Class: WPScan::Finders::WpVersion::UniqueFingerprinting

Inherits:

CMSScanner::Finders::Finder

Object
CMSScanner::Finders::Finder
WPScan::Finders::WpVersion::UniqueFingerprinting

show all

Includes:: CMSScanner::Finders::Finder::Fingerprinter

Defined in:: app/finders/wp_version/unique_fingerprinting.rb

Overview

Unique Fingerprinting Version Finder

Constant Summary collapse

QUERY =

'SELECT md5_hash, path_id, version_id, ' \
'versions.number AS version,' \
'paths.value AS path ' \
'FROM fingerprints ' \
'LEFT JOIN versions ON version_id = versions.id ' \
'LEFT JOIN paths on path_id = paths.id ' \
'WHERE md5_hash IN ' \
'(SELECT md5_hash FROM fingerprints GROUP BY md5_hash HAVING COUNT(*) = 1) ' \
'ORDER BY version DESC'.freeze

Instance Method Summary collapse

#aggressive(opts = {}) ⇒ WpVersion
#create_progress_bar(opts = {}) ⇒ Object
#unique_fingerprints ⇒ Hash

Format returned: { file_path_1: { md5_hash_1: version_1, md5_hash_2: version_2 }, file_path_2: { md5_hash_3: version_1, md5_hash_4: version_3 } }.

Instance Method Details

#aggressive(opts = {}) ⇒ `WpVersion`

Returns:

(WpVersion)

# File 'app/finders/wp_version/unique_fingerprinting.rb', line 19

def aggressive(opts = {})
  fingerprint(unique_fingerprints, opts) do |version_number, url, md5sum|
    hydra.abort
    progress_bar.finish

    return WPScan::WpVersion.new(
      version_number,
      found_by: 'Unique Fingerprinting (Aggressive Detection)',
      confidence: 100,
      interesting_entries: ["#{url} md5sum is #{md5sum}"]
    )
  end
  nil
end

#create_progress_bar(opts = {}) ⇒ `Object`



58
59
60

# File 'app/finders/wp_version/unique_fingerprinting.rb', line 58

def create_progress_bar(opts = {})
  super(opts.merge(title: 'Fingerprinting the version -'))
end

#unique_fingerprints ⇒ `Hash`

Format returned: {

file_path_1: {
  md5_hash_1: version_1,
  md5_hash_2: version_2
},
file_path_2: {
  md5_hash_3: version_1,
  md5_hash_4: version_3
}

}

Returns:

(Hash) —

The unique fingerprints across all versions in the DB

# File 'app/finders/wp_version/unique_fingerprinting.rb', line 47

def unique_fingerprints
  fingerprints = {}

  repository(:default).adapter.select(QUERY).each do |f|
    fingerprints[f.path] ||= {}
    fingerprints[f.path][f.md5_hash] = f.version
  end

  fingerprints
end

Class: WPScan::Finders::WpVersion::UniqueFingerprinting

Overview

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#aggressive(opts = {}) ⇒ WpVersion

#create_progress_bar(opts = {}) ⇒ Object

#unique_fingerprints ⇒ Hash

#aggressive(opts = {}) ⇒ `WpVersion`

#create_progress_bar(opts = {}) ⇒ `Object`

#unique_fingerprints ⇒ `Hash`