Class: WPScan::Finders::Themes::KnownLocations

Inherits:

Finder

• Object
• Finder
• WPScan::Finders::Themes::KnownLocations

Includes:

Finder::Enumerator

Defined in:

app/finders/themes/known_locations.rb

Overview

Known Locations Themes Finder

Constant Summary

Constants inherited from Finder

Finder::DIRECT_ACCESS

Instance Attribute Summary

Attributes inherited from Finder

#progress_bar, #target

Instance Method Summary

• #aggressive(opts = {}) ⇒ Array<Theme>
• #create_progress_bar(opts = {}) ⇒ Object
• #target_urls(opts = {}) ⇒ Hash
• #valid_response_codes ⇒ Array<Integer>

Methods included from Finder::Enumerator

#enumerate, #full_request_params, #head_or_get_request_params, #maybe_get_full_response

Methods inherited from Finder

#browser, #found_by, #hydra, #initialize, #passive, #titleize

Constructor Details

This class inherits a constructor from WPScan::Finders::Finder

Instance Method Details

#aggressive(opts = {}) ⇒ Array<Theme>

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :list (String)
• :found (Findings) —

  Shared findings collection; see Plugins::KnownLocations#aggressive for the streaming rationale.

Returns:

• (Array<Theme>)

# File 'app/finders/themes/known_locations.rb', line 21

def aggressive(opts = {})
  shared = opts[:found]
  local  = shared ? nil : []
  count  = 0

  enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, slug|
    finding_opts = opts.merge(found_by: found_by,
                              confidence: 80,
                              interesting_entries: ["#{res.effective_url}, status: #{res.code}"])

    theme = Model::Theme.new(slug, target, finding_opts)
    (shared || local) << theme
    count += 1

    raise Error::ThemesThresholdReached if opts[:threshold].positive? && count >= opts[:threshold]
  end

  local || []
end

#create_progress_bar(opts = {}) ⇒ Object

# File 'app/finders/themes/known_locations.rb', line 56

def create_progress_bar(opts = {})
  super(opts.merge(title: ' Checking Known Locations -'))
end

#target_urls(opts = {}) ⇒ Hash

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :list (String)

Returns:

• (Hash)

# File 'app/finders/themes/known_locations.rb', line 45

def target_urls(opts = {})
  slugs = opts[:list] || DB::Themes.vulnerable_slugs
  urls  = {}

  slugs.each do |slug|
    urls[target.theme_url(slug)] = slug
  end

  urls
end

#valid_response_codes ⇒ Array<Integer>

Returns:

• (Array<Integer>)

# File 'app/finders/themes/known_locations.rb', line 11

def valid_response_codes
  @valid_response_codes ||= [200, 401, 403, 500].freeze
end