Module: WPScan::Target::Platform::WordPress
- Includes:
- CMSScanner::Target::Platform::PHP
- Included in:
- WPScan::Target
- Defined in:
- lib/wpscan/target/platform/wordpress.rb,
lib/wpscan/target/platform/wordpress/custom_directories.rb
Overview
wp-content & plugins directory implementation
Constant Summary collapse
- WORDPRESS_PATTERN =
%r{/(?:(?:wp-content/(?:themes|(?:mu\-)?plugins|uploads))|wp-includes)/}i
Instance Attribute Summary collapse
-
#mu_plugins ⇒ Object
(also: #mu_plugins?)
These methods are used in the associated interesting_findings finders to keep the boolean state of the finding rather than re-check the whole thing again.
-
#multisite ⇒ Object
(also: #multisite?)
These methods are used in the associated interesting_findings finders to keep the boolean state of the finding rather than re-check the whole thing again.
-
#registration_enabled ⇒ Object
(also: #registration_enabled?)
These methods are used in the associated interesting_findings finders to keep the boolean state of the finding rather than re-check the whole thing again.
Instance Method Summary collapse
-
#content_dir ⇒ String
The wp-content directory.
- #content_dir=(dir) ⇒ Object
- #content_uri ⇒ Addressable::URI
- #content_url ⇒ String
- #do_login(username, password) ⇒ Typhoeus::Response
- #login_request(username, password) ⇒ Typhoeus::Request
-
#login_url ⇒ String
The URL to the login page.
- #plugins_dir ⇒ String
- #plugins_dir=(dir) ⇒ Object
- #plugins_uri ⇒ Addressable::URI
- #plugins_url ⇒ String
- #registration_url ⇒ String
-
#sub_dir ⇒ String, False
TODO: Factorise the code and the content_dir one ? @note: nil can not be returned here, otherwise if there is no sub_dir the check would be done each time.
-
#url(path = nil) ⇒ String
Override of the WebSite#url to consider the custom WP directories.
- #wordpress? ⇒ Boolean
- #wordpress_hosted? ⇒ Boolean
Instance Attribute Details
#mu_plugins ⇒ Object Also known as: mu_plugins?
These methods are used in the associated interesting_findings finders to keep the boolean state of the finding rather than re-check the whole thing again
16 17 18 |
# File 'lib/wpscan/target/platform/wordpress.rb', line 16 def mu_plugins @mu_plugins end |
#multisite ⇒ Object Also known as: multisite?
These methods are used in the associated interesting_findings finders to keep the boolean state of the finding rather than re-check the whole thing again
16 17 18 |
# File 'lib/wpscan/target/platform/wordpress.rb', line 16 def multisite @multisite end |
#registration_enabled ⇒ Object Also known as: registration_enabled?
These methods are used in the associated interesting_findings finders to keep the boolean state of the finding rather than re-check the whole thing again
16 17 18 |
# File 'lib/wpscan/target/platform/wordpress.rb', line 16 def registration_enabled @registration_enabled end |
Instance Method Details
#content_dir ⇒ String
Returns The wp-content directory.
15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'lib/wpscan/target/platform/wordpress/custom_directories.rb', line 15 def content_dir unless @content_dir escaped_url = Regexp.escape(url).gsub(/https?/i, 'https?') pattern = %r{#{escaped_url}(.+?)\/(?:themes|plugins|uploads)\/}i in_scope_urls(homepage_res) do |url| return @content_dir = Regexp.last_match[1] if url.match(pattern) end end @content_dir end |
#content_dir=(dir) ⇒ Object
6 7 8 |
# File 'lib/wpscan/target/platform/wordpress/custom_directories.rb', line 6 def content_dir=(dir) @content_dir = dir.chomp('/') end |
#content_uri ⇒ Addressable::URI
29 30 31 |
# File 'lib/wpscan/target/platform/wordpress/custom_directories.rb', line 29 def content_uri uri.join("#{content_dir}/") end |
#content_url ⇒ String
34 35 36 |
# File 'lib/wpscan/target/platform/wordpress/custom_directories.rb', line 34 def content_url content_uri.to_s end |
#do_login(username, password) ⇒ Typhoeus::Response
51 52 53 |
# File 'lib/wpscan/target/platform/wordpress.rb', line 51 def do_login(username, password) login_request(username, password).run end |
#login_request(username, password) ⇒ Typhoeus::Request
59 60 61 62 63 64 65 |
# File 'lib/wpscan/target/platform/wordpress.rb', line 59 def login_request(username, password) Browser.instance.forge_request( login_url, method: :post, body: { log: username, pwd: password } ) end |
#login_url ⇒ String
Returns The URL to the login page.
68 69 70 |
# File 'lib/wpscan/target/platform/wordpress.rb', line 68 def login_url url('wp-login.php') end |
#plugins_dir ⇒ String
39 40 41 |
# File 'lib/wpscan/target/platform/wordpress/custom_directories.rb', line 39 def plugins_dir @plugins_dir ||= "#{content_dir}/plugins" end |
#plugins_dir=(dir) ⇒ Object
10 11 12 |
# File 'lib/wpscan/target/platform/wordpress/custom_directories.rb', line 10 def plugins_dir=(dir) @plugins_dir = dir.chomp('/') end |
#plugins_uri ⇒ Addressable::URI
44 45 46 |
# File 'lib/wpscan/target/platform/wordpress/custom_directories.rb', line 44 def plugins_uri uri.join("#{plugins_dir}/") end |
#plugins_url ⇒ String
49 50 51 |
# File 'lib/wpscan/target/platform/wordpress/custom_directories.rb', line 49 def plugins_url plugins_uri.to_s end |
#registration_url ⇒ String
39 40 41 |
# File 'lib/wpscan/target/platform/wordpress.rb', line 39 def registration_url multisite? ? url('wp-signup.php') : url('wp-login.php?action=register') end |
#sub_dir ⇒ String, False
TODO: Factorise the code and the content_dir one ? @note: nil can not be returned here, otherwise if there is no sub_dir
the check would be done each time
57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'lib/wpscan/target/platform/wordpress/custom_directories.rb', line 57 def sub_dir unless @sub_dir escaped_url = Regexp.escape(url).gsub(/https?/i, 'https?') pattern = %r{#{escaped_url}(.+?)\/(?:xmlrpc\.php|wp\-includes\/)}i in_scope_urls(homepage_res) do |url| return @sub_dir = Regexp.last_match[1] if url.match(pattern) end @sub_dir = false end @sub_dir end |
#url(path = nil) ⇒ String
Override of the WebSite#url to consider the custom WP directories
77 78 79 80 81 82 83 84 85 86 87 88 89 |
# File 'lib/wpscan/target/platform/wordpress/custom_directories.rb', line 77 def url(path = nil) return @uri.to_s unless path if path =~ %r{wp\-content/plugins}i path.gsub!('wp-content/plugins', plugins_dir) elsif path =~ /wp\-content/i path.gsub!('wp-content', content_dir) elsif path[0] != '/' && sub_dir path = "#{sub_dir}/#{path}" end super(path) end |
#wordpress? ⇒ Boolean
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
# File 'lib/wpscan/target/platform/wordpress.rb', line 22 def wordpress? # res = Browser.get(url) in_scope_urls(homepage_res) do |url| return true if Addressable::URI.parse(url).path.match(WORDPRESS_PATTERN) end homepage_res.html.css('meta[name="generator"]').each do |node| return true if node['content'] =~ /wordpress/i end return true unless comments_from_page(/wordpress/i, homepage_res).empty? false end |
#wordpress_hosted? ⇒ Boolean
43 44 45 |
# File 'lib/wpscan/target/platform/wordpress.rb', line 43 def wordpress_hosted? uri.host =~ /wordpress.com$/i ? true : false end |