From 475288deeb75b994af3837879686dec63a65ff54 Mon Sep 17 00:00:00 2001
From: jamesalbert <jalbert1@uci.edu>
Date: Mon, 10 Apr 2017 02:10:34 -0700
Subject: [PATCH 1/7] --wordlist - reads stdin

---
 lib/common/models/wp_user/brute_forcable.rb | 10 ++++++++--
 lib/wpscan/wpscan_options.rb                |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/common/models/wp_user/brute_forcable.rb b/lib/common/models/wp_user/brute_forcable.rb
index 844fba01..2b0de9ef 100644
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -28,9 +28,15 @@ class WpUser < WpItem
       queue_count  = 0
       found        = false
 
-      create_progress_bar(count_file_lines(wordlist)+1, options)
+      if wordlist == '-'
+        wordlist = $stdin.readlines
+      else
+        wordlist = File.readlines(wordlist)
+      end
 
-      File.open(wordlist).each do |password|
+      create_progress_bar(wordlist.length+1, options)
+
+      wordlist.each do |password|
         password.chomp!
 
         # A successfull login will redirect us to the redirect_to parameter
diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb
index 5d94cda1..a9a53f1d 100644
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -75,7 +75,7 @@ class WpscanOptions
   end
 
   def wordlist=(wordlist)
-    if File.exists?(wordlist)
+    if File.exists?(wordlist) || wordlist == '-'
       @wordlist = wordlist
     else
       raise "The file #{wordlist} does not exist"

From 9150e0ca5212187b620495279ce9e90cadccffe0 Mon Sep 17 00:00:00 2001
From: jamesalbert <jalbert1@uci.edu>
Date: Mon, 10 Apr 2017 02:44:43 -0700
Subject: [PATCH 2/7] reads stdin line by line

---
 lib/common/models/wp_user/brute_forcable.rb | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/lib/common/models/wp_user/brute_forcable.rb b/lib/common/models/wp_user/brute_forcable.rb
index 2b0de9ef..66cc9064 100644
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -29,14 +29,17 @@ class WpUser < WpItem
       found        = false
 
       if wordlist == '-'
-        wordlist = $stdin.readlines
+        words = ARGF
+        passwords_size = nil
+        options[:starting_at] = 1
       else
-        wordlist = File.readlines(wordlist)
+        words = File.open(wordlist)
+        passwords_size = count_file_lines(wordlist)+1
       end
 
-      create_progress_bar(wordlist.length+1, options)
+      create_progress_bar(passwords_size, options)
 
-      wordlist.each do |password|
+      words.each do |password|
         password.chomp!
 
         # A successfull login will redirect us to the redirect_to parameter
@@ -85,7 +88,8 @@ class WpUser < WpItem
         @progress_bar = ProgressBar.create(
           format: '%t %a <%B> (%c / %C) %P%% %e',
           title: "  Brute Forcing '#{login}'",
-          total: passwords_size
+          total: passwords_size,
+          starting_at: options[:starting_at]
         )
       end
     end

From c7488e28f7767adaa09914b2f79f8ce06eab76a4 Mon Sep 17 00:00:00 2001
From: jamesalbert <jalbert1@uci.edu>
Date: Tue, 11 Apr 2017 02:55:34 -0700
Subject: [PATCH 3/7] added estimation for stdin

---
 lib/common/models/wp_user/brute_forcable.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/common/models/wp_user/brute_forcable.rb b/lib/common/models/wp_user/brute_forcable.rb
index 66cc9064..409db8cd 100644
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -30,8 +30,8 @@ class WpUser < WpItem
 
       if wordlist == '-'
         words = ARGF
-        passwords_size = nil
-        options[:starting_at] = 1
+        passwords_size = 10
+        options[:starting_at] = 0
       else
         words = File.open(wordlist)
         passwords_size = count_file_lines(wordlist)+1
@@ -60,6 +60,8 @@ class WpUser < WpItem
             found         = true
             self.password = password
             return
+          elsif progress_bar.progress.fdiv(progress_bar.total) >= 0.5
+            progress_bar.total *= 2
           end
         end
 

From 9d7f35f3b25c0a330f2748285caa74db1022067b Mon Sep 17 00:00:00 2001
From: jamesalbert <jalbert1@uci.edu>
Date: Tue, 11 Apr 2017 02:58:47 -0700
Subject: [PATCH 4/7] tightened up the threshold

---
 lib/common/models/wp_user/brute_forcable.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/common/models/wp_user/brute_forcable.rb b/lib/common/models/wp_user/brute_forcable.rb
index 409db8cd..ee233e01 100644
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -60,7 +60,7 @@ class WpUser < WpItem
             found         = true
             self.password = password
             return
-          elsif progress_bar.progress.fdiv(progress_bar.total) >= 0.5
+          elsif progress_bar.progress.fdiv(progress_bar.total) >= 0.8
             progress_bar.total *= 2
           end
         end

From beec0bd35a037062bb1d8b2eba06aafd66dec7db Mon Sep 17 00:00:00 2001
From: jamesalbert <jalbert1@uci.edu>
Date: Tue, 11 Apr 2017 03:09:24 -0700
Subject: [PATCH 5/7] fixed progress_bar scope

---
 lib/common/models/wp_user/brute_forcable.rb | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/common/models/wp_user/brute_forcable.rb b/lib/common/models/wp_user/brute_forcable.rb
index ee233e01..712055a9 100644
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -52,7 +52,12 @@ class WpUser < WpItem
         request = login_request(password, redirect_url)
 
         request.on_complete do |response|
-          progress_bar.progress += 1 if options[:show_progression] && !found
+          if options[:show_progression] && !found
+            progress_bar.progress += 1
+            if progress_bar.progress.fdiv(progress_bar.total) >= 0.8
+              progress_bar.total *= 2
+            end
+          end
 
           progress_bar.log("  Trying Username: #{login} Password: #{password}") if options[:verbose]
 
@@ -60,8 +65,6 @@ class WpUser < WpItem
             found         = true
             self.password = password
             return
-          elsif progress_bar.progress.fdiv(progress_bar.total) >= 0.8
-            progress_bar.total *= 2
           end
         end
 

From f3bd9955288deff2f77416cc096d69cc9fafda45 Mon Sep 17 00:00:00 2001
From: jamesalbert <jalbert1@uci.edu>
Date: Tue, 11 Apr 2017 03:20:11 -0700
Subject: [PATCH 6/7] differentiate between stdin and file (estimating)

---
 lib/common/models/wp_user/brute_forcable.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/common/models/wp_user/brute_forcable.rb b/lib/common/models/wp_user/brute_forcable.rb
index 712055a9..eba01b9b 100644
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -54,7 +54,8 @@ class WpUser < WpItem
         request.on_complete do |response|
           if options[:show_progression] && !found
             progress_bar.progress += 1
-            if progress_bar.progress.fdiv(progress_bar.total) >= 0.8
+            percentage = progress_bar.progress.fdiv(progress_bar.total)
+            if options[:starting_at] && percentage >= 0.8
               progress_bar.total *= 2
             end
           end

From 711ee730a0d57d16ff52dddc51a2e7cd4d2beb9e Mon Sep 17 00:00:00 2001
From: jamesalbert <jalbert1@uci.edu>
Date: Tue, 11 Apr 2017 09:58:43 -0700
Subject: [PATCH 7/7] updated readme

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 05df41fc..0f3d8310 100644
--- a/README.md
+++ b/README.md
@@ -260,6 +260,7 @@ Published on https://hub.docker.com/r/wpscanteam/wpscan/
     --proxy-auth <username:password>    Supply the proxy login credentials.
     --basic-auth <username:password>    Set the HTTP Basic authentication.
     --wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.
+                                        If the "-" option is supplied, the wordlist is expected via STDIN.
     --username | -U <username>          Only brute force the supplied username.
     --usernames     <path-to-file>      Only brute force the usernames from the file.
     --cache-dir       <cache-directory> Set the cache directory.
@@ -283,6 +284,10 @@ Do wordlist password brute force on enumerated users using 50 threads...
 
 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50```
 
+Do wordlist password brute force on enumerated users using STDIN as the wordlist...
+
+```crunch 5 13 -f charset.lst mixalpha | ruby wpscan.rb --url www.example.com --wordlist -```
+
 Do wordlist password brute force on the 'admin' username only...
 
 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin```