Contents

module WPScan
  module Finders
    module Medias
      # Medias Finder
      class AttachmentBruteForcing < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator

        # @param [ Hash ] opts
        # @option opts [ Range ] :range Mandatory
        #
        # @return [ Array<Media> ]
        def aggressive(opts = {})
          found = []

          enumerate(target_urls(opts), opts) do |res|
            next unless res.code == 200

            found << WPScan::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
          end

          found
        end

        # @param [ Hash ] opts
        # @option opts [ Range ] :range Mandatory
        #
        # @return [ Hash ]
        def target_urls(opts = {})
          urls = {}

          opts[:range].each do |id|
            urls[target.uri.join("?attachment_id=#{id}").to_s] = id
          end

          urls
        end

        def create_progress_bar(opts = {})
          super(opts.merge(title: ' Brute Forcing Attachment Ids -'))
        end
      end
    end
  end
end

Version data entries

12 entries across 12 versions & 1 rubygems

Version	Path
wpscan-3.2.1	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.2.0	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.1.0	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.0.8	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.0.7	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.0.6	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.0.5	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.0.4	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.0.3	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.0.2	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.0.1	app/finders/medias/attachment_brute_forcing.rb
wpscan-3.0	app/finders/medias/attachment_brute_forcing.rb