Class: CMSScanner::Finders::InterestingFindings::XMLRPC
- Defined in:
- app/finders/interesting_findings/xml_rpc.rb
Overview
XML RPC finder
Constant Summary
Constants inherited from Finder
Instance Attribute Summary
Attributes inherited from Finder
Instance Method Summary collapse
- #aggressive(_opts = {}) ⇒ XMLRPC
- #passive(opts = {}) ⇒ Array<XMLRPC>
- #passive_body(_opts = {}) ⇒ XMLRPC
- #passive_headers(_opts = {}) ⇒ XMLRPC
-
#potential_urls ⇒ Array<String>
The potential urls to the XMl RPC file.
Methods inherited from Finder
#browser, #create_progress_bar, #found_by, #hydra, #initialize, #titleize
Constructor Details
This class inherits a constructor from CMSScanner::Finders::Finder
Instance Method Details
#aggressive(_opts = {}) ⇒ XMLRPC
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'app/finders/interesting_findings/xml_rpc.rb', line 41 def aggressive(_opts = {}) potential_urls << target.url('xmlrpc.php') potential_urls.uniq.each do |potential_url| next unless target.in_scope?(potential_url) res = NS::Browser.get(potential_url) next unless res && res.body =~ /XML-RPC server accepts POST requests only/i return NS::XMLRPC.new(potential_url, confidence: 100, found_by: DIRECT_ACCESS) end nil end |
#passive(opts = {}) ⇒ Array<XMLRPC>
12 13 14 |
# File 'app/finders/interesting_findings/xml_rpc.rb', line 12 def passive(opts = {}) [passive_headers(opts), passive_body(opts)].compact end |
#passive_body(_opts = {}) ⇒ XMLRPC
27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'app/finders/interesting_findings/xml_rpc.rb', line 27 def passive_body(_opts = {}) target.homepage_res.html.css('link[rel="pingback"]').each do |tag| url = tag.attribute('href').to_s next unless target.in_scope?(url) potential_urls << url return NS::XMLRPC.new(url, confidence: 30, found_by: 'Link Tag (Passive Detection)') end nil end |
#passive_headers(_opts = {}) ⇒ XMLRPC
17 18 19 20 21 22 23 24 |
# File 'app/finders/interesting_findings/xml_rpc.rb', line 17 def passive_headers(_opts = {}) url = target.homepage_res.headers['X-Pingback'] return unless target.in_scope?(url) potential_urls << url NS::XMLRPC.new(url, confidence: 30, found_by: 'Headers (Passive Detection)') end |
#potential_urls ⇒ Array<String>
Returns The potential urls to the XMl RPC file.
7 8 9 |
# File 'app/finders/interesting_findings/xml_rpc.rb', line 7 def potential_urls @potential_urls ||= [] end |