Class: WebSite

Inherits:
Object
  • Object
show all
Defined in:
lib/wpscan/web_site.rb

Direct Known Subclasses

WpTarget

Instance Attribute Summary (collapse)

Class Method Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (WebSite) initialize(site_url)

A new instance of WebSite



7
8
9
# File 'lib/wpscan/web_site.rb', line 7

def initialize(site_url)
  self.url = site_url
end

Instance Attribute Details

- (Object) uri (readonly)

Returns the value of attribute uri



5
6
7
# File 'lib/wpscan/web_site.rb', line 5

def uri
  @uri
end

Class Method Details

+ (Boolean) has_log?(log_url, pattern)

Only the first 700 bytes are checked to avoid the download of the whole file which can be very huge (like 2 Go)

Parameters:

  • log_url (String)
  • pattern (RegEx)

Returns:

  • (Boolean)


133
134
135
136
# File 'lib/wpscan/web_site.rb', line 133

def self.has_log?(log_url, pattern)
  log_body = Browser.get(log_url, headers: {'range' => 'bytes=0-700'}).body
  log_body[pattern] ? true : false
end

+ (String) page_hash(page)

Compute the MD5 of the page Comments are deleted from the page to avoid cache generation details

Parameters:

Returns:

  • (String)

    The MD5 hash of the page



85
86
87
88
89
# File 'lib/wpscan/web_site.rb', line 85

def self.page_hash(page)
  page = Browser.get(page) unless page.is_a?(Typhoeus::Response)

  Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
end

Instance Method Details

- (Object) error_404_hash

Return the MD5 hash of a 404 page



99
100
101
102
103
104
105
# File 'lib/wpscan/web_site.rb', line 99

def error_404_hash
  unless @error_404_hash
    non_existant_page = Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html'
    @error_404_hash   = WebSite.page_hash(@uri.merge(non_existant_page).to_s)
  end
  @error_404_hash
end

- (Boolean) has_basic_auth?

Returns:

  • (Boolean)


24
25
26
# File 'lib/wpscan/web_site.rb', line 24

def has_basic_auth?
  Browser.get(@uri.to_s).code == 401
end

- (Boolean) has_robots?

Checks if a robots.txt file exists

Returns:

  • (Boolean)


115
116
117
# File 'lib/wpscan/web_site.rb', line 115

def has_robots?
  Browser.get(robots_url).code == 200
end

- (Boolean) has_xml_rpc?

Returns:

  • (Boolean)


28
29
30
# File 'lib/wpscan/web_site.rb', line 28

def has_xml_rpc?
  !xml_rpc_url.nil?
end

- (Object) homepage_hash



91
92
93
94
95
96
# File 'lib/wpscan/web_site.rb', line 91

def homepage_hash
  unless @homepage_hash
    @homepage_hash = WebSite.page_hash(@uri.to_s)
  end
  @homepage_hash
end

- (Boolean) online?

Checks if the remote website is up.

Returns:

  • (Boolean)


20
21
22
# File 'lib/wpscan/web_site.rb', line 20

def online?
  Browser.get(@uri.to_s).code != 0
end

- (Object) redirection(url = nil)

See if the remote url returns 30x redirect This method is recursive Return a string with the redirection or nil



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/wpscan/web_site.rb', line 62

def redirection(url = nil)
  redirection = nil
  url ||= @uri.to_s
  response = Browser.get(url)

  if response.code == 301 || response.code == 302
    redirection = response.headers_hash['location']

    # Let's check if there is a redirection in the redirection
    if other_redirection = redirection(redirection)
      redirection = other_redirection
    end
  end

  redirection
end

- (String) robots_url

Gets a robots.txt URL

Returns:

  • (String)


122
123
124
# File 'lib/wpscan/web_site.rb', line 122

def robots_url
  @uri.merge('robots.txt').to_s
end

- (Object) rss_url

Will try to find the rss url in the homepage Only the first one found iw returned



109
110
111
112
# File 'lib/wpscan/web_site.rb', line 109

def rss_url
  homepage_body = Browser.get(@uri.to_s).body
  homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
end

- (Object) url



15
16
17
# File 'lib/wpscan/web_site.rb', line 15

def url
  @uri.to_s
end

- (Object) url=(url)



11
12
13
# File 'lib/wpscan/web_site.rb', line 11

def url=(url)
  @uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
end

- (Object) xml_rpc_url



33
34
35
36
37
38
# File 'lib/wpscan/web_site.rb', line 33

def xml_rpc_url
  unless @xmlrpc_url
    @xmlrpc_url = xml_rpc_url_from_headers() || xml_rpc_url_from_body()
  end
  @xmlrpc_url
end

- (Object) xml_rpc_url_from_body



53
54
55
56
57
# File 'lib/wpscan/web_site.rb', line 53

def xml_rpc_url_from_body
  body = Browser.get(@uri.to_s).body

  body[%r{<link rel="pingback" href="([^"]+)" ?\/?>}, 1]
end

- (Object) xml_rpc_url_from_headers



40
41
42
43
44
45
46
47
48
49
50
51
# File 'lib/wpscan/web_site.rb', line 40

def xml_rpc_url_from_headers
  headers    = Browser.get(@uri.to_s).headers_hash
  xmlrpc_url = nil

  unless headers.nil?
    pingback_url = headers['X-Pingback']
    unless pingback_url.nil? || pingback_url.empty?
      xmlrpc_url = pingback_url
    end
  end
  xmlrpc_url
end