Sign upLogin

wpscanteam/wpscan

View on GitHub
Star
app/models/interesting_finding.rb

Summary

Maintainability
A
0 mins
Test Coverage
# frozen_string_literal: true

module WPScan
  module Model
    # Custom class to include the WPScan::References module
    class InterestingFinding < CMSScanner::Model::InterestingFinding
      include References
    end

    class BackupDB < InterestingFinding
      def to_s
        @to_s ||= "A backup directory has been found: #{url}"
      end

      # @return [ Hash ]
      def references
        @references ||= { url: ['https://github.com/wpscanteam/wpscan/issues/422'] }
      end
    end

    class DebugLog < InterestingFinding
      def to_s
        @to_s ||= "Debug Log found: #{url}"
      end

      # @ return [ Hash ]
      def references
        @references ||= { url: ['https://codex.wordpress.org/Debugging_in_WordPress'] }
      end
    end

    class DuplicatorInstallerLog < InterestingFinding
      # @return [ Hash ]
      def references
        @references ||= { url: ['https://www.exploit-db.com/ghdb/3981/'] }
      end
    end

    class EmergencyPwdResetScript < InterestingFinding
      def references
        @references ||= {
          url: ['https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script']
        }
      end
    end

    class FullPathDisclosure < InterestingFinding
      def to_s
        @to_s ||= "Full Path Disclosure found: #{url}"
      end

      # @return [ Hash ]
      def references
        @references ||= { url: ['https://www.owasp.org/index.php/Full_Path_Disclosure'] }
      end
    end

    class MuPlugins < InterestingFinding
      # @return [ String ]
      def to_s
        @to_s ||= "This site has 'Must Use Plugins': #{url}"
      end

      # @return [ Hash ]
      def references
        @references ||= { url: ['http://codex.wordpress.org/Must_Use_Plugins'] }
      end
    end

    class Multisite < InterestingFinding
      # @return [ String ]
      def to_s
        @to_s ||= 'This site seems to be a multisite'
      end

      # @return [ Hash ]
      def references
        @references ||= { url: ['http://codex.wordpress.org/Glossary#Multisite'] }
      end
    end

    class Readme < InterestingFinding
      def to_s
        @to_s ||= "WordPress readme found: #{url}"
      end
    end

    class Registration < InterestingFinding
      # @return [ String ]
      def to_s
        @to_s ||= "Registration is enabled: #{url}"
      end
    end

    class TmmDbMigrate < InterestingFinding
      def to_s
        @to_s ||= "ThemeMakers migration file found: #{url}"
      end

      # @return [ Hash ]
      def references
        @references ||= { packetstorm: [131_957] }
      end
    end

    class UploadDirectoryListing < InterestingFinding
      # @return [ String ]
      def to_s
        @to_s ||= "Upload directory has listing enabled: #{url}"
      end
    end

    class UploadSQLDump < InterestingFinding
      def to_s
        @to_s ||= "SQL Dump found: #{url}"
      end
    end

    class WPCron < InterestingFinding
      # @return [ String ]
      def to_s
        @to_s ||= "The external WP-Cron seems to be enabled: #{url}"
      end

      # @return [ Hash ]
      def references
        @references ||= {
          url: [
            'https://www.iplocation.net/defend-wordpress-from-ddos',
            'https://github.com/wpscanteam/wpscan/issues/1299'
          ]
        }
      end
    end

    class PHPDisabled < InterestingFinding
      # @return [ String ]
      def to_s
        @to_s ||= 'PHP seems to be disabled'
      end

      # @return [ Hash ]
      def references
        @references ||= {
          url: ['https://github.com/wpscanteam/wpscan/issues/1593']
        }
      end
    end
  end
end