Module: Wpxf::WordPress::Fingerprint

Included in:
Module
Defined in:
lib/wpxf/wordpress/fingerprint.rb

Overview

Provides functionality for fingerprinting WordPress and its components.

Instance Method Summary collapse

Instance Method Details

#check_plugin_version_from_changelog(plugin_name, file_name, fixed = nil, introduced = nil) ⇒ Symbol

Checks a plugin's changelog for a vulnerable version.

Parameters:

  • plugin_name (String)

    the name of the plugin.

  • file_name (String)

    the name of the file that contains the changelog.

  • fixed (String) (defaults to: nil)

    the version the vulnerability was fixed in.

  • introduced (String) (defaults to: nil)

    the version the vulnerability was introduced in.

Returns:

  • (Symbol)

    :unknown, :vulnerable or :safe.



65
66
67
68
 
# File 'lib/wpxf/wordpress/fingerprint.rb', line 65

def check_plugin_version_from_changelog(plugin_name, file_name, fixed = nil, introduced = nil)
  changelog = normalize_uri(wordpress_url_plugins, plugin_name, file_name)
  check_version_from_custom_file(changelog, /=\s([\d\.]+)\s=/, fixed, introduced)
end

#check_plugin_version_from_readme(name, fixed = nil, introduced = nil) ⇒ Symbol

Checks a plugin's readme for a vulnerable version.

Parameters:

  • name (String)

    the name of the plugin.

  • fixed (String) (defaults to: nil)

    the version the vulnerability was fixed in.

  • introduced (String) (defaults to: nil)

    the version the vulnerability was introduced in.

Returns:

  • (Symbol)

    :unknown, :vulnerable or :safe.



55
56
57
 
# File 'lib/wpxf/wordpress/fingerprint.rb', line 55

def check_plugin_version_from_readme(name, fixed = nil, introduced = nil)
  _check_version_from_readme(:plugin, name, fixed, introduced)
end

#check_theme_version_from_readme(name, fixed = nil, introduced = nil) ⇒ Symbol

Checks a theme's readme for a vulnerable version.

Parameters:

  • name (String)

    the name of the theme.

  • fixed (String) (defaults to: nil)

    the version the vulnerability was fixed in.

  • introduced (String) (defaults to: nil)

    the version the vulnerability was introduced in.

Returns:

  • (Symbol)

    :unknown, :vulnerable or :safe.



46
47
48
 
# File 'lib/wpxf/wordpress/fingerprint.rb', line 46

def check_theme_version_from_readme(name, fixed = nil, introduced = nil)
  _check_version_from_readme(:theme, name, fixed, introduced)
end

#check_theme_version_from_style(name, fixed = nil, introduced = nil) ⇒ Symbol

Checks the style.css file for a vulnerable version.

Parameters:

  • name (String)

    the name of the theme.

  • fixed (String) (defaults to: nil)

    the version the vulnerability was fixed in.

  • introduced (String) (defaults to: nil)

    the version the vulnerability was introduced in.

Returns:

  • (Symbol)

    :unknown, :vulnerable or :safe.



30
31
32
33
34
35
36
37
38
39
 
# File 'lib/wpxf/wordpress/fingerprint.rb', line 30

def check_theme_version_from_style(name, fixed = nil, introduced = nil)
  style_uri = normalize_uri(wordpress_url_themes, name, 'style.css')
  res = execute_get_request(url: style_uri)

  # No style.css file present
  return :unknown if res.nil? || res.code != 200

  pattern = _extension_version_pattern(:style)
  _extract_and_check_version(res.body, pattern, fixed, introduced)
end

#check_version_from_custom_file(url, regex, fixed = nil, introduced = nil) ⇒ Symbol

Checks a custom file for a vulnerable version.

Parameters:

  • url (String)

    the relative path of the file.

  • regex (Regexp)

    the regular expression to extract the version.

  • fixed (String) (defaults to: nil)

    the version the vulnerability was fixed in.

  • introduced (String) (defaults to: nil)

    the version the vulnerability was introduced.

Returns:

  • (Symbol)

    :unknown, :vulnerable or :safe.



76
77
78
79
80
 
# File 'lib/wpxf/wordpress/fingerprint.rb', line 76

def check_version_from_custom_file(url, regex, fixed = nil, introduced = nil)
  res = execute_get_request(url: url)
  return :unknown unless res && res.code == 200
  _extract_and_check_version(res.body, regex, fixed, introduced)
end

#wordpress_and_online?Boolean

Check if the host is online and running WordPress.

Returns:

  • (Boolean)

    true if the host is online and running WordPress.



7
8
9
10
11
12
 
# File 'lib/wpxf/wordpress/fingerprint.rb', line 7

def wordpress_and_online?
  res = execute_get_request(url: full_uri)
  return false unless res && res.code == 200
  return true if _wordpress_fingerprint_regexes.any? { |r| res.body =~ r }
  false
end

#wordpress_versionVersion?

Extract the WordPress version information from various sources.

Returns:

  • (Version, nil)

    the version if found, nil otherwise.



16
17
18
19
20
21
22
23
 
# File 'lib/wpxf/wordpress/fingerprint.rb', line 16

def wordpress_version
  _wordpress_version_fingerprint_sources.each do |url, pattern|
    res = execute_get_request(url: url)
    match = res.body.match(pattern) if res && res.code == 200
    return Gem::Version.new(match[1]) if match
  end
  nil
end