1
# frozen_string_literal: true
2

3
module WPScan
4
  module Finders
5
    module InterestingFindings
6
      # Multisite checker
7
      class Multisite < CMSScanner::Finders::Finder
8
        # @return [ InterestingFinding ]
9
        def aggressive(_opts = {})
10
          url      = target.url('wp-signup.php')
11
          res      = Browser.get(url)
12
          location = res.headers_hash['location']
13

14
          return unless [200, 302].include?(res.code)
15
          return if res.code == 302 && location&.include?('wp-login.php?action=register')
16
          return unless res.code == 200 || (res.code == 302 && location&.include?('wp-signup.php'))
17

18
          target.multisite = true
19

20
          Model::Multisite.new(url, confidence: 100, found_by: DIRECT_ACCESS)
21
        end
22
      end
23
    end
24
  end
25
end
26

27