Module: WpItems::Detectable

Included in:
WpItems
Defined in:
lib/common/collections/wp_items/detectable.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#item_xpathObject (readonly)

Returns the value of attribute item_xpath


6
7
8
# File 'lib/common/collections/wp_items/detectable.rb', line 6

def item_xpath
  @item_xpath
end

#vulns_fileObject (readonly)

Returns the value of attribute vulns_file


6
7
8
# File 'lib/common/collections/wp_items/detectable.rb', line 6

def vulns_file
  @vulns_file
end

Instance Method Details

#aggressive_detection(wp_target, options = {}) ⇒ WpItems

Parameters:

  • wp_target (WpTarget)
  • options (Hash) (defaults to: {})

Options Hash (options):

  • :show_progression (Boolean)

    Whether or not output the progress bar

  • :only_vulnerable (Boolean)

    Only check for vulnerable items

  • :exclude_content (String)

Returns:


15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/common/collections/wp_items/detectable.rb', line 15

def aggressive_detection(wp_target, options = {})
  browser          = Browser.instance
  hydra            = browser.hydra
  targets          = targets_items(wp_target, options)
  progress_bar     = progress_bar(targets.size, options)
  queue_count      = 0
  exist_options    = {
    error_404_hash:  wp_target.error_404_hash,
    homepage_hash:   wp_target.homepage_hash,
    exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil
  }
  results          = passive_detection(wp_target, options)

  targets.each do |target_item|
    request = browser.forge_request(target_item.url, request_params)

    request.on_complete do |response|
      progress_bar.progress += 1 if options[:show_progression]

      if target_item.exists?(exist_options, response)
        if !results.include?(target_item)
          if !options[:only_vulnerable] || options[:only_vulnerable] && target_item.vulnerable?
            results << target_item
          end
        end
      end
    end

    hydra.queue(request)
    queue_count += 1

    if queue_count >= browser.max_threads
      hydra.run
      queue_count = 0
      puts "Sent #{browser.max_threads} requests ..." if options[:verbose]
    end
  end

  # run the remaining requests
  hydra.run

  results.select!(&:vulnerable?) if options[:only_vulnerable]
  results.sort!

  results  # can't just return results.sort as it would return an array, and we want a WpItems
end

#passive_detection(wp_target, options = {}) ⇒ WpItems

Parameters:

  • wp_target (WpTarget)
  • options (Hash) (defaults to: {})

Returns:


82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# File 'lib/common/collections/wp_items/detectable.rb', line 82

def passive_detection(wp_target, options = {})
  results = new(wp_target)
  # improves speed
  body    = remove_base64_images_from_html(Browser.get(wp_target.url).body)
  page    = Nokogiri::HTML(body)
  names   = []

  page.css('link,script,style').each do |tag|
    %w(href src).each do |attribute|
      attr_value = tag.attribute(attribute).to_s
      next unless attr_value

      names << Regexp.last_match[1] if attr_value.match(attribute_pattern(wp_target))
    end

    next unless tag.name == 'script' || tag.name == 'style'

    code = tag.text.to_s
    next if code.empty?

    code.scan(code_pattern(wp_target)).flatten.uniq.each do |item_name|
      names << item_name
    end
  end

  names.uniq.each { |name| results.add(name) }

  results.sort!
  results
end

#progress_bar(targets_size, options) ⇒ ProgressBar

:nocov:

Parameters:

  • targets_size (Integer)
  • options (Hash)

Returns:

  • (ProgressBar)

67
68
69
70
71
72
73
74
75
# File 'lib/common/collections/wp_items/detectable.rb', line 67

def progress_bar(targets_size, options)
  if options[:show_progression]
    ProgressBar.create(
      format: '%t %a <%B> (%c / %C) %P%% %e',
      title: '  ', # Used to craete a left margin
      total: targets_size
    )
  end
end