Class: WPScan::Controller::Core

Inherits:
CMSScanner::Controller::Core
  • Object
show all
Defined in:
app/controllers/core.rb

Overview

Specific Core controller to include WordPress checks

Instance Method Summary collapse

Instance Method Details

#before_scanObject 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'app/controllers/core.rb', line 52

def before_scan
  @last_update = local_db.last_update

  maybe_output_banner_help_and_version # From CMSScanner

  update_db if update_db_required?
  setup_cache
  check_target_availability
  load_server_module
  check_wordpress_state
rescue Error::NotWordPress => e
  target.maybe_add_cookies
  raise e unless target.wordpress?(ParsedCli.detection_mode)
end

#check_wordpress_stateObject

Raises errors if the target is hosted on wordpress.com or is not running WordPress Also check if the homepage_url is still the install url

Raises:



69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'app/controllers/core.rb', line 69

def check_wordpress_state
  raise Error::WordPressHosted if target.wordpress_hosted?

  if %r{/wp-admin/install.php$}i.match?(Addressable::URI.parse(target.homepage_url).path)

    output('not_fully_configured', url: target.homepage_url)

    exit(WPScan::ExitCode::VULNERABLE)
  end

  raise Error::NotWordPress unless target.wordpress?(ParsedCli.detection_mode) || ParsedCli.force
end

#cli_optionsArray<OptParseValidator::Opt> 



8
9
10
11
12
13
14
15
16
17
18
19
20
 
# File 'app/controllers/core.rb', line 8

def cli_options
  [OptURL.new(['--url URL', 'The URL of the blog to scan'],
              required_unless: i[update help hh version], default_protocol: 'http')] +
    super.drop(1) + # delete the --url from CMSScanner
    [
      OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
                    choices: %w[apache iis nginx],
                    normalize: i[downcase to_sym],
                    advanced: true),
      OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
      OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
    ]
end

#load_server_moduleSymbol

Loads the related server module in the target and includes it in the WpItem class which will be needed to check if directory listing is enabled etc



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'app/controllers/core.rb', line 87

def load_server_module
  server = target.server || :Apache # Tries to auto detect the server

  # Force a specific server module to be loaded if supplied
  case ParsedCli.server
  when :apache
    server = :Apache
  when :iis
    server = :IIS
  when :nginx
    server = :Nginx
  end

  mod = CMSScanner::Target::Server.const_get(server)

  target.extend mod
  Model::WpItem.include mod

  server
end

#local_dbDB::Updater 



23
24
25
 
# File 'app/controllers/core.rb', line 23

def local_db
  @local_db ||= DB::Updater.new(DB_DIR)
end

#update_dbObject 



45
46
47
48
49
50
 
# File 'app/controllers/core.rb', line 45

def update_db
  output('db_update_started')
  output('db_update_finished', updated: local_db.update, verbose: ParsedCli.verbose)

  exit(0) unless ParsedCli.url
end

#update_db_required?Boolean 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'app/controllers/core.rb', line 28

def update_db_required?
  if local_db.missing_files?
    raise Error::MissingDatabaseFile if ParsedCli.update == false

    return true
  end

  return ParsedCli.update unless ParsedCli.update.nil?

  return false unless user_interaction? && local_db.outdated?

  output('@notice', msg: 'It seems like you have not updated the database for some time.')
  print '[?] Do you want to update now? [Y]es [N]o, default: [N]'

  /^y/i.match?(Readline.readline) ? true : false
end