module WpTarget::WpCustomDirectories

Public Instance Methods

default_wp_content_dir_exists?() click to toggle source

@return [ Boolean ]

# File lib/wpscan/wp_target/wp_custom_directories.rb, line 23
def default_wp_content_dir_exists?
  response = Browser.get(@uri.merge('wp-content').to_s)
  hash = Digest::MD5.hexdigest(response.body)

  if WpTarget.valid_response_codes.include?(response.code)
    return true if hash != error_404_hash and hash != homepage_hash
  end

  false
end
wp_content_dir() click to toggle source

@return [ String ] The wp-content directory

# File lib/wpscan/wp_target/wp_custom_directories.rb, line 6
def wp_content_dir
  unless @wp_content_dir
    index_body = Browser.get(@uri.to_s).body
    uri_path = @uri.path # Only use the path because domain can be text or an IP

    if index_body[/\/wp-content\/(?:themes|plugins)\//] || default_wp_content_dir_exists?
      @wp_content_dir = 'wp-content'
    else
      domains_excluded = '(?:www\.)?(facebook|twitter)\.com'
      @wp_content_dir  = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}((?!#{domains_excluded})[^"']+)\/(?:themes|plugins)\/.*(?:"|')/, 1]
    end
  end

  @wp_content_dir
end
wp_plugins_dir() click to toggle source

@return [ String ] The wp-plugins directory

# File lib/wpscan/wp_target/wp_custom_directories.rb, line 35
def wp_plugins_dir
  unless @wp_plugins_dir
    @wp_plugins_dir = "#{wp_content_dir}/plugins"
  end
  @wp_plugins_dir
end
wp_plugins_dir_exists?() click to toggle source

@return [ Boolean ]

# File lib/wpscan/wp_target/wp_custom_directories.rb, line 43
def wp_plugins_dir_exists?
  Browser.get(@uri.merge(wp_plugins_dir).to_s).code != 404
end