Class: WPScan::Controller::Core

Inherits:
CMSScanner::Controller::Core
  • Object
show all
Defined in:
app/controllers/core.rb

Overview

Specific Core controller to include WordPress checks

Instance Method Summary collapse

Instance Method Details

#before_scanObject 



50
51
52
53
54
55
56
57
58
59
60
 
# File 'app/controllers/core.rb', line 50

def before_scan
  @last_update = local_db.last_update

  maybe_output_banner_help_and_version # From CMS Scanner

  update_db if update_db_required?
  setup_cache
  check_target_availability
  load_server_module
  check_wordpress_state
end

#check_wordpress_stateObject

Raises errors if the target is hosted on wordpress.com or is not running WordPress Also check if the homepage_url is still the install url

Raises:



64
65
66
67
68
69
70
71
72
73
74
75
 
# File 'app/controllers/core.rb', line 64

def check_wordpress_state
  raise WordPressHostedError if target.wordpress_hosted?

  if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i

    output('not_fully_configured', url: target.homepage_url)

    exit(WPScan::ExitCode::VULNERABLE)
  end

  raise NotWordPressError unless target.wordpress? || parsed_options[:force]
end

#cli_optionsArray<OptParseValidator::Opt> 



6
7
8
9
10
11
12
13
14
15
16
17
18
 
# File 'app/controllers/core.rb', line 6

def cli_options
  [OptURL.new(['--url URL', 'The URL of the blog to scan'],
              required_unless: i[update help hh version], default_protocol: 'http')] +
    super.drop(1) + # delete the --url from CMSScanner
    [
      OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
                    choices: %w[apache iis nginx],
                    normalize: i[downcase to_sym],
                    advanced: true),
      OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
      OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
    ]
end

#load_server_moduleSymbol

Loads the related server module in the target and includes it in the WpItem class which will be needed to check if directory listing is enabled etc



82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'app/controllers/core.rb', line 82

def load_server_module
  server = target.server || :Apache # Tries to auto detect the server

  # Force a specific server module to be loaded if supplied
  case parsed_options[:server]
  when :apache
    server = :Apache
  when :iis
    server = :IIS
  when :nginx
    server = :Nginx
  end

  mod = CMSScanner::Target::Server.const_get(server)

  target.extend mod
  WPScan::WpItem.include mod

  server
end

#local_dbDB::Updater 



21
22
23
 
# File 'app/controllers/core.rb', line 21

def local_db
  @local_db ||= DB::Updater.new(DB_DIR)
end

#update_dbObject 



43
44
45
46
47
48
 
# File 'app/controllers/core.rb', line 43

def update_db
  output('db_update_started')
  output('db_update_finished', updated: local_db.update, verbose: parsed_options[:verbose])

  exit(0) unless parsed_options[:url]
end

#update_db_required?Boolean 



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'app/controllers/core.rb', line 26

def update_db_required?
  if local_db.missing_files?
    raise MissingDatabaseFile if parsed_options[:update] == false

    return true
  end

  return parsed_options[:update] unless parsed_options[:update].nil?

  return false unless user_interaction? && local_db.outdated?

  output('@notice', msg: 'It seems like you have not updated the database for some time.')
  print '[?] Do you want to update now? [Y]es [N]o, default: [N]'

  Readline.readline =~ /^y/i ? true : false
end