Module: WPScan::Finders::WpItems::UrlsInPage
- Included in:
- MainTheme::CssStyleInHomepage, MainTheme::UrlsInHomepage, Plugins::UrlsInHomepage, Themes::UrlsInHomepage
- Defined in:
- app/finders/wp_items/urls_in_page.rb
Overview
URLs In Homepage Module to use in plugins & themes finders
Instance Method Summary collapse
- #item_attribute_pattern(type) ⇒ Regexp
- #item_code_pattern(type) ⇒ Regexp
- #item_url_pattern(type) ⇒ Regexp
-
#items_from_codes(type, uniq = true) ⇒ Array<String>
The plugins/themes detected in the javascript/style of the homepage.
-
#items_from_links(type, uniq = true) ⇒ Array<String>
The plugins/themes detected in the href, src attributes of the homepage.
Instance Method Details
#item_attribute_pattern(type) ⇒ Regexp
46 47 48 |
# File 'app/finders/wp_items/urls_in_page.rb', line 46 def item_attribute_pattern(type) @item_attribute_pattern ||= %r{#{item_url_pattern(type)}([^/]+)/}i end |
#item_code_pattern(type) ⇒ Regexp
53 54 55 |
# File 'app/finders/wp_items/urls_in_page.rb', line 53 def item_code_pattern(type) @item_code_pattern ||= %r{["'\( ]#{item_url_pattern(type)}([^\\\/\)"']+)}i end |
#item_url_pattern(type) ⇒ Regexp
60 61 62 63 64 65 66 67 68 |
# File 'app/finders/wp_items/urls_in_page.rb', line 60 def item_url_pattern(type) item_dir = type == 'plugins' ? target.plugins_dir : target.content_dir item_url = type == 'plugins' ? target.plugins_url : target.content_url url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i item_dir = %r{(?:#{url}|\\?\/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?\/}i end |
#items_from_codes(type, uniq = true) ⇒ Array<String>
Returns The plugins/themes detected in the javascript/style of the homepage.
30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'app/finders/wp_items/urls_in_page.rb', line 30 def items_from_codes(type, uniq = true) found = [] page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag| code = tag.text.to_s next if code.empty? code.scan(item_code_pattern(type)).flatten.uniq.each { |slug| found << slug } end uniq ? found.uniq.sort : found.sort end |
#items_from_links(type, uniq = true) ⇒ Array<String>
Returns The plugins/themes detected in the href, src attributes of the homepage.
12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'app/finders/wp_items/urls_in_page.rb', line 12 def items_from_links(type, uniq = true) found = [] target.in_scope_uris(page_res) do |uri| next unless uri.to_s =~ item_attribute_pattern(type) slug = Regexp.last_match[1]&.strip found << slug unless slug&.empty? end uniq ? found.uniq.sort : found.sort end |