WpTarget

# File lib/wpscan/wp_target.rb, line 20
def initialize(target_url, options = {})
  super(target_url)

  @verbose        = options[:verbose]
  @wp_content_dir = options[:wp_content_dir]
  @wp_plugins_dir = options[:wp_plugins_dir]
  @multisite      = nil

  Browser.instance(options.merge(:max_threads => options[:threads]))
end

# File lib/wpscan/wp_target.rb, line 70
def self.valid_response_codes
  [200, 301, 302, 401, 403, 500, 400]
end

# File lib/wpscan/wp_target.rb, line 140
def debug_log_url
  @uri.merge("#{wp_content_dir()}/debug.log").to_s
end

# File lib/wpscan/wp_target.rb, line 112
def default_wp_content_dir_exists?
  response = Browser.instance.get(@uri.merge('wp-content').to_s)
  hash = Digest::MD5.hexdigest(response.body)

  if WpTarget.valid_response_codes.include?(response.code)
    return true if hash != error_404_hash and hash != homepage_hash
  end

  false
end

# File lib/wpscan/wp_target.rb, line 134
def has_debug_log?
  # We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)
  response_body = Browser.instance.get(debug_log_url(), headers: {'range' => 'bytes=0-700'}).body
  response_body[%{\[[^\]]+\] PHP (?:Warning|Error|Notice):}] ? true : false
end

# File lib/wpscan/wp_target.rb, line 86
def has_plugin?(name, version = nil)
  WpPlugin.new(
    @uri,
    name: name,
    version: version,
    wp_content_dir: wp_content_dir,
    wp_plugins_dir: wp_plugins_dir
  ).exists?
end

# File lib/wpscan/wp_target.rb, line 179
def is_multisite?
  unless @multisite
    # when multi site, there is no redirection or a redirect to the site itself
    # otherwise redirect to wp-login.php
    url = @uri.merge('wp-signup.php')
    resp = Browser.instance.get(url)
    if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?action=register/
      @multisite = false
    elsif resp.code == 302 and resp.headers_hash['location'] =~ /wp-signup\.php/
      @multisite = true
    elsif resp.code == 200
      @multisite = true
    else
      @multisite = false
    end
  end
  @multisite
end

# File lib/wpscan/wp_target.rb, line 57
def login_url
  url = @uri.merge('wp-login.php').to_s

  # Let's check if the login url is redirected (to https url for example)
  redirection = redirection(url)
  if redirection
    url = redirection
  end

  url
end

# File lib/wpscan/wp_target.rb, line 157
def registration_enabled?
  resp = Browser.instance.get(registration_url)
  # redirect only on non multi sites
  if resp.code == 302 and resp.headers_hash['location'] =~ /wp-login\.php\?registration=disabled/
    enabled = false
  # multi site registration form
  elsif resp.code == 200 and resp.body =~ /<form id="setupform" method="post" action="[^"]*wp-signup\.php[^"]*">/
    enabled = true
  # normal registration form
  elsif resp.code == 200 and resp.body =~ /<form name="registerform" id="registerform" action="[^"]*wp-login\.php[^"]*"/
    enabled = true
  # registration disabled
  else
    enabled = false
  end
  enabled
end

# File lib/wpscan/wp_target.rb, line 175
def registration_url
  is_multisite? ? @uri.merge('wp-signup.php') : @uri.merge('wp-login.php?action=register')
end

# File lib/wpscan/wp_target.rb, line 151
def search_replace_db_2_exists?
  resp = Browser.instance.get(search_replace_db_2_url)
  resp.code == 200 && resp.body[%{by interconnect}]
end

# File lib/wpscan/wp_target.rb, line 147
def search_replace_db_2_url
  @uri.merge('searchreplacedb2.php').to_s
end

# File lib/wpscan/wp_target.rb, line 75
def theme
  WpTheme.find(@uri)
end

# File lib/wpscan/wp_target.rb, line 82
def version(versions_xml)
  WpVersion.find(@uri, wp_content_dir, wp_plugins_dir, versions_xml)
end

# File lib/wpscan/wp_target.rb, line 33
def wordpress?
  wordpress = false

  response = Browser.instance.get_and_follow_location(@uri.to_s)

  if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/
    wordpress = true
  else
    response = Browser.instance.get_and_follow_location(xml_rpc_url)

    if response.body =~ %{XML-RPC server accepts POST requests only}
      wordpress = true
    else
      response = Browser.instance.get_and_follow_location(login_url)

      if response.code == 200 && response.body =~ %{WordPress}
        wordpress = true
      end
    end
  end

  wordpress
end

# File lib/wpscan/wp_target.rb, line 96
def wp_content_dir
  unless @wp_content_dir
    index_body = Browser.instance.get(@uri.to_s).body
    uri_path = @uri.path # Only use the path because domain can be text or an IP

    if index_body[/\/wp-content\/(?:themes|plugins)\//] || default_wp_content_dir_exists?
      @wp_content_dir = 'wp-content'
    else
      domains_excluded = '(?:www\.)?(facebook|twitter)\.com'
      @wp_content_dir  = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^"']+)\/(?:themes|plugins)\/.*(?:"|')/, 1]
    end
  end

  @wp_content_dir
end

# File lib/wpscan/wp_target.rb, line 123
def wp_plugins_dir
  unless @wp_plugins_dir
    @wp_plugins_dir = "#{wp_content_dir}/plugins"
  end
  @wp_plugins_dir
end

# File lib/wpscan/wp_target.rb, line 130
def wp_plugins_dir_exists?
  Browser.instance.get(@uri.merge(wp_plugins_dir)).code != 404
end