Class: WPScan::Finders::Users::WpJsonApi

Inherits:

CMSScanner::Finders::Finder

Object
CMSScanner::Finders::Finder
WPScan::Finders::Users::WpJsonApi

show all

Defined in:: app/finders/users/wp_json_api.rb

Overview

WP JSON API

Since 4.7 - Need more investigation as it seems WP 4.7.1 reduces the exposure, see github.com/wpscanteam/wpscan/issues/1038) For the pagination, see github.com/wpscanteam/wpscan/issues/1285

Constant Summary collapse

MAX_PER_PAGE = See developer.wordpress.org/rest-api/using-the-rest-api/pagination/

Instance Method Summary collapse

#aggressive(_opts = {}) ⇒ Array<User>
#api_url ⇒ String

The URL of the API listing the Users.
#users_from_response(response) ⇒ Array<User>

The users from the response.

Instance Method Details

#aggressive(_opts = {}) ⇒ `Array<User>`

Parameters:

opts (Hash)

Returns:

(Array<User>)

# File 'app/finders/users/wp_json_api.rb', line 17

def aggressive(_opts = {})
  found        = []
  current_page = 0

  loop do
    current_page += 1

    res = Browser.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })

    total_pages ||= res.headers['X-WP-TotalPages'].to_i

    users_in_page = users_from_response(res)
    found        += users_in_page

    break if current_page >= total_pages || users_in_page.empty?
  end

  found
rescue JSON::ParserError, TypeError
  found
end

#api_url ⇒ `String`

Returns The URL of the API listing the Users.

Returns:

(String) —

The URL of the API listing the Users

# File 'app/finders/users/wp_json_api.rb', line 57

def api_url
  return @api_url if @api_url

  target.in_scope_uris(target.homepage_res, "//link[@rel='https://api.w.org/']/@href").each do |uri|
    return @api_url = uri.join('wp/v2/users/').to_s if uri.path.include?('wp-json')
  end

  @api_url = target.url('wp-json/wp/v2/users/')
end

#users_from_response(response) ⇒ `Array<User>`

Returns The users from the response.

Parameters:

response (Typhoeus::Response)

Returns:

(Array<User>) —

The users from the response

# File 'app/finders/users/wp_json_api.rb', line 42

def users_from_response(response)
  found = []

  JSON.parse(response.body)&.each do |user|
    found << Model::User.new(user['slug'],
                             id: user['id'],
                             found_by: found_by,
                             confidence: 100,
                             interesting_entries: [response.effective_url])
  end

  found
end

Class: WPScan::Finders::Users::WpJsonApi

Overview

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#aggressive(_opts = {}) ⇒ Array<User>

#api_url ⇒ String

#users_from_response(response) ⇒ Array<User>

#aggressive(_opts = {}) ⇒ `Array<User>`

#api_url ⇒ `String`

#users_from_response(response) ⇒ `Array<User>`