Class: WpTarget

Inherits:

WebSite

• Object
• WebSite
• WpTarget

show all

Includes:

Malwares, WpConfigBackup, WpCustomDirectories, WpFullPathDisclosure, WpLoginProtection, WpReadme, WpRegistrable

Defined in:

lib/wpscan/wp_target.rb,
lib/wpscan/wp_target/malwares.rb,
lib/wpscan/wp_target/wp_readme.rb,
lib/wpscan/wp_target/wp_registrable.rb,
lib/wpscan/wp_target/wp_config_backup.rb,
lib/wpscan/wp_target/wp_login_protection.rb,
lib/wpscan/wp_target/wp_custom_directories.rb,
lib/wpscan/wp_target/wp_full_path_disclosure.rb

Defined Under Namespace

Modules: Malwares, WpConfigBackup, WpCustomDirectories, WpFullPathDisclosure, WpLoginProtection, WpReadme, WpRegistrable

Constant Summary

Constant Summary

Constants included from WpLoginProtection

WpLoginProtection::LOGIN_PROTECTION_METHOD_PATTERN

Instance Attribute Summary (collapse)

• - (Object) verbose readonly

  Returns the value of attribute verbose.

Attributes inherited from WebSite

#uri

Class Method Summary (collapse)

• + (Object) valid_response_codes

  Valid HTTP return codes.

Instance Method Summary (collapse)

• - (String) debug_log_url
• - (Boolean) has_debug_log?
• - (Boolean) has_plugin?(name, version = nil)

  The version is not yet considerated.

• - (WpTarget) initialize(target_url, options = {}) constructor

  A new instance of WpTarget.

• - (Object) login_url
• - (Boolean) search_replace_db_2_exists?
• - (String) search_replace_db_2_url

  Script for replacing strings in wordpress databases reveals databse credentials after hitting submit interconnectit.com/124/search-and-replace-for-wordpress-databases/.

• - (WpTheme) theme

  :nocov:.

• - (WpVersion) version(versions_xml)

  :nocov:.

• - (Boolean) wordpress?

  check if the target website is actually running wordpress.

Methods included from WpFullPathDisclosure

#full_path_disclosure_url, #has_full_path_disclosure?

Methods included from WpCustomDirectories

#default_wp_content_dir_exists?, #wp_content_dir, #wp_plugins_dir, #wp_plugins_dir_exists?

Methods included from WpLoginProtection

#better_wp_security_url, #bluetrait_event_viewer_url, #has_better_wp_security_protection?, #has_bluetrait_event_viewer_protection?, #has_limit_login_attempts_protection?, #has_login_lock_protection?, #has_login_lockdown_protection?, #has_login_protection?, #has_login_security_solution_protection?, #has_simple_login_lockdown_protection?, #limit_login_attempts_url, #login_protection_plugin, #login_security_solution_url, #plugin_url, #simple_login_lockdown_url

Methods included from WpConfigBackup

#config_backup, config_backup_files

Methods included from WpRegistrable

#multisite?, #registration_enabled?, #registration_url

Methods included from WpReadme

#has_readme?, #readme_url

Methods included from Malwares

#has_malwares?, malware_pattern, #malwares, malwares_file

Methods inherited from WebSite

#error_404_hash, #has_basic_auth?, has_log?, #has_xml_rpc?, #homepage_hash, #online?, page_hash, #redirection, #rss_url, #url, #url=, #xml_rpc_url

Methods included from WebSite::InterestingHeaders

#interesting_headers, known_headers

Methods included from WebSite::RobotsTxt

#has_robots?, known_dirs, #parse_robots_txt, #robots_url

23
24
25
26
27
28
29
30
31
32

# File 'lib/wpscan/wp_target.rb', line 23

def initialize(target_url, options = {})
  super(target_url)

  @verbose        = options[:verbose]
  @wp_content_dir = options[:wp_content_dir]
  @wp_plugins_dir = options[:wp_plugins_dir]
  @multisite      = nil

  Browser.instance(options.merge(:max_threads => options[:threads]))
end

21
22
23

# File 'lib/wpscan/wp_target.rb', line 21

def verbose
  @verbose
end

72
73
74

# File 'lib/wpscan/wp_target.rb', line 72

def self.valid_response_codes
  [200, 301, 302, 401, 403, 500, 400]
end

114
115
116

# File 'lib/wpscan/wp_target.rb', line 114

def debug_log_url
  @uri.merge("#{wp_content_dir()}/debug.log").to_s
end

109
110
111

# File 'lib/wpscan/wp_target.rb', line 109

def has_debug_log?
  WebSite.has_log?(debug_log_url, %r{\[[^\]]+\] PHP (?:Warning|Error|Notice):})
end

98
99
100
101
102
103
104
105
106

# File 'lib/wpscan/wp_target.rb', line 98

def has_plugin?(name, version = nil)
  WpPlugin.new(
    @uri,
    name: name,
    version: version,
    wp_content_dir: wp_content_dir,
    wp_plugins_dir: wp_plugins_dir
  ).exists?
end

59
60
61
62
63
64
65
66
67
68
69

# File 'lib/wpscan/wp_target.rb', line 59

def login_url
  url = @uri.merge('wp-login.php').to_s

  # Let's check if the login url is redirected (to https url for example)
  redirection = redirection(url)
  if redirection
    url = redirection
  end

  url
end

128
129
130
131

# File 'lib/wpscan/wp_target.rb', line 128

def search_replace_db_2_exists?
  resp = Browser.get(search_replace_db_2_url)
  resp.code == 200 && resp.body[%r{by interconnect}i]
end

123
124
125

# File 'lib/wpscan/wp_target.rb', line 123

def search_replace_db_2_url
  @uri.merge('searchreplacedb2.php').to_s
end

78
79
80

# File 'lib/wpscan/wp_target.rb', line 78

def theme
  WpTheme.find(@uri)
end

87
88
89

# File 'lib/wpscan/wp_target.rb', line 87

def version(versions_xml)
  WpVersion.find(@uri, wp_content_dir, wp_plugins_dir, versions_xml)
end

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

# File 'lib/wpscan/wp_target.rb', line 36

def wordpress?
  wordpress = false

  response = Browser.get_and_follow_location(@uri.to_s)

  if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
    wordpress = true
  else

    if has_xml_rpc?
      wordpress = true
    else
      response = Browser.get_and_follow_location(login_url)

      if response.code == 200 && response.body =~ %r{WordPress}i
        wordpress = true
      end
    end
  end

  wordpress
end