diff --git a/README.md b/README.md index 05df41fc..0f3d8310 100644 --- a/README.md +++ b/README.md @@ -260,6 +260,7 @@ Published on https://hub.docker.com/r/wpscanteam/wpscan/ --proxy-auth Supply the proxy login credentials. --basic-auth Set the HTTP Basic authentication. --wordlist | -w Supply a wordlist for the password brute forcer. + If the "-" option is supplied, the wordlist is expected via STDIN. --username | -U Only brute force the supplied username. --usernames Only brute force the usernames from the file. --cache-dir Set the cache directory. @@ -283,6 +284,10 @@ Do wordlist password brute force on enumerated users using 50 threads... ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50``` +Do wordlist password brute force on enumerated users using STDIN as the wordlist... + +```crunch 5 13 -f charset.lst mixalpha | ruby wpscan.rb --url www.example.com --wordlist -``` + Do wordlist password brute force on the 'admin' username only... ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin``` diff --git a/lib/common/models/wp_user/brute_forcable.rb b/lib/common/models/wp_user/brute_forcable.rb index 844fba01..eba01b9b 100644 --- a/lib/common/models/wp_user/brute_forcable.rb +++ b/lib/common/models/wp_user/brute_forcable.rb @@ -28,9 +28,18 @@ class WpUser < WpItem queue_count = 0 found = false - create_progress_bar(count_file_lines(wordlist)+1, options) + if wordlist == '-' + words = ARGF + passwords_size = 10 + options[:starting_at] = 0 + else + words = File.open(wordlist) + passwords_size = count_file_lines(wordlist)+1 + end - File.open(wordlist).each do |password| + create_progress_bar(passwords_size, options) + + words.each do |password| password.chomp! # A successfull login will redirect us to the redirect_to parameter @@ -43,7 +52,13 @@ class WpUser < WpItem request = login_request(password, redirect_url) request.on_complete do |response| - progress_bar.progress += 1 if options[:show_progression] && !found + if options[:show_progression] && !found + progress_bar.progress += 1 + percentage = progress_bar.progress.fdiv(progress_bar.total) + if options[:starting_at] && percentage >= 0.8 + progress_bar.total *= 2 + end + end progress_bar.log(" Trying Username: #{login} Password: #{password}") if options[:verbose] @@ -79,7 +94,8 @@ class WpUser < WpItem @progress_bar = ProgressBar.create( format: '%t %a <%B> (%c / %C) %P%% %e', title: " Brute Forcing '#{login}'", - total: passwords_size + total: passwords_size, + starting_at: options[:starting_at] ) end end diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb index 5d94cda1..a9a53f1d 100644 --- a/lib/wpscan/wpscan_options.rb +++ b/lib/wpscan/wpscan_options.rb @@ -75,7 +75,7 @@ class WpscanOptions end def wordlist=(wordlist) - if File.exists?(wordlist) + if File.exists?(wordlist) || wordlist == '-' @wordlist = wordlist else raise "The file #{wordlist} does not exist"