Module: WpItems::Detectable
- Included in:
- WpItems
- Defined in:
- lib/common/collections/wp_items/detectable.rb
Instance Attribute Summary (collapse)
-
- (Object) item_xpath
readonly
Returns the value of attribute item_xpath.
-
- (Object) vulns_file
readonly
Returns the value of attribute vulns_file.
Instance Method Summary (collapse)
- - (WpItems) aggressive_detection(wp_target, options = {})
- - (WpItem) create_item(klass, name, wp_target, vulns_file = nil) protected
- - (Class) item_class protected
- - (WpItems) passive_detection(wp_target, options = {})
-
- (ProgressBar) progress_bar(targets_size, options)
:nocov:.
-
- (Hash) request_params
protected
The default request parameters.
- - (Array<WpItem>) targets_items(wp_target, options = {}) protected
- - (WpItem) targets_items_from_file(file, wp_target, item_class, vulns_file) protected
- - (Array<WpItem>) vulnerable_targets_items(wp_target, item_class, vulns_file) protected
Instance Attribute Details
- (Object) item_xpath (readonly)
Returns the value of attribute item_xpath
6 7 8 |
# File 'lib/common/collections/wp_items/detectable.rb', line 6 def item_xpath @item_xpath end |
- (Object) vulns_file (readonly)
Returns the value of attribute vulns_file
6 7 8 |
# File 'lib/common/collections/wp_items/detectable.rb', line 6 def vulns_file @vulns_file end |
Instance Method Details
- (WpItems) aggressive_detection(wp_target, options = {})
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/common/collections/wp_items/detectable.rb', line 15 def aggressive_detection(wp_target, = {}) browser = Browser.instance hydra = browser.hydra targets = targets_items(wp_target, ) = (targets.size, ) = { error_404_hash: wp_target.error_404_hash, homepage_hash: wp_target.homepage_hash, exclude_content: [:exclude_content] ? %r{#{[:exclude_content]}} : nil } # If we only want the vulnerable ones, the passive detection is ignored # Otherwise, a passive detection is performed, and results will be merged results = [:only_vulnerable] ? new : passive_detection(wp_target, ) targets.each do |target_item| request = browser.forge_request(target_item.url, request_params) request.on_complete do |response| .progress += 1 if [:show_progression] if target_item.exists?(, response) if !results.include?(target_item) results << target_item end end end hydra.queue(request) end hydra.run results.sort! results # can't just return results.sort because the #sort returns an array, and we want a WpItems end |
- (WpItem) create_item(klass, name, wp_target, vulns_file = nil) (protected)
154 155 156 157 158 159 160 161 162 |
# File 'lib/common/collections/wp_items/detectable.rb', line 154 def create_item(klass, name, wp_target, vulns_file = nil) klass.new( wp_target.uri, name: name, vulns_file: vulns_file, wp_content_dir: wp_target.wp_content_dir, wp_plugins_dir: wp_target.wp_plugins_dir ) end |
- (Class) item_class (protected)
187 188 189 |
# File 'lib/common/collections/wp_items/detectable.rb', line 187 def item_class Object.const_get(self.to_s.gsub(/.$/, '')) end |
- (WpItems) passive_detection(wp_target, options = {})
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/common/collections/wp_items/detectable.rb', line 72 def passive_detection(wp_target, = {}) results = new item_class = self.item_class type = self.to_s.gsub(/Wp/, '').downcase response = Browser.get(wp_target.url) = { wp_content_dir: wp_target.wp_content_dir, wp_plugins_dir: wp_target.wp_plugins_dir, vulns_file: self.vulns_file } regex1 = %r{(?:[^=:]+)\s?(?:=|:)\s?(?:"|')[^"']+\\?/} regex2 = %r{\\?/} regex3 = %r{\\?/([^/\\"']+)\\?(?:/|"|')} names = response.body.scan(/#{regex1}#{Regexp.escape(wp_target.wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/i) names.flatten.uniq.each do |name| results << item_class.new(wp_target.uri, .merge(name: name)) end results.sort! results end |
- (ProgressBar) progress_bar(targets_size, options)
:nocov:
56 57 58 59 60 61 62 63 64 65 |
# File 'lib/common/collections/wp_items/detectable.rb', line 56 def (targets_size, ) if [:show_progression] ProgressBar.create( format: '%t %a <%B> (%c / %C) %P%% %e', title: ' ', # Used to craete a left margin length: 120, total: targets_size ) end end |
- (Hash) request_params (protected)
The default request parameters
102 |
# File 'lib/common/collections/wp_items/detectable.rb', line 102 def request_params; { cache_ttl: 0, followlocation: true } end |
- (Array<WpItem>) targets_items(wp_target, options = {}) (protected)
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 |
# File 'lib/common/collections/wp_items/detectable.rb', line 110 def targets_items(wp_target, = {}) item_class = self.item_class vulns_file = self.vulns_file targets = vulnerable_targets_items(wp_target, item_class, vulns_file) unless [:only_vulnerable] unless [:file] raise 'A file must be supplied' end targets += targets_items_from_file([:file], wp_target, item_class, vulns_file) end targets.uniq! { |t| t.name } targets.sort_by { rand } end |
- (WpItem) targets_items_from_file(file, wp_target, item_class, vulns_file) (protected)
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 |
# File 'lib/common/collections/wp_items/detectable.rb', line 170 def targets_items_from_file(file, wp_target, item_class, vulns_file) targets = [] File.open(file, 'r') do |f| f.readlines.collect do |item_name| targets << create_item( item_class, item_name.strip, wp_target, vulns_file ) end end targets end |
- (Array<WpItem>) vulnerable_targets_items(wp_target, item_class, vulns_file) (protected)
133 134 135 136 137 138 139 140 141 142 143 144 145 146 |
# File 'lib/common/collections/wp_items/detectable.rb', line 133 def vulnerable_targets_items(wp_target, item_class, vulns_file) targets = [] xml = xml(vulns_file) xml.xpath(item_xpath).each do |node| targets << create_item( item_class, node.attribute('name').text, wp_target, vulns_file ) end targets end |