Class: WPScan::Finders::Users::WpJsonApi
- Inherits:
-
CMSScanner::Finders::Finder
- Object
- CMSScanner::Finders::Finder
- WPScan::Finders::Users::WpJsonApi
- Defined in:
- app/finders/users/wp_json_api.rb
Overview
WP JSON API
Since 4.7 - Need more investigation as it seems WP 4.7.1 reduces the exposure, see github.com/wpscanteam/wpscan/issues/1038)
Instance Method Summary collapse
- #aggressive(_opts = {}) ⇒ Array<User>
-
#api_url ⇒ String
The URL of the API listing the Users.
Instance Method Details
#aggressive(_opts = {}) ⇒ Array<User>
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'app/finders/users/wp_json_api.rb', line 12 def aggressive(_opts = {}) found = [] JSON.parse(Browser.get(api_url).body).each do |user| found << WPScan::User.new(user['slug'], id: user['id'], found_by: found_by, confidence: 100, interesting_entries: [api_url]) end found rescue JSON::ParserError found end |
#api_url ⇒ String
Returns The URL of the API listing the Users.
29 30 31 |
# File 'app/finders/users/wp_json_api.rb', line 29 def api_url @api_url ||= target.url('wp-json/wp/v2/users/') end |