Class: WebSite

Inherits:
Object
  • Object
show all
Includes:
InterestingHeaders, RobotsTxt
Defined in:
lib/wpscan/web_site.rb,
lib/wpscan/web_site/robots_txt.rb,
lib/wpscan/web_site/interesting_headers.rb

Direct Known Subclasses

WpTarget

Defined Under Namespace

Modules: InterestingHeaders, RobotsTxt

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from InterestingHeaders

#interesting_headers

Methods included from RobotsTxt

#has_robots?, #parse_robots_txt, #robots_url

Constructor Details

#initialize(site_url) ⇒ WebSite


12
13
14
# File 'lib/wpscan/web_site.rb', line 12

def initialize(site_url)
  self.url = site_url
end

Instance Attribute Details

#uriObject (readonly)

Returns the value of attribute uri


10
11
12
# File 'lib/wpscan/web_site.rb', line 10

def uri
  @uri
end

Class Method Details

.has_log?(log_url, pattern) ⇒ Boolean

Only the first 700 bytes are checked to avoid the download of the whole file which can be very huge (like 2 Go)


113
114
115
116
# File 'lib/wpscan/web_site.rb', line 113

def self.has_log?(log_url, pattern)
  log_body = Browser.get(log_url, headers: {'range' => 'bytes=0-700'}).body
  log_body[pattern] ? true : false
end

.page_hash(page) ⇒ String

Compute the MD5 of the page Comments are deleted from the page to avoid cache generation details


77
78
79
80
81
# File 'lib/wpscan/web_site.rb', line 77

def self.page_hash(page)
  page = Browser.get(page, { followlocation: true, cache_ttl: 0 }) unless page.is_a?(Typhoeus::Response)

  Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
end

Instance Method Details

#error_404_hashObject

Return the MD5 hash of a 404 page


91
92
93
94
95
96
97
# File 'lib/wpscan/web_site.rb', line 91

def error_404_hash
  unless @error_404_hash
    non_existant_page = Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html'
    @error_404_hash   = WebSite.page_hash(@uri.merge(non_existant_page).to_s)
  end
  @error_404_hash
end

#has_basic_auth?Boolean


29
30
31
# File 'lib/wpscan/web_site.rb', line 29

def has_basic_auth?
  Browser.get(@uri.to_s).code == 401
end

#has_xml_rpc?Boolean


33
34
35
36
# File 'lib/wpscan/web_site.rb', line 33

def has_xml_rpc?
  response = Browser.get_and_follow_location(xml_rpc_url)
  response.body =~ %r{XML-RPC server accepts POST requests only}i
end

#homepage_hashObject


83
84
85
86
87
88
# File 'lib/wpscan/web_site.rb', line 83

def homepage_hash
  unless @homepage_hash
    @homepage_hash = WebSite.page_hash(@uri.to_s)
  end
  @homepage_hash
end

#online?Boolean

Checks if the remote website is up.


25
26
27
# File 'lib/wpscan/web_site.rb', line 25

def online?
  Browser.get(@uri.to_s).code != 0
end

#redirection(url = nil) ⇒ Object

See if the remote url returns 30x redirect This method is recursive Return a string with the redirection or nil


50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'lib/wpscan/web_site.rb', line 50

def redirection(url = nil)
  redirection = nil
  url ||= @uri.to_s
  response = Browser.get(url)

  redirected_uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
  if response.code == 301 || response.code == 302
    redirection = response.headers_hash['location']
    if redirection[0] == '/'
      redirection = "#{redirected_uri.scheme}://#{redirected_uri.host}#{redirection}"
    end

    # Let's check if there is a redirection in the redirection
    if other_redirection = redirection(redirection)
      redirection = other_redirection
    end
  end

  redirection
end

#rss_urlObject

Will try to find the rss url in the homepage Only the first one found is returned


101
102
103
104
# File 'lib/wpscan/web_site.rb', line 101

def rss_url
  homepage_body = Browser.get(@uri.to_s).body
  homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
end

#urlObject


20
21
22
# File 'lib/wpscan/web_site.rb', line 20

def url
  @uri.to_s
end

#url=(url) ⇒ Object


16
17
18
# File 'lib/wpscan/web_site.rb', line 16

def url=(url)
  @uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
end

#xml_rpc_urlObject


39
40
41
42
43
44
45
# File 'lib/wpscan/web_site.rb', line 39

def xml_rpc_url
  unless @xmlrpc_url
    @xmlrpc_url = @uri.merge('xmlrpc.php').to_s
  end

  @xmlrpc_url
end