WpDetector

Public Class Methods

aggressive_detection(options, items = []) click to toggle source

# File lib/wpscan/wp_detector.rb, line 21
def self.aggressive_detection(options, items = [])
  WpOptions.check_options(options)

  result = items
  if items == nil or items.length == 0
    result = passive_detection(options[:base_url], options[:type], options[:wp_content_dir])
  end

  enum_results = WpEnumerator.enumerate(options)
  enum_results.each do |enum_result|
    already_present = false
    result.each do |r|
      # Already found via passive detection
      if r.name == enum_result.name
        already_present = true
        break
      end
    end
    unless already_present
      result << enum_result
    end
  end
  result
end

passive_detection(url, type, wp_content_dir) click to toggle source

plugins and themes can be found in the source code :

<script src='http://example.com/wp-content/plugins/s2member/...' />
<link rel='stylesheet' href='http://example.com/wp-content/plugins/wp-minify/..' type='text/css' media='screen'/>
...

# File lib/wpscan/wp_detector.rb, line 50
def self.passive_detection(url, type, wp_content_dir)
  items         = []
  response      = Browser.instance.get(url)
  regex1        = %{(?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\\?/}
  regex2        = %{\\?/}
  regex3        = %{\\?/([^/\\"']+)\\?(?:/|"|')}
  # Custom wp-content dir is now used in this regex
  names = response.body.scan(/#{regex1}#{Regexp.escape(wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/)

  names.flatten!
  names.uniq!

  names.each do |item|
    items << WpItem.new(
        :base_url       => url,
        :name           => item,
        :type           => type,
        :path           => "#{item}/",
        :wp_content_dir => wp_content_dir,
        :vulns_file     => ""
    )
  end
  items
end

Home Classes Methods

In Files

Parent

Methods

Files

Class/Module Index

WpDetector

Public Class Methods