class WPScan::Finders::DynamicFinder::WpItems::Finder

Not really a dynamic finder in itself (hence not a child class of DynamicFinder::Finder) but will use the dynamic finder DB configs to find collections of WpItems (such as Plugins and Themes)

Also used to factorise some code used between such finders. The process_response should be implemented in each child class, or the passive and aggressive overriden

Public Instance Methods

aggressive(_opts = {}) click to toggle source

@param [ Hash ] opts

@return [ Array<Plugin>, Array<Theme> ]

# File lib/wpscan/finders/dynamic_finder/wp_items/finder.rb, line 62
def aggressive(_opts = {})
  # Disable this as it would make quite a lot of extra requests just to find plugins/themes
  # Kept the original method below for future implementation
end
aggressive_(opts = {}) click to toggle source

@param [ Hash ] opts

@return [ Array<Plugin>, Array<Theme> ]

# File lib/wpscan/finders/dynamic_finder/wp_items/finder.rb, line 70
def aggressive_(opts = {})
  found = []

  aggressive_configs.each do |slug, configs|
    configs.each do |klass, config|
      path     = aggressive_path(slug, config)
      response = Browser.get(target.url(path))

      item = process_response(opts, response, slug, klass, config)

      found << item if item.is_a?(Model::WpItem)
    end
  end

  found
end
aggressive_configs() click to toggle source

@return [ Hash ] The related dynamic finder passive configurations

for the current class (all its usefullness comes from child classes)
# File lib/wpscan/finders/dynamic_finder/wp_items/finder.rb, line 50
def aggressive_configs
  # So far only the Plugins have dynamic finders so using DB:: DynamicFinders::Plugin
  # is ok. However, when Themes have some, will need to create other child classes for them

  method = "aggressive_#{self.class.to_s.demodulize.underscore}_finder_configs".to_sym

  DB::DynamicFinders::Plugin.public_send(method)
end
aggressive_path(slug, config) click to toggle source

@param [ String ] slug @param [ Hash ] config from the YAML file with he 'path' key

@return [ String ] The path related to the aggresive configuration

ie config['path'] if it's an absolute path (like /file.txt)
or the path from inside the related plugin directory
# File lib/wpscan/finders/dynamic_finder/wp_items/finder.rb, line 93
def aggressive_path(slug, config)
  return config['path'] if config['path'][0] == '/'

  # No need to set the correct plugins dir, it will be handled by target.url()
  "wp-content/plugins/#{slug}/#{config['path']}"
end
passive(opts = {}) click to toggle source

@param [ Hash ] opts

@return [ Array<Plugin>, Array<Theme> ]

# File lib/wpscan/finders/dynamic_finder/wp_items/finder.rb, line 29
def passive(opts = {})
  found = []

  passive_configs.each do |slug, configs|
    configs.each do |klass, config|
      [target.homepage_res, target.error_404_res].each do |page_res|
        item = process_response(opts, page_res, slug, klass, config)

        if item.is_a?(Model::WpItem)
          found << item
          break # No need to check the other page if detected in the current
        end
      end
    end
  end

  found
end
passive_configs() click to toggle source

@return [ Hash ] The related dynamic finder passive configurations

for the current class (all its usefullness comes from child classes)
# File lib/wpscan/finders/dynamic_finder/wp_items/finder.rb, line 17
def passive_configs
  # So far only the Plugins have dynamic finders so using DB:: DynamicFinders::Plugin
  # is ok. However, when Themes have some, will need to create other child classes for them

  method = "passive_#{self.class.to_s.demodulize.underscore}_finder_configs".to_sym

  DB::DynamicFinders::Plugin.public_send(method)
end