Class: WPScan::Controller::Core

Inherits:
CMSScanner::Controller::Core
  • Object
show all
Defined in:
app/controllers/core.rb

Overview

Specific Core controller to include WordPress checks

Instance Method Summary collapse

Instance Method Details

#before_scanObject 



48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'app/controllers/core.rb', line 48

def before_scan
  output('banner')

  update_db if update_db_required?

  super(false) # disable banner output

  DB.init_db

  load_server_module

  check_wordpress_state
end

#check_wordpress_stateObject

Raises errors if the target is hosted on wordpress.com or is not running WordPress Also check if the homepage_url is still the install url

Raises:



64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'app/controllers/core.rb', line 64

def check_wordpress_state
  raise WordPressHostedError if target.wordpress_hosted?

  if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i

    output('not_fully_configured', url: target.homepage_url)

    exit(WPScan::ExitCode::VULNERABLE)
  end

  raise NotWordPressError unless target.wordpress? || parsed_options[:force]
end

#cli_optionsArray<OptParseValidator::Opt>

Returns:

  • (Array<OptParseValidator::Opt>) 


6
7
8
9
10
11
12
13
14
15
16
 
# File 'app/controllers/core.rb', line 6

def cli_options
  [OptURL.new(['--url URL', 'The URL of the blog to scan'], required_unless: :update, default_protocol: 'http')] +
    super.drop(1) + # delete the --url from CMSScanner
    [
      OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
                    choices: %w[apache iis nginx],
                    normalize: %i[downcase to_sym]),
      OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
      OptBoolean.new(['--[no-]update', 'Wether or not to update the Database'], required_unless: :url)
    ]
end

#load_server_moduleSymbol

Loads the related server module in the target and includes it in the WpItem class which will be needed to check if directory listing is enabled etc

Returns:

  • (Symbol)

    The server module loaded



82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'app/controllers/core.rb', line 82

def load_server_module
  server = target.server || :Apache # Tries to auto detect the server

  # Force a specific server module to be loaded if supplied
  case parsed_options[:server]
  when :apache
    server = :Apache
  when :iis
    server = :IIS
  when :nginx
    server = :Nginx
  end

  mod = CMSScanner::Target::Server.const_get(server)

  target.extend mod
  WPScan::WpItem.include mod

  server
end

#local_dbDB::Updater

Returns:



19
20
21
 
# File 'app/controllers/core.rb', line 19

def local_db
  @local_db ||= DB::Updater.new(DB_DIR)
end

#update_dbObject 



41
42
43
44
45
46
 
# File 'app/controllers/core.rb', line 41

def update_db
  output('db_update_started')
  output('db_update_finished', updated: local_db.update, verbose: parsed_options[:verbose])

  exit(0) unless parsed_options[:url]
end

#update_db_required?Boolean

Returns:

  • (Boolean) 


24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'app/controllers/core.rb', line 24

def update_db_required?
  if local_db.missing_files?
    raise MissingDatabaseFile if parsed_options[:update] == false

    return true
  end

  return parsed_options[:update] unless parsed_options[:update].nil?

  return false unless user_interaction? && local_db.outdated?

  output('@notice', msg: 'It seems like you have not updated the database for some time.')
  print '[?] Do you want to update now? [Y]es [N]o, default: [N]'

  Readline.readline =~ /^y/i ? true : false
end