Class: CMSScanner::Finders::InterestingFiles::XMLRPC

Inherits:

Finder

• Object
• Finder
• CMSScanner::Finders::InterestingFiles::XMLRPC

Defined in:

app/finders/interesting_files/xml_rpc.rb

Overview

XML RPC finder

Constant Summary

Constants inherited from Finder

Finder::DIRECT_ACCESS

Instance Attribute Summary

Attributes inherited from Finder

#target

Instance Method Summary

• #aggressive(_opts = {}) ⇒ XMLRPC
• #passive(opts = {}) ⇒ Array<XMLRPC>
• #passive_body(_opts = {}) ⇒ XMLRPC
• #passive_headers(_opts = {}) ⇒ XMLRPC
• #potential_urls ⇒ Array<String>

  The potential urls to the XMl RPC file.

Methods inherited from Finder

#browser, #found_by, #hydra, #initialize, #progress_bar, #titleize

Constructor Details

This class inherits a constructor from CMSScanner::Finders::Finder

Instance Method Details

#aggressive(_opts = {}) ⇒ XMLRPC

Returns:

• (XMLRPC)

# File 'app/finders/interesting_files/xml_rpc.rb', line 41

def aggressive(_opts = {})
  potential_urls << target.url('xmlrpc.php')

  potential_urls.uniq.each do |potential_url|
    next unless target.in_scope?(potential_url)

    res = NS::Browser.get(potential_url)

    next unless res && res.body =~ /XML-RPC server accepts POST requests only/i

    return NS::XMLRPC.new(potential_url,
                          confidence: 100,
                          found_by: DIRECT_ACCESS)
  end
  nil
end

#passive(opts = {}) ⇒ Array<XMLRPC>

Returns:

• (Array<XMLRPC>)

# File 'app/finders/interesting_files/xml_rpc.rb', line 12

def passive(opts = {})
  [passive_headers(opts), passive_body(opts)].compact
end

#passive_body(_opts = {}) ⇒ XMLRPC

Returns:

• (XMLRPC)

# File 'app/finders/interesting_files/xml_rpc.rb', line 27

def passive_body(_opts = {})
  NS::Browser.get(target.url).html.css('link[rel="pingback"]').each do |tag|
    url = tag.attribute('href').to_s

    next unless target.in_scope?(url)
    potential_urls << url

    return NS::XMLRPC.new(url, confidence: 30,
                               found_by: 'Link Tag (passive detection)')
  end
  nil
end

#passive_headers(_opts = {}) ⇒ XMLRPC

Returns:

• (XMLRPC)

# File 'app/finders/interesting_files/xml_rpc.rb', line 17

def passive_headers(_opts = {})
  url = NS::Browser.get(target.url).headers['X-Pingback']

  return unless target.in_scope?(url)
  potential_urls << url

  NS::XMLRPC.new(url, confidence: 30, found_by: 'Headers (passive detection)')
end

#potential_urls ⇒ Array<String>

Returns The potential urls to the XMl RPC file.

Returns:

• (Array<String>) —

  The potential urls to the XMl RPC file

# File 'app/finders/interesting_files/xml_rpc.rb', line 7

def potential_urls
  @potential_urls ||= []
end