Files

WpUsernames

Public Instance Methods

author_url(author_id) click to toggle source 
# File lib/wpscan/modules/wp_usernames.rb, line 98
def author_url(author_id)
  @uri.merge("?author=#{author_id}").to_s
end
extract_nickname_from_body(body) click to toggle source 
# File lib/wpscan/modules/wp_usernames.rb, line 79
def extract_nickname_from_body(body)
  body[%{<title>([^<]*)</title>}, 1]
end
get_nickname_from_response(resp) click to toggle source 
# File lib/wpscan/modules/wp_usernames.rb, line 71
def get_nickname_from_response(resp)
  nickname = nil
  if resp.code == 200
    nickname = extract_nickname_from_body(resp.body)
  end
  nickname
end
get_nickname_from_url(url) click to toggle source 
# File lib/wpscan/modules/wp_usernames.rb, line 62
def get_nickname_from_url(url)
  resp = Browser.instance.get(url, { :follow_location => true, :max_redirects => 2 })
  nickname = nil
  if resp.code == 200
    nickname = extract_nickname_from_body(resp.body)
  end
  nickname
end
remove_junk_from_nickname(usernames) click to toggle source 
# File lib/wpscan/modules/wp_usernames.rb, line 83
def remove_junk_from_nickname(usernames)
  nicknames = []
  usernames.each do |u|
    nickname = u[:nickname]
    unless nickname == "empty"
      nicknames << nickname
    end
  end
  junk = get_equal_string_end(nicknames)
  usernames.each do |u|
    u[:nickname] = u[:nickname].sub(/#{Regexp.escape(junk)}$/, "")
  end
  usernames
end
usernames(options = {}) click to toggle source

Enumerate wordpress usernames by using Veronica Valeros’s technique: seclists.org/fulldisclosure/2011/May/493

Available options :

:range - default : 1..10

returns an array of usernames (can be empty)

# File lib/wpscan/modules/wp_usernames.rb, line 28
def usernames(options = {})
  range       = options[:range] || (1..10)
  browser     = Browser.instance
  usernames   = []

  range.each do |author_id|
    url = author_url(author_id)
    response = browser.get(url)

    username = nil
    nickname = nil
    if response.code == 301 # username in location?
      username = response.headers_hash['location'][%{/author/([^/]+)/}, 1]
      # Get the real name from the redirect site
      nickname = get_nickname_from_url(url)
    elsif response.code == 200 # username in body?
      username = response.body[%{posts by (.*) feed}, 1]
      nickname = get_nickname_from_response(response)
    end

    unless username == nil and nickname == nil
      usernames << { :id => author_id,
                     :name => username ? username : "empty",
                     :nickname => nickname ? nickname : "empty"}
    end
  end
  usernames = remove_junk_from_nickname(usernames)

  # clean the array, remove nils and possible duplicates
  usernames.flatten!
  usernames.compact!
  usernames.uniq
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.