Class: WPScan::Finders::Finder

Inherits:

Object

• Object
• WPScan::Finders::Finder

Defined in:

lib/wpscan/finders/finder.rb,
lib/wpscan/finders/finder/enumerator.rb,
lib/wpscan/finders/finder/fingerprinter.rb,
lib/wpscan/finders/finder/smart_url_checker.rb,
lib/wpscan/finders/finder/smart_url_checker/findings.rb,
lib/wpscan/finders/finder/wp_version/smart_url_checker.rb,
lib/wpscan/finders/finder/breadth_first_dictionary_attack.rb

Overview

Finder

Direct Known Subclasses

BackupFolders::KnownLocations, ConfigBackups::KnownFilenames, DbExports::KnownLocations, DynamicFinder::Finder, DynamicFinder::WpItems::Finder, InterestingFindings::BackupDB, InterestingFindings::DebugLog, InterestingFindings::DuplicatorInstallerLog, InterestingFindings::EmergencyPwdResetScript, InterestingFindings::FantasticoFileslist, InterestingFindings::FullPathDisclosure, InterestingFindings::Headers, InterestingFindings::MuPlugins, InterestingFindings::Multisite, InterestingFindings::PHPDisabled, InterestingFindings::Readme, InterestingFindings::Registration, InterestingFindings::RobotsTxt, InterestingFindings::SearchReplaceDB2, InterestingFindings::TmmDbMigrate, InterestingFindings::UploadDirectoryListing, InterestingFindings::UploadSQLDump, InterestingFindings::WPCron, InterestingFindings::XMLRPC, MainTheme::CssStyleInHomepage, MainTheme::UrlsInHomepage, MainTheme::WooFrameworkMetaGenerator, Medias::AttachmentBruteForcing, Passwords::WpLogin, Passwords::XMLRPC, Passwords::XMLRPCMulticall, PluginVersion::Readme, Plugins::KnownLocations, Plugins::UrlsInHomepage, Plugins::WpJsonApi, ThemeVersion::Style, ThemeVersion::WooFrameworkMetaGenerator, Themes::KnownLocations, Themes::UrlsInHomepage, Themes::WpJsonApi, TimthumbVersion::BadRequest, Timthumbs::KnownLocations, Users::AuthorIdBruteForcing, Users::AuthorPosts, Users::AuthorSitemap, Users::LoginErrorMessages, Users::OembedApi, Users::WpJsonApi, WpVersion::AtomGenerator, WpVersion::RDFGenerator, WpVersion::RSSGenerator, WpVersion::Readme, WpVersion::UniqueFingerprinting

Defined Under Namespace

Modules: BreadthFirstDictionaryAttack, Enumerator, Fingerprinter, SmartURLChecker, WpVersion

Constant Summary

DIRECT_ACCESS =

Constants for common found_by

'Direct Access (Aggressive Detection)'

Instance Attribute Summary

• #progress_bar ⇒ Object

  Returns the value of attribute progress_bar.

• #target ⇒ Object

  Returns the value of attribute target.

Instance Method Summary

• #aggressive(_opts = {}) ⇒ Object
• #browser ⇒ Browser
• #create_progress_bar(opts = {}) ⇒ ProgressBar::Base
• #found_by(klass = self.class) ⇒ String
• #hydra ⇒ Typhoeus::Hydra
• #initialize(target) ⇒ Finder constructor

  A new instance of Finder.

• #passive(_opts = {}) ⇒ Object
• #titleize ⇒ String

  The titleized name of the finder.

Constructor Details

#initialize(target) ⇒ Finder

Returns a new instance of Finder.

# File 'lib/wpscan/finders/finder.rb', line 17

def initialize(target)
  @target = target
end

Instance Attribute Details

#progress_bar ⇒ Object

Returns the value of attribute progress_bar.

# File 'lib/wpscan/finders/finder.rb', line 15

def progress_bar
  @progress_bar
end

#target ⇒ Object

Returns the value of attribute target.

# File 'lib/wpscan/finders/finder.rb', line 15

def target
  @target
end

Instance Method Details

#aggressive(_opts = {}) ⇒ Object

Parameters:

• _opts (Hash) (defaults to: {})

# File 'lib/wpscan/finders/finder.rb', line 34

def aggressive(_opts = {}); end

#browser ⇒ Browser

Returns:

• (Browser)

# File 'lib/wpscan/finders/finder.rb', line 48

def browser
  @browser ||= WPScan::Browser.instance
end

#create_progress_bar(opts = {}) ⇒ ProgressBar::Base

Parameters:

• opts (Hash) (defaults to: {}) —

  See github.com/jfelchner/ruby-progressbar/wiki/Options

Options Hash (opts):

• :show_progression (Boolean)

Returns:

• (ProgressBar::Base)

# File 'lib/wpscan/finders/finder.rb', line 40

def create_progress_bar(opts = {})
  bar_opts          = { format: '%t %a <%B> (%c / %C) %P%% %e' }
  bar_opts[:output] = ProgressBarNullOutput unless opts[:show_progression]

  @progress_bar = ::ProgressBar.create(bar_opts.merge(opts))
end

#found_by(klass = self.class) ⇒ String

Parameters:

• klass (String, Class) (defaults to: self.class)

Returns:

• (String)

# File 'lib/wpscan/finders/finder.rb', line 59

def found_by(klass = self.class)
  labels = %w[aggressive passive]

  caller_locations.each do |call|
    label = call.label
    # Since ruby 3.4, the label contains the full name, including module and class
    # rather than just the method like in ruby < 3.4
    label = label[/#(.*)/i, 1] if label.include?('#')

    next unless labels.include? label

    title = klass.to_s.demodulize.gsub(/(\d+)[a-z]+/i, '_\0').titleize(keep_id_suffix: true)

    return "#{title} (#{label.capitalize} Detection)"
  end
  nil
end

#hydra ⇒ Typhoeus::Hydra

Returns:

• (Typhoeus::Hydra)

# File 'lib/wpscan/finders/finder.rb', line 53

def hydra
  @hydra ||= browser.hydra
end

#passive(_opts = {}) ⇒ Object

Parameters:

• _opts (Hash) (defaults to: {})

# File 'lib/wpscan/finders/finder.rb', line 31

def passive(_opts = {}); end

#titleize ⇒ String

Returns The titleized name of the finder.

Returns:

• (String) —

  The titleized name of the finder

# File 'lib/wpscan/finders/finder.rb', line 22

def titleize
  # Put a _ char before any digits except those at the end, which will be replaced by a space
  # Otherwise, class such as Error404Page are returned as Error404 Page instead of Error 404 page
  # The keep_id_suffix is to concevert classes such as CssId to Css Id instead of Css

  @titleize ||= self.class.to_s.demodulize.gsub(/(\d+)[a-z]+/i, '_\0').titleize(keep_id_suffix: true)
end