function wpvulndb($vars) { switch ($this->type) { case 'theme': case 'plugin': $url = "https://wpvulndb.com/api/v1/{$this->type}s/"; break; case 'version': $url = "https://wpvulndb.com/api/v1/wordpresses/"; break; default: msg("[!] Unsupported type: {$this->type}"); return false; break; } foreach ((array) $vars as $var) { foreach ((array) $var as $v) { $v = str_ireplace('.', '', $v); $url .= $v; $resp = HTTPRequest($url); if (stripos($resp, 'The page you were looking for doesn\'t exist (404)') === false) { $resp = explode("\r\n\r\n", $resp); $resp = $resp[1]; $this->output(json_decode($resp, true)); } } } return true; }
function check_version() { Config::set('nl', true); $latest_version = 'https://raw.github.com/RamadhanAmizudin/Wordpress-scanner/master/app.php'; $src = HTTPRequest($latest_version); preg_match("#define\\('Version', '(.*?)'\\);#i", $src, $o); msg("[+] Current Version: " . Version); if (isset($o[1])) { if (version_compare(Version, $o[1], '<')) { msg("[!] Newest version is available"); } else { msg("[!] No new version available"); } } }
function getValidPost() { $feed_url = $this->url . '/?feed=rss2'; $feed = HTTPRequest($feed_url); preg_match_all('/<link>([^<]+)<\\/link>/i', $feed, $match); if (!isset($match[1])) { return false; } $posturls = $match[1]; unset($posturls[0]); foreach ($posturls as $url) { $resp = $this->pingback_request('http://www.google.com/', $url); if (!preg_match('/<value><int>33<\\/int><\\/value>/i', $resp) and preg_match('/200 ok/i', $resp)) { return $url; } } return false; }
function download() { $latest_version = 'https://raw.github.com/RamadhanAmizudin/Wordpress-scanner/master/app.php'; $src = HTTPRequest($latest_version); preg_match("#define\\('Version', '(.*?)'\\);#i", $src, $o); $url = "https://github.com/RamadhanAmizudin/Wordpress-scanner/archive/" . $o[1] . ".zip"; $ch = curl_init($url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); $fp = fopen(basename($url), 'w+'); curl_setopt($ch, CURLOPT_FILE, $fp); $data = curl_exec($ch); curl_close($ch); fclose($fp); $file = $o[1] . '.zip'; $zip = new ZipArchive(); $path = pathinfo(realpath($file), PATHINFO_DIRNAME); if ($zip->open($file) === TRUE) { $zip->extractTo($path); $zip->close(); } }
function get_webroot_pathname() { global $install_path; $resp = HTTPRequest("GET {$install_path}/libraries/joomla/utilities/compat/php50x.php HTTP/1.\r\n\r\n"); $pos1 = strpos($resp, "in <b>"); $pos2 = strpos($resp, "libraries"); if ($pos1 === false || $pos2 === false) { return ""; } $init = $pos1 + strlen("in <b>"); $str = substr($resp, $init, $pos2 - $init); if ($install_path != "/") { $install_path2 = str_replace("/", "", $install_path); $pos1 = strrpos($str, $install_path2); if ($pos1 === false) { return ""; } $str = substr($str, 0, $pos1 - 1); } if ($str[strlen($str) - 1] == "\\") { $str = substr($str, 0, $pos - 1); } if (strstr($str, "/") && $str[strlen($str) - 1] != "/") { $str = $str . "/"; } $pathname = str_replace("\\", "/", $str); return $pathname; }
function links_opml() { $data = HTTPRequest($this->url . '/wp-links-opml.php'); preg_match('#generator="wordpress/' . $this->pattern . '"#i', $data, $match); return isset($match[1]) ? $match[1] : false; }
private function new_url($current) { $response = HTTPRequest($current, false, '', false); $headers = explode("\r\n", $response); foreach ($headers as $header) { if (stripos($header, 'location:') === 0) { return rtrim(ltrim(str_ireplace('location:', '', $header)), '/'); } } return $current; }
function isProtected() { $plugins = ['better-wp-security', 'simple-login-lockdown', 'login-security-solution', 'limit-login-attempts', 'bluetrait-event-viewer']; foreach ($plugins as $plugin) { $urls[] = $this->url . '/wp-content/plugins/' . $plugin . '/'; } $response = HTTPRequest($this->url . '/wp-login.php'); $responses = HTTPMultiRequest($urls, false); if (strpos($response, 'Login LockDown') !== false) { $pros[] = 'login-lockdown'; } if (strpos($response, 'LOGIN LOCK') !== false) { $pros[] = 'login-lock'; } foreach ($responses as $key => $resp) { if (stripos($resp, '200 ok') !== false || stripos($resp, '403 forbidden') !== false) { $pros[] = $plugins[$key]; } } return !empty($pros) ? $pros : false; }