Module: Wpxf

Included in:
Auxiliary::CustomContactFormsPrivilegeEscalation, Auxiliary::DownloadManagerAuthenticatedPrivilegeEscalation, Auxiliary::DownloadManagerDirectoryListingDisclosure, Auxiliary::DownloadManagerPrivilegeEscalation, Auxiliary::DownloadMonitorLogExport, Auxiliary::DuplicatorCsrfDbExport, Auxiliary::EasyCartPrivilegeEscalation, Auxiliary::EmailSubscribersUserListDisclosure, Auxiliary::FileManagerDatabaseCredentialsDisclosure, Auxiliary::LoadScriptsDos, Auxiliary::LongPasswordDos, Auxiliary::PlatformPrivilegeEscalation, Auxiliary::PostGridFileDeletion, Auxiliary::QardsLocalPortScan, Auxiliary::SimpleAdsManagerSqlInjection, Auxiliary::SuperSocializerAuthBypass, Auxiliary::UltimateCsvImporterUserExtract, Auxiliary::UserMetaManagerInformationDisclosure, Auxiliary::UserMetaManagerPrivilegeEscalation, Auxiliary::WoocommerceEmailTestOrderDisclosure, Auxiliary::WoocommerceOrderImportExportOrderDisclosure, Auxiliary::Wp47UserInfoDisclosure, Auxiliary::WpFrontEndProfilePrivilegeEscalation, Auxiliary::WpV471ContentInjection, Auxiliary::WplmsPrivilegeEscalation, Exploit::AdminManagementXtendedXssShellUpload, Exploit::AdminShellUpload, Exploit::AdvancedCustomFieldsRemoteFileInclusion, Exploit::CharityThemeShellUpload, Exploit::CreativeContactFormShellUpload, Exploit::DwQuestionAnswerStoredXssShellUpload, Exploit::EasyCartShellUpload, Exploit::EvoThemeShellUpload, Exploit::FastImageAdderV11RfiShellUpload, Exploit::FlickrPictureBackupRfiShellUpload, Exploit::GalleryProThemeShellUpload, Exploit::GwolleGuestbookRemoteFileInclusion, Exploit::HoldingPatternShellUpload, Exploit::ImpressListingsReflectedXssShellUpload, Exploit::InboundioMarketingShellUpload, Exploit::InfusionsoftShellUpload, Exploit::JobManagerReflectedXssShellUpload, Exploit::MailpoetNewslettersShellUpload, Exploit::MdcPrivateMessageXssShellUpload, Exploit::MicroThemeShellUpload, Exploit::NMediaWebsiteContactFormShellUpload, Exploit::ParticipantsDatabaseV1548ShellUpload, Exploit::PhotoAlbumPlusXssShellUpload, Exploit::PhotoGalleryShellUpload, Exploit::ReflexGalleryShellUpload, Exploit::RevsliderShellUpload, Exploit::SimplecartShellUpload, Exploit::SuperSocializerShellUpload, Exploit::SymposiumShellUpload, Exploit::UltimateCsvImporterReflectedXssShellUpload, Exploit::UltimateMemberShellUpload, Exploit::Wp43ShortcodeXssShellUpload, Exploit::Wp44XssShellUpload, Exploit::WpMobileDetectorRfiShellUpload, Net::HttpServer, Payloads::BindPhp, Payloads::Custom, Payloads::DownloadExec, Payloads::Exec, Payloads::MeterpreterBindTcp, Payloads::MeterpreterReverseTcp, Payloads::ReverseTcp, WordPress::Comments, WordPress::FileDownload, WordPress::HashDump, WordPress::ShellUpload, WordPress::Xss
Defined in:
lib/wpxf.rb,
lib/wpxf/db.rb,
lib/wpxf/net.rb,
lib/wpxf/modules.rb,
lib/wpxf/utility.rb,
lib/wpxf/cli/help.rb,
lib/wpxf/cli/loot.rb,
lib/wpxf/cli/creds.rb,
lib/wpxf/wordpress.rb,
lib/wpxf/cli/banner.rb,
lib/wpxf/cli/output.rb,
lib/wpxf/models/log.rb,
lib/wpxf/versioning.rb,
lib/wpxf/cli/console.rb,
lib/wpxf/cli/context.rb,
lib/wpxf/cli/modules.rb,
lib/wpxf/cli/options.rb,
lib/wpxf/core/module.rb,
lib/wpxf/core/options.rb,
lib/wpxf/core/payload.rb,
lib/wpxf/utility/text.rb,
lib/wpxf/cli/workspace.rb,
lib/wpxf/models/module.rb,
lib/wpxf/core/data_file.rb,
lib/wpxf/helpers/export.rb,
lib/wpxf/net/cookie_jar.rb,
lib/wpxf/net/user_agent.rb,
lib/wpxf/cli/module_info.rb,
lib/wpxf/net/http_client.rb,
lib/wpxf/cli/module_cache.rb,
lib/wpxf/core/module_info.rb,
lib/wpxf/core/opts/option.rb,
lib/wpxf/models/loot_item.rb,
lib/wpxf/models/workspace.rb,
lib/wpxf/net/http_options.rb,
lib/wpxf/cli/auto_complete.rb,
lib/wpxf/cli/loaded_module.rb,
lib/wpxf/models/credential.rb,
lib/wpxf/net/http_response.rb,
lib/wpxf/wordpress/options.rb,
lib/wpxf/core/event_emitter.rb,
lib/wpxf/net/typhoeus_helper.rb,
lib/wpxf/core/output_emitters.rb,
lib/wpxf/utility/body_builder.rb,
lib/wpxf/core/opts/enum_option.rb,
lib/wpxf/core/opts/path_option.rb,
lib/wpxf/core/opts/port_option.rb,
lib/wpxf/versioning/os_versions.rb,
lib/wpxf/core/opts/string_option.rb,
lib/wpxf/core/opts/boolean_option.rb,
lib/wpxf/core/opts/integer_option.rb,
lib/wpxf/core/module_authentication.rb,
lib/wpxf/utility/reference_inflater.rb,
lib/wpxf/versioning/browser_versions.rb

Overview

The root namespace.

Defined Under Namespace

Modules: Auxiliary, Cli, Db, Exploit, Helpers, Models, ModuleAuthentication, ModuleInfo, Net, Options, OutputEmitters, Payloads, Utility, Versioning, WordPress Classes: BooleanOption, DataFile, EnumOption, EventEmitter, IntegerOption, Module, Option, PathOption, Payload, PortOption, StringOption

Class Method Summary collapse

Class Method Details

.app_pathObject 



21
22
23
 
# File 'lib/wpxf.rb', line 21

def self.app_path
  File.expand_path(File.dirname(__dir__))
end

.build_module_list(namespace, source_folders = []) ⇒ Object 



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/wpxf/modules.rb', line 16

def self.build_module_list(namespace, source_folders = [])
  modules = namespace.constants.select do |c|
    namespace.const_get(c).is_a? Class
  end

  modules.map do |m|
    klass = namespace.const_get(m)
    filename = klass.new.method(:initialize).source_location[0]

    # Remove any source folders from the path and store the
    # relative path that will be used in the CLI.
    source_folders.each do |source_folder|
      filename = filename.sub(source_folder, '')
    end

    {
      class: klass,
      name: filename.sub(/^\//, '').sub(/\.rb$/, '')
    }
  end
end

.change_stdout_sync(enabled) {|enabled| ... } ⇒ Object

Yields:

  • (enabled) 


41
42
43
44
45
46
 
# File 'lib/wpxf.rb', line 41

def self.change_stdout_sync(enabled)
  original_setting = STDOUT.sync
  STDOUT.sync = true
  yield(enabled)
  STDOUT.sync = original_setting
end

.custom_modules_pathObject 



8
9
10
 
# File 'lib/wpxf/modules.rb', line 8

def self.custom_modules_path
  File.join(Wpxf.home_directory, 'modules')
end

.data_directoryObject 



17
18
19
 
# File 'lib/wpxf.rb', line 17

def self.data_directory
  File.join(app_path, 'data')
end

.databases_pathObject 



35
36
37
38
39
 
# File 'lib/wpxf.rb', line 35

def self.databases_path
  path = File.join(home_directory, 'db')
  FileUtils.mkdir_p(path) unless File.directory?(path)
  path
end

.gemspecObject 



12
13
14
15
 
# File 'lib/wpxf.rb', line 12

def self.gemspec
  spec_path = File.join(Wpxf.app_path, 'wpxf.gemspec')
  Gem::Specification.load(spec_path)
end

.home_directoryObject 



29
30
31
32
33
 
# File 'lib/wpxf.rb', line 29

def self.home_directory
  path = File.join(Dir.home, '.wpxf')
  FileUtils.mkdir_p(path) unless File.directory?(path)
  path
end

.load_custom_modulesObject 



44
45
46
47
 
# File 'lib/wpxf/modules.rb', line 44

def self.load_custom_modules
  custom_modules_path = File.join(Wpxf.home_directory, 'modules', '**', '*.rb')
  Dir.glob(custom_modules_path).each { |p| load p }
end

.load_module(path) ⇒ Object 



38
39
40
41
42
 
# File 'lib/wpxf/modules.rb', line 38

def self.load_module(path)
  mod = Wpxf::Models::Module.first(path: path)
  raise "\"#{path}\" is not a valid module" if mod.nil?
  Object.const_get(mod.class_name).new
end

.modules_pathObject 



4
5
6
 
# File 'lib/wpxf/modules.rb', line 4

def self.modules_path
  File.join(Wpxf.app_path, 'lib', 'wpxf', 'modules')
end

.payloads_pathObject 



12
13
14
 
# File 'lib/wpxf/modules.rb', line 12

def self.payloads_path
  File.join(Wpxf.app_path, 'lib', 'wpxf', 'payloads')
end

.versionObject 



25
26
27
 
# File 'lib/wpxf.rb', line 25

def self.version
  gemspec.version.to_s
end