Module: WpTarget::WpLoginProtection

Included in:
WpTarget
Defined in:
lib/wpscan/wp_target/wp_login_protection.rb

Constant Summary

LOGIN_PROTECTION_METHOD_PATTERN =
/^has_(.*)_protection\?/i

Instance Method Summary (collapse)

Instance Method Details

- (Object) better_wp_security_url (protected)



63
64
65
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 63

def better_wp_security_url
  plugin_url('better-wp-security/')
end

- (Object) bluetrait_event_viewer_url (protected)



99
100
101
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 99

def bluetrait_event_viewer_url
  plugin_url('bluetrait-event-viewer')
end

- (Boolean) has_better_wp_security_protection? (protected)

Returns:

  • (Boolean)


50
51
52
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 50

def has_better_wp_security_protection?
  Browser.get(better_wp_security_url).code != 404
end

- (Boolean) has_bluetrait_event_viewer_protection? (protected)

Returns:

  • (Boolean)


95
96
97
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 95

def has_bluetrait_event_viewer_protection?
  Browser.get(bluetrait_event_viewer_url).code != 404
end

- (Boolean) has_limit_login_attempts_protection? (protected)

Returns:

  • (Boolean)


86
87
88
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 86

def 
  Browser.get().code != 404
end

- (Boolean) has_login_lock_protection? (protected)

Returns:

  • (Boolean)


45
46
47
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 45

def 
  Browser.get().body =~ %r{LOGIN LOCK} ? true : false
end

- (Boolean) has_login_lockdown_protection? (protected)

Thanks to Alip Aswalid for providing this method. wordpress.org/extend/plugins/login-lockdown/

Returns:

  • (Boolean)


40
41
42
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 40

def 
  Browser.get().body =~ %r{Login LockDown}i ? true : false
end

- (Boolean) has_login_protection?

Returns:

  • (Boolean)


10
11
12
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 10

def 
  !().nil?
end

- (Boolean) has_login_security_solution_protection? (protected)

Returns:

  • (Boolean)


77
78
79
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 77

def 
  Browser.get(()).code != 404
end

- (Boolean) has_simple_login_lockdown_protection? (protected)

Returns:

  • (Boolean)


68
69
70
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 68

def 
  Browser.get().code != 404
end

- (Object) limit_login_attempts_url (protected)



90
91
92
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 90

def 
  plugin_url('limit-login-attempts')
end

- (Object) login_protection_plugin

Checks if a login protection plugin is enabled code.google.com/p/wpscan/issues/detail?id=111 return a WpPlugin object or nil if no one is found



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 17

def 
  unless @login_protection_plugin
    protected_methods.grep(LOGIN_PROTECTION_METHOD_PATTERN).each do |symbol_to_call|

      if send(symbol_to_call)
        plugin_name = symbol_to_call[LOGIN_PROTECTION_METHOD_PATTERN, 1].gsub('_', '-')

        return @login_protection_plugin = WpPlugin.new(
          @uri,
          name:           plugin_name,
          wp_content_dir: wp_content_dir,
          wp_plugins_dir: wp_plugins_dir
        )
      end
    end
    @login_protection_plugin = nil
  end
  @login_protection_plugin
end

- (Object) login_security_solution_url (protected)



81
82
83
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 81

def 
  plugin_url('login-security-solution')
end

- (Object) plugin_url(plugin_name) (protected)



54
55
56
57
58
59
60
61
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 54

def plugin_url(plugin_name)
  WpPlugin.new(
    @uri,
    name:           plugin_name,
    wp_content_dir: wp_content_dir,
    wp_plugins_dir: wp_plugins_dir
  ).url
end

- (Object) simple_login_lockdown_url (protected)



72
73
74
# File 'lib/wpscan/wp_target/wp_login_protection.rb', line 72

def 
  plugin_url('simple-login-lockdown/')
end