html create mode 100644 doc_yard/Vulnerabilities/Output.html create mode 100644 doc_yard/Vulnerability.html create mode 100644 doc_yard/Vulnerability/Output.html create mode 100644 doc_yard/WebSite.html create mode 100644 doc_yard/WpItem.html create mode 100644 doc_yard/WpItem/Existable.html create mode 100644 doc_yard/WpItem/Findable.html create mode 100644 doc_yard/WpItem/Infos.html create mode 100644 doc_yard/WpItem/Output.html create mode 100644 doc_yard/WpItem/Versionable.html create mode 100644 doc_yard/WpItem/Vulnerable.html create mode 100644 doc_yard/WpItems.html create mode 100644 doc_yard/WpItems/Detectable.html create mode 100644 doc_yard/WpItems/Output.html create mode 100644 doc_yard/WpPlugin.html create mode 100644 doc_yard/WpPlugin/Vulnerable.html create mode 100644 doc_yard/WpPlugins.html create mode 100644 doc_yard/WpPlugins/Detectable.html create mode 100644 doc_yard/WpTarget.html create mode 100644 doc_yard/WpTarget/Malwares.html create mode 100644 doc_yard/WpTarget/WpConfigBackup.html create mode 100644 doc_yard/WpTarget/WpCustomDirectories.html create mode 100644 doc_yard/WpTarget/WpFullPathDisclosure.html create mode 100644 doc_yard/WpTarget/WpLoginProtection.html create mode 100644 doc_yard/WpTarget/WpReadme.html create mode 100644 doc_yard/WpTarget/WpRegistrable.html create mode 100644 doc_yard/WpTheme.html create mode 100644 doc_yard/WpTheme/Findable.html create mode 100644 doc_yard/WpTheme/Versionable.html create mode 100644 doc_yard/WpTheme/Vulnerable.html create mode 100644 doc_yard/WpThemes.html create mode 100644 doc_yard/WpThemes/Detectable.html create mode 100644 doc_yard/WpTimthumb.html create mode 100644 doc_yard/WpTimthumb/Existable.html create mode 100644 doc_yard/WpTimthumb/Output.html create mode 100644 doc_yard/WpTimthumb/Versionable.html create mode 100644 doc_yard/WpTimthumbs.html create mode 100644 doc_yard/WpTimthumbs/Detectable.html create mode 100644 doc_yard/WpUser.html create mode 100644 doc_yard/WpUser/BruteForcable.html create mode 100644 doc_yard/WpUser/Existable.html create mode 100644 doc_yard/WpUsers.html create mode 100644 doc_yard/WpUsers/BruteForcable.html create mode 100644 doc_yard/WpUsers/Detectable.html create mode 100644 doc_yard/WpUsers/Output.html create mode 100644 doc_yard/WpVersion.html create mode 100644 doc_yard/WpVersion/Findable.html create mode 100644 doc_yard/WpVersion/Output.html create mode 100644 doc_yard/WpVersion/Vulnerable.html create mode 100644 doc_yard/WpscanOptions.html create mode 100644 doc_yard/_index.html create mode 100644 doc_yard/class_list.html create mode 100644 doc_yard/css/common.css create mode 100644 doc_yard/css/full_list.css create mode 100644 doc_yard/css/style.css create mode 100644 doc_yard/file.README.html create mode 100644 doc_yard/file_list.html create mode 100644 doc_yard/frames.html create mode 100644 doc_yard/index.html create mode 100644 doc_yard/js/app.js create mode 100644 doc_yard/js/full_list.js create mode 100644 doc_yard/js/jquery.js create mode 100644 doc_yard/method_list.html create mode 100644 doc_yard/top-level-namespace.html create mode 100755 generate_doc.sh delete mode 100755 generate_rdoc.sh diff --git a/doc/Array.html b/doc/Array.html deleted file mode 100644 index 2aedb0b7..00000000 --- a/doc/Array.html +++ /dev/null @@ -1,372 +0,0 @@ - - - - - - - Class: Array - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

Array

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- _grep_(regexp) - click to toggle source -
- - -
- -

Fix for grep with symbols in ruby <= 1.8.7

- - - -
-
-# File lib/common/hacks.rb, line 19
-def _grep_(regexp)
-  matches = []
-  self.each do |value|
-    value = value.to_s
-    matches << value if value.match(regexp)
-  end
-  matches
-end
-
- -
- - -
- Also aliased as: grep -
- - - -
- - -
- - - -
- grep(regexp) - click to toggle source -
- - -
- - - - - -
- - - - -
- Alias for: _grep_ -
- -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Browser.html b/doc/Browser.html deleted file mode 100644 index 21a056a7..00000000 --- a/doc/Browser.html +++ /dev/null @@ -1,901 +0,0 @@ - - - - - - - Class: Browser - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - - - - - - - -
- - -
- -
-

Browser

- -
- -
- - - - -
- - - - - - -
-

Constants

-
- -
ACCESSOR_OPTIONS
- -
- - -
USER_AGENT_MODES
- -
- - -
-
- - - - -
-

Attributes

- - -
- - -
- config_file[R] -
- -
- - - -
-
- -
- - -
- hydra[R] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- instance(options = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 48
-def self.instance(options = {})
-  unless @@instance
-    @@instance = new(options)
-  end
-  @@instance
-end
-
- -
- - - - -
- - -
- - - -
- reset() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 55
-def self.reset
-  @@instance = nil
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- forge_request(url, params = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 146
-def forge_request(url, params = {})
-  Typhoeus::Request.new(
-    url.to_s,
-    merge_request_params(params)
-  )
-end
-
- -
- - - - -
- - -
- - - -
- get(url, params = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 126
-def get(url, params = {})
-  run_request(
-    forge_request(url, params.merge(method: :get))
-  )
-end
-
- -
- - - - -
- - -
- - - -
- get_and_follow_location(url, params = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 138
-def get_and_follow_location(url, params = {})
-  params[:maxredirs] ||= 2
-
-  run_request(
-    forge_request(url, params.merge(method: :get, followlocation: true))
-  )
-end
-
- -
- - - - -
- - -
- - - -
- invalid_proxy_auth_format() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 104
-def invalid_proxy_auth_format
-  'Invalid proxy auth format, expected username:password or {proxy_username: username, proxy_password: password}'
-end
-
- -
- - - - -
- - -
- - - -
- load_config(config_file = nil) - click to toggle source -
- - -
- -

TODO reload hydra (if the .load_config is called on a -browser object, hydra will not have the new @max_threads and -@request_timeout)

- - - -
-
-# File lib/common/browser.rb, line 110
-def load_config(config_file = nil)
-  @config_file = config_file || @config_file
-
-  if File.symlink?(@config_file)
-    raise "[ERROR] Config file is a symlink."
-  else
-    data = JSON.parse(File.read(@config_file))
-  end
-
-  ACCESSOR_OPTIONS.each do |option|
-    option_name = option.to_s
-
-    self.send(:"#{option_name}=", data[option_name])
-  end
-end
-
- -
- - - - -
- - -
- - - -
- max_threads=(max_threads) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 85
-def max_threads=(max_threads)
-  if max_threads.nil? or max_threads <= 0
-    max_threads = 1
-  end
-  @max_threads = max_threads
-end
-
- -
- - - - -
- - -
- - - -
- merge_request_params(params = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 153
-def merge_request_params(params = {})
-  params = Browser.append_params_header_field(
-    params,
-    'User-Agent',
-    self.user_agent
-  )
-
-  if @proxy
-    params = params.merge(proxy: @proxy)
-
-    if @proxy_auth
-      params = params.merge(proxyauth: @proxy_auth)
-    end
-  end
-
-  if @basic_auth
-    params = Browser.append_params_header_field(
-      params,
-      'Authorization',
-      @basic_auth
-    )
-  end
-
-  # Used to enable the cache system if :cache_ttl > 0
-  unless params.has_key?(:cache_ttl)
-    params = params.merge(cache_ttl: @cache_ttl)
-  end
-
-  # Disable SSL-Certificate checks
-  params = params.merge(ssl_verifypeer: false)
-  params = params.merge(ssl_verifyhost: 0)
-
-  params
-end
-
- -
- - - - -
- - -
- - - -
- post(url, params = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 132
-def post(url, params = {})
-  run_request(
-    forge_request(url, params.merge(method: :post))
-  )
-end
-
- -
- - - - -
- - -
- - - -
- proxy_auth=(auth) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 92
-def proxy_auth=(auth)
-  unless auth.nil?
-    if auth.is_a?(Hash) && auth.include?(:proxy_username) && auth.include?(:proxy_password)
-      @proxy_auth = auth[:proxy_username] + ':' + auth[:proxy_password]
-    elsif auth.is_a?(String) && auth.index(':') != nil
-      @proxy_auth = auth
-    else
-      raise invalid_proxy_auth_format
-    end
-  end
-end
-
- -
- - - - -
- - -
- - - -
- user_agent() - click to toggle source -
- - -
- -

return the user agent, according to the user_agent_mode

- - - -
-
-# File lib/common/browser.rb, line 73
-def user_agent
-  case @user_agent_mode
-  when 'semi-static'
-    unless @user_agent
-      @user_agent = @available_user_agents.sample
-    end
-  when 'random'
-    @user_agent = @available_user_agents.sample
-  end
-  @user_agent
-end
-
- -
- - - - -
- - -
- - - -
- user_agent_mode=(ua_mode) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/browser.rb, line 59
-def user_agent_mode=(ua_mode)
-  ua_mode ||= 'static'
-
-  if USER_AGENT_MODES.include?(ua_mode)
-    @user_agent_mode = ua_mode
-    # For semi-static user agent mode, the user agent has to
-    # be nil the first time (it will be set with the getter)
-    @user_agent = nil if ua_mode === 'semi-static'
-  else
-    raise "Unknow user agent mode : '#{ua_mode}'"
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/BruteForce.html b/doc/BruteForce.html deleted file mode 100644 index e5743480..00000000 --- a/doc/BruteForce.html +++ /dev/null @@ -1,457 +0,0 @@ - - - - - - - Module: BruteForce - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

BruteForce

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Class Methods

- - -
- - - -
- lines_in_file(file_path) - click to toggle source -
- - -
- -

Counts the number of lines in the wordlist It can take a couple of minutes -on large wordlists, although bareable.

- - - -
-
-# File lib/wpscan/modules/brute_force.rb, line 101
-def self.lines_in_file(file_path)
-  lines = 0
-  File.open(file_path, 'r').each { |_| lines += 1 }
-  lines
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- brute_force(wp_users, wordlist_path, options = {}) - click to toggle source -
- - -
- -

param array of WpUsers wp_users param string -wordlist_path param hash options

- -
boolean :show_progression If true, will output the details (Sucess, error etc)
- - - -
-
-# File lib/wpscan/modules/brute_force.rb, line 8
-def brute_force(wp_users, wordlist_path, options = {})
-  hydra               = Browser.instance.hydra
-  number_of_passwords = BruteForce.lines_in_file(wordlist_path)
-  login_url           = login_url()
-  found               = []
-  show_progression    = options[:show_progression] || false
-
-  wp_users.each do |wp_user|
-    queue_count    = 0
-    request_count  = 0
-    password_found = false
-
-    File.open(wordlist_path, 'r').each do |password|
-      # ignore file comments, but will miss passwords if they start with a hash...
-      next if password[0, 1] == '#'
-
-      password.strip!
-
-      # keep a count of the amount of requests to be sent
-      request_count += 1
-      queue_count   += 1
-
-      # create local vars for on_complete call back, Issue 51.
-      login    = wp_user.login
-      password = password
-
-      # the request object
-      request = Browser.instance.forge_request(login_url,
-        {
-          method: :post,
-          body: { log: URI::encode(login), pwd: URI::encode(password) },
-          cache_ttl: 0
-        }
-      )
-
-      # tell hydra what to do when the request completes
-      request.on_complete do |response|
-
-        puts "\n  Trying Username : #{login} Password : #{password}" if @verbose
-
-        if response.body =~ /login_error/
-          puts "\nIncorrect login and/or password." if @verbose
-        elsif response.code == 302
-          puts "\n  " + green('[SUCCESS]') + " Login : #{login} Password : #{password}\n" if show_progression
-          found << { name: login, password: password }
-          password_found = true
-        elsif response.timed_out?
-          puts red('ERROR:') + ' Request timed out.' if show_progression
-        elsif response.code == 0
-          puts red('ERROR:') + ' No response from remote server. WAF/IPS?' if show_progression
-        # code is a fixnum, needs a string for regex
-        elsif response.code.to_s =~ /^50/
-          puts red('ERROR:') + ' Server error, try reducing the number of threads.' if show_progression
-        else
-          puts "\n" + red('ERROR:') + " We received an unknown response for #{password}..." if show_progression
-
-          # HACK to get the coverage :/ (otherwise some output is present in the rspec)
-          puts red("Code: #{response.code.to_s}") if @verbose
-          puts red("Body: #{response.body}") if @verbose
-          puts if @verbose
-        end
-      end
-
-      # move onto the next login if we have found a valid password
-      break if password_found
-
-      # queue the request to be sent later
-      hydra.queue(request)
-
-      # progress indicator
-      print "\r  Brute forcing user '#{login}' with #{number_of_passwords} passwords... #{(request_count * 100) / number_of_passwords}% complete." if show_progression
-
-      # it can take a long time to queue 2 million requests,
-      # for that reason, we queue @threads, send @threads, queue @threads and so on.
-      # hydra.run only returns when it has recieved all of its,
-      # responses. This means that while we are waiting for @threads,
-      # responses, we are waiting...
-      if queue_count >= Browser.instance.max_threads
-        hydra.run
-        queue_count = 0
-        puts "Sent #{Browser.instance.max_threads} requests ..." if @verbose
-      end
-    end
-
-    # run all of the remaining requests
-    hydra.run
-  end
-  found
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/CREDITS.html b/doc/CREDITS.html deleted file mode 100644 index 947ec699..00000000 --- a/doc/CREDITS.html +++ /dev/null @@ -1,247 +0,0 @@ - - - - - - - - File: CREDITS [RDoc Documentation] - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - -
- -
- -

*CREDITS*

- -

This file is to give credit to WPScan’s contributors. If you feel your name -should be in here, email ryandewhurst at gmail.

- -

*WPScan Team*

- -

Erwan.LR - @erwan_lr - (Project Developer) Christian Mehlmauer - -@FireFart - (Project Developer) Gianluca Brindisi - @gbrindisi -(Project Developer) Ryan Dewhurst - @ethicalhack3r (Project Lead)

- -

*Other Contributors*

- -

Alip AKA Undead - alip.aswalid at gmail.com michee08 - Reported and gave -potential solutions to bugs. Callum Pember - Implemented proxy support - -callumpember at gmail.com g0tmi1k - Additional timthumb checks + bug -reports. Melvin Lammerts - Reported a couple of fake vulnerabilities - -melvin at 12k.nl Paolo Perego - @thesp0nge - Basic authentication

- -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - diff --git a/doc/CacheFileStore.html b/doc/CacheFileStore.html deleted file mode 100644 index 4a7b2da6..00000000 --- a/doc/CacheFileStore.html +++ /dev/null @@ -1,537 +0,0 @@ - - - - - - - Class: CacheFileStore - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

CacheFileStore

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - -
- serializer[R] -
- -
- - - -
-
- -
- - -
- storage_path[R] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- new(storage_path, serializer = Marshal) - click to toggle source -
- - -
- -

The serializer must have the 2 methods .load and .dump

- -
(Marshal and YAML have them)
- -

YAML is Human Readable, contrary to Marshal which store in a binary format -Marshal does not need any “require”

- - - -
-
-# File lib/common/cache_file_store.rb, line 19
-def initialize(storage_path, serializer = Marshal)
-  @storage_path = File.expand_path(storage_path)
-  @serializer = serializer
-
-  # File.directory? for ruby <= 1.9 otherwise,
-  # it makes more sense to do Dir.exist? :/
-  unless File.directory?(@storage_path)
-    Dir.mkdir(@storage_path)
-  end
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- clean() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/cache_file_store.rb, line 30
-def clean
-  Dir[File.join(@storage_path, '*')].each do |f|
-    File.delete(f) unless File.symlink?(f)
-  end
-end
-
- -
- - - - -
- - -
- - - -
- get_entry_file_path(key) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/cache_file_store.rb, line 52
-def get_entry_file_path(key)
-  File::join(@storage_path, key)
-end
-
- -
- - - - -
- - -
- - - -
- read_entry(key) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/cache_file_store.rb, line 36
-def read_entry(key)
-  entry_file_path = get_entry_file_path(key)
-
-  if File.exists?(entry_file_path)
-    return @serializer.load(File.read(entry_file_path))
-  end
-end
-
- -
- - - - -
- - -
- - - -
- write_entry(key, data_to_store, cache_ttl) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/cache_file_store.rb, line 44
-def write_entry(key, data_to_store, cache_ttl)
-  if cache_ttl > 0
-    File.open(get_entry_file_path(key), 'w') do |f|
-      f.write(@serializer.dump(data_to_store))
-    end
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/CustomOptionParser.html b/doc/CustomOptionParser.html deleted file mode 100644 index 2252ad7c..00000000 --- a/doc/CustomOptionParser.html +++ /dev/null @@ -1,549 +0,0 @@ - - - - - - - Class: CustomOptionParser - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

OptionParser

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

CustomOptionParser

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - -
- symbols_used[R] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- new(banner = nil, width = 32, indent = ' ' * 4) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/custom_option_parser.rb, line 6
-def initialize(banner = nil, width = 32, indent = ' ' * 4)
-  @results         = {}
-  @symbols_used    = []
-  super(banner, width, indent)
-end
-
- -
- - - - -
- - -
- -
-

Protected Class Methods

- - -
- - - -
- option_to_symbol(option) - click to toggle source -
- - -
- -

param Array option

- - - -
-
-# File lib/common/custom_option_parser.rb, line 56
-def self.option_to_symbol(option)
-  option_name = nil
-
-  option.each do |option_attr|
-    if option_attr =~ /^--/
-      option_name = option_attr
-      break
-    end
-  end
-
-  if option_name
-    option_name = option_name.gsub(/^--/, '').gsub(/-/, '_').gsub(/ .*$/, '')
-    :"#{option_name}"
-  else
-    raise "Could not find the option name for #{option}"
-  end
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- add(options) - click to toggle source -
- - -
- -

param Array(Array) or Array options

- - - -
-
-# File lib/common/custom_option_parser.rb, line 14
-def add(options)
-  if options.is_a?(Array)
-    if options[0].is_a?(Array)
-      options.each do |option|
-        add_option(option)
-      end
-    else
-      add_option(options)
-    end
-  else
-    raise "Options must be at least an Array, or an Array(Array). #{options.class} supplied"
-  end
-end
-
- -
- - - - -
- - -
- - - -
- add_option(option) - click to toggle source -
- - -
- -

param Array option

- - - -
-
-# File lib/common/custom_option_parser.rb, line 29
-def add_option(option)
-  if option.is_a?(Array)
-    option_symbol = CustomOptionParser::option_to_symbol(option)
-
-    if !@symbols_used.include?(option_symbol)
-      @symbols_used << option_symbol
-
-      self.on(*option) do |arg|
-        @results[option_symbol] = arg
-      end
-    else
-      raise "The option #{option_symbol} is already used !"
-    end
-  else
-    raise "The option must be an array, #{option.class} supplied : '#{option}'"
-  end
-end
-
- -
- - - - -
- - -
- - - -
- results(argv = default_argv) - click to toggle source -
- - -
- -

return Hash

- - - -
-
-# File lib/common/custom_option_parser.rb, line 48
-def results(argv = default_argv)
-  self.parse!(argv) if @results.empty?
-
-  @results
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Gemfile.html b/doc/Gemfile.html deleted file mode 100644 index 32a9d306..00000000 --- a/doc/Gemfile.html +++ /dev/null @@ -1,240 +0,0 @@ - - - - - - - - File: Gemfile [RDoc Documentation] - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - -
- -
- -

source “rubygems.org

- -

gem “typhoeus”, “>=0.6.2” gem “nokogiri” gem “json”

- -

group :development, :test do

- -
gem "webmock", ">=1.9.3"
-gem "simplecov"
-gem "rspec", :require => "spec"
- -

end

- -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - diff --git a/doc/GenerateList.html b/doc/GenerateList.html deleted file mode 100644 index e4739e0d..00000000 --- a/doc/GenerateList.html +++ /dev/null @@ -1,616 +0,0 @@ - - - - - - - Class: GenerateList - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
- - - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - - - - - - - -
- - -
- -
-

GenerateList

- -
- -

This tool generates a list to use for plugin and theme enumeration

- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - - - -
- verbose[RW] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- new(type, verbose) - click to toggle source -
- - -
- -

type = themes | plugins

- - - -
-
-# File lib/wpstools/plugins/list_generator/generate_list.rb, line 8
-def initialize(type, verbose)
-  if type =~ /plugins/
-    @type           = 'plugin'
-    @svn_url        = 'http://plugins.svn.wordpress.org/'
-    @popular_url    = 'http://wordpress.org/extend/plugins/browse/popular/'
-    @popular_regex  = %{<h3><a href="http://wordpress.org/extend/plugins/(.+)/">.+</a></h3>}
-  elsif type =~ /themes/
-    @type           = 'theme'
-    @svn_url        = 'http://themes.svn.wordpress.org/'
-    @popular_url    = 'http://wordpress.org/extend/themes/browse/popular/'
-    @popular_regex  = %{<h3><a href="http://wordpress.org/extend/themes/(.+)">.+</a></h3>}
-  else
-    raise "Type #{type} not defined"
-  end
-  @verbose  = verbose
-  @browser  = Browser.instance
-  @hydra    = @browser.hydra
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- generate_full_list() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/list_generator/generate_list.rb, line 52
-def generate_full_list
-  set_file_name(:full)
-  items = SvnParser.new(@svn_url).parse
-  save items
-end
-
- -
- - - - -
- - -
- - - -
- generate_popular_list(pages) - click to toggle source -
- - -
- - - - - - - -
- - - - -
- - -
- - - -
- get_popular_items(pages) - click to toggle source -
- - -
- -

Send a HTTP request to the WordPress most popular theme or plugin webpage -parse the response for the names.

- - - - - -
- - - - -
- - -
- - - -
- save(items) - click to toggle source -
- - -
- -

Save the file

- - - -
-
-# File lib/wpstools/plugins/list_generator/generate_list.rb, line 103
-def save(items)
-  items.sort!
-  items.uniq!
-  puts "[*] We have parsed #{items.length} #@types"
-  File.open(@file_name, 'w') { |f| f.puts(items) }
-  puts "New #@file_name file created"
-end
-
- -
- - - - -
- - -
- - - -
- set_file_name(type) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/list_generator/generate_list.rb, line 27
-def set_file_name(type)
-  case @type
-  when 'plugin'
-    case type
-    when :full
-      @file_name = PLUGINS_FULL_FILE
-    when :popular
-      @file_name = PLUGINS_FILE
-    else
-      raise 'Unknown type'
-    end
-  when 'theme'
-    case type
-    when :full
-      @file_name = THEMES_FULL_FILE
-    when :popular
-      @file_name = THEMES_FILE
-    else
-      raise 'Unknown type'
-    end
-    else
-      raise "Unknown type #@type"
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/GitUpdater.html b/doc/GitUpdater.html deleted file mode 100644 index fd8ea4d0..00000000 --- a/doc/GitUpdater.html +++ /dev/null @@ -1,517 +0,0 @@ - - - - - - - Class: GitUpdater - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Updater

- -
- - - - - - - - - - - - -
- - -
- -
-

GitUpdater

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- has_local_changes?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/git_updater.rb, line 21
-def has_local_changes?
-  %[git #{repo_directory_arguments()} diff --exit-code 2>&1] =~ /diff/ ? true : false
-end
-
- -
- - - - -
- - -
- - - -
- is_installed?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/git_updater.rb, line 6
-def is_installed?
-  %[git #{repo_directory_arguments()} status 2>&1] =~ /On branch/ ? true : false
-end
-
- -
- - - - -
- - -
- - - -
- local_revision_number() - click to toggle source -
- - -
- -

Git has not a revsion number like SVN, so we will take the 7 first chars of -the last commit hash

- - - -
-
-# File lib/common/updater/git_updater.rb, line 12
-def local_revision_number
-  git_log = %[git #{repo_directory_arguments()} log -1 2>&1]
-  git_log[/commit ([0-9a-z]{7})/, 1].to_s
-end
-
- -
- - - - -
- - -
- - - -
- reset_head() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/git_updater.rb, line 25
-def reset_head
-  %[git #{repo_directory_arguments()} reset --hard HEAD]
-end
-
- -
- - - - -
- - -
- - - -
- update() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/git_updater.rb, line 17
-def update
-  %[git #{repo_directory_arguments()} pull]
-end
-
- -
- - - - -
- - -
- -
-

Protected Instance Methods

- - -
- - - -
- repo_directory_arguments() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/git_updater.rb, line 30
-def repo_directory_arguments
-  if @repo_directory
-    return "--git-dir=\"#{@repo_directory}/.git\" --work-tree=\"#{@repo_directory}\""
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/LICENSE.html b/doc/LICENSE.html deleted file mode 100644 index 39433a9c..00000000 --- a/doc/LICENSE.html +++ /dev/null @@ -1,244 +0,0 @@ - - - - - - - - File: LICENSE [RDoc Documentation] - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - -
- -
- -

WPScan - WordPress Security Scanner Copyright (C) 2012-2013

- -

This program is free software: you can redistribute it and/or modify it -under the terms of the GNU General Public License as published by the Free -Software Foundation, either version 3 of the License, or (at your option) -any later version.

- -

This program is distributed in the hope that it will be useful, but WITHOUT -ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -more details.

- -

You should have received a copy of the GNU General Public License along -with this program. If not, see <www.gnu.org/licenses/>.

- -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - diff --git a/doc/ListGeneratorPlugin.html b/doc/ListGeneratorPlugin.html deleted file mode 100644 index 83ef1385..00000000 --- a/doc/ListGeneratorPlugin.html +++ /dev/null @@ -1,400 +0,0 @@ - - - - - - - Class: ListGeneratorPlugin - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

Plugin

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

ListGeneratorPlugin

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Class Methods

- - -
- - - -
- new() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/list_generator/list_generator_plugin.rb, line 4
-def initialize
-  super(author: 'WPScanTeam - @FireFart')
-
-  register_options(
-    ['--generate-plugin-list [NUMBER_OF_PAGES]', '--gpl', Integer, 'Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)'],
-    ['--generate-full-plugin-list', '--gfpl', 'Generate a new full data/plugins.txt file'],
-
-    ['--generate-theme-list [NUMBER_OF_PAGES]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)'],
-    ['--generate-full-theme-list', '--gftl', 'Generate a new full data/themes.txt file'],
-
-    ['--generate-all', '--ga', 'Generate a new full plugins, full themes, popular plugins and popular themes list']
-  )
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- run(options = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/list_generator/list_generator_plugin.rb, line 18
-def run(options = {})
-  @verbose     = options[:verbose] || false
-  generate_all = options[:generate_all] || false
-
-  if options.has_key?(:generate_plugin_list) || generate_all
-    most_popular('plugin', options[:generate_plugin_list] || 150)
-  end
-
-  if options[:generate_full_plugin_list] || generate_all
-    full('plugin')
-  end
-
-  if options.has_key?(:generate_theme_list) || generate_all
-    most_popular('theme', options[:generate_theme_list] || 150)
-  end
-
-  if options[:generate_full_theme_list] || generate_all
-    full('theme')
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Malwares.html b/doc/Malwares.html deleted file mode 100644 index 032f4195..00000000 --- a/doc/Malwares.html +++ /dev/null @@ -1,456 +0,0 @@ - - - - - - - Module: Malwares - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

Malwares

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Class Methods

- - -
- - - -
- malware_pattern(url_regex) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/malwares.rb, line 42
-def self.malware_pattern(url_regex)
-  # no need to escape regex here, because malware.txt contains regex
-  %{<(?:script|iframe).* src=(?:"|')(#{url_regex}[^"']*)(?:"|')[^>]*>}
-end
-
- -
- - - - -
- - -
- - - -
- malwares_file(malwares_file_path) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/malwares.rb, line 38
-def self.malwares_file(malwares_file_path)
-  malwares_file_path || DATA_DIR + '/malwares.txt'
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- has_malwares?(malwares_file_path = nil) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/malwares.rb, line 9
-def has_malwares?(malwares_file_path = nil)
-  !malwares(malwares_file_path).empty?
-end
-
- -
- - - - -
- - -
- - - -
- malwares(malwares_file_path = nil) - click to toggle source -
- - -
- -

return array of string (url of malwares found)

- - - -
-
-# File lib/wpscan/modules/malwares.rb, line 14
-def malwares(malwares_file_path = nil)
-  unless @malwares
-    malwares_found = []
-    malwares_file = Malwares.malwares_file(malwares_file_path)
-    index_page_body = Browser.instance.get(@uri.to_s).body
-
-    File.open(malwares_file, 'r') do |file|
-      file.readlines.collect do |url|
-        chomped_url = url.chomp
-
-        if chomped_url.length > 0
-          malwares_found += index_page_body.scan(Malwares.malware_pattern(chomped_url))
-        end
-      end
-    end
-
-    malwares_found.flatten!
-    malwares_found.uniq!
-
-    @malwares = malwares_found
-  end
-  @malwares
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Plugin.html b/doc/Plugin.html deleted file mode 100644 index 6cd9b231..00000000 --- a/doc/Plugin.html +++ /dev/null @@ -1,450 +0,0 @@ - - - - - - - Class: Plugin - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

Plugin

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - -
- author[R] -
- -
- - - -
-
- -
- - -
- registered_options[R] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- new(infos = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/plugins/plugin.rb, line 6
-def initialize(infos = {})
-  @author  = infos[:author]
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- register_options(*options) - click to toggle source -
- - -
- -

param Array options

- - - -
-
-# File lib/common/plugins/plugin.rb, line 15
-def register_options(*options)
-  options.each do |option|
-    unless option.is_a?(Array)
-      raise "Each option must be an array, #{option.class} supplied"
-    end
-  end
-  @registered_options = options
-end
-
- -
- - - - -
- - -
- - - -
- run(options = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/plugins/plugin.rb, line 10
-def run(options = {})
-  raise NotImplementedError
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Plugins.html b/doc/Plugins.html deleted file mode 100644 index 05d66663..00000000 --- a/doc/Plugins.html +++ /dev/null @@ -1,449 +0,0 @@ - - - - - - - Class: Plugins - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Array

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

Plugins

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - -
- option_parser[R] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- new(option_parser = nil) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/plugins/plugins.rb, line 6
-def initialize(option_parser = nil)
-  if option_parser
-    if option_parser.is_a?(CustomOptionParser)
-      @option_parser = option_parser
-    else
-      raise "The parser must be an instance of CustomOptionParser, #{option_parser.class} supplied"
-    end
-  else
-    @option_parser = CustomOptionParser.new
-  end
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- register(*plugins) - click to toggle source -
- - -
- -

param Array(Plugin) plugins

- - - -
-
-# File lib/common/plugins/plugins.rb, line 19
-def register(*plugins)
-  plugins.each do |plugin|
-    register_plugin(plugin)
-  end
-end
-
- -
- - - - -
- - -
- - - -
- register_plugin(plugin) - click to toggle source -
- - -
- -

param Plugin plugin

- - - -
-
-# File lib/common/plugins/plugins.rb, line 26
-def register_plugin(plugin)
-  if plugin.is_a?(Plugin)
-    self << plugin
-
-    # A plugin may not have options
-    if plugin_options = plugin.registered_options
-      @option_parser.add(plugin_options)
-    end
-  else
-    raise "The argument must be an instance of Plugin, #{plugin.class} supplied"
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/README.html b/doc/README.html deleted file mode 100644 index b8a21706..00000000 --- a/doc/README.html +++ /dev/null @@ -1,471 +0,0 @@ - - - - - - - - File: README [RDoc Documentation] - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - -
- -
- -

__

- -
__          _______   _____
-\ \        / /  __ \ / ____|
- \ \  /\  / /| |__) | (___   ___  __ _ _ __
-  \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
-   \  /\  /  | |     ____) | (__| (_| | | | |
-    \/  \/   |_|    |_____/ \___|\__,_|_| |_|
- -

__

- -

LICENSE==

- -

WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team

- -

This program is free software: you can redistribute it and/or modify it -under the terms of the GNU General Public License as published by the Free -Software Foundation, either version 3 of the License, or (at your option) -any later version.

- -

This program is distributed in the hope that it will be useful, but WITHOUT -ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -more details.

- -

You should have received a copy of the GNU General Public License along -with this program. If not, see <www.gnu.org/licenses/>.

- -

ryandewhurst at gmail

- -

INSTALL==

- -
WPScan comes pre-installed on the following Linux distributions:
-
- * BackBox Linux
- * BackTrack Linux (outdated WPScan installed, update needed)
- * Pentoo
- * SamuraiWTF
-
-Prerequisites:
-
- * Windows not supported
- * Ruby => 1.9
- * RubyGems
- * Git
-
--> Installing on Debian/Ubuntu:
-
-  sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
-  git clone https://github.com/wpscanteam/wpscan.git
-  cd wpscan
-  sudo gem install bundler && bundle install --without test development
-
--> Installing on Fedora:
-
-  sudo yum install libcurl-devel
-  git clone https://github.com/wpscanteam/wpscan.git
-  cd wpscan
-  sudo gem install bundler && bundle install --without test development
-
--> Installing on Archlinux:
-
-  pacman -Sy ruby
-  pacman -Sy libyaml
-
-  git clone https://github.com/wpscanteam/wpscan.git
-  cd wpscan
-  sudo gem install bundler && bundle install --without test development
-
-  gem install typhoeus
-  gem install nokogiri
-
--> Installing on Mac OS X:
-
-  git clone https://github.com/wpscanteam/wpscan.git
-  cd wpscan
-  sudo gem install bundler && bundle install --without test development
- -

KNOWN ISSUES==

- -
- Typhoeus segmentation fault:
-    Update cURL to version => 7.21 (may have to install from source)
-    See http://code.google.com/p/wpscan/issues/detail?id=81
-
-- Proxy not working:
-    Update cURL to version => 7.21.7 (may have to install from source).
-
-    Installation from sources :
-      - Grab the sources from http://curl.haxx.se/download.html
-      - Decompress the archive
-      - Open the folder with the extracted files
-      - Run ./configure
-      - Run make
-      - Run sudo make install
-      - Run sudo ldconfig
-
-- cannot load such file -- readline:
-    Run sudo aptitude install libreadline5-dev libncurses5-dev
-
-    Then, open the directory of the readline gem (you have to locate it)
-
-    cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
-    ruby extconf.rb
-    make
-    make install
-
-    See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
-
-- no such file to load -- rubygems
-    Run update-alternatives --config ruby
-    And select your ruby version
-
-    See https://github.com/wpscanteam/wpscan/issues/148
- -

WPSCAN ARGUMENTS==

- -

–update Update to the latest revision

- -

–url | -u <target url> The WordPress URL/domain to scan.

- -

–force | -f Forces WPScan to not check if the remote site is running -WordPress.

- -

–enumerate | -e [option(s)] Enumeration.

- -
option :
-  u        usernames from id 1 to 10
-  u[10-20] usernames from id 10 to 20 (you must write [] chars)
-  p        plugins
-  vp       only vulnerable plugins
-  ap       all plugins (can take a long time)
-  tt       timthumbs
-  t        themes
-  vp       only vulnerable themes
-  at       all themes (can take a long time)
-Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
-If no option is supplied, the default is 'vt,tt,u,vp'
- -

–exclude-content-based ‘<regexp or string>’ Used with the -enumeration option, will exclude all occurrences based on the regexp or -string supplied

- -
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
- -

–config-file | -c <config file> Use the specified config file

- -

–follow-redirection If the target url has a redirection, it will be -followed without asking if you wanted to do so or not

- -

–wp-content-dir <wp content dir> WPScan try to find the content -directory (ie wp-content) by scanning the index page, however you can -specified it. Subdirectories are allowed

- -

–wp-plugins-dir <wp plugins dir> Same thing than –wp-content-dir but -for the plugins directory. If not supplied, WPScan will use -wp-content-dir/plugins. Subdirectories are allowed

- -

–proxy <[protocol://]host:port> Supply a proxy (will override the -one from conf/browser.conf.json).

- -
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
- -

–proxy-auth <username:password> Supply the proxy login credentials -(will override the one from conf/browser.conf.json).

- -

–basic-auth <username:password> Set the HTTP Basic authentication

- -

–wordlist | -w <wordlist> Supply a wordlist for the password bruter -and do the brute.

- -

–threads | -t <number of threads> The number of threads to use when -multi-threading requests. (will override the value from -conf/browser.conf.json)

- -

–username | -U <username> Only brute force the supplied username.

- -

–help | -h This help screen.

- -

–verbose | -v Verbose output.

- -

WPSCAN EXAMPLES==

- -

Do ‘non-intrusive’ checks…

- -
ruby wpscan.rb --url www.example.com
- -

Do wordlist password brute force on enumerated users using 50 threads…

- -
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
- -

Do wordlist password brute force on the ‘admin’ username only…

- -
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
- -

Enumerate installed plugins…

- -
ruby wpscan.rb --url www.example.com --enumerate p
- -

WPSTOOLS ARGUMENTS==

- -

–help | -h This help screen. –Verbose | -v Verbose output. –update -| -u Update to the latest revision. –generate_plugin_list [number of -pages] Generate a new data/plugins.txt file. (supply number of -pages to parse, default : 150) –gpl Alias for –generate_plugin_list -–check-local-vulnerable-files | –clvf <local directory> Perform a -recursive scan in the <local directory> to find vulnerable files or -shells

- -

WPSTOOLS EXAMPLES==

- - -

ruby wpstools.rb –generate_plugin_list 150

- - -

ruby wpstools.rb -–check-local-vulnerable-files /var/www/wordpress/

- -

PROJECT HOME===

- -

www.wpscan.org

- -

REPOSITORY===

- -

github.com/wpscanteam/wpscan

- -

ISSUES===

- -

github.com/wpscanteam/wpscan/issues

- -

SPONSOR===

- -

WPScan is sponsored by the RandomStorm Open Source Initiative.

- -

Visit RandomStorm at www.randomstorm.com

- -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - diff --git a/doc/StatsPlugin.html b/doc/StatsPlugin.html deleted file mode 100644 index 979b70dc..00000000 --- a/doc/StatsPlugin.html +++ /dev/null @@ -1,632 +0,0 @@ - - - - - - - Class: StatsPlugin - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Plugin

- -
- - - - - - - - - - - - -
- - -
- -
-

StatsPlugin

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Class Methods

- - -
- - - -
- new() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/stats/stats_plugin.rb, line 4
-def initialize
-  super(author: 'WPScanTeam - Christian Mehlmauer')
-
-  register_options(
-      ['--stats', '--s', 'Show WpScan Database statistics']
-  )
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- lines_in_file(file) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/stats/stats_plugin.rb, line 50
-def lines_in_file(file)
-  IO.readlines(file).size
-end
-
- -
- - - - -
- - -
- - - -
- plugin_vulns_count(file=PLUGINS_VULNS_FILE) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/stats/stats_plugin.rb, line 34
-def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
-  xml(file).xpath("count(//vulnerability)").to_i
-end
-
- -
- - - - -
- - -
- - - -
- run(options = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/stats/stats_plugin.rb, line 12
-def run(options = {})
-  if options[:stats]
-    puts "Wpscan Databse Statistics:"
-    puts "--------------------------"
-    puts "[#] Total vulnerable plugins: #{vuln_plugin_count}"
-    puts "[#] Total vulnerable themes: #{vuln_theme_count}"
-    puts "[#] Total plugin vulnerabilities: #{plugin_vulns_count}"
-    puts "[#] Total theme vulnerabilities: #{theme_vulns_count}"
-    puts "[#] Total plugins to enumerate: #{total_plugins}"
-    puts "[#] Total themes to enumerate: #{total_themes}"
-    puts
-  end
-end
-
- -
- - - - -
- - -
- - - -
- theme_vulns_count(file=THEMES_VULNS_FILE) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/stats/stats_plugin.rb, line 38
-def theme_vulns_count(file=THEMES_VULNS_FILE)
-  xml(file).xpath("count(//vulnerability)").to_i
-end
-
- -
- - - - -
- - -
- - - -
- total_plugins(file=PLUGINS_FULL_FILE) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/stats/stats_plugin.rb, line 42
-def total_plugins(file=PLUGINS_FULL_FILE)
-  lines_in_file(file)
-end
-
- -
- - - - -
- - -
- - - -
- total_themes(file=THEMES_FULL_FILE) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/stats/stats_plugin.rb, line 46
-def total_themes(file=THEMES_FULL_FILE)
-  lines_in_file(file)
-end
-
- -
- - - - -
- - -
- - - -
- vuln_plugin_count(file=PLUGINS_VULNS_FILE) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/stats/stats_plugin.rb, line 26
-def vuln_plugin_count(file=PLUGINS_VULNS_FILE)
-  xml(file).xpath("count(//plugin)").to_i
-end
-
- -
- - - - -
- - -
- - - -
- vuln_theme_count(file=THEMES_VULNS_FILE) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/stats/stats_plugin.rb, line 30
-def vuln_theme_count(file=THEMES_VULNS_FILE)
-  xml(file).xpath("count(//theme)").to_i
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/SvnParser.html b/doc/SvnParser.html deleted file mode 100644 index 03a41045..00000000 --- a/doc/SvnParser.html +++ /dev/null @@ -1,435 +0,0 @@ - - - - - - - Class: SvnParser - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
- - - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

SvnParser

- -
- -

This Class Parses SVN Repositories via HTTP

- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - - - -
- keep_empty_dirs[RW] -
- -
- - - -
-
- -
- - - - -
- svn_root[RW] -
- -
- - - -
-
- -
- - - - -
- verbose[RW] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- new(svn_root) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/list_generator/svn_parser.rb, line 7
-def initialize(svn_root)
-  @svn_root    = svn_root
-  @svn_browser = Browser.instance
-  @svn_hydra   = @svn_browser.hydra
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- parse() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/list_generator/svn_parser.rb, line 13
-def parse
-  get_root_directories
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/SvnUpdater.html b/doc/SvnUpdater.html deleted file mode 100644 index 71f7e32f..00000000 --- a/doc/SvnUpdater.html +++ /dev/null @@ -1,421 +0,0 @@ - - - - - - - Class: SvnUpdater - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Updater

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

SvnUpdater

- -
- -
- - - - -
- - - - - - -
-

Constants

-
- -
REVISION_PATTERN
- -
- - -
TRUNK_URL
- -
- - -
-
- - - - - - -
-

Public Instance Methods

- - -
- - - -
- is_installed?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/svn_updater.rb, line 9
-def is_installed?
-  %[svn info "#@repo_directory" --xml 2>&1] =~ /revision=/ ? true : false
-end
-
- -
- - - - -
- - -
- - - -
- local_revision_number() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/svn_updater.rb, line 13
-def local_revision_number
-  local_revision = %[svn info "#@repo_directory" --xml 2>&1]
-  local_revision[REVISION_PATTERN, 1].to_s
-end
-
- -
- - - - -
- - -
- - - -
- update() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/svn_updater.rb, line 18
-def update
-  %[svn up "#@repo_directory"]
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Typhoeus.html b/doc/Typhoeus.html deleted file mode 100644 index 445faadd..00000000 --- a/doc/Typhoeus.html +++ /dev/null @@ -1,295 +0,0 @@ - - - - - - - Module: Typhoeus - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - -
-

Namespace

- -
- - - - - -
- - -
- -
-

Typhoeus

- -
- -

Implementaion of a cache_key (Typhoeus::Request#hash has too many options)

-
- -

This is used in WpItem::Existable

- -
- - - - -
- - - - - - - - - - -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Typhoeus/Request.html b/doc/Typhoeus/Request.html deleted file mode 100644 index 8754d8f2..00000000 --- a/doc/Typhoeus/Request.html +++ /dev/null @@ -1,293 +0,0 @@ - - - - - - - Class: Typhoeus::Request - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - -
-

Namespace

- -
- - - - - -
- - -
- -
-

Typhoeus::Request

- -
- -
- - - - -
- - - - - - - - - - -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Typhoeus/Request/Cacheable.html b/doc/Typhoeus/Request/Cacheable.html deleted file mode 100644 index 2c0a6447..00000000 --- a/doc/Typhoeus/Request/Cacheable.html +++ /dev/null @@ -1,324 +0,0 @@ - - - - - - - Module: Typhoeus::Request::Cacheable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

Typhoeus::Request::Cacheable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- cache_key() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/typhoeus_cache.rb, line 8
-def cache_key
-  Digest::SHA2.hexdigest("#{url}-#{options[:body]}-#{options[:method]}")[0..32]
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Typhoeus/Response.html b/doc/Typhoeus/Response.html deleted file mode 100644 index 7001513e..00000000 --- a/doc/Typhoeus/Response.html +++ /dev/null @@ -1,337 +0,0 @@ - - - - - - - Class: Typhoeus::Response - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

Typhoeus::Response

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- has_valid_hash?(error_404_hash, homepage_hash) - click to toggle source -
- - -
- -

Compare the body hash to error_404_hash and homepage_hash returns true if -they are different, false otherwise

- -

@return [ Boolean ]

- - - -
-
-# File lib/common/hacks.rb, line 40
-def has_valid_hash?(error_404_hash, homepage_hash)
-  body_hash = Digest::MD5.hexdigest(self.body)
-
-  body_hash != error_404_hash && body_hash != homepage_hash
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/TyphoeusCache.html b/doc/TyphoeusCache.html deleted file mode 100644 index f33c025b..00000000 --- a/doc/TyphoeusCache.html +++ /dev/null @@ -1,367 +0,0 @@ - - - - - - - Class: TyphoeusCache - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

CacheFileStore

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

TyphoeusCache

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- get(request) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/typhoeus_cache.rb, line 17
-def get(request)
-  read_entry(request.cache_key)
-end
-
- -
- - - - -
- - -
- - - -
- set(request, response) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/typhoeus_cache.rb, line 21
-def set(request, response)
-  write_entry(request.cache_key, response, request.cache_ttl)
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/URI.html b/doc/URI.html deleted file mode 100644 index ba26acce..00000000 --- a/doc/URI.html +++ /dev/null @@ -1,359 +0,0 @@ - - - - - - - Module: URI - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

URI

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- encode(str) - click to toggle source -
- - -
- - - - - -
- - - - -
- Alias for: escape -
- -
- - -
- - - -
- escape(str) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/hacks.rb, line 8
-def escape(str)
-  URI::Parser.new.escape(str)
-end
-
- -
- - -
- Also aliased as: encode -
- - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Updater.html b/doc/Updater.html deleted file mode 100644 index cf713904..00000000 --- a/doc/Updater.html +++ /dev/null @@ -1,469 +0,0 @@ - - - - - - - Class: Updater - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

Updater

- -
- -

This class act as an absract one

- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - -
- repo_directory[R] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- new(repo_directory = nil) - click to toggle source -
- - -
- -

TODO : add a last ‘/ to repo_directory if it’s -not present

- - - -
-
-# File lib/common/updater/updater.rb, line 8
-def initialize(repo_directory = nil)
-  @repo_directory = repo_directory
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- is_installed?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/updater.rb, line 12
-def is_installed?
-  raise NotImplementedError
-end
-
- -
- - - - -
- - -
- - - -
- local_revision_number() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/updater.rb, line 16
-def local_revision_number
-  raise NotImplementedError
-end
-
- -
- - - - -
- - -
- - - -
- update() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/updater.rb, line 20
-def update
-  raise NotImplementedError
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/UpdaterFactory.html b/doc/UpdaterFactory.html deleted file mode 100644 index 9f803b5e..00000000 --- a/doc/UpdaterFactory.html +++ /dev/null @@ -1,380 +0,0 @@ - - - - - - - Class: UpdaterFactory - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

UpdaterFactory

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Class Methods

- - -
- - - -
- get_updater(repo_directory) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/updater/updater_factory.rb, line 4
-def self.get_updater(repo_directory)
-  self.available_updaters_classes().each do |updater_symbol|
-    updater = Object.const_get(updater_symbol).new(repo_directory)
-
-    if updater.is_installed?
-      return updater
-    end
-  end
-  nil
-end
-
- -
- - - - -
- - -
- -
-

Protected Class Methods

- - -
- - - -
- available_updaters_classes() - click to toggle source -
- - -
- -

return array of class symbols

- - - -
-
-# File lib/common/updater/updater_factory.rb, line 18
-def self.available_updaters_classes
-  Object.constants.grep(/^.+Updater$/)
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Vulnerabilities.html b/doc/Vulnerabilities.html deleted file mode 100644 index cf492471..00000000 --- a/doc/Vulnerabilities.html +++ /dev/null @@ -1,308 +0,0 @@ - - - - - - - Class: Vulnerabilities - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

Array

- -
- - - - - - -
-

Namespace

- -
- - - - - - -
-

Included Modules

- -
- -
- - -
- -
-

Vulnerabilities

- -
- -
- - - - -
- - - - - - - - - - -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Vulnerabilities/Output.html b/doc/Vulnerabilities/Output.html deleted file mode 100644 index e07da77c..00000000 --- a/doc/Vulnerabilities/Output.html +++ /dev/null @@ -1,326 +0,0 @@ - - - - - - - Module: Vulnerabilities::Output - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
- - - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

Vulnerabilities::Output

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- output() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/collections/vulnerabilities/output.rb, line 5
-def output
-  self.each do |v|
-    v.output
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Vulnerability.html b/doc/Vulnerability.html deleted file mode 100644 index 49e4a202..00000000 --- a/doc/Vulnerability.html +++ /dev/null @@ -1,528 +0,0 @@ - - - - - - - Class: Vulnerability - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

Object

- -
- - - - - - -
-

Namespace

- -
- - - - -
-

Methods

- -
- - - - -
-

Included Modules

- -
- -
- - -
- -
-

Vulnerability

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - - - -
- metasploit_modules[RW] -
- -
- - - -
-
- -
- - - - -
- references[RW] -
- -
- - - -
-
- -
- - - - -
- title[RW] -
- -
- - - -
-
- -
- - - - -
- type[RW] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- load_from_xml_node(xml_node) - click to toggle source -
- - -
- -

Create the Vulnerability from the xml_node

- -

@param [ Nokogiri::XML::Node ] xml_node

- -

@return [ Vulnerability ]

- - - -
-
-# File lib/common/models/vulnerability.rb, line 37
-def self.load_from_xml_node(xml_node)
-  new(
-    xml_node.search('title').text,
-    xml_node.search('type').text,
-    xml_node.search('reference').map(&:text),
-    xml_node.search('metasploit').map(&:text)
-  )
-end
-
- -
- - - - -
- - -
- - - -
- new(title, type, references, metasploit_modules = []) - click to toggle source -
- - -
- -

@param [ String ] title The title of the vulnerability @param [ String ] -type The type of the vulnerability @param [ Array -] references References urls @param [ Array ] metasploit_modules -Metasploit modules for the vulnerability

- -

@return [ Vulnerability ]

- - - -
-
-# File lib/common/models/vulnerability.rb, line 16
-def initialize(title, type, references, metasploit_modules = [])
-  @title              = title
-  @type               = type
-  @references         = references
-  @metasploit_modules = metasploit_modules
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- ==(other) - click to toggle source -
- - -
- -

@param [ Vulnerability ] other

- -

@return [ Boolean ] :nocov:

- - - -
-
-# File lib/common/models/vulnerability.rb, line 27
-def ==(other)
-  title == other.title && type == other.type && references == other.references
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/Vulnerability/Output.html b/doc/Vulnerability/Output.html deleted file mode 100644 index 806d6d76..00000000 --- a/doc/Vulnerability/Output.html +++ /dev/null @@ -1,374 +0,0 @@ - - - - - - - Module: Vulnerability::Output - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

Vulnerability::Output

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Class Methods

- - -
- - - -
- metasploit_module_url(module_path) - click to toggle source -
- - -
- -

@return [ String ] The url to the metasploit module page

- - - -
-
-# File lib/common/models/vulnerability/output.rb, line 18
-def self.metasploit_module_url(module_path)
-  # remove leading slash
-  module_path = module_path.sub(/^\//, '')
-  "http://www.metasploit.com/modules/#{module_path}"
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- output() - click to toggle source -
- - -
- -

output the vulnerability

- - - -
-
-# File lib/common/models/vulnerability/output.rb, line 6
-def output
-  puts ' |'
-  puts ' | ' + red("* Title: #{title}")
-  references.each do |r|
-    puts ' | ' + red("* Reference: #{r}")
-  end
-  metasploit_modules.each do |m|
-    puts ' | ' + red("* Metasploit module: #{metasploit_module_url(m)}")
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WebSite.html b/doc/WebSite.html deleted file mode 100644 index 1e1f7ea4..00000000 --- a/doc/WebSite.html +++ /dev/null @@ -1,925 +0,0 @@ - - - - - - - Class: WebSite - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - -
-

Parent

- -

Object

- -
- - - - - - - - - - - - -
- - -
- -
-

WebSite

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - -
- uri[R] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- new(site_url) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/web_site.rb, line 6
-def initialize(site_url)
-  self.url = site_url
-end
-
- -
- - - - -
- - -
- - - -
- page_hash(url) - click to toggle source -
- - -
- -

Return the MD5 hash of the page given by url

- - - -
-
-# File lib/wpscan/web_site.rb, line 79
-def self.page_hash(url)
-  Digest::MD5.hexdigest(Browser.instance.get(url).body)
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- error_404_hash() - click to toggle source -
- - -
- -

Return the MD5 hash of a 404 page

- - - -
-
-# File lib/wpscan/web_site.rb, line 91
-def error_404_hash
-  unless @error_404_hash
-    non_existant_page = Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html'
-    @error_404_hash   = WebSite.page_hash(@uri.merge(non_existant_page).to_s)
-  end
-  @error_404_hash
-end
-
- -
- - - - -
- - -
- - - -
- has_basic_auth?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/web_site.rb, line 23
-def has_basic_auth?
-  Browser.instance.get(@uri.to_s).code == 401
-end
-
- -
- - - - -
- - -
- - - -
- has_robots?() - click to toggle source -
- - -
- -

Checks if a robots.txt file exists

- - - -
-
-# File lib/wpscan/web_site.rb, line 107
-def has_robots?
-  Browser.instance.get(robots_url).code == 200
-end
-
- -
- - - - -
- - -
- - - -
- has_xml_rpc?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/web_site.rb, line 27
-def has_xml_rpc?
-  !xml_rpc_url.nil?
-end
-
- -
- - - - -
- - -
- - - -
- homepage_hash() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/web_site.rb, line 83
-def homepage_hash
-  unless @homepage_hash
-    @homepage_hash = WebSite.page_hash(@uri.to_s)
-  end
-  @homepage_hash
-end
-
- -
- - - - -
- - -
- - - -
- online?() - click to toggle source -
- - -
- -

Checks if the remote website is up.

- - - -
-
-# File lib/wpscan/web_site.rb, line 19
-def online?
-  Browser.instance.get(@uri.to_s).code != 0
-end
-
- -
- - - - -
- - -
- - - -
- redirection(url = nil) - click to toggle source -
- - -
- -

See if the remote url returns 30x redirect This method is recursive Return -a string with the redirection or nil

- - - -
-
-# File lib/wpscan/web_site.rb, line 61
-def redirection(url = nil)
-  redirection = nil
-  url ||= @uri.to_s
-  response = Browser.instance.get(url)
-
-  if response.code == 301 || response.code == 302
-    redirection = response.headers_hash['location']
-
-    # Let's check if there is a redirection in the redirection
-    if other_redirection = redirection(redirection)
-      redirection = other_redirection
-    end
-  end
-
-  redirection
-end
-
- -
- - - - -
- - -
- - - -
- robots_url() - click to toggle source -
- - -
- -

Gets a robots.txt URL

- - - -
-
-# File lib/wpscan/web_site.rb, line 112
-def robots_url
-  robots = @uri.clone
-  robots.path = '/robots.txt'
-  robots.to_s
-end
-
- -
- - - - -
- - -
- - - -
- rss_url() - click to toggle source -
- - -
- -

Will try to find the rss url in the homepage Only the first one found iw -returned

- - - -
-
-# File lib/wpscan/web_site.rb, line 101
-def rss_url
-  homepage_body = Browser.instance.get(@uri.to_s).body
-  homepage_body[%{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
-end
-
- -
- - - - -
- - -
- - - -
- url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/web_site.rb, line 14
-def url
-  @uri.to_s
-end
-
- -
- - - - -
- - -
- - - -
- url=(url) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/web_site.rb, line 10
-def url=(url)
-  @uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
-end
-
- -
- - - - -
- - -
- - - -
- xml_rpc_url() - click to toggle source -
- - -
- -

See www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3

- - - -
-
-# File lib/wpscan/web_site.rb, line 32
-def xml_rpc_url
-  unless @xmlrpc_url
-    @xmlrpc_url = xml_rpc_url_from_headers() || xml_rpc_url_from_body()
-  end
-  @xmlrpc_url
-end
-
- -
- - - - -
- - -
- - - -
- xml_rpc_url_from_body() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/web_site.rb, line 52
-def xml_rpc_url_from_body
-  body = Browser.instance.get(@uri.to_s).body
-
-  body[%{<link rel="pingback" href="([^"]+)" ?\/?>}, 1]
-end
-
- -
- - - - -
- - -
- - - -
- xml_rpc_url_from_headers() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/web_site.rb, line 39
-def xml_rpc_url_from_headers
-  headers    = Browser.instance.get(@uri.to_s).headers_hash
-  xmlrpc_url = nil
-
-  unless headers.nil?
-    pingback_url = headers['X-Pingback']
-    unless pingback_url.nil? || pingback_url.empty?
-      xmlrpc_url = pingback_url
-    end
-  end
-  xmlrpc_url
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpConfigBackup.html b/doc/WpConfigBackup.html deleted file mode 100644 index 39b11f19..00000000 --- a/doc/WpConfigBackup.html +++ /dev/null @@ -1,398 +0,0 @@ - - - - - - - Module: WpConfigBackup - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpConfigBackup

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Class Methods

- - -
- - - -
- config_backup_files() - click to toggle source -
- - -
- -

@return Array

- - - -
-
-# File lib/wpscan/modules/wp_config_backup.rb, line 39
-def self.config_backup_files
-  %{
-    wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
-    wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
-    wp-config.orig wp-config.php.original wp-config.original wp-config.txt
-  } # thanks to Feross.org for these
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- config_backup() - click to toggle source -
- - -
- -

Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/ return -an array of backup config files url

- - - -
-
-# File lib/wpscan/modules/wp_config_backup.rb, line 7
-def config_backup
-  found       = []
-  backups     = WpConfigBackup.config_backup_files
-  browser     = Browser.instance
-  hydra       = browser.hydra
-  queue_count = 0
-
-  backups.each do |file|
-    file_url = @uri.merge(URI.escape(file)).to_s
-    request = browser.forge_request(file_url)
-
-    request.on_complete do |response|
-      if response.body[%{define}] and not response.body[%{<\s?html}]
-        found << file_url
-      end
-    end
-
-    hydra.queue(request)
-    queue_count += 1
-
-    if queue_count == browser.max_threads
-      hydra.run
-      queue_count = 0
-    end
-  end
-
-  hydra.run
-
-  found
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpFullPathDisclosure.html b/doc/WpFullPathDisclosure.html deleted file mode 100644 index ee81d5fd..00000000 --- a/doc/WpFullPathDisclosure.html +++ /dev/null @@ -1,360 +0,0 @@ - - - - - - - Module: WpFullPathDisclosure - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
- - - -
- -
- - - - - - - - - - - - -
- - -
- -
-

WpFullPathDisclosure

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- full_path_disclosure_url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/wp_full_path_disclosure.rb, line 10
-def full_path_disclosure_url
-  @uri.merge('wp-includes/rss-functions.php').to_s
-end
-
- -
- - - - -
- - -
- - - -
- has_full_path_disclosure?() - click to toggle source -
- - -
- -

Check for Full Path Disclosure (FPD)

- - - -
-
-# File lib/wpscan/modules/wp_full_path_disclosure.rb, line 5
-def has_full_path_disclosure?
-  response = Browser.instance.get(full_path_disclosure_url())
-  response.body[%{Fatal error}]
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpItem.html b/doc/WpItem.html deleted file mode 100644 index 68108e7f..00000000 --- a/doc/WpItem.html +++ /dev/null @@ -1,849 +0,0 @@ - - - - - - - Class: WpItem - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

Object

- -
- - - - - - -
-

Namespace

- -
- - - - -
-

Methods

- -
- - - - -
-

Included Modules

- -
- -
- - -
- -
-

WpItem

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - -
- found_from[R] -
- -
- - - -
-
- -
- - - - -
- name[RW] -
- -
- - - -
-
- -
- - -
- path[R] -
- -
- - - -
-
- -
- - - - -
- version[W] -
- -
- - - -
-
- -
- - - - -
- wp_content_dir[RW] -
- -
- - - -
-
- -
- - - - -
- wp_plugins_dir[RW] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- new(target_base_uri, options = {}) - click to toggle source -
- - -
- -

@param [ URI ] target_base_uri @param [ Hash ] -options See allowed_option

- -

@return [ WpItem ]

- - - -
-
-# File lib/common/models/wp_item.rb, line 31
-def initialize(target_base_uri, options = {})
-
-  options[:wp_content_dir] ||= 'wp-content'
-  options[:wp_plugins_dir] ||= options[:wp_content_dir] + '/plugins'
-
-  set_options(options)
-  forge_uri(target_base_uri)
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- <=>(other) - click to toggle source -
- - -
- -

@param [ WpItem ] other

- - - -
-
-# File lib/common/models/wp_item.rb, line 88
-def <=>(other)
-  name <=> other.name
-end
-
- -
- - - - -
- - -
- - - -
- ==(other) - click to toggle source -
- - -
- -

@param [ WpItem ] other

- - - -
-
-# File lib/common/models/wp_item.rb, line 93
-def ==(other)
-  name === other.name
-end
-
- -
- - - - -
- - -
- - - -
- ===(other) - click to toggle source -
- - -
- -

@param [ WpItem ] other

- - - -
-
-# File lib/common/models/wp_item.rb, line 98
-def ===(other)
-  self == other && version === other.version
-end
-
- -
- - - - -
- - -
- - - -
- allowed_options() - click to toggle source -
- - -
- -

@return [ Array ] Make it private ?

- - - -
-
-# File lib/common/models/wp_item.rb, line 23
-def allowed_options
-  [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :vulns_file]
-end
-
- -
- - - - -
- - -
- - - -
- forge_uri(target_base_uri) - click to toggle source -
- - -
- -

@param [ URI ] target_base_uri

- -

@return [ void ]

- - - -
-
-# File lib/common/models/wp_item.rb, line 61
-def forge_uri(target_base_uri)
-  @uri = target_base_uri
-end
-
- -
- - - - -
- - -
- - - -
- found_from=(method) - click to toggle source -
- - -
- -

Sets the found_from -attribute

- -

@param [ String ] method The method which found the WpItem

- -

@return [ void ]

- - - -
-
-# File lib/common/models/wp_item/findable.rb, line 10
-def found_from=(method)
-  found       = method[%{find_from_(.*)}, 1]
-  @found_from = found.gsub('_', ' ') if found
-end
-
- -
- - - - -
- - -
- - - -
- path=(path) - click to toggle source -
- - -
- -

Sets the path

- -

Variable, such as $wp-plugins$ and $wp-content$ can be used and will be -replace by their value

- -

@param [ String ] path

- -

@return [ void ]

- - - -
-
-# File lib/common/models/wp_item.rb, line 81
-def path=(path)
-  @path = URI.encode(
-    path.gsub(/\$wp-plugins\$/, wp_plugins_dir).gsub(/\$wp-content\$/, wp_content_dir)
-  )
-end
-
- -
- - - - -
- - -
- - - -
- uri() - click to toggle source -
- - -
- -

@return [ URI ] The uri to the WpItem, with the path if present

- - - -
-
-# File lib/common/models/wp_item.rb, line 66
-def uri
-  path ? @uri.merge(path) : @uri
-end
-
- -
- - - - -
- - -
- - - -
- url() - click to toggle source -
- - -
- -

@return [ String ] The url to the WpItem

- - - -
-
-# File lib/common/models/wp_item.rb, line 71
-def url; uri.to_s end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpItem/Existable.html b/doc/WpItem/Existable.html deleted file mode 100644 index e60f2fd7..00000000 --- a/doc/WpItem/Existable.html +++ /dev/null @@ -1,397 +0,0 @@ - - - - - - - Module: WpItem::Existable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpItem::Existable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- exists?(options = {}, response = nil) - click to toggle source -
- - -
- -

Check the existence of the WpItem If the -response is supplied, it’s used for the verification Otherwise a new -request is done

- -

@param [ Hash ] options See exists_from_response? @param [ Typhoeus::Response ] response

- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_item/existable.rb, line 13
-def exists?(options = {}, response = nil)
-  unless response
-    response = Browser.instance.get(url)
-  end
-  exists_from_response?(response, options)
-end
-
- -
- - - - -
- - -
- -
-

Protected Instance Methods

- - -
- - - -
- exists_from_response?(response, options = {}) - click to toggle source -
- - -
- -

@param [ Typhoeus::Response ] -response @param [ options ] options

- -

@option options [ Hash ] :error_404_hash The hash of the error 404 page -@option options [ Hash ] :homepage_hash The hash of the homepage @option -options [ Hash ] :exclude_content A regexp with the pattern to exclude from -the body of the response

- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_item/existable.rb, line 30
-def exists_from_response?(response, options = {})
-  # FIXME : The response is supposed to follow locations, so we should not have 301 or 302.

-  # However, due to an issue with Typhoeus or Webmock, the location is not followed in specs

-  # See https://github.com/typhoeus/typhoeus/issues/279

-  if [200, 301, 302, 401, 403].include?(response.code)
-    if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash])
-      if options[:exclude_content]
-        unless response.body.match(options[:exclude_content])
-          return true
-        end
-      else
-        return true
-      end
-    end
-  end
-  false
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpItem/Findable.html b/doc/WpItem/Findable.html deleted file mode 100644 index c17f8839..00000000 --- a/doc/WpItem/Findable.html +++ /dev/null @@ -1,275 +0,0 @@ - - - - - - - Module: WpItem::Findable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - - -
- - -
- -
-

WpItem::Findable

- -
- -
- - - - -
- - - - - - - - - - -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpItem/Infos.html b/doc/WpItem/Infos.html deleted file mode 100644 index 899e31db..00000000 --- a/doc/WpItem/Infos.html +++ /dev/null @@ -1,545 +0,0 @@ - - - - - - - Module: WpItem::Infos - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - - - - - -
- - -
- -
-

WpItem::Infos

- -
- -

@uri is used instead of uri to avoid the presence of the :path into it

- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- changelog_url() - click to toggle source -
- - -
- -

@return [ String ] The url to the changelog file

- - - -
-
-# File lib/common/models/wp_item/infos.rb, line 23
-def changelog_url
-  @uri.merge('changelog.txt').to_s
-end
-
- -
- - - - -
- - -
- - - -
- error_log_url() - click to toggle source -
- - -
- -

@return [ String ] The url to the error_log file

- - - -
-
-# File lib/common/models/wp_item/infos.rb, line 48
-def error_log_url
-  @uri.merge('error_log').to_s
-end
-
- -
- - - - -
- - -
- - - -
- has_changelog?() - click to toggle source -
- - -
- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_item/infos.rb, line 18
-def has_changelog?
-  Browser.instance.get(changelog_url).code == 200 ? true : false
-end
-
- -
- - - - -
- - -
- - - -
- has_directory_listing?() - click to toggle source -
- - -
- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_item/infos.rb, line 28
-def has_directory_listing?
-  Browser.instance.get(@uri.to_s).body[%{<title>Index of}] ? true : false
-end
-
- -
- - - - -
- - -
- - - -
- has_error_log?() - click to toggle source -
- - -
- -

Discover any error_log files created by WordPress These are created by the -WordPress error_log() function They are normally found in the /plugins/ -directory, however can also be found in their specific plugin dir. www.exploit-db.com/ghdb/3714/

- -

Only the first 700 bytes are checked to avoid the download of the whole -file which can be very huge (like 2 Go)

- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_item/infos.rb, line 42
-def has_error_log?
-  response_body = Browser.instance.get(error_log_url, headers: {'range' => 'bytes=0-700'}).body
-  response_body[%{PHP Fatal error}] ? true : false
-end
-
- -
- - - - -
- - -
- - - -
- has_readme?() - click to toggle source -
- - -
- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_item/infos.rb, line 8
-def has_readme?
-  Browser.instance.get(readme_url).code == 200 ? true : false
-end
-
- -
- - - - -
- - -
- - - -
- readme_url() - click to toggle source -
- - -
- -

@return [ String ] The url to the readme file

- - - -
-
-# File lib/common/models/wp_item/infos.rb, line 13
-def readme_url
-  @uri.merge('readme.txt').to_s
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpItem/Output.html b/doc/WpItem/Output.html deleted file mode 100644 index 95594dd0..00000000 --- a/doc/WpItem/Output.html +++ /dev/null @@ -1,336 +0,0 @@ - - - - - - - Module: WpItem::Output - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpItem::Output

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- output() - click to toggle source -
- - -
- -

@return [ Void ]

- - - -
-
-# File lib/common/models/wp_item/output.rb, line 6
-def output
-  puts
-  puts " | Name: #{self}" #this will also output the version number if detected
-  puts " | Location: #{url}"
-  #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
-  puts ' | Directory listing enabled: Yes' if has_directory_listing?
-  puts " | Readme: #{readme_url}" if has_readme?
-  puts " | Changelog: #{changelog_url}" if has_changelog?
-
-  vulnerabilities.output
-
-  if has_error_log?
-    puts ' | ' + red('[!]') + " An error_log file has been found : #{error_log_url}"
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpItem/Versionable.html b/doc/WpItem/Versionable.html deleted file mode 100644 index 6abcbb14..00000000 --- a/doc/WpItem/Versionable.html +++ /dev/null @@ -1,366 +0,0 @@ - - - - - - - Module: WpItem::Versionable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpItem::Versionable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- to_s() - click to toggle source -
- - -
- -

@return [ String ]

- - - -
-
-# File lib/common/models/wp_item/versionable.rb, line 19
-def to_s
-  item_version = self.version
-  "#@name#{' v' + item_version.strip if item_version}"
-end
-
- -
- - - - -
- - -
- - - -
- version() - click to toggle source -
- - -
- -

Get the version from the readme.txt

- -

@return [ String ] The version number

- - - -
-
-# File lib/common/models/wp_item/versionable.rb, line 10
-def version
-  unless @version
-    response = Browser.instance.get(readme_url)
-    @version = response.body[%{stable tag: #{WpVersion.version_pattern}}, 1]
-  end
-  @version
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpItem/Vulnerable.html b/doc/WpItem/Vulnerable.html deleted file mode 100644 index a9c8ac83..00000000 --- a/doc/WpItem/Vulnerable.html +++ /dev/null @@ -1,374 +0,0 @@ - - - - - - - Module: WpItem::Vulnerable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpItem::Vulnerable

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - - - -
- vulns_file[RW] -
- -
- - - -
-
- -
- - - - -
- vulns_xpath[RW] -
- -
- - - -
-
- -
- - - - -
-

Public Instance Methods

- - -
- - - -
- vulnerabilities() - click to toggle source -
- - -
- -

Get the vulnerabilities associated to the WpItem

- -

@return [ Vulnerabilities ]

- - - -
-
-# File lib/common/models/wp_item/vulnerable.rb, line 9
-def vulnerabilities
-  xml             = xml(vulns_file)
-  vulnerabilities = Vulnerabilities.new
-
-  xml.xpath(vulns_xpath).each do |node|
-    vulnerabilities << Vulnerability.load_from_xml_node(node)
-  end
-  vulnerabilities
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpItems.html b/doc/WpItems.html deleted file mode 100644 index 87e1f2d3..00000000 --- a/doc/WpItems.html +++ /dev/null @@ -1,313 +0,0 @@ - - - - - - - Class: WpItems - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

Array

- -
- - - - - - -
-

Namespace

- -
- - - - - - -
-

Included Modules

- -
- -
- - -
- -
-

WpItems

- -
- -
- - - - -
- - - - - - - - - - -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpItems/Detectable.html b/doc/WpItems/Detectable.html deleted file mode 100644 index a29b9f29..00000000 --- a/doc/WpItems/Detectable.html +++ /dev/null @@ -1,744 +0,0 @@ - - - - - - - Module: WpItems::Detectable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
- - - -
- - - - -
- -
-

WpItems::Detectable

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - -
- item_xpath[R] -
- -
- - - -
-
- -
- - -
- vulns_file[R] -
- -
- - - -
-
- -
- - - - -
-

Public Instance Methods

- - -
- - - -
- aggressive_detection(wp_target, options = {}) - click to toggle source -
- - -
- -

@param [ Wptarget ] wp_target @param [ Hash ] options @option options [ -Boolean ] :show_progression Whether or not output the progress bar @option -options [ Boolean ] :only_vulnerable Only check for vulnerable items -@option options [ String ] :exclude_content

- -

@return [ WpItems ]

- - - -
-
-# File lib/common/collections/wp_items/detectable.rb, line 14
-def aggressive_detection(wp_target, options = {})
-  queue_count      = 0
-  request_count    = 0
-  browser          = Browser.instance
-  hydra            = browser.hydra
-  targets          = targets_items(wp_target, options)
-  targets_size     = targets.size
-  show_progression = options[:show_progression] || false
-  exist_options    = {
-    error_404_hash:  wp_target.error_404_hash,
-    homepage_hash:   wp_target.homepage_hash,
-    exclude_content: options[:exclude_content] ? %{#{options[:exclude_content]}} : nil
-  }
-
-  # If we only want the vulnerable ones, the passive detection is ignored

-  # Otherwise, a passive detection is performed, and results will be merged

-  results = options[:only_vulnerable] ? new : passive_detection(wp_target, options)
-
-  targets.each do |target_item|
-    request = browser.forge_request(target_item.url, request_params)
-    request_count += 1
-
-    request.on_complete do |response|
-
-      print "\rChecking for #{targets_size} total ... #{(request_count * 100) / targets_size}% complete." if show_progression
-
-      if target_item.exists?(exist_options, response)
-        if !results.include?(target_item)
-          results << target_item
-        end
-      end
-    end
-
-    hydra.queue(request)
-    queue_count += 1
-
-    if queue_count == browser.max_threads
-      hydra.run
-      queue_count = 0
-    end
-  end
-
-  hydra.run
-  results.sort!
-  results # can't just return results.sort because the #sort returns an array, and we want a WpItems

-end
-
- -
- - - - -
- - -
- - - -
- passive_detection(wp_target, options = {}) - click to toggle source -
- - -
- -

@param [ WpTarget ] wp_target @param [ Hash -] options

- -

@return [ WpItems ]

- - - -
-
-# File lib/common/collections/wp_items/detectable.rb, line 65
-def passive_detection(wp_target, options = {})
-  results      = new
-  item_class   = self.item_class
-  type         = self.to_s.gsub(/Wp/, '').downcase
-  response     = Browser.instance.get(wp_target.url)
-  item_options = {
-    wp_content_dir: wp_target.wp_content_dir,
-    wp_plugins_dir: wp_target.wp_plugins_dir,
-    vulns_file:     self.vulns_file
-  }
-
-  regex1 = %{(?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\\?/}
-  regex2 = %{\\?/}
-  regex3 = %{\\?/([^/\\"']+)\\?(?:/|"|')}
-
-  names = response.body.scan(/#{regex1}#{Regexp.escape(wp_target.wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/)
-
-  names.flatten.uniq.each do |name|
-    results << item_class.new(wp_target.uri, item_options.merge(name: name))
-  end
-
-  results.sort!
-  results
-end
-
- -
- - - - -
- - -
- -
-

Protected Instance Methods

- - -
- - - -
- create_item(klass, name, wp_target, vulns_file = nil) - click to toggle source -
- - -
- -

@param [ Class ] klass @param [ String ] name @param [ WpTarget ] wp_target @option [ String ] vulns_file

- -

@return [ WpItem ]

- - - -
-
-# File lib/common/collections/wp_items/detectable.rb, line 147
-def create_item(klass, name, wp_target, vulns_file = nil)
-  klass.new(
-    wp_target.uri,
-    name:           name,
-    vulns_file:     vulns_file,
-    wp_content_dir: wp_target.wp_content_dir,
-    wp_plugins_dir: wp_target.wp_plugins_dir
-  )
-end
-
- -
- - - - -
- - -
- - - -
- item_class() - click to toggle source -
- - -
- -

@return [ Class ]

- - - -
-
-# File lib/common/collections/wp_items/detectable.rb, line 180
-def item_class
-  Object.const_get(self.to_s.gsub(/.$/, ''))
-end
-
- -
- - - - -
- - -
- - - -
- request_params() - click to toggle source -
- - -
- -

The default request parameters

- -

@return [ Hash ]

- - - -
-
-# File lib/common/collections/wp_items/detectable.rb, line 95
-def request_params; { cache_ttl: 0, followlocation: true } end
-
- -
- - - - -
- - -
- - - -
- targets_items(wp_target, options = {}) - click to toggle source -
- - -
- -

@param [ WpTarget ] wp_target @param [ -options ] options @option options [ Boolean ] :only_vulnerable @option -options [ String ] :file The path to the file containing the targets

- -

@return [ Array<WpItem> ]

- - - -
-
-# File lib/common/collections/wp_items/detectable.rb, line 103
-def targets_items(wp_target, options = {})
-  item_class = self.item_class
-  vulns_file = self.vulns_file
-
-  targets = vulnerable_targets_items(wp_target, item_class, vulns_file)
-
-  unless options[:only_vulnerable]
-    unless options[:file]
-      raise 'A file must be supplied'
-    end
-
-    targets += targets_items_from_file(options[:file], wp_target, item_class, vulns_file)
-  end
-
-  targets.uniq! { |t| t.name }
-  targets.sort_by { rand }
-end
-
- -
- - - - -
- - -
- - - -
- targets_items_from_file(file, wp_target, item_class, vulns_file) - click to toggle source -
- - -
- -

@param [ String ] file @param [ WpTarget ] -wp_target @param [ Class ] item_class @param [ String ] -vulns_file

- -

@return [ WpItem ]

- - - -
-
-# File lib/common/collections/wp_items/detectable.rb, line 163
-def targets_items_from_file(file, wp_target, item_class, vulns_file)
-  targets = []
-
-  File.open(file, 'r') do |f|
-    f.readlines.collect do |item_name|
-      targets << create_item(
-        item_class,
-        item_name.strip,
-        wp_target,
-        vulns_file
-      )
-    end
-  end
-  targets
-end
-
- -
- - - - -
- - -
- - - -
- vulnerable_targets_items(wp_target, item_class, vulns_file) - click to toggle source -
- - -
- -

@param [ WpTarget ] wp_target @param [ Class -] item_class @param [ -String ] vulns_file

- -

@return [ Array<WpItem> ]

- - - -
-
-# File lib/common/collections/wp_items/detectable.rb, line 126
-def vulnerable_targets_items(wp_target, item_class, vulns_file)
-  targets = []
-  xml     = xml(vulns_file)
-
-  xml.xpath(item_xpath).each do |node|
-    targets << create_item(
-      item_class,
-      node.attribute('name').text,
-      wp_target,
-      vulns_file
-    )
-  end
-  targets
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpItems/Output.html b/doc/WpItems/Output.html deleted file mode 100644 index 77e51197..00000000 --- a/doc/WpItems/Output.html +++ /dev/null @@ -1,324 +0,0 @@ - - - - - - - Module: WpItems::Output - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpItems::Output

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- output() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/collections/wp_items/output.rb, line 5
-def output
-  self.each { |item| item.output }
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpLoginProtection.html b/doc/WpLoginProtection.html deleted file mode 100644 index 2f7cbf47..00000000 --- a/doc/WpLoginProtection.html +++ /dev/null @@ -1,864 +0,0 @@ - - - - - - - Module: WpLoginProtection - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- - - - -
- -
-

WpLoginProtection

- -
- -
- - - - -
- - - - - - -
-

Constants

-
- -
LOGIN_PROTECTION_METHOD_PATTERN
- -
- - -
-
- - - - - - -
-

Public Instance Methods

- - -
- - - -
- has_login_protection?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 8
-def has_login_protection?
-  !login_protection_plugin().nil?
-end
-
- -
- - - - -
- - -
- - - -
- login_protection_plugin() - click to toggle source -
- - -
- -

Checks if a login protection plugin is enabled code.google.com/p/wpscan/issues/detail?id=111 -return a WpPlugin object or nil if no one is -found

- - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 15
-def login_protection_plugin
-  unless @login_protection_plugin
-    protected_methods.grep(LOGIN_PROTECTION_METHOD_PATTERN).each do |symbol_to_call|
-
-      if send(symbol_to_call)
-        plugin_name = symbol_to_call[LOGIN_PROTECTION_METHOD_PATTERN, 1].gsub('_', '-')
-
-        return @login_protection_plugin = WpPlugin.new(
-          @uri,
-          name:           plugin_name,
-          wp_content_dir: wp_content_dir,
-          wp_plugins_dir: wp_plugins_dir
-        )
-      end
-    end
-    @login_protection_plugin = nil
-  end
-  @login_protection_plugin
-end
-
- -
- - - - -
- - -
- -
-

Protected Instance Methods

- - -
- - - -
- better_wp_security_url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 61
-def better_wp_security_url
-  plugin_url('better-wp-security/')
-end
-
- -
- - - - -
- - -
- - - -
- bluetrait_event_viewer_url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 97
-def bluetrait_event_viewer_url
-  plugin_url('bluetrait-event-viewer')
-end
-
- -
- - - - -
- - -
- - - -
- has_better_wp_security_protection?() - click to toggle source -
- - -
- -

wordpress.org/extend/plugins/better-wp-security/

- - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 48
-def has_better_wp_security_protection?
-  Browser.instance.get(better_wp_security_url).code != 404
-end
-
- -
- - - - -
- - -
- - - -
- has_bluetrait_event_viewer_protection?() - click to toggle source -
- - -
- -

wordpress.org/extend/plugins/bluetrait-event-viewer/

- - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 93
-def has_bluetrait_event_viewer_protection?
-  Browser.instance.get(bluetrait_event_viewer_url).code != 404
-end
-
- -
- - - - -
- - -
- - - -
- has_limit_login_attempts_protection?() - click to toggle source -
- - -
- -

wordpress.org/extend/plugins/limit-login-attempts/

- - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 84
-def has_limit_login_attempts_protection?
-  Browser.instance.get(limit_login_attempts_url).code != 404
-end
-
- -
- - - - -
- - -
- - - -
- has_login_lock_protection?() - click to toggle source -
- - -
- -

wordpress.org/extend/plugins/login-lock/

- - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 43
-def has_login_lock_protection?
-  Browser.instance.get(login_url).body =~ %{LOGIN LOCK} ? true : false
-end
-
- -
- - - - -
- - -
- - - -
- has_login_lockdown_protection?() - click to toggle source -
- - -
- -

Thanks to Alip Aswalid for providing this method. wordpress.org/extend/plugins/login-lockdown/

- - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 38
-def has_login_lockdown_protection?
-  Browser.instance.get(login_url).body =~ %{Login LockDown} ? true : false
-end
-
- -
- - - - -
- - -
- - - -
- has_login_security_solution_protection?() - click to toggle source -
- - -
- -

wordpress.org/extend/plugins/login-security-solution/

- - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 75
-def has_login_security_solution_protection?
-  Browser.instance.get(login_security_solution_url()).code != 404
-end
-
- -
- - - - -
- - -
- - - -
- has_simple_login_lockdown_protection?() - click to toggle source -
- - -
- -

wordpress.org/extend/plugins/simple-login-lockdown/

- - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 66
-def has_simple_login_lockdown_protection?
-  Browser.instance.get(simple_login_lockdown_url).code != 404
-end
-
- -
- - - - -
- - -
- - - -
- limit_login_attempts_url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 88
-def limit_login_attempts_url
-  plugin_url('limit-login-attempts')
-end
-
- -
- - - - -
- - -
- - - -
- login_security_solution_url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 79
-def login_security_solution_url
-  plugin_url('login-security-solution')
-end
-
- -
- - - - -
- - -
- - - -
- plugin_url(plugin_name) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 52
-def plugin_url(plugin_name)
-  WpPlugin.new(
-    @uri,
-    name:           plugin_name,
-    wp_content_dir: wp_content_dir,
-    wp_plugins_dir: wp_plugins_dir
-  ).url
-end
-
- -
- - - - -
- - -
- - - -
- simple_login_lockdown_url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/wp_login_protection.rb, line 70
-def simple_login_lockdown_url
-  plugin_url('simple-login-lockdown/')
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpPlugin.html b/doc/WpPlugin.html deleted file mode 100644 index 1c9965fc..00000000 --- a/doc/WpPlugin.html +++ /dev/null @@ -1,362 +0,0 @@ - - - - - - - Class: WpPlugin - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

WpItem

- -
- - - - - - -
-

Namespace

- -
- - - - -
-

Methods

- -
- - - - -
-

Included Modules

- -
- -
- - -
- -
-

WpPlugin

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- forge_uri(target_base_uri) - click to toggle source -
- - -
- -

Sets the @uri

- -

@param [ URI ] target_base_uri The URI of the wordpress blog

- -

@return [ void ]

- - - -
-
-# File lib/common/models/wp_plugin.rb, line 12
-def forge_uri(target_base_uri)
-  @uri = target_base_uri.merge(URI.encode(wp_plugins_dir + '/' + name + '/'))
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpPlugin/Vulnerable.html b/doc/WpPlugin/Vulnerable.html deleted file mode 100644 index d4c4049d..00000000 --- a/doc/WpPlugin/Vulnerable.html +++ /dev/null @@ -1,362 +0,0 @@ - - - - - - - Module: WpPlugin::Vulnerable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpPlugin::Vulnerable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- vulns_file() - click to toggle source -
- - -
- -

@return [ String ] The path to the file containing vulnerabilities

- - - -
-
-# File lib/common/models/wp_plugin/vulnerable.rb, line 6
-def vulns_file
-  unless @vulns_file
-    @vulns_file = PLUGINS_VULNS_FILE
-  end
-  @vulns_file
-end
-
- -
- - - - -
- - -
- - - -
- vulns_xpath() - click to toggle source -
- - -
- -

@return [ String ]

- - - -
-
-# File lib/common/models/wp_plugin/vulnerable.rb, line 14
-def vulns_xpath
-  "//plugin[@name='#{@name}']/vulnerability"
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpPlugins.html b/doc/WpPlugins.html deleted file mode 100644 index 71c8bece..00000000 --- a/doc/WpPlugins.html +++ /dev/null @@ -1,296 +0,0 @@ - - - - - - - Class: WpPlugins - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

WpItems

- -
- - - - - - -
-

Namespace

- -
- - - - - -
- - -
- -
-

WpPlugins

- -
- -
- - - - -
- - - - - - - - - - -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpPlugins/Detectable.html b/doc/WpPlugins/Detectable.html deleted file mode 100644 index e7bf9f09..00000000 --- a/doc/WpPlugins/Detectable.html +++ /dev/null @@ -1,359 +0,0 @@ - - - - - - - Module: WpPlugins::Detectable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
- - - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpPlugins::Detectable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- item_xpath() - click to toggle source -
- - -
- -

@return [ String ]

- - - -
-
-# File lib/common/collections/wp_plugins/detectable.rb, line 11
-def item_xpath
-  '//plugin'
-end
-
- -
- - - - -
- - -
- - - -
- vulns_file() - click to toggle source -
- - -
- -

@return [ String ]

- - - -
-
-# File lib/common/collections/wp_plugins/detectable.rb, line 6
-def vulns_file
-  PLUGINS_VULNS_FILE
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpReadme.html b/doc/WpReadme.html deleted file mode 100644 index e9b3f9e6..00000000 --- a/doc/WpReadme.html +++ /dev/null @@ -1,366 +0,0 @@ - - - - - - - Module: WpReadme - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpReadme

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- has_readme?() - click to toggle source -
- - -
- -

Checks to see if the readme.html file exists

- -

This file comes by default in a wordpress installation, and if deleted is -reinstated with an upgrade.

- - - -
-
-# File lib/wpscan/modules/wp_readme.rb, line 8
-def has_readme?
-  response = Browser.instance.get(readme_url())
-
-  unless response.code == 404
-    response.body =~ %{wordpress}
-  end
-end
-
- -
- - - - -
- - -
- - - -
- readme_url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/modules/wp_readme.rb, line 16
-def readme_url
-  @uri.merge('readme.html').to_s
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTarget.html b/doc/WpTarget.html deleted file mode 100644 index 601fc96e..00000000 --- a/doc/WpTarget.html +++ /dev/null @@ -1,1086 +0,0 @@ - - - - - - - Class: WpTarget - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- - - - -
- -
-

WpTarget

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - -
- verbose[R] -
- -
- - - -
-
- -
- - - - -
-

Public Class Methods

- - -
- - - -
- new(target_url, options = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 20
-def initialize(target_url, options = {})
-  super(target_url)
-
-  @verbose        = options[:verbose]
-  @wp_content_dir = options[:wp_content_dir]
-  @wp_plugins_dir = options[:wp_plugins_dir]
-  @multisite      = nil
-
-  Browser.instance(options.merge(:max_threads => options[:threads]))
-end
-
- -
- - - - -
- - -
- - - -
- valid_response_codes() - click to toggle source -
- - -
- -

Valid HTTP return codes

- - - -
-
-# File lib/wpscan/wp_target.rb, line 70
-def self.valid_response_codes
-  [200, 301, 302, 401, 403, 500, 400]
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- debug_log_url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 140
-def debug_log_url
-  @uri.merge("#{wp_content_dir()}/debug.log").to_s
-end
-
- -
- - - - -
- - -
- - - -
- default_wp_content_dir_exists?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 112
-def default_wp_content_dir_exists?
-  response = Browser.instance.get(@uri.merge('wp-content').to_s)
-  hash = Digest::MD5.hexdigest(response.body)
-
-  if WpTarget.valid_response_codes.include?(response.code)
-    return true if hash != error_404_hash and hash != homepage_hash
-  end
-
-  false
-end
-
- -
- - - - -
- - -
- - - -
- has_debug_log?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 134
-def has_debug_log?
-  # We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)
-  response_body = Browser.instance.get(debug_log_url(), headers: {'range' => 'bytes=0-700'}).body
-  response_body[%{\[[^\]]+\] PHP (?:Warning|Error|Notice):}] ? true : false
-end
-
- -
- - - - -
- - -
- - - -
- has_plugin?(name, version = nil) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 86
-def has_plugin?(name, version = nil)
-  WpPlugin.new(
-    @uri,
-    name: name,
-    version: version,
-    wp_content_dir: wp_content_dir,
-    wp_plugins_dir: wp_plugins_dir
-  ).exists?
-end
-
- -
- - - - -
- - -
- - - -
- is_multisite?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 179
-def is_multisite?
-  unless @multisite
-    # when multi site, there is no redirection or a redirect to the site itself
-    # otherwise redirect to wp-login.php
-    url = @uri.merge('wp-signup.php')
-    resp = Browser.instance.get(url)
-    if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/
-      @multisite = false
-    elsif resp.code == 302 and resp.headers_hash['location'] =~ /wp-signup\.php/
-      @multisite = true
-    elsif resp.code == 200
-      @multisite = true
-    else
-      @multisite = false
-    end
-  end
-  @multisite
-end
-
- -
- - - - -
- - -
- - - -
- login_url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 57
-def login_url
-  url = @uri.merge('wp-login.php').to_s
-
-  # Let's check if the login url is redirected (to https url for example)
-  redirection = redirection(url)
-  if redirection
-    url = redirection
-  end
-
-  url
-end
-
- -
- - - - -
- - -
- - - -
- registration_enabled?() - click to toggle source -
- - -
- -

Should check wp-login.php if registration is enabled or not

- - - -
-
-# File lib/wpscan/wp_target.rb, line 157
-def registration_enabled?
-  resp = Browser.instance.get(registration_url)
-  # redirect only on non multi sites
-  if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/
-    enabled = false
-  # multi site registration form
-  elsif resp.code == 200 and resp.body =~ /<form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*">/
-    enabled = true
-  # normal registration form
-  elsif resp.code == 200 and resp.body =~ /<form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*"/
-    enabled = true
-  # registration disabled
-  else
-    enabled = false
-  end
-  enabled
-end
-
- -
- - - - -
- - -
- - - -
- registration_url() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 175
-def registration_url
-  is_multisite? ? @uri.merge('wp-signup.php') : @uri.merge('wp-login.php?action=register')
-end
-
- -
- - - - -
- - -
- - - -
- search_replace_db_2_exists?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 151
-def search_replace_db_2_exists?
-  resp = Browser.instance.get(search_replace_db_2_url)
-  resp.code == 200 && resp.body[%{by interconnect}]
-end
-
- -
- - - - -
- - -
- - - -
- search_replace_db_2_url() - click to toggle source -
- - -
- -

Script for replacing strings in wordpress databases reveals databse -credentials after hitting submit interconnectit.com/124/search-and-replace-for-wordpress-databases/

- - - -
-
-# File lib/wpscan/wp_target.rb, line 147
-def search_replace_db_2_url
-  @uri.merge('searchreplacedb2.php').to_s
-end
-
- -
- - - - -
- - -
- - - -
- theme() - click to toggle source -
- - -
- -

return WpTheme

- - - -
-
-# File lib/wpscan/wp_target.rb, line 75
-def theme
-  WpTheme.find(@uri)
-end
-
- -
- - - - -
- - -
- - - -
- version(versions_xml) - click to toggle source -
- - -
- -

@param [ String ] versions_xml

- -

@return [ WpVersion ]

- - - -
-
-# File lib/wpscan/wp_target.rb, line 82
-def version(versions_xml)
-  WpVersion.find(@uri, wp_content_dir, wp_plugins_dir, versions_xml)
-end
-
- -
- - - - -
- - -
- - - -
- wordpress?() - click to toggle source -
- - -
- -

check if the target website is actually running wordpress.

- - - -
-
-# File lib/wpscan/wp_target.rb, line 33
-def wordpress?
-  wordpress = false
-
-  response = Browser.instance.get_and_follow_location(@uri.to_s)
-
-  if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/
-    wordpress = true
-  else
-    response = Browser.instance.get_and_follow_location(xml_rpc_url)
-
-    if response.body =~ %{XML-RPC server accepts POST requests only}
-      wordpress = true
-    else
-      response = Browser.instance.get_and_follow_location(login_url)
-
-      if response.code == 200 && response.body =~ %{WordPress}
-        wordpress = true
-      end
-    end
-  end
-
-  wordpress
-end
-
- -
- - - - -
- - -
- - - -
- wp_content_dir() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 96
-def wp_content_dir
-  unless @wp_content_dir
-    index_body = Browser.instance.get(@uri.to_s).body
-    uri_path = @uri.path # Only use the path because domain can be text or an IP
-
-    if index_body[/\/wp-content\/(?:themes|plugins)\//] || default_wp_content_dir_exists?
-      @wp_content_dir = 'wp-content'
-    else
-      domains_excluded = '(?:www\.)?(facebook|twitter)\.com'
-      @wp_content_dir  = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^"']+)\/(?:themes|plugins)\/.*(?:"|')/, 1]
-    end
-  end
-
-  @wp_content_dir
-end
-
- -
- - - - -
- - -
- - - -
- wp_plugins_dir() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 123
-def wp_plugins_dir
-  unless @wp_plugins_dir
-    @wp_plugins_dir = "#{wp_content_dir}/plugins"
-  end
-  @wp_plugins_dir
-end
-
- -
- - - - -
- - -
- - - -
- wp_plugins_dir_exists?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wp_target.rb, line 130
-def wp_plugins_dir_exists?
-  Browser.instance.get(@uri.merge(wp_plugins_dir)).code != 404
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTheme.html b/doc/WpTheme.html deleted file mode 100644 index eee984aa..00000000 --- a/doc/WpTheme.html +++ /dev/null @@ -1,471 +0,0 @@ - - - - - - - Class: WpTheme - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

WpItem

- -
- - - - - - -
-

Namespace

- -
- - - - -
-

Methods

- -
- - - - -
-

Included Modules

- -
- -
- - -
- -
-

WpTheme

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - - - -
- style_url[W] -
- -
- - - -
-
- -
- - - - -
-

Public Instance Methods

- - -
- - - -
- allowed_options() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/models/wp_theme.rb, line 13
-def allowed_options; super << :style_url end
-
- -
- - - - -
- - -
- - - -
- forge_uri(target_base_uri) - click to toggle source -
- - -
- -

Sets the @uri

- -

@param [ URI ] target_base_uri The URI of the wordpress blog

- -

@return [ void ]

- - - -
-
-# File lib/common/models/wp_theme.rb, line 20
-def forge_uri(target_base_uri)
-  @uri = target_base_uri.merge(URI.encode(wp_content_dir + '/themes/' + name + '/'))
-end
-
- -
- - - - -
- - -
- - - -
- style_url() - click to toggle source -
- - -
- -

@return [ String ] The url to the theme stylesheet

- - - -
-
-# File lib/common/models/wp_theme.rb, line 25
-def style_url
-  unless @style_url
-    @style_url = uri.merge('style.css').to_s
-  end
-  @style_url
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTheme/Findable.html b/doc/WpTheme/Findable.html deleted file mode 100644 index 98792c59..00000000 --- a/doc/WpTheme/Findable.html +++ /dev/null @@ -1,449 +0,0 @@ - - - - - - - Module: WpTheme::Findable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpTheme::Findable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- find(target_uri) - click to toggle source -
- - -
- -

Find the main theme of the blog

- -

@param [ URI ] target_uri

- -

@return [ WpTheme ]

- - - -
-
-# File lib/common/models/wp_theme/findable.rb, line 10
-def find(target_uri)
-  methods.grep(/^find_from_/).each do |method|
-    if wp_theme = self.send(method, target_uri)
-      wp_theme.found_from = method
-
-      return wp_theme
-    end
-  end
-  nil
-end
-
- -
- - - - -
- - -
- -
-

Protected Instance Methods

- - -
- - - -
- find_from_css_link(target_uri) - click to toggle source -
- - -
- -

Discover the wordpress theme by parsing the css link rel

- -

@param [ URI ] target_uri

- -

@return [ WpTheme ]

- - - - - -
- - - - -
- - -
- - - -
- find_from_wooframework(target_uri) - click to toggle source -
- - -
- -

code.google.com/p/wpscan/issues/detail?id=141

- -

@param [ URI ] target_uri

- -

@return [ WpTheme ]

- - - -
-
-# File lib/common/models/wp_theme/findable.rb, line 50
-def find_from_wooframework(target_uri)
-  body = Browser.instance.get(target_uri.to_s).body
-  regexp = %{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}
-
-
-  if matches = regexp.match(body)
-    woo_theme_name = matches[1]
-    woo_theme_version = matches[2]
-    #woo_framework_version = matches[3] # Not used at this time

-
-    return new(
-      target_uri,
-      {
-        name:    woo_theme_name,
-        version: woo_theme_version
-      }
-    )
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTheme/Versionable.html b/doc/WpTheme/Versionable.html deleted file mode 100644 index 73bbe366..00000000 --- a/doc/WpTheme/Versionable.html +++ /dev/null @@ -1,330 +0,0 @@ - - - - - - - Module: WpTheme::Versionable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpTheme::Versionable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- version() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/models/wp_theme/versionable.rb, line 5
-def version
-  unless @version
-    @version = Browser.instance.get(style_url).body[%{Version:\s([^\s]+)}, 1]
-
-    # Get Version from readme.txt

-    @version ||= super
-  end
-  @version
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTheme/Vulnerable.html b/doc/WpTheme/Vulnerable.html deleted file mode 100644 index fc54a79e..00000000 --- a/doc/WpTheme/Vulnerable.html +++ /dev/null @@ -1,362 +0,0 @@ - - - - - - - Module: WpTheme::Vulnerable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpTheme::Vulnerable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- vulns_file() - click to toggle source -
- - -
- -

@return [ String ] The path to the file containing vulnerabilities

- - - -
-
-# File lib/common/models/wp_theme/vulnerable.rb, line 6
-def vulns_file
-  unless @vulns_file
-    @vulns_file = THEMES_VULNS_FILE
-  end
-  @vulns_file
-end
-
- -
- - - - -
- - -
- - - -
- vulns_xpath() - click to toggle source -
- - -
- -

@return [ String ]

- - - -
-
-# File lib/common/models/wp_theme/vulnerable.rb, line 14
-def vulns_xpath
-  "//theme[@name='#{@name}']/vulnerability"
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpThemes.html b/doc/WpThemes.html deleted file mode 100644 index b5851555..00000000 --- a/doc/WpThemes.html +++ /dev/null @@ -1,296 +0,0 @@ - - - - - - - Class: WpThemes - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

WpItems

- -
- - - - - - -
-

Namespace

- -
- - - - - -
- - -
- -
-

WpThemes

- -
- -
- - - - -
- - - - - - - - - - -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpThemes/Detectable.html b/doc/WpThemes/Detectable.html deleted file mode 100644 index 984f4fe0..00000000 --- a/doc/WpThemes/Detectable.html +++ /dev/null @@ -1,359 +0,0 @@ - - - - - - - Module: WpThemes::Detectable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
- - - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpThemes::Detectable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- item_xpath() - click to toggle source -
- - -
- -

@return [ String ]

- - - -
-
-# File lib/common/collections/wp_themes/detectable.rb, line 11
-def item_xpath
-  '//theme'
-end
-
- -
- - - - -
- - -
- - - -
- vulns_file() - click to toggle source -
- - -
- -

@return [ String ]

- - - -
-
-# File lib/common/collections/wp_themes/detectable.rb, line 6
-def vulns_file
-  THEMES_VULNS_FILE
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTimthumb.html b/doc/WpTimthumb.html deleted file mode 100644 index d965b250..00000000 --- a/doc/WpTimthumb.html +++ /dev/null @@ -1,377 +0,0 @@ - - - - - - - Class: WpTimthumb - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

WpItem

- -
- - - - - - -
-

Namespace

- -
- - - - -
-

Methods

- -
- - - - -
-

Included Modules

- -
- -
- - -
- -
-

WpTimthumb

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- ==(other) - click to toggle source -
- - -
- -

@param [ WpTimthumb ] other

- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_timthumb.rb, line 14
-def ==(other)
-  url == other.url
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTimthumb/Existable.html b/doc/WpTimthumb/Existable.html deleted file mode 100644 index 381c73d2..00000000 --- a/doc/WpTimthumb/Existable.html +++ /dev/null @@ -1,327 +0,0 @@ - - - - - - - Module: WpTimthumb::Existable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpTimthumb::Existable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- exists_from_response?(response, options = {}) - click to toggle source -
- - -
- -

@param [ Typhoeus::Response ] -response @param [ Hash ] options

- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_timthumb/existable.rb, line 9
-def exists_from_response?(response, options = {})
-  response.code == 400 && response.body =~ /no image specified/ ? true : false
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTimthumb/Output.html b/doc/WpTimthumb/Output.html deleted file mode 100644 index 67674de8..00000000 --- a/doc/WpTimthumb/Output.html +++ /dev/null @@ -1,324 +0,0 @@ - - - - - - - Module: WpTimthumb::Output - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpTimthumb::Output

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- output() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/models/wp_timthumb/output.rb, line 5
-def output
-  puts ' | ' + red('[!]') + " #{self}"
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTimthumb/Versionable.html b/doc/WpTimthumb/Versionable.html deleted file mode 100644 index b0fd9f51..00000000 --- a/doc/WpTimthumb/Versionable.html +++ /dev/null @@ -1,366 +0,0 @@ - - - - - - - Module: WpTimthumb::Versionable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
- - - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpTimthumb::Versionable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- to_s() - click to toggle source -
- - -
- -

@return [ String ]

- - - -
-
-# File lib/common/models/wp_timthumb/versionable.rb, line 18
-def to_s
-  "#{url}#{ ' v' + version if version}"
-end
-
- -
- - - - -
- - -
- - - -
- version() - click to toggle source -
- - -
- -

Get the version from the body of an invalid request See code.google.com/p/timthumb/source/browse/trunk/timthumb.php#426

- -

@return [ String ] The version

- - - -
-
-# File lib/common/models/wp_timthumb/versionable.rb, line 9
-def version
-  unless @version
-    response = Browser.instance.get(url)
-    @version = response.body[%{TimThumb version\s*: ([^<]+)} , 1]
-  end
-  @version
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTimthumbs.html b/doc/WpTimthumbs.html deleted file mode 100644 index d8b9d507..00000000 --- a/doc/WpTimthumbs.html +++ /dev/null @@ -1,296 +0,0 @@ - - - - - - - Class: WpTimthumbs - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

WpItems

- -
- - - - - - -
-

Namespace

- -
- - - - - -
- - -
- -
-

WpTimthumbs

- -
- -
- - - - -
- - - - - - - - - - -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpTimthumbs/Detectable.html b/doc/WpTimthumbs/Detectable.html deleted file mode 100644 index aef7c919..00000000 --- a/doc/WpTimthumbs/Detectable.html +++ /dev/null @@ -1,519 +0,0 @@ - - - - - - - Module: WpTimthumbs::Detectable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
- - - -
- -
- - - - - - - - - - - - -
- - -
- -
-

WpTimthumbs::Detectable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- passive_detection(wp_target, options = {}) - click to toggle source -
- - -
- -

No passive detection

- -

@param [ WpTarget ] wp_target @param [ Hash -] options

- -

@return [ WpTimthumbs ]

- - - -
-
-# File lib/common/collections/wp_timthumbs/detectable.rb, line 11
-def passive_detection(wp_target, options = {})
-  new
-end
-
- -
- - - - -
- - -
- -
-

Protected Instance Methods

- - -
- - - -
- create_item(wp_target, path = nil) - click to toggle source -
- - -
- -

@param [ WpTarget ] wp_target @option [ -String ] path

- -

@return [ WpTimthumb ]

- - - -
-
-# File lib/common/collections/wp_timthumbs/detectable.rb, line 71
-def create_item(wp_target, path = nil)
-  options = {
-    wp_content_dir: wp_target.wp_content_dir,
-    wp_plugins_dir: wp_target.wp_plugins_dir
-  }
-
-  options.merge!(path: path) if path
-
-  WpTimthumb.new(wp_target.uri, options)
-end
-
- -
- - - - -
- - -
- - - -
- targets_items(wp_target, options = {}) - click to toggle source -
- - -
- -

@param [ WpTarget ] wp_target @param [ Hash -] options @option options [ String ] :file The path to the file containing -the targets @option options [ String ] :theme_name

- -

@return [ Array<WpTimthumb> ]

- - - -
-
-# File lib/common/collections/wp_timthumbs/detectable.rb, line 23
-def targets_items(wp_target, options = {})
-  targets = options[:theme_name] ? theme_timthumbs(options[:theme_name], wp_target) : []
-
-  if options[:file]
-    targets += targets_items_from_file(options[:file], wp_target)
-  end
-
-  targets.uniq { |i| i.url }
-end
-
- -
- - - - -
- - -
- - - -
- targets_items_from_file(file, wp_target) - click to toggle source -
- - -
- -

@param [ String ] file @param [ WpTarget ] -wp_target

- -

@return [ Array<WpTimthumb> ]

- - - -
-
-# File lib/common/collections/wp_timthumbs/detectable.rb, line 56
-def targets_items_from_file(file, wp_target)
-  targets = []
-
-  File.open(file, 'r') do |f|
-    f.readlines.collect do |path|
-      targets << create_item(wp_target, path.strip)
-    end
-  end
-  targets
-end
-
- -
- - - - -
- - -
- - - -
- theme_timthumbs(theme_name, wp_target) - click to toggle source -
- - -
- -

@param [ String ] theme_name @param [ WpTarget ] wp_target

- -

@return [ Array<WpTimthumb> ]

- - - -
-
-# File lib/common/collections/wp_timthumbs/detectable.rb, line 37
-def theme_timthumbs(theme_name, wp_target)
-  targets     = []
-  wp_timthumb = create_item(wp_target)
-
-  %{
-    timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
-    scripts/timthumb.php tools/timthumb.php functions/timthumb.php
-  }.each do |path|
-    wp_timthumb.path = "$wp-content$/themes/#{theme_name}/#{path}"
-
-    targets << wp_timthumb.dup
-  end
-  targets
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpUser.html b/doc/WpUser.html deleted file mode 100644 index 68af57a5..00000000 --- a/doc/WpUser.html +++ /dev/null @@ -1,616 +0,0 @@ - - - - - - - Class: WpUser - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

WpItem

- -
- - - - - - -
-

Namespace

- -
- - - - -
-

Methods

- -
- - - - -
-

Included Modules

- -
- -
- - -
- -
-

WpUser

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - - - -
- display_name[RW] -
- -
- - - -
-
- -
- - - - -
- id[RW] -
- -
- - - -
-
- -
- - - - -
- login[RW] -
- -
- - - -
-
- -
- - - - -
- password[RW] -
- -
- - - -
-
- -
- - - - -
-

Public Instance Methods

- - -
- - - -
- <=>(other) - click to toggle source -
- - -
- -

@param [ WpUser ] other

- - - -
-
-# File lib/common/models/wp_user.rb, line 30
-def <=>(other)
-  id <=> other.id
-end
-
- -
- - - - -
- - -
- - - -
- ==(other) - click to toggle source -
- - -
- -

@param [ WpUser ] other

- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_user.rb, line 37
-def ==(other)
-  self === other
-end
-
- -
- - - - -
- - -
- - - -
- ===(other) - click to toggle source -
- - -
- -

@param [ WpUser ] other

- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_user.rb, line 44
-def ===(other)
-  id === other.id && login === other.login
-end
-
- -
- - - - -
- - -
- - - -
- allowed_options() - click to toggle source -
- - -
- -

@return [ Array<Symbol> ]

- - - -
-
-# File lib/common/models/wp_user.rb, line 10
-def allowed_options; [:id, :login, :display_name, :password] end
-
- -
- - - - -
- - -
- - - -
- to_s() - click to toggle source -
- - -
- -

@return [ String ]

- - - -
-
-# File lib/common/models/wp_user.rb, line 22
-def to_s
-  s  = "#{id}"
-  s += " | #{login}" if login
-  s += " | #{display_name}" if display_name
-  s
-end
-
- -
- - - - -
- - -
- - - -
- uri() - click to toggle source -
- - -
- -

@return [ URI ] The uri to the auhor page

- - - -
-
-# File lib/common/models/wp_user.rb, line 13
-def uri
-  if id
-    return @uri.merge("?author=#{id}")
-  else
-    raise 'The id is nil'
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpUser/Existable.html b/doc/WpUser/Existable.html deleted file mode 100644 index a464adf3..00000000 --- a/doc/WpUser/Existable.html +++ /dev/null @@ -1,468 +0,0 @@ - - - - - - - Module: WpUser::Existable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - - - - - -
- - -
- -
-

WpUser::Existable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Class Methods

- - -
- - - -
- display_name_from_body(body) - click to toggle source -
- - -
- -

@note Some bodies are encoded in ASCII-8BIT, and Nokogiri doesn’t support -it

- -
So it's forced to UTF-8 when this encoding is detected
- -

@param [ String ] body

- -

@return [ String ] The display_name

- - - -
-
-# File lib/common/models/wp_user/existable.rb, line 63
-def self.display_name_from_body(body)
-  if title_tag = body[%{<title>([^<]+)</title>}, 1]
-    title_tag.force_encoding('UTF-8') if title_tag.encoding == Encoding::ASCII_8BIT
-    title_tag = Nokogiri::HTML::DocumentFragment.parse(title_tag).to_s
-    # &amp; are not decoded with Nokogiri

-    title_tag.sub!('&amp;', '&')
-
-    name = title_tag[%{([^|«]+) }, 1]
-
-    return name.strip if name
-  end
-end
-
- -
- - - - -
- - -
- - - -
- login_from_author_pattern(text) - click to toggle source -
- - -
- -

@param [ String ] text

- -

@return [ String ] The login

- - - -
-
-# File lib/common/models/wp_user/existable.rb, line 38
-def self.login_from_author_pattern(text)
-  text[%{/author/([^/\b]+)/?}, 1]
-end
-
- -
- - - - -
- - -
- - - -
- login_from_body(body) - click to toggle source -
- - -
- -

@param [ String ] body

- -

@return [ String ] The login

- - - -
-
-# File lib/common/models/wp_user/existable.rb, line 45
-def self.login_from_body(body)
-  # Feed URL with Permalinks

-  login = WpUser::Existable.login_from_author_pattern(body)
-
-  unless login
-    # No Permalinks

-    login = body[%{<body class="archive author author-([^\s]+) author-(\d+)}, 1]
-  end
-
-  login
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- exists_from_response?(response, options = {}) - click to toggle source -
- - -
- -

@param [ Typhoeus::Response ] -response @param [ Hash ] options

- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_user/existable.rb, line 9
-def exists_from_response?(response, options = {})
-  load_from_response(response)
-
-  @login ? true : false
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpUsers.html b/doc/WpUsers.html deleted file mode 100644 index 66afec11..00000000 --- a/doc/WpUsers.html +++ /dev/null @@ -1,313 +0,0 @@ - - - - - - - Class: WpUsers - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

WpItems

- -
- - - - - - -
-

Namespace

- -
- - - - - - -
-

Included Modules

- -
- -
- - -
- -
-

WpUsers

- -
- -
- - - - -
- - - - - - - - - - -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpUsers/Detectable.html b/doc/WpUsers/Detectable.html deleted file mode 100644 index 7e08dd43..00000000 --- a/doc/WpUsers/Detectable.html +++ /dev/null @@ -1,409 +0,0 @@ - - - - - - - Module: WpUsers::Detectable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
- - - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpUsers::Detectable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- passive_detection(wp_target, options = {}) - click to toggle source -
- - -
- -

No passive detection

- -

@return [ WpUsers ]

- - - -
-
-# File lib/common/collections/wp_users/detectable.rb, line 11
-def passive_detection(wp_target, options = {})
-  new
-end
-
- -
- - - - -
- - -
- - - -
- request_params() - click to toggle source -
- - -
- -

@return [ Hash ]

- - - -
-
-# File lib/common/collections/wp_users/detectable.rb, line 6
-def request_params; {} end
-
- -
- - - - -
- - -
- -
-

Protected Instance Methods

- - -
- - - -
- targets_items(wp_target, options = {}) - click to toggle source -
- - -
- -

@param [ WpTarget ] wp_target @param [ Hash -] options @option options [ Range ] :range ((1..10))

- -

@return [ Array<WpUser> ]

- - - -
-
-# File lib/common/collections/wp_users/detectable.rb, line 22
-def targets_items(wp_target, options = {})
-  range   = options[:range] || (1..10)
-  targets = []
-
-  range.each do |user_id|
-    targets << WpUser.new(wp_target.uri, id: user_id)
-  end
-  targets
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpUsers/Output.html b/doc/WpUsers/Output.html deleted file mode 100644 index d78b0dab..00000000 --- a/doc/WpUsers/Output.html +++ /dev/null @@ -1,341 +0,0 @@ - - - - - - - Module: WpUsers::Output - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpUsers::Output

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- output(left_margin = '') - click to toggle source -
- - -
- -

TODO : create a generic method to output tabs

- - - -
-
-# File lib/common/collections/wp_users/output.rb, line 6
-def output(left_margin = '')
-  max_id_length = self.sort { |a, b| a.id.to_s.length <=> b.id.to_s.length }.last.id.to_s.length
-  max_login_length = self.sort { |a, b| a.login.length <=> b.login.length }.last.login.length
-  max_display_name_length = self.sort { |a, b| a.display_name.length <=> b.display_name.length }.last.display_name.length
-
-  inner_space         = 2
-  id_length           = (max_id_length + inner_space * 2) /2 *2
-  login_length        = max_login_length + inner_space * 2
-  display_name_length = max_display_name_length + inner_space * 2
-
-  puts left_margin + '+' * (id_length + login_length + display_name_length + 4)
-  puts left_margin + '|' + 'id'.center(id_length) + '|' + 'login'.center(login_length) + '|' + 'display name'.center(display_name_length) + '|'
-  puts left_margin + '|' + '+' * (id_length + login_length + display_name_length + 2) + '|'
-
-  self.each do |u|
-    puts left_margin + '|' + u.id.to_s.center(id_length) + '|' +  u.login.center(login_length) + '|' + u.display_name.center(display_name_length) + '|'
-  end
-
-  puts left_margin + '+' * (id_length + login_length + display_name_length + 4)
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpVersion.html b/doc/WpVersion.html deleted file mode 100644 index b71367dd..00000000 --- a/doc/WpVersion.html +++ /dev/null @@ -1,430 +0,0 @@ - - - - - - - Class: WpVersion - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- - - -
- - -
-

Parent

- -

WpItem

- -
- - - - - - -
-

Namespace

- -
- - - - -
-

Methods

- -
- - - - -
-

Included Modules

- -
- -
- - -
- -
-

WpVersion

- -
- -
- - - - -
- - - - - - - - -
-

Attributes

- - -
- - - - -
- number[RW] -
- -
- -

The version number

- -
-
- -
- - - - -
-

Public Instance Methods

- - -
- - - -
- ==(other) - click to toggle source -
- - -
- -

@param [ WpVersion ] other

- -

@return [ Boolean ]

- - - -
-
-# File lib/common/models/wp_version.rb, line 21
-def ==(other)
-  number == other.number
-end
-
- -
- - - - -
- - -
- - - -
- allowed_options() - click to toggle source -
- - -
- -

@return [ Array ]

- - - -
-
-# File lib/common/models/wp_version.rb, line 16
-def allowed_options; super << :number << :found_from end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpVersion/Findable.html b/doc/WpVersion/Findable.html deleted file mode 100644 index 8f63802e..00000000 --- a/doc/WpVersion/Findable.html +++ /dev/null @@ -1,803 +0,0 @@ - - - - - - - Module: WpVersion::Findable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- - - - -
- -
-

WpVersion::Findable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml) - click to toggle source -
- - -
- -

Find the version of the blog designated from target_uri

- -

@param [ URI ] target_uri @param [ String ] -wp_content_dir @param [ String ] wp_plugins_dir

- -

@return [ WpVersion ]

- - - -
-
-# File lib/common/models/wp_version/findable.rb, line 13
-def find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
-  methods.grep(/find_from_/).each do |method|
-
-    if method === :find_from_advanced_fingerprinting
-      version = send(method, target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
-    else
-      version = send(method, target_uri)
-    end
-
-    if version
-      return new(target_uri, number: version, found_from: method)
-    end
-  end
-  nil
-end
-
- -
- - - - -
- - -
- - - -
- version_pattern() - click to toggle source -
- - -
- -

Used to check if the version is correct: must contain at least one dot.

- -

@return [ String ]

- - - -
-
-# File lib/common/models/wp_version/findable.rb, line 32
-def version_pattern
-  '([^\r\n"\]+\.[^\r\n"\]+)'
-end
-
- -
- - - - -
- - -
- -
-

Protected Instance Methods

- - -
- - - -
- find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir, versions_xml) - click to toggle source -
- - -
- -

Uses data/wp_versions.xml to try to identify a wordpress version.

- -

It does this by using client side file hashing

- -

/!\ Warning : this method might return false positive if the file used for -fingerprinting is part of a theme (they can be updated)

- -

@param [ URI ] target_uri @param [ String ] -wp_content_dir @param [ String ] wp_plugins_dir @param [ String ] -versions_xml The path to the xml containing all versions

- -

@return [ String ] The version number

- - - -
-
-# File lib/common/models/wp_version/findable.rb, line 153
-def find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
-  xml     = xml(versions_xml)
-
-  # This wp_item will take care of encoding the path

-  # and replace variables like $wp-content$ & $wp-plugins$

-  wp_item = WpItem.new(target_uri,
-                       wp_content_dir: wp_content_dir,
-                       wp_plugins_dir: wp_plugins_dir)
-
-  xml.xpath('//file').each do |node|
-    wp_item.path = node.attribute('src').text
-
-    response = Browser.instance.get(wp_item.url)
-    md5sum = Digest::MD5.hexdigest(response.body)
-
-    node.search('hash').each do |hash|
-      if hash.attribute('md5').text == md5sum
-        return hash.search('version').text
-      end
-    end
-  end
-  nil
-end
-
- -
- - - - -
- - -
- - - -
- find_from_atom_generator(target_uri) - click to toggle source -
- - -
- -

Attempts to find the WordPress version from, the generator tag in the Atom -source.

- -

@param [ URI ] target_uri

- -

@return [ String ] The version number

- - - -
-
-# File lib/common/models/wp_version/findable.rb, line 120
-def find_from_atom_generator(target_uri)
-  scan_url(
-    target_uri,
-    %{<generator uri="http://wordpress.org/" version="#{version_pattern}">WordPress</generator>},
-    'feed/atom/'
-  )
-end
-
- -
- - - - -
- - -
- - - -
- find_from_links_opml(target_uri) - click to toggle source -
- - -
- -

Attempts to find the WordPress version from the p-links-opml.php file.

- -

@param [ URI ] target_uri

- -

@return [ String ] The version number

- - - - - -
- - - - -
- - -
- - - -
- find_from_meta_generator(target_uri) - click to toggle source -
- - -
- -

Attempts to find the wordpress version from, the generator meta tag in the -html source.

- -

The meta tag can be removed however it seems, that it is reinstated on -upgrade.

- -

@param [ URI ] target_uri

- -

@return [ String ] The version number

- - - -
-
-# File lib/common/models/wp_version/findable.rb, line 67
-def find_from_meta_generator(target_uri)
-  scan_url(
-    target_uri,
-    %{name="generator" content="wordpress #{version_pattern}"}
-  )
-end
-
- -
- - - - -
- - -
- - - -
- find_from_rdf_generator(target_uri) - click to toggle source -
- - -
- -

Attempts to find WordPress version from, the generator tag in the RDF feed -source.

- -

@param [ URI ] target_uri

- -

@return [ String ] The version number

- - - -
-
-# File lib/common/models/wp_version/findable.rb, line 94
-def find_from_rdf_generator(target_uri)
-  scan_url(
-    target_uri,
-    %{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{version_pattern}" />},
-    'feed/rdf/'
-  )
-end
-
- -
- - - - -
- - -
- - - -
- find_from_readme(target_uri) - click to toggle source -
- - -
- -

Attempts to find the WordPress version from the readme.html file.

- -

@param [ URI ] target_uri

- -

@return [ String ] The version number

- - - -
-
-# File lib/common/models/wp_version/findable.rb, line 182
-def find_from_readme(target_uri)
-  scan_url(
-    target_uri,
-    %{<br />\sversion #{version_pattern}},
-    'readme.html'
-  )
-end
-
- -
- - - - -
- - -
- - - -
- find_from_rss_generator(target_uri) - click to toggle source -
- - -
- -

Attempts to find the WordPress version from, the generator tag in the RSS -feed source.

- -

@param [ URI ] target_uri

- -

@return [ String ] The version number

- - - -
-
-# File lib/common/models/wp_version/findable.rb, line 80
-def find_from_rss_generator(target_uri)
-  scan_url(
-    target_uri,
-    %{<generator>http://wordpress.org/\?v=#{version_pattern}</generator>},
-    'feed/'
-  )
-end
-
- -
- - - - -
- - -
- - - -
- find_from_sitemap_generator(target_uri) - click to toggle source -
- - -
- -

Attempts to find the WordPress version from the sitemap.xml file.

- -

See: code.google.com/p/wpscan/issues/detail?id=109

- -

@param [ URI ] target_uri

- -

@return [ String ] The version number

- - - -
-
-# File lib/common/models/wp_version/findable.rb, line 197
-def find_from_sitemap_generator(target_uri)
-  scan_url(
-    target_uri,
-    %{generator="wordpress/#{version_pattern}"},
-    'sitemap.xml'
-  )
-end
-
- -
- - - - -
- - -
- - - -
- scan_url(target_uri, pattern, path = nil) - click to toggle source -
- - -
- -

Returns the first match of <pattern> in the body of the url

- -

@param [ URI ] target_uri @param [ Regex ] -pattern @param [ String ] path

- -

@return [ String ]

- - - -
-
-# File lib/common/models/wp_version/findable.rb, line 45
-def scan_url(target_uri, pattern, path = nil)
-  url = path ? target_uri.merge(path).to_s : target_uri.to_s
-  response = Browser.instance.get_and_follow_location(url)
-
-  response.body[pattern, 1]
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpVersion/Output.html b/doc/WpVersion/Output.html deleted file mode 100644 index 9f68105a..00000000 --- a/doc/WpVersion/Output.html +++ /dev/null @@ -1,333 +0,0 @@ - - - - - - - Module: WpVersion::Output - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpVersion::Output

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- output() - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/models/wp_version/output.rb, line 5
-def output
-  puts green('[+]') + " WordPress version #{self.number} identified from #{self.found_from}"
-
-  vulnerabilities = self.vulnerabilities
-
-  unless vulnerabilities.empty?
-    puts
-    puts red('[!]') + " We have identified #{vulnerabilities.size} vulnerabilities from the version number :"
-
-    vulnerabilities.output
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpVersion/Vulnerable.html b/doc/WpVersion/Vulnerable.html deleted file mode 100644 index 00642cdd..00000000 --- a/doc/WpVersion/Vulnerable.html +++ /dev/null @@ -1,362 +0,0 @@ - - - - - - - Module: WpVersion::Vulnerable - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- -
- - - - - - - - -
-

Methods

- -
- - - -
- - -
- -
-

WpVersion::Vulnerable

- -
- -
- - - - -
- - - - - - - - - - -
-

Public Instance Methods

- - -
- - - -
- vulns_file() - click to toggle source -
- - -
- -

@return [ String ] The path to the file containing vulnerabilities

- - - -
-
-# File lib/common/models/wp_version/vulnerable.rb, line 6
-def vulns_file
-  unless @vulns_file
-    @vulns_file = WP_VULNS_FILE
-  end
-  @vulns_file
-end
-
- -
- - - - -
- - -
- - - -
- vulns_xpath() - click to toggle source -
- - -
- -

@return [ String ]

- - - -
-
-# File lib/common/models/wp_version/vulnerable.rb, line 14
-def vulns_xpath
-  "//wordpress[@version='#{@number}']/vulnerability"
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/WpscanOptions.html b/doc/WpscanOptions.html deleted file mode 100644 index 5ba7f08d..00000000 --- a/doc/WpscanOptions.html +++ /dev/null @@ -1,1221 +0,0 @@ - - - - - - - Class: WpscanOptions - - - - - - - - - - - -
-
-
-

- Home - Classes - Methods -

-
-
- -
-
-

In Files

-
- -
-
- - -
- - - - -
- -
-

WpscanOptions

- -
- -
- - - - -
- - - - - - -
-

Constants

-
- -
ACCESSOR_OPTIONS
- -
- - -
-
- - - - - - -
-

Public Class Methods

- - -
- - - -
- load_from_arguments() - click to toggle source -
- - -
- -

Will load the options from ARGV return WpscanOptions

- - - -
-
-# File lib/wpscan/wpscan_options.rb, line 148
-def self.load_from_arguments
-  wpscan_options = WpscanOptions.new
-
-  if ARGV.length > 0
-    WpscanOptions.get_opt_long.each do |opt, arg|
-      wpscan_options.set_option_from_cli(opt, arg)
-    end
-  end
-
-  wpscan_options
-end
-
- -
- - - - -
- - -
- - - -
- new() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 35
-def initialize
-  ACCESSOR_OPTIONS.each do |option|
-    instance_variable_set("@#{option}", nil)
-  end
-end
-
- -
- - - - -
- - -
- -
-

Protected Class Methods

- - -
- - - -
- clean_option(option) - click to toggle source -
- - -
- -

Will removed the ‘-’ or ‘–’ chars at the beginning of option and replace -any remaining ‘-’ by ‘_’

- -

param string option return string

- - - -
-
-# File lib/wpscan/wpscan_options.rb, line 246
-def self.clean_option(option)
-  cleaned_option = option.gsub(/^--?/, '')
-  cleaned_option.gsub(/-/, '_')
-end
-
- -
- - - - -
- - -
- - - -
- get_opt_long() - click to toggle source -
- - -
- -

Even if a short option is given (IE : -u), the long one will be returned -(IE : –url)

- - - -
-
-# File lib/wpscan/wpscan_options.rb, line 215
-def self.get_opt_long
-  GetoptLong.new(
-    ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
-    ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT],
-    ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT],
-    ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT],
-    ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT],
-    ['--force', '-f', GetoptLong::NO_ARGUMENT],
-    ['--help', '-h', GetoptLong::NO_ARGUMENT],
-    ['--verbose', '-v', GetoptLong::NO_ARGUMENT],
-    ['--proxy', GetoptLong::REQUIRED_ARGUMENT],
-    ['--proxy-auth', GetoptLong::REQUIRED_ARGUMENT],
-    ['--update', GetoptLong::NO_ARGUMENT],
-    ['--follow-redirection', GetoptLong::NO_ARGUMENT],
-    ['--wp-content-dir', GetoptLong::REQUIRED_ARGUMENT],
-    ['--wp-plugins-dir', GetoptLong::REQUIRED_ARGUMENT],
-    ['--config-file', '-c', GetoptLong::REQUIRED_ARGUMENT],
-    ['--exclude-content-based', GetoptLong::REQUIRED_ARGUMENT],
-    ['--basic-auth', GetoptLong::REQUIRED_ARGUMENT]
-  )
-end
-
- -
- - - - -
- - -
- - - -
- is_long_option?(option) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 237
-def self.is_long_option?(option)
-  ACCESSOR_OPTIONS.include?(:"#{WpscanOptions.clean_option(option)}")
-end
-
- -
- - - - -
- - -
- - - -
- option_to_instance_variable_setter(option) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 251
-def self.option_to_instance_variable_setter(option)
-  cleaned_option = WpscanOptions.clean_option(option)
-  option_syms = ACCESSOR_OPTIONS.grep(%{^#{cleaned_option}$})
-
-  option_syms.length == 1 ? :"#{option_syms.at(0)}=" : nil
-end
-
- -
- - - - -
- - -
- -
-

Public Instance Methods

- - -
- - - -
- basic_auth=(basic_auth) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 123
-def basic_auth=(basic_auth)
-  raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil?
-  @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
-end
-
- -
- - - - -
- - -
- - - -
- enumerate_all_plugins=(enumerate_all_plugins) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 91
-def enumerate_all_plugins=(enumerate_all_plugins)
-  if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true)
-    raise 'Please choose only one plugin enumeration option'
-  else
-    @enumerate_all_plugins = enumerate_all_plugins
-  end
-end
-
- -
- - - - -
- - -
- - - -
- enumerate_all_themes=(enumerate_all_themes) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 115
-def enumerate_all_themes=(enumerate_all_themes)
-  if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true)
-    raise 'Please choose only one theme enumeration option'
-  else
-    @enumerate_all_themes = enumerate_all_themes
-  end
-end
-
- -
- - - - -
- - -
- - - -
- enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 83
-def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins)
-  if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true)
-    raise 'Please choose only one plugin enumeration option'
-  else
-    @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins
-  end
-end
-
- -
- - - - -
- - -
- - - -
- enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 107
-def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
-  if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true)
-    raise 'Please choose only one theme enumeration option'
-  else
-    @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
-  end
-end
-
- -
- - - - -
- - -
- - - -
- enumerate_options_from_string(value) - click to toggle source -
- - -
- -

Will set enumerate_* from the string value IE : if value = vp => -:enumerate_only_vulnerable_plugins will be set to true multiple enumeration -are possible : ‘u,p’ => :enumerate_usernames and :enumerate_plugins -Special case for usernames, a range is possible : u will enumerate usernames from 1 to 10

- - - -
-
-# File lib/wpscan/wpscan_options.rb, line 183
-def enumerate_options_from_string(value)
-  # Usage of self is mandatory because there are overridden setters
-
-  value = value.split(',').map { |c| c.downcase }
-
-  self.enumerate_only_vulnerable_plugins = true if value.include?('vp')
-
-  self.enumerate_plugins = true if value.include?('p')
-
-  self.enumerate_all_plugins = true if value.include?('ap')
-
-  @enumerate_timthumbs = true if value.include?('tt')
-
-  self.enumerate_only_vulnerable_themes = true if value.include?('vt')
-
-  self.enumerate_themes = true if value.include?('t')
-
-  self.enumerate_all_themes = true if value.include?('at')
-
-  value.grep(/^u/) do |username_enum_value|
-    @enumerate_usernames = true
-    # Check for usernames range
-    matches = %{\[([\d]+)-([\d]+)\]}.match(username_enum_value)
-    if matches
-      @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i)
-    end
-  end
-
-end
-
- -
- - - - -
- - -
- - - -
- enumerate_plugins=(enumerate_plugins) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 75
-def enumerate_plugins=(enumerate_plugins)
-  if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true)
-    raise 'Please choose only one plugin enumeration option'
-  else
-    @enumerate_plugins = enumerate_plugins
-  end
-end
-
- -
- - - - -
- - -
- - - -
- enumerate_themes=(enumerate_themes) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 99
-def enumerate_themes=(enumerate_themes)
-  if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true)
-    raise 'Please choose only one theme enumeration option'
-  else
-    @enumerate_themes = enumerate_themes
-  end
-end
-
- -
- - - - -
- - -
- - - -
- has_options?() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 128
-def has_options?
-  !to_h.empty?
-end
-
- -
- - - - -
- - -
- - - -
- proxy=(proxy) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 59
-def proxy=(proxy)
-  if proxy.index(':') == nil
-    raise 'Invalid proxy format. Should be host:port.'
-  else
-    @proxy = proxy
-  end
-end
-
- -
- - - - -
- - -
- - - -
- proxy_auth=(auth) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 67
-def proxy_auth=(auth)
-  if auth.index(':') == nil
-    raise 'Invalid proxy auth format, username:password expected'
-  else
-    @proxy_auth = auth
-  end
-end
-
- -
- - - - -
- - -
- - - -
- set_option_from_cli(cli_option, cli_value) - click to toggle source -
- - -
- -

string cli_option : –url, -u, –proxy etc string cli_value : the option -value

- - - -
-
-# File lib/wpscan/wpscan_options.rb, line 162
-def set_option_from_cli(cli_option, cli_value)
-
-  if WpscanOptions.is_long_option?(cli_option)
-    self.send(
-        WpscanOptions.option_to_instance_variable_setter(cli_option),
-        cli_value
-    )
-  elsif cli_option === '--enumerate' # Special cases
-    # Default value if no argument is given
-    cli_value = 'vt,tt,u,vp' if cli_value.length == 0
-
-    enumerate_options_from_string(cli_value)
-  else
-    raise "Unknow option : #{cli_option} with value #{cli_value}"
-  end
-end
-
- -
- - - - -
- - -
- - - -
- threads=(threads) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 47
-def threads=(threads)
-  @threads = threads.is_a?(Integer) ? threads : threads.to_i
-end
-
- -
- - - - -
- - -
- - - -
- to_h() - click to toggle source -
- - -
- -

return Hash

- - - -
-
-# File lib/wpscan/wpscan_options.rb, line 133
-def to_h
-  options = {}
-
-  ACCESSOR_OPTIONS.each do |option|
-    instance_variable = instance_variable_get("@#{option}")
-
-    unless instance_variable.nil?
-      options[:"#{option}"] = instance_variable
-    end
-  end
-  options
-end
-
- -
- - - - -
- - -
- - - -
- url=(url) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 41
-def url=(url)
-  raise 'Empty URL given' if !url
-
-  @url = URI.parse(add_http_protocol(url)).to_s
-end
-
- -
- - - - -
- - -
- - - -
- wordlist=(wordlist) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpscan/wpscan_options.rb, line 51
-def wordlist=(wordlist)
-  if File.exists?(wordlist)
-    @wordlist = wordlist
-  else
-    raise "The file #{wordlist} does not exist"
-  end
-end
-
- -
- - - - -
- - -
- -
- - -
- -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - - - diff --git a/doc/created.rid b/doc/created.rid deleted file mode 100644 index 69060591..00000000 --- a/doc/created.rid +++ /dev/null @@ -1,75 +0,0 @@ -Fri, 05 Apr 2013 14:38:41 +0200 -./lib/wpscan/web_site.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpscan/modules/wp_full_path_disclosure.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpscan/modules/wp_config_backup.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpscan/modules/malwares.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpscan/modules/wp_readme.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpscan/modules/wp_login_protection.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpscan/modules/brute_force.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpscan/wp_target.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpscan/wpscan_options.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpscan/wpscan_helper.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/cache_file_store.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/typhoeus_cache.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/browser.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/models/vulnerability.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/models/wp_timthumb.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_version/output.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_version/findable.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_version/vulnerable.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_timthumb/output.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_timthumb/versionable.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_timthumb/existable.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_theme.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_user/existable.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_theme/findable.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_theme/versionable.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_theme/vulnerable.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_item/output.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/models/wp_item/findable.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/models/wp_item/infos.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/models/wp_item/versionable.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/models/wp_item/existable.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/models/wp_item/vulnerable.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_plugin.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_plugin/vulnerable.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/wp_item.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/models/wp_version.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/models/vulnerability/output.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/models/wp_user.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/common_helper.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_users.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_plugins/detectable.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/vulnerabilities.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/vulnerabilities/output.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_themes.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_items/output.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_items/detectable.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_themes/detectable.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_items.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_plugins.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_users/output.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_users/detectable.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_timthumbs.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/collections/wp_timthumbs/detectable.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/plugins/plugins.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/plugins/plugin.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/hacks.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/custom_option_parser.rb Fri, 05 Apr 2013 14:07:06 +0200 -./lib/common/updater/updater_factory.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/updater/git_updater.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/updater/updater.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/common/updater/svn_updater.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/environment.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpstools/plugins/list_generator/svn_parser.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpstools/plugins/list_generator/generate_list.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpstools/plugins/list_generator/list_generator_plugin.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpstools/plugins/checker/checker_plugin.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpstools/plugins/stats/stats_plugin.rb Fri, 05 Apr 2013 14:07:07 +0200 -./lib/wpstools/wpstools_helper.rb Fri, 05 Apr 2013 14:07:07 +0200 -./Gemfile Mon, 18 Mar 2013 10:03:40 +0100 -./README Wed, 03 Apr 2013 18:50:11 +0200 -./CREDITS Wed, 30 Jan 2013 14:08:28 +0100 -./wpscan.rb Fri, 05 Apr 2013 14:15:07 +0200 -./wpstools.rb Fri, 05 Apr 2013 14:07:07 +0200 -./LICENSE Fri, 05 Apr 2013 14:07:06 +0200 diff --git a/doc/index.html b/doc/index.html deleted file mode 100644 index de70c482..00000000 --- a/doc/index.html +++ /dev/null @@ -1,728 +0,0 @@ - - - - - - - - RDoc Documentation - - - - - - - - - - - - -

RDoc Documentation

- - -

This is the API documentation for 'RDoc Documentation'.

- - - - -

Files

- - - -

Classes/Modules

- - -

Methods

- - -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - diff --git a/doc/js/darkfish.js b/doc/js/darkfish.js deleted file mode 100644 index 84565c1e..00000000 --- a/doc/js/darkfish.js +++ /dev/null @@ -1,116 +0,0 @@ -/** - * - * Darkfish Page Functions - * $Id: darkfish.js 53 2009-01-07 02:52:03Z deveiant $ - * - * Author: Michael Granger - * - */ - -/* Provide console simulation for firebug-less environments */ -if (!("console" in window) || !("firebug" in console)) { - var names = ["log", "debug", "info", "warn", "error", "assert", "dir", "dirxml", - "group", "groupEnd", "time", "timeEnd", "count", "trace", "profile", "profileEnd"]; - - window.console = {}; - for (var i = 0; i < names.length; ++i) - window.console[names[i]] = function() {}; -}; - - -/** - * Unwrap the first element that matches the given @expr@ from the targets and return them. - */ -$.fn.unwrap = function( expr ) { - return this.each( function() { - $(this).parents( expr ).eq( 0 ).after( this ).remove(); - }); -}; - - -function showSource( e ) { - var target = e.target; - var codeSections = $(target). - parents('.method-detail'). - find('.method-source-code'); - - $(target). - parents('.method-detail'). - find('.method-source-code'). - slideToggle(); -}; - -function hookSourceViews() { - $('.method-description,.method-heading').click( showSource ); -}; - -function toggleDebuggingSection() { - $('.debugging-section').slideToggle(); -}; - -function hookDebuggingToggle() { - $('#debugging-toggle img').click( toggleDebuggingSection ); -}; - -function hookQuickSearch() { - $('.quicksearch-field').each( function() { - var searchElems = $(this).parents('.section').find( 'li' ); - var toggle = $(this).parents('.section').find('h3 .search-toggle'); - // console.debug( "Toggle is: %o", toggle ); - var qsbox = $(this).parents('form').get( 0 ); - - $(this).quicksearch( this, searchElems, { - noSearchResultsIndicator: 'no-class-search-results', - focusOnLoad: false - }); - $(toggle).click( function() { - // console.debug( "Toggling qsbox: %o", qsbox ); - $(qsbox).toggle(); - }); - }); -}; - -function highlightTarget( anchor ) { - console.debug( "Highlighting target '%s'.", anchor ); - - $("a[name=" + anchor + "]").each( function() { - if ( !$(this).parent().parent().hasClass('target-section') ) { - console.debug( "Wrapping the target-section" ); - $('div.method-detail').unwrap( 'div.target-section' ); - $(this).parent().wrap( '
' ); - } else { - console.debug( "Already wrapped." ); - } - }); -}; - -function highlightLocationTarget() { - console.debug( "Location hash: %s", window.location.hash ); - if ( ! window.location.hash || window.location.hash.length == 0 ) return; - - var anchor = window.location.hash.substring(1); - console.debug( "Found anchor: %s; matching %s", anchor, "a[name=" + anchor + "]" ); - - highlightTarget( anchor ); -}; - -function highlightClickTarget( event ) { - console.debug( "Highlighting click target for event %o", event.target ); - try { - var anchor = $(event.target).attr( 'href' ).substring(1); - console.debug( "Found target anchor: %s", anchor ); - highlightTarget( anchor ); - } catch ( err ) { - console.error( "Exception while highlighting: %o", err ); - }; -}; - - -$(document).ready( function() { - hookSourceViews(); - hookDebuggingToggle(); - hookQuickSearch(); - highlightLocationTarget(); - - $('ul.link-list a').bind( "click", highlightClickTarget ); -}); diff --git a/doc/js/jquery.js b/doc/js/jquery.js deleted file mode 100644 index afe9e74c..00000000 --- a/doc/js/jquery.js +++ /dev/null @@ -1,32 +0,0 @@ -/* - * jQuery 1.2.6 - New Wave Javascript - * - * Copyright (c) 2008 John Resig (jquery.com) - * Dual licensed under the MIT (MIT-LICENSE.txt) - * and GPL (GPL-LICENSE.txt) licenses. - * - * $Date: 2008-09-25 09:50:52 -0700 (Thu, 25 Sep 2008) $ - * $Rev: 38 $ - */ -(function(){var _jQuery=window.jQuery,_$=window.$;var jQuery=window.jQuery=window.$=function(selector,context){return new jQuery.fn.init(selector,context);};var quickExpr=/^[^<]*(<(.|\s)+>)[^>]*$|^#(\w+)$/,isSimple=/^.[^:#\[\.]*$/,undefined;jQuery.fn=jQuery.prototype={init:function(selector,context){selector=selector||document;if(selector.nodeType){this[0]=selector;this.length=1;return this;}if(typeof selector=="string"){var match=quickExpr.exec(selector);if(match&&(match[1]||!context)){if(match[1])selector=jQuery.clean([match[1]],context);else{var elem=document.getElementById(match[3]);if(elem){if(elem.id!=match[3])return jQuery().find(selector);return jQuery(elem);}selector=[];}}else -return jQuery(context).find(selector);}else if(jQuery.isFunction(selector))return jQuery(document)[jQuery.fn.ready?"ready":"load"](selector);return this.setArray(jQuery.makeArray(selector));},jquery:"1.2.6",size:function(){return this.length;},length:0,get:function(num){return num==undefined?jQuery.makeArray(this):this[num];},pushStack:function(elems){var ret=jQuery(elems);ret.prevObject=this;return ret;},setArray:function(elems){this.length=0;Array.prototype.push.apply(this,elems);return this;},each:function(callback,args){return jQuery.each(this,callback,args);},index:function(elem){var ret=-1;return jQuery.inArray(elem&&elem.jquery?elem[0]:elem,this);},attr:function(name,value,type){var options=name;if(name.constructor==String)if(value===undefined)return this[0]&&jQuery[type||"attr"](this[0],name);else{options={};options[name]=value;}return this.each(function(i){for(name in options)jQuery.attr(type?this.style:this,name,jQuery.prop(this,options[name],type,i,name));});},css:function(key,value){if((key=='width'||key=='height')&&parseFloat(value)<0)value=undefined;return this.attr(key,value,"curCSS");},text:function(text){if(typeof text!="object"&&text!=null)return this.empty().append((this[0]&&this[0].ownerDocument||document).createTextNode(text));var ret="";jQuery.each(text||this,function(){jQuery.each(this.childNodes,function(){if(this.nodeType!=8)ret+=this.nodeType!=1?this.nodeValue:jQuery.fn.text([this]);});});return ret;},wrapAll:function(html){if(this[0])jQuery(html,this[0].ownerDocument).clone().insertBefore(this[0]).map(function(){var elem=this;while(elem.firstChild)elem=elem.firstChild;return elem;}).append(this);return this;},wrapInner:function(html){return this.each(function(){jQuery(this).contents().wrapAll(html);});},wrap:function(html){return this.each(function(){jQuery(this).wrapAll(html);});},append:function(){return this.domManip(arguments,true,false,function(elem){if(this.nodeType==1)this.appendChild(elem);});},prepend:function(){return this.domManip(arguments,true,true,function(elem){if(this.nodeType==1)this.insertBefore(elem,this.firstChild);});},before:function(){return this.domManip(arguments,false,false,function(elem){this.parentNode.insertBefore(elem,this);});},after:function(){return this.domManip(arguments,false,true,function(elem){this.parentNode.insertBefore(elem,this.nextSibling);});},end:function(){return this.prevObject||jQuery([]);},find:function(selector){var elems=jQuery.map(this,function(elem){return jQuery.find(selector,elem);});return this.pushStack(/[^+>] [^+>]/.test(selector)||selector.indexOf("..")>-1?jQuery.unique(elems):elems);},clone:function(events){var ret=this.map(function(){if(jQuery.browser.msie&&!jQuery.isXMLDoc(this)){var clone=this.cloneNode(true),container=document.createElement("div");container.appendChild(clone);return jQuery.clean([container.innerHTML])[0];}else -return this.cloneNode(true);});var clone=ret.find("*").andSelf().each(function(){if(this[expando]!=undefined)this[expando]=null;});if(events===true)this.find("*").andSelf().each(function(i){if(this.nodeType==3)return;var events=jQuery.data(this,"events");for(var type in events)for(var handler in events[type])jQuery.event.add(clone[i],type,events[type][handler],events[type][handler].data);});return ret;},filter:function(selector){return this.pushStack(jQuery.isFunction(selector)&&jQuery.grep(this,function(elem,i){return selector.call(elem,i);})||jQuery.multiFilter(selector,this));},not:function(selector){if(selector.constructor==String)if(isSimple.test(selector))return this.pushStack(jQuery.multiFilter(selector,this,true));else -selector=jQuery.multiFilter(selector,this);var isArrayLike=selector.length&&selector[selector.length-1]!==undefined&&!selector.nodeType;return this.filter(function(){return isArrayLike?jQuery.inArray(this,selector)<0:this!=selector;});},add:function(selector){return this.pushStack(jQuery.unique(jQuery.merge(this.get(),typeof selector=='string'?jQuery(selector):jQuery.makeArray(selector))));},is:function(selector){return!!selector&&jQuery.multiFilter(selector,this).length>0;},hasClass:function(selector){return this.is("."+selector);},val:function(value){if(value==undefined){if(this.length){var elem=this[0];if(jQuery.nodeName(elem,"select")){var index=elem.selectedIndex,values=[],options=elem.options,one=elem.type=="select-one";if(index<0)return null;for(var i=one?index:0,max=one?index+1:options.length;i=0||jQuery.inArray(this.name,value)>=0);else if(jQuery.nodeName(this,"select")){var values=jQuery.makeArray(value);jQuery("option",this).each(function(){this.selected=(jQuery.inArray(this.value,values)>=0||jQuery.inArray(this.text,values)>=0);});if(!values.length)this.selectedIndex=-1;}else -this.value=value;});},html:function(value){return value==undefined?(this[0]?this[0].innerHTML:null):this.empty().append(value);},replaceWith:function(value){return this.after(value).remove();},eq:function(i){return this.slice(i,i+1);},slice:function(){return this.pushStack(Array.prototype.slice.apply(this,arguments));},map:function(callback){return this.pushStack(jQuery.map(this,function(elem,i){return callback.call(elem,i,elem);}));},andSelf:function(){return this.add(this.prevObject);},data:function(key,value){var parts=key.split(".");parts[1]=parts[1]?"."+parts[1]:"";if(value===undefined){var data=this.triggerHandler("getData"+parts[1]+"!",[parts[0]]);if(data===undefined&&this.length)data=jQuery.data(this[0],key);return data===undefined&&parts[1]?this.data(parts[0]):data;}else -return this.trigger("setData"+parts[1]+"!",[parts[0],value]).each(function(){jQuery.data(this,key,value);});},removeData:function(key){return this.each(function(){jQuery.removeData(this,key);});},domManip:function(args,table,reverse,callback){var clone=this.length>1,elems;return this.each(function(){if(!elems){elems=jQuery.clean(args,this.ownerDocument);if(reverse)elems.reverse();}var obj=this;if(table&&jQuery.nodeName(this,"table")&&jQuery.nodeName(elems[0],"tr"))obj=this.getElementsByTagName("tbody")[0]||this.appendChild(this.ownerDocument.createElement("tbody"));var scripts=jQuery([]);jQuery.each(elems,function(){var elem=clone?jQuery(this).clone(true)[0]:this;if(jQuery.nodeName(elem,"script"))scripts=scripts.add(elem);else{if(elem.nodeType==1)scripts=scripts.add(jQuery("script",elem).remove());callback.call(obj,elem);}});scripts.each(evalScript);});}};jQuery.fn.init.prototype=jQuery.fn;function evalScript(i,elem){if(elem.src)jQuery.ajax({url:elem.src,async:false,dataType:"script"});else -jQuery.globalEval(elem.text||elem.textContent||elem.innerHTML||"");if(elem.parentNode)elem.parentNode.removeChild(elem);}function now(){return+new Date;}jQuery.extend=jQuery.fn.extend=function(){var target=arguments[0]||{},i=1,length=arguments.length,deep=false,options;if(target.constructor==Boolean){deep=target;target=arguments[1]||{};i=2;}if(typeof target!="object"&&typeof target!="function")target={};if(length==i){target=this;--i;}for(;i-1;}},swap:function(elem,options,callback){var old={};for(var name in options){old[name]=elem.style[name];elem.style[name]=options[name];}callback.call(elem);for(var name in options)elem.style[name]=old[name];},css:function(elem,name,force){if(name=="width"||name=="height"){var val,props={position:"absolute",visibility:"hidden",display:"block"},which=name=="width"?["Left","Right"]:["Top","Bottom"];function getWH(){val=name=="width"?elem.offsetWidth:elem.offsetHeight;var padding=0,border=0;jQuery.each(which,function(){padding+=parseFloat(jQuery.curCSS(elem,"padding"+this,true))||0;border+=parseFloat(jQuery.curCSS(elem,"border"+this+"Width",true))||0;});val-=Math.round(padding+border);}if(jQuery(elem).is(":visible"))getWH();else -jQuery.swap(elem,props,getWH);return Math.max(0,val);}return jQuery.curCSS(elem,name,force);},curCSS:function(elem,name,force){var ret,style=elem.style;function color(elem){if(!jQuery.browser.safari)return false;var ret=defaultView.getComputedStyle(elem,null);return!ret||ret.getPropertyValue("color")=="";}if(name=="opacity"&&jQuery.browser.msie){ret=jQuery.attr(style,"opacity");return ret==""?"1":ret;}if(jQuery.browser.opera&&name=="display"){var save=style.outline;style.outline="0 solid black";style.outline=save;}if(name.match(/float/i))name=styleFloat;if(!force&&style&&style[name])ret=style[name];else if(defaultView.getComputedStyle){if(name.match(/float/i))name="float";name=name.replace(/([A-Z])/g,"-$1").toLowerCase();var computedStyle=defaultView.getComputedStyle(elem,null);if(computedStyle&&!color(elem))ret=computedStyle.getPropertyValue(name);else{var swap=[],stack=[],a=elem,i=0;for(;a&&color(a);a=a.parentNode)stack.unshift(a);for(;i]*?)\/>/g,function(all,front,tag){return tag.match(/^(abbr|br|col|img|input|link|meta|param|hr|area|embed)$/i)?all:front+">";});var tags=jQuery.trim(elem).toLowerCase(),div=context.createElement("div");var wrap=!tags.indexOf("",""]||!tags.indexOf("",""]||tags.match(/^<(thead|tbody|tfoot|colg|cap)/)&&[1,"","
"]||!tags.indexOf("",""]||(!tags.indexOf("",""]||!tags.indexOf("",""]||jQuery.browser.msie&&[1,"div
","
"]||[0,"",""];div.innerHTML=wrap[1]+elem+wrap[2];while(wrap[0]--)div=div.lastChild;if(jQuery.browser.msie){var tbody=!tags.indexOf(""&&tags.indexOf("=0;--j)if(jQuery.nodeName(tbody[j],"tbody")&&!tbody[j].childNodes.length)tbody[j].parentNode.removeChild(tbody[j]);if(/^\s/.test(elem))div.insertBefore(context.createTextNode(elem.match(/^\s*/)[0]),div.firstChild);}elem=jQuery.makeArray(div.childNodes);}if(elem.length===0&&(!jQuery.nodeName(elem,"form")&&!jQuery.nodeName(elem,"select")))return;if(elem[0]==undefined||jQuery.nodeName(elem,"form")||elem.options)ret.push(elem);else -ret=jQuery.merge(ret,elem);});return ret;},attr:function(elem,name,value){if(!elem||elem.nodeType==3||elem.nodeType==8)return undefined;var notxml=!jQuery.isXMLDoc(elem),set=value!==undefined,msie=jQuery.browser.msie;name=notxml&&jQuery.props[name]||name;if(elem.tagName){var special=/href|src|style/.test(name);if(name=="selected"&&jQuery.browser.safari)elem.parentNode.selectedIndex;if(name in elem&¬xml&&!special){if(set){if(name=="type"&&jQuery.nodeName(elem,"input")&&elem.parentNode)throw"type property can't be changed";elem[name]=value;}if(jQuery.nodeName(elem,"form")&&elem.getAttributeNode(name))return elem.getAttributeNode(name).nodeValue;return elem[name];}if(msie&¬xml&&name=="style")return jQuery.attr(elem.style,"cssText",value);if(set)elem.setAttribute(name,""+value);var attr=msie&¬xml&&special?elem.getAttribute(name,2):elem.getAttribute(name);return attr===null?undefined:attr;}if(msie&&name=="opacity"){if(set){elem.zoom=1;elem.filter=(elem.filter||"").replace(/alpha\([^)]*\)/,"")+(parseInt(value)+''=="NaN"?"":"alpha(opacity="+value*100+")");}return elem.filter&&elem.filter.indexOf("opacity=")>=0?(parseFloat(elem.filter.match(/opacity=([^)]*)/)[1])/100)+'':"";}name=name.replace(/-([a-z])/ig,function(all,letter){return letter.toUpperCase();});if(set)elem[name]=value;return elem[name];},trim:function(text){return(text||"").replace(/^\s+|\s+$/g,"");},makeArray:function(array){var ret=[];if(array!=null){var i=array.length;if(i==null||array.split||array.setInterval||array.call)ret[0]=array;else -while(i)ret[--i]=array[i];}return ret;},inArray:function(elem,array){for(var i=0,length=array.length;i*",this).remove();while(this.firstChild)this.removeChild(this.firstChild);}},function(name,fn){jQuery.fn[name]=function(){return this.each(fn,arguments);};});jQuery.each(["Height","Width"],function(i,name){var type=name.toLowerCase();jQuery.fn[type]=function(size){return this[0]==window?jQuery.browser.opera&&document.body["client"+name]||jQuery.browser.safari&&window["inner"+name]||document.compatMode=="CSS1Compat"&&document.documentElement["client"+name]||document.body["client"+name]:this[0]==document?Math.max(Math.max(document.body["scroll"+name],document.documentElement["scroll"+name]),Math.max(document.body["offset"+name],document.documentElement["offset"+name])):size==undefined?(this.length?jQuery.css(this[0],type):null):this.css(type,size.constructor==String?size:size+"px");};});function num(elem,prop){return elem[0]&&parseInt(jQuery.curCSS(elem[0],prop,true),10)||0;}var chars=jQuery.browser.safari&&parseInt(jQuery.browser.version)<417?"(?:[\\w*_-]|\\\\.)":"(?:[\\w\u0128-\uFFFF*_-]|\\\\.)",quickChild=new RegExp("^>\\s*("+chars+"+)"),quickID=new RegExp("^("+chars+"+)(#)("+chars+"+)"),quickClass=new RegExp("^([#.]?)("+chars+"*)");jQuery.extend({expr:{"":function(a,i,m){return m[2]=="*"||jQuery.nodeName(a,m[2]);},"#":function(a,i,m){return a.getAttribute("id")==m[2];},":":{lt:function(a,i,m){return im[3]-0;},nth:function(a,i,m){return m[3]-0==i;},eq:function(a,i,m){return m[3]-0==i;},first:function(a,i){return i==0;},last:function(a,i,m,r){return i==r.length-1;},even:function(a,i){return i%2==0;},odd:function(a,i){return i%2;},"first-child":function(a){return a.parentNode.getElementsByTagName("*")[0]==a;},"last-child":function(a){return jQuery.nth(a.parentNode.lastChild,1,"previousSibling")==a;},"only-child":function(a){return!jQuery.nth(a.parentNode.lastChild,2,"previousSibling");},parent:function(a){return a.firstChild;},empty:function(a){return!a.firstChild;},contains:function(a,i,m){return(a.textContent||a.innerText||jQuery(a).text()||"").indexOf(m[3])>=0;},visible:function(a){return"hidden"!=a.type&&jQuery.css(a,"display")!="none"&&jQuery.css(a,"visibility")!="hidden";},hidden:function(a){return"hidden"==a.type||jQuery.css(a,"display")=="none"||jQuery.css(a,"visibility")=="hidden";},enabled:function(a){return!a.disabled;},disabled:function(a){return a.disabled;},checked:function(a){return a.checked;},selected:function(a){return a.selected||jQuery.attr(a,"selected");},text:function(a){return"text"==a.type;},radio:function(a){return"radio"==a.type;},checkbox:function(a){return"checkbox"==a.type;},file:function(a){return"file"==a.type;},password:function(a){return"password"==a.type;},submit:function(a){return"submit"==a.type;},image:function(a){return"image"==a.type;},reset:function(a){return"reset"==a.type;},button:function(a){return"button"==a.type||jQuery.nodeName(a,"button");},input:function(a){return/input|select|textarea|button/i.test(a.nodeName);},has:function(a,i,m){return jQuery.find(m[3],a).length;},header:function(a){return/h\d/i.test(a.nodeName);},animated:function(a){return jQuery.grep(jQuery.timers,function(fn){return a==fn.elem;}).length;}}},parse:[/^(\[) *@?([\w-]+) *([!*$^~=]*) *('?"?)(.*?)\4 *\]/,/^(:)([\w-]+)\("?'?(.*?(\(.*?\))?[^(]*?)"?'?\)/,new RegExp("^([:.#]*)("+chars+"+)")],multiFilter:function(expr,elems,not){var old,cur=[];while(expr&&expr!=old){old=expr;var f=jQuery.filter(expr,elems,not);expr=f.t.replace(/^\s*,\s*/,"");cur=not?elems=f.r:jQuery.merge(cur,f.r);}return cur;},find:function(t,context){if(typeof t!="string")return[t];if(context&&context.nodeType!=1&&context.nodeType!=9)return[];context=context||document;var ret=[context],done=[],last,nodeName;while(t&&last!=t){var r=[];last=t;t=jQuery.trim(t);var foundToken=false,re=quickChild,m=re.exec(t);if(m){nodeName=m[1].toUpperCase();for(var i=0;ret[i];i++)for(var c=ret[i].firstChild;c;c=c.nextSibling)if(c.nodeType==1&&(nodeName=="*"||c.nodeName.toUpperCase()==nodeName))r.push(c);ret=r;t=t.replace(re,"");if(t.indexOf(" ")==0)continue;foundToken=true;}else{re=/^([>+~])\s*(\w*)/i;if((m=re.exec(t))!=null){r=[];var merge={};nodeName=m[2].toUpperCase();m=m[1];for(var j=0,rl=ret.length;j=0;if(!not&&pass||not&&!pass)tmp.push(r[i]);}return tmp;},filter:function(t,r,not){var last;while(t&&t!=last){last=t;var p=jQuery.parse,m;for(var i=0;p[i];i++){m=p[i].exec(t);if(m){t=t.substring(m[0].length);m[2]=m[2].replace(/\\/g,"");break;}}if(!m)break;if(m[1]==":"&&m[2]=="not")r=isSimple.test(m[3])?jQuery.filter(m[3],r,true).r:jQuery(r).not(m[3]);else if(m[1]==".")r=jQuery.classFilter(r,m[2],not);else if(m[1]=="["){var tmp=[],type=m[3];for(var i=0,rl=r.length;i=0)^not)tmp.push(a);}r=tmp;}else if(m[1]==":"&&m[2]=="nth-child"){var merge={},tmp=[],test=/(-?)(\d*)n((?:\+|-)?\d*)/.exec(m[3]=="even"&&"2n"||m[3]=="odd"&&"2n+1"||!/\D/.test(m[3])&&"0n+"+m[3]||m[3]),first=(test[1]+(test[2]||1))-0,last=test[3]-0;for(var i=0,rl=r.length;i=0)add=true;if(add^not)tmp.push(node);}r=tmp;}else{var fn=jQuery.expr[m[1]];if(typeof fn=="object")fn=fn[m[2]];if(typeof fn=="string")fn=eval("false||function(a,i){return "+fn+";}");r=jQuery.grep(r,function(elem,i){return fn(elem,i,m,r);},not);}}return{r:r,t:t};},dir:function(elem,dir){var matched=[],cur=elem[dir];while(cur&&cur!=document){if(cur.nodeType==1)matched.push(cur);cur=cur[dir];}return matched;},nth:function(cur,result,dir,elem){result=result||1;var num=0;for(;cur;cur=cur[dir])if(cur.nodeType==1&&++num==result)break;return cur;},sibling:function(n,elem){var r=[];for(;n;n=n.nextSibling){if(n.nodeType==1&&n!=elem)r.push(n);}return r;}});jQuery.event={add:function(elem,types,handler,data){if(elem.nodeType==3||elem.nodeType==8)return;if(jQuery.browser.msie&&elem.setInterval)elem=window;if(!handler.guid)handler.guid=this.guid++;if(data!=undefined){var fn=handler;handler=this.proxy(fn,function(){return fn.apply(this,arguments);});handler.data=data;}var events=jQuery.data(elem,"events")||jQuery.data(elem,"events",{}),handle=jQuery.data(elem,"handle")||jQuery.data(elem,"handle",function(){if(typeof jQuery!="undefined"&&!jQuery.event.triggered)return jQuery.event.handle.apply(arguments.callee.elem,arguments);});handle.elem=elem;jQuery.each(types.split(/\s+/),function(index,type){var parts=type.split(".");type=parts[0];handler.type=parts[1];var handlers=events[type];if(!handlers){handlers=events[type]={};if(!jQuery.event.special[type]||jQuery.event.special[type].setup.call(elem)===false){if(elem.addEventListener)elem.addEventListener(type,handle,false);else if(elem.attachEvent)elem.attachEvent("on"+type,handle);}}handlers[handler.guid]=handler;jQuery.event.global[type]=true;});elem=null;},guid:1,global:{},remove:function(elem,types,handler){if(elem.nodeType==3||elem.nodeType==8)return;var events=jQuery.data(elem,"events"),ret,index;if(events){if(types==undefined||(typeof types=="string"&&types.charAt(0)=="."))for(var type in events)this.remove(elem,type+(types||""));else{if(types.type){handler=types.handler;types=types.type;}jQuery.each(types.split(/\s+/),function(index,type){var parts=type.split(".");type=parts[0];if(events[type]){if(handler)delete events[type][handler.guid];else -for(handler in events[type])if(!parts[1]||events[type][handler].type==parts[1])delete events[type][handler];for(ret in events[type])break;if(!ret){if(!jQuery.event.special[type]||jQuery.event.special[type].teardown.call(elem)===false){if(elem.removeEventListener)elem.removeEventListener(type,jQuery.data(elem,"handle"),false);else if(elem.detachEvent)elem.detachEvent("on"+type,jQuery.data(elem,"handle"));}ret=null;delete events[type];}}});}for(ret in events)break;if(!ret){var handle=jQuery.data(elem,"handle");if(handle)handle.elem=null;jQuery.removeData(elem,"events");jQuery.removeData(elem,"handle");}}},trigger:function(type,data,elem,donative,extra){data=jQuery.makeArray(data);if(type.indexOf("!")>=0){type=type.slice(0,-1);var exclusive=true;}if(!elem){if(this.global[type])jQuery("*").add([window,document]).trigger(type,data);}else{if(elem.nodeType==3||elem.nodeType==8)return undefined;var val,ret,fn=jQuery.isFunction(elem[type]||null),event=!data[0]||!data[0].preventDefault;if(event){data.unshift({type:type,target:elem,preventDefault:function(){},stopPropagation:function(){},timeStamp:now()});data[0][expando]=true;}data[0].type=type;if(exclusive)data[0].exclusive=true;var handle=jQuery.data(elem,"handle");if(handle)val=handle.apply(elem,data);if((!fn||(jQuery.nodeName(elem,'a')&&type=="click"))&&elem["on"+type]&&elem["on"+type].apply(elem,data)===false)val=false;if(event)data.shift();if(extra&&jQuery.isFunction(extra)){ret=extra.apply(elem,val==null?data:data.concat(val));if(ret!==undefined)val=ret;}if(fn&&donative!==false&&val!==false&&!(jQuery.nodeName(elem,'a')&&type=="click")){this.triggered=true;try{elem[type]();}catch(e){}}this.triggered=false;}return val;},handle:function(event){var val,ret,namespace,all,handlers;event=arguments[0]=jQuery.event.fix(event||window.event);namespace=event.type.split(".");event.type=namespace[0];namespace=namespace[1];all=!namespace&&!event.exclusive;handlers=(jQuery.data(this,"events")||{})[event.type];for(var j in handlers){var handler=handlers[j];if(all||handler.type==namespace){event.handler=handler;event.data=handler.data;ret=handler.apply(this,arguments);if(val!==false)val=ret;if(ret===false){event.preventDefault();event.stopPropagation();}}}return val;},fix:function(event){if(event[expando]==true)return event;var originalEvent=event;event={originalEvent:originalEvent};var props="altKey attrChange attrName bubbles button cancelable charCode clientX clientY ctrlKey currentTarget data detail eventPhase fromElement handler keyCode metaKey newValue originalTarget pageX pageY prevValue relatedNode relatedTarget screenX screenY shiftKey srcElement target timeStamp toElement type view wheelDelta which".split(" ");for(var i=props.length;i;i--)event[props[i]]=originalEvent[props[i]];event[expando]=true;event.preventDefault=function(){if(originalEvent.preventDefault)originalEvent.preventDefault();originalEvent.returnValue=false;};event.stopPropagation=function(){if(originalEvent.stopPropagation)originalEvent.stopPropagation();originalEvent.cancelBubble=true;};event.timeStamp=event.timeStamp||now();if(!event.target)event.target=event.srcElement||document;if(event.target.nodeType==3)event.target=event.target.parentNode;if(!event.relatedTarget&&event.fromElement)event.relatedTarget=event.fromElement==event.target?event.toElement:event.fromElement;if(event.pageX==null&&event.clientX!=null){var doc=document.documentElement,body=document.body;event.pageX=event.clientX+(doc&&doc.scrollLeft||body&&body.scrollLeft||0)-(doc.clientLeft||0);event.pageY=event.clientY+(doc&&doc.scrollTop||body&&body.scrollTop||0)-(doc.clientTop||0);}if(!event.which&&((event.charCode||event.charCode===0)?event.charCode:event.keyCode))event.which=event.charCode||event.keyCode;if(!event.metaKey&&event.ctrlKey)event.metaKey=event.ctrlKey;if(!event.which&&event.button)event.which=(event.button&1?1:(event.button&2?3:(event.button&4?2:0)));return event;},proxy:function(fn,proxy){proxy.guid=fn.guid=fn.guid||proxy.guid||this.guid++;return proxy;},special:{ready:{setup:function(){bindReady();return;},teardown:function(){return;}},mouseenter:{setup:function(){if(jQuery.browser.msie)return false;jQuery(this).bind("mouseover",jQuery.event.special.mouseenter.handler);return true;},teardown:function(){if(jQuery.browser.msie)return false;jQuery(this).unbind("mouseover",jQuery.event.special.mouseenter.handler);return true;},handler:function(event){if(withinElement(event,this))return true;event.type="mouseenter";return jQuery.event.handle.apply(this,arguments);}},mouseleave:{setup:function(){if(jQuery.browser.msie)return false;jQuery(this).bind("mouseout",jQuery.event.special.mouseleave.handler);return true;},teardown:function(){if(jQuery.browser.msie)return false;jQuery(this).unbind("mouseout",jQuery.event.special.mouseleave.handler);return true;},handler:function(event){if(withinElement(event,this))return true;event.type="mouseleave";return jQuery.event.handle.apply(this,arguments);}}}};jQuery.fn.extend({bind:function(type,data,fn){return type=="unload"?this.one(type,data,fn):this.each(function(){jQuery.event.add(this,type,fn||data,fn&&data);});},one:function(type,data,fn){var one=jQuery.event.proxy(fn||data,function(event){jQuery(this).unbind(event,one);return(fn||data).apply(this,arguments);});return this.each(function(){jQuery.event.add(this,type,one,fn&&data);});},unbind:function(type,fn){return this.each(function(){jQuery.event.remove(this,type,fn);});},trigger:function(type,data,fn){return this.each(function(){jQuery.event.trigger(type,data,this,true,fn);});},triggerHandler:function(type,data,fn){return this[0]&&jQuery.event.trigger(type,data,this[0],false,fn);},toggle:function(fn){var args=arguments,i=1;while(i=0){var selector=url.slice(off,url.length);url=url.slice(0,off);}callback=callback||function(){};var type="GET";if(params)if(jQuery.isFunction(params)){callback=params;params=null;}else{params=jQuery.param(params);type="POST";}var self=this;jQuery.ajax({url:url,type:type,dataType:"html",data:params,complete:function(res,status){if(status=="success"||status=="notmodified")self.html(selector?jQuery("
").append(res.responseText.replace(//g,"")).find(selector):res.responseText);self.each(callback,[res.responseText,status,res]);}});return this;},serialize:function(){return jQuery.param(this.serializeArray());},serializeArray:function(){return this.map(function(){return jQuery.nodeName(this,"form")?jQuery.makeArray(this.elements):this;}).filter(function(){return this.name&&!this.disabled&&(this.checked||/select|textarea/i.test(this.nodeName)||/text|hidden|password/i.test(this.type));}).map(function(i,elem){var val=jQuery(this).val();return val==null?null:val.constructor==Array?jQuery.map(val,function(val,i){return{name:elem.name,value:val};}):{name:elem.name,value:val};}).get();}});jQuery.each("ajaxStart,ajaxStop,ajaxComplete,ajaxError,ajaxSuccess,ajaxSend".split(","),function(i,o){jQuery.fn[o]=function(f){return this.bind(o,f);};});var jsc=now();jQuery.extend({get:function(url,data,callback,type){if(jQuery.isFunction(data)){callback=data;data=null;}return jQuery.ajax({type:"GET",url:url,data:data,success:callback,dataType:type});},getScript:function(url,callback){return jQuery.get(url,null,callback,"script");},getJSON:function(url,data,callback){return jQuery.get(url,data,callback,"json");},post:function(url,data,callback,type){if(jQuery.isFunction(data)){callback=data;data={};}return jQuery.ajax({type:"POST",url:url,data:data,success:callback,dataType:type});},ajaxSetup:function(settings){jQuery.extend(jQuery.ajaxSettings,settings);},ajaxSettings:{url:location.href,global:true,type:"GET",timeout:0,contentType:"application/x-www-form-urlencoded",processData:true,async:true,data:null,username:null,password:null,accepts:{xml:"application/xml, text/xml",html:"text/html",script:"text/javascript, application/javascript",json:"application/json, text/javascript",text:"text/plain",_default:"*/*"}},lastModified:{},ajax:function(s){s=jQuery.extend(true,s,jQuery.extend(true,{},jQuery.ajaxSettings,s));var jsonp,jsre=/=\?(&|$)/g,status,data,type=s.type.toUpperCase();if(s.data&&s.processData&&typeof s.data!="string")s.data=jQuery.param(s.data);if(s.dataType=="jsonp"){if(type=="GET"){if(!s.url.match(jsre))s.url+=(s.url.match(/\?/)?"&":"?")+(s.jsonp||"callback")+"=?";}else if(!s.data||!s.data.match(jsre))s.data=(s.data?s.data+"&":"")+(s.jsonp||"callback")+"=?";s.dataType="json";}if(s.dataType=="json"&&(s.data&&s.data.match(jsre)||s.url.match(jsre))){jsonp="jsonp"+jsc++;if(s.data)s.data=(s.data+"").replace(jsre,"="+jsonp+"$1");s.url=s.url.replace(jsre,"="+jsonp+"$1");s.dataType="script";window[jsonp]=function(tmp){data=tmp;success();complete();window[jsonp]=undefined;try{delete window[jsonp];}catch(e){}if(head)head.removeChild(script);};}if(s.dataType=="script"&&s.cache==null)s.cache=false;if(s.cache===false&&type=="GET"){var ts=now();var ret=s.url.replace(/(\?|&)_=.*?(&|$)/,"$1_="+ts+"$2");s.url=ret+((ret==s.url)?(s.url.match(/\?/)?"&":"?")+"_="+ts:"");}if(s.data&&type=="GET"){s.url+=(s.url.match(/\?/)?"&":"?")+s.data;s.data=null;}if(s.global&&!jQuery.active++)jQuery.event.trigger("ajaxStart");var remote=/^(?:\w+:)?\/\/([^\/?#]+)/;if(s.dataType=="script"&&type=="GET"&&remote.test(s.url)&&remote.exec(s.url)[1]!=location.host){var head=document.getElementsByTagName("head")[0];var script=document.createElement("script");script.src=s.url;if(s.scriptCharset)script.charset=s.scriptCharset;if(!jsonp){var done=false;script.onload=script.onreadystatechange=function(){if(!done&&(!this.readyState||this.readyState=="loaded"||this.readyState=="complete")){done=true;success();complete();head.removeChild(script);}};}head.appendChild(script);return undefined;}var requestDone=false;var xhr=window.ActiveXObject?new ActiveXObject("Microsoft.XMLHTTP"):new XMLHttpRequest();if(s.username)xhr.open(type,s.url,s.async,s.username,s.password);else -xhr.open(type,s.url,s.async);try{if(s.data)xhr.setRequestHeader("Content-Type",s.contentType);if(s.ifModified)xhr.setRequestHeader("If-Modified-Since",jQuery.lastModified[s.url]||"Thu, 01 Jan 1970 00:00:00 GMT");xhr.setRequestHeader("X-Requested-With","XMLHttpRequest");xhr.setRequestHeader("Accept",s.dataType&&s.accepts[s.dataType]?s.accepts[s.dataType]+", */*":s.accepts._default);}catch(e){}if(s.beforeSend&&s.beforeSend(xhr,s)===false){s.global&&jQuery.active--;xhr.abort();return false;}if(s.global)jQuery.event.trigger("ajaxSend",[xhr,s]);var onreadystatechange=function(isTimeout){if(!requestDone&&xhr&&(xhr.readyState==4||isTimeout=="timeout")){requestDone=true;if(ival){clearInterval(ival);ival=null;}status=isTimeout=="timeout"&&"timeout"||!jQuery.httpSuccess(xhr)&&"error"||s.ifModified&&jQuery.httpNotModified(xhr,s.url)&&"notmodified"||"success";if(status=="success"){try{data=jQuery.httpData(xhr,s.dataType,s.dataFilter);}catch(e){status="parsererror";}}if(status=="success"){var modRes;try{modRes=xhr.getResponseHeader("Last-Modified");}catch(e){}if(s.ifModified&&modRes)jQuery.lastModified[s.url]=modRes;if(!jsonp)success();}else -jQuery.handleError(s,xhr,status);complete();if(s.async)xhr=null;}};if(s.async){var ival=setInterval(onreadystatechange,13);if(s.timeout>0)setTimeout(function(){if(xhr){xhr.abort();if(!requestDone)onreadystatechange("timeout");}},s.timeout);}try{xhr.send(s.data);}catch(e){jQuery.handleError(s,xhr,null,e);}if(!s.async)onreadystatechange();function success(){if(s.success)s.success(data,status);if(s.global)jQuery.event.trigger("ajaxSuccess",[xhr,s]);}function complete(){if(s.complete)s.complete(xhr,status);if(s.global)jQuery.event.trigger("ajaxComplete",[xhr,s]);if(s.global&&!--jQuery.active)jQuery.event.trigger("ajaxStop");}return xhr;},handleError:function(s,xhr,status,e){if(s.error)s.error(xhr,status,e);if(s.global)jQuery.event.trigger("ajaxError",[xhr,s,e]);},active:0,httpSuccess:function(xhr){try{return!xhr.status&&location.protocol=="file:"||(xhr.status>=200&&xhr.status<300)||xhr.status==304||xhr.status==1223||jQuery.browser.safari&&xhr.status==undefined;}catch(e){}return false;},httpNotModified:function(xhr,url){try{var xhrRes=xhr.getResponseHeader("Last-Modified");return xhr.status==304||xhrRes==jQuery.lastModified[url]||jQuery.browser.safari&&xhr.status==undefined;}catch(e){}return false;},httpData:function(xhr,type,filter){var ct=xhr.getResponseHeader("content-type"),xml=type=="xml"||!type&&ct&&ct.indexOf("xml")>=0,data=xml?xhr.responseXML:xhr.responseText;if(xml&&data.documentElement.tagName=="parsererror")throw"parsererror";if(filter)data=filter(data,type);if(type=="script")jQuery.globalEval(data);if(type=="json")data=eval("("+data+")");return data;},param:function(a){var s=[];if(a.constructor==Array||a.jquery)jQuery.each(a,function(){s.push(encodeURIComponent(this.name)+"="+encodeURIComponent(this.value));});else -for(var j in a)if(a[j]&&a[j].constructor==Array)jQuery.each(a[j],function(){s.push(encodeURIComponent(j)+"="+encodeURIComponent(this));});else -s.push(encodeURIComponent(j)+"="+encodeURIComponent(jQuery.isFunction(a[j])?a[j]():a[j]));return s.join("&").replace(/%20/g,"+");}});jQuery.fn.extend({show:function(speed,callback){return speed?this.animate({height:"show",width:"show",opacity:"show"},speed,callback):this.filter(":hidden").each(function(){this.style.display=this.oldblock||"";if(jQuery.css(this,"display")=="none"){var elem=jQuery("<"+this.tagName+" />").appendTo("body");this.style.display=elem.css("display");if(this.style.display=="none")this.style.display="block";elem.remove();}}).end();},hide:function(speed,callback){return speed?this.animate({height:"hide",width:"hide",opacity:"hide"},speed,callback):this.filter(":visible").each(function(){this.oldblock=this.oldblock||jQuery.css(this,"display");this.style.display="none";}).end();},_toggle:jQuery.fn.toggle,toggle:function(fn,fn2){return jQuery.isFunction(fn)&&jQuery.isFunction(fn2)?this._toggle.apply(this,arguments):fn?this.animate({height:"toggle",width:"toggle",opacity:"toggle"},fn,fn2):this.each(function(){jQuery(this)[jQuery(this).is(":hidden")?"show":"hide"]();});},slideDown:function(speed,callback){return this.animate({height:"show"},speed,callback);},slideUp:function(speed,callback){return this.animate({height:"hide"},speed,callback);},slideToggle:function(speed,callback){return this.animate({height:"toggle"},speed,callback);},fadeIn:function(speed,callback){return this.animate({opacity:"show"},speed,callback);},fadeOut:function(speed,callback){return this.animate({opacity:"hide"},speed,callback);},fadeTo:function(speed,to,callback){return this.animate({opacity:to},speed,callback);},animate:function(prop,speed,easing,callback){var optall=jQuery.speed(speed,easing,callback);return this[optall.queue===false?"each":"queue"](function(){if(this.nodeType!=1)return false;var opt=jQuery.extend({},optall),p,hidden=jQuery(this).is(":hidden"),self=this;for(p in prop){if(prop[p]=="hide"&&hidden||prop[p]=="show"&&!hidden)return opt.complete.call(this);if(p=="height"||p=="width"){opt.display=jQuery.css(this,"display");opt.overflow=this.style.overflow;}}if(opt.overflow!=null)this.style.overflow="hidden";opt.curAnim=jQuery.extend({},prop);jQuery.each(prop,function(name,val){var e=new jQuery.fx(self,opt,name);if(/toggle|show|hide/.test(val))e[val=="toggle"?hidden?"show":"hide":val](prop);else{var parts=val.toString().match(/^([+-]=)?([\d+-.]+)(.*)$/),start=e.cur(true)||0;if(parts){var end=parseFloat(parts[2]),unit=parts[3]||"px";if(unit!="px"){self.style[name]=(end||1)+unit;start=((end||1)/e.cur(true))*start;self.style[name]=start+unit;}if(parts[1])end=((parts[1]=="-="?-1:1)*end)+start;e.custom(start,end,unit);}else -e.custom(start,val,"");}});return true;});},queue:function(type,fn){if(jQuery.isFunction(type)||(type&&type.constructor==Array)){fn=type;type="fx";}if(!type||(typeof type=="string"&&!fn))return queue(this[0],type);return this.each(function(){if(fn.constructor==Array)queue(this,type,fn);else{queue(this,type).push(fn);if(queue(this,type).length==1)fn.call(this);}});},stop:function(clearQueue,gotoEnd){var timers=jQuery.timers;if(clearQueue)this.queue([]);this.each(function(){for(var i=timers.length-1;i>=0;i--)if(timers[i].elem==this){if(gotoEnd)timers[i](true);timers.splice(i,1);}});if(!gotoEnd)this.dequeue();return this;}});var queue=function(elem,type,array){if(elem){type=type||"fx";var q=jQuery.data(elem,type+"queue");if(!q||array)q=jQuery.data(elem,type+"queue",jQuery.makeArray(array));}return q;};jQuery.fn.dequeue=function(type){type=type||"fx";return this.each(function(){var q=queue(this,type);q.shift();if(q.length)q[0].call(this);});};jQuery.extend({speed:function(speed,easing,fn){var opt=speed&&speed.constructor==Object?speed:{complete:fn||!fn&&easing||jQuery.isFunction(speed)&&speed,duration:speed,easing:fn&&easing||easing&&easing.constructor!=Function&&easing};opt.duration=(opt.duration&&opt.duration.constructor==Number?opt.duration:jQuery.fx.speeds[opt.duration])||jQuery.fx.speeds.def;opt.old=opt.complete;opt.complete=function(){if(opt.queue!==false)jQuery(this).dequeue();if(jQuery.isFunction(opt.old))opt.old.call(this);};return opt;},easing:{linear:function(p,n,firstNum,diff){return firstNum+diff*p;},swing:function(p,n,firstNum,diff){return((-Math.cos(p*Math.PI)/2)+0.5)*diff+firstNum;}},timers:[],timerId:null,fx:function(elem,options,prop){this.options=options;this.elem=elem;this.prop=prop;if(!options.orig)options.orig={};}});jQuery.fx.prototype={update:function(){if(this.options.step)this.options.step.call(this.elem,this.now,this);(jQuery.fx.step[this.prop]||jQuery.fx.step._default)(this);if(this.prop=="height"||this.prop=="width")this.elem.style.display="block";},cur:function(force){if(this.elem[this.prop]!=null&&this.elem.style[this.prop]==null)return this.elem[this.prop];var r=parseFloat(jQuery.css(this.elem,this.prop,force));return r&&r>-10000?r:parseFloat(jQuery.curCSS(this.elem,this.prop))||0;},custom:function(from,to,unit){this.startTime=now();this.start=from;this.end=to;this.unit=unit||this.unit||"px";this.now=this.start;this.pos=this.state=0;this.update();var self=this;function t(gotoEnd){return self.step(gotoEnd);}t.elem=this.elem;jQuery.timers.push(t);if(jQuery.timerId==null){jQuery.timerId=setInterval(function(){var timers=jQuery.timers;for(var i=0;ithis.options.duration+this.startTime){this.now=this.end;this.pos=this.state=1;this.update();this.options.curAnim[this.prop]=true;var done=true;for(var i in this.options.curAnim)if(this.options.curAnim[i]!==true)done=false;if(done){if(this.options.display!=null){this.elem.style.overflow=this.options.overflow;this.elem.style.display=this.options.display;if(jQuery.css(this.elem,"display")=="none")this.elem.style.display="block";}if(this.options.hide)this.elem.style.display="none";if(this.options.hide||this.options.show)for(var p in this.options.curAnim)jQuery.attr(this.elem.style,p,this.options.orig[p]);}if(done)this.options.complete.call(this.elem);return false;}else{var n=t-this.startTime;this.state=n/this.options.duration;this.pos=jQuery.easing[this.options.easing||(jQuery.easing.swing?"swing":"linear")](this.state,n,0,1,this.options.duration);this.now=this.start+((this.end-this.start)*this.pos);this.update();}return true;}};jQuery.extend(jQuery.fx,{speeds:{slow:600,fast:200,def:400},step:{scrollLeft:function(fx){fx.elem.scrollLeft=fx.now;},scrollTop:function(fx){fx.elem.scrollTop=fx.now;},opacity:function(fx){jQuery.attr(fx.elem.style,"opacity",fx.now);},_default:function(fx){fx.elem.style[fx.prop]=fx.now+fx.unit;}}});jQuery.fn.offset=function(){var left=0,top=0,elem=this[0],results;if(elem)with(jQuery.browser){var parent=elem.parentNode,offsetChild=elem,offsetParent=elem.offsetParent,doc=elem.ownerDocument,safari2=safari&&parseInt(version)<522&&!/adobeair/i.test(userAgent),css=jQuery.curCSS,fixed=css(elem,"position")=="fixed";if(elem.getBoundingClientRect){var box=elem.getBoundingClientRect();add(box.left+Math.max(doc.documentElement.scrollLeft,doc.body.scrollLeft),box.top+Math.max(doc.documentElement.scrollTop,doc.body.scrollTop));add(-doc.documentElement.clientLeft,-doc.documentElement.clientTop);}else{add(elem.offsetLeft,elem.offsetTop);while(offsetParent){add(offsetParent.offsetLeft,offsetParent.offsetTop);if(mozilla&&!/^t(able|d|h)$/i.test(offsetParent.tagName)||safari&&!safari2)border(offsetParent);if(!fixed&&css(offsetParent,"position")=="fixed")fixed=true;offsetChild=/^body$/i.test(offsetParent.tagName)?offsetChild:offsetParent;offsetParent=offsetParent.offsetParent;}while(parent&&parent.tagName&&!/^body|html$/i.test(parent.tagName)){if(!/^inline|table.*$/i.test(css(parent,"display")))add(-parent.scrollLeft,-parent.scrollTop);if(mozilla&&css(parent,"overflow")!="visible")border(parent);parent=parent.parentNode;}if((safari2&&(fixed||css(offsetChild,"position")=="absolute"))||(mozilla&&css(offsetChild,"position")!="absolute"))add(-doc.body.offsetLeft,-doc.body.offsetTop);if(fixed)add(Math.max(doc.documentElement.scrollLeft,doc.body.scrollLeft),Math.max(doc.documentElement.scrollTop,doc.body.scrollTop));}results={top:top,left:left};}function border(elem){add(jQuery.curCSS(elem,"borderLeftWidth",true),jQuery.curCSS(elem,"borderTopWidth",true));}function add(l,t){left+=parseInt(l,10)||0;top+=parseInt(t,10)||0;}return results;};jQuery.fn.extend({position:function(){var left=0,top=0,results;if(this[0]){var offsetParent=this.offsetParent(),offset=this.offset(),parentOffset=/^body|html$/i.test(offsetParent[0].tagName)?{top:0,left:0}:offsetParent.offset();offset.top-=num(this,'marginTop');offset.left-=num(this,'marginLeft');parentOffset.top+=num(offsetParent,'borderTopWidth');parentOffset.left+=num(offsetParent,'borderLeftWidth');results={top:offset.top-parentOffset.top,left:offset.left-parentOffset.left};}return results;},offsetParent:function(){var offsetParent=this[0].offsetParent;while(offsetParent&&(!/^body|html$/i.test(offsetParent.tagName)&&jQuery.css(offsetParent,'position')=='static'))offsetParent=offsetParent.offsetParent;return jQuery(offsetParent);}});jQuery.each(['Left','Top'],function(i,name){var method='scroll'+name;jQuery.fn[method]=function(val){if(!this[0])return;return val!=undefined?this.each(function(){this==window||this==document?window.scrollTo(!i?val:jQuery(window).scrollLeft(),i?val:jQuery(window).scrollTop()):this[method]=val;}):this[0]==window||this[0]==document?self[i?'pageYOffset':'pageXOffset']||jQuery.boxModel&&document.documentElement[method]||document.body[method]:this[0][method];};});jQuery.each(["Height","Width"],function(i,name){var tl=i?"Left":"Top",br=i?"Right":"Bottom";jQuery.fn["inner"+name]=function(){return this[name.toLowerCase()]()+num(this,"padding"+tl)+num(this,"padding"+br);};jQuery.fn["outer"+name]=function(margin){return this["inner"+name]()+num(this,"border"+tl+"Width")+num(this,"border"+br+"Width")+(margin?num(this,"margin"+tl)+num(this,"margin"+br):0);};});})(); \ No newline at end of file diff --git a/doc/js/quicksearch.js b/doc/js/quicksearch.js deleted file mode 100644 index 70dbd33c..00000000 --- a/doc/js/quicksearch.js +++ /dev/null @@ -1,114 +0,0 @@ -/** - * - * JQuery QuickSearch - Hook up a form field to hide non-matching elements. - * $Id: quicksearch.js 53 2009-01-07 02:52:03Z deveiant $ - * - * Author: Michael Granger - * - */ -jQuery.fn.quicksearch = function( target, searchElems, options ) { - // console.debug( "Quicksearch fn" ); - - var settings = { - delay: 250, - clearButton: false, - highlightMatches: false, - focusOnLoad: false, - noSearchResultsIndicator: null - }; - if ( options ) $.extend( settings, options ); - - return jQuery(this).each( function() { - // console.debug( "Creating a new quicksearch on %o for %o", this, searchElems ); - new jQuery.quicksearch( this, searchElems, settings ); - }); -}; - - -jQuery.quicksearch = function( searchBox, searchElems, settings ) { - var timeout; - var boxdiv = $(searchBox).parents('div').eq(0); - - function init() { - setupKeyEventHandlers(); - focusOnLoad(); - }; - - function setupKeyEventHandlers() { - // console.debug( "Hooking up the 'keypress' event to %o", searchBox ); - $(searchBox). - unbind( 'keyup' ). - keyup( function(e) { return onSearchKey( e.keyCode ); }); - $(searchBox). - unbind( 'keypress' ). - keypress( function(e) { - switch( e.which ) { - // Execute the search on Enter, Tab, or Newline - case 9: - case 13: - case 10: - clearTimeout( timeout ); - e.preventDefault(); - doQuickSearch(); - break; - - // Allow backspace - case 8: - return true; - break; - - // Only allow valid search characters - default: - return validQSChar( e.charCode ); - } - }); - }; - - function focusOnLoad() { - if ( !settings.focusOnLoad ) return false; - $(searchBox).focus(); - }; - - function onSearchKey ( code ) { - clearTimeout( timeout ); - // console.debug( "...scheduling search." ); - timeout = setTimeout( doQuickSearch, settings.delay ); - }; - - function validQSChar( code ) { - var c = String.fromCharCode( code ); - return ( - (c == ':') || - (c >= 'a' && c <= 'z') || - (c >= 'A' && c <= 'Z') - ); - }; - - function doQuickSearch() { - var searchText = searchBox.value; - var pat = new RegExp( searchText, "im" ); - var shownCount = 0; - - if ( settings.noSearchResultsIndicator ) { - $('#' + settings.noSearchResultsIndicator).hide(); - } - - // All elements start out hidden - $(searchElems).each( function(index) { - var str = $(this).text(); - - if ( pat.test(str) ) { - shownCount += 1; - $(this).fadeIn(); - } else { - $(this).hide(); - } - }); - - if ( shownCount == 0 && settings.noSearchResultsIndicator ) { - $('#' + settings.noSearchResultsIndicator).slideDown(); - } - }; - - init(); -}; diff --git a/doc/js/thickbox-compressed.js b/doc/js/thickbox-compressed.js deleted file mode 100644 index 3a3fdae1..00000000 --- a/doc/js/thickbox-compressed.js +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Thickbox 3 - One Box To Rule Them All. - * By Cody Lindley (http://www.codylindley.com) - * Copyright (c) 2007 cody lindley - * Licensed under the MIT License: http://www.opensource.org/licenses/mit-license.php -*/ - -var tb_pathToImage = "../images/loadingAnimation.gif"; - -eval(function(p,a,c,k,e,r){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('$(o).2S(9(){1u(\'a.18, 3n.18, 3i.18\');1w=1p 1t();1w.L=2H});9 1u(b){$(b).s(9(){6 t=X.Q||X.1v||M;6 a=X.u||X.23;6 g=X.1N||P;19(t,a,g);X.2E();H P})}9 19(d,f,g){3m{3(2t o.v.J.2i==="2g"){$("v","11").r({A:"28%",z:"28%"});$("11").r("22","2Z");3(o.1Y("1F")===M){$("v").q("<4 5=\'B\'><4 5=\'8\'>");$("#B").s(G)}}n{3(o.1Y("B")===M){$("v").q("<4 5=\'B\'><4 5=\'8\'>");$("#B").s(G)}}3(1K()){$("#B").1J("2B")}n{$("#B").1J("2z")}3(d===M){d=""}$("v").q("<4 5=\'K\'><1I L=\'"+1w.L+"\' />");$(\'#K\').2y();6 h;3(f.O("?")!==-1){h=f.3l(0,f.O("?"))}n{h=f}6 i=/\\.2s$|\\.2q$|\\.2m$|\\.2l$|\\.2k$/;6 j=h.1C().2h(i);3(j==\'.2s\'||j==\'.2q\'||j==\'.2m\'||j==\'.2l\'||j==\'.2k\'){1D="";1G="";14="";1z="";1x="";R="";1n="";1r=P;3(g){E=$("a[@1N="+g+"]").36();25(D=0;((D&1d;&1d;2T &2R;"}n{1D=E[D].Q;1G=E[D].u;14="<1e 5=\'1U\'>&1d;&1d;&2O; 2N"}}n{1r=1b;1n="1t "+(D+1)+" 2L "+(E.1c)}}}S=1p 1t();S.1g=9(){S.1g=M;6 a=2x();6 x=a[0]-1M;6 y=a[1]-1M;6 b=S.z;6 c=S.A;3(b>x){c=c*(x/b);b=x;3(c>y){b=b*(y/c);c=y}}n 3(c>y){b=b*(y/c);c=y;3(b>x){c=c*(x/b);b=x}}13=b+30;1a=c+2G;$("#8").q("<1I 5=\'2F\' L=\'"+f+"\' z=\'"+b+"\' A=\'"+c+"\' 23=\'"+d+"\'/>"+"<4 5=\'2D\'>"+d+"<4 5=\'2C\'>"+1n+14+R+"<4 5=\'2A\'>1l 1k 1j 1s");$("#Z").s(G);3(!(14==="")){9 12(){3($(o).N("s",12)){$(o).N("s",12)}$("#8").C();$("v").q("<4 5=\'8\'>");19(1D,1G,g);H P}$("#1U").s(12)}3(!(R==="")){9 1i(){$("#8").C();$("v").q("<4 5=\'8\'>");19(1z,1x,g);H P}$("#1X").s(1i)}o.1h=9(e){3(e==M){I=2w.2v}n{I=e.2u}3(I==27){G()}n 3(I==3k){3(!(R=="")){o.1h="";1i()}}n 3(I==3j){3(!(14=="")){o.1h="";12()}}};16();$("#K").C();$("#1L").s(G);$("#8").r({Y:"T"})};S.L=f}n{6 l=f.2r(/^[^\\?]+\\??/,\'\');6 m=2p(l);13=(m[\'z\']*1)+30||3h;1a=(m[\'A\']*1)+3g||3f;W=13-30;V=1a-3e;3(f.O(\'2j\')!=-1){1E=f.1B(\'3d\');$("#15").C();3(m[\'1A\']!="1b"){$("#8").q("<4 5=\'2f\'><4 5=\'1H\'>"+d+"<4 5=\'2e\'>1l 1k 1j 1s ")}n{$("#B").N();$("#8").q(" ")}}n{3($("#8").r("Y")!="T"){3(m[\'1A\']!="1b"){$("#8").q("<4 5=\'2f\'><4 5=\'1H\'>"+d+"<4 5=\'2e\'>1l 1k 1j 1s<4 5=\'F\' J=\'z:"+W+"p;A:"+V+"p\'>")}n{$("#B").N();$("#8").q("<4 5=\'F\' 3c=\'3b\' J=\'z:"+W+"p;A:"+V+"p;\'>")}}n{$("#F")[0].J.z=W+"p";$("#F")[0].J.A=V+"p";$("#F")[0].3a=0;$("#1H").11(d)}}$("#Z").s(G);3(f.O(\'37\')!=-1){$("#F").q($(\'#\'+m[\'26\']).1T());$("#8").24(9(){$(\'#\'+m[\'26\']).q($("#F").1T())});16();$("#K").C();$("#8").r({Y:"T"})}n 3(f.O(\'2j\')!=-1){16();3($.1q.35){$("#K").C();$("#8").r({Y:"T"})}}n{$("#F").34(f+="&1y="+(1p 33().32()),9(){16();$("#K").C();1u("#F a.18");$("#8").r({Y:"T"})})}}3(!m[\'1A\']){o.21=9(e){3(e==M){I=2w.2v}n{I=e.2u}3(I==27){G()}}}}31(e){}}9 1m(){$("#K").C();$("#8").r({Y:"T"})}9 G(){$("#2Y").N("s");$("#Z").N("s");$("#8").2X("2W",9(){$(\'#8,#B,#1F\').2V("24").N().C()});$("#K").C();3(2t o.v.J.2i=="2g"){$("v","11").r({A:"1Z",z:"1Z"});$("11").r("22","")}o.1h="";o.21="";H P}9 16(){$("#8").r({2U:\'-\'+20((13/2),10)+\'p\',z:13+\'p\'});3(!(1V.1q.2Q&&1V.1q.2P<7)){$("#8").r({38:\'-\'+20((1a/2),10)+\'p\'})}}9 2p(a){6 b={};3(!a){H b}6 c=a.1B(/[;&]/);25(6 i=0;i - - - - - - - File: browser.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • common/typhoeus_cache
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/cache_file_store_rb.html b/doc/lib/common/cache_file_store_rb.html deleted file mode 100644 index 5c13ce08..00000000 --- a/doc/lib/common/cache_file_store_rb.html +++ /dev/null @@ -1,61 +0,0 @@ - - - - - - - - File: cache_file_store.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • yaml
    • - -
-
- - - -
-
- -
- -
-

Description

- -

> @todo take consideration of the cache_timeout :

- -
-> create 2 files per key : one for the data storage (key.store ?)
-   and the other for the cache timeout (key.expiration, key.timeout ?)
-or 1 file for all timeouts ?
--> 2 dirs : 1 for storage, the other for cache_timeout ?
- -
- -
- - - diff --git a/doc/lib/common/collections/vulnerabilities/output_rb.html b/doc/lib/common/collections/vulnerabilities/output_rb.html deleted file mode 100644 index 1420343a..00000000 --- a/doc/lib/common/collections/vulnerabilities/output_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: output.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/vulnerabilities_rb.html b/doc/lib/common/collections/vulnerabilities_rb.html deleted file mode 100644 index 415c5fc7..00000000 --- a/doc/lib/common/collections/vulnerabilities_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: vulnerabilities.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • common/collections/vulnerabilities/output
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_items/detectable_rb.html b/doc/lib/common/collections/wp_items/detectable_rb.html deleted file mode 100644 index 733650c9..00000000 --- a/doc/lib/common/collections/wp_items/detectable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: detectable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_items/output_rb.html b/doc/lib/common/collections/wp_items/output_rb.html deleted file mode 100644 index 1420343a..00000000 --- a/doc/lib/common/collections/wp_items/output_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: output.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_items_rb.html b/doc/lib/common/collections/wp_items_rb.html deleted file mode 100644 index 00d9f48c..00000000 --- a/doc/lib/common/collections/wp_items_rb.html +++ /dev/null @@ -1,56 +0,0 @@ - - - - - - - - File: wp_items.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • common/collections/wp_items/detectable
    • - -
  • common/collections/wp_items/output
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_plugins/detectable_rb.html b/doc/lib/common/collections/wp_plugins/detectable_rb.html deleted file mode 100644 index 733650c9..00000000 --- a/doc/lib/common/collections/wp_plugins/detectable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: detectable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_plugins_rb.html b/doc/lib/common/collections/wp_plugins_rb.html deleted file mode 100644 index 52295cbd..00000000 --- a/doc/lib/common/collections/wp_plugins_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: wp_plugins.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • common/collections/wp_plugins/detectable
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_themes/detectable_rb.html b/doc/lib/common/collections/wp_themes/detectable_rb.html deleted file mode 100644 index 733650c9..00000000 --- a/doc/lib/common/collections/wp_themes/detectable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: detectable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_themes_rb.html b/doc/lib/common/collections/wp_themes_rb.html deleted file mode 100644 index 31e907b4..00000000 --- a/doc/lib/common/collections/wp_themes_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: wp_themes.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • common/collections/wp_themes/detectable
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_timthumbs/detectable_rb.html b/doc/lib/common/collections/wp_timthumbs/detectable_rb.html deleted file mode 100644 index 733650c9..00000000 --- a/doc/lib/common/collections/wp_timthumbs/detectable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: detectable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_timthumbs_rb.html b/doc/lib/common/collections/wp_timthumbs_rb.html deleted file mode 100644 index efb66d4a..00000000 --- a/doc/lib/common/collections/wp_timthumbs_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: wp_timthumbs.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • common/collections/wp_timthumbs/detectable
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_users/detectable_rb.html b/doc/lib/common/collections/wp_users/detectable_rb.html deleted file mode 100644 index 733650c9..00000000 --- a/doc/lib/common/collections/wp_users/detectable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: detectable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_users/output_rb.html b/doc/lib/common/collections/wp_users/output_rb.html deleted file mode 100644 index 1420343a..00000000 --- a/doc/lib/common/collections/wp_users/output_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: output.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/collections/wp_users_rb.html b/doc/lib/common/collections/wp_users_rb.html deleted file mode 100644 index 4933389d..00000000 --- a/doc/lib/common/collections/wp_users_rb.html +++ /dev/null @@ -1,56 +0,0 @@ - - - - - - - - File: wp_users.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • common/collections/wp_users/detectable
    • - -
  • common/collections/wp_users/output
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/common_helper_rb.html b/doc/lib/common/common_helper_rb.html deleted file mode 100644 index ba0998ee..00000000 --- a/doc/lib/common/common_helper_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: common_helper.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • environment
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/custom_option_parser_rb.html b/doc/lib/common/custom_option_parser_rb.html deleted file mode 100644 index ee06e11d..00000000 --- a/doc/lib/common/custom_option_parser_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: custom_option_parser.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/hacks_rb.html b/doc/lib/common/hacks_rb.html deleted file mode 100644 index 0ada9ebf..00000000 --- a/doc/lib/common/hacks_rb.html +++ /dev/null @@ -1,57 +0,0 @@ - - - - - - - - File: hacks.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -

Since ruby 1.9.2, URI::escape is obsolete See rosettacode.org/wiki/URL_encoding#Ruby -and www.ruby-forum.com/topic/207489

- -
- -
- - - diff --git a/doc/lib/common/models/vulnerability/output_rb.html b/doc/lib/common/models/vulnerability/output_rb.html deleted file mode 100644 index 1420343a..00000000 --- a/doc/lib/common/models/vulnerability/output_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: output.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/vulnerability_rb.html b/doc/lib/common/models/vulnerability_rb.html deleted file mode 100644 index c33a9a64..00000000 --- a/doc/lib/common/models/vulnerability_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: vulnerability.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • vulnerability/output
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_item/existable_rb.html b/doc/lib/common/models/wp_item/existable_rb.html deleted file mode 100644 index c4ef7522..00000000 --- a/doc/lib/common/models/wp_item/existable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: existable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_item/findable_rb.html b/doc/lib/common/models/wp_item/findable_rb.html deleted file mode 100644 index 16e0ff9a..00000000 --- a/doc/lib/common/models/wp_item/findable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: findable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_item/infos_rb.html b/doc/lib/common/models/wp_item/infos_rb.html deleted file mode 100644 index 9c3e483c..00000000 --- a/doc/lib/common/models/wp_item/infos_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: infos.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_item/output_rb.html b/doc/lib/common/models/wp_item/output_rb.html deleted file mode 100644 index 1420343a..00000000 --- a/doc/lib/common/models/wp_item/output_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: output.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_item/versionable_rb.html b/doc/lib/common/models/wp_item/versionable_rb.html deleted file mode 100644 index e7a007b5..00000000 --- a/doc/lib/common/models/wp_item/versionable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: versionable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_item/vulnerable_rb.html b/doc/lib/common/models/wp_item/vulnerable_rb.html deleted file mode 100644 index 070bd0a0..00000000 --- a/doc/lib/common/models/wp_item/vulnerable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: vulnerable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_item_rb.html b/doc/lib/common/models/wp_item_rb.html deleted file mode 100644 index d364a005..00000000 --- a/doc/lib/common/models/wp_item_rb.html +++ /dev/null @@ -1,64 +0,0 @@ - - - - - - - - File: wp_item.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:06 +0200
- - -
Requires
-
-
    - -
  • wp_item/findable
    • - -
  • wp_item/versionable
    • - -
  • wp_item/vulnerable
    • - -
  • wp_item/existable
    • - -
  • wp_item/infos
    • - -
  • wp_item/output
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_plugin/vulnerable_rb.html b/doc/lib/common/models/wp_plugin/vulnerable_rb.html deleted file mode 100644 index 070bd0a0..00000000 --- a/doc/lib/common/models/wp_plugin/vulnerable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: vulnerable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_plugin_rb.html b/doc/lib/common/models/wp_plugin_rb.html deleted file mode 100644 index 93faee8a..00000000 --- a/doc/lib/common/models/wp_plugin_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: wp_plugin.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
  • wp_plugin/vulnerable
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_theme/findable_rb.html b/doc/lib/common/models/wp_theme/findable_rb.html deleted file mode 100644 index 9b430615..00000000 --- a/doc/lib/common/models/wp_theme/findable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: findable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_theme/versionable_rb.html b/doc/lib/common/models/wp_theme/versionable_rb.html deleted file mode 100644 index 07786356..00000000 --- a/doc/lib/common/models/wp_theme/versionable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: versionable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_theme/vulnerable_rb.html b/doc/lib/common/models/wp_theme/vulnerable_rb.html deleted file mode 100644 index 070bd0a0..00000000 --- a/doc/lib/common/models/wp_theme/vulnerable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: vulnerable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_theme_rb.html b/doc/lib/common/models/wp_theme_rb.html deleted file mode 100644 index b5eb7093..00000000 --- a/doc/lib/common/models/wp_theme_rb.html +++ /dev/null @@ -1,58 +0,0 @@ - - - - - - - - File: wp_theme.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
  • wp_theme/findable
    • - -
  • wp_theme/versionable
    • - -
  • wp_theme/vulnerable
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_timthumb/existable_rb.html b/doc/lib/common/models/wp_timthumb/existable_rb.html deleted file mode 100644 index e16e9c50..00000000 --- a/doc/lib/common/models/wp_timthumb/existable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: existable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_timthumb/output_rb.html b/doc/lib/common/models/wp_timthumb/output_rb.html deleted file mode 100644 index 2d81b0f1..00000000 --- a/doc/lib/common/models/wp_timthumb/output_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: output.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_timthumb/versionable_rb.html b/doc/lib/common/models/wp_timthumb/versionable_rb.html deleted file mode 100644 index 07786356..00000000 --- a/doc/lib/common/models/wp_timthumb/versionable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: versionable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_timthumb_rb.html b/doc/lib/common/models/wp_timthumb_rb.html deleted file mode 100644 index f3ded0a1..00000000 --- a/doc/lib/common/models/wp_timthumb_rb.html +++ /dev/null @@ -1,58 +0,0 @@ - - - - - - - - File: wp_timthumb.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
  • wp_timthumb/versionable
    • - -
  • wp_timthumb/existable
    • - -
  • wp_timthumb/output
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_user/existable_rb.html b/doc/lib/common/models/wp_user/existable_rb.html deleted file mode 100644 index e16e9c50..00000000 --- a/doc/lib/common/models/wp_user/existable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: existable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_user_rb.html b/doc/lib/common/models/wp_user_rb.html deleted file mode 100644 index b1b034b3..00000000 --- a/doc/lib/common/models/wp_user_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: wp_user.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
  • wp_user/existable
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_version/findable_rb.html b/doc/lib/common/models/wp_version/findable_rb.html deleted file mode 100644 index 9b430615..00000000 --- a/doc/lib/common/models/wp_version/findable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: findable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_version/output_rb.html b/doc/lib/common/models/wp_version/output_rb.html deleted file mode 100644 index 2d81b0f1..00000000 --- a/doc/lib/common/models/wp_version/output_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: output.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_version/vulnerable_rb.html b/doc/lib/common/models/wp_version/vulnerable_rb.html deleted file mode 100644 index 070bd0a0..00000000 --- a/doc/lib/common/models/wp_version/vulnerable_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: vulnerable.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/models/wp_version_rb.html b/doc/lib/common/models/wp_version_rb.html deleted file mode 100644 index d3d661f9..00000000 --- a/doc/lib/common/models/wp_version_rb.html +++ /dev/null @@ -1,58 +0,0 @@ - - - - - - - - File: wp_version.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
  • wp_version/findable
    • - -
  • wp_version/vulnerable
    • - -
  • wp_version/output
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/plugins/plugin_rb.html b/doc/lib/common/plugins/plugin_rb.html deleted file mode 100644 index d9983c0a..00000000 --- a/doc/lib/common/plugins/plugin_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: plugin.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/plugins/plugins_rb.html b/doc/lib/common/plugins/plugins_rb.html deleted file mode 100644 index 7024699a..00000000 --- a/doc/lib/common/plugins/plugins_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: plugins.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/typhoeus_cache_rb.html b/doc/lib/common/typhoeus_cache_rb.html deleted file mode 100644 index 6c033c11..00000000 --- a/doc/lib/common/typhoeus_cache_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: typhoeus_cache.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
  • common/cache_file_store
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/updater/git_updater_rb.html b/doc/lib/common/updater/git_updater_rb.html deleted file mode 100644 index 50da581c..00000000 --- a/doc/lib/common/updater/git_updater_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: git_updater.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
  • common/updater/updater
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/updater/svn_updater_rb.html b/doc/lib/common/updater/svn_updater_rb.html deleted file mode 100644 index 7d071b3f..00000000 --- a/doc/lib/common/updater/svn_updater_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: svn_updater.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
  • common/updater/updater
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/updater/updater_factory_rb.html b/doc/lib/common/updater/updater_factory_rb.html deleted file mode 100644 index 629c8120..00000000 --- a/doc/lib/common/updater/updater_factory_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: updater_factory.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/common/updater/updater_rb.html b/doc/lib/common/updater/updater_rb.html deleted file mode 100644 index 0d9175a5..00000000 --- a/doc/lib/common/updater/updater_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: updater.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -

This class act as an absract one

- -
- -
- - - diff --git a/doc/lib/environment_rb.html b/doc/lib/environment_rb.html deleted file mode 100644 index 9591a23b..00000000 --- a/doc/lib/environment_rb.html +++ /dev/null @@ -1,90 +0,0 @@ - - - - - - - - File: environment.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
  • rubygems
    • - -
  • bundler/setup
    • - -
  • getoptlong
    • - -
  • optparse
    • - -
  • uri
    • - -
  • time
    • - -
  • resolv
    • - -
  • xmlrpc/client
    • - -
  • digest/md5
    • - -
  • digest/sha1
    • - -
  • readline
    • - -
  • base64
    • - -
  • rbconfig
    • - -
  • pp
    • - -
  • typhoeus
    • - -
  • json
    • - -
  • nokogiri
    • - -
  • common/browser
    • - -
  • common/custom_option_parser
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpscan/modules/brute_force_rb.html b/doc/lib/wpscan/modules/brute_force_rb.html deleted file mode 100644 index 004404c8..00000000 --- a/doc/lib/wpscan/modules/brute_force_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: brute_force.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpscan/modules/malwares_rb.html b/doc/lib/wpscan/modules/malwares_rb.html deleted file mode 100644 index 153a9346..00000000 --- a/doc/lib/wpscan/modules/malwares_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: malwares.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpscan/modules/wp_config_backup_rb.html b/doc/lib/wpscan/modules/wp_config_backup_rb.html deleted file mode 100644 index 428e1810..00000000 --- a/doc/lib/wpscan/modules/wp_config_backup_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: wp_config_backup.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpscan/modules/wp_full_path_disclosure_rb.html b/doc/lib/wpscan/modules/wp_full_path_disclosure_rb.html deleted file mode 100644 index 9e7b6bb5..00000000 --- a/doc/lib/wpscan/modules/wp_full_path_disclosure_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: wp_full_path_disclosure.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpscan/modules/wp_login_protection_rb.html b/doc/lib/wpscan/modules/wp_login_protection_rb.html deleted file mode 100644 index d5de8ad1..00000000 --- a/doc/lib/wpscan/modules/wp_login_protection_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: wp_login_protection.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpscan/modules/wp_readme_rb.html b/doc/lib/wpscan/modules/wp_readme_rb.html deleted file mode 100644 index 4d08c9ab..00000000 --- a/doc/lib/wpscan/modules/wp_readme_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: wp_readme.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpscan/web_site_rb.html b/doc/lib/wpscan/web_site_rb.html deleted file mode 100644 index db606991..00000000 --- a/doc/lib/wpscan/web_site_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: web_site.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpscan/wp_target_rb.html b/doc/lib/wpscan/wp_target_rb.html deleted file mode 100644 index f7c41db9..00000000 --- a/doc/lib/wpscan/wp_target_rb.html +++ /dev/null @@ -1,66 +0,0 @@ - - - - - - - - File: wp_target.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
  • web_site
    • - -
  • modules/wp_readme
    • - -
  • modules/wp_full_path_disclosure
    • - -
  • modules/wp_config_backup
    • - -
  • modules/wp_login_protection
    • - -
  • modules/malwares
    • - -
  • modules/brute_force
    • - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpscan/wpscan_helper_rb.html b/doc/lib/wpscan/wpscan_helper_rb.html deleted file mode 100644 index 2d80fd53..00000000 --- a/doc/lib/wpscan/wpscan_helper_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: wpscan_helper.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpscan/wpscan_options_rb.html b/doc/lib/wpscan/wpscan_options_rb.html deleted file mode 100644 index 714416ce..00000000 --- a/doc/lib/wpscan/wpscan_options_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: wpscan_options.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpstools/plugins/checker/checker_plugin_rb.html b/doc/lib/wpstools/plugins/checker/checker_plugin_rb.html deleted file mode 100644 index 8e9b08cf..00000000 --- a/doc/lib/wpstools/plugins/checker/checker_plugin_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: checker_plugin.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpstools/plugins/list_generator/generate_list_rb.html b/doc/lib/wpstools/plugins/list_generator/generate_list_rb.html deleted file mode 100644 index 546c44ad..00000000 --- a/doc/lib/wpstools/plugins/list_generator/generate_list_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: generate_list.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -

This tool generates a list to use for plugin and theme enumeration

- -
- -
- - - diff --git a/doc/lib/wpstools/plugins/list_generator/list_generator_plugin_rb.html b/doc/lib/wpstools/plugins/list_generator/list_generator_plugin_rb.html deleted file mode 100644 index 7764cdf3..00000000 --- a/doc/lib/wpstools/plugins/list_generator/list_generator_plugin_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: list_generator_plugin.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpstools/plugins/list_generator/svn_parser_rb.html b/doc/lib/wpstools/plugins/list_generator/svn_parser_rb.html deleted file mode 100644 index fdcc1460..00000000 --- a/doc/lib/wpstools/plugins/list_generator/svn_parser_rb.html +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - File: svn_parser.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -

This Class Parses SVN Repositories via HTTP

- -
- -
- - - diff --git a/doc/lib/wpstools/plugins/stats/stats_plugin_rb.html b/doc/lib/wpstools/plugins/stats/stats_plugin_rb.html deleted file mode 100644 index 642aa208..00000000 --- a/doc/lib/wpstools/plugins/stats/stats_plugin_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: stats_plugin.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/lib/wpstools/wpstools_helper_rb.html b/doc/lib/wpstools/wpstools_helper_rb.html deleted file mode 100644 index 5ff73d6a..00000000 --- a/doc/lib/wpstools/wpstools_helper_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: wpstools_helper.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/wpscan_rb.html b/doc/wpscan_rb.html deleted file mode 100644 index 44bcc648..00000000 --- a/doc/wpscan_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: wpscan.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:15:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc/wpstools_rb.html b/doc/wpstools_rb.html deleted file mode 100644 index a8efe370..00000000 --- a/doc/wpstools_rb.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - File: wpstools.rb [RDoc Documentation] - - - - - - - - - - -
-
-
Last Modified
-
2013-04-05 14:07:07 +0200
- - -
Requires
-
-
    - -
-
- - - -
-
- -
- -
-

Description

- -
- -
- - - diff --git a/doc_rdoc/Array.html b/doc_rdoc/Array.html new file mode 100644 index 00000000..bb7db5ef --- /dev/null +++ b/doc_rdoc/Array.html @@ -0,0 +1,394 @@ + + + + + + +class Array - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Array

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ _grep_(regexp) + + click to toggle source + +
+ + +
+ +

Fix for grep with symbols in ruby <= 1.8.7

+ + + + +
+ 
# File lib/common/hacks.rb, line 19
+def _grep_(regexp)
+  matches = []
+  self.each do |value|
+    value = value.to_s
+    matches << value if value.match(regexp)
+  end
+  matches
+end
+
+ +
+ + +
+ Also aliased as: grep +
+ + + +
+ + +
+ +
+ grep(regexp) + +
+ + +
+ + + + + + +
+ + + + +
+ Alias for: _grep_ +
+ +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Browser.html b/doc_rdoc/Browser.html new file mode 100644 index 00000000..4cb7e4ef --- /dev/null +++ b/doc_rdoc/Browser.html @@ -0,0 +1,650 @@ + + + + + + +class Browser - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Browser

+ +
+ +
+ + + + +
+ + + + + + +
+

Constants

+
+ +
OPTIONS + +
+ + +
+
+ + + + +
+

Attributes

+ + +
+
+ cache_dir[R] +
+ +
+ + + +
+
+ +
+
+ config_file[R] +
+ +
+ + + +
+
+ +
+
+ hydra[R] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ instance(options = {}) + + click to toggle source + +
+ + +
+ +

@param [ Hash ] options

+ +

@return [ Browser ]

+ + + + +
+ 
# File lib/common/browser.rb, line 50
+def self.instance(options = {})
+  unless @@instance
+    @@instance = new(options)
+  end
+  @@instance
+end
+
+ +
+ + + + +
+ + +
+ +
+ reset() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/browser.rb, line 57
+def self.reset
+  @@instance = nil
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ forge_request(url, params = {}) + + click to toggle source + +
+ + +
+ +

@param [ String ] url @param [ Hash ] params

+ +

@return [ Typhoeus::Request ]

+ + + + +
+ 
# File lib/common/browser.rb, line 90
+def forge_request(url, params = {})
+  Typhoeus::Request.new(url, merge_request_params(params))
+end
+
+ +
+ + + + +
+ + +
+ +
+ load_config(config_file = nil) + + click to toggle source + +
+ + +
+ +

If an option was set but is not in the new #config_file it’s value is +kept

+ +

@param [ String ] #config_file

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/browser.rb, line 68
+def load_config(config_file = nil)
+  @config_file = config_file || @config_file
+
+  if File.symlink?(@config_file)
+    raise "[ERROR] Config file is a symlink."
+  else
+    data = JSON.parse(File.read(@config_file))
+  end
+
+  OPTIONS.each do |option|
+    option_name = option.to_s
+
+    unless data[option_name].nil?
+      self.send(:"#{option_name}=", data[option_name])
+    end
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ merge_request_params(params = {}) + + click to toggle source + +
+ + +
+ +

@param [ Hash ] params

+ +

@return [ Hash ]

+ + + + +
+ 
# File lib/common/browser.rb, line 97
+def merge_request_params(params = {})
+  params = Browser.append_params_header_field(
+    params,
+    'User-Agent',
+    self.user_agent
+  )
+
+  if @proxy
+    params = params.merge(proxy: @proxy)
+
+    if @proxy_auth
+      params = params.merge(proxyauth: @proxy_auth)
+    end
+  end
+
+  if @basic_auth
+    params = Browser.append_params_header_field(
+      params,
+      'Authorization',
+      @basic_auth
+    )
+  end
+
+  # Used to enable the cache system if :cache_ttl > 0
+  unless params.has_key?(:cache_ttl)
+    params = params.merge(cache_ttl: @cache_ttl)
+  end
+
+  # Disable SSL-Certificate checks
+  params.merge!(ssl_verifypeer: false)
+  params.merge!(ssl_verifyhost: 0)
+
+  params.merge!(cookiejar: @cache_dir + '/cookie-jar')
+  params.merge!(cookiefile: @cache_dir + '/cookie-jar')
+
+  params
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Browser/Actions.html b/doc_rdoc/Browser/Actions.html new file mode 100644 index 00000000..955071b3 --- /dev/null +++ b/doc_rdoc/Browser/Actions.html @@ -0,0 +1,470 @@ + + + + + + +module Browser::Actions - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module Browser::Actions

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ get(url, params = {}) + + click to toggle source + +
+ + +
+ +

@param [ String ] url @param [ Hash ] params

+ +

@return [ Typhoeus::Response ]

+ + + + +
+ 
# File lib/common/browser/actions.rb, line 9
+def get(url, params = {})
+  process(url, params.merge(method: :get))
+end
+
+ +
+ + + + +
+ + +
+ +
+ get_and_follow_location(url, params = {}) + + click to toggle source + +
+ + +
+ +

@param [ String ] url @param [ Hash ] params

+ +

@return [ Typhoeus::Response ]

+ + + + +
+ 
# File lib/common/browser/actions.rb, line 25
+def get_and_follow_location(url, params = {})
+  params[:maxredirs] ||= 2
+
+  get(url, params.merge(followlocation: true))
+end
+
+ +
+ + + + +
+ + +
+ +
+ post(url, params = {}) + + click to toggle source + +
+ + +
+ +

@param [ String ] url @param [ Hash ] params

+ +

@return [ Typhoeus::Response ]

+ + + + +
+ 
# File lib/common/browser/actions.rb, line 17
+def post(url, params = {})
+  process(url, params.merge(method: :post))
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Instance Methods

+ + +
+ +
+ process(url, params) + + click to toggle source + +
+ + +
+ +

@param [ String ] url @param [ Hash ] params

+ +

@return [ Typhoeus::Response ]

+ + + + +
+ 
# File lib/common/browser/actions.rb, line 37
+def process(url, params)
+  Typhoeus::Request.new(url, Browser.instance.merge_request_params(params)).run
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Browser/Options.html b/doc_rdoc/Browser/Options.html new file mode 100644 index 00000000..ed24f832 --- /dev/null +++ b/doc_rdoc/Browser/Options.html @@ -0,0 +1,828 @@ + + + + + + +module Browser::Options - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module Browser::Options

+ +
+ +
+ + + + +
+ + + + + + +
+

Constants

+
+ +
USER_AGENT_MODES + +
+ + +
+
+ + + + +
+

Attributes

+ + +
+
+ available_user_agents[RW] +
+ +
+ + + +
+
+ +
+
+ basic_auth[R] +
+ +
+ + + +
+
+ +
+
+ cache_ttl[RW] +
+ +
+ + + +
+
+ +
+
+ proxy[R] +
+ +
+ + + +
+
+ +
+
+ proxy_auth[R] +
+ +
+ + + +
+
+ +
+
+ user_agent[W] +
+ +
+ + + +
+
+ +
+
+ user_agent_mode[R] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Instance Methods

+ + +
+ +
+ basic_auth=(auth) + + click to toggle source + +
+ + +
+ +

Sets the Basic Authentification credentials Accepted format:

+ +
login:password
+Basic base_64_encoded
+ +

@param [ String ] auth

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/browser/options.rb, line 19
+def basic_auth=(auth)
+  if auth.index(':')
+    @basic_auth = "Basic #{Base64.encode64(auth).chomp}"
+  elsif auth =~ /\ABasic [a-zA-Z0-9=]+\z/
+    @basic_auth = auth
+  else
+   raise 'Invalid basic authentication format, "login:password" or "Basic base_64_encoded" expected'
+ end
+end
+
+ +
+ + + + +
+ + +
+ +
+ max_threads() + + click to toggle source + +
+ + +
+ +

@return [ Integer ]

+ + + + +
+ 
# File lib/common/browser/options.rb, line 30
+def max_threads
+  @max_threads || 1
+end
+
+ +
+ + + + +
+ + +
+ +
+ max_threads=(threads) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/browser/options.rb, line 34
+def max_threads=(threads)
+  if threads.is_a?(Integer) && threads > 0
+    @max_threads = threads
+    @hydra = Typhoeus::Hydra.new(max_concurrency: threads)
+  else
+    raise 'max_threads must be an Integer > 0'
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ proxy=(proxy) + + click to toggle source + +
+ + +
+ +

Sets the proxy Accepted format:

+ +
 [protocol://]host:post
+
+Supported protocols:
+  Depends on the curl protocols, See curl --version
+ +

@param [ String ] proxy

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/browser/options.rb, line 89
+def proxy=(proxy)
+  if proxy.index(':')
+    @proxy = proxy
+  else
+    raise 'Invalid proxy format. Should be [protocol://]host:port.'
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ proxy_auth=(auth) + + click to toggle source + +
+ + +
+ +

Sets the proxy credentials Accepted format:

+ +
username:password
+{ proxy_username: username, :proxy_password: password }
+ +

@param [ String ] auth

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/browser/options.rb, line 105
+def proxy_auth=(auth)
+  unless auth.nil?
+    if auth.is_a?(Hash) && auth.include?(:proxy_username) && auth.include?(:proxy_password)
+      @proxy_auth = auth[:proxy_username] + ':' + auth[:proxy_password]
+    elsif auth.is_a?(String) && auth.index(':') != nil
+      @proxy_auth = auth
+    else
+      raise invalid_proxy_auth_format
+    end
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ user_agent() + + click to toggle source + +
+ + +
+ +

@return [ String ] The user agent, according to the #user_agent_mode

+ + + + +
+ 
# File lib/common/browser/options.rb, line 67
+def user_agent
+  case @user_agent_mode
+  when 'semi-static'
+    unless @user_agent
+      @user_agent = @available_user_agents.sample
+    end
+  when 'random'
+    @user_agent = @available_user_agents.sample
+  end
+  @user_agent
+end
+
+ +
+ + + + +
+ + +
+ +
+ user_agent_mode=(ua_mode) + + click to toggle source + +
+ + +
+ +

Sets the #user_agent_mode, which +can be one of the following:

+ +
static:      The UA is defined by the user, and will be the same in each requests
+semi-static: The UA is randomly chosen at the first request, and will not change
+random:      UA randomly chosen each request
+ +

UA are from @available_user_agents

+ +

@param [ String ] ua_mode

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/browser/options.rb, line 53
+def user_agent_mode=(ua_mode)
+  ua_mode ||= 'static'
+
+  if USER_AGENT_MODES.include?(ua_mode)
+    @user_agent_mode = ua_mode
+    # For semi-static user agent mode, the user agent has to
+    # be nil the first time (it will be set with the getter)
+    @user_agent = nil if ua_mode === 'semi-static'
+  else
+    raise "Unknow user agent mode : '#{ua_mode}'"
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Instance Methods

+ + +
+ +
+ invalid_proxy_auth_format() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/browser/options.rb, line 119
+def invalid_proxy_auth_format
+  'Invalid proxy auth format, expected username:password or {proxy_username: username, proxy_password: password}'
+end
+
+ +
+ + + + +
+ + +
+ +
+ override_config(options = {}) + + click to toggle source + +
+ + +
+ +

Override with the options if they are set @param [ Hash ] options

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/browser/options.rb, line 127
+def override_config(options = {})
+  options.each do |option, value|
+    if value != nil and OPTIONS.include?(option)
+      self.send(:"#{option}=", value)
+    end
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/CREDITS.html b/doc_rdoc/CREDITS.html new file mode 100644 index 00000000..7a4395b4 --- /dev/null +++ b/doc_rdoc/CREDITS.html @@ -0,0 +1,280 @@ + + + + + + +CREDITS - RDoc Documentation + + + + + + + + + + + + + + + + +
+ +

*CREDITS*

+ +

This file is to give credit to WPScan’s contributors. If you feel your name +should be in here, email ryandewhurst at gmail.

+ +

*WPScan Team*

+ +

Erwan.LR - @erwan_lr - (Project Developer) Christian Mehlmauer - +@FireFart - (Project Developer) Gianluca Brindisi - @gbrindisi +(Project Developer) Ryan Dewhurst - @ethicalhack3r (Project Lead)

+ +

*Other Contributors*

+ +

Alip AKA Undead - alip.aswalid at gmail.com michee08 - Reported and gave +potential solutions to bugs. Callum Pember - Implemented proxy support - +callumpember at gmail.com g0tmi1k - Additional timthumb checks + bug +reports. Melvin Lammerts - Reported a couple of fake vulnerabilities - +melvin at 12k.nl Paolo Perego - @thesp0nge - Basic authentication

+ +
+ + + + + diff --git a/doc_rdoc/CacheFileStore.html b/doc_rdoc/CacheFileStore.html new file mode 100644 index 00000000..151621b7 --- /dev/null +++ b/doc_rdoc/CacheFileStore.html @@ -0,0 +1,556 @@ + + + + + + +class CacheFileStore - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class CacheFileStore

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ serializer[R] +
+ +
+ + + +
+
+ +
+
+ storage_path[R] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ new(storage_path, serializer = Marshal) + + click to toggle source + +
+ + +
+ +

The serializer must have the 2 methods .load and .dump

+ +
(Marshal and YAML have them)
+ +

YAML is Human Readable, contrary to Marshal which store in a binary format +Marshal does not need any “require”

+ + + + +
+ 
# File lib/common/cache_file_store.rb, line 19
+def initialize(storage_path, serializer = Marshal)
+  @storage_path = File.expand_path(storage_path)
+  @serializer = serializer
+
+  # File.directory? for ruby <= 1.9 otherwise,
+  # it makes more sense to do Dir.exist? :/
+  unless File.directory?(@storage_path)
+    Dir.mkdir(@storage_path)
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ clean() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/cache_file_store.rb, line 30
+def clean
+  Dir[File.join(@storage_path, '*')].each do |f|
+    File.delete(f) unless File.symlink?(f)
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ get_entry_file_path(key) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/cache_file_store.rb, line 52
+def get_entry_file_path(key)
+  File::join(@storage_path, key)
+end
+
+ +
+ + + + +
+ + +
+ +
+ read_entry(key) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/cache_file_store.rb, line 36
+def read_entry(key)
+  entry_file_path = get_entry_file_path(key)
+
+  if File.exists?(entry_file_path)
+    return @serializer.load(File.read(entry_file_path))
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ write_entry(key, data_to_store, cache_ttl) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/cache_file_store.rb, line 44
+def write_entry(key, data_to_store, cache_ttl)
+  if cache_ttl > 0
+    File.open(get_entry_file_path(key), 'w') do |f|
+      f.write(@serializer.dump(data_to_store))
+    end
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc/CheckerPlugin.html b/doc_rdoc/CheckerPlugin.html similarity index 51% rename from doc/CheckerPlugin.html rename to doc_rdoc/CheckerPlugin.html index 68859458..1e61cc53 100644 --- a/doc/CheckerPlugin.html +++ b/doc_rdoc/CheckerPlugin.html @@ -1,312 +1,343 @@ - - - + + + - + - Class: CheckerPlugin +class CheckerPlugin - RDoc Documentation - + + + + + + + + + + - - - - - + -
- - -
-

Parent

- -

Plugin

- -
- - + - +
+ - - -
-

Methods

- -
- - - -
- - +
-
-

CheckerPlugin

- -
- -
+
+ + + + - +
- +
+ - - -
-

Public Class Methods

+ +
+ + +
+

class CheckerPlugin

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Class Methods

+ + +
+ +
+ new() -
- new() - click to toggle source -
+ click to toggle source + +
+ + +
+ + + + +
+ Calls superclass method + Plugin.new +
-
- - - - - -
-
-# File lib/wpstools/plugins/checker/checker_plugin.rb, line 4
+          
+          

+            
# File lib/wpstools/plugins/checker/checker_plugin.rb, line 4
 def initialize
   super(author: 'WPScanTeam - @erwanlr')
 
@@ -315,42 +346,42 @@
     ['--check-local-vulnerable-files LOCAL_DIRECTORY', '--clvf', 'Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells']
   )
 end

-            

-            
-
- +
+
- -
+ + + +
- -
-
-

Public Instance Methods

- - -
- + + +
+

Public Instance Methods

+ +
+ +
+ check_local_vulnerable_files(dir_to_scan) + + click to toggle source + +
+ + +
+ + -
- check_local_vulnerable_files(dir_to_scan) - click to toggle source -
-
- - - - - -
-
-# File lib/wpstools/plugins/checker/checker_plugin.rb, line 74
+          
+          

+            
# File lib/wpstools/plugins/checker/checker_plugin.rb, line 74
 def check_local_vulnerable_files(dir_to_scan)
   if Dir::exist?(dir_to_scan)
     xml_file               = LOCAL_FILES_FILE
@@ -402,40 +433,40 @@
     puts "The supplied directory '#{dir_to_scan}' does not exist"
   end
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ check_vuln_ref_urls() + + click to toggle source + +
+ + +
+ + + -
- - -
- - - -
- check_vuln_ref_urls() - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/checker/checker_plugin.rb, line 23
+          

+            
# File lib/wpstools/plugins/checker/checker_plugin.rb, line 23
 def check_vuln_ref_urls
   vuln_ref_files   = [PLUGINS_VULNS_FILE, THEMES_VULNS_FILE, WP_VULNS_FILE]
   error_codes      = [404, 500, 403]
-  not_found_regexp = %{No Results Found|error 404|ID Invalid or Not Found}
+  not_found_regexp = %r{No Results Found|error 404|ID Invalid or Not Found}
 
   puts '[+] Checking vulnerabilities reference urls'
 
@@ -482,36 +513,36 @@
     end
   end
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ run(options = {}) + + click to toggle source + +
+ + +
+ + + -
- - -
- - - -
- run(options = {}) - click to toggle source -
- - -
- - - - - -
-
-# File lib/wpstools/plugins/checker/checker_plugin.rb, line 13
+          

+            
# File lib/wpstools/plugins/checker/checker_plugin.rb, line 13
 def run(options = {})
   if options[:check_vuln_ref_urls]
     check_vuln_ref_urls
@@ -521,29 +552,26 @@
     check_local_vulnerable_files(options[:check_local_vulnerable_files])
   end
 end

-            

-            
-
- +
+
- -
+ + + +
- -
-
+ + -
+ -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - + diff --git a/doc_rdoc/CustomOptionParser.html b/doc_rdoc/CustomOptionParser.html new file mode 100644 index 00000000..3bed8b2f --- /dev/null +++ b/doc_rdoc/CustomOptionParser.html @@ -0,0 +1,574 @@ + + + + + + +class CustomOptionParser - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class CustomOptionParser

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ symbols_used[R] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ new(banner = nil, width = 32, indent = ' ' * 4) + + click to toggle source + +
+ + +
+ + + + +
+ Calls superclass method + +
+ + + +
+ 
# File lib/common/custom_option_parser.rb, line 6
+def initialize(banner = nil, width = 32, indent = ' ' * 4)
+  @results         = {}
+  @symbols_used    = []
+  super(banner, width, indent)
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Class Methods

+ + +
+ +
+ option_to_symbol(option) + + click to toggle source + +
+ + +
+ +

param Array option

+ + + + +
+ 
# File lib/common/custom_option_parser.rb, line 56
+def self.option_to_symbol(option)
+  option_name = nil
+
+  option.each do |option_attr|
+    if option_attr =~ /^--/
+      option_name = option_attr
+      break
+    end
+  end
+
+  if option_name
+    option_name = option_name.gsub(/^--/, '').gsub(/-/, '_').gsub(/ .*$/, '')
+    :"#{option_name}"
+  else
+    raise "Could not find the option name for #{option}"
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ add(options) + + click to toggle source + +
+ + +
+ +

param Array(Array) or Array options

+ + + + +
+ 
# File lib/common/custom_option_parser.rb, line 14
+def add(options)
+  if options.is_a?(Array)
+    if options[0].is_a?(Array)
+      options.each do |option|
+        add_option(option)
+      end
+    else
+      add_option(options)
+    end
+  else
+    raise "Options must be at least an Array, or an Array(Array). #{options.class} supplied"
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ add_option(option) + + click to toggle source + +
+ + +
+ +

param Array option

+ + + + +
+ 
# File lib/common/custom_option_parser.rb, line 29
+def add_option(option)
+  if option.is_a?(Array)
+    option_symbol = CustomOptionParser::option_to_symbol(option)
+
+    if !@symbols_used.include?(option_symbol)
+      @symbols_used << option_symbol
+
+      self.on(*option) do |arg|
+        @results[option_symbol] = arg
+      end
+    else
+      raise "The option #{option_symbol} is already used !"
+    end
+  else
+    raise "The option must be an array, #{option.class} supplied : '#{option}'"
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ results(argv = default_argv) + + click to toggle source + +
+ + +
+ +

return Hash

+ + + + +
+ 
# File lib/common/custom_option_parser.rb, line 48
+def results(argv = default_argv)
+  self.parse!(argv) if @results.empty?
+
+  @results
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Ethon.html b/doc_rdoc/Ethon.html new file mode 100644 index 00000000..c7c8560b --- /dev/null +++ b/doc_rdoc/Ethon.html @@ -0,0 +1,300 @@ + + + + + + +module Ethon - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module Ethon

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/Ethon/Easy.html b/doc_rdoc/Ethon/Easy.html new file mode 100644 index 00000000..8eab466f --- /dev/null +++ b/doc_rdoc/Ethon/Easy.html @@ -0,0 +1,306 @@ + + + + + + +class Ethon::Easy - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Ethon::Easy

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/Ethon/Easy/Options.html b/doc_rdoc/Ethon/Easy/Options.html new file mode 100644 index 00000000..cf008434 --- /dev/null +++ b/doc_rdoc/Ethon/Easy/Options.html @@ -0,0 +1,384 @@ + + + + + + +module Ethon::Easy::Options - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module Ethon::Easy::Options

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ cookiefile=(value) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/hacks.rb, line 56
+def cookiefile=(value)
+  Curl.set_option(:cookiefile, value_for(value, :string), handle)
+end
+
+ +
+ + + + +
+ + +
+ +
+ cookiejar=(value) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/hacks.rb, line 52
+def cookiejar=(value)
+  Curl.set_option(:cookiejar, value_for(value, :string), handle)
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/File.html b/doc_rdoc/File.html new file mode 100644 index 00000000..5ffab00c --- /dev/null +++ b/doc_rdoc/File.html @@ -0,0 +1,358 @@ + + + + + + +class File - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class File

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Class Methods

+ + +
+ +
+ charset(file_path) + + click to toggle source + +
+ + +
+ +

@param [ String ] file_path

+ +

@return [ String ] The charset of the file

+ + + + +
+ 
# File lib/common/hacks.rb, line 77
+def self.charset(file_path)
+  %x{file --mime #{file_path}}[%r{charset=([^\n]+)\n}, 1]
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Gem.html b/doc_rdoc/Gem.html new file mode 100644 index 00000000..909aa70a --- /dev/null +++ b/doc_rdoc/Gem.html @@ -0,0 +1,300 @@ + + + + + + +module Gem - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module Gem

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/Gemfile.html b/doc_rdoc/Gemfile.html new file mode 100644 index 00000000..fa6dedc8 --- /dev/null +++ b/doc_rdoc/Gemfile.html @@ -0,0 +1,276 @@ + + + + + + +Gemfile - RDoc Documentation + + + + + + + + + + + + + + + + +
+ +

source “rubygems.org

+ +

# Seg fault in Typhoeus 0.6.3 (and ethon > +0.5.11) with rspec gem “typhoeus”, “=0.6.2” gem “ethon”, “=0.5.10” gem +“nokogiri” gem “json” gem “terminal-table” gem “ruby-progressbar”

+ +

group :development, :test do

+ +
gem "webmock", ">=1.9.3"
+gem "simplecov"
+gem "rspec", :require => "spec"
+
+ +

end

+ +
+ + + + + diff --git a/doc_rdoc/Gemfile_lock.html b/doc_rdoc/Gemfile_lock.html new file mode 100644 index 00000000..d6fcdcbc --- /dev/null +++ b/doc_rdoc/Gemfile_lock.html @@ -0,0 +1,312 @@ + + + + + + +Gemfile.lock - RDoc Documentation + + + + + + + + + + + + + + + + +
+ +

GEM

+ +
remote: https://rubygems.org/
+specs:
+  addressable (2.3.3)
+  crack (0.3.2)
+  diff-lcs (1.2.3)
+  ethon (0.5.10)
+    ffi (~> 1.3.0)
+    mime-types (~> 1.18)
+  ffi (1.3.1)
+  json (1.7.7)
+  mime-types (1.22)
+  multi_json (1.7.2)
+  nokogiri (1.5.9)
+  rspec (2.13.0)
+    rspec-core (~> 2.13.0)
+    rspec-expectations (~> 2.13.0)
+    rspec-mocks (~> 2.13.0)
+  rspec-core (2.13.1)
+  rspec-expectations (2.13.0)
+    diff-lcs (>= 1.1.3, < 2.0)
+  rspec-mocks (2.13.1)
+  ruby-progressbar (1.0.2)
+  simplecov (0.7.1)
+    multi_json (~> 1.0)
+    simplecov-html (~> 0.7.1)
+  simplecov-html (0.7.1)
+  terminal-table (1.4.5)
+  typhoeus (0.6.2)
+    ethon (~> 0.5.10)
+  webmock (1.11.0)
+    addressable (>= 2.2.7)
+    crack (>= 0.3.2)
+ +

PLATFORMS

+ +
ruby
+ +

DEPENDENCIES

+ +
ethon (= 0.5.10)
+json
+nokogiri
+rspec
+ruby-progressbar
+simplecov
+terminal-table
+typhoeus (= 0.6.2)
+webmock (>= 1.9.3)
+ +
+ + + + + diff --git a/doc_rdoc/GenerateList.html b/doc_rdoc/GenerateList.html new file mode 100644 index 00000000..a1026822 --- /dev/null +++ b/doc_rdoc/GenerateList.html @@ -0,0 +1,635 @@ + + + + + + +class GenerateList - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class GenerateList

+ +
+ +

This tool generates a list to use for plugin and theme enumeration

+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ verbose[RW] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ new(type, verbose) + + click to toggle source + +
+ + +
+ +

type = themes | plugins

+ + + + +
+ 
# File lib/wpstools/plugins/list_generator/generate_list.rb, line 8
+def initialize(type, verbose)
+  if type =~ /plugins/
+    @type           = 'plugin'
+    @svn_url        = 'http://plugins.svn.wordpress.org/'
+    @popular_url    = 'http://wordpress.org/extend/plugins/browse/popular/'
+    @popular_regex  = %r{<h3><a href="http://wordpress.org/extend/plugins/(.+)/">.+</a></h3>}
+  elsif type =~ /themes/
+    @type           = 'theme'
+    @svn_url        = 'http://themes.svn.wordpress.org/'
+    @popular_url    = 'http://wordpress.org/extend/themes/browse/popular/'
+    @popular_regex  = %r{<h3><a href="http://wordpress.org/extend/themes/(.+)">.+</a></h3>}
+  else
+    raise "Type #{type} not defined"
+  end
+  @verbose  = verbose
+  @browser  = Browser.instance
+  @hydra    = @browser.hydra
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ generate_full_list() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/list_generator/generate_list.rb, line 52
+def generate_full_list
+  set_file_name(:full)
+  items = SvnParser.new(@svn_url).parse
+  save items
+end
+
+ +
+ + + + +
+ + +
+ +
+ generate_popular_list(pages) + + click to toggle source + +
+ + +
+ + + + + + + + +
+ + + + +
+ + +
+ +
+ get_popular_items(pages) + + click to toggle source + +
+ + +
+ +

Send a HTTP request to the WordPress most popular theme or plugin webpage +parse the response for the names.

+ + + + + + +
+ + + + +
+ + +
+ +
+ save(items) + + click to toggle source + +
+ + +
+ +

Save the file

+ + + + +
+ 
# File lib/wpstools/plugins/list_generator/generate_list.rb, line 103
+def save(items)
+  items.sort!
+  items.uniq!
+  puts "[*] We have parsed #{items.length} #@types"
+  File.open(@file_name, 'w') { |f| f.puts(items) }
+  puts "New #@file_name file created"
+end
+
+ +
+ + + + +
+ + +
+ +
+ set_file_name(type) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/list_generator/generate_list.rb, line 27
+def set_file_name(type)
+  case @type
+  when 'plugin'
+    case type
+    when :full
+      @file_name = PLUGINS_FULL_FILE
+    when :popular
+      @file_name = PLUGINS_FILE
+    else
+      raise 'Unknown type'
+    end
+  when 'theme'
+    case type
+    when :full
+      @file_name = THEMES_FULL_FILE
+    when :popular
+      @file_name = THEMES_FILE
+    else
+      raise 'Unknown type'
+    end
+    else
+      raise "Unknown type #@type"
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/GitUpdater.html b/doc_rdoc/GitUpdater.html new file mode 100644 index 00000000..d2fc7c46 --- /dev/null +++ b/doc_rdoc/GitUpdater.html @@ -0,0 +1,540 @@ + + + + + + +class GitUpdater - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class GitUpdater

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ has_local_changes?() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/git_updater.rb, line 21
+def has_local_changes?
+  %x[git #{repo_directory_arguments()} diff --exit-code 2>&1] =~ /diff/ ? true : false
+end
+
+ +
+ + + + +
+ + +
+ +
+ is_installed?() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/git_updater.rb, line 6
+def is_installed?
+  %x[git #{repo_directory_arguments()} status 2>&1] =~ /On branch/ ? true : false
+end
+
+ +
+ + + + +
+ + +
+ +
+ local_revision_number() + + click to toggle source + +
+ + +
+ +

Git has not a revsion number like SVN, so we will take the 7 first chars of +the last commit hash

+ + + + +
+ 
# File lib/common/updater/git_updater.rb, line 12
+def local_revision_number
+  git_log = %x[git #{repo_directory_arguments()} log -1 2>&1]
+  git_log[/commit ([0-9a-z]{7})/, 1].to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ reset_head() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/git_updater.rb, line 25
+def reset_head
+  %x[git #{repo_directory_arguments()} reset --hard HEAD]
+end
+
+ +
+ + + + +
+ + +
+ +
+ update() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/git_updater.rb, line 17
+def update
+  %x[git #{repo_directory_arguments()} pull]
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Instance Methods

+ + +
+ +
+ repo_directory_arguments() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/git_updater.rb, line 30
+def repo_directory_arguments
+  if @repo_directory
+    return "--git-dir=\"#{@repo_directory}/.git\" --work-tree=\"#{@repo_directory}\""
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/LICENSE.html b/doc_rdoc/LICENSE.html new file mode 100644 index 00000000..d7c3701b --- /dev/null +++ b/doc_rdoc/LICENSE.html @@ -0,0 +1,277 @@ + + + + + + +LICENSE - RDoc Documentation + + + + + + + + + + + + + + + + +
+ +

WPScan - WordPress Security Scanner Copyright (C) 2012-2013

+ +

This program is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the Free +Software Foundation, either version 3 of the License, or (at your option) +any later version.

+ +

This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +more details.

+ +

You should have received a copy of the GNU General Public License along +with this program. If not, see <www.gnu.org/licenses/>.

+ +
+ + + + + diff --git a/doc_rdoc/ListGeneratorPlugin.html b/doc_rdoc/ListGeneratorPlugin.html new file mode 100644 index 00000000..6788fa48 --- /dev/null +++ b/doc_rdoc/ListGeneratorPlugin.html @@ -0,0 +1,428 @@ + + + + + + +class ListGeneratorPlugin - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class ListGeneratorPlugin

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Class Methods

+ + +
+ +
+ new() + + click to toggle source + +
+ + +
+ + + + +
+ Calls superclass method + Plugin.new +
+ + + +
+ 
# File lib/wpstools/plugins/list_generator/list_generator_plugin.rb, line 4
+def initialize
+  super(author: 'WPScanTeam - @FireFart')
+
+  register_options(
+    ['--generate-plugin-list [NUMBER_OF_PAGES]', '--gpl', Integer, 'Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)'],
+    ['--generate-full-plugin-list', '--gfpl', 'Generate a new full data/plugins.txt file'],
+
+    ['--generate-theme-list [NUMBER_OF_PAGES]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)'],
+    ['--generate-full-theme-list', '--gftl', 'Generate a new full data/themes.txt file'],
+
+    ['--generate-all', '--ga', 'Generate a new full plugins, full themes, popular plugins and popular themes list']
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ run(options = {}) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/list_generator/list_generator_plugin.rb, line 18
+def run(options = {})
+  @verbose     = options[:verbose] || false
+  generate_all = options[:generate_all] || false
+
+  if options.has_key?(:generate_plugin_list) || generate_all
+    most_popular('plugin', options[:generate_plugin_list] || 150)
+  end
+
+  if options[:generate_full_plugin_list] || generate_all
+    full('plugin')
+  end
+
+  if options.has_key?(:generate_theme_list) || generate_all
+    most_popular('theme', options[:generate_theme_list] || 150)
+  end
+
+  if options[:generate_full_theme_list] || generate_all
+    full('theme')
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc/Object.html b/doc_rdoc/Object.html similarity index 67% rename from doc/Object.html rename to doc_rdoc/Object.html index 07d30bc2..d4f7302c 100644 --- a/doc/Object.html +++ b/doc_rdoc/Object.html @@ -1,559 +1,579 @@ - - - + + + - + - Class: Object +class Object - RDoc Documentation - + + + + + + + + + + - - - - - + -
- - -
-

Parent

- -

BasicObject

- -
- - + - +
+ - - -
-

Methods

- -
- - - -
- - +
-
-

Object

- -
- -
+
+ + + + + +
+ +
+ + + + +
+ + +
+

class Object

+ +
+ +
+ + + + +
+ + + + + + +
+

Constants

+
- +
CACHE_DIR + +
+ - +
COLLECTIONS_LIB_DIR + +
+ - -
-

Constants

-
+
COMMON_LIB_DIR -
CACHE_DIR
- -
- +
-
COLLECTIONS_LIB_DIR
- -
- - -
COMMON_LIB_DIR
- -
- - -
COMMON_PLUGINS_DIR
- -

Plugins directories

- - -
CONF_DIR
- -
- - -
DATA_DIR
- -
- - -
LIB_DIR
- -
- - -
LOCAL_FILES_FILE
- -
- - -
LOCAL_FILES_XSD
- -
- - -
LOG_FILE
- -
- - -
MODELS_LIB_DIR
- -
- - -
PLUGINS_FILE
- -

Data files

- - -
PLUGINS_FULL_FILE
- -
- - -
PLUGINS_VULNS_FILE
- -
- - -
REVISION
- -
- - -
ROOT_DIR
- -
- - -
THEMES_FILE
- -
- - -
THEMES_FULL_FILE
- -
- - -
THEMES_VULNS_FILE
- -
- - -
UPDATER_LIB_DIR
- -
- - -
VULNS_XSD
- -
- - -
WPSCAN_LIB_DIR
- -
- - -
WPSCAN_PLUGINS_DIR
- -
- - -
WPSCAN_VERSION
- -
- - -
WPSTOOLS_LIB_DIR
- -
- - -
WPSTOOLS_PLUGINS_DIR
- -
- - -
WP_VERSIONS_FILE
- -
- - -
WP_VERSIONS_XSD
- -
- - -
WP_VULNS_FILE
- -
- - -
-
- +
COMMON_PLUGINS_DIR + +

Plugins directories

+ - - +
CONF_DIR + +
+ -
-

Public Instance Methods

- +
DATA_DIR + +
+ -
- +
LIB_DIR + +
+ + +
LOCAL_FILES_FILE + +
+ + +
LOCAL_FILES_XSD + +
+ + +
LOG_FILE + +
+ + +
MODELS_LIB_DIR + +
+ + +
PLUGINS_FILE + +

Data files

+ + +
PLUGINS_FULL_FILE + +
+ + +
PLUGINS_VULNS_FILE + +
+ + +
REVISION + +
+ + +
ROOT_DIR + +
+ + +
THEMES_FILE + +
+ + +
THEMES_FULL_FILE + +
+ + +
THEMES_VULNS_FILE + +
+ + +
UPDATER_LIB_DIR + +
+ + +
VULNS_XSD + +
+ + +
WPSCAN_LIB_DIR + +
+ + +
WPSCAN_PLUGINS_DIR + +
+ + +
WPSCAN_VERSION + +
+ + +
WPSTOOLS_LIB_DIR + +
+ + +
WPSTOOLS_PLUGINS_DIR + +
+ + +
WP_VERSIONS_FILE + +
+ + +
WP_VERSIONS_XSD + +
+ + +
WP_VULNS_FILE + +
+ + +
+
+ + + + + +
+

Public Instance Methods

+ + +
+ +
+ add_http_protocol(url) + + click to toggle source + +
+ + +
+ +

Add protocol

-
- add_http_protocol(url) - click to toggle source -
-
- -

Add protocol

- - - -
-
-# File lib/common/common_helper.rb, line 58
+          
+          

+            
# File lib/common/common_helper.rb, line 58
 def add_http_protocol(url)
   url =~ /^https?:/ ? url : "http://#{url}"
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ add_trailing_slash(url) + + click to toggle source + +
+ + +
+ + + -
- - -
- - - -
- add_trailing_slash(url) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/common_helper.rb, line 62
+          

+            
# File lib/common/common_helper.rb, line 62
 def add_trailing_slash(url)
   url =~ /\/$/ ? url : "#{url}/"
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ banner() + + click to toggle source + +
+ + +
+ +

our 1337 banner

+ -
- - - + + + +
+ + +
+ +
+ colorize(text, color_code) + + click to toggle source + +
+ + +
+ + + -
- - -
- - - -
- colorize(text, color_code) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/common_helper.rb, line 92
+          

+            
# File lib/common/common_helper.rb, line 92
 def colorize(text, color_code)
   "\e[#{color_code}m#{text}\e[0m"
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ green(text) + + click to toggle source + +
+ + +
+ + + -
- - -
- - - -
- green(text) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/common_helper.rb, line 100
+          

+            
# File lib/common/common_helper.rb, line 100
 def green(text)
   colorize(text, 32)
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ help() + + click to toggle source + +
+ + +
+ +

command help

+ -
- - -
- - - -
- help() - click to toggle source -
- - -
- -

command help

- - - -
-
-# File lib/wpscan/wpscan_helper.rb, line 57
+          

+            
# File lib/wpscan/wpscan_helper.rb, line 56
 def help
   puts 'Help :'
   puts
@@ -704,36 +724,36 @@
   puts '--verbose  | -v Verbose output.'
   puts
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ main() + + click to toggle source + +
+ + +
+ + + -
- - -
- - - -
- main() - click to toggle source -
- - -
- - - - - -
-
-# File wpscan.rb, line 5
+          

+            
# File wpscan.rb, line 6
 def main
   # delete old logfile, check if it is a symlink first.
   File.delete(LOG_FILE) if File.exist?(LOG_FILE) and !File.symlink?(LOG_FILE)
@@ -745,14 +765,13 @@
 
     unless wpscan_options.has_options?
       usage()
-      puts red('No argument supplied')
-      exit(0)
+      raise('No argument supplied')
     end
 
     if wpscan_options.help
       help()
       usage()
-      exit
+      exit(0)
     end
 
     # Check for updates
@@ -767,7 +786,7 @@
         puts 'Svn / Git not installed, or wpscan has not been installed with one of them.'
         puts 'Update aborted'
       end
-      exit(1)
+      exit(0)
     end
 
     wp_target = WpTarget.new(wpscan_options.url, wpscan_options.to_h)
@@ -778,7 +797,7 @@
     end
 
     if wpscan_options.proxy
-      proxy_response = Browser.instance.get(wp_target.url)
+      proxy_response = Browser.get(wp_target.url)
 
       unless WpTarget::valid_response_codes.include?(proxy_response.code)
         raise "Proxy Error :\r\n#{proxy_response.headers}"
@@ -800,7 +819,7 @@
         wp_target = WpTarget.new(redirection, wpscan_options.to_h)
       else
         puts 'Scan aborted'
-        exit
+        exit(0)
       end
     end
 
@@ -824,7 +843,7 @@
       puts 'You can specify one per command line option (don\t forget to include the wp-content directory if needed)'
       puts 'Continue? [y/n]'
       unless Readline.readline =~ /^y/
-        exit
+        exit(0)
       end
     end
 
@@ -858,7 +877,7 @@
       puts red("[!] searchreplacedb2.php has been found '#{wp_target.search_replace_db_2_url}'")
     end
 
-    if wp_target.is_multisite?
+    if wp_target.multisite?
       puts green('[+]') + ' This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)'
     end
 
@@ -923,14 +942,12 @@
           only_vulnerable: wpscan_options.enumerate_only_vulnerable_plugins || false
         )
       )
+      puts
       if !wp_plugins.empty?
-        puts
-        puts
         puts green('[+]') + " We found #{wp_plugins.size} plugins:"
 
         wp_plugins.output
       else
-        puts
         puts 'No plugins found :('
       end
     end
@@ -947,15 +964,12 @@
           only_vulnerable: wpscan_options.enumerate_only_vulnerable_themes || false
         )
       )
-
+      puts
       if !wp_themes.empty?
-        puts
-        puts
         puts green('[+]') + " We found #{wp_themes.size} themes:"
 
         wp_themes.output
       else
-        puts
         puts 'No themes found :('
       end
     end
@@ -971,8 +985,8 @@
           theme_name: wp_theme ? wp_theme.name : nil
         )
       )
+      puts
       if !wp_timthumbs.empty?
-        puts
         puts green('[+]') + " We found #{wp_timthumbs.size} timthumb file/s :"
         puts
 
@@ -981,7 +995,6 @@
         puts
         puts red(' * Reference: http://www.exploit-db.com/exploits/17602/')
       else
-        puts
         puts 'No timthumb files found :('
       end
     end
@@ -997,23 +1010,21 @@
           show_progression: false
         )
       )
-
+      puts
       if wp_users.empty?
-        puts
         puts 'We did not enumerate any usernames :('
         puts 'Try supplying your own username with the --username option'
         puts
         exit(1)
       else
-        puts
         puts green('[+]') + " We found the following #{wp_users.size} user/s :"
 
-        wp_users.output(' ' * 4)
+        wp_users.output(margin_left: ' ' * 4)
       end
 
     else
       # FIXME : Change the .username to .login (and also the --username in the CLI)
-      wp_users = WpUsers.new << WpUser.new(wp_target, login: wpscan_options.username)
+      wp_users = WpUsers.new << WpUser.new(wp_target.uri, login: wpscan_options.username)
     end
 
     # Start the brute forcer
@@ -1029,14 +1040,16 @@
 
         bruteforce = false if Readline.readline !~ /^y/
       end
-
+      puts
       if bruteforce
-        puts
         puts green('[+]') + ' Starting the password brute forcer'
+
+        wp_users.brute_force(wpscan_options.wordlist,
+                             show_progression: true,
+                             verbose: wpscan_options.verbose)
         puts
-        wp_target.brute_force(wp_users, wpscan_options.wordlist, { show_progression: true })
+        wp_users.output(show_password: true, margin_left: ' ' * 2)
       else
-        puts
         puts 'Brute forcing aborted'
       end
     end
@@ -1046,114 +1059,158 @@
     puts green("[+] Finished at #{stop_time.asctime}")
     elapsed = stop_time - start_time
     puts green("[+] Elapsed time: #{Time.at(elapsed).utc.strftime('%H:%M:%S')}")
-    exit() # must exit!
+    exit(0) # must exit!
   rescue => e
-    puts red("[ERROR] #{e.message}")
-    puts red('Trace :')
-    puts red(e.backtrace.join("\n"))
+    if e.backtrace[0] =~ /main/
+      puts red(e.message)
+    else
+      puts red("[ERROR] #{e.message}")
+      puts red('Trace :')
+      puts red(e.backtrace.join("\n"))
+    end
+    exit(1)
   end
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ puts(o = '') + + click to toggle source + +
+ + +
+ +

Override for puts to enable logging

+ + +
+ Calls superclass method + +
-
- - -
- - - -
- puts(o = '') - click to toggle source -
- - -
- -

Override for puts to enable logging

- - - -
-
-# File lib/common/hacks.rb, line 50
+          

+            
# File lib/common/hacks.rb, line 64
 def puts(o = '')
   # remove color for logging
-  if o.respond_to?('gsub')
+  if o.respond_to?(:gsub)
     temp = o.gsub(/\e\[\d+m(.*)?\e\[0m/, '\1')
     File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
   end
   super(o)
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ red(text) + + click to toggle source + +
+ + +
+ + + -
- - -
- - - -
- red(text) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/common_helper.rb, line 96
+          

+            
# File lib/common/common_helper.rb, line 96
 def red(text)
   colorize(text, 31)
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ redefine_constant(constant, value) + + click to toggle source + +
+ + +
+ + + -
- - -
- - +
+ 
# File lib/common/common_helper.rb, line 110
+def redefine_constant(constant, value)
+  Object.send(:remove_const, constant)
+  Object.const_set(constant, value)
+end
+
+ +
+ + + + +
+ + +
+ +
+ require_files_from_directory(absolute_dir_path, files_pattern = '*.rb') + + click to toggle source + +
+ + +
+ +

TODO : add an exclude pattern ?

-
- require_files_from_directory(absolute_dir_path, files_pattern = '*.rb') - click to toggle source -
-
- -

TODO : add an exclude pattern ?

- - - -
-
-# File lib/common/common_helper.rb, line 44
+          
+          

+            
# File lib/common/common_helper.rb, line 44
 def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
   files = Dir[File.join(absolute_dir_path, files_pattern)]
 
@@ -1164,36 +1221,36 @@
     require f
   end
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ usage() + + click to toggle source + +
+ + +
+ +

wpscan usage

+ -
- - -
- - - -
- usage() - click to toggle source -
- - -
- -

wpscan usage

- - - -
-
-# File lib/wpscan/wpscan_helper.rb, line 8
+          

+            
# File lib/wpscan/wpscan_helper.rb, line 7
 def usage
   script_name = $0
   puts
@@ -1241,64 +1298,61 @@
   puts 'See README for further information.'
   puts
 end

-            

-            
-
+
+ +
+ + + +
+ + +
+ +
+ xml(file) + + click to toggle source + +
+ + +
+ + + -
- - -
- - - -
- xml(file) - click to toggle source -
- - -
- - - - - -
-
-# File lib/common/common_helper.rb, line 104
+          

+            
# File lib/common/common_helper.rb, line 104
 def xml(file)
   Nokogiri::XML(File.open(file)) do |config|
     config.noblanks
   end
 end

-            

-            
-
- +
+
- -
+ + + +
- -
- + + - + -
-

[Validate]

-

Generated with the Darkfish - Rdoc Generator 2.

-
- - + diff --git a/doc_rdoc/Plugin.html b/doc_rdoc/Plugin.html new file mode 100644 index 00000000..66082445 --- /dev/null +++ b/doc_rdoc/Plugin.html @@ -0,0 +1,469 @@ + + + + + + +class Plugin - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Plugin

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ author[R] +
+ +
+ + + +
+
+ +
+
+ registered_options[R] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ new(infos = {}) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/plugins/plugin.rb, line 6
+def initialize(infos = {})
+  @author  = infos[:author]
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ register_options(*options) + + click to toggle source + +
+ + +
+ +

param Array options

+ + + + +
+ 
# File lib/common/plugins/plugin.rb, line 15
+def register_options(*options)
+  options.each do |option|
+    unless option.is_a?(Array)
+      raise "Each option must be an array, #{option.class} supplied"
+    end
+  end
+  @registered_options = options
+end
+
+ +
+ + + + +
+ + +
+ +
+ run(options = {}) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/plugins/plugin.rb, line 10
+def run(options = {})
+  raise NotImplementedError
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Plugins.html b/doc_rdoc/Plugins.html new file mode 100644 index 00000000..7f7dd892 --- /dev/null +++ b/doc_rdoc/Plugins.html @@ -0,0 +1,470 @@ + + + + + + +class Plugins - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Plugins

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ option_parser[R] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ new(option_parser = nil) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/plugins/plugins.rb, line 6
+def initialize(option_parser = nil)
+  if option_parser
+    if option_parser.is_a?(CustomOptionParser)
+      @option_parser = option_parser
+    else
+      raise "The parser must be an instance of CustomOptionParser, #{option_parser.class} supplied"
+    end
+  else
+    @option_parser = CustomOptionParser.new
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ register(*plugins) + + click to toggle source + +
+ + +
+ +

param Array(Plugin) plugins

+ + + + +
+ 
# File lib/common/plugins/plugins.rb, line 19
+def register(*plugins)
+  plugins.each do |plugin|
+    register_plugin(plugin)
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ register_plugin(plugin) + + click to toggle source + +
+ + +
+ +

param Plugin plugin

+ + + + +
+ 
# File lib/common/plugins/plugins.rb, line 26
+def register_plugin(plugin)
+  if plugin.is_a?(Plugin)
+    self << plugin
+
+    # A plugin may not have options
+    if plugin_options = plugin.registered_options
+      @option_parser.add(plugin_options)
+    end
+  else
+    raise "The argument must be an instance of Plugin, #{plugin.class} supplied"
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/README.html b/doc_rdoc/README.html new file mode 100644 index 00000000..a3c5a1ac --- /dev/null +++ b/doc_rdoc/README.html @@ -0,0 +1,525 @@ + + + + + + +README - RDoc Documentation + + + + + + + + + + + + + + + + +
+ +

__

+ +
__          _______   _____
+\ \        / /  __ \ / ____|
+ \ \  /\  / /| |__) | (___   ___  __ _ _ __
+  \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
+   \  /\  /  | |     ____) | (__| (_| | | | |
+    \/  \/   |_|    |_____/ \___|\__,_|_| |_|
+ +

__

+ +

LICENSE==

+ +

WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team

+ +

This program is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the Free +Software Foundation, either version 3 of the License, or (at your option) +any later version.

+ +

This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +more details.

+ +

You should have received a copy of the GNU General Public License along +with this program. If not, see <www.gnu.org/licenses/>.

+ +

ryandewhurst at gmail

+ +

INSTALL==

+ +
WPScan comes pre-installed on the following Linux distributions:
+
+ * BackBox Linux
+ * BackTrack Linux (outdated WPScan installed, update needed)
+ * Pentoo
+ * SamuraiWTF
+
+Prerequisites:
+
+ * Windows not supported
+ * Ruby => 1.9
+ * RubyGems
+ * Git
+
+-> Installing on Debian/Ubuntu:
+
+  sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
+
+-> Installing on Fedora:
+
+  sudo yum install libcurl-devel
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
+
+-> Installing on Archlinux:
+
+  pacman -Sy ruby
+  pacman -Sy libyaml
+
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
+
+  gem install typhoeus
+  gem install nokogiri
+
+-> Installing on Mac OS X:
+
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
+
+ +

KNOWN ISSUES==

+ +
- Typhoeus segmentation fault:
+    Update cURL to version => 7.21 (may have to install from source)
+    See http://code.google.com/p/wpscan/issues/detail?id=81
+
+- Proxy not working:
+    Update cURL to version => 7.21.7 (may have to install from source).
+
+    Installation from sources :
+      - Grab the sources from http://curl.haxx.se/download.html
+      - Decompress the archive
+      - Open the folder with the extracted files
+      - Run ./configure
+      - Run make
+      - Run sudo make install
+      - Run sudo ldconfig
+
+- cannot load such file -- readline:
+    Run sudo aptitude install libreadline5-dev libncurses5-dev
+
+    Then, open the directory of the readline gem (you have to locate it)
+
+    cd ~/.rvm/rc/ruby-1.9.2-p180/ext/readline
+    ruby extconf.rb
+    make
+    make install
+
+    See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
+
+- no such file to load -- rubygems
+    Run update-alternatives --config ruby
+    And select your ruby version
+
+    See https://github.com/wpscanteam/wpscan/issues/148
+
+ +

WPSCAN ARGUMENTS==

+ +

–update Update to the latest revision

+ +

–url | -u <target url> The WordPress URL/domain to scan.

+ +

–force | -f Forces WPScan to not check if the remote site is running +WordPress.

+ +

–enumerate | -e [option(s)] Enumeration.

+ +
option :
+  u        usernames from id 1 to 10
+  u[10-20] usernames from id 10 to 20 (you must write [] chars)
+  p        plugins
+  vp       only vulnerable plugins
+  ap       all plugins (can take a long time)
+  tt       timthumbs
+  t        themes
+  vp       only vulnerable themes
+  at       all themes (can take a long time)
+Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+If no option is supplied, the default is 'vt,tt,u,vp'
+ +

–exclude-content-based ‘<regexp or string>’ Used with the +enumeration option, will exclude all occurrences based on the regexp or +string supplied

+ +
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+ +

–config-file | -c <config file> Use the specified config file

+ +

–follow-redirection If the target url has a redirection, it will be +followed without asking if you wanted to do so or not

+ +

–wp-content-dir <wp content dir> WPScan try to find the content +directory (ie wp-content) by scanning the index page, however you can +specified it. Subdirectories are allowed

+ +

–wp-plugins-dir <wp plugins dir> Same thing than –wp-content-dir but +for the plugins directory. If not supplied, WPScan will use +wp-content-dir/plugins. Subdirectories are allowed

+ +

–proxy <[protocol://]host:port> Supply a proxy (will override the +one from conf/browser.conf.json).

+ +
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+ +

–proxy-auth <username:password> Supply the proxy login credentials +(will override the one from conf/browser.conf.json).

+ +

–basic-auth <username:password> Set the HTTP Basic authentication

+ +

–wordlist | -w <wordlist> Supply a wordlist for the password bruter +and do the brute.

+ +

–threads | -t <number of threads> The number of threads to use when +multi-threading requests. (will override the value from conf/browser.conf.json)

+ +

–username | -U <username> Only brute force the supplied username.

+ +

–help | -h This help screen.

+ +

–verbose | -v Verbose output.

+ +

WPSCAN EXAMPLES==

+ +

Do ‘non-intrusive’ checks…

+ +
ruby wpscan.rb --url www.example.com
+ +

Do wordlist password brute force on enumerated users using 50 threads…

+ +
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
+ +

Do wordlist password brute force on the ‘admin’ username only…

+ +
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
+ +

Enumerate installed plugins…

+ +
ruby wpscan.rb --url www.example.com --enumerate p
+ +

WPSTOOLS ARGUMENTS==

+ +

–help | -h This help screen. –Verbose | -v Verbose output. –update +| -u Update to the latest revision. –generate_plugin_list [number of +pages] Generate a new data/plugins.txt file. (supply number of +pages to parse, default : 150) –gpl Alias for +–generate_plugin_list –check-local-vulnerable-files | –clvf <local +directory> Perform a recursive scan in the <local directory> to +find vulnerable files or shells

+ +

WPSTOOLS EXAMPLES==

+
  • +

    Generate a new ‘most popular’ plugin list, up to 150 pages …

    +
+ +

ruby wpstools.rb –generate_plugin_list 150

+
  • +

    Locally scan a wordpress installation for vulnerable files or shells :

    +
+ +

ruby wpstools.rb –check-local-vulnerable-files /var/www/wordpress/

+ +

PROJECT HOME===

+ +

www.wpscan.org

+ +

REPOSITORY===

+ +

github.com/wpscanteam/wpscan

+ +

ISSUES===

+ +

github.com/wpscanteam/wpscan/issues

+ +

SPONSOR===

+ +

WPScan is sponsored by the RandomStorm Open Source Initiative.

+ +

Visit RandomStorm at www.randomstorm.com

+ +
+ + + + + diff --git a/doc_rdoc/README_md.html b/doc_rdoc/README_md.html new file mode 100644 index 00000000..9b255245 --- /dev/null +++ b/doc_rdoc/README_md.html @@ -0,0 +1,537 @@ + + + + + + +README - RDoc Documentation + + + + + + + + + + + + + + + + +
+ +

+ +

LICENSE

+ +

WPScan - WordPress Security Scanner Copyright (C), 2011-2013 The WPScan +Team

+ +

This program is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the Free +Software Foundation, either version 3 of the License, or (at your option) +any later version.

+ +

This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +more details.

+ +

You should have received a copy of the GNU General Public License along +with this program. If not, see www.gnu.org/licenses/.

+ +

ryandewhurst at gmail

+ +

INSTALL

+ +

WPScan comes pre-installed on the following Linux distributions:

+ + +

Prerequisites:

+
  • +

    Windows not supported

    +
  • +

    Ruby => 1.9

    +
  • +

    RubyGems

    +
  • +

    Git

    +
+ +

Installing on Debian/Ubuntu:

+ +
apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+ +
clone https://github.com/wpscanteam/wpscan.git
+ +
wpscan
+ +
gem install bundler && bundle install --without test development
+ +

Installing on Fedora:

+ +
yum install libcurl-devel
+ +
clone https://github.com/wpscanteam/wpscan.git
+ +
wpscan
+ +
gem install bundler && bundle install --without test development
+ +

Installing on Archlinux:

+ +
-Sy ruby
+ +
-Sy libyaml
+ +
clone https://github.com/wpscanteam/wpscan.git
+ +
wpscan
+ +
gem install bundler && bundle install --without test development
+ +
install typhoeus
+ +
install nokogiri
+ +

Installing on Mac OSX:

+ +
clone https://github.com/wpscanteam/wpscan.git
+ +
wpscan
+ +
gem install bundler && bundle install --without test development
+ +

KNOWN ISSUES

+
  • +

    Typhoeus segmentation fault

    + +

    Update cURL to version => 7.21 (may have to install from source) See +code.google.com/p/wpscan/issues/detail?id=81

    +
  • +

    Proxy not working

    + +

    Update cURL to version => 7.21.7 (may have to install from source).

    + +

    Installation from sources : Grab the sources from +http://curl.haxx.se/download.html Decompress the archive Open the +folder with the extracted files Run ./configure Run make Run +sudo make install Run sudo ldconfig

    +
  • +

    cannot load such file -- readline:

    + +

    sudo aptitude install libreadline5-dev libncurses5-dev

    + +

    Then, open the directory of the readline gem (you have to locate it) + cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline ruby extconf.rb +make make install

    + +

    See vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ +for more details

    +
  • +

    no such file to load -- rubygems

    + +

    update-alternatives --config ruby

    + +

    And select your ruby version

    + +

    See github.com/wpscanteam/wpscan/issues/148

    +
+ +

WPSCAN ARGUMENTS

+ +
--update  Update to the latest revision
+
+--url   | -u <target url>  The WordPress URL/domain to scan.
+
+--force | -f Forces WPScan to not check if the remote site is running WordPress.
+
+--enumerate | -e [option(s)]  Enumeration.
+  option :
+    u        usernames from id 1 to 10
+    u[10-20] usernames from id 10 to 20 (you must write [] chars)
+    p        plugins
+    vp       only vulnerable plugins
+    ap       all plugins (can take a long time)
+    tt       timthumbs
+    t        themes
+    vt       only vulnerable themes
+    at       all themes (can take a long time)
+Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+If no option is supplied, the default is 'vt,tt,u,vp'
+
+--exclude-content-based '<regexp or string>'  Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+                                              You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+
+--config-file | -c <config file> Use the specified config file
+
+--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
+
+--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
+
+--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
+
+--proxy <[protocol://]host:port>  Supply a proxy (will override the one from conf/browser.conf.json).
+                                  HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+
+--proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).
+
+--basic-auth <username:password>  Set the HTTP Basic authentication
+
+--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
+
+--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+
+--username | -U <username>  Only brute force the supplied username.
+
+--help     | -h This help screen.
+
+--verbose  | -v Verbose output.
+ +

WPSCAN EXAMPLES

+ +

Do ‘non-intrusive’ checks…

+ +
wpscan.rb --url www.example.com
+
+ +

Do wordlist password brute force on enumerated users using 50 threads…

+ +
wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
+
+ +

Do wordlist password brute force on the ‘admin’ username only…

+ +
wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
+
+ +

Enumerate installed plugins…

+ +
wpscan.rb --url www.example.com --enumerate p
+
+ +

Run all enumeration tools…

+ +
wpscan.rb --url www.example.com --enumerate
+
+ +

Use custom content directory…

+ +
wpscan.rb -u www.example.com --wp-content-dir custom-content
+
+ +

Update WPScan…

+ +
wpscan.rb --update
+
+ +

WPSTOOLS ARGUMENTS

+ +
--help    | -h   This help screen.
+--Verbose | -v   Verbose output.
+--update  | -u   Update to the latest revision.
+--generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
+--gpl  Alias for --generate_plugin_list
+--check-local-vulnerable-files | --clvf <local directory>  Perform a recursive scan in the <local directory> to find vulnerable files or shells
+ +

WPSTOOLS EXAMPLES

+ +

Generate a new ‘most popular’ plugin list, up to 150 pages…

+ +
wpstools.rb --generate_plugin_list 150
+
+ +

Locally scan a wordpress installation for vulnerable files or shells : +ruby wpstools.rb --check-local-vulnerable-files +/var/www/wordpress/

+ +

PROJECT HOME

+ +

www.wpscan.org

+ +

GIT REPOSITORY

+ +

github.com/wpscanteam/wpscan

+ +

ISSUES

+ +

github.com/wpscanteam/wpscan/issues

+ +

SPONSOR

+ +

WPScan is sponsored by the RandomStorm Open Source Initiative.

+ +
+ + + + + diff --git a/doc_rdoc/StatsPlugin.html b/doc_rdoc/StatsPlugin.html new file mode 100644 index 00000000..a6a49192 --- /dev/null +++ b/doc_rdoc/StatsPlugin.html @@ -0,0 +1,660 @@ + + + + + + +class StatsPlugin - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class StatsPlugin

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Class Methods

+ + +
+ +
+ new() + + click to toggle source + +
+ + +
+ + + + +
+ Calls superclass method + Plugin.new +
+ + + +
+ 
# File lib/wpstools/plugins/stats/stats_plugin.rb, line 4
+def initialize
+  super(author: 'WPScanTeam - Christian Mehlmauer')
+
+  register_options(
+      ['--stats', '--s', 'Show WpScan Database statistics']
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ lines_in_file(file) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/stats/stats_plugin.rb, line 50
+def lines_in_file(file)
+  IO.readlines(file).size
+end
+
+ +
+ + + + +
+ + +
+ +
+ plugin_vulns_count(file=PLUGINS_VULNS_FILE) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/stats/stats_plugin.rb, line 34
+def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
+  xml(file).xpath("count(//vulnerability)").to_i
+end
+
+ +
+ + + + +
+ + +
+ +
+ run(options = {}) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/stats/stats_plugin.rb, line 12
+def run(options = {})
+  if options[:stats]
+    puts "Wpscan Databse Statistics:"
+    puts "--------------------------"
+    puts "[#] Total vulnerable plugins: #{vuln_plugin_count}"
+    puts "[#] Total vulnerable themes: #{vuln_theme_count}"
+    puts "[#] Total plugin vulnerabilities: #{plugin_vulns_count}"
+    puts "[#] Total theme vulnerabilities: #{theme_vulns_count}"
+    puts "[#] Total plugins to enumerate: #{total_plugins}"
+    puts "[#] Total themes to enumerate: #{total_themes}"
+    puts
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ theme_vulns_count(file=THEMES_VULNS_FILE) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/stats/stats_plugin.rb, line 38
+def theme_vulns_count(file=THEMES_VULNS_FILE)
+  xml(file).xpath("count(//vulnerability)").to_i
+end
+
+ +
+ + + + +
+ + +
+ +
+ total_plugins(file=PLUGINS_FULL_FILE) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/stats/stats_plugin.rb, line 42
+def total_plugins(file=PLUGINS_FULL_FILE)
+  lines_in_file(file)
+end
+
+ +
+ + + + +
+ + +
+ +
+ total_themes(file=THEMES_FULL_FILE) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/stats/stats_plugin.rb, line 46
+def total_themes(file=THEMES_FULL_FILE)
+  lines_in_file(file)
+end
+
+ +
+ + + + +
+ + +
+ +
+ vuln_plugin_count(file=PLUGINS_VULNS_FILE) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/stats/stats_plugin.rb, line 26
+def vuln_plugin_count(file=PLUGINS_VULNS_FILE)
+  xml(file).xpath("count(//plugin)").to_i
+end
+
+ +
+ + + + +
+ + +
+ +
+ vuln_theme_count(file=THEMES_VULNS_FILE) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/stats/stats_plugin.rb, line 30
+def vuln_theme_count(file=THEMES_VULNS_FILE)
+  xml(file).xpath("count(//theme)").to_i
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/SvnParser.html b/doc_rdoc/SvnParser.html new file mode 100644 index 00000000..6c89448b --- /dev/null +++ b/doc_rdoc/SvnParser.html @@ -0,0 +1,444 @@ + + + + + + +class SvnParser - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class SvnParser

+ +
+ +

This Class Parses SVN Repositories via HTTP

+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ keep_empty_dirs[RW] +
+ +
+ + + +
+
+ +
+
+ svn_root[RW] +
+ +
+ + + +
+
+ +
+
+ verbose[RW] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ new(svn_root) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/list_generator/svn_parser.rb, line 7
+def initialize(svn_root)
+  @svn_root    = svn_root
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ parse() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpstools/plugins/list_generator/svn_parser.rb, line 11
+def parse
+  get_root_directories
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/SvnUpdater.html b/doc_rdoc/SvnUpdater.html new file mode 100644 index 00000000..8b5e45d0 --- /dev/null +++ b/doc_rdoc/SvnUpdater.html @@ -0,0 +1,444 @@ + + + + + + +class SvnUpdater - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class SvnUpdater

+ +
+ +
+ + + + +
+ + + + + + +
+

Constants

+
+ +
REVISION_PATTERN + +
+ + +
TRUNK_URL + +
+ + +
+
+ + + + + + +
+

Public Instance Methods

+ + +
+ +
+ is_installed?() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/svn_updater.rb, line 9
+def is_installed?
+  %x[svn info "#@repo_directory" --xml 2>&1] =~ /revision=/ ? true : false
+end
+
+ +
+ + + + +
+ + +
+ +
+ local_revision_number() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/svn_updater.rb, line 13
+def local_revision_number
+  local_revision = %x[svn info "#@repo_directory" --xml 2>&1]
+  local_revision[REVISION_PATTERN, 1].to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ update() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/svn_updater.rb, line 18
+def update
+  %x[svn up "#@repo_directory"]
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Terminal.html b/doc_rdoc/Terminal.html new file mode 100644 index 00000000..75bf995d --- /dev/null +++ b/doc_rdoc/Terminal.html @@ -0,0 +1,300 @@ + + + + + + +module Terminal - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module Terminal

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/Terminal/Table.html b/doc_rdoc/Terminal/Table.html new file mode 100644 index 00000000..b52da836 --- /dev/null +++ b/doc_rdoc/Terminal/Table.html @@ -0,0 +1,401 @@ + + + + + + +class Terminal::Table - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Terminal::Table

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ render() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/hacks.rb, line 84
+def render
+  separator = Separator.new(self)
+  buffer = [separator]
+  unless @title.nil?
+    buffer << Row.new(self, [title_cell_options])
+    buffer << separator
+  end
+  unless @headings.cells.empty?
+    buffer << @headings
+    buffer << separator
+  end
+  buffer += @rows
+  buffer << separator
+  buffer.map { |r| style.margin_left + r.render }.join("\n")
+end
+
+ +
+ + +
+ Also aliased as: to_s +
+ + + +
+ + +
+ +
+ to_s() + +
+ + +
+ + + + + + +
+ + + + +
+ Alias for: render +
+ +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Terminal/Table/Style.html b/doc_rdoc/Terminal/Table/Style.html new file mode 100644 index 00000000..24a93057 --- /dev/null +++ b/doc_rdoc/Terminal/Table/Style.html @@ -0,0 +1,417 @@ + + + + + + +class Terminal::Table::Style - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Terminal::Table::Style

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ alignment[RW] +
+ +
+ + + +
+
+ +
+
+ border_i[RW] +
+ +
+ + + +
+
+ +
+
+ border_x[RW] +
+ +
+ + + +
+
+ +
+
+ border_y[RW] +
+ +
+ + + +
+
+ +
+
+ margin_left[RW] +
+ +
+ + + +
+
+ +
+
+ padding_left[RW] +
+ +
+ + + +
+
+ +
+
+ padding_right[RW] +
+ +
+ + + +
+
+ +
+
+ width[RW] +
+ +
+ + + +
+
+ +
+ + + + +
+ +
+ + + + diff --git a/doc_rdoc/Typhoeus.html b/doc_rdoc/Typhoeus.html new file mode 100644 index 00000000..6f012595 --- /dev/null +++ b/doc_rdoc/Typhoeus.html @@ -0,0 +1,307 @@ + + + + + + +module Typhoeus - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module Typhoeus

+ +
+ +

This is used in WpItem::Existable

+ +

Implementaion of a cache_key (Typhoeus::Request#hash has too many options)

+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/Typhoeus/Request.html b/doc_rdoc/Typhoeus/Request.html new file mode 100644 index 00000000..904b8c71 --- /dev/null +++ b/doc_rdoc/Typhoeus/Request.html @@ -0,0 +1,306 @@ + + + + + + +class Typhoeus::Request - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Typhoeus::Request

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/Typhoeus/Request/Cacheable.html b/doc_rdoc/Typhoeus/Request/Cacheable.html new file mode 100644 index 00000000..eea925df --- /dev/null +++ b/doc_rdoc/Typhoeus/Request/Cacheable.html @@ -0,0 +1,349 @@ + + + + + + +module Typhoeus::Request::Cacheable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module Typhoeus::Request::Cacheable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ cache_key() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/typhoeus_cache.rb, line 8
+def cache_key
+  Digest::SHA2.hexdigest("#{url}-#{options[:body]}-#{options[:method]}")[0..32]
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Typhoeus/Response.html b/doc_rdoc/Typhoeus/Response.html new file mode 100644 index 00000000..afe27dfb --- /dev/null +++ b/doc_rdoc/Typhoeus/Response.html @@ -0,0 +1,360 @@ + + + + + + +class Typhoeus::Response - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Typhoeus::Response

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ has_valid_hash?(error_404_hash, homepage_hash) + + click to toggle source + +
+ + +
+ +

Compare the body hash to error_404_hash and homepage_hash returns true if +they are different, false otherwise

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/hacks.rb, line 40
+def has_valid_hash?(error_404_hash, homepage_hash)
+  body_hash = WebSite.page_hash(self)
+
+  body_hash != error_404_hash && body_hash != homepage_hash
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/TyphoeusCache.html b/doc_rdoc/TyphoeusCache.html new file mode 100644 index 00000000..8daa55cb --- /dev/null +++ b/doc_rdoc/TyphoeusCache.html @@ -0,0 +1,390 @@ + + + + + + +class TyphoeusCache - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class TyphoeusCache

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ get(request) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/typhoeus_cache.rb, line 17
+def get(request)
+  read_entry(request.cache_key)
+end
+
+ +
+ + + + +
+ + +
+ +
+ set(request, response) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/typhoeus_cache.rb, line 21
+def set(request, response)
+  write_entry(request.cache_key, response, request.cache_ttl)
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/URI.html b/doc_rdoc/URI.html new file mode 100644 index 00000000..387f77cf --- /dev/null +++ b/doc_rdoc/URI.html @@ -0,0 +1,383 @@ + + + + + + +module URI - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module URI

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ encode(str) + +
+ + +
+ + + + + + +
+ + + + +
+ Alias for: escape +
+ +
+ + +
+ +
+ escape(str) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/hacks.rb, line 8
+def escape(str)
+  URI::Parser.new.escape(str)
+end
+
+ +
+ + +
+ Also aliased as: encode +
+ + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Updater.html b/doc_rdoc/Updater.html new file mode 100644 index 00000000..d99ccae1 --- /dev/null +++ b/doc_rdoc/Updater.html @@ -0,0 +1,490 @@ + + + + + + +class Updater - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Updater

+ +
+ +

This class act as an absract one

+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ repo_directory[R] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ new(repo_directory = nil) + + click to toggle source + +
+ + +
+ +

TODO : add a last ‘/ to #repo_directory if it’s +not present

+ + + + +
+ 
# File lib/common/updater/updater.rb, line 8
+def initialize(repo_directory = nil)
+  @repo_directory = repo_directory
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ is_installed?() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/updater.rb, line 12
+def is_installed?
+  raise NotImplementedError
+end
+
+ +
+ + + + +
+ + +
+ +
+ local_revision_number() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/updater.rb, line 16
+def local_revision_number
+  raise NotImplementedError
+end
+
+ +
+ + + + +
+ + +
+ +
+ update() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/updater.rb, line 20
+def update
+  raise NotImplementedError
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/UpdaterFactory.html b/doc_rdoc/UpdaterFactory.html new file mode 100644 index 00000000..b7ef43c4 --- /dev/null +++ b/doc_rdoc/UpdaterFactory.html @@ -0,0 +1,403 @@ + + + + + + +class UpdaterFactory - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class UpdaterFactory

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Class Methods

+ + +
+ +
+ get_updater(repo_directory) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/updater/updater_factory.rb, line 4
+def self.get_updater(repo_directory)
+  self.available_updaters_classes().each do |updater_symbol|
+    updater = Object.const_get(updater_symbol).new(repo_directory)
+
+    if updater.is_installed?
+      return updater
+    end
+  end
+  nil
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Class Methods

+ + +
+ +
+ available_updaters_classes() + + click to toggle source + +
+ + +
+ +

return array of class symbols

+ + + + +
+ 
# File lib/common/updater/updater_factory.rb, line 18
+def self.available_updaters_classes
+  Object.constants.grep(/^.+Updater$/)
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Vulnerabilities.html b/doc_rdoc/Vulnerabilities.html new file mode 100644 index 00000000..950fc040 --- /dev/null +++ b/doc_rdoc/Vulnerabilities.html @@ -0,0 +1,319 @@ + + + + + + +class Vulnerabilities - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Vulnerabilities

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/Vulnerabilities/Output.html b/doc_rdoc/Vulnerabilities/Output.html new file mode 100644 index 00000000..7ec2ea5d --- /dev/null +++ b/doc_rdoc/Vulnerabilities/Output.html @@ -0,0 +1,351 @@ + + + + + + +module Vulnerabilities::Output - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module Vulnerabilities::Output

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ output() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/collections/vulnerabilities/output.rb, line 5
+def output
+  self.each do |v|
+    v.output
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Vulnerability.html b/doc_rdoc/Vulnerability.html new file mode 100644 index 00000000..8cde243e --- /dev/null +++ b/doc_rdoc/Vulnerability.html @@ -0,0 +1,523 @@ + + + + + + +class Vulnerability - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class Vulnerability

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ metasploit_modules[RW] +
+ +
+ + + +
+
+ +
+
+ references[RW] +
+ +
+ + + +
+
+ +
+
+ title[RW] +
+ +
+ + + +
+
+ +
+
+ type[RW] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ load_from_xml_node(xml_node) + + click to toggle source + +
+ + +
+ +

Create the Vulnerability from the xml_node

+ +

@param [ Nokogiri::XML::Node ] xml_node

+ +

@return [ Vulnerability ]

+ + + + +
+ 
# File lib/common/models/vulnerability.rb, line 37
+def self.load_from_xml_node(xml_node)
+  new(
+    xml_node.search('title').text,
+    xml_node.search('type').text,
+    xml_node.search('reference').map(&:text),
+    xml_node.search('metasploit').map(&:text)
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ new(title, type, references, metasploit_modules = []) + + click to toggle source + +
+ + +
+ +

@param [ String ] title The title of the vulnerability @param [ String ] +type The type of the vulnerability @param [ Array +] references References urls @param [ Array ] #metasploit_modules +Metasploit modules for the vulnerability

+ +

@return [ Vulnerability ]

+ + + + +
+ 
# File lib/common/models/vulnerability.rb, line 16
+def initialize(title, type, references, metasploit_modules = [])
+  @title              = title
+  @type               = type
+  @references         = references
+  @metasploit_modules = metasploit_modules
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ ==(other) + + click to toggle source + +
+ + +
+ +

@param [ Vulnerability ] other

+ +

@return [ Boolean ] :nocov:

+ + + + +
+ 
# File lib/common/models/vulnerability.rb, line 27
+def ==(other)
+  title == other.title && type == other.type && references == other.references
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/Vulnerability/Output.html b/doc_rdoc/Vulnerability/Output.html new file mode 100644 index 00000000..e377cee2 --- /dev/null +++ b/doc_rdoc/Vulnerability/Output.html @@ -0,0 +1,399 @@ + + + + + + +module Vulnerability::Output - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module Vulnerability::Output

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Class Methods

+ + +
+ +
+ metasploit_module_url(module_path) + + click to toggle source + +
+ + +
+ +

@return [ String ] The url to the metasploit module page

+ + + + +
+ 
# File lib/common/models/vulnerability/output.rb, line 18
+def self.metasploit_module_url(module_path)
+  # remove leading slash
+  module_path = module_path.sub(/^\//, '')
+  "http://www.metasploit.com/modules/#{module_path}"
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ output() + + click to toggle source + +
+ + +
+ +

output the vulnerability

+ + + + +
+ 
# File lib/common/models/vulnerability/output.rb, line 6
+def output
+  puts ' |'
+  puts ' | ' + red("* Title: #{title}")
+  references.each do |r|
+    puts ' | ' + red("* Reference: #{r}")
+  end
+  metasploit_modules.each do |m|
+    puts ' | ' + red("* Metasploit module: #{Output.metasploit_module_url(m)}")
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WebSite.html b/doc_rdoc/WebSite.html new file mode 100644 index 00000000..2d3f5802 --- /dev/null +++ b/doc_rdoc/WebSite.html @@ -0,0 +1,995 @@ + + + + + + +class WebSite - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WebSite

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ uri[R] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ has_log?(log_url, pattern) + + click to toggle source + +
+ + +
+ +

Only the first 700 bytes are checked to avoid the download of the whole +file which can be very huge (like 2 Go)

+ +

@param [ String ] log_url @param [ RegEx ] pattern

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/wpscan/web_site.rb, line 132
+def self.has_log?(log_url, pattern)
+  log_body = Browser.get(log_url, headers: {'range' => 'bytes=0-700'}).body
+  log_body[pattern] ? true : false
+end
+
+ +
+ + + + +
+ + +
+ +
+ new(site_url) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/web_site.rb, line 6
+def initialize(site_url)
+  self.url = site_url
+end
+
+ +
+ + + + +
+ + +
+ +
+ page_hash(page) + + click to toggle source + +
+ + +
+ +

Compute the MD5 of the page Comments are deleted from the page to avoid +cache generation details

+ +

@param [ String, Typhoeus::Response ] +page The url of the response of the page

+ +

@return [ String ] The MD5 hash of the page

+ + + + +
+ 
# File lib/wpscan/web_site.rb, line 84
+def self.page_hash(page)
+  page = Browser.get(page) unless page.is_a?(Typhoeus::Response)
+
+  Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/, ''))
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ error_404_hash() + + click to toggle source + +
+ + +
+ +

Return the MD5 hash of a 404 page

+ + + + +
+ 
# File lib/wpscan/web_site.rb, line 98
+def error_404_hash
+  unless @error_404_hash
+    non_existant_page = Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html'
+    @error_404_hash   = WebSite.page_hash(@uri.merge(non_existant_page).to_s)
+  end
+  @error_404_hash
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_basic_auth?() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/web_site.rb, line 23
+def has_basic_auth?
+  Browser.get(@uri.to_s).code == 401
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_robots?() + + click to toggle source + +
+ + +
+ +

Checks if a robots.txt file exists

+ + + + +
+ 
# File lib/wpscan/web_site.rb, line 114
+def has_robots?
+  Browser.get(robots_url).code == 200
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_xml_rpc?() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/web_site.rb, line 27
+def has_xml_rpc?
+  !xml_rpc_url.nil?
+end
+
+ +
+ + + + +
+ + +
+ +
+ homepage_hash() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/web_site.rb, line 90
+def homepage_hash
+  unless @homepage_hash
+    @homepage_hash = WebSite.page_hash(@uri.to_s)
+  end
+  @homepage_hash
+end
+
+ +
+ + + + +
+ + +
+ +
+ online?() + + click to toggle source + +
+ + +
+ +

Checks if the remote website is up.

+ + + + +
+ 
# File lib/wpscan/web_site.rb, line 19
+def online?
+  Browser.get(@uri.to_s).code != 0
+end
+
+ +
+ + + + +
+ + +
+ +
+ redirection(url = nil) + + click to toggle source + +
+ + +
+ +

See if the remote url returns 30x redirect This method is recursive Return +a string with the redirection or nil

+ + + + +
+ 
# File lib/wpscan/web_site.rb, line 61
+def redirection(url = nil)
+  redirection = nil
+  url ||= @uri.to_s
+  response = Browser.get(url)
+
+  if response.code == 301 || response.code == 302
+    redirection = response.headers_hash['location']
+
+    # Let's check if there is a redirection in the redirection
+    if other_redirection = redirection(redirection)
+      redirection = other_redirection
+    end
+  end
+
+  redirection
+end
+
+ +
+ + + + +
+ + +
+ +
+ robots_url() + + click to toggle source + +
+ + +
+ +

Gets a robots.txt URL

+ +

@return [ String ]

+ + + + +
+ 
# File lib/wpscan/web_site.rb, line 121
+def robots_url
+  @uri.merge('robots.txt').to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ rss_url() + + click to toggle source + +
+ + +
+ +

Will try to find the rss url in the homepage Only the first one found iw +returned

+ + + + +
+ 
# File lib/wpscan/web_site.rb, line 108
+def rss_url
+  homepage_body = Browser.get(@uri.to_s).body
+  homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
+end
+
+ +
+ + + + +
+ + +
+ +
+ url() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/web_site.rb, line 14
+def url
+  @uri.to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ url=(url) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/web_site.rb, line 10
+def url=(url)
+  @uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
+end
+
+ +
+ + + + +
+ + +
+ +
+ xml_rpc_url() + + click to toggle source + +
+ + +
+ +

See www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3

+ + + + +
+ 
# File lib/wpscan/web_site.rb, line 32
+def xml_rpc_url
+  unless @xmlrpc_url
+    @xmlrpc_url = xml_rpc_url_from_headers() || xml_rpc_url_from_body()
+  end
+  @xmlrpc_url
+end
+
+ +
+ + + + +
+ + +
+ +
+ xml_rpc_url_from_body() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/web_site.rb, line 52
+def xml_rpc_url_from_body
+  body = Browser.get(@uri.to_s).body
+
+  body[%r{<link rel="pingback" href="([^"]+)" ?\/?>}, 1]
+end
+
+ +
+ + + + +
+ + +
+ +
+ xml_rpc_url_from_headers() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/web_site.rb, line 39
+def xml_rpc_url_from_headers
+  headers    = Browser.get(@uri.to_s).headers_hash
+  xmlrpc_url = nil
+
+  unless headers.nil?
+    pingback_url = headers['X-Pingback']
+    unless pingback_url.nil? || pingback_url.empty?
+      xmlrpc_url = pingback_url
+    end
+  end
+  xmlrpc_url
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpItem.html b/doc_rdoc/WpItem.html new file mode 100644 index 00000000..f394025f --- /dev/null +++ b/doc_rdoc/WpItem.html @@ -0,0 +1,832 @@ + + + + + + +class WpItem - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpItem

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ found_from[R] +
+ +
+ + + +
+
+ +
+
+ name[RW] +
+ +
+ + + +
+
+ +
+
+ path[R] +
+ +
+ + + +
+
+ +
+
+ version[W] +
+ +
+ + + +
+
+ +
+
+ wp_content_dir[RW] +
+ +
+ + + +
+
+ +
+
+ wp_plugins_dir[RW] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ new(target_base_uri, options = {}) + + click to toggle source + +
+ + +
+ +

@param [ URI ] target_base_uri @param [ Hash ] +options See allowed_option

+ +

@return [ WpItem ]

+ + + + +
+ 
# File lib/common/models/wp_item.rb, line 31
+def initialize(target_base_uri, options = {})
+
+  options[:wp_content_dir] ||= 'wp-content'
+  options[:wp_plugins_dir] ||= options[:wp_content_dir] + '/plugins'
+
+  set_options(options)
+  forge_uri(target_base_uri)
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ <=>(other) + + click to toggle source + +
+ + +
+ +

@param [ WpItem ] other

+ + + + +
+ 
# File lib/common/models/wp_item.rb, line 88
+def <=>(other)
+  name <=> other.name
+end
+
+ +
+ + + + +
+ + +
+ +
+ ==(other) + + click to toggle source + +
+ + +
+ +

@param [ WpItem ] other

+ + + + +
+ 
# File lib/common/models/wp_item.rb, line 93
+def ==(other)
+  name === other.name
+end
+
+ +
+ + + + +
+ + +
+ +
+ ===(other) + + click to toggle source + +
+ + +
+ +

@param [ WpItem ] other

+ + + + +
+ 
# File lib/common/models/wp_item.rb, line 98
+def ===(other)
+  self == other && version === other.version
+end
+
+ +
+ + + + +
+ + +
+ +
+ allowed_options() + + click to toggle source + +
+ + +
+ +

@return [ Array ] Make it private ?

+ + + + +
+ 
# File lib/common/models/wp_item.rb, line 23
+def allowed_options
+  [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :vulns_file]
+end
+
+ +
+ + + + +
+ + +
+ +
+ forge_uri(target_base_uri) + + click to toggle source + +
+ + +
+ +

@param [ URI ] target_base_uri

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/models/wp_item.rb, line 61
+def forge_uri(target_base_uri)
+  @uri = target_base_uri
+end
+
+ +
+ + + + +
+ + +
+ +
+ found_from=(method) + + click to toggle source + +
+ + +
+ +

Sets the #found_from +attribute

+ +

@param [ String ] method The method which found the WpItem

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/models/wp_item/findable.rb, line 10
+def found_from=(method)
+  found       = method[%r{find_from_(.*)}, 1]
+  @found_from = found.gsub('_', ' ') if found
+end
+
+ +
+ + + + +
+ + +
+ +
+ path=(path) + + click to toggle source + +
+ + +
+ +

Sets the path

+ +

Variable, such as $wp-plugins$ and $wp-content$ can be used and will be +replace by their value

+ +

@param [ String ] path

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/models/wp_item.rb, line 81
+def path=(path)
+  @path = URI.encode(
+    path.gsub(/\$wp-plugins\$/, wp_plugins_dir).gsub(/\$wp-content\$/, wp_content_dir)
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ uri() + + click to toggle source + +
+ + +
+ +

@return [ URI ] The uri to the WpItem, with the path if present

+ + + + +
+ 
# File lib/common/models/wp_item.rb, line 66
+def uri
+  path ? @uri.merge(path) : @uri
+end
+
+ +
+ + + + +
+ + +
+ +
+ url() + + click to toggle source + +
+ + +
+ +

@return [ String ] The url to the WpItem

+ + + + +
+ 
# File lib/common/models/wp_item.rb, line 71
+def url; uri.to_s end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpItem/Existable.html b/doc_rdoc/WpItem/Existable.html new file mode 100644 index 00000000..11456169 --- /dev/null +++ b/doc_rdoc/WpItem/Existable.html @@ -0,0 +1,419 @@ + + + + + + +module WpItem::Existable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpItem::Existable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ exists?(options = {}, response = nil) + + click to toggle source + +
+ + +
+ +

Check the existence of the WpItem If the +response is supplied, it’s used for the verification Otherwise a new +request is done

+ +

@param [ Hash ] options See exists_from_response? @param [ Typhoeus::Response ] response

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_item/existable.rb, line 13
+def exists?(options = {}, response = nil)
+  unless response
+    response = Browser.get(url)
+  end
+  exists_from_response?(response, options)
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Instance Methods

+ + +
+ +
+ exists_from_response?(response, options = {}) + + click to toggle source + +
+ + +
+ +

@param [ Typhoeus::Response ] +response @param [ options ] options

+ +

@option options [ Hash ] :error_404_hash The hash of the error 404 page +@option options [ Hash ] :homepage_hash The hash of the homepage @option +options [ Hash ] :exclude_content A regexp with the pattern to exclude from +the body of the response

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_item/existable.rb, line 30
+def exists_from_response?(response, options = {})
+  if [200, 401, 403].include?(response.code)
+    if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash])
+      if options[:exclude_content]
+        unless response.body.match(options[:exclude_content])
+          return true
+        end
+      else
+        return true
+      end
+    end
+  end
+  false
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpItem/Findable.html b/doc_rdoc/WpItem/Findable.html new file mode 100644 index 00000000..c88dd56e --- /dev/null +++ b/doc_rdoc/WpItem/Findable.html @@ -0,0 +1,300 @@ + + + + + + +module WpItem::Findable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpItem::Findable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/WpItem/Infos.html b/doc_rdoc/WpItem/Infos.html new file mode 100644 index 00000000..23b8c1cd --- /dev/null +++ b/doc_rdoc/WpItem/Infos.html @@ -0,0 +1,609 @@ + + + + + + +module WpItem::Infos - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpItem::Infos

+ +
+ +

@uri is used instead of uri to avoid the presence of the :path into it

+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ changelog_url() + + click to toggle source + +
+ + +
+ +

@return [ String ] The url to the changelog file

+ + + + +
+ 
# File lib/common/models/wp_item/infos.rb, line 36
+def changelog_url
+  @uri.merge('changelog.txt').to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ error_log_url() + + click to toggle source + +
+ + +
+ +

@return [ String ] The url to the error_log file

+ + + + +
+ 
# File lib/common/models/wp_item/infos.rb, line 57
+def error_log_url
+  @uri.merge('error_log').to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_changelog?() + + click to toggle source + +
+ + +
+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_item/infos.rb, line 22
+def has_changelog?
+  url_is_200?(changelog_url)
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_directory_listing?() + + click to toggle source + +
+ + +
+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_item/infos.rb, line 41
+def has_directory_listing?
+  Browser.get(@uri.to_s).body[%r{<title>Index of}] ? true : false
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_error_log?() + + click to toggle source + +
+ + +
+ +

Discover any error_log files created by WordPress These are created by the +WordPress error_log() function They are normally found in the /plugins/ +directory, however can also be found in their specific plugin dir. www.exploit-db.com/ghdb/3714/

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_item/infos.rb, line 52
+def has_error_log?
+  WebSite.has_log?(error_log_url, %r{PHP Fatal error})
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_readme?() + + click to toggle source + +
+ + +
+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_item/infos.rb, line 8
+def has_readme?
+  !readme_url.nil?
+end
+
+ +
+ + + + +
+ + +
+ +
+ readme_url() + + click to toggle source + +
+ + +
+ +

@return [ String,nil ] The url to the readme file, nil if not found

+ + + + +
+ 
# File lib/common/models/wp_item/infos.rb, line 13
+def readme_url
+  %w{readme.txt README.txt}.each do |readme|
+    url = @uri.merge(readme).to_s
+    return url if url_is_200?(url)
+  end
+  nil
+end
+
+ +
+ + + + +
+ + +
+ +
+ url_is_200?(url) + + click to toggle source + +
+ + +
+ +

Checks if the url status code is 200

+ +

@param [ String ] url

+ +

@return [ Boolean ] True if the url status is 200

+ + + + +
+ 
# File lib/common/models/wp_item/infos.rb, line 31
+def url_is_200?(url)
+  Browser.get(url).code == 200
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpItem/Output.html b/doc_rdoc/WpItem/Output.html new file mode 100644 index 00000000..8209f056 --- /dev/null +++ b/doc_rdoc/WpItem/Output.html @@ -0,0 +1,361 @@ + + + + + + +module WpItem::Output - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpItem::Output

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ output() + + click to toggle source + +
+ + +
+ +

@return [ Void ]

+ + + + +
+ 
# File lib/common/models/wp_item/output.rb, line 6
+def output
+  puts
+  puts " | Name: #{self}" #this will also output the version number if detected
+  puts " | Location: #{url}"
+  #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
+  puts ' | Directory listing enabled: Yes' if has_directory_listing?
+  puts " | Readme: #{readme_url}" if has_readme?
+  puts " | Changelog: #{changelog_url}" if has_changelog?
+
+  vulnerabilities.output
+
+  if has_error_log?
+    puts ' | ' + red('[!]') + " An error_log file has been found : #{error_log_url}"
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpItem/Versionable.html b/doc_rdoc/WpItem/Versionable.html new file mode 100644 index 00000000..abfc4daa --- /dev/null +++ b/doc_rdoc/WpItem/Versionable.html @@ -0,0 +1,391 @@ + + + + + + +module WpItem::Versionable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpItem::Versionable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ to_s() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/models/wp_item/versionable.rb, line 19
+def to_s
+  item_version = self.version
+  "#@name#{' v' + item_version.strip if item_version}"
+end
+
+ +
+ + + + +
+ + +
+ +
+ version() + + click to toggle source + +
+ + +
+ +

Get the version from the readme.txt

+ +

@return [ String ] The version number

+ + + + +
+ 
# File lib/common/models/wp_item/versionable.rb, line 10
+def version
+  unless @version
+    response = Browser.get(readme_url)
+    @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}, 1]
+  end
+  @version
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpItem/Vulnerable.html b/doc_rdoc/WpItem/Vulnerable.html new file mode 100644 index 00000000..d55e14b1 --- /dev/null +++ b/doc_rdoc/WpItem/Vulnerable.html @@ -0,0 +1,391 @@ + + + + + + +module WpItem::Vulnerable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpItem::Vulnerable

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ vulns_file[RW] +
+ +
+ + + +
+
+ +
+
+ vulns_xpath[RW] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Instance Methods

+ + +
+ +
+ vulnerabilities() + + click to toggle source + +
+ + +
+ +

Get the vulnerabilities associated to the WpItem

+ +

@return [ Vulnerabilities ]

+ + + + +
+ 
# File lib/common/models/wp_item/vulnerable.rb, line 9
+def vulnerabilities
+  xml             = xml(vulns_file)
+  vulnerabilities = Vulnerabilities.new
+
+  xml.xpath(vulns_xpath).each do |node|
+    vulnerabilities << Vulnerability.load_from_xml_node(node)
+  end
+  vulnerabilities
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpItems.html b/doc_rdoc/WpItems.html new file mode 100644 index 00000000..d0e9bcbb --- /dev/null +++ b/doc_rdoc/WpItems.html @@ -0,0 +1,332 @@ + + + + + + +class WpItems - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpItems

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/WpItems/Detectable.html b/doc_rdoc/WpItems/Detectable.html new file mode 100644 index 00000000..3ad1ab78 --- /dev/null +++ b/doc_rdoc/WpItems/Detectable.html @@ -0,0 +1,798 @@ + + + + + + +module WpItems::Detectable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpItems::Detectable

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ item_xpath[R] +
+ +
+ + + +
+
+ +
+
+ vulns_file[R] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Instance Methods

+ + +
+ +
+ aggressive_detection(wp_target, options = {}) + + click to toggle source + +
+ + +
+ +

@param [ WpTarget ] wp_target @param [ Hash +] options @option options [ Boolean ] :show_progression Whether or not +output the progress bar @option options [ Boolean ] :only_vulnerable Only +check for vulnerable items @option options [ String ] :exclude_content

+ +

@return [ WpItems ]

+ + + + +
+ 
# File lib/common/collections/wp_items/detectable.rb, line 14
+def aggressive_detection(wp_target, options = {})
+  browser          = Browser.instance
+  hydra            = browser.hydra
+  targets          = targets_items(wp_target, options)
+  progress_bar     = progress_bar(targets.size, options)
+  exist_options    = {
+    error_404_hash:  wp_target.error_404_hash,
+    homepage_hash:   wp_target.homepage_hash,
+    exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil
+  }
+
+  # If we only want the vulnerable ones, the passive detection is ignored

+  # Otherwise, a passive detection is performed, and results will be merged

+  results = options[:only_vulnerable] ? new : passive_detection(wp_target, options)
+
+  targets.each do |target_item|
+    request = browser.forge_request(target_item.url, request_params)
+
+    request.on_complete do |response|
+      progress_bar.progress += 1 if options[:show_progression]
+
+      if target_item.exists?(exist_options, response)
+        if !results.include?(target_item)
+          results << target_item
+        end
+      end
+    end
+
+    hydra.queue(request)
+  end
+
+  hydra.run
+  results.sort!
+  results # can't just return results.sort because the #sort returns an array, and we want a WpItems

+end
+
+ +
+ + + + +
+ + +
+ +
+ passive_detection(wp_target, options = {}) + + click to toggle source + +
+ + +
+ +

@param [ WpTarget ] wp_target @param [ Hash +] options

+ +

@return [ WpItems ]

+ + + + +
+ 
# File lib/common/collections/wp_items/detectable.rb, line 71
+def passive_detection(wp_target, options = {})
+  results      = new
+  item_class   = self.item_class
+  type         = self.to_s.gsub(/Wp/, '').downcase
+  response     = Browser.get(wp_target.url)
+  item_options = {
+    wp_content_dir: wp_target.wp_content_dir,
+    wp_plugins_dir: wp_target.wp_plugins_dir,
+    vulns_file:     self.vulns_file
+  }
+
+  regex1 = %r{(?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\?/}
+  regex2 = %r{\?/}
+  regex3 = %r{\?/([^/\"']+)\?(?:/|"|')}
+
+  names = response.body.scan(/#{regex1}#{Regexp.escape(wp_target.wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/)
+
+  names.flatten.uniq.each do |name|
+    results << item_class.new(wp_target.uri, item_options.merge(name: name))
+  end
+
+  results.sort!
+  results
+end
+
+ +
+ + + + +
+ + +
+ +
+ progress_bar(targets_size, options) + + click to toggle source + +
+ + +
+ +

@param [ Integer ] targets_size @param [ Hash ] options

+ +

@return [ ProgressBar ] :nocov:

+ + + + +
+ 
# File lib/common/collections/wp_items/detectable.rb, line 55
+def progress_bar(targets_size, options)
+  if options[:show_progression]
+    ProgressBar.create(
+      format: '%t %a <%B> (%c / %C) %P%% %e',
+      title: '  ', # Used to craete a left margin

+      length: 120,
+      total: targets_size
+    )
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Instance Methods

+ + +
+ +
+ create_item(klass, name, wp_target, vulns_file = nil) + + click to toggle source + +
+ + +
+ +

@param [ Class ] klass @param [ String ] name @param [ WpTarget ] wp_target @option [ String ] #vulns_file

+ +

@return [ WpItem ]

+ + + + +
+ 
# File lib/common/collections/wp_items/detectable.rb, line 153
+def create_item(klass, name, wp_target, vulns_file = nil)
+  klass.new(
+    wp_target.uri,
+    name:           name,
+    vulns_file:     vulns_file,
+    wp_content_dir: wp_target.wp_content_dir,
+    wp_plugins_dir: wp_target.wp_plugins_dir
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ item_class() + + click to toggle source + +
+ + +
+ +

@return [ Class ]

+ + + + +
+ 
# File lib/common/collections/wp_items/detectable.rb, line 186
+def item_class
+  Object.const_get(self.to_s.gsub(/.$/, ''))
+end
+
+ +
+ + + + +
+ + +
+ +
+ request_params() + + click to toggle source + +
+ + +
+ +

The default request parameters

+ +

@return [ Hash ]

+ + + + +
+ 
# File lib/common/collections/wp_items/detectable.rb, line 101
+def request_params; { cache_ttl: 0, followlocation: true } end
+
+ +
+ + + + +
+ + +
+ +
+ targets_items(wp_target, options = {}) + + click to toggle source + +
+ + +
+ +

@param [ WpTarget ] wp_target @param [ +options ] options @option options [ Boolean ] :only_vulnerable @option +options [ String ] :file The path to the file containing the targets

+ +

@return [ Array<WpItem> ]

+ + + + +
+ 
# File lib/common/collections/wp_items/detectable.rb, line 109
+def targets_items(wp_target, options = {})
+  item_class = self.item_class
+  vulns_file = self.vulns_file
+
+  targets = vulnerable_targets_items(wp_target, item_class, vulns_file)
+
+  unless options[:only_vulnerable]
+    unless options[:file]
+      raise 'A file must be supplied'
+    end
+
+    targets += targets_items_from_file(options[:file], wp_target, item_class, vulns_file)
+  end
+
+  targets.uniq! { |t| t.name }
+  targets.sort_by { rand }
+end
+
+ +
+ + + + +
+ + +
+ +
+ targets_items_from_file(file, wp_target, item_class, vulns_file) + + click to toggle source + +
+ + +
+ +

@param [ String ] file @param [ WpTarget ] +wp_target @param [ Class ] #item_class @param [ String +] #vulns_file

+ +

@return [ WpItem ]

+ + + + +
+ 
# File lib/common/collections/wp_items/detectable.rb, line 169
+def targets_items_from_file(file, wp_target, item_class, vulns_file)
+  targets = []
+
+  File.open(file, 'r') do |f|
+    f.readlines.collect do |item_name|
+      targets << create_item(
+        item_class,
+        item_name.strip,
+        wp_target,
+        vulns_file
+      )
+    end
+  end
+  targets
+end
+
+ +
+ + + + +
+ + +
+ +
+ vulnerable_targets_items(wp_target, item_class, vulns_file) + + click to toggle source + +
+ + +
+ +

@param [ WpTarget ] wp_target @param [ Class +] #item_class @param [ +String ] #vulns_file

+ +

@return [ Array<WpItem> ]

+ + + + +
+ 
# File lib/common/collections/wp_items/detectable.rb, line 132
+def vulnerable_targets_items(wp_target, item_class, vulns_file)
+  targets = []
+  xml     = xml(vulns_file)
+
+  xml.xpath(item_xpath).each do |node|
+    targets << create_item(
+      item_class,
+      node.attribute('name').text,
+      wp_target,
+      vulns_file
+    )
+  end
+  targets
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpItems/Output.html b/doc_rdoc/WpItems/Output.html new file mode 100644 index 00000000..7e0d3d53 --- /dev/null +++ b/doc_rdoc/WpItems/Output.html @@ -0,0 +1,349 @@ + + + + + + +module WpItems::Output - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpItems::Output

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ output() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/collections/wp_items/output.rb, line 5
+def output
+  self.each { |item| item.output }
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpPlugin.html b/doc_rdoc/WpPlugin.html new file mode 100644 index 00000000..b9cc88ba --- /dev/null +++ b/doc_rdoc/WpPlugin.html @@ -0,0 +1,373 @@ + + + + + + +class WpPlugin - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpPlugin

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ forge_uri(target_base_uri) + + click to toggle source + +
+ + +
+ +

Sets the @uri

+ +

@param [ URI ] target_base_uri The URI of the wordpress blog

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/models/wp_plugin.rb, line 12
+def forge_uri(target_base_uri)
+  @uri = target_base_uri.merge(URI.encode(wp_plugins_dir + '/' + name + '/'))
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpPlugin/Vulnerable.html b/doc_rdoc/WpPlugin/Vulnerable.html new file mode 100644 index 00000000..d44098f6 --- /dev/null +++ b/doc_rdoc/WpPlugin/Vulnerable.html @@ -0,0 +1,387 @@ + + + + + + +module WpPlugin::Vulnerable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpPlugin::Vulnerable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ vulns_file() + + click to toggle source + +
+ + +
+ +

@return [ String ] The path to the file containing vulnerabilities

+ + + + +
+ 
# File lib/common/models/wp_plugin/vulnerable.rb, line 6
+def vulns_file
+  unless @vulns_file
+    @vulns_file = PLUGINS_VULNS_FILE
+  end
+  @vulns_file
+end
+
+ +
+ + + + +
+ + +
+ +
+ vulns_xpath() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/models/wp_plugin/vulnerable.rb, line 14
+def vulns_xpath
+  "//plugin[@name='#{@name}']/vulnerability"
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpPlugins.html b/doc_rdoc/WpPlugins.html new file mode 100644 index 00000000..8bc41586 --- /dev/null +++ b/doc_rdoc/WpPlugins.html @@ -0,0 +1,319 @@ + + + + + + +class WpPlugins - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpPlugins

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/WpPlugins/Detectable.html b/doc_rdoc/WpPlugins/Detectable.html new file mode 100644 index 00000000..55f227a2 --- /dev/null +++ b/doc_rdoc/WpPlugins/Detectable.html @@ -0,0 +1,384 @@ + + + + + + +module WpPlugins::Detectable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpPlugins::Detectable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ item_xpath() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/collections/wp_plugins/detectable.rb, line 11
+def item_xpath
+  '//plugin'
+end
+
+ +
+ + + + +
+ + +
+ +
+ vulns_file() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/collections/wp_plugins/detectable.rb, line 6
+def vulns_file
+  PLUGINS_VULNS_FILE
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTarget.html b/doc_rdoc/WpTarget.html new file mode 100644 index 00000000..5e563647 --- /dev/null +++ b/doc_rdoc/WpTarget.html @@ -0,0 +1,832 @@ + + + + + + +class WpTarget - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpTarget

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ verbose[R] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Class Methods

+ + +
+ +
+ new(target_url, options = {}) + + click to toggle source + +
+ + +
+ + + + +
+ Calls superclass method + WebSite.new +
+ + + +
+ 
# File lib/wpscan/wp_target.rb, line 22
+def initialize(target_url, options = {})
+  super(target_url)
+
+  @verbose        = options[:verbose]
+  @wp_content_dir = options[:wp_content_dir]
+  @wp_plugins_dir = options[:wp_plugins_dir]
+  @multisite      = nil
+
+  Browser.instance(options.merge(:max_threads => options[:threads]))
+end
+
+ +
+ + + + +
+ + +
+ +
+ valid_response_codes() + + click to toggle source + +
+ + +
+ +

Valid HTTP return codes

+ + + + +
+ 
# File lib/wpscan/wp_target.rb, line 72
+def self.valid_response_codes
+  [200, 301, 302, 401, 403, 500, 400]
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ debug_log_url() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/wpscan/wp_target.rb, line 114
+def debug_log_url
+  @uri.merge("#{wp_content_dir()}/debug.log").to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_debug_log?() + + click to toggle source + +
+ + +
+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/wpscan/wp_target.rb, line 109
+def has_debug_log?
+  WebSite.has_log?(debug_log_url, %r{\[[^\]]+\] PHP (?:Warning|Error|Notice):})
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_plugin?(name, version = nil) + + click to toggle source + +
+ + +
+ +

The version is not yet considerated

+ +

@param [ String ] name @param [ String ] version

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/wpscan/wp_target.rb, line 98
+def has_plugin?(name, version = nil)
+  WpPlugin.new(
+    @uri,
+    name: name,
+    version: version,
+    wp_content_dir: wp_content_dir,
+    wp_plugins_dir: wp_plugins_dir
+  ).exists?
+end
+
+ +
+ + + + +
+ + +
+ +
+ login_url() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target.rb, line 59
+def login_url
+  url = @uri.merge('wp-login.php').to_s
+
+  # Let's check if the login url is redirected (to https url for example)
+  redirection = redirection(url)
+  if redirection
+    url = redirection
+  end
+
+  url
+end
+
+ +
+ + + + +
+ + +
+ +
+ search_replace_db_2_exists?() + + click to toggle source + +
+ + +
+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/wpscan/wp_target.rb, line 128
+def search_replace_db_2_exists?
+  resp = Browser.get(search_replace_db_2_url)
+  resp.code == 200 && resp.body[%r{by interconnect}]
+end
+
+ +
+ + + + +
+ + +
+ +
+ search_replace_db_2_url() + + click to toggle source + +
+ + +
+ +

Script for replacing strings in wordpress databases reveals databse +credentials after hitting submit interconnectit.com/124/search-and-replace-for-wordpress-databases/

+ +

@return [ String ]

+ + + + +
+ 
# File lib/wpscan/wp_target.rb, line 123
+def search_replace_db_2_url
+  @uri.merge('searchreplacedb2.php').to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ theme() + + click to toggle source + +
+ + +
+ +

@return [ WpTheme ] :nocov:

+ + + + +
+ 
# File lib/wpscan/wp_target.rb, line 78
+def theme
+  WpTheme.find(@uri)
+end
+
+ +
+ + + + +
+ + +
+ +
+ version(versions_xml) + + click to toggle source + +
+ + +
+ +

@param [ String ] versions_xml

+ +

@return [ WpVersion ] :nocov:

+ + + + +
+ 
# File lib/wpscan/wp_target.rb, line 87
+def version(versions_xml)
+  WpVersion.find(@uri, wp_content_dir, wp_plugins_dir, versions_xml)
+end
+
+ +
+ + + + +
+ + +
+ +
+ wordpress?() + + click to toggle source + +
+ + +
+ +

check if the target website is actually running wordpress.

+ + + + +
+ 
# File lib/wpscan/wp_target.rb, line 35
+def wordpress?
+  wordpress = false
+
+  response = Browser.get_and_follow_location(@uri.to_s)
+
+  if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/
+    wordpress = true
+  else
+    response = Browser.get_and_follow_location(xml_rpc_url)
+
+    if response.body =~ %r{XML-RPC server accepts POST requests only}
+      wordpress = true
+    else
+      response = Browser.get_and_follow_location(login_url)
+
+      if response.code == 200 && response.body =~ %r{WordPress}
+        wordpress = true
+      end
+    end
+  end
+
+  wordpress
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTarget/Malwares.html b/doc_rdoc/WpTarget/Malwares.html new file mode 100644 index 00000000..9db54326 --- /dev/null +++ b/doc_rdoc/WpTarget/Malwares.html @@ -0,0 +1,481 @@ + + + + + + +module WpTarget::Malwares - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTarget::Malwares

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Class Methods

+ + +
+ +
+ malware_pattern(url_regex) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target/malwares.rb, line 43
+def self.malware_pattern(url_regex)
+  # no need to escape regex here, because malware.txt contains regex
+  %r{<(?:script|iframe).* src=(?:"|')(#{url_regex}[^"']*)(?:"|')[^>]*>}
+end
+
+ +
+ + + + +
+ + +
+ +
+ malwares_file(malwares_file_path) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target/malwares.rb, line 39
+def self.malwares_file(malwares_file_path)
+  malwares_file_path || DATA_DIR + '/malwares.txt'
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ has_malwares?(malwares_file_path = nil) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target/malwares.rb, line 10
+def has_malwares?(malwares_file_path = nil)
+  !malwares(malwares_file_path).empty?
+end
+
+ +
+ + + + +
+ + +
+ +
+ malwares(malwares_file_path = nil) + + click to toggle source + +
+ + +
+ +

return array of string (url of malwares found)

+ + + + +
+ 
# File lib/wpscan/wp_target/malwares.rb, line 15
+def malwares(malwares_file_path = nil)
+  unless @malwares
+    malwares_found = []
+    malwares_file = Malwares.malwares_file(malwares_file_path)
+    index_page_body = Browser.get(@uri.to_s).body
+
+    File.open(malwares_file, 'r') do |file|
+      file.readlines.collect do |url|
+        chomped_url = url.chomp
+
+        if chomped_url.length > 0
+          malwares_found += index_page_body.scan(Malwares.malware_pattern(chomped_url))
+        end
+      end
+    end
+
+    malwares_found.flatten!
+    malwares_found.uniq!
+
+    @malwares = malwares_found
+  end
+  @malwares
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTarget/WpConfigBackup.html b/doc_rdoc/WpTarget/WpConfigBackup.html new file mode 100644 index 00000000..7a833c53 --- /dev/null +++ b/doc_rdoc/WpTarget/WpConfigBackup.html @@ -0,0 +1,423 @@ + + + + + + +module WpTarget::WpConfigBackup - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTarget::WpConfigBackup

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Class Methods

+ + +
+ +
+ config_backup_files() + + click to toggle source + +
+ + +
+ +

@return Array

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_config_backup.rb, line 40
+def self.config_backup_files
+  %w{
+    wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
+    wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
+    wp-config.orig wp-config.php.original wp-config.original wp-config.txt
+  } # thanks to Feross.org for these
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ config_backup() + + click to toggle source + +
+ + +
+ +

Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/ return +an array of backup config files url

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_config_backup.rb, line 8
+def config_backup
+  found       = []
+  backups     = WpConfigBackup.config_backup_files
+  browser     = Browser.instance
+  hydra       = browser.hydra
+  queue_count = 0
+
+  backups.each do |file|
+    file_url = @uri.merge(URI.escape(file)).to_s
+    request = browser.forge_request(file_url)
+
+    request.on_complete do |response|
+      if response.body[%r{define}] and not response.body[%r{<\s?html}]
+        found << file_url
+      end
+    end
+
+    hydra.queue(request)
+    queue_count += 1
+
+    if queue_count == browser.max_threads
+      hydra.run
+      queue_count = 0
+    end
+  end
+
+  hydra.run
+
+  found
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTarget/WpCustomDirectories.html b/doc_rdoc/WpTarget/WpCustomDirectories.html new file mode 100644 index 00000000..6b3f3a9f --- /dev/null +++ b/doc_rdoc/WpTarget/WpCustomDirectories.html @@ -0,0 +1,476 @@ + + + + + + +module WpTarget::WpCustomDirectories - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTarget::WpCustomDirectories

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ default_wp_content_dir_exists?() + + click to toggle source + +
+ + +
+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_custom_directories.rb, line 23
+def default_wp_content_dir_exists?
+  response = Browser.get(@uri.merge('wp-content').to_s)
+  hash = Digest::MD5.hexdigest(response.body)
+
+  if WpTarget.valid_response_codes.include?(response.code)
+    return true if hash != error_404_hash and hash != homepage_hash
+  end
+
+  false
+end
+
+ +
+ + + + +
+ + +
+ +
+ wp_content_dir() + + click to toggle source + +
+ + +
+ +

@return [ String ] The wp-content directory

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_custom_directories.rb, line 6
+def wp_content_dir
+  unless @wp_content_dir
+    index_body = Browser.get(@uri.to_s).body
+    uri_path = @uri.path # Only use the path because domain can be text or an IP
+
+    if index_body[/\/wp-content\/(?:themes|plugins)\//] || default_wp_content_dir_exists?
+      @wp_content_dir = 'wp-content'
+    else
+      domains_excluded = '(?:www\.)?(facebook|twitter)\.com'
+      @wp_content_dir  = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^"']+)\/(?:themes|plugins)\/.*(?:"|')/, 1]
+    end
+  end
+
+  @wp_content_dir
+end
+
+ +
+ + + + +
+ + +
+ +
+ wp_plugins_dir() + + click to toggle source + +
+ + +
+ +

@return [ String ] The wp-plugins directory

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_custom_directories.rb, line 35
+def wp_plugins_dir
+  unless @wp_plugins_dir
+    @wp_plugins_dir = "#{wp_content_dir}/plugins"
+  end
+  @wp_plugins_dir
+end
+
+ +
+ + + + +
+ + +
+ +
+ wp_plugins_dir_exists?() + + click to toggle source + +
+ + +
+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_custom_directories.rb, line 43
+def wp_plugins_dir_exists?
+  Browser.get(@uri.merge(wp_plugins_dir).to_s).code != 404
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTarget/WpFullPathDisclosure.html b/doc_rdoc/WpTarget/WpFullPathDisclosure.html new file mode 100644 index 00000000..102c2a10 --- /dev/null +++ b/doc_rdoc/WpTarget/WpFullPathDisclosure.html @@ -0,0 +1,387 @@ + + + + + + +module WpTarget::WpFullPathDisclosure - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTarget::WpFullPathDisclosure

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ full_path_disclosure_url() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_full_path_disclosure.rb, line 14
+def full_path_disclosure_url
+  @uri.merge('wp-includes/rss-functions.php').to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_full_path_disclosure?() + + click to toggle source + +
+ + +
+ +

Check for Full Path Disclosure (FPD)

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_full_path_disclosure.rb, line 8
+def has_full_path_disclosure?
+  response = Browser.get(full_path_disclosure_url())
+  response.body[%r{Fatal error}] ? true : false
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTarget/WpLoginProtection.html b/doc_rdoc/WpTarget/WpLoginProtection.html new file mode 100644 index 00000000..ead20506 --- /dev/null +++ b/doc_rdoc/WpTarget/WpLoginProtection.html @@ -0,0 +1,889 @@ + + + + + + +module WpTarget::WpLoginProtection - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTarget::WpLoginProtection

+ +
+ +
+ + + + +
+ + + + + + +
+

Constants

+
+ +
LOGIN_PROTECTION_METHOD_PATTERN + +
+ + +
+
+ + + + + + +
+

Public Instance Methods

+ + +
+ +
+ has_login_protection?() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 9
+def has_login_protection?
+  !login_protection_plugin().nil?
+end
+
+ +
+ + + + +
+ + +
+ +
+ login_protection_plugin() + + click to toggle source + +
+ + +
+ +

Checks if a login protection plugin is enabled code.google.com/p/wpscan/issues/detail?id=111 +return a WpPlugin object or nil if no one is +found

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 16
+def login_protection_plugin
+  unless @login_protection_plugin
+    protected_methods.grep(LOGIN_PROTECTION_METHOD_PATTERN).each do |symbol_to_call|
+
+      if send(symbol_to_call)
+        plugin_name = symbol_to_call[LOGIN_PROTECTION_METHOD_PATTERN, 1].gsub('_', '-')
+
+        return @login_protection_plugin = WpPlugin.new(
+          @uri,
+          name:           plugin_name,
+          wp_content_dir: wp_content_dir,
+          wp_plugins_dir: wp_plugins_dir
+        )
+      end
+    end
+    @login_protection_plugin = nil
+  end
+  @login_protection_plugin
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Instance Methods

+ + +
+ +
+ better_wp_security_url() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 62
+def better_wp_security_url
+  plugin_url('better-wp-security/')
+end
+
+ +
+ + + + +
+ + +
+ +
+ bluetrait_event_viewer_url() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 98
+def bluetrait_event_viewer_url
+  plugin_url('bluetrait-event-viewer')
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_better_wp_security_protection?() + + click to toggle source + +
+ + +
+ +

wordpress.org/extend/plugins/better-wp-security/

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 49
+def has_better_wp_security_protection?
+  Browser.get(better_wp_security_url).code != 404
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_bluetrait_event_viewer_protection?() + + click to toggle source + +
+ + +
+ +

wordpress.org/extend/plugins/bluetrait-event-viewer/

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 94
+def has_bluetrait_event_viewer_protection?
+  Browser.get(bluetrait_event_viewer_url).code != 404
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_limit_login_attempts_protection?() + + click to toggle source + +
+ + +
+ +

wordpress.org/extend/plugins/limit-login-attempts/

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 85
+def has_limit_login_attempts_protection?
+  Browser.get(limit_login_attempts_url).code != 404
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_login_lock_protection?() + + click to toggle source + +
+ + +
+ +

wordpress.org/extend/plugins/login-lock/

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 44
+def has_login_lock_protection?
+  Browser.get(login_url).body =~ %r{LOGIN LOCK} ? true : false
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_login_lockdown_protection?() + + click to toggle source + +
+ + +
+ +

Thanks to Alip Aswalid for providing this method. wordpress.org/extend/plugins/login-lockdown/

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 39
+def has_login_lockdown_protection?
+  Browser.get(login_url).body =~ %r{Login LockDown} ? true : false
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_login_security_solution_protection?() + + click to toggle source + +
+ + +
+ +

wordpress.org/extend/plugins/login-security-solution/

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 76
+def has_login_security_solution_protection?
+  Browser.get(login_security_solution_url()).code != 404
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_simple_login_lockdown_protection?() + + click to toggle source + +
+ + +
+ +

wordpress.org/extend/plugins/simple-login-lockdown/

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 67
+def has_simple_login_lockdown_protection?
+  Browser.get(simple_login_lockdown_url).code != 404
+end
+
+ +
+ + + + +
+ + +
+ +
+ limit_login_attempts_url() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 89
+def limit_login_attempts_url
+  plugin_url('limit-login-attempts')
+end
+
+ +
+ + + + +
+ + +
+ +
+ login_security_solution_url() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 80
+def login_security_solution_url
+  plugin_url('login-security-solution')
+end
+
+ +
+ + + + +
+ + +
+ +
+ plugin_url(plugin_name) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 53
+def plugin_url(plugin_name)
+  WpPlugin.new(
+    @uri,
+    name:           plugin_name,
+    wp_content_dir: wp_content_dir,
+    wp_plugins_dir: wp_plugins_dir
+  ).url
+end
+
+ +
+ + + + +
+ + +
+ +
+ simple_login_lockdown_url() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wp_target/wp_login_protection.rb, line 71
+def simple_login_lockdown_url
+  plugin_url('simple-login-lockdown/')
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTarget/WpReadme.html b/doc_rdoc/WpTarget/WpReadme.html new file mode 100644 index 00000000..7787f07e --- /dev/null +++ b/doc_rdoc/WpTarget/WpReadme.html @@ -0,0 +1,394 @@ + + + + + + +module WpTarget::WpReadme - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTarget::WpReadme

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ has_readme?() + + click to toggle source + +
+ + +
+ +

Checks to see if the readme.html file exists

+ +

This file comes by default in a wordpress installation, and if deleted is +reinstated with an upgrade.

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_readme.rb, line 11
+def has_readme?
+  response = Browser.get(readme_url())
+
+  unless response.code == 404
+    return response.body =~ %r{wordpress} ? true : false
+  end
+  false
+end
+
+ +
+ + + + +
+ + +
+ +
+ readme_url() + + click to toggle source + +
+ + +
+ +

@return [ String ] The readme URL

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_readme.rb, line 21
+def readme_url
+  @uri.merge('readme.html').to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTarget/WpRegistrable.html b/doc_rdoc/WpTarget/WpRegistrable.html new file mode 100644 index 00000000..d261f9f6 --- /dev/null +++ b/doc_rdoc/WpTarget/WpRegistrable.html @@ -0,0 +1,450 @@ + + + + + + +module WpTarget::WpRegistrable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTarget::WpRegistrable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ multisite?() + + click to toggle source + +
+ + +
+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_registrable.rb, line 32
+def multisite?
+  unless @multisite
+    # when multi site, there is no redirection or a redirect to the site itself
+    # otherwise redirect to wp-login.php
+    resp = Browser.get(@uri.merge('wp-signup.php').to_s)
+
+    if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/
+      @multisite = false
+    elsif resp.code == 302 and resp.headers_hash['location'] =~ /wp-signup\.php/
+      @multisite = true
+    elsif resp.code == 200
+      @multisite = true
+    else
+      @multisite = false
+    end
+  end
+  @multisite
+end
+
+ +
+ + + + +
+ + +
+ +
+ registration_enabled?() + + click to toggle source + +
+ + +
+ +

Should check wp-login.php if registration is enabled or not

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_registrable.rb, line 8
+def registration_enabled?
+  resp = Browser.get(registration_url)
+  # redirect only on non multi sites
+  if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/
+    enabled = false
+  # multi site registration form
+  elsif resp.code == 200 and resp.body =~ /<form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*">/
+    enabled = true
+  # normal registration form
+  elsif resp.code == 200 and resp.body =~ /<form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*"/
+    enabled = true
+  # registration disabled
+  else
+    enabled = false
+  end
+  enabled
+end
+
+ +
+ + + + +
+ + +
+ +
+ registration_url() + + click to toggle source + +
+ + +
+ +

@return [ String ] The registration URL

+ + + + +
+ 
# File lib/wpscan/wp_target/wp_registrable.rb, line 27
+def registration_url
+  multisite? ? @uri.merge('wp-signup.php').to_s : @uri.merge('wp-login.php?action=register').to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTheme.html b/doc_rdoc/WpTheme.html new file mode 100644 index 00000000..ae8c13ba --- /dev/null +++ b/doc_rdoc/WpTheme.html @@ -0,0 +1,487 @@ + + + + + + +class WpTheme - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpTheme

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ style_url[W] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Instance Methods

+ + +
+ +
+ allowed_options() + + click to toggle source + +
+ + +
+ + + + +
+ Calls superclass method + WpItem#allowed_options +
+ + + +
+ 
# File lib/common/models/wp_theme.rb, line 13
+def allowed_options; super << :style_url end
+
+ +
+ + + + +
+ + +
+ +
+ forge_uri(target_base_uri) + + click to toggle source + +
+ + +
+ +

Sets the @uri

+ +

@param [ URI ] target_base_uri The URI of the wordpress blog

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/models/wp_theme.rb, line 20
+def forge_uri(target_base_uri)
+  @uri = target_base_uri.merge(URI.encode(wp_content_dir + '/themes/' + name + '/'))
+end
+
+ +
+ + + + +
+ + +
+ +
+ style_url() + + click to toggle source + +
+ + +
+ +

@return [ String ] The url to the theme stylesheet

+ + + + +
+ 
# File lib/common/models/wp_theme.rb, line 25
+def style_url
+  unless @style_url
+    @style_url = uri.merge('style.css').to_s
+  end
+  @style_url
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTheme/Findable.html b/doc_rdoc/WpTheme/Findable.html new file mode 100644 index 00000000..2938468f --- /dev/null +++ b/doc_rdoc/WpTheme/Findable.html @@ -0,0 +1,474 @@ + + + + + + +module WpTheme::Findable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTheme::Findable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ find(target_uri) + + click to toggle source + +
+ + +
+ +

Find the main theme of the blog

+ +

@param [ URI ] target_uri

+ +

@return [ WpTheme ]

+ + + + +
+ 
# File lib/common/models/wp_theme/findable.rb, line 10
+def find(target_uri)
+  methods.grep(/^find_from_/).each do |method|
+    if wp_theme = self.send(method, target_uri)
+      wp_theme.found_from = method
+
+      return wp_theme
+    end
+  end
+  nil
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Instance Methods

+ + +
+ +
+ find_from_css_link(target_uri) + + click to toggle source + +
+ + +
+ +

Discover the wordpress theme by parsing the css link rel

+ +

@param [ URI ] target_uri

+ +

@return [ WpTheme ]

+ + + + + + +
+ + + + +
+ + +
+ +
+ find_from_wooframework(target_uri) + + click to toggle source + +
+ + +
+ +

code.google.com/p/wpscan/issues/detail?id=141

+ +

@param [ URI ] target_uri

+ +

@return [ WpTheme ]

+ + + + +
+ 
# File lib/common/models/wp_theme/findable.rb, line 50
+def find_from_wooframework(target_uri)
+  body = Browser.get(target_uri.to_s).body
+  regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}
+
+
+  if matches = regexp.match(body)
+    woo_theme_name = matches[1]
+    woo_theme_version = matches[2]
+    #woo_framework_version = matches[3] # Not used at this time

+
+    return new(
+      target_uri,
+      {
+        name:    woo_theme_name,
+        version: woo_theme_version
+      }
+    )
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTheme/Versionable.html b/doc_rdoc/WpTheme/Versionable.html new file mode 100644 index 00000000..3f44cabf --- /dev/null +++ b/doc_rdoc/WpTheme/Versionable.html @@ -0,0 +1,360 @@ + + + + + + +module WpTheme::Versionable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTheme::Versionable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ version() + + click to toggle source + +
+ + +
+ + + + +
+ Calls superclass method + +
+ + + +
+ 
# File lib/common/models/wp_theme/versionable.rb, line 5
+def version
+  unless @version
+    @version = Browser.get(style_url).body[%r{Version:\s([^\s]+)}, 1]
+
+    # Get Version from readme.txt

+    @version ||= super
+  end
+  @version
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTheme/Vulnerable.html b/doc_rdoc/WpTheme/Vulnerable.html new file mode 100644 index 00000000..0e6e18e8 --- /dev/null +++ b/doc_rdoc/WpTheme/Vulnerable.html @@ -0,0 +1,387 @@ + + + + + + +module WpTheme::Vulnerable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTheme::Vulnerable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ vulns_file() + + click to toggle source + +
+ + +
+ +

@return [ String ] The path to the file containing vulnerabilities

+ + + + +
+ 
# File lib/common/models/wp_theme/vulnerable.rb, line 6
+def vulns_file
+  unless @vulns_file
+    @vulns_file = THEMES_VULNS_FILE
+  end
+  @vulns_file
+end
+
+ +
+ + + + +
+ + +
+ +
+ vulns_xpath() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/models/wp_theme/vulnerable.rb, line 14
+def vulns_xpath
+  "//theme[@name='#{@name}']/vulnerability"
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpThemes.html b/doc_rdoc/WpThemes.html new file mode 100644 index 00000000..056d59ed --- /dev/null +++ b/doc_rdoc/WpThemes.html @@ -0,0 +1,319 @@ + + + + + + +class WpThemes - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpThemes

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/WpThemes/Detectable.html b/doc_rdoc/WpThemes/Detectable.html new file mode 100644 index 00000000..c178e5cf --- /dev/null +++ b/doc_rdoc/WpThemes/Detectable.html @@ -0,0 +1,384 @@ + + + + + + +module WpThemes::Detectable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpThemes::Detectable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ item_xpath() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/collections/wp_themes/detectable.rb, line 11
+def item_xpath
+  '//theme'
+end
+
+ +
+ + + + +
+ + +
+ +
+ vulns_file() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/collections/wp_themes/detectable.rb, line 6
+def vulns_file
+  THEMES_VULNS_FILE
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTimthumb.html b/doc_rdoc/WpTimthumb.html new file mode 100644 index 00000000..b371394c --- /dev/null +++ b/doc_rdoc/WpTimthumb.html @@ -0,0 +1,380 @@ + + + + + + +class WpTimthumb - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpTimthumb

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ ==(other) + + click to toggle source + +
+ + +
+ +

@param [ WpTimthumb ] other

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_timthumb.rb, line 14
+def ==(other)
+  url == other.url
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTimthumb/Existable.html b/doc_rdoc/WpTimthumb/Existable.html new file mode 100644 index 00000000..fbac3816 --- /dev/null +++ b/doc_rdoc/WpTimthumb/Existable.html @@ -0,0 +1,352 @@ + + + + + + +module WpTimthumb::Existable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTimthumb::Existable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ exists_from_response?(response, options = {}) + + click to toggle source + +
+ + +
+ +

@param [ Typhoeus::Response ] +response @param [ Hash ] options

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_timthumb/existable.rb, line 9
+def exists_from_response?(response, options = {})
+  response.code == 400 && response.body =~ /no image specified/ ? true : false
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTimthumb/Output.html b/doc_rdoc/WpTimthumb/Output.html new file mode 100644 index 00000000..762aa171 --- /dev/null +++ b/doc_rdoc/WpTimthumb/Output.html @@ -0,0 +1,349 @@ + + + + + + +module WpTimthumb::Output - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTimthumb::Output

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ output() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/models/wp_timthumb/output.rb, line 5
+def output
+  puts ' | ' + red('[!]') + " #{self}"
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTimthumb/Versionable.html b/doc_rdoc/WpTimthumb/Versionable.html new file mode 100644 index 00000000..61c61827 --- /dev/null +++ b/doc_rdoc/WpTimthumb/Versionable.html @@ -0,0 +1,391 @@ + + + + + + +module WpTimthumb::Versionable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTimthumb::Versionable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ to_s() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/models/wp_timthumb/versionable.rb, line 18
+def to_s
+  "#{url}#{ ' v' + version if version}"
+end
+
+ +
+ + + + +
+ + +
+ +
+ version() + + click to toggle source + +
+ + +
+ +

Get the version from the body of an invalid request See code.google.com/p/timthumb/source/browse/trunk/timthumb.php#426

+ +

@return [ String ] The version

+ + + + +
+ 
# File lib/common/models/wp_timthumb/versionable.rb, line 9
+def version
+  unless @version
+    response = Browser.get(url)
+    @version = response.body[%r{TimThumb version\s*: ([^<]+)} , 1]
+  end
+  @version
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpTimthumbs.html b/doc_rdoc/WpTimthumbs.html new file mode 100644 index 00000000..a3506259 --- /dev/null +++ b/doc_rdoc/WpTimthumbs.html @@ -0,0 +1,319 @@ + + + + + + +class WpTimthumbs - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpTimthumbs

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/WpTimthumbs/Detectable.html b/doc_rdoc/WpTimthumbs/Detectable.html new file mode 100644 index 00000000..2ebd830b --- /dev/null +++ b/doc_rdoc/WpTimthumbs/Detectable.html @@ -0,0 +1,544 @@ + + + + + + +module WpTimthumbs::Detectable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpTimthumbs::Detectable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ passive_detection(wp_target, options = {}) + + click to toggle source + +
+ + +
+ +

No passive detection

+ +

@param [ WpTarget ] wp_target @param [ Hash +] options

+ +

@return [ WpTimthumbs ]

+ + + + +
+ 
# File lib/common/collections/wp_timthumbs/detectable.rb, line 11
+def passive_detection(wp_target, options = {})
+  new
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Instance Methods

+ + +
+ +
+ create_item(wp_target, path = nil) + + click to toggle source + +
+ + +
+ +

@param [ WpTarget ] wp_target @option [ +String ] path

+ +

@return [ WpTimthumb ]

+ + + + +
+ 
# File lib/common/collections/wp_timthumbs/detectable.rb, line 71
+def create_item(wp_target, path = nil)
+  options = {
+    wp_content_dir: wp_target.wp_content_dir,
+    wp_plugins_dir: wp_target.wp_plugins_dir
+  }
+
+  options.merge!(path: path) if path
+
+  WpTimthumb.new(wp_target.uri, options)
+end
+
+ +
+ + + + +
+ + +
+ +
+ targets_items(wp_target, options = {}) + + click to toggle source + +
+ + +
+ +

@param [ WpTarget ] wp_target @param [ Hash +] options @option options [ String ] :file The path to the file containing +the targets @option options [ String ] :theme_name

+ +

@return [ Array<WpTimthumb> ]

+ + + + +
+ 
# File lib/common/collections/wp_timthumbs/detectable.rb, line 23
+def targets_items(wp_target, options = {})
+  targets = options[:theme_name] ? theme_timthumbs(options[:theme_name], wp_target) : []
+
+  if options[:file]
+    targets += targets_items_from_file(options[:file], wp_target)
+  end
+
+  targets.uniq { |i| i.url }
+end
+
+ +
+ + + + +
+ + +
+ +
+ targets_items_from_file(file, wp_target) + + click to toggle source + +
+ + +
+ +

@param [ String ] file @param [ WpTarget ] +wp_target

+ +

@return [ Array<WpTimthumb> ]

+ + + + +
+ 
# File lib/common/collections/wp_timthumbs/detectable.rb, line 56
+def targets_items_from_file(file, wp_target)
+  targets = []
+
+  File.open(file, 'r') do |f|
+    f.readlines.collect do |path|
+      targets << create_item(wp_target, path.strip)
+    end
+  end
+  targets
+end
+
+ +
+ + + + +
+ + +
+ +
+ theme_timthumbs(theme_name, wp_target) + + click to toggle source + +
+ + +
+ +

@param [ String ] theme_name @param [ WpTarget ] wp_target

+ +

@return [ Array<WpTimthumb> ]

+ + + + +
+ 
# File lib/common/collections/wp_timthumbs/detectable.rb, line 37
+def theme_timthumbs(theme_name, wp_target)
+  targets     = []
+  wp_timthumb = create_item(wp_target)
+
+  %w{
+    timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
+    scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+  }.each do |path|
+    wp_timthumb.path = "$wp-content$/themes/#{theme_name}/#{path}"
+
+    targets << wp_timthumb.dup
+  end
+  targets
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpUser.html b/doc_rdoc/WpUser.html new file mode 100644 index 00000000..42d4399a --- /dev/null +++ b/doc_rdoc/WpUser.html @@ -0,0 +1,651 @@ + + + + + + +class WpUser - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpUser

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ display_name[RW] +
+ +
+ + + +
+
+ +
+
+ id[RW] +
+ +
+ + + +
+
+ +
+
+ login[RW] +
+ +
+ + + +
+
+ +
+
+ password[RW] +
+ +
+ + + +
+
+ +
+ + + + +
+

Public Instance Methods

+ + +
+ +
+ <=>(other) + + click to toggle source + +
+ + +
+ +

@param [ WpUser ] other

+ + + + +
+ 
# File lib/common/models/wp_user.rb, line 37
+def <=>(other)
+  id <=> other.id
+end
+
+ +
+ + + + +
+ + +
+ +
+ ==(other) + + click to toggle source + +
+ + +
+ +

@param [ WpUser ] other

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_user.rb, line 44
+def ==(other)
+  self === other
+end
+
+ +
+ + + + +
+ + +
+ +
+ ===(other) + + click to toggle source + +
+ + +
+ +

@param [ WpUser ] other

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_user.rb, line 51
+def ===(other)
+  id === other.id && login === other.login
+end
+
+ +
+ + + + +
+ + +
+ +
+ allowed_options() + + click to toggle source + +
+ + +
+ +

@return [ Array<Symbol> ]

+ + + + +
+ 
# File lib/common/models/wp_user.rb, line 12
+def allowed_options; [:id, :login, :display_name, :password] end
+
+ +
+ + + + +
+ + +
+ +
+ login_url() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/models/wp_user.rb, line 24
+def login_url
+  @uri.merge('wp-login.php').to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ to_s() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/models/wp_user.rb, line 29
+def to_s
+  s  = "#{id}"
+  s += " | #{login}" if login
+  s += " | #{display_name}" if display_name
+  s
+end
+
+ +
+ + + + +
+ + +
+ +
+ uri() + + click to toggle source + +
+ + +
+ +

@return [ URI ] The uri to the auhor page

+ + + + +
+ 
# File lib/common/models/wp_user.rb, line 15
+def uri
+  if id
+    return @uri.merge("?author=#{id}")
+  else
+    raise 'The id is nil'
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpUser/BruteForcable.html b/doc_rdoc/WpUser/BruteForcable.html new file mode 100644 index 00000000..88cbb5da --- /dev/null +++ b/doc_rdoc/WpUser/BruteForcable.html @@ -0,0 +1,607 @@ + + + + + + +module WpUser::BruteForcable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpUser::BruteForcable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Class Methods

+ + +
+ +
+ passwords_from_wordlist(wordlist) + + click to toggle source + +
+ + +
+ +

Load the passwords from the wordlist, which can be a file path or an array +or passwords

+ +

File comments are ignored, but will miss +passwords if they start with a hash...

+ +

@param [ String, Array<String> ] wordlist

+ +

@return [ Array<String> ]

+ + + + +
+ 
# File lib/common/models/wp_user/brute_forcable.rb, line 124
+def self.passwords_from_wordlist(wordlist)
+  if wordlist.is_a?(String)
+    passwords = []
+    charset   = File.charset(wordlist).upcase
+    opt       = "r:#{charset}"
+    # To remove warning when charset = UTF-8
+    # Ignoring internal encoding UTF-8: it is identical to external encoding utf-8
+    opt      += ':UTF-8' if charset != 'UTF-8'
+
+    File.open(wordlist, opt).each do |line|
+      next if line[0,1] == '#'
+
+      passwords << line.strip
+    end
+  elsif wordlist.is_a?(Array)
+    passwords = wordlist
+  else
+    raise 'Invalid wordlist, expected String or Array'
+  end
+
+  passwords
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ brute_force(wordlist, options = {}) + + click to toggle source + +
+ + +
+ +

Brute force the user with the wordlist supplied

+ +

It can take a long time to queue 2 million requests, for that reason, we +queue browser.max_threads, send browser.max_threads, queue +browser.max_threads and so on.

+ +

hydra.run only returns when it has recieved all of its, responses. This +means that while we are waiting for browser.max_threads, responses, we are +waiting…

+ +

@param [ String, Array<String> ] wordlist +The wordlist path @param [ Hash ] options @option options [ Boolean ] +:verbose @option options [ Boolean ] :show_progression

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/models/wp_user/brute_forcable.rb, line 21
+def brute_force(wordlist, options = {})
+  browser      = Browser.instance
+  hydra        = browser.hydra
+  passwords    = BruteForcable.passwords_from_wordlist(wordlist)
+  queue_count  = 0
+  found        = false
+  progress_bar = self.progress_bar(passwords.size, options)
+
+  passwords.each do |password|
+    request = login_request(password)
+
+    request.on_complete do |response|
+      progress_bar.progress += 1 if options[:show_progression] && !found
+
+      puts "\n  Trying Username : #{login} Password : #{password}" if options[:verbose]
+
+      if valid_password?(response, password, options)
+        found         = true
+        self.password = password
+        return
+      end
+    end
+
+    hydra.queue(request)
+    queue_count += 1
+
+    if queue_count >= browser.max_threads
+      hydra.run
+      queue_count = 0
+      puts "Sent #{browser.max_threads} requests ..." if options[:verbose]
+    end
+  end
+
+  # run all of the remaining requests
+  hydra.run
+end
+
+ +
+ + + + +
+ + +
+ +
+ login_request(password) + + click to toggle source + +
+ + +
+ +

@param [ String ] password

+ +

@return [ Typhoeus::Request ]

+ + + + +
+ 
# File lib/common/models/wp_user/brute_forcable.rb, line 78
+def login_request(password)
+  Browser.instance.forge_request(login_url,
+    method: :post,
+    body: { log: login, pwd: password },
+    cache_ttl: 0
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ progress_bar(passwords_size, options) + + click to toggle source + +
+ + +
+ +

@param [ Integer ] targets_size @param [ Hash ] options

+ +

@return [ ProgressBar ] :nocov:

+ + + + +
+ 
# File lib/common/models/wp_user/brute_forcable.rb, line 63
+def progress_bar(passwords_size, options)
+  if options[:show_progression]
+    ProgressBar.create(
+      format: '%t %a <%B> (%c / %C) %P%% %e',
+      title: "  Brute Forcing '#{login}'",
+      length: 120,
+      total: passwords_size
+    )
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ valid_password?(response, password, options = {}) + + click to toggle source + +
+ + +
+ +

@param [ Typhoeus::Response ] +response @param [ String ] password @param [ Hash ] options @option options +[ Boolean ] :verbose @option options [ Boolean ] :show_progression

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_user/brute_forcable.rb, line 93
+def valid_password?(response, password, options = {})
+  if response.code == 302
+    progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
+    valid       = true
+  elsif response.body =~ /login_error/
+    verbose = "\n  Incorrect login and/or password."
+  elsif response.timed_out?
+    progression = "#{red('ERROR:')} Request timed out."
+  elsif response.code == 0
+    progression = "#{red('ERROR:')} No response from remote server. WAF/IPS?"
+  elsif response.code.to_s =~ /^50/
+    progression = "#{red('ERROR:')} Server error, try reducing the number of threads."
+  else
+    progression = "#{red('ERROR:')} We received an unknown response for #{password}..."
+    verbose     = red("    Code: #{response.code}\n    Body: #{response.body}\n")
+  end
+
+  puts "\n  " + progression if progression && options[:show_progression]
+  puts verbose if verbose && options[:verbose]
+
+  valid || false
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpUser/Existable.html b/doc_rdoc/WpUser/Existable.html new file mode 100644 index 00000000..0d3243d8 --- /dev/null +++ b/doc_rdoc/WpUser/Existable.html @@ -0,0 +1,493 @@ + + + + + + +module WpUser::Existable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpUser::Existable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Class Methods

+ + +
+ +
+ display_name_from_body(body) + + click to toggle source + +
+ + +
+ +

@note Some bodies are encoded in ASCII-8BIT, and Nokogiri doesn’t support +it

+ +
So it's forced to UTF-8 when this encoding is detected
+ +

@param [ String ] body

+ +

@return [ String ] The display_name

+ + + + +
+ 
# File lib/common/models/wp_user/existable.rb, line 63
+def self.display_name_from_body(body)
+  if title_tag = body[%r{<title>([^<]+)</title>}, 1]
+    title_tag.force_encoding('UTF-8') if title_tag.encoding == Encoding::ASCII_8BIT
+    title_tag = Nokogiri::HTML::DocumentFragment.parse(title_tag).to_s
+    # &amp; are not decoded with Nokogiri

+    title_tag.sub!('&amp;', '&')
+
+    name = title_tag[%r{([^|«]+) }, 1]
+
+    return name.strip if name
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ login_from_author_pattern(text) + + click to toggle source + +
+ + +
+ +

@param [ String ] text

+ +

@return [ String ] The login

+ + + + +
+ 
# File lib/common/models/wp_user/existable.rb, line 38
+def self.login_from_author_pattern(text)
+  text[%r{/author/([^/\b]+)/?}, 1]
+end
+
+ +
+ + + + +
+ + +
+ +
+ login_from_body(body) + + click to toggle source + +
+ + +
+ +

@param [ String ] body

+ +

@return [ String ] The login

+ + + + +
+ 
# File lib/common/models/wp_user/existable.rb, line 45
+def self.login_from_body(body)
+  # Feed URL with Permalinks

+  login = WpUser::Existable.login_from_author_pattern(body)
+
+  unless login
+    # No Permalinks

+    login = body[%r{<body class="archive author author-([^\s]+) author-(\d+)}, 1]
+  end
+
+  login
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ exists_from_response?(response, options = {}) + + click to toggle source + +
+ + +
+ +

@param [ Typhoeus::Response ] +response @param [ Hash ] options

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_user/existable.rb, line 9
+def exists_from_response?(response, options = {})
+  load_from_response(response)
+
+  @login ? true : false
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpUsers.html b/doc_rdoc/WpUsers.html new file mode 100644 index 00000000..8382c72b --- /dev/null +++ b/doc_rdoc/WpUsers.html @@ -0,0 +1,337 @@ + + + + + + +class WpUsers - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpUsers

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+ +
+ + + + diff --git a/doc_rdoc/WpUsers/BruteForcable.html b/doc_rdoc/WpUsers/BruteForcable.html new file mode 100644 index 00000000..3fa96aba --- /dev/null +++ b/doc_rdoc/WpUsers/BruteForcable.html @@ -0,0 +1,360 @@ + + + + + + +module WpUsers::BruteForcable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpUsers::BruteForcable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ brute_force(wordlist, options = {}) + + click to toggle source + +
+ + +
+ +

Brute force each wp_user

+ +

To avoid loading the wordlist each time in the wp_user instance It’s loaded +here, and given to the wp_user

+ +

@param [ String, Array<String> ] wordlist +@param [ Hash ] options See WpUser::BruteForcable#brute_force

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/collections/wp_users/brute_forcable.rb, line 14
+def brute_force(wordlist, options = {})
+  passwords = WpUser::BruteForcable.passwords_from_wordlist(wordlist)
+
+  self.each { |wp_user| wp_user.brute_force(passwords, options) }
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpUsers/Detectable.html b/doc_rdoc/WpUsers/Detectable.html new file mode 100644 index 00000000..61722c1c --- /dev/null +++ b/doc_rdoc/WpUsers/Detectable.html @@ -0,0 +1,434 @@ + + + + + + +module WpUsers::Detectable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpUsers::Detectable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ passive_detection(wp_target, options = {}) + + click to toggle source + +
+ + +
+ +

No passive detection

+ +

@return [ WpUsers ]

+ + + + +
+ 
# File lib/common/collections/wp_users/detectable.rb, line 11
+def passive_detection(wp_target, options = {})
+  new
+end
+
+ +
+ + + + +
+ + +
+ +
+ request_params() + + click to toggle source + +
+ + +
+ +

@return [ Hash ]

+ + + + +
+ 
# File lib/common/collections/wp_users/detectable.rb, line 6
+def request_params; {} end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Instance Methods

+ + +
+ +
+ targets_items(wp_target, options = {}) + + click to toggle source + +
+ + +
+ +

@param [ WpTarget ] wp_target @param [ Hash +] options @option options [ Range ] :range ((1..10))

+ +

@return [ Array<WpUser> ]

+ + + + +
+ 
# File lib/common/collections/wp_users/detectable.rb, line 22
+def targets_items(wp_target, options = {})
+  range   = options[:range] || (1..10)
+  targets = []
+
+  range.each do |user_id|
+    targets << WpUser.new(wp_target.uri, id: user_id)
+  end
+  targets
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpUsers/Output.html b/doc_rdoc/WpUsers/Output.html new file mode 100644 index 00000000..32f03d98 --- /dev/null +++ b/doc_rdoc/WpUsers/Output.html @@ -0,0 +1,364 @@ + + + + + + +module WpUsers::Output - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpUsers::Output

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ output(options = {}) + + click to toggle source + +
+ + +
+ +

@param [ Hash ] options @option options[ Boolean ] :show_password Output the password column

+ +

@return [ void ]

+ + + + +
+ 
# File lib/common/collections/wp_users/output.rb, line 9
+def output(options = {})
+  rows     = []
+  headings = ['Id', 'Login', 'Name']
+  headings << 'Password' if options[:show_password]
+
+  self.each do |wp_user|
+    row = [wp_user.id, wp_user.login, wp_user.display_name]
+    row << wp_user.password if options[:show_password]
+    rows << row
+  end
+
+  puts Terminal::Table.new(headings: headings,
+                           rows: rows,
+                           style: { margin_left: options[:margin_left] || '' })
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpVersion.html b/doc_rdoc/WpVersion.html new file mode 100644 index 00000000..97e65d90 --- /dev/null +++ b/doc_rdoc/WpVersion.html @@ -0,0 +1,446 @@ + + + + + + +class WpVersion - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpVersion

+ +
+ +
+ + + + +
+ + + + + + + + +
+

Attributes

+ + +
+
+ number[RW] +
+ +
+ +

The version number

+ +
+
+ +
+ + + + +
+

Public Instance Methods

+ + +
+ +
+ ==(other) + + click to toggle source + +
+ + +
+ +

@param [ WpVersion ] other

+ +

@return [ Boolean ]

+ + + + +
+ 
# File lib/common/models/wp_version.rb, line 21
+def ==(other)
+  number == other.number
+end
+
+ +
+ + + + +
+ + +
+ +
+ allowed_options() + + click to toggle source + +
+ + +
+ +

@return [ Array ]

+ + +
+ Calls superclass method + WpItem#allowed_options +
+ + + +
+ 
# File lib/common/models/wp_version.rb, line 16
+def allowed_options; super << :number << :found_from end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpVersion/Findable.html b/doc_rdoc/WpVersion/Findable.html new file mode 100644 index 00000000..0e634274 --- /dev/null +++ b/doc_rdoc/WpVersion/Findable.html @@ -0,0 +1,828 @@ + + + + + + +module WpVersion::Findable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpVersion::Findable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml) + + click to toggle source + +
+ + +
+ +

Find the version of the blog designated from target_uri

+ +

@param [ URI ] target_uri @param [ String ] +wp_content_dir @param [ String ] wp_plugins_dir

+ +

@return [ WpVersion ]

+ + + + +
+ 
# File lib/common/models/wp_version/findable.rb, line 13
+def find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+  methods.grep(/find_from_/).each do |method|
+
+    if method === :find_from_advanced_fingerprinting
+      version = send(method, target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+    else
+      version = send(method, target_uri)
+    end
+
+    if version
+      return new(target_uri, number: version, found_from: method)
+    end
+  end
+  nil
+end
+
+ +
+ + + + +
+ + +
+ +
+ version_pattern() + + click to toggle source + +
+ + +
+ +

Used to check if the version is correct: must contain at least one dot.

+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/models/wp_version/findable.rb, line 32
+def version_pattern
+  '([^\r\n"\]+\.[^\r\n"\]+)'
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Instance Methods

+ + +
+ +
+ find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir, versions_xml) + + click to toggle source + +
+ + +
+ +

Uses data/wp_versions.xml to try to identify a wordpress version.

+ +

It does this by using client side file hashing

+ +

/!\ Warning : this method might return false positive if the file used for +fingerprinting is part of a theme (they can be updated)

+ +

@param [ URI ] target_uri @param [ String ] +wp_content_dir @param [ String ] wp_plugins_dir @param [ String ] +versions_xml The path to the xml containing all versions

+ +

@return [ String ] The version number

+ + + + +
+ 
# File lib/common/models/wp_version/findable.rb, line 153
+def find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+  xml     = xml(versions_xml)
+
+  # This wp_item will take care of encoding the path

+  # and replace variables like $wp-content$ & $wp-plugins$

+  wp_item = WpItem.new(target_uri,
+                       wp_content_dir: wp_content_dir,
+                       wp_plugins_dir: wp_plugins_dir)
+
+  xml.xpath('//file').each do |node|
+    wp_item.path = node.attribute('src').text
+
+    response = Browser.get(wp_item.url)
+    md5sum = Digest::MD5.hexdigest(response.body)
+
+    node.search('hash').each do |hash|
+      if hash.attribute('md5').text == md5sum
+        return hash.search('version').text
+      end
+    end
+  end
+  nil
+end
+
+ +
+ + + + +
+ + +
+ +
+ find_from_atom_generator(target_uri) + + click to toggle source + +
+ + +
+ +

Attempts to find the WordPress version from, the generator tag in the Atom +source.

+ +

@param [ URI ] target_uri

+ +

@return [ String ] The version number

+ + + + +
+ 
# File lib/common/models/wp_version/findable.rb, line 120
+def find_from_atom_generator(target_uri)
+  scan_url(
+    target_uri,
+    %r{<generator uri="http://wordpress.org/" version="#{version_pattern}">WordPress</generator>},
+    'feed/atom/'
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ find_from_links_opml(target_uri) + + click to toggle source + +
+ + +
+ +

Attempts to find the WordPress version from the p-links-opml.php file.

+ +

@param [ URI ] target_uri

+ +

@return [ String ] The version number

+ + + + + + +
+ + + + +
+ + +
+ +
+ find_from_meta_generator(target_uri) + + click to toggle source + +
+ + +
+ +

Attempts to find the wordpress version from, the generator meta tag in the +html source.

+ +

The meta tag can be removed however it seems, that it is reinstated on +upgrade.

+ +

@param [ URI ] target_uri

+ +

@return [ String ] The version number

+ + + + +
+ 
# File lib/common/models/wp_version/findable.rb, line 67
+def find_from_meta_generator(target_uri)
+  scan_url(
+    target_uri,
+    %r{name="generator" content="wordpress #{version_pattern}"}
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ find_from_rdf_generator(target_uri) + + click to toggle source + +
+ + +
+ +

Attempts to find WordPress version from, the generator tag in the RDF feed +source.

+ +

@param [ URI ] target_uri

+ +

@return [ String ] The version number

+ + + + +
+ 
# File lib/common/models/wp_version/findable.rb, line 94
+def find_from_rdf_generator(target_uri)
+  scan_url(
+    target_uri,
+    %r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{version_pattern}" />},
+    'feed/rdf/'
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ find_from_readme(target_uri) + + click to toggle source + +
+ + +
+ +

Attempts to find the WordPress version from the readme.html file.

+ +

@param [ URI ] target_uri

+ +

@return [ String ] The version number

+ + + + +
+ 
# File lib/common/models/wp_version/findable.rb, line 182
+def find_from_readme(target_uri)
+  scan_url(
+    target_uri,
+    %r{<br />\sversion #{version_pattern}},
+    'readme.html'
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ find_from_rss_generator(target_uri) + + click to toggle source + +
+ + +
+ +

Attempts to find the WordPress version from, the generator tag in the RSS +feed source.

+ +

@param [ URI ] target_uri

+ +

@return [ String ] The version number

+ + + + +
+ 
# File lib/common/models/wp_version/findable.rb, line 80
+def find_from_rss_generator(target_uri)
+  scan_url(
+    target_uri,
+    %r{<generator>http://wordpress.org/\?v=#{version_pattern}</generator>},
+    'feed/'
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ find_from_sitemap_generator(target_uri) + + click to toggle source + +
+ + +
+ +

Attempts to find the WordPress version from the sitemap.xml file.

+ +

See: code.google.com/p/wpscan/issues/detail?id=109

+ +

@param [ URI ] target_uri

+ +

@return [ String ] The version number

+ + + + +
+ 
# File lib/common/models/wp_version/findable.rb, line 197
+def find_from_sitemap_generator(target_uri)
+  scan_url(
+    target_uri,
+    %r{generator="wordpress/#{version_pattern}"},
+    'sitemap.xml'
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ scan_url(target_uri, pattern, path = nil) + + click to toggle source + +
+ + +
+ +

Returns the first match of <pattern> in the body of the url

+ +

@param [ URI ] target_uri @param [ Regex ] +pattern @param [ String ] path

+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/models/wp_version/findable.rb, line 45
+def scan_url(target_uri, pattern, path = nil)
+  url = path ? target_uri.merge(path).to_s : target_uri.to_s
+  response = Browser.get_and_follow_location(url)
+
+  response.body[pattern, 1]
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpVersion/Output.html b/doc_rdoc/WpVersion/Output.html new file mode 100644 index 00000000..a5c3af02 --- /dev/null +++ b/doc_rdoc/WpVersion/Output.html @@ -0,0 +1,358 @@ + + + + + + +module WpVersion::Output - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpVersion::Output

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ output() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/common/models/wp_version/output.rb, line 5
+def output
+  puts green('[+]') + " WordPress version #{self.number} identified from #{self.found_from}"
+
+  vulnerabilities = self.vulnerabilities
+
+  unless vulnerabilities.empty?
+    puts
+    puts red('[!]') + " We have identified #{vulnerabilities.size} vulnerabilities from the version number :"
+
+    vulnerabilities.output
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpVersion/Vulnerable.html b/doc_rdoc/WpVersion/Vulnerable.html new file mode 100644 index 00000000..45650fa7 --- /dev/null +++ b/doc_rdoc/WpVersion/Vulnerable.html @@ -0,0 +1,387 @@ + + + + + + +module WpVersion::Vulnerable - RDoc Documentation + + + + + + + + + + + + + + + + +
+

module WpVersion::Vulnerable

+ +
+ +
+ + + + +
+ + + + + + + + + + +
+

Public Instance Methods

+ + +
+ +
+ vulns_file() + + click to toggle source + +
+ + +
+ +

@return [ String ] The path to the file containing vulnerabilities

+ + + + +
+ 
# File lib/common/models/wp_version/vulnerable.rb, line 6
+def vulns_file
+  unless @vulns_file
+    @vulns_file = WP_VULNS_FILE
+  end
+  @vulns_file
+end
+
+ +
+ + + + +
+ + +
+ +
+ vulns_xpath() + + click to toggle source + +
+ + +
+ +

@return [ String ]

+ + + + +
+ 
# File lib/common/models/wp_version/vulnerable.rb, line 14
+def vulns_xpath
+  "//wordpress[@version='#{@number}']/vulnerability"
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/WpscanOptions.html b/doc_rdoc/WpscanOptions.html new file mode 100644 index 00000000..578487db --- /dev/null +++ b/doc_rdoc/WpscanOptions.html @@ -0,0 +1,1244 @@ + + + + + + +class WpscanOptions - RDoc Documentation + + + + + + + + + + + + + + + + +
+

class WpscanOptions

+ +
+ +
+ + + + +
+ + + + + + +
+

Constants

+
+ +
ACCESSOR_OPTIONS + +
+ + +
+
+ + + + + + +
+

Public Class Methods

+ + +
+ +
+ load_from_arguments() + + click to toggle source + +
+ + +
+ +

Will load the options from ARGV return WpscanOptions

+ + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 148
+def self.load_from_arguments
+  wpscan_options = WpscanOptions.new
+
+  if ARGV.length > 0
+    WpscanOptions.get_opt_long.each do |opt, arg|
+      wpscan_options.set_option_from_cli(opt, arg)
+    end
+  end
+
+  wpscan_options
+end
+
+ +
+ + + + +
+ + +
+ +
+ new() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 35
+def initialize
+  ACCESSOR_OPTIONS.each do |option|
+    instance_variable_set("@#{option}", nil)
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+

Protected Class Methods

+ + +
+ +
+ clean_option(option) + + click to toggle source + +
+ + +
+ +

Will removed the ‘-’ or ‘–’ chars at the beginning of option and replace +any remaining ‘-’ by ‘_’

+ +

param string option return string

+ + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 246
+def self.clean_option(option)
+  cleaned_option = option.gsub(/^--?/, '')
+  cleaned_option.gsub(/-/, '_')
+end
+
+ +
+ + + + +
+ + +
+ +
+ get_opt_long() + + click to toggle source + +
+ + +
+ +

Even if a short option is given (IE : -u), the long one will be returned +(IE : –url)

+ + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 215
+def self.get_opt_long
+  GetoptLong.new(
+    ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
+    ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT],
+    ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT],
+    ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT],
+    ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT],
+    ['--force', '-f', GetoptLong::NO_ARGUMENT],
+    ['--help', '-h', GetoptLong::NO_ARGUMENT],
+    ['--verbose', '-v', GetoptLong::NO_ARGUMENT],
+    ['--proxy', GetoptLong::REQUIRED_ARGUMENT],
+    ['--proxy-auth', GetoptLong::REQUIRED_ARGUMENT],
+    ['--update', GetoptLong::NO_ARGUMENT],
+    ['--follow-redirection', GetoptLong::NO_ARGUMENT],
+    ['--wp-content-dir', GetoptLong::REQUIRED_ARGUMENT],
+    ['--wp-plugins-dir', GetoptLong::REQUIRED_ARGUMENT],
+    ['--config-file', '-c', GetoptLong::REQUIRED_ARGUMENT],
+    ['--exclude-content-based', GetoptLong::REQUIRED_ARGUMENT],
+    ['--basic-auth', GetoptLong::REQUIRED_ARGUMENT]
+  )
+end
+
+ +
+ + + + +
+ + +
+ +
+ is_long_option?(option) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 237
+def self.is_long_option?(option)
+  ACCESSOR_OPTIONS.include?(:"#{WpscanOptions.clean_option(option)}")
+end
+
+ +
+ + + + +
+ + +
+ +
+ option_to_instance_variable_setter(option) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 251
+def self.option_to_instance_variable_setter(option)
+  cleaned_option = WpscanOptions.clean_option(option)
+  option_syms = ACCESSOR_OPTIONS.grep(%r{^#{cleaned_option}$})
+
+  option_syms.length == 1 ? :"#{option_syms.at(0)}=" : nil
+end
+
+ +
+ + + + +
+ + +
+ +
+

Public Instance Methods

+ + +
+ +
+ basic_auth=(basic_auth) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 123
+def basic_auth=(basic_auth)
+  raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil?
+  @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
+end
+
+ +
+ + + + +
+ + +
+ +
+ enumerate_all_plugins=(enumerate_all_plugins) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 91
+def enumerate_all_plugins=(enumerate_all_plugins)
+  if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true)
+    raise 'Please choose only one plugin enumeration option'
+  else
+    @enumerate_all_plugins = enumerate_all_plugins
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ enumerate_all_themes=(enumerate_all_themes) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 115
+def enumerate_all_themes=(enumerate_all_themes)
+  if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true)
+    raise 'Please choose only one theme enumeration option'
+  else
+    @enumerate_all_themes = enumerate_all_themes
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 83
+def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins)
+  if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true)
+    raise 'Please choose only one plugin enumeration option'
+  else
+    @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 107
+def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
+  if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true)
+    raise 'Please choose only one theme enumeration option'
+  else
+    @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ enumerate_options_from_string(value) + + click to toggle source + +
+ + +
+ +

Will set enumerate_* from the string value IE : if value = vp => +:enumerate_only_vulnerable_plugins will be set to true multiple enumeration +are possible : ‘u,p’ => :enumerate_usernames and :enumerate_plugins +Special case for usernames, a range is possible : u will enumerate usernames from 1 to 10

+ + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 183
+def enumerate_options_from_string(value)
+  # Usage of self is mandatory because there are overridden setters
+
+  value = value.split(',').map { |c| c.downcase }
+
+  self.enumerate_only_vulnerable_plugins = true if value.include?('vp')
+
+  self.enumerate_plugins = true if value.include?('p')
+
+  self.enumerate_all_plugins = true if value.include?('ap')
+
+  @enumerate_timthumbs = true if value.include?('tt')
+
+  self.enumerate_only_vulnerable_themes = true if value.include?('vt')
+
+  self.enumerate_themes = true if value.include?('t')
+
+  self.enumerate_all_themes = true if value.include?('at')
+
+  value.grep(/^u/) do |username_enum_value|
+    @enumerate_usernames = true
+    # Check for usernames range
+    matches = %r{\[([\d]+)-([\d]+)\]}.match(username_enum_value)
+    if matches
+      @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i)
+    end
+  end
+
+end
+
+ +
+ + + + +
+ + +
+ +
+ enumerate_plugins=(enumerate_plugins) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 75
+def enumerate_plugins=(enumerate_plugins)
+  if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true)
+    raise 'Please choose only one plugin enumeration option'
+  else
+    @enumerate_plugins = enumerate_plugins
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ enumerate_themes=(enumerate_themes) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 99
+def enumerate_themes=(enumerate_themes)
+  if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true)
+    raise 'Please choose only one theme enumeration option'
+  else
+    @enumerate_themes = enumerate_themes
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ has_options?() + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 128
+def has_options?
+  !to_h.empty?
+end
+
+ +
+ + + + +
+ + +
+ +
+ proxy=(proxy) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 59
+def proxy=(proxy)
+  if proxy.index(':') == nil
+    raise 'Invalid proxy format. Should be host:port.'
+  else
+    @proxy = proxy
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ proxy_auth=(auth) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 67
+def proxy_auth=(auth)
+  if auth.index(':') == nil
+    raise 'Invalid proxy auth format, username:password expected'
+  else
+    @proxy_auth = auth
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ set_option_from_cli(cli_option, cli_value) + + click to toggle source + +
+ + +
+ +

string cli_option : –url, -u, –proxy etc string cli_value : the option +value

+ + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 162
+def set_option_from_cli(cli_option, cli_value)
+
+  if WpscanOptions.is_long_option?(cli_option)
+    self.send(
+        WpscanOptions.option_to_instance_variable_setter(cli_option),
+        cli_value
+    )
+  elsif cli_option === '--enumerate' # Special cases
+    # Default value if no argument is given
+    cli_value = 'vt,tt,u,vp' if cli_value.length == 0
+
+    enumerate_options_from_string(cli_value)
+  else
+    raise "Unknow option : #{cli_option} with value #{cli_value}"
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ threads=(threads) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 47
+def threads=(threads)
+  @threads = threads.is_a?(Integer) ? threads : threads.to_i
+end
+
+ +
+ + + + +
+ + +
+ +
+ to_h() + + click to toggle source + +
+ + +
+ +

return Hash

+ + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 133
+def to_h
+  options = {}
+
+  ACCESSOR_OPTIONS.each do |option|
+    instance_variable = instance_variable_get("@#{option}")
+
+    unless instance_variable.nil?
+      options[:"#{option}"] = instance_variable
+    end
+  end
+  options
+end
+
+ +
+ + + + +
+ + +
+ +
+ url=(url) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 41
+def url=(url)
+  raise 'Empty URL given' if !url
+
+  @url = URI.parse(add_http_protocol(url)).to_s
+end
+
+ +
+ + + + +
+ + +
+ +
+ wordlist=(wordlist) + + click to toggle source + +
+ + +
+ + + + + + +
+ 
# File lib/wpscan/wpscan_options.rb, line 51
+def wordlist=(wordlist)
+  if File.exists?(wordlist)
+    @wordlist = wordlist
+  else
+    raise "The file #{wordlist} does not exist"
+  end
+end
+
+ +
+ + + + +
+ + +
+ +
+ +
+ + + + diff --git a/doc_rdoc/conf/browser_conf_json.html b/doc_rdoc/conf/browser_conf_json.html new file mode 100644 index 00000000..765f3b92 --- /dev/null +++ b/doc_rdoc/conf/browser_conf_json.html @@ -0,0 +1,327 @@ + + + + + + +browser.conf.json - RDoc Documentation + + + + + + + + + + + + + + + + +
+ +

{

+ +
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
+   Modes :
+  static : will use the defined user_agent for each request
+  semi-static : will randomly choose a user agent into available_user_agents before each scan
+  random : each request will choose a random user agent in available_user_agents
+
+"user_agent_mode": "static",
+
+/* Uncomment the "proxy" line to use the proxy
+  SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
+  If you do not specify the protocol, http will be used
+ /
+//"proxy": "127.0.0.1:3128",
+//"proxy_auth": "username:password",
+
+"cache_ttl": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
+
+"request_timeout": 2000, // 2s
+
+"max_threads": 20,
+
+// Some user_agents can be found there http://techpatterns.com/downloads/firefox/useragentswitcher.xml (thx to Gianluca Brindisi)
+"available_user_agents":
+[
+  // Windows
+  "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5",
+  "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14",
+  "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27",
+  "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1",
+  "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)",
+  "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
+  "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
+  "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1",
+  "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6",
+  "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1",
+  "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0",
+  "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1",
+  "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
+  "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
+  "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)",
+  "Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00",
+  "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5",
+
+  // MAC
+  "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13",
+  "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15",
+  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
+  "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3",
+  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3",
+  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1",
+  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10",
+
+  // Linux
+  "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1",
+  "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24",
+  "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9",
+  "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0",
+  "Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0",
+  "Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00",
+  "Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0"
+]
+ +

}

+ +
+ + + + + diff --git a/doc_rdoc/created.rid b/doc_rdoc/created.rid new file mode 100644 index 00000000..077284c4 --- /dev/null +++ b/doc_rdoc/created.rid @@ -0,0 +1,115 @@ +Tue, 30 Apr 2013 23:04:59 +0200 +./cache/browser/09f0520775fb560e8a3abb502a38c2e98 Sat, 20 Apr 2013 00:35:49 +0200 +./cache/browser/0f850086150e0e9f56dea802cff5f2feb Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/1146bfec38da8af3e97f2185ae41b9ff1 Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/26c91b2384fcca14b01e96940a4067eeb Sat, 20 Apr 2013 00:35:51 +0200 +./cache/browser/2b31ffbdccdbaef3a6315f9008d16b464 Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/2dcd5ba55475eb8388f4bb7d338ee9cc2 Sat, 20 Apr 2013 00:35:49 +0200 +./cache/browser/347304d8084272523028ffe3a08e3ddff Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/3ee936c559fa4c330fc17ea0371815582 Sat, 20 Apr 2013 00:35:51 +0200 +./cache/browser/5a248b48f7307ac55bbcf7cfdc941432b Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/6167eb1a37fe3d9623181ecaab96eb09e Sat, 20 Apr 2013 00:35:46 +0200 +./cache/browser/72ef549df602ed67e1cc6536b2868b9af Sat, 20 Apr 2013 00:35:47 +0200 +./cache/browser/783e567fcf6af33e79f125b449e92c060 Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/7f14a8adafe752468fcc29e24c22cdcd2 Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/91060b991e36291fa0b6d5e918fe3d9f4 Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/964703cf98798b122f5d4689af655663b Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/97d941a6fd31abe267df81d64c83e716d Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/9f5f09f5b6d12dd5cd5ce764b551bf524 Sat, 20 Apr 2013 00:35:47 +0200 +./cache/browser/a170ec391867993d9d849a3dd5b1b42b1 Sat, 20 Apr 2013 00:35:46 +0200 +./cache/browser/a4edb3b5b18ef73b6f71ba316462a1e82 Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/aa7285a9219756d31d0c8addf72007eb2 Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/adadd70f16850eb0c8522dc03269887c9 Sat, 20 Apr 2013 00:35:53 +0200 +./cache/browser/b2b72c433f98ef3d38228449951da14bb Sat, 20 Apr 2013 00:35:52 +0200 +./cache/browser/b716ffe57fcfed5ba8966dcccf1933c56 Sat, 20 Apr 2013 00:35:53 +0200 +./cache/browser/c29d0f7e6586edafab07f69ef781212ba Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/c66f18deb4c4f4b8f9aaf16d98e61ee42 Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/c7d4f021aa5b0ebd39a59d7e09b7d1aef Sat, 20 Apr 2013 00:35:53 +0200 +./cache/browser/dbe30d0f12f38003cd47eabe80b57dfd4 Sat, 20 Apr 2013 00:35:48 +0200 +./cache/browser/de582ceb283b8c55c839ff36345bc3213 Sat, 20 Apr 2013 00:35:47 +0200 +./cache/browser/e35c3e8db2aa51ef3e70c320ce71444ce Sat, 20 Apr 2013 00:35:52 +0200 +./cache/browser/e872ae19990091fb24da44351fd218a2a Sat, 20 Apr 2013 00:35:50 +0200 +./cache/browser/efd044cf07a8430febdee6238d2020da8 Sat, 20 Apr 2013 00:35:48 +0200 +./conf/browser.conf.json Mon, 01 Apr 2013 23:09:01 +0200 +./CREDITS Mon, 01 Apr 2013 23:09:01 +0200 +./Gemfile Wed, 17 Apr 2013 21:56:58 +0200 +./Gemfile.lock Sat, 20 Apr 2013 00:33:10 +0200 +./generate_doc.sh Tue, 30 Apr 2013 23:02:36 +0200 +./lib/common/browser/actions.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/browser/options.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/browser.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/cache_file_store.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/vulnerabilities/output.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/vulnerabilities.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/wp_items/detectable.rb Sat, 20 Apr 2013 00:32:41 +0200 +./lib/common/collections/wp_items/output.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/wp_items.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/wp_plugins/detectable.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/wp_plugins.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/wp_themes/detectable.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/wp_themes.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/wp_timthumbs/detectable.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/wp_timthumbs.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/wp_users/brute_forcable.rb Wed, 17 Apr 2013 21:56:58 +0200 +./lib/common/collections/wp_users/detectable.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/collections/wp_users/output.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/collections/wp_users.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/common_helper.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/custom_option_parser.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/hacks.rb Wed, 17 Apr 2013 21:56:58 +0200 +./lib/common/models/vulnerability/output.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/models/vulnerability.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_item/existable.rb Sat, 20 Apr 2013 00:32:41 +0200 +./lib/common/models/wp_item/findable.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_item/infos.rb Sat, 20 Apr 2013 00:32:41 +0200 +./lib/common/models/wp_item/output.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_item/versionable.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/models/wp_item/vulnerable.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_item.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_plugin/vulnerable.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_plugin.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_theme/findable.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/models/wp_theme/versionable.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/models/wp_theme/vulnerable.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_theme.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_timthumb/existable.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_timthumb/output.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_timthumb/versionable.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/models/wp_timthumb.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_user/brute_forcable.rb Wed, 17 Apr 2013 21:56:58 +0200 +./lib/common/models/wp_user/existable.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/models/wp_user.rb Wed, 17 Apr 2013 21:56:58 +0200 +./lib/common/models/wp_version/findable.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/common/models/wp_version/output.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_version/vulnerable.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/models/wp_version.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/plugins/plugin.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/plugins/plugins.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/typhoeus_cache.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/updater/git_updater.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/updater/svn_updater.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/updater/updater.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/common/updater/updater_factory.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/environment.rb Wed, 17 Apr 2013 21:56:58 +0200 +./lib/wpscan/web_site.rb Sat, 20 Apr 2013 00:32:41 +0200 +./lib/wpscan/wp_target/malwares.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/wpscan/wp_target/wp_config_backup.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/wpscan/wp_target/wp_custom_directories.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/wpscan/wp_target/wp_full_path_disclosure.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/wpscan/wp_target/wp_login_protection.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/wpscan/wp_target/wp_readme.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/wpscan/wp_target/wp_registrable.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/wpscan/wp_target.rb Sat, 20 Apr 2013 00:32:41 +0200 +./lib/wpscan/wpscan_helper.rb Sun, 14 Apr 2013 10:46:08 +0200 +./lib/wpscan/wpscan_options.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/wpstools/plugins/checker/checker_plugin.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/wpstools/plugins/list_generator/generate_list.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/wpstools/plugins/list_generator/list_generator_plugin.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/wpstools/plugins/list_generator/svn_parser.rb Wed, 17 Apr 2013 21:56:58 +0200 +./lib/wpstools/plugins/stats/stats_plugin.rb Fri, 05 Apr 2013 20:07:17 +0200 +./lib/wpstools/wpstools_helper.rb Fri, 05 Apr 2013 20:07:17 +0200 +./LICENSE Fri, 05 Apr 2013 20:07:17 +0200 +./README Mon, 01 Apr 2013 23:11:37 +0200 +./README.md Mon, 01 Apr 2013 23:11:37 +0200 +./wpscan.rb Wed, 17 Apr 2013 21:56:58 +0200 +./wpstools.rb Wed, 17 Apr 2013 21:56:58 +0200 diff --git a/doc_rdoc/generate_doc_sh.html b/doc_rdoc/generate_doc_sh.html new file mode 100644 index 00000000..470884f6 --- /dev/null +++ b/doc_rdoc/generate_doc_sh.html @@ -0,0 +1,267 @@ + + + + + + +generate_doc.sh - RDoc Documentation + + + + + + + + + + + + + + + + +
+ +

#!/bin/bash DIR=“$( cd ”$( dirname “${BASH_SOURCE}” +)“ && pwd )” rm -rf $DIR/doc_rdoc/ rm -rf $DIR/doc_yard/ rdoc +–root=“$DIR” -x $DIR/cache/ -x spec/ -x data/ -x coverage/ -x doc_rdoc/ -x +log.txt -o $DIR/doc_rdoc yard doc –protected –private -o $DIR/doc_yard/ +–exclude “/(doc_.+?|cache|spec|data|coverage)/” –exclude “log.txt”

+ +
+ + + + + diff --git a/doc_rdoc/images/add.png b/doc_rdoc/images/add.png new file mode 100755 index 0000000000000000000000000000000000000000..6332fefea4be19eeadf211b0b202b272e8564898 GIT binary patch literal 733 zcmV<30wVp1P)9VHk(~TedF+gQSL8D5xnVSSWAVY>J9b+m>@{iq7_KE}go~11+5s4;8hc+i0Xa zI1j@EX5!S+Me6HNqKzU5YQwL;-W5$p%ZMKMeR<%zp69-~?<4?8|C8S?bklXr4v&Ov zb&06v2|-x?qB`90yn>Qi%Sh2^G4n)$ZdyvTPf9}1)_buUT7>`e2G&2VU@~Bb(o+Mz zi4)>IxlSY${Dj4k={-9RzU^W5g9|2V5RZ2ZulL9s2xQbZ@r6eP9Ra5u(s|C0Nj#&4>wTSkb?%#=9?@ z^oxDy-O@tyN{L@by(WWvQ3%CyEu8x{+#Jb4-h&K9Owi)2pgg+heWDyked|3R$$kL@A z#sp1v-r+=G4B8D6DqsDH0@7OztA7aT9qc1Py{()w`m``?Y0&gi2=ROcc-9+nU^I6< zT=e_Y=vSnG@?3Ue{BW5ONFttcE!R-R_W4O01|0-|K-YNXLo2`4Qv z`r1LxR6#yf3FB%T95gJnaKKivA~Z}S9A(ZxEDK}O3T04USJ P00000NkvXXu0mjf^IS-S literal 0 HcmV?d00001 diff --git a/doc_rdoc/images/arrow_up.png b/doc_rdoc/images/arrow_up.png new file mode 100755 index 0000000000000000000000000000000000000000..1ebb193243780b8eb1919a51ef27c2a0d36ccec2 GIT binary patch literal 372 zcmV-)0gL{LP)6w#wHUuW*nL5>vZR zlg{G&%mT~|kL3ei%GW0*UOHUMs5XI$4uxe-L?I@SAefq*207}Iqtjm#e5*fP53AiC z)C|RQfwzxx<#_WfANRGZx{+tFDl8~Q?;~Ve=lM^*8UTTnVL?HTDz8uta0D@d28E9S z_)i8aLz^UE6PPKymi;2GJ`34{eIia-CtfAt0H61rk0 SPTNud0000C4}Mrzlg<+1Y8PEBfUp0jJpx4B>@E+cy3`^(Gw`Mf+2&yxZm<$to~Vpgvg&QKNR z_f#1(r6svZt%iF?s+n<8X?B&!h3g9Dbb8_=MX}!;HiQSAh`bp^WMl~Z-44teO7W_Y zV4thSL{h;rJY7!l3%5J4H1!tIzB`Dv+YxO(haWeausGZYkI8^hWj6mzo=L0{%;yxzh{5!Htr?51 zvG|W62MzC8BZ76hRpCyO2zOn<%e)K>NHge!-~)Ap33OdWw6hsLYbCxGNt0%wk_2z7 zfyYvXheSG)5HRK1VB~%mq7Dmurw#bi@hEcOr3&G1ZiF*$M=&9nB#VNf&Q^r$4G5kp zTURh&s)E0%5&hyVD}sp<72~zmAY`Y(9aqO6CXF%=zFHGzO-A&I(pE}v70YQxCPJ{Y z4L+?5-crdLn3ZRPEs!A4ehEY3ZRpL~w9>@aMN+{F4dI@v&>(QDHQum!mG~E^$OS8l z!7?%Uwib*ROP67Hw`ika)gX-(8Ia`-u_IEhxG7U<13kSsMW+$lbb2dUMm5p6pa}cjgA+U$^mJ^AjD?&bdi)8~y+Q002ovPDHLkV1g8IMc@Dc literal 0 HcmV?d00001 diff --git a/doc/images/find.png b/doc_rdoc/images/find.png similarity index 100% rename from doc/images/find.png rename to doc_rdoc/images/find.png diff --git a/doc/images/loadingAnimation.gif b/doc_rdoc/images/loadingAnimation.gif similarity index 100% rename from doc/images/loadingAnimation.gif rename to doc_rdoc/images/loadingAnimation.gif diff --git a/doc/images/macFFBgHack.png b/doc_rdoc/images/macFFBgHack.png similarity index 100% rename from doc/images/macFFBgHack.png rename to doc_rdoc/images/macFFBgHack.png diff --git a/doc/images/package.png b/doc_rdoc/images/package.png similarity index 100% rename from doc/images/package.png rename to doc_rdoc/images/package.png diff --git a/doc/images/page_green.png b/doc_rdoc/images/page_green.png similarity index 100% rename from doc/images/page_green.png rename to doc_rdoc/images/page_green.png diff --git a/doc/images/page_white_text.png b/doc_rdoc/images/page_white_text.png similarity index 100% rename from doc/images/page_white_text.png rename to doc_rdoc/images/page_white_text.png diff --git a/doc/images/page_white_width.png b/doc_rdoc/images/page_white_width.png similarity index 100% rename from doc/images/page_white_width.png rename to doc_rdoc/images/page_white_width.png diff --git a/doc/images/plugin.png b/doc_rdoc/images/plugin.png similarity index 100% rename from doc/images/plugin.png rename to doc_rdoc/images/plugin.png diff --git a/doc/images/ruby.png b/doc_rdoc/images/ruby.png similarity index 100% rename from doc/images/ruby.png rename to doc_rdoc/images/ruby.png diff --git a/doc_rdoc/images/tag_blue.png b/doc_rdoc/images/tag_blue.png new file mode 100755 index 0000000000000000000000000000000000000000..3f02b5f8f8bf7c89b60ff70437fb7df6bd95e327 GIT binary patch literal 1880 zcmZ8g2{hFE9{dKLpnAK z!yd|CC&>l1b7`m$MH$ScEIP@XgT41O>|DzL{-38CH68OyX#u=G?d7;y&_o&o)f@3U z2(tr%Ok88caOL`xiQA8o;Vzr-$A$SOu6o|$&0DQAJ1Z7?OACaeoy+)PWu&~aueW<| z*KW^(^2}#30u*~<_mXScFNd6U&sxh5*GGMNytZGxkIGqL%v6329^u`FD6T?b?K!4B z@Hzh?O2Au=((Gu;rvgLMt^pS|u1rEkBgC8$oH%zgT`TvZiK#VDrVG?-i~6a_+WZb> zc1>>lb)xcuo^Cl8k%q3c_d*It_Vtj>RSovF&w;hS=6uYrT2e@-@l@P~uBN`zu!v>e zTm(is&jcQ6vuP?|;!e+(n8w)-Xjd!hwk@r2D0i00ygdKo2Xvs?&w_lajj5DHS@9I! z;_&ji2e{!uusGnVn};Pu|dl5x-FhQyC8^-4Uo_;BLiOXzcE z&4PS2TBWSC=hsw0og;z#(mly@Ed2E1E$_VDaM?kloE4ob2XK&K;OS~-nhIGlA4~UZrJu6*|}wi#TT?|yWUH+_&n($t0xta zBwTzSfE)uAw*L0>+`pTps}L-$jIP5Q_E$Am+l|{XfsKr0Vi~`Em?SJQ#0y)8vsxb1 zMdxJl^){_CDwI^}>)Pw${G?Ajc@P}x{Fvhoi0jbY^427?KPmoA_G)sqK}u$2(79Xg zC%}xm5JDcrsm5^vQEQpGEdJDc^yfuNAlqV1pZQVkOSceV<|{=|=@?=o4i_1RFUZth zC7cu<6%V3dVCI}P6DL4iUgTc@&(nXY)ox}HZ z(a#EgiNj%{kjRLL2t?{m_aKN`{5-&u+HAtQ-Qq#@!I@<(M+B3i@|g=LY6 z90tpW!JuMn_Lcy1q7g&LUSuLE3XS}K#P^nHVUmL`L)dbP| z0bt(+Cp#M-bH!LM*DzJ0Lfn;eTBV@|JvGSgpdoc1RhhV>(G-2(vE|>MrVgA9+?+0m4OzUqbT>-U-jg|v zLZMntq`r?fy1UCMh>z2Koi1SL-~N2ZrIf+dZW|;SWszsde}Dl!HOMc1Fa>K9)e&RI z)A?aK zcviCdKDUg_%#u7YAE`A`Y3$(P4&m^@fEWAvjAwVmRWeUnmkrxA;E!fKoc{9Vi=lvFL}KmoS;g* zdjL?Y!VHUFq63aLj6VZE+tHts?Z1pFkiO9^k*5pGpFpU&5#5G4ATd{t>a&9zKBVB9=Ns^HFU|DTGH8C+Xr2UqOU`Zxe)!|%j4=-QojGePq)pRGe;!f)Czk!u3vP_Jxu8(e6 zf4Q`F$Qio2Jw@N*E@k?c`+Sw}AYQjkT+x)OAe6eq(AT!iRuksKQn%Ao_Ac1T-p#Js I_CnHs0qX}mlmGw# literal 0 HcmV?d00001 diff --git a/doc/images/tag_green.png b/doc_rdoc/images/tag_green.png similarity index 100% rename from doc/images/tag_green.png rename to doc_rdoc/images/tag_green.png diff --git a/doc_rdoc/images/transparent.png b/doc_rdoc/images/transparent.png new file mode 100644 index 0000000000000000000000000000000000000000..d665e179efd797451084235f105425247fea0a14 GIT binary patch literal 97 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!D3?x-;bCrM;bAV5X>;M1%mmiTn0pv241o;Is pI6S+N2ITN~x;Tb#$R;N!@B(=T42&&nK2`x)44$rjF6*2UngG277DE64 literal 0 HcmV?d00001 diff --git a/doc/images/wrench.png b/doc_rdoc/images/wrench.png similarity index 100% rename from doc/images/wrench.png rename to doc_rdoc/images/wrench.png diff --git a/doc/images/wrench_orange.png b/doc_rdoc/images/wrench_orange.png similarity index 100% rename from doc/images/wrench_orange.png rename to doc_rdoc/images/wrench_orange.png diff --git a/doc/images/zoom.png b/doc_rdoc/images/zoom.png similarity index 100% rename from doc/images/zoom.png rename to doc_rdoc/images/zoom.png diff --git a/doc_rdoc/index.html b/doc_rdoc/index.html new file mode 100644 index 00000000..513aebc4 --- /dev/null +++ b/doc_rdoc/index.html @@ -0,0 +1,258 @@ + + + + + + +RDoc Documentation + + + + + + + + + + + + + + + + +
+

This is the API documentation for RDoc Documentation. +

+ + + + diff --git a/doc_rdoc/js/darkfish.js b/doc_rdoc/js/darkfish.js new file mode 100644 index 00000000..f26fd45d --- /dev/null +++ b/doc_rdoc/js/darkfish.js @@ -0,0 +1,155 @@ +/** + * + * Darkfish Page Functions + * $Id: darkfish.js 53 2009-01-07 02:52:03Z deveiant $ + * + * Author: Michael Granger + * + */ + +/* Provide console simulation for firebug-less environments */ +if (!("console" in window) || !("firebug" in console)) { + var names = ["log", "debug", "info", "warn", "error", "assert", "dir", "dirxml", + "group", "groupEnd", "time", "timeEnd", "count", "trace", "profile", "profileEnd"]; + + window.console = {}; + for (var i = 0; i < names.length; ++i) + window.console[names[i]] = function() {}; +}; + + +/** + * Unwrap the first element that matches the given @expr@ from the targets and return them. + */ +$.fn.unwrap = function( expr ) { + return this.each( function() { + $(this).parents( expr ).eq( 0 ).after( this ).remove(); + }); +}; + + +function showSource( e ) { + var target = e.target; + var codeSections = $(target). + parents('.method-detail'). + find('.method-source-code'); + + $(target). + parents('.method-detail'). + find('.method-source-code'). + slideToggle(); +}; + +function hookSourceViews() { + $('.method-heading').click( showSource ); +}; + +function toggleDebuggingSection() { + $('.debugging-section').slideToggle(); +}; + +function hookDebuggingToggle() { + $('#debugging-toggle img').click( toggleDebuggingSection ); +}; + +function hookTableOfContentsToggle() { + $('.indexpage li .toc-toggle').each( function() { + $(this).click( function() { + $(this).toggleClass('open'); + }); + + var section = $(this).next(); + + $(this).click( function() { + section.slideToggle(); + }); + }); +} + +function hookSearch() { + var input = $('#search-field').eq(0); + var result = $('#search-results').eq(0); + $(result).show(); + + var search_section = $('#search-section').get(0); + $(search_section).show(); + + var search = new Search(search_data, input, result); + + search.renderItem = function(result) { + var li = document.createElement('li'); + var html = ''; + + // TODO add relative path to + + + + + + + + + + +

Table of Contents - RDoc Documentation

+ +

Pages

+ + +

Classes/Modules

+ + +

Methods

+ + + + + diff --git a/doc_yard/Array.html b/doc_yard/Array.html new file mode 100644 index 00000000..db60a943 --- /dev/null +++ b/doc_yard/Array.html @@ -0,0 +1,209 @@ + + + + + + Class: Array + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Array + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/hacks.rb
+ +
+
+ +
+

Direct Known Subclasses

+

Plugins, Vulnerabilities, WpItems

+
+ + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) _grep_(regexp) + + + + Also known as: + grep + + + + +

+ + + + +
+ 
+
+
+20
+21
+22
+23
+24
+25
+26
+27
+ 		+ 
# File 'lib/common/hacks.rb', line 20
+
+def _grep_(regexp)
+  matches = []
+  self.each do |value|
+    value = value.to_s
+    matches << value if value.match(regexp)
+  end
+  matches
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Browser.html b/doc_yard/Browser.html new file mode 100644 index 00000000..2b219380 --- /dev/null +++ b/doc_yard/Browser.html @@ -0,0 +1,1210 @@ + + + + + + Class: Browser + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Browser + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + +
Extended by:
+
Actions
+ + + + +
Includes:
+
Options
+ + + + + +
Defined in:
+
lib/common/browser.rb,
+ lib/common/browser/options.rb,
lib/common/browser/actions.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Actions, Options + + + + +

+ +

Constant Summary

+ +
+ +
OPTIONS = + +
+ 
[
+  :available_user_agents,
+  :basic_auth,
+  :cache_ttl,
+  :max_threads,
+  :user_agent,
+  :user_agent_mode,
+  :proxy,
+  :proxy_auth
+]
+ +
@@instance = + +
+ 
nil
+ +
+ + + + + + +

Constants included + from Options

+

Options::USER_AGENT_MODES

+ + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) cache_dir + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute cache_dir.

    +
     + +
    • + + +
  • + + + - (Object) config_file + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute config_file.

    +
     + +
    • + + +
  • + + + - (Object) hydra + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute hydra.

    +
     + +
    • + + +
+ + + + + +

Attributes included from Options

+

#available_user_agents, #basic_auth, #cache_ttl, #proxy, #proxy_auth, #user_agent, #user_agent_mode

+ + + +

+ Class Method Summary + (collapse) +

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods included from Actions

+

get, get_and_follow_location, post, process

+ + + + + + + + + +

Methods included from Options

+

#invalid_proxy_auth_format, #max_threads, #max_threads=, #override_config

+
+

Constructor Details

+ +
+

+ + - (Browser) initialize(options = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ + +
+ + + + +
+ 
+
+
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+ 		+ 
# File 'lib/common/browser.rb', line 29
+
+def initialize(options = {})
+  @config_file = options[:config_file] || CONF_DIR + '/browser.conf.json'
+  @cache_dir   = options[:cache_dir]   || CACHE_DIR + '/browser'
+
+  load_config()
+  override_config(options)
+
+  unless @hydra
+    @hydra = Typhoeus::Hydra.new(max_concurrency: self.max_threads)
+  end
+
+  @cache = TyphoeusCache.new(@cache_dir)
+  @cache.clean
+
+  Typhoeus::Config.cache = @cache
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) cache_dir (readonly) + + + + + +

+
+ +

Returns the value of attribute cache_dir

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+24
+25
+26
+ 		+ 
# File 'lib/common/browser.rb', line 24
+
+def cache_dir
+  @cache_dir
+end
+
+
+ + + +
+

+ + - (Object) config_file (readonly) + + + + + +

+
+ +

Returns the value of attribute config_file

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+24
+25
+26
+ 		+ 
# File 'lib/common/browser.rb', line 24
+
+def config_file
+  @config_file
+end
+
+
+ + + +
+

+ + - (Object) hydra (readonly) + + + + + +

+
+ +

Returns the value of attribute hydra

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+24
+25
+26
+ 		+ 
# File 'lib/common/browser.rb', line 24
+
+def hydra
+  @hydra
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + + (Array) append_params_header_field(params = {}, field, field_value) (private) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + +
    • + +
  • + + field + + + (String) + + + +
    • + +
  • + + field_value + + + (Mixed) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Array) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+143
+144
+145
+146
+147
+148
+149
+150
+ 		+ 
# File 'lib/common/browser.rb', line 143
+
+def self.append_params_header_field(params = {}, field, field_value)
+  if !params.has_key?(:headers)
+    params = params.merge(:headers => { field => field_value })
+  elsif !params[:headers].has_key?(field)
+    params[:headers][field] = field_value
+  end
+  params
+end
+
+
+ +
+

+ + + (Browser) instance(options = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+51
+52
+53
+54
+55
+56
+ 		+ 
# File 'lib/common/browser.rb', line 51
+
+def self.instance(options = {})
+  unless @@instance
+    @@instance = new(options)
+  end
+  @@instance
+end
+
+
+ +
+

+ + + (Object) reset + + + + + +

+ + + + +
+ 
+
+
+58
+59
+60
+ 		+ 
# File 'lib/common/browser.rb', line 58
+
+def self.reset
+  @@instance = nil
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (Typhoeus::Request) forge_request(url, params = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + url + + + (String) + + + +
    • + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+91
+92
+93
+ 		+ 
# File 'lib/common/browser.rb', line 91
+
+def forge_request(url, params = {})
+  Typhoeus::Request.new(url, merge_request_params(params))
+end
+
+
+ +
+

+ + - (void) load_config(config_file = nil) + + + + + +

+
+

This method returns an undefined value.

+

If an option was set but is not in the new config_file it's value is kept

+ + +
+
+
+

Parameters:

+
    + +
  • + + config_file + + + (String) + + + (defaults to: nil) + + +
    • + +
+ + +
+ + + + +
+ 
+
+
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+ 		+ 
# File 'lib/common/browser.rb', line 69
+
+def load_config(config_file = nil)
+  @config_file = config_file || @config_file
+
+  if File.symlink?(@config_file)
+    raise "[ERROR] Config file is a symlink."
+  else
+    data = JSON.parse(File.read(@config_file))
+  end
+
+  OPTIONS.each do |option|
+    option_name = option.to_s
+
+    unless data[option_name].nil?
+      self.send(:#{option_name}=", data[option_name])
+    end
+  end
+end
+
+
+ +
+

+ + - (Hash) merge_request_params(params = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Hash) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+98
+99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+ 		+ 
# File 'lib/common/browser.rb', line 98
+
+def merge_request_params(params = {})
+  params = Browser.append_params_header_field(
+    params,
+    'User-Agent',
+    self.user_agent
+  )
+
+  if @proxy
+    params = params.merge(proxy: @proxy)
+
+    if @proxy_auth
+      params = params.merge(proxyauth: @proxy_auth)
+    end
+  end
+
+  if @basic_auth
+    params = Browser.append_params_header_field(
+      params,
+      'Authorization',
+      @basic_auth
+    )
+  end
+
+  # Used to enable the cache system if :cache_ttl > 0
+  unless params.has_key?(:cache_ttl)
+    params = params.merge(cache_ttl: @cache_ttl)
+  end
+
+  # Disable SSL-Certificate checks
+  params.merge!(ssl_verifypeer: false)
+  params.merge!(ssl_verifyhost: 0)
+
+  params.merge!(cookiejar: @cache_dir + '/cookie-jar')
+  params.merge!(cookiefile: @cache_dir + '/cookie-jar')
+
+  params
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Browser/Actions.html b/doc_yard/Browser/Actions.html new file mode 100644 index 00000000..8ad7d3c3 --- /dev/null +++ b/doc_yard/Browser/Actions.html @@ -0,0 +1,536 @@ + + + + + + Module: Browser::Actions + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: Browser::Actions + + + +

+ +
+ + + + + + + +
Included in:
+
Browser
+ + + +
Defined in:
+
lib/common/browser/actions.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Typhoeus::Response) get(url, params = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + url + + + (String) + + + +
    • + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+10
+11
+12
+ 		+ 
# File 'lib/common/browser/actions.rb', line 10
+
+def get(url, params = {})
+  process(url, params.merge(method: :get))
+end
+
+
+ +
+

+ + - (Typhoeus::Response) get_and_follow_location(url, params = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + url + + + (String) + + + +
    • + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+26
+27
+28
+29
+30
+ 		+ 
# File 'lib/common/browser/actions.rb', line 26
+
+def get_and_follow_location(url, params = {})
+  params[:maxredirs] ||= 2
+
+  get(url, params.merge(followlocation: true))
+end
+
+
+ +
+

+ + - (Typhoeus::Response) post(url, params = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + url + + + (String) + + + +
    • + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+18
+19
+20
+ 		+ 
# File 'lib/common/browser/actions.rb', line 18
+
+def post(url, params = {})
+  process(url, params.merge(method: :post))
+end
+
+
+ +
+

+ + - (Typhoeus::Response) process(url, params) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + url + + + (String) + + + +
    • + +
  • + + params + + + (Hash) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+38
+39
+40
+ 		+ 
# File 'lib/common/browser/actions.rb', line 38
+
+def process(url, params)
+  Typhoeus::Request.new(url, Browser.instance.merge_request_params(params)).run
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Browser/Options.html b/doc_yard/Browser/Options.html new file mode 100644 index 00000000..15997585 --- /dev/null +++ b/doc_yard/Browser/Options.html @@ -0,0 +1,950 @@ + + + + + + Module: Browser::Options + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: Browser::Options + + + +

+ +
+ + + + + + + +
Included in:
+
Browser
+ + + +
Defined in:
+
lib/common/browser/options.rb
+ +
+
+ + +

Constant Summary

+ +
+ +
USER_AGENT_MODES = + +
+ 
%w{ static semi-static random }
+ +
+ + + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) available_user_agents + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute available_user_agents.

    +
     + +
    • + + +
  • + + + - (Object) basic_auth + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute basic_auth.

    +
     + +
    • + + +
  • + + + - (Object) cache_ttl + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute cache_ttl.

    +
     + +
    • + + +
  • + + + - (Object) proxy + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute proxy.

    +
     + +
    • + + +
  • + + + - (Object) proxy_auth + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute proxy_auth.

    +
     + +
    • + + +
  • + + + - (String) user_agent + + + + + + + + + + + + + + + + +
    +

    The user agent, according to the user_agent_mode.

    +
     + +
    • + + +
  • + + + - (Object) user_agent_mode + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute user_agent_mode.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) available_user_agents + + + + + +

+
+ +

Returns the value of attribute available_user_agents

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+8
+9
+10
+ 		+ 
# File 'lib/common/browser/options.rb', line 8
+
+def available_user_agents
+  @available_user_agents
+end
+
+
+ + + +
+

+ + - (Object) basic_auth + + + + + +

+
+ +

Returns the value of attribute basic_auth

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/common/browser/options.rb', line 9
+
+def basic_auth
+  @basic_auth
+end
+
+
+ + + +
+

+ + - (Object) cache_ttl + + + + + +

+
+ +

Returns the value of attribute cache_ttl

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+8
+9
+10
+ 		+ 
# File 'lib/common/browser/options.rb', line 8
+
+def cache_ttl
+  @cache_ttl
+end
+
+
+ + + +
+

+ + - (Object) proxy + + + + + +

+
+ +

Returns the value of attribute proxy

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/common/browser/options.rb', line 9
+
+def proxy
+  @proxy
+end
+
+
+ + + +
+

+ + - (Object) proxy_auth + + + + + +

+
+ +

Returns the value of attribute proxy_auth

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/common/browser/options.rb', line 9
+
+def proxy_auth
+  @proxy_auth
+end
+
+
+ + + +
+

+ + - (String) user_agent + + + + + +

+
+ +

The user agent, according to the user_agent_mode

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The user agent, according to the user_agent_mode

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+ 		+ 
# File 'lib/common/browser/options.rb', line 68
+
+def user_agent
+  case @user_agent_mode
+  when 'semi-static'
+    unless @user_agent
+      @user_agent = @available_user_agents.sample
+    end
+  when 'random'
+    @user_agent = @available_user_agents.sample
+  end
+  @user_agent
+end
+
+
+ + + +
+

+ + - (Object) user_agent_mode + + + + + +

+
+ +

Returns the value of attribute user_agent_mode

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/common/browser/options.rb', line 9
+
+def user_agent_mode
+  @user_agent_mode
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) invalid_proxy_auth_format (protected) + + + + + +

+ + + + +
+ 
+
+
+120
+121
+122
+ 		+ 
# File 'lib/common/browser/options.rb', line 120
+
+def invalid_proxy_auth_format
+  'Invalid proxy auth format, expected username:password or {proxy_username: username, proxy_password: password}'
+end
+
+
+ +
+

+ + - (Integer) max_threads + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Integer) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+31
+32
+33
+ 		+ 
# File 'lib/common/browser/options.rb', line 31
+
+def max_threads
+  @max_threads || 1
+end
+
+
+ +
+

+ + - (Object) max_threads=(threads) + + + + + +

+ + + + +
+ 
+
+
+35
+36
+37
+38
+39
+40
+41
+42
+ 		+ 
# File 'lib/common/browser/options.rb', line 35
+
+def max_threads=(threads)
+  if threads.is_a?(Integer) && threads > 0
+    @max_threads = threads
+    @hydra = Typhoeus::Hydra.new(max_concurrency: threads)
+  else
+    raise 'max_threads must be an Integer > 0'
+  end
+end
+
+
+ +
+

+ + - (void) override_config(options = {}) (protected) + + + + + +

+
+

This method returns an undefined value.

+

Override with the options if they are set

+ + +
+
+
+

Parameters:

+
    + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ + +
+ + + + +
+ 
+
+
+128
+129
+130
+131
+132
+133
+134
+ 		+ 
# File 'lib/common/browser/options.rb', line 128
+
+def override_config(options = {})
+  options.each do |option, value|
+    if value != nil and OPTIONS.include?(option)
+      self.send(:#{option}=", value)
+    end
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/CacheFileStore.html b/doc_yard/CacheFileStore.html new file mode 100644 index 00000000..5e13ca91 --- /dev/null +++ b/doc_yard/CacheFileStore.html @@ -0,0 +1,613 @@ + + + + + + Class: CacheFileStore + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: CacheFileStore + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/cache_file_store.rb
+ +
+
+ +
+

Direct Known Subclasses

+

TyphoeusCache

+
+ + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) serializer + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute serializer.

    +
     + +
    • + + +
  • + + + - (Object) storage_path + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute storage_path.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + (collapse) +

+ + + + +
+

Constructor Details

+ +
+

+ + - (CacheFileStore) initialize(storage_path, serializer = Marshal) + + + + + +

+
+ +

The serializer must have the 2 methods .load and .dump

+ +
(Marshal and YAML have them)
+ +

YAML is Human Readable, contrary to Marshal which store in a binary format +Marshal does not need any "require"

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+ 		+ 
# File 'lib/common/cache_file_store.rb', line 20
+
+def initialize(storage_path, serializer = Marshal)
+  @storage_path = File.expand_path(storage_path)
+  @serializer = serializer
+
+  # File.directory? for ruby <= 1.9 otherwise,
+  # it makes more sense to do Dir.exist? :/
+  unless File.directory?(@storage_path)
+    Dir.mkdir(@storage_path)
+  end
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) serializer (readonly) + + + + + +

+
+ +

Returns the value of attribute serializer

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+14
+15
+16
+ 		+ 
# File 'lib/common/cache_file_store.rb', line 14
+
+def serializer
+  @serializer
+end
+
+
+ + + +
+

+ + - (Object) storage_path (readonly) + + + + + +

+
+ +

Returns the value of attribute storage_path

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+14
+15
+16
+ 		+ 
# File 'lib/common/cache_file_store.rb', line 14
+
+def storage_path
+  @storage_path
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) clean + + + + + +

+ + + + +
+ 
+
+
+31
+32
+33
+34
+35
+ 		+ 
# File 'lib/common/cache_file_store.rb', line 31
+
+def clean
+  Dir[File.join(@storage_path, '*')].each do |f|
+    File.delete(f) unless File.symlink?(f)
+  end
+end
+
+
+ +
+

+ + - (Object) get_entry_file_path(key) + + + + + +

+ + + + +
+ 
+
+
+53
+54
+55
+ 		+ 
# File 'lib/common/cache_file_store.rb', line 53
+
+def get_entry_file_path(key)
+  File::join(@storage_path, key)
+end
+
+
+ +
+

+ + - (Object) read_entry(key) + + + + + +

+ + + + +
+ 
+
+
+37
+38
+39
+40
+41
+42
+43
+ 		+ 
# File 'lib/common/cache_file_store.rb', line 37
+
+def read_entry(key)
+  entry_file_path = get_entry_file_path(key)
+
+  if File.exists?(entry_file_path)
+    return @serializer.load(File.read(entry_file_path))
+  end
+end
+
+
+ +
+

+ + - (Object) write_entry(key, data_to_store, cache_ttl) + + + + + +

+ + + + +
+ 
+
+
+45
+46
+47
+48
+49
+50
+51
+ 		+ 
# File 'lib/common/cache_file_store.rb', line 45
+
+def write_entry(key, data_to_store, cache_ttl)
+  if cache_ttl > 0
+    File.open(get_entry_file_path(key), 'w') do |f|
+      f.write(@serializer.dump(data_to_store))
+    end
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/CheckerPlugin.html b/doc_yard/CheckerPlugin.html new file mode 100644 index 00000000..62241b3b --- /dev/null +++ b/doc_yard/CheckerPlugin.html @@ -0,0 +1,594 @@ + + + + + + Class: CheckerPlugin + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: CheckerPlugin + + + +

+ +
+ +
Inherits:
+
+ Plugin + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/wpstools/plugins/checker/checker_plugin.rb
+ +
+
+ + + + + + + +

Instance Attribute Summary

+ +

Attributes inherited from Plugin

+

#author, #registered_options

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods inherited from Plugin

+

#register_options

+
+

Constructor Details

+ +
+

+ + - (CheckerPlugin) initialize + + + + + +

+
+ +

A new instance of CheckerPlugin

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+8
+9
+10
+11
+12
+ 		+ 
# File 'lib/wpstools/plugins/checker/checker_plugin.rb', line 5
+
+def initialize
+  super(author: 'WPScanTeam - @erwanlr')
+
+  register_options(
+    ['--check-vuln-ref-urls', '--cvru', 'Check all the vulnerabilities reference urls for 404'],
+    ['--check-local-vulnerable-files LOCAL_DIRECTORY', '--clvf', 'Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells']
+  )
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) check_local_vulnerable_files(dir_to_scan) + + + + + +

+ + + + +
+ 
+
+
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+ 		+ 
# File 'lib/wpstools/plugins/checker/checker_plugin.rb', line 75
+
+def check_local_vulnerable_files(dir_to_scan)
+  if Dir::exist?(dir_to_scan)
+    xml_file               = LOCAL_FILES_FILE
+    local_hashes           = {}
+    file_extension_to_scan = '*.{js,php,swf,html,htm}'
+
+    print '[+] Generating local hashes ... '
+
+    Dir[File::join(dir_to_scan, '**', file_extension_to_scan)].each do |filename|
+      sha1sum = Digest::SHA1.file(filename).hexdigest
+
+      if local_hashes.has_key?(sha1sum)
+        local_hashes[sha1sum] << filename
+      else
+        local_hashes[sha1sum] = [filename]
+      end
+    end
+
+    puts 'done.'
+
+    puts '[+] Checking for vulnerable files ...'
+
+    xml = xml(xml_file)
+
+    xml.xpath('//hash').each do |node|
+      sha1sum = node.attribute('sha1').text
+
+      if local_hashes.has_key?(sha1sum)
+        local_filenames = local_hashes[sha1sum]
+        vuln_title      = node.search('title').text
+        vuln_filename   = node.search('file').text
+        vuln_refrence   = node.search('reference').text
+
+        puts "  #{vuln_filename} found :"
+        puts '  | Location(s):'
+        local_filenames.each do |file|
+          puts "  |  - #{file}"
+        end
+        puts '  |'
+        puts "  | Title: #{vuln_title}"
+        puts "  | Refrence: #{vuln_refrence}" if !vuln_refrence.empty?
+        puts
+      end
+    end
+
+    puts 'done.'
+
+  else
+    puts "The supplied directory '#{dir_to_scan}' does not exist"
+  end
+end
+
+
+ +
+

+ + - (Object) check_vuln_ref_urls + + + + + +

+ + + + +
+ 
+
+
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+ 		+ 
# File 'lib/wpstools/plugins/checker/checker_plugin.rb', line 24
+
+def check_vuln_ref_urls
+  vuln_ref_files   = [PLUGINS_VULNS_FILE, THEMES_VULNS_FILE, WP_VULNS_FILE]
+  error_codes      = [404, 500, 403]
+  not_found_regexp = %r{No Results Found|error 404|ID Invalid or Not Found}i
+
+  puts '[+] Checking vulnerabilities reference urls'
+
+  vuln_ref_files.each do |vuln_ref_file|
+    xml = xml(vuln_ref_file)
+
+    urls = []
+    xml.xpath('//reference').each { |node| urls << node.text }
+
+    urls.uniq!
+
+    dead_urls       = []
+    queue_count     = 0
+    request_count   = 0
+    browser         = Browser.instance
+    hydra           = browser.hydra
+    number_of_urls  = urls.size
+
+    urls.each do |url|
+      request = browser.forge_request(url, { cache_ttl: 0, followlocation: true })
+      request_count += 1
+
+      request.on_complete do |response|
+        print "\r  [+] Checking #{vuln_ref_file} #{number_of_urls} total ... #{(request_count * 100) / number_of_urls}% complete."
+
+        if error_codes.include?(response.code) or not_found_regexp.match(response.body)
+          dead_urls << url
+        end
+      end
+
+      hydra.queue(request)
+      queue_count += 1
+
+      if queue_count == browser.max_threads
+        hydra.run
+        queue_count = 0
+      end
+    end
+
+    hydra.run
+    puts
+    unless dead_urls.empty?
+      dead_urls.each { |url| puts "    Not Found #{url}" }
+    end
+  end
+end
+
+
+ +
+

+ + - (Object) run(options = {}) + + + + + +

+ + + + +
+ 
+
+
+14
+15
+16
+17
+18
+19
+20
+21
+22
+ 		+ 
# File 'lib/wpstools/plugins/checker/checker_plugin.rb', line 14
+
+def run(options = {})
+  if options[:check_vuln_ref_urls]
+    check_vuln_ref_urls
+  end
+
+  if options[:check_local_vulnerable_files]
+    check_local_vulnerable_files(options[:check_local_vulnerable_files])
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/CustomOptionParser.html b/doc_yard/CustomOptionParser.html new file mode 100644 index 00000000..555edf3d --- /dev/null +++ b/doc_yard/CustomOptionParser.html @@ -0,0 +1,652 @@ + + + + + + Class: CustomOptionParser + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: CustomOptionParser + + + +

+ +
+ +
Inherits:
+
+ OptionParser + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/custom_option_parser.rb
+ +
+
+ + + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) symbols_used + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute symbols_used.

    +
     + +
    • + + +
+ + + + + +

+ Class Method Summary + (collapse) +

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + +
+

Constructor Details

+ +
+

+ + - (CustomOptionParser) initialize(banner = nil, width = 32, indent = ' ' * 4) + + + + + +

+
+ +

A new instance of CustomOptionParser

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+7
+8
+9
+10
+11
+ 		+ 
# File 'lib/common/custom_option_parser.rb', line 7
+
+def initialize(banner = nil, width = 32, indent = ' ' * 4)
+  @results         = {}
+  @symbols_used    = []
+  super(banner, width, indent)
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) symbols_used (readonly) + + + + + +

+
+ +

Returns the value of attribute symbols_used

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/common/custom_option_parser.rb', line 5
+
+def symbols_used
+  @symbols_used
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + + (Object) option_to_symbol(option) (protected) + + + + + +

+
+ +

param Array option

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+ 		+ 
# File 'lib/common/custom_option_parser.rb', line 57
+
+def self.option_to_symbol(option)
+  option_name = nil
+
+  option.each do |option_attr|
+    if option_attr =~ /^--/
+      option_name = option_attr
+      break
+    end
+  end
+
+  if option_name
+    option_name = option_name.gsub(/^--/, '').gsub(/-/, '_').gsub(/ .*$/, '')
+    :#{option_name}"
+  else
+    raise "Could not find the option name for #{option}"
+  end
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (Object) add(options) + + + + + +

+
+ +

param Array(Array) or Array options

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+ 		+ 
# File 'lib/common/custom_option_parser.rb', line 15
+
+def add(options)
+  if options.is_a?(Array)
+    if options[0].is_a?(Array)
+      options.each do |option|
+        add_option(option)
+      end
+    else
+      add_option(options)
+    end
+  else
+    raise "Options must be at least an Array, or an Array(Array). #{options.class} supplied"
+  end
+end
+
+
+ +
+

+ + - (Object) add_option(option) + + + + + +

+
+ +

param Array option

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+ 		+ 
# File 'lib/common/custom_option_parser.rb', line 30
+
+def add_option(option)
+  if option.is_a?(Array)
+    option_symbol = CustomOptionParser::option_to_symbol(option)
+
+    if !@symbols_used.include?(option_symbol)
+      @symbols_used << option_symbol
+
+      self.on(*option) do |arg|
+        @results[option_symbol] = arg
+      end
+    else
+      raise "The option #{option_symbol} is already used !"
+    end
+  else
+    raise "The option must be an array, #{option.class} supplied : '#{option}'"
+  end
+end
+
+
+ +
+

+ + - (Object) results(argv = default_argv) + + + + + +

+
+ +

return Hash

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+49
+50
+51
+52
+53
+ 		+ 
# File 'lib/common/custom_option_parser.rb', line 49
+
+def results(argv = default_argv)
+  self.parse!(argv) if @results.empty?
+
+  @results
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Ethon.html b/doc_yard/Ethon.html new file mode 100644 index 00000000..66cbb1b3 --- /dev/null +++ b/doc_yard/Ethon.html @@ -0,0 +1,115 @@ + + + + + + Module: Ethon + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: Ethon + + + +

+ +
+ + + + + + + + +
Defined in:
+
lib/common/hacks.rb
+ +
+
+ +

Defined Under Namespace

+

+ + + + + Classes: Easy + + +

+ + + + + + + + + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Ethon/Easy.html b/doc_yard/Ethon/Easy.html new file mode 100644 index 00000000..880f3c4c --- /dev/null +++ b/doc_yard/Ethon/Easy.html @@ -0,0 +1,130 @@ + + + + + + Class: Ethon::Easy + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Ethon::Easy + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/hacks.rb
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Options + + + + +

+ + + + + + + + + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Ethon/Easy/Options.html b/doc_yard/Ethon/Easy/Options.html new file mode 100644 index 00000000..921ecc16 --- /dev/null +++ b/doc_yard/Ethon/Easy/Options.html @@ -0,0 +1,226 @@ + + + + + + Module: Ethon::Easy::Options + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: Ethon::Easy::Options + + + +

+ +
+ + + + + + + + +
Defined in:
+
lib/common/hacks.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) cookiefile=(value) + + + + + +

+ + + + +
+ 
+
+
+57
+58
+59
+ 		+ 
# File 'lib/common/hacks.rb', line 57
+
+def cookiefile=(value)
+  Curl.set_option(:cookiefile, value_for(value, :string), handle)
+end
+
+
+ +
+

+ + - (Object) cookiejar=(value) + + + + + +

+ + + + +
+ 
+
+
+53
+54
+55
+ 		+ 
# File 'lib/common/hacks.rb', line 53
+
+def cookiejar=(value)
+  Curl.set_option(:cookiejar, value_for(value, :string), handle)
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/File.html b/doc_yard/File.html new file mode 100644 index 00000000..014c5688 --- /dev/null +++ b/doc_yard/File.html @@ -0,0 +1,235 @@ + + + + + + Class: File + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: File + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/hacks.rb
+ +
+
+ + + + + + + + + +

+ Class Method Summary + (collapse) +

+ + + + + + +
+

Class Method Details

+ + +
+

+ + + (String) charset(file_path) + + + + + +

+
+ +

The charset of the file

+ + +
+
+
+

Parameters:

+
    + +
  • + + file_path + + + (String) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The charset of the file

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+78
+79
+80
+ 		+ 
# File 'lib/common/hacks.rb', line 78
+
+def self.charset(file_path)
+  %x{file --mime #{file_path}}[%r{charset=([^\n]+)\n}, 1]
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/GenerateList.html b/doc_yard/GenerateList.html new file mode 100644 index 00000000..d09204a2 --- /dev/null +++ b/doc_yard/GenerateList.html @@ -0,0 +1,739 @@ + + + + + + Class: GenerateList + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: GenerateList + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/wpstools/plugins/list_generator/generate_list.rb
+ +
+
+ +

Overview

+
+ +

This tool generates a list to use for plugin and theme enumeration

+ + +
+
+
+ + +
+ + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) verbose + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute verbose.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + (collapse) +

+ + + + +
+

Constructor Details

+ +
+

+ + - (GenerateList) initialize(type, verbose) + + + + + +

+
+ +

type = themes | plugins

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 9
+
+def initialize(type, verbose)
+  if type =~ /plugins/i
+    @type           = 'plugin'
+    @svn_url        = 'http://plugins.svn.wordpress.org/'
+    @popular_url    = 'http://wordpress.org/extend/plugins/browse/popular/'
+    @popular_regex  = %r{<h3><a href="http://wordpress.org/extend/plugins/(.+)/">.+</a></h3>}i
+  elsif type =~ /themes/i
+    @type           = 'theme'
+    @svn_url        = 'http://themes.svn.wordpress.org/'
+    @popular_url    = 'http://wordpress.org/extend/themes/browse/popular/'
+    @popular_regex  = %r{<h3><a href="http://wordpress.org/extend/themes/(.+)">.+</a></h3>}i
+  else
+    raise "Type #{type} not defined"
+  end
+  @verbose  = verbose
+  @browser  = Browser.instance
+  @hydra    = @browser.hydra
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) verbose + + + + + +

+
+ +

Returns the value of attribute verbose

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 6
+
+def verbose
+  @verbose
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) generate_full_list + + + + + +

+ + + + +
+ 
+
+
+53
+54
+55
+56
+57
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 53
+
+def generate_full_list
+  set_file_name(:full)
+  items = SvnParser.new(@svn_url).parse
+  save items
+end
+
+
+ +
+

+ + - (Object) generate_popular_list(pages) + + + + + +

+ + + + +
+ 
+
+
+59
+60
+61
+62
+63
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 59
+
+def generate_popular_list(pages)
+  set_file_name(:popular)
+  items = get_popular_items(pages)
+  save items
+end
+
+
+ +
+

+ + - (Object) get_popular_items(pages) + + + + + +

+
+ +

Send a HTTP request to the WordPress most popular theme or plugin webpage +parse the response for the names.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+100
+101
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 67
+
+def get_popular_items(pages)
+  found_items = []
+  page_count = 1
+  queue_count = 0
+
+  (1...(pages.to_i + 1)).each do |page|
+    # First page has another URL
+    url = (page == 1) ? @popular_url : @popular_url + 'page/' + page.to_s + '/'
+    request = @browser.forge_request(url)
+
+    queue_count += 1
+
+    request.on_complete do |response|
+      puts "[+] Parsing page #{page_count}" if @verbose
+      page_count += 1
+      response.body.scan(@popular_regex).each do |item|
+        puts "[+] Found popular #@type: #{item}" if @verbose
+        found_items << item[0]
+      end
+    end
+
+    @hydra.queue(request)
+
+    if queue_count == @browser.max_threads
+      @hydra.run
+      queue_count = 0
+    end
+
+  end
+
+  @hydra.run
+
+  found_items.sort!
+  found_items.uniq
+end
+
+
+ +
+

+ + - (Object) save(items) + + + + + +

+
+ +

Save the file

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+104
+105
+106
+107
+108
+109
+110
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 104
+
+def save(items)
+  items.sort!
+  items.uniq!
+  puts "[*] We have parsed #{items.length} #@types"
+  File.open(@file_name, 'w') { |f| f.puts(items) }
+  puts "New #@file_name file created"
+end
+
+
+ +
+

+ + - (Object) set_file_name(type) + + + + + +

+ + + + +
+ 
+
+
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/generate_list.rb', line 28
+
+def set_file_name(type)
+  case @type
+  when 'plugin'
+    case type
+    when :full
+      @file_name = PLUGINS_FULL_FILE
+    when :popular
+      @file_name = PLUGINS_FILE
+    else
+      raise 'Unknown type'
+    end
+  when 'theme'
+    case type
+    when :full
+      @file_name = THEMES_FULL_FILE
+    when :popular
+      @file_name = THEMES_FILE
+    else
+      raise 'Unknown type'
+    end
+    else
+      raise "Unknown type #@type"
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/GitUpdater.html b/doc_yard/GitUpdater.html new file mode 100644 index 00000000..7d074862 --- /dev/null +++ b/doc_yard/GitUpdater.html @@ -0,0 +1,538 @@ + + + + + + Class: GitUpdater + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: GitUpdater + + + +

+ +
+ +
Inherits:
+
+ Updater + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/updater/git_updater.rb
+ +
+
+ + + + + + + +

Instance Attribute Summary

+ +

Attributes inherited from Updater

+

#repo_directory

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods inherited from Updater

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from Updater

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) has_local_changes? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+22
+23
+24
+ 		+ 
# File 'lib/common/updater/git_updater.rb', line 22
+
+def has_local_changes?
+  %x[git #{repo_directory_arguments()} diff --exit-code 2>&1] =~ /diff/ ? true : false
+end
+
+
+ +
+

+ + - (Boolean) is_installed? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+7
+8
+9
+ 		+ 
# File 'lib/common/updater/git_updater.rb', line 7
+
+def is_installed?
+  %x[git #{repo_directory_arguments()} status 2>&1] =~ /On branch/ ? true : false
+end
+
+
+ +
+

+ + - (Object) local_revision_number + + + + + +

+
+ +

Git has not a revsion number like SVN, so we will take the 7 first chars of +the last commit hash

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+13
+14
+15
+16
+ 		+ 
# File 'lib/common/updater/git_updater.rb', line 13
+
+def local_revision_number
+  git_log = %x[git #{repo_directory_arguments()} log -1 2>&1]
+  git_log[/commit ([0-9a-z]{7})/i, 1].to_s
+end
+
+
+ +
+

+ + - (Object) repo_directory_arguments (protected) + + + + + +

+ + + + +
+ 
+
+
+31
+32
+33
+34
+35
+ 		+ 
# File 'lib/common/updater/git_updater.rb', line 31
+
+def repo_directory_arguments
+  if @repo_directory
+    return "--git-dir=\"#{@repo_directory}/.git\" --work-tree=\"#{@repo_directory}\""
+  end
+end
+
+
+ +
+

+ + - (Object) reset_head + + + + + +

+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/common/updater/git_updater.rb', line 26
+
+def reset_head
+  %x[git #{repo_directory_arguments()} reset --hard HEAD]
+end
+
+
+ +
+

+ + - (Object) update + + + + + +

+ + + + +
+ 
+
+
+18
+19
+20
+ 		+ 
# File 'lib/common/updater/git_updater.rb', line 18
+
+def update
+  %x[git #{repo_directory_arguments()} pull]
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/ListGeneratorPlugin.html b/doc_yard/ListGeneratorPlugin.html new file mode 100644 index 00000000..92eb80d1 --- /dev/null +++ b/doc_yard/ListGeneratorPlugin.html @@ -0,0 +1,444 @@ + + + + + + Class: ListGeneratorPlugin + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: ListGeneratorPlugin + + + +

+ +
+ +
Inherits:
+
+ Plugin + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/wpstools/plugins/list_generator/list_generator_plugin.rb
+ +
+
+ + + + + + + +

Instance Attribute Summary

+ +

Attributes inherited from Plugin

+

#author, #registered_options

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods inherited from Plugin

+

#register_options

+
+

Constructor Details

+ +
+

+ + - (ListGeneratorPlugin) initialize + + + + + +

+
+ +

A new instance of ListGeneratorPlugin

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/list_generator_plugin.rb', line 5
+
+def initialize
+  super(author: 'WPScanTeam - @FireFart')
+
+  register_options(
+    ['--generate-plugin-list [NUMBER_OF_PAGES]', '--gpl', Integer, 'Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)'],
+    ['--generate-full-plugin-list', '--gfpl', 'Generate a new full data/plugins.txt file'],
+
+    ['--generate-theme-list [NUMBER_OF_PAGES]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)'],
+    ['--generate-full-theme-list', '--gftl', 'Generate a new full data/themes.txt file'],
+
+    ['--generate-all', '--ga', 'Generate a new full plugins, full themes, popular plugins and popular themes list']
+  )
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) full(type) (private) + + + + + +

+ + + + +
+ 
+
+
+48
+49
+50
+51
+52
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/list_generator_plugin.rb', line 48
+
+def full(type)
+  puts "[+] Generating new full #{type} list"
+  puts
+  GenerateList.new(type + 's', @verbose).generate_full_list
+end
+
+
+ +
+

+ + - (Object) most_popular(type, number_of_pages) (private) + + + + + +

+ + + + +
+ 
+
+
+42
+43
+44
+45
+46
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/list_generator_plugin.rb', line 42
+
+def most_popular(type, number_of_pages)
+  puts "[+] Generating new most popular #{type} list"
+  puts
+  GenerateList.new(type + 's', @verbose).generate_popular_list(number_of_pages)
+end
+
+
+ +
+

+ + - (Object) run(options = {}) + + + + + +

+ + + + +
+ 
+
+
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/list_generator_plugin.rb', line 19
+
+def run(options = {})
+  @verbose     = options[:verbose] || false
+  generate_all = options[:generate_all] || false
+
+  if options.has_key?(:generate_plugin_list) || generate_all
+    most_popular('plugin', options[:generate_plugin_list] || 150)
+  end
+
+  if options[:generate_full_plugin_list] || generate_all
+    full('plugin')
+  end
+
+  if options.has_key?(:generate_theme_list) || generate_all
+    most_popular('theme', options[:generate_theme_list] || 150)
+  end
+
+  if options[:generate_full_theme_list] || generate_all
+    full('theme')
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Plugin.html b/doc_yard/Plugin.html new file mode 100644 index 00000000..710c5de3 --- /dev/null +++ b/doc_yard/Plugin.html @@ -0,0 +1,515 @@ + + + + + + Class: Plugin + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Plugin + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/plugins/plugin.rb
+ +
+
+ +
+

Direct Known Subclasses

+

CheckerPlugin, ListGeneratorPlugin, StatsPlugin

+
+ + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) author + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute author.

    +
     + +
    • + + +
  • + + + - (Object) registered_options + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute registered_options.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + (collapse) +

+ + + + +
+

Constructor Details

+ +
+

+ + - (Plugin) initialize(infos = {}) + + + + + +

+
+ +

A new instance of Plugin

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+7
+8
+9
+ 		+ 
# File 'lib/common/plugins/plugin.rb', line 7
+
+def initialize(infos = {})
+  @author  = infos[:author]
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) author (readonly) + + + + + +

+
+ +

Returns the value of attribute author

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/common/plugins/plugin.rb', line 5
+
+def author
+  @author
+end
+
+
+ + + +
+

+ + - (Object) registered_options (readonly) + + + + + +

+
+ +

Returns the value of attribute registered_options

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/common/plugins/plugin.rb', line 5
+
+def registered_options
+  @registered_options
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) register_options(*options) + + + + + +

+
+ +

param Array options

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+16
+17
+18
+19
+20
+21
+22
+23
+ 		+ 
# File 'lib/common/plugins/plugin.rb', line 16
+
+def register_options(*options)
+  options.each do |option|
+    unless option.is_a?(Array)
+      raise "Each option must be an array, #{option.class} supplied"
+    end
+  end
+  @registered_options = options
+end
+
+
+ +
+

+ + - (Object) run(options = {}) + + + + + +

+
+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+11
+12
+13
+ 		+ 
# File 'lib/common/plugins/plugin.rb', line 11
+
+def run(options = {})
+  raise NotImplementedError
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Plugins.html b/doc_yard/Plugins.html new file mode 100644 index 00000000..5bb13a24 --- /dev/null +++ b/doc_yard/Plugins.html @@ -0,0 +1,471 @@ + + + + + + Class: Plugins + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Plugins + + + +

+ +
+ +
Inherits:
+
+ Array + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/plugins/plugins.rb
+ +
+
+ + + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) option_parser + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute option_parser.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods inherited from Array

+

#_grep_

+
+

Constructor Details

+ +
+

+ + - (Plugins) initialize(option_parser = nil) + + + + + +

+
+ +

A new instance of Plugins

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+ 		+ 
# File 'lib/common/plugins/plugins.rb', line 7
+
+def initialize(option_parser = nil)
+  if option_parser
+    if option_parser.is_a?(CustomOptionParser)
+      @option_parser = option_parser
+    else
+      raise "The parser must be an instance of CustomOptionParser, #{option_parser.class} supplied"
+    end
+  else
+    @option_parser = CustomOptionParser.new
+  end
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) option_parser (readonly) + + + + + +

+
+ +

Returns the value of attribute option_parser

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/common/plugins/plugins.rb', line 5
+
+def option_parser
+  @option_parser
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) register(*plugins) + + + + + +

+
+ +

param Array(Plugin) plugins

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+20
+21
+22
+23
+24
+ 		+ 
# File 'lib/common/plugins/plugins.rb', line 20
+
+def register(*plugins)
+  plugins.each do |plugin|
+    register_plugin(plugin)
+  end
+end
+
+
+ +
+

+ + - (Object) register_plugin(plugin) + + + + + +

+
+ +

param Plugin plugin

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+ 		+ 
# File 'lib/common/plugins/plugins.rb', line 27
+
+def register_plugin(plugin)
+  if plugin.is_a?(Plugin)
+    self << plugin
+
+    # A plugin may not have options
+    if plugin_options = plugin.registered_options
+      @option_parser.add(plugin_options)
+    end
+  else
+    raise "The argument must be an instance of Plugin, #{plugin.class} supplied"
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/StatsPlugin.html b/doc_yard/StatsPlugin.html new file mode 100644 index 00000000..43f9b52c --- /dev/null +++ b/doc_yard/StatsPlugin.html @@ -0,0 +1,670 @@ + + + + + + Class: StatsPlugin + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: StatsPlugin + + + +

+ +
+ +
Inherits:
+
+ Plugin + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/wpstools/plugins/stats/stats_plugin.rb
+ +
+
+ + + + + + + +

Instance Attribute Summary

+ +

Attributes inherited from Plugin

+

#author, #registered_options

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods inherited from Plugin

+

#register_options

+
+

Constructor Details

+ +
+

+ + - (StatsPlugin) initialize + + + + + +

+
+ +

A new instance of StatsPlugin

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+8
+9
+10
+11
+ 		+ 
# File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 5
+
+def initialize
+  super(author: 'WPScanTeam - Christian Mehlmauer')
+
+  register_options(
+      ['--stats', '--s', 'Show WpScan Database statistics']
+  )
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) lines_in_file(file) + + + + + +

+ + + + +
+ 
+
+
+51
+52
+53
+ 		+ 
# File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 51
+
+def lines_in_file(file)
+  IO.readlines(file).size
+end
+
+
+ +
+

+ + - (Object) plugin_vulns_count(file = PLUGINS_VULNS_FILE) + + + + + +

+ + + + +
+ 
+
+
+35
+36
+37
+ 		+ 
# File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 35
+
+def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
+  xml(file).xpath("count(//vulnerability)").to_i
+end
+
+
+ +
+

+ + - (Object) run(options = {}) + + + + + +

+ + + + +
+ 
+
+
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+ 		+ 
# File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 13
+
+def run(options = {})
+  if options[:stats]
+    puts "Wpscan Databse Statistics:"
+    puts "--------------------------"
+    puts "[#] Total vulnerable plugins: #{vuln_plugin_count}"
+    puts "[#] Total vulnerable themes: #{vuln_theme_count}"
+    puts "[#] Total plugin vulnerabilities: #{plugin_vulns_count}"
+    puts "[#] Total theme vulnerabilities: #{theme_vulns_count}"
+    puts "[#] Total plugins to enumerate: #{total_plugins}"
+    puts "[#] Total themes to enumerate: #{total_themes}"
+    puts
+  end
+end
+
+
+ +
+

+ + - (Object) theme_vulns_count(file = THEMES_VULNS_FILE) + + + + + +

+ + + + +
+ 
+
+
+39
+40
+41
+ 		+ 
# File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 39
+
+def theme_vulns_count(file=THEMES_VULNS_FILE)
+  xml(file).xpath("count(//vulnerability)").to_i
+end
+
+
+ +
+

+ + - (Object) total_plugins(file = PLUGINS_FULL_FILE) + + + + + +

+ + + + +
+ 
+
+
+43
+44
+45
+ 		+ 
# File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 43
+
+def total_plugins(file=PLUGINS_FULL_FILE)
+  lines_in_file(file)
+end
+
+
+ +
+

+ + - (Object) total_themes(file = THEMES_FULL_FILE) + + + + + +

+ + + + +
+ 
+
+
+47
+48
+49
+ 		+ 
# File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 47
+
+def total_themes(file=THEMES_FULL_FILE)
+  lines_in_file(file)
+end
+
+
+ +
+

+ + - (Object) vuln_plugin_count(file = PLUGINS_VULNS_FILE) + + + + + +

+ + + + +
+ 
+
+
+27
+28
+29
+ 		+ 
# File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 27
+
+def vuln_plugin_count(file=PLUGINS_VULNS_FILE)
+  xml(file).xpath("count(//plugin)").to_i
+end
+
+
+ +
+

+ + - (Object) vuln_theme_count(file = THEMES_VULNS_FILE) + + + + + +

+ + + + +
+ 
+
+
+31
+32
+33
+ 		+ 
# File 'lib/wpstools/plugins/stats/stats_plugin.rb', line 31
+
+def vuln_theme_count(file=THEMES_VULNS_FILE)
+  xml(file).xpath("count(//theme)").to_i
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/SvnParser.html b/doc_yard/SvnParser.html new file mode 100644 index 00000000..a491cda2 --- /dev/null +++ b/doc_yard/SvnParser.html @@ -0,0 +1,572 @@ + + + + + + Class: SvnParser + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: SvnParser + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/wpstools/plugins/list_generator/svn_parser.rb
+ +
+
+ +

Overview

+
+ +

This Class Parses SVN Repositories via HTTP

+ + +
+
+
+ + +
+ + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) keep_empty_dirs + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute keep_empty_dirs.

    +
     + +
    • + + +
  • + + + - (Object) svn_root + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute svn_root.

    +
     + +
    • + + +
  • + + + - (Object) verbose + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute verbose.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + (collapse) +

+ + + + +
+

Constructor Details

+ +
+

+ + - (SvnParser) initialize(svn_root) + + + + + +

+
+ +

A new instance of SvnParser

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+8
+9
+10
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 8
+
+def initialize(svn_root)
+  @svn_root    = svn_root
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) keep_empty_dirs + + + + + +

+
+ +

Returns the value of attribute keep_empty_dirs

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 6
+
+def keep_empty_dirs
+  @keep_empty_dirs
+end
+
+
+ + + +
+

+ + - (Object) svn_root + + + + + +

+
+ +

Returns the value of attribute svn_root

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 6
+
+def svn_root
+  @svn_root
+end
+
+
+ + + +
+

+ + - (Object) verbose + + + + + +

+
+ +

Returns the value of attribute verbose

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 6
+
+def verbose
+  @verbose
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) get_root_directories (private) + + + + + +

+
+ +

Gets all directories in the SVN root

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 20
+
+def get_root_directories
+  dirs      = []
+  rootindex = Browser.get(@svn_root).body
+
+  rootindex.scan(%r{<li><a href=".+">(.+)/</a></li>}i).each do |dir|
+    dirs << dir[0]
+  end
+
+  dirs.sort!
+  dirs.uniq
+end
+
+
+ +
+

+ + - (Object) parse + + + + + +

+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/wpstools/plugins/list_generator/svn_parser.rb', line 12
+
+def parse
+  get_root_directories
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/SvnUpdater.html b/doc_yard/SvnUpdater.html new file mode 100644 index 00000000..eb604336 --- /dev/null +++ b/doc_yard/SvnUpdater.html @@ -0,0 +1,358 @@ + + + + + + Class: SvnUpdater + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: SvnUpdater + + + +

+ +
+ +
Inherits:
+
+ Updater + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/updater/svn_updater.rb
+ +
+
+ + +

Constant Summary

+ +
+ +
REVISION_PATTERN = + +
+ 
/revision="(\d+)"/i
+ +
TRUNK_URL = + +
+ 
'https://github.com/wpscanteam/wpscan'
+ +
+ + + + + + + +

Instance Attribute Summary

+ +

Attributes inherited from Updater

+

#repo_directory

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods inherited from Updater

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from Updater

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) is_installed? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+10
+11
+12
+ 		+ 
# File 'lib/common/updater/svn_updater.rb', line 10
+
+def is_installed?
+  %x[svn info "#@repo_directory" --xml 2>&1] =~ /revision=/ ? true : false
+end
+
+
+ +
+

+ + - (Object) local_revision_number + + + + + +

+ + + + +
+ 
+
+
+14
+15
+16
+17
+ 		+ 
# File 'lib/common/updater/svn_updater.rb', line 14
+
+def local_revision_number
+  local_revision = %x[svn info "#@repo_directory" --xml 2>&1]
+  local_revision[REVISION_PATTERN, 1].to_s
+end
+
+
+ +
+

+ + - (Object) update + + + + + +

+ + + + +
+ 
+
+
+19
+20
+21
+ 		+ 
# File 'lib/common/updater/svn_updater.rb', line 19
+
+def update
+  %x[svn up "#@repo_directory"]
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Terminal.html b/doc_yard/Terminal.html new file mode 100644 index 00000000..4499bbd5 --- /dev/null +++ b/doc_yard/Terminal.html @@ -0,0 +1,115 @@ + + + + + + Module: Terminal + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: Terminal + + + +

+ +
+ + + + + + + + +
Defined in:
+
lib/common/hacks.rb
+ +
+
+ +

Defined Under Namespace

+

+ + + + + Classes: Table + + +

+ + + + + + + + + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Terminal/Table.html b/doc_yard/Terminal/Table.html new file mode 100644 index 00000000..2567b9a1 --- /dev/null +++ b/doc_yard/Terminal/Table.html @@ -0,0 +1,229 @@ + + + + + + Class: Terminal::Table + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Terminal::Table + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/hacks.rb
+ +
+
+ +

Defined Under Namespace

+

+ + + + + Classes: Style + + +

+ + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) render + + + + Also known as: + to_s + + + + +

+ + + + +
+ 
+
+
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+ 		+ 
# File 'lib/common/hacks.rb', line 85
+
+def render
+  separator = Separator.new(self)
+  buffer = [separator]
+  unless @title.nil?
+    buffer << Row.new(self, [title_cell_options])
+    buffer << separator
+  end
+  unless @headings.cells.empty?
+    buffer << @headings
+    buffer << separator
+  end
+  buffer += @rows
+  buffer << separator
+  buffer.map { |r| style.margin_left + r.render }.join("\n")
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Terminal/Table/Style.html b/doc_yard/Terminal/Table/Style.html new file mode 100644 index 00000000..0b7339ab --- /dev/null +++ b/doc_yard/Terminal/Table/Style.html @@ -0,0 +1,707 @@ + + + + + + Class: Terminal::Table::Style + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Terminal::Table::Style + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/hacks.rb
+ +
+
+ + +

Constant Summary

+ +
+ +
@@defaults = + +
+ 
{
+  :border_x => "-", :border_y => "|", :border_i => "+",
+  :padding_left => 1, :padding_right => 1,
+  :margin_left => '',
+  :width => nil, :alignment => nil
+}
+ +
+ + + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) alignment + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute alignment.

    +
     + +
    • + + +
  • + + + - (Object) border_i + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute border_i.

    +
     + +
    • + + +
  • + + + - (Object) border_x + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute border_x.

    +
     + +
    • + + +
  • + + + - (Object) border_y + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute border_y.

    +
     + +
    • + + +
  • + + + - (Object) margin_left + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute margin_left.

    +
     + +
    • + + +
  • + + + - (Object) padding_left + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute padding_left.

    +
     + +
    • + + +
  • + + + - (Object) padding_right + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute padding_right.

    +
     + +
    • + + +
  • + + + - (Object) width + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute width.

    +
     + +
    • + + +
+ + + + + +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) alignment + + + + + +

+
+ +

Returns the value of attribute alignment

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+119
+120
+121
+ 		+ 
# File 'lib/common/hacks.rb', line 119
+
+def alignment
+  @alignment
+end
+
+
+ + + +
+

+ + - (Object) border_i + + + + + +

+
+ +

Returns the value of attribute border_i

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+113
+114
+115
+ 		+ 
# File 'lib/common/hacks.rb', line 113
+
+def border_i
+  @border_i
+end
+
+
+ + + +
+

+ + - (Object) border_x + + + + + +

+
+ +

Returns the value of attribute border_x

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+111
+112
+113
+ 		+ 
# File 'lib/common/hacks.rb', line 111
+
+def border_x
+  @border_x
+end
+
+
+ + + +
+

+ + - (Object) border_y + + + + + +

+
+ +

Returns the value of attribute border_y

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+112
+113
+114
+ 		+ 
# File 'lib/common/hacks.rb', line 112
+
+def border_y
+  @border_y
+end
+
+
+ + + +
+

+ + - (Object) margin_left + + + + + +

+
+ +

Returns the value of attribute margin_left

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+110
+111
+112
+ 		+ 
# File 'lib/common/hacks.rb', line 110
+
+def margin_left
+  @margin_left
+end
+
+
+ + + +
+

+ + - (Object) padding_left + + + + + +

+
+ +

Returns the value of attribute padding_left

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+115
+116
+117
+ 		+ 
# File 'lib/common/hacks.rb', line 115
+
+def padding_left
+  @padding_left
+end
+
+
+ + + +
+

+ + - (Object) padding_right + + + + + +

+
+ +

Returns the value of attribute padding_right

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+116
+117
+118
+ 		+ 
# File 'lib/common/hacks.rb', line 116
+
+def padding_right
+  @padding_right
+end
+
+
+ + + +
+

+ + - (Object) width + + + + + +

+
+ +

Returns the value of attribute width

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+118
+119
+120
+ 		+ 
# File 'lib/common/hacks.rb', line 118
+
+def width
+  @width
+end
+
+
+ +
+ + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Typhoeus.html b/doc_yard/Typhoeus.html new file mode 100644 index 00000000..40273b0e --- /dev/null +++ b/doc_yard/Typhoeus.html @@ -0,0 +1,128 @@ + + + + + + Module: Typhoeus + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: Typhoeus + + + +

+ +
+ + + + + + + + +
Defined in:
+
lib/common/hacks.rb,
+ lib/common/typhoeus_cache.rb +
+ +
+
+ +

Overview

+
+ +

Implementaion of a cache_key (Typhoeus::Request#hash has too many options)

+ + +
+
+
+ + +

Defined Under Namespace

+

+ + + + + Classes: Request, Response + + +

+ + + + + + + + + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Typhoeus/Request.html b/doc_yard/Typhoeus/Request.html new file mode 100644 index 00000000..cf510c37 --- /dev/null +++ b/doc_yard/Typhoeus/Request.html @@ -0,0 +1,130 @@ + + + + + + Class: Typhoeus::Request + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Typhoeus::Request + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/typhoeus_cache.rb
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Cacheable + + + + +

+ + + + + + + + + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Typhoeus/Request/Cacheable.html b/doc_yard/Typhoeus/Request/Cacheable.html new file mode 100644 index 00000000..b210ccf5 --- /dev/null +++ b/doc_yard/Typhoeus/Request/Cacheable.html @@ -0,0 +1,174 @@ + + + + + + Module: Typhoeus::Request::Cacheable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: Typhoeus::Request::Cacheable + + + +

+ +
+ + + + + + + + +
Defined in:
+
lib/common/typhoeus_cache.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) cache_key + + + + + +

+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/common/typhoeus_cache.rb', line 9
+
+def cache_key
+  Digest::SHA2.hexdigest("#{url}-#{options[:body]}-#{options[:method]}")[0..32]
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Typhoeus/Response.html b/doc_yard/Typhoeus/Response.html new file mode 100644 index 00000000..de7bad4b --- /dev/null +++ b/doc_yard/Typhoeus/Response.html @@ -0,0 +1,221 @@ + + + + + + Class: Typhoeus::Response + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Typhoeus::Response + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/hacks.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) has_valid_hash?(error_404_hash, homepage_hash) + + + + + +

+
+ +

Compare the body hash to error_404_hash and homepage_hash returns true if +they are different, false otherwise

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+41
+42
+43
+44
+45
+ 		+ 
# File 'lib/common/hacks.rb', line 41
+
+def has_valid_hash?(error_404_hash, homepage_hash)
+  body_hash = WebSite.page_hash(self)
+
+  body_hash != error_404_hash && body_hash != homepage_hash
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/TyphoeusCache.html b/doc_yard/TyphoeusCache.html new file mode 100644 index 00000000..e526604c --- /dev/null +++ b/doc_yard/TyphoeusCache.html @@ -0,0 +1,265 @@ + + + + + + Class: TyphoeusCache + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: TyphoeusCache + + + +

+ +
+ +
Inherits:
+
+ CacheFileStore + + + show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/typhoeus_cache.rb
+ +
+
+ + + + + + + +

Instance Attribute Summary

+ +

Attributes inherited from CacheFileStore

+

#serializer, #storage_path

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods inherited from CacheFileStore

+

#clean, #get_entry_file_path, #initialize, #read_entry, #write_entry

+
+

Constructor Details

+ +

This class inherits a constructor from CacheFileStore

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) get(request) + + + + + +

+ + + + +
+ 
+
+
+18
+19
+20
+ 		+ 
# File 'lib/common/typhoeus_cache.rb', line 18
+
+def get(request)
+  read_entry(request.cache_key)
+end
+
+
+ +
+

+ + - (Object) set(request, response) + + + + + +

+ + + + +
+ 
+
+
+22
+23
+24
+ 		+ 
# File 'lib/common/typhoeus_cache.rb', line 22
+
+def set(request, response)
+  write_entry(request.cache_key, response, request.cache_ttl)
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/URI.html b/doc_yard/URI.html new file mode 100644 index 00000000..45084868 --- /dev/null +++ b/doc_yard/URI.html @@ -0,0 +1,188 @@ + + + + + + Module: URI + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: URI + + + +

+ +
+ + + +
Extended by:
+
URI
+ + + + + + +
Included in:
+
URI
+ + + +
Defined in:
+
lib/common/hacks.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) escape(str) + + + + Also known as: + encode + + + + +

+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/common/hacks.rb', line 9
+
+def escape(str)
+  URI::Parser.new.escape(str)
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Updater.html b/doc_yard/Updater.html new file mode 100644 index 00000000..8ef236a7 --- /dev/null +++ b/doc_yard/Updater.html @@ -0,0 +1,540 @@ + + + + + + Class: Updater + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Updater + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/updater/updater.rb
+ +
+
+ +

Overview

+
+ +

This class act as an absract one

+ + +
+
+
+ + +
+

Direct Known Subclasses

+

GitUpdater, SvnUpdater

+
+ + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) repo_directory + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute repo_directory.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + (collapse) +

+ + + + +
+

Constructor Details

+ +
+

+ + - (Updater) initialize(repo_directory = nil) + + + + + +

+
+ +

TODO : add a last '/ to repo_directory if it's not present

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/common/updater/updater.rb', line 9
+
+def initialize(repo_directory = nil)
+  @repo_directory = repo_directory
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) repo_directory (readonly) + + + + + +

+
+ +

Returns the value of attribute repo_directory

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/common/updater/updater.rb', line 6
+
+def repo_directory
+  @repo_directory
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) is_installed? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+13
+14
+15
+ 		+ 
# File 'lib/common/updater/updater.rb', line 13
+
+def is_installed?
+  raise NotImplementedError
+end
+
+
+ +
+

+ + - (Object) local_revision_number + + + + + +

+
+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+17
+18
+19
+ 		+ 
# File 'lib/common/updater/updater.rb', line 17
+
+def local_revision_number
+  raise NotImplementedError
+end
+
+
+ +
+

+ + - (Object) update + + + + + +

+
+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+21
+22
+23
+ 		+ 
# File 'lib/common/updater/updater.rb', line 21
+
+def update
+  raise NotImplementedError
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/UpdaterFactory.html b/doc_yard/UpdaterFactory.html new file mode 100644 index 00000000..79a81bf6 --- /dev/null +++ b/doc_yard/UpdaterFactory.html @@ -0,0 +1,268 @@ + + + + + + Class: UpdaterFactory + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: UpdaterFactory + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/common/updater/updater_factory.rb
+ +
+
+ + + + + + + + + +

+ Class Method Summary + (collapse) +

+ + + + + + +
+

Class Method Details

+ + +
+

+ + + (Object) available_updaters_classes (protected) + + + + + +

+
+ +

return array of class symbols

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+19
+20
+21
+ 		+ 
# File 'lib/common/updater/updater_factory.rb', line 19
+
+def self.available_updaters_classes
+  Object.constants.grep(/^.+Updater$/)
+end
+
+
+ +
+

+ + + (Object) get_updater(repo_directory) + + + + + +

+ + + + +
+ 
+
+
+5
+6
+7
+8
+9
+10
+11
+12
+13
+14
+ 		+ 
# File 'lib/common/updater/updater_factory.rb', line 5
+
+def self.get_updater(repo_directory)
+  self.available_updaters_classes().each do |updater_symbol|
+    updater = Object.const_get(updater_symbol).new(repo_directory)
+
+    if updater.is_installed?
+      return updater
+    end
+  end
+  nil
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Vulnerabilities.html b/doc_yard/Vulnerabilities.html new file mode 100644 index 00000000..e6739e3a --- /dev/null +++ b/doc_yard/Vulnerabilities.html @@ -0,0 +1,160 @@ + + + + + + Class: Vulnerabilities + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Vulnerabilities + + + +

+ +
+ +
Inherits:
+
+ Array + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + +
Includes:
+
Output
+ + + + + +
Defined in:
+
lib/common/collections/vulnerabilities.rb,
+ lib/common/collections/vulnerabilities/output.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Output + + + + +

+ + + + + + + + + + + + + + +

Method Summary

+ +

Methods included from Output

+

#output

+ + + + + + + + + +

Methods inherited from Array

+

#_grep_

+ + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Vulnerabilities/Output.html b/doc_yard/Vulnerabilities/Output.html new file mode 100644 index 00000000..0888b103 --- /dev/null +++ b/doc_yard/Vulnerabilities/Output.html @@ -0,0 +1,182 @@ + + + + + + Module: Vulnerabilities::Output + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: Vulnerabilities::Output + + + +

+ +
+ + + + + + + +
Included in:
+
Vulnerabilities
+ + + +
Defined in:
+
lib/common/collections/vulnerabilities/output.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) output + + + + + +

+ + + + +
+ 
+
+
+6
+7
+8
+9
+10
+ 		+ 
# File 'lib/common/collections/vulnerabilities/output.rb', line 6
+
+def output
+  self.each do |v|
+    v.output
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Vulnerability.html b/doc_yard/Vulnerability.html new file mode 100644 index 00000000..91e04256 --- /dev/null +++ b/doc_yard/Vulnerability.html @@ -0,0 +1,808 @@ + + + + + + Class: Vulnerability + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: Vulnerability + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + +
Includes:
+
Output
+ + + + + +
Defined in:
+
lib/common/models/vulnerability.rb,
+ lib/common/models/vulnerability/output.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Output + + + + +

+ + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) metasploit_modules + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute metasploit_modules.

    +
     + +
    • + + +
  • + + + - (Object) references + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute references.

    +
     + +
    • + + +
  • + + + - (Object) title + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute title.

    +
     + +
    • + + +
  • + + + - (Object) type + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute type.

    +
     + +
    • + + +
+ + + + + +

+ Class Method Summary + (collapse) +

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods included from Output

+

metasploit_module_url, #output

+
+

Constructor Details

+ +
+

+ + - (Vulnerability) initialize(title, type, references, metasploit_modules = []) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + title + + + (String) + + + + — +
    +

    The title of the vulnerability

    +
    + +
    • + +
  • + + type + + + (String) + + + + — +
    +

    The type of the vulnerability

    +
    + +
    • + +
  • + + references + + + (Array) + + + + — +
    +

    References urls

    +
    + +
    • + +
  • + + metasploit_modules + + + (Array) + + + (defaults to: []) + + + — +
    +

    Metasploit modules for the vulnerability

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+17
+18
+19
+20
+21
+22
+ 		+ 
# File 'lib/common/models/vulnerability.rb', line 17
+
+def initialize(title, type, references, metasploit_modules = [])
+  @title              = title
+  @type               = type
+  @references         = references
+  @metasploit_modules = metasploit_modules
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) metasploit_modules + + + + + +

+
+ +

Returns the value of attribute metasploit_modules

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+8
+9
+10
+ 		+ 
# File 'lib/common/models/vulnerability.rb', line 8
+
+def metasploit_modules
+  @metasploit_modules
+end
+
+
+ + + +
+

+ + - (Object) references + + + + + +

+
+ +

Returns the value of attribute references

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+8
+9
+10
+ 		+ 
# File 'lib/common/models/vulnerability.rb', line 8
+
+def references
+  @references
+end
+
+
+ + + +
+

+ + - (Object) title + + + + + +

+
+ +

Returns the value of attribute title

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+8
+9
+10
+ 		+ 
# File 'lib/common/models/vulnerability.rb', line 8
+
+def title
+  @title
+end
+
+
+ + + +
+

+ + - (Object) type + + + + + +

+
+ +

Returns the value of attribute type

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+8
+9
+10
+ 		+ 
# File 'lib/common/models/vulnerability.rb', line 8
+
+def type
+  @type
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + + (Vulnerability) load_from_xml_node(xml_node) + + + + + +

+
+ +

Create the Vulnerability from the xml_node

+ + +
+
+
+

Parameters:

+
    + +
  • + + xml_node + + + (Nokogiri::XML::Node) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+38
+39
+40
+41
+42
+43
+44
+45
+ 		+ 
# File 'lib/common/models/vulnerability.rb', line 38
+
+def self.load_from_xml_node(xml_node)
+  new(
+    xml_node.search('title').text,
+    xml_node.search('type').text,
+    xml_node.search('reference').map(&:text),
+    xml_node.search('metasploit').map(&:text)
+  )
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (Boolean) ==(other) + + + + + +

+
+ +

:nocov:

+ + +
+
+
+

Parameters:

+ + +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+28
+29
+30
+ 		+ 
# File 'lib/common/models/vulnerability.rb', line 28
+
+def ==(other)
+  title == other.title && type == other.type && references == other.references
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/Vulnerability/Output.html b/doc_yard/Vulnerability/Output.html new file mode 100644 index 00000000..f561a6a5 --- /dev/null +++ b/doc_yard/Vulnerability/Output.html @@ -0,0 +1,307 @@ + + + + + + Module: Vulnerability::Output + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: Vulnerability::Output + + + +

+ +
+ + + + + + + +
Included in:
+
Vulnerability
+ + + +
Defined in:
+
lib/common/models/vulnerability/output.rb
+ +
+
+ + + + + + + + + +

+ Class Method Summary + (collapse) +

+ + + +

+ Instance Method Summary + (collapse) +

+ +
    + +
  • + + + - (Object) output + + + + + + + + + + + + + +
    +

    output the vulnerability.

    +
     + +
    • + + +
+ + + + +
+

Class Method Details

+ + +
+

+ + + (String) metasploit_module_url(module_path) + + + + + +

+
+ +

The url to the metasploit module page

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The url to the metasploit module page

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+19
+20
+21
+22
+23
+ 		+ 
# File 'lib/common/models/vulnerability/output.rb', line 19
+
+def self.metasploit_module_url(module_path)
+  # remove leading slash
+  module_path = module_path.sub(/^\//, '')
+  "http://www.metasploit.com/modules/#{module_path}"
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (Object) output + + + + + +

+
+ +

output the vulnerability

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+ 		+ 
# File 'lib/common/models/vulnerability/output.rb', line 7
+
+def output
+  puts ' |'
+  puts ' | ' + red("* Title: #{title}")
+  references.each do |r|
+    puts ' | ' + red("* Reference: #{r}")
+  end
+  metasploit_modules.each do |m|
+    puts ' | ' + red("* Metasploit module: #{Output.metasploit_module_url(m)}")
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WebSite.html b/doc_yard/WebSite.html new file mode 100644 index 00000000..1cae2958 --- /dev/null +++ b/doc_yard/WebSite.html @@ -0,0 +1,1504 @@ + + + + + + Class: WebSite + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WebSite + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/wpscan/web_site.rb
+ +
+
+ +
+

Direct Known Subclasses

+

WpTarget

+
+ + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) uri + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute uri.

    +
     + +
    • + + +
+ + + + + +

+ Class Method Summary + (collapse) +

+ +
    + +
  • + + + + (Boolean) has_log?(log_url, pattern) + + + + + + + + + + + + + +
    +

    Only the first 700 bytes are checked to avoid the download of the whole +file which can be very huge (like 2 Go).

    +
     + +
    • + + +
  • + + + + (String) page_hash(page) + + + + + + + + + + + + + +
    +

    Compute the MD5 of the page Comments are deleted from the page to avoid +cache generation details.

    +
     + +
    • + + +
+ +

+ Instance Method Summary + (collapse) +

+ + + + +
+

Constructor Details

+ +
+

+ + - (WebSite) initialize(site_url) + + + + + +

+
+ +

A new instance of WebSite

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+7
+8
+9
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 7
+
+def initialize(site_url)
+  self.url = site_url
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) uri (readonly) + + + + + +

+
+ +

Returns the value of attribute uri

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 5
+
+def uri
+  @uri
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + + (Boolean) has_log?(log_url, pattern) + + + + + +

+
+ +

Only the first 700 bytes are checked to avoid the download of the whole +file which can be very huge (like 2 Go)

+ + +
+
+
+

Parameters:

+
    + +
  • + + log_url + + + (String) + + + +
    • + +
  • + + pattern + + + (RegEx) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+133
+134
+135
+136
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 133
+
+def self.has_log?(log_url, pattern)
+  log_body = Browser.get(log_url, headers: {'range' => 'bytes=0-700'}).body
+  log_body[pattern] ? true : false
+end
+
+
+ +
+

+ + + (String) page_hash(page) + + + + + +

+
+ +

Compute the MD5 of the page Comments are deleted from the page to avoid +cache generation details

+ + +
+
+
+

Parameters:

+
    + +
  • + + page + + + (String, Typhoeus::Response) + + + + — +
    +

    The url of the response of the page

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The MD5 hash of the page

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+85
+86
+87
+88
+89
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 85
+
+def self.page_hash(page)
+  page = Browser.get(page) unless page.is_a?(Typhoeus::Response)
+
+  Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (Object) error_404_hash + + + + + +

+
+ +

Return the MD5 hash of a 404 page

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+99
+100
+101
+102
+103
+104
+105
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 99
+
+def error_404_hash
+  unless @error_404_hash
+    non_existant_page = Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html'
+    @error_404_hash   = WebSite.page_hash(@uri.merge(non_existant_page).to_s)
+  end
+  @error_404_hash
+end
+
+
+ +
+

+ + - (Boolean) has_basic_auth? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+24
+25
+26
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 24
+
+def has_basic_auth?
+  Browser.get(@uri.to_s).code == 401
+end
+
+
+ +
+

+ + - (Boolean) has_robots? + + + + + +

+
+ +

Checks if a robots.txt file exists

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+115
+116
+117
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 115
+
+def has_robots?
+  Browser.get(robots_url).code == 200
+end
+
+
+ +
+

+ + - (Boolean) has_xml_rpc? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+28
+29
+30
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 28
+
+def has_xml_rpc?
+  !xml_rpc_url.nil?
+end
+
+
+ +
+

+ + - (Object) homepage_hash + + + + + +

+ + + + +
+ 
+
+
+91
+92
+93
+94
+95
+96
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 91
+
+def homepage_hash
+  unless @homepage_hash
+    @homepage_hash = WebSite.page_hash(@uri.to_s)
+  end
+  @homepage_hash
+end
+
+
+ +
+

+ + - (Boolean) online? + + + + + +

+
+ +

Checks if the remote website is up.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+20
+21
+22
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 20
+
+def online?
+  Browser.get(@uri.to_s).code != 0
+end
+
+
+ +
+

+ + - (Object) redirection(url = nil) + + + + + +

+
+ +

See if the remote url returns 30x redirect This method is recursive Return +a string with the redirection or nil

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 62
+
+def redirection(url = nil)
+  redirection = nil
+  url ||= @uri.to_s
+  response = Browser.get(url)
+
+  if response.code == 301 || response.code == 302
+    redirection = response.headers_hash['location']
+
+    # Let's check if there is a redirection in the redirection
+    if other_redirection = redirection(redirection)
+      redirection = other_redirection
+    end
+  end
+
+  redirection
+end
+
+
+ +
+

+ + - (String) robots_url + + + + + +

+
+ +

Gets a robots.txt URL

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+122
+123
+124
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 122
+
+def robots_url
+  @uri.merge('robots.txt').to_s
+end
+
+
+ +
+

+ + - (Object) rss_url + + + + + +

+
+ +

Will try to find the rss url in the homepage Only the first one found iw +returned

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+109
+110
+111
+112
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 109
+
+def rss_url
+  homepage_body = Browser.get(@uri.to_s).body
+  homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
+end
+
+
+ +
+

+ + - (Object) url + + + + + +

+ + + + +
+ 
+
+
+15
+16
+17
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 15
+
+def url
+  @uri.to_s
+end
+
+
+ +
+

+ + - (Object) url=(url) + + + + + +

+ + + + +
+ 
+
+
+11
+12
+13
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 11
+
+def url=(url)
+  @uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
+end
+
+
+ +
+

+ + - (Object) xml_rpc_url + + + + + +

+
+ +

See www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+33
+34
+35
+36
+37
+38
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 33
+
+def xml_rpc_url
+  unless @xmlrpc_url
+    @xmlrpc_url = xml_rpc_url_from_headers() || xml_rpc_url_from_body()
+  end
+  @xmlrpc_url
+end
+
+
+ +
+

+ + - (Object) xml_rpc_url_from_body + + + + + +

+ + + + +
+ 
+
+
+53
+54
+55
+56
+57
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 53
+
+def xml_rpc_url_from_body
+  body = Browser.get(@uri.to_s).body
+
+  body[%r{<link rel="pingback" href="([^"]+)" ?\/?>}, 1]
+end
+
+
+ +
+

+ + - (Object) xml_rpc_url_from_headers + + + + + +

+ + + + +
+ 
+
+
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+ 		+ 
# File 'lib/wpscan/web_site.rb', line 40
+
+def xml_rpc_url_from_headers
+  headers    = Browser.get(@uri.to_s).headers_hash
+  xmlrpc_url = nil
+
+  unless headers.nil?
+    pingback_url = headers['X-Pingback']
+    unless pingback_url.nil? || pingback_url.empty?
+      xmlrpc_url = pingback_url
+    end
+  end
+  xmlrpc_url
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpItem.html b/doc_yard/WpItem.html new file mode 100644 index 00000000..6b4ab01f --- /dev/null +++ b/doc_yard/WpItem.html @@ -0,0 +1,1429 @@ + + + + + + Class: WpItem + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpItem + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + +
Extended by:
+
Findable
+ + + + +
Includes:
+
Existable, Infos, Output, Versionable, Vulnerable
+ + + + + +
Defined in:
+
lib/common/models/wp_item.rb,
+ lib/common/models/wp_item/infos.rb,
lib/common/models/wp_item/output.rb,
lib/common/models/wp_item/findable.rb,
lib/common/models/wp_item/existable.rb,
lib/common/models/wp_item/vulnerable.rb,
lib/common/models/wp_item/versionable.rb +
+ +
+
+ +
+

Direct Known Subclasses

+

WpPlugin, WpTheme, WpTimthumb, WpUser, WpVersion

+
+

Defined Under Namespace

+

+ + + Modules: Existable, Findable, Infos, Output, Versionable, Vulnerable + + + + +

+ + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) found_from + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute found_from.

    +
     + +
    • + + +
  • + + + - (Object) name + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute name.

    +
     + +
    • + + +
  • + + + - (Object) path + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute path.

    +
     + +
    • + + +
  • + + + - (Object) version + + + + + + + + + + writeonly + + + + + + + + +
    +

    Sets the attribute version.

    +
     + +
    • + + +
  • + + + - (Object) wp_content_dir + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute wp_content_dir.

    +
     + +
    • + + +
  • + + + - (Object) wp_plugins_dir + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute wp_plugins_dir.

    +
     + +
    • + + +
+ + + + + +

Attributes included from Vulnerable

+

#vulns_file, #vulns_xpath

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + + + + + + + +

Methods included from Output

+

#output

+ + + + + + + + + +

Methods included from Infos

+

#changelog_url, #error_log_url, #has_changelog?, #has_directory_listing?, #has_error_log?, #has_readme?, #readme_url, #url_is_200?

+ + + + + + + + + +

Methods included from Existable

+

#exists?, #exists_from_response?

+ + + + + + + + + +

Methods included from Vulnerable

+

#vulnerabilities

+ + + + + + + + + +

Methods included from Versionable

+

#to_s, #version

+
+

Constructor Details

+ +
+

+ + - (WpItem) initialize(target_base_uri, options = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + target_base_uri + + + (URI) + + + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + + — +
    +

    See allowed_option

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+32
+33
+34
+35
+36
+37
+38
+39
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 32
+
+def initialize(target_base_uri, options = {})
+
+  options[:wp_content_dir] ||= 'wp-content'
+  options[:wp_plugins_dir] ||= options[:wp_content_dir] + '/plugins'
+
+  set_options(options)
+  forge_uri(target_base_uri)
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) found_from + + + + + +

+
+ +

Returns the value of attribute found_from

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+4
+5
+6
+ 		+ 
# File 'lib/common/models/wp_item/findable.rb', line 4
+
+def found_from
+  @found_from
+end
+
+
+ + + +
+

+ + - (Object) name + + + + + +

+
+ +

Returns the value of attribute name

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+20
+21
+22
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 20
+
+def name
+  @name
+end
+
+
+ + + +
+

+ + - (Object) path + + + + + +

+
+ +

Returns the value of attribute path

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+19
+20
+21
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 19
+
+def path
+  @path
+end
+
+
+ + + +
+

+ + - (Object) version=(value) (writeonly) + + + + + +

+
+ +

Sets the attribute version

+ + +
+
+
+

Parameters:

+
    + +
  • + + value + + + + + + + — +
    +

    the value to set the attribute version to.

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+4
+5
+6
+ 		+ 
# File 'lib/common/models/wp_item/versionable.rb', line 4
+
+def version=(value)
+  @version = value
+end
+
+
+ + + +
+

+ + - (Object) wp_content_dir + + + + + +

+
+ +

Returns the value of attribute wp_content_dir

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+20
+21
+22
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 20
+
+def wp_content_dir
+  @wp_content_dir
+end
+
+
+ + + +
+

+ + - (Object) wp_plugins_dir + + + + + +

+
+ +

Returns the value of attribute wp_plugins_dir

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+20
+21
+22
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 20
+
+def wp_plugins_dir
+  @wp_plugins_dir
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) <=>(other) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + other + + + (WpItem) + + + +
    • + +
+ + +
+ + + + +
+ 
+
+
+89
+90
+91
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 89
+
+def <=>(other)
+  name <=> other.name
+end
+
+
+ +
+

+ + - (Object) ==(other) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + other + + + (WpItem) + + + +
    • + +
+ + +
+ + + + +
+ 
+
+
+94
+95
+96
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 94
+
+def ==(other)
+  name === other.name
+end
+
+
+ +
+

+ + - (Object) ===(other) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + other + + + (WpItem) + + + +
    • + +
+ + +
+ + + + +
+ 
+
+
+99
+100
+101
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 99
+
+def ===(other)
+  self == other && version === other.version
+end
+
+
+ +
+

+ + - (Array) allowed_options + + + + + +

+
+ +

Make it private ?

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Array) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+24
+25
+26
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 24
+
+def allowed_options
+  [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :vulns_file]
+end
+
+
+ +
+

+ + - (void) forge_uri(target_base_uri) + + + + + +

+
+

This method returns an undefined value.

+ +
+
+
+

Parameters:

+
    + +
  • + + target_base_uri + + + (URI) + + + +
    • + +
+ + +
+ + + + +
+ 
+
+
+62
+63
+64
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 62
+
+def forge_uri(target_base_uri)
+  @uri = target_base_uri
+end
+
+
+ +
+

+ + - (void) set_options(options) (private) + + + + + +

+
+

This method returns an undefined value.

+ +
+
+
+

Parameters:

+
    + +
  • + + options + + + (Hash) + + + +
    • + +
+ + +
+ + + + +
+ 
+
+
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 44
+
+def set_options(options)
+  allowed_options.each do |allowed_option|
+    if options.has_key?(allowed_option)
+      method = :#{allowed_option}="
+
+      if self.respond_to?(method)
+        self.send(method, options[allowed_option])
+      else
+        raise "#{self.class} does not respond to #{method}"
+      end
+    end
+  end
+end
+
+
+ +
+

+ + - (URI) uri + + + + + +

+
+ +

The uri to the WpItem, with the path if present

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (URI) + + + + — +
    +

    The uri to the WpItem, with the path if present

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+67
+68
+69
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 67
+
+def uri
+  path ? @uri.merge(path) : @uri
+end
+
+
+ +
+

+ + - (String) url + + + + + +

+
+ +

The url to the WpItem

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The url to the WpItem

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+72
+ 		+ 
# File 'lib/common/models/wp_item.rb', line 72
+
+def url; uri.to_s end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpItem/Existable.html b/doc_yard/WpItem/Existable.html new file mode 100644 index 00000000..1ac03af6 --- /dev/null +++ b/doc_yard/WpItem/Existable.html @@ -0,0 +1,421 @@ + + + + + + Module: WpItem::Existable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpItem::Existable + + + +

+ +
+ + + + + + + +
Included in:
+
WpItem
+ + + +
Defined in:
+
lib/common/models/wp_item/existable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) exists?(options = {}, response = nil) + + + + + +

+
+ +

Check the existence of the WpItem If the response is supplied, it's used +for the verification Otherwise a new request is done

+ + +
+
+
+

Parameters:

+
    + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + + — +
    +

    See exists_from_response?

    +
    + +
    • + +
  • + + response + + + (Typhoeus::Response) + + + (defaults to: nil) + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+14
+15
+16
+17
+18
+19
+ 		+ 
# File 'lib/common/models/wp_item/existable.rb', line 14
+
+def exists?(options = {}, response = nil)
+  unless response
+    response = Browser.get(url)
+  end
+  exists_from_response?(response, options)
+end
+
+
+ +
+

+ + - (Boolean) exists_from_response?(response, options = {}) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + response + + + (Typhoeus::Response) + + + +
    • + +
  • + + options + + + (options) + + + (defaults to: {}) + + +
    • + +
+ + + + + + +

Options Hash (options):

+
    + +
  • + :error_404_hash + (Hash) + + + + + —
    +

    The hash of the error 404 page

    +
    + +
    • + +
  • + :homepage_hash + (Hash) + + + + + —
    +

    The hash of the homepage

    +
    + +
    • + +
  • + :exclude_content + (Hash) + + + + + —
    +

    A regexp with the pattern to exclude from the body of the response

    +
    + +
    • + +
+ + +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+ 		+ 
# File 'lib/common/models/wp_item/existable.rb', line 31
+
+def exists_from_response?(response, options = {})
+  if [200, 401, 403].include?(response.code)
+    if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash])
+      if options[:exclude_content]
+        unless response.body.match(options[:exclude_content])
+          return true
+        end
+      else
+        return true
+      end
+    end
+  end
+  false
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpItem/Findable.html b/doc_yard/WpItem/Findable.html new file mode 100644 index 00000000..2febe2ec --- /dev/null +++ b/doc_yard/WpItem/Findable.html @@ -0,0 +1,109 @@ + + + + + + Module: WpItem::Findable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpItem::Findable + + + +

+ +
+ + + + + + + +
Included in:
+
WpItem
+ + + +
Defined in:
+
lib/common/models/wp_item/findable.rb
+ +
+
+ + + + + + + + + + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpItem/Infos.html b/doc_yard/WpItem/Infos.html new file mode 100644 index 00000000..1890af13 --- /dev/null +++ b/doc_yard/WpItem/Infos.html @@ -0,0 +1,786 @@ + + + + + + Module: WpItem::Infos + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpItem::Infos + + + +

+ +
+ + + + + + + +
Included in:
+
WpItem
+ + + +
Defined in:
+
lib/common/models/wp_item/infos.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (String) changelog_url + + + + + +

+
+ +

The url to the changelog file

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The url to the changelog file

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+37
+38
+39
+ 		+ 
# File 'lib/common/models/wp_item/infos.rb', line 37
+
+def changelog_url
+  @uri.merge('changelog.txt').to_s
+end
+
+
+ +
+

+ + - (String) error_log_url + + + + + +

+
+ +

The url to the error_log file

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The url to the error_log file

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+58
+59
+60
+ 		+ 
# File 'lib/common/models/wp_item/infos.rb', line 58
+
+def error_log_url
+  @uri.merge('error_log').to_s
+end
+
+
+ +
+

+ + - (Boolean) has_changelog? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+23
+24
+25
+ 		+ 
# File 'lib/common/models/wp_item/infos.rb', line 23
+
+def has_changelog?
+  url_is_200?(changelog_url)
+end
+
+
+ +
+

+ + - (Boolean) has_directory_listing? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+42
+43
+44
+ 		+ 
# File 'lib/common/models/wp_item/infos.rb', line 42
+
+def has_directory_listing?
+  Browser.get(@uri.to_s).body[%r{<title>Index of}] ? true : false
+end
+
+
+ +
+

+ + - (Boolean) has_error_log? + + + + + +

+
+ +

Discover any error_log files created by WordPress These are created by the +WordPress error_log() function They are normally found in the /plugins/ +directory, however can also be found in their specific plugin dir. www.exploit-db.com/ghdb/3714/

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+53
+54
+55
+ 		+ 
# File 'lib/common/models/wp_item/infos.rb', line 53
+
+def has_error_log?
+  WebSite.has_log?(error_log_url, %r{PHP Fatal error}i)
+end
+
+
+ +
+

+ + - (Boolean) has_readme? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+9
+10
+11
+ 		+ 
# File 'lib/common/models/wp_item/infos.rb', line 9
+
+def has_readme?
+  !readme_url.nil?
+end
+
+
+ +
+

+ + - (String?) readme_url + + + + + +

+
+ +

The url to the readme file, nil if not found

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String, nil) + + + + — +
    +

    The url to the readme file, nil if not found

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+14
+15
+16
+17
+18
+19
+20
+ 		+ 
# File 'lib/common/models/wp_item/infos.rb', line 14
+
+def readme_url
+  %w{readme.txt README.txt}.each do |readme|
+    url = @uri.merge(readme).to_s
+    return url if url_is_200?(url)
+  end
+  nil
+end
+
+
+ +
+

+ + - (Boolean) url_is_200?(url) + + + + + +

+
+ +

Checks if the url status code is 200

+ + +
+
+
+

Parameters:

+
    + +
  • + + url + + + (String) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + + — +
    +

    True if the url status is 200

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+32
+33
+34
+ 		+ 
# File 'lib/common/models/wp_item/infos.rb', line 32
+
+def url_is_200?(url)
+  Browser.get(url).code == 200
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpItem/Output.html b/doc_yard/WpItem/Output.html new file mode 100644 index 00000000..d66598f1 --- /dev/null +++ b/doc_yard/WpItem/Output.html @@ -0,0 +1,224 @@ + + + + + + Module: WpItem::Output + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpItem::Output + + + +

+ +
+ + + + + + + +
Included in:
+
WpItem
+ + + +
Defined in:
+
lib/common/models/wp_item/output.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Void) output + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Void) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+ 		+ 
# File 'lib/common/models/wp_item/output.rb', line 7
+
+def output
+  puts
+  puts " | Name: #{self}" #this will also output the version number if detected
+  puts " | Location: #{url}"
+  #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
+  puts ' | Directory listing enabled: Yes' if has_directory_listing?
+  puts " | Readme: #{readme_url}" if has_readme?
+  puts " | Changelog: #{changelog_url}" if has_changelog?
+
+  vulnerabilities.output
+
+  if has_error_log?
+    puts ' | ' + red('[!]') + " An error_log file has been found : #{error_log_url}"
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpItem/Versionable.html b/doc_yard/WpItem/Versionable.html new file mode 100644 index 00000000..58466655 --- /dev/null +++ b/doc_yard/WpItem/Versionable.html @@ -0,0 +1,293 @@ + + + + + + Module: WpItem::Versionable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpItem::Versionable + + + +

+ +
+ + + + + + + +
Included in:
+
WpItem
+ + + +
Defined in:
+
lib/common/models/wp_item/versionable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (String) to_s + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+20
+21
+22
+23
+ 		+ 
# File 'lib/common/models/wp_item/versionable.rb', line 20
+
+def to_s
+  item_version = self.version
+  "#@name#{' v' + item_version.strip if item_version}"
+end
+
+
+ +
+

+ + - (String) version + + + + + +

+
+ +

Get the version from the readme.txt

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The version number

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+11
+12
+13
+14
+15
+16
+17
+ 		+ 
# File 'lib/common/models/wp_item/versionable.rb', line 11
+
+def version
+  unless @version
+    response = Browser.get(readme_url)
+    @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
+  end
+  @version
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpItem/Vulnerable.html b/doc_yard/WpItem/Vulnerable.html new file mode 100644 index 00000000..0730cb65 --- /dev/null +++ b/doc_yard/WpItem/Vulnerable.html @@ -0,0 +1,366 @@ + + + + + + Module: WpItem::Vulnerable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpItem::Vulnerable + + + +

+ +
+ + + + + + + +
Included in:
+
WpItem
+ + + +
Defined in:
+
lib/common/models/wp_item/vulnerable.rb
+ +
+
+ + + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) vulns_file + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute vulns_file.

    +
     + +
    • + + +
  • + + + - (Object) vulns_xpath + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute vulns_xpath.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) vulns_file + + + + + +

+
+ +

Returns the value of attribute vulns_file

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/common/models/wp_item/vulnerable.rb', line 5
+
+def vulns_file
+  @vulns_file
+end
+
+
+ + + +
+

+ + - (Object) vulns_xpath + + + + + +

+
+ +

Returns the value of attribute vulns_xpath

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+5
+6
+7
+ 		+ 
# File 'lib/common/models/wp_item/vulnerable.rb', line 5
+
+def vulns_xpath
+  @vulns_xpath
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Vulnerabilities) vulnerabilities + + + + + +

+
+ +

Get the vulnerabilities associated to the WpItem

+ + +
+
+
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+10
+11
+12
+13
+14
+15
+16
+17
+18
+ 		+ 
# File 'lib/common/models/wp_item/vulnerable.rb', line 10
+
+def vulnerabilities
+  xml             = xml(vulns_file)
+  vulnerabilities = Vulnerabilities.new
+
+  xml.xpath(vulns_xpath).each do |node|
+    vulnerabilities << Vulnerability.load_from_xml_node(node)
+  end
+  vulnerabilities
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpItems.html b/doc_yard/WpItems.html new file mode 100644 index 00000000..efe86b95 --- /dev/null +++ b/doc_yard/WpItems.html @@ -0,0 +1,184 @@ + + + + + + Class: WpItems + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpItems + + + +

+ +
+ +
Inherits:
+
+ Array + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + +
Extended by:
+
Detectable
+ + + + +
Includes:
+
Output
+ + + + + +
Defined in:
+
lib/common/collections/wp_items.rb,
+ lib/common/collections/wp_items/output.rb,
lib/common/collections/wp_items/detectable.rb +
+ +
+
+ +
+

Direct Known Subclasses

+

WpPlugins, WpThemes, WpTimthumbs, WpUsers

+
+

Defined Under Namespace

+

+ + + Modules: Detectable, Output + + + + +

+ + + + + + +

Instance Attribute Summary

+ +

Attributes included from Detectable

+

#item_xpath, #vulns_file

+ + + + + + + + + +

Method Summary

+ +

Methods included from Detectable

+

aggressive_detection, create_item, item_class, passive_detection, progress_bar, request_params, targets_items, targets_items_from_file, vulnerable_targets_items

+ + + + + + + + + +

Methods included from Output

+

#output

+ + + + + + + + + +

Methods inherited from Array

+

#_grep_

+ + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpItems/Detectable.html b/doc_yard/WpItems/Detectable.html new file mode 100644 index 00000000..064b37a4 --- /dev/null +++ b/doc_yard/WpItems/Detectable.html @@ -0,0 +1,1493 @@ + + + + + + Module: WpItems::Detectable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpItems::Detectable + + + +

+ +
+ + + + + + + +
Included in:
+
WpItems
+ + + +
Defined in:
+
lib/common/collections/wp_items/detectable.rb
+ +
+
+ + + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) item_xpath + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute item_xpath.

    +
     + +
    • + + +
  • + + + - (Object) vulns_file + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute vulns_file.

    +
     + +
    • + + +
+ + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) item_xpath (readonly) + + + + + +

+
+ +

Returns the value of attribute item_xpath

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 6
+
+def item_xpath
+  @item_xpath
+end
+
+
+ + + +
+

+ + - (Object) vulns_file (readonly) + + + + + +

+
+ +

Returns the value of attribute vulns_file

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 6
+
+def vulns_file
+  @vulns_file
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (WpItems) aggressive_detection(wp_target, options = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ + + + + + +

Options Hash (options):

+
    + +
  • + :show_progression + (Boolean) + + + + + —
    +

    Whether or not output the progress bar

    +
    + +
    • + +
  • + :only_vulnerable + (Boolean) + + + + + —
    +

    Only check for vulnerable items

    +
    + +
    • + +
  • + :exclude_content + (String) + + + + +
    • + +
+ + +

Returns:

+ + +
+ + + + +
+ 
+
+
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 15
+
+def aggressive_detection(wp_target, options = {})
+  browser          = Browser.instance
+  hydra            = browser.hydra
+  targets          = targets_items(wp_target, options)
+  progress_bar     = progress_bar(targets.size, options)
+  exist_options    = {
+    error_404_hash:  wp_target.error_404_hash,
+    homepage_hash:   wp_target.homepage_hash,
+    exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil
+  }
+
+  # If we only want the vulnerable ones, the passive detection is ignored
+  # Otherwise, a passive detection is performed, and results will be merged
+  results = options[:only_vulnerable] ? new : passive_detection(wp_target, options)
+
+  targets.each do |target_item|
+    request = browser.forge_request(target_item.url, request_params)
+
+    request.on_complete do |response|
+      progress_bar.progress += 1 if options[:show_progression]
+
+      if target_item.exists?(exist_options, response)
+        if !results.include?(target_item)
+          results << target_item
+        end
+      end
+    end
+
+    hydra.queue(request)
+  end
+
+  hydra.run
+  results.sort!
+  results # can't just return results.sort because the #sort returns an array, and we want a WpItems
+end
+
+
+ +
+

+ + - (WpItem) create_item(klass, name, wp_target, vulns_file = nil) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + klass + + + (Class) + + + +
    • + +
  • + + name + + + (String) + + + +
    • + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
  • + + [ + + + (Hash) + + + + — +
    +

    a customizable set of options

    +
    + +
    • + +
+ + + + + + + + + + + +

Returns:

+
    + +
  • + + + (WpItem) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+154
+155
+156
+157
+158
+159
+160
+161
+162
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 154
+
+def create_item(klass, name, wp_target, vulns_file = nil)
+  klass.new(
+    wp_target.uri,
+    name:           name,
+    vulns_file:     vulns_file,
+    wp_content_dir: wp_target.wp_content_dir,
+    wp_plugins_dir: wp_target.wp_plugins_dir
+  )
+end
+
+
+ +
+

+ + - (Class) item_class (protected) + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Class) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+187
+188
+189
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 187
+
+def item_class
+  Object.const_get(self.to_s.gsub(/.$/, ''))
+end
+
+
+ +
+

+ + - (WpItems) passive_detection(wp_target, options = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 72
+
+def passive_detection(wp_target, options = {})
+  results      = new
+  item_class   = self.item_class
+  type         = self.to_s.gsub(/Wp/, '').downcase
+  response     = Browser.get(wp_target.url)
+  item_options = {
+    wp_content_dir: wp_target.wp_content_dir,
+    wp_plugins_dir: wp_target.wp_plugins_dir,
+    vulns_file:     self.vulns_file
+  }
+
+  regex1 = %r{(?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\\?/}
+  regex2 = %r{\\?/}
+  regex3 = %r{\\?/([^/\\"']+)\\?(?:/|"|')}
+
+  names = response.body.scan(/#{regex1}#{Regexp.escape(wp_target.wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/i)
+
+  names.flatten.uniq.each do |name|
+    results << item_class.new(wp_target.uri, item_options.merge(name: name))
+  end
+
+  results.sort!
+  results
+end
+
+
+ +
+

+ + - (ProgressBar) progress_bar(targets_size, options) + + + + + +

+
+ +

:nocov:

+ + +
+
+
+

Parameters:

+
    + +
  • + + targets_size + + + (Integer) + + + +
    • + +
  • + + options + + + (Hash) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (ProgressBar) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 56
+
+def progress_bar(targets_size, options)
+  if options[:show_progression]
+    ProgressBar.create(
+      format: '%t %a <%B> (%c / %C) %P%% %e',
+      title: '  ', # Used to craete a left margin
+      length: 120,
+      total: targets_size
+    )
+  end
+end
+
+
+ +
+

+ + - (Hash) request_params (protected) + + + + + +

+
+ +

The default request parameters

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Hash) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+102
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 102
+
+def request_params; { cache_ttl: 0, followlocation: true } end
+
+
+ +
+

+ + - (Array<WpItem>) targets_items(wp_target, options = {}) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
  • + + options + + + (options) + + + (defaults to: {}) + + +
    • + +
+ + + + + + +

Options Hash (options):

+
    + +
  • + :only_vulnerable + (Boolean) + + + + +
    • + +
  • + :file + (String) + + + + + —
    +

    The path to the file containing the targets

    +
    + +
    • + +
+ + +

Returns:

+ + +
+ + + + +
+ 
+
+
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 110
+
+def targets_items(wp_target, options = {})
+  item_class = self.item_class
+  vulns_file = self.vulns_file
+
+  targets = vulnerable_targets_items(wp_target, item_class, vulns_file)
+
+  unless options[:only_vulnerable]
+    unless options[:file]
+      raise 'A file must be supplied'
+    end
+
+    targets += targets_items_from_file(options[:file], wp_target, item_class, vulns_file)
+  end
+
+  targets.uniq! { |t| t.name }
+  targets.sort_by { rand }
+end
+
+
+ +
+

+ + - (WpItem) targets_items_from_file(file, wp_target, item_class, vulns_file) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + file + + + (String) + + + +
    • + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
  • + + item_class + + + (Class) + + + +
    • + +
  • + + vulns_file + + + (String) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (WpItem) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+170
+171
+172
+173
+174
+175
+176
+177
+178
+179
+180
+181
+182
+183
+184
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 170
+
+def targets_items_from_file(file, wp_target, item_class, vulns_file)
+  targets = []
+
+  File.open(file, 'r') do |f|
+    f.readlines.collect do |item_name|
+      targets << create_item(
+        item_class,
+        item_name.strip,
+        wp_target,
+        vulns_file
+      )
+    end
+  end
+  targets
+end
+
+
+ +
+

+ + - (Array<WpItem>) vulnerable_targets_items(wp_target, item_class, vulns_file) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
  • + + item_class + + + (Class) + + + +
    • + +
  • + + vulns_file + + + (String) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+ 		+ 
# File 'lib/common/collections/wp_items/detectable.rb', line 133
+
+def vulnerable_targets_items(wp_target, item_class, vulns_file)
+  targets = []
+  xml     = xml(vulns_file)
+
+  xml.xpath(item_xpath).each do |node|
+    targets << create_item(
+      item_class,
+      node.attribute('name').text,
+      wp_target,
+      vulns_file
+    )
+  end
+  targets
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpItems/Output.html b/doc_yard/WpItems/Output.html new file mode 100644 index 00000000..265ada28 --- /dev/null +++ b/doc_yard/WpItems/Output.html @@ -0,0 +1,178 @@ + + + + + + Module: WpItems::Output + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpItems::Output + + + +

+ +
+ + + + + + + +
Included in:
+
WpItems
+ + + +
Defined in:
+
lib/common/collections/wp_items/output.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) output + + + + + +

+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/common/collections/wp_items/output.rb', line 6
+
+def output
+  self.each { |item| item.output }
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpPlugin.html b/doc_yard/WpPlugin.html new file mode 100644 index 00000000..05a29eab --- /dev/null +++ b/doc_yard/WpPlugin.html @@ -0,0 +1,339 @@ + + + + + + Class: WpPlugin + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpPlugin + + + +

+ +
+ +
Inherits:
+
+ WpItem + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + +
Includes:
+
Vulnerable
+ + + + + +
Defined in:
+
lib/common/models/wp_plugin.rb,
+ lib/common/models/wp_plugin/vulnerable.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Vulnerable + + + + +

+ + + + + + +

Instance Attribute Summary

+ +

Attributes inherited from WpItem

+

#found_from, #name, #path, #version, #wp_content_dir, #wp_plugins_dir

+ + + +

Attributes included from WpItem::Vulnerable

+

#vulns_file, #vulns_xpath

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods included from Vulnerable

+

#vulns_file, #vulns_xpath

+ + + + + + + + + +

Methods inherited from WpItem

+

#<=>, #==, #===, #allowed_options, #initialize, #set_options, #uri, #url

+ + + + + + + + + + + + + + + +

Methods included from WpItem::Output

+

#output

+ + + + + + + + + +

Methods included from WpItem::Infos

+

#changelog_url, #error_log_url, #has_changelog?, #has_directory_listing?, #has_error_log?, #has_readme?, #readme_url, #url_is_200?

+ + + + + + + + + +

Methods included from WpItem::Existable

+

#exists?, #exists_from_response?

+ + + + + + + + + +

Methods included from WpItem::Vulnerable

+

#vulnerabilities

+ + + + + + + + + +

Methods included from WpItem::Versionable

+

#to_s, #version

+
+

Constructor Details

+ +

This class inherits a constructor from WpItem

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (void) forge_uri(target_base_uri) + + + + + +

+
+

This method returns an undefined value.

+

Sets the @uri

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_base_uri + + + (URI) + + + + — +
    +

    The URI of the wordpress blog

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+13
+14
+15
+ 		+ 
# File 'lib/common/models/wp_plugin.rb', line 13
+
+def forge_uri(target_base_uri)
+  @uri = target_base_uri.merge(URI.encode(wp_plugins_dir + '/' + name + '/'))
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpPlugin/Vulnerable.html b/doc_yard/WpPlugin/Vulnerable.html new file mode 100644 index 00000000..07c7af2a --- /dev/null +++ b/doc_yard/WpPlugin/Vulnerable.html @@ -0,0 +1,289 @@ + + + + + + Module: WpPlugin::Vulnerable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpPlugin::Vulnerable + + + +

+ +
+ + + + + + + +
Included in:
+
WpPlugin
+ + + +
Defined in:
+
lib/common/models/wp_plugin/vulnerable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (String) vulns_file + + + + + +

+
+ +

The path to the file containing vulnerabilities

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The path to the file containing vulnerabilities

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+7
+8
+9
+10
+11
+12
+ 		+ 
# File 'lib/common/models/wp_plugin/vulnerable.rb', line 7
+
+def vulns_file
+  unless @vulns_file
+    @vulns_file = PLUGINS_VULNS_FILE
+  end
+  @vulns_file
+end
+
+
+ +
+

+ + - (String) vulns_xpath + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+15
+16
+17
+ 		+ 
# File 'lib/common/models/wp_plugin/vulnerable.rb', line 15
+
+def vulns_xpath
+  "//plugin[@name='#{@name}']/vulnerability"
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpPlugins.html b/doc_yard/WpPlugins.html new file mode 100644 index 00000000..e6b6e49f --- /dev/null +++ b/doc_yard/WpPlugins.html @@ -0,0 +1,195 @@ + + + + + + Class: WpPlugins + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpPlugins + + + +

+ +
+ +
Inherits:
+
+ WpItems + + + show all + +
+ + + + +
Extended by:
+
Detectable
+ + + + + + + +
Defined in:
+
lib/common/collections/wp_plugins.rb,
+ lib/common/collections/wp_plugins/detectable.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Detectable + + + + +

+ + + + + + +

Instance Attribute Summary

+ +

Attributes included from WpItems::Detectable

+

#item_xpath, #vulns_file

+ + + + + + + + + +

Method Summary

+ +

Methods included from Detectable

+

item_xpath, vulns_file

+ + + + + + + + + + + + + + + +

Methods included from WpItems::Detectable

+

#aggressive_detection, #create_item, #item_class, #passive_detection, #progress_bar, #request_params, #targets_items, #targets_items_from_file, #vulnerable_targets_items

+ + + + + + + + + +

Methods included from WpItems::Output

+

#output

+ + + + + + + + + +

Methods inherited from Array

+

#_grep_

+ + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpPlugins/Detectable.html b/doc_yard/WpPlugins/Detectable.html new file mode 100644 index 00000000..9618a8b0 --- /dev/null +++ b/doc_yard/WpPlugins/Detectable.html @@ -0,0 +1,274 @@ + + + + + + Module: WpPlugins::Detectable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpPlugins::Detectable + + + +

+ +
+ + + + + + + +
Included in:
+
WpPlugins
+ + + +
Defined in:
+
lib/common/collections/wp_plugins/detectable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (String) item_xpath + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/common/collections/wp_plugins/detectable.rb', line 12
+
+def item_xpath
+  '//plugin'
+end
+
+
+ +
+

+ + - (String) vulns_file + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+7
+8
+9
+ 		+ 
# File 'lib/common/collections/wp_plugins/detectable.rb', line 7
+
+def vulns_file
+  PLUGINS_VULNS_FILE
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTarget.html b/doc_yard/WpTarget.html new file mode 100644 index 00000000..2e7c5465 --- /dev/null +++ b/doc_yard/WpTarget.html @@ -0,0 +1,1285 @@ + + + + + + Class: WpTarget + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpTarget + + + +

+ +
+ +
Inherits:
+
+ WebSite + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + +
Includes:
+
Malwares, WpConfigBackup, WpCustomDirectories, WpFullPathDisclosure, WpLoginProtection, WpReadme, WpRegistrable
+ + + + + +
Defined in:
+
lib/wpscan/wp_target.rb,
+ lib/wpscan/wp_target/malwares.rb,
lib/wpscan/wp_target/wp_readme.rb,
lib/wpscan/wp_target/wp_registrable.rb,
lib/wpscan/wp_target/wp_config_backup.rb,
lib/wpscan/wp_target/wp_login_protection.rb,
lib/wpscan/wp_target/wp_custom_directories.rb,
lib/wpscan/wp_target/wp_full_path_disclosure.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Malwares, WpConfigBackup, WpCustomDirectories, WpFullPathDisclosure, WpLoginProtection, WpReadme, WpRegistrable + + + + +

+ +

Constant Summary

+ + + + +

Constant Summary

+ +

Constants included + from WpLoginProtection

+

WpLoginProtection::LOGIN_PROTECTION_METHOD_PATTERN

+ + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) verbose + + + + + + + + + readonly + + + + + + + + + +
    +

    Returns the value of attribute verbose.

    +
     + +
    • + + +
+ + + + + +

Attributes inherited from WebSite

+

#uri

+ + + +

+ Class Method Summary + (collapse) +

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods included from WpFullPathDisclosure

+

#full_path_disclosure_url, #has_full_path_disclosure?

+ + + + + + + + + +

Methods included from WpCustomDirectories

+

#default_wp_content_dir_exists?, #wp_content_dir, #wp_plugins_dir, #wp_plugins_dir_exists?

+ + + + + + + + + +

Methods included from WpLoginProtection

+

#better_wp_security_url, #bluetrait_event_viewer_url, #has_better_wp_security_protection?, #has_bluetrait_event_viewer_protection?, #has_limit_login_attempts_protection?, #has_login_lock_protection?, #has_login_lockdown_protection?, #has_login_protection?, #has_login_security_solution_protection?, #has_simple_login_lockdown_protection?, #limit_login_attempts_url, #login_protection_plugin, #login_security_solution_url, #plugin_url, #simple_login_lockdown_url

+ + + + + + + + + +

Methods included from WpConfigBackup

+

#config_backup, config_backup_files

+ + + + + + + + + +

Methods included from WpRegistrable

+

#multisite?, #registration_enabled?, #registration_url

+ + + + + + + + + +

Methods included from WpReadme

+

#has_readme?, #readme_url

+ + + + + + + + + +

Methods included from Malwares

+

#has_malwares?, malware_pattern, #malwares, malwares_file

+ + + + + + + + + +

Methods inherited from WebSite

+

#error_404_hash, #has_basic_auth?, has_log?, #has_robots?, #has_xml_rpc?, #homepage_hash, #online?, page_hash, #redirection, #robots_url, #rss_url, #url, #url=, #xml_rpc_url, #xml_rpc_url_from_body, #xml_rpc_url_from_headers

+
+

Constructor Details

+ +
+

+ + - (WpTarget) initialize(target_url, options = {}) + + + + + +

+
+ +

A new instance of WpTarget

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 23
+
+def initialize(target_url, options = {})
+  super(target_url)
+
+  @verbose        = options[:verbose]
+  @wp_content_dir = options[:wp_content_dir]
+  @wp_plugins_dir = options[:wp_plugins_dir]
+  @multisite      = nil
+
+  Browser.instance(options.merge(:max_threads => options[:threads]))
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) verbose (readonly) + + + + + +

+
+ +

Returns the value of attribute verbose

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+21
+22
+23
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 21
+
+def verbose
+  @verbose
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + + (Object) valid_response_codes + + + + + +

+
+ +

Valid HTTP return codes

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+73
+74
+75
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 73
+
+def self.valid_response_codes
+  [200, 301, 302, 401, 403, 500, 400]
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (String) debug_log_url + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+115
+116
+117
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 115
+
+def debug_log_url
+  @uri.merge("#{wp_content_dir()}/debug.log").to_s
+end
+
+
+ +
+

+ + - (Boolean) has_debug_log? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+110
+111
+112
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 110
+
+def has_debug_log?
+  WebSite.has_log?(debug_log_url, %r{\[[^\]]+\] PHP (?:Warning|Error|Notice):})
+end
+
+
+ +
+

+ + - (Boolean) has_plugin?(name, version = nil) + + + + + +

+
+ +

The version is not yet considerated

+ + +
+
+
+

Parameters:

+
    + +
  • + + name + + + (String) + + + +
    • + +
  • + + version + + + (String) + + + (defaults to: nil) + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+99
+100
+101
+102
+103
+104
+105
+106
+107
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 99
+
+def has_plugin?(name, version = nil)
+  WpPlugin.new(
+    @uri,
+    name: name,
+    version: version,
+    wp_content_dir: wp_content_dir,
+    wp_plugins_dir: wp_plugins_dir
+  ).exists?
+end
+
+
+ +
+

+ + - (Object) login_url + + + + + +

+ + + + +
+ 
+
+
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 60
+
+def 
+  url = @uri.merge('wp-login.php').to_s
+
+  # Let's check if the login url is redirected (to https url for example)
+  redirection = redirection(url)
+  if redirection
+    url = redirection
+  end
+
+  url
+end
+
+
+ +
+

+ + - (Boolean) search_replace_db_2_exists? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+129
+130
+131
+132
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 129
+
+def search_replace_db_2_exists?
+  resp = Browser.get(search_replace_db_2_url)
+  resp.code == 200 && resp.body[%r{by interconnect}i]
+end
+
+
+ +
+

+ + - (String) search_replace_db_2_url + + + + + +

+
+ +

Script for replacing strings in wordpress databases reveals databse +credentials after hitting submit interconnectit.com/124/search-and-replace-for-wordpress-databases/

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+124
+125
+126
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 124
+
+def search_replace_db_2_url
+  @uri.merge('searchreplacedb2.php').to_s
+end
+
+
+ +
+

+ + - (WpTheme) theme + + + + + +

+
+ +

:nocov:

+ + +
+
+
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+79
+80
+81
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 79
+
+def theme
+  WpTheme.find(@uri)
+end
+
+
+ +
+

+ + - (WpVersion) version(versions_xml) + + + + + +

+
+ +

:nocov:

+ + +
+
+
+

Parameters:

+
    + +
  • + + versions_xml + + + (String) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+88
+89
+90
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 88
+
+def version(versions_xml)
+  WpVersion.find(@uri, wp_content_dir, wp_plugins_dir, versions_xml)
+end
+
+
+ +
+

+ + - (Boolean) wordpress? + + + + + +

+
+ +

check if the target website is actually running wordpress.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+58
+ 		+ 
# File 'lib/wpscan/wp_target.rb', line 36
+
+def wordpress?
+  wordpress = false
+
+  response = Browser.get_and_follow_location(@uri.to_s)
+
+  if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
+    wordpress = true
+  else
+    response = Browser.get_and_follow_location(xml_rpc_url)
+
+    if response.body =~ %r{XML-RPC server accepts POST requests only}i
+      wordpress = true
+    else
+      response = Browser.get_and_follow_location()
+
+      if response.code == 200 && response.body =~ %r{WordPress}i
+        wordpress = true
+      end
+    end
+  end
+
+  wordpress
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTarget/Malwares.html b/doc_yard/WpTarget/Malwares.html new file mode 100644 index 00000000..5b4d6f1c --- /dev/null +++ b/doc_yard/WpTarget/Malwares.html @@ -0,0 +1,426 @@ + + + + + + Module: WpTarget::Malwares + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTarget::Malwares + + + +

+ +
+ + + + + + + +
Included in:
+
WpTarget
+ + + +
Defined in:
+
lib/wpscan/wp_target/malwares.rb
+ +
+
+ + + + + + + + + +

+ Class Method Summary + (collapse) +

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Class Method Details

+ + +
+

+ + + (Object) malware_pattern(url_regex) + + + + + +

+ + + + +
+ 
+
+
+44
+45
+46
+47
+ 		+ 
# File 'lib/wpscan/wp_target/malwares.rb', line 44
+
+def self.malware_pattern(url_regex)
+  # no need to escape regex here, because malware.txt contains regex
+  %r{<(?:script|iframe).* src=(?:"|')(#{url_regex}[^"']*)(?:"|')[^>]*>}i
+end
+
+
+ +
+

+ + + (Object) malwares_file(malwares_file_path) + + + + + +

+ + + + +
+ 
+
+
+40
+41
+42
+ 		+ 
# File 'lib/wpscan/wp_target/malwares.rb', line 40
+
+def self.malwares_file(malwares_file_path)
+  malwares_file_path || DATA_DIR + '/malwares.txt'
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (Boolean) has_malwares?(malwares_file_path = nil) + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+11
+12
+13
+ 		+ 
# File 'lib/wpscan/wp_target/malwares.rb', line 11
+
+def has_malwares?(malwares_file_path = nil)
+  !malwares(malwares_file_path).empty?
+end
+
+
+ +
+

+ + - (Object) malwares(malwares_file_path = nil) + + + + + +

+
+ +

return array of string (url of malwares found)

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+ 		+ 
# File 'lib/wpscan/wp_target/malwares.rb', line 16
+
+def malwares(malwares_file_path = nil)
+  unless @malwares
+    malwares_found = []
+    malwares_file = Malwares.malwares_file(malwares_file_path)
+    index_page_body = Browser.get(@uri.to_s).body
+
+    File.open(malwares_file, 'r') do |file|
+      file.readlines.collect do |url|
+        chomped_url = url.chomp
+
+        if chomped_url.length > 0
+          malwares_found += index_page_body.scan(Malwares.malware_pattern(chomped_url))
+        end
+      end
+    end
+
+    malwares_found.flatten!
+    malwares_found.uniq!
+
+    @malwares = malwares_found
+  end
+  @malwares
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTarget/WpConfigBackup.html b/doc_yard/WpTarget/WpConfigBackup.html new file mode 100644 index 00000000..d12bc005 --- /dev/null +++ b/doc_yard/WpTarget/WpConfigBackup.html @@ -0,0 +1,355 @@ + + + + + + Module: WpTarget::WpConfigBackup + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTarget::WpConfigBackup + + + +

+ +
+ + + + + + + +
Included in:
+
WpTarget
+ + + +
Defined in:
+
lib/wpscan/wp_target/wp_config_backup.rb
+ +
+
+ + + + + + + + + +

+ Class Method Summary + (collapse) +

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Class Method Details

+ + +
+

+ + + (Object) config_backup_files + + + + + +

+
+ +

Array

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + + + + + +
    +

    Array

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+41
+42
+43
+44
+45
+46
+47
+ 		+ 
# File 'lib/wpscan/wp_target/wp_config_backup.rb', line 41
+
+def self.config_backup_files
+  %w{
+    wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
+    wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
+    wp-config.orig wp-config.php.original wp-config.original wp-config.txt
+  } # thanks to Feross.org for these
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (Object) config_backup + + + + + +

+
+ +

Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/ return +an array of backup config files url

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+ 		+ 
# File 'lib/wpscan/wp_target/wp_config_backup.rb', line 9
+
+def config_backup
+  found       = []
+  backups     = WpConfigBackup.config_backup_files
+  browser     = Browser.instance
+  hydra       = browser.hydra
+  queue_count = 0
+
+  backups.each do |file|
+    file_url = @uri.merge(URI.escape(file)).to_s
+    request = browser.forge_request(file_url)
+
+    request.on_complete do |response|
+      if response.body[%r{define}i] and not response.body[%r{<\s?html}i]
+        found << file_url
+      end
+    end
+
+    hydra.queue(request)
+    queue_count += 1
+
+    if queue_count == browser.max_threads
+      hydra.run
+      queue_count = 0
+    end
+  end
+
+  hydra.run
+
+  found
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTarget/WpCustomDirectories.html b/doc_yard/WpTarget/WpCustomDirectories.html new file mode 100644 index 00000000..da9e28c7 --- /dev/null +++ b/doc_yard/WpTarget/WpCustomDirectories.html @@ -0,0 +1,484 @@ + + + + + + Module: WpTarget::WpCustomDirectories + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTarget::WpCustomDirectories + + + +

+ +
+ + + + + + + +
Included in:
+
WpTarget
+ + + +
Defined in:
+
lib/wpscan/wp_target/wp_custom_directories.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) default_wp_content_dir_exists? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+ 		+ 
# File 'lib/wpscan/wp_target/wp_custom_directories.rb', line 24
+
+def default_wp_content_dir_exists?
+  response = Browser.get(@uri.merge('wp-content').to_s)
+  hash = Digest::MD5.hexdigest(response.body)
+
+  if WpTarget.valid_response_codes.include?(response.code)
+    return true if hash != error_404_hash and hash != homepage_hash
+  end
+
+  false
+end
+
+
+ +
+

+ + - (String) wp_content_dir + + + + + +

+
+ +

The wp-content directory

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The wp-content directory

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+ 		+ 
# File 'lib/wpscan/wp_target/wp_custom_directories.rb', line 7
+
+def wp_content_dir
+  unless @wp_content_dir
+    index_body = Browser.get(@uri.to_s).body
+    uri_path = @uri.path # Only use the path because domain can be text or an IP
+
+    if index_body[/\/wp-content\/(?:themes|plugins)\//i] || default_wp_content_dir_exists?
+      @wp_content_dir = 'wp-content'
+    else
+      domains_excluded = '(?:www\.)?(facebook|twitter)\.com'
+      @wp_content_dir  = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^"']+)\/(?:themes|plugins)\/.*(?:"|')/i, 1]
+    end
+  end
+
+  @wp_content_dir
+end
+
+
+ +
+

+ + - (String) wp_plugins_dir + + + + + +

+
+ +

The wp-plugins directory

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The wp-plugins directory

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+36
+37
+38
+39
+40
+41
+ 		+ 
# File 'lib/wpscan/wp_target/wp_custom_directories.rb', line 36
+
+def wp_plugins_dir
+  unless @wp_plugins_dir
+    @wp_plugins_dir = "#{wp_content_dir}/plugins"
+  end
+  @wp_plugins_dir
+end
+
+
+ +
+

+ + - (Boolean) wp_plugins_dir_exists? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+44
+45
+46
+ 		+ 
# File 'lib/wpscan/wp_target/wp_custom_directories.rb', line 44
+
+def wp_plugins_dir_exists?
+  Browser.get(@uri.merge(wp_plugins_dir).to_s).code != 404
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTarget/WpFullPathDisclosure.html b/doc_yard/WpTarget/WpFullPathDisclosure.html new file mode 100644 index 00000000..4316f37d --- /dev/null +++ b/doc_yard/WpTarget/WpFullPathDisclosure.html @@ -0,0 +1,280 @@ + + + + + + Module: WpTarget::WpFullPathDisclosure + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTarget::WpFullPathDisclosure + + + +

+ +
+ + + + + + + +
Included in:
+
WpTarget
+ + + +
Defined in:
+
lib/wpscan/wp_target/wp_full_path_disclosure.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (String) full_path_disclosure_url + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+15
+16
+17
+ 		+ 
# File 'lib/wpscan/wp_target/wp_full_path_disclosure.rb', line 15
+
+def full_path_disclosure_url
+  @uri.merge('wp-includes/rss-functions.php').to_s
+end
+
+
+ +
+

+ + - (Boolean) has_full_path_disclosure? + + + + + +

+
+ +

Check for Full Path Disclosure (FPD)

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+9
+10
+11
+12
+ 		+ 
# File 'lib/wpscan/wp_target/wp_full_path_disclosure.rb', line 9
+
+def has_full_path_disclosure?
+  response = Browser.get(full_path_disclosure_url())
+  response.body[%r{Fatal error}i] ? true : false
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTarget/WpLoginProtection.html b/doc_yard/WpTarget/WpLoginProtection.html new file mode 100644 index 00000000..d9499c35 --- /dev/null +++ b/doc_yard/WpTarget/WpLoginProtection.html @@ -0,0 +1,1194 @@ + + + + + + Module: WpTarget::WpLoginProtection + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTarget::WpLoginProtection + + + +

+ +
+ + + + + + + +
Included in:
+
WpTarget
+ + + +
Defined in:
+
lib/wpscan/wp_target/wp_login_protection.rb
+ +
+
+ + +

Constant Summary

+ +
+ +
LOGIN_PROTECTION_METHOD_PATTERN = + +
+ 
/^has_(.*)_protection\?/i
+ +
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) better_wp_security_url (protected) + + + + + +

+ + + + +
+ 
+
+
+63
+64
+65
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 63
+
+def better_wp_security_url
+  plugin_url('better-wp-security/')
+end
+
+
+ +
+

+ + - (Object) bluetrait_event_viewer_url (protected) + + + + + +

+ + + + +
+ 
+
+
+99
+100
+101
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 99
+
+def bluetrait_event_viewer_url
+  plugin_url('bluetrait-event-viewer')
+end
+
+
+ +
+

+ + - (Boolean) has_better_wp_security_protection? (protected) + + + + + +

+
+ +

wordpress.org/extend/plugins/better-wp-security/

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+50
+51
+52
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 50
+
+def has_better_wp_security_protection?
+  Browser.get(better_wp_security_url).code != 404
+end
+
+
+ +
+

+ + - (Boolean) has_bluetrait_event_viewer_protection? (protected) + + + + + +

+
+ +

wordpress.org/extend/plugins/bluetrait-event-viewer/

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+95
+96
+97
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 95
+
+def has_bluetrait_event_viewer_protection?
+  Browser.get(bluetrait_event_viewer_url).code != 404
+end
+
+
+ +
+

+ + - (Boolean) has_limit_login_attempts_protection? (protected) + + + + + +

+
+ +

wordpress.org/extend/plugins/limit-login-attempts/

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+86
+87
+88
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 86
+
+def 
+  Browser.get().code != 404
+end
+
+
+ +
+

+ + - (Boolean) has_login_lock_protection? (protected) + + + + + +

+
+ +

wordpress.org/extend/plugins/login-lock/

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+45
+46
+47
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 45
+
+def 
+  Browser.get().body =~ %r{LOGIN LOCK} ? true : false
+end
+
+
+ +
+

+ + - (Boolean) has_login_lockdown_protection? (protected) + + + + + +

+
+ +

Thanks to Alip Aswalid for providing this method. wordpress.org/extend/plugins/login-lockdown/

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+40
+41
+42
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 40
+
+def 
+  Browser.get().body =~ %r{Login LockDown}i ? true : false
+end
+
+
+ +
+

+ + - (Boolean) has_login_protection? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+10
+11
+12
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 10
+
+def 
+  !().nil?
+end
+
+
+ +
+

+ + - (Boolean) has_login_security_solution_protection? (protected) + + + + + +

+
+ +

wordpress.org/extend/plugins/login-security-solution/

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+77
+78
+79
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 77
+
+def 
+  Browser.get(()).code != 404
+end
+
+
+ +
+

+ + - (Boolean) has_simple_login_lockdown_protection? (protected) + + + + + +

+
+ +

wordpress.org/extend/plugins/simple-login-lockdown/

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+68
+69
+70
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 68
+
+def 
+  Browser.get().code != 404
+end
+
+
+ +
+

+ + - (Object) limit_login_attempts_url (protected) + + + + + +

+ + + + +
+ 
+
+
+90
+91
+92
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 90
+
+def 
+  plugin_url('limit-login-attempts')
+end
+
+
+ +
+

+ + - (Object) login_protection_plugin + + + + + +

+
+ +

Checks if a login protection plugin is enabled code.google.com/p/wpscan/issues/detail?id=111 +return a WpPlugin object or nil if no one is found

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 17
+
+def 
+  unless @login_protection_plugin
+    protected_methods.grep(LOGIN_PROTECTION_METHOD_PATTERN).each do |symbol_to_call|
+
+      if send(symbol_to_call)
+        plugin_name = symbol_to_call[LOGIN_PROTECTION_METHOD_PATTERN, 1].gsub('_', '-')
+
+        return @login_protection_plugin = WpPlugin.new(
+          @uri,
+          name:           plugin_name,
+          wp_content_dir: wp_content_dir,
+          wp_plugins_dir: wp_plugins_dir
+        )
+      end
+    end
+    @login_protection_plugin = nil
+  end
+  @login_protection_plugin
+end
+
+
+ +
+

+ + - (Object) login_security_solution_url (protected) + + + + + +

+ + + + +
+ 
+
+
+81
+82
+83
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 81
+
+def 
+  plugin_url('login-security-solution')
+end
+
+
+ +
+

+ + - (Object) plugin_url(plugin_name) (protected) + + + + + +

+ + + + +
+ 
+
+
+54
+55
+56
+57
+58
+59
+60
+61
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 54
+
+def plugin_url(plugin_name)
+  WpPlugin.new(
+    @uri,
+    name:           plugin_name,
+    wp_content_dir: wp_content_dir,
+    wp_plugins_dir: wp_plugins_dir
+  ).url
+end
+
+
+ +
+

+ + - (Object) simple_login_lockdown_url (protected) + + + + + +

+ + + + +
+ 
+
+
+72
+73
+74
+ 		+ 
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 72
+
+def 
+  plugin_url('simple-login-lockdown/')
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTarget/WpReadme.html b/doc_yard/WpTarget/WpReadme.html new file mode 100644 index 00000000..abf1d132 --- /dev/null +++ b/doc_yard/WpTarget/WpReadme.html @@ -0,0 +1,300 @@ + + + + + + Module: WpTarget::WpReadme + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTarget::WpReadme + + + +

+ +
+ + + + + + + +
Included in:
+
WpTarget
+ + + +
Defined in:
+
lib/wpscan/wp_target/wp_readme.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) has_readme? + + + + + +

+
+ +

Checks to see if the readme.html file exists

+ +

This file comes by default in a wordpress installation, and if deleted is +reinstated with an upgrade.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+12
+13
+14
+15
+16
+17
+18
+19
+ 		+ 
# File 'lib/wpscan/wp_target/wp_readme.rb', line 12
+
+def has_readme?
+  response = Browser.get(readme_url())
+
+  unless response.code == 404
+    return response.body =~ %r{wordpress}i ? true : false
+  end
+  false
+end
+
+
+ +
+

+ + - (String) readme_url + + + + + +

+
+ +

The readme URL

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The readme URL

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+22
+23
+24
+ 		+ 
# File 'lib/wpscan/wp_target/wp_readme.rb', line 22
+
+def readme_url
+  @uri.merge('readme.html').to_s
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTarget/WpRegistrable.html b/doc_yard/WpTarget/WpRegistrable.html new file mode 100644 index 00000000..6bf8fa08 --- /dev/null +++ b/doc_yard/WpTarget/WpRegistrable.html @@ -0,0 +1,419 @@ + + + + + + Module: WpTarget::WpRegistrable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTarget::WpRegistrable + + + +

+ +
+ + + + + + + +
Included in:
+
WpTarget
+ + + +
Defined in:
+
lib/wpscan/wp_target/wp_registrable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) multisite? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+ 		+ 
# File 'lib/wpscan/wp_target/wp_registrable.rb', line 33
+
+def multisite?
+  unless @multisite
+    # when multi site, there is no redirection or a redirect to the site itself
+    # otherwise redirect to wp-login.php
+    resp = Browser.get(@uri.merge('wp-signup.php').to_s)
+
+    if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/
+      @multisite = false
+    elsif resp.code == 302 and resp.headers_hash['location'] =~ /wp-signup\.php/
+      @multisite = true
+    elsif resp.code == 200
+      @multisite = true
+    else
+      @multisite = false
+    end
+  end
+  @multisite
+end
+
+
+ +
+

+ + - (Boolean) registration_enabled? + + + + + +

+
+ +

Should check wp-login.php if registration is enabled or not

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+ 		+ 
# File 'lib/wpscan/wp_target/wp_registrable.rb', line 9
+
+def registration_enabled?
+  resp = Browser.get(registration_url)
+  # redirect only on non multi sites
+  if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/i
+    enabled = false
+  # multi site registration form
+  elsif resp.code == 200 and resp.body =~ /<form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*">/i
+    enabled = true
+  # normal registration form
+  elsif resp.code == 200 and resp.body =~ /<form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*"/i
+    enabled = true
+  # registration disabled
+  else
+    enabled = false
+  end
+  enabled
+end
+
+
+ +
+

+ + - (String) registration_url + + + + + +

+
+ +

The registration URL

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The registration URL

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+28
+29
+30
+ 		+ 
# File 'lib/wpscan/wp_target/wp_registrable.rb', line 28
+
+def registration_url
+  multisite? ? @uri.merge('wp-signup.php').to_s : @uri.merge('wp-login.php?action=register').to_s
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTheme.html b/doc_yard/WpTheme.html new file mode 100644 index 00000000..b94a3dba --- /dev/null +++ b/doc_yard/WpTheme.html @@ -0,0 +1,517 @@ + + + + + + Class: WpTheme + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpTheme + + + +

+ +
+ +
Inherits:
+
+ WpItem + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + +
Extended by:
+
Findable
+ + + + +
Includes:
+
Versionable, Vulnerable
+ + + + + +
Defined in:
+
lib/common/models/wp_theme.rb,
+ lib/common/models/wp_theme/findable.rb,
lib/common/models/wp_theme/vulnerable.rb,
lib/common/models/wp_theme/versionable.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Findable, Versionable, Vulnerable + + + + +

+ + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (String) style_url + + + + + + + + + + + + + + + + +
    +

    The url to the theme stylesheet.

    +
     + +
    • + + +
+ + + + + +

Attributes inherited from WpItem

+

#found_from, #name, #path, #version, #wp_content_dir, #wp_plugins_dir

+ + + +

Attributes included from WpItem::Vulnerable

+

#vulns_file, #vulns_xpath

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods included from Findable

+

find, find_from_css_link, find_from_wooframework

+ + + + + + + + + +

Methods included from Vulnerable

+

#vulns_file, #vulns_xpath

+ + + + + + + + + +

Methods included from Versionable

+

#version

+ + + + + + + + + +

Methods inherited from WpItem

+

#<=>, #==, #===, #initialize, #set_options, #uri, #url

+ + + + + + + + + + + + + + + +

Methods included from WpItem::Output

+

#output

+ + + + + + + + + +

Methods included from WpItem::Infos

+

#changelog_url, #error_log_url, #has_changelog?, #has_directory_listing?, #has_error_log?, #has_readme?, #readme_url, #url_is_200?

+ + + + + + + + + +

Methods included from WpItem::Existable

+

#exists?, #exists_from_response?

+ + + + + + + + + +

Methods included from WpItem::Vulnerable

+

#vulnerabilities

+ + + + + + + + + +

Methods included from WpItem::Versionable

+

#to_s, #version

+
+

Constructor Details

+ +

This class inherits a constructor from WpItem

+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (String) style_url + + + + + +

+
+ +

The url to the theme stylesheet

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The url to the theme stylesheet

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+26
+27
+28
+29
+30
+31
+ 		+ 
# File 'lib/common/models/wp_theme.rb', line 26
+
+def style_url
+  unless @style_url
+    @style_url = uri.merge('style.css').to_s
+  end
+  @style_url
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) allowed_options + + + + + +

+ + + + +
+ 
+
+
+14
+ 		+ 
# File 'lib/common/models/wp_theme.rb', line 14
+
+def allowed_options; super << :style_url end
+
+
+ +
+

+ + - (void) forge_uri(target_base_uri) + + + + + +

+
+

This method returns an undefined value.

+

Sets the @uri

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_base_uri + + + (URI) + + + + — +
    +

    The URI of the wordpress blog

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+21
+22
+23
+ 		+ 
# File 'lib/common/models/wp_theme.rb', line 21
+
+def forge_uri(target_base_uri)
+  @uri = target_base_uri.merge(URI.encode(wp_content_dir + '/themes/' + name + '/'))
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTheme/Findable.html b/doc_yard/WpTheme/Findable.html new file mode 100644 index 00000000..cb532973 --- /dev/null +++ b/doc_yard/WpTheme/Findable.html @@ -0,0 +1,479 @@ + + + + + + Module: WpTheme::Findable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTheme::Findable + + + +

+ +
+ + + + + + + +
Included in:
+
WpTheme
+ + + +
Defined in:
+
lib/common/models/wp_theme/findable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (WpTheme) find(target_uri) + + + + + +

+
+ +

Find the main theme of the blog

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+ 		+ 
# File 'lib/common/models/wp_theme/findable.rb', line 11
+
+def find(target_uri)
+  methods.grep(/^find_from_/).each do |method|
+    if wp_theme = self.send(method, target_uri)
+      wp_theme.found_from = method
+
+      return wp_theme
+    end
+  end
+  nil
+end
+
+
+ +
+

+ + - (WpTheme) find_from_css_link(target_uri) (protected) + + + + + +

+
+ +

Discover the wordpress theme by parsing the css link rel

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+ 		+ 
# File 'lib/common/models/wp_theme/findable.rb', line 29
+
+def find_from_css_link(target_uri)
+  response = Browser.get_and_follow_location(target_uri.to_s)
+
+  # https + domain is optional because of relative links
+  matches = %r{(?:https?://[^"']+)?/([^/]+)/themes/([^"']+)/style.css}i.match(response.body)
+  if matches
+    return new(
+      target_uri,
+      {
+        name:           matches[2],
+        style_url:      matches[0],
+        wp_content_dir: matches[1]
+      }
+    )
+  end
+end
+
+
+ +
+

+ + - (WpTheme) find_from_wooframework(target_uri) (protected) + + + + + +

+
+ +

code.google.com/p/wpscan/issues/detail?id=141

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+51
+52
+53
+54
+55
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+ 		+ 
# File 'lib/common/models/wp_theme/findable.rb', line 51
+
+def find_from_wooframework(target_uri)
+  body = Browser.get(target_uri.to_s).body
+  regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}
+
+
+  if matches = regexp.match(body)
+    woo_theme_name = matches[1]
+    woo_theme_version = matches[2]
+    #woo_framework_version = matches[3] # Not used at this time
+
+    return new(
+      target_uri,
+      {
+        name:    woo_theme_name,
+        version: woo_theme_version
+      }
+    )
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTheme/Versionable.html b/doc_yard/WpTheme/Versionable.html new file mode 100644 index 00000000..451803a5 --- /dev/null +++ b/doc_yard/WpTheme/Versionable.html @@ -0,0 +1,190 @@ + + + + + + Module: WpTheme::Versionable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTheme::Versionable + + + +

+ +
+ + + + + + + +
Included in:
+
WpTheme
+ + + +
Defined in:
+
lib/common/models/wp_theme/versionable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) version + + + + + +

+ + + + +
+ 
+
+
+6
+7
+8
+9
+10
+11
+12
+13
+14
+ 		+ 
# File 'lib/common/models/wp_theme/versionable.rb', line 6
+
+def version
+  unless @version
+    @version = Browser.get(style_url).body[%r{Version:\s([^\s]+)}i, 1]
+
+    # Get Version from readme.txt
+    @version ||= super
+  end
+  @version
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTheme/Vulnerable.html b/doc_yard/WpTheme/Vulnerable.html new file mode 100644 index 00000000..902045e2 --- /dev/null +++ b/doc_yard/WpTheme/Vulnerable.html @@ -0,0 +1,289 @@ + + + + + + Module: WpTheme::Vulnerable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTheme::Vulnerable + + + +

+ +
+ + + + + + + +
Included in:
+
WpTheme
+ + + +
Defined in:
+
lib/common/models/wp_theme/vulnerable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (String) vulns_file + + + + + +

+
+ +

The path to the file containing vulnerabilities

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The path to the file containing vulnerabilities

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+7
+8
+9
+10
+11
+12
+ 		+ 
# File 'lib/common/models/wp_theme/vulnerable.rb', line 7
+
+def vulns_file
+  unless @vulns_file
+    @vulns_file = THEMES_VULNS_FILE
+  end
+  @vulns_file
+end
+
+
+ +
+

+ + - (String) vulns_xpath + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+15
+16
+17
+ 		+ 
# File 'lib/common/models/wp_theme/vulnerable.rb', line 15
+
+def vulns_xpath
+  "//theme[@name='#{@name}']/vulnerability"
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpThemes.html b/doc_yard/WpThemes.html new file mode 100644 index 00000000..8cce1dad --- /dev/null +++ b/doc_yard/WpThemes.html @@ -0,0 +1,195 @@ + + + + + + Class: WpThemes + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpThemes + + + +

+ +
+ +
Inherits:
+
+ WpItems + + + show all + +
+ + + + +
Extended by:
+
Detectable
+ + + + + + + +
Defined in:
+
lib/common/collections/wp_themes.rb,
+ lib/common/collections/wp_themes/detectable.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Detectable + + + + +

+ + + + + + +

Instance Attribute Summary

+ +

Attributes included from WpItems::Detectable

+

#item_xpath, #vulns_file

+ + + + + + + + + +

Method Summary

+ +

Methods included from Detectable

+

item_xpath, vulns_file

+ + + + + + + + + + + + + + + +

Methods included from WpItems::Detectable

+

#aggressive_detection, #create_item, #item_class, #passive_detection, #progress_bar, #request_params, #targets_items, #targets_items_from_file, #vulnerable_targets_items

+ + + + + + + + + +

Methods included from WpItems::Output

+

#output

+ + + + + + + + + +

Methods inherited from Array

+

#_grep_

+ + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpThemes/Detectable.html b/doc_yard/WpThemes/Detectable.html new file mode 100644 index 00000000..8380e10e --- /dev/null +++ b/doc_yard/WpThemes/Detectable.html @@ -0,0 +1,274 @@ + + + + + + Module: WpThemes::Detectable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpThemes::Detectable + + + +

+ +
+ + + + + + + +
Included in:
+
WpThemes
+ + + +
Defined in:
+
lib/common/collections/wp_themes/detectable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (String) item_xpath + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/common/collections/wp_themes/detectable.rb', line 12
+
+def item_xpath
+  '//theme'
+end
+
+
+ +
+

+ + - (String) vulns_file + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+7
+8
+9
+ 		+ 
# File 'lib/common/collections/wp_themes/detectable.rb', line 7
+
+def vulns_file
+  THEMES_VULNS_FILE
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTimthumb.html b/doc_yard/WpTimthumb.html new file mode 100644 index 00000000..e3167792 --- /dev/null +++ b/doc_yard/WpTimthumb.html @@ -0,0 +1,365 @@ + + + + + + Class: WpTimthumb + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpTimthumb + + + +

+ +
+ +
Inherits:
+
+ WpItem + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + +
Includes:
+
Existable, Output, Versionable
+ + + + + +
Defined in:
+
lib/common/models/wp_timthumb.rb,
+ lib/common/models/wp_timthumb/output.rb,
lib/common/models/wp_timthumb/existable.rb,
lib/common/models/wp_timthumb/versionable.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Existable, Output, Versionable + + + + +

+ + + + + + +

Instance Attribute Summary

+ +

Attributes inherited from WpItem

+

#found_from, #name, #path, #version, #wp_content_dir, #wp_plugins_dir

+ + + +

Attributes included from WpItem::Vulnerable

+

#vulns_file, #vulns_xpath

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods included from Output

+

#output

+ + + + + + + + + +

Methods included from Existable

+

#exists_from_response?

+ + + + + + + + + +

Methods included from Versionable

+

#to_s, #version

+ + + + + + + + + +

Methods inherited from WpItem

+

#<=>, #===, #allowed_options, #forge_uri, #initialize, #set_options, #uri, #url

+ + + + + + + + + + + + + + + +

Methods included from WpItem::Output

+

#output

+ + + + + + + + + +

Methods included from WpItem::Infos

+

#changelog_url, #error_log_url, #has_changelog?, #has_directory_listing?, #has_error_log?, #has_readme?, #readme_url, #url_is_200?

+ + + + + + + + + +

Methods included from WpItem::Existable

+

#exists?, #exists_from_response?

+ + + + + + + + + +

Methods included from WpItem::Vulnerable

+

#vulnerabilities

+ + + + + + + + + +

Methods included from WpItem::Versionable

+

#to_s, #version

+
+

Constructor Details

+ +

This class inherits a constructor from WpItem

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) ==(other) + + + + + +

+
+ + +
+
+
+

Parameters:

+ + +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+15
+16
+17
+ 		+ 
# File 'lib/common/models/wp_timthumb.rb', line 15
+
+def ==(other)
+  url == other.url
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTimthumb/Existable.html b/doc_yard/WpTimthumb/Existable.html new file mode 100644 index 00000000..5490a2c5 --- /dev/null +++ b/doc_yard/WpTimthumb/Existable.html @@ -0,0 +1,228 @@ + + + + + + Module: WpTimthumb::Existable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTimthumb::Existable + + + +

+ +
+ + + + + + + +
Included in:
+
WpTimthumb
+ + + +
Defined in:
+
lib/common/models/wp_timthumb/existable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) exists_from_response?(response, options = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + response + + + (Typhoeus::Response) + + + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+10
+11
+12
+ 		+ 
# File 'lib/common/models/wp_timthumb/existable.rb', line 10
+
+def exists_from_response?(response, options = {})
+  response.code == 400 && response.body =~ /no image specified/i ? true : false
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTimthumb/Output.html b/doc_yard/WpTimthumb/Output.html new file mode 100644 index 00000000..a62bb608 --- /dev/null +++ b/doc_yard/WpTimthumb/Output.html @@ -0,0 +1,178 @@ + + + + + + Module: WpTimthumb::Output + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTimthumb::Output + + + +

+ +
+ + + + + + + +
Included in:
+
WpTimthumb
+ + + +
Defined in:
+
lib/common/models/wp_timthumb/output.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) output + + + + + +

+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/common/models/wp_timthumb/output.rb', line 6
+
+def output
+  puts ' | ' + red('[!]') + " #{self}"
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTimthumb/Versionable.html b/doc_yard/WpTimthumb/Versionable.html new file mode 100644 index 00000000..5a40a261 --- /dev/null +++ b/doc_yard/WpTimthumb/Versionable.html @@ -0,0 +1,293 @@ + + + + + + Module: WpTimthumb::Versionable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTimthumb::Versionable + + + +

+ +
+ + + + + + + +
Included in:
+
WpTimthumb
+ + + +
Defined in:
+
lib/common/models/wp_timthumb/versionable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (String) to_s + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+19
+20
+21
+ 		+ 
# File 'lib/common/models/wp_timthumb/versionable.rb', line 19
+
+def to_s
+  "#{url}#{ ' v' + version if version}"
+end
+
+
+ +
+

+ + - (String) version + + + + + +

+
+ +

Get the version from the body of an invalid request See code.google.com/p/timthumb/source/browse/trunk/timthumb.php#426

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The version

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+10
+11
+12
+13
+14
+15
+16
+ 		+ 
# File 'lib/common/models/wp_timthumb/versionable.rb', line 10
+
+def version
+  unless @version
+    response = Browser.get(url)
+    @version = response.body[%r{TimThumb version\s*: ([^<]+)} , 1]
+  end
+  @version
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTimthumbs.html b/doc_yard/WpTimthumbs.html new file mode 100644 index 00000000..30c774fd --- /dev/null +++ b/doc_yard/WpTimthumbs.html @@ -0,0 +1,195 @@ + + + + + + Class: WpTimthumbs + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpTimthumbs + + + +

+ +
+ +
Inherits:
+
+ WpItems + + + show all + +
+ + + + +
Extended by:
+
Detectable
+ + + + + + + +
Defined in:
+
lib/common/collections/wp_timthumbs.rb,
+ lib/common/collections/wp_timthumbs/detectable.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Detectable + + + + +

+ + + + + + +

Instance Attribute Summary

+ +

Attributes included from WpItems::Detectable

+

#item_xpath, #vulns_file

+ + + + + + + + + +

Method Summary

+ +

Methods included from Detectable

+

create_item, passive_detection, targets_items, targets_items_from_file, theme_timthumbs

+ + + + + + + + + + + + + + + +

Methods included from WpItems::Detectable

+

#aggressive_detection, #create_item, #item_class, #passive_detection, #progress_bar, #request_params, #targets_items, #targets_items_from_file, #vulnerable_targets_items

+ + + + + + + + + +

Methods included from WpItems::Output

+

#output

+ + + + + + + + + +

Methods inherited from Array

+

#_grep_

+ + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpTimthumbs/Detectable.html b/doc_yard/WpTimthumbs/Detectable.html new file mode 100644 index 00000000..b129f195 --- /dev/null +++ b/doc_yard/WpTimthumbs/Detectable.html @@ -0,0 +1,740 @@ + + + + + + Module: WpTimthumbs::Detectable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpTimthumbs::Detectable + + + +

+ +
+ + + + + + + +
Included in:
+
WpTimthumbs
+ + + +
Defined in:
+
lib/common/collections/wp_timthumbs/detectable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (WpTimthumb) create_item(wp_target, path = nil) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
  • + + [ + + + (Hash) + + + + — +
    +

    a customizable set of options

    +
    + +
    • + +
+ + + + + + + +

Returns:

+ + +
+ + + + +
+ 
+
+
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+ 		+ 
# File 'lib/common/collections/wp_timthumbs/detectable.rb', line 72
+
+def create_item(wp_target, path = nil)
+  options = {
+    wp_content_dir: wp_target.wp_content_dir,
+    wp_plugins_dir: wp_target.wp_plugins_dir
+  }
+
+  options.merge!(path: path) if path
+
+  WpTimthumb.new(wp_target.uri, options)
+end
+
+
+ +
+

+ + - (WpTimthumbs) passive_detection(wp_target, options = {}) + + + + + +

+
+ +

No passive detection

+ + +
+
+
+

Parameters:

+
    + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/common/collections/wp_timthumbs/detectable.rb', line 12
+
+def passive_detection(wp_target, options = {})
+  new
+end
+
+
+ +
+

+ + - (Array<WpTimthumb>) targets_items(wp_target, options = {}) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ + + + + + +

Options Hash (options):

+
    + +
  • + :file + (String) + + + + + —
    +

    The path to the file containing the targets

    +
    + +
    • + +
  • + :theme_name + (String) + + + + +
    • + +
+ + +

Returns:

+ + +
+ + + + +
+ 
+
+
+24
+25
+26
+27
+28
+29
+30
+31
+32
+ 		+ 
# File 'lib/common/collections/wp_timthumbs/detectable.rb', line 24
+
+def targets_items(wp_target, options = {})
+  targets = options[:theme_name] ? theme_timthumbs(options[:theme_name], wp_target) : []
+
+  if options[:file]
+    targets += targets_items_from_file(options[:file], wp_target)
+  end
+
+  targets.uniq { |i| i.url }
+end
+
+
+ +
+

+ + - (Array<WpTimthumb>) targets_items_from_file(file, wp_target) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + file + + + (String) + + + +
    • + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+ 		+ 
# File 'lib/common/collections/wp_timthumbs/detectable.rb', line 57
+
+def targets_items_from_file(file, wp_target)
+  targets = []
+
+  File.open(file, 'r') do |f|
+    f.readlines.collect do |path|
+      targets << create_item(wp_target, path.strip)
+    end
+  end
+  targets
+end
+
+
+ +
+

+ + - (Array<WpTimthumb>) theme_timthumbs(theme_name, wp_target) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + theme_name + + + (String) + + + +
    • + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+ 		+ 
# File 'lib/common/collections/wp_timthumbs/detectable.rb', line 38
+
+def theme_timthumbs(theme_name, wp_target)
+  targets     = []
+  wp_timthumb = create_item(wp_target)
+
+  %w{
+    timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
+    scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+  }.each do |path|
+    wp_timthumb.path = "$wp-content$/themes/#{theme_name}/#{path}"
+
+    targets << wp_timthumb.dup
+  end
+  targets
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpUser.html b/doc_yard/WpUser.html new file mode 100644 index 00000000..506f87ac --- /dev/null +++ b/doc_yard/WpUser.html @@ -0,0 +1,1124 @@ + + + + + + Class: WpUser + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpUser + + + +

+ +
+ +
Inherits:
+
+ WpItem + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + + + +
Includes:
+
BruteForcable, Existable
+ + + + + +
Defined in:
+
lib/common/models/wp_user.rb,
+ lib/common/models/wp_user/existable.rb,
lib/common/models/wp_user/brute_forcable.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: BruteForcable, Existable + + + + +

+ + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) display_name + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute display_name.

    +
     + +
    • + + +
  • + + + - (Object) id + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute id.

    +
     + +
    • + + +
  • + + + - (Object) login + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute login.

    +
     + +
    • + + +
  • + + + - (Object) password + + + + + + + + + + + + + + + + +
    +

    Returns the value of attribute password.

    +
     + +
    • + + +
+ + + + + +

Attributes inherited from WpItem

+

#found_from, #name, #path, #version, #wp_content_dir, #wp_plugins_dir

+ + + +

Attributes included from WpItem::Vulnerable

+

#vulns_file, #vulns_xpath

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods included from BruteForcable

+

#brute_force, #login_request, passwords_from_wordlist, #progress_bar, #valid_password?

+ + + + + + + + + +

Methods included from Existable

+

display_name_from_body, #exists_from_response?, #load_from_response, login_from_author_pattern, login_from_body

+ + + + + + + + + +

Methods inherited from WpItem

+

#forge_uri, #initialize, #set_options, #url

+ + + + + + + + + + + + + + + +

Methods included from WpItem::Output

+

#output

+ + + + + + + + + +

Methods included from WpItem::Infos

+

#changelog_url, #error_log_url, #has_changelog?, #has_directory_listing?, #has_error_log?, #has_readme?, #readme_url, #url_is_200?

+ + + + + + + + + +

Methods included from WpItem::Existable

+

#exists?, #exists_from_response?

+ + + + + + + + + +

Methods included from WpItem::Vulnerable

+

#vulnerabilities

+ + + + + + + + + +

Methods included from WpItem::Versionable

+

#version

+
+

Constructor Details

+ +

This class inherits a constructor from WpItem

+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) display_name + + + + + +

+
+ +

Returns the value of attribute display_name

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+10
+11
+12
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 10
+
+def display_name
+  @display_name
+end
+
+
+ + + +
+

+ + - (Object) id + + + + + +

+
+ +

Returns the value of attribute id

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+10
+11
+12
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 10
+
+def id
+  @id
+end
+
+
+ + + +
+

+ + - (Object) login + + + + + +

+
+ +

Returns the value of attribute login

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+10
+11
+12
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 10
+
+def 
+  @login
+end
+
+
+ + + +
+

+ + - (Object) password + + + + + +

+
+ +

Returns the value of attribute password

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+10
+11
+12
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 10
+
+def password
+  @password
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Object) <=>(other) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + other + + + (WpUser) + + + +
    • + +
+ + +
+ + + + +
+ 
+
+
+38
+39
+40
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 38
+
+def <=>(other)
+  id <=> other.id
+end
+
+
+ +
+

+ + - (Boolean) ==(other) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + other + + + (WpUser) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+45
+46
+47
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 45
+
+def ==(other)
+  self === other
+end
+
+
+ +
+

+ + - (Boolean) ===(other) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + other + + + (WpUser) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+52
+53
+54
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 52
+
+def ===(other)
+  id === other.id &&  === other.
+end
+
+
+ +
+

+ + - (Array<Symbol>) allowed_options + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Array<Symbol>) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+13
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 13
+
+def allowed_options; [:id, :login, :display_name, :password] end
+
+
+ +
+

+ + - (String) login_url + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+25
+26
+27
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 25
+
+def 
+  @uri.merge('wp-login.php').to_s
+end
+
+
+ +
+

+ + - (String) to_s + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+30
+31
+32
+33
+34
+35
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 30
+
+def to_s
+  s  = "#{id}"
+  s += " | #{}" if 
+  s += " | #{display_name}" if display_name
+  s
+end
+
+
+ +
+

+ + - (URI) uri + + + + + +

+
+ +

The uri to the auhor page

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (URI) + + + + — +
    +

    The uri to the auhor page

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+16
+17
+18
+19
+20
+21
+22
+ 		+ 
# File 'lib/common/models/wp_user.rb', line 16
+
+def uri
+  if id
+    return @uri.merge("?author=#{id}")
+  else
+    raise 'The id is nil'
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpUser/BruteForcable.html b/doc_yard/WpUser/BruteForcable.html new file mode 100644 index 00000000..785d62b0 --- /dev/null +++ b/doc_yard/WpUser/BruteForcable.html @@ -0,0 +1,875 @@ + + + + + + Module: WpUser::BruteForcable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpUser::BruteForcable + + + +

+ +
+ + + + + + + +
Included in:
+
WpUser
+ + + +
Defined in:
+
lib/common/models/wp_user/brute_forcable.rb
+ +
+
+ + + + + + + + + +

+ Class Method Summary + (collapse) +

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Class Method Details

+ + +
+

+ + + (Array<String>) passwords_from_wordlist(wordlist) + + + + + +

+
+ +

Load the passwords from the wordlist, which can be a file path or an array +or passwords

+ +

File comments are ignored, but will miss passwords if they start with a +hash...

+ + +
+
+
+

Parameters:

+
    + +
  • + + wordlist + + + (String, Array<String>) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Array<String>) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+ 		+ 
# File 'lib/common/models/wp_user/brute_forcable.rb', line 125
+
+def self.passwords_from_wordlist(wordlist)
+  if wordlist.is_a?(String)
+    passwords = []
+    charset   = File.charset(wordlist).upcase
+    opt       = "r:#{charset}"
+    # To remove warning when charset = UTF-8
+    # Ignoring internal encoding UTF-8: it is identical to external encoding utf-8
+    opt      += ':UTF-8' if charset != 'UTF-8'
+
+    File.open(wordlist, opt).each do |line|
+      next if line[0,1] == '#'
+
+      passwords << line.strip
+    end
+  elsif wordlist.is_a?(Array)
+    passwords = wordlist
+  else
+    raise 'Invalid wordlist, expected String or Array'
+  end
+
+  passwords
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (void) brute_force(wordlist, options = {}) + + + + + +

+
+

This method returns an undefined value.

+

Brute force the user with the wordlist supplied

+ +

It can take a long time to queue 2 million requests, for that reason, we +queue browser.max_threads, send browser.max_threads, queue +browser.max_threads and so on.

+ +

hydra.run only returns when it has recieved all of its, responses. This +means that while we are waiting for browser.max_threads, responses, we are +waiting...

+ + +
+
+
+

Parameters:

+
    + +
  • + + wordlist + + + (String, Array<String>) + + + + — +
    +

    The wordlist path

    +
    + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ + + + + + +

Options Hash (options):

+
    + +
  • + :verbose + (Boolean) + + + + +
    • + +
  • + :show_progression + (Boolean) + + + + +
    • + +
+ + + +
+ + + + +
+ 
+
+
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+ 		+ 
# File 'lib/common/models/wp_user/brute_forcable.rb', line 22
+
+def brute_force(wordlist, options = {})
+  browser      = Browser.instance
+  hydra        = browser.hydra
+  passwords    = BruteForcable.passwords_from_wordlist(wordlist)
+  queue_count  = 0
+  found        = false
+  progress_bar = self.progress_bar(passwords.size, options)
+
+  passwords.each do |password|
+    request = (password)
+
+    request.on_complete do |response|
+      progress_bar.progress += 1 if options[:show_progression] && !found
+
+      puts "\n  Trying Username : #{} Password : #{password}" if options[:verbose]
+
+      if valid_password?(response, password, options)
+        found         = true
+        self.password = password
+        return
+      end
+    end
+
+    hydra.queue(request)
+    queue_count += 1
+
+    if queue_count >= browser.max_threads
+      hydra.run
+      queue_count = 0
+      puts "Sent #{browser.max_threads} requests ..." if options[:verbose]
+    end
+  end
+
+  # run all of the remaining requests
+  hydra.run
+end
+
+
+ +
+

+ + - (Typhoeus::Request) login_request(password) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + password + + + (String) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+79
+80
+81
+82
+83
+84
+85
+ 		+ 
# File 'lib/common/models/wp_user/brute_forcable.rb', line 79
+
+def (password)
+  Browser.instance.forge_request(,
+    method: :post,
+    body: { log: , pwd: password },
+    cache_ttl: 0
+  )
+end
+
+
+ +
+

+ + - (ProgressBar) progress_bar(passwords_size, options) + + + + + +

+
+ +

:nocov:

+ + +
+
+
+

Parameters:

+
    + +
  • + + targets_size + + + (Integer) + + + +
    • + +
  • + + options + + + (Hash) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (ProgressBar) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+ 		+ 
# File 'lib/common/models/wp_user/brute_forcable.rb', line 64
+
+def progress_bar(passwords_size, options)
+  if options[:show_progression]
+    ProgressBar.create(
+      format: '%t %a <%B> (%c / %C) %P%% %e',
+      title: "  Brute Forcing '#{}'",
+      length: 120,
+      total: passwords_size
+    )
+  end
+end
+
+
+ +
+

+ + - (Boolean) valid_password?(response, password, options = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + response + + + (Typhoeus::Response) + + + +
    • + +
  • + + password + + + (String) + + + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ + + + + + + + +

Options Hash (options):

+
    + +
  • + :verbose + (Boolean) + + + + +
    • + +
  • + :show_progression + (Boolean) + + + + +
    • + +
+ + +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+94
+95
+96
+97
+98
+99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+ 		+ 
# File 'lib/common/models/wp_user/brute_forcable.rb', line 94
+
+def valid_password?(response, password, options = {})
+  if response.code == 302
+    progression = "#{green('[SUCCESS]')} Login : #{} Password : #{password}\n\n"
+    valid       = true
+  elsif response.body =~ /login_error/i
+    verbose = "\n  Incorrect login and/or password."
+  elsif response.timed_out?
+    progression = "#{red('ERROR:')} Request timed out."
+  elsif response.code == 0
+    progression = "#{red('ERROR:')} No response from remote server. WAF/IPS?"
+  elsif response.code.to_s =~ /^50/
+    progression = "#{red('ERROR:')} Server error, try reducing the number of threads."
+  else
+    progression = "#{red('ERROR:')} We received an unknown response for #{password}..."
+    verbose     = red("    Code: #{response.code}\n    Body: #{response.body}\n")
+  end
+
+  puts "\n  " + progression if progression && options[:show_progression]
+  puts verbose if verbose && options[:verbose]
+
+  valid || false
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpUser/Existable.html b/doc_yard/WpUser/Existable.html new file mode 100644 index 00000000..012d7bbd --- /dev/null +++ b/doc_yard/WpUser/Existable.html @@ -0,0 +1,684 @@ + + + + + + Module: WpUser::Existable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpUser::Existable + + + +

+ +
+ + + + + + + +
Included in:
+
WpUser
+ + + +
Defined in:
+
lib/common/models/wp_user/existable.rb
+ +
+
+ + + + + + + + + +

+ Class Method Summary + (collapse) +

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Class Method Details

+ + +
+

+ + + (String) display_name_from_body(body) + + + + + +

+
+ +
+ Note: +
+

Some bodies are encoded in ASCII-8BIT, and Nokogiri doesn’t support it So +it’s forced to UTF-8 when this encoding is detected

+
+
+ + +

The display_name

+ + +
+
+
+

Parameters:

+
    + +
  • + + body + + + (String) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The display_name

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+ 		+ 
# File 'lib/common/models/wp_user/existable.rb', line 64
+
+def self.display_name_from_body(body)
+  if title_tag = body[%r{<title>([^<]+)</title>}i, 1]
+    title_tag.force_encoding('UTF-8') if title_tag.encoding == Encoding::ASCII_8BIT
+    title_tag = Nokogiri::HTML::DocumentFragment.parse(title_tag).to_s
+    # &amp; are not decoded with Nokogiri
+    title_tag.sub!('&amp;', '&')
+
+    name = title_tag[%r{([^|«]+) }, 1]
+
+    return name.strip if name
+  end
+end
+
+
+ +
+

+ + + (String) login_from_author_pattern(text) + + + + + +

+
+ +

The login

+ + +
+
+
+

Parameters:

+
    + +
  • + + text + + + (String) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The login

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+39
+40
+41
+ 		+ 
# File 'lib/common/models/wp_user/existable.rb', line 39
+
+def self.(text)
+  text[%r{/author/([^/\b]+)/?}i, 1]
+end
+
+
+ +
+

+ + + (String) login_from_body(body) + + + + + +

+
+ +

The login

+ + +
+
+
+

Parameters:

+
    + +
  • + + body + + + (String) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The login

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+ 		+ 
# File 'lib/common/models/wp_user/existable.rb', line 46
+
+def self.(body)
+  # Feed URL with Permalinks
+   = WpUser::Existable.(body)
+
+  unless 
+    # No Permalinks
+     = body[%r{<body class="archive author author-([^\s]+) author-(\d+)}i, 1]
+  end
+
+  
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (Boolean) exists_from_response?(response, options = {}) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + response + + + (Typhoeus::Response) + + + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+10
+11
+12
+13
+14
+ 		+ 
# File 'lib/common/models/wp_user/existable.rb', line 10
+
+def exists_from_response?(response, options = {})
+  load_from_response(response)
+
+  @login ? true : false
+end
+
+
+ +
+

+ + - (void) load_from_response(response) (private) + + + + + +

+
+

This method returns an undefined value.

+

Load the login and display_name from the response

+ + +
+
+
+

Parameters:

+ + + +
+ + + + +
+ 
+
+
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+ 		+ 
# File 'lib/common/models/wp_user/existable.rb', line 21
+
+def load_from_response(response)
+  if response.code == 301 # login in location?
+    location = response.headers_hash['Location']
+
+    @login        = Existable.(location)
+    @display_name = Existable.display_name_from_body(
+      Browser.get(location).body
+    )
+  elsif response.code == 200 # login in body?
+    @login        = Existable.(response.body)
+    @display_name = Existable.display_name_from_body(response.body)
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpUsers.html b/doc_yard/WpUsers.html new file mode 100644 index 00000000..503420dc --- /dev/null +++ b/doc_yard/WpUsers.html @@ -0,0 +1,221 @@ + + + + + + Class: WpUsers + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpUsers + + + +

+ +
+ +
Inherits:
+
+ WpItems + + + show all + +
+ + + + +
Extended by:
+
Detectable
+ + + + +
Includes:
+
BruteForcable, Output
+ + + + + +
Defined in:
+
lib/common/collections/wp_users.rb,
+ lib/common/collections/wp_users/output.rb,
lib/common/collections/wp_users/detectable.rb,
lib/common/collections/wp_users/brute_forcable.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: BruteForcable, Detectable, Output + + + + +

+ + + + + + +

Instance Attribute Summary

+ +

Attributes included from WpItems::Detectable

+

#item_xpath, #vulns_file

+ + + + + + + + + +

Method Summary

+ +

Methods included from Detectable

+

passive_detection, request_params, targets_items

+ + + + + + + + + +

Methods included from BruteForcable

+

#brute_force

+ + + + + + + + + +

Methods included from Output

+

#output

+ + + + + + + + + + + + + + + +

Methods included from WpItems::Detectable

+

#aggressive_detection, #create_item, #item_class, #passive_detection, #progress_bar, #request_params, #targets_items, #targets_items_from_file, #vulnerable_targets_items

+ + + + + + + + + +

Methods included from WpItems::Output

+

#output

+ + + + + + + + + +

Methods inherited from Array

+

#_grep_

+ + +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpUsers/BruteForcable.html b/doc_yard/WpUsers/BruteForcable.html new file mode 100644 index 00000000..8a0f2f35 --- /dev/null +++ b/doc_yard/WpUsers/BruteForcable.html @@ -0,0 +1,231 @@ + + + + + + Module: WpUsers::BruteForcable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpUsers::BruteForcable + + + +

+ +
+ + + + + + + +
Included in:
+
WpUsers
+ + + +
Defined in:
+
lib/common/collections/wp_users/brute_forcable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (void) brute_force(wordlist, options = {}) + + + + + +

+
+

This method returns an undefined value.

+

Brute force each wp_user

+ +

To avoid loading the wordlist each time in the wp_user instance It's loaded +here, and given to the wp_user

+ + +
+
+
+

Parameters:

+
    + +
  • + + wordlist + + + (String, Array<String>) + + + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + + — +
    +

    See WpUser::BruteForcable#brute_force

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+15
+16
+17
+18
+19
+ 		+ 
# File 'lib/common/collections/wp_users/brute_forcable.rb', line 15
+
+def brute_force(wordlist, options = {})
+  passwords = WpUser::BruteForcable.passwords_from_wordlist(wordlist)
+
+  self.each { |wp_user| wp_user.brute_force(passwords, options) }
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpUsers/Detectable.html b/doc_yard/WpUsers/Detectable.html new file mode 100644 index 00000000..fb03442c --- /dev/null +++ b/doc_yard/WpUsers/Detectable.html @@ -0,0 +1,411 @@ + + + + + + Module: WpUsers::Detectable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpUsers::Detectable + + + +

+ +
+ + + + + + + +
Included in:
+
WpUsers
+ + + +
Defined in:
+
lib/common/collections/wp_users/detectable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (WpUsers) passive_detection(wp_target, options = {}) + + + + + +

+
+ +

No passive detection

+ + +
+
+
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/common/collections/wp_users/detectable.rb', line 12
+
+def passive_detection(wp_target, options = {})
+  new
+end
+
+
+ +
+

+ + - (Hash) request_params + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Hash) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+7
+ 		+ 
# File 'lib/common/collections/wp_users/detectable.rb', line 7
+
+def request_params; {} end
+
+
+ +
+

+ + - (Array<WpUser>) targets_items(wp_target, options = {}) (protected) + + + + + +

+
+ + +
+
+
+

Parameters:

+
    + +
  • + + wp_target + + + (WpTarget) + + + +
    • + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
+ + + + + + +

Options Hash (options):

+
    + +
  • + :range + (Range) + + + — default: + (1..10) + + + +
    • + +
+ + +

Returns:

+ + +
+ + + + +
+ 
+
+
+23
+24
+25
+26
+27
+28
+29
+30
+31
+ 		+ 
# File 'lib/common/collections/wp_users/detectable.rb', line 23
+
+def targets_items(wp_target, options = {})
+  range   = options[:range] || (1..10)
+  targets = []
+
+  range.each do |user_id|
+    targets << WpUser.new(wp_target.uri, id: user_id)
+  end
+  targets
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpUsers/Output.html b/doc_yard/WpUsers/Output.html new file mode 100644 index 00000000..ac45af21 --- /dev/null +++ b/doc_yard/WpUsers/Output.html @@ -0,0 +1,248 @@ + + + + + + Module: WpUsers::Output + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpUsers::Output + + + +

+ +
+ + + + + + + +
Included in:
+
WpUsers
+ + + +
Defined in:
+
lib/common/collections/wp_users/output.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (void) output(options = {}) + + + + + +

+
+

This method returns an undefined value.

+ +
+
+
+

Parameters:

+
    + +
  • + + options + + + (Hash) + + + (defaults to: {}) + + +
    • + +
  • + + options[ + + + (Hash) + + + + — +
    +

    a customizable set of options

    +
    + +
    • + +
+ + + + + + +
+ + + + +
+ 
+
+
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+ 		+ 
# File 'lib/common/collections/wp_users/output.rb', line 10
+
+def output(options = {})
+  rows     = []
+  headings = ['Id', 'Login', 'Name']
+  headings << 'Password' if options[:show_password]
+
+  self.each do |wp_user|
+    row = [wp_user.id, wp_user., wp_user.display_name]
+    row << wp_user.password if options[:show_password]
+    rows << row
+  end
+
+  puts Terminal::Table.new(headings: headings,
+                           rows: rows,
+                           style: { margin_left: options[:margin_left] || '' })
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpVersion.html b/doc_yard/WpVersion.html new file mode 100644 index 00000000..850f16c6 --- /dev/null +++ b/doc_yard/WpVersion.html @@ -0,0 +1,519 @@ + + + + + + Class: WpVersion + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpVersion + + + +

+ +
+ +
Inherits:
+
+ WpItem + +
    +
  • Object
    • + + + + + +
+ show all + +
+ + + + +
Extended by:
+
Findable
+ + + + +
Includes:
+
Output, Vulnerable
+ + + + + +
Defined in:
+
lib/common/models/wp_version.rb,
+ lib/common/models/wp_version/output.rb,
lib/common/models/wp_version/findable.rb,
lib/common/models/wp_version/vulnerable.rb +
+ +
+
+ +

Defined Under Namespace

+

+ + + Modules: Findable, Output, Vulnerable + + + + +

+ + + + +

Instance Attribute Summary (collapse)

+
    + +
  • + + + - (Object) number + + + + + + + + + + + + + + + + +
    +

    The version number.

    +
     + +
    • + + +
+ + + + + +

Attributes inherited from WpItem

+

#found_from, #name, #path, #version, #wp_content_dir, #wp_plugins_dir

+ + + +

Attributes included from WpItem::Vulnerable

+

#vulns_file, #vulns_xpath

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + + + + + + + + + + +

Methods included from Findable

+

find, find_from_advanced_fingerprinting, find_from_atom_generator, find_from_links_opml, find_from_meta_generator, find_from_rdf_generator, find_from_readme, find_from_rss_generator, find_from_sitemap_generator, scan_url, version_pattern

+ + + + + + + + + +

Methods included from Output

+

#output

+ + + + + + + + + +

Methods included from Vulnerable

+

#vulns_file, #vulns_xpath

+ + + + + + + + + +

Methods inherited from WpItem

+

#<=>, #===, #forge_uri, #initialize, #set_options, #uri, #url

+ + + + + + + + + + + + + + + +

Methods included from WpItem::Output

+

#output

+ + + + + + + + + +

Methods included from WpItem::Infos

+

#changelog_url, #error_log_url, #has_changelog?, #has_directory_listing?, #has_error_log?, #has_readme?, #readme_url, #url_is_200?

+ + + + + + + + + +

Methods included from WpItem::Existable

+

#exists?, #exists_from_response?

+ + + + + + + + + +

Methods included from WpItem::Vulnerable

+

#vulnerabilities

+ + + + + + + + + +

Methods included from WpItem::Versionable

+

#to_s, #version

+
+

Constructor Details

+ +

This class inherits a constructor from WpItem

+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + - (Object) number + + + + + +

+
+ +

The version number

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+14
+15
+16
+ 		+ 
# File 'lib/common/models/wp_version.rb', line 14
+
+def number
+  @number
+end
+
+
+ +
+ + +
+

Instance Method Details

+ + +
+

+ + - (Boolean) ==(other) + + + + + +

+
+ + +
+
+
+

Parameters:

+ + +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+22
+23
+24
+ 		+ 
# File 'lib/common/models/wp_version.rb', line 22
+
+def ==(other)
+  number == other.number
+end
+
+
+ +
+

+ + - (Array) allowed_options + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Array) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+17
+ 		+ 
# File 'lib/common/models/wp_version.rb', line 17
+
+def allowed_options; super << :number << :found_from end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpVersion/Findable.html b/doc_yard/WpVersion/Findable.html new file mode 100644 index 00000000..63155fd6 --- /dev/null +++ b/doc_yard/WpVersion/Findable.html @@ -0,0 +1,1401 @@ + + + + + + Module: WpVersion::Findable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpVersion::Findable + + + +

+ +
+ + + + + + + +
Included in:
+
WpVersion
+ + + +
Defined in:
+
lib/common/models/wp_version/findable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (WpVersion) find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml) + + + + + +

+
+ +

Find the version of the blog designated from target_uri

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
  • + + wp_content_dir + + + (String) + + + +
    • + +
  • + + wp_plugins_dir + + + (String) + + + +
    • + +
+ +

Returns:

+ + +
+ + + + +
+ 
+
+
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 14
+
+def find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+  methods.grep(/find_from_/).each do |method|
+
+    if method === :find_from_advanced_fingerprinting
+      version = send(method, target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+    else
+      version = send(method, target_uri)
+    end
+
+    if version
+      return new(target_uri, number: version, found_from: method)
+    end
+  end
+  nil
+end
+
+
+ +
+

+ + - (String) find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir, versions_xml) (protected) + + + + + +

+
+ +

Uses data/wp_versions.xml to try to identify a wordpress version.

+ +

It does this by using client side file hashing

+ +

/!\ Warning : this method might return false positive if the file used for +fingerprinting is part of a theme (they can be updated)

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
  • + + wp_content_dir + + + (String) + + + +
    • + +
  • + + wp_plugins_dir + + + (String) + + + +
    • + +
  • + + versions_xml + + + (String) + + + + — +
    +

    The path to the xml containing all versions

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The version number

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 154
+
+def find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+  xml     = xml(versions_xml)
+
+  # This wp_item will take care of encoding the path
+  # and replace variables like $wp-content$ & $wp-plugins$
+  wp_item = WpItem.new(target_uri,
+                       wp_content_dir: wp_content_dir,
+                       wp_plugins_dir: wp_plugins_dir)
+
+  xml.xpath('//file').each do |node|
+    wp_item.path = node.attribute('src').text
+
+    response = Browser.get(wp_item.url)
+    md5sum = Digest::MD5.hexdigest(response.body)
+
+    node.search('hash').each do |hash|
+      if hash.attribute('md5').text == md5sum
+        return hash.search('version').text
+      end
+    end
+  end
+  nil
+end
+
+
+ +
+

+ + - (String) find_from_atom_generator(target_uri) (protected) + + + + + +

+
+ +

Attempts to find the WordPress version from, the generator tag in the Atom +source.

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The version number

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+121
+122
+123
+124
+125
+126
+127
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 121
+
+def find_from_atom_generator(target_uri)
+  scan_url(
+    target_uri,
+    %r{<generator uri="http://wordpress.org/" version="#{version_pattern}">WordPress</generator>}i,
+    'feed/atom/'
+  )
+end
+
+
+ +
+

+ + - (String) find_from_links_opml(target_uri) (protected) + + + + + +

+
+ +

Attempts to find the WordPress version from the p-links-opml.php file.

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The version number

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+211
+212
+213
+214
+215
+216
+217
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 211
+
+def find_from_links_opml(target_uri)
+  scan_url(
+    target_uri,
+    %r{generator="wordpress/#{version_pattern}"}i,
+    'wp-links-opml.php'
+  )
+end
+
+
+ +
+

+ + - (String) find_from_meta_generator(target_uri) (protected) + + + + + +

+
+ +

Attempts to find the wordpress version from, the generator meta tag in the +html source.

+ +

The meta tag can be removed however it seems, that it is reinstated on +upgrade.

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The version number

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+68
+69
+70
+71
+72
+73
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 68
+
+def find_from_meta_generator(target_uri)
+  scan_url(
+    target_uri,
+    %r{name="generator" content="wordpress #{version_pattern}"}i
+  )
+end
+
+
+ +
+

+ + - (String) find_from_rdf_generator(target_uri) (protected) + + + + + +

+
+ +

Attempts to find WordPress version from, the generator tag in the RDF feed +source.

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The version number

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+95
+96
+97
+98
+99
+100
+101
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 95
+
+def find_from_rdf_generator(target_uri)
+  scan_url(
+    target_uri,
+    %r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{version_pattern}" />}i,
+    'feed/rdf/'
+  )
+end
+
+
+ +
+

+ + - (String) find_from_readme(target_uri) (protected) + + + + + +

+
+ +

Attempts to find the WordPress version from the readme.html file.

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The version number

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+183
+184
+185
+186
+187
+188
+189
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 183
+
+def find_from_readme(target_uri)
+  scan_url(
+    target_uri,
+    %r{<br />\sversion #{version_pattern}}i,
+    'readme.html'
+  )
+end
+
+
+ +
+

+ + - (String) find_from_rss_generator(target_uri) (protected) + + + + + +

+
+ +

Attempts to find the WordPress version from, the generator tag in the RSS +feed source.

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The version number

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+81
+82
+83
+84
+85
+86
+87
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 81
+
+def find_from_rss_generator(target_uri)
+  scan_url(
+    target_uri,
+    %r{<generator>http://wordpress.org/\?v=#{version_pattern}</generator>}i,
+    'feed/'
+  )
+end
+
+
+ +
+

+ + - (String) find_from_sitemap_generator(target_uri) (protected) + + + + + +

+
+ +

Attempts to find the WordPress version from the sitemap.xml file.

+ +

See: code.google.com/p/wpscan/issues/detail?id=109

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The version number

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+198
+199
+200
+201
+202
+203
+204
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 198
+
+def find_from_sitemap_generator(target_uri)
+  scan_url(
+    target_uri,
+    %r{generator="wordpress/#{version_pattern}"}i,
+    'sitemap.xml'
+  )
+end
+
+
+ +
+

+ + - (String) scan_url(target_uri, pattern, path = nil) (protected) + + + + + +

+
+ +

Returns the first match of <pattern> in the body of the url

+ + +
+
+
+

Parameters:

+
    + +
  • + + target_uri + + + (URI) + + + +
    • + +
  • + + pattern + + + (Regex) + + + +
    • + +
  • + + path + + + (String) + + + (defaults to: nil) + + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+46
+47
+48
+49
+50
+51
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 46
+
+def scan_url(target_uri, pattern, path = nil)
+  url = path ? target_uri.merge(path).to_s : target_uri.to_s
+  response = Browser.get_and_follow_location(url)
+
+  response.body[pattern, 1]
+end
+
+
+ +
+

+ + - (String) version_pattern + + + + + +

+
+ +

Used to check if the version is correct: must contain at least one dot.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+33
+34
+35
+ 		+ 
# File 'lib/common/models/wp_version/findable.rb', line 33
+
+def version_pattern
+  '([^\r\n"\']+\.[^\r\n"\']+)'
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpVersion/Output.html b/doc_yard/WpVersion/Output.html new file mode 100644 index 00000000..36ec9f36 --- /dev/null +++ b/doc_yard/WpVersion/Output.html @@ -0,0 +1,196 @@ + + + + + + Module: WpVersion::Output + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpVersion::Output + + + +

+ +
+ + + + + + + +
Included in:
+
WpVersion
+ + + +
Defined in:
+
lib/common/models/wp_version/output.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (Object) output + + + + + +

+ + + + +
+ 
+
+
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+ 		+ 
# File 'lib/common/models/wp_version/output.rb', line 6
+
+def output
+  puts green('[+]') + " WordPress version #{self.number} identified from #{self.found_from}"
+
+  vulnerabilities = self.vulnerabilities
+
+  unless vulnerabilities.empty?
+    puts
+    puts red('[!]') + " We have identified #{vulnerabilities.size} vulnerabilities from the version number :"
+
+    vulnerabilities.output
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpVersion/Vulnerable.html b/doc_yard/WpVersion/Vulnerable.html new file mode 100644 index 00000000..1d9033c2 --- /dev/null +++ b/doc_yard/WpVersion/Vulnerable.html @@ -0,0 +1,289 @@ + + + + + + Module: WpVersion::Vulnerable + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Module: WpVersion::Vulnerable + + + +

+ +
+ + + + + + + +
Included in:
+
WpVersion
+ + + +
Defined in:
+
lib/common/models/wp_version/vulnerable.rb
+ +
+
+ + + + + + + + + +

+ Instance Method Summary + (collapse) +

+ + + + + + +
+

Instance Method Details

+ + +
+

+ + - (String) vulns_file + + + + + +

+
+ +

The path to the file containing vulnerabilities

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +
    +

    The path to the file containing vulnerabilities

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+7
+8
+9
+10
+11
+12
+ 		+ 
# File 'lib/common/models/wp_version/vulnerable.rb', line 7
+
+def vulns_file
+  unless @vulns_file
+    @vulns_file = WP_VULNS_FILE
+  end
+  @vulns_file
+end
+
+
+ +
+

+ + - (String) vulns_xpath + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+15
+16
+17
+ 		+ 
# File 'lib/common/models/wp_version/vulnerable.rb', line 15
+
+def vulns_xpath
+  "//wordpress[@version='#{@number}']/vulnerability"
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/WpscanOptions.html b/doc_yard/WpscanOptions.html new file mode 100644 index 00000000..85223177 --- /dev/null +++ b/doc_yard/WpscanOptions.html @@ -0,0 +1,1730 @@ + + + + + + Class: WpscanOptions + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Class: WpscanOptions + + + +

+ +
+ +
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+ + + + + + + + + +
Defined in:
+
lib/wpscan/wpscan_options.rb
+ +
+
+ + +

Constant Summary

+ +
+ +
ACCESSOR_OPTIONS = + +
+ 
[
+  :enumerate_plugins,
+  :enumerate_only_vulnerable_plugins,
+  :enumerate_all_plugins,
+  :enumerate_themes,
+  :enumerate_only_vulnerable_themes,
+  :enumerate_all_themes,
+  :enumerate_timthumbs,
+  :enumerate_usernames,
+  :enumerate_usernames_range,
+  :proxy,
+  :proxy_auth,
+  :threads,
+  :url,
+  :wordlist,
+  :force,
+  :update,
+  :verbose,
+  :username,
+  :password,
+  :follow_redirection,
+  :wp_content_dir,
+  :wp_plugins_dir,
+  :help,
+  :config_file,
+  :exclude_content_based,
+  :basic_auth
+]
+ +
+ + + + + + + + + +

+ Class Method Summary + (collapse) +

+ + + +

+ Instance Method Summary + (collapse) +

+ + + + +
+

Constructor Details

+ +
+

+ + - (WpscanOptions) initialize + + + + + +

+
+ +

A new instance of WpscanOptions

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+36
+37
+38
+39
+40
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 36
+
+def initialize
+  ACCESSOR_OPTIONS.each do |option|
+    instance_variable_set("@#{option}", nil)
+  end
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + + (Object) clean_option(option) (protected) + + + + + +

+
+ +

Will removed the '-' or '--' chars at the beginning of option and replace +any remaining '-' by '_'

+ +

param string option return string

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+247
+248
+249
+250
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 247
+
+def self.clean_option(option)
+  cleaned_option = option.gsub(/^--?/, '')
+  cleaned_option.gsub(/-/, '_')
+end
+
+
+ +
+

+ + + (Object) get_opt_long (protected) + + + + + +

+
+ +

Even if a short option is given (IE : -u), the long one will be returned +(IE : --url)

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+216
+217
+218
+219
+220
+221
+222
+223
+224
+225
+226
+227
+228
+229
+230
+231
+232
+233
+234
+235
+236
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 216
+
+def self.get_opt_long
+  GetoptLong.new(
+    ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
+    ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT],
+    ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT],
+    ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT],
+    ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT],
+    ['--force', '-f', GetoptLong::NO_ARGUMENT],
+    ['--help', '-h', GetoptLong::NO_ARGUMENT],
+    ['--verbose', '-v', GetoptLong::NO_ARGUMENT],
+    ['--proxy', GetoptLong::REQUIRED_ARGUMENT],
+    ['--proxy-auth', GetoptLong::REQUIRED_ARGUMENT],
+    ['--update', GetoptLong::NO_ARGUMENT],
+    ['--follow-redirection', GetoptLong::NO_ARGUMENT],
+    ['--wp-content-dir', GetoptLong::REQUIRED_ARGUMENT],
+    ['--wp-plugins-dir', GetoptLong::REQUIRED_ARGUMENT],
+    ['--config-file', '-c', GetoptLong::REQUIRED_ARGUMENT],
+    ['--exclude-content-based', GetoptLong::REQUIRED_ARGUMENT],
+    ['--basic-auth', GetoptLong::REQUIRED_ARGUMENT]
+  )
+end
+
+
+ +
+

+ + + (Boolean) is_long_option?(option) (protected) + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+238
+239
+240
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 238
+
+def self.is_long_option?(option)
+  ACCESSOR_OPTIONS.include?(:#{WpscanOptions.clean_option(option)}")
+end
+
+
+ +
+

+ + + (Object) load_from_arguments + + + + + +

+
+ +

Will load the options from ARGV return WpscanOptions

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 149
+
+def self.load_from_arguments
+  wpscan_options = WpscanOptions.new
+
+  if ARGV.length > 0
+    WpscanOptions.get_opt_long.each do |opt, arg|
+      wpscan_options.set_option_from_cli(opt, arg)
+    end
+  end
+
+  wpscan_options
+end
+
+
+ +
+

+ + + (Object) option_to_instance_variable_setter(option) (protected) + + + + + +

+ + + + +
+ 
+
+
+252
+253
+254
+255
+256
+257
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 252
+
+def self.option_to_instance_variable_setter(option)
+  cleaned_option = WpscanOptions.clean_option(option)
+  option_syms = ACCESSOR_OPTIONS.grep(%r{^#{cleaned_option}$})
+
+  option_syms.length == 1 ? :#{option_syms.at(0)}=" : nil
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + - (Object) basic_auth=(basic_auth) + + + + + +

+ + + + +
+ 
+
+
+124
+125
+126
+127
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 124
+
+def basic_auth=(basic_auth)
+  raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil?
+  @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
+end
+
+
+ +
+

+ + - (Object) enumerate_all_plugins=(enumerate_all_plugins) + + + + + +

+ + + + +
+ 
+
+
+92
+93
+94
+95
+96
+97
+98
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 92
+
+def enumerate_all_plugins=(enumerate_all_plugins)
+  if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true)
+    raise 'Please choose only one plugin enumeration option'
+  else
+    @enumerate_all_plugins = enumerate_all_plugins
+  end
+end
+
+
+ +
+

+ + - (Object) enumerate_all_themes=(enumerate_all_themes) + + + + + +

+ + + + +
+ 
+
+
+116
+117
+118
+119
+120
+121
+122
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 116
+
+def enumerate_all_themes=(enumerate_all_themes)
+  if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true)
+    raise 'Please choose only one theme enumeration option'
+  else
+    @enumerate_all_themes = enumerate_all_themes
+  end
+end
+
+
+ +
+

+ + - (Object) enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins) + + + + + +

+ + + + +
+ 
+
+
+84
+85
+86
+87
+88
+89
+90
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 84
+
+def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins)
+  if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true)
+    raise 'Please choose only one plugin enumeration option'
+  else
+    @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins
+  end
+end
+
+
+ +
+

+ + - (Object) enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes) + + + + + +

+ + + + +
+ 
+
+
+108
+109
+110
+111
+112
+113
+114
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 108
+
+def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
+  if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true)
+    raise 'Please choose only one theme enumeration option'
+  else
+    @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
+  end
+end
+
+
+ +
+

+ + - (Object) enumerate_options_from_string(value) + + + + + +

+
+ +

Will set enumerate_* from the string value IE : if value = vp => +:enumerate_only_vulnerable_plugins will be set to true multiple enumeration +are possible : 'u,p' => :enumerate_usernames and :enumerate_plugins +Special case for usernames, a range is possible : u will enumerate usernames from 1 to 10

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+184
+185
+186
+187
+188
+189
+190
+191
+192
+193
+194
+195
+196
+197
+198
+199
+200
+201
+202
+203
+204
+205
+206
+207
+208
+209
+210
+211
+212
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 184
+
+def enumerate_options_from_string(value)
+  # Usage of self is mandatory because there are overridden setters
+
+  value = value.split(',').map { |c| c.downcase }
+
+  self.enumerate_only_vulnerable_plugins = true if value.include?('vp')
+
+  self.enumerate_plugins = true if value.include?('p')
+
+  self.enumerate_all_plugins = true if value.include?('ap')
+
+  @enumerate_timthumbs = true if value.include?('tt')
+
+  self.enumerate_only_vulnerable_themes = true if value.include?('vt')
+
+  self.enumerate_themes = true if value.include?('t')
+
+  self.enumerate_all_themes = true if value.include?('at')
+
+  value.grep(/^u/) do |username_enum_value|
+    @enumerate_usernames = true
+    # Check for usernames range
+    matches = %r{\[([\d]+)-([\d]+)\]}.match(username_enum_value)
+    if matches
+      @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i)
+    end
+  end
+
+end
+
+
+ +
+

+ + - (Object) enumerate_plugins=(enumerate_plugins) + + + + + +

+ + + + +
+ 
+
+
+76
+77
+78
+79
+80
+81
+82
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 76
+
+def enumerate_plugins=(enumerate_plugins)
+  if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true)
+    raise 'Please choose only one plugin enumeration option'
+  else
+    @enumerate_plugins = enumerate_plugins
+  end
+end
+
+
+ +
+

+ + - (Object) enumerate_themes=(enumerate_themes) + + + + + +

+ + + + +
+ 
+
+
+100
+101
+102
+103
+104
+105
+106
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 100
+
+def enumerate_themes=(enumerate_themes)
+  if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true)
+    raise 'Please choose only one theme enumeration option'
+  else
+    @enumerate_themes = enumerate_themes
+  end
+end
+
+
+ +
+

+ + - (Boolean) has_options? + + + + + +

+
+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+129
+130
+131
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 129
+
+def has_options?
+  !to_h.empty?
+end
+
+
+ +
+

+ + - (Object) proxy=(proxy) + + + + + +

+ + + + +
+ 
+
+
+60
+61
+62
+63
+64
+65
+66
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 60
+
+def proxy=(proxy)
+  if proxy.index(':') == nil
+    raise 'Invalid proxy format. Should be host:port.'
+  else
+    @proxy = proxy
+  end
+end
+
+
+ +
+

+ + - (Object) proxy_auth=(auth) + + + + + +

+ + + + +
+ 
+
+
+68
+69
+70
+71
+72
+73
+74
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 68
+
+def proxy_auth=(auth)
+  if auth.index(':') == nil
+    raise 'Invalid proxy auth format, username:password expected'
+  else
+    @proxy_auth = auth
+  end
+end
+
+
+ +
+

+ + - (Object) set_option_from_cli(cli_option, cli_value) + + + + + +

+
+ +

string cli_option : --url, -u, --proxy etc string cli_value : the option +value

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+177
+178
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 163
+
+def set_option_from_cli(cli_option, cli_value)
+
+  if WpscanOptions.is_long_option?(cli_option)
+    self.send(
+        WpscanOptions.option_to_instance_variable_setter(cli_option),
+        cli_value
+    )
+  elsif cli_option === '--enumerate' # Special cases
+    # Default value if no argument is given
+    cli_value = 'vt,tt,u,vp' if cli_value.length == 0
+
+    enumerate_options_from_string(cli_value)
+  else
+    raise "Unknow option : #{cli_option} with value #{cli_value}"
+  end
+end
+
+
+ +
+

+ + - (Object) threads=(threads) + + + + + +

+ + + + +
+ 
+
+
+48
+49
+50
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 48
+
+def threads=(threads)
+  @threads = threads.is_a?(Integer) ? threads : threads.to_i
+end
+
+
+ +
+

+ + - (Object) to_h + + + + + +

+
+ +

return Hash

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 134
+
+def to_h
+  options = {}
+
+  ACCESSOR_OPTIONS.each do |option|
+    instance_variable = instance_variable_get("@#{option}")
+
+    unless instance_variable.nil?
+      options[:#{option}"] = instance_variable
+    end
+  end
+  options
+end
+
+
+ +
+

+ + - (Object) url=(url) + + + + + +

+ + + + +
+ 
+
+
+42
+43
+44
+45
+46
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 42
+
+def url=(url)
+  raise 'Empty URL given' if !url
+
+  @url = URI.parse(add_http_protocol(url)).to_s
+end
+
+
+ +
+

+ + - (Object) wordlist=(wordlist) + + + + + +

+ + + + +
+ 
+
+
+52
+53
+54
+55
+56
+57
+58
+ 		+ 
# File 'lib/wpscan/wpscan_options.rb', line 52
+
+def wordlist=(wordlist)
+  if File.exists?(wordlist)
+    @wordlist = wordlist
+  else
+    raise "The file #{wordlist} does not exist"
+  end
+end
+
+
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/_index.html b/doc_yard/_index.html new file mode 100644 index 00000000..853f4071 --- /dev/null +++ b/doc_yard/_index.html @@ -0,0 +1,742 @@ + + + + + + Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

Documentation by YARD 0.8.6.1

+
+

Alphabetic Index

+ +

File Listing

+ + +
+

Namespace Listing A-Z

+ + +
+ + + + + + + +
+ + +
    +
  • A
    • + +
+ + + + + + + + + + + + + + + + + + + + + 		+ + +
    +
  • I
    • +
      + +
    • + Infos + + (WpItem) + +
      • + +
    +
+ + + + + +
    +
  • M
    • + +
+ + +
    +
  • O
    • +
      + +
    • + Options + + (Ethon::Easy) + +
      • + +
    • + Options + + (Browser) + +
      • + +
    • + Output + + (Vulnerabilities) + +
      • + +
    • + Output + + (Vulnerability) + +
      • + +
    • + Output + + (WpItem) + +
      • + +
    • + Output + + (WpUsers) + +
      • + +
    • + Output + + (WpTimthumb) + +
      • + +
    • + Output + + (WpVersion) + +
      • + +
    • + Output + + (WpItems) + +
      • + +
    +
+ + + + + +
    +
  • R
    • + +
+ + + + + + + + + 		+ + + + + + + + + + +
+ +
+ +
+ + + + + \ No newline at end of file diff --git a/doc_yard/class_list.html b/doc_yard/class_list.html new file mode 100644 index 00000000..0a66eadb --- /dev/null +++ b/doc_yard/class_list.html @@ -0,0 +1,53 @@ + + + + + + + + + + + + + + + + + + + + +
+

Class List

+ + + + +
+ + diff --git a/doc_yard/css/common.css b/doc_yard/css/common.css new file mode 100644 index 00000000..cf25c452 --- /dev/null +++ b/doc_yard/css/common.css @@ -0,0 +1 @@ +/* Override this file with custom rules */ \ No newline at end of file diff --git a/doc_yard/css/full_list.css b/doc_yard/css/full_list.css new file mode 100644 index 00000000..c918cf19 --- /dev/null +++ b/doc_yard/css/full_list.css @@ -0,0 +1,57 @@ +body { + margin: 0; + font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; + font-size: 13px; + height: 101%; + overflow-x: hidden; +} + +h1 { padding: 12px 10px; padding-bottom: 0; margin: 0; font-size: 1.4em; } +.clear { clear: both; } +#search { position: absolute; right: 5px; top: 9px; padding-left: 24px; } +#content.insearch #search, #content.insearch #noresults { background: url(data:image/gif;base64,R0lGODlhEAAQAPYAAP///wAAAPr6+pKSkoiIiO7u7sjIyNjY2J6engAAAI6OjsbGxjIyMlJSUuzs7KamppSUlPLy8oKCghwcHLKysqSkpJqamvT09Pj4+KioqM7OzkRERAwMDGBgYN7e3ujo6Ly8vCoqKjY2NkZGRtTU1MTExDw8PE5OTj4+PkhISNDQ0MrKylpaWrS0tOrq6nBwcKysrLi4uLq6ul5eXlxcXGJiYoaGhuDg4H5+fvz8/KKiohgYGCwsLFZWVgQEBFBQUMzMzDg4OFhYWBoaGvDw8NbW1pycnOLi4ubm5kBAQKqqqiQkJCAgIK6urnJyckpKSjQ0NGpqatLS0sDAwCYmJnx8fEJCQlRUVAoKCggICLCwsOTk5ExMTPb29ra2tmZmZmhoaNzc3KCgoBISEiIiIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJCAAAACwAAAAAEAAQAAAHaIAAgoMgIiYlg4kACxIaACEJCSiKggYMCRselwkpghGJBJEcFgsjJyoAGBmfggcNEx0flBiKDhQFlIoCCA+5lAORFb4AJIihCRbDxQAFChAXw9HSqb60iREZ1omqrIPdJCTe0SWI09GBACH5BAkIAAAALAAAAAAQABAAAAdrgACCgwc0NTeDiYozCQkvOTo9GTmDKy8aFy+NOBA7CTswgywJDTIuEjYFIY0JNYMtKTEFiRU8Pjwygy4ws4owPyCKwsMAJSTEgiQlgsbIAMrO0dKDGMTViREZ14kYGRGK38nHguHEJcvTyIEAIfkECQgAAAAsAAAAABAAEAAAB2iAAIKDAggPg4iJAAMJCRUAJRIqiRGCBI0WQEEJJkWDERkYAAUKEBc4Po1GiKKJHkJDNEeKig4URLS0ICImJZAkuQAhjSi/wQyNKcGDCyMnk8u5rYrTgqDVghgZlYjcACTA1sslvtHRgQAh+QQJCAAAACwAAAAAEAAQAAAHZ4AAgoOEhYaCJSWHgxGDJCQARAtOUoQRGRiFD0kJUYWZhUhKT1OLhR8wBaaFBzQ1NwAlkIszCQkvsbOHL7Y4q4IuEjaqq0ZQD5+GEEsJTDCMmIUhtgk1lo6QFUwJVDKLiYJNUd6/hoEAIfkECQgAAAAsAAAAABAAEAAAB2iAAIKDhIWGgiUlh4MRgyQkjIURGRiGGBmNhJWHm4uen4ICCA+IkIsDCQkVACWmhwSpFqAABQoQF6ALTkWFnYMrVlhWvIKTlSAiJiVVPqlGhJkhqShHV1lCW4cMqSkAR1ofiwsjJyqGgQAh+QQJCAAAACwAAAAAEAAQAAAHZ4AAgoOEhYaCJSWHgxGDJCSMhREZGIYYGY2ElYebi56fhyWQniSKAKKfpaCLFlAPhl0gXYNGEwkhGYREUywag1wJwSkHNDU3D0kJYIMZQwk8MjPBLx9eXwuETVEyAC/BOKsuEjYFhoEAIfkECQgAAAAsAAAAABAAEAAAB2eAAIKDhIWGgiUlh4MRgyQkjIURGRiGGBmNhJWHm4ueICImip6CIQkJKJ4kigynKaqKCyMnKqSEK05StgAGQRxPYZaENqccFgIID4KXmQBhXFkzDgOnFYLNgltaSAAEpxa7BQoQF4aBACH5BAkIAAAALAAAAAAQABAAAAdogACCg4SFggJiPUqCJSWGgkZjCUwZACQkgxGEXAmdT4UYGZqCGWQ+IjKGGIUwPzGPhAc0NTewhDOdL7Ykji+dOLuOLhI2BbaFETICx4MlQitdqoUsCQ2vhKGjglNfU0SWmILaj43M5oEAOwAAAAAAAAAAAA==) no-repeat center left; } +#full_list { padding: 0; list-style: none; margin-left: 0; } +#full_list ul { padding: 0; } +#full_list li { padding: 5px; padding-left: 12px; margin: 0; font-size: 1.1em; list-style: none; } +#noresults { padding: 7px 12px; } +#content.insearch #noresults { margin-left: 7px; } +ul.collapsed ul, ul.collapsed li { display: none; } +ul.collapsed.search_uncollapsed { display: block; } +ul.collapsed.search_uncollapsed li { display: list-item; } +li a.toggle { cursor: default; position: relative; left: -5px; top: 4px; text-indent: -999px; width: 10px; height: 9px; margin-left: -10px; display: block; float: left; background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAASCAYAAABb0P4QAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAK8AAACvABQqw0mAAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTM5jWRgMAAAAVdEVYdENyZWF0aW9uIFRpbWUAMy8xNC8wOeNZPpQAAAE2SURBVDiNrZTBccIwEEXfelIAHUA6CZ24BGaWO+FuzZAK4k6gg5QAdGAq+Bxs2Yqx7BzyL7Llp/VfzZeQhCTc/ezuGzKKnKSzpCxXJM8fwNXda3df5RZETlIt6YUzSQDs93sl8w3wBZxCCE10GM1OcWbWjB2mWgEH4Mfdyxm3PSepBHibgQE2wLe7r4HjEidpnXMYdQPKEMJcsZ4zs2POYQOcaPfwMVOo58zsAdMt18BuoVDPxUJRacELbXv3hUIX2vYmOUvi8C8ydz/ThjXrqKqqLbDIAdsCKBd+Wo7GWa7o9qzOQHVVVXeAbs+yHHCH4aTsaCOQqunmUy1yBUAXkdMIfMlgF5EXLo2OpV/c/Up7jG4hhHcYLgWzAZXUc2b2ixsfvc/RmNNfOXD3Q/oeL9axJE1yT9IOoUu6MGUkAAAAAElFTkSuQmCC) no-repeat bottom left; } +li.collapsed a.toggle { opacity: 0.5; cursor: default; background-position: top left; } +li { color: #888; cursor: pointer; } +li.deprecated { text-decoration: line-through; font-style: italic; } +li.r1 { background: #f0f0f0; } +li.r2 { background: #fafafa; } +li:hover { background: #ddd; } +li small:before { content: "("; } +li small:after { content: ")"; } +li small.search_info { display: none; } +a:link, a:visited { text-decoration: none; color: #05a; } +li.clicked { background: #05a; color: #ccc; } +li.clicked a:link, li.clicked a:visited { color: #eee; } +li.clicked a.toggle { opacity: 0.5; background-position: bottom right; } +li.collapsed.clicked a.toggle { background-position: top right; } +#search input { border: 1px solid #bbb; -moz-border-radius: 3px; -webkit-border-radius: 3px; } +#nav { margin-left: 10px; font-size: 0.9em; display: none; color: #aaa; } +#nav a:link, #nav a:visited { color: #358; } +#nav a:hover { background: transparent; color: #5af; } +.frames #nav span:after { content: ' | '; } +.frames #nav span:last-child:after { content: ''; } + +.frames #content h1 { margin-top: 0; } +.frames li { white-space: nowrap; cursor: normal; } +.frames li small { display: block; font-size: 0.8em; } +.frames li small:before { content: ""; } +.frames li small:after { content: ""; } +.frames li small.search_info { display: none; } +.frames #search { width: 170px; position: static; margin: 3px; margin-left: 10px; font-size: 0.9em; color: #888; padding-left: 0; padding-right: 24px; } +.frames #content.insearch #search { background-position: center right; } +.frames #search input { width: 110px; } +.frames #nav { display: block; } + +#full_list.insearch li { display: none; } +#full_list.insearch li.found { display: list-item; padding-left: 10px; } +#full_list.insearch li a.toggle { display: none; } +#full_list.insearch li small.search_info { display: block; } diff --git a/doc_yard/css/style.css b/doc_yard/css/style.css new file mode 100644 index 00000000..6d3243e3 --- /dev/null +++ b/doc_yard/css/style.css @@ -0,0 +1,338 @@ +body { + padding: 0 20px; + font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; + font-size: 13px; +} +body.frames { padding: 0 5px; } +h1 { font-size: 25px; margin: 1em 0 0.5em; padding-top: 4px; border-top: 1px dotted #d5d5d5; } +h1.noborder { border-top: 0px; margin-top: 0; padding-top: 4px; } +h1.title { margin-bottom: 10px; } +h1.alphaindex { margin-top: 0; font-size: 22px; } +h2 { + padding: 0; + padding-bottom: 3px; + border-bottom: 1px #aaa solid; + font-size: 1.4em; + margin: 1.8em 0 0.5em; +} +h2 small { font-weight: normal; font-size: 0.7em; display: block; float: right; } +.clear { clear: both; } +.inline { display: inline; } +.inline p:first-child { display: inline; } +.docstring h1, .docstring h2, .docstring h3, .docstring h4 { padding: 0; border: 0; border-bottom: 1px dotted #bbb; } +.docstring h1 { font-size: 1.2em; } +.docstring h2 { font-size: 1.1em; } +.docstring h3, .docstring h4 { font-size: 1em; border-bottom: 0; padding-top: 10px; } +.summary_desc .object_link, .docstring .object_link { font-family: monospace; } +.rdoc-term { padding-right: 25px; font-weight: bold; } +.rdoc-list p { margin: 0; padding: 0; margin-bottom: 4px; } + +/* style for */ +#filecontents table, .docstring table { border-collapse: collapse; } +#filecontents table th, #filecontents table td, +.docstring table th, .docstring table td { border: 1px solid #ccc; padding: 8px; padding-right: 17px; } +#filecontents table tr:nth-child(odd), +.docstring table tr:nth-child(odd) { background: #eee; } +#filecontents table tr:nth-child(even), +.docstring table tr:nth-child(even) { background: #fff; } +#filecontents table th, .docstring table th { background: #fff; } + +/* style for
    */ +#filecontents li > p, .docstring li > p { margin: 0px; } +#filecontents ul, .docstring ul { padding-left: 20px; } +/* style for
    */ +#filecontents dl, .docstring dl { border: 1px solid #ccc; } +#filecontents dt, .docstring dt { background: #ddd; font-weight: bold; padding: 3px 5px; } +#filecontents dd, .docstring dd { padding: 5px 0px; margin-left: 18px; } +#filecontents dd > p, .docstring dd > p { margin: 0px; } + +.note { + color: #222; + -moz-border-radius: 3px; -webkit-border-radius: 3px; + background: #e3e4e3; border: 1px solid #d5d5d5; padding: 7px 10px; + display: block; +} +.note.todo { background: #ffffc5; border-color: #ececaa; } +.note.returns_void { background: #efefef; } +.note.deprecated { background: #ffe5e5; border-color: #e9dada; } +.note.private { background: #ffffc5; border-color: #ececaa; } +.note.title { padding: 1px 5px; font-size: 0.9em; font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; display: inline; } +.summary_signature + .note.title { margin-left: 7px; } +h1 .note.title { font-size: 0.5em; font-weight: normal; padding: 3px 5px; position: relative; top: -3px; text-transform: capitalize; } +.note.title.constructor { color: #fff; background: #6a98d6; border-color: #6689d6; } +.note.title.writeonly { color: #fff; background: #45a638; border-color: #2da31d; } +.note.title.readonly { color: #fff; background: #6a98d6; border-color: #6689d6; } +.note.title.private { background: #d5d5d5; border-color: #c5c5c5; } +.note.title.not_defined_here { background: transparent; border: none; font-style: italic; } +.discussion .note { margin-top: 6px; } +.discussion .note:first-child { margin-top: 0; } + +h3.inherited { + font-style: italic; + font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; + font-weight: normal; + padding: 0; + margin: 0; + margin-top: 12px; + margin-bottom: 3px; + font-size: 13px; +} +p.inherited { + padding: 0; + margin: 0; + margin-left: 25px; +} + +#filecontents dl.box, dl.box { + border: 0; + width: 520px; + font-size: 1em; +} +#filecontents dl.box dt, dl.box dt { + float: left; + display: block; + width: 100px; + margin: 0; + text-align: right; + font-weight: bold; + background: transparent; + border: 1px solid #aaa; + border-width: 1px 0px 0px 1px; + padding: 6px 0; + padding-right: 10px; +} +#filecontents dl.box dd, dl.box dd { + float: left; + display: block; + width: 380px; + margin: 0; + padding: 6px 0; + padding-right: 20px; + border: 1px solid #aaa; + border-width: 1px 1px 0 0; +} +#filecontents dl.box .last, dl.box .last { + border-bottom: 1px solid #aaa; +} +#filecontents dl.box .r1, dl.box .r1 { background: #eee; } + +ul.toplevel { list-style: none; padding-left: 0; font-size: 1.1em; } +.index_inline_list { padding-left: 0; font-size: 1.1em; } +.index_inline_list li { list-style: none; display: inline; padding: 7px 12px; line-height: 35px; } + +dl.constants { margin-left: 40px; } +dl.constants dt { font-weight: bold; font-size: 1.1em; margin-bottom: 5px; } +dl.constants dd { width: 75%; white-space: pre; font-family: monospace; margin-bottom: 18px; } + +.summary_desc { margin-left: 32px; display: block; font-family: sans-serif; } +.summary_desc tt { font-size: 0.9em; } +dl.constants .note { padding: 2px 6px; padding-right: 12px; margin-top: 6px; } +dl.constants .docstring { margin-left: 32px; font-size: 0.9em; font-weight: normal; } +dl.constants .tags { padding-left: 32px; font-size: 0.9em; line-height: 0.8em; } +dl.constants .discussion *:first-child { margin-top: 0; } +dl.constants .discussion *:last-child { margin-bottom: 0; } + +.method_details { border-top: 1px dotted #aaa; margin-top: 15px; padding-top: 0; } +.method_details.first { border: 0; } +p.signature, h3.signature { + font-size: 1.1em; font-weight: normal; font-family: Monaco, Consolas, Courier, monospace; + padding: 6px 10px; margin-top: 18px; + background: #e5e8ff; border: 1px solid #d8d8e5; -moz-border-radius: 3px; -webkit-border-radius: 3px; +} +p.signature tt, +h3.signature tt { font-family: Monaco, Consolas, Courier, monospace; } +p.signature .overload, +h3.signature .overload { display: block; } +p.signature .extras, +h3.signature .extras { font-weight: normal; font-family: sans-serif; color: #444; font-size: 1em; } +p.signature .not_defined_here, +h3.signature .not_defined_here, +p.signature .aliases, +h3.signature .aliases { display: block; font-weight: normal; font-size: 0.9em; font-family: sans-serif; margin-top: 0px; color: #555; } +p.signature .aliases .names, +h3.signature .aliases .names { font-family: Monaco, Consolas, Courier, monospace; font-weight: bold; color: #000; font-size: 1.2em; } + +.tags .tag_title { font-size: 1em; margin-bottom: 0; font-weight: bold; } +.tags ul { margin-top: 5px; padding-left: 30px; list-style: square; } +.tags ul li { margin-bottom: 3px; } +.tags ul .name { font-family: monospace; font-weight: bold; } +.tags ul .note { padding: 3px 6px; } +.tags { margin-bottom: 12px; } + +.tags .examples .tag_title { margin-bottom: 10px; font-weight: bold; } +.tags .examples .inline p { padding: 0; margin: 0; margin-left: 15px; font-weight: bold; font-size: 0.9em; } + +.tags .overload .overload_item { list-style: none; margin-bottom: 25px; } +.tags .overload .overload_item .signature { + padding: 2px 8px; + background: #e5e8ff; border: 1px solid #d8d8e5; -moz-border-radius: 3px; -webkit-border-radius: 3px; +} +.tags .overload .signature { margin-left: -15px; font-family: monospace; display: block; font-size: 1.1em; } +.tags .overload .docstring { margin-top: 15px; } + +.defines { display: none; } + +#method_missing_details .notice.this { position: relative; top: -8px; color: #888; padding: 0; margin: 0; } + +.showSource { font-size: 0.9em; } +.showSource a:link, .showSource a:visited { text-decoration: none; color: #666; } + +#content a:link, #content a:visited { text-decoration: none; color: #05a; } +#content a:hover { background: #ffffa5; } +div.docstring, p.docstring { margin-right: 6em; } + +ul.summary { + list-style: none; + font-family: monospace; + font-size: 1em; + line-height: 1.5em; +} +ul.summary a:link, ul.summary a:visited { + text-decoration: none; font-size: 1.1em; +} +ul.summary li { margin-bottom: 5px; } +.summary .summary_signature { + padding: 1px 10px; + background: #eaeaff; border: 1px solid #dfdfe5; + -moz-border-radius: 3px; -webkit-border-radius: 3px; +} +.summary_signature:hover { background: #eeeeff; cursor: pointer; } +ul.summary.compact li { display: inline-block; margin: 0px 5px 0px 0px; line-height: 2.6em;} +ul.summary.compact .summary_signature { padding: 5px 7px; padding-right: 4px; } +#content .summary_signature:hover a:link, +#content .summary_signature:hover a:visited { + background: transparent; + color: #48f; +} + +p.inherited a { font-family: monospace; font-size: 0.9em; } +p.inherited { word-spacing: 5px; font-size: 1.2em; } + +p.children { font-size: 1.2em; } +p.children a { font-size: 0.9em; } +p.children strong { font-size: 0.8em; } +p.children strong.modules { padding-left: 5px; } + +ul.fullTree { display: none; padding-left: 0; list-style: none; margin-left: 0; margin-bottom: 10px; } +ul.fullTree ul { margin-left: 0; padding-left: 0; list-style: none; } +ul.fullTree li { text-align: center; padding-top: 18px; padding-bottom: 12px; background: url(data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHtJREFUeNqMzrEJAkEURdGzuhgZbSoYWcAWoBVsB4JgZAGmphsZCZYzTQgWNCYrDN9RvMmHx+X916SUBFbo8CzD1idXrLErw1mQttgXtyrOcQ/Ny5p4Qh+2XqLYYazsPWNTiuMkRxa4vcV+evuNAUOLIx5+c2hyzv7hNQC67Q+/HHmlEwAAAABJRU5ErkJggg==) no-repeat top center; } +ul.fullTree li:first-child { padding-top: 0; background: transparent; } +ul.fullTree li:last-child { padding-bottom: 0; } +.showAll ul.fullTree { display: block; } +.showAll .inheritName { display: none; } + +#search { position: absolute; right: 14px; top: 0px; } +#search a:link, #search a:visited { + display: block; float: left; margin-right: 4px; + padding: 8px 10px; text-decoration: none; color: #05a; + border: 1px solid #d8d8e5; + -moz-border-radius-bottomleft: 3px; -moz-border-radius-bottomright: 3px; + -webkit-border-bottom-left-radius: 3px; -webkit-border-bottom-right-radius: 3px; + background: #eaf0ff; + -webkit-box-shadow: -1px 1px 3px #ddd; +} +#search a:hover { background: #f5faff; color: #06b; } +#search a.active { + background: #568; padding-bottom: 20px; color: #fff; border: 1px solid #457; + -moz-border-radius-topleft: 5px; -moz-border-radius-topright: 5px; + -webkit-border-top-left-radius: 5px; -webkit-border-top-right-radius: 5px; +} +#search a.inactive { color: #999; } +.frames #search { display: none; } +.inheritanceTree, .toggleDefines { float: right; } + +#menu { font-size: 1.3em; color: #bbb; top: -5px; position: relative; } +#menu .title, #menu a { font-size: 0.7em; } +#menu .title a { font-size: 1em; } +#menu .title { color: #555; } +#menu a:link, #menu a:visited { color: #333; text-decoration: none; border-bottom: 1px dotted #bbd; } +#menu a:hover { color: #05a; } +#menu .noframes { display: inline; } +.frames #menu .noframes { display: inline; float: right; } + +#footer { margin-top: 15px; border-top: 1px solid #ccc; text-align: center; padding: 7px 0; color: #999; } +#footer a:link, #footer a:visited { color: #444; text-decoration: none; border-bottom: 1px dotted #bbd; } +#footer a:hover { color: #05a; } + +#listing ul.alpha { font-size: 1.1em; } +#listing ul.alpha { margin: 0; padding: 0; padding-bottom: 10px; list-style: none; } +#listing ul.alpha li.letter { font-size: 1.4em; padding-bottom: 10px; } +#listing ul.alpha ul { margin: 0; padding-left: 15px; } +#listing ul small { color: #666; font-size: 0.7em; } + +li.r1 { background: #f0f0f0; } +li.r2 { background: #fafafa; } + +#search_frame { + z-index: 9999; + background: #fff; + display: none; + position: absolute; + top: 36px; + right: 18px; + width: 500px; + height: 80%; + overflow-y: scroll; + border: 1px solid #999; + border-collapse: collapse; + -webkit-box-shadow: -7px 5px 25px #aaa; + -moz-box-shadow: -7px 5px 25px #aaa; + -moz-border-radius: 2px; + -webkit-border-radius: 2px; +} + +#content ul.summary li.deprecated .summary_signature a:link, +#content ul.summary li.deprecated .summary_signature a:visited { text-decoration: line-through; font-style: italic; } + +#toc { + padding: 20px; padding-right: 30px; border: 1px solid #ddd; float: right; background: #fff; margin-left: 20px; margin-bottom: 20px; + max-width: 300px; + -webkit-box-shadow: -2px 2px 6px #bbb; + -moz-box-shadow: -2px 2px 6px #bbb; + z-index: 5000; + position: relative; +} +#toc.nofloat { float: none; max-width: none; border: none; padding: 0; margin: 20px 0; -webkit-box-shadow: none; -moz-box-shadow: none; } +#toc.nofloat.hidden { padding: 0; background: 0; margin-bottom: 5px; } +#toc .title { margin: 0; } +#toc ol { padding-left: 1.8em; } +#toc li { font-size: 1.1em; line-height: 1.7em; } +#toc > ol > li { font-size: 1.1em; font-weight: bold; } +#toc ol > ol { font-size: 0.9em; } +#toc ol ol > ol { padding-left: 2.3em; } +#toc ol + li { margin-top: 0.3em; } +#toc.hidden { padding: 10px; background: #f6f6f6; -webkit-box-shadow: none; -moz-box-shadow: none; } +#filecontents h1 + #toc.nofloat { margin-top: 0; } + +/* syntax highlighting */ +.source_code { display: none; padding: 3px 8px; border-left: 8px solid #ddd; margin-top: 5px; } +#filecontents pre.code, .docstring pre.code, .source_code pre { font-family: monospace; } +#filecontents pre.code, .docstring pre.code { display: block; } +.source_code .lines { padding-right: 12px; color: #555; text-align: right; } +#filecontents pre.code, .docstring pre.code, +.tags pre.example { padding: 5px 12px; margin-top: 4px; border: 1px solid #eef; background: #f5f5ff; } +pre.code { color: #000; } +pre.code .info.file { color: #555; } +pre.code .val { color: #036A07; } +pre.code .tstring_content, +pre.code .heredoc_beg, pre.code .heredoc_end, +pre.code .qwords_beg, pre.code .qwords_end, +pre.code .tstring, pre.code .dstring { color: #036A07; } +pre.code .fid, pre.code .rubyid_new, pre.code .rubyid_to_s, +pre.code .rubyid_to_sym, pre.code .rubyid_to_f, +pre.code .dot + pre.code .id, +pre.code .rubyid_to_i pre.code .rubyid_each { color: #0085FF; } +pre.code .comment { color: #0066FF; } +pre.code .const, pre.code .constant { color: #585CF6; } +pre.code .symbol { color: #C5060B; } +pre.code .kw, +pre.code .label, +pre.code .rubyid_require, +pre.code .rubyid_extend, +pre.code .rubyid_include { color: #0000FF; } +pre.code .ivar { color: #318495; } +pre.code .gvar, +pre.code .rubyid_backref, +pre.code .rubyid_nth_ref { color: #6D79DE; } +pre.code .regexp, .dregexp { color: #036A07; } +pre.code a { border-bottom: 1px dotted #bbf; } diff --git a/doc_yard/file.README.html b/doc_yard/file.README.html new file mode 100644 index 00000000..874e4243 --- /dev/null +++ b/doc_yard/file.README.html @@ -0,0 +1,315 @@ + + + + + + File: README + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +
    +

    __

    + +
    __          _______   _____
+\ \        / /  __ \ / ____|
+ \ \  /\  / /| |__) | (___   ___  __ _ _ __
+  \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
+   \  /\  /  | |     ____) | (__| (_| | | | |
+    \/  \/   |_|    |_____/ \___|\__,_|_| |_|
    + +

    __

    + +

    LICENSE==

    + +

    WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team

    + +

    This program is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the Free +Software Foundation, either version 3 of the License, or (at your option) +any later version.

    + +

    This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +more details.

    + +

    You should have received a copy of the GNU General Public License along +with this program. If not, see <www.gnu.org/licenses/>.

    + +

    ryandewhurst at gmail

    + +

    INSTALL==

    + +
    WPScan comes pre-installed on the following Linux distributions:
+
+ * BackBox Linux
+ * BackTrack Linux (outdated WPScan installed, update needed)
+ * Pentoo
+ * SamuraiWTF
+
+Prerequisites:
+
+ * Windows not supported
+ * Ruby => 1.9
+ * RubyGems
+ * Git
+
+-> Installing on Debian/Ubuntu:
+
+  sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
+
+-> Installing on Fedora:
+
+  sudo yum install libcurl-devel
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
+
+-> Installing on Archlinux:
+
+  pacman -Sy ruby
+  pacman -Sy libyaml
+
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
+
+  gem install typhoeus
+  gem install nokogiri
+
+-> Installing on Mac OS X:
+
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
    + +

    KNOWN ISSUES==

    + +
    - Typhoeus segmentation fault:
+    Update cURL to version => 7.21 (may have to install from source)
+    See http://code.google.com/p/wpscan/issues/detail?id=81
+
+- Proxy not working:
+    Update cURL to version => 7.21.7 (may have to install from source).
+
+    Installation from sources :
+      - Grab the sources from http://curl.haxx.se/download.html
+      - Decompress the archive
+      - Open the folder with the extracted files
+      - Run ./configure
+      - Run make
+      - Run sudo make install
+      - Run sudo ldconfig
+
+- cannot load such file -- readline:
+    Run sudo aptitude install libreadline5-dev libncurses5-dev
+
+    Then, open the directory of the readline gem (you have to locate it)
+
+    cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
+    ruby extconf.rb
+    make
+    make install
+
+    See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
+
+- no such file to load -- rubygems
+    Run update-alternatives --config ruby
+    And select your ruby version
+
+    See https://github.com/wpscanteam/wpscan/issues/148
    + +

    WPSCAN ARGUMENTS==

    + +

    --update Update to the latest revision

    + +

    --url | -u <target url> The WordPress URL/domain to scan.

    + +

    --force | -f Forces WPScan to not check if the remote site is running +WordPress.

    + +

    --enumerate | -e [option(s)] Enumeration.

    + +
    option :
+  u        usernames from id 1 to 10
+  u[10-20] usernames from id 10 to 20 (you must write [] chars)
+  p        plugins
+  vp       only vulnerable plugins
+  ap       all plugins (can take a long time)
+  tt       timthumbs
+  t        themes
+  vp       only vulnerable themes
+  at       all themes (can take a long time)
+Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+If no option is supplied, the default is 'vt,tt,u,vp'
    + +

    --exclude-content-based '<regexp or string>' Used with the +enumeration option, will exclude all occurrences based on the regexp or +string supplied

    + +
    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
    + +

    --config-file | -c <config file> Use the specified config file

    + +

    --follow-redirection If the target url has a redirection, it will be +followed without asking if you wanted to do so or not

    + +

    --wp-content-dir <wp content dir> WPScan try to find the content +directory (ie wp-content) by scanning the index page, however you can +specified it. Subdirectories are allowed

    + +

    --wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir +but for the plugins directory. If not supplied, WPScan will use +wp-content-dir/plugins. Subdirectories are allowed

    + +

    --proxy <[protocol://]host:port> Supply a proxy (will override the +one from conf/browser.conf.json).

    + +
    HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
    + +

    --proxy-auth <username:password> Supply the proxy login credentials +(will override the one from conf/browser.conf.json).

    + +

    --basic-auth <username:password> Set the HTTP Basic authentication

    + +

    --wordlist | -w <wordlist> Supply a wordlist for the password bruter +and do the brute.

    + +

    --threads | -t <number of threads> The number of threads to use +when multi-threading requests. (will override the value from +conf/browser.conf.json)

    + +

    --username | -U <username> Only brute force the supplied username.

    + +

    --help | -h This help screen.

    + +

    --verbose | -v Verbose output.

    + +

    WPSCAN EXAMPLES==

    + +

    Do 'non-intrusive' checks...

    + +
    ruby wpscan.rb --url www.example.com
    + +

    Do wordlist password brute force on enumerated users using 50 threads...

    + +
    ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
    + +

    Do wordlist password brute force on the 'admin' username only...

    + +
    ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
    + +

    Enumerate installed plugins...

    + +
    ruby wpscan.rb --url www.example.com --enumerate p
    + +

    WPSTOOLS ARGUMENTS==

    + +

    --help | -h This help screen. --Verbose | -v Verbose output. +--update | -u Update to the latest revision. --generate_plugin_list +[number of pages] Generate a new data/plugins.txt file. (supply number of +pages to parse, default : 150) --gpl Alias for +--generate_plugin_list --check-local-vulnerable-files | --clvf <local +directory> Perform a recursive scan in the <local directory> to +find vulnerable files or shells

    + +

    WPSTOOLS EXAMPLES==

    +
    • +

      Generate a new 'most popular' plugin list, up to 150 pages ...

      +
    + +

    ruby wpstools.rb --generate_plugin_list 150

    +
    • +

      Locally scan a wordpress installation for vulnerable files or shells :

      +
    + +

    ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/

    + +

    PROJECT HOME===

    + +

    www.wpscan.org

    + +

    REPOSITORY===

    + +

    github.com/wpscanteam/wpscan

    + +

    ISSUES===

    + +

    github.com/wpscanteam/wpscan/issues

    + +

    SPONSOR===

    + +

    WPScan is sponsored by the RandomStorm Open Source Initiative.

    + +

    Visit RandomStorm at www.randomstorm.com

    +
    + + + + + \ No newline at end of file diff --git a/doc_yard/file_list.html b/doc_yard/file_list.html new file mode 100644 index 00000000..5f350092 --- /dev/null +++ b/doc_yard/file_list.html @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + +
    +

    File List

    + + + + +
    + + diff --git a/doc_yard/frames.html b/doc_yard/frames.html new file mode 100644 index 00000000..03dc16fb --- /dev/null +++ b/doc_yard/frames.html @@ -0,0 +1,28 @@ + + + + + + Documentation by YARD 0.8.6.1 + + + + diff --git a/doc_yard/index.html b/doc_yard/index.html new file mode 100644 index 00000000..874e4243 --- /dev/null +++ b/doc_yard/index.html @@ -0,0 +1,315 @@ + + + + + + File: README + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +
    +

    __

    + +
    __          _______   _____
+\ \        / /  __ \ / ____|
+ \ \  /\  / /| |__) | (___   ___  __ _ _ __
+  \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
+   \  /\  /  | |     ____) | (__| (_| | | | |
+    \/  \/   |_|    |_____/ \___|\__,_|_| |_|
    + +

    __

    + +

    LICENSE==

    + +

    WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team

    + +

    This program is free software: you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the Free +Software Foundation, either version 3 of the License, or (at your option) +any later version.

    + +

    This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +more details.

    + +

    You should have received a copy of the GNU General Public License along +with this program. If not, see <www.gnu.org/licenses/>.

    + +

    ryandewhurst at gmail

    + +

    INSTALL==

    + +
    WPScan comes pre-installed on the following Linux distributions:
+
+ * BackBox Linux
+ * BackTrack Linux (outdated WPScan installed, update needed)
+ * Pentoo
+ * SamuraiWTF
+
+Prerequisites:
+
+ * Windows not supported
+ * Ruby => 1.9
+ * RubyGems
+ * Git
+
+-> Installing on Debian/Ubuntu:
+
+  sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
+
+-> Installing on Fedora:
+
+  sudo yum install libcurl-devel
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
+
+-> Installing on Archlinux:
+
+  pacman -Sy ruby
+  pacman -Sy libyaml
+
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
+
+  gem install typhoeus
+  gem install nokogiri
+
+-> Installing on Mac OS X:
+
+  git clone https://github.com/wpscanteam/wpscan.git
+  cd wpscan
+  sudo gem install bundler && bundle install --without test development
    + +

    KNOWN ISSUES==

    + +
    - Typhoeus segmentation fault:
+    Update cURL to version => 7.21 (may have to install from source)
+    See http://code.google.com/p/wpscan/issues/detail?id=81
+
+- Proxy not working:
+    Update cURL to version => 7.21.7 (may have to install from source).
+
+    Installation from sources :
+      - Grab the sources from http://curl.haxx.se/download.html
+      - Decompress the archive
+      - Open the folder with the extracted files
+      - Run ./configure
+      - Run make
+      - Run sudo make install
+      - Run sudo ldconfig
+
+- cannot load such file -- readline:
+    Run sudo aptitude install libreadline5-dev libncurses5-dev
+
+    Then, open the directory of the readline gem (you have to locate it)
+
+    cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
+    ruby extconf.rb
+    make
+    make install
+
+    See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
+
+- no such file to load -- rubygems
+    Run update-alternatives --config ruby
+    And select your ruby version
+
+    See https://github.com/wpscanteam/wpscan/issues/148
    + +

    WPSCAN ARGUMENTS==

    + +

    --update Update to the latest revision

    + +

    --url | -u <target url> The WordPress URL/domain to scan.

    + +

    --force | -f Forces WPScan to not check if the remote site is running +WordPress.

    + +

    --enumerate | -e [option(s)] Enumeration.

    + +
    option :
+  u        usernames from id 1 to 10
+  u[10-20] usernames from id 10 to 20 (you must write [] chars)
+  p        plugins
+  vp       only vulnerable plugins
+  ap       all plugins (can take a long time)
+  tt       timthumbs
+  t        themes
+  vp       only vulnerable themes
+  at       all themes (can take a long time)
+Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+If no option is supplied, the default is 'vt,tt,u,vp'
    + +

    --exclude-content-based '<regexp or string>' Used with the +enumeration option, will exclude all occurrences based on the regexp or +string supplied

    + +
    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
    + +

    --config-file | -c <config file> Use the specified config file

    + +

    --follow-redirection If the target url has a redirection, it will be +followed without asking if you wanted to do so or not

    + +

    --wp-content-dir <wp content dir> WPScan try to find the content +directory (ie wp-content) by scanning the index page, however you can +specified it. Subdirectories are allowed

    + +

    --wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir +but for the plugins directory. If not supplied, WPScan will use +wp-content-dir/plugins. Subdirectories are allowed

    + +

    --proxy <[protocol://]host:port> Supply a proxy (will override the +one from conf/browser.conf.json).

    + +
    HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
    + +

    --proxy-auth <username:password> Supply the proxy login credentials +(will override the one from conf/browser.conf.json).

    + +

    --basic-auth <username:password> Set the HTTP Basic authentication

    + +

    --wordlist | -w <wordlist> Supply a wordlist for the password bruter +and do the brute.

    + +

    --threads | -t <number of threads> The number of threads to use +when multi-threading requests. (will override the value from +conf/browser.conf.json)

    + +

    --username | -U <username> Only brute force the supplied username.

    + +

    --help | -h This help screen.

    + +

    --verbose | -v Verbose output.

    + +

    WPSCAN EXAMPLES==

    + +

    Do 'non-intrusive' checks...

    + +
    ruby wpscan.rb --url www.example.com
    + +

    Do wordlist password brute force on enumerated users using 50 threads...

    + +
    ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
    + +

    Do wordlist password brute force on the 'admin' username only...

    + +
    ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
    + +

    Enumerate installed plugins...

    + +
    ruby wpscan.rb --url www.example.com --enumerate p
    + +

    WPSTOOLS ARGUMENTS==

    + +

    --help | -h This help screen. --Verbose | -v Verbose output. +--update | -u Update to the latest revision. --generate_plugin_list +[number of pages] Generate a new data/plugins.txt file. (supply number of +pages to parse, default : 150) --gpl Alias for +--generate_plugin_list --check-local-vulnerable-files | --clvf <local +directory> Perform a recursive scan in the <local directory> to +find vulnerable files or shells

    + +

    WPSTOOLS EXAMPLES==

    +
    • +

      Generate a new 'most popular' plugin list, up to 150 pages ...

      +
    + +

    ruby wpstools.rb --generate_plugin_list 150

    +
    • +

      Locally scan a wordpress installation for vulnerable files or shells :

      +
    + +

    ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/

    + +

    PROJECT HOME===

    + +

    www.wpscan.org

    + +

    REPOSITORY===

    + +

    github.com/wpscanteam/wpscan

    + +

    ISSUES===

    + +

    github.com/wpscanteam/wpscan/issues

    + +

    SPONSOR===

    + +

    WPScan is sponsored by the RandomStorm Open Source Initiative.

    + +

    Visit RandomStorm at www.randomstorm.com

    +
    + + + + + \ No newline at end of file diff --git a/doc_yard/js/app.js b/doc_yard/js/app.js new file mode 100644 index 00000000..c1502892 --- /dev/null +++ b/doc_yard/js/app.js @@ -0,0 +1,214 @@ +function createSourceLinks() { + $('.method_details_list .source_code'). + before("[View source]"); + $('.toggleSource').toggle(function() { + $(this).parent().nextAll('.source_code').slideDown(100); + $(this).text("Hide source"); + }, + function() { + $(this).parent().nextAll('.source_code').slideUp(100); + $(this).text("View source"); + }); +} + +function createDefineLinks() { + var tHeight = 0; + $('.defines').after(" more..."); + $('.toggleDefines').toggle(function() { + tHeight = $(this).parent().prev().height(); + $(this).prev().show(); + $(this).parent().prev().height($(this).parent().height()); + $(this).text("(less)"); + }, + function() { + $(this).prev().hide(); + $(this).parent().prev().height(tHeight); + $(this).text("more..."); + }); +} + +function createFullTreeLinks() { + var tHeight = 0; + $('.inheritanceTree').toggle(function() { + tHeight = $(this).parent().prev().height(); + $(this).parent().toggleClass('showAll'); + $(this).text("(hide)"); + $(this).parent().prev().height($(this).parent().height()); + }, + function() { + $(this).parent().toggleClass('showAll'); + $(this).parent().prev().height(tHeight); + $(this).text("show all"); + }); +} + +function fixBoxInfoHeights() { + $('dl.box dd.r1, dl.box dd.r2').each(function() { + $(this).prev().height($(this).height()); + }); +} + +function searchFrameLinks() { + $('.full_list_link').click(function() { + toggleSearchFrame(this, $(this).attr('href')); + return false; + }); +} + +function toggleSearchFrame(id, link) { + var frame = $('#search_frame'); + $('#search a').removeClass('active').addClass('inactive'); + if (frame.attr('src') == link && frame.css('display') != "none") { + frame.slideUp(100); + $('#search a').removeClass('active inactive'); + } + else { + $(id).addClass('active').removeClass('inactive'); + frame.attr('src', link).slideDown(100); + } +} + +function linkSummaries() { + $('.summary_signature').click(function() { + document.location = $(this).find('a').attr('href'); + }); +} + +function framesInit() { + if (hasFrames) { + document.body.className = 'frames'; + $('#menu .noframes a').attr('href', document.location); + window.top.document.title = $('html head title').text(); + } + else { + $('#menu .noframes a').text('frames').attr('href', framesUrl); + } +} + +function keyboardShortcuts() { + if (window.top.frames.main) return; + $(document).keypress(function(evt) { + if (evt.altKey || evt.ctrlKey || evt.metaKey || evt.shiftKey) return; + if (typeof evt.target !== "undefined" && + (evt.target.nodeName == "INPUT" || + evt.target.nodeName == "TEXTAREA")) return; + switch (evt.charCode) { + case 67: case 99: $('#class_list_link').click(); break; // 'c' + case 77: case 109: $('#method_list_link').click(); break; // 'm' + case 70: case 102: $('#file_list_link').click(); break; // 'f' + default: break; + } + }); +} + +function summaryToggle() { + $('.summary_toggle').click(function() { + if (localStorage) { + localStorage.summaryCollapsed = $(this).text(); + } + $('.summary_toggle').each(function() { + $(this).text($(this).text() == "collapse" ? "expand" : "collapse"); + var next = $(this).parent().parent().nextAll('ul.summary').first(); + if (next.hasClass('compact')) { + next.toggle(); + next.nextAll('ul.summary').first().toggle(); + } + else if (next.hasClass('summary')) { + var list = $('
      '); + list.html(next.html()); + list.find('.summary_desc, .note').remove(); + list.find('a').each(function() { + $(this).html($(this).find('strong').html()); + $(this).parent().html($(this)[0].outerHTML); + }); + next.before(list); + next.toggle(); + } + }); + return false; + }); + if (localStorage) { + if (localStorage.summaryCollapsed == "collapse") { + $('.summary_toggle').first().click(); + } + else localStorage.summaryCollapsed = "expand"; + } +} + +function fixOutsideWorldLinks() { + $('a').each(function() { + if (window.location.host != this.host) this.target = '_parent'; + }); +} + +function generateTOC() { + if ($('#filecontents').length === 0) return; + var _toc = $('
        '); + var show = false; + var toc = _toc; + var counter = 0; + var tags = ['h2', 'h3', 'h4', 'h5', 'h6']; + var i; + if ($('#filecontents h1').length > 1) tags.unshift('h1'); + for (i = 0; i < tags.length; i++) { tags[i] = '#filecontents ' + tags[i]; } + var lastTag = parseInt(tags[0][1], 10); + $(tags.join(', ')).each(function() { + if ($(this).parents('.method_details .docstring').length != 0) return; + if (this.id == "filecontents") return; + show = true; + var thisTag = parseInt(this.tagName[1], 10); + if (this.id.length === 0) { + var proposedId = $(this).attr('toc-id'); + if (typeof(proposedId) != "undefined") this.id = proposedId; + else { + var proposedId = $(this).text().replace(/[^a-z0-9-]/ig, '_'); + if ($('#' + proposedId).length > 0) { proposedId += counter; counter++; } + this.id = proposedId; + } + } + if (thisTag > lastTag) { + for (i = 0; i < thisTag - lastTag; i++) { + var tmp = $('
          '); toc.append(tmp); toc = tmp; + } + } + if (thisTag < lastTag) { + for (i = 0; i < lastTag - thisTag; i++) toc = toc.parent(); + } + var title = $(this).attr('toc-title'); + if (typeof(title) == "undefined") title = $(this).text(); + toc.append('
        1. ' + title + '
          2. '); + lastTag = thisTag; + }); + if (!show) return; + html = ''; + $('#content').prepend(html); + $('#toc').append(_toc); + $('#toc .hide_toc').toggle(function() { + $('#toc .top').slideUp('fast'); + $('#toc').toggleClass('hidden'); + $('#toc .title small').toggle(); + }, function() { + $('#toc .top').slideDown('fast'); + $('#toc').toggleClass('hidden'); + $('#toc .title small').toggle(); + }); + $('#toc .float_toc').toggle(function() { + $(this).text('float'); + $('#toc').toggleClass('nofloat'); + }, function() { + $(this).text('left'); + $('#toc').toggleClass('nofloat'); + }); +} + +$(framesInit); +$(createSourceLinks); +$(createDefineLinks); +$(createFullTreeLinks); +$(fixBoxInfoHeights); +$(searchFrameLinks); +$(linkSummaries); +$(keyboardShortcuts); +$(summaryToggle); +$(fixOutsideWorldLinks); +$(generateTOC); \ No newline at end of file diff --git a/doc_yard/js/full_list.js b/doc_yard/js/full_list.js new file mode 100644 index 00000000..09dde299 --- /dev/null +++ b/doc_yard/js/full_list.js @@ -0,0 +1,178 @@ +var inSearch = null; +var searchIndex = 0; +var searchCache = []; +var searchString = ''; +var regexSearchString = ''; +var caseSensitiveMatch = false; +var ignoreKeyCodeMin = 8; +var ignoreKeyCodeMax = 46; +var commandKey = 91; + +RegExp.escape = function(text) { + return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"); +} + +function fullListSearch() { + // generate cache + searchCache = []; + $('#full_list li').each(function() { + var link = $(this).find('.object_link a'); + if (link.length === 0) return; + var fullName = link.attr('title').split(' ')[0]; + searchCache.push({name:link.text(), fullName:fullName, node:$(this), link:link}); + }); + + $('#search input').keyup(function(event) { + if ((event.keyCode > ignoreKeyCodeMin && event.keyCode < ignoreKeyCodeMax) + || event.keyCode == commandKey) + return; + searchString = this.value; + caseSensitiveMatch = searchString.match(/[A-Z]/) != null; + regexSearchString = RegExp.escape(searchString); + if (caseSensitiveMatch) { + regexSearchString += "|" + + $.map(searchString.split(''), function(e) { return RegExp.escape(e); }). + join('.+?'); + } + if (searchString === "") { + clearTimeout(inSearch); + inSearch = null; + $('ul .search_uncollapsed').removeClass('search_uncollapsed'); + $('#full_list, #content').removeClass('insearch'); + $('#full_list li').removeClass('found').each(function() { + + var link = $(this).find('.object_link a'); + if (link.length > 0) link.text(link.text()); + }); + if (clicked) { + clicked.parents('ul').each(function() { + $(this).removeClass('collapsed').prev().removeClass('collapsed'); + }); + } + highlight(); + } + else { + if (inSearch) clearTimeout(inSearch); + searchIndex = 0; + lastRowClass = ''; + $('#full_list, #content').addClass('insearch'); + $('#noresults').text(''); + searchItem(); + } + }); + + $('#search input').focus(); + $('#full_list').after("
          "); +} + +var lastRowClass = ''; +function searchItem() { + for (var i = 0; i < searchCache.length / 50; i++) { + var item = searchCache[searchIndex]; + var searchName = (searchString.indexOf('::') != -1 ? item.fullName : item.name); + var matchString = regexSearchString; + var matchRegexp = new RegExp(matchString, caseSensitiveMatch ? "" : "i"); + if (searchName.match(matchRegexp) == null) { + item.node.removeClass('found'); + } + else { + item.node.css('padding-left', '10px').addClass('found'); + item.node.parents().addClass('search_uncollapsed'); + item.node.removeClass(lastRowClass).addClass(lastRowClass == 'r1' ? 'r2' : 'r1'); + lastRowClass = item.node.hasClass('r1') ? 'r1' : 'r2'; + item.link.html(item.name.replace(matchRegexp, "$&")); + } + + if (searchCache.length === searchIndex + 1) { + searchDone(); + return; + } + else { + searchIndex++; + } + } + inSearch = setTimeout('searchItem()', 0); +} + +function searchDone() { + highlight(true); + if ($('#full_list li:visible').size() === 0) { + $('#noresults').text('No results were found.').hide().fadeIn(); + } + else { + $('#noresults').text(''); + } + $('#content').removeClass('insearch'); + clearTimeout(inSearch); + inSearch = null; +} + +clicked = null; +function linkList() { + $('#full_list li, #full_list li a:last').click(function(evt) { + if ($(this).hasClass('toggle')) return true; + if ($(this).find('.object_link a').length === 0) { + $(this).children('a.toggle').click(); + return false; + } + if (this.tagName.toLowerCase() == "li") { + var toggle = $(this).children('a.toggle'); + if (toggle.size() > 0 && evt.pageX < toggle.offset().left) { + toggle.click(); + return false; + } + } + if (clicked) clicked.removeClass('clicked'); + var win = window.top.frames.main ? window.top.frames.main : window.parent; + if (this.tagName.toLowerCase() == "a") { + clicked = $(this).parent('li').addClass('clicked'); + win.location = this.href; + } + else { + clicked = $(this).addClass('clicked'); + win.location = $(this).find('a:last').attr('href'); + } + return false; + }); +} + +function collapse() { + if (!$('#full_list').hasClass('class')) return; + $('#full_list.class a.toggle').click(function() { + $(this).parent().toggleClass('collapsed').next().toggleClass('collapsed'); + highlight(); + return false; + }); + $('#full_list.class ul').each(function() { + $(this).addClass('collapsed').prev().addClass('collapsed'); + }); + $('#full_list.class').children().removeClass('collapsed'); + highlight(); +} + +function highlight(no_padding) { + var n = 1; + $('#full_list li:visible').each(function() { + var next = n == 1 ? 2 : 1; + $(this).removeClass("r" + next).addClass("r" + n); + if (!no_padding && $('#full_list').hasClass('class')) { + $(this).css('padding-left', (10 + $(this).parents('ul').size() * 15) + 'px'); + } + n = next; + }); +} + +function escapeShortcut() { + $(document).keydown(function(evt) { + if (evt.which == 27) { + $('#search_frame', window.top.document).slideUp(100); + $('#search a', window.top.document).removeClass('active inactive'); + $(window.top).focus(); + } + }); +} + +$(escapeShortcut); +$(fullListSearch); +$(linkList); +$(collapse); diff --git a/doc_yard/js/jquery.js b/doc_yard/js/jquery.js new file mode 100644 index 00000000..198b3ff0 --- /dev/null +++ b/doc_yard/js/jquery.js @@ -0,0 +1,4 @@ +/*! jQuery v1.7.1 jquery.com | jquery.org/license */ +(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"":"")+""),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,"display"),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ci(){try{return new a.XMLHttpRequest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){if(c!=="border")for(;g=0===c})}function S(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function K(){return!0}function J(){return!1}function n(a,b,c){var d=b+"defer",e=b+"queue",g=b+"mark",h=f._data(a,d);h&&(c==="queue"||!f._data(a,e))&&(c==="mark"||!f._data(a,g))&&setTimeout(function(){!f._data(a,e)&&!f._data(a,g)&&(f.removeData(a,d,!0),h.fire())},0)}function m(a){for(var b in a){if(b==="data"&&f.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function l(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(k,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNumeric(d)?parseFloat(d):j.test(d)?f.parseJSON(d):d}catch(g){}f.data(a,c,d)}else d=b}return d}function h(a){var b=g[a]={},c,d;a=a.split(/\s+/);for(c=0,d=a.length;c)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,n=/^[\],:{}\s]*$/,o=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,p=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,q=/(?:^|:|,)(?:\s*\[)+/g,r=/(webkit)[ \/]([\w.]+)/,s=/(opera)(?:.*version)?[ \/]([\w.]+)/,t=/(msie) ([\w.]+)/,u=/(mozilla)(?:.*? rv:([\w.]+))?/,v=/-([a-z]|[0-9])/ig,w=/^-ms-/,x=function(a,b){return(b+"").toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=m.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.7.1",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.add(a);return this},eq:function(a){a=+a;return a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),"slice",F.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;A.fireWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").off("ready")}},bindReady:function(){if(!A){A=e.Callbacks("once memory");if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",B,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",B),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):I[C.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!D.call(a,"constructor")&&!D.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||D.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw new Error(a)},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(n.test(b.replace(o,"@").replace(p,"]").replace(q,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,"ms-").replace(v,x)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?i.call(arguments,0):b,j.notifyWith(k,e)}}function l(a){return function(c){b[a]=arguments.length>1?i.call(arguments,0):c,--g||j.resolveWith(j,b)}}var b=i.call(arguments,0),c=0,d=b.length,e=Array(d),g=d,h=d,j=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred(),k=j.promise();if(d>1){for(;c
    a",d=q.getElementsByTagName("*"),e=q.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=q.getElementsByTagName("input")[0],b={leadingWhitespace:q.firstChild.nodeType===3,tbody:!q.getElementsByTagName("tbody").length,htmlSerialize:!!q.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:q.className!=="t",enctype:!!c.createElement("form").enctype,html5Clone:c.createElement("nav").cloneNode(!0).outerHTML!=="<:nav>",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,b.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,b.optDisabled=!h.disabled;try{delete q.test}catch(s){b.deleteExpando=!1}!q.addEventListener&&q.attachEvent&&q.fireEvent&&(q.attachEvent("onclick",function(){b.noCloneEvent=!1}),q.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),b.radioValue=i.value==="t",i.setAttribute("checked","checked"),q.appendChild(i),k=c.createDocumentFragment(),k.appendChild(q.lastChild),b.checkClone=k.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=i.checked,k.removeChild(i),k.appendChild(q),q.innerHTML="",a.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",q.style.width="2px",q.appendChild(j),b.reliableMarginRight=(parseInt((a.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0);if(q.attachEvent)for(o in{submit:1,change:1,focusin:1})n="on"+o,p=n in q,p||(q.setAttribute(n,"return;"),p=typeof q[n]=="function"),b[o+"Bubbles"]=p;k.removeChild(q),k=g=h=j=q=i=null,f(function(){var a,d,e,g,h,i,j,k,m,n,o,r=c.getElementsByTagName("body")[0];!r||(j=1,k="position:absolute;top:0;left:0;width:1px;height:1px;margin:0;",m="visibility:hidden;border:0;",n="style='"+k+"border:5px solid #000;padding:0;'",o="
    "+""+"
    ",a=c.createElement("div"),a.style.cssText=m+"width:0;height:0;position:static;top:0;margin-top:"+j+"px",r.insertBefore(a,r.firstChild),q=c.createElement("div"),a.appendChild(q),q.innerHTML="
    t
    ",l=q.getElementsByTagName("td"),p=l[0].offsetHeight===0,l[0].style.display="",l[1].style.display="none",b.reliableHiddenOffsets=p&&l[0].offsetHeight===0,q.innerHTML="",q.style.width=q.style.paddingLeft="1px",f.boxModel=b.boxModel=q.offsetWidth===2,typeof q.style.zoom!="undefined"&&(q.style.display="inline",q.style.zoom=1,b.inlineBlockNeedsLayout=q.offsetWidth===2,q.style.display="",q.innerHTML="
    ",b.shrinkWrapBlocks=q.offsetWidth!==2),q.style.cssText=k+m,q.innerHTML=o,d=q.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,i={doesNotAddBorder:e.offsetTop!==5,doesAddBorderForTableAndCells:h.offsetTop===5},e.style.position="fixed",e.style.top="20px",i.fixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",i.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,i.doesNotIncludeMarginInBodyOffset=r.offsetTop!==j,r.removeChild(a),q=a=null,f.extend(b,i))});return b}();var j=/^(?:\{.*\}|\[.*\])$/,k=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expando,k=typeof c=="string",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c==="events";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.uuid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArray(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,g=b.length;e-1)return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType===1){e?h=a.call(this,d,g.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}if(g){c=f.valHooks[g.nodeName.toLowerCase()]||f.valHooks[g.type];if(c&&"get"in c&&(d=c.get(g,"value"))!==b)return d;d=g.value;return typeof d=="string"?d.replace(q,""):d==null?"":d}}}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selectedIndex,h=[],i=a.options,j=a.type==="select-one";if(g<0)return null;c=j?g:0,d=j?g+1:i.length;for(;c=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a)[c](d);if(typeof a.getAttribute=="undefined")return f.prop(a,c,d);i=j!==1||!f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b){if(d===null){f.removeAttr(a,c);return}if(h&&"set"in h&&i&&(g=h.set(a,d,c))!==b)return g;a.setAttribute(c,""+d);return d}if(h&&"get"in h&&i&&(g=h.get(a,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:function(a,b){var c,d,e,g,h=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d.length;for(;h=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\.]*)?(?:\.(.+))?$/,B=/\bhover(\.\S+)?\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(?:focusinfocus|focusoutblur)$/,F=/^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/,G=function(a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.id||{}).value===b[2])&&(!b[3]||b[3].test((c["class"]||{}).value))},I=function(a){return f.event.special.hover?a:a.replace(B,"mouseenter$1 mouseleave$1")}; +f.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(h.handle=i=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).split(" ");for(k=0;k=0&&(h=h.slice(0,-1),k=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if((!e||f.event.customEvent[h])&&!f.event.global[h])return;c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)"):null,o=h.indexOf(":")<0?"on"+h:"";if(!e){j=f.cache;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.elem,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.unshift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)return;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;le&&i.push({elem:this,matches:d.slice(e)});for(j=0;j0?this.on(b,null,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHooks),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(a,b,c,e,f,g){for(var h=0,i=e.length;h0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length;h+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d="sizcache"+(Math.random()+"").replace(".",""),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\/g,k=/\r\n/g,l=/\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(""),i=a.exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.relative[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.shift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.length===1&&(w[0]==="~"||w[0]==="+")&&d.parentNode?d.parentNode:d,v),j=n.expr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop(),r=q,o.relative[q]?r=w.pop():q="",r==null&&(r=d),o.relative[q](k,r,v)}else k=w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)==="[object Array]")if(!u)e.push.apply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(j,"")},TAG:function(a,b){return a[1].replace(j,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||m.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.error(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(j,"");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(j,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!m(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||n([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||!!a.nodeName&&a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":!f&&m.attr?d!=null:f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=o.match.POS,q=function(a,b){return"\\"+(b-0+1)};for(var r in o.match)o.match[r]=new RegExp(o.match[r].source+/(?![^\[]*\])(?![^\(]*\))/.source),o.leftMatch[r]=new RegExp(/(^(?:.|\r|\n)*?)/.source+o.match[r].source.replace(/\\(\d+)/g,q));var s=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var c=0,d=b||[];if(g.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var e=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(o.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},o.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(o.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(o.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=m,b=c.createElement("div"),d="__sizzle__";b.innerHTML="

    ";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){m=function(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)return s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var k=e,l=e.getAttribute("id"),n=l||d,p=e.parentNode,q=/^\s*[+~]/.test(b);l?n=n.replace(/'/g,"\\$&"):e.setAttribute("id",n),q&&p&&(e=e.parentNode);try{if(!q||p)return s(e.querySelectorAll("[id='"+n+"'] "+b),f)}catch(r){}finally{l||k.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)m[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}m.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
    ";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;o.order.splice(1,0,"CLASS"),o.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.contains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var y=function(a,b,c){var d,e=[],f="",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace(o.match.PSEUDO,"");a=o.relative[a]?a+"*":a;for(var h=0,i=g.length;h0)for(h=g;h=0:f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c);L.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.unique(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pushStack(e,a,P.call(arguments).join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var V="abbr|article|aside|audio|canvas|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/",""],legend:[1,"
    ","
    "],thead:[1,"","
    "],tr:[2,"","
    "],td:[3,"","
    "],col:[2,"","
    "],area:[1,"",""],_default:[0,"",""]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.caption=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,"div
    ","
    "]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.each(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f.clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function() +{for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!bg[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(var c=0,d=this.length;c1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d,e,g,h=f.support.html5Clone||!bc.test("<"+a.nodeName)?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h),d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=bg[l]||bg._default,n=m[0],o=b.createElement("div");b===c?bh.appendChild(o):U(b).appendChild(o),o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===""&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return br.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNumeric(b)?"alpha(opacity="+b*100+")":"",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bq,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bq.test(g)?g.replace(bq,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bz(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bA=function(a,b){var c,d,e;b=b.replace(bs,"-$1").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.getComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===""&&!f.contains(a.ownerDocument.documentElement,a)&&(c=f.style(a,b)));return c}),c.documentElement.currentStyle&&(bB=function(a,b){var c,d,e,f=a.currentStyle&&a.currentStyle[b],g=a.style;f===null&&g&&(e=g[b])&&(f=e),!bt.test(f)&&bu.test(f)&&(c=g.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.left=b==="fontSize"?"1em":f||0,f=g.pixelLeft+"px",g.left=c,d&&(a.runtimeStyle.left=d));return f===""?"auto":f}),bz=bA||bB,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bD=/%20/g,bE=/\[\]$/,bF=/\r?\n/g,bG=/#.*$/,bH=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bI=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bJ=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bK=/^(?:GET|HEAD)$/,bL=/^\/\//,bM=/\?/,bN=/)<[^<]*)*<\/script>/gi,bO=/^(?:select|textarea)/i,bP=/\s+/,bQ=/([?&])_=[^&]*/,bR=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bS=f.fn.load,bT={},bU={},bV,bW,bX=["*/"]+["*"];try{bV=e.href}catch(bY){bV=c.createElement("a"),bV.href="",bV=bV.href}bW=bR.exec(bV.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bS)return bS.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
    ").append(c.replace(bN,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bO.test(this.nodeName)||bI.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bF,"\r\n")}}):{name:b.name,value:c.replace(bF,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?b_(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b_(a,b);return a},ajaxSettings:{url:bV,isLocal:bJ.test(bW[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bX},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bZ(bT),ajaxTransport:bZ(bU),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?cb(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=cc(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks("once memory"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bH.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bG,"").replace(bL,bW[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bP),d.crossDomain==null&&(r=bR.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bW[1]&&r[2]==bW[2]&&(r[3]||(r[1]==="http:"?80:443))==(bW[3]||(bW[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),b$(bT,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bK.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bM.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bQ,"$1_="+x);d.url=y+(y===d.url?(bM.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bX+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=b$(bU,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)ca(g,a[g],c,e);return d.join("&").replace(bD,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var cd=f.now(),ce=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+cd++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ce.test(b.url)||e&&ce.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ce,l),b.url===j&&(e&&(k=k.replace(ce,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cf=a.ActiveXObject?function(){for(var a in ch)ch[a](0,1)}:!1,cg=0,ch;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ci()||cj()}:ci,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cf&&delete ch[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cg,cf&&(ch||(ch={},f(a).unload(cf)),ch[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var ck={},cl,cm,cn=/^(?:toggle|show|hide)$/,co=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cp,cq=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cr;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cu("show",3),a,b,c);for(var g=0,h=this.length;g=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){h.style["overflow"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,"fxshow"+b,!0),f.removeData(h,"toggle"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cy(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cy(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,d,"padding")):this[d]():null},f.fn["outer"+c]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,d,a?"margin":"border")):this[d]():null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNumeric(j)?j:i}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return f})})(window); \ No newline at end of file diff --git a/doc_yard/method_list.html b/doc_yard/method_list.html new file mode 100644 index 00000000..acdc85a1 --- /dev/null +++ b/doc_yard/method_list.html @@ -0,0 +1,2020 @@ + + + + + + + + + + + + + + + + + + + + +
    +

    Method List

    + + + + +
    + + diff --git a/doc_yard/top-level-namespace.html b/doc_yard/top-level-namespace.html new file mode 100644 index 00000000..ccc930e2 --- /dev/null +++ b/doc_yard/top-level-namespace.html @@ -0,0 +1,1243 @@ + + + + + + Top Level Namespace + + — Documentation by YARD 0.8.6.1 + + + + + + + + + + + + + + + + + + + + + +

    Top Level Namespace + + + +

    + +
    + + + + + + + + +
    +
    + +

    Defined Under Namespace

    +

    + + + Modules: Ethon, Terminal, Typhoeus, URI + + + + Classes: Array, Browser, CacheFileStore, CheckerPlugin, CustomOptionParser, File, GenerateList, GitUpdater, ListGeneratorPlugin, Plugin, Plugins, StatsPlugin, SvnParser, SvnUpdater, TyphoeusCache, Updater, UpdaterFactory, Vulnerabilities, Vulnerability, WebSite, WpItem, WpItems, WpPlugin, WpPlugins, WpTarget, WpTheme, WpThemes, WpTimthumb, WpTimthumbs, WpUser, WpUsers, WpVersion, WpscanOptions + + +

    + +

    Constant Summary

    + +
    + +
    LIB_DIR = + +
    + 
    File.expand_path(File.dirname(__FILE__) + '/..')
    + +
    ROOT_DIR = +
    +
    + +

    expand_path is used to get "wpscan/" instead of "wpscan/lib/../"

    + + +
    +
    +
    + + +
    +
    + 
    File.expand_path(LIB_DIR + '/..')
    + +
    DATA_DIR = + +
    + 
    ROOT_DIR + '/data'
    + +
    CONF_DIR = + +
    + 
    ROOT_DIR + '/conf'
    + +
    CACHE_DIR = + +
    + 
    ROOT_DIR + '/cache'
    + +
    WPSCAN_LIB_DIR = + +
    + 
    LIB_DIR + '/wpscan'
    + +
    WPSTOOLS_LIB_DIR = + +
    + 
    LIB_DIR + '/wpstools'
    + +
    UPDATER_LIB_DIR = + +
    + 
    LIB_DIR + '/updater'
    + +
    COMMON_LIB_DIR = + +
    + 
    LIB_DIR + '/common'
    + +
    MODELS_LIB_DIR = + +
    + 
    COMMON_LIB_DIR + '/models'
    + +
    COLLECTIONS_LIB_DIR = + +
    + 
    COMMON_LIB_DIR + '/collections'
    + +
    LOG_FILE = + +
    + 
    ROOT_DIR + '/log.txt'
    + +
    COMMON_PLUGINS_DIR = +
    +
    + +

    Plugins directories

    + + +
    +
    +
    + + +
    +
    + 
    COMMON_LIB_DIR + '/plugins'
    + +
    WPSCAN_PLUGINS_DIR = +
    +
    + +

    Not used ATM

    + + +
    +
    +
    + + +
    +
    + 
    WPSCAN_LIB_DIR + '/plugins'
    + +
    WPSTOOLS_PLUGINS_DIR = + +
    + 
    WPSTOOLS_LIB_DIR + '/plugins'
    + +
    PLUGINS_FILE = +
    +
    + +

    Data files

    + + +
    +
    +
    + + +
    +
    + 
    DATA_DIR + '/plugins.txt'
    + +
    PLUGINS_FULL_FILE = + +
    + 
    DATA_DIR + '/plugins_full.txt'
    + +
    PLUGINS_VULNS_FILE = + +
    + 
    DATA_DIR + '/plugin_vulns.xml'
    + +
    THEMES_FILE = + +
    + 
    DATA_DIR + '/themes.txt'
    + +
    THEMES_FULL_FILE = + +
    + 
    DATA_DIR + '/themes_full.txt'
    + +
    THEMES_VULNS_FILE = + +
    + 
    DATA_DIR + '/theme_vulns.xml'
    + +
    WP_VULNS_FILE = + +
    + 
    DATA_DIR + '/wp_vulns.xml'
    + +
    WP_VERSIONS_FILE = + +
    + 
    DATA_DIR + '/wp_versions.xml'
    + +
    LOCAL_FILES_FILE = + +
    + 
    DATA_DIR + '/local_vulnerable_files.xml'
    + +
    VULNS_XSD = + +
    + 
    DATA_DIR + '/vuln.xsd'
    + +
    WP_VERSIONS_XSD = + +
    + 
    DATA_DIR + '/wp_versions.xsd'
    + +
    LOCAL_FILES_XSD = + +
    + 
    DATA_DIR + '/local_vulnerable_files.xsd'
    + +
    WPSCAN_VERSION = + +
    + 
    '2.1'
    + +
    REVISION = + +
    + 
    'NA'
    + +
    + + + + + + + + + +

    + Instance Method Summary + (collapse) +

    + + + + + + +
    +

    Instance Method Details

    + + +
    +

    + + - (Object) add_http_protocol(url) + + + + + +

    +
    + +

    Add protocol

    + + +
    +
    +
    + + +
    + + + + +
    + 
    +
+
+59
+60
+61
    +     		+ 
    # File 'lib/common/common_helper.rb', line 59
+
+def add_http_protocol(url)
+  url =~ /^https?:/ ? url : "http://#{url}"
+end
    +
    + + +
    +

    + + - (Object) add_trailing_slash(url) + + + + + +

    + + + + +
    + 
    +
+
+63
+64
+65
    +     		+ 
    # File 'lib/common/common_helper.rb', line 63
+
+def add_trailing_slash(url)
+  url =~ /\/$/ ? url : "#{url}/"
+end
    +
    +
    + +
    +
    +
    + +

    our 1337 banner

    + + +
    +
    +
    + + +
    + + + + +
    + 
    +
+
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
    +     		+ 
    # File 'lib/common/common_helper.rb', line 78
+
+def banner
+  puts '____________________________________________________'
+  puts ' __          _______   _____                  '
+  puts ' \\ \\        / /  __ \\ / ____|                 '
+  puts '  \\ \\  /\\  / /| |__) | (___   ___  __ _ _ __  '
+  puts '   \\ \\/  \\/ / |  ___/ \\___ \\ / __|/ _` | \'_ \\ '
+  puts '    \\  /\\  /  | |     ____) | (__| (_| | | | |'
+  puts "     \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_| v#{WPSCAN_VERSION}r#{REVISION}"
+  puts
+  puts '    WordPress Security Scanner by the WPScan Team'
+  puts ' Sponsored by the RandomStorm Open Source Initiative'
+  puts '_____________________________________________________'
+  puts
+end
    +
    +
    + +
    +

    + + - (Object) colorize(text, color_code) + + + + + +

    + + + + +
    + 
    +
+
+93
+94
+95
    +     		+ 
    # File 'lib/common/common_helper.rb', line 93
+
+def colorize(text, color_code)
+  "\e[#{color_code}m#{text}\e[0m"
+end
    +
    +
    + +
    +

    + + - (Object) green(text) + + + + + +

    + + + + +
    + 
    +
+
+101
+102
+103
    +     		+ 
    # File 'lib/common/common_helper.rb', line 101
+
+def green(text)
+  colorize(text, 32)
+end
    +
    +
    + +
    +

    + + - (Object) help + + + + + +

    +
    + +

    command help

    + + +
    +
    +
    + + +
    + + + + +
    + 
    +
+
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
    +     		+ 
    # File 'lib/wpscan/wpscan_helper.rb', line 57
+
+def help
+  puts 'Help :'
+  puts
+  puts 'Some values are settable in conf/browser.conf.json :'
+  puts '  user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'
+  puts
+  puts '--update   Update to the latest revision'
+  puts '--url   | -u <target url>  The WordPress URL/domain to scan.'
+  puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.'
+  puts '--enumerate | -e [option(s)]  Enumeration.'
+  puts '  option :'
+  puts '    u        usernames from id 1 to 10'
+  puts '    u[10-20] usernames from id 10 to 20 (you must write [] chars)'
+  puts '    p        plugins'
+  puts '    vp       only vulnerable plugins'
+  puts '    ap       all plugins (can take a long time)'
+  puts '    tt       timthumbs'
+  puts '    t        themes'
+  puts '    vt       only vulnerable themes'
+  puts '    at       all themes (can take a long time)'
+  puts '  Multiple values are allowed : "-e t,p" will enumerate timthumbs and plugins'
+  puts '  If no option is supplied, the default is "vt,tt,u,vp"'
+  puts
+  puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied'
+  puts '                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'
+  puts '--config-file | -c <config file> Use the specified config file'
+  puts '--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
+  puts '--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'
+  puts '--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
+  puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).'
+  puts '                                 HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'
+  puts '--proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).'
+  puts '--basic-auth <username:password>  Set the HTTP Basic authentication'
+  puts '--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.'
+  puts '--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'
+  puts '--username | -U <username>  Only brute force the supplied username.'
+  puts '--help     | -h This help screen.'
+  puts '--verbose  | -v Verbose output.'
+  puts
+end
    +
    +
    + +
    +

    + + - (Object) puts(o = '') + + + + + +

    +
    + +

    Override for puts to enable logging

    + + +
    +
    +
    + + +
    + + + + +
    + 
    +
+
+65
+66
+67
+68
+69
+70
+71
+72
    +     		+ 
    # File 'lib/common/hacks.rb', line 65
+
+def puts(o = '')
+  # remove color for logging
+  if o.respond_to?(:gsub)
+    temp = o.gsub(/\e\[\d+m(.*)?\e\[0m/, '\1')
+    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
+  end
+  super(o)
+end
    +
    +
    + +
    +

    + + - (Object) red(text) + + + + + +

    + + + + +
    + 
    +
+
+97
+98
+99
    +     		+ 
    # File 'lib/common/common_helper.rb', line 97
+
+def red(text)
+  colorize(text, 31)
+end
    +
    +
    + +
    +

    + + - (Object) redefine_constant(constant, value) + + + + + +

    + + + + +
    + 
    +
+
+111
+112
+113
+114
    +     		+ 
    # File 'lib/common/common_helper.rb', line 111
+
+def redefine_constant(constant, value)
+  Object.send(:remove_const, constant)
+  Object.const_set(constant, value)
+end
    +
    +
    + +
    +

    + + - (Object) require_files_from_directory(absolute_dir_path, files_pattern = '*.rb') + + + + + +

    +
    + +

    TODO : add an exclude pattern ?

    + + +
    +
    +
    + + +
    + + + + +
    + 
    +
+
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
    +     		+ 
    # File 'lib/common/common_helper.rb', line 45
+
+def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
+  files = Dir[File.join(absolute_dir_path, files_pattern)]
+
+  # Files in the root dir are loaded first, then thoses in the subdirectories
+  files.sort_by { |file| [file.count("/"), file] }.each do |f|
+    f = File.expand_path(f)
+    #puts "require #{f}" # Used for debug
+    require f
+  end
+end
    +
    +
    + +
    +

    + + - (Object) usage + + + + + +

    +
    + +

    wpscan usage

    + + +
    +
    +
    + + +
    + + + + +
    + 
    +
+
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
    +     		+ 
    # File 'lib/wpscan/wpscan_helper.rb', line 8
+
+def usage
+  script_name = $0
+  puts
+  puts 'Examples :'
+  puts
+  puts '-Further help ...'
+  puts "ruby #{script_name} --help"
+  puts
+  puts "-Do 'non-intrusive' checks ..."
+  puts "ruby #{script_name} --url www.example.com"
+  puts
+  puts '-Do wordlist password brute force on enumerated users using 50 threads ...'
+  puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50"
+  puts
+  puts "-Do wordlist password brute force on the 'admin' username only ..."
+  puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin"
+  puts
+  puts '-Enumerate installed plugins ...'
+  puts "ruby #{script_name} --url www.example.com --enumerate p"
+  puts
+  puts '-Enumerate installed themes ...'
+  puts "ruby #{script_name} --url www.example.com --enumerate t"
+  puts
+  puts '-Enumerate users ...'
+  puts "ruby #{script_name} --url www.example.com --enumerate u"
+  puts
+  puts '-Enumerate installed timthumbs ...'
+  puts "ruby #{script_name} --url www.example.com --enumerate tt"
+  puts
+  puts '-Use a HTTP proxy ...'
+  puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118"
+  puts
+  puts '-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)'
+  puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000"
+  puts
+  puts '-Use custom content directory ...'
+  puts "ruby #{script_name} -u www.example.com --wp-content-dir custom-content"
+  puts
+  puts '-Use custom plugins directory ...'
+  puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins"
+  puts
+  puts '-Update ...'
+  puts "ruby #{script_name} --update"
+  puts
+  puts 'See README for further information.'
+  puts
+end
    +
    +
    + +
    +

    + + - (Object) xml(file) + + + + + +

    + + + + +
    + 
    +
+
+105
+106
+107
+108
+109
    +     		+ 
    # File 'lib/common/common_helper.rb', line 105
+
+def xml(file)
+  Nokogiri::XML(File.open(file)) do |config|
+    config.noblanks
+  end
+end
    +
    +
    + + + + + + + + + \ No newline at end of file diff --git a/generate_doc.sh b/generate_doc.sh new file mode 100755 index 00000000..9624c39a --- /dev/null +++ b/generate_doc.sh @@ -0,0 +1,6 @@ +#!/bin/bash +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +rm -rf $DIR/doc_rdoc/ +rm -rf $DIR/doc_yard/ +rdoc --root="$DIR" -x $DIR/cache/ -x spec/ -x data/ -x coverage/ -x doc_rdoc/ -x log.txt -o $DIR/doc_rdoc +yard doc --protected --private -o $DIR/doc_yard/ --exclude "\/(doc_.+?\|cache|spec|data|coverage)/" --exclude "log\.txt" diff --git a/generate_rdoc.sh b/generate_rdoc.sh deleted file mode 100755 index 5a0df581..00000000 --- a/generate_rdoc.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -rdoc -x cache/ -x spec/ -x data/ -x coverage/ -x doc/ -x log.txt