garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2c2d6749ba4baea495b0f9b4c8d38602d3d7250c
wpscan/doc/WpUsernames.html
Christian Mehlmauer 5f0c073a89 rdoc
2012-09-17 23:34:14 +02:00

306 lines
11 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: WpUsernames</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/wp_usernames_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/wp_usernames.rb">lib/wpscan/modules/wp_usernames.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-author_url">#author_url</a></li>
<li><a href="#method-i-usernames">#usernames</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">WpUsernames</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="author_url-method" class="method-detail ">
<a name="method-i-author_url"></a>
<div class="method-heading">
<span class="method-name">author_url</span><span
class="method-args">(author_id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="author_url-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 49</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">author_url</span>(<span class="ruby-identifier">author_id</span>)
<span class="ruby-ivar">@uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-node">&quot;?author=#{author_id}&quot;</span>).<span class="ruby-identifier">to_s</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- author_url-source -->
</div>
</div><!-- author_url-method -->
<div id="usernames-method" class="method-detail ">
<a name="method-i-usernames"></a>
<div class="method-heading">
<span class="method-name">usernames</span><span
class="method-args">(options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Enumerate wordpress usernames by using Veronica Valeross technique: <a
href="http://seclists.org/fulldisclosure/2011/May/493">seclists.org/fulldisclosure/2011/May/493</a></p>
<p>Available options :</p>
<pre>:range - default : 1..10</pre>
<p>returns an array of usernames (can be empty)</p>
<div class="method-source-code" id="usernames-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/wp_usernames.rb, line 28</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">usernames</span>(<span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">range</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:range</span>] <span class="ruby-operator">||</span> (<span class="ruby-value">1</span><span class="ruby-operator">..</span><span class="ruby-value">10</span>)
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">usernames</span> = []
<span class="ruby-identifier">range</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">author_id</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">response</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">author_url</span>(<span class="ruby-identifier">author_id</span>))
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">301</span> <span class="ruby-comment"># username in location?</span>
<span class="ruby-identifier">usernames</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">headers_hash</span>[<span class="ruby-string">'location'</span>][<span class="ruby-regexp">%{/author/([^/]+)/}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">200</span> <span class="ruby-comment"># username in body?</span>
<span class="ruby-identifier">usernames</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{posts by (.*) feed}</span>, <span class="ruby-value">1</span>]
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># clean the array, remove nils and possible duplicates</span>
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">flatten!</span>
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">compact!</span>
<span class="ruby-identifier">usernames</span>.<span class="ruby-identifier">uniq</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- usernames-source -->
</div>
</div><!-- usernames-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink