Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
68 lines (53 sloc) 1.89 KB
module Intrigue
module Task
class WordpressEnumeratePlugins < BaseTask
def self.metadata
{
:name => "wordpress_enumerate_plugins",
:pretty_name => "Wordpress Enumerate Plugins",
:authors => ["jcran"],
:description => "If the target's running Wordpress, this'll enumerate the plugins",
:references => [],
:type => "discovery",
:passive => false,
:allowed_types => ["Uri"],
:example_entities => [{"type" => "Uri", "details" => {"name" => "https://intrigue.io"}}],
:allowed_options => [],
:created_types => []
}
end
def run
super
uri = _get_entity_name
# First just get the easy stuff
_set_entity_detail("wordpress_plugins", get_wordpress_parsable_plugins(uri) )
# Then, attempt to brute
_set_entity_detail("wordpress_bruted_plugins", brute_wordpress_plugin_paths(uri) )
end # end run()
def brute_wordpress_plugin_paths(uri)
# add wordpress plugins list from a file
work_q = Queue.new
File.open("#{$intrigue_basedir}/data/tech/wordpress_plugins.short.list").each_line do |l|
next if l =~ /^#/
_log "Wordpress plugin check: #{l.strip}"
work_q.push({ path: "#{l.strip}/" , severity: 5, body_regex: nil, status: "potential" })
work_q.push({ path: "#{l.strip}/readme.txt" , severity: 5, body_regex: /Contributors:/i, status: "confirmed" })
end
# then make the requests
results = make_http_requests_from_queue(uri, work_q, thread_count=1, false, false) # always create an issue
_log "Got matches: #{results}"
results
end
def get_wordpress_parsable_plugins(uri)
body = http_get_body "#{uri}/wp-json"
begin
parsed = JSON.parse body
rescue JSON::ParserError
_log_error "Unable to parse!"
end
return nil unless parsed
plugins = (parsed["namespaces"] || []).uniq.map{|x| x.gsub("\\","") }
end
end
end
end
You can’t perform that action at this time.