Class: WPScan::Finders::DynamicFinder::WpItems::Finder

Inherits:

CMSScanner::Finders::Finder

• Object
• CMSScanner::Finders::Finder
• WPScan::Finders::DynamicFinder::WpItems::Finder

Defined in:

lib/wpscan/finders/dynamic_finder/wp_items/finder.rb

Overview

Not really a dynamic finder in itself (hence not a child class of DynamicFinder::Finder) but will use the dynamic finder DB configs to find collections of WpItems (such as Plugins and Themes)

Also used to factorise some code used between such finders. The #process_response should be implemented in each child class, or the #passive and #aggressive overriden

Direct Known Subclasses

Plugins::BodyPattern, Plugins::Comment, Plugins::ConfigParser, Plugins::HeaderPattern, Plugins::JavascriptVar, Plugins::QueryParameter, Plugins::Xpath

Instance Method Summary

• #aggressive(_opts = {}) ⇒ Array<Plugin>, Array<Theme>
• #aggressive_(opts = {}) ⇒ Array<Plugin>, Array<Theme>
• #aggressive_configs ⇒ Hash

  The related dynamic finder passive configurations for the current class (all its usefullness comes from child classes).

• #aggressive_path(slug, config) ⇒ String

  The path related to the aggresive configuration ie config if it’s an absolute path (like /file.txt) or the path from inside the related plugin directory.

• #passive(opts = {}) ⇒ Array<Plugin>, Array<Theme>
• #passive_configs ⇒ Hash

  The related dynamic finder passive configurations for the current class (all its usefullness comes from child classes).

Instance Method Details

#aggressive(_opts = {}) ⇒ Array<Plugin>, Array<Theme>

Parameters:

• opts (Hash)

Returns:

• (Array<Plugin>, Array<Theme>)

# File 'lib/wpscan/finders/dynamic_finder/wp_items/finder.rb', line 62

def aggressive(_opts = {})
  # Disable this as it would make quite a lot of extra requests just to find plugins/themes
  # Kept the original method below for future implementation
end

#aggressive_(opts = {}) ⇒ Array<Plugin>, Array<Theme>

Parameters:

• opts (Hash) (defaults to: {})

Returns:

• (Array<Plugin>, Array<Theme>)

# File 'lib/wpscan/finders/dynamic_finder/wp_items/finder.rb', line 70

def aggressive_(opts = {})
  found = []

  aggressive_configs.each do |slug, configs|
    configs.each do |klass, config|
      path     = aggressive_path(slug, config)
      response = Browser.get(target.url(path))

      item = process_response(opts, response, slug, klass, config)

      found << item if item.is_a?(Model::WpItem)
    end
  end

  found
end

#aggressive_configs ⇒ Hash

Returns The related dynamic finder passive configurations for the current class (all its usefullness comes from child classes).

Returns:

• (Hash) —

  The related dynamic finder passive configurations for the current class (all its usefullness comes from child classes)

# File 'lib/wpscan/finders/dynamic_finder/wp_items/finder.rb', line 50

def aggressive_configs
  # So far only the Plugins have dynamic finders so using DB:: DynamicFinders::Plugin
  # is ok. However, when Themes have some, will need to create other child classes for them

  method = "aggressive_#{self.class.to_s.demodulize.underscore}_finder_configs".to_sym

  DB::DynamicFinders::Plugin.public_send(method)
end

#aggressive_path(slug, config) ⇒ String

Returns The path related to the aggresive configuration ie config if it’s an absolute path (like /file.txt) or the path from inside the related plugin directory.

Parameters:

• slug (String)
• config (Hash) —

  from the YAML file with he ‘path’ key

Returns:

• (String) —

  The path related to the aggresive configuration ie config if it’s an absolute path (like /file.txt) or the path from inside the related plugin directory

# File 'lib/wpscan/finders/dynamic_finder/wp_items/finder.rb', line 93

def aggressive_path(slug, config)
  return config['path'] if config['path'][0] == '/'

  # No need to set the correct plugins dir, it will be handled by target.url()
  "wp-content/plugins/#{slug}/#{config['path']}"
end

#passive(opts = {}) ⇒ Array<Plugin>, Array<Theme>

Parameters:

• opts (Hash) (defaults to: {})

Returns:

• (Array<Plugin>, Array<Theme>)

# File 'lib/wpscan/finders/dynamic_finder/wp_items/finder.rb', line 29

def passive(opts = {})
  found = []

  passive_configs.each do |slug, configs|
    configs.each do |klass, config|
      [target.homepage_res, target.error_404_res].each do |page_res|
        item = process_response(opts, page_res, slug, klass, config)

        if item.is_a?(Model::WpItem)
          found << item
          break # No need to check the other page if detected in the current
        end
      end
    end
  end

  found
end

#passive_configs ⇒ Hash

Returns The related dynamic finder passive configurations for the current class (all its usefullness comes from child classes).

Returns:

• (Hash) —

  The related dynamic finder passive configurations for the current class (all its usefullness comes from child classes)

# File 'lib/wpscan/finders/dynamic_finder/wp_items/finder.rb', line 17

def passive_configs
  # So far only the Plugins have dynamic finders so using DB:: DynamicFinders::Plugin
  # is ok. However, when Themes have some, will need to create other child classes for them

  method = "passive_#{self.class.to_s.demodulize.underscore}_finder_configs".to_sym

  DB::DynamicFinders::Plugin.public_send(method)
end