output interesting http-headers

lib/common/browser/actions.rb

@@ -19,6 +19,14 @@ class Browser
       process(url, params.merge(method: :post))
     end
 
+    # @param [ String ] url
+    # @param [ Hash ] params
+    #
+    # @return [ Typhoeus::Response ]
+    def head(url, params = {})
+      process(url, params.merge(method: :head))
+    end
+
     # @param [ String ] url
     # @param [ Hash ] params
     #

lib/wpscan/wp_target.rb

@@ -6,6 +6,7 @@ require 'wp_target/wp_readme'
 require 'wp_target/wp_registrable'
 require 'wp_target/wp_config_backup'
 require 'wp_target/wp_login_protection'
+require 'wp_target/interesting_headers'
 require 'wp_target/wp_custom_directories'
 require 'wp_target/wp_full_path_disclosure'
 
@@ -15,6 +16,7 @@ class WpTarget < WebSite
   include WpTarget::WpRegistrable
   include WpTarget::WpConfigBackup
   include WpTarget::WpLoginProtection
+  include WpTarget::InterestingHeaders
   include WpTarget::WpCustomDirectories
   include WpTarget::WpFullPathDisclosure
 

lib/wpscan/wp_target/interesting_headers.rb

@@ -0,0 +1,36 @@
+# encoding: UTF-8
+
+class WpTarget < WebSite
+  module InterestingHeaders
+
+    # Checks for interesting headers
+    def interesting_headers
+      response = Browser.head(@uri.to_s)
+      headers = response.headers
+      InterestingHeaders.known_headers.each do |h|
+          headers.delete(h)
+      end
+      headers.to_a.compact.sort
+    end
+
+    protected
+
+    # @return Array
+    def self.known_headers
+      %w{
+        Location
+        Date
+        Content-Type
+        Content-Length
+        Connection
+        Etag
+        Expires
+        Last-Modified
+        Pragma
+        Vary
+        Cache-Control
+      }
+    end
+
+  end
+end

spec/lib/wpscan/wp_target_spec.rb

@@ -23,6 +23,7 @@ describe WpTarget do
   it_behaves_like 'WpTarget::WpRegistrable'
   it_behaves_like 'WpTarget::WpConfigBackup'
   it_behaves_like 'WpTarget::WpLoginProtection'
+  it_behaves_like 'WpTarget::InterestingHeaders'
   it_behaves_like 'WpTarget::WpCustomDirectories'
   it_behaves_like 'WpTarget::WpFullPathDisclosure'
 

spec/shared_examples/wp_target/interesting_headers.rb

@@ -0,0 +1,36 @@
+# encoding: UTF-8
+
+shared_examples 'WpTarget::InterestingHeaders' do
+
+  let(:known_headers) { WpTarget::InterestingHeaders.known_headers }
+  let(:url) { 'http://localhost.com' }
+
+  describe '#interesting_headers' do
+
+    it 'returns MyTestHeader' do
+      stub_request(:head, wp_target.url).
+          to_return(status: 200, headers: { 'Mytestheader' => 'Mytestheadervalue' })
+      wp_target.interesting_headers.should =~ [ [ 'Mytestheader', 'Mytestheadervalue' ] ]
+    end
+
+    it 'removes known headers' do
+      stub_request(:head, wp_target.url).
+          to_return(status: 200, headers: { 'Location' => 'a', 'Connection' => 'Close' })
+      wp_target.interesting_headers.should be_empty
+    end
+
+    it 'returns nothing' do
+      stub_request(:head, wp_target.url).
+          to_return(status: 200, headers: { })
+      wp_target.interesting_headers.should be_empty
+    end
+
+  end
+
+  describe '#known_headers' do
+    it 'does not contain duplicates' do
+      known_headers.flatten.uniq.length.should == known_headers.length
+    end
+  end
+
+end

wpscan.rb

@@ -127,6 +127,10 @@ def main
       puts red("[!] searchreplacedb2.php has been found '#{wp_target.search_replace_db_2_url}'")
     end
 
+    wp_target.interesting_headers.each do |header|
+      puts green('[+]') + " Interesting header: #{header[0]}: #{header[1]}"
+    end
+
     if wp_target.multisite?
       puts green('[+]') + ' This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)'
     end