module WebSite

Public Class Methods

page_hash(url) click to toggle source

Return the MD5 hash of the page given by url

# File lib/wpscan/modules/web_site.rb, line 94
def self.page_hash(url)
  Digest::MD5.hexdigest(Browser.instance.get(url).body)
end

Public Instance Methods

error_404_hash() click to toggle source

Return the MD5 hash of a 404 page

# File lib/wpscan/modules/web_site.rb, line 106
def error_404_hash
  unless @error_404_hash
    non_existant_page = Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html'
    @error_404_hash   = WebSite.page_hash(@uri.merge(non_existant_page).to_s)
  end
  @error_404_hash
end

has_basic_auth?() click to toggle source

# File lib/wpscan/modules/web_site.rb, line 26
def has_basic_auth?
  Browser.instance.get(@uri.to_s).code == 401
end

has_xml_rpc?() click to toggle source

# File lib/wpscan/modules/web_site.rb, line 56
def has_xml_rpc?
  !xml_rpc_url.nil?
end

homepage_hash() click to toggle source

# File lib/wpscan/modules/web_site.rb, line 98
def homepage_hash
  unless @homepage_hash
    @homepage_hash = WebSite.page_hash(@uri.to_s)
  end
  @homepage_hash
end

online?() click to toggle source

Checks if the remote website is up.

# File lib/wpscan/modules/web_site.rb, line 22
def online?
  Browser.instance.get(@uri.to_s).code != 0
end

redirection(url = nil) click to toggle source

See if the remote url returns 30x redirect This method is recursive Return a string with the redirection or nil

# File lib/wpscan/modules/web_site.rb, line 76
def redirection(url = nil)
  redirection = nil
  url ||= @uri.to_s
  response = Browser.instance.get(url)

  if response.code == 301 || response.code == 302
    redirection = response.headers_hash['location']

    # Let's check if there is a redirection in the redirection
    if other_redirection = redirection(redirection)
      redirection = other_redirection
    end
  end

  redirection
end

rss_url() click to toggle source

Will try to find the rss url in the homepage Only the first one found iw returned

# File lib/wpscan/modules/web_site.rb, line 116
def rss_url
  homepage_body = Browser.instance.get(@uri.to_s).body
  homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
end

wordpress?() click to toggle source

check if the remote website is actually running wordpress.

# File lib/wpscan/modules/web_site.rb, line 32
def wordpress?
  wordpress = false

  response = Browser.instance.get(
    login_url(),
    { follow_location: true, max_redirects: 2 }
  )

  if response.body =~ %r{WordPress}
    wordpress = true
  else
    response = Browser.instance.get(
      xml_rpc_url,
      { follow_location: true, max_redirects: 2 }
    )

    if response.body =~ %r{XML-RPC server accepts POST requests only}
      wordpress = true
    end
  end

  wordpress
end

xml_rpc_url() click to toggle source

# File lib/wpscan/modules/web_site.rb, line 60
def xml_rpc_url
  unless @xmlrpc_url
    headers = Browser.instance.get(@uri.to_s).headers_hash
    value = headers['x-pingback']
    if value.nil? or value.empty?
      @xmlrpc_url = nil
    else
      @xmlrpc_url = value
    end
  end
  @xmlrpc_url
end