# File lib/wpstools/generate_list.rb, line 48 +# File lib/wpstools/generate_list.rb, line 71 def generate_full_list + set_file_name(:full) items = Svn_Parser.new(@svn_url, @verbose).parse save items end@@ -330,8 +331,9 @@-# File lib/wpstools/generate_list.rb, line 53 +# File lib/wpstools/generate_list.rb, line 77 def generate_popular_list(pages) + set_file_name(:popular) popular = get_popular_items(pages) items = Svn_Parser.new(@svn_url, @verbose).parse(popular) save items @@ -363,7 +365,7 @@ parse the response for the names.+-+# File lib/wpstools/generate_list.rb, line 62 +# File lib/wpstools/generate_list.rb, line 86 def get_popular_items(pages) found_items = [] page_count = 1 @@ -380,7 +382,7 @@ parse the response for the names. puts "[+] Parsing page " + page_count.to_s if @verbose page_count += 1 response.body.scan(@popular_regex).each do |item| - puts "[+] Found popular #{@type}: #{item}" if @verbose + puts "[+] Found popular #@type: #{item}" if @verbose found_items << item[0] end end @@ -425,13 +427,13 @@ parse the response for the names.-@@ -443,6 +445,57 @@ parse the response for the names.# File lib/wpstools/generate_list.rb, line 99 +# File lib/wpstools/generate_list.rb, line 123 def save(items) items.sort! items.uniq! - puts "[*] We have parsed #{items.length} #{@type}s" + puts "[*] We have parsed #{items.length} #@types" File.open(@file_name, 'w') { |f| f.puts(items) } - puts "New #{@file_name} file created" + puts "New #@file_name file created" end+ ++ + diff --git a/doc/Object.html b/doc/Object.html index 0df52af6..88534dc5 100644 --- a/doc/Object.html +++ b/doc/Object.html @@ -514,7 +514,7 @@ puts "Help :" puts puts "Some values are settable in conf/browser.conf.json :" - puts " user-agent, proxy, threads, cache timeout and request timeout" + puts " user-agent, proxy, proxy-auth, threads, cache timeout and request timeout" puts puts "--update Update to the latest revision" puts "--url | -u <target url> The WordPress URL/domain to scan." @@ -533,12 +533,15 @@ puts " Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins" puts " If no option is supplied, the default is 'vt,tt,u,vp'" puts + puts "--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurence based on the regexp or string supplied" + puts " You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)" puts "--config-file | -c <config file> Use the specified config file" puts "--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not" puts "--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed" puts "--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed" puts "--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json)." puts " HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used" + puts "--proxy-auth Supply the proxy login credentials in the format username:password (will override the one from conf/browser.conf.json)." puts "--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute." puts "--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)" puts "--username | -U <username> Only brute force the supplied username." diff --git a/doc/README.html b/doc/README.html index 90f73dd8..549369a5 100644 --- a/doc/README.html +++ b/doc/README.html @@ -215,15 +215,35 @@ href="http://www.gnu.org/licenses/">www.gnu.org/licenses/>.+ set_file_name(type) + click to toggle source ++ + ++ + + + + ++ + + + +++ +# File lib/wpstools/generate_list.rb, line 46 +def set_file_name(type) + case @type + when "plugin" + case type + when :full + @file_name = DATA_DIR + "/plugins_full.txt" + when :popular + @file_name = DATA_DIR + "/plugins.txt" + else + raise "Unknown type" + end + when "theme" + case type + when :full + @file_name = DATA_DIR + "/themes_full.txt" + when :popular + @file_name = DATA_DIR + "/themes.txt" + else + raise "Unknown type" + end + else + raise "Unknown type #@type" + end +end+KNOWN ISSUES==
- Typhoeus segmentation fault: - Update cURL to version => 7.21 (may have to install from source) + Update cURL to version => 7.21 (may have to install from source) See http:/%rcode.google.com/p/wpscan/issues/detail?id=81 -- If you have one the following errors: "-bash: !t: event not found", "-bash: !u: event not found" +- If you have one the following errors: "-bash: !t: event not found", "-bash: !u: event not found" It happens with enumeration : just put the 't' or 'u' before the 'p!' : '-e tp!' instead of '-e p!t' - Proxy not working: - Update cURL to version => 7.21.7 (may have to install from source) - See https:/%rgithub.com/wpscanteam/wpscan/issues/7 + Update cURL to version => 7.21.7 (may have to install from source). + + Installation from sources : + - Grab the sources from http:/%rcurl.haxx.se/download.html + - Decompress the archive + - Open the folder with the extracted files + - Run ./configure + - Run make + - Run sudo make install + - Run sudo ldconfig + +- cannot load such file -- readline: + Run sudo aptitude install libreadline5-dev libncurses5-dev + + Then, open the directory of the readline gem (you have to locate it) + + cd ~%r.rvm/rc/ruby-1.9.2-p180/ext/readline + ruby extconf.rb + make + make install + + See http:/%rvvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more detailsWPSCAN ARGUMENTS==
@@ -242,12 +262,20 @@ WordPress. u[10-20] usernames from id 10 to 20 (you must write [] chars) p plugins vp only vulnerable plugins + ap all plugins (can take a long time) tt timthumbs t themes vp only vulnerable themes + at all themes (can take a long time) Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins If no option is supplied, the default is 'vt,tt,u,vp'–exclude-content-based ‘<regexp or string>’ Used with the +enumeration option, will exclude all occurence based on the regexp or +string supplied
+ +You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)+–config-file | -c <config file> Use the specified config file
–follow-redirection If the target url has a redirection, it will be @@ -266,6 +294,9 @@ wp-content-dir/plugins. Subdirectories are allowed
and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used +–proxy-auth Supply the proxy login credentials in the format +username:password (will override the one from conf/browser.conf.json).
+–wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.
diff --git a/doc/WpDetector.html b/doc/WpDetector.html index eea7e7c2..400a9131 100644 --- a/doc/WpDetector.html +++ b/doc/WpDetector.html @@ -224,7 +224,9 @@ result = items if items == nil or items.length == 0 - result = passive_detection(options[:base_url], options[:type], options[:wp_content_dir]) + unless options[:only_vulnerable_ones] + result = passive_detection(options[:base_url], options[:type], options[:wp_content_dir]) + end end enum_results = WpEnumerator.enumerate(options) @@ -273,7 +275,7 @@-# File lib/wpscan/wp_detector.rb, line 50 +# File lib/wpscan/wp_detector.rb, line 52 def self.passive_detection(url, type, wp_content_dir) items = [] response = Browser.instance.get(url) diff --git a/doc/WpEnumerator.html b/doc/WpEnumerator.html index 209955a6..49e380e1 100644 --- a/doc/WpEnumerator.html +++ b/doc/WpEnumerator.html @@ -253,12 +253,13 @@ end end - found = [] - queue_count = 0 - request_count = 0 - enum_browser = Browser.instance - enum_hydra = enum_browser.hydra + found = [] + queue_count = 0 + request_count = 0 + enum_browser = Browser.instance + enum_hydra = enum_browser.hydra enumerate_size = targets.size + exclude_regexp = options[:exclude_content_based] ? %r{#{options[:exclude_content_based]}} : nil targets.each do |target| url = target.get_full_url @@ -272,7 +273,13 @@ if WpTarget.valid_response_codes.include?(response.code) if Digest::MD5.hexdigest(response.body) != options[:error_404_hash] - found << target + if options[:exclude_content_based] + unless response.body[exclude_regexp] + found << target + end + else + found << target + end end end end @@ -321,7 +328,7 @@-# File lib/wpscan/wp_enumerator.rb, line 84 +# File lib/wpscan/wp_enumerator.rb, line 91 def self.generate_items(options = {}) only_vulnerable = options[:only_vulnerable_ones] file = options[:file] diff --git a/doc/WpTarget.html b/doc/WpTarget.html index 385a4a6e..5380e072 100644 --- a/doc/WpTarget.html +++ b/doc/WpTarget.html @@ -405,7 +405,7 @@-# File lib/wpscan/wp_target.rb, line 123 +# File lib/wpscan/wp_target.rb, line 124 def debug_log_url @uri.merge("#{wp_content_dir()}/debug.log").to_s end@@ -473,7 +473,7 @@-# File lib/wpscan/wp_target.rb, line 117 +# File lib/wpscan/wp_target.rb, line 118 def has_debug_log? # We only get the first 700 bytes of the file to avoid loading huge file (like 2Go) response_body = Browser.instance.get(debug_log_url(), :headers => {"range" => "bytes=0-700"}).body @@ -505,7 +505,7 @@-# File lib/wpscan/wp_target.rb, line 162 +# File lib/wpscan/wp_target.rb, line 163 def is_multisite? unless @multisite # when multi site, there is no redirection or a redirect to the site itself @@ -588,7 +588,7 @@-# File lib/wpscan/wp_target.rb, line 140 +# File lib/wpscan/wp_target.rb, line 141 def registration_enabled? resp = Browser.instance.get(registration_url) # redirect only on non multi sites @@ -632,7 +632,7 @@-# File lib/wpscan/wp_target.rb, line 158 +# File lib/wpscan/wp_target.rb, line 159 def registration_url is_multisite? ? @uri.merge("wp-signup.php") : @uri.merge("wp-login.php?action=register") end@@ -662,7 +662,7 @@-# File lib/wpscan/wp_target.rb, line 134 +# File lib/wpscan/wp_target.rb, line 135 def search_replace_db_2_exists? resp = Browser.instance.get(search_replace_db_2_url) resp.code == 200 && resp.body[%r{by interconnect}] @@ -695,7 +695,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"-# File lib/wpscan/wp_target.rb, line 130 +# File lib/wpscan/wp_target.rb, line 131 def search_replace_db_2_url @uri.merge("searchreplacedb2.php").to_s end@@ -825,7 +825,8 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/" if index_body[%r\/wp-content\/(?:themes|plugins)\//] @wp_content_dir = "wp-content" else - @wp_content_dir = index_body[%r(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/, 1] + domains_excluded = "(?:www\.)?(facebook|twitter)\.com" + @wp_content_dir = index_body[%r(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^"']+)\/(?:themes|plugins)\/.*(?:"|')/, 1] end end @wp_content_dir @@ -856,7 +857,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"-# File lib/wpscan/wp_target.rb, line 106 +# File lib/wpscan/wp_target.rb, line 107 def wp_plugins_dir unless @wp_plugins_dir @wp_plugins_dir = "#{wp_content_dir}/plugins" @@ -889,7 +890,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"-+# File lib/wpscan/wp_target.rb, line 113 +# File lib/wpscan/wp_target.rb, line 114 def wp_plugins_dir_exists? Browser.instance.get(@uri.merge(wp_plugins_dir)).code != 404 enddiff --git a/doc/WpUser.html b/doc/WpUser.html index 5e70e741..d3244912 100644 --- a/doc/WpUser.html +++ b/doc/WpUser.html @@ -78,6 +78,18 @@#eql? + #id + + #id= + + #name + + #name= + + #nickname + + #nickname= + @@ -199,52 +211,6 @@ - - - - @@ -268,11 +234,11 @@Attributes
- - --- -- id[RW] -- -- - - ---- -- name[RW] -- -- - - ---- -- nickname[RW] -- -- - - ---@@ -306,9 +272,9 @@# File lib/wpscan/wp_user.rb, line 22 +# File lib/wpscan/wp_user.rb, line 54 def initialize(name, id, nickname) - @name = name ? name : "empty" - @id = id ? id : "empty" - @nickname = nickname ? nickname : "empty" + self.name = name + self.id = id + self.nickname = nickname end-@@ -336,9 +302,9 @@# File lib/wpscan/wp_user.rb, line 28 +# File lib/wpscan/wp_user.rb, line 60 def <=>(item) - item.name <=> @name + item.name <=> self.name end-@@ -366,9 +332,9 @@# File lib/wpscan/wp_user.rb, line 32 +# File lib/wpscan/wp_user.rb, line 64 def ===(item) - item.name === @name and item.id === @id and item.nickname === @nickname + item.name === self.name and item.id === self.id and item.nickname === self.nickname end-@@ -380,6 +346,195 @@# File lib/wpscan/wp_user.rb, line 36 +# File lib/wpscan/wp_user.rb, line 68 def eql?(item) - item.name === @name and item.id === @id and item.nickname === @nickname + item.name === self.name and item.id === self.id and item.nickname === self.nickname end+ ++ + ++ id() + click to toggle source ++ + ++ + + + + ++ + + + +++ +# File lib/wpscan/wp_user.rb, line 32 +def id + if @id.nil? or @id.to_s.strip.empty? + return "empty" + end + @id +end++ ++ + ++ id=(new_id) + click to toggle source ++ + ++ + + + + ++ + + + +++ +# File lib/wpscan/wp_user.rb, line 39 +def id=(new_id) + @id = new_id +end++ ++ + ++ name() + click to toggle source ++ + ++ + + + + ++ + + + +++ +# File lib/wpscan/wp_user.rb, line 21 +def name + if @name.nil? or @name.to_s.strip.empty? + return "empty" + end + @name +end++ ++ + ++ name=(new_name) + click to toggle source ++ + ++ + + + + ++ + + + +++ +# File lib/wpscan/wp_user.rb, line 28 +def name=(new_name) + @name = new_name +end++ ++ + ++ nickname() + click to toggle source ++ + ++ + + + + ++ + + + +++ +# File lib/wpscan/wp_user.rb, line 43 +def nickname + if @nickname.nil? or @nickname.to_s.strip.empty? + return "empty" + end + @nickname +end++ ++ + diff --git a/doc/WpscanOptions.html b/doc/WpscanOptions.html index b7e794c8..1a1c37dc 100644 --- a/doc/WpscanOptions.html +++ b/doc/WpscanOptions.html @@ -270,7 +270,7 @@ href="WpscanOptions.html">WpscanOptions+ nickname=(new_nickname) + click to toggle source ++ + ++ + + + + ++ + + + +++ +# File lib/wpscan/wp_user.rb, line 50 +def nickname=(new_nickname) + @nickname = new_nickname +end+-# File lib/wpscan/wpscan_options.rb, line 158 +# File lib/wpscan/wpscan_options.rb, line 159 def self.load_from_arguments wpscan_options = WpscanOptions.new @@ -308,7 +308,7 @@ href="WpscanOptions.html">WpscanOptions-# File lib/wpscan/wpscan_options.rb, line 50 +# File lib/wpscan/wpscan_options.rb, line 51 def initialize ACCESSOR_OPTIONS.each do |option| instance_variable_set("@#{option}", nil) @@ -349,7 +349,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 254 +# File lib/wpscan/wpscan_options.rb, line 256 def self.clean_option(option) cleaned_option = option.gsub(%r^--?/, '') cleaned_option.gsub(%r-/, '_') @@ -381,7 +381,7 @@ any remaining ‘-’ by ‘_’-@@ -427,7 +428,7 @@ any remaining ‘-’ by ‘_’# File lib/wpscan/wpscan_options.rb, line 225 +# File lib/wpscan/wpscan_options.rb, line 226 def self.get_opt_long GetoptLong.new( ["--url", "-u", GetoptLong::REQUIRED_ARGUMENT], @@ -398,7 +398,8 @@ any remaining ‘-’ by ‘_’ ["--follow-redirection", GetoptLong::NO_ARGUMENT], ["--wp-content-dir", GetoptLong::REQUIRED_ARGUMENT], ["--wp-plugins-dir", GetoptLong::REQUIRED_ARGUMENT], - ["--config-file", "-c", GetoptLong::REQUIRED_ARGUMENT] + ["--config-file", "-c", GetoptLong::REQUIRED_ARGUMENT], + ["--exclude-content-based", GetoptLong::REQUIRED_ARGUMENT] ) end-# File lib/wpscan/wpscan_options.rb, line 245 +# File lib/wpscan/wpscan_options.rb, line 247 def self.is_long_option?(option) ACCESSOR_OPTIONS.include?(:"#{WpscanOptions.clean_option(option)}") end@@ -457,7 +458,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 259 +# File lib/wpscan/wpscan_options.rb, line 261 def self.option_to_instance_variable_setter(option) cleaned_option = WpscanOptions.clean_option(option) option_syms = ACCESSOR_OPTIONS.grep(%r{^#{cleaned_option}$}) @@ -496,7 +497,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 106 +# File lib/wpscan/wpscan_options.rb, line 107 def enumerate_all_plugins=(enumerate_all_plugins) if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true) raise "Please choose only one plugin enumeration option" @@ -530,7 +531,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 130 +# File lib/wpscan/wpscan_options.rb, line 131 def enumerate_all_themes=(enumerate_all_themes) if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true) raise "Please choose only one theme enumeration option" @@ -564,7 +565,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 98 +# File lib/wpscan/wpscan_options.rb, line 99 def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins) if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true) raise "Please choose only one plugin enumeration option" @@ -598,7 +599,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 122 +# File lib/wpscan/wpscan_options.rb, line 123 def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes) if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true) raise "Please choose only one theme enumeration option" @@ -636,7 +637,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 193 +# File lib/wpscan/wpscan_options.rb, line 194 def enumerate_options_from_string(value) # Usage of self is mandatory because there are overridden setters @@ -692,7 +693,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 90 +# File lib/wpscan/wpscan_options.rb, line 91 def enumerate_plugins=(enumerate_plugins) if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true) raise "Please choose only one plugin enumeration option" @@ -726,7 +727,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 114 +# File lib/wpscan/wpscan_options.rb, line 115 def enumerate_themes=(enumerate_themes) if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true) raise "Please choose only one theme enumeration option" @@ -760,7 +761,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 138 +# File lib/wpscan/wpscan_options.rb, line 139 def has_options? !to_h.empty? end@@ -790,7 +791,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 74 +# File lib/wpscan/wpscan_options.rb, line 75 def proxy=(proxy) if proxy.index(':') == nil raise "Invalid proxy format. Should be host:port." @@ -824,7 +825,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 82 +# File lib/wpscan/wpscan_options.rb, line 83 def proxy_auth=(auth) if auth.index(':') == nil raise "Invalid proxy auth format, username:password expected" @@ -859,7 +860,7 @@ value-# File lib/wpscan/wpscan_options.rb, line 172 +# File lib/wpscan/wpscan_options.rb, line 173 def set_option_from_cli(cli_option, cli_value) if WpscanOptions.is_long_option?(cli_option) @@ -902,7 +903,7 @@ value-# File lib/wpscan/wpscan_options.rb, line 62 +# File lib/wpscan/wpscan_options.rb, line 63 def threads=(threads) @threads = threads.is_a?(Integer) ? threads : threads.to_i end@@ -932,7 +933,7 @@ value-# File lib/wpscan/wpscan_options.rb, line 143 +# File lib/wpscan/wpscan_options.rb, line 144 def to_h options = {} @@ -971,7 +972,7 @@ value-# File lib/wpscan/wpscan_options.rb, line 56 +# File lib/wpscan/wpscan_options.rb, line 57 def url=(url) raise "Empty URL given" if !url @@ -1003,7 +1004,7 @@ value-# File lib/wpscan/wpscan_options.rb, line 66 ++ +# File lib/wpscan/wpscan_options.rb, line 67 def wordlist=(wordlist) if File.exists?(wordlist) @wordlist = wordlist diff --git a/doc/created.rid b/doc/created.rid index b370e875..78921cf9 100644 --- a/doc/created.rid +++ b/doc/created.rid @@ -1,6 +1,6 @@ -Mon, 26 Nov 2012 22:36:17 +0100 +Fri, 07 Dec 2012 20:17:41 +0100 ./CREDITS Tue, 25 Sep 2012 20:37:12 +0200 -./Gemfile Sat, 10 Nov 2012 09:50:17 +0100 +./Gemfile Thu, 06 Dec 2012 19:53:03 +0100 ./lib/browser.rb Fri, 23 Nov 2012 18:46:41 +0100 ./lib/cache_file_store.rb Tue, 25 Sep 2012 20:37:12 +0200 ./lib/common_helper.rb Sat, 10 Nov 2012 09:50:17 +0100 @@ -10,34 +10,34 @@ Mon, 26 Nov 2012 22:36:17 +0100 ./lib/updater/updater.rb Tue, 25 Sep 2012 20:37:12 +0200 ./lib/updater/updater_factory.rb Tue, 25 Sep 2012 20:37:12 +0200 ./lib/wpscan/exploit.rb Tue, 25 Sep 2012 20:37:12 +0200 -./lib/wpscan/modules/brute_force.rb Tue, 25 Sep 2012 20:37:12 +0200 +./lib/wpscan/modules/brute_force.rb Thu, 06 Dec 2012 19:53:03 +0100 ./lib/wpscan/modules/malwares.rb Sat, 10 Nov 2012 09:50:17 +0100 ./lib/wpscan/modules/web_site.rb Tue, 25 Sep 2012 20:37:12 +0200 ./lib/wpscan/modules/wp_config_backup.rb Tue, 16 Oct 2012 22:00:10 +0200 ./lib/wpscan/modules/wp_full_path_disclosure.rb Tue, 25 Sep 2012 20:37:12 +0200 ./lib/wpscan/modules/wp_login_protection.rb Tue, 25 Sep 2012 20:37:12 +0200 -./lib/wpscan/modules/wp_plugins.rb Mon, 26 Nov 2012 22:28:31 +0100 +./lib/wpscan/modules/wp_plugins.rb Wed, 28 Nov 2012 20:07:48 +0100 ./lib/wpscan/modules/wp_readme.rb Tue, 25 Sep 2012 20:37:12 +0200 -./lib/wpscan/modules/wp_themes.rb Mon, 26 Nov 2012 22:27:25 +0100 +./lib/wpscan/modules/wp_themes.rb Wed, 28 Nov 2012 20:07:48 +0100 ./lib/wpscan/modules/wp_timthumbs.rb Tue, 25 Sep 2012 20:37:12 +0200 ./lib/wpscan/modules/wp_usernames.rb Tue, 25 Sep 2012 20:37:12 +0200 ./lib/wpscan/msfrpc_client.rb Tue, 25 Sep 2012 20:37:12 +0200 ./lib/wpscan/vulnerable.rb Tue, 25 Sep 2012 20:37:12 +0200 -./lib/wpscan/wp_detector.rb Tue, 25 Sep 2012 20:37:12 +0200 -./lib/wpscan/wp_enumerator.rb Sat, 10 Nov 2012 09:50:17 +0100 +./lib/wpscan/wp_detector.rb Thu, 06 Dec 2012 19:53:03 +0100 +./lib/wpscan/wp_enumerator.rb Thu, 06 Dec 2012 19:53:03 +0100 ./lib/wpscan/wp_item.rb Sat, 10 Nov 2012 09:50:17 +0100 ./lib/wpscan/wp_options.rb Tue, 25 Sep 2012 20:37:12 +0200 ./lib/wpscan/wp_plugin.rb Tue, 25 Sep 2012 20:37:12 +0200 -./lib/wpscan/wp_target.rb Sat, 10 Nov 2012 09:50:17 +0100 +./lib/wpscan/wp_target.rb Thu, 06 Dec 2012 21:07:19 +0100 ./lib/wpscan/wp_theme.rb Tue, 25 Sep 2012 20:37:12 +0200 -./lib/wpscan/wp_user.rb Tue, 25 Sep 2012 20:37:12 +0200 +./lib/wpscan/wp_user.rb Thu, 06 Dec 2012 21:07:19 +0100 ./lib/wpscan/wp_version.rb Sat, 10 Nov 2012 09:50:17 +0100 ./lib/wpscan/wp_vulnerability.rb Tue, 25 Sep 2012 20:37:12 +0200 -./lib/wpscan/wpscan_helper.rb Mon, 26 Nov 2012 22:13:34 +0100 -./lib/wpscan/wpscan_options.rb Mon, 26 Nov 2012 22:34:40 +0100 -./lib/wpstools/generate_list.rb Sun, 25 Nov 2012 18:41:55 +0100 +./lib/wpscan/wpscan_helper.rb Thu, 06 Dec 2012 19:53:03 +0100 +./lib/wpscan/wpscan_options.rb Thu, 06 Dec 2012 19:53:03 +0100 +./lib/wpstools/generate_list.rb Wed, 28 Nov 2012 20:07:48 +0100 ./lib/wpstools/parse_svn.rb Sat, 10 Nov 2012 09:50:17 +0100 -./lib/wpstools/wpstools_helper.rb Sun, 25 Nov 2012 18:41:55 +0100 -./README Fri, 23 Nov 2012 18:46:41 +0100 -./wpscan.rb Mon, 26 Nov 2012 22:16:04 +0100 -./wpstools.rb Sun, 25 Nov 2012 18:41:55 +0100 +./lib/wpstools/wpstools_helper.rb Fri, 07 Dec 2012 20:17:22 +0100 +./README Thu, 06 Dec 2012 19:53:03 +0100 +./wpscan.rb Thu, 06 Dec 2012 19:53:03 +0100 +./wpstools.rb Fri, 07 Dec 2012 20:17:22 +0100 diff --git a/doc/images/add.png b/doc/images/add.png new file mode 100755 index 00000000..6332fefe Binary files /dev/null and b/doc/images/add.png differ diff --git a/doc/images/delete.png b/doc/images/delete.png new file mode 100755 index 00000000..08f24936 Binary files /dev/null and b/doc/images/delete.png differ diff --git a/doc/images/tag_blue.png b/doc/images/tag_blue.png new file mode 100755 index 00000000..3f02b5f8 Binary files /dev/null and b/doc/images/tag_blue.png differ diff --git a/doc/images/transparent.png b/doc/images/transparent.png new file mode 100644 index 00000000..d665e179 Binary files /dev/null and b/doc/images/transparent.png differ diff --git a/doc/js/navigation.js b/doc/js/navigation.js new file mode 100644 index 00000000..e4126812 --- /dev/null +++ b/doc/js/navigation.js @@ -0,0 +1,142 @@ +/* + * Navigation allows movement using the arrow keys through the search results. + * + * When using this library you will need to set scrollIntoView to the + * appropriate function for your layout. Use scrollInWindow if the container + * is not scrollable and scrollInElement if the container is a separate + * scrolling region. + */ +Navigation = new function() { + this.initNavigation = function() { + var _this = this; + + $(document).keydown(function(e) { + _this.onkeydown(e); + }).keyup(function(e) { + _this.onkeyup(e); + }); + + this.navigationActive = true; + } + + this.setNavigationActive = function(state) { + this.navigationActive = state; + this.clearMoveTimeout(); + } + + this.onkeyup = function(e) { + if (!this.navigationActive) return; + + switch(e.keyCode) { + case 37: //Event.KEY_LEFT: + case 38: //Event.KEY_UP: + case 39: //Event.KEY_RIGHT: + case 40: //Event.KEY_DOWN: + this.clearMoveTimeout(); + break; + } + } + + this.onkeydown = function(e) { + if (!this.navigationActive) return; + switch(e.keyCode) { + case 37: //Event.KEY_LEFT: + if (this.moveLeft()) e.preventDefault(); + break; + case 38: //Event.KEY_UP: + if (e.keyCode == 38 || e.ctrlKey) { + if (this.moveUp()) e.preventDefault(); + this.startMoveTimeout(false); + } + break; + case 39: //Event.KEY_RIGHT: + if (this.moveRight()) e.preventDefault(); + break; + case 40: //Event.KEY_DOWN: + if (e.keyCode == 40 || e.ctrlKey) { + if (this.moveDown()) e.preventDefault(); + this.startMoveTimeout(true); + } + break; + case 13: //Event.KEY_RETURN: + if (this.$current) + e.preventDefault(); + this.select(this.$current); + break; + } + if (e.ctrlKey && e.shiftKey) this.select(this.$current); + } + + this.clearMoveTimeout = function() { + clearTimeout(this.moveTimeout); + this.moveTimeout = null; + } + + this.startMoveTimeout = function(isDown) { + if (!$.browser.mozilla && !$.browser.opera) return; + if (this.moveTimeout) this.clearMoveTimeout(); + var _this = this; + + var go = function() { + if (!_this.moveTimeout) return; + _this[isDown ? 'moveDown' : 'moveUp'](); + _this.moveTimout = setTimeout(go, 100); + } + this.moveTimeout = setTimeout(go, 200); + } + + this.moveRight = function() { + } + + this.moveLeft = function() { + } + + this.move = function(isDown) { + } + + this.moveUp = function() { + return this.move(false); + } + + this.moveDown = function() { + return this.move(true); + } + + /* + * Scrolls to the given element in the scrollable element view. + */ + this.scrollInElement = function(element, view) { + var offset, viewHeight, viewScroll, height; + offset = element.offsetTop; + height = element.offsetHeight; + viewHeight = view.offsetHeight; + viewScroll = view.scrollTop; + + if (offset - viewScroll + height > viewHeight) { + view.scrollTop = offset - viewHeight + height; + } + if (offset < viewScroll) { + view.scrollTop = offset; + } + } + + /* + * Scrolls to the given element in the window. The second argument is + * ignored + */ + this.scrollInWindow = function(element, ignored) { + var offset, viewHeight, viewScroll, height; + offset = element.offsetTop; + height = element.offsetHeight; + viewHeight = window.innerHeight; + viewScroll = window.scrollY; + + if (offset - viewScroll + height > viewHeight) { + window.scrollTo(window.scrollX, offset - viewHeight + height); + } + if (offset < viewScroll) { + window.scrollTo(window.scrollX, offset); + } + } +} + diff --git a/doc/js/search.js b/doc/js/search.js new file mode 100644 index 00000000..dbdfdcbc --- /dev/null +++ b/doc/js/search.js @@ -0,0 +1,94 @@ +Search = function(data, input, result) { + this.data = data; + this.$input = $(input); + this.$result = $(result); + + this.$current = null; + this.$view = this.$result.parent(); + this.searcher = new Searcher(data.index); + this.init(); +} + +Search.prototype = $.extend({}, Navigation, new function() { + var suid = 1; + + this.init = function() { + var _this = this; + var observer = function() { + _this.search(_this.$input[0].value); + }; + this.$input.keyup(observer); + this.$input.click(observer); // mac's clear field + + this.searcher.ready(function(results, isLast) { + _this.addResults(results, isLast); + }) + + this.initNavigation(); + this.setNavigationActive(false); + } + + this.search = function(value, selectFirstMatch) { + value = jQuery.trim(value).toLowerCase(); + if (value) { + this.setNavigationActive(true); + } else { + this.setNavigationActive(false); + } + + if (value == '') { + this.lastQuery = value; + this.$result.empty(); + this.setNavigationActive(false); + } else if (value != this.lastQuery) { + this.lastQuery = value; + this.firstRun = true; + this.searcher.find(value); + } + } + + this.addResults = function(results, isLast) { + var target = this.$result.get(0); + if (this.firstRun && (results.length > 0 || isLast)) { + this.$current = null; + this.$result.empty(); + } + + for (var i=0, l = results.length; i < l; i++) { + target.appendChild(this.renderItem.call(this, results[i])); + }; + + if (this.firstRun && results.length > 0) { + this.firstRun = false; + this.$current = $(target.firstChild); + this.$current.addClass('current'); + } + if (jQuery.browser.msie) this.$element[0].className += ''; + } + + this.move = function(isDown) { + if (!this.$current) return; + var $next = this.$current[isDown ? 'next' : 'prev'](); + if ($next.length) { + this.$current.removeClass('current'); + $next.addClass('current'); + this.scrollIntoView($next[0], this.$view[0]); + this.$current = $next; + } + return true; + } + + this.hlt = function(html) { + return this.escapeHTML(html). + replace(/\u0001/g, ''). + replace(/\u0002/g, ''); + } + + this.escapeHTML = function(html) { + return html.replace(/[&<>]/g, function(c) { + return '&#' + c.charCodeAt(0) + ';'; + }); + } + +}); + diff --git a/doc/js/search_index.js b/doc/js/search_index.js new file mode 100644 index 00000000..f614fb47 --- /dev/null +++ b/doc/js/search_index.js @@ -0,0 +1 @@ +var search_data = {"index":{"searchIndex":["array","browser","bruteforce","cachefilestore","exploit","generate_list","gitupdater","malwares","object","rpcclient","svnupdater","svn_parser","uri","updater","updaterfactory","vulnerable","website","wpconfigbackup","wpdetector","wpenumerator","wpfullpathdisclosure","wpitem","wploginprotection","wpoptions","wpplugin","wpplugins","wpreadme","wptarget","wptheme","wpthemes","wptimthumbs","wpuser","wpusernames","wpversion","wpvulnerability","wpscanoptions","<=>()","<=>()","==()","===()","===()","===()","_grep_()","add_http_protocol()","add_trailing_slash()","aggressive_detection()","authenticate()","author_url()","available_updaters_classes()","banner()","better_wp_security_url()","bluetrait_event_viewer_url()","brute_force()","changelog_url()","check_options()","choose_session()","clean()","clean_option()","colorize()","config_backup()","config_backup_files()","debug_log_url()","directory_listing?()","enumerate()","enumerate_all_plugins=()","enumerate_all_themes=()","enumerate_only_vulnerable_plugins=()","enumerate_only_vulnerable_themes=()","enumerate_options_from_string()","enumerate_plugins=()","enumerate_themes=()","eql?()","error_404_hash()","error_log?()","error_log_url()","escape()","exploit()","exploit()","exploit_info()","extract_name_from_url()","extract_nickname_from_body()","find()","find()","find_from_advanced_fingerprinting()","find_from_atom_generator()","find_from_css_link()","find_from_links_opml()","find_from_meta_generator()","find_from_rdf_generator()","find_from_readme()","find_from_rss_generator()","find_from_sitemap_generator()","find_from_wooframework()","forge_request()","full_path_disclosure_url()","generate_full_list()","generate_items()","generate_popular_list()","get()","get_entry_file_path()","get_equal_string_end()","get_exploit_info()","get_full_url()","get_nickname_from_response()","get_nickname_from_url()","get_opt_long()","get_options()","get_payloads()","get_popular_items()","get_sub_folder()","get_updater()","get_url_without_filename()","green()","grep()","has_better_wp_security_protection?()","has_bluetrait_event_viewer_protection?()","has_changelog?()","has_debug_log?()","has_full_path_disclosure?()","has_limit_login_attempts_protection?()","has_login_lock_protection?()","has_login_lockdown_protection?()","has_login_protection?()","has_login_security_solution_protection?()","has_malwares?()","has_options?()","has_readme?()","has_readme?()","has_simple_login_lockdown_protection?()","has_timthumbs?()","help()","id()","id=()","instance()","is_installed?()","is_installed?()","is_installed?()","is_long_option?()","is_multisite?()","is_online?()","is_wordpress?()","job_id()","jobs()","kill_session()","kill_session()","last_session_id()","limit_login_attempts_url()","lines_in_file()","load_config()","load_from_arguments()","local_revision_number()","local_revision_number()","local_revision_number()","login()","login_protection_plugin()","login_security_solution_url()","login_url()","malware_pattern()","malwares()","malwares_file()","max_threads=()","merge_request_params()","meterpreter_read()","meterpreter_read()","meterpreter_write()","meterpreter_write()","name()","name=()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","new()","nickname()","nickname=()","option_to_instance_variable_setter()","parse()","passive_detection()","plugins_from_aggressive_detection()","plugins_from_passive_detection()","post()","proxy=()","proxy_auth=()","proxy_auth=()","raise_invalid_proxy_format()","raise_must_be_implemented()","read_entry()","read_shell()","read_shell()","readme_url()","readme_url()","red()","redirection()","registration_enabled?()","registration_url()","remove_junk_from_nickname()","repo_directory_arguments()","require_files_from_directory()","reset()","save()","search_replace_db_2_exists?()","search_replace_db_2_url()","session_count()","sessions()","sessions()","set_file_name()","set_option_from_cli()","simple_login_lockdown_url()","start()","targets_url_from_theme()","theme()","themes_from_aggressive_detection()","themes_from_passive_detection()","threads=()","timthumbs()","to_h()","to_s()","update()","update()","update()","url()","url=()","usage()","user_agent()","user_agent_mode=()","usernames()","valid_response_codes()","version()","version()","version_pattern()","vulnerabilities()","wordlist=()","wp_content_dir()","wp_plugins_dir()","wp_plugins_dir_exists?()","write_entry()","write_shell()","write_shell()","xmlrpc_url()","credits","gemfile","readme"],"longSearchIndex":["array","browser","bruteforce","cachefilestore","exploit","generate_list","gitupdater","malwares","object","rpcclient","svnupdater","svn_parser","uri","updater","updaterfactory","vulnerable","website","wpconfigbackup","wpdetector","wpenumerator","wpfullpathdisclosure","wpitem","wploginprotection","wpoptions","wpplugin","wpplugins","wpreadme","wptarget","wptheme","wpthemes","wptimthumbs","wpuser","wpusernames","wpversion","wpvulnerability","wpscanoptions","wpitem#<=>()","wpuser#<=>()","wpitem#==()","wpitem#===()","wptheme#===()","wpuser#===()","array#_grep_()","object#add_http_protocol()","object#add_trailing_slash()","wpdetector::aggressive_detection()","rpcclient#authenticate()","wpusernames#author_url()","updaterfactory::available_updaters_classes()","object#banner()","wploginprotection#better_wp_security_url()","wploginprotection#bluetrait_event_viewer_url()","bruteforce#brute_force()","wpitem#changelog_url()","wpoptions::check_options()","exploit#choose_session()","cachefilestore#clean()","wpscanoptions::clean_option()","object#colorize()","wpconfigbackup#config_backup()","wpconfigbackup::config_backup_files()","wptarget#debug_log_url()","wpitem#directory_listing?()","wpenumerator::enumerate()","wpscanoptions#enumerate_all_plugins=()","wpscanoptions#enumerate_all_themes=()","wpscanoptions#enumerate_only_vulnerable_plugins=()","wpscanoptions#enumerate_only_vulnerable_themes=()","wpscanoptions#enumerate_options_from_string()","wpscanoptions#enumerate_plugins=()","wpscanoptions#enumerate_themes=()","wpuser#eql?()","wptarget#error_404_hash()","wpplugin#error_log?()","wpplugin#error_log_url()","uri::escape()","exploit#exploit()","rpcclient#exploit()","exploit#exploit_info()","wpitem#extract_name_from_url()","wpusernames#extract_nickname_from_body()","wptheme::find()","wpversion::find()","wpversion::find_from_advanced_fingerprinting()","wpversion::find_from_atom_generator()","wptheme::find_from_css_link()","wpversion::find_from_links_opml()","wpversion::find_from_meta_generator()","wpversion::find_from_rdf_generator()","wpversion::find_from_readme()","wpversion::find_from_rss_generator()","wpversion::find_from_sitemap_generator()","wptheme::find_from_wooframework()","browser#forge_request()","wpfullpathdisclosure#full_path_disclosure_url()","generate_list#generate_full_list()","wpenumerator::generate_items()","generate_list#generate_popular_list()","browser#get()","cachefilestore#get_entry_file_path()","object#get_equal_string_end()","rpcclient#get_exploit_info()","wpitem#get_full_url()","wpusernames#get_nickname_from_response()","wpusernames#get_nickname_from_url()","wpscanoptions::get_opt_long()","rpcclient#get_options()","rpcclient#get_payloads()","generate_list#get_popular_items()","wpitem#get_sub_folder()","updaterfactory::get_updater()","wpitem#get_url_without_filename()","object#green()","array#grep()","wploginprotection#has_better_wp_security_protection?()","wploginprotection#has_bluetrait_event_viewer_protection?()","wpitem#has_changelog?()","wptarget#has_debug_log?()","wpfullpathdisclosure#has_full_path_disclosure?()","wploginprotection#has_limit_login_attempts_protection?()","wploginprotection#has_login_lock_protection?()","wploginprotection#has_login_lockdown_protection?()","wploginprotection#has_login_protection?()","wploginprotection#has_login_security_solution_protection?()","malwares#has_malwares?()","wpscanoptions#has_options?()","wpitem#has_readme?()","wpreadme#has_readme?()","wploginprotection#has_simple_login_lockdown_protection?()","wptimthumbs#has_timthumbs?()","object#help()","wpuser#id()","wpuser#id=()","browser::instance()","gitupdater#is_installed?()","svnupdater#is_installed?()","updater#is_installed?()","wpscanoptions::is_long_option?()","wptarget#is_multisite?()","website#is_online?()","website#is_wordpress?()","exploit#job_id()","rpcclient#jobs()","exploit#kill_session()","rpcclient#kill_session()","exploit#last_session_id()","wploginprotection#limit_login_attempts_url()","bruteforce::lines_in_file()","browser#load_config()","wpscanoptions::load_from_arguments()","gitupdater#local_revision_number()","svnupdater#local_revision_number()","updater#local_revision_number()","rpcclient#login()","wploginprotection#login_protection_plugin()","wploginprotection#login_security_solution_url()","wptarget#login_url()","malwares::malware_pattern()","malwares#malwares()","malwares::malwares_file()","browser#max_threads=()","browser#merge_request_params()","exploit#meterpreter_read()","rpcclient#meterpreter_read()","exploit#meterpreter_write()","rpcclient#meterpreter_write()","wpuser#name()","wpuser#name=()","cachefilestore::new()","exploit::new()","generate_list::new()","rpcclient::new()","svn_parser::new()","updater::new()","wpitem::new()","wpplugin::new()","wptarget::new()","wptheme::new()","wpuser::new()","wpversion::new()","wpvulnerability::new()","wpscanoptions::new()","wpuser#nickname()","wpuser#nickname=()","wpscanoptions::option_to_instance_variable_setter()","svn_parser#parse()","wpdetector::passive_detection()","wpplugins#plugins_from_aggressive_detection()","wpplugins#plugins_from_passive_detection()","browser#post()","wpscanoptions#proxy=()","browser#proxy_auth=()","wpscanoptions#proxy_auth=()","browser#raise_invalid_proxy_format()","updater#raise_must_be_implemented()","cachefilestore#read_entry()","exploit#read_shell()","rpcclient#read_shell()","wpitem#readme_url()","wpreadme#readme_url()","object#red()","website#redirection()","wptarget#registration_enabled?()","wptarget#registration_url()","wpusernames#remove_junk_from_nickname()","gitupdater#repo_directory_arguments()","object#require_files_from_directory()","browser::reset()","generate_list#save()","wptarget#search_replace_db_2_exists?()","wptarget#search_replace_db_2_url()","exploit#session_count()","exploit#sessions()","rpcclient#sessions()","generate_list#set_file_name()","wpscanoptions#set_option_from_cli()","wploginprotection#simple_login_lockdown_url()","exploit#start()","wptimthumbs#targets_url_from_theme()","wptarget#theme()","wpthemes#themes_from_aggressive_detection()","wpthemes#themes_from_passive_detection()","wpscanoptions#threads=()","wptimthumbs#timthumbs()","wpscanoptions#to_h()","wpitem#to_s()","gitupdater#update()","svnupdater#update()","updater#update()","wptarget#url()","wpscanoptions#url=()","object#usage()","browser#user_agent()","browser#user_agent_mode=()","wpusernames#usernames()","wptarget::valid_response_codes()","wpitem#version()","wptarget#version()","wpversion::version_pattern()","vulnerable#vulnerabilities()","wpscanoptions#wordlist=()","wptarget#wp_content_dir()","wptarget#wp_plugins_dir()","wptarget#wp_plugins_dir_exists?()","cachefilestore#write_entry()","exploit#write_shell()","rpcclient#write_shell()","website#xmlrpc_url()","","",""],"info":[["Array","","Array.html","",""],["Browser","","Browser.html","",""],["BruteForce","","BruteForce.html","",""],["CacheFileStore","","CacheFileStore.html","",""],["Exploit","","Exploit.html","","This library should contain all methods for exploitation.\n"],["Generate_List","","Generate_List.html","","
This tool generates a list to use for plugin and theme enumeration\n"],["GitUpdater","","GitUpdater.html","",""],["Malwares","","Malwares.html","",""],["Object","","Object.html","",""],["RpcClient","","RpcClient.html","","
This library should contain all methods to communicate with msfrpc. See\nframework/documentation/msfrpc.txt …\n"],["SvnUpdater","","SvnUpdater.html","",""],["Svn_Parser","","Svn_Parser.html","","
This Class Parses SVN Repositories via HTTP\n"],["URI","","URI.html","",""],["Updater","","Updater.html","","
This class act as an absract one\n"],["UpdaterFactory","","UpdaterFactory.html","",""],["Vulnerable","","Vulnerable.html","",""],["WebSite","","WebSite.html","",""],["WpConfigBackup","","WpConfigBackup.html","",""],["WpDetector","","WpDetector.html","",""],["WpEnumerator","","WpEnumerator.html","","
Enumerate over a given set of items and check if they exist\n"],["WpFullPathDisclosure","","WpFullPathDisclosure.html","",""],["WpItem","","WpItem.html","",""],["WpLoginProtection","","WpLoginProtection.html","",""],["WpOptions","","WpOptions.html","","
Options Hash\n
Options\n
url- The base URL of the WordPress site\n"],["WpPlugin","","WpPlugin.html","",""],["WpPlugins","","WpPlugins.html","",""],["WpReadme","","WpReadme.html","",""],["WpTarget","","WpTarget.html","",""],["WpTheme","","WpTheme.html","",""],["WpThemes","","WpThemes.html","",""],["WpTimthumbs","","WpTimthumbs.html","",""],["WpUser","","WpUser.html","",""],["WpUsernames","","WpUsernames.html","",""],["WpVersion","","WpVersion.html","",""],["WpVulnerability","","WpVulnerability.html","",""],["WpscanOptions","","WpscanOptions.html","",""],["<=>","WpItem","WpItem.html#method-i-3C-3D-3E","(other)","Compare\n"],["<=>","WpUser","WpUser.html#method-i-3C-3D-3E","(item)",""],["==","WpItem","WpItem.html#method-i-3D-3D","(other)","
Compare\n"],["===","WpItem","WpItem.html#method-i-3D-3D-3D","(other)","
Compare\n"],["===","WpTheme","WpTheme.html#method-i-3D-3D-3D","(wp_theme)",""],["===","WpUser","WpUser.html#method-i-3D-3D-3D","(item)",""],["_grep_","Array","Array.html#method-i-_grep_","(regexp)","
Fix for grep with symbols in ruby <= 1.8.7\n"],["add_http_protocol","Object","Object.html#method-i-add_http_protocol","(url)","
Add protocol\n"],["add_trailing_slash","Object","Object.html#method-i-add_trailing_slash","(url)",""],["aggressive_detection","WpDetector","WpDetector.html#method-c-aggressive_detection","(options, items = [])",""],["authenticate","RpcClient","RpcClient.html#method-i-authenticate","()","
check authentication\n"],["author_url","WpUsernames","WpUsernames.html#method-i-author_url","(author_id)",""],["available_updaters_classes","UpdaterFactory","UpdaterFactory.html#method-c-available_updaters_classes","()","
return array of class symbols\n"],["banner","Object","Object.html#method-i-banner","()","
our 1337 banner\n"],["better_wp_security_url","WpLoginProtection","WpLoginProtection.html#method-i-better_wp_security_url","()",""],["bluetrait_event_viewer_url","WpLoginProtection","WpLoginProtection.html#method-i-bluetrait_event_viewer_url","()",""],["brute_force","BruteForce","BruteForce.html#method-i-brute_force","(logins, wordlist_path)","
param array of string logins param string wordlist_path\n"],["changelog_url","WpItem","WpItem.html#method-i-changelog_url","()","
Url for changelog.txt\n"],["check_options","WpOptions","WpOptions.html#method-c-check_options","(options)",""],["choose_session","Exploit","Exploit.html#method-i-choose_session","()","
if there is more than 1 session, allow the user to choose one.\n"],["clean","CacheFileStore","CacheFileStore.html#method-i-clean","()",""],["clean_option","WpscanOptions","WpscanOptions.html#method-c-clean_option","(option)","
Will removed the ‘-’ or ‘–’ chars at the beginning of option and replace\nany remaining ‘-’ by ‘_’\n
param …\n"],["colorize","Object","Object.html#method-i-colorize","(text, color_code)",""],["config_backup","WpConfigBackup","WpConfigBackup.html#method-i-config_backup","()","
Checks to see if wp-config.php has a backup See www.feross.org/cmsploit/\nreturn an array of backup config …\n"],["config_backup_files","WpConfigBackup","WpConfigBackup.html#method-c-config_backup_files","()","
@return Array\n"],["debug_log_url","WpTarget","WpTarget.html#method-i-debug_log_url","()",""],["directory_listing?","WpItem","WpItem.html#method-i-directory_listing-3F","()","
Is directory listing enabled?\n"],["enumerate","WpEnumerator","WpEnumerator.html#method-c-enumerate","(options = {}, items = nil)","
Enumerate the given Targets\n
Attributes\n
targets- targets to enumerate\n"],["enumerate_all_plugins=","WpscanOptions","WpscanOptions.html#method-i-enumerate_all_plugins-3D","(enumerate_all_plugins)",""],["enumerate_all_themes=","WpscanOptions","WpscanOptions.html#method-i-enumerate_all_themes-3D","(enumerate_all_themes)",""],["enumerate_only_vulnerable_plugins=","WpscanOptions","WpscanOptions.html#method-i-enumerate_only_vulnerable_plugins-3D","(enumerate_only_vulnerable_plugins)",""],["enumerate_only_vulnerable_themes=","WpscanOptions","WpscanOptions.html#method-i-enumerate_only_vulnerable_themes-3D","(enumerate_only_vulnerable_themes)",""],["enumerate_options_from_string","WpscanOptions","WpscanOptions.html#method-i-enumerate_options_from_string","(value)","Will set enumerate_* from the string value IE : if value = vp =>\n:enumerate_only_vulnerable_plugins …\n"],["enumerate_plugins=","WpscanOptions","WpscanOptions.html#method-i-enumerate_plugins-3D","(enumerate_plugins)",""],["enumerate_themes=","WpscanOptions","WpscanOptions.html#method-i-enumerate_themes-3D","(enumerate_themes)",""],["eql?","WpUser","WpUser.html#method-i-eql-3F","(item)",""],["error_404_hash","WpTarget","WpTarget.html#method-i-error_404_hash","()","
Return the MD5 hash of a 404 page\n"],["error_log?","WpPlugin","WpPlugin.html#method-i-error_log-3F","()","
Discover any error_log files created by WordPress These are created by the\nWordPress error_log() function …\n"],["error_log_url","WpPlugin","WpPlugin.html#method-i-error_log_url","()",""],["escape","URI","URI.html#method-c-escape","(str)",""],["exploit","Exploit","Exploit.html#method-i-exploit","(msf_module, payload)","
exploit\n"],["exploit","RpcClient","RpcClient.html#method-i-exploit","(name, opts)","
execute exploit\n"],["exploit_info","Exploit","Exploit.html#method-i-exploit_info","(msf_module,payload)","
output our exploit data\n"],["extract_name_from_url","WpItem","WpItem.html#method-i-extract_name_from_url","()","
Extract item name from a url\n"],["extract_nickname_from_body","WpUsernames","WpUsernames.html#method-i-extract_nickname_from_body","(body)",""],["find","WpTheme","WpTheme.html#method-c-find","(target_uri)",""],["find","WpVersion","WpVersion.html#method-c-find","(target_uri, wp_content_dir)","
Will use all method self.find_from_* to try to detect the version Once the\nversion is found, it will …\n"],["find_from_advanced_fingerprinting","WpVersion","WpVersion.html#method-c-find_from_advanced_fingerprinting","(options)","
Uses data/wp_versions.xml to try to identify a wordpress version.\n
It does this by using client side file …\n"],["find_from_atom_generator","WpVersion","WpVersion.html#method-c-find_from_atom_generator","(options)","
Attempts to find the WordPress version from, the generator tag in the Atom\nsource.\n"],["find_from_css_link","WpTheme","WpTheme.html#method-c-find_from_css_link","(target_uri)","
Discover the wordpress theme name by parsing the css link rel\n"],["find_from_links_opml","WpVersion","WpVersion.html#method-c-find_from_links_opml","(options)","
Attempts to find the WordPress version from the p-links-opml.php file.\n"],["find_from_meta_generator","WpVersion","WpVersion.html#method-c-find_from_meta_generator","(options)","
Attempts to find the wordpress version from, the generator meta tag in the\nhtml source.\n
The meta tag can …\n"],["find_from_rdf_generator","WpVersion","WpVersion.html#method-c-find_from_rdf_generator","(options)","
Attempts to find WordPress version from, the generator tag in the RDF feed\nsource.\n"],["find_from_readme","WpVersion","WpVersion.html#method-c-find_from_readme","(options)","
Attempts to find the WordPress version from the readme.html file.\n"],["find_from_rss_generator","WpVersion","WpVersion.html#method-c-find_from_rss_generator","(options)","
Attempts to find the WordPress version from, the generator tag in the RSS\nfeed source.\n"],["find_from_sitemap_generator","WpVersion","WpVersion.html#method-c-find_from_sitemap_generator","(options)","
Attempts to find the WordPress version from the sitemap.xml file.\n
See: code.google.com/p/wpscan/issues/detail?id=109 …\n"],["find_from_wooframework","WpTheme","WpTheme.html#method-c-find_from_wooframework","(target_uri)","
code.google.com/p/wpscan/issues/detail?id=141\n"],["forge_request","Browser","Browser.html#method-i-forge_request","(url, params = {})",""],["full_path_disclosure_url","WpFullPathDisclosure","WpFullPathDisclosure.html#method-i-full_path_disclosure_url","()",""],["generate_full_list","Generate_List","Generate_List.html#method-i-generate_full_list","()",""],["generate_items","WpEnumerator","WpEnumerator.html#method-c-generate_items","(options = {})",""],["generate_popular_list","Generate_List","Generate_List.html#method-i-generate_popular_list","(pages)",""],["get","Browser","Browser.html#method-i-get","(url, params = {})",""],["get_entry_file_path","CacheFileStore","CacheFileStore.html#method-i-get_entry_file_path","(key)",""],["get_equal_string_end","Object","Object.html#method-i-get_equal_string_end","(stringarray = [\"\"])","
Gets the string all elements in stringarray ends with\n"],["get_exploit_info","RpcClient","RpcClient.html#method-i-get_exploit_info","(name)","
retrieve information about the exploit\n"],["get_full_url","WpItem","WpItem.html#method-i-get_full_url","()","
Get the full url for this item\n"],["get_nickname_from_response","WpUsernames","WpUsernames.html#method-i-get_nickname_from_response","(resp)",""],["get_nickname_from_url","WpUsernames","WpUsernames.html#method-i-get_nickname_from_url","(url)",""],["get_opt_long","WpscanOptions","WpscanOptions.html#method-c-get_opt_long","()","
Even if a short option is given (IE : -u), the long one will be returned\n(IE : –url)\n"],["get_options","RpcClient","RpcClient.html#method-i-get_options","(name)","
retrieve exploit options\n"],["get_payloads","RpcClient","RpcClient.html#method-i-get_payloads","(name)","
retrieve the exploit payloads\n"],["get_popular_items","Generate_List","Generate_List.html#method-i-get_popular_items","(pages)","
Send a HTTP request to the WordPress most popular theme or plugin webpage\nparse the response for the …\n"],["get_sub_folder","WpItem","WpItem.html#method-i-get_sub_folder","()",""],["get_updater","UpdaterFactory","UpdaterFactory.html#method-c-get_updater","(repo_directory)",""],["get_url_without_filename","WpItem","WpItem.html#method-i-get_url_without_filename","()","
Gets the full url for this item without filenames\n"],["green","Object","Object.html#method-i-green","(text)",""],["grep","Array","Array.html#method-i-grep","(regexp)",""],["has_better_wp_security_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_better_wp_security_protection-3F","()","
wordpress.org/extend/plugins/better-wp-security/\n"],["has_bluetrait_event_viewer_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_bluetrait_event_viewer_protection-3F","()","
wordpress.org/extend/plugins/bluetrait-event-viewer/\n"],["has_changelog?","WpItem","WpItem.html#method-i-has_changelog-3F","()","
changelog.txt present?\n"],["has_debug_log?","WpTarget","WpTarget.html#method-i-has_debug_log-3F","()",""],["has_full_path_disclosure?","WpFullPathDisclosure","WpFullPathDisclosure.html#method-i-has_full_path_disclosure-3F","()","
Check for Full Path Disclosure (FPD)\n"],["has_limit_login_attempts_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_limit_login_attempts_protection-3F","()","
wordpress.org/extend/plugins/limit-login-attempts/\n"],["has_login_lock_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_lock_protection-3F","()","
wordpress.org/extend/plugins/login-lock/\n"],["has_login_lockdown_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_lockdown_protection-3F","()","
Thanks to Alip Aswalid for providing this method.\nwordpress.org/extend/plugins/login-lockdown/\n"],["has_login_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_protection-3F","()",""],["has_login_security_solution_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_login_security_solution_protection-3F","()","
wordpress.org/extend/plugins/login-security-solution/\n"],["has_malwares?","Malwares","Malwares.html#method-i-has_malwares-3F","(malwares_file_path = nil)",""],["has_options?","WpscanOptions","WpscanOptions.html#method-i-has_options-3F","()",""],["has_readme?","WpItem","WpItem.html#method-i-has_readme-3F","()","
readme.txt present?\n"],["has_readme?","WpReadme","WpReadme.html#method-i-has_readme-3F","()","
Checks to see if the readme.html file exists\n
This file comes by default in a wordpress installation, and …\n"],["has_simple_login_lockdown_protection?","WpLoginProtection","WpLoginProtection.html#method-i-has_simple_login_lockdown_protection-3F","()","
wordpress.org/extend/plugins/simple-login-lockdown/\n"],["has_timthumbs?","WpTimthumbs","WpTimthumbs.html#method-i-has_timthumbs-3F","(theme_name, options = {})",""],["help","Object","Object.html#method-i-help","()","
command help\n"],["id","WpUser","WpUser.html#method-i-id","()",""],["id=","WpUser","WpUser.html#method-i-id-3D","(new_id)",""],["instance","Browser","Browser.html#method-c-instance","(options = {})",""],["is_installed?","GitUpdater","GitUpdater.html#method-i-is_installed-3F","()",""],["is_installed?","SvnUpdater","SvnUpdater.html#method-i-is_installed-3F","()",""],["is_installed?","Updater","Updater.html#method-i-is_installed-3F","()",""],["is_long_option?","WpscanOptions","WpscanOptions.html#method-c-is_long_option-3F","(option)",""],["is_multisite?","WpTarget","WpTarget.html#method-i-is_multisite-3F","()",""],["is_online?","WebSite","WebSite.html#method-i-is_online-3F","()","
Checks if the remote website is up.\n"],["is_wordpress?","WebSite","WebSite.html#method-i-is_wordpress-3F","()","
check if the remote website is actually running wordpress.\n"],["job_id","Exploit","Exploit.html#method-i-job_id","()","
not sure if this is needed?! not used.\n"],["jobs","RpcClient","RpcClient.html#method-i-jobs","()","
list msf jobs\n"],["kill_session","Exploit","Exploit.html#method-i-kill_session","(id)","
kill a session by session id\n"],["kill_session","RpcClient","RpcClient.html#method-i-kill_session","(id)","
kill msf session\n"],["last_session_id","Exploit","Exploit.html#method-i-last_session_id","()","
the last active session id created\n"],["limit_login_attempts_url","WpLoginProtection","WpLoginProtection.html#method-i-limit_login_attempts_url","()",""],["lines_in_file","BruteForce","BruteForce.html#method-c-lines_in_file","(file_path)","
Counts the number of lines in the wordlist It can take a couple of minutes\non large wordlists, although …\n"],["load_config","Browser","Browser.html#method-i-load_config","(config_file = nil)","
TODO reload hydra (if the .load_config is called on a browser object, hydra\nwill not have the new @max_threads …\n"],["load_from_arguments","WpscanOptions","WpscanOptions.html#method-c-load_from_arguments","()","
Will load the options from ARGV return WpscanOptions\n"],["local_revision_number","GitUpdater","GitUpdater.html#method-i-local_revision_number","()","
Git has not a revsion number like SVN, so we will take the 7 first chars of\nthe last commit hash\n"],["local_revision_number","SvnUpdater","SvnUpdater.html#method-i-local_revision_number","()",""],["local_revision_number","Updater","Updater.html#method-i-local_revision_number","()",""],["login","RpcClient","RpcClient.html#method-i-login","()","
login to msfrpcd\n"],["login_protection_plugin","WpLoginProtection","WpLoginProtection.html#method-i-login_protection_plugin","()","
Checks if a login protection plugin is enabled\ncode.google.com/p/wpscan/issues/detail?id=111 return a …\n"],["login_security_solution_url","WpLoginProtection","WpLoginProtection.html#method-i-login_security_solution_url","()",""],["login_url","WpTarget","WpTarget.html#method-i-login_url","()",""],["malware_pattern","Malwares","Malwares.html#method-c-malware_pattern","(url_regex)",""],["malwares","Malwares","Malwares.html#method-i-malwares","(malwares_file_path = nil)","
return array of string (url of malwares found)\n"],["malwares_file","Malwares","Malwares.html#method-c-malwares_file","(malwares_file_path)",""],["max_threads=","Browser","Browser.html#method-i-max_threads-3D","(max_threads)",""],["merge_request_params","Browser","Browser.html#method-i-merge_request_params","(params = {})",""],["meterpreter_read","Exploit","Exploit.html#method-i-meterpreter_read","(id)","
read data from a meterpreter session data must be base64 decoded.\n"],["meterpreter_read","RpcClient","RpcClient.html#method-i-meterpreter_read","(id)",""],["meterpreter_write","Exploit","Exploit.html#method-i-meterpreter_write","(id, data)","
write data to a meterpreter session data must be base64 encoded.\n"],["meterpreter_write","RpcClient","RpcClient.html#method-i-meterpreter_write","(id, data)",""],["name","WpUser","WpUser.html#method-i-name","()",""],["name=","WpUser","WpUser.html#method-i-name-3D","(new_name)",""],["new","CacheFileStore","CacheFileStore.html#method-c-new","(storage_path, serializer = Marshal)","
The serializer must have the 2 methods .load and .dump (Marshal and YAML\nhave them) YAML is Human Readable …\n"],["new","Exploit","Exploit.html#method-c-new","(wp_url, type, uri, postdata, use_proxy, proxy_addr, proxy_port)",""],["new","Generate_List","Generate_List.html#method-c-new","(type, verbose)","
type = themes | plugins\n"],["new","RpcClient","RpcClient.html#method-c-new","()",""],["new","Svn_Parser","Svn_Parser.html#method-c-new","(svn_root, verbose, keep_empty_dirs = false)",""],["new","Updater","Updater.html#method-c-new","(repo_directory = nil)","
TODO : add a last ‘/ to repo_directory if it’s not present\n"],["new","WpItem","WpItem.html#method-c-new","(options)",""],["new","WpPlugin","WpPlugin.html#method-c-new","(options = {})",""],["new","WpTarget","WpTarget.html#method-c-new","(target_url, options = {})",""],["new","WpTheme","WpTheme.html#method-c-new","(options = {})",""],["new","WpUser","WpUser.html#method-c-new","(name, id, nickname)",""],["new","WpVersion","WpVersion.html#method-c-new","(number, options = {})",""],["new","WpVulnerability","WpVulnerability.html#method-c-new","(title, reference, type)",""],["new","WpscanOptions","WpscanOptions.html#method-c-new","()",""],["nickname","WpUser","WpUser.html#method-i-nickname","()",""],["nickname=","WpUser","WpUser.html#method-i-nickname-3D","(new_nickname)",""],["option_to_instance_variable_setter","WpscanOptions","WpscanOptions.html#method-c-option_to_instance_variable_setter","(option)",""],["parse","Svn_Parser","Svn_Parser.html#method-i-parse","(dirs=nil)",""],["passive_detection","WpDetector","WpDetector.html#method-c-passive_detection","(url, type, wp_content_dir)","
plugins and themes can be found in the source code :\n\n
<script src='http://example.com/wp-content/plugins/s2member/...' ...\n"],["plugins_from_aggressive_detection","WpPlugins","WpPlugins.html#method-i-plugins_from_aggressive_detection","(options)","Enumerate installed plugins.\n
return array of WpPlugin\n"],["plugins_from_passive_detection","WpPlugins","WpPlugins.html#method-i-plugins_from_passive_detection","(options)","
code.google.com/p/wpscan/issues/detail?id=42 plugins can be found in the\nsource code :\n\n
<script src='http://example.com/wp-content/plugins/s2member/...' ...\n"],["post","Browser","Browser.html#method-i-post","(url, params = {})",""],["proxy=","WpscanOptions","WpscanOptions.html#method-i-proxy-3D","(proxy)",""],["proxy_auth=","Browser","Browser.html#method-i-proxy_auth-3D","(auth)",""],["proxy_auth=","WpscanOptions","WpscanOptions.html#method-i-proxy_auth-3D","(auth)",""],["raise_invalid_proxy_format","Browser","Browser.html#method-i-raise_invalid_proxy_format","()",""],["raise_must_be_implemented","Updater","Updater.html#method-i-raise_must_be_implemented","()",""],["read_entry","CacheFileStore","CacheFileStore.html#method-i-read_entry","(key)",""],["read_shell","Exploit","Exploit.html#method-i-read_shell","(id)","read data from a shell, meterpreter is not classed as a shell.\n"],["read_shell","RpcClient","RpcClient.html#method-i-read_shell","(id)","
reads any pending output from session\n"],["readme_url","WpItem","WpItem.html#method-i-readme_url","()","
Url for readme.txt\n"],["readme_url","WpReadme","WpReadme.html#method-i-readme_url","()",""],["red","Object","Object.html#method-i-red","(text)",""],["redirection","WebSite","WebSite.html#method-i-redirection","(url = nil)","
see if the remote url returns 30x redirect return a string with the\nredirection or nil\n"],["registration_enabled?","WpTarget","WpTarget.html#method-i-registration_enabled-3F","()","
Should check wp-login.php if registration is enabled or not\n"],["registration_url","WpTarget","WpTarget.html#method-i-registration_url","()",""],["remove_junk_from_nickname","WpUsernames","WpUsernames.html#method-i-remove_junk_from_nickname","(usernames)",""],["repo_directory_arguments","GitUpdater","GitUpdater.html#method-i-repo_directory_arguments","()",""],["require_files_from_directory","Object","Object.html#method-i-require_files_from_directory","(absolute_dir_path, files_pattern = \"*.rb\")","
TODO : add an exclude pattern ?\n"],["reset","Browser","Browser.html#method-c-reset","()",""],["save","Generate_List","Generate_List.html#method-i-save","(items)","
Save the file\n"],["search_replace_db_2_exists?","WpTarget","WpTarget.html#method-i-search_replace_db_2_exists-3F","()",""],["search_replace_db_2_url","WpTarget","WpTarget.html#method-i-search_replace_db_2_url","()","
Script for replacing strings in wordpress databases reveals databse\ncredentials after hitting submit …\n"],["session_count","Exploit","Exploit.html#method-i-session_count","()","
a count of the amount of active sessions\n"],["sessions","Exploit","Exploit.html#method-i-sessions","()","
all sessions and related session data\n"],["sessions","RpcClient","RpcClient.html#method-i-sessions","()","
list msf sessions\n"],["set_file_name","Generate_List","Generate_List.html#method-i-set_file_name","(type)",""],["set_option_from_cli","WpscanOptions","WpscanOptions.html#method-i-set_option_from_cli","(cli_option, cli_value)","
string cli_option : –url, -u, –proxy etc string cli_value : the option\nvalue\n"],["simple_login_lockdown_url","WpLoginProtection","WpLoginProtection.html#method-i-simple_login_lockdown_url","()",""],["start","Exploit","Exploit.html#method-i-start","()","
figure out what to exploit\n"],["targets_url_from_theme","WpTimthumbs","WpTimthumbs.html#method-i-targets_url_from_theme","(theme_name, options)",""],["theme","WpTarget","WpTarget.html#method-i-theme","()","
return WpTheme\n"],["themes_from_aggressive_detection","WpThemes","WpThemes.html#method-i-themes_from_aggressive_detection","(options)",""],["themes_from_passive_detection","WpThemes","WpThemes.html#method-i-themes_from_passive_detection","(options)",""],["threads=","WpscanOptions","WpscanOptions.html#method-i-threads-3D","(threads)",""],["timthumbs","WpTimthumbs","WpTimthumbs.html#method-i-timthumbs","(theme_name = nil, options = {})",""],["to_h","WpscanOptions","WpscanOptions.html#method-i-to_h","()","
return Hash\n"],["to_s","WpItem","WpItem.html#method-i-to_s","()","
To string. Adds a version number if detected\n"],["update","GitUpdater","GitUpdater.html#method-i-update","()",""],["update","SvnUpdater","SvnUpdater.html#method-i-update","()",""],["update","Updater","Updater.html#method-i-update","()",""],["url","WpTarget","WpTarget.html#method-i-url","()","
Alias of @uri.to_s\n"],["url=","WpscanOptions","WpscanOptions.html#method-i-url-3D","(url)",""],["usage","Object","Object.html#method-i-usage","()","
wpscan usage\n"],["user_agent","Browser","Browser.html#method-i-user_agent","()","
return the user agent, according to the user_agent_mode\n"],["user_agent_mode=","Browser","Browser.html#method-i-user_agent_mode-3D","(ua_mode)",""],["usernames","WpUsernames","WpUsernames.html#method-i-usernames","(options = {})","
Enumerate wordpress usernames by using Veronica Valeros’s technique:\nseclists.org/fulldisclosure/2011/May/493 …\n"],["valid_response_codes","WpTarget","WpTarget.html#method-c-valid_response_codes","()","
Valid HTTP return codes\n"],["version","WpItem","WpItem.html#method-i-version","()","
Returns version number from readme.txt if it exists\n"],["version","WpTarget","WpTarget.html#method-i-version","()","
return WpVersion\n"],["version_pattern","WpVersion","WpVersion.html#method-c-version_pattern","()","
Used to check if the version is correct: must contain at least one dot.\n"],["vulnerabilities","Vulnerable","Vulnerable.html#method-i-vulnerabilities","()","
@return an array of WpVulnerability (can be empty)\n"],["wordlist=","WpscanOptions","WpscanOptions.html#method-i-wordlist-3D","(wordlist)",""],["wp_content_dir","WpTarget","WpTarget.html#method-i-wp_content_dir","()",""],["wp_plugins_dir","WpTarget","WpTarget.html#method-i-wp_plugins_dir","()",""],["wp_plugins_dir_exists?","WpTarget","WpTarget.html#method-i-wp_plugins_dir_exists-3F","()",""],["write_entry","CacheFileStore","CacheFileStore.html#method-i-write_entry","(key, data_to_store, cache_timeout)",""],["write_shell","Exploit","Exploit.html#method-i-write_shell","(id, data)","
write data to a shell, meterpreter is not classed as a shell.\n"],["write_shell","RpcClient","RpcClient.html#method-i-write_shell","(id, data)","
writes the specified input into the session\n"],["xmlrpc_url","WebSite","WebSite.html#method-i-xmlrpc_url","()",""],["CREDITS","","CREDITS.html","","
*CREDITS*\n
This file is to give credit to WPScan’s contributors. If you feel your name\nshould be in here, …\n"],["Gemfile","","Gemfile.html","","
source “rubygems.org”\n
gem “typhoeus”, “0.4.2” gem “rspec”, :require …\n"],["README","","README.html","","
__\n\n
__ _______ _____\n\\ \\ / / __ \\ / ____|\n \\ \\ /\\ / /| |__) | (___ ___ __ _ _ __ ...\n"]]}} \ No newline at end of file diff --git a/doc/js/searcher.js b/doc/js/searcher.js new file mode 100644 index 00000000..f854b541 --- /dev/null +++ b/doc/js/searcher.js @@ -0,0 +1,228 @@ +Searcher = function(data) { + this.data = data; + this.handlers = []; +} + +Searcher.prototype = new function() { + // search is performed in chunks of 1000 for non-blocking user input + var CHUNK_SIZE = 1000; + // do not try to find more than 100 results + var MAX_RESULTS = 100; + var huid = 1; + var suid = 1; + var runs = 0; + + this.find = function(query) { + var queries = splitQuery(query); + var regexps = buildRegexps(queries); + var highlighters = buildHilighters(queries); + var state = { from: 0, pass: 0, limit: MAX_RESULTS, n: suid++}; + var _this = this; + + this.currentSuid = state.n; + + if (!query) return; + + var run = function() { + // stop current search thread if new search started + if (state.n != _this.currentSuid) return; + + var results = + performSearch(_this.data, regexps, queries, highlighters, state); + var hasMore = (state.limit > 0 && state.pass < 4); + + triggerResults.call(_this, results, !hasMore); + if (hasMore) { + setTimeout(run, 2); + } + runs++; + }; + runs = 0; + + // start search thread + run(); + } + + /* ----- Events ------ */ + this.ready = function(fn) { + fn.huid = huid; + this.handlers.push(fn); + } + + /* ----- Utilities ------ */ + function splitQuery(query) { + return jQuery.grep(query.split(/(\s+|::?|\(\)?)/), function(string) { + return string.match(/\S/) + }); + } + + function buildRegexps(queries) { + return jQuery.map(queries, function(query) { + return new RegExp(query.replace(/(.)/g, '([$1])([^$1]*?)'), 'i') + }); + } + + function buildHilighters(queries) { + return jQuery.map(queries, function(query) { + return jQuery.map(query.split(''), function(l, i) { + return '\u0001$' + (i*2+1) + '\u0002$' + (i*2+2); + }).join(''); + }); + } + + // function longMatchRegexp(index, longIndex, regexps) { + // for (var i = regexps.length - 1; i >= 0; i--){ + // if (!index.match(regexps[i]) && !longIndex.match(regexps[i])) return false; + // }; + // return true; + // } + + + /* ----- Mathchers ------ */ + + /* + * This record matches if the index starts with queries[0] and the record + * matches all of the regexps + */ + function matchPassBeginning(index, longIndex, queries, regexps) { + if (index.indexOf(queries[0]) != 0) return false; + for (var i=1, l = regexps.length; i < l; i++) { + if (!index.match(regexps[i]) && !longIndex.match(regexps[i])) + return false; + }; + return true; + } + + /* + * This record matches if the longIndex starts with queries[0] and the + * longIndex matches all of the regexps + */ + function matchPassLongIndex(index, longIndex, queries, regexps) { + if (longIndex.indexOf(queries[0]) != 0) return false; + for (var i=1, l = regexps.length; i < l; i++) { + if (!longIndex.match(regexps[i])) + return false; + }; + return true; + } + + /* + * This record matches if the index contains queries[0] and the record + * matches all of the regexps + */ + function matchPassContains(index, longIndex, queries, regexps) { + if (index.indexOf(queries[0]) == -1) return false; + for (var i=1, l = regexps.length; i < l; i++) { + if (!index.match(regexps[i]) && !longIndex.match(regexps[i])) + return false; + }; + return true; + } + + /* + * This record matches if regexps[0] matches the index and the record + * matches all of the regexps + */ + function matchPassRegexp(index, longIndex, queries, regexps) { + if (!index.match(regexps[0])) return false; + for (var i=1, l = regexps.length; i < l; i++) { + if (!index.match(regexps[i]) && !longIndex.match(regexps[i])) + return false; + }; + return true; + } + + + /* ----- Highlighters ------ */ + function highlightRegexp(info, queries, regexps, highlighters) { + var result = createResult(info); + for (var i=0, l = regexps.length; i < l; i++) { + result.title = result.title.replace(regexps[i], highlighters[i]); + result.namespace = result.namespace.replace(regexps[i], highlighters[i]); + }; + return result; + } + + function hltSubstring(string, pos, length) { + return string.substring(0, pos) + '\u0001' + string.substring(pos, pos + length) + '\u0002' + string.substring(pos + length); + } + + function highlightQuery(info, queries, regexps, highlighters) { + var result = createResult(info); + var pos = 0; + var lcTitle = result.title.toLowerCase(); + + pos = lcTitle.indexOf(queries[0]); + if (pos != -1) { + result.title = hltSubstring(result.title, pos, queries[0].length); + } + + result.namespace = result.namespace.replace(regexps[0], highlighters[0]); + for (var i=1, l = regexps.length; i < l; i++) { + result.title = result.title.replace(regexps[i], highlighters[i]); + result.namespace = result.namespace.replace(regexps[i], highlighters[i]); + }; + return result; + } + + function createResult(info) { + var result = {}; + result.title = info[0]; + result.namespace = info[1]; + result.path = info[2]; + result.params = info[3]; + result.snippet = info[4]; + return result; + } + + /* ----- Searching ------ */ + function performSearch(data, regexps, queries, highlighters, state) { + var searchIndex = data.searchIndex; + var longSearchIndex = data.longSearchIndex; + var info = data.info; + var result = []; + var i = state.from; + var l = searchIndex.length; + var togo = CHUNK_SIZE; + var matchFunc, hltFunc; + + while (state.pass < 4 && state.limit > 0 && togo > 0) { + if (state.pass == 0) { + matchFunc = matchPassBeginning; + hltFunc = highlightQuery; + } else if (state.pass == 1) { + matchFunc = matchPassLongIndex; + hltFunc = highlightQuery; + } else if (state.pass == 2) { + matchFunc = matchPassContains; + hltFunc = highlightQuery; + } else if (state.pass == 3) { + matchFunc = matchPassRegexp; + hltFunc = highlightRegexp; + } + + for (; togo > 0 && i < l && state.limit > 0; i++, togo--) { + if (info[i].n == state.n) continue; + if (matchFunc(searchIndex[i], longSearchIndex[i], queries, regexps)) { + info[i].n = state.n; + result.push(hltFunc(info[i], queries, regexps, highlighters)); + state.limit--; + } + }; + if (searchIndex.length <= i) { + state.pass++; + i = state.from = 0; + } else { + state.from = i; + } + } + return result; + } + + function triggerResults(results, isLast) { + jQuery.each(this.handlers, function(i, fn) { + fn.call(this, results, isLast) + }) + } +} + diff --git a/doc/table_of_contents.html b/doc/table_of_contents.html new file mode 100644 index 00000000..5b58c84b --- /dev/null +++ b/doc/table_of_contents.html @@ -0,0 +1,608 @@ + + + + + + +Table of Contents - RDoc Documentation + + + + + + + + + + + + + + +Table of Contents - RDoc Documentation
+ +Pages
+Classes/Modules
++
+ +- + Array +
+- + Browser +
+- + BruteForce +
+- + CacheFileStore +
+- + Exploit +
+- + Generate_List +
+- + GitUpdater +
+- + Malwares +
+- + Object +
+- + RpcClient +
+- + SvnUpdater +
+- + Svn_Parser +
+- + URI +
+- + Updater +
+- + UpdaterFactory +
+- + Vulnerable +
+- + WebSite +
+- + WpConfigBackup +
+- + WpDetector +
+- + WpEnumerator +
+- + WpFullPathDisclosure +
+- + WpItem +
+- + WpLoginProtection +
+- + WpOptions + +
++
+
+- Options +
- + WpPlugin +
+- + WpPlugins +
+- + WpReadme +
+- + WpTarget +
+- + WpTheme +
+- + WpThemes +
+- + WpTimthumbs +
+- + WpUser +
+- + WpUsernames +
+- + WpVersion +
+- + WpVulnerability +
+- + WpscanOptions +
+ +Methods
++ +
+ + + +- ::aggressive_detection — WpDetector + +
- ::available_updaters_classes — UpdaterFactory + +
- ::check_options — WpOptions + +
- ::clean_option — WpscanOptions + +
- ::config_backup_files — WpConfigBackup + +
- ::enumerate — WpEnumerator + +
- ::escape — URI + +
- ::find — WpTheme + +
- ::find — WpVersion + +
- ::find_from_advanced_fingerprinting — WpVersion + +
- ::find_from_atom_generator — WpVersion + +
- ::find_from_css_link — WpTheme + +
- ::find_from_links_opml — WpVersion + +
- ::find_from_meta_generator — WpVersion + +
- ::find_from_rdf_generator — WpVersion + +
- ::find_from_readme — WpVersion + +
- ::find_from_rss_generator — WpVersion + +
- ::find_from_sitemap_generator — WpVersion + +
- ::find_from_wooframework — WpTheme + +
- ::generate_items — WpEnumerator + +
- ::get_opt_long — WpscanOptions + +
- ::get_updater — UpdaterFactory + +
- ::instance — Browser + +
- ::is_long_option? — WpscanOptions + +
- ::lines_in_file — BruteForce + +
- ::load_from_arguments — WpscanOptions + +
- ::malware_pattern — Malwares + +
- ::malwares_file — Malwares + +
- ::new — WpTarget + +
- ::new — WpscanOptions + +
- ::new — WpVersion + +
- ::new — WpPlugin + +
- ::new — WpItem + +
- ::new — WpUser + +
- ::new — CacheFileStore + +
- ::new — WpVulnerability + +
- ::new — Updater + +
- ::new — Exploit + +
- ::new — Generate_List + +
- ::new — WpTheme + +
- ::new — Svn_Parser + +
- ::new — RpcClient + +
- ::option_to_instance_variable_setter — WpscanOptions + +
- ::passive_detection — WpDetector + +
- ::reset — Browser + +
- ::valid_response_codes — WpTarget + +
- ::version_pattern — WpVersion + +
- #<=> — WpUser + +
- #<=> — WpItem + +
- #== — WpItem + +
- #=== — WpTheme + +
- #=== — WpUser + +
- #=== — WpItem + +
- #_grep_ — Array + +
- #add_http_protocol — Object + +
- #add_trailing_slash — Object + +
- #authenticate — RpcClient + +
- #author_url — WpUsernames + +
- #banner — Object + +
- #better_wp_security_url — WpLoginProtection + +
- #bluetrait_event_viewer_url — WpLoginProtection + +
- #brute_force — BruteForce + +
- #changelog_url — WpItem + +
- #choose_session — Exploit + +
- #clean — CacheFileStore + +
- #colorize — Object + +
- #config_backup — WpConfigBackup + +
- #debug_log_url — WpTarget + +
- #directory_listing? — WpItem + +
- #enumerate_all_plugins= — WpscanOptions + +
- #enumerate_all_themes= — WpscanOptions + +
- #enumerate_only_vulnerable_plugins= — WpscanOptions + +
- #enumerate_only_vulnerable_themes= — WpscanOptions + +
- #enumerate_options_from_string — WpscanOptions + +
- #enumerate_plugins= — WpscanOptions + +
- #enumerate_themes= — WpscanOptions + +
- #eql? — WpUser + +
- #error_404_hash — WpTarget + +
- #error_log? — WpPlugin + +
- #error_log_url — WpPlugin + +
- #exploit — RpcClient + +
- #exploit — Exploit + +
- #exploit_info — Exploit + +
- #extract_name_from_url — WpItem + +
- #extract_nickname_from_body — WpUsernames + +
- #forge_request — Browser + +
- #full_path_disclosure_url — WpFullPathDisclosure + +
- #generate_full_list — Generate_List + +
- #generate_popular_list — Generate_List + +
- #get — Browser + +
- #get_entry_file_path — CacheFileStore + +
- #get_equal_string_end — Object + +
- #get_exploit_info — RpcClient + +
- #get_full_url — WpItem + +
- #get_nickname_from_response — WpUsernames + +
- #get_nickname_from_url — WpUsernames + +
- #get_options — RpcClient + +
- #get_payloads — RpcClient + +
- #get_popular_items — Generate_List + +
- #get_sub_folder — WpItem + +
- #get_url_without_filename — WpItem + +
- #green — Object + +
- #grep — Array + +
- #has_better_wp_security_protection? — WpLoginProtection + +
- #has_bluetrait_event_viewer_protection? — WpLoginProtection + +
- #has_changelog? — WpItem + +
- #has_debug_log? — WpTarget + +
- #has_full_path_disclosure? — WpFullPathDisclosure + +
- #has_limit_login_attempts_protection? — WpLoginProtection + +
- #has_login_lock_protection? — WpLoginProtection + +
- #has_login_lockdown_protection? — WpLoginProtection + +
- #has_login_protection? — WpLoginProtection + +
- #has_login_security_solution_protection? — WpLoginProtection + +
- #has_malwares? — Malwares + +
- #has_options? — WpscanOptions + +
- #has_readme? — WpReadme + +
- #has_readme? — WpItem + +
- #has_simple_login_lockdown_protection? — WpLoginProtection + +
- #has_timthumbs? — WpTimthumbs + +
- #help — Object + +
- #id — WpUser + +
- #id= — WpUser + +
- #is_installed? — Updater + +
- #is_installed? — SvnUpdater + +
- #is_installed? — GitUpdater + +
- #is_multisite? — WpTarget + +
- #is_online? — WebSite + +
- #is_wordpress? — WebSite + +
- #job_id — Exploit + +
- #jobs — RpcClient + +
- #kill_session — Exploit + +
- #kill_session — RpcClient + +
- #last_session_id — Exploit + +
- #limit_login_attempts_url — WpLoginProtection + +
- #load_config — Browser + +
- #local_revision_number — SvnUpdater + +
- #local_revision_number — Updater + +
- #local_revision_number — GitUpdater + +
- #login — RpcClient + +
- #login_protection_plugin — WpLoginProtection + +
- #login_security_solution_url — WpLoginProtection + +
- #login_url — WpTarget + +
- #malwares — Malwares + +
- #max_threads= — Browser + +
- #merge_request_params — Browser + +
- #meterpreter_read — Exploit + +
- #meterpreter_read — RpcClient + +
- #meterpreter_write — Exploit + +
- #meterpreter_write — RpcClient + +
- #name — WpUser + +
- #name= — WpUser + +
- #nickname — WpUser + +
- #nickname= — WpUser + +
- #parse — Svn_Parser + +
- #plugins_from_aggressive_detection — WpPlugins + +
- #plugins_from_passive_detection — WpPlugins + +
- #post — Browser + +
- #proxy= — WpscanOptions + +
- #proxy_auth= — WpscanOptions + +
- #proxy_auth= — Browser + +
- #raise_invalid_proxy_format — Browser + +
- #raise_must_be_implemented — Updater + +
- #read_entry — CacheFileStore + +
- #read_shell — RpcClient + +
- #read_shell — Exploit + +
- #readme_url — WpItem + +
- #readme_url — WpReadme + +
- #red — Object + +
- #redirection — WebSite + +
- #registration_enabled? — WpTarget + +
- #registration_url — WpTarget + +
- #remove_junk_from_nickname — WpUsernames + +
- #repo_directory_arguments — GitUpdater + +
- #require_files_from_directory — Object + +
- #save — Generate_List + +
- #search_replace_db_2_exists? — WpTarget + +
- #search_replace_db_2_url — WpTarget + +
- #session_count — Exploit + +
- #sessions — Exploit + +
- #sessions — RpcClient + +
- #set_file_name — Generate_List + +
- #set_option_from_cli — WpscanOptions + +
- #simple_login_lockdown_url — WpLoginProtection + +
- #start — Exploit + +
- #targets_url_from_theme — WpTimthumbs + +
- #theme — WpTarget + +
- #themes_from_aggressive_detection — WpThemes + +
- #themes_from_passive_detection — WpThemes + +
- #threads= — WpscanOptions + +
- #timthumbs — WpTimthumbs + +
- #to_h — WpscanOptions + +
- #to_s — WpItem + +
- #update — SvnUpdater + +
- #update — GitUpdater + +
- #update — Updater + +
- #url — WpTarget + +
- #url= — WpscanOptions + +
- #usage — Object + +
- #user_agent — Browser + +
- #user_agent_mode= — Browser + +
- #usernames — WpUsernames + +
- #version — WpItem + +
- #version — WpTarget + +
- #vulnerabilities — Vulnerable + +
- #wordlist= — WpscanOptions + +
- #wp_content_dir — WpTarget + +
- #wp_plugins_dir — WpTarget + +
- #wp_plugins_dir_exists? — WpTarget + +
- #write_entry — CacheFileStore + +
- #write_shell — RpcClient + +
- #write_shell — Exploit + +
- #xmlrpc_url — WebSite + +