class Wpxf::Module

The base class for all modules.

Attributes

active_workspace[RW]

@return [Models::Workspace] the currently active {Models::Workspace}.

event_emitter[RW]

@return [EventEmitter] the {EventEmitter} for the module's events.

payload[RW]

@return [Payload] the {Payload} to use with the current module.

Public Class Methods

new() click to toggle source
Calls superclass method Wpxf::ModuleAuthentication::new
# File lib/wpxf/core/module.rb, line 17
def initialize
  super

  register_option(
    BooleanOption.new(
      name: 'verbose',
      desc: 'Enable verbose output',
      required: true,
      default: false
    )
  )

  register_advanced_options([
    BooleanOption.new(
      name: 'check_wordpress_and_online',
      desc: 'Check that the target is running WordPress and is online',
      required: true,
      default: true
    )
  ])

  self.event_emitter = EventEmitter.new
end

Public Instance Methods

aux_module?() click to toggle source

@return [Boolean] true if the module is an auxiliary module.

# File lib/wpxf/core/module.rb, line 119
def aux_module?
  to_s.split('::')[-2].eql? 'Auxiliary'
end
can_execute?() click to toggle source

@return [Boolean] true if all the required options are set.

# File lib/wpxf/core/module.rb, line 42
def can_execute?
  all_options_valid? && (aux_module? || (payload&.all_options_valid?))
end
check() click to toggle source

Check if the target is vulnerable. @return [Symbol] :unknown, :vulnerable or :safe.

# File lib/wpxf/core/module.rb, line 114
def check
  :unknown
end
check_wordpress_and_online() click to toggle source

@return [Boolean] true if the target is running WordPress.

# File lib/wpxf/core/module.rb, line 47
def check_wordpress_and_online
  unless wordpress_and_online?
    emit_error "#{full_uri} does not appear to be running WordPress"
    return false
  end

  true
end
cleanup() click to toggle source

Cleanup any allocated resource to the module.

# File lib/wpxf/core/module.rb, line 108
def cleanup
  payload&.cleanup
end
exploit_module?() click to toggle source

@return [Boolean] true if the module is an exploit module.

# File lib/wpxf/core/module.rb, line 124
def exploit_module?
  to_s.split('::')[-2].eql? 'Exploit'
end
missing_options() click to toggle source

@return [Array] an array of missing option names that are required.

Calls superclass method Wpxf::Options#missing_options
# File lib/wpxf/core/module.rb, line 57
def missing_options
  opts = super
  opts.push('payload') if exploit_module? && !payload

  if payload
    payload_opts = payload.missing_options
    opts = [*opts, *payload_opts] unless payload_opts.empty?
  end

  opts
end
run() click to toggle source

Run the module. @return [Boolean] true if successful.

# File lib/wpxf/core/module.rb, line 94
def run
  if normalized_option_value('check_wordpress_and_online')
    return false unless check_wordpress_and_online
  end

  if requires_authentication
    @session_cookie = authenticate_with_wordpress(datastore['username'], datastore['password'])
    return false unless @session_cookie
  end

  true
end
set_option_value(name, value) click to toggle source

Set the value of a module option. @param name the name of the option to set. @param value the value to use. @return [String, Symbol] the normalized value, :invalid if the

specified value is invalid or :not_found if the name is invalid.
Calls superclass method Wpxf::Options#set_option_value
# File lib/wpxf/core/module.rb, line 74
def set_option_value(name, value)
  res = super(name, value)

  if payload
    return payload.set_option_value(name, value) if res == :not_found
    payload.set_option_value(name, value)
  end

  res
end
unset_option(name) click to toggle source

Unset an option or reset it back to its default value. @param name [String] the name of the option to unset.

Calls superclass method Wpxf::Options#unset_option
# File lib/wpxf/core/module.rb, line 87
def unset_option(name)
  super(name)
  payload&.unset_option(name)
end