# File lib/wpscan/wp_theme.rb, line 47 def self.find(target_uri) self.methods.grep(%rfind_from_/).each do |method_to_call| theme = self.send(method_to_call, target_uri) return theme if theme end nil end
# File lib/wpscan/wp_theme.rb, line 25 def initialize(options = {}) if options[:vulns_file].nil? or options[:vulns_file] == '' options[:vulns_file] = THEMES_VULNS_FILE end options[:vulns_xpath] = "//theme[@name='$name$']/vulnerability" options[:type] = 'themes' @version = options[:version] @style_url = options[:style_url] super(options) end
Discover the wordpress theme name by parsing the css link rel
# File lib/wpscan/wp_theme.rb, line 63 def self.find_from_css_link(target_uri) response = Browser.instance.get(target_uri.to_s, { follow_location: true, max_redirects: 2 }) matches = %r{https?://[^"']+/([^/]+)/themes/([^"']+)/style.css}.match(response.body) if matches style_url = matches[0] wp_content_dir = matches[1] theme_name = matches[2] return new( name: theme_name, style_url: style_url, base_url: target_uri, path: theme_name, wp_content_dir: wp_content_dir ) end end
code.google.com/p/wpscan/issues/detail?id=141
# File lib/wpscan/wp_theme.rb, line 83 def self.find_from_wooframework(target_uri) body = Browser.instance.get(target_uri.to_s).body regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />} matches = regexp.match(body) if matches woo_theme_name = matches[1] woo_theme_version = matches[2] woo_framework_version = matches[3] # Not used at this time return new( name: woo_theme_name, version: woo_theme_version, base_url: matches[0], path: '', wp_content_dir: '' ) end end
# File lib/wpscan/wp_theme.rb, line 56 def ===(wp_theme) wp_theme.name === @name and wp_theme.version === @version end