# File lib/wpscan/wp_target.rb, line 22 def initialize(target_url, options = {}) super(target_url) @verbose = options[:verbose] @wp_content_dir = options[:wp_content_dir] @wp_plugins_dir = options[:wp_plugins_dir] @multisite = nil Browser.instance(options.merge(:max_threads => options[:threads])) end
Valid HTTP return codes
# File lib/wpscan/wp_target.rb, line 72 def self.valid_response_codes [200, 301, 302, 401, 403, 500, 400] end
@return [ String ]
# File lib/wpscan/wp_target.rb, line 114 def debug_log_url @uri.merge("#{wp_content_dir()}/debug.log").to_s end
@return [ Boolean ]
# File lib/wpscan/wp_target.rb, line 109 def has_debug_log? WebSite.has_log?(debug_log_url, %r{\[[^\]]+\] PHP (?:Warning|Error|Notice):}) end
The version is not yet considerated
@param [ String ] name @param [ String ] version
@return [ Boolean ]
# File lib/wpscan/wp_target.rb, line 98 def has_plugin?(name, version = nil) WpPlugin.new( @uri, name: name, version: version, wp_content_dir: wp_content_dir, wp_plugins_dir: wp_plugins_dir ).exists? end
# File lib/wpscan/wp_target.rb, line 59 def login_url url = @uri.merge('wp-login.php').to_s # Let's check if the login url is redirected (to https url for example) redirection = redirection(url) if redirection url = redirection end url end
@return [ Boolean ]
# File lib/wpscan/wp_target.rb, line 128 def search_replace_db_2_exists? resp = Browser.get(search_replace_db_2_url) resp.code == 200 && resp.body[%r{by interconnect}] end
Script for replacing strings in wordpress databases reveals databse credentials after hitting submit interconnectit.com/124/search-and-replace-for-wordpress-databases/
@return [ String ]
# File lib/wpscan/wp_target.rb, line 123 def search_replace_db_2_url @uri.merge('searchreplacedb2.php').to_s end
@return [ WpTheme ] :nocov:
# File lib/wpscan/wp_target.rb, line 78 def theme WpTheme.find(@uri) end
@param [ String ] versions_xml
@return [ WpVersion ] :nocov:
# File lib/wpscan/wp_target.rb, line 87 def version(versions_xml) WpVersion.find(@uri, wp_content_dir, wp_plugins_dir, versions_xml) end
check if the target website is actually running wordpress.
# File lib/wpscan/wp_target.rb, line 35 def wordpress? wordpress = false response = Browser.get_and_follow_location(@uri.to_s) if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/ wordpress = true else response = Browser.get_and_follow_location(xml_rpc_url) if response.body =~ %r{XML-RPC server accepts POST requests only} wordpress = true else response = Browser.get_and_follow_location(login_url) if response.code == 200 && response.body =~ %r{WordPress} wordpress = true end end end wordpress end