Permalink
Browse files

Add check for .sql backup files

  • Loading branch information...
ethicalhack3r committed Jun 7, 2018
1 parent 85b4914 commit 0e73774bd9f6d13c8194e44b9b799d3e5dd089ca
Showing with 40 additions and 0 deletions.
  1. +2 −0 lib/wpscan/web_site.rb
  2. +32 −0 lib/wpscan/web_site/sql_file_export.rb
  3. +6 −0 wpscan.rb
@@ -5,13 +5,15 @@
require 'web_site/robots_txt'
require 'web_site/security_txt'
require 'web_site/sitemap'
require 'web_site/sql_file_export'
class WebSite
include WebSite::HumansTxt
include WebSite::InterestingHeaders
include WebSite::RobotsTxt
include WebSite::SecurityTxt
include WebSite::Sitemap
include WebSite::SqlFileExport
attr_reader :uri
@@ -0,0 +1,32 @@
# encoding: UTF-8
class WebSite
module SqlFileExport
# Checks if a .sql file exists
# @return [ Array ]
def sql_file_export
backup_files = []
self.sql_file_export_urls.each do |url|
response = Browser.get(url)
backup_files << url if response.code == 200 && response.body =~ /INSERT INTO/
end
backup_files
end
# Gets a .sql export file URL
# @return [ Array ]
def sql_file_export_urls
urls = []
files = ["#{@uri.host[/(^[\w|-]+)/,1]}.sql", 'backup.sql', 'database.sql', 'dump.sql']
files.each do |file|
urls << @uri.clone.merge(file).to_s
end
urls
end
end
end
@@ -255,6 +255,12 @@ def main
end
end
unless wp_target.sql_file_export.empty?
wp_target.sql_file_export.each do |file|
puts critical("SQL export file found: #{file}")
end
end
code = get_http_status(wp_target.humans_url)
if code == 200
puts info("humans.txt available under: #{wp_target.humans_url} [HTTP #{code}]")

1 comment on commit 0e73774

Please sign in to comment.