garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
8f8ad708f84877e75758212090de6d284183ecf2
wpscan/doc/WpItems/Detectable.html
erwanlr 8f8ad708f8 rdoc
2013-04-05 14:41:15 +02:00

745 lines
35 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: WpItems::Detectable</title>
<link rel="stylesheet" href="../rdoc.css" type="text/css" media="screen" />
<script src="../js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="../js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="../js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="../js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="../index.html">Home</a>
<a href="../index.html#classes">Classes</a>
<a href="../index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="../lib/common/collections/wp_items/detectable_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/common/collections/wp_items/detectable.rb">lib/common/collections/wp_items/detectable.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-i-aggressive_detection">#aggressive_detection</a></li>
<li><a href="#method-i-create_item">#create_item</a></li>
<li><a href="#method-i-item_class">#item_class</a></li>
<li><a href="#method-i-passive_detection">#passive_detection</a></li>
<li><a href="#method-i-request_params">#request_params</a></li>
<li><a href="#method-i-targets_items">#targets_items</a></li>
<li><a href="#method-i-targets_items_from_file">#targets_items_from_file</a></li>
<li><a href="#method-i-vulnerable_targets_items">#vulnerable_targets_items</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="../CREDITS.html">CREDITS</a></li>
<li class="file"><a href="../Gemfile.html">Gemfile</a></li>
<li class="file"><a href="../LICENSE.html">LICENSE</a></li>
<li class="file"><a href="../README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="../images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="../WpItem.html">WpItem</a></li>
<li><a href="../WpItem/Existable.html">WpItem::Existable</a></li>
<li><a href="../WpItem/Findable.html">WpItem::Findable</a></li>
<li><a href="../WpItem/Infos.html">WpItem::Infos</a></li>
<li><a href="../WpItem/Output.html">WpItem::Output</a></li>
<li><a href="../WpItem/Versionable.html">WpItem::Versionable</a></li>
<li><a href="../WpItem/Vulnerable.html">WpItem::Vulnerable</a></li>
<li><a href="../Typhoeus.html">Typhoeus</a></li>
<li><a href="../Typhoeus/Request.html">Typhoeus::Request</a></li>
<li><a href="../Typhoeus/Request/Cacheable.html">Typhoeus::Request::Cacheable</a></li>
<li><a href="../Typhoeus/Response.html">Typhoeus::Response</a></li>
<li><a href="../WpTheme.html">WpTheme</a></li>
<li><a href="../WpTheme/Findable.html">WpTheme::Findable</a></li>
<li><a href="../WpTheme/Versionable.html">WpTheme::Versionable</a></li>
<li><a href="../WpTheme/Vulnerable.html">WpTheme::Vulnerable</a></li>
<li><a href="../WpTimthumb.html">WpTimthumb</a></li>
<li><a href="../WpTimthumb/Existable.html">WpTimthumb::Existable</a></li>
<li><a href="../WpTimthumb/Output.html">WpTimthumb::Output</a></li>
<li><a href="../WpTimthumb/Versionable.html">WpTimthumb::Versionable</a></li>
<li><a href="../WpVersion.html">WpVersion</a></li>
<li><a href="../WpVersion/Findable.html">WpVersion::Findable</a></li>
<li><a href="../WpVersion/Output.html">WpVersion::Output</a></li>
<li><a href="../WpVersion/Vulnerable.html">WpVersion::Vulnerable</a></li>
<li><a href="../WpItems.html">WpItems</a></li>
<li><a href="../WpItems/Detectable.html">WpItems::Detectable</a></li>
<li><a href="../WpItems/Output.html">WpItems::Output</a></li>
<li><a href="../WpUsers.html">WpUsers</a></li>
<li><a href="../WpUsers/Detectable.html">WpUsers::Detectable</a></li>
<li><a href="../WpUsers/Output.html">WpUsers::Output</a></li>
<li><a href="../Vulnerabilities.html">Vulnerabilities</a></li>
<li><a href="../Vulnerabilities/Output.html">Vulnerabilities::Output</a></li>
<li><a href="../Vulnerability.html">Vulnerability</a></li>
<li><a href="../Vulnerability/Output.html">Vulnerability::Output</a></li>
<li><a href="../WpPlugin.html">WpPlugin</a></li>
<li><a href="../WpPlugin/Vulnerable.html">WpPlugin::Vulnerable</a></li>
<li><a href="../WpPlugins.html">WpPlugins</a></li>
<li><a href="../WpPlugins/Detectable.html">WpPlugins::Detectable</a></li>
<li><a href="../WpThemes.html">WpThemes</a></li>
<li><a href="../WpThemes/Detectable.html">WpThemes::Detectable</a></li>
<li><a href="../WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="../WpTimthumbs/Detectable.html">WpTimthumbs::Detectable</a></li>
<li><a href="../WpUser.html">WpUser</a></li>
<li><a href="../WpUser/Existable.html">WpUser::Existable</a></li>
<li><a href="../Array.html">Array</a></li>
<li><a href="../Browser.html">Browser</a></li>
<li><a href="../BruteForce.html">BruteForce</a></li>
<li><a href="../CacheFileStore.html">CacheFileStore</a></li>
<li><a href="../CheckerPlugin.html">CheckerPlugin</a></li>
<li><a href="../CustomOptionParser.html">CustomOptionParser</a></li>
<li><a href="../GenerateList.html">GenerateList</a></li>
<li><a href="../GitUpdater.html">GitUpdater</a></li>
<li><a href="../ListGeneratorPlugin.html">ListGeneratorPlugin</a></li>
<li><a href="../Malwares.html">Malwares</a></li>
<li><a href="../Object.html">Object</a></li>
<li><a href="../Plugin.html">Plugin</a></li>
<li><a href="../Plugins.html">Plugins</a></li>
<li><a href="../StatsPlugin.html">StatsPlugin</a></li>
<li><a href="../SvnParser.html">SvnParser</a></li>
<li><a href="../SvnUpdater.html">SvnUpdater</a></li>
<li><a href="../TyphoeusCache.html">TyphoeusCache</a></li>
<li><a href="../URI.html">URI</a></li>
<li><a href="../Updater.html">Updater</a></li>
<li><a href="../UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="../WebSite.html">WebSite</a></li>
<li><a href="../WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="../WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="../WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="../WpReadme.html">WpReadme</a></li>
<li><a href="../WpTarget.html">WpTarget</a></li>
<li><a href="../WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">WpItems::Detectable</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="item_xpath-attribute-method" class="method-detail">
<a name="item_xpath"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">item_xpath</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="vulns_file-attribute-method" class="method-detail">
<a name="vulns_file"></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">vulns_file</span><span
class="attribute-access-type">[R]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="aggressive_detection-method" class="method-detail ">
<a name="method-i-aggressive_detection"></a>
<div class="method-heading">
<span class="method-name">aggressive_detection</span><span
class="method-args">(wp_target, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@param [ Wptarget ] wp_target @param [ Hash ] options @option options [
Boolean ] :show_progression Whether or not output the progress bar @option
options [ Boolean ] :only_vulnerable Only check for vulnerable items
@option options [ String ] :exclude_content</p>
<p>@return [ <a href="../WpItems.html">WpItems</a> ]</p>
<div class="method-source-code" id="aggressive_detection-source">
<pre>
<span class="ruby-comment"># File lib/common/collections/wp_items/detectable.rb, line 14</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">aggressive_detection</span>(<span class="ruby-identifier">wp_target</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">browser</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>
<span class="ruby-identifier">hydra</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">targets</span> = <span class="ruby-identifier">targets_items</span>(<span class="ruby-identifier">wp_target</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-identifier">targets_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
<span class="ruby-identifier">show_progression</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:show_progression</span>] <span class="ruby-operator">||</span> <span class="ruby-keyword">false</span>
<span class="ruby-identifier">exist_options</span> = {
<span class="ruby-identifier">error_404_hash</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_target</span>.<span class="ruby-identifier">error_404_hash</span>,
<span class="ruby-identifier">homepage_hash</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_target</span>.<span class="ruby-identifier">homepage_hash</span>,
<span class="ruby-identifier">exclude_content</span><span class="ruby-operator">:</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:exclude_content</span>] <span class="ruby-operator">?</span> <span class="ruby-node">%{#{options[:exclude_content]}}</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">nil</span>
}
<span class="ruby-comment"># If we only want the vulnerable ones, the passive detection is ignored
</span>
<span class="ruby-comment"># Otherwise, a passive detection is performed, and results will be merged
</span>
<span class="ruby-identifier">results</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">new</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">wp_target</span>, <span class="ruby-identifier">options</span>)
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target_item</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">request</span> = <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">target_item</span>.<span class="ruby-identifier">url</span>, <span class="ruby-identifier">request_params</span>)
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\rChecking for #{targets_size} total ... #{(request_count * 100) / targets_size}% complete.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">show_progression</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">target_item</span>.<span class="ruby-identifier">exists?</span>(<span class="ruby-identifier">exist_options</span>, <span class="ruby-identifier">response</span>)
<span class="ruby-keyword">if</span> <span class="ruby-operator">!</span><span class="ruby-identifier">results</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">target_item</span>)
<span class="ruby-identifier">results</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">target_item</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">browser</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">results</span>.<span class="ruby-identifier">sort!</span>
<span class="ruby-identifier">results</span> <span class="ruby-comment"># can't just return results.sort because the #sort returns an array, and we want a WpItems
</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- aggressive_detection-source -->
</div>
</div><!-- aggressive_detection-method -->
<div id="passive_detection-method" class="method-detail ">
<a name="method-i-passive_detection"></a>
<div class="method-heading">
<span class="method-name">passive_detection</span><span
class="method-args">(wp_target, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@param [ <a href="../WpTarget.html">WpTarget</a> ] wp_target @param [ Hash
] options</p>
<p>@return [ <a href="../WpItems.html">WpItems</a> ]</p>
<div class="method-source-code" id="passive_detection-source">
<pre>
<span class="ruby-comment"># File lib/common/collections/wp_items/detectable.rb, line 65</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">wp_target</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">results</span> = <span class="ruby-identifier">new</span>
<span class="ruby-identifier">item_class</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">item_class</span>
<span class="ruby-identifier">type</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/Wp/</span>, <span class="ruby-string">''</span>).<span class="ruby-identifier">downcase</span>
<span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">wp_target</span>.<span class="ruby-identifier">url</span>)
<span class="ruby-identifier">item_options</span> = {
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_target</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_target</span>.<span class="ruby-identifier">wp_plugins_dir</span>,
<span class="ruby-identifier">vulns_file</span><span class="ruby-operator">:</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">vulns_file</span>
}
<span class="ruby-identifier">regex1</span> = <span class="ruby-regexp">%{(?:[^=:]+)\s?(?:=|:)\s?(?:&quot;|')[^&quot;']+\\?/}</span>
<span class="ruby-identifier">regex2</span> = <span class="ruby-regexp">%{\\?/}</span>
<span class="ruby-identifier">regex3</span> = <span class="ruby-regexp">%{\\?/([^/\\&quot;']+)\\?(?:/|&quot;|')}</span>
<span class="ruby-identifier">names</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>.<span class="ruby-identifier">scan</span>(<span class="ruby-node">/#{regex1}#{Regexp.escape(wp_target.wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/</span>)
<span class="ruby-identifier">names</span>.<span class="ruby-identifier">flatten</span>.<span class="ruby-identifier">uniq</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">name</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">results</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">item_class</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">wp_target</span>.<span class="ruby-identifier">uri</span>, <span class="ruby-identifier">item_options</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">name</span>))
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">results</span>.<span class="ruby-identifier">sort!</span>
<span class="ruby-identifier">results</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- passive_detection-source -->
</div>
</div><!-- passive_detection-method -->
</div><!-- public-instance-method-details -->
<div id="protected-instance-method-details" class="method-section section">
<h3 class="section-header">Protected Instance Methods</h3>
<div id="create_item-method" class="method-detail ">
<a name="method-i-create_item"></a>
<div class="method-heading">
<span class="method-name">create_item</span><span
class="method-args">(klass, name, wp_target, vulns_file = nil)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@param [ Class ] klass @param [ String ] name @param [ <a
href="../WpTarget.html">WpTarget</a> ] wp_target @option [ String ] <a
href="Detectable.html#attribute-i-vulns_file">vulns_file</a></p>
<p>@return [ <a href="../WpItem.html">WpItem</a> ]</p>
<div class="method-source-code" id="create_item-source">
<pre>
<span class="ruby-comment"># File lib/common/collections/wp_items/detectable.rb, line 147</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">create_item</span>(<span class="ruby-identifier">klass</span>, <span class="ruby-identifier">name</span>, <span class="ruby-identifier">wp_target</span>, <span class="ruby-identifier">vulns_file</span> = <span class="ruby-keyword">nil</span>)
<span class="ruby-identifier">klass</span>.<span class="ruby-identifier">new</span>(
<span class="ruby-identifier">wp_target</span>.<span class="ruby-identifier">uri</span>,
<span class="ruby-identifier">name</span><span class="ruby-operator">:</span> <span class="ruby-identifier">name</span>,
<span class="ruby-identifier">vulns_file</span><span class="ruby-operator">:</span> <span class="ruby-identifier">vulns_file</span>,
<span class="ruby-identifier">wp_content_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_target</span>.<span class="ruby-identifier">wp_content_dir</span>,
<span class="ruby-identifier">wp_plugins_dir</span><span class="ruby-operator">:</span> <span class="ruby-identifier">wp_target</span>.<span class="ruby-identifier">wp_plugins_dir</span>
)
<span class="ruby-keyword">end</span></pre>
</div><!-- create_item-source -->
</div>
</div><!-- create_item-method -->
<div id="item_class-method" class="method-detail ">
<a name="method-i-item_class"></a>
<div class="method-heading">
<span class="method-name">item_class</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@return [ Class ]</p>
<div class="method-source-code" id="item_class-source">
<pre>
<span class="ruby-comment"># File lib/common/collections/wp_items/detectable.rb, line 180</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">item_class</span>
<span class="ruby-constant">Object</span>.<span class="ruby-identifier">const_get</span>(<span class="ruby-keyword">self</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/.$/</span>, <span class="ruby-string">''</span>))
<span class="ruby-keyword">end</span></pre>
</div><!-- item_class-source -->
</div>
</div><!-- item_class-method -->
<div id="request_params-method" class="method-detail ">
<a name="method-i-request_params"></a>
<div class="method-heading">
<span class="method-name">request_params</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>The default request parameters</p>
<p>@return [ Hash ]</p>
<div class="method-source-code" id="request_params-source">
<pre>
<span class="ruby-comment"># File lib/common/collections/wp_items/detectable.rb, line 95</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">request_params</span>; { <span class="ruby-identifier">cache_ttl</span><span class="ruby-operator">:</span> <span class="ruby-value">0</span>, <span class="ruby-identifier">followlocation</span><span class="ruby-operator">:</span> <span class="ruby-keyword">true</span> } <span class="ruby-keyword">end</span></pre>
</div><!-- request_params-source -->
</div>
</div><!-- request_params-method -->
<div id="targets_items-method" class="method-detail ">
<a name="method-i-targets_items"></a>
<div class="method-heading">
<span class="method-name">targets_items</span><span
class="method-args">(wp_target, options = {})</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@param [ <a href="../WpTarget.html">WpTarget</a> ] wp_target @param [
options ] options @option options [ Boolean ] :only_vulnerable @option
options [ String ] :file The path to the file containing the targets</p>
<p>@return [ <a href="../Array.html">Array</a>&lt;WpItem&gt; ]</p>
<div class="method-source-code" id="targets_items-source">
<pre>
<span class="ruby-comment"># File lib/common/collections/wp_items/detectable.rb, line 103</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">targets_items</span>(<span class="ruby-identifier">wp_target</span>, <span class="ruby-identifier">options</span> = {})
<span class="ruby-identifier">item_class</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">item_class</span>
<span class="ruby-identifier">vulns_file</span> = <span class="ruby-keyword">self</span>.<span class="ruby-identifier">vulns_file</span>
<span class="ruby-identifier">targets</span> = <span class="ruby-identifier">vulnerable_targets_items</span>(<span class="ruby-identifier">wp_target</span>, <span class="ruby-identifier">item_class</span>, <span class="ruby-identifier">vulns_file</span>)
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable</span>]
<span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>]
<span class="ruby-identifier">raise</span> <span class="ruby-string">'A file must be supplied'</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">+=</span> <span class="ruby-identifier">targets_items_from_file</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>], <span class="ruby-identifier">wp_target</span>, <span class="ruby-identifier">item_class</span>, <span class="ruby-identifier">vulns_file</span>)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">uniq!</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">t</span><span class="ruby-operator">|</span> <span class="ruby-identifier">t</span>.<span class="ruby-identifier">name</span> }
<span class="ruby-identifier">targets</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-identifier">rand</span> }
<span class="ruby-keyword">end</span></pre>
</div><!-- targets_items-source -->
</div>
</div><!-- targets_items-method -->
<div id="targets_items_from_file-method" class="method-detail ">
<a name="method-i-targets_items_from_file"></a>
<div class="method-heading">
<span class="method-name">targets_items_from_file</span><span
class="method-args">(file, wp_target, item_class, vulns_file)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@param [ String ] file @param [ <a href="../WpTarget.html">WpTarget</a> ]
wp_target @param [ Class ] <a
href="Detectable.html#method-i-item_class">item_class</a> @param [ String ]
<a href="Detectable.html#attribute-i-vulns_file">vulns_file</a></p>
<p>@return [ <a href="../WpItem.html">WpItem</a> ]</p>
<div class="method-source-code" id="targets_items_from_file-source">
<pre>
<span class="ruby-comment"># File lib/common/collections/wp_items/detectable.rb, line 163</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">targets_items_from_file</span>(<span class="ruby-identifier">file</span>, <span class="ruby-identifier">wp_target</span>, <span class="ruby-identifier">item_class</span>, <span class="ruby-identifier">vulns_file</span>)
<span class="ruby-identifier">targets</span> = []
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">'r'</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">f</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item_name</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">create_item</span>(
<span class="ruby-identifier">item_class</span>,
<span class="ruby-identifier">item_name</span>.<span class="ruby-identifier">strip</span>,
<span class="ruby-identifier">wp_target</span>,
<span class="ruby-identifier">vulns_file</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">targets</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- targets_items_from_file-source -->
</div>
</div><!-- targets_items_from_file-method -->
<div id="vulnerable_targets_items-method" class="method-detail ">
<a name="method-i-vulnerable_targets_items"></a>
<div class="method-heading">
<span class="method-name">vulnerable_targets_items</span><span
class="method-args">(wp_target, item_class, vulns_file)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>@param [ <a href="../WpTarget.html">WpTarget</a> ] wp_target @param [ Class
] <a href="Detectable.html#method-i-item_class">item_class</a> @param [
String ] <a href="Detectable.html#attribute-i-vulns_file">vulns_file</a></p>
<p>@return [ <a href="../Array.html">Array</a>&lt;WpItem&gt; ]</p>
<div class="method-source-code" id="vulnerable_targets_items-source">
<pre>
<span class="ruby-comment"># File lib/common/collections/wp_items/detectable.rb, line 126</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">vulnerable_targets_items</span>(<span class="ruby-identifier">wp_target</span>, <span class="ruby-identifier">item_class</span>, <span class="ruby-identifier">vulns_file</span>)
<span class="ruby-identifier">targets</span> = []
<span class="ruby-identifier">xml</span> = <span class="ruby-identifier">xml</span>(<span class="ruby-identifier">vulns_file</span>)
<span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-identifier">item_xpath</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-identifier">create_item</span>(
<span class="ruby-identifier">item_class</span>,
<span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">'name'</span>).<span class="ruby-identifier">text</span>,
<span class="ruby-identifier">wp_target</span>,
<span class="ruby-identifier">vulns_file</span>
)
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">targets</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- vulnerable_targets_items-source -->
</div>
</div><!-- vulnerable_targets_items-method -->
</div><!-- protected-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink