diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb index 8170070d..4949a6c7 100644 --- a/lib/wpscan/wp_target.rb +++ b/lib/wpscan/wp_target.rb @@ -44,7 +44,13 @@ class WpTarget < WebSite fail "The target is responding with a 403, this might be due to a WAF or a plugin.\n" \ 'You should try to supply a valid user-agent via the --user-agent option or use the --random-agent option' if response.code == 403 - if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i + if wp_content_dir + dir = wp_content_dir + else + dir = 'wp-content' + end + + if response.body =~ /["'][^"']*\/#{Regexp.escape(dir)}\/[^"']*["']/i wordpress = true else diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb index f191a1e4..bf6fc933 100644 --- a/spec/lib/wpscan/wp_target_spec.rb +++ b/spec/lib/wpscan/wp_target_spec.rb @@ -4,6 +4,7 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpTarget do subject(:wp_target) { WpTarget.new(target_url, options) } + subject(:wp_target_custom) { WpTarget.new(target_url, options_custom) } let(:target_url) { 'http://example.localhost/' } let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR } let(:login_url) { wp_target.uri.merge('wp-login.php').to_s } @@ -15,6 +16,14 @@ describe WpTarget do wp_plugins_dir: 'wp-content/plugins' } } + let(:options_custom) { + { + config_file: SPEC_FIXTURES_CONF_DIR + '/browser.conf.json', + cache_ttl: 0, + wp_content_dir: 'custom-content', + wp_plugins_dir: 'custom-content/plugins' + } + } before { Browser::reset } @@ -69,6 +78,11 @@ describe WpTarget do expect(wp_target).to be_wordpress end + it 'returns true if a custom content directory is detected' do + stub_request_to_fixture(url: wp_target_custom.url, fixture: fixtures_dir + '/wp_content_dir/wordpress-3.4.1-custom.htm') + expect(wp_target_custom).to be_wordpress + end + it 'returns true if the xmlrpc is found' do stub_request(:get, wp_target.xml_rpc_url). to_return(status: 200, body: File.new(fixtures_dir + '/xmlrpc.php'))