From 29280dc0ab4c01cc8ba18ffba7e329f2ece2cc1d Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Fri, 21 Sep 2012 22:10:33 +0200 Subject: [PATCH] bugfixing and more rspec tests --- doc/Array.html | 2 + doc/Browser.html | 2 + doc/BruteForce.html | 23 ++++--- doc/CREDITS.html | 2 + doc/CacheFileStore.html | 2 + doc/Exploit.html | 2 + doc/Generate_List.html | 2 + doc/GitUpdater.html | 2 + doc/Malwares.html | 2 + doc/Object.html | 4 +- doc/README.html | 2 + doc/RpcClient.html | 2 + doc/SvnUpdater.html | 2 + doc/Svn_Parser.html | 2 + doc/Updater.html | 2 + doc/UpdaterFactory.html | 2 + doc/Vulnerable.html | 2 + doc/WebSite.html | 2 + doc/WpConfigBackup.html | 2 + doc/WpDetector.html | 2 + doc/WpEnumerator.html | 2 + doc/WpFullPathDisclosure.html | 2 + doc/WpItem.html | 2 + doc/WpOptions.html | 2 + doc/WpPlugin.html | 2 + doc/WpPlugins.html | 2 + doc/WpReadme.html | 2 + doc/WpTarget.html | 2 + doc/WpTheme.html | 2 + doc/WpTimthumbs.html | 2 + doc/WpUsernames.html | 28 +++++--- doc/WpVersion.html | 2 + doc/WpVulnerability.html | 2 + doc/WpscanOptions.html | 4 +- doc/created.rid | 29 ++++---- doc/index.html | 76 ++++++++++++--------- doc/lib/common_helper_rb.html | 2 +- doc/lib/wpscan/modules/brute_force_rb.html | 2 +- doc/lib/wpscan/modules/wp_plugins_rb.html | 2 +- doc/lib/wpscan/modules/wp_usernames_rb.html | 2 +- doc/lib/wpscan/wp_detector_rb.html | 2 +- doc/lib/wpscan/wp_enumerator_rb.html | 2 +- doc/lib/wpscan/wp_options_rb.html | 2 +- doc/lib/wpscan/wp_plugin_rb.html | 2 +- doc/lib/wpscan/wp_theme_rb.html | 2 +- doc/lib/wpscan/wpscan_options_rb.html | 2 +- doc/wpscan_rb.html | 2 +- lib/wpscan/wpscan_options.rb | 2 +- spec/lib/wpscan/wp_options_spec.rb | 5 ++ spec/lib/wpscan/wpscan_options_spec.rb | 36 +++++++++- 50 files changed, 206 insertions(+), 83 deletions(-) diff --git a/doc/Array.html b/doc/Array.html index c8e26238..9b0b767e 100644 --- a/doc/Array.html +++ b/doc/Array.html @@ -166,6 +166,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/Browser.html b/doc/Browser.html index fa094476..a800bee6 100644 --- a/doc/Browser.html +++ b/doc/Browser.html @@ -182,6 +182,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/BruteForce.html b/doc/BruteForce.html index 26ad0f1a..de5d7045 100644 --- a/doc/BruteForce.html +++ b/doc/BruteForce.html @@ -158,6 +158,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • @@ -219,10 +221,10 @@ on large wordlists, although bareable.

    -# File lib/wpscan/modules/brute_force.rb, line 111
+# File lib/wpscan/modules/brute_force.rb, line 114
 def self.lines_in_file(file_path)
   lines = 0
-  File.open(file_path, 'r').each { |line| lines += 1 }
+  File.open(file_path, 'r').each { || lines += 1 }
   lines
 end
    @@ -265,23 +267,24 @@ on large wordlists, although bareable.

    hydra = Browser.instance.hydra number_of_passwords = BruteForce.lines_in_file(wordlist_path) login_url = login_url() + found = [] logins.each do |login| queue_count = 0 request_count = 0 password_found = false - File.open(wordlist_path, 'r').each do |password| + File.open(wordlist_path, "r").each do |password| # ignore file comments, but will miss passwords if they start with a hash... - next if password[0,1] == '#' + next if password[0,1] == "#" # keep a count of the amount of requests to be sent request_count += 1 queue_count += 1 # create local vars for on_complete call back, Issue 51. - username = login + username = login.name password = password # the request object @@ -302,18 +305,20 @@ on large wordlists, although bareable.

    puts "\nIncorrect username and/or password." if @verbose elsif response.code == 302 puts "\n [SUCCESS] Username : #{username} Password : #{password}\n" + found << { :name => username, :password => password } password_found = true elsif response.timed_out? puts "ERROR: Request timed out." elsif response.code == 0 puts "ERROR: No response from remote server. WAF/IPS?" - elsif response.code =~ /^50/ + # code is a fixnum, needs a string for regex + elsif response.code.to_s =~ /^50/ puts "ERROR: Server error, try reducing the number of threads." else puts "\nERROR: We recieved an unknown response for #{password}..." if @verbose - puts 'Code: ' + response.code.to_s - puts 'Body: ' + response.body + puts "Code: #{response.code.to_s}" + puts "Body: #{response.body}" puts end end @@ -343,7 +348,7 @@ on large wordlists, although bareable.

    # run all of the remaining requests hydra.run end - + found end diff --git a/doc/CREDITS.html b/doc/CREDITS.html index ef7c285a..725d9ef4 100644 --- a/doc/CREDITS.html +++ b/doc/CREDITS.html @@ -122,6 +122,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/CacheFileStore.html b/doc/CacheFileStore.html index 186a9000..24ca0e9f 100644 --- a/doc/CacheFileStore.html +++ b/doc/CacheFileStore.html @@ -172,6 +172,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/Exploit.html b/doc/Exploit.html index 543ea2cf..487ea20d 100644 --- a/doc/Exploit.html +++ b/doc/Exploit.html @@ -190,6 +190,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/Generate_List.html b/doc/Generate_List.html index 4f9f4315..5c6c747a 100644 --- a/doc/Generate_List.html +++ b/doc/Generate_List.html @@ -172,6 +172,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/GitUpdater.html b/doc/GitUpdater.html index 32c09d07..2dfd95bc 100644 --- a/doc/GitUpdater.html +++ b/doc/GitUpdater.html @@ -170,6 +170,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/Malwares.html b/doc/Malwares.html index be23e15a..0e3d196a 100644 --- a/doc/Malwares.html +++ b/doc/Malwares.html @@ -162,6 +162,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/Object.html b/doc/Object.html index 1dca7c67..6bf2cd25 100644 --- a/doc/Object.html +++ b/doc/Object.html @@ -182,6 +182,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • @@ -433,7 +435,7 @@ break end end - if looping == false or (counter * -1 ) >= base.length + if looping == false or (counter * -1 ) > base.length break end already_found = "#{character if character}#{already_found}" diff --git a/doc/README.html b/doc/README.html index 377560ad..0b0eca7b 100644 --- a/doc/README.html +++ b/doc/README.html @@ -122,6 +122,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/RpcClient.html b/doc/RpcClient.html index ee3cf694..8d018161 100644 --- a/doc/RpcClient.html +++ b/doc/RpcClient.html @@ -190,6 +190,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/SvnUpdater.html b/doc/SvnUpdater.html index 034058e3..ebb1f7f8 100644 --- a/doc/SvnUpdater.html +++ b/doc/SvnUpdater.html @@ -168,6 +168,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/Svn_Parser.html b/doc/Svn_Parser.html index 99cfcc15..5728744f 100644 --- a/doc/Svn_Parser.html +++ b/doc/Svn_Parser.html @@ -166,6 +166,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/Updater.html b/doc/Updater.html index 90f61dda..9318f8ee 100644 --- a/doc/Updater.html +++ b/doc/Updater.html @@ -172,6 +172,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/UpdaterFactory.html b/doc/UpdaterFactory.html index 746a4695..d9174eef 100644 --- a/doc/UpdaterFactory.html +++ b/doc/UpdaterFactory.html @@ -166,6 +166,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/Vulnerable.html b/doc/Vulnerable.html index 1caa2127..32578155 100644 --- a/doc/Vulnerable.html +++ b/doc/Vulnerable.html @@ -164,6 +164,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WebSite.html b/doc/WebSite.html index 5a06aa82..89f9c184 100644 --- a/doc/WebSite.html +++ b/doc/WebSite.html @@ -162,6 +162,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpConfigBackup.html b/doc/WpConfigBackup.html index 80f0e063..f547a1c0 100644 --- a/doc/WpConfigBackup.html +++ b/doc/WpConfigBackup.html @@ -158,6 +158,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpDetector.html b/doc/WpDetector.html index 761ed08f..46ca318b 100644 --- a/doc/WpDetector.html +++ b/doc/WpDetector.html @@ -166,6 +166,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpEnumerator.html b/doc/WpEnumerator.html index 745e783f..63c40b5a 100644 --- a/doc/WpEnumerator.html +++ b/doc/WpEnumerator.html @@ -166,6 +166,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpFullPathDisclosure.html b/doc/WpFullPathDisclosure.html index 2aed0957..0ec6f309 100644 --- a/doc/WpFullPathDisclosure.html +++ b/doc/WpFullPathDisclosure.html @@ -158,6 +158,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpItem.html b/doc/WpItem.html index 4f97a8c8..e1fc769e 100644 --- a/doc/WpItem.html +++ b/doc/WpItem.html @@ -190,6 +190,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpOptions.html b/doc/WpOptions.html index 9958d401..21ef0ff6 100644 --- a/doc/WpOptions.html +++ b/doc/WpOptions.html @@ -164,6 +164,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpPlugin.html b/doc/WpPlugin.html index 3018311f..49db6f0a 100644 --- a/doc/WpPlugin.html +++ b/doc/WpPlugin.html @@ -168,6 +168,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpPlugins.html b/doc/WpPlugins.html index 353975b3..ac0dc6d2 100644 --- a/doc/WpPlugins.html +++ b/doc/WpPlugins.html @@ -158,6 +158,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpReadme.html b/doc/WpReadme.html index 795ac853..84ae682e 100644 --- a/doc/WpReadme.html +++ b/doc/WpReadme.html @@ -158,6 +158,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpTarget.html b/doc/WpTarget.html index 082fd8e2..8c08910c 100644 --- a/doc/WpTarget.html +++ b/doc/WpTarget.html @@ -240,6 +240,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpTheme.html b/doc/WpTheme.html index ec14de03..5171a3b6 100644 --- a/doc/WpTheme.html +++ b/doc/WpTheme.html @@ -172,6 +172,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpTimthumbs.html b/doc/WpTimthumbs.html index 0df2bcfd..14cce904 100644 --- a/doc/WpTimthumbs.html +++ b/doc/WpTimthumbs.html @@ -160,6 +160,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • diff --git a/doc/WpUsernames.html b/doc/WpUsernames.html index 0b42814f..b194bb81 100644 --- a/doc/WpUsernames.html +++ b/doc/WpUsernames.html @@ -166,6 +166,8 @@
  • WpTimthumbs
    • +
  • WpUser
    • +
  • WpUsernames
  • WpVersion
    • @@ -226,7 +228,7 @@ 
    -# File lib/wpscan/modules/wp_usernames.rb, line 98
+# File lib/wpscan/modules/wp_usernames.rb, line 102
 def author_url(author_id)
   @uri.merge("?author=#{author_id}").to_s
 end
    @@ -259,7 +261,7 @@ 
    -# File lib/wpscan/modules/wp_usernames.rb, line 79
+# File lib/wpscan/modules/wp_usernames.rb, line 77
 def extract_nickname_from_body(body)
   body[%{<title>([^<]*)</title>}, 1]
 end
    @@ -292,7 +294,7 @@ 
    -# File lib/wpscan/modules/wp_usernames.rb, line 71
+# File lib/wpscan/modules/wp_usernames.rb, line 69
 def get_nickname_from_response(resp)
   nickname = nil
   if resp.code == 200
@@ -329,7 +331,7 @@
             
             
    
 
    -# File lib/wpscan/modules/wp_usernames.rb, line 62
+# File lib/wpscan/modules/wp_usernames.rb, line 60
 def get_nickname_from_url(url)
   resp = Browser.instance.get(url, { :follow_location => true, :max_redirects => 2 })
   nickname = nil
@@ -367,18 +369,24 @@
             
             
    
 
    -# File lib/wpscan/modules/wp_usernames.rb, line 83
+# File lib/wpscan/modules/wp_usernames.rb, line 81
 def remove_junk_from_nickname(usernames)
+  unless usernames.kind_of? Array
+    raise("Need an array as input")
+  end
   nicknames = []
   usernames.each do |u|
-    nickname = u[:nickname]
+    unless u.kind_of? WpUser
+      raise("Items must be of type WpUser")
+    end
+    nickname = u.nickname
     unless nickname == "empty"
       nicknames << nickname
     end
   end
   junk = get_equal_string_end(nicknames)
   usernames.each do |u|
-    u[:nickname] = u[:nickname].sub(/#{Regexp.escape(junk)}$/, "")
+    u.nickname = u.nickname.sub(/#{Regexp.escape(junk)}$/, "")
   end
   usernames
 end
    
@@ -412,7 +420,7 @@ href="http://seclists.org/fulldisclosure/2011/May/493">seclists.org/fulldisclosu
 
 
    :range - default : 1..10
    
 
-
    returns an array of usernames (can be empty)
    
+
    returns an array of WpUser (can be empty)
    
             
 
             
@@ -440,9 +448,7 @@ href="http://seclists.org/fulldisclosure/2011/May/493">seclists.org/fulldisclosu
     end
 
     unless username == nil and nickname == nil
-      usernames << { :id => author_id,
-                     :name => username ? username : "empty",
-                     :nickname => nickname ? nickname : "empty"}
+      usernames << WpUser.new(username, author_id, nickname)
     end
   end
   usernames = remove_junk_from_nickname(usernames)
diff --git a/doc/WpVersion.html b/doc/WpVersion.html
index ebc327ad..ec9c5683 100644
--- a/doc/WpVersion.html
+++ b/doc/WpVersion.html
@@ -178,6 +178,8 @@
         
           
  • WpTimthumbs
    • 
         
+          
  • WpUser
    • 
+        
           
  • WpUsernames
    • 
         
           
  • WpVersion
    • 
diff --git a/doc/WpVulnerability.html b/doc/WpVulnerability.html
index 4ac3b571..1566de4d 100644
--- a/doc/WpVulnerability.html
+++ b/doc/WpVulnerability.html
@@ -164,6 +164,8 @@
         
           
  • WpTimthumbs
    • 
         
+          
  • WpUser
    • 
+        
           
  • WpUsernames
    • 
         
           
  • WpVersion
    • 
diff --git a/doc/WpscanOptions.html b/doc/WpscanOptions.html
index b82da23f..27ba421f 100644
--- a/doc/WpscanOptions.html
+++ b/doc/WpscanOptions.html
@@ -198,6 +198,8 @@
         
           
  • WpTimthumbs
    • 
         
+          
  • WpUser
    • 
+        
           
  • WpUsernames
    • 
         
           
  • WpVersion
    • 
@@ -552,7 +554,7 @@ any remaining ‘-’ by ‘_’
    
 
     # File lib/wpscan/wpscan_options.rb, line 101
 def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
-  if enumerate_only_vulnerable_themes === true and @enumerate_plugins === true
+  if enumerate_only_vulnerable_themes === true and @enumerate_themes === true
     raise "You can't enumerate themes and only vulnerable themes at the same time, please choose only one"
   else
     @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
diff --git a/doc/created.rid b/doc/created.rid
index 07371c27..fe69f93d 100644
--- a/doc/created.rid
+++ b/doc/created.rid
@@ -1,41 +1,42 @@
-Thu, 20 Sep 2012 22:51:52 +0200
+Fri, 21 Sep 2012 22:09:53 +0200
 ./CREDITS	Mon, 17 Sep 2012 20:18:24 +0200
 ./lib/browser.rb	Sun, 16 Sep 2012 15:18:58 +0200
 ./lib/cache_file_store.rb	Sat, 15 Sep 2012 08:04:03 +0200
-./lib/common_helper.rb	Thu, 20 Sep 2012 22:01:50 +0200
+./lib/common_helper.rb	Fri, 21 Sep 2012 19:02:49 +0200
 ./lib/environment.rb	Thu, 20 Sep 2012 22:12:57 +0200
 ./lib/updater/git_updater.rb	Sat, 15 Sep 2012 08:00:23 +0200
 ./lib/updater/svn_updater.rb	Sat, 15 Sep 2012 08:00:34 +0200
 ./lib/updater/updater.rb	Sat, 15 Sep 2012 08:00:40 +0200
 ./lib/updater/updater_factory.rb	Sat, 15 Sep 2012 08:00:46 +0200
 ./lib/wpscan/exploit.rb	Sat, 15 Sep 2012 08:02:16 +0200
-./lib/wpscan/modules/brute_force.rb	Wed, 19 Sep 2012 21:41:41 +0200
+./lib/wpscan/modules/brute_force.rb	Fri, 21 Sep 2012 20:51:52 +0200
 ./lib/wpscan/modules/malwares.rb	Thu, 20 Sep 2012 22:23:58 +0200
 ./lib/wpscan/modules/web_site.rb	Wed, 19 Sep 2012 21:33:46 +0200
 ./lib/wpscan/modules/wp_config_backup.rb	Sat, 15 Sep 2012 08:01:11 +0200
 ./lib/wpscan/modules/wp_full_path_disclosure.rb	Sat, 15 Sep 2012 08:01:17 +0200
 ./lib/wpscan/modules/wp_login_protection.rb	Tue, 18 Sep 2012 17:51:20 +0200
-./lib/wpscan/modules/wp_plugins.rb	Tue, 18 Sep 2012 22:27:43 +0200
+./lib/wpscan/modules/wp_plugins.rb	Fri, 21 Sep 2012 15:27:28 +0200
 ./lib/wpscan/modules/wp_readme.rb	Sat, 15 Sep 2012 08:01:52 +0200
-./lib/wpscan/modules/wp_themes.rb	Tue, 18 Sep 2012 22:28:05 +0200
+./lib/wpscan/modules/wp_themes.rb	Fri, 21 Sep 2012 15:27:28 +0200
 ./lib/wpscan/modules/wp_timthumbs.rb	Wed, 19 Sep 2012 15:03:22 +0200
-./lib/wpscan/modules/wp_usernames.rb	Thu, 20 Sep 2012 22:51:18 +0200
+./lib/wpscan/modules/wp_usernames.rb	Fri, 21 Sep 2012 18:48:29 +0200
 ./lib/wpscan/msfrpc_client.rb	Sat, 15 Sep 2012 08:02:28 +0200
 ./lib/wpscan/vulnerable.rb	Wed, 19 Sep 2012 22:21:47 +0200
-./lib/wpscan/wp_detector.rb	Thu, 20 Sep 2012 22:14:29 +0200
-./lib/wpscan/wp_enumerator.rb	Wed, 19 Sep 2012 22:30:45 +0200
-./lib/wpscan/wp_item.rb	Wed, 19 Sep 2012 22:21:19 +0200
-./lib/wpscan/wp_options.rb	Tue, 18 Sep 2012 22:28:27 +0200
-./lib/wpscan/wp_plugin.rb	Wed, 19 Sep 2012 22:20:29 +0200
+./lib/wpscan/wp_detector.rb	Fri, 21 Sep 2012 15:27:28 +0200
+./lib/wpscan/wp_enumerator.rb	Fri, 21 Sep 2012 15:27:28 +0200
+./lib/wpscan/wp_item.rb	Fri, 21 Sep 2012 15:27:28 +0200
+./lib/wpscan/wp_options.rb	Fri, 21 Sep 2012 15:27:28 +0200
+./lib/wpscan/wp_plugin.rb	Fri, 21 Sep 2012 15:27:28 +0200
 ./lib/wpscan/wp_target.rb	Thu, 20 Sep 2012 22:16:44 +0200
-./lib/wpscan/wp_theme.rb	Wed, 19 Sep 2012 22:20:40 +0200
+./lib/wpscan/wp_theme.rb	Fri, 21 Sep 2012 15:27:28 +0200
+./lib/wpscan/wp_user.rb	Fri, 21 Sep 2012 18:00:14 +0200
 ./lib/wpscan/wp_version.rb	Wed, 19 Sep 2012 21:33:07 +0200
 ./lib/wpscan/wp_vulnerability.rb	Sat, 15 Sep 2012 08:03:09 +0200
 ./lib/wpscan/wpscan_helper.rb	Sat, 15 Sep 2012 21:19:30 +0200
-./lib/wpscan/wpscan_options.rb	Tue, 18 Sep 2012 17:29:40 +0200
+./lib/wpscan/wpscan_options.rb	Fri, 21 Sep 2012 22:04:11 +0200
 ./lib/wpstools/generate_list.rb	Sat, 15 Sep 2012 08:03:43 +0200
 ./lib/wpstools/parse_svn.rb	Sat, 15 Sep 2012 23:36:25 +0200
 ./lib/wpstools/wpstools_helper.rb	Sat, 15 Sep 2012 08:03:49 +0200
 ./README	Thu, 13 Sep 2012 22:54:08 +0200
-./wpscan.rb	Thu, 20 Sep 2012 22:49:19 +0200
+./wpscan.rb	Fri, 21 Sep 2012 18:13:48 +0200
 ./wpstools.rb	Sat, 15 Sep 2012 08:06:35 +0200
diff --git a/doc/index.html b/doc/index.html
index 87a16f7c..1f08c240 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -100,6 +100,8 @@
     
     
  • WpTimthumbs
    • 
     
+    
  • WpUser
    • 
+    
     
  • WpUsernames
    • 
     
     
  • WpVersion
    • 
@@ -161,32 +163,34 @@
     
       
  • ::malwares_file — Malwares
    • 
     
-      
  • ::new — CacheFileStore
    • 
-    
-      
  • ::new — WpItem
    • 
-    
       
  • ::new — WpVersion
    • 
     
-      
  • ::new — WpVulnerability
    • 
-    
-      
  • ::new — WpscanOptions
    • 
-    
       
  • ::new — RpcClient
    • 
     
-      
  • ::new — Svn_Parser
    • 
-    
-      
  • ::new — Generate_List
    • 
-    
-      
  • ::new — WpTheme
    • 
+      
  • ::new — WpPlugin
    • 
     
       
  • ::new — Exploit
    • 
     
-      
  • ::new — WpPlugin
    • 
+      
  • ::new — Svn_Parser
    • 
     
-      
  • ::new — WpTarget
    • 
+      
  • ::new — WpUser
    • 
+    
+      
  • ::new — Generate_List
    • 
     
       
  • ::new — Updater
    • 
     
+      
  • ::new — WpItem
    • 
+    
+      
  • ::new — CacheFileStore
    • 
+    
+      
  • ::new — WpVulnerability
    • 
+    
+      
  • ::new — WpTheme
    • 
+    
+      
  • ::new — WpscanOptions
    • 
+    
+      
  • ::new — WpTarget
    • 
+    
       
  • ::option_to_instance_variable_setter — WpscanOptions
    • 
     
       
  • ::passive_detection — WpDetector
    • 
@@ -199,8 +203,12 @@
     
       
  • #<=> — WpItem
    • 
     
+      
  • #<=> — WpUser
    • 
+    
       
  • #== — WpItem
    • 
     
+      
  • #=== — WpUser
    • 
+    
       
  • #=== — WpItem
    • 
     
       
  • #=== — WpTheme
    • 
@@ -245,6 +253,8 @@
     
       
  • #enumerate_themes= — WpscanOptions
    • 
     
+      
  • #eql? — WpUser
    • 
+    
       
  • #error_404_hash — WpTarget
    • 
     
       
  • #error_log? — WpPlugin
    • 
@@ -341,21 +351,21 @@
     
       
  • #jobs — RpcClient
    • 
     
-      
  • #kill_session — Exploit
    • 
-    
       
  • #kill_session — RpcClient
    • 
     
+      
  • #kill_session — Exploit
    • 
+    
       
  • #last_session_id — Exploit
    • 
     
       
  • #limit_login_attempts_url — WpLoginProtection
    • 
     
       
  • #load_config — Browser
    • 
     
-      
  • #local_revision_number — SvnUpdater
    • 
+      
  • #local_revision_number — GitUpdater
    • 
     
       
  • #local_revision_number — Updater
    • 
     
-      
  • #local_revision_number — GitUpdater
    • 
+      
  • #local_revision_number — SvnUpdater
    • 
     
       
  • #login — RpcClient
    • 
     
@@ -371,14 +381,14 @@
     
       
  • #merge_request_params — Browser
    • 
     
-      
  • #meterpreter_read — Exploit
    • 
-    
       
  • #meterpreter_read — RpcClient
    • 
     
-      
  • #meterpreter_write — RpcClient
    • 
+      
  • #meterpreter_read — Exploit
    • 
     
       
  • #meterpreter_write — Exploit
    • 
     
+      
  • #meterpreter_write — RpcClient
    • 
+    
       
  • #parse — Svn_Parser
    • 
     
       
  • #plugins_from_aggressive_detection — WpPlugins
    • 
@@ -393,14 +403,14 @@
     
       
  • #read_entry — CacheFileStore
    • 
     
-      
  • #read_shell — RpcClient
    • 
-    
       
  • #read_shell — Exploit
    • 
     
-      
  • #readme_url — WpItem
    • 
+      
  • #read_shell — RpcClient
    • 
     
       
  • #readme_url — WpReadme
    • 
     
+      
  • #readme_url — WpItem
    • 
+    
       
  • #redirection — WebSite
    • 
     
       
  • #registration_enabled? — WpTarget
    • 
@@ -417,10 +427,10 @@
     
       
  • #session_count — Exploit
    • 
     
-      
  • #sessions — RpcClient
    • 
-    
       
  • #sessions — Exploit
    • 
     
+      
  • #sessions — RpcClient
    • 
+    
       
  • #set_option_from_cli — WpscanOptions
    • 
     
       
  • #simple_login_lockdown_url — WpLoginProtection
    • 
@@ -443,11 +453,11 @@
     
       
  • #to_s — WpItem
    • 
     
-      
  • #update — GitUpdater
    • 
+      
  • #update — Updater
    • 
     
       
  • #update — SvnUpdater
    • 
     
-      
  • #update — Updater
    • 
+      
  • #update — GitUpdater
    • 
     
       
  • #url — WpTarget
    • 
     
@@ -461,10 +471,10 @@
     
       
  • #usernames — WpUsernames
    • 
     
-      
  • #version — WpItem
    • 
-    
       
  • #version — WpTarget
    • 
     
+      
  • #version — WpItem
    • 
+    
       
  • #vulnerabilities — Vulnerable
    • 
     
       
  • #wordlist= — WpscanOptions
    • 
@@ -475,10 +485,10 @@
     
       
  • #write_entry — CacheFileStore
    • 
     
-      
  • #write_shell — RpcClient
    • 
-    
       
  • #write_shell — Exploit
    • 
     
+      
  • #write_shell — RpcClient
    • 
+    
       
  • #xmlrpc_url — WebSite
    • 
     
   
diff --git a/doc/lib/common_helper_rb.html b/doc/lib/common_helper_rb.html
index 84010c5f..8af94108 100644
--- a/doc/lib/common_helper_rb.html
+++ b/doc/lib/common_helper_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-20 22:01:50 +0200
    
+      
    2012-09-21 19:02:49 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/modules/brute_force_rb.html b/doc/lib/wpscan/modules/brute_force_rb.html
index dc0472db..47ea5e5f 100644
--- a/doc/lib/wpscan/modules/brute_force_rb.html
+++ b/doc/lib/wpscan/modules/brute_force_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-19 21:41:41 +0200
    
+      
    2012-09-21 20:51:52 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/modules/wp_plugins_rb.html b/doc/lib/wpscan/modules/wp_plugins_rb.html
index 82543a7e..5e6735aa 100644
--- a/doc/lib/wpscan/modules/wp_plugins_rb.html
+++ b/doc/lib/wpscan/modules/wp_plugins_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-18 22:27:43 +0200
    
+      
    2012-09-21 15:27:28 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/modules/wp_usernames_rb.html b/doc/lib/wpscan/modules/wp_usernames_rb.html
index 7ef6e513..0ca0eb12 100644
--- a/doc/lib/wpscan/modules/wp_usernames_rb.html
+++ b/doc/lib/wpscan/modules/wp_usernames_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-20 22:51:18 +0200
    
+      
    2012-09-21 18:48:29 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wp_detector_rb.html b/doc/lib/wpscan/wp_detector_rb.html
index a4e21806..c37a5b59 100644
--- a/doc/lib/wpscan/wp_detector_rb.html
+++ b/doc/lib/wpscan/wp_detector_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-20 22:14:29 +0200
    
+      
    2012-09-21 15:27:28 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wp_enumerator_rb.html b/doc/lib/wpscan/wp_enumerator_rb.html
index dc92d563..bbabcea3 100644
--- a/doc/lib/wpscan/wp_enumerator_rb.html
+++ b/doc/lib/wpscan/wp_enumerator_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-19 22:30:45 +0200
    
+      
    2012-09-21 15:27:28 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wp_options_rb.html b/doc/lib/wpscan/wp_options_rb.html
index a66b4c64..c10fb07a 100644
--- a/doc/lib/wpscan/wp_options_rb.html
+++ b/doc/lib/wpscan/wp_options_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-18 22:28:27 +0200
    
+      
    2012-09-21 15:27:28 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wp_plugin_rb.html b/doc/lib/wpscan/wp_plugin_rb.html
index e2982d89..fc7fa984 100644
--- a/doc/lib/wpscan/wp_plugin_rb.html
+++ b/doc/lib/wpscan/wp_plugin_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-19 22:20:29 +0200
    
+      
    2012-09-21 15:27:28 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wp_theme_rb.html b/doc/lib/wpscan/wp_theme_rb.html
index 0c445f45..f51956d0 100644
--- a/doc/lib/wpscan/wp_theme_rb.html
+++ b/doc/lib/wpscan/wp_theme_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-19 22:20:40 +0200
    
+      
    2012-09-21 15:27:28 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wpscan_options_rb.html b/doc/lib/wpscan/wpscan_options_rb.html
index fe9b4819..b2613571 100644
--- a/doc/lib/wpscan/wpscan_options_rb.html
+++ b/doc/lib/wpscan/wpscan_options_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-18 17:29:40 +0200
    
+      
    2012-09-21 22:04:11 +0200
    
 
       
       
    Requires
    
diff --git a/doc/wpscan_rb.html b/doc/wpscan_rb.html
index b8a7434f..f49875ad 100644
--- a/doc/wpscan_rb.html
+++ b/doc/wpscan_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-20 22:49:19 +0200
    
+      
    2012-09-21 18:13:48 +0200
    
 
       
       
    Requires
    
diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb
index 351adba3..bd94a0da 100644
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -99,7 +99,7 @@ class WpscanOptions
   end
 
   def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
-    if enumerate_only_vulnerable_themes === true and @enumerate_plugins === true
+    if enumerate_only_vulnerable_themes === true and @enumerate_themes === true
       raise "You can't enumerate themes and only vulnerable themes at the same time, please choose only one"
     else
       @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
diff --git a/spec/lib/wpscan/wp_options_spec.rb b/spec/lib/wpscan/wp_options_spec.rb
index cad297b2..ebf7fc91 100644
--- a/spec/lib/wpscan/wp_options_spec.rb
+++ b/spec/lib/wpscan/wp_options_spec.rb
@@ -129,5 +129,10 @@ describe WpOptions do
       @options[:type] = nil
       @message = "type must be set"
     end
+
+    it "should raise an exception (type unknown)" do
+      @options[:type] = "unknown"
+      @message = "Unknown type unknown"
+    end
   end
 end
\ No newline at end of file
diff --git a/spec/lib/wpscan/wpscan_options_spec.rb b/spec/lib/wpscan/wpscan_options_spec.rb
index a8175a92..aee529a1 100644
--- a/spec/lib/wpscan/wpscan_options_spec.rb
+++ b/spec/lib/wpscan/wpscan_options_spec.rb
@@ -88,7 +88,8 @@ describe "WpscanOptions" do
   describe "#enumerate_plugins=" do
     it "should raise an error" do
       @wpscan_options.enumerate_only_vulnerable_plugins = true
-      expect { @wpscan_options.enumerate_plugins = true }.to raise_error
+      expect { @wpscan_options.enumerate_plugins = true }.to raise_error(RuntimeError,
+            "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one")
     end
 
     it "should not raise an error" do
@@ -99,10 +100,26 @@ describe "WpscanOptions" do
     end
   end
 
+  describe "#enumerate_themes=" do
+    it "should raise an error" do
+      @wpscan_options.enumerate_only_vulnerable_themes = true
+      expect { @wpscan_options.enumerate_themes = true }.to raise_error(RuntimeError,
+            "You can't enumerate themes and only vulnerable themes at the same time, please choose only one")
+    end
+
+    it "should not raise an error" do
+      @wpscan_options.enumerate_only_vulnerable_themes = false
+      @wpscan_options.enumerate_themes = true
+
+      @wpscan_options.enumerate_themes.should be_true
+    end
+  end
+
   describe "#enumerate_only_vulnerable_plugins=" do
     it "should raise an error" do
       @wpscan_options.enumerate_plugins = true
-      expect { @wpscan_options.enumerate_only_vulnerable_plugins = true }.to raise_error
+      expect { @wpscan_options.enumerate_only_vulnerable_plugins = true }.to raise_error(RuntimeError,
+            "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one")
     end
 
     it "should not raise an error" do
@@ -113,6 +130,21 @@ describe "WpscanOptions" do
     end
   end
 
+  describe "#enumerate_only_vulnerable_themes=" do
+    it "should raise an error" do
+      @wpscan_options.enumerate_themes = true
+      expect { @wpscan_options.enumerate_only_vulnerable_themes = true }.to raise_error(RuntimeError,
+            "You can't enumerate themes and only vulnerable themes at the same time, please choose only one")
+    end
+
+    it "should not raise an error" do
+      @wpscan_options.enumerate_themes = false
+      @wpscan_options.enumerate_only_vulnerable_themes = true
+
+      @wpscan_options.enumerate_only_vulnerable_themes.should be_true
+    end
+  end
+
   describe "#to_h" do
     it "should return an empty hash" do
       @wpscan_options.to_h.should be_a Hash