Merge pull request #1081 from jamesalbert/master

--wordlist - reads stdin
2017-04-12 09:12:06 +02:00
parent 82335d7399 711ee730a0
commit 0522023fd4
3 changed files with 26 additions and 5 deletions
--- a/README.md
+++ b/README.md
@@ -260,6 +260,7 @@ Published on https://hub.docker.com/r/wpscanteam/wpscan/
    --proxy-auth <username:password>    Supply the proxy login credentials.
    --basic-auth <username:password>    Set the HTTP Basic authentication.
    --wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.
+                                        If the "-" option is supplied, the wordlist is expected via STDIN.
    --username | -U <username>          Only brute force the supplied username.
    --usernames     <path-to-file>      Only brute force the usernames from the file.
    --cache-dir       <cache-directory> Set the cache directory.
@@ -283,6 +284,10 @@ Do wordlist password brute force on enumerated users using 50 threads...

 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50```

+Do wordlist password brute force on enumerated users using STDIN as the wordlist...
+
+```crunch 5 13 -f charset.lst mixalpha | ruby wpscan.rb --url www.example.com --wordlist -```
+
 Do wordlist password brute force on the 'admin' username only...

 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin```
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -28,9 +28,18 @@ class WpUser < WpItem
      queue_count  = 0
      found        = false

-      create_progress_bar(count_file_lines(wordlist)+1, options)
+      if wordlist == '-'
+        words = ARGF
+        passwords_size = 10
+        options[:starting_at] = 0
+      else
+        words = File.open(wordlist)
+        passwords_size = count_file_lines(wordlist)+1
+      end

-      File.open(wordlist).each do |password|
+      create_progress_bar(passwords_size, options)
+
+      words.each do |password|
        password.chomp!

        # A successfull login will redirect us to the redirect_to parameter
@@ -43,7 +52,13 @@ class WpUser < WpItem
        request = login_request(password, redirect_url)

        request.on_complete do |response|
-          progress_bar.progress += 1 if options[:show_progression] && !found
+          if options[:show_progression] && !found
+            progress_bar.progress += 1
+            percentage = progress_bar.progress.fdiv(progress_bar.total)
+            if options[:starting_at] && percentage >= 0.8
+              progress_bar.total *= 2
+            end
+          end

          progress_bar.log("  Trying Username: #{login} Password: #{password}") if options[:verbose]

@@ -79,7 +94,8 @@ class WpUser < WpItem
        @progress_bar = ProgressBar.create(
          format: '%t %a <%B> (%c / %C) %P%% %e',
          title: "  Brute Forcing '#{login}'",
-          total: passwords_size
+          total: passwords_size,
+          starting_at: options[:starting_at]
        )
      end
    end
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -75,7 +75,7 @@ class WpscanOptions
  end

  def wordlist=(wordlist)
-    if File.exists?(wordlist)
+    if File.exists?(wordlist) || wordlist == '-'
      @wordlist = wordlist
    else
      raise "The file #{wordlist} does not exist"