Parent

Object

WpTarget

Attributes

uri[R]
verbose[R]

Public Class Methods

new(target_url, options = {}) click to toggle source 
# File lib/wpscan/wp_target.rb, line 36
def initialize(target_url, options = {})
  @uri            = URI.parse(add_trailing_slash(add_http_protocol(target_url)))
  @verbose        = options[:verbose]
  @wp_content_dir = options[:wp_content_dir]
  @wp_plugins_dir = options[:wp_plugins_dir]

  Browser.instance(options.merge(:max_threads => options[:threads]))
end
valid_response_codes() click to toggle source

Valid HTTP return codes

# File lib/wpscan/wp_target.rb, line 76
def self.valid_response_codes
  [200, 403, 301, 302, 500]
end

Public Instance Methods

debug_log_url() click to toggle source 
# File lib/wpscan/wp_target.rb, line 118
def debug_log_url
  @uri.merge("#{wp_content_dir()}/debug.log").to_s
end
error_404_hash() click to toggle source

Return the MD5 hash of a 404 page

# File lib/wpscan/wp_target.rb, line 63
def error_404_hash
  unless @error_404_hash
    non_existant_page = Digest::MD5.hexdigest(rand(9999999999).to_s) + ".html"

    response = Browser.instance.get(@uri.merge(non_existant_page).to_s)

    @error_404_hash = Digest::MD5.hexdigest(response.body)
  end

  @error_404_hash
end
has_debug_log?() click to toggle source 
# File lib/wpscan/wp_target.rb, line 112
def has_debug_log?
  # We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)
  response_body = Browser.instance.get(debug_log_url(), :headers => {"range" => "bytes=0-700"}).body
  response_body[%{\[[^\]]+\] PHP (?:Warning|Error|Notice):}] ? true : false
end
login_url() click to toggle source 
# File lib/wpscan/wp_target.rb, line 50
def login_url
  url = @uri.merge("wp-login.php").to_s

  # Let's check if the login url is redirected (to https url for example)
  redirection = redirection(url)
  if redirection
    url = redirection
  end

  url
end
registration_enabled?() click to toggle source

Should check wp-login.php if registration is enabled or not

# File lib/wpscan/wp_target.rb, line 123
def registration_enabled?
  # TODO
end
registration_url() click to toggle source 
# File lib/wpscan/wp_target.rb, line 127
def registration_url
  # TODO
end
theme() click to toggle source

return WpTheme

# File lib/wpscan/wp_target.rb, line 81
def theme
  WpTheme.find(@uri)
end
url() click to toggle source

Alias of @uri.to_s

# File lib/wpscan/wp_target.rb, line 46
def url
  @uri.to_s
end
version() click to toggle source

return WpVersion

# File lib/wpscan/wp_target.rb, line 86
def version
  WpVersion.find(@uri, wp_content_dir)
end
wp_content_dir() click to toggle source 
# File lib/wpscan/wp_target.rb, line 90
def wp_content_dir
  unless @wp_content_dir
    index_body = Browser.instance.get(@uri.to_s).body
    # Only use the path because domain can be text or an ip
    uri_path = @uri.path

    if index_body[/#{Regexp.escape(uri_path)}\/wp-content\/(?:themes|plugins)\//]
      @wp_content_dir = "wp-content"
    else
      @wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/, 1]
    end
  end
  @wp_content_dir
end
wp_plugins_dir() click to toggle source 
# File lib/wpscan/wp_target.rb, line 105
def wp_plugins_dir
  unless @wp_plugins_dir
    @wp_plugins_dir = "#{wp_content_dir}/plugins"
  end
  @wp_plugins_dir
end

[Validate]

Generated with the Darkfish Rdoc Generator 2.