Contents

module WPScan
  module Finders
    module WpVersion
      # RSS Generator Version Finder
      class RSSGenerator < CMSScanner::Finders::Finder
        include Finder::WpVersion::SmartURLChecker

        def process_urls(urls, _opts = {})
          found = Findings.new

          urls.each do |url|
            res = Browser.get_and_follow_location(url)

            res.html.xpath('//comment()[contains(., "wordpress")] | //generator').each do |node|
              node_text = node.text.to_s.strip

              next unless node_text =~ %r{\Ahttps?://wordpress\.(?:[a-z]+)/\?v=(.*)\z}i ||
                          node_text =~ %r{\Agenerator="wordpress/([^"]+)"\z}i

              found << create_version(
                Regexp.last_match[1],
                found_by: found_by,
                entries: ["#{res.effective_url}, #{node.to_s.strip}"]
              )
            end
          end

          found
        end

        def passive_urls_xpath
          '//link[@rel="alternate" and @type="application/rss+xml"]'
        end

        def aggressive_urls(_opts = {})
          %w[feed/ comments/feed/ feed/rss/ feed/rss2/].reduce([]) do |a, uri|
            a << target.url(uri)
          end
        end
      end
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version	Path
wpscan-3.2.1	app/finders/wp_version/rss_generator.rb
wpscan-3.2.0	app/finders/wp_version/rss_generator.rb
wpscan-3.1.0	app/finders/wp_version/rss_generator.rb
wpscan-3.0.8	app/finders/wp_version/rss_generator.rb
wpscan-3.0.7	app/finders/wp_version/rss_generator.rb
wpscan-3.0.6	app/finders/wp_version/rss_generator.rb
wpscan-3.0.5	app/finders/wp_version/rss_generator.rb
wpscan-3.0.4	app/finders/wp_version/rss_generator.rb