class WPScan::DB::VulnApi

WPVulnDB API

Constants

NON_ERROR_CODES

Attributes

token[RW]

Public Class Methods

default_request_params() click to toggle source

@return [ Hash ] @note Those params can not be overriden by CLI options

# File lib/wpscan/db/vuln_api.rb, line 72
def self.default_request_params
  @default_request_params ||= Browser.instance.default_connect_request_params.merge(
    headers: {
      'User-Agent' => Browser.instance.default_user_agent,
      'Authorization' => "Token token=#{token}"
    }
  )
end
get(path, params = {}) click to toggle source

@param [ String ] path @param [ Hash ] params

@return [ Hash ]

# File lib/wpscan/db/vuln_api.rb, line 22
def self.get(path, params = {})
  return {} unless token
  return {} if path.end_with?('/latest') # Remove this when api/v4 is up

  # Typhoeus.get is used rather than Browser.get to avoid merging irrelevant params from the CLI
  res = Typhoeus.get(uri.join(path), default_request_params.merge(params))

  return {} if res.code == 404 || res.code == 429
  return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)

  raise Error::HTTP, res
rescue Error::HTTP => e
  retries ||= 0

  if (retries += 1) <= 3
    @default_request_params[:headers]['X-Retry'] = retries

    sleep(1)
    retry
  end

  { 'http_error' => e }
end
plugin_data(slug) click to toggle source

@return [ Hash ]

# File lib/wpscan/db/vuln_api.rb, line 47
def self.plugin_data(slug)
  get("plugins/#{slug}")&.dig(slug) || {}
end
status() click to toggle source

@return [ Hash ]

# File lib/wpscan/db/vuln_api.rb, line 62
def self.status
  json = get('status', params: { version: WPScan::VERSION }, cache_ttl: 0)

  json['requests_remaining'] = 'Unlimited' if json['requests_remaining'] == -1

  json
end
theme_data(slug) click to toggle source

@return [ Hash ]

# File lib/wpscan/db/vuln_api.rb, line 52
def self.theme_data(slug)
  get("themes/#{slug}")&.dig(slug) || {}
end
uri() click to toggle source

@return [ Addressable::URI ]

# File lib/wpscan/db/vuln_api.rb, line 14
def self.uri
  @uri ||= Addressable::URI.parse('https://wpscan.com/api/v3/')
end
wordpress_data(version_number) click to toggle source

@return [ Hash ]

# File lib/wpscan/db/vuln_api.rb, line 57
def self.wordpress_data(version_number)
  get("wordpresses/#{version_number.tr('.', '')}")&.dig(version_number) || {}
end