garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Code factoring

Browse Source
This commit is contained in:
erwanlr
2013-02-20 14:45:04 +01:00
parent 5ff2bef328
commit e919474424
4 changed files with 42 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/browser.rb
View File

@@ -166,13 +166,21 @@ class Browser
def get(url, params = {})
run_request(
forge_request(url, params.merge(:method => :get))
forge_request(url, params.merge(method: :get))
)
end
def post(url, params = {})
run_request(
forge_request(url, params.merge(:method => :post))
forge_request(url, params.merge(method: :post))
)
end
def get_and_follow_location(url, params = {})
params[:max_redirects] ||= 2
run_request(
forge_request(url, params.merge(method: :get, follow_location: true))
)
end

15
lib/wpscan/wp_target.rb
View File

@@ -47,26 +47,17 @@ class WpTarget < WebSite
def wordpress?
wordpress = false
response = Browser.instance.get(
@uri.to_s,
{ follow_location: true, max_redirects: 2 }
)
response = Browser.instance.get_and_follow_location(@uri.to_s)
if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
wordpress = true
else
response = Browser.instance.get(
xml_rpc_url,
{ follow_location: true, max_redirects: 2 }
)
response = Browser.instance.get_and_follow_location(xml_rpc_url)
if response.body =~ %r{XML-RPC server accepts POST requests only}i
wordpress = true
else
response = Browser.instance.get(
login_url,
{ follow_location: true, max_redirects: 2 }
)
response = Browser.instance.get_and_follow_location(login_url)
if response.body =~ %r{WordPress}i
wordpress = true

12
lib/wpscan/wp_version.rb
View File

@@ -61,7 +61,7 @@ class WpVersion < Vulnerable
# that it is reinstated on upgrade.
def self.find_from_meta_generator(options)
target_uri = options[:base_url]
response = Browser.instance.get(target_uri.to_s, { follow_location: true, max_redirects: 2 })
response = Browser.instance.get_and_follow_location(target_uri.to_s)
response.body[%r{name="generator" content="wordpress #{WpVersion.version_pattern}"}i, 1]
end
@@ -70,7 +70,7 @@ class WpVersion < Vulnerable
# the generator tag in the RSS feed source.
def self.find_from_rss_generator(options)
target_uri = options[:base_url]
response = Browser.instance.get(target_uri.merge('feed/').to_s, { follow_location: true, max_redirects: 2 })
response = Browser.instance.get_and_follow_location(target_uri.merge('feed/').to_s)
response.body[%r{<generator>http://wordpress.org/\?v=#{WpVersion.version_pattern}</generator>}i, 1]
end
@@ -79,7 +79,7 @@ class WpVersion < Vulnerable
# the generator tag in the RDF feed source.
def self.find_from_rdf_generator(options)
target_uri = options[:base_url]
response = Browser.instance.get(target_uri.merge('feed/rdf/').to_s, { follow_location: true, max_redirects: 2 })
response = Browser.instance.get_and_follow_location(target_uri.merge('feed/rdf/').to_s)
response.body[%r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{WpVersion.version_pattern}" />}i, 1]
end
@@ -90,7 +90,7 @@ class WpVersion < Vulnerable
# Have not been able to find an example of this - Ryan
#def self.find_from_rss2_generator(options)
# target_uri = options[:base_url]
# response = Browser.instance.get(target_uri.merge('feed/rss/').to_s, {:follow_location => true, :max_redirects => 2})
# response = Browser.instance.get_and_follow_location(target_uri.merge('feed/rss/').to_s)
#
# response.body[%r{<generator>http://wordpress.org/?v=(#{WpVersion.version_pattern})</generator>}i, 1]
#end
@@ -99,7 +99,7 @@ class WpVersion < Vulnerable
# the generator tag in the Atom source.
def self.find_from_atom_generator(options)
target_uri = options[:base_url]
response = Browser.instance.get(target_uri.merge('feed/atom/').to_s, { follow_location: true, max_redirects: 2 })
response = Browser.instance.get_and_follow_location(target_uri.merge('feed/atom/').to_s)
response.body[%r{<generator uri="http://wordpress.org/" version="#{WpVersion.version_pattern}">WordPress</generator>}i, 1]
end
@@ -110,7 +110,7 @@ class WpVersion < Vulnerable
# Have not been able to find an example of this - Ryan
#def self.find_from_comments_rss_generator(options)
# target_uri = options[:base_url]
# response = Browser.instance.get(target_uri.merge('comments/feed/').to_s, {:follow_location => true, :max_redirects => 2})
# response = Browser.instance.get_and_follow_location(target_uri.merge('comments/feed/').to_s)
#
# response.body[%r{<!-- generator="WordPress/#{WpVersion.version_pattern}" -->}i, 1]
#end