Module: WpItems::Detectable

Included in:
WpItems
Defined in:
lib/common/collections/wp_items/detectable.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#item_xpathObject (readonly)

Returns the value of attribute item_xpath


6
7
8
# File 'lib/common/collections/wp_items/detectable.rb', line 6

def item_xpath
  @item_xpath
end

#vulns_fileObject (readonly)

Returns the value of attribute vulns_file


6
7
8
# File 'lib/common/collections/wp_items/detectable.rb', line 6

def vulns_file
  @vulns_file
end

Instance Method Details

#aggressive_detection(wp_target, options = {}) ⇒ WpItems

Options Hash (options):

  • :show_progression (Boolean)

    Whether or not output the progress bar

  • :only_vulnerable (Boolean)

    Only check for vulnerable items

  • :exclude_content (String)

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/common/collections/wp_items/detectable.rb', line 15

def aggressive_detection(wp_target, options = {})
  browser          = Browser.instance
  hydra            = browser.hydra
  targets          = targets_items(wp_target, options)
  progress_bar     = progress_bar(targets.size, options)
  queue_count      = 0
  exist_options    = {
    error_404_hash:  wp_target.error_404_hash,
    homepage_hash:   wp_target.homepage_hash,
    exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil
  }
  results          = passive_detection(wp_target, options)

  targets.each do |target_item|
    request = browser.forge_request(target_item.url, request_params)

    request.on_complete do |response|
      progress_bar.progress += 1 if options[:show_progression]

      if target_item.exists?(exist_options, response)
        if !results.include?(target_item)
          if !options[:only_vulnerable] || options[:only_vulnerable] && target_item.vulnerable?
            results << target_item
          end
        end
      end
    end

    hydra.queue(request)
    queue_count += 1

    if queue_count >= browser.max_threads
      hydra.run
      queue_count = 0
      puts "Sent #{browser.max_threads} requests ..." if options[:verbose]
    end
  end

  # run the remaining requests
  hydra.run

  results.select!(&:vulnerable?) if options[:only_vulnerable]
  results.sort!

  results  # can't just return results.sort as it would return an array, and we want a WpItems
end

#passive_detection(wp_target, options = {}) ⇒ WpItems


82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# File 'lib/common/collections/wp_items/detectable.rb', line 82

def passive_detection(wp_target, options = {})
  results = new(wp_target)
  # improves speed
  body    = remove_base64_images_from_html(Browser.get(wp_target.url).body)
  page    = Nokogiri::HTML(body)
  names   = []

  page.css('link,script,style').each do |tag|
    %w(href src).each do |attribute|
      attr_value = tag.attribute(attribute).to_s
      next unless attr_value

      names << Regexp.last_match[1] if attr_value.match(attribute_pattern(wp_target))
    end

    next unless tag.name == 'script' || tag.name == 'style'

    code = tag.text.to_s
    next if code.empty?

    code.scan(code_pattern(wp_target)).flatten.uniq.each do |item_name|
      names << item_name
    end
  end

  names.uniq.each { |name| results.add(name) }

  results.sort!
  results
end

#progress_bar(targets_size, options) ⇒ ProgressBar

:nocov:


67
68
69
70
71
72
73
74
75
# File 'lib/common/collections/wp_items/detectable.rb', line 67

def progress_bar(targets_size, options)
  if options[:show_progression]
    ProgressBar.create(
      format: '%t %a <%B> (%c / %C) %P%% %e',
      title: '  ', # Used to craete a left margin
      total: targets_size
    )
  end
end