Parent

Object

WebSite

Attributes

uri[R]

Public Class Methods

has_log?(log_url, pattern) click to toggle source

Only the first 700 bytes are checked to avoid the download of the whole file which can be very huge (like 2 Go)

@param [ String ] log_url @param [ RegEx ] pattern

@return [ Boolean ]

# File lib/wpscan/web_site.rb, line 108
def self.has_log?(log_url, pattern)
  log_body = Browser.get(log_url, headers: {'range' => 'bytes=0-700'}).body
  log_body[pattern] ? true : false
end
new(site_url) click to toggle source 
# File lib/wpscan/web_site.rb, line 11
def initialize(site_url)
  self.url = site_url
end
page_hash(page) click to toggle source

Compute the MD5 of the page Comments are deleted from the page to avoid cache generation details

@param [ String, Typhoeus::Response ] page The url of the response of the page

@return [ String ] The MD5 hash of the page

# File lib/wpscan/web_site.rb, line 72
def self.page_hash(page)
  page = Browser.get(page) unless page.is_a?(Typhoeus::Response)

  Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/, ''))
end

Public Instance Methods

error_404_hash() click to toggle source

Return the MD5 hash of a 404 page

# File lib/wpscan/web_site.rb, line 86
def error_404_hash
  unless @error_404_hash
    non_existant_page = Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html'
    @error_404_hash   = WebSite.page_hash(@uri.merge(non_existant_page).to_s)
  end
  @error_404_hash
end
has_basic_auth?() click to toggle source 
# File lib/wpscan/web_site.rb, line 28
def has_basic_auth?
  Browser.get(@uri.to_s).code == 401
end
has_xml_rpc?() click to toggle source 
# File lib/wpscan/web_site.rb, line 32
def has_xml_rpc?
  response = Browser.get_and_follow_location(xml_rpc_url)
  response.body =~ %{XML-RPC server accepts POST requests only}    
end
homepage_hash() click to toggle source 
# File lib/wpscan/web_site.rb, line 78
def homepage_hash
  unless @homepage_hash
    @homepage_hash = WebSite.page_hash(@uri.to_s)
  end
  @homepage_hash
end
online?() click to toggle source

Checks if the remote website is up.

# File lib/wpscan/web_site.rb, line 24
def online?
  Browser.get(@uri.to_s).code != 0
end
redirection(url = nil) click to toggle source

See if the remote url returns 30x redirect This method is recursive Return a string with the redirection or nil

# File lib/wpscan/web_site.rb, line 49
def redirection(url = nil)
  redirection = nil
  url ||= @uri.to_s
  response = Browser.get(url)

  if response.code == 301 || response.code == 302
    redirection = response.headers_hash['location']

    # Let's check if there is a redirection in the redirection
    if other_redirection = redirection(redirection)
      redirection = other_redirection
    end
  end

  redirection
end
rss_url() click to toggle source

Will try to find the rss url in the homepage Only the first one found is returned

# File lib/wpscan/web_site.rb, line 96
def rss_url
  homepage_body = Browser.get(@uri.to_s).body
  homepage_body[%{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
end
url() click to toggle source 
# File lib/wpscan/web_site.rb, line 19
def url
  @uri.to_s
end
url=(url) click to toggle source 
# File lib/wpscan/web_site.rb, line 15
def url=(url)
  @uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
end
xml_rpc_url() click to toggle source

See www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3

# File lib/wpscan/web_site.rb, line 38
def xml_rpc_url
  unless @xmlrpc_url
    @xmlrpc_url = @uri.merge('xmlrpc.php').to_s
  end

  @xmlrpc_url
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.