garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: garfield:2.1
Branches Tags
garfield:master garfield:dependabot/bundler/rubocop-tw-1.59.0 garfield:dfs garfield:fix/handle-invalid-wp-json-response garfield:fix/non-latin-character-slugs garfield:dependabot/bundler/rubocop-performance-tw-1.19.1 garfield:dependabot/github_actions/docker/login-action-3.0.0 garfield:dependabot/github_actions/docker/setup-qemu-action-3 garfield:dependabot/github_actions/docker/build-push-action-5 garfield:dependabot/github_actions/docker/setup-buildx-action-3 garfield:fix/gem-push garfield:revert-1757-master garfield:dependabot/bundler/simplecov-tw-0.22.0 garfield:gh-pages garfield:3.9.0 garfield:v2 garfield:plugin-backup-folder
garfield:v3.8.25 garfield:v3.8.24 garfield:v3.8.23 garfield:v3.8.22 garfield:v3.8.21 garfield:v3.8.20 garfield:v3.8.19 garfield:v3.8.18 garfield:v3.8.17 garfield:v3.8.16 garfield:v3.8.15 garfield:v3.8.14 garfield:v3.8.13 garfield:v3.8.12 garfield:v3.8.11 garfield:v3.8.10 garfield:v3.8.9 garfield:v3.8.8 garfield:v3.8.7 garfield:v3.8.6 garfield:v3.8.5 garfield:v3.8.4 garfield:v3.8.3 garfield:v3.8.2 garfield:v3.8.1 garfield:v3.8.0 garfield:v3.7.11 garfield:v3.7.10 garfield:v3.7.9 garfield:v3.7.8 garfield:v3.7.7 garfield:v3.7.6 garfield:v3.7.5 garfield:v3.7.4 garfield:v3.7.3 garfield:v3.7.2 garfield:v3.7.1 garfield:v3.7.0 garfield:v3.6.3 garfield:v3.6.2 garfield:v3.6.1 garfield:v3.6.0 garfield:v3.5.5 garfield:v3.5.4 garfield:v3.5.3 garfield:v3.5.2 garfield:v3.5.1 garfield:v3.5.0 garfield:v3.4.5 garfield:v3.4.4 garfield:v3.4.3 garfield:v3.4.2 garfield:v3.4.1 garfield:v3.4.0 garfield:v3.3.3 garfield:v3.3.2 garfield:v3.3.1 garfield:3.3.0 garfield:2.9.4 garfield:2.9.3 garfield:2.9.2 garfield:2.9.1 garfield:2.9 garfield:2.8 garfield:2.7 garfield:2.6 garfield:2.5.1 garfield:2.5 garfield:2.4.1 garfield:2.4 garfield:2.3 garfield:2.2 garfield:2.1
...
compare: garfield:2.2
Branches Tags
garfield:dependabot/bundler/rubocop-tw-1.59.0 garfield:master garfield:dfs garfield:fix/handle-invalid-wp-json-response garfield:fix/non-latin-character-slugs garfield:dependabot/bundler/rubocop-performance-tw-1.19.1 garfield:dependabot/github_actions/docker/login-action-3.0.0 garfield:dependabot/github_actions/docker/setup-qemu-action-3 garfield:dependabot/github_actions/docker/build-push-action-5 garfield:dependabot/github_actions/docker/setup-buildx-action-3 garfield:fix/gem-push garfield:revert-1757-master garfield:dependabot/bundler/simplecov-tw-0.22.0 garfield:gh-pages garfield:3.9.0 garfield:v2 garfield:plugin-backup-folder
garfield:v3.8.25 garfield:v3.8.24 garfield:v3.8.23 garfield:v3.8.22 garfield:v3.8.21 garfield:v3.8.20 garfield:v3.8.19 garfield:v3.8.18 garfield:v3.8.17 garfield:v3.8.16 garfield:v3.8.15 garfield:v3.8.14 garfield:v3.8.13 garfield:v3.8.12 garfield:v3.8.11 garfield:v3.8.10 garfield:v3.8.9 garfield:v3.8.8 garfield:v3.8.7 garfield:v3.8.6 garfield:v3.8.5 garfield:v3.8.4 garfield:v3.8.3 garfield:v3.8.2 garfield:v3.8.1 garfield:v3.8.0 garfield:v3.7.11 garfield:v3.7.10 garfield:v3.7.9 garfield:v3.7.8 garfield:v3.7.7 garfield:v3.7.6 garfield:v3.7.5 garfield:v3.7.4 garfield:v3.7.3 garfield:v3.7.2 garfield:v3.7.1 garfield:v3.7.0 garfield:v3.6.3 garfield:v3.6.2 garfield:v3.6.1 garfield:v3.6.0 garfield:v3.5.5 garfield:v3.5.4 garfield:v3.5.3 garfield:v3.5.2 garfield:v3.5.1 garfield:v3.5.0 garfield:v3.4.5 garfield:v3.4.4 garfield:v3.4.3 garfield:v3.4.2 garfield:v3.4.1 garfield:v3.4.0 garfield:v3.3.3 garfield:v3.3.2 garfield:v3.3.1 garfield:3.3.0 garfield:2.9.4 garfield:2.9.3 garfield:2.9.2 garfield:2.9.1 garfield:2.9 garfield:2.8 garfield:2.7 garfield:2.6 garfield:2.5.1 garfield:2.5 garfield:2.4.1 garfield:2.4 garfield:2.3 garfield:2.2 garfield:2.1

604 Commits
2.1 ... 2.2

Author SHA1 Message Date
erwanlr
16c7edb0f1 Forgot to bump the version :x 2013-11-12 22:38:19 +01:00
erwanlr
65cf4a0336 v2.2 release date added to changelog 2013-11-12 21:31:35 +00:00
erwanlr
89dcf33a6e Merge pull request #365 from pvdl/vulns 
Update WordPress Vulnerabilities
 2013-11-12 12:36:48 -08:00
Peter van der Laan
d4758bd22f Update plugin_vulns.xml 2013-11-12 17:19:42 +01:00
Peter van der Laan
a391453213 Update plugin_vulns.xml 2013-11-12 16:57:10 +01:00
Peter van der Laan
e18f2c9988 Update plugin_vulns.xml 2013-11-12 16:44:43 +01:00
Peter van der Laan
4e06939463 Update plugin_vulns.xml 2013-11-12 16:31:36 +01:00
Peter van der Laan
f833181d81 Update plugin_vulns.xml 2013-11-12 13:59:24 +01:00
Peter van der Laan
f16692e3ae Added some vulns from Security Focus 2013-11-12 12:18:57 +01:00
erwanlr
d02108ece2 Better Detection of Kali Linux 2013-11-12 11:07:35 +00:00
Ryan Dewhurst
71b056a1b5 Merge pull request #364 from pvdl/vulns 
Update WordPress Vulnerabilities
 2013-11-12 00:28:04 -08:00
Peter van der Laan
cc0ce769b7 Update theme_vulns.xml 2013-11-11 23:28:28 +01:00
Peter van der Laan
43c7586b61 Update theme_vulns.xml 2013-11-11 18:18:29 +01:00
Peter van der Laan
cfa222c3b6 Update OSVDB 85682,85567,85729 2013-11-11 18:01:38 +01:00
erwanlr
30709091b3 Merge pull request #363 from pvdl/vulns 
Update WordPress Vulnerabilities
 2013-11-11 05:48:44 -08:00
Peter van der Laan
5c93540f91 Update theme_vulns.xml 2013-11-11 14:05:12 +01:00
Peter van der Laan
bf8b1e92fa Added OSVDB #99553 2013-11-11 13:00:50 +01:00
Peter van der Laan
c00576e06d Added OSVDB #99485, #99515 2013-11-11 12:55:28 +01:00
erwanlr
7f9b49059b Merge pull request #361 from pvdl/master 
Create CHANGELOG.md (remove old CHANGELOG)
 2013-11-10 09:29:47 -08:00
Peter van der Laan
c292c4ba9e Delete CHANGELOG 2013-11-10 13:08:40 +01:00
Peter van der Laan
46570ecc2b Create CHANGELOG.md 2013-11-10 13:04:06 +01:00
Peter van der Laan
ed7e352d3a Merge pull request #3 from wpscanteam/master 
update master
 2013-11-10 03:43:53 -08:00
erwanlr
5e38d68adb Properly create the cache directory (Kali issue) 2013-11-09 11:26:49 +00:00
erwanlr
32cb6f86f4 Better fix for Kali 2013-11-09 10:41:30 +00:00
erwanlr
ab16368b09 Merge pull request #360 from pvdl/master 
Add a CHANGELOG
 2013-11-09 01:42:57 -08:00
Peter van der Laan
804db84b9a Update CHANGELOG 2013-11-08 15:43:48 +01:00
Peter van der Laan
48ad1a9af2 Update CHANGELOG 2013-11-08 15:31:25 +01:00
Peter van der Laan
8014093d33 Create CHANGELOG 
First commit CHANGELOG. Needs some polish
 2013-11-08 15:22:50 +01:00
Peter van der Laan
d7f6389ca8 Merge pull request #2 from wpscanteam/master 
Update master
 2013-11-08 05:36:38 -08:00
erwanlr
6ecd538364 Plugins & Themes Updated 2013-11-08 11:30:05 +00:00
erwanlr
f58794f797 Most popular themes list generation set to 20 pages 
150 was more than the max existing pages (there are 140 pages in the
wordpress.org theme list)
 2013-11-08 11:28:13 +00:00
erwanlr
fe71c2e543 metasploit module reference to the ofc upload vuln 2013-11-07 16:40:06 +00:00
erwanlr
02a013bdfa Trying a fix for Kali Linux 2013-11-07 15:20:19 +00:00
erwanlr
098e75f12d Merge pull request #358 from pvdl/vulns 
Update WordPress Vulnerabilities
 2013-11-07 04:16:08 -08:00
Peter van der Laan
dd7c793966 Update plugin_vulns.xml 2013-11-07 12:54:56 +01:00
Peter van der Laan
a4662d0519 Added some "old" Secunia vulns 2013-11-07 12:19:50 +01:00
Peter van der Laan
a7d64b0e1d Update plugin_vulns.xml 2013-11-07 11:49:47 +01:00
Peter van der Laan
02545340f0 Update theme_vulns.xml 2013-11-07 11:31:42 +01:00
erwanlr
58ebf4786d Merge pull request #357 from pvdl/vulns 
Update WordPress Vulnerabilities and some code cleaning
 2013-11-06 13:05:25 -08:00
Peter van der Laan
843f783a7a Update output.rb 2013-11-06 20:12:25 +01:00
Peter van der Laan
5e6efb4cb7 Update output.rb 2013-11-06 15:05:37 +01:00
Peter van der Laan
b6cc3400e8 Update theme_vulns.xml 2013-11-06 13:15:16 +01:00
Peter van der Laan
39724afc81 Update plugin_vulns.xml 2013-11-06 12:37:15 +01:00
Peter van der Laan
47f2545a50 Update plugin_vulns.xml 2013-11-06 11:25:03 +01:00
Ryan Dewhurst
01c45afa10 Merge pull request #356 from pvdl/vulns 
Update WordPress Vulnerabilities
 2013-11-06 01:21:21 -08:00
Peter van der Laan
b14ded2994 Update wp_vulns.xml 2013-11-06 09:39:05 +01:00
Peter van der Laan
c751009130 Update plugin_vulns.xml 2013-11-06 09:28:17 +01:00
Peter van der Laan
7122ca872a Added Exploit-DB #29150 2013-11-06 09:09:22 +01:00
Peter van der Laan
a825774341 Added OSVDB #99345 2013-11-06 08:56:35 +01:00
Peter van der Laan
cfc53f67f9 Update plugin_vulns.xml 2013-11-05 20:19:41 +01:00
Ryan Dewhurst
24466b779b Merge pull request #353 from pvdl/vulns 
Added a "Credits" card
 2013-11-05 08:52:14 -08:00
Peter van der Laan
ce6881fdc7 Added a "Credits" card 2013-11-05 17:18:35 +01:00
erwanlr
9de59d7243 Merge pull request #352 from pvdl/vulns 
Update WordPress Vulnerabilities
 2013-11-05 05:46:22 -08:00
Peter van der Laan
71b821a653 Added OSVDB #87817 2013-11-05 12:05:44 +01:00
Peter van der Laan
17fec7a161 Update plugin_vulns.xml 2013-11-05 11:31:42 +01:00
Peter van der Laan
99181a3bd9 Added OSVDB #90432, #90433, #90434 2013-11-05 09:52:33 +01:00
Peter van der Laan
529660e622 Update theme_vulns.xml 2013-11-05 09:32:08 +01:00
Peter van der Laan
16ba490f3f Added OSVDB #99339, #99340, #99341 2013-11-05 09:07:32 +01:00
erwanlr
73af9b2922 Merge pull request #351 from pvdl/vulns 
Update plugin_vulns.xml
 2013-11-04 12:29:41 -08:00
Peter van der Laan
0d80c1dc06 Update plugin_vulns.xml 2013-11-04 21:00:04 +01:00
erwanlr
942676a493 WP 3.7.1 Fingerprinting 2013-11-04 17:17:51 +00:00
erwanlr
6e16ae32cf Merge pull request #349 from pvdl/vulns 
Update WordPress Vulnerabilities
 2013-11-01 03:02:20 -07:00
Peter van der Laan
4f441d2b40 Added OSVDB #99187 2013-11-01 09:59:17 +01:00
Peter van der Laan
e4c93e2707 Update OSVDB #74835, #76658 2013-10-31 22:18:53 +01:00
erwanlr
916ce80869 Merge pull request #347 from pvdl/vulns 
Update WordPress Vulnerabilities
 2013-10-31 04:26:16 -07:00
Peter van der Laan
1ac72096af Added OSVDB #99195 2013-10-31 10:44:06 +01:00
Peter van der Laan
81e3ff6dc0 Update wp_vulns.xml 2013-10-29 16:04:26 +01:00
Peter van der Laan
ac9647d2b2 Output the vulnerability fix if available 
It just shows if there is a vulnerability fix.
It doesn't check if the fix matches with the current plugin version.
So you should check manually if you need to upgrade or not.
 2013-10-29 13:42:40 +01:00
erwanlr
81d17639eb Merge pull request #345 from pvdl/master 
Update WordPress Vulnerabilities
 2013-10-29 03:54:37 -07:00
Peter van der Laan
924770f73e Added OSVDB #99045, #99046 2013-10-29 11:45:49 +01:00
Peter van der Laan
383b2ad563 Added OSVDB #99043 2013-10-29 11:26:18 +01:00
Peter van der Laan
aca4d8ac50 Update plugin_vulns.xml 2013-10-28 19:47:04 +01:00
Peter van der Laan
9fb0597a3e Update theme_vulns.xml 2013-10-28 18:08:06 +01:00
Peter van der Laan
5921458fc4 Added OSVDB #98975 2013-10-28 17:57:54 +01:00
Peter van der Laan
fb921f8f78 Added SimplyDark Theme Vuln 2013-10-28 17:48:49 +01:00
Peter van der Laan
93597fe3ac Update wp_vulns.xml 2013-10-28 17:30:29 +01:00
Peter van der Laan
42576a9c7e Update plugin_vulns.xml 2013-10-28 16:46:12 +01:00
Peter van der Laan
7b26d0e105 Added OSVDB #98831, #98978 2013-10-28 14:45:43 +01:00
ethicalhack3r
10323a59af Changed wordpress.com scanning error to warning. See issue #343. 2013-10-28 00:32:13 +01:00
ethicalhack3r
95755f8d46 Missed full stop in error. 2013-10-28 00:20:05 +01:00
ethicalhack3r
a7d9927584 Added hosted wordpress detection. See issue #343. 2013-10-28 00:18:09 +01:00
Ryan Dewhurst
ac1228d97c Merge pull request #342 from pvdl/master 
Update WordPress Vulnerabilities
 2013-10-27 16:01:34 -07:00
Peter van der Laan
fa9f4c0ab7 Update plugin_vulns.xml 2013-10-27 00:09:33 +02:00
Peter van der Laan
77ee2494f0 Update plugin_vulns.xml 2013-10-26 23:09:42 +02:00
Peter van der Laan
30e4fe2671 Update plugin_vulns.xml 2013-10-26 22:28:46 +02:00
Peter van der Laan
5f2edac86a Update plugin_vulns.xml 2013-10-26 22:00:43 +02:00
Peter van der Laan
bc14c6d040 Fixed tag error 2013-10-26 21:09:00 +02:00
Peter van der Laan
803a5a7409 Update plugin_vulns.xml 2013-10-26 20:57:48 +02:00
erwanlr
dcc443ac9a WP 3.7 Fingerprinting 2013-10-25 21:12:59 +01:00
Peter van der Laan
6fedeffe03 Added some 'old' OSVDB vulns 2013-10-25 16:59:35 +02:00
erwanlr
392283d786 Merge pull request #341 from pvdl/master 
Update WordPress Vulnerabilities
 2013-10-25 03:39:39 -07:00
Peter van der Laan
0c406d72f6 Update WordPress Theme vulns 2013-10-25 11:48:22 +02:00
Peter van der Laan
bec7b5ed22 It's WordPress, not Wordpress 2013-10-25 10:40:53 +02:00
erwanlr
7ddbae4144 Merge pull request #340 from pvdl/master 
Added new WordPress vulns
 2013-10-25 01:27:56 -07:00
Peter van der Laan
96b6e5db87 Added Blue Wrench Video Widget vulnerability found by SecurityUndefined 2013-10-25 09:41:17 +02:00
Peter van der Laan
be3937c361 Added DailyDeal Theme vuln 2013-10-25 09:19:59 +02:00
erwanlr
f2430171c6 Merge pull request #338 from pvdl/master 
update wordpress vulns
 2013-10-24 14:13:31 -07:00
Peter van der Laan
e148933c11 remove duplicate 2013-10-24 20:55:32 +02:00
Peter van der Laan
4bd0999c2e update wordpress vulns 2013-10-24 20:40:17 +02:00
Ryan Dewhurst
40f1fd5c4b Merge pull request #337 from pvdl/master 
Update WordPress Vulnerabilities
 2013-10-24 09:39:31 -07:00
Peter van der Laan
5bbe846adb Update plugin_vulns.xml 2013-10-24 17:34:57 +02:00
Peter van der Laan
bb3ed08614 Added OSVDB #93087, #90365 2013-10-24 11:37:23 +02:00
erwanlr
2d5a77060e Merge pull request #335 from pvdl/master 
Update WordPress Vulnerabilities
 2013-10-23 14:30:51 -07:00
Peter van der Laan
9f06b61e9f Update plugin_vulns.xml 2013-10-23 22:51:08 +02:00
Peter van der Laan
32588554da Update plugin_vulns.xml 2013-10-23 22:40:37 +02:00
Peter van der Laan
c7c1c1d3e7 Update plugin_vulns.xml 2013-10-23 22:06:25 +02:00
erwanlr
a8d99ac61b Merge pull request #334 from pvdl/master 
Update Wordpress Vulnerabilities
 2013-10-23 12:24:46 -07:00
Peter van der Laan
56b983db45 Update theme_vulns.xml 2013-10-23 21:14:23 +02:00
Peter van der Laan
6e10bfceb2 removed duplicate vulnerability 2013-10-23 20:51:13 +02:00
erwanlr
a64a1d6a7c Merge pull request #333 from pvdl/master 
Update plugin_vulns.xml
 2013-10-23 04:55:58 -07:00
Peter van der Laan
10cb883904 Update output.rb 2013-10-23 13:37:00 +02:00
Peter van der Laan
a57340059d Update plugin_vulns.xml 2013-10-23 09:50:01 +02:00
Peter van der Laan
19f9bda237 Fixed small typo 2013-10-23 09:40:28 +02:00
Peter van der Laan
7288c82994 Update plugin_vulns.xml 2013-10-23 09:36:17 +02:00
ethicalhack3r
ee06694b81 Removed incorrect theme. 2013-10-22 23:27:48 +02:00
ethicalhack3r
62e84cc88c Added portable-phpmyadmin plugin vuln. See Issue #330. 2013-10-22 23:15:13 +02:00
ethicalhack3r
42b94ab0c3 Merge branch 'master' of https://github.com/tennc/wpscan into tennc-master 2013-10-22 22:49:50 +02:00
ethicalhack3r
5c4ce81793 Merge branch 'master' of https://github.com/wpscanteam/wpscan 2013-10-22 22:47:30 +02:00
FireFart
35a75739e6 forgot context (issue #332) 2013-10-22 22:41:26 +02:00
FireFart
706774bf61 Add detection for all-in-one-seo-pack 
Closes issue #332
 2013-10-22 22:39:23 +02:00
tennc
b123317fcc update theme_vulns.xml 
Wordpress Themes WPLocalPlaces Upload Vulnerability
 2013-10-22 09:39:50 +08:00
erwanlr
45d642d215 Merge pull request #328 from pvdl/master 
Added OSVDB #98668
 2013-10-21 08:55:20 -07:00
Peter van der Laan
88611ad3e8 Update plugin_vulns.xml 2013-10-20 12:16:49 +02:00
Peter van der Laan
edf2ac481b Update plugin_vulns.xml 2013-10-20 12:06:21 +02:00
Peter van der Laan
49883bbc3a Update plugin_vulns.xml 2013-10-19 21:27:24 +02:00
Peter van der Laan
bf3795bced Update plugin_vulns.xml 2013-10-19 13:53:56 +02:00
Peter van der Laan
6dee0c7e4b Added OSVDB #98668 2013-10-18 17:56:50 +02:00
erwanlr
d0c57e7cff Merge pull request #326 from pvdl/master 
Added OSVDB #94804, #95134, #95135
 2013-10-18 02:51:40 -07:00
erwanlr
986e3e5960 all-in-one-seo-pack xss vulnerability updated (correct version + exploit reference) 2013-10-18 10:17:42 +01:00
Peter van der Laan
2c97f68726 Added OSVDB #94804, #95134, #95135 2013-10-18 11:16:17 +02:00
erwanlr
5a7ab231be Fix #325 2013-10-18 10:13:54 +01:00
erwanlr
246970c525 Merge pull request #325 from tennc/master 
Update plugin_vulns.xml
 2013-10-18 02:12:14 -07:00
tennc
65e9339740 Update plugin_vulns.xml 
Wordpress - wp-realty - MySQL Time Based Injection
 2013-10-18 08:52:13 +08:00
tennc
52f6de1962 Update plugin_vulns.xml 
Wordpress - wp-realty - MySQL Time Based Injection
 2013-10-18 08:50:53 +08:00
erwanlr
3a085e364e Merge pull request #324 from pvdl/master 
Added 'WordPress Version Vulnerability' statistics
 2013-10-17 12:52:19 -07:00
Peter van der Laan
f5204a7efa Added 'WordPress Version Vulnerability' statistics 2013-10-17 21:43:42 +02:00
erwanlr
45db305d44 Merge pull request #323 from pvdl/master 
Update Wordpress Vulnerabilities
 2013-10-17 07:41:30 -07:00
Peter van der Laan
9e2a327ca6 Update plugin_vulns.xml 2013-10-17 15:47:25 +02:00
Peter van der Laan
68698847f8 Update theme_vulns.xml 2013-10-17 15:36:19 +02:00
erwanlr
8ef89f193a Merge pull request #322 from pvdl/master 
Some 'fresh' vulnerabilities
 2013-10-16 14:31:49 -07:00
Peter van der Laan
d35b83518e Vuln. found by securityundefined.com 2013-10-16 23:09:12 +02:00
Peter van der Laan
d657c4d4b3 Update plugin_vulns.xml 2013-10-16 22:54:28 +02:00
ethicalhack3r
29f340ae21 Merge branch 'master' of https://github.com/wpscanteam/wpscan 2013-10-16 22:32:54 +02:00
ethicalhack3r
7ed351bc28 Extra plugin node removed. 2013-10-16 22:32:25 +02:00
erwanlr
ecf4005339 Fix plugin tag 2013-10-16 21:28:10 +01:00
Ryan Dewhurst
66fa24130b Merge pull request #321 from pvdl/master 
Added OSVDB #91491, #91680, #92264
 2013-10-16 13:18:57 -07:00
Peter van der Laan
bd53f8e07f Added OSVDB #91491, #91680, #92264 2013-10-16 14:42:06 +02:00
Ryan Dewhurst
8598101760 Merge pull request #320 from pvdl/master 
Added OSVDB #97625, #98456
 2013-10-16 03:00:32 -07:00
Peter van der Laan
596a25678f Added OSVDB #97625, #98456 2013-10-15 12:21:24 +02:00
Ryan Dewhurst
d94714b335 Merge pull request #319 from pvdl/master 
Update WordPress Vulnerabilities
 2013-10-15 00:39:56 -07:00
Peter van der Laan
aa8aa3aad9 Added OSVDB #97987, #97887, #97768, #97668 2013-10-15 09:23:26 +02:00
Peter van der Laan
b15635ebc2 Update plugin_vulns.xml 2013-10-14 22:55:10 +02:00
erwanlr
6ad0f0f08d Merge pull request #318 from pvdl/master 
Update WordPress Vulnerabilities
 2013-10-14 11:20:56 -07:00
Peter van der Laan
587f6adaa1 Update plugin_vulns.xml 2013-10-14 20:03:50 +02:00
Peter van der Laan
c3f31e2aee Update theme_vulns.xml 2013-10-14 19:40:05 +02:00
Peter van der Laan
6fe3bafd4d Added OSVDB #89441, #89443, #89455 2013-10-14 17:51:47 +02:00
Ryan Dewhurst
83f9312b35 Merge pull request #317 from pvdl/master 
Added OSVDB #97989, #98026, #98091, #98246
 2013-10-14 00:28:45 -07:00
Peter van der Laan
9605594d8f Update plugin_vulns.xml 2013-10-14 08:48:08 +02:00
Peter van der Laan
ad18788c83 Added OSVDB #97989, #98026, #98091, #98246 2013-10-14 08:20:57 +02:00
erwanlr
ec4f7d1638 Merge pull request #316 from pvdl/master 
Added WordPress Vulnerabilities
 2013-10-13 05:46:44 -07:00
Peter van der Laan
920a900e90 Added OSVDB #92641, #93243, #96792, #96793 2013-10-13 11:28:04 +02:00
Peter van der Laan
7f6cd57e51 Update plugin_vulns.xml 2013-10-13 11:02:39 +02:00
Ryan Dewhurst
b01559ce52 Merge pull request #315 from fgeek/master 
Add OSVDB reference for CVE-2013-5963.
 2013-10-13 01:57:17 -07:00
Henri Salo
f5fa36f2fd Add OSVDB reference for CVE-2013-5963. 2013-10-13 11:12:19 +03:00
Peter van der Laan
db82b2584c Update plugin_vulns.xml 2013-10-13 09:45:32 +02:00
erwanlr
9e87d1f4d5 Merge pull request #314 from pvdl/master 
Update WordPress Vulnerabilities
 2013-10-12 12:30:22 -07:00
erwanlr
b72ce7caf5 Merge pull request #313 from pvdl/patch-1 
Remove 'smileys' in output messages
 2013-10-12 12:29:08 -07:00
Peter van der Laan
9654408ae8 Remove 'smileys' in output messages 2013-10-12 21:17:58 +02:00
Peter van der Laan
9d6e50c8e2 Added OSVDB #98279, #98352, #98353, #98371 2013-10-12 21:11:04 +02:00
erwanlr
f711c2098b Plugins & Themes updated 2013-10-12 16:40:21 +01:00
erwanlr
af66a4bf48 Merge pull request #311 from pvdl/patch-1 
Make output lines consistent
 2013-10-12 01:17:18 -07:00
Peter van der Laan
ff9dd1c69d Update plugin_vulns.xml 2013-10-11 16:16:52 +02:00
Peter van der Laan
27b6e15e11 Update wpscan.rb 2013-10-11 15:43:32 +02:00
Peter van der Laan
2d3cfb2952 Update wpscan.rb 2013-10-11 14:40:00 +02:00
Peter van der Laan
ed3c05c13d Make output lines consistent 2013-10-11 14:19:16 +02:00
erwanlr
4d7680959e Merge pull request #310 from pvdl/master 
Update WordPress Vulns.
 2013-10-11 03:37:16 -07:00
Peter van der Laan
1cf9983ce7 Update plugin_vulns.xml 2013-10-11 12:36:12 +02:00
Peter van der Laan
8daa1c8c31 Update plugin_vulns.xml 2013-10-11 10:38:21 +02:00
Peter van der Laan
6d4e69050e Update theme_vulns.xml 2013-10-11 10:22:48 +02:00
Peter van der Laan
6ffc66362e Make a seperator between plugin name and vulnerability name 
Can be useful for 'grep'ing.
plugin name [version[-range]] - vulnerability name
 2013-10-11 10:00:55 +02:00
Peter van der Laan
8df95035da Update plugin_vulns.xml 2013-10-11 08:18:53 +02:00
Peter van der Laan
bdc60cbb97 Update plugin_vulns.xml 2013-10-10 23:38:35 +02:00
Peter van der Laan
b24075791d Removed 'for WordPress' and 'plugin' in title strings. 2013-10-10 23:11:30 +02:00
Peter van der Laan
d469a94cf2 Update plugin_vulns.xml 2013-10-10 21:34:09 +02:00
Ryan Dewhurst
26d8398fcc Merge pull request #309 from pvdl/master 
Update Wordpress Vulnerabilities DB
 2013-10-10 12:22:28 -07:00
Peter van der Laan
73198fdcec Update plugin_vulns.xml 2013-10-10 20:39:20 +02:00
Peter van der Laan
19dd9d26b4 Update README.md 2013-10-10 18:26:50 +02:00
Peter van der Laan
f03ca005c3 Update wp_vulns.xml 2013-10-10 17:51:02 +02:00
Peter van der Laan
4b8115978e Added Kali Linux on the list of pre-installed Linux distributions 2013-10-10 15:24:48 +02:00
Peter van der Laan
fc2a66ab51 Update wp_vulns.xml 2013-10-10 11:03:22 +02:00
Peter van der Laan
2c94454858 Update wp_vulns.xml 2013-10-10 10:50:14 +02:00
Peter van der Laan
aa4a636cce Update wp_vulns.xml 2013-10-10 10:13:43 +02:00
erwanlr
1c1a6d23d7 Merge pull request #308 from pvdl/master 
Added new WP vulns in database.
 2013-10-10 01:12:17 -07:00
Peter van der Laan
7549d3778c Fixed a 'crucial typo' 2013-10-10 09:49:10 +02:00
Peter van der Laan
3e3f11a273 Update plugin_vulns.xml 2013-10-10 09:40:48 +02:00
Peter van der Laan
c6cae028e4 Update plugin_vulns.xml 2013-10-09 23:25:15 +02:00
Peter van der Laan
fed48e6c76 Update plugin_vulns.xml 2013-10-09 18:20:43 +02:00
Ryan Dewhurst
6432c6e04d Merge pull request #307 from pvdl/master 
Update WordPress Vulns.
 2013-10-09 09:10:01 -07:00
Peter van der Laan
eb2bc58a59 Update plugin_vulns.xml 2013-10-09 17:05:09 +02:00
Peter van der Laan
7726b3ae32 Update plugin_vulns.xml 2013-10-09 16:31:13 +02:00
Peter van der Laan
d0f357332a Update plugin_vulns.xml 2013-10-09 15:36:40 +02:00
Peter van der Laan
54036d562b Update plugin_vulns.xml 2013-10-09 15:15:20 +02:00
erwanlr
cfb53e5560 Merge pull request #306 from pvdl/master 
Update WordPress Vulns.
 2013-10-09 03:36:09 -07:00
Peter van der Laan
90d48feef2 Fixed some errors 2013-10-09 11:57:50 +02:00
Peter van der Laan
8ca50428f1 Update plugin_vulns.xml 2013-10-09 11:41:27 +02:00
erwanlr
ab36d750f5 Merge pull request #304 from pvdl/master 
Update WordPress Vulns.
 2013-10-08 14:33:11 -07:00
Peter van der Laan
fccd093ea6 Update plugin_vulns.xml 2013-10-08 23:24:00 +02:00
Peter van der Laan
5ebbf2392b Update plugin_vulns.xml 2013-10-08 23:16:07 +02:00
Peter van der Laan
76444d2b3a Fixed tag error 2013-10-08 23:05:03 +02:00
Peter van der Laan
c4985b406d Fixed some tag errors 2013-10-08 23:02:35 +02:00
Peter van der Laan
053d83df2b Update theme_vulns.xml 2013-10-08 22:49:24 +02:00
Peter van der Laan
a1a68dfd11 Update plugin_vulns.xml 2013-10-08 22:49:02 +02:00
Peter van der Laan
0ba35e41b5 Update plugin_vulns.xml 2013-10-08 20:35:38 +02:00
Peter van der Laan
9c53273d1c Added Packetstorm #123367 2013-10-08 17:27:42 +02:00
Peter van der Laan
971f7e21cc Update plugin_vulns.xml 2013-10-08 16:48:43 +02:00
Peter van der Laan
ab65571ee5 Replace packetstormsecurity.org to packetstormsecurity.com 2013-10-08 11:40:38 +02:00
Peter van der Laan
75b3ea0bc4 Same URL syntax for all Packet Storm Security URL's 
Packet Storm Security URL's don't need the 'friendly part' of the URL. So it can be neglected.
 2013-10-08 11:24:03 +02:00
Peter van der Laan
fb95754e65 Update timthumb due to Secunia #54801 2013-10-08 10:32:09 +02:00
Peter van der Laan
5112bea511 Added Secunia #54801 2013-10-08 10:20:06 +02:00
Peter van der Laan
584c930858 Added Secunia #54894 2013-10-08 09:00:26 +02:00
Peter van der Laan
3494bc47cf Update Lazy SEO Plugin 2013-10-08 07:58:04 +02:00
Peter van der Laan
861841ef86 Added Secunia #54924 (Theme vuln.) 2013-10-08 00:17:56 +02:00
Peter van der Laan
556b2f3d21 Added Secunia #55160 2013-10-07 23:59:16 +02:00
Peter van der Laan
b16ea75dd6 Added Secunia #55182 2013-10-07 23:44:36 +02:00
Ryan Dewhurst
db62f6f680 Merge pull request #303 from pvdl/master 
Update WordPress Vulns.
 2013-10-07 13:30:48 -07:00
Peter van der Laan
9d4481de0d Update wp_vulns.xml 2013-10-07 22:14:05 +02:00
Peter van der Laan
db91d5041c Update wp_vulns.xml 2013-10-07 22:11:09 +02:00
Peter van der Laan
828f8c48eb Added Secunia #54865 2013-10-07 20:53:08 +02:00
Peter van der Laan
5bee1f1ffd Added Secunia #54979 2013-10-07 20:43:38 +02:00
Ryan Dewhurst
51ad9bd4bd Merge pull request #300 from pvdl/master 
Update WordPress Vulns.
 2013-10-07 04:50:13 -07:00
Peter van der Laan
1b36a2d2b3 Update OSVDB #95884 2013-10-07 12:53:34 +02:00
Peter van der Laan
d8c7d16879 Added Secunia #53170 2013-10-07 12:18:38 +02:00
Peter van der Laan
b573b5559f Added Secunia #54856 2013-10-07 11:41:04 +02:00
Peter van der Laan
2a943dcce8 Added Secunia #55133 2013-10-07 11:18:46 +02:00
Peter van der Laan
f2dd880fdb Added Secunia #55162 2013-10-07 11:00:36 +02:00
Peter van der Laan
dfd08e1e66 Update OSVDB #50902 2013-10-07 10:11:57 +02:00
Ryan Dewhurst
2a349415b8 Merge pull request #298 from pvdl/master 
Update WP Vulns.
 2013-10-06 13:53:45 -07:00
Peter van der Laan
08d073415d Update wp-photo-album-plus vulns. 2013-10-06 22:40:14 +02:00
Peter van der Laan
3de3c8fe8c Update OSVDB #88391 2013-10-06 22:02:13 +02:00
erwanlr
8d549a98c6 Merge pull request #297 from pvdl/master 
Update WordPress vulns.
 2013-10-06 08:10:28 -07:00
Peter van der Laan
30d75e9f1e Added OSVDB #97662 2013-10-06 16:29:03 +02:00
Peter van der Laan
76f45f128d Updade Crayon Syntax Highlighter vuln. 2013-10-06 14:14:08 +02:00
erwanlr
bb73c66fe6 Merge pull request #294 from pvdl/master 
Added new OSVDB vulns.
 2013-10-06 04:45:23 -07:00
Peter van der Laan
c4881490a0 Added OSVDB #97991 2013-10-06 13:38:34 +02:00
Peter van der Laan
0fc85e212a Update Mingle Forum vulns. 2013-10-06 13:07:17 +02:00
Peter van der Laan
254b4084b7 Added OSVDB #98027 2013-10-06 12:38:36 +02:00
Peter van der Laan
ab51b0536b Added OSVDB #98078 2013-10-06 12:26:51 +02:00
erwanlr
70dc987d45 Missing word 2013-10-05 20:08:10 +01:00
erwanlr
474816762f Use less memory when brute forcing with a large wordlist 2013-10-05 20:03:34 +01:00
erwanlr
90ade58842 Memory Usage output 2013-10-05 13:06:56 +01:00
erwanlr
f4460f315e Fix #249 & #275 2013-10-02 15:36:02 +01:00
erwanlr
8adfcf5866 Added CVE-2013-5916 - Fix #291 2013-09-30 16:44:13 +01:00
erwanlr
06ab77b2fc Ref # 271 'too' removed 2013-09-19 12:22:53 +01:00
erwanlr
d1ceb9cc72 Fix #271 Further Instructions added to the Mac Install 2013-09-19 12:21:59 +01:00
ethicalhack3r
7128cd2844 Forgot to commit spec changes. 2013-09-18 15:18:44 +02:00
ethicalhack3r
ae4c0c5405 Merge branch 'master' of https://github.com/sullo/wpscan into sullo-master 2013-09-18 15:14:28 +02:00
erwanlr
27acb896c6 Typo 2013-09-17 14:37:02 +01:00
erwanlr
95557ce095 Some vulns added 2013-09-17 14:34:33 +01:00
erwanlr
4a4df8e1c4 Fix #285 Platinum SEO Plugin XSS 2013-09-16 20:21:13 +01:00
erwanlr
2cbb48f23f Merge pull request #283 from za/master 
Add PHP Object Injection vulnerability disclosed by Tom Van Goethem
 2013-09-13 01:41:28 -07:00
Zaki Akhmad
61001c2aef Add PHP Object Injection vulnerability disclosed by Tom Van Goethem 2013-09-13 14:16:07 +07:00
erwanlr
6b93a0191c Ref #280 WP 3.6.1 fingerprint 2013-09-12 16:12:04 +02:00
sullo
870201de14 Don't skip passwords that start with a hash. This is fairly common (see RockYou list for example). 2013-09-12 09:30:23 -04:00
erwanlr
2c6ec234ac Merge pull request #279 from adegol/master 
Added 3 vulnerable plugins
 2013-09-11 10:01:17 -07:00
Adéla Goldová
39af0d5541 Added fixed_in tag on HMS Testimonial and Usernoise. IndiaNIC Testimonals remains unfixed but is removed from plugin directory 2013-09-11 18:51:55 +02:00
Adéla Goldová
d833940f3b Fixed typo 2013-09-11 14:14:49 +02:00
Adéla Goldová
e00dddaac6 Added Usernoise 2013-09-11 00:18:20 +02:00
Adéla Goldová
5bfdde158a Added IndiaNIC Testimonial 2013-09-11 00:15:17 +02:00
Adéla Goldová
8a26848086 Added HMS Testimonials 2013-09-11 00:14:11 +02:00
ethicalhack3r
c54fb6ee23 Updated MD5 hash of WP 3.6 detection. See Issue #277. 2013-09-10 11:48:15 +02:00
erwanlr
176bc75a71 Merge pull request #272 from fgeek/master 
CVE-2013-4626
 2013-08-30 05:22:07 -07:00
Henri Salo
125f4102bd Typofix 2013-08-30 15:15:06 +03:00
Henri Salo
1c3146359e CVE-2013-4626 2013-08-30 15:07:11 +03:00
Christian Mehlmauer
c00269c905 rspecs 2013-08-25 11:05:01 +02:00
Christian Mehlmauer
5cc9df9599 urls 2013-08-25 09:38:25 +02:00
Christian Mehlmauer
a032b7c134 more reference tags, fixes issue #268 2013-08-24 11:16:39 +02:00
Christian Mehlmauer
115241f16c cve tags 2013-08-23 14:06:54 +02:00
Christian Mehlmauer
fc75b315f9 bugfix 2013-08-23 14:02:58 +02:00
Christian Mehlmauer
1f5cb4b0a0 added cve tag to xml file 2013-08-23 14:02:09 +02:00
ethicalhack3r
55089646c2 Added other CVE. See Issue #264. 2013-08-23 12:59:08 +02:00
ethicalhack3r
25915b0cbb Refactored version method to use ternary operator. 2013-08-23 12:57:37 +02:00
ethicalhack3r
f704efb2af Vulnerable plugin updates. See Issue #264 2013-08-23 12:55:04 +02:00
Christian Mehlmauer
a97f9cd695 add documentation to readme 2013-08-22 17:05:17 +02:00
Christian Mehlmauer
259004e226 use online documentation 2013-08-21 15:34:36 +02:00
Christian Mehlmauer
7c1241c6f6 user prompt on same line 2013-08-18 15:47:30 +02:00
Christian Mehlmauer
03f8b02ac1 add --version switch 2013-08-18 15:40:55 +02:00
Christian Mehlmauer
81f9612de2 clean up rspecs 2013-08-17 12:19:54 +02:00
Christian Mehlmauer
264bc834b5 remove reference 2013-08-17 11:35:53 +02:00
Christian Mehlmauer
7acea5f4b2 fix issue #266 - passive detection regex 2013-08-17 11:33:25 +02:00
Christian Mehlmauer
9015834b15 fix issue #265 - remove base64 images before passive detection 2013-08-17 10:54:56 +02:00
ethicalhack3r
086e6e86a5 ruby-progressbar Gemfile version bump 2013-08-13 10:14:52 +02:00
Christian Mehlmauer
d107613e40 fix issue #262 2013-08-12 22:01:24 +02:00
Christian Mehlmauer
8896f8bf79 docs 2013-08-11 08:58:28 +02:00
Christian Mehlmauer
6cedd672cb removed comment 2013-08-10 13:31:20 +02:00
Christian Mehlmauer
3583db6a92 banner artwork 2013-08-10 13:30:24 +02:00
Christian Mehlmauer
faf234b482 docs 2013-08-10 12:47:52 +02:00
Christian Mehlmauer
5ea911c9b3 Header names are case insensitive 
Move header checks to web_site
 2013-08-10 11:49:30 +02:00
Christian Mehlmauer
6c008015e9 parse robots.txt 2013-08-10 11:35:17 +02:00
Christian Mehlmauer
6c8e76060a - update headers 
- show twitter usernames
 2013-08-09 23:41:34 +02:00
erwanlr
57d0af562e Merge branch 'master' of github.com:wpscanteam/wpscan 2013-08-09 15:25:17 +02:00
erwanlr
94ee5e15ac Ref #260 Fixes Travis Fail, due to rspec-mock v2.14.3 2013-08-09 15:24:28 +02:00
ethicalhack3r
678184e24b Another Travis-CI possible fix... 2013-08-09 13:45:35 +02:00
ethicalhack3r
fa0e4658cb Another Travis-CI attempt to fix 2013-08-09 13:33:52 +02:00
ethicalhack3r
7951e442a8 Attempted Travis-CI fix. 2013-08-09 13:26:39 +02:00
ethicalhack3r
3870fc0b2c Typo fix. Also Travis-CI test... 2013-08-09 13:04:50 +02:00
ethicalhack3r
2a9bd99f97 Fix for xmlrpc false positive. Issue #260. 2013-08-09 12:54:10 +02:00
erwanlr
de30802491 Better-WP-Security v3.4.3 XSS vuln title & fixed_in tag 2013-08-08 13:48:13 +02:00
erwanlr
973c0da4f2 Typo 2013-08-02 16:34:13 +02:00
erwanlr
3a3cbfdf7d Typo 2013-08-02 16:18:58 +02:00
erwanlr
21663ae519 Aded plugin vuln: sharebar CSRF 2013-08-02 16:15:25 +02:00
erwanlr
3a53936a88 Aded WP vuln: 3.4 - 3.5.1 wp-admin/users.php FPD 2013-08-02 16:10:17 +02:00
erwanlr
eac24ebbc8 Aded plugin vuln: pie-register XSS 2013-08-02 16:02:34 +02:00
erwanlr
9a70b8e2af Aded plugin vuln: spicy-blogroll RFI 2013-08-02 15:51:43 +02:00
erwanlr
e9374e4fe3 Aded plugin vuln: woocommerce XSS 2013-08-02 15:49:20 +02:00
erwanlr
5afdbded7e Aded plugin vuln: citizen-space CSRF 2013-08-02 15:46:03 +02:00
erwanlr
3f6087b180 Added Refence: wp-better-security Stored XSS 2013-08-02 15:43:49 +02:00
erwanlr
1c577084b1 Added plugin vuln: duplicator XSS 2013-08-02 15:39:58 +02:00
erwanlr
a242ca094e Fix #252 Events Calendar references (& XSS Added) 2013-08-02 15:27:57 +02:00
ethicalhack3r
c3b9611f76 Added WP 3.6 advanced fingerprint hash. See Issue #255. 2013-08-02 11:31:05 +02:00
ethicalhack3r
d32b20a529 Added another fixed_in paramter 2013-07-30 21:08:49 +02:00
ethicalhack3r
f4946525bb Missed fixed_in parameter for better-wp-security plugin 2013-07-30 20:50:37 +02:00
ethicalhack3r
3eb7639ce7 Better WP Security Plugin Stored XSS. See Issue #251. 2013-07-30 20:06:00 +02:00
Christian Mehlmauer
48e6ba4a1c Merge pull request #250 from za/master 
just fixing typo at data/wp_versions.xml
 2013-07-29 00:43:21 -07:00
Zaki Akhmad
41f6cf1463 fix typo at wp_versions.xml comment: verions->versions 2013-07-29 14:26:12 +07:00
ethicalhack3r
1722025a2c Added SWFUpload Content Spoofing in 3.5.2 see issue #243 2013-07-26 14:45:03 +02:00
ethicalhack3r
697b72836d Missunderstood known_headers array, removed security headers 2013-07-25 20:01:55 +02:00
ethicalhack3r
b6777fd0d7 Added security headers 2013-07-25 19:56:06 +02:00
ethicalhack3r
6d2165acc3 Little refactoring 2013-07-25 19:47:16 +02:00
ethicalhack3r
c33e553175 Handle when there are 2 headers of the same name 2013-07-25 19:41:03 +02:00
erwanlr
ab1381e830 WpItems::Detectable#passive_detection Complexity Reduced 2013-07-24 14:35:15 +02:00
erwanlr
669e1458da Fix #208 - Fixed vulnerable plugins still appear in the results 2013-07-24 14:18:02 +02:00
erwanlr
73f42bb73d Merge pull request #247 from za/master 
Update plugin_vulns.xml: SQL injection fixed in events-calendar version ...
 2013-07-24 01:01:47 -07:00
Zaki Akhmad
f50a6477bc Update plugin_vulns.xml: SQL injection fixed in events-calendar version 6.7.10 2013-07-24 14:01:59 +07:00
Christian Mehlmauer
501fbd825a clean logfile on wpstools too 2013-07-23 19:10:51 +02:00
Christian Mehlmauer
02111bf9b4 updated data files 2013-07-23 18:17:24 +02:00
Christian Mehlmauer
0f7bc49992 wordpress.org is really unstable at the moment 2013-07-23 18:16:48 +02:00
Christian Mehlmauer
2fb6f7169a fix issue #245 2013-07-23 12:20:26 +02:00
Christian Mehlmauer
95b1264f7f Merge branch 'master' of github.com:wpscanteam/wpscan 2013-07-20 22:40:13 +02:00
Christian Mehlmauer
fc2ba604ea Added pingback header 2013-07-20 22:39:01 +02:00
erwanlr
9743f60991 Merge pull request #246 from anantshri/master 
removed feed plugin vulnerability issue
 2013-07-20 04:50:32 -07:00
Anant Shrivastava
7239c8d848 removed feed plugin vulnerability issue 
Removed Feed plugin vulnerability as this is not provable as well as there is no publically listed plugin nor any traces or a private plugin of such name. this corresponds to issue no #244
 2013-07-20 16:05:00 +05:30
Christian Mehlmauer
bf10b25291 docs 2013-07-19 23:10:56 +02:00
Christian Mehlmauer
3b4790163c fix rspecs 2013-07-19 23:07:58 +02:00
Christian Mehlmauer
fd1e0da4df - Wordpress.com is instable 
- request_timeout and connect_timeout implemented
 2013-07-19 22:53:50 +02:00
Christian Mehlmauer
57755417f9 bugfix on output 2013-07-19 21:59:52 +02:00
Christian Mehlmauer
9caabfd586 docs 2013-07-19 21:51:04 +02:00
Christian Mehlmauer
37bffd6f1c docs 2013-07-19 21:50:23 +02:00
Christian Mehlmauer
99ea17127d docs 2013-07-19 21:49:57 +02:00
Christian Mehlmauer
bb35837ea1 output interesting http-headers 2013-07-19 14:14:13 +02:00
ethicalhack3r
f49b53b095 WPScan updated in backtrack. 2013-07-18 13:31:52 +02:00
ethicalhack3r
e93daabd8b Small typo 2013-07-16 18:59:42 +02:00
ethicalhack3r
6bb6dfff2d Added CVE-2008-1930 to WP 2.5 2013-07-16 18:57:18 +02:00
erwanlr
0f8f49f19c Fix #241 2013-07-16 17:49:25 +02:00
erwanlr
85b4f987bb Ensure that brute forcing results are output even if an error occurs or the user exits 2013-07-05 10:47:00 +02:00
erwanlr
a75dae8128 Added vulns & refs 2013-07-05 10:39:38 +02:00
ethicalhack3r
f2fc5294e8 Added Xorbin vlovk plugin vulns. 2013-07-01 10:14:06 +02:00
erwanlr
c81a87d154 Update common_helper.rb 2013-06-26 01:18:16 +03:00
erwanlr
bc435a6266 Only load bundler for non Kali system 2013-06-26 01:16:51 +03:00
erwanlr
d3362bac75 Kali Linux detection 2013-06-26 01:15:51 +03:00
ethicalhack3r
87d7657dec Added wp dos issue to prev versions. See Issue #219. 2013-06-25 18:42:41 +02:00
ethicalhack3r
6aa62ce20c Typo in usage info. See Issue #233 2013-06-25 16:46:31 +02:00
ethicalhack3r
eb143af967 WP-Pretty Photo is theme dependency not a plugin. 2013-06-22 23:56:03 +02:00
Christian Mehlmauer
a8c5b68d1a Fix Issue #232 2013-06-22 21:17:05 +02:00
Christian Mehlmauer
698f998307 Fix Issue #231 2013-06-22 21:16:00 +02:00
ethicalhack3r
18ed982aea Added WP-Pretty Photo DOM XSS 2013-06-22 18:13:19 +02:00
ethicalhack3r
7ac467923a Updated Fedora install instructions as per Issue #92 2013-06-22 11:55:12 +02:00
erwanlr
09e2045b5b WP 3.5.2 Fingerprint 2013-06-21 23:53:09 +03:00
erwanlr
61b13e4543 Added Vulns & references 2013-06-21 17:00:18 +02:00
erwanlr
a436bb059a OSVDB refrences homogenisation 2013-06-21 16:41:38 +02:00
ethicalhack3r
934625905a Added slash-wp theme vulns 2013-06-20 21:16:07 +02:00
ethicalhack3r
cd4f3103cb Changed vuln types back to MULTI. 2013-06-20 12:47:24 +02:00
ethicalhack3r
9cef6612b7 Wrong vuln type 2013-06-20 00:55:45 +02:00
Ryan Dewhurst
fdacd06730 Merge pull request #230 from cervoise/patch-9 
Update plugin_vulns.xml
 2013-06-19 15:42:36 -07:00
Ryan Dewhurst
1731cc7798 Merge pull request #229 from cervoise/patch-8 
Update theme_vulns.xml
 2013-06-19 15:41:39 -07:00
cervoise
55fe1c4115 Update plugin_vulns.xml 
Add vulnerabilites in antivirus.
 2013-06-19 13:45:57 +02:00
cervoise
97a2f07f83 Update theme_vulns.xml 
Add XSS in ambience.
 2013-06-19 14:44:17 +03:00
ethicalhack3r
be154bfed5 Added another reference to advanced-xml-reader plugin vuln 2013-06-16 23:07:18 +02:00
erwanlr
102585e4c7 Added some vulns, references, CVEs (Ref #184) 2013-06-16 12:20:45 +02:00
erwanlr
385b250c01 Added VideoJS XSS in plugins 2013-06-15 16:53:22 +03:00
erwanlr
db6a0aa584 Fix #189 VideoJS XSS in Themes 2013-06-15 15:36:04 +02:00
erwanlr
3363006a83 README updated to include minimum & recommended version of Ruby, Curl and rubygems 2013-06-14 16:41:18 +02:00
erwanlr
78a24630ac Releasing the Typhoeus version constraint 2013-06-14 16:36:06 +02:00
erwanlr
5709422978 Merge pull request #225 from cervoise/patch-7 
Update plugin_vulns.xml
 2013-06-14 06:56:02 -07:00
cervoise
b7d28479e0 Update plugin_vulns.xml 
Add a vuln for event manager.
 2013-06-14 15:45:38 +02:00
erwanlr
4594933c93 Themes & Plugins lists regenerated 2013-06-14 12:17:08 +02:00
erwanlr
f75bd90fcf Fix #223 New wordpress urls for most popular plugins & themes 2013-06-14 12:09:48 +02:00
erwanlr
01ea9657a7 Conflict solved 2013-06-14 11:51:27 +02:00
erwanlr
b544ee12d9 Fix #177 Passive Cache plugins detection (no spec) 2013-06-14 11:48:55 +02:00
ethicalhack3r
4874d3bfa3 Added XSS in jobroller theme. See Issue #220. 2013-06-13 12:22:43 +02:00
ethicalhack3r
a89cc332c3 Added CVE number to 3.5.1 DoS. See Issue #219. 2013-06-13 12:20:08 +02:00
Ryan Dewhurst
bde27aff7b Merge pull request #222 from cervoise/patch-5 
Update wp_vulns.xml
 2013-06-13 03:00:21 -07:00
Ryan Dewhurst
81676bf9ec Merge pull request #224 from cervoise/patch-6 
Update plugin_vulns.xml
 2013-06-13 03:00:01 -07:00
cervoise
24e039c177 Update plugin_vulns.xml 
Add underconstruction, adif-log-search-widget, exploit-scanner, ga-universal, export-to-text, qtranslate, catalog, uk-cookie (one vulnerability each).
Add two vulnerabilities for nextgen-gallery.
Add fixed_in for first nextgen-gallery vuln.
Add fixed in for second nextgen-gallery vuln.
 2013-06-13 11:49:19 +02:00
cervoise
837d4c85fd Update wp_vulns.xml 
Add WordPress 3.5.1 DoS in class-phpass.php
 2013-06-13 10:49:33 +02:00
Christian Mehlmauer
6d362a453e fix typo 2013-06-11 15:08:54 +02:00
Christian Mehlmauer
ff08b5920d Merge pull request #218 from cervoise/patch-4 
Update plugin_vulns.xml (travis build will fail)
 2013-06-11 06:08:01 -07:00
cervoise
5b1a8b03b7 Update plugin_vulns.xml 
Add vulnerabilites for wp125, wp-symposium, wp-download-manager, digg-digg, ssquiz, funcapatcha, wili-language, wordpress-seo.

Correct fixed_in version for a vulnerability in easy-adsense-lite.

Correct indent.
 2013-06-11 10:31:10 +02:00
Christian Mehlmauer
6a8e14b161 Merge pull request #217 from cervoise/patch-3 
Update theme_vulns.xml
 2013-06-11 01:08:46 -07:00
cervoise
6e9922eab2 Update theme_vulns.xml 
Add multiple vulnerabilities in Colormix
 2013-06-11 11:00:53 +03:00
Ryan Dewhurst
e040d79280 Merge pull request #215 from cervoise/patch-1 
Update plugin_vulns.xml
 2013-06-10 08:13:49 -07:00
cervoise
7403bd7d16 Update plugin_vulns.xml 
Add vulnerabilities in feedweb, wp-print and trafficanalyzer.
 2013-06-10 16:21:49 +03:00
Christian Mehlmauer
d9dcc73f8b Update README.md 2013-06-09 16:17:25 +02:00
Christian Mehlmauer
d2696a53ef minor updates 2013-06-09 16:13:56 +02:00
Christian Mehlmauer
cd5b45f98b docs 2013-06-09 16:07:04 +02:00
Christian Mehlmauer
c63beaa35d rspecs 2013-06-09 15:57:41 +02:00
Christian Mehlmauer
1bcabbad4c use the redirect_to parameter on bruteforce 2013-06-09 15:27:39 +02:00
Christian Mehlmauer
a669a33774 Merge branch 'master' of github.com:wpscanteam/wpscan 2013-06-09 09:20:12 +02:00
Christian Mehlmauer
bbefdfc4e5 Added debug output 2013-06-09 09:19:25 +02:00
ethicalhack3r
7b2f1d562e Slight update to security plugin warning. Issue #212. 2013-06-08 01:17:07 +02:00
ethicalhack3r
fc0373fccc Added ruby-progressbar version to Gemfile 2013-05-29 23:52:53 +02:00
Christian Mehlmauer
d6386c05a4 docs 2013-05-28 19:52:50 +02:00
Christian Mehlmauer
fd7017f530 readded "junk removal" from usernames before output 2013-05-28 19:45:20 +02:00
Christian Mehlmauer
8c9d82cb6d fix for issue #200 2013-05-28 18:41:08 +02:00
Christian Mehlmauer
ebfe2ef08d added some secunia advisories 2013-05-19 12:54:06 +02:00
Christian Mehlmauer
628c9a0f4f added reference, Issue #192 2013-05-19 12:27:16 +02:00
Christian Mehlmauer
c217cd7c64 added advanced-xml-reader, Issue #191 2013-05-19 12:25:08 +02:00
ethicalhack3r
47df347b69 Added CVE numbers to wp-cleanfix plugin. 2013-05-18 23:48:10 +02:00
ethicalhack3r
084c140eb7 Added CVE for mail-on-update plugin. 2013-05-18 12:38:20 +02:00
ethicalhack3r
f5fa5060b6 Added mail-on-update plugin CSRF. See Issue #188. 2013-05-18 12:37:03 +02:00
ethicalhack3r
cf7d905d20 Added 'CSRF' to wp-cleanfix plugin issue title. 2013-05-15 20:26:33 +02:00
ethicalhack3r
50808d8ca4 Added wp-cleanfix plugin RCE. See Issue #186. 2013-05-15 20:02:48 +02:00
ethicalhack3r
e8a81cce4d Added uk-cookie plugin XSS. See Issue #184. 2013-05-14 19:23:52 +02:00
ethicalhack3r
4b34cf90f7 Amended Arch Linux install instructions. See issue #183. 2013-05-12 13:42:14 +02:00
Christian Mehlmauer
7f10462189 Merge branch 'master' of github.com:wpscanteam/wpscan 2013-05-10 21:59:47 +02:00
Christian Mehlmauer
57f4239832 Resolve conflicts 2013-05-10 21:59:09 +02:00
Christian Mehlmauer
fe5bef0f3b added some fixed_in tags #179 2013-05-10 21:25:38 +02:00
Christian Mehlmauer
46d5dcf8f8 feedback implemented #179 2013-05-10 20:26:53 +02:00
Christian Mehlmauer
5a4dd31ba7 more rspecs #179 2013-05-10 19:45:31 +02:00
Christian Mehlmauer
7a7450f98e rspecs and bugfixing(Can't dup nilclass on missing readme.txt) #179 2013-05-10 19:24:17 +02:00
erwanlr
42efc9f9ec Fix #182 Remove the progress-bar static length (120), and let it to automatic 2013-05-10 17:44:22 +02:00
erwanlr
160ee4dcec Fix #181 Don't exit if no usernames found during a simple enumeration (but exit if a brute force is asked) 2013-05-10 17:01:10 +02:00
erwanlr
cdd2c96b5e Fix #176 Plugins vulnerabilities added 2013-05-10 10:45:51 +02:00
Christian Mehlmauer
cdd74b535b rspecs #179 2013-05-07 20:46:08 +02:00
Christian Mehlmauer
b635168fb3 xsd refining #179 2013-05-06 23:39:05 +02:00
Christian Mehlmauer
3e9c51f18e some more work for #179 2013-05-06 23:36:18 +02:00
Christian Mehlmauer
4ce6396e3f removed debug output #179 2013-05-06 23:30:47 +02:00
Christian Mehlmauer
9c0ce2a1cd fix rspecs #179 2013-05-06 22:47:20 +02:00
Christian Mehlmauer
77ebd9d4fd Fixed Version compare for issue #179 2013-05-06 22:33:18 +02:00
erwanlr
b06dcf555e Ref #177 wp-super-cache detected from header 2013-05-06 15:35:15 +02:00
erwanlr
7a963e346a Ref #177 Passive detection of specific plugins (Dirty work) 2013-05-03 17:51:14 +02:00
Christian Mehlmauer
ebe35cb7b2 gitignore 2013-04-30 23:08:52 +02:00
Christian Mehlmauer
a38c709d74 Updated documentation 2013-04-30 23:06:37 +02:00
ethicalhack3r
dca987b64b Added "Module Configuration Security Bypass" to more versions of WP, see issue #126 2013-04-28 18:59:45 +02:00
Christian Mehlmauer
fb16a8a43d Added reference 2013-04-26 23:11:51 +02:00
Christian Mehlmauer
3f9be29606 Added references 2013-04-25 10:14:58 +02:00
Christian Mehlmauer
e071851271 Added Cache RCE 2013-04-24 19:40:57 +02:00
erwanlr
2f7db7312e Remove useless code 2013-04-18 12:44:06 +02:00
erwanlr
471ebb733c Add link to the WebMock issue about the range header not considerated 2013-04-18 11:44:20 +02:00
erwanlr
5a097d429d Code Factoring 2013-04-18 11:22:19 +02:00
erwanlr
662d94e958 Complexity reduced 2013-04-17 15:40:09 +02:00
erwanlr
4c57a00660 Trying to reduce the complexity of WpUser#brute_force 2013-04-17 12:48:18 +02:00
erwanlr
0c8c5e2928 Themes & Plugins updated 2013-04-16 18:04:26 +02:00
erwanlr
4df1c605a2 WPSTools : Do not output the backtrace of the main script 2013-04-16 17:53:32 +02:00
erwanlr
eca90894e0 Additional specs for #169 2013-04-16 17:33:40 +02:00
erwanlr
788122c5d6 WebSite::page_hash Better comments detection 2013-04-16 16:42:37 +02:00
erwanlr
f904c3241a Merge branch 'fix-169' 2013-04-16 14:19:38 +02:00
erwanlr
3f8bc5e01a Fixes hacks.rb conflict 2013-04-16 14:19:30 +02:00
erwanlr
bb88a1105e Possible fix for #169 2013-04-16 14:14:20 +02:00
erwanlr
7143c7ffe9 WpUser#brute_force Browser.instance replaced by a local var 2013-04-15 15:55:48 +02:00
erwanlr
de1bc6a369 Merge branch 'master' of github.com:wpscanteam/wpscan 2013-04-15 15:02:33 +02:00
erwanlr
b1ce7bdcc5 Fixes #164 README.txt detection 2013-04-15 15:02:09 +02:00
ethicalhack3r
da4ee57e58 Changed 'file' flag in charset method, see Issue #167. 2013-04-15 13:54:27 +02:00
erwanlr
698197248e Fixes #166 ListGenerator using the old Browser#get method for full generation 2013-04-15 10:17:31 +02:00
erwanlr
7c2c2305fb ProgressBar left margin trick 2013-04-14 18:03:59 +02:00
erwanlr
df5b8b9c35 WpItems agressive detection progress bar 2013-04-14 18:01:24 +02:00
erwanlr
446910767b BruteForcer progress bar 2013-04-14 17:30:57 +02:00
erwanlr
927c37e6db Exit codes 2013-04-14 13:00:12 +02:00
erwanlr
6cd349cb24 Code Factoring 2013-04-14 12:51:53 +02:00
erwanlr
271cd71c20 Display the wp_user.login in the table 2013-04-13 23:28:24 +02:00
erwanlr
f7a15e67cd Fixes error with the -U option (undefined method 'merge' for #WpTarget:) 2013-04-13 23:26:55 +02:00
erwanlr
c570c1798a Removed empty line 2013-04-13 22:38:15 +02:00
erwanlr
5acaff356f Indentation fix 2013-04-13 22:37:16 +02:00
erwanlr
4af7a19eb0 Uses terminal-table to display wp_users 2013-04-13 22:25:34 +02:00
erwanlr
4f182dc41b Format the output of WpUser::BruteForcable 2013-04-13 19:02:14 +02:00
erwanlr
704c6b1669 Detection of the wordlist charset 2013-04-13 18:56:47 +02:00
erwanlr
5d327f5060 Reverts #122 Don't encode login & password as they will be encoded in Typhoeus 2013-04-13 18:02:12 +02:00
erwanlr
4ecbf7fe79 Fixes #153 Disable error trace when it's from the main script 2013-04-13 11:35:52 +02:00
erwanlr
92d690e357 Missing @param 2013-04-13 11:04:23 +02:00
erwanlr
7db63bb3e0 BruteForcer moved in WpUser as a module 2013-04-12 21:52:33 +02:00
erwanlr
777f06608b Gemfile conflict 2013-04-11 21:15:12 +02:00
erwanlr
5db00e257b Browser modules final work 2013-04-11 21:13:08 +02:00
erwanlr
1475ba810c Browser::Options done 2013-04-11 18:31:27 +02:00
erwanlr
bdedf6f63f Back to the previous version of Typhoeus & Ethon to avoid seg fault in rspec 2013-04-11 14:48:43 +02:00
erwanlr
3245063a74 Ethon::Easy cookies hacks modified to reflect the new version of Typhoeus 2013-04-11 12:56:40 +02:00
erwanlr
dc109f12d8 Fixes #163 in the proper way 2013-04-11 12:51:55 +02:00
erwanlr
1615c0f84e Some Browser::Options work 2013-04-10 18:34:50 +02:00
erwanlr
2466ca9eb0 Fixes #162 Social Media Widget malicious code 2013-04-09 22:52:09 +02:00
erwanlr
b9524499bf Some Browser::Options work 2013-04-09 21:40:19 +02:00
erwanlr
47fb8b9938 Browser::Actions specs fixes 2013-04-09 18:27:36 +02:00
erwanlr
3525fb87e2 Browser::Actions (no specs) 2013-04-09 17:43:15 +02:00
erwanlr
2a45878a55 Cookie-jar file moved to cache/browser/ 2013-04-09 11:20:54 +02:00
erwanlr
333c52ac45 Fixes #144 Use cookie jar to prevent infinite redirections loop 2013-04-09 00:32:52 +02:00
erwanlr
3565b25719 Vulns added 2013-04-08 21:04:46 +02:00
erwanlr
fecaa613e4 Fixed is_multisite? => multisite? 2013-04-08 19:32:36 +02:00
erwanlr
748b5d3166 WpTarget modules reworked 2013-04-08 18:22:06 +02:00
erwanlr
e07bb73eeb Some vulnerabilities added 2013-04-08 14:14:06 +02:00
erwanlr
22dc2c175a reflex-gallery version specifier removed 2013-04-05 21:09:07 +02:00
erwanlr
8bee5fcff8 wp-glossary SQLI removed, fake one 2013-04-05 21:08:08 +02:00
erwanlr
2221857199 Improve the TIP command when a gem is missing 2013-04-05 18:18:17 +02:00
erwanlr
8f8ad708f8 rdoc 2013-04-05 14:41:15 +02:00
erwanlr
e4e506e62d main() moved to wpscan.rb 2013-04-05 14:17:32 +02:00
erwanlr
38b51d55f4 Merge branch 'new-enumeration-system' 2013-04-05 14:07:06 +02:00
erwanlr
3ce42b641c License text removed from sources, see the LICENSE file 2013-04-05 14:06:31 +02:00
erwanlr
f71d39fe36 Add license file 2013-04-04 13:14:51 +02:00
erwanlr
d87901921a Fix specs for main 2013-04-03 19:01:04 +02:00
erwanlr
0b46f67551 Merge branch 'master' of github.com:wpscanteam/wpscan 2013-04-03 18:48:13 +02:00
erwanlr
d1cfb8287f Ref #153 No error trace when 'No argument supplied' 2013-04-03 18:47:41 +02:00
erwanlr
9b0d2784e1 typo 2013-04-03 18:45:22 +02:00
erwanlr
d8ff653956 Merge pull request #158 from lnxg33k/master 
brilliant File Upload Vulnerability
 2013-04-03 02:03:17 -07:00
Ahmed Shawky
a828ee6b1e Add brilliant File Upload Vulnerability 2013-04-03 10:14:11 +02:00
erwanlr
7141c1fb09 Added podPress XSS 2013-04-01 23:36:07 +02:00
Christian Mehlmauer
7cb2c6844f Merge branch 'master' into new-enumeration-system 2013-04-01 23:11:37 +02:00
erwanlr
31735c4ca7 ofc_upload_image.php Arbitrary File Upload Vulnerability 2013-04-01 22:50:55 +02:00
erwanlr
9207493f31 Ref #150 Backbuddy reference added 2013-04-01 22:46:02 +02:00
erwanlr
794321d925 Fix #155 wp-funeral-press XSS 2013-03-31 15:13:58 +02:00
erwanlr
84574533ef README.md format 2013-03-30 23:27:46 +01:00
erwanlr
3af01e7ded Fix #158. Add the solution to 'no such file to load -- rubygems' in the README 2013-03-30 23:25:33 +01:00
erwanlr
91f9a1e84f Ref #150 Backupbuddy plugin vulns 2013-03-30 23:11:59 +01:00
erwanlr
86d53c73a8 WpTimthumb#== specs 2013-03-30 19:40:54 +01:00
erwanlr
a9b25edafe WpUser additional specs 2013-03-30 19:08:47 +01:00
erwanlr
21f5acf62f WpUsers::Detectable specs 2013-03-30 16:33:39 +01:00
erwanlr
07e5a532c1 WpTimthumbs::Detectable specs 2013-03-30 16:03:46 +01:00
erwanlr
e65c4f4497 Missing xml tag, typo 2013-03-29 23:17:23 +01:00
erwanlr
f26ece827c StatsPlugin spec fixes 2013-03-29 23:15:29 +01:00
erwanlr
09c9554e4b Doc 2013-03-29 22:51:26 +01:00
erwanlr
68876bffb9 WpItems, WpPlugins, WpThemes specs 2013-03-29 22:27:43 +01:00
erwanlr
565bfceb49 WpVersion::Findable specs 2013-03-28 20:48:19 +01:00
ethicalhack3r
e33dad8492 Added classic theme XSS 2013-03-28 15:35:53 +01:00
erwanlr
a7bd5044c4 WpVersion::Vulnerable specs 2013-03-28 15:33:35 +01:00
Christian Mehlmauer
2179dc5066 fix issue 152 2013-03-28 14:10:44 +01:00
erwanlr
ec9eadda8e WpUser::Existable specs 2013-03-27 16:52:32 +01:00
erwanlr
52c1bd3558 Typos 2013-03-27 13:54:35 +01:00
ethicalhack3r
1d5e7dccb7 Added WP-Banners-Lite XSS 2013-03-27 12:42:32 +01:00
erwanlr
99cd96f33c Added felici XSS 2013-03-26 17:33:06 +01:00
erwanlr
e3fbd07e41 Added mathjax-latex CSRF 2013-03-26 17:30:02 +01:00
erwanlr
be0aad2c66 WpTimthumb::Versionable specs 2013-03-26 17:12:57 +01:00
erwanlr
65ca256a73 WpTimthumb::Existable specs 2013-03-26 16:46:39 +01:00
erwanlr
da1c556896 WpTheme::Vulnerable specs 2013-03-26 16:26:03 +01:00
erwanlr
ba0af6edda WpTheme::Versionable specs 2013-03-26 16:04:10 +01:00
erwanlr
40f4057d47 WpTheme::Findable specs 2013-03-26 15:34:48 +01:00
erwanlr
130a2a44e8 Fixes #150 BackupBuddy added 2013-03-26 13:02:00 +01:00
erwanlr
1168cf7305 Fixes, once and for all the deprecated usage of URI.escape & URI.encode 2013-03-25 22:08:14 +01:00
erwanlr
d6f18943b7 WpPlugin::Vulnerable specs 2013-03-25 21:22:28 +01:00
erwanlr
d946ef55a8 WpItem::Vulnerable specs 2013-03-25 20:30:26 +01:00
erwanlr
95041945ff WpItem::Versionable specs 2013-03-25 16:03:34 +01:00
erwanlr
2ad2b8866b output.rb excluded from coverage 2013-03-25 15:26:25 +01:00
erwanlr
5bb9aa29fa WpItem::Infos specs 2013-03-25 15:24:46 +01:00
erwanlr
276952ffb9 WpItem::Findable#Found_From rdoc 2013-03-25 13:56:13 +01:00
erwanlr
2ee2fe494d WpItem::Findable#Found_From= specs 2013-03-25 13:53:36 +01:00
erwanlr
6f49584546 WpItem::Existable specs 2013-03-22 21:53:20 +01:00
erwanlr
e058b204f4 Typhoeus::Response hack moved to hacks.rb, ignoring hacks.rb in coverage 2013-03-22 18:37:28 +01:00
erwanlr
d937b20d79 Vulnerability::Output specs 2013-03-22 18:26:27 +01:00
erwanlr
af4ecc4084 WpVersion specs 2013-03-22 18:08:56 +01:00
erwanlr
92414d0c2f WpUser specs 2013-03-22 17:57:31 +01:00
erwanlr
cb9717f6e7 WpTheme specs 2013-03-22 17:33:57 +01:00
erwanlr
a635b3aef6 WpPlugin specs 2013-03-22 16:56:37 +01:00
erwanlr
ad6ff2f7f0 WpItem specs 2013-03-21 15:08:16 +01:00
erwanlr
4d687544d2 sample renamed 2013-03-20 20:24:22 +01:00
erwanlr
543a6fbaa2 Vulnerability specs 2013-03-20 19:29:34 +01:00
erwanlr
4c5f02865f Output the timthumb version if found 2013-03-19 23:53:43 +01:00
erwanlr
dfcfaa2041 Missing statement 2013-03-19 23:22:28 +01:00
erwanlr
d016d33747 New enumeration system 2013-03-19 22:59:20 +01:00
erwanlr
634a6222f7 Added occasions CSRF 2013-03-19 21:35:39 +01:00
erwanlr
0db4740a82 Added count-per-day XSS 2013-03-19 21:31:09 +01:00
erwanlr
3201620700 Added simply-poll multiple vulnerabilities 2013-03-18 16:33:10 +01:00
Christian Mehlmauer
17eb43df64 fix issue 147 2013-03-18 09:58:30 +01:00
Christian Mehlmauer
08f9d0e67a Added checks for old ruby. Otherwise there will be syntax errors 2013-03-17 22:05:34 +01:00
erwanlr
5e36be4f63 Added bp-gallery XSS 2013-03-16 14:06:46 +01:00
erwanlr
a795b3b124 Added o2s-gallery XSS 2013-03-16 14:05:00 +01:00
erwanlr
696a1262a8 Added wp-e-commerce XSS 2013-03-16 14:02:59 +01:00
erwanlr
692c8e27fa Add leaguemanager 3.8 SQLi 2013-03-15 09:58:18 +01:00
erwanlr
b6188cb0ba New line char has to be double quoted 2013-03-12 15:37:51 +01:00
erwanlr
28300814f5 More error details for XSD checks 2013-03-12 15:34:25 +01:00
erwanlr
a298e431cc Add line & column of the malformation in XML checks 2013-03-12 15:12:32 +01:00
erwanlr
0a50bcadc2 Add terillion-reviews XSS 2013-03-12 15:00:04 +01:00
erwanlr
de3d62ba92 Creation of a function xml instead of a hack for Nokogiri::XML 2013-03-11 17:59:26 +01:00
erwanlr
64c3c29597 StatsPlugin code factoring 2013-03-11 17:52:19 +01:00
erwanlr
ae61b95707 Most popular plugins updated 2013-03-11 17:44:50 +01:00
erwanlr
669bb3892e ListGeneratorPlugin code factoring 2013-03-11 17:44:20 +01:00
erwanlr
c0312bbbe5 WpUser code factoring 2013-03-11 17:28:32 +01:00
erwanlr
2f14be09b5 All hacks moved to hacks.rb 2013-03-11 17:21:09 +01:00
erwanlr
9b5ee28f04 Missing file 2013-03-11 17:18:48 +01:00
erwanlr
2043adb76e Nokogiri::XML hack to set the default option to NOBLANKS 2013-03-11 17:18:05 +01:00
erwanlr
eaffb139ef Bug Fix : Wp 3.5 & 3.5.1 not detected from advanced fingerprinting. Trying to reduce the complexity of WpVersion::find_from_advanced_fingerprinting 2013-03-11 16:53:05 +01:00
erwanlr
763bd5a10c scan_url_for_pattern renamed to scan_url 2013-03-11 16:17:25 +01:00
erwanlr
5f7ca09e55 WpVersion code factoring 2013-03-11 15:59:38 +01:00
erwanlr
eadebd387a Fixes #145 : vkontakte-api XSS added 2013-03-11 10:59:59 +01:00
ethicalhack3r
9434db242b Fixed syntax error. 2013-03-10 23:54:07 +01:00
ethicalhack3r
97ec9a6aa7 Refactored #default_wp_content_dir_exists? spec. 2013-03-10 23:52:36 +01:00
ethicalhack3r
7a9a72d285 Added CVE number to CVE-2013-1808 plugin vulns. 2013-03-10 12:30:45 +01:00
ethicalhack3r
ae6485bfd1 Added snazzy-archives plugin vuln, see Issue #143. 2013-03-10 12:25:44 +01:00
ethicalhack3r
19d7c3122d Added more CVE-2013-1808 vulns, see Issue #142. Thanks Henri! 2013-03-10 12:22:48 +01:00
ethicalhack3r
ed2eb44b38 Added default wp-content dir detection, see Issue #141. 2013-03-10 12:08:49 +01:00
Christian Mehlmauer
7c110bf6d3 added checks for well formed xml 2013-03-05 21:52:41 +01:00
ethicalhack3r
a4656c1837 Fixed stupid mistake where I broke the XML. >.< 2013-03-05 20:42:50 +01:00
ethicalhack3r
fd4359433c Added themes vulnerable to ZeroClipboard XSS. 2013-03-05 20:39:48 +01:00
ethicalhack3r
8d5ae7f94f Added plugins affected by ZeroClipboard XSS. 2013-03-05 20:23:00 +01:00
erwanlr
08e66a86ce Fixes code coverage for common libs 2013-03-05 14:21:13 +01:00
erwanlr
9525b33988 Require homogenization 2013-03-05 14:13:15 +01:00
erwanlr
b8ccfa23d9 Fixes #140 xml_rpc_url in the body 2013-03-05 13:49:47 +01:00
erwanlr
5f584f92a7 Browser code factoring 2013-03-05 12:50:26 +01:00
erwanlr
1adadcb4bb Complexity of Browser#proxy_auth= reduced 2013-03-05 10:34:11 +01:00
erwanlr
2607e91833 Changed version specifiers for Typhoeus & Webmock (>= instead of ~>) 2013-03-04 16:53:38 +01:00
erwanlr
8bc8d7e7cd Fixes WebSite#xml_rpc_url bug (Thanks Patrick for the report) 2013-03-04 16:34:49 +01:00
450 changed files with 25616 additions and 53366 deletions
Expand all files Collapse all files

6
.gitignore vendored
View File

@@ -1,5 +1,6 @@
cache/*
cache
coverage
.bundle
.DS_Store
.DS_Store?
*.sublime-*
@@ -7,3 +8,6 @@ coverage
.*.swp
Gemfile.lock
log.txt
.yardoc
debug.log
wordlist.txt

2
.simplecov
View File

@@ -3,4 +3,6 @@ SimpleCov.start do
add_filter "_helper.rb"
add_filter "environment.rb"
add_filter "_plugin.rb"
add_filter "hacks.rb"
add_filter "output.rb"
end

133
CHANGELOG.md Normal file
View File

@@ -0,0 +1,133 @@
# Changelog
## Version 2.2
Released: 2013-11-12
Added
* Output the vulnerability fix if available
* Added 'WordPress Version Vulnerability' statistics
* Added Kali Linux on the list of pre-installed Linux distributions
* Added hosted wordpress detection. See issue #343.
* Add detection for all-in-one-seo-pack
* Use less memory when brute forcing with a large wordlist
* Memory Usage output
* Added cve tag to xml file
* Add documentation to readme
* Add --version switch
* Parse robots.txt
* Show twitter usernames
* Clean logfile on wpstools too
* Added pingback header
* Request_timeout and connect_timeout implemented
* Output interesting http-headers
* Kali Linux detection
* Ensure that brute forcing results are output even if an error occurs or the user exits
* Added debug output
* Fixed Version compare for issue #179
* Added ruby-progressbar version to Gemfile
* Use the redirect_to parameter on bruteforce
* Readded "junk removal" from usernames before output
* Add license file
* Output the timthumb version if found
* New enumeration system
* More error details for XSD checks
* Added default wp-content dir detection, see Issue #141.
* Added checks for well formed xml
Changed
* Trying a fix for Kali Linux
* Make a seperator between plugin name and vulnerability name
* It's WordPress, not Wordpress
* Changed wordpress.com scanning error to warning. See issue #343.
* Make output lines consistent
* Replace packetstormsecurity.org to packetstormsecurity.com
* Same URL syntax for all Packet Storm Security URL's
* Packet Storm Security URL's don't need the 'friendly part' of the URL. So it can be neglected.
* Use online documentation
* User prompt on same line
* Don't skip passwords that start with a hash. This is fairly common (see RockYou list for example).
* Updated Fedora install instructions as per Issue #92
* Slight update to security plugin warning. Issue #212.
* Ruby-progressbar Gemfile version bump
* Fix error with the -U option (undefined method 'merge' for #WpTarget:)
* Banner artwork
* Fix hacks.rb conflict
* Handle when there are 2 headers of the same name
* Releasing the Typhoeus version constraint
* Amended Arch Linux install instructions. See issue #183.
Updated
* Plugins & Themes updated
* Update README.md
* Updated documentation
Removed
* Removed 'smileys' in output messages
* Removed 'for WordPress' and 'plugin' in title strings.
* Removed reference
* Removed useless code
* Removed duplicate vulnerabilities
General core
* Code cleaning
* Fix typo's
* Clean up rspecs
* Themes & Plugins lists regenerated
* Rspecs update
* Code Factoring
* Added checks for old ruby. Otherwise there will be syntax errors
Vulnerabilities
* Update WordPress Vulnerabilities
* Update timthumb due to Secunia #54801
* Added WP vuln: 3.4 - 3.5.1 wp-admin/users.php FPD
WPScan Databse Statistics:
* Total vulnerable versions: 76, 4 are new
* Total vulnerable plugins: 606, 197 are new
* Total vulnerable themes: 194, 45 are new
* Total version vulnerabilities: 274, 53 are new
* Total plugin vulnerabilities: 764, 270 are new
* Total theme vulnerabilities: 198, 46 are new
Add WP Fingerprints
* WP 3.7.1 Fingerprinting
* WP 3.7 Fingerprinting
* Ref #280 WP 3.6.1 fingerprint
* Added WP 3.6 advanced fingerprint hash. See Issue #255.
* Updated MD5 hash of WP 3.6 detection. See Issue #277.
* WP 3.5.2 Fingerprint
* Bug Fix : Wp 3.5 & 3.5.1 not detected from advanced fingerprinting.
Fixed issues
* Fix #249 - [ERROR] "\xF1" on US-ASCII
* Fix #275 - [ERROR] "\xC3" on US-ASCII
* Fix #271 - Further Instructions added to the Mac Install
* Fix #266 - passive detection regex
* Fix #265 - remove base64 images before passive detection
* Fix #262 - [ERROR] bad component(expected absolute path component)
* Fix #260 - Fixes Travis Fail, due to rspec-mock v2.14.3
* Fix #208 - Fixed vulnerable plugins still appear in the results
* Fix #245 - all theme enumeration error
* Fix #241 - Cant convert array to string
* Fix #232 - Crash while enumerating usernames
* Fix #223 - New wordpress urls for most popular plugins & themes
* Fix #177 - Passive Cache plugins detection (no spec)
* Fix #169 - False reports
* Fix #182 - Remove the progress-bar static length (120), and let it to automatic
* Fix #181 - Don't exit if no usernames found during a simple enumeration (but exit if a brute force is asked)
* Fix #200 - Log file not recording the list of username retireved
* Fix #164 - README.txt detection
* Fix #166 - ListGenerator using the old Browser#get method for full generation
* Fix #153 - Disable error trace when it's from the main script
* Fix #163 - in the proper way
* Fix #144 - Use cookie jar to prevent infinite redirections loop
* Fix #158 - Add the solution to 'no such file to load -- rubygems' in the README
* Fix #152 - invalid ssl_certificate - response code 0
* Fix #147 - can't modify frozen string
* Fix #140 - xml_rpc_url in the body
* Fix #153 - No error trace when 'No argument supplied'
## Version 2.1
Released 2013-3-4

1
CREDITS
View File

@@ -17,3 +17,4 @@ Callum Pember - Implemented proxy support - callumpember at gmail.com
g0tmi1k - Additional timthumb checks + bug reports.
Melvin Lammerts - Reported a couple of fake vulnerabilities - melvin at 12k.nl
Paolo Perego - @thesp0nge - Basic authentication
Peter van der Laan - The Vuln Hunter and Code Cleaner

10
Gemfile
View File

@@ -1,11 +1,15 @@
source "https://rubygems.org"
gem "typhoeus", "~>0.6.2"
# Seg fault in Typhoeus 0.6.3 (and ethon > 0.5.11) with rspec
gem "typhoeus", ">=0.6.3"
gem "nokogiri"
gem "json"
gem "terminal-table"
gem "ruby-progressbar", ">=1.2.0"
group :development, :test do
gem "webmock", "~>1.9.3"
group :test do
gem "webmock", ">=1.9.3"
gem "simplecov"
gem "rspec", :require => "spec"
gem "rspec-mocks", "<=2.14.2" # 2.14.3 just messed around :/
end

15
LICENSE Normal file
View File

@@ -0,0 +1,15 @@
WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.

49
README
View File

@@ -32,15 +32,16 @@ ryandewhurst at gmail
WPScan comes pre-installed on the following Linux distributions:
* BackBox Linux
* BackTrack Linux (outdated WPScan installed, update needed)
* BackTrack Linux
* Pentoo
* SamuraiWTF
Prerequisites:
* Windows not supported
* Ruby => 1.9
* RubyGems
* Ruby >= 1.9.2 - Recommended: 1.9.3
* Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
* RubyGems - Recommended: latest
* Git
-> Installing on Debian/Ubuntu:
@@ -48,32 +49,34 @@ ryandewhurst at gmail
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
sudo gem install bundler && bundle install --without test
-> Installing on Fedora:
sudo yum install libcurl-devel
sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
sudo gem install bundler && bundle install --without test
-> Installing on Archlinux:
pacman -Sy ruby
pacman -Sy libyaml
pacman -Syu ruby
pacman -Syu libyaml
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
sudo gem install bundler && bundle install --without test
gem install typhoeus
gem install nokogiri
-> Installing on Mac OS X:
Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development
sudo gem install bundler && bundle install --without test
==KNOWN ISSUES==
@@ -105,6 +108,12 @@ ryandewhurst at gmail
See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
- no such file to load -- rubygems
Run update-alternatives --config ruby
And select your ruby version
See https://github.com/wpscanteam/wpscan/issues/148
==WPSCAN ARGUMENTS==
@@ -174,6 +183,22 @@ Enumerate installed plugins...
ruby wpscan.rb --url www.example.com --enumerate p
Run all enumeration tools...
ruby wpscan.rb --url www.example.com --enumerate
Use custom content directory...
ruby wpscan.rb -u www.example.com --wp-content-dir custom-content
Update WPScan...
ruby wpscan.rb --update
Debug output...
ruby wpscan.rb --url www.example.com --debug-output 2>debug.log
==WPSTOOLS ARGUMENTS==
--help | -h This help screen.
@@ -203,6 +228,10 @@ https://github.com/wpscanteam/wpscan
https://github.com/wpscanteam/wpscan/issues
===DEVELOPER DOCUMENTATION===
http://rdoc.info/github/wpscanteam/wpscan/frames
===SPONSOR===
WPScan is sponsored by the RandomStorm Open Source Initiative.

42
README.md
View File

@@ -1,5 +1,7 @@
![alt text](http://dvwa.co.uk/images/wpscan_logo_407x80.png "WPScan - WordPress Security Scanner")
[![Build Status](https://travis-ci.org/wpscanteam/wpscan.png?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
#### LICENSE
WPScan - WordPress Security Scanner
@@ -25,15 +27,17 @@ ryandewhurst at gmail
WPScan comes pre-installed on the following Linux distributions:
- [BackBox Linux](http://www.backbox.org/)
- [BackTrack Linux](http://www.backtrack-linux.org/) (outdated WPScan installed, update needed)
- [BackTrack Linux](http://www.backtrack-linux.org/)
- [Kali Linux](http://www.kali.org/)
- [Pentoo](http://www.pentoo.ch/)
- [SamuraiWTF](http://samurai.inguardians.com/)
Prerequisites:
- Windows not supported
- Ruby => 1.9
- RubyGems
- Ruby >= 1.9.2 - Recommended: 1.9.3
- Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
- RubyGems - Recommended: latest
- Git
*Installing on Debian/Ubuntu:*
@@ -44,29 +48,29 @@ Prerequisites:
```cd wpscan```
```sudo gem install bundler && bundle install --without test development```
```sudo gem install bundler && bundle install --without test```
*Installing on Fedora:*
```sudo yum install libcurl-devel```
```sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel```
```git clone https://github.com/wpscanteam/wpscan.git```
```cd wpscan```
```sudo gem install bundler && bundle install --without test development```
```sudo gem install bundler && bundle install --without test```
*Installing on Archlinux:*
```pacman -Sy ruby```
```pacman -Syu ruby```
```pacman -Sy libyaml```
```pacman -Syu libyaml```
```git clone https://github.com/wpscanteam/wpscan.git```
```cd wpscan```
```sudo gem install bundler && bundle install --without test development```
```sudo gem install bundler && bundle install --without test```
```gem install typhoeus```
@@ -74,11 +78,13 @@ Prerequisites:
*Installing on Mac OSX:*
Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error
```git clone https://github.com/wpscanteam/wpscan.git```
```cd wpscan```
```sudo gem install bundler && bundle install --without test development```
```sudo gem install bundler && bundle install --without test```
#### KNOWN ISSUES
@@ -116,6 +122,14 @@ Prerequisites:
See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
- no such file to load -- rubygems
```update-alternatives --config ruby```
And select your ruby version
See https://github.com/wpscanteam/wpscan/issues/148
#### WPSCAN ARGUMENTS
--update Update to the latest revision
@@ -196,6 +210,10 @@ Update WPScan...
```ruby wpscan.rb --update```
Debug output...
```ruby wpscan.rb --url www.example.com --debug-output 2>debug.log```
#### WPSTOOLS ARGUMENTS
--help | -h This help screen.
@@ -227,6 +245,10 @@ https://github.com/wpscanteam/wpscan
https://github.com/wpscanteam/wpscan/issues
#### DEVELOPER DOCUMENTATION
http://rdoc.info/github/wpscanteam/wpscan/frames
#### SPONSOR
WPScan is sponsored by the [RandomStorm](http://www.randomstorm.com) Open Source Initiative.

4
cache/.gitignore vendored
View File

@@ -1,4 +0,0 @@
# Ignore everything in this directory
*
# Except this file
!.gitignore

2
conf/browser.conf.json
View File

@@ -18,6 +18,8 @@
"request_timeout": 2000, // 2s
"connect_timeout": 1000, // 1s
"max_threads": 20,
// Some user_agents can be found there http://techpatterns.com/downloads/firefox/useragentswitcher.xml (thx to Gianluca Brindisi)

18
data/local_vulnerable_files.xml
View File

@@ -1,23 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<!--
Only he following extensions are scanned : js, php, swf, html, htm
If you want to add one, modify the variable file_extension_to_scan, line 191 in wpstools.rb

20
data/local_vulnerable_files.xsd
View File

@@ -1,23 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
@@ -55,4 +37,4 @@
</xs:complexType>
</xs:element>
</xs:schema>
</xs:schema>

6550
data/plugin_vulns.xml
View File

File diff suppressed because it is too large Load Diff

1429
data/plugins.txt
View File

File diff suppressed because it is too large Load Diff

5308
data/plugins_full.txt
View File

File diff suppressed because it is too large Load Diff

1222
data/theme_vulns.xml
View File

File diff suppressed because it is too large Load Diff

1591
data/themes.txt
View File

File diff suppressed because it is too large Load Diff

1007
data/themes_full.txt
View File

File diff suppressed because it is too large Load Diff

4899
data/timthumbs.txt
View File

File diff suppressed because it is too large Load Diff

69
data/vuln.xsd
View File

@@ -1,23 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
@@ -26,12 +8,22 @@
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="inttype">
<xs:restriction base="xs:positiveInteger" />
</xs:simpleType>
<xs:simpleType name="uritype">
<xs:restriction base="xs:anyURI">
<xs:minLength value="1" />
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="cvetype">
<xs:restriction base="xs:token">
<xs:pattern value="[0-9]{4}-[0-9]{4,}"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="typetype">
<xs:restriction base="stringtype">
<xs:enumeration value="SQLI"/>
@@ -44,41 +36,58 @@
<xs:enumeration value="UNKNOWN"/>
<xs:enumeration value="XSS"/>
<xs:enumeration value="CSRF"/>
<xs:enumeration value="SSRF"/>
<xs:enumeration value="AUTHBYPASS"/>
<xs:enumeration value="FPD"/>
<xs:enumeration value="XXE"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="itemtype">
<xs:sequence>
<xs:element name="vulnerability" type="vulntype" maxOccurs="unbounded" minOccurs="1" />
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:element name="vulnerability" type="vulntype" />
</xs:sequence>
<xs:attribute type="stringtype" name="name" use="required"/>
</xs:complexType>
<xs:complexType name="wordpresstype">
<xs:sequence>
<xs:element name="vulnerability" type="vulntype" maxOccurs="unbounded" minOccurs="1" />
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:element name="vulnerability" type="vulntype"/>
</xs:sequence>
<xs:attribute type="stringtype" name="version" use="required"/>
</xs:complexType>
<xs:complexType name="vulntype">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="title" type="stringtype"/>
<xs:element name="reference" type="uritype" maxOccurs="unbounded" minOccurs="1"/>
<xs:element name="metasploit" type="stringtype" maxOccurs="unbounded" minOccurs="0"/>
<xs:element name="type" type="typetype"/>
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:choice>
<xs:element name="title" type="stringtype"/>
<xs:element name="type" type="typetype"/>
<xs:element name="fixed_in" type="stringtype"/>
<xs:element name="references" type="referencetype"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
<xs:complexType name="referencetype">
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:choice>
<xs:element name="url" type="uritype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="cve" type="cvetype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="secunia" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="osvdb" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="metasploit" type="stringtype" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="exploitdb" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
<xs:element name="vulnerabilities">
<xs:complexType>
<xs:sequence>
<xs:choice>
<xs:element name="plugin" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
<xs:element name="theme" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
<xs:element name="wordpress" type="wordpresstype" maxOccurs="unbounded" minOccurs="0"/>
</xs:sequence>
</xs:choice>
</xs:complexType>
<xs:unique name="uniquePlugin">
<xs:selector xpath="plugin"/>
@@ -94,4 +103,4 @@
</xs:unique>
</xs:element>
</xs:schema>
</xs:schema>

67
data/wp_versions.xml
View File

@@ -1,25 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<!--
This file contains identification data to identify WordPress verions.
This file contains identification data to identify WordPress versions.
http://wordpress.org/download/release-archive/
Position is important, DO NOT change anything unless you know what you are doing :p
@@ -28,7 +10,38 @@
<wp-versions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="wp_versions.xsd">
<file src="wp-includes/js/tiny_mce.js">
<file src="wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin_src.js">
<hash md5="5d01c0e812cdcd6356b78ee0cb4e5426">
<version>3.7.1</version>
</hash>
</file>
<file src="wp-includes/js/jquery/jquery.form.js">
<hash md5="e5afd8e41d2ec22c19932b068cd90a71">
<version>3.7</version>
</hash>
</file>
<file src="wp-admin/js/common.js">
<hash md5="03eaffeef39119f0523a49c7f9767f3b">
<version>3.6.1</version>
</hash>
<hash md5="4516252d47a73630280869994d510180">
<version>3.3</version>
</hash>
</file>
<file src="wp-includes/js/jquery/jquery.js">
<hash md5="9dcde2d5e8aeda556a0c52239fa2f44c">
<version>3.6</version>
</hash>
</file>
<file src="wp-includes/js/tinymce/tiny_mce.js">
<hash md5="eddb5fda74d41dbdac018167536d8d53">
<version>3.5.2</version>
</hash>
<hash md5="6e79ab6d786c5c95920064add33ee599">
<version>3.5.1</version>
</hash>
@@ -59,11 +72,9 @@
</file>
<file src="wp-includes/js/plupload/plupload.js">
<hash md5="85199c05db63fcb5880de4af8be7b571">
<version>3.3.2</version>
</hash>
</file>
@@ -89,22 +100,10 @@
</file>
<file src="wp-admin/js/common.js">
<hash md5="4516252d47a73630280869994d510180">
<version>3.3</version>
</hash>
</file>
<file src="wp-includes/css/admin-bar.css">
<hash md5="181250fab3a7e2549a7e7fa21c2e6079">
<version>3.1</version>
</hash>
</file>

20
data/wp_versions.xsd
View File

@@ -1,23 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
# WPScan - WordPress Security Scanner
# Copyright (C) 2012-2013
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:simpleType name="stringtype">
@@ -54,4 +36,4 @@
</xs:complexType>
</xs:element>
</xs:schema>
</xs:schema>

1380
data/wp_vulns.xml
View File

File diff suppressed because it is too large Load Diff

291
doc/Array.html
View File

@@ -1,291 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class Array - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/common_helper.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-_grep_">#_grep_</a>
<li><a href="#method-i-grep">#grep</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class Array</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-_grep_" class="method-detail ">
<div class="method-heading">
<span class="method-name">_grep_</span><span
class="method-args">(regexp)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Fix for grep with symbols in ruby &lt;= 1.8.7</p>
<div class="method-source-code" id="_grep_-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 111</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">_grep_</span>(<span class="ruby-identifier">regexp</span>)
<span class="ruby-identifier">matches</span> = []
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">value</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">value</span> = <span class="ruby-identifier">value</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">matches</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">value</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">regexp</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">matches</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- _grep_-source -->
</div>
<div class="aliases">
Also aliased as: <a href="Array.html#method-i-grep">grep</a>
</div>
</div><!-- _grep_-method -->
<div id="method-i-grep" class="method-detail method-alias">
<div class="method-heading">
<span class="method-name">grep</span><span
class="method-args">(regexp)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
</div>
<div class="aliases">
Alias for: <a href="Array.html#method-i-_grep_">_grep_</a>
</div>
</div><!-- grep-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

756
doc/Browser.html
View File

@@ -1,756 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class Browser - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/browser.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-instance">::instance</a>
<li><a href="#method-c-reset">::reset</a>
<li><a href="#method-i-forge_request">#forge_request</a>
<li><a href="#method-i-get">#get</a>
<li><a href="#method-i-load_config">#load_config</a>
<li><a href="#method-i-max_threads-3D">#max_threads=</a>
<li><a href="#method-i-merge_request_params">#merge_request_params</a>
<li><a href="#method-i-post">#post</a>
<li><a href="#method-i-proxy_auth-3D">#proxy_auth=</a>
<li><a href="#method-i-raise_invalid_proxy_auth_format">#raise_invalid_proxy_auth_format</a>
<li><a href="#method-i-user_agent">#user_agent</a>
<li><a href="#method-i-user_agent_mode-3D">#user_agent_mode=</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class Browser</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Constants -->
<section id="constants-list" class="section">
<h3 class="section-header">Constants</h3>
<dl>
<dt id="ACCESSOR_OPTIONS">ACCESSOR_OPTIONS
<dd class="description">
<dt id="USER_AGENT_MODES">USER_AGENT_MODES
<dd class="description">
</dl>
</section>
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-config_file" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">config_file</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-hydra" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">hydra</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-instance" class="method-detail ">
<div class="method-heading">
<span class="method-name">instance</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="instance-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 64</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">instance</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">@@instance</span>
<span class="ruby-identifier">@@instance</span> = <span class="ruby-identifier">new</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">@@instance</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- instance-source -->
</div>
</div><!-- instance-method -->
<div id="method-c-reset" class="method-detail ">
<div class="method-heading">
<span class="method-name">reset</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="reset-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 71</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">reset</span>
<span class="ruby-identifier">@@instance</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- reset-source -->
</div>
</div><!-- reset-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-forge_request" class="method-detail ">
<div class="method-heading">
<span class="method-name">forge_request</span><span
class="method-args">(url, params = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="forge_request-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 178</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-constant">Typhoeus</span><span class="ruby-operator">::</span><span class="ruby-constant">Request</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">url</span>.<span class="ruby-identifier">to_s</span>,
<span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span>)
)
<span class="ruby-keyword">end</span></pre>
</div><!-- forge_request-source -->
</div>
</div><!-- forge_request-method -->
<div id="method-i-get" class="method-detail ">
<div class="method-heading">
<span class="method-name">get</span><span
class="method-args">(url, params = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 166</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-identifier">run_request</span>(
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:get</span>))
)
<span class="ruby-keyword">end</span></pre>
</div><!-- get-source -->
</div>
</div><!-- get-method -->
<div id="method-i-load_config" class="method-detail ">
<div class="method-heading">
<span class="method-name">load_config</span><span
class="method-args">(config_file = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>TODO reload hydra (if the .<a
href="Browser.html#method-i-load_config">#load_config</a> is called on a
browser object, hydra will not have the new @max_threads and
@request_timeout)</p>
<div class="method-source-code" id="load_config-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 136</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">load_config</span>(<span class="ruby-identifier">config_file</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-ivar">@config_file</span> = <span class="ruby-identifier">config_file</span> <span class="ruby-operator">||</span> <span class="ruby-ivar">@config_file</span>
<span class="ruby-identifier">data</span> = <span class="ruby-constant">JSON</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-ivar">@config_file</span>))
<span class="ruby-constant">ACCESSOR_OPTIONS</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">option</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">option_name</span> = <span class="ruby-identifier">option</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-value">:&quot;#{option_name}=&quot;</span>, <span class="ruby-identifier">data</span>[<span class="ruby-identifier">option_name</span>])
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- load_config-source -->
</div>
</div><!-- load_config-method -->
<div id="method-i-max_threads-3D" class="method-detail ">
<div class="method-heading">
<span class="method-name">max_threads=</span><span
class="method-args">(max_threads)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="max_threads-3D-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 101</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">max_threads=</span>(<span class="ruby-identifier">max_threads</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">max_threads</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">max_threads</span> <span class="ruby-operator">&lt;=</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">max_threads</span> = <span class="ruby-value">1</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@max_threads</span> = <span class="ruby-identifier">max_threads</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- max_threads-3D-source -->
</div>
</div><!-- max_threads-3D-method -->
<div id="method-i-merge_request_params" class="method-detail ">
<div class="method-heading">
<span class="method-name">merge_request_params</span><span
class="method-args">(params = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="merge_request_params-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 185</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">merge_request_params</span>(<span class="ruby-identifier">params</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@proxy</span>
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:proxy</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@proxy</span>)
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@proxy_auth</span>
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-ivar">@proxy_auth</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@basic_auth</span>
<span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:headers</span>)
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:headers</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-string">'Authorization'</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@basic_auth</span>})
<span class="ruby-keyword">elsif</span> <span class="ruby-operator">!</span><span class="ruby-identifier">params</span>[<span class="ruby-value">:headers</span>].<span class="ruby-identifier">has_key?</span>(<span class="ruby-string">'Authorization'</span>)
<span class="ruby-identifier">params</span>[<span class="ruby-value">:headers</span>][<span class="ruby-string">'Authorization'</span>] = <span class="ruby-ivar">@basic_auth</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:disable_ssl_host_verification</span>)
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:disable_ssl_host_verification</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:disable_ssl_peer_verification</span>)
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:disable_ssl_peer_verification</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:headers</span>)
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:headers</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-string">'user-agent'</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">user_agent</span>})
<span class="ruby-keyword">elsif</span> <span class="ruby-operator">!</span><span class="ruby-identifier">params</span>[<span class="ruby-value">:headers</span>].<span class="ruby-identifier">has_key?</span>(<span class="ruby-string">'user-agent'</span>)
<span class="ruby-identifier">params</span>[<span class="ruby-value">:headers</span>][<span class="ruby-string">'user-agent'</span>] = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">user_agent</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># Used to enable the cache system if :cache_timeout &gt; 0</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">params</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:cache_timeout</span>)
<span class="ruby-identifier">params</span> = <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@cache_timeout</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">params</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- merge_request_params-source -->
</div>
</div><!-- merge_request_params-method -->
<div id="method-i-post" class="method-detail ">
<div class="method-heading">
<span class="method-name">post</span><span
class="method-args">(url, params = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="post-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 172</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">post</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span> = {})
<span class="ruby-identifier">run_request</span>(
<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">params</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:post</span>))
)
<span class="ruby-keyword">end</span></pre>
</div><!-- post-source -->
</div>
</div><!-- post-method -->
<div id="method-i-proxy_auth-3D" class="method-detail ">
<div class="method-heading">
<span class="method-name">proxy_auth=</span><span
class="method-args">(auth)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="proxy_auth-3D-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 108</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">proxy_auth=</span>(<span class="ruby-identifier">auth</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">auth</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">auth</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Hash</span>)
<span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">auth</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-value">:proxy_username</span>) <span class="ruby-keyword">or</span> <span class="ruby-operator">!</span><span class="ruby-identifier">auth</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-value">:proxy_password</span>)
<span class="ruby-identifier">raise_invalid_proxy_format</span>()
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@proxy_auth</span> = <span class="ruby-identifier">auth</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">auth</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">String</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%r{([^:]+):(.*)}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">auth</span>)
<span class="ruby-ivar">@proxy_auth</span> = {
<span class="ruby-identifier">proxy_username</span><span class="ruby-operator">:</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>],
<span class="ruby-identifier">proxy_password</span><span class="ruby-operator">:</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
}
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise_invalid_proxy_auth_format</span>()
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise_invalid_proxy_auth_format</span>()
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- proxy_auth-3D-source -->
</div>
</div><!-- proxy_auth-3D-method -->
<div id="method-i-raise_invalid_proxy_auth_format" class="method-detail ">
<div class="method-heading">
<span class="method-name">raise_invalid_proxy_auth_format</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="raise_invalid_proxy_auth_format-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 130</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">raise_invalid_proxy_auth_format</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Invalid proxy auth format, expected username:password or {proxy_username: username, proxy_password: password}'</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- raise_invalid_proxy_auth_format-source -->
</div>
</div><!-- raise_invalid_proxy_auth_format-method -->
<div id="method-i-user_agent" class="method-detail ">
<div class="method-heading">
<span class="method-name">user_agent</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return the user agent, according to the user_agent_mode</p>
<div class="method-source-code" id="user_agent-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 89</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@user_agent_mode</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'semi-static'</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@user_agent</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-ivar">@available_user_agents</span>.<span class="ruby-identifier">sample</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'random'</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-ivar">@available_user_agents</span>.<span class="ruby-identifier">sample</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@user_agent</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- user_agent-source -->
</div>
</div><!-- user_agent-method -->
<div id="method-i-user_agent_mode-3D" class="method-detail ">
<div class="method-heading">
<span class="method-name">user_agent_mode=</span><span
class="method-args">(ua_mode)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="user_agent_mode-3D-source">
<pre><span class="ruby-comment"># File lib/browser.rb, line 75</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">user_agent_mode=</span>(<span class="ruby-identifier">ua_mode</span>)
<span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">||=</span> <span class="ruby-string">'static'</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">USER_AGENT_MODES</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">ua_mode</span>)
<span class="ruby-ivar">@user_agent_mode</span> = <span class="ruby-identifier">ua_mode</span>
<span class="ruby-comment"># For semi-static user agent mode, the user agent has to</span>
<span class="ruby-comment"># be nil the first time (it will be set with the getter)</span>
<span class="ruby-ivar">@user_agent</span> = <span class="ruby-keyword">nil</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">ua_mode</span> <span class="ruby-operator">===</span> <span class="ruby-string">'semi-static'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Unknow user agent mode : '#{ua_mode}'&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- user_agent_mode-3D-source -->
</div>
</div><!-- user_agent_mode-3D-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

375
doc/BruteForce.html
View File

@@ -1,375 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module BruteForce - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/brute_force.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-lines_in_file">::lines_in_file</a>
<li><a href="#method-i-brute_force">#brute_force</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module BruteForce</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-lines_in_file" class="method-detail ">
<div class="method-heading">
<span class="method-name">lines_in_file</span><span
class="method-args">(file_path)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Counts the number of lines in the wordlist It can take a couple of minutes
on large wordlists, although bareable.</p>
<div class="method-source-code" id="lines_in_file-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 117</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">lines_in_file</span>(<span class="ruby-identifier">file_path</span>)
<span class="ruby-identifier">lines</span> = <span class="ruby-value">0</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file_path</span>, <span class="ruby-string">'r'</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">_</span><span class="ruby-operator">|</span> <span class="ruby-identifier">lines</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span> }
<span class="ruby-identifier">lines</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- lines_in_file-source -->
</div>
</div><!-- lines_in_file-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-brute_force" class="method-detail ">
<div class="method-heading">
<span class="method-name">brute_force</span><span
class="method-args">(logins, wordlist_path, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param array of string logins param string wordlist_path param hash options</p>
<pre>boolean :show_progression If true, will output the details (Sucess, error etc)</pre>
<div class="method-source-code" id="brute_force-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">brute_force</span>(<span class="ruby-identifier">logins</span>, <span class="ruby-identifier">wordlist_path</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">hydra</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">number_of_passwords</span> = <span class="ruby-constant">BruteForce</span>.<span class="ruby-identifier">lines_in_file</span>(<span class="ruby-identifier">wordlist_path</span>)
<span class="ruby-identifier">login_url</span> = <span class="ruby-identifier">login_url</span>()
<span class="ruby-identifier">found</span> = []
<span class="ruby-identifier">show_progression</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progression</span>] <span class="ruby-operator">||</span> <span class="ruby-keyword">false</span>
<span class="ruby-identifier">logins</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">login</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">password_found</span> = <span class="ruby-keyword">false</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">wordlist_path</span>, <span class="ruby-string">'r'</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">password</span><span class="ruby-operator">|</span>
<span class="ruby-comment"># ignore file comments, but will miss passwords if they start with a hash...</span>
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">password</span>[<span class="ruby-value">0</span>, <span class="ruby-value">1</span>] <span class="ruby-operator">==</span> <span class="ruby-string">'#'</span>
<span class="ruby-comment"># keep a count of the amount of requests to be sent</span>
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-comment"># create local vars for on_complete call back, Issue 51.</span>
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">login</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">!=</span> <span class="ruby-string">'empty'</span> <span class="ruby-operator">?</span> <span class="ruby-identifier">login</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">login</span>.<span class="ruby-identifier">nickname</span> <span class="ruby-comment"># Issue #66</span>
<span class="ruby-identifier">password</span> = <span class="ruby-identifier">password</span>
<span class="ruby-comment"># the request object</span>
<span class="ruby-identifier">request</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">login_url</span>,
{
<span class="ruby-identifier">method</span><span class="ruby-operator">:</span> <span class="ruby-value">:post</span>,
<span class="ruby-identifier">params</span><span class="ruby-operator">:</span> { <span class="ruby-identifier">log</span><span class="ruby-operator">:</span> <span class="ruby-constant">URI</span><span class="ruby-operator">::</span><span class="ruby-identifier">encode</span>(<span class="ruby-identifier">username</span>), <span class="ruby-identifier">pwd</span><span class="ruby-operator">:</span> <span class="ruby-constant">URI</span><span class="ruby-operator">::</span><span class="ruby-identifier">encode</span>(<span class="ruby-identifier">password</span>) },
<span class="ruby-identifier">cache_timeout</span><span class="ruby-operator">:</span> <span class="ruby-value">0</span>
}
)
<span class="ruby-comment"># tell hydra what to do when the request completes</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;\n Trying Username : #{username} Password : #{password}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rlogin_error/</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\nIncorrect username and/or password.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">green</span>(<span class="ruby-string">'[SUCCESS]'</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; Username : #{username} Password : #{password}\n&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> { <span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">username</span>, <span class="ruby-identifier">password</span><span class="ruby-operator">:</span> <span class="ruby-identifier">password</span> }
<span class="ruby-identifier">password_found</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">timed_out?</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">'ERROR:'</span>) <span class="ruby-operator">+</span> <span class="ruby-string">' Request timed out.'</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">'ERROR:'</span>) <span class="ruby-operator">+</span> <span class="ruby-string">' No response from remote server. WAF/IPS?'</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-comment"># code is a fixnum, needs a string for regex</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r^50/</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">'ERROR:'</span>) <span class="ruby-operator">+</span> <span class="ruby-string">' Server error, try reducing the number of threads.'</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\n&quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-string">'ERROR:'</span>) <span class="ruby-operator">+</span> <span class="ruby-node">&quot; We recieved an unknown response for #{password}...&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-comment"># HACK to get the coverage :/ (otherwise some output is present in the rspec)</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;Code: #{response.code.to_s}&quot;</span>) <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;Body: #{response.body}&quot;</span>) <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">puts</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># move onto the next username if we have found a valid password</span>
<span class="ruby-keyword">break</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">password_found</span>
<span class="ruby-comment"># queue the request to be sent later</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-comment"># progress indicator</span>
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\r Brute forcing user '#{username}' with #{number_of_passwords} passwords... #{(request_count * 100) / number_of_passwords}% complete.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-comment"># it can take a long time to queue 2 million requests,</span>
<span class="ruby-comment"># for that reason, we queue @threads, send @threads, queue @threads and so on.</span>
<span class="ruby-comment"># hydra.run only returns when it has recieved all of its,</span>
<span class="ruby-comment"># responses. This means that while we are waiting for @threads,</span>
<span class="ruby-comment"># responses, we are waiting...</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">&gt;=</span> <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Sent #{Browser.instance.max_threads} requests ...&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># run all of the remaining requests</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">found</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- brute_force-source -->
</div>
</div><!-- brute_force-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

182
doc/CREDITS.html
View File

@@ -1,182 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>CREDITS - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body class="file">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation" class="description">
<p>*<strong><a href="CREDITS.html">CREDITS</a></strong>*</p>
<p>This file is to give credit to WPScans contributors. If you feel your name
should be in here, email ryandewhurst at gmail.</p>
<p>*WPScan Team*</p>
<p>Erwan.LR - @erwan_lr - (Project Developer) Christian Mehlmauer -
@<em>FireFart</em> - (Project Developer) Gianluca Brindisi - @gbrindisi
(Project Developer) Ryan Dewhurst - @ethicalhack3r (Project Lead)</p>
<p>*Other Contributors*</p>
<p>Alip AKA Undead - alip.aswalid at gmail.com michee08 - Reported and gave
potential solutions to bugs. Callum Pember - Implemented proxy support -
callumpember at gmail.com g0tmi1k - Additional timthumb checks + bug
reports. Melvin Lammerts - Reported a couple of fake vulnerabilities -
melvin at 12k.nl Paolo Perego - @thesp0nge - Basic authentification</p>
</div>
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

442
doc/CacheFileStore.html
View File

@@ -1,442 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class CacheFileStore - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/cache_file_store.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-clean">#clean</a>
<li><a href="#method-i-get_entry_file_path">#get_entry_file_path</a>
<li><a href="#method-i-read_entry">#read_entry</a>
<li><a href="#method-i-write_entry">#write_entry</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class CacheFileStore</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-serializer" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">serializer</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-storage_path" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">storage_path</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(storage_path, serializer = Marshal)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>The serializer must have the 2 methods .load and .dump</p>
<pre>(Marshal and YAML have them)</pre>
<p>YAML is Human Readable, contrary to Marshal which store in a binary format
Marshal does not need any “require”</p>
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 36</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">storage_path</span>, <span class="ruby-identifier">serializer</span> = <span class="ruby-constant">Marshal</span>)
<span class="ruby-ivar">@storage_path</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">expand_path</span>(<span class="ruby-identifier">storage_path</span>)
<span class="ruby-ivar">@serializer</span> = <span class="ruby-identifier">serializer</span>
<span class="ruby-comment"># File.directory? for ruby &lt;= 1.9 otherwise,</span>
<span class="ruby-comment"># it makes more sense to do Dir.exist? :/</span>
<span class="ruby-keyword">unless</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">directory?</span>(<span class="ruby-ivar">@storage_path</span>)
<span class="ruby-constant">Dir</span>.<span class="ruby-identifier">mkdir</span>(<span class="ruby-ivar">@storage_path</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-clean" class="method-detail ">
<div class="method-heading">
<span class="method-name">clean</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="clean-source">
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 47</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">clean</span>
<span class="ruby-constant">Dir</span>[<span class="ruby-constant">File</span>.<span class="ruby-identifier">join</span>(<span class="ruby-ivar">@storage_path</span>, <span class="ruby-string">'*'</span>)].<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">delete</span>(<span class="ruby-identifier">f</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- clean-source -->
</div>
</div><!-- clean-method -->
<div id="method-i-get_entry_file_path" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_entry_file_path</span><span
class="method-args">(key)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_entry_file_path-source">
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_entry_file_path</span>(<span class="ruby-identifier">key</span>)
<span class="ruby-ivar">@storage_path</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/'</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">key</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_entry_file_path-source -->
</div>
</div><!-- get_entry_file_path-method -->
<div id="method-i-read_entry" class="method-detail ">
<div class="method-heading">
<span class="method-name">read_entry</span><span
class="method-args">(key)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="read_entry-source">
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 53</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">read_entry</span>(<span class="ruby-identifier">key</span>)
<span class="ruby-identifier">entry_file_path</span> = <span class="ruby-identifier">get_entry_file_path</span>(<span class="ruby-identifier">key</span>)
<span class="ruby-keyword">if</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">exists?</span>(<span class="ruby-identifier">entry_file_path</span>)
<span class="ruby-keyword">return</span> <span class="ruby-ivar">@serializer</span>.<span class="ruby-identifier">load</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">entry_file_path</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- read_entry-source -->
</div>
</div><!-- read_entry-method -->
<div id="method-i-write_entry" class="method-detail ">
<div class="method-heading">
<span class="method-name">write_entry</span><span
class="method-args">(key, data_to_store, cache_timeout)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="write_entry-source">
<pre><span class="ruby-comment"># File lib/cache_file_store.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">write_entry</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">data_to_store</span>, <span class="ruby-identifier">cache_timeout</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">cache_timeout</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">get_entry_file_path</span>(<span class="ruby-identifier">key</span>), <span class="ruby-string">'w'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">write</span>(<span class="ruby-ivar">@serializer</span>.<span class="ruby-identifier">dump</span>(<span class="ruby-identifier">data_to_store</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- write_entry-source -->
</div>
</div><!-- write_entry-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

483
doc/CheckerPlugin.html
View File

@@ -1,483 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class CheckerPlugin - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpstools/plugins/checker/checker_plugin.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Plugin.html">Plugin</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-check_local_vulnerable_files">#check_local_vulnerable_files</a>
<li><a href="#method-i-check_vuln_ref_urls">#check_vuln_ref_urls</a>
<li><a href="#method-i-run">#run</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class CheckerPlugin</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">author</span><span class="ruby-operator">:</span> <span class="ruby-string">'WPScanTeam - @erwanlr'</span>)
<span class="ruby-identifier">register_options</span>(
[<span class="ruby-string">'--check-vuln-ref-urls'</span>, <span class="ruby-string">'--cvru'</span>, <span class="ruby-string">'Check all the vulnerabilities reference urls for 404'</span>],
[<span class="ruby-string">'--check-local-vulnerable-files LOCAL_DIRECTORY'</span>, <span class="ruby-string">'--clvf'</span>, <span class="ruby-string">'Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells'</span>]
)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-check_local_vulnerable_files" class="method-detail ">
<div class="method-heading">
<span class="method-name">check_local_vulnerable_files</span><span
class="method-args">(dir_to_scan)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="check_local_vulnerable_files-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 93</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">check_local_vulnerable_files</span>(<span class="ruby-identifier">dir_to_scan</span>)
<span class="ruby-keyword">if</span> <span class="ruby-constant">Dir</span><span class="ruby-operator">::</span><span class="ruby-identifier">exist?</span>(<span class="ruby-identifier">dir_to_scan</span>)
<span class="ruby-identifier">xml_file</span> = <span class="ruby-constant">LOCAL_FILES_FILE</span>
<span class="ruby-identifier">local_hashes</span> = {}
<span class="ruby-identifier">file_extension_to_scan</span> = <span class="ruby-string">'*.{js,php,swf,html,htm}'</span>
<span class="ruby-identifier">print</span> <span class="ruby-string">'[+] Generating local hashes ... '</span>
<span class="ruby-constant">Dir</span>[<span class="ruby-constant">File</span><span class="ruby-operator">::</span><span class="ruby-identifier">join</span>(<span class="ruby-identifier">dir_to_scan</span>, <span class="ruby-string">'**'</span>, <span class="ruby-identifier">file_extension_to_scan</span>)].<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">filename</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">sha1sum</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA1</span>.<span class="ruby-identifier">file</span>(<span class="ruby-identifier">filename</span>).<span class="ruby-identifier">hexdigest</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">local_hashes</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-identifier">sha1sum</span>)
<span class="ruby-identifier">local_hashes</span>[<span class="ruby-identifier">sha1sum</span>] <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">filename</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">local_hashes</span>[<span class="ruby-identifier">sha1sum</span>] = [<span class="ruby-identifier">filename</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'done.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Checking for vulnerable files ...'</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">xml_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">'//hash'</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">sha1sum</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'sha1'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">local_hashes</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-identifier">sha1sum</span>)
<span class="ruby-identifier">local_filenames</span> = <span class="ruby-identifier">local_hashes</span>[<span class="ruby-identifier">sha1sum</span>]
<span class="ruby-identifier">vuln_title</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'title'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">vuln_filename</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'file'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">vuln_refrence</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'reference'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; #{vuln_filename} found :&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' | Location(s):'</span>
<span class="ruby-identifier">local_filenames</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; | - #{file}&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' |'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; | Title: #{vuln_title}&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; | Refrence: #{vuln_refrence}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">vuln_refrence</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'done.'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;The supplied directory '#{dir_to_scan}' does not exist&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- check_local_vulnerable_files-source -->
</div>
</div><!-- check_local_vulnerable_files-method -->
<div id="method-i-check_vuln_ref_urls" class="method-detail ">
<div class="method-heading">
<span class="method-name">check_vuln_ref_urls</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="check_vuln_ref_urls-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 40</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">check_vuln_ref_urls</span>
<span class="ruby-identifier">vuln_ref_files</span> = [<span class="ruby-constant">PLUGINS_VULNS_FILE</span>, <span class="ruby-constant">THEMES_VULNS_FILE</span>, <span class="ruby-constant">WP_VULNS_FILE</span>]
<span class="ruby-identifier">error_codes</span> = [<span class="ruby-value">404</span>, <span class="ruby-value">500</span>, <span class="ruby-value">403</span>]
<span class="ruby-identifier">not_found_regexp</span> = <span class="ruby-regexp">%r{No Results Found|error 404|ID Invalid or Not Found}</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Checking vulnerabilities reference urls'</span>
<span class="ruby-identifier">vuln_ref_files</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">vuln_ref_file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">vuln_ref_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">urls</span> = []
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">'//reference'</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span> <span class="ruby-identifier">urls</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">node</span>.<span class="ruby-identifier">text</span> }
<span class="ruby-identifier">urls</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-identifier">dead_urls</span> = []
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">hydra</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">number_of_urls</span> = <span class="ruby-identifier">urls</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">urls</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">url</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-identifier">cache_timeout</span><span class="ruby-operator">:</span> <span class="ruby-value">0</span>, <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span> })
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\r [+] Checking #{vuln_ref_file} #{number_of_urls} total ... #{(request_count * 100) / number_of_urls}% complete.&quot;</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">error_codes</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>) <span class="ruby-keyword">or</span> <span class="ruby-identifier">not_found_regexp</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-identifier">dead_urls</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">url</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">dead_urls</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-identifier">dead_urls</span>.<span class="ruby-identifier">each</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">url</span><span class="ruby-operator">|</span> <span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; Not Found #{url}&quot;</span> }
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- check_vuln_ref_urls-source -->
</div>
</div><!-- check_vuln_ref_urls-method -->
<div id="method-i-run" class="method-detail ">
<div class="method-heading">
<span class="method-name">run</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="run-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/checker/checker_plugin.rb, line 30</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">run</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:check_vuln_ref_urls</span>]
<span class="ruby-identifier">check_vuln_ref_urls</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:check_local_vulnerable_files</span>]
<span class="ruby-identifier">check_local_vulnerable_files</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:check_local_vulnerable_files</span>])
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- run-source -->
</div>
</div><!-- run-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

474
doc/CustomOptionParser.html
View File

@@ -1,474 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class CustomOptionParser - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/common/custom_option_parser.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link">OptionParser
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-c-option_to_symbol">::option_to_symbol</a>
<li><a href="#method-i-add">#add</a>
<li><a href="#method-i-add_option">#add_option</a>
<li><a href="#method-i-results">#results</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class CustomOptionParser</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-symbols_used" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">symbols_used</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(banner = nil, width = 32, indent = ' ' * 4)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/common/custom_option_parser.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">banner</span> = <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">width</span> = <span class="ruby-value">32</span>, <span class="ruby-identifier">indent</span> = <span class="ruby-string">' '</span> * <span class="ruby-value">4</span>)
<span class="ruby-ivar">@results</span> = {}
<span class="ruby-ivar">@symbols_used</span> = []
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">banner</span>, <span class="ruby-identifier">width</span>, <span class="ruby-identifier">indent</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="protected-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="method-c-option_to_symbol" class="method-detail ">
<div class="method-heading">
<span class="method-name">option_to_symbol</span><span
class="method-args">(option)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param <a href="Array.html">Array</a> option</p>
<div class="method-source-code" id="option_to_symbol-source">
<pre><span class="ruby-comment"># File lib/common/custom_option_parser.rb, line 73</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">option_to_symbol</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-identifier">option_name</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">option</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">option_attr</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">option_attr</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r^--/</span>
<span class="ruby-identifier">option_name</span> = <span class="ruby-identifier">option_attr</span>
<span class="ruby-keyword">break</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">option_name</span>
<span class="ruby-identifier">option_name</span> = <span class="ruby-identifier">option_name</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">%r^--/</span>, <span class="ruby-string">''</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">%r-/</span>, <span class="ruby-string">'_'</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">%r .*$/</span>, <span class="ruby-string">''</span>)
<span class="ruby-value">:&quot;#{option_name}&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Could not find the option name for #{option}&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- option_to_symbol-source -->
</div>
</div><!-- option_to_symbol-method -->
</section><!-- protected-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-add" class="method-detail ">
<div class="method-heading">
<span class="method-name">add</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param Array(<a href="Array.html">Array</a>) or <a
href="Array.html">Array</a> options</p>
<div class="method-source-code" id="add-source">
<pre><span class="ruby-comment"># File lib/common/custom_option_parser.rb, line 31</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">add</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Array</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">0</span>].<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Array</span>)
<span class="ruby-identifier">options</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">option</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">add_option</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">add_option</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Options must be at least an Array, or an Array(Array). #{options.class} supplied&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- add-source -->
</div>
</div><!-- add-method -->
<div id="method-i-add_option" class="method-detail ">
<div class="method-heading">
<span class="method-name">add_option</span><span
class="method-args">(option)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param <a href="Array.html">Array</a> option</p>
<div class="method-source-code" id="add_option-source">
<pre><span class="ruby-comment"># File lib/common/custom_option_parser.rb, line 46</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">add_option</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">option</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Array</span>)
<span class="ruby-identifier">option_symbol</span> = <span class="ruby-constant">CustomOptionParser</span><span class="ruby-operator">::</span><span class="ruby-identifier">option_to_symbol</span>(<span class="ruby-identifier">option</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@symbols_used</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">option_symbol</span>)
<span class="ruby-ivar">@symbols_used</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">option_symbol</span>
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">on</span>(*<span class="ruby-identifier">option</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">arg</span><span class="ruby-operator">|</span>
<span class="ruby-ivar">@results</span>[<span class="ruby-identifier">option_symbol</span>] = <span class="ruby-identifier">arg</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;The option #{option_symbol} is already used !&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;The option must be an array, #{option.class} supplied : '#{option}'&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- add_option-source -->
</div>
</div><!-- add_option-method -->
<div id="method-i-results" class="method-detail ">
<div class="method-heading">
<span class="method-name">results</span><span
class="method-args">(argv = default_argv)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return Hash</p>
<div class="method-source-code" id="results-source">
<pre><span class="ruby-comment"># File lib/common/custom_option_parser.rb, line 65</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">results</span>(<span class="ruby-identifier">argv</span> = <span class="ruby-identifier">default_argv</span>)
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">parse!</span>(<span class="ruby-identifier">argv</span>) <span class="ruby-keyword">if</span> <span class="ruby-ivar">@results</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-ivar">@results</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- results-source -->
</div>
</div><!-- results-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

176
doc/Gemfile.html
View File

@@ -1,176 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>Gemfile - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body class="file">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation" class="description">
<p>source “<a href="https://rubygems.org">rubygems.org</a></p>
<p>gem “typhoeus”, “0.4.2” gem “nokogiri” gem “json”</p>
<p>group :development, :test do</p>
<pre class="ruby"><span class="ruby-identifier">gem</span> <span class="ruby-string">&quot;webmock&quot;</span>, <span class="ruby-string">&quot;1.8.11&quot;</span>
<span class="ruby-identifier">gem</span> <span class="ruby-string">&quot;simplecov&quot;</span>
<span class="ruby-identifier">gem</span> <span class="ruby-string">&quot;rspec&quot;</span>, :<span class="ruby-identifier">require</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;spec&quot;</span>
</pre>
<p>end</p>
</div>
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

518
doc/GenerateList.html
View File

@@ -1,518 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class GenerateList - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpstools/plugins/list_generator/generate_list.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-generate_full_list">#generate_full_list</a>
<li><a href="#method-i-generate_popular_list">#generate_popular_list</a>
<li><a href="#method-i-get_popular_items">#get_popular_items</a>
<li><a href="#method-i-save">#save</a>
<li><a href="#method-i-set_file_name">#set_file_name</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class GenerateList</h1>
<div id="description" class="description">
<p>This tool generates a list to use for plugin and theme enumeration</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-verbose" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">verbose</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(type, verbose)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>type = themes | plugins</p>
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">type</span>, <span class="ruby-identifier">verbose</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rplugins/</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-string">'plugin'</span>
<span class="ruby-ivar">@svn_url</span> = <span class="ruby-string">'http://plugins.svn.wordpress.org/'</span>
<span class="ruby-ivar">@popular_url</span> = <span class="ruby-string">'http://wordpress.org/extend/plugins/browse/popular/'</span>
<span class="ruby-ivar">@popular_regex</span> = <span class="ruby-regexp">%r{&lt;h3&gt;&lt;a href=&quot;http://wordpress.org/extend/plugins/(.+)/&quot;&gt;.+&lt;/a&gt;&lt;/h3&gt;}</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rthemes/</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-string">'theme'</span>
<span class="ruby-ivar">@svn_url</span> = <span class="ruby-string">'http://themes.svn.wordpress.org/'</span>
<span class="ruby-ivar">@popular_url</span> = <span class="ruby-string">'http://wordpress.org/extend/themes/browse/popular/'</span>
<span class="ruby-ivar">@popular_regex</span> = <span class="ruby-regexp">%r{&lt;h3&gt;&lt;a href=&quot;http://wordpress.org/extend/themes/(.+)&quot;&gt;.+&lt;/a&gt;&lt;/h3&gt;}</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Type #{type} not defined&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">verbose</span>
<span class="ruby-ivar">@browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-ivar">@hydra</span> = <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-generate_full_list" class="method-detail ">
<div class="method-heading">
<span class="method-name">generate_full_list</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="generate_full_list-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">generate_full_list</span>
<span class="ruby-identifier">set_file_name</span>(<span class="ruby-value">:full</span>)
<span class="ruby-identifier">items</span> = <span class="ruby-constant">SvnParser</span>.<span class="ruby-identifier">new</span>(<span class="ruby-ivar">@svn_url</span>).<span class="ruby-identifier">parse</span>
<span class="ruby-identifier">save</span> <span class="ruby-identifier">items</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- generate_full_list-source -->
</div>
</div><!-- generate_full_list-method -->
<div id="method-i-generate_popular_list" class="method-detail ">
<div class="method-heading">
<span class="method-name">generate_popular_list</span><span
class="method-args">(pages)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="generate_popular_list-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 75</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">generate_popular_list</span>(<span class="ruby-identifier">pages</span>)
<span class="ruby-identifier">set_file_name</span>(<span class="ruby-value">:popular</span>)
<span class="ruby-identifier">items</span> = <span class="ruby-identifier">get_popular_items</span>(<span class="ruby-identifier">pages</span>)
<span class="ruby-identifier">save</span> <span class="ruby-identifier">items</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- generate_popular_list-source -->
</div>
</div><!-- generate_popular_list-method -->
<div id="method-i-get_popular_items" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_popular_items</span><span
class="method-args">(pages)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Send a HTTP request to the WordPress most popular theme or plugin webpage
parse the response for the names.</p>
<div class="method-source-code" id="get_popular_items-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 83</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_popular_items</span>(<span class="ruby-identifier">pages</span>)
<span class="ruby-identifier">found_items</span> = []
<span class="ruby-identifier">page_count</span> = <span class="ruby-value">1</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
(<span class="ruby-value">1</span><span class="ruby-operator">...</span>(<span class="ruby-identifier">pages</span>.<span class="ruby-identifier">to_i</span> <span class="ruby-operator">+</span> <span class="ruby-value">1</span>)).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">page</span><span class="ruby-operator">|</span>
<span class="ruby-comment"># First page has another URL</span>
<span class="ruby-identifier">url</span> = (<span class="ruby-identifier">page</span> <span class="ruby-operator">==</span> <span class="ruby-value">1</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@popular_url</span> <span class="ruby-operator">:</span> <span class="ruby-ivar">@popular_url</span> <span class="ruby-operator">+</span> <span class="ruby-string">'page/'</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">page</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/'</span>
<span class="ruby-identifier">request</span> = <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;[+] Parsing page #{page_count}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">page_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-ivar">@popular_regex</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;[+] Found popular #@type: #{item}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">found_items</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">item</span>[<span class="ruby-value">0</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-ivar">@browser</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">found_items</span>.<span class="ruby-identifier">sort!</span>
<span class="ruby-identifier">found_items</span>.<span class="ruby-identifier">uniq</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_popular_items-source -->
</div>
</div><!-- get_popular_items-method -->
<div id="method-i-save" class="method-detail ">
<div class="method-heading">
<span class="method-name">save</span><span
class="method-args">(items)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Save the file</p>
<div class="method-source-code" id="save-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 120</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">save</span>(<span class="ruby-identifier">items</span>)
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">sort!</span>
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;[*] We have parsed #{items.length} #@types&quot;</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-ivar">@file_name</span>, <span class="ruby-string">'w'</span>) { <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span> <span class="ruby-identifier">f</span>.<span class="ruby-identifier">puts</span>(<span class="ruby-identifier">items</span>) }
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;New #@file_name file created&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- save-source -->
</div>
</div><!-- save-method -->
<div id="method-i-set_file_name" class="method-detail ">
<div class="method-heading">
<span class="method-name">set_file_name</span><span
class="method-args">(type)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="set_file_name-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/generate_list.rb, line 44</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">set_file_name</span>(<span class="ruby-identifier">type</span>)
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'plugin'</span>
<span class="ruby-keyword">case</span> <span class="ruby-identifier">type</span>
<span class="ruby-keyword">when</span> <span class="ruby-value">:full</span>
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">PLUGINS_FULL_FILE</span>
<span class="ruby-keyword">when</span> <span class="ruby-value">:popular</span>
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">PLUGINS_FILE</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Unknown type'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'theme'</span>
<span class="ruby-keyword">case</span> <span class="ruby-identifier">type</span>
<span class="ruby-keyword">when</span> <span class="ruby-value">:full</span>
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">THEMES_FULL_FILE</span>
<span class="ruby-keyword">when</span> <span class="ruby-value">:popular</span>
<span class="ruby-ivar">@file_name</span> = <span class="ruby-constant">THEMES_FILE</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-string">'Unknown type'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Unknown type #@type&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- set_file_name-source -->
</div>
</div><!-- set_file_name-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

423
doc/GitUpdater.html
View File

@@ -1,423 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class GitUpdater - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/updater/git_updater.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Updater.html">Updater</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-has_local_changes-3F">#has_local_changes?</a>
<li><a href="#method-i-is_installed-3F">#is_installed?</a>
<li><a href="#method-i-local_revision_number">#local_revision_number</a>
<li><a href="#method-i-repo_directory_arguments">#repo_directory_arguments</a>
<li><a href="#method-i-reset_head">#reset_head</a>
<li><a href="#method-i-update">#update</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class GitUpdater</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-has_local_changes-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_local_changes?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_local_changes-3F-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 38</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_local_changes?</span>
<span class="ruby-node">%x[git #{repo_directory_arguments()} diff --exit-code 2&gt;&amp;1]</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rdiff/</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_local_changes-3F-source -->
</div>
</div><!-- has_local_changes-3F-method -->
<div id="method-i-is_installed-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">is_installed?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="is_installed-3F-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_installed?</span>
<span class="ruby-node">%x[git #{repo_directory_arguments()} status 2&gt;&amp;1]</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rOn branch/</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_installed-3F-source -->
</div>
</div><!-- is_installed-3F-method -->
<div id="method-i-local_revision_number" class="method-detail ">
<div class="method-heading">
<span class="method-name">local_revision_number</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Git has not a revsion number like SVN, so we will take the 7 first chars of
the last commit hash</p>
<div class="method-source-code" id="local_revision_number-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 29</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">local_revision_number</span>
<span class="ruby-identifier">git_log</span> = <span class="ruby-node">%x[git #{repo_directory_arguments()} log -1 2&gt;&amp;1]</span>
<span class="ruby-identifier">git_log</span>[<span class="ruby-regexp">%rcommit ([0-9a-z]{7})/</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- local_revision_number-source -->
</div>
</div><!-- local_revision_number-method -->
<div id="method-i-reset_head" class="method-detail ">
<div class="method-heading">
<span class="method-name">reset_head</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="reset_head-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 42</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">reset_head</span>
<span class="ruby-node">%x[git #{repo_directory_arguments()} reset --hard HEAD]</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- reset_head-source -->
</div>
</div><!-- reset_head-method -->
<div id="method-i-update" class="method-detail ">
<div class="method-heading">
<span class="method-name">update</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="update-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">update</span>
<span class="ruby-node">%x[git #{repo_directory_arguments()} pull]</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- update-source -->
</div>
</div><!-- update-method -->
</section><!-- public-instance-method-details -->
<section id="protected-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Protected Instance Methods</h3>
<div id="method-i-repo_directory_arguments" class="method-detail ">
<div class="method-heading">
<span class="method-name">repo_directory_arguments</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="repo_directory_arguments-source">
<pre><span class="ruby-comment"># File lib/updater/git_updater.rb, line 47</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">repo_directory_arguments</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@repo_directory</span>
<span class="ruby-keyword">return</span> <span class="ruby-node">&quot;--git-dir=\&quot;#{@repo_directory}/.git\&quot; --work-tree=\&quot;#{@repo_directory}\&quot;&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- repo_directory_arguments-source -->
</div>
</div><!-- repo_directory_arguments-method -->
</section><!-- protected-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

348
doc/ListGeneratorPlugin.html
View File

@@ -1,348 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class ListGeneratorPlugin - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpstools/plugins/list_generator/list_generator_plugin.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Plugin.html">Plugin</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-run">#run</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class ListGeneratorPlugin</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/list_generator_plugin.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">author</span><span class="ruby-operator">:</span> <span class="ruby-string">'WPScanTeam - @FireFart'</span>)
<span class="ruby-identifier">register_options</span>(
[<span class="ruby-string">'--generate-plugin-list [NUMBER_OF_PAGES]'</span>, <span class="ruby-string">'--gpl'</span>, <span class="ruby-constant">Integer</span>, <span class="ruby-string">'Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)'</span>],
[<span class="ruby-string">'--generate-full-plugin-list'</span>, <span class="ruby-string">'--gfpl'</span>, <span class="ruby-string">'Generate a new full data/plugins.txt file'</span>],
[<span class="ruby-string">'--generate-theme-list [NUMBER_OF_PAGES]'</span>, <span class="ruby-string">'--gtl'</span>, <span class="ruby-constant">Integer</span>, <span class="ruby-string">'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)'</span>],
[<span class="ruby-string">'--generate-full-theme-list'</span>, <span class="ruby-string">'--gftl'</span>, <span class="ruby-string">'Generate a new full data/themes.txt file'</span>],
[<span class="ruby-string">'--generate-all'</span>, <span class="ruby-string">'--ga'</span>, <span class="ruby-string">'Generate a new full plugins, full themes, popular plugins and popular themes list'</span>]
)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-run" class="method-detail ">
<div class="method-heading">
<span class="method-name">run</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="run-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/list_generator_plugin.rb, line 35</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">run</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">verbose</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:verbose</span>] <span class="ruby-operator">||</span> <span class="ruby-keyword">false</span>
<span class="ruby-identifier">generate_all</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:generate_all</span>] <span class="ruby-operator">||</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:generate_plugin_list</span>) <span class="ruby-operator">||</span> <span class="ruby-identifier">generate_all</span>
<span class="ruby-identifier">number_of_pages</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:generate_plugin_list</span>] <span class="ruby-operator">||</span> <span class="ruby-value">150</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Generating new most popular plugin list'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-constant">GenerateList</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'plugins'</span>, <span class="ruby-identifier">verbose</span>).<span class="ruby-identifier">generate_popular_list</span>(<span class="ruby-identifier">number_of_pages</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:generate_full_plugin_list</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">generate_all</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Generating new full plugin list'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-constant">GenerateList</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'plugins'</span>, <span class="ruby-identifier">verbose</span>).<span class="ruby-identifier">generate_full_list</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>.<span class="ruby-identifier">has_key?</span>(<span class="ruby-value">:generate_theme_list</span>) <span class="ruby-operator">||</span> <span class="ruby-identifier">generate_all</span>
<span class="ruby-identifier">number_of_pages</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:generate_theme_list</span>] <span class="ruby-operator">||</span> <span class="ruby-value">150</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Generating new most popular theme list'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-constant">GenerateList</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'themes'</span>, <span class="ruby-identifier">verbose</span>).<span class="ruby-identifier">generate_popular_list</span>(<span class="ruby-identifier">number_of_pages</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:generate_full_theme_list</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">generate_all</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[+] Generating new full theme list'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-constant">GenerateList</span>.<span class="ruby-identifier">new</span>(<span class="ruby-string">'themes'</span>, <span class="ruby-identifier">verbose</span>).<span class="ruby-identifier">generate_full_list</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- run-source -->
</div>
</div><!-- run-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

370
doc/Malwares.html
View File

@@ -1,370 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module Malwares - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/malwares.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-malware_pattern">::malware_pattern</a>
<li><a href="#method-c-malwares_file">::malwares_file</a>
<li><a href="#method-i-has_malwares-3F">#has_malwares?</a>
<li><a href="#method-i-malwares">#malwares</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module Malwares</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-malware_pattern" class="method-detail ">
<div class="method-heading">
<span class="method-name">malware_pattern</span><span
class="method-args">(url_regex)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="malware_pattern-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 59</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">malware_pattern</span>(<span class="ruby-identifier">url_regex</span>)
<span class="ruby-comment"># no need to escape regex here, because malware.txt contains regex</span>
<span class="ruby-node">%r{&lt;(?:script|iframe).* src=(?:&quot;|')(#{url_regex}[^&quot;']*)(?:&quot;|')[^&gt;]*&gt;}</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- malware_pattern-source -->
</div>
</div><!-- malware_pattern-method -->
<div id="method-c-malwares_file" class="method-detail ">
<div class="method-heading">
<span class="method-name">malwares_file</span><span
class="method-args">(malwares_file_path)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="malwares_file-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 55</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">malwares_file</span>(<span class="ruby-identifier">malwares_file_path</span>)
<span class="ruby-identifier">malwares_file_path</span> <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/malwares.txt'</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- malwares_file-source -->
</div>
</div><!-- malwares_file-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-has_malwares-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_malwares?</span><span
class="method-args">(malwares_file_path = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_malwares-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 26</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_malwares?</span>(<span class="ruby-identifier">malwares_file_path</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-operator">!</span><span class="ruby-identifier">malwares</span>(<span class="ruby-identifier">malwares_file_path</span>).<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_malwares-3F-source -->
</div>
</div><!-- has_malwares-3F-method -->
<div id="method-i-malwares" class="method-detail ">
<div class="method-heading">
<span class="method-name">malwares</span><span
class="method-args">(malwares_file_path = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return array of string (url of malwares found)</p>
<div class="method-source-code" id="malwares-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/malwares.rb, line 31</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">malwares</span>(<span class="ruby-identifier">malwares_file_path</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@malwares</span>
<span class="ruby-identifier">malwares_found</span> = []
<span class="ruby-identifier">malwares_file</span> = <span class="ruby-constant">Malwares</span>.<span class="ruby-identifier">malwares_file</span>(<span class="ruby-identifier">malwares_file_path</span>)
<span class="ruby-identifier">index_page_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">malwares_file</span>, <span class="ruby-string">'r'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">file</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">url</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">chomped_url</span> = <span class="ruby-identifier">url</span>.<span class="ruby-identifier">chomp</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">chomped_url</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">malwares_found</span> <span class="ruby-operator">+=</span> <span class="ruby-identifier">index_page_body</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-constant">Malwares</span>.<span class="ruby-identifier">malware_pattern</span>(<span class="ruby-identifier">chomped_url</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">malwares_found</span>.<span class="ruby-identifier">flatten!</span>
<span class="ruby-identifier">malwares_found</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-ivar">@malwares</span> = <span class="ruby-identifier">malwares_found</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@malwares</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- malwares-source -->
</div>
</div><!-- malwares-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

919
doc/Object.html
View File

@@ -1,919 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class Object - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/common_helper.rb
<li>lib/wpscan/wpscan_helper.rb
<li>lib/wpstools/wpstools_helper.rb
<li>wpscan.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link">BasicObject
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-add_http_protocol">#add_http_protocol</a>
<li><a href="#method-i-add_trailing_slash">#add_trailing_slash</a>
<li><a href="#method-i-banner">#banner</a>
<li><a href="#method-i-colorize">#colorize</a>
<li><a href="#method-i-get_equal_string_end">#get_equal_string_end</a>
<li><a href="#method-i-get_metasploit_url">#get_metasploit_url</a>
<li><a href="#method-i-green">#green</a>
<li><a href="#method-i-help">#help</a>
<li><a href="#method-i-output_vulnerabilities">#output_vulnerabilities</a>
<li><a href="#method-i-puts">#puts</a>
<li><a href="#method-i-red">#red</a>
<li><a href="#method-i-require_files_from_directory">#require_files_from_directory</a>
<li><a href="#method-i-usage">#usage</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class Object</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Constants -->
<section id="constants-list" class="section">
<h3 class="section-header">Constants</h3>
<dl>
<dt id="CACHE_DIR">CACHE_DIR
<dd class="description">
<dt id="COMMON_LIB_DIR">COMMON_LIB_DIR
<dd class="description">
<dt id="COMON_PLUGINS_DIR">COMON_PLUGINS_DIR
<dd class="description"><p><a href="Plugins.html">Plugins</a> directories</p>
<dt id="CONF_DIR">CONF_DIR
<dd class="description">
<dt id="DATA_DIR">DATA_DIR
<dd class="description">
<dt id="LIB_DIR">LIB_DIR
<dd class="description">
<dt id="LOCAL_FILES_FILE">LOCAL_FILES_FILE
<dd class="description">
<dt id="LOCAL_FILES_XSD">LOCAL_FILES_XSD
<dd class="description">
<dt id="LOG_FILE">LOG_FILE
<dd class="description">
<dt id="PLUGINS_FILE">PLUGINS_FILE
<dd class="description"><p>Data files</p>
<dt id="PLUGINS_FULL_FILE">PLUGINS_FULL_FILE
<dd class="description">
<dt id="PLUGINS_VULNS_FILE">PLUGINS_VULNS_FILE
<dd class="description">
<dt id="REVISION">REVISION
<dd class="description">
<dt id="ROOT_DIR">ROOT_DIR
<dd class="description">
<dt id="THEMES_FILE">THEMES_FILE
<dd class="description">
<dt id="THEMES_FULL_FILE">THEMES_FULL_FILE
<dd class="description">
<dt id="THEMES_VULNS_FILE">THEMES_VULNS_FILE
<dd class="description">
<dt id="UPDATER_LIB_DIR">UPDATER_LIB_DIR
<dd class="description">
<dt id="VULNS_XSD">VULNS_XSD
<dd class="description">
<dt id="WPSCAN_LIB_DIR">WPSCAN_LIB_DIR
<dd class="description">
<dt id="WPSCAN_PLUGINS_DIR">WPSCAN_PLUGINS_DIR
<dd class="description">
<dt id="WPSCAN_VERSION">WPSCAN_VERSION
<dd class="description">
<dt id="WPSTOOLS_LIB_DIR">WPSTOOLS_LIB_DIR
<dd class="description">
<dt id="WPSTOOLS_PLUGINS_DIR">WPSTOOLS_PLUGINS_DIR
<dd class="description">
<dt id="WP_VERSIONS_FILE">WP_VERSIONS_FILE
<dd class="description">
<dt id="WP_VERSIONS_XSD">WP_VERSIONS_XSD
<dd class="description">
<dt id="WP_VULNS_FILE">WP_VULNS_FILE
<dd class="description">
</dl>
</section>
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-add_http_protocol" class="method-detail ">
<div class="method-heading">
<span class="method-name">add_http_protocol</span><span
class="method-args">(url)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Add protocol</p>
<div class="method-source-code" id="add_http_protocol-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 65</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">add_http_protocol</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">url</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r^https?:/</span> <span class="ruby-operator">?</span> <span class="ruby-identifier">url</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;http://#{url}&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- add_http_protocol-source -->
</div>
</div><!-- add_http_protocol-method -->
<div id="method-i-add_trailing_slash" class="method-detail ">
<div class="method-heading">
<span class="method-name">add_trailing_slash</span><span
class="method-args">(url)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="add_trailing_slash-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">url</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r\/$/</span> <span class="ruby-operator">?</span> <span class="ruby-identifier">url</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#{url}/&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- add_trailing_slash-source -->
</div>
</div><!-- add_trailing_slash-method -->
<div id="method-i-banner" class="method-detail ">
<div class="method-heading">
<span class="method-name">banner</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>our 1337 banner</p>
<div class="method-source-code" id="banner-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 135</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">banner</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'____________________________________________________'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' __ _______ _____ '</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' \ \ / / __ \ / ____| '</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' \ \ /\ / /| |__) | (___ ___ __ _ _ __ '</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' \ \/ \/ / | ___/ \___ \ / __|/ _` | \_ \ '</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' \ /\ / | | ____) | (__| (_| | | | |'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot; \\/ \\/ |_| |_____/ \\___|\\__,_|_| |_| v#{WPSCAN_VERSION}r#{REVISION}&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' WordPress Security Scanner by the WPScan Team'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' Sponsored by the RandomStorm Open Source Initiative'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'_____________________________________________________'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">RUBY_VERSION</span> <span class="ruby-operator">&lt;</span> <span class="ruby-string">'1.9'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'[WARNING] Ruby &lt; 1.9 not officially supported, please upgrade.'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- banner-source -->
</div>
</div><!-- banner-method -->
<div id="method-i-colorize" class="method-detail ">
<div class="method-heading">
<span class="method-name">colorize</span><span
class="method-args">(text, color_code)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="colorize-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 154</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-identifier">color_code</span>)
<span class="ruby-node">&quot;\e[#{color_code}m#{text}\e[0m&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- colorize-source -->
</div>
</div><!-- colorize-method -->
<div id="method-i-get_equal_string_end" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_equal_string_end</span><span
class="method-args">(stringarray = [''])</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Gets the string all elements in stringarray ends with</p>
<div class="method-source-code" id="get_equal_string_end-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 74</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_equal_string_end</span>(<span class="ruby-identifier">stringarray</span> = [<span class="ruby-string">''</span>])
<span class="ruby-identifier">already_found</span> = <span class="ruby-string">''</span>
<span class="ruby-identifier">looping</span> = <span class="ruby-keyword">true</span>
<span class="ruby-identifier">counter</span> = <span class="ruby-value">-1</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">stringarray</span>.<span class="ruby-identifier">kind_of?</span> <span class="ruby-constant">Array</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">stringarray</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">base</span> = <span class="ruby-identifier">stringarray</span>[<span class="ruby-value">0</span>]
<span class="ruby-keyword">while</span> <span class="ruby-identifier">looping</span>
<span class="ruby-identifier">character</span> = <span class="ruby-identifier">base</span>[<span class="ruby-identifier">counter</span>, <span class="ruby-value">1</span>]
<span class="ruby-identifier">stringarray</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">s</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">s</span>[<span class="ruby-identifier">counter</span>, <span class="ruby-value">1</span>] <span class="ruby-operator">!=</span> <span class="ruby-identifier">character</span>
<span class="ruby-identifier">looping</span> = <span class="ruby-keyword">false</span>
<span class="ruby-keyword">break</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">looping</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">false</span> <span class="ruby-keyword">or</span> (<span class="ruby-identifier">counter</span> * <span class="ruby-value">-1</span>) <span class="ruby-operator">&gt;</span> <span class="ruby-identifier">base</span>.<span class="ruby-identifier">length</span>
<span class="ruby-keyword">break</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">already_found</span> = <span class="ruby-node">&quot;#{character if character}#{already_found}&quot;</span>
<span class="ruby-identifier">counter</span> <span class="ruby-operator">-=</span> <span class="ruby-value">1</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">already_found</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_equal_string_end-source -->
</div>
</div><!-- get_equal_string_end-method -->
<div id="method-i-get_metasploit_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_metasploit_url</span><span
class="method-args">(module_path)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_metasploit_url-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 166</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_metasploit_url</span>(<span class="ruby-identifier">module_path</span>)
<span class="ruby-comment"># remove leading slash</span>
<span class="ruby-identifier">module_path</span> = <span class="ruby-identifier">module_path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">''</span>)
<span class="ruby-node">&quot;http://www.metasploit.com/modules/#{module_path}&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_metasploit_url-source -->
</div>
</div><!-- get_metasploit_url-method -->
<div id="method-i-green" class="method-detail ">
<div class="method-heading">
<span class="method-name">green</span><span
class="method-args">(text)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="green-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 162</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">green</span>(<span class="ruby-identifier">text</span>)
<span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-value">32</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- green-source -->
</div>
</div><!-- green-method -->
<div id="method-i-help" class="method-detail ">
<div class="method-heading">
<span class="method-name">help</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>command help</p>
<div class="method-source-code" id="help-source">
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_helper.rb, line 73</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">help</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'Help :'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'Some values are settable in conf/browser.conf.json :'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--update Update to the latest revision'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--url | -u &lt;target url&gt; The WordPress URL/domain to scan.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--force | -f Forces WPScan to not check if the remote site is running WordPress.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--enumerate | -e [option(s)] Enumeration.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' option :'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' u usernames from id 1 to 10'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' u[10-20] usernames from id 10 to 20 (you must write [] chars)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' p plugins'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' vp only vulnerable plugins'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' ap all plugins (can take a long time)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' tt timthumbs'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' t themes'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' vt only vulnerable themes'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' at all themes (can take a long time)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' Multiple values are allowed : &quot;-e t,p&quot; will enumerate timthumbs and plugins'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' If no option is supplied, the default is &quot;vt,tt,u,vp&quot;'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--exclude-content-based &quot;&lt;regexp or string&gt;&quot; Used with the enumeration option, will exclude all occurence based on the regexp or string supplied'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--config-file | -c &lt;config file&gt; Use the specified config file'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--wp-content-dir &lt;wp content dir&gt; WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--wp-plugins-dir &lt;wp plugins dir&gt; Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--proxy &lt;[protocol://]host:port&gt; Supply a proxy (will override the one from conf/browser.conf.json).'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--proxy-auth &lt;username:password&gt; Supply the proxy login credentials (will override the one from conf/browser.conf.json).'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--basic-auth &lt;username:password&gt; Set the HTTP Basic authentification'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter and do the brute.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--threads | -t &lt;number of threads&gt; The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--username | -U &lt;username&gt; Only brute force the supplied username.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--help | -h This help screen.'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'--verbose | -v Verbose output.'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- help-source -->
</div>
</div><!-- help-method -->
<div id="method-i-output_vulnerabilities" class="method-detail ">
<div class="method-heading">
<span class="method-name">output_vulnerabilities</span><span
class="method-args">(vulns)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="output_vulnerabilities-source">
<pre><span class="ruby-comment"># File wpscan.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">output_vulnerabilities</span>(<span class="ruby-identifier">vulns</span>)
<span class="ruby-identifier">vulns</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">vulnerability</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' | '</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;* Title: #{vulnerability.title}&quot;</span>)
<span class="ruby-identifier">vulnerability</span>.<span class="ruby-identifier">references</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' | '</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;* Reference: #{r}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">vulnerability</span>.<span class="ruby-identifier">metasploit_modules</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">m</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">' | '</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">red</span>(<span class="ruby-node">&quot;* Metasploit module: #{get_metasploit_url(m)}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- output_vulnerabilities-source -->
</div>
</div><!-- output_vulnerabilities-method -->
<div id="method-i-puts" class="method-detail ">
<div class="method-heading">
<span class="method-name">puts</span><span
class="method-args">(o = '')</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Override for puts to enable logging</p>
<div class="method-source-code" id="puts-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 173</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">puts</span>(<span class="ruby-identifier">o</span> = <span class="ruby-string">''</span>)
<span class="ruby-comment"># remove color for logging</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">o</span>.<span class="ruby-identifier">respond_to?</span>(<span class="ruby-string">'gsub'</span>)
<span class="ruby-identifier">temp</span> = <span class="ruby-identifier">o</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">%r\e\[\d+m(.*)?\e\[0m/</span>, <span class="ruby-string">'\1'</span>)
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-constant">LOG_FILE</span>, <span class="ruby-string">'a+'</span>) { <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span> <span class="ruby-identifier">f</span>.<span class="ruby-identifier">puts</span>(<span class="ruby-identifier">temp</span>) }
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">o</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- puts-source -->
</div>
</div><!-- puts-method -->
<div id="method-i-red" class="method-detail ">
<div class="method-heading">
<span class="method-name">red</span><span
class="method-args">(text)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="red-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 158</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">red</span>(<span class="ruby-identifier">text</span>)
<span class="ruby-identifier">colorize</span>(<span class="ruby-identifier">text</span>, <span class="ruby-value">31</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- red-source -->
</div>
</div><!-- red-method -->
<div id="method-i-require_files_from_directory" class="method-detail ">
<div class="method-heading">
<span class="method-name">require_files_from_directory</span><span
class="method-args">(absolute_dir_path, files_pattern = '*.rb')</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>TODO : add an exclude pattern ?</p>
<div class="method-source-code" id="require_files_from_directory-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 53</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">require_files_from_directory</span>(<span class="ruby-identifier">absolute_dir_path</span>, <span class="ruby-identifier">files_pattern</span> = <span class="ruby-string">'*.rb'</span>)
<span class="ruby-constant">Dir</span>[<span class="ruby-constant">File</span>.<span class="ruby-identifier">join</span>(<span class="ruby-identifier">absolute_dir_path</span>, <span class="ruby-identifier">files_pattern</span>)].<span class="ruby-identifier">sort</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">expand_path</span>(<span class="ruby-identifier">f</span>)
<span class="ruby-identifier">require</span> <span class="ruby-identifier">f</span>
<span class="ruby-comment">#puts &quot;require #{f}&quot; # Used for debug</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- require_files_from_directory-source -->
</div>
</div><!-- require_files_from_directory-method -->
<div id="method-i-usage" class="method-detail ">
<div class="method-heading">
<span class="method-name">usage</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>wpscan usage</p>
<div class="method-source-code" id="usage-source">
<pre><span class="ruby-comment"># File lib/wpscan/wpscan_helper.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">usage</span>
<span class="ruby-identifier">script_name</span> = <span class="ruby-identifier">$0</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'Examples :'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Further help ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --help&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Do 'non-intrusive' checks ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Do wordlist password brute force on enumerated users using 50 threads ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;-Do wordlist password brute force on the 'admin' username only ...&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Enumerate installed plugins ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate p&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Enumerate installed themes ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate t&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Enumerate users ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate u&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Enumerate installed timthumbs ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --enumerate tt&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Use a HTTP proxy ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Use a SOCKS5 proxy ... (cURL &gt;= v7.21.7 needed)'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Use custom content directory ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} -u www.example.com --wp-content-dir custom-content&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Use custom plugins directory ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'-Update ...'</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;ruby #{script_name} --update&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">'See README for further information.'</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- usage-source -->
</div>
</div><!-- usage-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

379
doc/Plugin.html
View File

@@ -1,379 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class Plugin - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/common/plugins/plugin.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-register_options">#register_options</a>
<li><a href="#method-i-run">#run</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class Plugin</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-author" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">author</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-registered_options" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">registered_options</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(infos = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugin.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">infos</span> = {})
<span class="ruby-ivar">@author</span> = <span class="ruby-identifier">infos</span>[<span class="ruby-value">:author</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-register_options" class="method-detail ">
<div class="method-heading">
<span class="method-name">register_options</span><span
class="method-args">(*options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param <a href="Array.html">Array</a> options</p>
<div class="method-source-code" id="register_options-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugin.rb, line 32</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">register_options</span>(*<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">options</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">option</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">option</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Array</span>)
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Each option must be an array, #{option.class} supplied&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@registered_options</span> = <span class="ruby-identifier">options</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- register_options-source -->
</div>
</div><!-- register_options-method -->
<div id="method-i-run" class="method-detail ">
<div class="method-heading">
<span class="method-name">run</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="run-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugin.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">run</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">raise</span> <span class="ruby-constant">NotImplementedError</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- run-source -->
</div>
</div><!-- run-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

380
doc/Plugins.html
View File

@@ -1,380 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class Plugins - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/common/plugins/plugins.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Array.html">Array</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-register">#register</a>
<li><a href="#method-i-register_plugin">#register_plugin</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class Plugins</h1>
<div id="description" class="description">
<pre>WPScan - WordPress Security Scanner
Copyright (C) 2012-2013
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see &lt;http://www.gnu.org/licenses/&gt;.</pre>
<p>++</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-option_parser" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">option_parser</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(option_parser = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugins.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">option_parser</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">option_parser</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">option_parser</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">CustomOptionParser</span>)
<span class="ruby-ivar">@option_parser</span> = <span class="ruby-identifier">option_parser</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;The parser must be an instance of CustomOptionParser, #{option_parser.class} supplied&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@option_parser</span> = <span class="ruby-constant">CustomOptionParser</span>.<span class="ruby-identifier">new</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-register" class="method-detail ">
<div class="method-heading">
<span class="method-name">register</span><span
class="method-args">(*plugins)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param Array(<a href="Plugin.html">Plugin</a>) plugins</p>
<div class="method-source-code" id="register-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugins.rb, line 36</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">register</span>(*<span class="ruby-identifier">plugins</span>)
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">plugin</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">register_plugin</span>(<span class="ruby-identifier">plugin</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- register-source -->
</div>
</div><!-- register-method -->
<div id="method-i-register_plugin" class="method-detail ">
<div class="method-heading">
<span class="method-name">register_plugin</span><span
class="method-args">(plugin)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param <a href="Plugin.html">Plugin</a> plugin</p>
<div class="method-source-code" id="register_plugin-source">
<pre><span class="ruby-comment"># File lib/common/plugins/plugins.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">register_plugin</span>(<span class="ruby-identifier">plugin</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">plugin</span>.<span class="ruby-identifier">is_a?</span>(<span class="ruby-constant">Plugin</span>)
<span class="ruby-keyword">self</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">plugin</span>
<span class="ruby-comment"># A plugin may not have options</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">plugin_options</span> = <span class="ruby-identifier">plugin</span>.<span class="ruby-identifier">registered_options</span>
<span class="ruby-ivar">@option_parser</span>.<span class="ruby-identifier">add</span>(<span class="ruby-identifier">plugin_options</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;The argument must be an instance of Plugin, #{plugin.class} supplied&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- register_plugin-source -->
</div>
</div><!-- register_plugin-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

401
doc/README.html
View File

@@ -1,401 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>README - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body class="file">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation" class="description">
<p><em>__</em></p>
<pre>__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|</pre>
<p><em>__</em></p>
<h2 id="label-LICENSE%3D%3D">LICENSE==</h2>
<p>WPScan - WordPress Security Scanner Copyright (C) 2011-2013 The WPScan Team</p>
<p>This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.</p>
<p>This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details.</p>
<p>You should have received a copy of the GNU General Public License along
with this program. If not, see &lt;<a
href="http://www.gnu.org/licenses/">www.gnu.org/licenses/</a>&gt;.</p>
<p>ryandewhurst at gmail</p>
<h2 id="label-INSTALL%3D%3D">INSTALL==</h2>
<pre class="ruby"><span class="ruby-constant">WPScan</span> <span class="ruby-identifier">comes</span> <span class="ruby-identifier">pre</span><span class="ruby-operator">-</span><span class="ruby-identifier">installed</span> <span class="ruby-identifier">on</span> <span class="ruby-identifier">the</span> <span class="ruby-identifier">following</span> <span class="ruby-constant">Linux</span> <span class="ruby-identifier">distributions</span><span class="ruby-operator">:</span>
* <span class="ruby-constant">BackBox</span> <span class="ruby-constant">Linux</span>
* <span class="ruby-constant">BackTrack</span> <span class="ruby-constant">Linux</span> (<span class="ruby-identifier">outdated</span> <span class="ruby-constant">WPScan</span> <span class="ruby-identifier">installed</span>, <span class="ruby-identifier">update</span> <span class="ruby-identifier">needed</span>)
* <span class="ruby-constant">Pentoo</span>
* <span class="ruby-constant">SamuraiWTF</span>
<span class="ruby-constant">Prerequisites</span><span class="ruby-operator">:</span>
* <span class="ruby-constant">Windows</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">supported</span>
* <span class="ruby-constant">Ruby</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">1.9</span>
* <span class="ruby-constant">RubyGems</span>
* <span class="ruby-constant">Git</span>
<span class="ruby-operator">-</span><span class="ruby-operator">&gt;</span> <span class="ruby-constant">Installing</span> <span class="ruby-identifier">on</span> <span class="ruby-constant">Debian</span><span class="ruby-operator">/</span><span class="ruby-constant">Ubuntu</span><span class="ruby-operator">:</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">apt</span><span class="ruby-operator">-</span><span class="ruby-identifier">get</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">libcurl4</span><span class="ruby-operator">-</span><span class="ruby-identifier">gnutls</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libopenssl</span><span class="ruby-operator">-</span><span class="ruby-identifier">ruby</span> <span class="ruby-identifier">libxml2</span> <span class="ruby-identifier">libxml2</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libxslt1</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">ruby</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span>
<span class="ruby-identifier">git</span> <span class="ruby-identifier">clone</span> <span class="ruby-identifier">https</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rgithub.com/</span><span class="ruby-identifier">wpscanteam</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">git</span>
<span class="ruby-identifier">cd</span> <span class="ruby-identifier">wpscan</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">without</span> <span class="ruby-identifier">test</span> <span class="ruby-identifier">development</span>
<span class="ruby-operator">-</span><span class="ruby-operator">&gt;</span> <span class="ruby-constant">Installing</span> <span class="ruby-identifier">on</span> <span class="ruby-constant">Fedora</span><span class="ruby-operator">:</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">yum</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">libcurl</span><span class="ruby-operator">-</span><span class="ruby-identifier">devel</span>
<span class="ruby-identifier">git</span> <span class="ruby-identifier">clone</span> <span class="ruby-identifier">https</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rgithub.com/</span><span class="ruby-identifier">wpscanteam</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">git</span>
<span class="ruby-identifier">cd</span> <span class="ruby-identifier">wpscan</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">without</span> <span class="ruby-identifier">test</span> <span class="ruby-identifier">development</span>
<span class="ruby-operator">-</span><span class="ruby-operator">&gt;</span> <span class="ruby-constant">Installing</span> <span class="ruby-identifier">on</span> <span class="ruby-constant">Archlinux</span><span class="ruby-operator">:</span>
<span class="ruby-identifier">pacman</span> <span class="ruby-operator">-</span><span class="ruby-constant">Sy</span> <span class="ruby-identifier">ruby</span>
<span class="ruby-identifier">pacman</span> <span class="ruby-operator">-</span><span class="ruby-constant">Sy</span> <span class="ruby-identifier">libyaml</span>
<span class="ruby-identifier">git</span> <span class="ruby-identifier">clone</span> <span class="ruby-identifier">https</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rgithub.com/</span><span class="ruby-identifier">wpscanteam</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">git</span>
<span class="ruby-identifier">cd</span> <span class="ruby-identifier">wpscan</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">without</span> <span class="ruby-identifier">test</span> <span class="ruby-identifier">development</span>
<span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">typhoeus</span>
<span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">nokogiri</span>
<span class="ruby-operator">-</span><span class="ruby-operator">&gt;</span> <span class="ruby-constant">Installing</span> <span class="ruby-identifier">on</span> <span class="ruby-constant">Mac</span> <span class="ruby-constant">OS</span> <span class="ruby-constant">X</span><span class="ruby-operator">:</span>
<span class="ruby-identifier">git</span> <span class="ruby-identifier">clone</span> <span class="ruby-identifier">https</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rgithub.com/</span><span class="ruby-identifier">wpscanteam</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span>.<span class="ruby-identifier">git</span>
<span class="ruby-identifier">cd</span> <span class="ruby-identifier">wpscan</span>
<span class="ruby-identifier">sudo</span> <span class="ruby-identifier">gem</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">bundler</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">bundle</span> <span class="ruby-identifier">install</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span><span class="ruby-identifier">without</span> <span class="ruby-identifier">test</span> <span class="ruby-identifier">development</span>
</pre>
<h2 id="label-KNOWN+ISSUES%3D%3D">KNOWN ISSUES==</h2>
<pre class="ruby"><span class="ruby-operator">-</span> <span class="ruby-constant">Typhoeus</span> <span class="ruby-identifier">segmentation</span> <span class="ruby-identifier">fault</span><span class="ruby-operator">:</span>
<span class="ruby-constant">Update</span> <span class="ruby-identifier">cURL</span> <span class="ruby-identifier">to</span> <span class="ruby-identifier">version</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">7.21</span> (<span class="ruby-identifier">may</span> <span class="ruby-identifier">have</span> <span class="ruby-identifier">to</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">from</span> <span class="ruby-identifier">source</span>)
<span class="ruby-constant">See</span> <span class="ruby-identifier">http</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rcode.google.com/</span><span class="ruby-identifier">p</span><span class="ruby-operator">/</span><span class="ruby-identifier">wpscan</span><span class="ruby-operator">/</span><span class="ruby-identifier">issues</span><span class="ruby-operator">/</span><span class="ruby-identifier">detail?</span><span class="ruby-identifier">id</span>=<span class="ruby-value">81</span>
<span class="ruby-operator">-</span> <span class="ruby-constant">Proxy</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">working</span><span class="ruby-operator">:</span>
<span class="ruby-constant">Update</span> <span class="ruby-identifier">cURL</span> <span class="ruby-identifier">to</span> <span class="ruby-identifier">version</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">7.21</span><span class="ruby-value">.7</span> (<span class="ruby-identifier">may</span> <span class="ruby-identifier">have</span> <span class="ruby-identifier">to</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">from</span> <span class="ruby-identifier">source</span>).
<span class="ruby-constant">Installation</span> <span class="ruby-identifier">from</span> <span class="ruby-identifier">sources</span> <span class="ruby-operator">:</span>
<span class="ruby-operator">-</span> <span class="ruby-constant">Grab</span> <span class="ruby-identifier">the</span> <span class="ruby-identifier">sources</span> <span class="ruby-identifier">from</span> <span class="ruby-identifier">http</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rcurl.haxx.se/</span><span class="ruby-identifier">download</span>.<span class="ruby-identifier">html</span>
<span class="ruby-operator">-</span> <span class="ruby-constant">Decompress</span> <span class="ruby-identifier">the</span> <span class="ruby-identifier">archive</span>
<span class="ruby-operator">-</span> <span class="ruby-constant">Open</span> <span class="ruby-identifier">the</span> <span class="ruby-identifier">folder</span> <span class="ruby-identifier">with</span> <span class="ruby-identifier">the</span> <span class="ruby-identifier">extracted</span> <span class="ruby-identifier">files</span>
<span class="ruby-operator">-</span> <span class="ruby-constant">Run</span> .<span class="ruby-operator">/</span><span class="ruby-identifier">configure</span>
<span class="ruby-operator">-</span> <span class="ruby-constant">Run</span> <span class="ruby-identifier">make</span>
<span class="ruby-operator">-</span> <span class="ruby-constant">Run</span> <span class="ruby-identifier">sudo</span> <span class="ruby-identifier">make</span> <span class="ruby-identifier">install</span>
<span class="ruby-operator">-</span> <span class="ruby-constant">Run</span> <span class="ruby-identifier">sudo</span> <span class="ruby-identifier">ldconfig</span>
<span class="ruby-operator">-</span> <span class="ruby-identifier">cannot</span> <span class="ruby-identifier">load</span> <span class="ruby-identifier">such</span> <span class="ruby-identifier">file</span> <span class="ruby-operator">-</span><span class="ruby-operator">-</span> <span class="ruby-identifier">readline</span><span class="ruby-operator">:</span>
<span class="ruby-constant">Run</span> <span class="ruby-identifier">sudo</span> <span class="ruby-identifier">aptitude</span> <span class="ruby-identifier">install</span> <span class="ruby-identifier">libreadline5</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span> <span class="ruby-identifier">libncurses5</span><span class="ruby-operator">-</span><span class="ruby-identifier">dev</span>
<span class="ruby-constant">Then</span>, <span class="ruby-identifier">open</span> <span class="ruby-identifier">the</span> <span class="ruby-identifier">directory</span> <span class="ruby-identifier">of</span> <span class="ruby-identifier">the</span> <span class="ruby-identifier">readline</span> <span class="ruby-identifier">gem</span> (<span class="ruby-identifier">you</span> <span class="ruby-identifier">have</span> <span class="ruby-identifier">to</span> <span class="ruby-identifier">locate</span> <span class="ruby-identifier">it</span>)
<span class="ruby-identifier">cd</span> <span class="ruby-operator">~</span><span class="ruby-regexp">%r.rvm/</span><span class="ruby-identifier">rc</span><span class="ruby-operator">/</span><span class="ruby-identifier">ruby</span><span class="ruby-operator">-</span><span class="ruby-value">1.9</span><span class="ruby-value">.2</span><span class="ruby-operator">-</span><span class="ruby-identifier">p180</span><span class="ruby-operator">/</span><span class="ruby-identifier">ext</span><span class="ruby-operator">/</span><span class="ruby-identifier">readline</span>
<span class="ruby-identifier">ruby</span> <span class="ruby-identifier">extconf</span>.<span class="ruby-identifier">rb</span>
<span class="ruby-identifier">make</span>
<span class="ruby-identifier">make</span> <span class="ruby-identifier">install</span>
<span class="ruby-constant">See</span> <span class="ruby-identifier">http</span>:<span class="ruby-operator">/</span><span class="ruby-regexp">%rvvv.tobiassjosten.net/</span><span class="ruby-identifier">ruby</span><span class="ruby-operator">-</span><span class="ruby-identifier">on</span><span class="ruby-operator">-</span><span class="ruby-identifier">rails</span><span class="ruby-operator">/</span><span class="ruby-identifier">fixing</span><span class="ruby-operator">-</span><span class="ruby-identifier">readline</span><span class="ruby-operator">-</span><span class="ruby-keyword">for</span><span class="ruby-operator">-</span><span class="ruby-identifier">the</span><span class="ruby-operator">-</span><span class="ruby-identifier">ruby</span><span class="ruby-operator">-</span><span class="ruby-identifier">on</span><span class="ruby-operator">-</span><span class="ruby-identifier">rails</span><span class="ruby-operator">-</span><span class="ruby-identifier">console</span><span class="ruby-operator">/</span> <span class="ruby-keyword">for</span> <span class="ruby-identifier">more</span> <span class="ruby-identifier">details</span>
</pre>
<h2 id="label-WPSCAN+ARGUMENTS%3D%3D">WPSCAN ARGUMENTS==</h2>
<p>update Update to the latest revision</p>
<p>url | -u &lt;target url&gt; The WordPress URL/domain to scan.</p>
<p>force | -f Forces WPScan to not check if the remote site is running
WordPress.</p>
<p>enumerate | -e [option(s)] Enumeration.</p>
<pre>option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
vp only vulnerable plugins
ap all plugins (can take a long time)
tt timthumbs
t themes
vp only vulnerable themes
at all themes (can take a long time)
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp'</pre>
<p>exclude-content-based &lt;regexp or string&gt; Used with the
enumeration option, will exclude all occurence based on the regexp or
string supplied</p>
<pre>You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)</pre>
<p>config-file | -c &lt;config file&gt; Use the specified config file</p>
<p>follow-redirection If the target url has a redirection, it will be
followed without asking if you wanted to do so or not</p>
<p>wp-content-dir &lt;wp content dir&gt; WPScan try to find the content
directory (ie wp-content) by scanning the index page, however you can
specified it. Subdirectories are allowed</p>
<p>wp-plugins-dir &lt;wp plugins dir&gt; Same thing than wp-content-dir but
for the plugins directory. If not supplied, WPScan will use
wp-content-dir/plugins. Subdirectories are allowed</p>
<p>proxy &lt;[protocol://]host:port&gt; Supply a proxy (will override the
one from conf/browser.conf.json).</p>
<pre>HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used</pre>
<p>proxy-auth &lt;username:password&gt; Supply the proxy login credentials
(will override the one from conf/browser.conf.json).</p>
<p>basic-auth &lt;username:password&gt; Set the HTTP Basic authentification</p>
<p>wordlist | -w &lt;wordlist&gt; Supply a wordlist for the password bruter
and do the brute.</p>
<p>threads | -t &lt;number of threads&gt; The number of threads to use when
multi-threading requests. (will override the value from
conf/browser.conf.json)</p>
<p>username | -U &lt;username&gt; Only brute force the supplied username.</p>
<p>help | -h This help screen.</p>
<p>verbose | -v Verbose output.</p>
<h2 id="label-WPSCAN+EXAMPLES%3D%3D">WPSCAN EXAMPLES==</h2>
<p>Do non-intrusive checks…</p>
<pre>ruby wpscan.rb --url www.example.com</pre>
<p>Do wordlist password brute force on enumerated users using 50 threads…</p>
<pre>ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50</pre>
<p>Do wordlist password brute force on the admin username only…</p>
<pre>ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin</pre>
<p>Enumerate instaled plugins…</p>
<pre>ruby wpscan.rb --url www.example.com --enumerate p</pre>
<h2 id="label-WPSTOOLS+ARGUMENTS%3D%3D">WPSTOOLS ARGUMENTS==</h2>
<p>help | -h This help screen. Verbose | -v Verbose output. update
| -u Update to the latest revision. generate_plugin_list [number of
pages] Generate a new data/plugins.txt file. (supply number of
<strong>pages</strong> to parse, default : 150) gpl Alias for
generate_plugin_list check-local-vulnerable-files | clvf &lt;local
directory&gt; Perform a recursive scan in the &lt;local directory&gt; to
find vulnerable files or shells</p>
<h2 id="label-WPSTOOLS+EXAMPLES%3D%3D">WPSTOOLS EXAMPLES==</h2>
<ul><li>
<p>Generate a new most popular plugin list, up to 150 pages …</p>
</li></ul>
<p>ruby wpstools.rb generate_plugin_list 150</p>
<ul><li>
<p>Locally scan a wordpress installation for vulnerable files or shells :</p>
</li></ul>
<p>ruby wpstools.rb check-local-vulnerable-files /var/www/wordpress/</p>
<h3 id="label-PROJECT+HOME%3D%3D%3D">PROJECT HOME===</h3>
<p><a href="http://www.wpscan.org">www.wpscan.org</a></p>
<h3 id="label-REPOSITORY%3D%3D%3D">REPOSITORY===</h3>
<p><a
href="https://github.com/wpscanteam/wpscan">github.com/wpscanteam/wpscan</a></p>
<h3 id="label-ISSUES%3D%3D%3D">ISSUES===</h3>
<p><a
href="https://github.com/wpscanteam/wpscan/issues">github.com/wpscanteam/wpscan/issues</a></p>
<h3 id="label-SPONSOR%3D%3D%3D">SPONSOR===</h3>
<p>WPScan is sponsored by the RandomStorm Open Source Initiative.</p>
<p>Visit RandomStorm at <a
href="http://www.randomstorm.com">www.randomstorm.com</a></p>
</div>
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

341
doc/SvnParser.html
View File

@@ -1,341 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class SvnParser - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpstools/plugins/list_generator/svn_parser.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-parse">#parse</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class SvnParser</h1>
<div id="description" class="description">
<p>This Class Parses SVN Repositories via HTTP</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-keep_empty_dirs" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">keep_empty_dirs</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-svn_root" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">svn_root</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-verbose" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">verbose</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(svn_root)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/svn_parser.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">svn_root</span>)
<span class="ruby-ivar">@svn_root</span> = <span class="ruby-identifier">svn_root</span>
<span class="ruby-ivar">@svn_browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-ivar">@svn_hydra</span> = <span class="ruby-ivar">@svn_browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-parse" class="method-detail ">
<div class="method-heading">
<span class="method-name">parse</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="parse-source">
<pre><span class="ruby-comment"># File lib/wpstools/plugins/list_generator/svn_parser.rb, line 30</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">parse</span>
<span class="ruby-identifier">get_root_directories</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- parse-source -->
</div>
</div><!-- parse-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

336
doc/SvnUpdater.html
View File

@@ -1,336 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class SvnUpdater - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/updater/svn_updater.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Updater.html">Updater</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-is_installed-3F">#is_installed?</a>
<li><a href="#method-i-local_revision_number">#local_revision_number</a>
<li><a href="#method-i-update">#update</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class SvnUpdater</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Constants -->
<section id="constants-list" class="section">
<h3 class="section-header">Constants</h3>
<dl>
<dt id="REVISION_PATTERN">REVISION_PATTERN
<dd class="description">
<dt id="TRUNK_URL">TRUNK_URL
<dd class="description">
</dl>
</section>
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-is_installed-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">is_installed?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="is_installed-3F-source">
<pre><span class="ruby-comment"># File lib/updater/svn_updater.rb, line 26</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_installed?</span>
<span class="ruby-node">%x[svn info &quot;#@repo_directory&quot; --xml 2&gt;&amp;1]</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rrevision=/</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_installed-3F-source -->
</div>
</div><!-- is_installed-3F-method -->
<div id="method-i-local_revision_number" class="method-detail ">
<div class="method-heading">
<span class="method-name">local_revision_number</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="local_revision_number-source">
<pre><span class="ruby-comment"># File lib/updater/svn_updater.rb, line 30</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">local_revision_number</span>
<span class="ruby-identifier">local_revision</span> = <span class="ruby-node">%x[svn info &quot;#@repo_directory&quot; --xml 2&gt;&amp;1]</span>
<span class="ruby-identifier">local_revision</span>[<span class="ruby-constant">REVISION_PATTERN</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- local_revision_number-source -->
</div>
</div><!-- local_revision_number-method -->
<div id="method-i-update" class="method-detail ">
<div class="method-heading">
<span class="method-name">update</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="update-source">
<pre><span class="ruby-comment"># File lib/updater/svn_updater.rb, line 35</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">update</span>
<span class="ruby-node">%x[svn up &quot;#@repo_directory&quot;]</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- update-source -->
</div>
</div><!-- update-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

247
doc/URI.html
View File

@@ -1,247 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module URI - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/common_helper.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-escape">::escape</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module URI</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-escape" class="method-detail ">
<div class="method-heading">
<span class="method-name">escape</span><span
class="method-args">(str)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="escape-source">
<pre><span class="ruby-comment"># File lib/common_helper.rb, line 102</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">escape</span>(<span class="ruby-identifier">str</span>)
<span class="ruby-constant">URI</span>.<span class="ruby-identifier">encode_www_form_component</span>(<span class="ruby-identifier">str</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-string">'+'</span>, <span class="ruby-string">'%20'</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- escape-source -->
</div>
</div><!-- escape-method -->
</section><!-- public-class-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

379
doc/Updater.html
View File

@@ -1,379 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class Updater - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/updater/updater.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-is_installed-3F">#is_installed?</a>
<li><a href="#method-i-local_revision_number">#local_revision_number</a>
<li><a href="#method-i-update">#update</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class Updater</h1>
<div id="description" class="description">
<p>This class act as an absract one</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-repo_directory" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">repo_directory</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(repo_directory = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>TODO : add a last / to <a
href="Updater.html#attribute-i-repo_directory">#repo_directory</a> if its
not present</p>
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/updater/updater.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">repo_directory</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-ivar">@repo_directory</span> = <span class="ruby-identifier">repo_directory</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-is_installed-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">is_installed?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="is_installed-3F-source">
<pre><span class="ruby-comment"># File lib/updater/updater.rb, line 29</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_installed?</span>
<span class="ruby-identifier">raise</span> <span class="ruby-constant">NotImplementedError</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_installed-3F-source -->
</div>
</div><!-- is_installed-3F-method -->
<div id="method-i-local_revision_number" class="method-detail ">
<div class="method-heading">
<span class="method-name">local_revision_number</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="local_revision_number-source">
<pre><span class="ruby-comment"># File lib/updater/updater.rb, line 33</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">local_revision_number</span>
<span class="ruby-identifier">raise</span> <span class="ruby-constant">NotImplementedError</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- local_revision_number-source -->
</div>
</div><!-- local_revision_number-method -->
<div id="method-i-update" class="method-detail ">
<div class="method-heading">
<span class="method-name">update</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="update-source">
<pre><span class="ruby-comment"># File lib/updater/updater.rb, line 37</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">update</span>
<span class="ruby-identifier">raise</span> <span class="ruby-constant">NotImplementedError</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- update-source -->
</div>
</div><!-- update-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

298
doc/UpdaterFactory.html
View File

@@ -1,298 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class UpdaterFactory - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/updater/updater_factory.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-available_updaters_classes">::available_updaters_classes</a>
<li><a href="#method-c-get_updater">::get_updater</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class UpdaterFactory</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-get_updater" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_updater</span><span
class="method-args">(repo_directory)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_updater-source">
<pre><span class="ruby-comment"># File lib/updater/updater_factory.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">get_updater</span>(<span class="ruby-identifier">repo_directory</span>)
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">available_updaters_classes</span>().<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">updater_symbol</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">updater</span> = <span class="ruby-constant">Object</span>.<span class="ruby-identifier">const_get</span>(<span class="ruby-identifier">updater_symbol</span>).<span class="ruby-identifier">new</span>(<span class="ruby-identifier">repo_directory</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">updater</span>.<span class="ruby-identifier">is_installed?</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">updater</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_updater-source -->
</div>
</div><!-- get_updater-method -->
</section><!-- public-class-method-details -->
<section id="protected-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="method-c-available_updaters_classes" class="method-detail ">
<div class="method-heading">
<span class="method-name">available_updaters_classes</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return array of class symbols</p>
<div class="method-source-code" id="available_updaters_classes-source">
<pre><span class="ruby-comment"># File lib/updater/updater_factory.rb, line 35</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">available_updaters_classes</span>
<span class="ruby-constant">Object</span>.<span class="ruby-identifier">constants</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">%r^.+Updater$/</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- available_updaters_classes-source -->
</div>
</div><!-- available_updaters_classes-method -->
</section><!-- protected-class-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

301
doc/Vulnerable.html
View File

@@ -1,301 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class Vulnerable - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/vulnerable.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-vulnerabilities">#vulnerabilities</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class Vulnerable</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-vulns_file" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_file</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-vulns_xpath" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_xpath</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-vulnerabilities" class="method-detail ">
<div class="method-heading">
<span class="method-name">vulnerabilities</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@return an array of <a href="WpVulnerability.html">WpVulnerability</a> (can
be empty)</p>
<div class="method-source-code" id="vulnerabilities-source">
<pre><span class="ruby-comment"># File lib/wpscan/vulnerable.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">vulnerabilities</span>
<span class="ruby-identifier">vulnerabilities</span> = []
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-ivar">@vulns_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-ivar">@vulns_xpath</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">vulnerabilities</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpVulnerability</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'title'</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'reference'</span>).<span class="ruby-identifier">map</span>(&amp;<span class="ruby-value">:text</span>),
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'type'</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'metasploit'</span>).<span class="ruby-identifier">map</span>(&amp;<span class="ruby-value">:text</span>)
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">vulnerabilities</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- vulnerabilities-source -->
</div>
</div><!-- vulnerabilities-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

593
doc/WebSite.html
View File

@@ -1,593 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module WebSite - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/web_site.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-page_hash">::page_hash</a>
<li><a href="#method-i-error_404_hash">#error_404_hash</a>
<li><a href="#method-i-has_basic_auth-3F">#has_basic_auth?</a>
<li><a href="#method-i-has_xml_rpc-3F">#has_xml_rpc?</a>
<li><a href="#method-i-homepage_hash">#homepage_hash</a>
<li><a href="#method-i-online-3F">#online?</a>
<li><a href="#method-i-redirection">#redirection</a>
<li><a href="#method-i-rss_url">#rss_url</a>
<li><a href="#method-i-wordpress-3F">#wordpress?</a>
<li><a href="#method-i-xml_rpc_url">#xml_rpc_url</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module WebSite</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-page_hash" class="method-detail ">
<div class="method-heading">
<span class="method-name">page_hash</span><span
class="method-args">(url)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Return the MD5 hash of the page given by url</p>
<div class="method-source-code" id="page_hash-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 94</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">page_hash</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>).<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- page_hash-source -->
</div>
</div><!-- page_hash-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-error_404_hash" class="method-detail ">
<div class="method-heading">
<span class="method-name">error_404_hash</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Return the MD5 hash of a 404 page</p>
<div class="method-source-code" id="error_404_hash-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 106</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_404_hash</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@error_404_hash</span>
<span class="ruby-identifier">non_existant_page</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">rand</span>(<span class="ruby-value">999_999_999</span>).<span class="ruby-identifier">to_s</span>) <span class="ruby-operator">+</span> <span class="ruby-string">'.html'</span>
<span class="ruby-ivar">@error_404_hash</span> = <span class="ruby-constant">WebSite</span>.<span class="ruby-identifier">page_hash</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">non_existant_page</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@error_404_hash</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_404_hash-source -->
</div>
</div><!-- error_404_hash-method -->
<div id="method-i-has_basic_auth-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_basic_auth?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_basic_auth-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 26</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_basic_auth?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">401</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_basic_auth-3F-source -->
</div>
</div><!-- has_basic_auth-3F-method -->
<div id="method-i-has_xml_rpc-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_xml_rpc?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_xml_rpc-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 56</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_xml_rpc?</span>
<span class="ruby-operator">!</span><span class="ruby-identifier">xml_rpc_url</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_xml_rpc-3F-source -->
</div>
</div><!-- has_xml_rpc-3F-method -->
<div id="method-i-homepage_hash" class="method-detail ">
<div class="method-heading">
<span class="method-name">homepage_hash</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="homepage_hash-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 98</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">homepage_hash</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@homepage_hash</span>
<span class="ruby-ivar">@homepage_hash</span> = <span class="ruby-constant">WebSite</span>.<span class="ruby-identifier">page_hash</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@homepage_hash</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- homepage_hash-source -->
</div>
</div><!-- homepage_hash-method -->
<div id="method-i-online-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">online?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Checks if the remote website is up.</p>
<div class="method-source-code" id="online-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 22</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">online?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- online-3F-source -->
</div>
</div><!-- online-3F-method -->
<div id="method-i-redirection" class="method-detail ">
<div class="method-heading">
<span class="method-name">redirection</span><span
class="method-args">(url = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>See if the remote url returns 30x redirect This method is recursive Return
a string with the redirection or nil</p>
<div class="method-source-code" id="redirection-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 76</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">redirection</span>(<span class="ruby-identifier">url</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-identifier">redirection</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">url</span> <span class="ruby-operator">||=</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">301</span> <span class="ruby-operator">||</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span>
<span class="ruby-identifier">redirection</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>]
<span class="ruby-comment"># Let's check if there is a redirection in the redirection</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">other_redirection</span> = <span class="ruby-identifier">redirection</span>(<span class="ruby-identifier">redirection</span>)
<span class="ruby-identifier">redirection</span> = <span class="ruby-identifier">other_redirection</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">redirection</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- redirection-source -->
</div>
</div><!-- redirection-method -->
<div id="method-i-rss_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">rss_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Will try to find the rss url in the homepage Only the first one found iw
returned</p>
<div class="method-source-code" id="rss_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 116</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">rss_url</span>
<span class="ruby-identifier">homepage_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">homepage_body</span>[<span class="ruby-regexp">%r{&lt;link .* type=&quot;application/rss\+xml&quot; .* href=&quot;([^&quot;]+)&quot; /&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- rss_url-source -->
</div>
</div><!-- rss_url-method -->
<div id="method-i-wordpress-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">wordpress?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>check if the remote website is actually running wordpress.</p>
<div class="method-source-code" id="wordpress-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 32</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wordpress?</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
<span class="ruby-identifier">login_url</span>(),
{ <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> }
)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{WordPress}</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(
<span class="ruby-identifier">xml_rpc_url</span>,
{ <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> }
)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{XML-RPC server accepts POST requests only}</span>
<span class="ruby-identifier">wordpress</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">wordpress</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wordpress-3F-source -->
</div>
</div><!-- wordpress-3F-method -->
<div id="method-i-xml_rpc_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">xml_rpc_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="xml_rpc_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/web_site.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">xml_rpc_url</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@xmlrpc_url</span>
<span class="ruby-identifier">headers</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">headers_hash</span>
<span class="ruby-identifier">value</span> = <span class="ruby-identifier">headers</span>[<span class="ruby-string">'x-pingback'</span>]
<span class="ruby-keyword">if</span> <span class="ruby-identifier">value</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">value</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-ivar">@xmlrpc_url</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@xmlrpc_url</span> = <span class="ruby-identifier">value</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@xmlrpc_url</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- xml_rpc_url-source -->
</div>
</div><!-- xml_rpc_url-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

311
doc/WpConfigBackup.html
View File

@@ -1,311 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module WpConfigBackup - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/wp_config_backup.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-config_backup_files">::config_backup_files</a>
<li><a href="#method-i-config_backup">#config_backup</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module WpConfigBackup</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-config_backup_files" class="method-detail ">
<div class="method-heading">
<span class="method-name">config_backup_files</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@return <a href="Array.html">Array</a></p>
<div class="method-source-code" id="config_backup_files-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_config_backup.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">config_backup_files</span>
<span class="ruby-node">%w{
wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
wp-config.orig wp-config.php.original wp-config.original wp-config.txt
}</span> <span class="ruby-comment"># thanks to Feross.org for these</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- config_backup_files-source -->
</div>
</div><!-- config_backup_files-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-config_backup" class="method-detail ">
<div class="method-heading">
<span class="method-name">config_backup</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Checks to see if wp-config.php has a backup See <a
href="http://www.feross.org/cmsploit/">www.feross.org/cmsploit/</a> return
an array of backup config files url</p>
<div class="method-source-code" id="config_backup-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_config_backup.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">config_backup</span>
<span class="ruby-identifier">found</span> = []
<span class="ruby-identifier">backups</span> = <span class="ruby-constant">WpConfigBackup</span>.<span class="ruby-identifier">config_backup_files</span>
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">hydra</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">backups</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">file_url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-constant">URI</span>.<span class="ruby-identifier">escape</span>(<span class="ruby-identifier">file</span>)).<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">file_url</span>)
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%r{define}</span>] <span class="ruby-keyword">and</span> <span class="ruby-keyword">not</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%r{&lt;\s?html}</span>]
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">file_url</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">found</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- config_backup-source -->
</div>
</div><!-- config_backup-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

333
doc/WpDetector.html
View File

@@ -1,333 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class WpDetector - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/wp_detector.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-aggressive_detection">::aggressive_detection</a>
<li><a href="#method-c-passive_detection">::passive_detection</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class WpDetector</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-aggressive_detection" class="method-detail ">
<div class="method-heading">
<span class="method-name">aggressive_detection</span><span
class="method-args">(options, items = [])</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="aggressive_detection-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_detector.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>, <span class="ruby-identifier">items</span> = [])
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">items</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">items</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>]
<span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">enum_results</span> = <span class="ruby-constant">WpEnumerator</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">enum_results</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">enum_result</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">already_present</span> = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-comment"># Already found via passive detection</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">enum_result</span>.<span class="ruby-identifier">name</span>
<span class="ruby-identifier">already_present</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">break</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">already_present</span>
<span class="ruby-identifier">result</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">enum_result</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">result</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- aggressive_detection-source -->
</div>
</div><!-- aggressive_detection-method -->
<div id="method-c-passive_detection" class="method-detail ">
<div class="method-heading">
<span class="method-name">passive_detection</span><span
class="method-args">(url, type, wp_content_dir)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>plugins and themes can be found in the source code :</p>
<pre>&lt;script src='http://example.com/wp-content/plugins/s2member/...' /&gt;
&lt;link rel='stylesheet' href='http://example.com/wp-content/plugins/wp-minify/..' type='text/css' media='screen'/&gt;
...</pre>
<div class="method-source-code" id="passive_detection-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_detector.rb, line 52</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">url</span>, <span class="ruby-identifier">type</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-identifier">items</span> = []
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">regex1</span> = <span class="ruby-regexp">%r{(?:[^=:]+)\s?(?:=|:)\s?(?:&quot;|')[^&quot;']+\\?/}</span>
<span class="ruby-identifier">regex2</span> = <span class="ruby-regexp">%r{\\?/}</span>
<span class="ruby-identifier">regex3</span> = <span class="ruby-regexp">%r{\\?/([^/\\&quot;']+)\\?(?:/|&quot;|')}</span>
<span class="ruby-comment"># Custom wp-content dir is now used in this regex</span>
<span class="ruby-identifier">names</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-node">%r#{regex1}#{Regexp.escape(wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/</span>)
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">flatten!</span>
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">uniq!</span>
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">items</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">url</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>,
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-identifier">type</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-node">&quot;#{item}/&quot;</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">vulns_file</span><span class="ruby-operator">:</span> <span class="ruby-string">''</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">items</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- passive_detection-source -->
</div>
</div><!-- passive_detection-method -->
</section><!-- public-class-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

418
doc/WpEnumerator.html
View File

@@ -1,418 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class WpEnumerator - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/wp_enumerator.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-enumerate">::enumerate</a>
<li><a href="#method-c-generate_items">::generate_items</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class WpEnumerator</h1>
<div id="description" class="description">
<p>Enumerate over a given set of items and check if they exist</p>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-enumerate" class="method-detail ">
<div class="method-heading">
<span class="method-name">enumerate</span><span
class="method-args">(options = {}, items = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Enumerate the given Targets</p>
<h4 id="method-c-enumerate-label-Attributes">Attributes</h4>
<ul><li>
<p><code>targets</code> - targets to enumerate</p>
</li><li><ul><li>
<p><code>:base_url</code> - Base URL</p>
</li></ul>
</li><li><ul><li>
<p><code>:wp_content</code> - wp-content directory</p>
</li></ul>
</li><li><ul><li>
<p><code>:path</code> - Path to plugin</p>
</li></ul>
</li><li>
<p><code>type</code> - "plugins" or "themes", item to enumerate</p>
</li><li>
<p><code>filename</code> - filename in the data directory with paths</p>
</li><li>
<p><code>show_progression</code> - Show a progress bar during enumeration</p>
</li></ul>
<div class="method-source-code" id="enumerate-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_enumerator.rb, line 33</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span> = {}, <span class="ruby-identifier">items</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">targets</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">generate_items</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">items</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">i</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">i</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">found</span> = []
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">enum_browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">enum_hydra</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">enumerate_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">exclude_regexp</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:exclude_content_based</span>] <span class="ruby-operator">?</span> <span class="ruby-node">%r{#{options[:exclude_content_based]}}</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">show_progression</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progression</span>] <span class="ruby-operator">||</span> <span class="ruby-keyword">false</span>
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-identifier">cache_timeout</span><span class="ruby-operator">:</span> <span class="ruby-value">0</span>, <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span> })
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">page_hash</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\rChecking for #{enumerate_size} total #{options[:type]}... #{(request_count * 100) / enumerate_size}% complete.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">WpTarget</span>.<span class="ruby-identifier">valid_response_codes</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">page_hash</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>] <span class="ruby-keyword">and</span> <span class="ruby-identifier">page_hash</span> <span class="ruby-operator">!=</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:homepage_hash</span>]
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:exclude_content_based</span>]
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-identifier">exclude_regexp</span>]
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">target</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">target</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">enum_hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-identifier">enum_hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">enum_hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">found</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- enumerate-source -->
</div>
</div><!-- enumerate-method -->
</section><!-- public-class-method-details -->
<section id="protected-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="method-c-generate_items" class="method-detail ">
<div class="method-heading">
<span class="method-name">generate_items</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="generate_items-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_enumerator.rb, line 93</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">generate_items</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">only_vulnerable</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>]
<span class="ruby-identifier">file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>]
<span class="ruby-identifier">vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
<span class="ruby-identifier">plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
<span class="ruby-identifier">targets_url</span> = []
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">only_vulnerable</span>
<span class="ruby-comment"># Open and parse the 'most popular' plugin list...</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">'r'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">line</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">l</span> = <span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">url</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">l</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">l</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r.+\/.+/</span> <span class="ruby-operator">?</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">l</span>) <span class="ruby-operator">:</span> <span class="ruby-identifier">l</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\/$/</span>, <span class="ruby-string">''</span>),
<span class="ruby-identifier">vulns_file</span><span class="ruby-operator">:</span> <span class="ruby-identifier">vulns_file</span>,
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-identifier">type</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># Timthumbs have no XML file</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rtimthumbs/</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">vulns_file</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>]).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">name</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'name'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">url</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">name</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">name</span>,
<span class="ruby-identifier">vulns_file</span><span class="ruby-operator">:</span> <span class="ruby-identifier">vulns_file</span>,
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-identifier">type</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">flatten!</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">uniq!</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-comment"># randomize the plugins array to *maybe* help in some crappy IDS/IPS/WAF detection</span>
<span class="ruby-identifier">targets_url</span>.<span class="ruby-identifier">sort_by!</span> { <span class="ruby-identifier">rand</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- generate_items-source -->
</div>
</div><!-- generate_items-method -->
</section><!-- protected-class-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

280
doc/WpFullPathDisclosure.html
View File

@@ -1,280 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module WpFullPathDisclosure - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/wp_full_path_disclosure.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-full_path_disclosure_url">#full_path_disclosure_url</a>
<li><a href="#method-i-has_full_path_disclosure-3F">#has_full_path_disclosure?</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module WpFullPathDisclosure</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-full_path_disclosure_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">full_path_disclosure_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="full_path_disclosure_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_full_path_disclosure.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">full_path_disclosure_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-includes/rss-functions.php'</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- full_path_disclosure_url-source -->
</div>
</div><!-- full_path_disclosure_url-method -->
<div id="method-i-has_full_path_disclosure-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_full_path_disclosure?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Check for Full Path Disclosure (FPD)</p>
<div class="method-source-code" id="has_full_path_disclosure-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_full_path_disclosure.rb, line 22</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_full_path_disclosure?</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">full_path_disclosure_url</span>())
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%r{Fatal error}</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- has_full_path_disclosure-3F-source -->
</div>
</div><!-- has_full_path_disclosure-3F-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

955
doc/WpItem.html
View File

@@ -1,955 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class WpItem - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/wp_item.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Vulnerable.html">Vulnerable</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-3C-3D-3E">#&lt;=&gt;</a>
<li><a href="#method-i-3D-3D">#==</a>
<li><a href="#method-i-3D-3D-3D">#===</a>
<li><a href="#method-i-changelog_url">#changelog_url</a>
<li><a href="#method-i-directory_listing-3F">#directory_listing?</a>
<li><a href="#method-i-extract_name_from_url">#extract_name_from_url</a>
<li><a href="#method-i-get_full_url">#get_full_url</a>
<li><a href="#method-i-get_sub_folder">#get_sub_folder</a>
<li><a href="#method-i-get_url_without_filename">#get_url_without_filename</a>
<li><a href="#method-i-has_changelog-3F">#has_changelog?</a>
<li><a href="#method-i-has_readme-3F">#has_readme?</a>
<li><a href="#method-i-readme_url">#readme_url</a>
<li><a href="#method-i-to_s">#to_s</a>
<li><a href="#method-i-version">#version</a>
<li><a href="#method-i-wp_org_item-3F">#wp_org_item?</a>
<li><a href="#method-i-wp_org_url">#wp_org_url</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class WpItem</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-base_url" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">base_url</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-name" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">name</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-path" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">path</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-type" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">type</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-vulns_file" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_file</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-vulns_xpath" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_xpath</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-wp_content_dir" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">wp_content_dir</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-wp_plugins_dir" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">wp_plugins_dir</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">''</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\/$/</span>, <span class="ruby-string">''</span>) <span class="ruby-operator">:</span> <span class="ruby-string">'wp-content'</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-node">&quot;#@wp_content_dir/plugins&quot;</span>
<span class="ruby-ivar">@base_url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-ivar">@path</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
<span class="ruby-ivar">@name</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>
<span class="ruby-ivar">@vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
<span class="ruby-ivar">@vulns_xpath</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\$name\$/</span>, <span class="ruby-ivar">@name</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'base_url not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@base_url</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'path not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'wp_content_dir not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'name not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'vulns_file not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@vulns_file</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'type not set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-3C-3D-3E" class="method-detail ">
<div class="method-heading">
<span class="method-name">&lt;=&gt;</span><span
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Compare</p>
<div class="method-source-code" id="3C-3D-3E-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 149</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3C-3D-3E-source -->
</div>
</div><!-- 3C-3D-3E-method -->
<div id="method-i-3D-3D" class="method-detail ">
<div class="method-heading">
<span class="method-name">==</span><span
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Compare</p>
<div class="method-source-code" id="3D-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 139</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">==</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3D-3D-source -->
</div>
</div><!-- 3D-3D-method -->
<div id="method-i-3D-3D-3D" class="method-detail ">
<div class="method-heading">
<span class="method-name">===</span><span
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Compare</p>
<div class="method-source-code" id="3D-3D-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 144</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3D-3D-3D-source -->
</div>
</div><!-- 3D-3D-3D-method -->
<div id="method-i-changelog_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">changelog_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Url for changelog.txt</p>
<div class="method-source-code" id="changelog_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 159</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'changelog.txt'</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- changelog_url-source -->
</div>
</div><!-- changelog_url-method -->
<div id="method-i-directory_listing-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">directory_listing?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Is directory listing enabled?</p>
<div class="method-source-code" id="directory_listing-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 122</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">directory_listing?</span>
<span class="ruby-comment"># Need to remove to file part from the url</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url_without_filename</span>).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%r{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- directory_listing-3F-source -->
</div>
</div><!-- directory_listing-3F-method -->
<div id="method-i-extract_name_from_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">extract_name_from_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Extract item name from a url</p>
<div class="method-source-code" id="extract_name_from_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 128</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>
<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%r{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- extract_name_from_url-source -->
</div>
</div><!-- extract_name_from_url-method -->
<div id="method-i-get_full_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_full_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Get the full url for this item</p>
<div class="method-source-code" id="get_full_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 84</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_full_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">'/'</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@base_url/&quot;</span>
<span class="ruby-comment"># remove first and last /</span>
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r\/$/</span>, <span class="ruby-string">''</span>)
<span class="ruby-comment"># remove first /</span>
<span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">%r^\//</span>, <span class="ruby-string">''</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">'plugins'</span>
<span class="ruby-comment"># plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-constant">URI</span>.<span class="ruby-identifier">encode</span>(<span class="ruby-node">&quot;#{url}#@wp_plugins_dir/#{path}&quot;</span>))
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">'timthumbs'</span>
<span class="ruby-comment"># timthumbs have folder in path variable</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-constant">URI</span>.<span class="ruby-identifier">encode</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>))
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-constant">URI</span>.<span class="ruby-identifier">encode</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}&quot;</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">ret</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_full_url-source -->
</div>
</div><!-- get_full_url-method -->
<div id="method-i-get_sub_folder" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_sub_folder</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_sub_folder-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 70</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_sub_folder</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'themes'</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-string">'themes'</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'timthumbs'</span>
<span class="ruby-comment"># not needed</span>
<span class="ruby-identifier">folder</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;unknown type #@type&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">folder</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_sub_folder-source -->
</div>
</div><!-- get_sub_folder-method -->
<div id="method-i-get_url_without_filename" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_url_without_filename</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Gets the full url for this item without filenames</p>
<div class="method-source-code" id="get_url_without_filename-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 103</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%r{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
<span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">location_url</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-constant">URI</span>.<span class="ruby-identifier">encode</span>(<span class="ruby-identifier">valid_location_url</span>))
<span class="ruby-keyword">end</span></pre>
</div><!-- get_url_without_filename-source -->
</div>
</div><!-- get_url_without_filename-method -->
<div id="method-i-has_changelog-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_changelog?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>changelog.txt present?</p>
<div class="method-source-code" id="has_changelog-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 173</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_changelog?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@changelog</span>
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">changelog_url</span>).<span class="ruby-identifier">code</span>
<span class="ruby-ivar">@changelog</span> = <span class="ruby-identifier">status</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@changelog</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_changelog-3F-source -->
</div>
</div><!-- has_changelog-3F-method -->
<div id="method-i-has_readme-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_readme?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>readme.txt present?</p>
<div class="method-source-code" id="has_readme-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 164</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@readme</span>
<span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>).<span class="ruby-identifier">code</span>
<span class="ruby-ivar">@readme</span> = <span class="ruby-identifier">status</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@readme</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_readme-3F-source -->
</div>
</div><!-- has_readme-3F-method -->
<div id="method-i-readme_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">readme_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Url for readme.txt</p>
<div class="method-source-code" id="readme_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 154</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
<span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'readme.txt'</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- readme_url-source -->
</div>
</div><!-- readme_url-method -->
<div id="method-i-to_s" class="method-detail ">
<div class="method-heading">
<span class="method-name">to_s</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>To string. Adds a version number if detected</p>
<div class="method-source-code" id="to_s-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 133</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">item_version</span> = <span class="ruby-identifier">version</span>
<span class="ruby-node">&quot;#@name#{' v' + item_version.strip if item_version}&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- to_s-source -->
</div>
</div><!-- to_s-method -->
<div id="method-i-version" class="method-detail ">
<div class="method-heading">
<span class="method-name">version</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Returns version number from readme.txt if it exists</p>
<div class="method-source-code" id="version-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 113</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'readme.txt'</span>).<span class="ruby-identifier">to_s</span>)
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{stable tag: #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@version</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- version-source -->
</div>
</div><!-- version-method -->
<div id="method-i-wp_org_item-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">wp_org_item?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>returns true if this theme or plugin is hosted on wordpress.org</p>
<div class="method-source-code" id="wp_org_item-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 57</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_org_item?</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'themes'</span>
<span class="ruby-identifier">file</span> = <span class="ruby-constant">THEMES_FULL_FILE</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'plugins'</span>
<span class="ruby-identifier">file</span> = <span class="ruby-constant">PLUGINS_FULL_FILE</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;Unknown type #@type&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">f</span> = <span class="ruby-constant">File</span>.<span class="ruby-identifier">readlines</span>(<span class="ruby-identifier">file</span>, <span class="ruby-identifier">encoding</span><span class="ruby-operator">:</span> <span class="ruby-string">'UTF-8'</span>).<span class="ruby-identifier">grep</span>(<span class="ruby-node">%r^#{Regexp.escape(@name)}$/</span>)
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">empty?</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">false</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wp_org_item-3F-source -->
</div>
</div><!-- wp_org_item-3F-method -->
<div id="method-i-wp_org_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">wp_org_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>The wordpress.org plugins directory URL See: <a
href="https://github.com/wpscanteam/wpscan/issues/100">github.com/wpscanteam/wpscan/issues/100</a></p>
<div class="method-source-code" id="wp_org_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 45</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_org_url</span>
<span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
<span class="ruby-keyword">when</span> <span class="ruby-string">'themes'</span>
<span class="ruby-keyword">return</span> <span class="ruby-constant">URI</span>(<span class="ruby-string">'http://wordpress.org/extend/themes/'</span>).<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;#@name/&quot;</span>)
<span class="ruby-keyword">when</span> <span class="ruby-string">'plugins'</span>
<span class="ruby-keyword">return</span> <span class="ruby-constant">URI</span>(<span class="ruby-string">'http://wordpress.org/extend/plugins/'</span>).<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;#@name/&quot;</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;No Wordpress URL for #@type&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wp_org_url-source -->
</div>
</div><!-- wp_org_url-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

728
doc/WpLoginProtection.html
View File

@@ -1,728 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module WpLoginProtection - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/wp_login_protection.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-better_wp_security_url">#better_wp_security_url</a>
<li><a href="#method-i-bluetrait_event_viewer_url">#bluetrait_event_viewer_url</a>
<li><a href="#method-i-has_better_wp_security_protection-3F">#has_better_wp_security_protection?</a>
<li><a href="#method-i-has_bluetrait_event_viewer_protection-3F">#has_bluetrait_event_viewer_protection?</a>
<li><a href="#method-i-has_limit_login_attempts_protection-3F">#has_limit_login_attempts_protection?</a>
<li><a href="#method-i-has_login_lock_protection-3F">#has_login_lock_protection?</a>
<li><a href="#method-i-has_login_lockdown_protection-3F">#has_login_lockdown_protection?</a>
<li><a href="#method-i-has_login_protection-3F">#has_login_protection?</a>
<li><a href="#method-i-has_login_security_solution_protection-3F">#has_login_security_solution_protection?</a>
<li><a href="#method-i-has_simple_login_lockdown_protection-3F">#has_simple_login_lockdown_protection?</a>
<li><a href="#method-i-limit_login_attempts_url">#limit_login_attempts_url</a>
<li><a href="#method-i-login_protection_plugin">#login_protection_plugin</a>
<li><a href="#method-i-login_security_solution_url">#login_security_solution_url</a>
<li><a href="#method-i-simple_login_lockdown_url">#simple_login_lockdown_url</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module WpLoginProtection</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Constants -->
<section id="constants-list" class="section">
<h3 class="section-header">Constants</h3>
<dl>
<dt id="LOGIN_PROTECTION_METHOD_PATTERN">LOGIN_PROTECTION_METHOD_PATTERN
<dd class="description">
</dl>
</section>
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-has_login_protection-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_login_protection?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_login_protection-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_login_protection?</span>
<span class="ruby-operator">!</span><span class="ruby-identifier">login_protection_plugin</span>().<span class="ruby-identifier">nil?</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_login_protection-3F-source -->
</div>
</div><!-- has_login_protection-3F-method -->
<div id="method-i-login_protection_plugin" class="method-detail ">
<div class="method-heading">
<span class="method-name">login_protection_plugin</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Checks if a login protection plugin is enabled <a
href="http://code.google.com/p/wpscan/issues/detail?id=111">code.google.com/p/wpscan/issues/detail?id=111</a>
return a <a href="WpPlugin.html">WpPlugin</a> object or nil if no one is
found</p>
<div class="method-source-code" id="login_protection_plugin-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 32</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">login_protection_plugin</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@login_protection_plugin</span>
<span class="ruby-identifier">protected_methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-constant">LOGIN_PROTECTION_METHOD_PATTERN</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">symbol_to_call</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">send</span>(<span class="ruby-identifier">symbol_to_call</span>)
<span class="ruby-identifier">plugin_name</span> = <span class="ruby-identifier">symbol_to_call</span>[<span class="ruby-constant">LOGIN_PROTECTION_METHOD_PATTERN</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">gsub</span>(<span class="ruby-string">'_'</span>, <span class="ruby-string">'-'</span>)
<span class="ruby-keyword">return</span> <span class="ruby-ivar">@login_protection_plugin</span> = <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">plugin_name</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-node">&quot;/plugins/#{plugin_name}/&quot;</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@login_protection_plugin</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@login_protection_plugin</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- login_protection_plugin-source -->
</div>
</div><!-- login_protection_plugin-method -->
</section><!-- public-instance-method-details -->
<section id="protected-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Protected Instance Methods</h3>
<div id="method-i-better_wp_security_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">better_wp_security_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="better_wp_security_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">better_wp_security_url</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">'/plugins/better-wp-security/'</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'better-wp-security'</span>
).<span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- better_wp_security_url-source -->
</div>
</div><!-- better_wp_security_url-method -->
<div id="method-i-bluetrait_event_viewer_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">bluetrait_event_viewer_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="bluetrait_event_viewer_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 121</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">bluetrait_event_viewer_url</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">'/plugins/bluetrait-event-viewer/'</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'bluetrait-event-viewer'</span>
).<span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- bluetrait_event_viewer_url-source -->
</div>
</div><!-- bluetrait_event_viewer_url-method -->
<div id="method-i-has_better_wp_security_protection-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_better_wp_security_protection?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://wordpress.org/extend/plugins/better-wp-security/">wordpress.org/extend/plugins/better-wp-security/</a></p>
<div class="method-source-code" id="has_better_wp_security_protection-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 65</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_better_wp_security_protection?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">better_wp_security_url</span>()).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">404</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_better_wp_security_protection-3F-source -->
</div>
</div><!-- has_better_wp_security_protection-3F-method -->
<div id="method-i-has_bluetrait_event_viewer_protection-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_bluetrait_event_viewer_protection?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://wordpress.org/extend/plugins/bluetrait-event-viewer/">wordpress.org/extend/plugins/bluetrait-event-viewer/</a></p>
<div class="method-source-code" id="has_bluetrait_event_viewer_protection-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 117</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_bluetrait_event_viewer_protection?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">bluetrait_event_viewer_url</span>()).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">404</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_bluetrait_event_viewer_protection-3F-source -->
</div>
</div><!-- has_bluetrait_event_viewer_protection-3F-method -->
<div id="method-i-has_limit_login_attempts_protection-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_limit_login_attempts_protection?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://wordpress.org/extend/plugins/limit-login-attempts/">wordpress.org/extend/plugins/limit-login-attempts/</a></p>
<div class="method-source-code" id="has_limit_login_attempts_protection-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 104</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_limit_login_attempts_protection?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">limit_login_attempts_url</span>()).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">404</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_limit_login_attempts_protection-3F-source -->
</div>
</div><!-- has_limit_login_attempts_protection-3F-method -->
<div id="method-i-has_login_lock_protection-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_login_lock_protection?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://wordpress.org/extend/plugins/login-lock/">wordpress.org/extend/plugins/login-lock/</a></p>
<div class="method-source-code" id="has_login_lock_protection-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_login_lock_protection?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">login_url</span>()).<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{LOGIN LOCK}</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_login_lock_protection-3F-source -->
</div>
</div><!-- has_login_lock_protection-3F-method -->
<div id="method-i-has_login_lockdown_protection-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_login_lockdown_protection?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Thanks to Alip Aswalid for providing this method. <a
href="http://wordpress.org/extend/plugins/login-lockdown/">wordpress.org/extend/plugins/login-lockdown/</a></p>
<div class="method-source-code" id="has_login_lockdown_protection-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 55</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_login_lockdown_protection?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">login_url</span>()).<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{Login LockDown}</span> <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_login_lockdown_protection-3F-source -->
</div>
</div><!-- has_login_lockdown_protection-3F-method -->
<div id="method-i-has_login_security_solution_protection-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_login_security_solution_protection?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://wordpress.org/extend/plugins/login-security-solution/">wordpress.org/extend/plugins/login-security-solution/</a></p>
<div class="method-source-code" id="has_login_security_solution_protection-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 91</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_login_security_solution_protection?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">login_security_solution_url</span>()).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">404</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_login_security_solution_protection-3F-source -->
</div>
</div><!-- has_login_security_solution_protection-3F-method -->
<div id="method-i-has_simple_login_lockdown_protection-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_simple_login_lockdown_protection?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://wordpress.org/extend/plugins/simple-login-lockdown/">wordpress.org/extend/plugins/simple-login-lockdown/</a></p>
<div class="method-source-code" id="has_simple_login_lockdown_protection-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 78</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_simple_login_lockdown_protection?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">simple_login_lockdown_url</span>()).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">404</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_simple_login_lockdown_protection-3F-source -->
</div>
</div><!-- has_simple_login_lockdown_protection-3F-method -->
<div id="method-i-limit_login_attempts_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">limit_login_attempts_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="limit_login_attempts_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 108</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">limit_login_attempts_url</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">'/plugins/limit-login-attempts/'</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'limit-login-attempts'</span>
).<span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- limit_login_attempts_url-source -->
</div>
</div><!-- limit_login_attempts_url-method -->
<div id="method-i-login_security_solution_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">login_security_solution_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="login_security_solution_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 95</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">login_security_solution_url</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">'/plugins/login-security-solution/'</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'login-security-solution'</span>
).<span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- login_security_solution_url-source -->
</div>
</div><!-- login_security_solution_url-method -->
<div id="method-i-simple_login_lockdown_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">simple_login_lockdown_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="simple_login_lockdown_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_login_protection.rb, line 82</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">simple_login_lockdown_url</span>
<span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@wp_content_dir</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">'/plugins/simple-login-lockdown/'</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-string">'simple-login-lockdown'</span>
).<span class="ruby-identifier">get_url_without_filename</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- simple_login_lockdown_url-source -->
</div>
</div><!-- simple_login_lockdown_url-method -->
</section><!-- protected-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

291
doc/WpOptions.html
View File

@@ -1,291 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class WpOptions - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/wp_options.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-check_options">::check_options</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class WpOptions</h1>
<div id="description" class="description">
<p>Options Hash</p>
<h4 id="label-Options">Options</h4>
<ul><li>
<p><code>url</code> - The base URL of the WordPress site</p>
</li><li>
<p><code>only_vulnerable_ones</code> - Only detect vulnerable items</p>
</li><li>
<p><code>file</code> - Filename with items to detect</p>
</li><li>
<p><code>vulns_file</code> - XML file with vulnerabilities</p>
</li><li>
<p><code>vulns_xpath</code> - XPath for vulnerability XML file</p>
</li><li>
<p><code>vulns_xpath_2</code> - XPath for vulnerability XML file</p>
</li><li>
<p><code>wp_content_dir</code> - Name of the wp-content directory</p>
</li><li>
<p><code>show_progression</code> - Show a progress bar during enumeration</p>
</li><li>
<p><code>error_404_hash</code> - MD5 hash of a 404 page</p>
</li><li>
<p><code>type</code> - Type: plugins, themes</p>
</li></ul>
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-check_options" class="method-detail ">
<div class="method-heading">
<span class="method-name">check_options</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="check_options-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_options.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'base_url must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'only_vulnerable_ones must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'file must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'vulns_file must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'vulns_xpath must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'vulns_xpath_2 must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'wp_content_dir must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'show_progression must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progression</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'error_404_hash must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:error_404_hash</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'type must be set'</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rplugins/</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rthemes/</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rtimthumbs/</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-node">&quot;Unknown type #{options[:type]}&quot;</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- check_options-source -->
</div>
</div><!-- check_options-method -->
</section><!-- public-class-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

335
doc/WpPlugin.html
View File

@@ -1,335 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class WpPlugin - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/wp_plugin.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="WpItem.html">WpItem</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-error_log-3F">#error_log?</a>
<li><a href="#method-i-error_log_url">#error_log_url</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class WpPlugin</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 20</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">==</span> <span class="ruby-string">''</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-constant">PLUGINS_VULNS_FILE</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;//plugin[@name='$name$']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">'//plugin'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'plugins'</span>
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-error_log-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">error_log?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Discover any error_log files created by WordPress These are created by the
WordPress error_log() function They are normally found in the /plugins/
directory, however can also be found in their specific plugin dir. <a
href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p>
<div class="method-source-code" id="error_log-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 37</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log?</span>
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">error_log_url</span>(), <span class="ruby-identifier">headers</span><span class="ruby-operator">:</span> {<span class="ruby-string">'range'</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">'bytes=0-700'</span>}).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">response_body</span>[<span class="ruby-regexp">%r{PHP Fatal error}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_log-3F-source -->
</div>
</div><!-- error_log-3F-method -->
<div id="method-i-error_log_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">error_log_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="error_log_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 42</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log_url</span>
<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'error_log'</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- error_log_url-source -->
</div>
</div><!-- error_log_url-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

322
doc/WpPlugins.html
View File

@@ -1,322 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module WpPlugins - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/wp_plugins.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-plugins_from_aggressive_detection">#plugins_from_aggressive_detection</a>
<li><a href="#method-i-plugins_from_passive_detection">#plugins_from_passive_detection</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module WpPlugins</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-plugins_from_aggressive_detection" class="method-detail ">
<div class="method-heading">
<span class="method-name">plugins_from_aggressive_detection</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Enumerate installed plugins.</p>
<p>return array of <a href="WpPlugin.html">WpPlugin</a></p>
<div class="method-source-code" id="plugins_from_aggressive_detection-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 24</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">==</span> <span class="ruby-string">''</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-constant">PLUGINS_VULNS_FILE</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> (<span class="ruby-identifier">options</span>[<span class="ruby-value">:full</span>] <span class="ruby-operator">?</span> <span class="ruby-constant">PLUGINS_FULL_FILE</span> <span class="ruby-operator">:</span> <span class="ruby-constant">PLUGINS_FILE</span>)
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//plugin[@name='#{@name}']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">'//plugin'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'plugins'</span>
<span class="ruby-identifier">result</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-string">'plugins'</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugins_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- plugins_from_aggressive_detection-source -->
</div>
</div><!-- plugins_from_aggressive_detection-method -->
<div id="method-i-plugins_from_passive_detection" class="method-detail ">
<div class="method-heading">
<span class="method-name">plugins_from_passive_detection</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://code.google.com/p/wpscan/issues/detail?id=42">code.google.com/p/wpscan/issues/detail?id=42</a>
plugins can be found in the source code :</p>
<pre>&lt;script src='http://example.com/wp-content/plugins/s2member/...' /&gt;
&lt;link rel='stylesheet' href='http://example.com/wp-content/plugins/wp-minify/..' type='text/css' media='screen'/&gt;
...</pre>
<p>return array of <a href="WpPlugin.html">WpPlugin</a></p>
<div class="method-source-code" id="plugins_from_passive_detection-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 54</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_passive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">plugins</span> = []
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">'plugins'</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-string">'plugins'</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- plugins_from_passive_detection-source -->
</div>
</div><!-- plugins_from_passive_detection-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

286
doc/WpReadme.html
View File

@@ -1,286 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module WpReadme - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/wp_readme.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-has_readme-3F">#has_readme?</a>
<li><a href="#method-i-readme_url">#readme_url</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module WpReadme</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-has_readme-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_readme?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Checks to see if the readme.html file exists</p>
<p>This file comes by default in a wordpress installation, and if deleted is
reinstated with an upgrade.</p>
<div class="method-source-code" id="has_readme-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_readme.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>())
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">404</span>
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r{wordpress}</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_readme-3F-source -->
</div>
</div><!-- has_readme-3F-method -->
<div id="method-i-readme_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">readme_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="readme_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_readme.rb, line 33</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'readme.html'</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- readme_url-source -->
</div>
</div><!-- readme_url-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

887
doc/WpTarget.html
View File

@@ -1,887 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class WpTarget - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/wp_target.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Included Modules -->
<nav id="includes-section" class="section">
<h3 class="section-header">Included Modules</h3>
<ul class="link-list">
<li><a class="include" href="WebSite.html">WebSite</a>
<li><a class="include" href="WpReadme.html">WpReadme</a>
<li><a class="include" href="WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a class="include" href="WpConfigBackup.html">WpConfigBackup</a>
<li><a class="include" href="WpLoginProtection.html">WpLoginProtection</a>
<li><a class="include" href="Malwares.html">Malwares</a>
<li><a class="include" href="WpUsernames.html">WpUsernames</a>
<li><a class="include" href="WpTimthumbs.html">WpTimthumbs</a>
<li><a class="include" href="WpPlugins.html">WpPlugins</a>
<li><a class="include" href="WpThemes.html">WpThemes</a>
<li><a class="include" href="BruteForce.html">BruteForce</a>
</ul>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-c-valid_response_codes">::valid_response_codes</a>
<li><a href="#method-i-debug_log_url">#debug_log_url</a>
<li><a href="#method-i-has_debug_log-3F">#has_debug_log?</a>
<li><a href="#method-i-is_multisite-3F">#is_multisite?</a>
<li><a href="#method-i-login_url">#login_url</a>
<li><a href="#method-i-registration_enabled-3F">#registration_enabled?</a>
<li><a href="#method-i-registration_url">#registration_url</a>
<li><a href="#method-i-search_replace_db_2_exists-3F">#search_replace_db_2_exists?</a>
<li><a href="#method-i-search_replace_db_2_url">#search_replace_db_2_url</a>
<li><a href="#method-i-theme">#theme</a>
<li><a href="#method-i-url">#url</a>
<li><a href="#method-i-version">#version</a>
<li><a href="#method-i-wp_content_dir">#wp_content_dir</a>
<li><a href="#method-i-wp_plugins_dir">#wp_plugins_dir</a>
<li><a href="#method-i-wp_plugins_dir_exists-3F">#wp_plugins_dir_exists?</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class WpTarget</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-uri" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">uri</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-verbose" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">verbose</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(target_url, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 34</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">target_url</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-ivar">@uri</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">add_http_protocol</span>(<span class="ruby-identifier">target_url</span>)))
<span class="ruby-ivar">@verbose</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:verbose</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>(<span class="ruby-identifier">options</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-value">:max_threads</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:threads</span>]))
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
<div id="method-c-valid_response_codes" class="method-detail ">
<div class="method-heading">
<span class="method-name">valid_response_codes</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Valid HTTP return codes</p>
<div class="method-source-code" id="valid_response_codes-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 62</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">valid_response_codes</span>
[<span class="ruby-value">200</span>, <span class="ruby-value">301</span>, <span class="ruby-value">302</span>, <span class="ruby-value">401</span>, <span class="ruby-value">403</span>, <span class="ruby-value">500</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- valid_response_codes-source -->
</div>
</div><!-- valid_response_codes-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-debug_log_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">debug_log_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="debug_log_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 109</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">debug_log_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;#{wp_content_dir()}/debug.log&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- debug_log_url-source -->
</div>
</div><!-- debug_log_url-method -->
<div id="method-i-has_debug_log-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_debug_log?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_debug_log-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 103</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_debug_log?</span>
<span class="ruby-comment"># We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)</span>
<span class="ruby-identifier">response_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">debug_log_url</span>(), <span class="ruby-identifier">headers</span><span class="ruby-operator">:</span> {<span class="ruby-string">'range'</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-string">'bytes=0-700'</span>}).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">response_body</span>[<span class="ruby-regexp">%r{\[[^\]]+\] PHP (?:Warning|Error|Notice):}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_debug_log-3F-source -->
</div>
</div><!-- has_debug_log-3F-method -->
<div id="method-i-is_multisite-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">is_multisite?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="is_multisite-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 148</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">is_multisite?</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@multisite</span>
<span class="ruby-comment"># when multi site, there is no redirection or a redirect to the site itself</span>
<span class="ruby-comment"># otherwise redirect to wp-login.php</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-signup.php'</span>)
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rwp-login\.php\?action=register/</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">false</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rwp-signup\.php/</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">else</span>
<span class="ruby-ivar">@multisite</span> = <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@multisite</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- is_multisite-3F-source -->
</div>
</div><!-- is_multisite-3F-method -->
<div id="method-i-login_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">login_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="login_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">login_url</span>
<span class="ruby-identifier">url</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-login.php'</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-comment"># Let's check if the login url is redirected (to https url for example)</span>
<span class="ruby-identifier">redirection</span> = <span class="ruby-identifier">redirection</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">redirection</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">redirection</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">url</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- login_url-source -->
</div>
</div><!-- login_url-method -->
<div id="method-i-registration_enabled-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">registration_enabled?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Should check wp-login.php if registration is enabled or not</p>
<div class="method-source-code" id="registration_enabled-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 126</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">registration_enabled?</span>
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">registration_url</span>)
<span class="ruby-comment"># redirect only on non multi sites</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>] <span class="ruby-operator">=~</span> <span class="ruby-regexp">%rwp-login\.php\?registration=disabled/</span>
<span class="ruby-identifier">enabled</span> = <span class="ruby-keyword">false</span>
<span class="ruby-comment"># multi site registration form</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r&lt;form id=&quot;setupform&quot; method=&quot;post&quot; action=&quot;[^&quot;]*wp-signup\.php[^&quot;]*&quot;&gt;/</span>
<span class="ruby-identifier">enabled</span> = <span class="ruby-keyword">true</span>
<span class="ruby-comment"># normal registration form</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">%r&lt;form name=&quot;registerform&quot; id=&quot;registerform&quot; action=&quot;[^&quot;]*wp-login\.php[^&quot;]*&quot;/</span>
<span class="ruby-identifier">enabled</span> = <span class="ruby-keyword">true</span>
<span class="ruby-comment"># registration disabled</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">enabled</span> = <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">enabled</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- registration_enabled-3F-source -->
</div>
</div><!-- registration_enabled-3F-method -->
<div id="method-i-registration_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">registration_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="registration_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 144</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">registration_url</span>
<span class="ruby-identifier">is_multisite?</span> <span class="ruby-operator">?</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-signup.php'</span>) <span class="ruby-operator">:</span> <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-login.php?action=register'</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- registration_url-source -->
</div>
</div><!-- registration_url-method -->
<div id="method-i-search_replace_db_2_exists-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">search_replace_db_2_exists?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="search_replace_db_2_exists-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 120</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">search_replace_db_2_exists?</span>
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">search_replace_db_2_url</span>)
<span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-operator">&amp;&amp;</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%r{by interconnect}</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- search_replace_db_2_exists-3F-source -->
</div>
</div><!-- search_replace_db_2_exists-3F-method -->
<div id="method-i-search_replace_db_2_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">search_replace_db_2_url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Script for replacing strings in wordpress databases reveals databse
credentials after hitting submit <a
href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/">interconnectit.com/124/search-and-replace-for-wordpress-databases/</a></p>
<div class="method-source-code" id="search_replace_db_2_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 116</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">search_replace_db_2_url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'searchreplacedb2.php'</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- search_replace_db_2_url-source -->
</div>
</div><!-- search_replace_db_2_url-method -->
<div id="method-i-theme" class="method-detail ">
<div class="method-heading">
<span class="method-name">theme</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return <a href="WpTheme.html">WpTheme</a></p>
<div class="method-source-code" id="theme-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 67</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">theme</span>
<span class="ruby-constant">WpTheme</span>.<span class="ruby-identifier">find</span>(<span class="ruby-ivar">@uri</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- theme-source -->
</div>
</div><!-- theme-method -->
<div id="method-i-url" class="method-detail ">
<div class="method-heading">
<span class="method-name">url</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Alias of @uri.to_s</p>
<div class="method-source-code" id="url-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 45</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">url</span>
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- url-source -->
</div>
</div><!-- url-method -->
<div id="method-i-version" class="method-detail ">
<div class="method-heading">
<span class="method-name">version</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>return <a href="WpVersion.html">WpVersion</a></p>
<div class="method-source-code" id="version-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 72</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
<span class="ruby-constant">WpVersion</span>.<span class="ruby-identifier">find</span>(<span class="ruby-ivar">@uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- version-source -->
</div>
</div><!-- version-method -->
<div id="method-i-wp_content_dir" class="method-detail ">
<div class="method-heading">
<span class="method-name">wp_content_dir</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="wp_content_dir-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 76</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_content_dir</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-identifier">index_body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
<span class="ruby-comment"># Only use the path because domain can be text or an ip</span>
<span class="ruby-identifier">uri_path</span> = <span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">path</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">index_body</span>[<span class="ruby-regexp">%r\/wp-content\/(?:themes|plugins)\//</span>]
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-string">'wp-content'</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">domains_excluded</span> = <span class="ruby-string">'(?:www\.)?(facebook|twitter)\.com'</span>
<span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">index_body</span>[<span class="ruby-node">%r(?:href|src)\s*=\s*(?:&quot;|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^&quot;']+)\/(?:themes|plugins)\/.*(?:&quot;|')/</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_content_dir</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wp_content_dir-source -->
</div>
</div><!-- wp_content_dir-method -->
<div id="method-i-wp_plugins_dir" class="method-detail ">
<div class="method-heading">
<span class="method-name">wp_plugins_dir</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="wp_plugins_dir-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 92</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir</span>
<span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_plugins_dir</span>
<span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-node">&quot;#{wp_content_dir}/plugins&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_plugins_dir</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wp_plugins_dir-source -->
</div>
</div><!-- wp_plugins_dir-method -->
<div id="method-i-wp_plugins_dir_exists-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">wp_plugins_dir_exists?</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="wp_plugins_dir_exists-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 99</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir_exists?</span>
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">wp_plugins_dir</span>)).<span class="ruby-identifier">code</span> <span class="ruby-operator">!=</span> <span class="ruby-value">404</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- wp_plugins_dir_exists-3F-source -->
</div>
</div><!-- wp_plugins_dir_exists-3F-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

472
doc/WpTheme.html
View File

@@ -1,472 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class WpTheme - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/wp_theme.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="WpItem.html">WpItem</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-find">::find</a>
<li><a href="#method-c-find_from_css_link">::find_from_css_link</a>
<li><a href="#method-c-find_from_wooframework">::find_from_wooframework</a>
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-3D-3D-3D">#===</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class WpTheme</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-style_url" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">style_url</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-version" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">version</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-find" class="method-detail ">
<div class="method-heading">
<span class="method-name">find</span><span
class="method-args">(target_uri)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="find-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 47</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">%rfind_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">theme</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">target_uri</span>)
<span class="ruby-keyword">return</span> <span class="ruby-identifier">theme</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">theme</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- find-source -->
</div>
</div><!-- find-method -->
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">==</span> <span class="ruby-string">''</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-constant">THEMES_VULNS_FILE</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">&quot;//theme[@name='$name$']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'themes'</span>
<span class="ruby-ivar">@version</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version</span>]
<span class="ruby-ivar">@style_url</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:style_url</span>]
<span class="ruby-keyword">super</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="protected-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="method-c-find_from_css_link" class="method-detail ">
<div class="method-heading">
<span class="method-name">find_from_css_link</span><span
class="method-args">(target_uri)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Discover the wordpress theme name by parsing the css link rel</p>
<div class="method-source-code" id="find_from_css_link-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 63</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_css_link</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">matches</span> = <span class="ruby-regexp">%r{https?://[^&quot;']+/([^/]+)/themes/([^&quot;']+)/style.css}</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span>
<span class="ruby-identifier">style_url</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>]
<span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
<span class="ruby-identifier">theme_name</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-identifier">style_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">style_url</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_css_link-source -->
</div>
</div><!-- find_from_css_link-method -->
<div id="method-c-find_from_wooframework" class="method-detail ">
<div class="method-heading">
<span class="method-name">find_from_wooframework</span><span
class="method-args">(target_uri)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p><a
href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wpscan/issues/detail?id=141</a></p>
<div class="method-source-code" id="find_from_wooframework-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 83</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_wooframework</span>(<span class="ruby-identifier">target_uri</span>)
<span class="ruby-identifier">body</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>
<span class="ruby-identifier">regexp</span> = <span class="ruby-regexp">%r{&lt;meta name=&quot;generator&quot; content=&quot;([^\s&quot;]+)\s?([^&quot;]+)?&quot; /&gt;\s+&lt;meta name=&quot;generator&quot; content=&quot;WooFramework\s?([^&quot;]+)?&quot; /&gt;}</span>
<span class="ruby-identifier">matches</span> = <span class="ruby-identifier">regexp</span>.<span class="ruby-identifier">match</span>(<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">matches</span>
<span class="ruby-identifier">woo_theme_name</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">1</span>]
<span class="ruby-identifier">woo_theme_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">2</span>]
<span class="ruby-identifier">woo_framework_version</span> = <span class="ruby-identifier">matches</span>[<span class="ruby-value">3</span>] <span class="ruby-comment"># Not used at this time</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">woo_theme_name</span>,
<span class="ruby-identifier">version</span><span class="ruby-operator">:</span> <span class="ruby-identifier">woo_theme_version</span>,
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-string">''</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-string">''</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_wooframework-source -->
</div>
</div><!-- find_from_wooframework-method -->
</section><!-- protected-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-3D-3D-3D" class="method-detail ">
<div class="method-heading">
<span class="method-name">===</span><span
class="method-args">(wp_theme)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="3D-3D-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_theme.rb, line 56</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">wp_theme</span>)
<span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">wp_theme</span>.<span class="ruby-identifier">version</span> <span class="ruby-operator">===</span> <span class="ruby-ivar">@version</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3D-3D-3D-source -->
</div>
</div><!-- 3D-3D-3D-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

308
doc/WpThemes.html
View File

@@ -1,308 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module WpThemes - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/wp_themes.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-themes_from_aggressive_detection">#themes_from_aggressive_detection</a>
<li><a href="#method-i-themes_from_passive_detection">#themes_from_passive_detection</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module WpThemes</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-themes_from_aggressive_detection" class="method-detail ">
<div class="method-heading">
<span class="method-name">themes_from_aggressive_detection</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="themes_from_aggressive_detection-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_themes.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">themes_from_aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">==</span> <span class="ruby-string">''</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-constant">THEMES_VULNS_FILE</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> (<span class="ruby-identifier">options</span>[<span class="ruby-value">:full</span>] <span class="ruby-operator">?</span> <span class="ruby-constant">THEMES_FULL_FILE</span> <span class="ruby-operator">:</span> <span class="ruby-constant">THEMES_FILE</span>)
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-node">&quot;//theme[@name='#{@name}']/vulnerability&quot;</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">'//theme'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'themes'</span>
<span class="ruby-identifier">result</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">themes</span> = []
<span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">themes</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpTheme</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">themes</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- themes_from_aggressive_detection-source -->
</div>
</div><!-- themes_from_aggressive_detection-method -->
<div id="method-i-themes_from_passive_detection" class="method-detail ">
<div class="method-heading">
<span class="method-name">themes_from_passive_detection</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="themes_from_passive_detection-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_themes.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">themes_from_passive_detection</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">themes</span> = []
<span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">'themes'</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
<span class="ruby-identifier">temp</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">themes</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpTheme</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">themes</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- themes_from_passive_detection-source -->
</div>
</div><!-- themes_from_passive_detection-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

350
doc/WpTimthumbs.html
View File

@@ -1,350 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module WpTimthumbs - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/wp_timthumbs.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-has_timthumbs-3F">#has_timthumbs?</a>
<li><a href="#method-i-targets_url_from_theme">#targets_url_from_theme</a>
<li><a href="#method-i-timthumbs">#timthumbs</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module WpTimthumbs</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-has_timthumbs-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">has_timthumbs?</span><span
class="method-args">(theme_name, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="has_timthumbs-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">has_timthumbs?</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-operator">!</span><span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>).<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- has_timthumbs-3F-source -->
</div>
</div><!-- has_timthumbs-3F-method -->
<div id="method-i-timthumbs" class="method-detail ">
<div class="method-heading">
<span class="method-name">timthumbs</span><span
class="method-args">(theme_name = nil, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="timthumbs-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 31</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">timthumbs</span>(<span class="ruby-identifier">theme_name</span> = <span class="ruby-keyword">nil</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@wp_timthumbs</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>] = <span class="ruby-string">'timthumbs'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] = <span class="ruby-keyword">false</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">'/timthumbs.txt'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] = <span class="ruby-string">'xxx'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] = <span class="ruby-string">'xxx'</span>
<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>] = <span class="ruby-string">'xxx'</span>
<span class="ruby-constant">WpOptions</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">theme_name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">custom_items</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">custom_items</span> = <span class="ruby-identifier">targets_url_from_theme</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_timthumbs</span> = <span class="ruby-constant">WpEnumerator</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span>, <span class="ruby-identifier">custom_items</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@wp_timthumbs</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- timthumbs-source -->
</div>
</div><!-- timthumbs-method -->
</section><!-- public-instance-method-details -->
<section id="protected-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Protected Instance Methods</h3>
<div id="method-i-targets_url_from_theme" class="method-detail ">
<div class="method-heading">
<span class="method-name">targets_url_from_theme</span><span
class="method-args">(theme_name, options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="targets_url_from_theme-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_timthumbs.rb, line 52</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">targets_url_from_theme</span>(<span class="ruby-identifier">theme_name</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-identifier">targets</span> = []
<span class="ruby-identifier">theme_name</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">escape</span>(<span class="ruby-identifier">theme_name</span>)
<span class="ruby-node">%w{
timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
scripts/timthumb.php tools/timthumb.php functions/timthumb.php
}</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>],
<span class="ruby-identifier">path</span><span class="ruby-operator">:</span> <span class="ruby-node">&quot;themes/#{theme_name}/#{file}&quot;</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">theme_name</span>,
<span class="ruby-identifier">vulns_file</span><span class="ruby-operator">:</span> <span class="ruby-string">'XX'</span>,
<span class="ruby-identifier">type</span><span class="ruby-operator">:</span> <span class="ruby-string">'timthumbs'</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">targets</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- targets_url_from_theme-source -->
</div>
</div><!-- targets_url_from_theme-method -->
</section><!-- protected-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

558
doc/WpUser.html
View File

@@ -1,558 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class WpUser - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/wp_user.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
<li><a href="#method-i-3C-3D-3E">#&lt;=&gt;</a>
<li><a href="#method-i-3D-3D-3D">#===</a>
<li><a href="#method-i-eql-3F">#eql?</a>
<li><a href="#method-i-id">#id</a>
<li><a href="#method-i-id-3D">#id=</a>
<li><a href="#method-i-name">#name</a>
<li><a href="#method-i-name-3D">#name=</a>
<li><a href="#method-i-nickname">#nickname</a>
<li><a href="#method-i-nickname-3D">#nickname=</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class WpUser</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(name, id, nickname)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 54</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">name</span>, <span class="ruby-identifier">id</span>, <span class="ruby-identifier">nickname</span>)
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span> = <span class="ruby-identifier">name</span>
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">id</span> = <span class="ruby-identifier">id</span>
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-3C-3D-3E" class="method-detail ">
<div class="method-heading">
<span class="method-name">&lt;=&gt;</span><span
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="3C-3D-3E-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3C-3D-3E-source -->
</div>
</div><!-- 3C-3D-3E-method -->
<div id="method-i-3D-3D-3D" class="method-detail ">
<div class="method-heading">
<span class="method-name">===</span><span
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="3D-3D-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 64</span>
<span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">id</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">nickname</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- 3D-3D-3D-source -->
</div>
</div><!-- 3D-3D-3D-method -->
<div id="method-i-eql-3F" class="method-detail ">
<div class="method-heading">
<span class="method-name">eql?</span><span
class="method-args">(other)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="eql-3F-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 68</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">eql?</span>(<span class="ruby-identifier">other</span>)
<span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">id</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">id</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">other</span>.<span class="ruby-identifier">nickname</span> <span class="ruby-operator">===</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- eql-3F-source -->
</div>
</div><!-- eql-3F-method -->
<div id="method-i-id" class="method-detail ">
<div class="method-heading">
<span class="method-name">id</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="id-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 32</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">id</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@id</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@id</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">strip</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">return</span> <span class="ruby-string">'empty'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@id</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- id-source -->
</div>
</div><!-- id-method -->
<div id="method-i-id-3D" class="method-detail ">
<div class="method-heading">
<span class="method-name">id=</span><span
class="method-args">(new_id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="id-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 39</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">id=</span>(<span class="ruby-identifier">new_id</span>)
<span class="ruby-ivar">@id</span> = <span class="ruby-identifier">new_id</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- id-3D-source -->
</div>
</div><!-- id-3D-method -->
<div id="method-i-name" class="method-detail ">
<div class="method-heading">
<span class="method-name">name</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="name-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 21</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">name</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@name</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@name</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">strip</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">return</span> <span class="ruby-string">'empty'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@name</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- name-source -->
</div>
</div><!-- name-method -->
<div id="method-i-name-3D" class="method-detail ">
<div class="method-heading">
<span class="method-name">name=</span><span
class="method-args">(new_name)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="name-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 28</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">name=</span>(<span class="ruby-identifier">new_name</span>)
<span class="ruby-ivar">@name</span> = <span class="ruby-identifier">new_name</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- name-3D-source -->
</div>
</div><!-- name-3D-method -->
<div id="method-i-nickname" class="method-detail ">
<div class="method-heading">
<span class="method-name">nickname</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="nickname-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@nickname</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-ivar">@nickname</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">strip</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-keyword">return</span> <span class="ruby-string">'empty'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-ivar">@nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- nickname-source -->
</div>
</div><!-- nickname-method -->
<div id="method-i-nickname-3D" class="method-detail ">
<div class="method-heading">
<span class="method-name">nickname=</span><span
class="method-args">(new_nickname)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="nickname-3D-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_user.rb, line 50</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">nickname=</span>(<span class="ruby-identifier">new_nickname</span>)
<span class="ruby-ivar">@nickname</span> = <span class="ruby-identifier">new_nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- nickname-3D-source -->
</div>
</div><!-- nickname-3D-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

468
doc/WpUsernames.html
View File

@@ -1,468 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>module WpUsernames - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="module">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/modules/wp_usernames.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-author_url">#author_url</a>
<li><a href="#method-i-extract_nickname_from_body">#extract_nickname_from_body</a>
<li><a href="#method-i-get_nickname_from_response">#get_nickname_from_response</a>
<li><a href="#method-i-get_nickname_from_url">#get_nickname_from_url</a>
<li><a href="#method-i-remove_junk_from_nickname">#remove_junk_from_nickname</a>
<li><a href="#method-i-usernames">#usernames</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="module">module WpUsernames</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<section id="public-instance-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="method-i-author_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">author_url</span><span
class="method-args">(author_id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="author_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 102</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">author_url</span>(<span class="ruby-identifier">author_id</span>)
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;?author=#{author_id}&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- author_url-source -->
</div>
</div><!-- author_url-method -->
<div id="method-i-extract_nickname_from_body" class="method-detail ">
<div class="method-heading">
<span class="method-name">extract_nickname_from_body</span><span
class="method-args">(body)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="extract_nickname_from_body-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 77</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_nickname_from_body</span>(<span class="ruby-identifier">body</span>)
<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%r{&lt;title&gt;([^&lt;]*)&lt;/title&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- extract_nickname_from_body-source -->
</div>
</div><!-- extract_nickname_from_body-method -->
<div id="method-i-get_nickname_from_response" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_nickname_from_response</span><span
class="method-args">(resp)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_nickname_from_response-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 69</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_nickname_from_response</span>(<span class="ruby-identifier">resp</span>)
<span class="ruby-identifier">nickname</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">extract_nickname_from_body</span>(<span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_nickname_from_response-source -->
</div>
</div><!-- get_nickname_from_response-method -->
<div id="method-i-get_nickname_from_url" class="method-detail ">
<div class="method-heading">
<span class="method-name">get_nickname_from_url</span><span
class="method-args">(url)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="get_nickname_from_url-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 60</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">get_nickname_from_url</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">resp</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">nickname</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">resp</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">extract_nickname_from_body</span>(<span class="ruby-identifier">resp</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- get_nickname_from_url-source -->
</div>
</div><!-- get_nickname_from_url-method -->
<div id="method-i-remove_junk_from_nickname" class="method-detail ">
<div class="method-heading">
<span class="method-name">remove_junk_from_nickname</span><span
class="method-args">(usernames)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="remove_junk_from_nickname-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 81</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">remove_junk_from_nickname</span>(<span class="ruby-identifier">usernames</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">kind_of?</span> <span class="ruby-constant">Array</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'Need an array as input'</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">nicknames</span> = []
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">u</span>.<span class="ruby-identifier">kind_of?</span> <span class="ruby-constant">WpUser</span>
<span class="ruby-identifier">raise</span>(<span class="ruby-string">'Items must be of type WpUser'</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">nickname</span> <span class="ruby-operator">==</span> <span class="ruby-string">'empty'</span>
<span class="ruby-identifier">nicknames</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">nickname</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">junk</span> = <span class="ruby-identifier">get_equal_string_end</span>(<span class="ruby-identifier">nicknames</span>)
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">u</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">u</span>.<span class="ruby-identifier">nickname</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-node">%r#{Regexp.escape(junk)}$/</span>, <span class="ruby-string">''</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">usernames</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- remove_junk_from_nickname-source -->
</div>
</div><!-- remove_junk_from_nickname-method -->
<div id="method-i-usernames" class="method-detail ">
<div class="method-heading">
<span class="method-name">usernames</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Enumerate wordpress usernames by using Veronica Valeross technique: <a
href="http://seclists.org/fulldisclosure/2011/May/493">seclists.org/fulldisclosure/2011/May/493</a></p>
<p>Available options :</p>
<pre>:range - default : 1..10</pre>
<p>returns an array of <a href="WpUser.html">WpUser</a> (can be empty)</p>
<div class="method-source-code" id="usernames-source">
<pre><span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 28</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">usernames</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">range</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:range</span>] <span class="ruby-operator">||</span> (<span class="ruby-value">1</span><span class="ruby-operator">..</span><span class="ruby-value">10</span>)
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">usernames</span> = []
<span class="ruby-identifier">range</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">author_id</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">url</span> = <span class="ruby-identifier">author_url</span>(<span class="ruby-identifier">author_id</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">username</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">301</span> <span class="ruby-comment"># username in location?</span>
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>][<span class="ruby-regexp">%r{/author/([^/\b]+)/?}</span>, <span class="ruby-value">1</span>]
<span class="ruby-comment"># Get the real name from the redirect site</span>
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">get_nickname_from_url</span>(<span class="ruby-identifier">url</span>)
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-comment"># username in body?</span>
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%r{posts by (.*) feed}</span>, <span class="ruby-value">1</span>]
<span class="ruby-identifier">nickname</span> = <span class="ruby-identifier">get_nickname_from_response</span>(<span class="ruby-identifier">response</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">username</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">nickname</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
<span class="ruby-identifier">usernames</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpUser</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">username</span>, <span class="ruby-identifier">author_id</span>, <span class="ruby-identifier">nickname</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">usernames</span> = <span class="ruby-identifier">remove_junk_from_nickname</span>(<span class="ruby-identifier">usernames</span>)
<span class="ruby-comment"># clean the array, remove nils and possible duplicates</span>
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">flatten!</span>
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">compact!</span>
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">uniq</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- usernames-source -->
</div>
</div><!-- usernames-method -->
</section><!-- public-instance-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

687
doc/WpVersion.html
View File

@@ -1,687 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class WpVersion - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/wp_version.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Vulnerable.html">Vulnerable</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-find">::find</a>
<li><a href="#method-c-find_from_advanced_fingerprinting">::find_from_advanced_fingerprinting</a>
<li><a href="#method-c-find_from_atom_generator">::find_from_atom_generator</a>
<li><a href="#method-c-find_from_links_opml">::find_from_links_opml</a>
<li><a href="#method-c-find_from_meta_generator">::find_from_meta_generator</a>
<li><a href="#method-c-find_from_rdf_generator">::find_from_rdf_generator</a>
<li><a href="#method-c-find_from_readme">::find_from_readme</a>
<li><a href="#method-c-find_from_rss_generator">::find_from_rss_generator</a>
<li><a href="#method-c-find_from_sitemap_generator">::find_from_sitemap_generator</a>
<li><a href="#method-c-new">::new</a>
<li><a href="#method-c-version_pattern">::version_pattern</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class WpVersion</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-discovery_method" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">discovery_method</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-number" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">number</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-find" class="method-detail ">
<div class="method-heading">
<span class="method-name">find</span><span
class="method-args">(target_uri, wp_content_dir)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Will use all method self.find_from_* to try to detect the version Once the
version is found, it will return a <a href="WpVersion.html">WpVersion</a>
object The method_name will be without find_from_ and _ will be replace
by (IE meta generator, rss generator etc) If the version is not
found, nil is returned</p>
<p>The order in which the find_from_* methods are is important, they will be
called in the same order (<a
href="WpVersion.html#method-c-find_from_meta_generator">::find_from_meta_generator</a>,
<a
href="WpVersion.html#method-c-find_from_rss_generator">::find_from_rss_generator</a>
etc)</p>
<div class="method-source-code" id="find-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 39</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
<span class="ruby-identifier">options</span> = {
<span class="ruby-identifier">base_url</span><span class="ruby-operator">:</span> <span class="ruby-identifier">target_uri</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_content_dir</span>
}
<span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">%rfind_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">version</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">send</span>(<span class="ruby-identifier">method_to_call</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">version</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-identifier">version</span>, <span class="ruby-identifier">discovery_method</span><span class="ruby-operator">:</span> <span class="ruby-identifier">method_to_call</span>[<span class="ruby-regexp">%r{find_from_(.*)}</span>, <span class="ruby-value">1</span>].<span class="ruby-identifier">gsub</span>(<span class="ruby-string">'_'</span>, <span class="ruby-string">' '</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- find-source -->
</div>
</div><!-- find-method -->
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(number, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 25</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">number</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-ivar">@number</span> = <span class="ruby-identifier">number</span>
<span class="ruby-ivar">@discovery_method</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:discovery_method</span>]
<span class="ruby-ivar">@vulns_file</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">WP_VULNS_FILE</span>
<span class="ruby-ivar">@vulns_xpath</span> = <span class="ruby-node">&quot;//wordpress[@version='#{@number}']/vulnerability&quot;</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
<section id="protected-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Protected Class Methods</h3>
<div id="method-c-find_from_advanced_fingerprinting" class="method-detail ">
<div class="method-heading">
<span class="method-name">find_from_advanced_fingerprinting</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Uses data/wp_versions.xml to try to identify a wordpress version.</p>
<p>It does this by using client side file hashing</p>
<pre>/!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)</pre>
<div class="method-source-code" id="find_from_advanced_fingerprinting-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 124</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_advanced_fingerprinting</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-comment"># needed for rpsec tests</span>
<span class="ruby-identifier">version_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">WP_VERSIONS_FILE</span>
<span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">version_xml</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">config</span>.<span class="ruby-identifier">noblanks</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-string">'//file'</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">wp_content</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
<span class="ruby-identifier">wp_plugins</span> = <span class="ruby-node">&quot;#{wp_content}/plugins&quot;</span>
<span class="ruby-identifier">file_url</span> = <span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'src'</span>).<span class="ruby-identifier">text</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-identifier">file_url</span> = <span class="ruby-identifier">file_url</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">%r\$wp-plugins\$/</span>, <span class="ruby-identifier">wp_plugins</span>).<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">%r\$wp-content\$/</span>, <span class="ruby-identifier">wp_content</span>)
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">file_url</span>)
<span class="ruby-identifier">md5sum</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>)
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'hash'</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">hash</span><span class="ruby-operator">|</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">hash</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'md5'</span>).<span class="ruby-identifier">text</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">md5sum</span>
<span class="ruby-keyword">return</span> <span class="ruby-identifier">hash</span>.<span class="ruby-identifier">search</span>(<span class="ruby-string">'version'</span>).<span class="ruby-identifier">text</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">nil</span> <span class="ruby-comment"># Otherwise the data['file'] is returned (issue #107)</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_advanced_fingerprinting-source -->
</div>
</div><!-- find_from_advanced_fingerprinting-method -->
<div id="method-c-find_from_atom_generator" class="method-detail ">
<div class="method-heading">
<span class="method-name">find_from_atom_generator</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Attempts to find the WordPress version from, the generator tag in the Atom
source.</p>
<div class="method-source-code" id="find_from_atom_generator-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 99</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_atom_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'feed/atom/'</span>).<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{&lt;generator uri=&quot;http://wordpress.org/&quot; version=&quot;#{WpVersion.version_pattern}&quot;&gt;WordPress&lt;/generator&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_atom_generator-source -->
</div>
</div><!-- find_from_atom_generator-method -->
<div id="method-c-find_from_links_opml" class="method-detail ">
<div class="method-heading">
<span class="method-name">find_from_links_opml</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Attempts to find the WordPress version from the p-links-opml.php file.</p>
<div class="method-source-code" id="find_from_links_opml-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 164</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_links_opml</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'wp-links-opml.php'</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_links_opml-source -->
</div>
</div><!-- find_from_links_opml-method -->
<div id="method-c-find_from_meta_generator" class="method-detail ">
<div class="method-heading">
<span class="method-name">find_from_meta_generator</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Attempts to find the wordpress version from, the generator meta tag in the
html source.</p>
<p>The meta tag can be removed however it seems, that it is reinstated on
upgrade.</p>
<div class="method-source-code" id="find_from_meta_generator-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_meta_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{name=&quot;generator&quot; content=&quot;wordpress #{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_meta_generator-source -->
</div>
</div><!-- find_from_meta_generator-method -->
<div id="method-c-find_from_rdf_generator" class="method-detail ">
<div class="method-heading">
<span class="method-name">find_from_rdf_generator</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Attempts to find WordPress version from, the generator tag in the RDF feed
source.</p>
<div class="method-source-code" id="find_from_rdf_generator-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 79</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rdf_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'feed/rdf/'</span>).<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{&lt;admin:generatorAgent rdf:resource=&quot;http://wordpress.org/\?v=#{WpVersion.version_pattern}&quot; /&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_rdf_generator-source -->
</div>
</div><!-- find_from_rdf_generator-method -->
<div id="method-c-find_from_readme" class="method-detail ">
<div class="method-heading">
<span class="method-name">find_from_readme</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Attempts to find the WordPress version from the readme.html file.</p>
<div class="method-source-code" id="find_from_readme-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 150</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_readme</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'readme.html'</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{&lt;br /&gt;\sversion #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_readme-source -->
</div>
</div><!-- find_from_readme-method -->
<div id="method-c-find_from_rss_generator" class="method-detail ">
<div class="method-heading">
<span class="method-name">find_from_rss_generator</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Attempts to find the WordPress version from, the generator tag in the RSS
feed source.</p>
<div class="method-source-code" id="find_from_rss_generator-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 70</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rss_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'feed/'</span>).<span class="ruby-identifier">to_s</span>, { <span class="ruby-identifier">follow_location</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span>, <span class="ruby-identifier">max_redirects</span><span class="ruby-operator">:</span> <span class="ruby-value">2</span> })
<span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{&lt;generator&gt;http://wordpress.org/\?v=#{WpVersion.version_pattern}&lt;/generator&gt;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_rss_generator-source -->
</div>
</div><!-- find_from_rss_generator-method -->
<div id="method-c-find_from_sitemap_generator" class="method-detail ">
<div class="method-heading">
<span class="method-name">find_from_sitemap_generator</span><span
class="method-args">(options)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Attempts to find the WordPress version from the sitemap.xml file.</p>
<p>See: <a
href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wpscan/issues/detail?id=109</a></p>
<div class="method-source-code" id="find_from_sitemap_generator-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 158</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_sitemap_generator</span>(<span class="ruby-identifier">options</span>)
<span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
<span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">'sitemap.xml'</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%r{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- find_from_sitemap_generator-source -->
</div>
</div><!-- find_from_sitemap_generator-method -->
<div id="method-c-version_pattern" class="method-detail ">
<div class="method-heading">
<span class="method-name">version_pattern</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Used to check if the version is correct: must contain at least one dot.</p>
<div class="method-source-code" id="version_pattern-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 170</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">version_pattern</span>
<span class="ruby-string">'([^\r\n&quot;\]+\.[^\r\n&quot;\]+)'</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- version_pattern-source -->
</div>
</div><!-- version_pattern-method -->
</section><!-- protected-class-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

315
doc/WpVulnerability.html
View File

@@ -1,315 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>class WpVulnerability - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body id="top" class="class">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="file-metadata">
<nav id="file-list-section" class="section">
<h3 class="section-header">Defined In</h3>
<ul>
<li>lib/wpscan/wp_vulnerability.rb
</ul>
</nav>
</div>
<div id="class-metadata">
<nav id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a>
</nav>
<!-- Method Quickref -->
<nav id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a>
</ul>
</nav>
</div>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation">
<h1 class="class">class WpVulnerability</h1>
<div id="description" class="description">
</div><!-- description -->
<section id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<section id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="attribute-i-metasploit_modules" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">metasploit_modules</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-references" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">references</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-title" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">title</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="attribute-i-type" class="method-detail">
<div class="method-heading attribute-method-heading">
<span class="method-name">type</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
</section><!-- attribute-method-details -->
<!-- Methods -->
<section id="public-class-5Buntitled-5D-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="method-c-new" class="method-detail ">
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(title, references, type, metasploit_modules)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre><span class="ruby-comment"># File lib/wpscan/wp_vulnerability.rb, line 22</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">title</span>, <span class="ruby-identifier">references</span>, <span class="ruby-identifier">type</span>, <span class="ruby-identifier">metasploit_modules</span>)
<span class="ruby-ivar">@title</span> = <span class="ruby-identifier">title</span>
<span class="ruby-ivar">@references</span> = <span class="ruby-identifier">references</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">type</span>
<span class="ruby-ivar">@metasploit_modules</span> = <span class="ruby-identifier">metasploit_modules</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</section><!-- public-class-method-details -->
</section><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

1079
doc/WpscanOptions.html
View File

File diff suppressed because it is too large Load Diff

47
doc/created.rid
View File

@@ -1,47 +0,0 @@
Sun, 27 Jan 2013 01:14:27 +0100
./CREDITS Fri, 11 Jan 2013 21:40:57 +0100
./Gemfile Wed, 09 Jan 2013 21:35:00 +0100
./lib/browser.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/cache_file_store.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/common/custom_option_parser.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/common/plugins/plugin.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/common/plugins/plugins.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/common_helper.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/environment.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/updater/git_updater.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/updater/svn_updater.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/updater/updater.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/updater/updater_factory.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/brute_force.rb Sun, 27 Jan 2013 00:31:13 +0100
./lib/wpscan/modules/malwares.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/web_site.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_config_backup.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_full_path_disclosure.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_login_protection.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_plugins.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_readme.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_themes.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_timthumbs.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/modules/wp_usernames.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/vulnerable.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_detector.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_enumerator.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_item.rb Fri, 25 Jan 2013 22:39:51 +0100
./lib/wpscan/wp_options.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_plugin.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_target.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_theme.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_user.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_version.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wp_vulnerability.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wpscan_helper.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpscan/wpscan_options.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpstools/plugins/checker/checker_plugin.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpstools/plugins/list_generator/generate_list.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpstools/plugins/list_generator/list_generator_plugin.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpstools/plugins/list_generator/svn_parser.rb Thu, 24 Jan 2013 22:19:29 +0100
./lib/wpstools/wpstools_helper.rb Thu, 24 Jan 2013 22:19:29 +0100
./log.txt Sun, 27 Jan 2013 00:31:06 +0100
./README Sat, 19 Jan 2013 18:50:05 +0100
./wpscan.rb Thu, 24 Jan 2013 22:19:29 +0100
./wpstools.rb Thu, 24 Jan 2013 22:19:29 +0100

BIN
doc/images/add.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 733 B

BIN
doc/images/brick.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 452 B

BIN
doc/images/brick_link.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 764 B

BIN
doc/images/bug.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 774 B

BIN
doc/images/bullet_black.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 211 B

BIN
doc/images/bullet_toggle_minus.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 207 B

BIN
doc/images/bullet_toggle_plus.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 209 B

BIN
doc/images/date.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 626 B

BIN
doc/images/delete.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 715 B

BIN
doc/images/find.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 659 B

BIN
doc/images/loadingAnimation.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 5.7 KiB

BIN
doc/images/macFFBgHack.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 207 B

BIN
doc/images/package.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 853 B

BIN
doc/images/page_green.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 621 B

BIN
doc/images/page_white_text.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 342 B

BIN
doc/images/page_white_width.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 309 B

BIN
doc/images/plugin.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 591 B

BIN
doc/images/ruby.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 592 B

BIN
doc/images/tag_blue.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.8 KiB

BIN
doc/images/tag_green.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 613 B

BIN
doc/images/transparent.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 97 B

BIN
doc/images/wrench.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 610 B

BIN
doc/images/wrench_orange.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 584 B

BIN
doc/images/zoom.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 692 B

160
doc/index.html
View File

@@ -1,160 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body>
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<p>This is the API documentation for RDoc Documentation.
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

153
doc/js/darkfish.js
View File

@@ -1,153 +0,0 @@
/**
*
* Darkfish Page Functions
* $Id: darkfish.js 53 2009-01-07 02:52:03Z deveiant $
*
* Author: Michael Granger <mgranger@laika.com>
*
*/
/* Provide console simulation for firebug-less environments */
if (!("console" in window) || !("firebug" in console)) {
var names = ["log", "debug", "info", "warn", "error", "assert", "dir", "dirxml",
"group", "groupEnd", "time", "timeEnd", "count", "trace", "profile", "profileEnd"];
window.console = {};
for (var i = 0; i < names.length; ++i)
window.console[names[i]] = function() {};
};
/**
* Unwrap the first element that matches the given @expr@ from the targets and return them.
*/
$.fn.unwrap = function( expr ) {
return this.each( function() {
$(this).parents( expr ).eq( 0 ).after( this ).remove();
});
};
function showSource( e ) {
var target = e.target;
var codeSections = $(target).
parents('.method-detail').
find('.method-source-code');
$(target).
parents('.method-detail').
find('.method-source-code').
slideToggle();
};
function hookSourceViews() {
$('.method-heading').click( showSource );
};
function toggleDebuggingSection() {
$('.debugging-section').slideToggle();
};
function hookDebuggingToggle() {
$('#debugging-toggle img').click( toggleDebuggingSection );
};
function hookTableOfContentsToggle() {
$('.indexpage li .toc-toggle').each( function() {
$(this).click( function() {
$(this).toggleClass('open');
});
var section = $(this).next();
$(this).click( function() {
section.slideToggle();
});
});
}
function hookSearch() {
var input = $('#search-field').eq(0);
var result = $('#search-results').eq(0);
$(result).show();
var search_section = $('#search-section').get(0);
$(search_section).show();
var search = new Search(search_data, input, result);
search.renderItem = function(result) {
var li = document.createElement('li');
var html = '';
// TODO add relative path to <script> per-page
html += '<p class="search-match"><a href="' + rdoc_rel_prefix + result.path + '">' + this.hlt(result.title);
if (result.params)
html += '<span class="params">' + result.params + '</span>';
html += '</a>';
if (result.namespace)
html += '<p class="search-namespace">' + this.hlt(result.namespace);
if (result.snippet)
html += '<div class="search-snippet">' + result.snippet + '</div>';
li.innerHTML = html;
return li;
}
search.select = function(result) {
var result_element = result.get(0);
window.location.href = result_element.firstChild.firstChild.href;
}
search.scrollIntoView = search.scrollInWindow;
};
function highlightTarget( anchor ) {
console.debug( "Highlighting target '%s'.", anchor );
$("a[name=" + anchor + "]").each( function() {
if ( !$(this).parent().parent().hasClass('target-section') ) {
console.debug( "Wrapping the target-section" );
$('div.method-detail').unwrap( 'div.target-section' );
$(this).parent().wrap( '<div class="target-section"></div>' );
} else {
console.debug( "Already wrapped." );
}
});
};
function highlightLocationTarget() {
console.debug( "Location hash: %s", window.location.hash );
if ( ! window.location.hash || window.location.hash.length == 0 ) return;
var anchor = window.location.hash.substring(1);
console.debug( "Found anchor: %s; matching %s", anchor, "a[name=" + anchor + "]" );
highlightTarget( anchor );
};
function highlightClickTarget( event ) {
console.debug( "Highlighting click target for event %o", event.target );
try {
var anchor = $(event.target).attr( 'href' ).substring(1);
console.debug( "Found target anchor: %s", anchor );
highlightTarget( anchor );
} catch ( err ) {
console.error( "Exception while highlighting: %o", err );
};
};
$(document).ready( function() {
hookSourceViews();
hookDebuggingToggle();
hookSearch();
highlightLocationTarget();
hookTableOfContentsToggle();
$('ul.link-list a').bind( "click", highlightClickTarget );
});

18
doc/js/jquery.js vendored
View File

File diff suppressed because one or more lines are too long

142
doc/js/navigation.js
View File

@@ -1,142 +0,0 @@
/*
* Navigation allows movement using the arrow keys through the search results.
*
* When using this library you will need to set scrollIntoView to the
* appropriate function for your layout. Use scrollInWindow if the container
* is not scrollable and scrollInElement if the container is a separate
* scrolling region.
*/
Navigation = new function() {
this.initNavigation = function() {
var _this = this;
$(document).keydown(function(e) {
_this.onkeydown(e);
}).keyup(function(e) {
_this.onkeyup(e);
});
this.navigationActive = true;
}
this.setNavigationActive = function(state) {
this.navigationActive = state;
this.clearMoveTimeout();
}
this.onkeyup = function(e) {
if (!this.navigationActive) return;
switch(e.keyCode) {
case 37: //Event.KEY_LEFT:
case 38: //Event.KEY_UP:
case 39: //Event.KEY_RIGHT:
case 40: //Event.KEY_DOWN:
this.clearMoveTimeout();
break;
}
}
this.onkeydown = function(e) {
if (!this.navigationActive) return;
switch(e.keyCode) {
case 37: //Event.KEY_LEFT:
if (this.moveLeft()) e.preventDefault();
break;
case 38: //Event.KEY_UP:
if (e.keyCode == 38 || e.ctrlKey) {
if (this.moveUp()) e.preventDefault();
this.startMoveTimeout(false);
}
break;
case 39: //Event.KEY_RIGHT:
if (this.moveRight()) e.preventDefault();
break;
case 40: //Event.KEY_DOWN:
if (e.keyCode == 40 || e.ctrlKey) {
if (this.moveDown()) e.preventDefault();
this.startMoveTimeout(true);
}
break;
case 13: //Event.KEY_RETURN:
if (this.$current)
e.preventDefault();
this.select(this.$current);
break;
}
if (e.ctrlKey && e.shiftKey) this.select(this.$current);
}
this.clearMoveTimeout = function() {
clearTimeout(this.moveTimeout);
this.moveTimeout = null;
}
this.startMoveTimeout = function(isDown) {
if (!$.browser.mozilla && !$.browser.opera) return;
if (this.moveTimeout) this.clearMoveTimeout();
var _this = this;
var go = function() {
if (!_this.moveTimeout) return;
_this[isDown ? 'moveDown' : 'moveUp']();
_this.moveTimout = setTimeout(go, 100);
}
this.moveTimeout = setTimeout(go, 200);
}
this.moveRight = function() {
}
this.moveLeft = function() {
}
this.move = function(isDown) {
}
this.moveUp = function() {
return this.move(false);
}
this.moveDown = function() {
return this.move(true);
}
/*
* Scrolls to the given element in the scrollable element view.
*/
this.scrollInElement = function(element, view) {
var offset, viewHeight, viewScroll, height;
offset = element.offsetTop;
height = element.offsetHeight;
viewHeight = view.offsetHeight;
viewScroll = view.scrollTop;
if (offset - viewScroll + height > viewHeight) {
view.scrollTop = offset - viewHeight + height;
}
if (offset < viewScroll) {
view.scrollTop = offset;
}
}
/*
* Scrolls to the given element in the window. The second argument is
* ignored
*/
this.scrollInWindow = function(element, ignored) {
var offset, viewHeight, viewScroll, height;
offset = element.offsetTop;
height = element.offsetHeight;
viewHeight = window.innerHeight;
viewScroll = window.scrollY;
if (offset - viewScroll + height > viewHeight) {
window.scrollTo(window.scrollX, offset - viewHeight + height);
}
if (offset < viewScroll) {
window.scrollTo(window.scrollX, offset);
}
}
}

94
doc/js/search.js
View File

@@ -1,94 +0,0 @@
Search = function(data, input, result) {
this.data = data;
this.$input = $(input);
this.$result = $(result);
this.$current = null;
this.$view = this.$result.parent();
this.searcher = new Searcher(data.index);
this.init();
}
Search.prototype = $.extend({}, Navigation, new function() {
var suid = 1;
this.init = function() {
var _this = this;
var observer = function() {
_this.search(_this.$input[0].value);
};
this.$input.keyup(observer);
this.$input.click(observer); // mac's clear field
this.searcher.ready(function(results, isLast) {
_this.addResults(results, isLast);
})
this.initNavigation();
this.setNavigationActive(false);
}
this.search = function(value, selectFirstMatch) {
value = jQuery.trim(value).toLowerCase();
if (value) {
this.setNavigationActive(true);
} else {
this.setNavigationActive(false);
}
if (value == '') {
this.lastQuery = value;
this.$result.empty();
this.setNavigationActive(false);
} else if (value != this.lastQuery) {
this.lastQuery = value;
this.firstRun = true;
this.searcher.find(value);
}
}
this.addResults = function(results, isLast) {
var target = this.$result.get(0);
if (this.firstRun && (results.length > 0 || isLast)) {
this.$current = null;
this.$result.empty();
}
for (var i=0, l = results.length; i < l; i++) {
target.appendChild(this.renderItem.call(this, results[i]));
};
if (this.firstRun && results.length > 0) {
this.firstRun = false;
this.$current = $(target.firstChild);
this.$current.addClass('current');
}
if (jQuery.browser.msie) this.$element[0].className += '';
}
this.move = function(isDown) {
if (!this.$current) return;
var $next = this.$current[isDown ? 'next' : 'prev']();
if ($next.length) {
this.$current.removeClass('current');
$next.addClass('current');
this.scrollIntoView($next[0], this.$view[0]);
this.$current = $next;
}
return true;
}
this.hlt = function(html) {
return this.escapeHTML(html).
replace(/\u0001/g, '<em>').
replace(/\u0002/g, '</em>');
}
this.escapeHTML = function(html) {
return html.replace(/[&<>]/g, function(c) {
return '&#' + c.charCodeAt(0) + ';';
});
}
});

1
doc/js/search_index.js
View File

File diff suppressed because one or more lines are too long

228
doc/js/searcher.js
View File

@@ -1,228 +0,0 @@
Searcher = function(data) {
this.data = data;
this.handlers = [];
}
Searcher.prototype = new function() {
// search is performed in chunks of 1000 for non-blocking user input
var CHUNK_SIZE = 1000;
// do not try to find more than 100 results
var MAX_RESULTS = 100;
var huid = 1;
var suid = 1;
var runs = 0;
this.find = function(query) {
var queries = splitQuery(query);
var regexps = buildRegexps(queries);
var highlighters = buildHilighters(queries);
var state = { from: 0, pass: 0, limit: MAX_RESULTS, n: suid++};
var _this = this;
this.currentSuid = state.n;
if (!query) return;
var run = function() {
// stop current search thread if new search started
if (state.n != _this.currentSuid) return;
var results =
performSearch(_this.data, regexps, queries, highlighters, state);
var hasMore = (state.limit > 0 && state.pass < 4);
triggerResults.call(_this, results, !hasMore);
if (hasMore) {
setTimeout(run, 2);
}
runs++;
};
runs = 0;
// start search thread
run();
}
/* ----- Events ------ */
this.ready = function(fn) {
fn.huid = huid;
this.handlers.push(fn);
}
/* ----- Utilities ------ */
function splitQuery(query) {
return jQuery.grep(query.split(/(\s+|::?|\(\)?)/), function(string) {
return string.match(/\S/)
});
}
function buildRegexps(queries) {
return jQuery.map(queries, function(query) {
return new RegExp(query.replace(/(.)/g, '([$1])([^$1]*?)'), 'i')
});
}
function buildHilighters(queries) {
return jQuery.map(queries, function(query) {
return jQuery.map(query.split(''), function(l, i) {
return '\u0001$' + (i*2+1) + '\u0002$' + (i*2+2);
}).join('');
});
}
// function longMatchRegexp(index, longIndex, regexps) {
// for (var i = regexps.length - 1; i >= 0; i--){
// if (!index.match(regexps[i]) && !longIndex.match(regexps[i])) return false;
// };
// return true;
// }
/* ----- Mathchers ------ */
/*
* This record matches if the index starts with queries[0] and the record
* matches all of the regexps
*/
function matchPassBeginning(index, longIndex, queries, regexps) {
if (index.indexOf(queries[0]) != 0) return false;
for (var i=1, l = regexps.length; i < l; i++) {
if (!index.match(regexps[i]) && !longIndex.match(regexps[i]))
return false;
};
return true;
}
/*
* This record matches if the longIndex starts with queries[0] and the
* longIndex matches all of the regexps
*/
function matchPassLongIndex(index, longIndex, queries, regexps) {
if (longIndex.indexOf(queries[0]) != 0) return false;
for (var i=1, l = regexps.length; i < l; i++) {
if (!longIndex.match(regexps[i]))
return false;
};
return true;
}
/*
* This record matches if the index contains queries[0] and the record
* matches all of the regexps
*/
function matchPassContains(index, longIndex, queries, regexps) {
if (index.indexOf(queries[0]) == -1) return false;
for (var i=1, l = regexps.length; i < l; i++) {
if (!index.match(regexps[i]) && !longIndex.match(regexps[i]))
return false;
};
return true;
}
/*
* This record matches if regexps[0] matches the index and the record
* matches all of the regexps
*/
function matchPassRegexp(index, longIndex, queries, regexps) {
if (!index.match(regexps[0])) return false;
for (var i=1, l = regexps.length; i < l; i++) {
if (!index.match(regexps[i]) && !longIndex.match(regexps[i]))
return false;
};
return true;
}
/* ----- Highlighters ------ */
function highlightRegexp(info, queries, regexps, highlighters) {
var result = createResult(info);
for (var i=0, l = regexps.length; i < l; i++) {
result.title = result.title.replace(regexps[i], highlighters[i]);
result.namespace = result.namespace.replace(regexps[i], highlighters[i]);
};
return result;
}
function hltSubstring(string, pos, length) {
return string.substring(0, pos) + '\u0001' + string.substring(pos, pos + length) + '\u0002' + string.substring(pos + length);
}
function highlightQuery(info, queries, regexps, highlighters) {
var result = createResult(info);
var pos = 0;
var lcTitle = result.title.toLowerCase();
pos = lcTitle.indexOf(queries[0]);
if (pos != -1) {
result.title = hltSubstring(result.title, pos, queries[0].length);
}
result.namespace = result.namespace.replace(regexps[0], highlighters[0]);
for (var i=1, l = regexps.length; i < l; i++) {
result.title = result.title.replace(regexps[i], highlighters[i]);
result.namespace = result.namespace.replace(regexps[i], highlighters[i]);
};
return result;
}
function createResult(info) {
var result = {};
result.title = info[0];
result.namespace = info[1];
result.path = info[2];
result.params = info[3];
result.snippet = info[4];
return result;
}
/* ----- Searching ------ */
function performSearch(data, regexps, queries, highlighters, state) {
var searchIndex = data.searchIndex;
var longSearchIndex = data.longSearchIndex;
var info = data.info;
var result = [];
var i = state.from;
var l = searchIndex.length;
var togo = CHUNK_SIZE;
var matchFunc, hltFunc;
while (state.pass < 4 && state.limit > 0 && togo > 0) {
if (state.pass == 0) {
matchFunc = matchPassBeginning;
hltFunc = highlightQuery;
} else if (state.pass == 1) {
matchFunc = matchPassLongIndex;
hltFunc = highlightQuery;
} else if (state.pass == 2) {
matchFunc = matchPassContains;
hltFunc = highlightQuery;
} else if (state.pass == 3) {
matchFunc = matchPassRegexp;
hltFunc = highlightRegexp;
}
for (; togo > 0 && i < l && state.limit > 0; i++, togo--) {
if (info[i].n == state.n) continue;
if (matchFunc(searchIndex[i], longSearchIndex[i], queries, regexps)) {
info[i].n = state.n;
result.push(hltFunc(info[i], queries, regexps, highlighters));
state.limit--;
}
};
if (searchIndex.length <= i) {
state.pass++;
i = state.from = 0;
} else {
state.from = i;
}
}
return result;
}
function triggerResults(results, isLast) {
jQuery.each(this.handlers, function(i, fn) {
fn.call(this, results, isLast)
})
}
}

239
doc/log_txt.html
View File

@@ -1,239 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>log - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body class="file">
<nav id="metadata">
<nav id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./table_of_contents.html#classes">Classes</a>
<a href="./table_of_contents.html#methods">Methods</a>
</h3>
</nav>
<nav id="search-section" class="section project-section" class="initially-hidden">
<form action="#" method="get" accept-charset="utf-8">
<h3 class="section-header">
<input type="text" name="search" placeholder="Search" id="search-field"
title="Type to search, Up and Down to navigate, Enter to load">
</h3>
</form>
<ul id="search-results" class="initially-hidden"></ul>
</nav>
<div id="project-metadata">
<nav id="fileindex-section" class="section project-section">
<h3 class="section-header">Pages</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a>
<li class="file"><a href="./Gemfile.html">Gemfile</a>
<li class="file"><a href="./README.html">README</a>
<li class="file"><a href="./log_txt.html">log</a>
</ul>
</nav>
<nav id="classindex-section" class="section project-section">
<h3 class="section-header">Class and Module Index</h3>
<ul class="link-list">
<li><a href="./Array.html">Array</a>
<li><a href="./Browser.html">Browser</a>
<li><a href="./BruteForce.html">BruteForce</a>
<li><a href="./CacheFileStore.html">CacheFileStore</a>
<li><a href="./CheckerPlugin.html">CheckerPlugin</a>
<li><a href="./CustomOptionParser.html">CustomOptionParser</a>
<li><a href="./GenerateList.html">GenerateList</a>
<li><a href="./GitUpdater.html">GitUpdater</a>
<li><a href="./ListGeneratorPlugin.html">ListGeneratorPlugin</a>
<li><a href="./Malwares.html">Malwares</a>
<li><a href="./Object.html">Object</a>
<li><a href="./Plugin.html">Plugin</a>
<li><a href="./Plugins.html">Plugins</a>
<li><a href="./SvnParser.html">SvnParser</a>
<li><a href="./SvnUpdater.html">SvnUpdater</a>
<li><a href="./URI.html">URI</a>
<li><a href="./Updater.html">Updater</a>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a>
<li><a href="./Vulnerable.html">Vulnerable</a>
<li><a href="./WebSite.html">WebSite</a>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a>
<li><a href="./WpDetector.html">WpDetector</a>
<li><a href="./WpEnumerator.html">WpEnumerator</a>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a>
<li><a href="./WpItem.html">WpItem</a>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a>
<li><a href="./WpOptions.html">WpOptions</a>
<li><a href="./WpPlugin.html">WpPlugin</a>
<li><a href="./WpPlugins.html">WpPlugins</a>
<li><a href="./WpReadme.html">WpReadme</a>
<li><a href="./WpTarget.html">WpTarget</a>
<li><a href="./WpTheme.html">WpTheme</a>
<li><a href="./WpThemes.html">WpThemes</a>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a>
<li><a href="./WpUser.html">WpUser</a>
<li><a href="./WpUsernames.html">WpUsernames</a>
<li><a href="./WpVersion.html">WpVersion</a>
<li><a href="./WpVulnerability.html">WpVulnerability</a>
<li><a href="./WpscanOptions.html">WpscanOptions</a>
</ul>
</nav>
</div>
</nav>
<div id="documentation" class="description">
<p><em>__</em></p>
<pre>__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| v2.0r60a6f16
WordPress Security Scanner by the WPScan Team
Sponsored by the RandomStorm Open Source Initiative</pre>
<p><em>_</em></p>
<p>Examples :</p>
<p>-Further help … ruby /Users/firefart/Coding/wpscan_master/wpscan.rb help</p>
<p>-Do non-intrusive checks … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a></p>
<p>-Do wordlist password brute force on enumerated users using 50 threads …
ruby /Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> wordlist darkc0de.lst
threads 50</p>
<p>-Do wordlist password brute force on the admin username only … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> wordlist darkc0de.lst
username admin</p>
<p>-Enumerate installed plugins … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> enumerate p</p>
<p>-Enumerate installed themes … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> enumerate t</p>
<p>-Enumerate users … ruby /Users/firefart/Coding/wpscan_master/wpscan.rb url
<a href="http://www.example.com">www.example.com</a> enumerate u</p>
<p>-Enumerate installed timthumbs … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> enumerate tt</p>
<p>-Use a HTTP proxy … ruby /Users/firefart/Coding/wpscan_master/wpscan.rb
url <a href="http://www.example.com">www.example.com</a> proxy
127.0.0.1:8118</p>
<p>-Use a SOCKS5 proxy … (cURL &gt;= v7.21.7 needed) ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb url <a
href="http://www.example.com">www.example.com</a> proxy
socks5://127.0.0.1:9000</p>
<p>-Use custom content directory … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb -u <a
href="http://www.example.com">www.example.com</a> wp-content-dir
custom-content</p>
<p>-Use custom plugins directory … ruby
/Users/firefart/Coding/wpscan_master/wpscan.rb -u <a
href="http://www.example.com">www.example.com</a> wp-plugins-dir
wp-content/custom-plugins</p>
<p>-Update … ruby /Users/firefart/Coding/wpscan_master/wpscan.rb update</p>
<p>See <a href="README.html">README</a> for further information.</p>
<p>[<a href="http://ERROR">31m</a> No argument supplied  Trace :
/Users/firefart/Coding/wpscan_master/wpscan.rb:46:in `&lt;main&gt;
Coverage report generated for RSpec to
/Users/firefart/Coding/wpscan_master/coverage. 1040 / 1113 LOC (93.44%)
covered.</p>
</div>
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

543
doc/rdoc.css
View File

@@ -1,543 +0,0 @@
/*
* "Darkfish" Rdoc CSS
* $Id: rdoc.css 54 2009-01-27 01:09:48Z deveiant $
*
* Author: Michael Granger <ged@FaerieMUD.org>
*
*/
/* Base Green is: #6C8C22 */
* { padding: 0; margin: 0; }
body {
background: #efefef;
font: 14px "Helvetica Neue", Helvetica, Tahoma, sans-serif;
margin-left: 40px;
}
body.file-popup {
font-size: 90%;
margin-left: 0;
}
h1 {
font-size: 300%;
text-shadow: rgba(135,145,135,0.65) 2px 2px 3px;
color: #6C8C22;
}
h2,h3,h4 { margin-top: 1.5em; }
:link,
:visited {
color: #6C8C22;
text-decoration: none;
}
:link:hover,
:visited:hover {
border-bottom: 1px dotted #6C8C22;
}
pre {
background: #ddd;
padding: 0.5em 0;
}
/* @group Generic Classes */
.initially-hidden {
display: none;
}
#search-field {
width: 98%;
background: #eee;
border: none;
height: 1.5em;
-webkit-border-radius: 4px;
}
#search-field:focus {
background: #f1edba;
}
#search-field:-moz-placeholder,
#search-field::-webkit-input-placeholder {
font-weight: bold;
color: #666;
}
.missing-docs {
font-size: 120%;
background: white url(images/wrench_orange.png) no-repeat 4px center;
color: #ccc;
line-height: 2em;
border: 1px solid #d00;
opacity: 1;
padding-left: 20px;
text-indent: 24px;
letter-spacing: 3px;
font-weight: bold;
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
}
.target-section {
border: 2px solid #dcce90;
border-left-width: 8px;
padding: 0 1em;
background: #fff3c2;
}
/* @end */
/* @group Index Page, Standalone file pages */
.indexpage ul {
line-height: 160%;
list-style: none;
}
.indexpage ul :link,
.indexpage ul :visited {
font-size: 16px;
}
.indexpage li {
padding-left: 20px;
}
.indexpage ul > li {
background: url(images/bullet_black.png) no-repeat left 4px;
}
.indexpage li.method {
background: url(images/plugin.png) no-repeat left 4px;
}
.indexpage li.module {
background: url(images/package.png) no-repeat left 4px;
}
.indexpage li.class {
background: url(images/ruby.png) no-repeat left 4px;
}
.indexpage li.file {
background: url(images/page_white_text.png) no-repeat left 4px;
}
.indexpage li li {
background: url(images/tag_blue.png) no-repeat left 4px;
}
.indexpage li .toc-toggle {
width: 16px;
height: 16px;
background: url(images/add.png) no-repeat;
}
.indexpage li .toc-toggle.open {
background: url(images/delete.png) no-repeat;
}
/* @end */
/* @group Top-Level Structure */
#metadata {
float: left;
width: 260px;
}
#documentation {
margin: 2em 1em 5em 300px;
min-width: 340px;
}
#validator-badges {
clear: both;
margin: 1em 1em 2em;
font-size: smaller;
}
/* @end */
/* @group Metadata Section */
#metadata .section {
background-color: #dedede;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border: 1px solid #aaa;
margin: 0 8px 8px;
font-size: 90%;
overflow: hidden;
}
#metadata h3.section-header {
margin: 0;
padding: 2px 8px;
background: #ccc;
color: #666;
-moz-border-radius-topleft: 4px;
-moz-border-radius-topright: 4px;
-webkit-border-top-left-radius: 4px;
-webkit-border-top-right-radius: 4px;
border-bottom: 1px solid #aaa;
}
#metadata #home-section h3.section-header {
border-bottom: 0;
}
#metadata ul,
#metadata dl,
#metadata p {
padding: 8px;
list-style: none;
}
#file-metadata {
margin-top: 2em;
}
#file-metadata ul {
padding-left: 28px;
list-style-image: url(images/page_green.png);
}
dl.svninfo {
color: #666;
margin: 0;
}
dl.svninfo dt {
font-weight: bold;
}
ul.link-list li {
white-space: nowrap;
}
ul.link-list .type {
font-size: 8px;
text-transform: uppercase;
color: white;
background: #969696;
padding: 2px 4px;
-webkit-border-radius: 5px;
}
/* @end */
/* @group Class Metadata Section */
#class-metadata {
margin-top: 2em;
}
/* @end */
/* @group Project Metadata Section */
#project-metadata {
margin-top: 2em;
}
#project-metadata .section {
border: 1px solid #aaa;
}
#project-metadata h3.section-header {
border-bottom: 1px solid #aaa;
position: relative;
}
#project-metadata form {
color: #777;
background: #ccc;
}
/* @end */
/* @group Documentation Section */
.description {
font-size: 100%;
color: #333;
}
.description p {
margin: 1em 0.4em;
}
.description li p {
margin: 0;
}
.description ol,
.description ul {
margin-left: 1.5em;
}
.description ol li,
.description ul li {
line-height: 1.4em;
}
.note-list {
margin: 8px 0;
}
.label-list {
margin: 8px 1.5em;
border: 1px solid #ccc;
}
.description .label-list {
font-size: 14px;
}
.note-list dt {
font-weight: bold;
}
.note-list dd {
padding: 0 12px;
}
.label-list dt {
padding: 2px 4px;
font-weight: bold;
background: #ddd;
}
.label-list dd {
padding: 2px 12px;
}
.label-list dd + dt,
.note-list dd + dt {
margin-top: 0.7em;
}
#documentation .section {
font-size: 90%;
}
#documentation h2.section-header {
margin-top: 1em;
padding: 0.25em 0.5em;
background: #ccc;
color: #333;
font-size: 175%;
border: 1px solid #bbb;
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
}
.documentation-section-title {
position: relative;
}
.documentation-section-title .section-click-top {
position: absolute;
top: 6px;
right: 12px;
font-size: 10px;
color: #9b9877;
visibility: hidden;
padding-right: 0.5px;
}
.documentation-section-title:hover .section-click-top {
visibility: visible;
}
#documentation h3.section-header {
margin-top: 1em;
padding: 0.25em 0.5em;
background-color: #dedede;
color: #333;
font-size: 150%;
border: 1px solid #bbb;
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
}
#constants-list > dl,
#attributes-list > dl {
margin: 1em 0 2em;
border: 0;
}
#constants-list > dl dt,
#attributes-list > dl dt {
padding-left: 0;
font-weight: bold;
font-family: Monaco, "Andale Mono";
background: inherit;
}
#constants-list > dl dt a,
#attributes-list > dl dt a {
color: inherit;
}
#constants-list > dl dd,
#attributes-list > dl dd {
margin: 0 0 1em 0;
padding: 0;
color: #666;
}
.documentation-section h2 {
position: relative;
}
.documentation-section h2 a {
position: absolute;
top: 8px;
right: 10px;
font-size: 12px;
color: #9b9877;
visibility: hidden;
}
.documentation-section h2:hover a {
visibility: visible;
}
/* @group Method Details */
#documentation .method-source-code {
display: none;
}
#documentation .method-detail {
margin: 0.5em 0;
padding: 0.5em 0;
cursor: pointer;
}
#documentation .method-detail:hover {
background-color: #f1edba;
}
#documentation .method-heading {
position: relative;
padding: 2px 4px 0 20px;
font-size: 125%;
font-weight: bold;
color: #333;
background: url(images/brick.png) no-repeat left bottom;
}
#documentation .method-heading :link,
#documentation .method-heading :visited {
color: inherit;
}
#documentation .method-click-advice {
position: absolute;
top: 2px;
right: 5px;
font-size: 10px;
color: #9b9877;
visibility: hidden;
padding-right: 20px;
line-height: 20px;
background: url(images/zoom.png) no-repeat right top;
}
#documentation .method-heading:hover .method-click-advice {
visibility: visible;
}
#documentation .method-alias .method-heading {
color: #666;
background: url(images/brick_link.png) no-repeat left bottom;
}
#documentation .method-description,
#documentation .aliases {
margin: 0 20px;
color: #666;
}
#documentation .method-description p,
#documentation .aliases p {
line-height: 1.2em;
}
#documentation .aliases {
padding-top: 4px;
font-style: italic;
cursor: default;
}
#documentation .method-description p {
margin-bottom: 0.5em;
}
#documentation .method-description ul {
margin-left: 1.5em;
}
pre {
margin: 0.5em 0;
}
#documentation .attribute-method-heading {
background: url(images/tag_green.png) no-repeat left bottom;
}
#documentation #attribute-method-details .method-detail:hover {
background-color: transparent;
cursor: default;
}
#documentation .attribute-access-type {
font-size: 60%;
text-transform: uppercase;
vertical-align: super;
padding: 0 2px;
}
/* @end */
/* @end */
/* @group Source Code */
pre {
overflow: auto;
background: #262626;
color: white;
border: 1px dashed #999;
padding: 0.5em;
}
.description pre {
margin: 0 0.4em;
}
.ruby-constant { color: #7fffd4; background: transparent; }
.ruby-keyword { color: #00ffff; background: transparent; }
.ruby-ivar { color: #eedd82; background: transparent; }
.ruby-operator { color: #00ffee; background: transparent; }
.ruby-identifier { color: #ffdead; background: transparent; }
.ruby-node { color: #ffa07a; background: transparent; }
.ruby-comment { color: #dc0000; font-weight: bold; background: transparent; }
.ruby-regexp { color: #ffa07a; background: transparent; }
.ruby-value { color: #7fffd4; background: transparent; }
/* @end */
/* @group search results */
#search-results h1 {
font-size: 1em;
font-weight: normal;
text-shadow: none;
}
#search-results .current {
background: #ccc;
border-bottom: 1px solid transparent;
}
#search-results li {
list-style: none;
border-bottom: 1px solid #aaa;
-moz-border-radius: 4px;
-webkit-border-radius: 4px;
border-radius: 4px;
margin-bottom: 0.5em;
}
#search-results li:last-child {
border-bottom: none;
margin-bottom: 0;
}
#search-results li p {
padding: 0;
margin: 0.5em;
}
#search-results .search-namespace {
font-weight: bold;
}
#search-results li em {
background: yellow;
font-style: normal;
}
#search-results pre {
margin: 0.5em;
}
/* @end */

622
doc/table_of_contents.html
View File

@@ -1,622 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>Table of Contents - RDoc Documentation</title>
<link type="text/css" media="screen" href="./rdoc.css" rel="stylesheet">
<script type="text/javascript">
var rdoc_rel_prefix = "./";
</script>
<script type="text/javascript" charset="utf-8" src="./js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/navigation.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search_index.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/search.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/searcher.js"></script>
<script type="text/javascript" charset="utf-8" src="./js/darkfish.js"></script>
<body class="indexpage">
<h1>Table of Contents - RDoc Documentation</h1>
<h2>Pages</h2>
<ul>
<li class="file">
<a href="CREDITS.html">CREDITS</a>
</li>
<li class="file">
<a href="Gemfile.html">Gemfile</a>
</li>
<li class="file">
<a href="README.html">README</a>
<img class="toc-toggle" src="images/transparent.png" alt="" title="toggle headings">
<ul class="initially-hidden">
<li><a href="README.html#label-LICENSE%3D%3D">LICENSE==</a>
<li><a href="README.html#label-INSTALL%3D%3D">INSTALL==</a>
<li><a href="README.html#label-KNOWN+ISSUES%3D%3D">KNOWN ISSUES==</a>
<li><a href="README.html#label-WPSCAN+ARGUMENTS%3D%3D">WPSCAN ARGUMENTS==</a>
<li><a href="README.html#label-WPSCAN+EXAMPLES%3D%3D">WPSCAN EXAMPLES==</a>
<li><a href="README.html#label-WPSTOOLS+ARGUMENTS%3D%3D">WPSTOOLS ARGUMENTS==</a>
<li><a href="README.html#label-WPSTOOLS+EXAMPLES%3D%3D">WPSTOOLS EXAMPLES==</a>
<li><a href="README.html#label-PROJECT+HOME%3D%3D%3D">PROJECT HOME===</a>
<li><a href="README.html#label-REPOSITORY%3D%3D%3D">REPOSITORY===</a>
<li><a href="README.html#label-ISSUES%3D%3D%3D">ISSUES===</a>
<li><a href="README.html#label-SPONSOR%3D%3D%3D">SPONSOR===</a>
</ul>
</li>
<li class="file">
<a href="log_txt.html">log</a>
</li>
</ul>
<h2 id="classes">Classes/Modules</h2>
<ul>
<li class="class">
<a href="Array.html">Array</a>
</li>
<li class="class">
<a href="Browser.html">Browser</a>
</li>
<li class="module">
<a href="BruteForce.html">BruteForce</a>
</li>
<li class="class">
<a href="CacheFileStore.html">CacheFileStore</a>
</li>
<li class="class">
<a href="CheckerPlugin.html">CheckerPlugin</a>
</li>
<li class="class">
<a href="CustomOptionParser.html">CustomOptionParser</a>
</li>
<li class="class">
<a href="GenerateList.html">GenerateList</a>
</li>
<li class="class">
<a href="GitUpdater.html">GitUpdater</a>
</li>
<li class="class">
<a href="ListGeneratorPlugin.html">ListGeneratorPlugin</a>
</li>
<li class="module">
<a href="Malwares.html">Malwares</a>
</li>
<li class="class">
<a href="Object.html">Object</a>
</li>
<li class="class">
<a href="Plugin.html">Plugin</a>
</li>
<li class="class">
<a href="Plugins.html">Plugins</a>
</li>
<li class="class">
<a href="SvnParser.html">SvnParser</a>
</li>
<li class="class">
<a href="SvnUpdater.html">SvnUpdater</a>
</li>
<li class="module">
<a href="URI.html">URI</a>
</li>
<li class="class">
<a href="Updater.html">Updater</a>
</li>
<li class="class">
<a href="UpdaterFactory.html">UpdaterFactory</a>
</li>
<li class="class">
<a href="Vulnerable.html">Vulnerable</a>
</li>
<li class="module">
<a href="WebSite.html">WebSite</a>
</li>
<li class="module">
<a href="WpConfigBackup.html">WpConfigBackup</a>
</li>
<li class="class">
<a href="WpDetector.html">WpDetector</a>
</li>
<li class="class">
<a href="WpEnumerator.html">WpEnumerator</a>
</li>
<li class="module">
<a href="WpFullPathDisclosure.html">WpFullPathDisclosure</a>
</li>
<li class="class">
<a href="WpItem.html">WpItem</a>
</li>
<li class="module">
<a href="WpLoginProtection.html">WpLoginProtection</a>
</li>
<li class="class">
<a href="WpOptions.html">WpOptions</a>
<img class="toc-toggle" src="images/transparent.png" alt="" title="toggle headings">
<ul class="initially-hidden">
<li><a href="WpOptions.html#label-Options">Options</a>
</ul>
</li>
<li class="class">
<a href="WpPlugin.html">WpPlugin</a>
</li>
<li class="module">
<a href="WpPlugins.html">WpPlugins</a>
</li>
<li class="module">
<a href="WpReadme.html">WpReadme</a>
</li>
<li class="class">
<a href="WpTarget.html">WpTarget</a>
</li>
<li class="class">
<a href="WpTheme.html">WpTheme</a>
</li>
<li class="module">
<a href="WpThemes.html">WpThemes</a>
</li>
<li class="module">
<a href="WpTimthumbs.html">WpTimthumbs</a>
</li>
<li class="class">
<a href="WpUser.html">WpUser</a>
</li>
<li class="module">
<a href="WpUsernames.html">WpUsernames</a>
</li>
<li class="class">
<a href="WpVersion.html">WpVersion</a>
</li>
<li class="class">
<a href="WpVulnerability.html">WpVulnerability</a>
</li>
<li class="class">
<a href="WpscanOptions.html">WpscanOptions</a>
</li>
</ul>
<h2 id="methods">Methods</h2>
<ul>
<li class="method"><a href="WpDetector.html#method-c-aggressive_detection">::aggressive_detection &mdash; WpDetector</a>
<li class="method"><a href="UpdaterFactory.html#method-c-available_updaters_classes">::available_updaters_classes &mdash; UpdaterFactory</a>
<li class="method"><a href="WpOptions.html#method-c-check_options">::check_options &mdash; WpOptions</a>
<li class="method"><a href="WpscanOptions.html#method-c-clean_option">::clean_option &mdash; WpscanOptions</a>
<li class="method"><a href="WpConfigBackup.html#method-c-config_backup_files">::config_backup_files &mdash; WpConfigBackup</a>
<li class="method"><a href="WpEnumerator.html#method-c-enumerate">::enumerate &mdash; WpEnumerator</a>
<li class="method"><a href="URI.html#method-c-escape">::escape &mdash; URI</a>
<li class="method"><a href="WpVersion.html#method-c-find">::find &mdash; WpVersion</a>
<li class="method"><a href="WpTheme.html#method-c-find">::find &mdash; WpTheme</a>
<li class="method"><a href="WpVersion.html#method-c-find_from_advanced_fingerprinting">::find_from_advanced_fingerprinting &mdash; WpVersion</a>
<li class="method"><a href="WpVersion.html#method-c-find_from_atom_generator">::find_from_atom_generator &mdash; WpVersion</a>
<li class="method"><a href="WpTheme.html#method-c-find_from_css_link">::find_from_css_link &mdash; WpTheme</a>
<li class="method"><a href="WpVersion.html#method-c-find_from_links_opml">::find_from_links_opml &mdash; WpVersion</a>
<li class="method"><a href="WpVersion.html#method-c-find_from_meta_generator">::find_from_meta_generator &mdash; WpVersion</a>
<li class="method"><a href="WpVersion.html#method-c-find_from_rdf_generator">::find_from_rdf_generator &mdash; WpVersion</a>
<li class="method"><a href="WpVersion.html#method-c-find_from_readme">::find_from_readme &mdash; WpVersion</a>
<li class="method"><a href="WpVersion.html#method-c-find_from_rss_generator">::find_from_rss_generator &mdash; WpVersion</a>
<li class="method"><a href="WpVersion.html#method-c-find_from_sitemap_generator">::find_from_sitemap_generator &mdash; WpVersion</a>
<li class="method"><a href="WpTheme.html#method-c-find_from_wooframework">::find_from_wooframework &mdash; WpTheme</a>
<li class="method"><a href="WpEnumerator.html#method-c-generate_items">::generate_items &mdash; WpEnumerator</a>
<li class="method"><a href="WpscanOptions.html#method-c-get_opt_long">::get_opt_long &mdash; WpscanOptions</a>
<li class="method"><a href="UpdaterFactory.html#method-c-get_updater">::get_updater &mdash; UpdaterFactory</a>
<li class="method"><a href="Browser.html#method-c-instance">::instance &mdash; Browser</a>
<li class="method"><a href="WpscanOptions.html#method-c-is_long_option-3F">::is_long_option? &mdash; WpscanOptions</a>
<li class="method"><a href="BruteForce.html#method-c-lines_in_file">::lines_in_file &mdash; BruteForce</a>
<li class="method"><a href="WpscanOptions.html#method-c-load_from_arguments">::load_from_arguments &mdash; WpscanOptions</a>
<li class="method"><a href="Malwares.html#method-c-malware_pattern">::malware_pattern &mdash; Malwares</a>
<li class="method"><a href="Malwares.html#method-c-malwares_file">::malwares_file &mdash; Malwares</a>
<li class="method"><a href="WpItem.html#method-c-new">::new &mdash; WpItem</a>
<li class="method"><a href="WpscanOptions.html#method-c-new">::new &mdash; WpscanOptions</a>
<li class="method"><a href="Updater.html#method-c-new">::new &mdash; Updater</a>
<li class="method"><a href="Plugin.html#method-c-new">::new &mdash; Plugin</a>
<li class="method"><a href="WpPlugin.html#method-c-new">::new &mdash; WpPlugin</a>
<li class="method"><a href="WpTarget.html#method-c-new">::new &mdash; WpTarget</a>
<li class="method"><a href="CustomOptionParser.html#method-c-new">::new &mdash; CustomOptionParser</a>
<li class="method"><a href="WpTheme.html#method-c-new">::new &mdash; WpTheme</a>
<li class="method"><a href="CacheFileStore.html#method-c-new">::new &mdash; CacheFileStore</a>
<li class="method"><a href="CheckerPlugin.html#method-c-new">::new &mdash; CheckerPlugin</a>
<li class="method"><a href="WpVersion.html#method-c-new">::new &mdash; WpVersion</a>
<li class="method"><a href="SvnParser.html#method-c-new">::new &mdash; SvnParser</a>
<li class="method"><a href="WpVulnerability.html#method-c-new">::new &mdash; WpVulnerability</a>
<li class="method"><a href="ListGeneratorPlugin.html#method-c-new">::new &mdash; ListGeneratorPlugin</a>
<li class="method"><a href="WpUser.html#method-c-new">::new &mdash; WpUser</a>
<li class="method"><a href="GenerateList.html#method-c-new">::new &mdash; GenerateList</a>
<li class="method"><a href="Plugins.html#method-c-new">::new &mdash; Plugins</a>
<li class="method"><a href="WpscanOptions.html#method-c-option_to_instance_variable_setter">::option_to_instance_variable_setter &mdash; WpscanOptions</a>
<li class="method"><a href="CustomOptionParser.html#method-c-option_to_symbol">::option_to_symbol &mdash; CustomOptionParser</a>
<li class="method"><a href="WebSite.html#method-c-page_hash">::page_hash &mdash; WebSite</a>
<li class="method"><a href="WpDetector.html#method-c-passive_detection">::passive_detection &mdash; WpDetector</a>
<li class="method"><a href="Browser.html#method-c-reset">::reset &mdash; Browser</a>
<li class="method"><a href="WpTarget.html#method-c-valid_response_codes">::valid_response_codes &mdash; WpTarget</a>
<li class="method"><a href="WpVersion.html#method-c-version_pattern">::version_pattern &mdash; WpVersion</a>
<li class="method"><a href="WpUser.html#method-i-3C-3D-3E">#<=> &mdash; WpUser</a>
<li class="method"><a href="WpItem.html#method-i-3C-3D-3E">#<=> &mdash; WpItem</a>
<li class="method"><a href="WpItem.html#method-i-3D-3D">#== &mdash; WpItem</a>
<li class="method"><a href="WpItem.html#method-i-3D-3D-3D">#=== &mdash; WpItem</a>
<li class="method"><a href="WpUser.html#method-i-3D-3D-3D">#=== &mdash; WpUser</a>
<li class="method"><a href="WpTheme.html#method-i-3D-3D-3D">#=== &mdash; WpTheme</a>
<li class="method"><a href="Array.html#method-i-_grep_">#_grep_ &mdash; Array</a>
<li class="method"><a href="CustomOptionParser.html#method-i-add">#add &mdash; CustomOptionParser</a>
<li class="method"><a href="Object.html#method-i-add_http_protocol">#add_http_protocol &mdash; Object</a>
<li class="method"><a href="CustomOptionParser.html#method-i-add_option">#add_option &mdash; CustomOptionParser</a>
<li class="method"><a href="Object.html#method-i-add_trailing_slash">#add_trailing_slash &mdash; Object</a>
<li class="method"><a href="WpUsernames.html#method-i-author_url">#author_url &mdash; WpUsernames</a>
<li class="method"><a href="Object.html#method-i-banner">#banner &mdash; Object</a>
<li class="method"><a href="WpscanOptions.html#method-i-basic_auth-3D">#basic_auth= &mdash; WpscanOptions</a>
<li class="method"><a href="WpLoginProtection.html#method-i-better_wp_security_url">#better_wp_security_url &mdash; WpLoginProtection</a>
<li class="method"><a href="WpLoginProtection.html#method-i-bluetrait_event_viewer_url">#bluetrait_event_viewer_url &mdash; WpLoginProtection</a>
<li class="method"><a href="BruteForce.html#method-i-brute_force">#brute_force &mdash; BruteForce</a>
<li class="method"><a href="WpItem.html#method-i-changelog_url">#changelog_url &mdash; WpItem</a>
<li class="method"><a href="CheckerPlugin.html#method-i-check_local_vulnerable_files">#check_local_vulnerable_files &mdash; CheckerPlugin</a>
<li class="method"><a href="CheckerPlugin.html#method-i-check_vuln_ref_urls">#check_vuln_ref_urls &mdash; CheckerPlugin</a>
<li class="method"><a href="CacheFileStore.html#method-i-clean">#clean &mdash; CacheFileStore</a>
<li class="method"><a href="Object.html#method-i-colorize">#colorize &mdash; Object</a>
<li class="method"><a href="WpConfigBackup.html#method-i-config_backup">#config_backup &mdash; WpConfigBackup</a>
<li class="method"><a href="WpTarget.html#method-i-debug_log_url">#debug_log_url &mdash; WpTarget</a>
<li class="method"><a href="WpItem.html#method-i-directory_listing-3F">#directory_listing? &mdash; WpItem</a>
<li class="method"><a href="WpscanOptions.html#method-i-enumerate_all_plugins-3D">#enumerate_all_plugins= &mdash; WpscanOptions</a>
<li class="method"><a href="WpscanOptions.html#method-i-enumerate_all_themes-3D">#enumerate_all_themes= &mdash; WpscanOptions</a>
<li class="method"><a href="WpscanOptions.html#method-i-enumerate_only_vulnerable_plugins-3D">#enumerate_only_vulnerable_plugins= &mdash; WpscanOptions</a>
<li class="method"><a href="WpscanOptions.html#method-i-enumerate_only_vulnerable_themes-3D">#enumerate_only_vulnerable_themes= &mdash; WpscanOptions</a>
<li class="method"><a href="WpscanOptions.html#method-i-enumerate_options_from_string">#enumerate_options_from_string &mdash; WpscanOptions</a>
<li class="method"><a href="WpscanOptions.html#method-i-enumerate_plugins-3D">#enumerate_plugins= &mdash; WpscanOptions</a>
<li class="method"><a href="WpscanOptions.html#method-i-enumerate_themes-3D">#enumerate_themes= &mdash; WpscanOptions</a>
<li class="method"><a href="WpUser.html#method-i-eql-3F">#eql? &mdash; WpUser</a>
<li class="method"><a href="WebSite.html#method-i-error_404_hash">#error_404_hash &mdash; WebSite</a>
<li class="method"><a href="WpPlugin.html#method-i-error_log-3F">#error_log? &mdash; WpPlugin</a>
<li class="method"><a href="WpPlugin.html#method-i-error_log_url">#error_log_url &mdash; WpPlugin</a>
<li class="method"><a href="WpItem.html#method-i-extract_name_from_url">#extract_name_from_url &mdash; WpItem</a>
<li class="method"><a href="WpUsernames.html#method-i-extract_nickname_from_body">#extract_nickname_from_body &mdash; WpUsernames</a>
<li class="method"><a href="Browser.html#method-i-forge_request">#forge_request &mdash; Browser</a>
<li class="method"><a href="WpFullPathDisclosure.html#method-i-full_path_disclosure_url">#full_path_disclosure_url &mdash; WpFullPathDisclosure</a>
<li class="method"><a href="GenerateList.html#method-i-generate_full_list">#generate_full_list &mdash; GenerateList</a>
<li class="method"><a href="GenerateList.html#method-i-generate_popular_list">#generate_popular_list &mdash; GenerateList</a>
<li class="method"><a href="Browser.html#method-i-get">#get &mdash; Browser</a>
<li class="method"><a href="CacheFileStore.html#method-i-get_entry_file_path">#get_entry_file_path &mdash; CacheFileStore</a>
<li class="method"><a href="Object.html#method-i-get_equal_string_end">#get_equal_string_end &mdash; Object</a>
<li class="method"><a href="WpItem.html#method-i-get_full_url">#get_full_url &mdash; WpItem</a>
<li class="method"><a href="Object.html#method-i-get_metasploit_url">#get_metasploit_url &mdash; Object</a>
<li class="method"><a href="WpUsernames.html#method-i-get_nickname_from_response">#get_nickname_from_response &mdash; WpUsernames</a>
<li class="method"><a href="WpUsernames.html#method-i-get_nickname_from_url">#get_nickname_from_url &mdash; WpUsernames</a>
<li class="method"><a href="GenerateList.html#method-i-get_popular_items">#get_popular_items &mdash; GenerateList</a>
<li class="method"><a href="WpItem.html#method-i-get_sub_folder">#get_sub_folder &mdash; WpItem</a>
<li class="method"><a href="WpItem.html#method-i-get_url_without_filename">#get_url_without_filename &mdash; WpItem</a>
<li class="method"><a href="Object.html#method-i-green">#green &mdash; Object</a>
<li class="method"><a href="Array.html#method-i-grep">#grep &mdash; Array</a>
<li class="method"><a href="WebSite.html#method-i-has_basic_auth-3F">#has_basic_auth? &mdash; WebSite</a>
<li class="method"><a href="WpLoginProtection.html#method-i-has_better_wp_security_protection-3F">#has_better_wp_security_protection? &mdash; WpLoginProtection</a>
<li class="method"><a href="WpLoginProtection.html#method-i-has_bluetrait_event_viewer_protection-3F">#has_bluetrait_event_viewer_protection? &mdash; WpLoginProtection</a>
<li class="method"><a href="WpItem.html#method-i-has_changelog-3F">#has_changelog? &mdash; WpItem</a>
<li class="method"><a href="WpTarget.html#method-i-has_debug_log-3F">#has_debug_log? &mdash; WpTarget</a>
<li class="method"><a href="WpFullPathDisclosure.html#method-i-has_full_path_disclosure-3F">#has_full_path_disclosure? &mdash; WpFullPathDisclosure</a>
<li class="method"><a href="WpLoginProtection.html#method-i-has_limit_login_attempts_protection-3F">#has_limit_login_attempts_protection? &mdash; WpLoginProtection</a>
<li class="method"><a href="GitUpdater.html#method-i-has_local_changes-3F">#has_local_changes? &mdash; GitUpdater</a>
<li class="method"><a href="WpLoginProtection.html#method-i-has_login_lock_protection-3F">#has_login_lock_protection? &mdash; WpLoginProtection</a>
<li class="method"><a href="WpLoginProtection.html#method-i-has_login_lockdown_protection-3F">#has_login_lockdown_protection? &mdash; WpLoginProtection</a>
<li class="method"><a href="WpLoginProtection.html#method-i-has_login_protection-3F">#has_login_protection? &mdash; WpLoginProtection</a>
<li class="method"><a href="WpLoginProtection.html#method-i-has_login_security_solution_protection-3F">#has_login_security_solution_protection? &mdash; WpLoginProtection</a>
<li class="method"><a href="Malwares.html#method-i-has_malwares-3F">#has_malwares? &mdash; Malwares</a>
<li class="method"><a href="WpscanOptions.html#method-i-has_options-3F">#has_options? &mdash; WpscanOptions</a>
<li class="method"><a href="WpReadme.html#method-i-has_readme-3F">#has_readme? &mdash; WpReadme</a>
<li class="method"><a href="WpItem.html#method-i-has_readme-3F">#has_readme? &mdash; WpItem</a>
<li class="method"><a href="WpLoginProtection.html#method-i-has_simple_login_lockdown_protection-3F">#has_simple_login_lockdown_protection? &mdash; WpLoginProtection</a>
<li class="method"><a href="WpTimthumbs.html#method-i-has_timthumbs-3F">#has_timthumbs? &mdash; WpTimthumbs</a>
<li class="method"><a href="WebSite.html#method-i-has_xml_rpc-3F">#has_xml_rpc? &mdash; WebSite</a>
<li class="method"><a href="Object.html#method-i-help">#help &mdash; Object</a>
<li class="method"><a href="WebSite.html#method-i-homepage_hash">#homepage_hash &mdash; WebSite</a>
<li class="method"><a href="WpUser.html#method-i-id">#id &mdash; WpUser</a>
<li class="method"><a href="WpUser.html#method-i-id-3D">#id= &mdash; WpUser</a>
<li class="method"><a href="GitUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; GitUpdater</a>
<li class="method"><a href="SvnUpdater.html#method-i-is_installed-3F">#is_installed? &mdash; SvnUpdater</a>
<li class="method"><a href="Updater.html#method-i-is_installed-3F">#is_installed? &mdash; Updater</a>
<li class="method"><a href="WpTarget.html#method-i-is_multisite-3F">#is_multisite? &mdash; WpTarget</a>
<li class="method"><a href="WpLoginProtection.html#method-i-limit_login_attempts_url">#limit_login_attempts_url &mdash; WpLoginProtection</a>
<li class="method"><a href="Browser.html#method-i-load_config">#load_config &mdash; Browser</a>
<li class="method"><a href="Updater.html#method-i-local_revision_number">#local_revision_number &mdash; Updater</a>
<li class="method"><a href="SvnUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; SvnUpdater</a>
<li class="method"><a href="GitUpdater.html#method-i-local_revision_number">#local_revision_number &mdash; GitUpdater</a>
<li class="method"><a href="WpLoginProtection.html#method-i-login_protection_plugin">#login_protection_plugin &mdash; WpLoginProtection</a>
<li class="method"><a href="WpLoginProtection.html#method-i-login_security_solution_url">#login_security_solution_url &mdash; WpLoginProtection</a>
<li class="method"><a href="WpTarget.html#method-i-login_url">#login_url &mdash; WpTarget</a>
<li class="method"><a href="Malwares.html#method-i-malwares">#malwares &mdash; Malwares</a>
<li class="method"><a href="Browser.html#method-i-max_threads-3D">#max_threads= &mdash; Browser</a>
<li class="method"><a href="Browser.html#method-i-merge_request_params">#merge_request_params &mdash; Browser</a>
<li class="method"><a href="WpUser.html#method-i-name">#name &mdash; WpUser</a>
<li class="method"><a href="WpUser.html#method-i-name-3D">#name= &mdash; WpUser</a>
<li class="method"><a href="WpUser.html#method-i-nickname">#nickname &mdash; WpUser</a>
<li class="method"><a href="WpUser.html#method-i-nickname-3D">#nickname= &mdash; WpUser</a>
<li class="method"><a href="WebSite.html#method-i-online-3F">#online? &mdash; WebSite</a>
<li class="method"><a href="Object.html#method-i-output_vulnerabilities">#output_vulnerabilities &mdash; Object</a>
<li class="method"><a href="SvnParser.html#method-i-parse">#parse &mdash; SvnParser</a>
<li class="method"><a href="WpPlugins.html#method-i-plugins_from_aggressive_detection">#plugins_from_aggressive_detection &mdash; WpPlugins</a>
<li class="method"><a href="WpPlugins.html#method-i-plugins_from_passive_detection">#plugins_from_passive_detection &mdash; WpPlugins</a>
<li class="method"><a href="Browser.html#method-i-post">#post &mdash; Browser</a>
<li class="method"><a href="WpscanOptions.html#method-i-proxy-3D">#proxy= &mdash; WpscanOptions</a>
<li class="method"><a href="WpscanOptions.html#method-i-proxy_auth-3D">#proxy_auth= &mdash; WpscanOptions</a>
<li class="method"><a href="Browser.html#method-i-proxy_auth-3D">#proxy_auth= &mdash; Browser</a>
<li class="method"><a href="Object.html#method-i-puts">#puts &mdash; Object</a>
<li class="method"><a href="Browser.html#method-i-raise_invalid_proxy_auth_format">#raise_invalid_proxy_auth_format &mdash; Browser</a>
<li class="method"><a href="CacheFileStore.html#method-i-read_entry">#read_entry &mdash; CacheFileStore</a>
<li class="method"><a href="WpItem.html#method-i-readme_url">#readme_url &mdash; WpItem</a>
<li class="method"><a href="WpReadme.html#method-i-readme_url">#readme_url &mdash; WpReadme</a>
<li class="method"><a href="Object.html#method-i-red">#red &mdash; Object</a>
<li class="method"><a href="WebSite.html#method-i-redirection">#redirection &mdash; WebSite</a>
<li class="method"><a href="Plugins.html#method-i-register">#register &mdash; Plugins</a>
<li class="method"><a href="Plugin.html#method-i-register_options">#register_options &mdash; Plugin</a>
<li class="method"><a href="Plugins.html#method-i-register_plugin">#register_plugin &mdash; Plugins</a>
<li class="method"><a href="WpTarget.html#method-i-registration_enabled-3F">#registration_enabled? &mdash; WpTarget</a>
<li class="method"><a href="WpTarget.html#method-i-registration_url">#registration_url &mdash; WpTarget</a>
<li class="method"><a href="WpUsernames.html#method-i-remove_junk_from_nickname">#remove_junk_from_nickname &mdash; WpUsernames</a>
<li class="method"><a href="GitUpdater.html#method-i-repo_directory_arguments">#repo_directory_arguments &mdash; GitUpdater</a>
<li class="method"><a href="Object.html#method-i-require_files_from_directory">#require_files_from_directory &mdash; Object</a>
<li class="method"><a href="GitUpdater.html#method-i-reset_head">#reset_head &mdash; GitUpdater</a>
<li class="method"><a href="CustomOptionParser.html#method-i-results">#results &mdash; CustomOptionParser</a>
<li class="method"><a href="WebSite.html#method-i-rss_url">#rss_url &mdash; WebSite</a>
<li class="method"><a href="ListGeneratorPlugin.html#method-i-run">#run &mdash; ListGeneratorPlugin</a>
<li class="method"><a href="CheckerPlugin.html#method-i-run">#run &mdash; CheckerPlugin</a>
<li class="method"><a href="Plugin.html#method-i-run">#run &mdash; Plugin</a>
<li class="method"><a href="GenerateList.html#method-i-save">#save &mdash; GenerateList</a>
<li class="method"><a href="WpTarget.html#method-i-search_replace_db_2_exists-3F">#search_replace_db_2_exists? &mdash; WpTarget</a>
<li class="method"><a href="WpTarget.html#method-i-search_replace_db_2_url">#search_replace_db_2_url &mdash; WpTarget</a>
<li class="method"><a href="GenerateList.html#method-i-set_file_name">#set_file_name &mdash; GenerateList</a>
<li class="method"><a href="WpscanOptions.html#method-i-set_option_from_cli">#set_option_from_cli &mdash; WpscanOptions</a>
<li class="method"><a href="WpLoginProtection.html#method-i-simple_login_lockdown_url">#simple_login_lockdown_url &mdash; WpLoginProtection</a>
<li class="method"><a href="WpTimthumbs.html#method-i-targets_url_from_theme">#targets_url_from_theme &mdash; WpTimthumbs</a>
<li class="method"><a href="WpTarget.html#method-i-theme">#theme &mdash; WpTarget</a>
<li class="method"><a href="WpThemes.html#method-i-themes_from_aggressive_detection">#themes_from_aggressive_detection &mdash; WpThemes</a>
<li class="method"><a href="WpThemes.html#method-i-themes_from_passive_detection">#themes_from_passive_detection &mdash; WpThemes</a>
<li class="method"><a href="WpscanOptions.html#method-i-threads-3D">#threads= &mdash; WpscanOptions</a>
<li class="method"><a href="WpTimthumbs.html#method-i-timthumbs">#timthumbs &mdash; WpTimthumbs</a>
<li class="method"><a href="WpscanOptions.html#method-i-to_h">#to_h &mdash; WpscanOptions</a>
<li class="method"><a href="WpItem.html#method-i-to_s">#to_s &mdash; WpItem</a>
<li class="method"><a href="Updater.html#method-i-update">#update &mdash; Updater</a>
<li class="method"><a href="GitUpdater.html#method-i-update">#update &mdash; GitUpdater</a>
<li class="method"><a href="SvnUpdater.html#method-i-update">#update &mdash; SvnUpdater</a>
<li class="method"><a href="WpTarget.html#method-i-url">#url &mdash; WpTarget</a>
<li class="method"><a href="WpscanOptions.html#method-i-url-3D">#url= &mdash; WpscanOptions</a>
<li class="method"><a href="Object.html#method-i-usage">#usage &mdash; Object</a>
<li class="method"><a href="Browser.html#method-i-user_agent">#user_agent &mdash; Browser</a>
<li class="method"><a href="Browser.html#method-i-user_agent_mode-3D">#user_agent_mode= &mdash; Browser</a>
<li class="method"><a href="WpUsernames.html#method-i-usernames">#usernames &mdash; WpUsernames</a>
<li class="method"><a href="WpItem.html#method-i-version">#version &mdash; WpItem</a>
<li class="method"><a href="WpTarget.html#method-i-version">#version &mdash; WpTarget</a>
<li class="method"><a href="Vulnerable.html#method-i-vulnerabilities">#vulnerabilities &mdash; Vulnerable</a>
<li class="method"><a href="WpscanOptions.html#method-i-wordlist-3D">#wordlist= &mdash; WpscanOptions</a>
<li class="method"><a href="WebSite.html#method-i-wordpress-3F">#wordpress? &mdash; WebSite</a>
<li class="method"><a href="WpTarget.html#method-i-wp_content_dir">#wp_content_dir &mdash; WpTarget</a>
<li class="method"><a href="WpItem.html#method-i-wp_org_item-3F">#wp_org_item? &mdash; WpItem</a>
<li class="method"><a href="WpItem.html#method-i-wp_org_url">#wp_org_url &mdash; WpItem</a>
<li class="method"><a href="WpTarget.html#method-i-wp_plugins_dir">#wp_plugins_dir &mdash; WpTarget</a>
<li class="method"><a href="WpTarget.html#method-i-wp_plugins_dir_exists-3F">#wp_plugins_dir_exists? &mdash; WpTarget</a>
<li class="method"><a href="CacheFileStore.html#method-i-write_entry">#write_entry &mdash; CacheFileStore</a>
<li class="method"><a href="WebSite.html#method-i-xml_rpc_url">#xml_rpc_url &mdash; WebSite</a>
</ul>
<footer id="validator-badges">
<p><a href="http://validator.w3.org/check/referer">[Validate]</a>
<p>Generated by <a href="https://github.com/rdoc/rdoc">RDoc</a> 3.12.
<p>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish Rdoc Generator</a> 3.
</footer>

Some files were not shown because too many files have changed in this diff Show More