class WebSite

Attributes

uri[R]

Public Class Methods

has_log?(log_url, pattern) click to toggle source

Only the first 700 bytes are checked to avoid the download of the whole file which can be very huge (like 2 Go)

@param [ String ] log_url @param [ RegEx ] pattern

@return [ Boolean ]

# File lib/wpscan/web_site.rb, line 132
def self.has_log?(log_url, pattern)
  log_body = Browser.get(log_url, headers: {'range' => 'bytes=0-700'}).body
  log_body[pattern] ? true : false
end
new(site_url) click to toggle source
# File lib/wpscan/web_site.rb, line 6
def initialize(site_url)
  self.url = site_url
end
page_hash(page) click to toggle source

Compute the MD5 of the page Comments are deleted from the page to avoid cache generation details

@param [ String, Typhoeus::Response ] page The url of the response of the page

@return [ String ] The MD5 hash of the page

# File lib/wpscan/web_site.rb, line 84
def self.page_hash(page)
  page = Browser.get(page) unless page.is_a?(Typhoeus::Response)

  Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/, ''))
end

Public Instance Methods

error_404_hash() click to toggle source

Return the MD5 hash of a 404 page

# File lib/wpscan/web_site.rb, line 98
def error_404_hash
  unless @error_404_hash
    non_existant_page = Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html'
    @error_404_hash   = WebSite.page_hash(@uri.merge(non_existant_page).to_s)
  end
  @error_404_hash
end
has_basic_auth?() click to toggle source
# File lib/wpscan/web_site.rb, line 23
def has_basic_auth?
  Browser.get(@uri.to_s).code == 401
end
has_robots?() click to toggle source

Checks if a robots.txt file exists

# File lib/wpscan/web_site.rb, line 114
def has_robots?
  Browser.get(robots_url).code == 200
end
has_xml_rpc?() click to toggle source
# File lib/wpscan/web_site.rb, line 27
def has_xml_rpc?
  !xml_rpc_url.nil?
end
homepage_hash() click to toggle source
# File lib/wpscan/web_site.rb, line 90
def homepage_hash
  unless @homepage_hash
    @homepage_hash = WebSite.page_hash(@uri.to_s)
  end
  @homepage_hash
end
online?() click to toggle source

Checks if the remote website is up.

# File lib/wpscan/web_site.rb, line 19
def online?
  Browser.get(@uri.to_s).code != 0
end
redirection(url = nil) click to toggle source

See if the remote url returns 30x redirect This method is recursive Return a string with the redirection or nil

# File lib/wpscan/web_site.rb, line 61
def redirection(url = nil)
  redirection = nil
  url ||= @uri.to_s
  response = Browser.get(url)

  if response.code == 301 || response.code == 302
    redirection = response.headers_hash['location']

    # Let's check if there is a redirection in the redirection
    if other_redirection = redirection(redirection)
      redirection = other_redirection
    end
  end

  redirection
end
robots_url() click to toggle source

Gets a robots.txt URL

@return [ String ]

# File lib/wpscan/web_site.rb, line 121
def robots_url
  @uri.merge('robots.txt').to_s
end
rss_url() click to toggle source

Will try to find the rss url in the homepage Only the first one found iw returned

# File lib/wpscan/web_site.rb, line 108
def rss_url
  homepage_body = Browser.get(@uri.to_s).body
  homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
end
url() click to toggle source
# File lib/wpscan/web_site.rb, line 14
def url
  @uri.to_s
end
url=(url) click to toggle source
# File lib/wpscan/web_site.rb, line 10
def url=(url)
  @uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
end
xml_rpc_url() click to toggle source

See www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3

# File lib/wpscan/web_site.rb, line 32
def xml_rpc_url
  unless @xmlrpc_url
    @xmlrpc_url = xml_rpc_url_from_headers() || xml_rpc_url_from_body()
  end
  @xmlrpc_url
end
xml_rpc_url_from_body() click to toggle source
# File lib/wpscan/web_site.rb, line 52
def xml_rpc_url_from_body
  body = Browser.get(@uri.to_s).body

  body[%r{<link rel="pingback" href="([^"]+)" ?\/?>}, 1]
end
xml_rpc_url_from_headers() click to toggle source
# File lib/wpscan/web_site.rb, line 39
def xml_rpc_url_from_headers
  headers    = Browser.get(@uri.to_s).headers_hash
  xmlrpc_url = nil

  unless headers.nil?
    pingback_url = headers['X-Pingback']
    unless pingback_url.nil? || pingback_url.empty?
      xmlrpc_url = pingback_url
    end
  end
  xmlrpc_url
end