CoCalc -- attachment_brute

GitHub Repository: wpscanteam/wpscan
Path: blob/master/app/finders/medias/attachment_brute_forcing.rb
⁴⁸⁵ views

1
# frozen_string_literal: true
2

3
module WPScan
4
  module Finders
5
    module Medias
6
      # Medias Finder, see https://github.com/wpscanteam/wpscan/issues/172
7
      class AttachmentBruteForcing < CMSScanner::Finders::Finder
8
        include CMSScanner::Finders::Finder::Enumerator
9

10
        # @param [ Hash ] opts
11
        # @option opts [ Range ] :range Mandatory
12
        #
13
        # @return [ Array<Media> ]
14
        def aggressive(opts = {})
15
          found = []
16

17
          enumerate(target_urls(opts), opts) do |res|
18
            next unless res.code == 200
19

20
            found << Model::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
21
          end
22

23
          found
24
        end
25

26
        # @param [ Hash ] opts
27
        # @option opts [ Range ] :range Mandatory
28
        #
29
        # @return [ Hash ]
30
        def target_urls(opts = {})
31
          urls = {}
32

33
          opts[:range].each do |id|
34
            urls[target.uri.join("?attachment_id=#{id}").to_s] = id
35
          end
36

37
          urls
38
        end
39

40
        def create_progress_bar(opts = {})
41
          super(opts.merge(title: ' Brute Forcing Attachment IDs -'))
42
        end
43
      end
44
    end
45
  end
46
end
47

48

Product

Resources

Company