Class: WpTarget

Inherits:

WebSite

• Object
• WebSite
• WpTarget

show all

Includes:

InterestingHeaders, Malwares, WpConfigBackup, WpCustomDirectories, WpFullPathDisclosure, WpLoginProtection, WpReadme, WpRegistrable

Defined in:

lib/wpscan/wp_target.rb,
lib/wpscan/wp_target/malwares.rb,
lib/wpscan/wp_target/wp_readme.rb,
lib/wpscan/wp_target/wp_registrable.rb,
lib/wpscan/wp_target/wp_config_backup.rb,
lib/wpscan/wp_target/interesting_headers.rb,
lib/wpscan/wp_target/wp_login_protection.rb,
lib/wpscan/wp_target/wp_custom_directories.rb,
lib/wpscan/wp_target/wp_full_path_disclosure.rb

Defined Under Namespace

Modules: InterestingHeaders, Malwares, WpConfigBackup, WpCustomDirectories, WpFullPathDisclosure, WpLoginProtection, WpReadme, WpRegistrable

Constant Summary

Constant Summary

Constants included from WpLoginProtection

WpLoginProtection::LOGIN_PROTECTION_METHOD_PATTERN

Instance Attribute Summary (collapse)

• - (Object) verbose readonly

  Returns the value of attribute verbose.

Attributes inherited from WebSite

#uri

Class Method Summary (collapse)

• + (Object) valid_response_codes

  Valid HTTP return codes.

Instance Method Summary (collapse)

• - (String) debug_log_url
• - (Boolean) has_debug_log?
• - (Boolean) has_plugin?(name, version = nil)

  The version is not yet considerated.

• - (WpTarget) initialize(target_url, options = {}) constructor

  A new instance of WpTarget.

• - (Object) login_url
• - (Boolean) search_replace_db_2_exists?
• - (String) search_replace_db_2_url

  Script for replacing strings in wordpress databases reveals databse credentials after hitting submit interconnectit.com/124/search-and-replace-for-wordpress-databases/.

• - (WpTheme) theme

  :nocov:.

• - (WpVersion) version(versions_xml)

  :nocov:.

• - (Boolean) wordpress?

  check if the target website is actually running wordpress.

Methods included from WpFullPathDisclosure

#full_path_disclosure_url, #has_full_path_disclosure?

Methods included from WpCustomDirectories

#default_wp_content_dir_exists?, #wp_content_dir, #wp_plugins_dir, #wp_plugins_dir_exists?

Methods included from InterestingHeaders

#interesting_headers, known_headers

Methods included from WpLoginProtection

#better_wp_security_url, #bluetrait_event_viewer_url, #has_better_wp_security_protection?, #has_bluetrait_event_viewer_protection?, #has_limit_login_attempts_protection?, #has_login_lock_protection?, #has_login_lockdown_protection?, #has_login_protection?, #has_login_security_solution_protection?, #has_simple_login_lockdown_protection?, #limit_login_attempts_url, #login_protection_plugin, #login_security_solution_url, #plugin_url, #simple_login_lockdown_url

Methods included from WpConfigBackup

#config_backup, config_backup_files

Methods included from WpRegistrable

#multisite?, #registration_enabled?, #registration_url

Methods included from WpReadme

#has_readme?, #readme_url

Methods included from Malwares

#has_malwares?, malware_pattern, #malwares, malwares_file

Methods inherited from WebSite

#error_404_hash, #has_basic_auth?, has_log?, #has_robots?, #has_xml_rpc?, #homepage_hash, #online?, page_hash, #redirection, #robots_url, #rss_url, #url, #url=, #xml_rpc_url, #xml_rpc_url_from_body, #xml_rpc_url_from_headers

25
26
27
28
29
30
31
32
33
34

# File 'lib/wpscan/wp_target.rb', line 25

def initialize(target_url, options = {})
  super(target_url)

  @verbose        = options[:verbose]
  @wp_content_dir = options[:wp_content_dir]
  @wp_plugins_dir = options[:wp_plugins_dir]
  @multisite      = nil

  Browser.instance(options.merge(:max_threads => options[:threads]))
end

23
24
25

# File 'lib/wpscan/wp_target.rb', line 23

def verbose
  @verbose
end

75
76
77

# File 'lib/wpscan/wp_target.rb', line 75

def self.valid_response_codes
  [200, 301, 302, 401, 403, 500, 400]
end

117
118
119

# File 'lib/wpscan/wp_target.rb', line 117

def debug_log_url
  @uri.merge("#{wp_content_dir()}/debug.log").to_s
end

112
113
114

# File 'lib/wpscan/wp_target.rb', line 112

def has_debug_log?
  WebSite.has_log?(debug_log_url, %r{\[[^\]]+\] PHP (?:Warning|Error|Notice):})
end

101
102
103
104
105
106
107
108
109

# File 'lib/wpscan/wp_target.rb', line 101

def has_plugin?(name, version = nil)
  WpPlugin.new(
    @uri,
    name: name,
    version: version,
    wp_content_dir: wp_content_dir,
    wp_plugins_dir: wp_plugins_dir
  ).exists?
end

62
63
64
65
66
67
68
69
70
71
72

# File 'lib/wpscan/wp_target.rb', line 62

def login_url
  url = @uri.merge('wp-login.php').to_s

  # Let's check if the login url is redirected (to https url for example)
  redirection = redirection(url)
  if redirection
    url = redirection
  end

  url
end

131
132
133
134

# File 'lib/wpscan/wp_target.rb', line 131

def search_replace_db_2_exists?
  resp = Browser.get(search_replace_db_2_url)
  resp.code == 200 && resp.body[%r{by interconnect}i]
end

126
127
128

# File 'lib/wpscan/wp_target.rb', line 126

def search_replace_db_2_url
  @uri.merge('searchreplacedb2.php').to_s
end

81
82
83

# File 'lib/wpscan/wp_target.rb', line 81

def theme
  WpTheme.find(@uri)
end

90
91
92

# File 'lib/wpscan/wp_target.rb', line 90

def version(versions_xml)
  WpVersion.find(@uri, wp_content_dir, wp_plugins_dir, versions_xml)
end

38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

# File 'lib/wpscan/wp_target.rb', line 38

def wordpress?
  wordpress = false

  response = Browser.get_and_follow_location(@uri.to_s)

  if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
    wordpress = true
  else
    response = Browser.get_and_follow_location(xml_rpc_url)

    if response.body =~ %r{XML-RPC server accepts POST requests only}i
      wordpress = true
    else
      response = Browser.get_and_follow_location(login_url)

      if response.code == 200 && response.body =~ %r{WordPress}i
        wordpress = true
      end
    end
  end

  wordpress
end