Class: WPScan::Finders::Users::AuthorPosts

Inherits:

CMSScanner::Finders::Finder

• Object
• CMSScanner::Finders::Finder
• WPScan::Finders::Users::AuthorPosts

Defined in:

app/finders/users/author_posts.rb

Overview

Author Posts

Instance Method Summary

• #passive(opts = {}) ⇒ Array<User>
• #potential_usernames(res) ⇒ Array<Array>
• #usernames(_opts = {}) ⇒ Array<Array>

  ].

Instance Method Details

#passive(opts = {}) ⇒ Array<User>

Parameters:

• opts (Hash) (defaults to: {})

Returns:

• (Array<User>)

# File 'app/finders/users/author_posts.rb', line 9

def passive(opts = {})
  found_by_msg = 'Author Posts - %s (Passive Detection)'

  usernames(opts).reduce([]) do |a, e|
    a << WPScan::User.new(
      e[0],
      found_by: format(found_by_msg, e[1]),
      confidence: e[2]
    )
  end
end

#potential_usernames(res) ⇒ Array<Array>

Parameters:

• res (Typhoeus::Response)

Returns:

• (Array<Array>)

# File 'app/finders/users/author_posts.rb', line 43

def potential_usernames(res)
  usernames = []

  target.in_scope_urls(res, '//a', %w[href]) do |url, node|
    uri = Addressable::URI.parse(url)

    if uri.path =~ %r{/author/([^/\b]+)/?\z}i
      usernames << [Regexp.last_match[1], 'Author Pattern', 100]
    elsif uri.query =~ /author=[0-9]+/
      usernames << [node.text.to_s.strip, 'Display Name', 30]
    end
  end

  usernames.uniq
end

#usernames(_opts = {}) ⇒ Array<Array>

Returns ].

Parameters:

• opts (Hash)

Returns:

• (Array<Array>) —

  ]

# File 'app/finders/users/author_posts.rb', line 24

def usernames(_opts = {})
  found = potential_usernames(target.homepage_res)

  return found unless found.empty?

  target.homepage_res.html.css('header.entry-header a').each do |post_url_node|
    url = post_url_node['href']

    next if url.nil? || url.empty?

    found += potential_usernames(Browser.get(url))
  end

  found.compact.uniq
end