Only the first 700 bytes are checked to avoid the download of the whole file which can be very huge (like 2 Go)
@param [ String ] log_url @param [ RegEx ] pattern
@return [ Boolean ]
# File lib/wpscan/web_site.rb, line 132 def self.has_log?(log_url, pattern) log_body = Browser.get(log_url, headers: {'range' => 'bytes=0-700'}).body log_body[pattern] ? true : false end
# File lib/wpscan/web_site.rb, line 6 def initialize(site_url) self.url = site_url end
Compute the MD5 of the page Comments are deleted from the page to avoid cache generation details
@param [ String, Typhoeus::Response ] page The url of the response of the page
@return [ String ] The MD5 hash of the page
# File lib/wpscan/web_site.rb, line 84 def self.page_hash(page) page = Browser.get(page) unless page.is_a?(Typhoeus::Response) Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/, '')) end
Return the MD5 hash of a 404 page
# File lib/wpscan/web_site.rb, line 98 def error_404_hash unless @error_404_hash non_existant_page = Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html' @error_404_hash = WebSite.page_hash(@uri.merge(non_existant_page).to_s) end @error_404_hash end
# File lib/wpscan/web_site.rb, line 23 def has_basic_auth? Browser.get(@uri.to_s).code == 401 end
Checks if a robots.txt file exists
# File lib/wpscan/web_site.rb, line 114 def has_robots? Browser.get(robots_url).code == 200 end
# File lib/wpscan/web_site.rb, line 27 def has_xml_rpc? !xml_rpc_url.nil? end
# File lib/wpscan/web_site.rb, line 90 def homepage_hash unless @homepage_hash @homepage_hash = WebSite.page_hash(@uri.to_s) end @homepage_hash end
Checks if the remote website is up.
# File lib/wpscan/web_site.rb, line 19 def online? Browser.get(@uri.to_s).code != 0 end
See if the remote url returns 30x redirect This method is recursive Return a string with the redirection or nil
# File lib/wpscan/web_site.rb, line 61 def redirection(url = nil) redirection = nil url ||= @uri.to_s response = Browser.get(url) if response.code == 301 || response.code == 302 redirection = response.headers_hash['location'] # Let's check if there is a redirection in the redirection if other_redirection = redirection(redirection) redirection = other_redirection end end redirection end
Gets a robots.txt URL
@return [ String ]
# File lib/wpscan/web_site.rb, line 121 def robots_url @uri.merge('robots.txt').to_s end
Will try to find the rss url in the homepage Only the first one found iw returned
# File lib/wpscan/web_site.rb, line 108 def rss_url homepage_body = Browser.get(@uri.to_s).body homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1] end
# File lib/wpscan/web_site.rb, line 14 def url @uri.to_s end
# File lib/wpscan/web_site.rb, line 10 def url=(url) @uri = URI.parse(add_trailing_slash(add_http_protocol(url))) end
See www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3
# File lib/wpscan/web_site.rb, line 32 def xml_rpc_url unless @xmlrpc_url @xmlrpc_url = xml_rpc_url_from_headers() || xml_rpc_url_from_body() end @xmlrpc_url end
# File lib/wpscan/web_site.rb, line 52 def xml_rpc_url_from_body body = Browser.get(@uri.to_s).body body[%r{<link rel="pingback" href="([^"]+)" ?\/?>}, 1] end
# File lib/wpscan/web_site.rb, line 39 def xml_rpc_url_from_headers headers = Browser.get(@uri.to_s).headers_hash xmlrpc_url = nil unless headers.nil? pingback_url = headers['X-Pingback'] unless pingback_url.nil? || pingback_url.empty? xmlrpc_url = pingback_url end end xmlrpc_url end