Class: WPScan::Finders::Medias::AttachmentBruteForcing

Inherits:

CMSScanner::Finders::Finder

• Object
• CMSScanner::Finders::Finder
• WPScan::Finders::Medias::AttachmentBruteForcing

Includes:

CMSScanner::Finders::Finder::Enumerator

Defined in:

app/finders/medias/attachment_brute_forcing.rb

Overview

Medias Finder, see github.com/wpscanteam/wpscan/issues/172

Instance Method Summary

• #aggressive(opts = {}) ⇒ Array<Media>
• #create_progress_bar(opts = {}) ⇒ Object
• #target_urls(opts = {}) ⇒ Hash

Instance Method Details

#aggressive(opts = {}) ⇒ Array<Media>

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :range (Range) —

  Mandatory

Returns:

• (Array<Media>)

# File 'app/finders/medias/attachment_brute_forcing.rb', line 14

def aggressive(opts = {})
  found = []

  enumerate(target_urls(opts), opts) do |res|
    next unless res.code == 200

    found << Model::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
  end

  found
end

#create_progress_bar(opts = {}) ⇒ Object

# File 'app/finders/medias/attachment_brute_forcing.rb', line 40

def create_progress_bar(opts = {})
  super(opts.merge(title: ' Brute Forcing Attachment IDs -'))
end

#target_urls(opts = {}) ⇒ Hash

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :range (Range) —

  Mandatory

Returns:

• (Hash)

# File 'app/finders/medias/attachment_brute_forcing.rb', line 30

def target_urls(opts = {})
  urls = {}

  opts[:range].each do |id|
    urls[target.uri.join("?attachment_id=#{id}").to_s] = id
  end

  urls
end