Class: WPScan::Controller::Core

Inherits:
CMSScanner::Controller::Core
  • Object
show all
Defined in:
app/controllers/core.rb

Overview

Specific Core controller to include WordPress checks

Instance Method Summary collapse

Instance Method Details

#before_scanObject 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'app/controllers/core.rb', line 52

def before_scan
  @last_update = local_db.last_update

  maybe_output_banner_help_and_version # From CMSScanner

  update_db if update_db_required?
  setup_cache
  check_target_availability
  load_server_module
  check_wordpress_state
rescue Error::NotWordPress => e
  target.maybe_add_cookies
  raise e unless target.wordpress?(ParsedCli.detection_mode)
end

#check_wordpress_stateObject

Raises errors if the target is hosted on wordpress.com or is not running WordPress Also check if the homepage_url is still the install url

Raises:



69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'app/controllers/core.rb', line 69

def check_wordpress_state
  raise Error::WordPressHosted if target.wordpress_hosted?

  if %r{/wp-admin/install.php$}i.match?(Addressable::URI.parse(target.homepage_url).path)

    output('not_fully_configured', url: target.homepage_url)

    exit(WPScan::ExitCode::VULNERABLE)
  end

  raise Error::NotWordPress unless target.wordpress?(ParsedCli.detection_mode) || ParsedCli.force
end

#cli_optionsArray<OptParseValidator::Opt>

Returns:

  • (Array<OptParseValidator::Opt>) 


8
9
10
11
12
13
14
15
16
17
18
19
20
 
# File 'app/controllers/core.rb', line 8

def cli_options
  [OptURL.new(['--url URL', 'The URL of the blog to scan'],
              required_unless: %i[update help hh version], default_protocol: 'http')] +
    super.drop(2) + # delete the --url and --force from CMSScanner
    [
      OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
                    choices: %w[apache iis nginx],
                    normalize: %i[downcase to_sym],
                    advanced: true),
      OptBoolean.new(['--force', 'Do not check if the target is running WordPress or returns a 403']),
      OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
    ]
end

#load_server_moduleSymbol

Loads the related server module in the target and includes it in the WpItem class which will be needed to check if directory listing is enabled etc

Returns:

  • (Symbol)

    The server module loaded



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'app/controllers/core.rb', line 87

def load_server_module
  server = target.server || :Apache # Tries to auto detect the server

  # Force a specific server module to be loaded if supplied
  case ParsedCli.server
  when :apache
    server = :Apache
  when :iis
    server = :IIS
  when :nginx
    server = :Nginx
  end

  mod = CMSScanner::Target::Server.const_get(server)

  target.extend mod
  Model::WpItem.include mod

  server
end

#local_dbDB::Updater

Returns:



23
24
25
 
# File 'app/controllers/core.rb', line 23

def local_db
  @local_db ||= DB::Updater.new(DB_DIR)
end

#update_dbObject 



45
46
47
48
49
50
 
# File 'app/controllers/core.rb', line 45

def update_db
  output('db_update_started')
  output('db_update_finished', updated: local_db.update, verbose: ParsedCli.verbose)

  exit(0) unless ParsedCli.url
end

#update_db_required?Boolean

Returns:

  • (Boolean) 


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'app/controllers/core.rb', line 28

def update_db_required?
  if local_db.missing_files?
    raise Error::MissingDatabaseFile if ParsedCli.update == false

    return true
  end

  return ParsedCli.update unless ParsedCli.update.nil?

  return false unless user_interaction? && local_db.outdated?

  output('@notice', msg: 'It seems like you have not updated the database for some time.')
  print '[?] Do you want to update now? [Y]es [N]o, default: [N]'

  /^y/i.match?(Readline.readline)
end