1
# frozen_string_literal: true
2

3
module WPScan
4
  module Finders
5
    module InterestingFindings
6
      # Must Use Plugins Directory checker
7
      class MuPlugins < CMSScanner::Finders::Finder
8
        # @return [ InterestingFinding ]
9
        def passive(_opts = {})
10
          pattern = %r{#{target.content_dir}/mu-plugins/}i
11

12
          target.in_scope_uris(target.homepage_res, '(//@href|//@src)[contains(., "mu-plugins")]') do |uri|
13
            next unless uri.path&.match?(pattern)
14

15
            url = target.url('wp-content/mu-plugins/')
16

17
            target.mu_plugins = true
18

19
            return Model::MuPlugins.new(url, confidence: 70, found_by: 'URLs In Homepage (Passive Detection)')
20
          end
21
          nil
22
        end
23

24
        # @return [ InterestingFinding ]
25
        def aggressive(_opts = {})
26
          url = target.url('wp-content/mu-plugins/')
27
          res = Browser.get_and_follow_location(url)
28

29
          return unless [200, 401, 403].include?(res.code)
30
          return if target.homepage_or_404?(res)
31

32
          target.mu_plugins = true
33

34
          Model::MuPlugins.new(url, confidence: 80, found_by: DIRECT_ACCESS)
35
        end
36
      end
37
    end
38
  end
39
end
40

41