Class: WpTarget

Inherits:
WebSite show all
Includes:
Malwares, WpConfigBackup, WpCustomDirectories, WpFullPathDisclosure, WpLoginProtection, WpReadme, WpRegistrable
Defined in:
lib/wpscan/wp_target.rb,
lib/wpscan/wp_target/malwares.rb,
lib/wpscan/wp_target/wp_readme.rb,
lib/wpscan/wp_target/wp_registrable.rb,
lib/wpscan/wp_target/wp_config_backup.rb,
lib/wpscan/wp_target/wp_login_protection.rb,
lib/wpscan/wp_target/wp_custom_directories.rb,
lib/wpscan/wp_target/wp_full_path_disclosure.rb

Defined Under Namespace

Modules: Malwares, WpConfigBackup, WpCustomDirectories, WpFullPathDisclosure, WpLoginProtection, WpReadme, WpRegistrable

Constant Summary

Constant Summary

Constants included from WpLoginProtection

WpLoginProtection::LOGIN_PROTECTION_METHOD_PATTERN

Instance Attribute Summary (collapse)

Attributes inherited from WebSite

#uri

Class Method Summary (collapse)

Instance Method Summary (collapse)

Methods included from WpFullPathDisclosure

#full_path_disclosure_url, #has_full_path_disclosure?

Methods included from WpCustomDirectories

#default_wp_content_dir_exists?, #wp_content_dir, #wp_plugins_dir, #wp_plugins_dir_exists?

Methods included from WpLoginProtection

#better_wp_security_url, #bluetrait_event_viewer_url, #has_better_wp_security_protection?, #has_bluetrait_event_viewer_protection?, #has_limit_login_attempts_protection?, #has_login_lock_protection?, #has_login_lockdown_protection?, #has_login_protection?, #has_login_security_solution_protection?, #has_simple_login_lockdown_protection?, #limit_login_attempts_url, #login_protection_plugin, #login_security_solution_url, #plugin_url, #simple_login_lockdown_url

Methods included from WpConfigBackup

#config_backup, config_backup_files

Methods included from WpRegistrable

#multisite?, #registration_enabled?, #registration_url

Methods included from WpReadme

#has_readme?, #readme_url

Methods included from Malwares

#has_malwares?, malware_pattern, #malwares, malwares_file

Methods inherited from WebSite

#error_404_hash, #has_basic_auth?, has_log?, #has_robots?, #has_xml_rpc?, #homepage_hash, #online?, page_hash, #redirection, #robots_url, #rss_url, #url, #url=, #xml_rpc_url, #xml_rpc_url_from_body, #xml_rpc_url_from_headers

Constructor Details

- (WpTarget) initialize(target_url, options = {})

A new instance of WpTarget



23
24
25
26
27
28
29
30
31
32
# File 'lib/wpscan/wp_target.rb', line 23

def initialize(target_url, options = {})
  super(target_url)

  @verbose        = options[:verbose]
  @wp_content_dir = options[:wp_content_dir]
  @wp_plugins_dir = options[:wp_plugins_dir]
  @multisite      = nil

  Browser.instance(options.merge(:max_threads => options[:threads]))
end

Instance Attribute Details

- (Object) verbose (readonly)

Returns the value of attribute verbose



21
22
23
# File 'lib/wpscan/wp_target.rb', line 21

def verbose
  @verbose
end

Class Method Details

+ (Object) valid_response_codes

Valid HTTP return codes



73
74
75
# File 'lib/wpscan/wp_target.rb', line 73

def self.valid_response_codes
  [200, 301, 302, 401, 403, 500, 400]
end

Instance Method Details

- (String) debug_log_url

Returns:

  • (String)


115
116
117
# File 'lib/wpscan/wp_target.rb', line 115

def debug_log_url
  @uri.merge("#{wp_content_dir()}/debug.log").to_s
end

- (Boolean) has_debug_log?

Returns:

  • (Boolean)


110
111
112
# File 'lib/wpscan/wp_target.rb', line 110

def has_debug_log?
  WebSite.has_log?(debug_log_url, %r{\[[^\]]+\] PHP (?:Warning|Error|Notice):})
end

- (Boolean) has_plugin?(name, version = nil)

The version is not yet considerated

Parameters:

  • name (String)
  • version (String) (defaults to: nil)

Returns:

  • (Boolean)


99
100
101
102
103
104
105
106
107
# File 'lib/wpscan/wp_target.rb', line 99

def has_plugin?(name, version = nil)
  WpPlugin.new(
    @uri,
    name: name,
    version: version,
    wp_content_dir: wp_content_dir,
    wp_plugins_dir: wp_plugins_dir
  ).exists?
end

- (Object) login_url



60
61
62
63
64
65
66
67
68
69
70
# File 'lib/wpscan/wp_target.rb', line 60

def 
  url = @uri.merge('wp-login.php').to_s

  # Let's check if the login url is redirected (to https url for example)
  redirection = redirection(url)
  if redirection
    url = redirection
  end

  url
end

- (Boolean) search_replace_db_2_exists?

Returns:

  • (Boolean)


129
130
131
132
# File 'lib/wpscan/wp_target.rb', line 129

def search_replace_db_2_exists?
  resp = Browser.get(search_replace_db_2_url)
  resp.code == 200 && resp.body[%r{by interconnect}i]
end

- (String) search_replace_db_2_url

Script for replacing strings in wordpress databases reveals databse credentials after hitting submit interconnectit.com/124/search-and-replace-for-wordpress-databases/

Returns:

  • (String)


124
125
126
# File 'lib/wpscan/wp_target.rb', line 124

def search_replace_db_2_url
  @uri.merge('searchreplacedb2.php').to_s
end

- (WpTheme) theme

:nocov:

Returns:



79
80
81
# File 'lib/wpscan/wp_target.rb', line 79

def theme
  WpTheme.find(@uri)
end

- (WpVersion) version(versions_xml)

:nocov:

Parameters:

  • versions_xml (String)

Returns:



88
89
90
# File 'lib/wpscan/wp_target.rb', line 88

def version(versions_xml)
  WpVersion.find(@uri, wp_content_dir, wp_plugins_dir, versions_xml)
end

- (Boolean) wordpress?

check if the target website is actually running wordpress.

Returns:

  • (Boolean)


36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/wpscan/wp_target.rb', line 36

def wordpress?
  wordpress = false

  response = Browser.get_and_follow_location(@uri.to_s)

  if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
    wordpress = true
  else
    response = Browser.get_and_follow_location(xml_rpc_url)

    if response.body =~ %r{XML-RPC server accepts POST requests only}i
      wordpress = true
    else
      response = Browser.get_and_follow_location()

      if response.code == 200 && response.body =~ %r{WordPress}i
        wordpress = true
      end
    end
  end

  wordpress
end