Class: CMSScanner::Finders::InterestingFindings::XMLRPC

Inherits:

Finder

• Object
• Finder
• CMSScanner::Finders::InterestingFindings::XMLRPC

Defined in:

app/finders/interesting_findings/xml_rpc.rb

Overview

XML RPC finder

Constant Summary

Constants inherited from Finder

Finder::DIRECT_ACCESS

Instance Attribute Summary

Attributes inherited from Finder

#progress_bar, #target

Instance Method Summary

• #aggressive(_opts = {}) ⇒ XMLRPC
• #passive(opts = {}) ⇒ Array<XMLRPC>
• #passive_body(_opts = {}) ⇒ XMLRPC
• #passive_headers(_opts = {}) ⇒ XMLRPC
• #potential_urls ⇒ Array<String>

  The potential urls to the XMl RPC file.

Methods inherited from Finder

#browser, #create_progress_bar, #found_by, #hydra, #initialize, #titleize

Constructor Details

This class inherits a constructor from CMSScanner::Finders::Finder

Instance Method Details

#aggressive(_opts = {}) ⇒ XMLRPC

Returns:

• (XMLRPC)

# File 'app/finders/interesting_findings/xml_rpc.rb', line 44

def aggressive(_opts = {})
  potential_urls << target.url('xmlrpc.php')

  potential_urls.uniq.each do |potential_url|
    next unless target.in_scope?(potential_url)

    res = NS::Browser.post(potential_url, body: Digest::MD5.hexdigest(rand(999_999).to_s[0..5]))

    next unless /<methodResponse>/i.match?(res&.body)

    return NS::Model::XMLRPC.new(potential_url, confidence: 100, found_by: DIRECT_ACCESS)
  end
  nil
end

#passive(opts = {}) ⇒ Array<XMLRPC>

Returns:

• (Array<XMLRPC>)

# File 'app/finders/interesting_findings/xml_rpc.rb', line 14

def passive(opts = {})
  [passive_headers(opts), passive_body(opts)].compact
end

#passive_body(_opts = {}) ⇒ XMLRPC

Returns:

• (XMLRPC)

# File 'app/finders/interesting_findings/xml_rpc.rb', line 30

def passive_body(_opts = {})
  target.homepage_res.html.css('link[rel="pingback"]').each do |tag|
    url = tag.attribute('href').to_s

    next unless target.in_scope?(url)

    potential_urls << url

    return NS::Model::XMLRPC.new(url, confidence: 30, found_by: 'Link Tag (Passive Detection)')
  end
  nil
end

#passive_headers(_opts = {}) ⇒ XMLRPC

Returns:

• (XMLRPC)

# File 'app/finders/interesting_findings/xml_rpc.rb', line 19

def passive_headers(_opts = {})
  url = target.homepage_res.headers['X-Pingback']

  return unless target.in_scope?(url)

  potential_urls << url

  NS::Model::XMLRPC.new(url, confidence: 30, found_by: 'Headers (Passive Detection)')
end

#potential_urls ⇒ Array<String>

Returns The potential urls to the XMl RPC file.

Returns:

• (Array<String>) —

  The potential urls to the XMl RPC file

# File 'app/finders/interesting_findings/xml_rpc.rb', line 9

def potential_urls
  @potential_urls ||= []
end