# File lib/wpscan/wp_detector.rb, line 21 def self.aggressive_detection(options, items = []) WpOptions.check_options(options) result = items if items == nil or items.length == 0 unless options[:only_vulnerable_ones] result = passive_detection(options[:base_url], options[:type], options[:wp_content_dir]) end end enum_results = WpEnumerator.enumerate(options) enum_results.each do |enum_result| already_present = false result.each do |r| # Already found via passive detection if r.name == enum_result.name already_present = true break end end unless already_present result << enum_result end end result end
plugins and themes can be found in the source code :
<script src='http://example.com/wp-content/plugins/s2member/...' /> <link rel='stylesheet' href='http://example.com/wp-content/plugins/wp-minify/..' type='text/css' media='screen'/> ...
# File lib/wpscan/wp_detector.rb, line 52 def self.passive_detection(url, type, wp_content_dir) items = [] response = Browser.instance.get(url) regex1 = %r{(?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\\?/} regex2 = %r{\\?/} regex3 = %r{\\?/([^/\\"']+)\\?(?:/|"|')} # Custom wp-content dir is now used in this regex names = response.body.scan(%r#{regex1}#{Regexp.escape(wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/) names.flatten! names.uniq! names.each do |item| items << WpItem.new( base_url: url, name: item, type: type, path: "#{item}/", wp_content_dir: wp_content_dir, vulns_file: '' ) end items end