1
#
2
# Copyright (c) Browser Exploitation Framework (BeEF) - https://beefproject.com
3
# See the file 'doc/COPYING' for copying permission
4
#
5
# Author Erwan LR (@erwan_lr | WPScanTeam) - https://wpscan.org/
6
#
7

8
require 'securerandom'
9

10
class WordPressCommand < BeEF::Core::Command
11
  def pre_send
12
    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/misc/wordpress/wp.js', '/wp', 'js')
13
  end
14

15
  # If we could retrive the hooked URL, we could try to determine the wp_path to be set below
16
  def self.options
17
    [
18
      { 'name' => 'wp_path', 'ui_label' => 'WordPress Path', 'value' => '/' }
19
    ]
20
  end
21

22
  # This one is triggered each time a beef.net.send is called
23
  def post_execute
24
    BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('wp.js')
25

26
    return unless @datastore['result']
27

28
    save({ 'result' => @datastore['result'] })
29
  end
30
end
31

32