2013-11-10 22:08:59 +00:00
|
|
|
##
|
2014-10-17 16:47:33 +00:00
|
|
|
# This module requires Metasploit: http://metasploit.com/download
|
2013-11-10 22:08:59 +00:00
|
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
|
|
|
##
|
|
|
|
|
2016-03-08 13:02:44 +00:00
|
|
|
class MetasploitModule < Msf::Auxiliary
|
2015-10-15 16:47:13 +00:00
|
|
|
include Msf::Exploit::Remote::HTTP::Wordpress
|
2013-11-10 22:08:59 +00:00
|
|
|
include Msf::Auxiliary::Scanner
|
|
|
|
include Msf::Auxiliary::Report
|
|
|
|
|
|
|
|
def initialize
|
|
|
|
super(
|
2013-11-12 17:29:28 +00:00
|
|
|
'Name' => 'Wordpress Scanner',
|
2013-11-18 22:15:50 +00:00
|
|
|
'Description' => 'Detects Wordpress installations and their version number',
|
2014-04-09 15:46:10 +00:00
|
|
|
'Author' => [ 'Christian Mehlmauer' ],
|
2013-11-12 17:29:28 +00:00
|
|
|
'License' => MSF_LICENSE
|
2013-11-10 22:08:59 +00:00
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
def run_host(target_host)
|
|
|
|
print_status("Trying ip #{target_host}")
|
|
|
|
if wordpress_and_online?
|
|
|
|
version = wordpress_version
|
|
|
|
version_string = version ? version : '(no version detected)'
|
2013-11-10 23:24:32 +00:00
|
|
|
print_good("#{target_host} running Wordpress #{version_string}")
|
2013-11-10 22:08:59 +00:00
|
|
|
report_note(
|
|
|
|
{
|
|
|
|
:host => target_host,
|
|
|
|
:proto => 'tcp',
|
|
|
|
:sname => (ssl ? 'https' : 'http'),
|
|
|
|
:port => rport,
|
|
|
|
:type => "Wordpress #{version_string}",
|
|
|
|
:data => target_uri
|
|
|
|
})
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|