garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

-) more rspec tests

Browse Source 
-) Bugfixing
This commit is contained in:
Christian Mehlmauer
2012-09-19 21:47:34 +02:00
parent 1684810431
commit 2a46dc3f40
17 changed files with 125 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/wpscan/modules/brute_force.rb
View File

@@ -45,9 +45,11 @@ module BruteForce
# the request object # the request object
request = Browser.instance.forge_request(login_url, request = Browser.instance.forge_request(login_url,
:method => :post, {
:params => {:log => username, :pwd => password}, :method => :post,
:cache_timeout => 0 :params => {:log => username, :pwd => password},
:cache_timeout => 0
}
) )
# tell hydra what to do when the request completes # tell hydra what to do when the request completes

6
lib/wpscan/modules/web_site.rb
View File

@@ -24,16 +24,14 @@ module WebSite
wordpress = false wordpress = false
response = Browser.instance.get(login_url(), response = Browser.instance.get(login_url(),
:follow_location => true, { :follow_location => true, :max_redirects => 2 }
:max_redirects => 2
) )
if response.body =~ %r{WordPress}i if response.body =~ %r{WordPress}i
wordpress = true wordpress = true
else else
response = Browser.instance.get(xmlrpc_url(), response = Browser.instance.get(xmlrpc_url(),
:follow_location => true, { :follow_location => true, :max_redirects => 2 }
:max_redirects => 2
) )
if response.body =~ %r{XML-RPC server accepts POST requests only}i if response.body =~ %r{XML-RPC server accepts POST requests only}i

10
lib/wpscan/modules/wp_plugins.rb
View File

@@ -22,8 +22,8 @@ module WpPlugins
# #
# return array of WpPlugin # return array of WpPlugin
def plugins_from_aggressive_detection(options) def plugins_from_aggressive_detection(options)
options[:file] = "#{DATA_DIR}/plugins.txt" options[:file] = options[:file] || "#{DATA_DIR}/plugins.txt"
options[:vulns_file] = "#{DATA_DIR}/plugin_vulns.xml" options[:vulns_file] = options[:vulns_file] || "#{DATA_DIR}/plugin_vulns.xml"
options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability" options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability"
options[:vulns_xpath_2] = "//plugin" options[:vulns_xpath_2] = "//plugin"
options[:type] = "plugins" options[:type] = "plugins"
@@ -46,16 +46,16 @@ module WpPlugins
# <link rel='stylesheet' href='http://example.com/wp-content/plugins/wp-minify/..' type='text/css' media='screen'/> # <link rel='stylesheet' href='http://example.com/wp-content/plugins/wp-minify/..' type='text/css' media='screen'/>
# ... # ...
# return array of WpPlugin # return array of WpPlugin
def plugins_from_passive_detection(wp_content_dir) def plugins_from_passive_detection(options)
plugins = [] plugins = []
temp = WpDetector.passive_detection(url(), "plugins", wp_content_dir) temp = WpDetector.passive_detection(options[:url], "plugins", options[:wp_content_dir])
temp.each do |item| temp.each do |item|
plugins << WpPlugin.new( plugins << WpPlugin.new(
:url => item[:url], :url => item[:url],
:name => item[:name], :name => item[:name],
:path => item[:path], :path => item[:path],
:wp_content_dir => wp_content_dir :wp_content_dir => options[:wp_content_dir]
) )
end end
plugins.sort_by { |p| p.name } plugins.sort_by { |p| p.name }

10
lib/wpscan/modules/wp_themes.rb
View File

@@ -19,8 +19,8 @@
module WpThemes module WpThemes
def themes_from_aggressive_detection(options) def themes_from_aggressive_detection(options)
options[:file] = "#{DATA_DIR}/themes.txt" options[:file] = options[:file] || "#{DATA_DIR}/themes.txt"
options[:vulns_file] = "#{DATA_DIR}/wp_theme_vulns.xml" options[:vulns_file] = options[:vulns_file] || "#{DATA_DIR}/wp_theme_vulns.xml"
options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability" options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability"
options[:vulns_xpath_2] = "//theme" options[:vulns_xpath_2] = "//theme"
options[:type] = "themes" options[:type] = "themes"
@@ -37,16 +37,16 @@ module WpThemes
themes.sort_by { |t| t.name } themes.sort_by { |t| t.name }
end end
def themes_from_passive_detection(wp_content_dir) def themes_from_passive_detection(options)
themes = [] themes = []
temp = WpDetector.passive_detection(url(), "themes", wp_content_dir) temp = WpDetector.passive_detection(options[:url], "themes", options[:wp_content_dir])
temp.each do |item| temp.each do |item|
themes << WpTheme.new( themes << WpTheme.new(
:url => item[:url], :url => item[:url],
:name => item[:name], :name => item[:name],
:path => item[:path], :path => item[:path],
:wp_content_dir => wp_content_dir :wp_content_dir => options[:wp_content_dir]
) )
end end
themes.sort_by { |t| t.name } themes.sort_by { |t| t.name }

4
lib/wpscan/modules/wp_usernames.rb
View File

@@ -39,7 +39,7 @@ module WpUsernames
if response.code == 301 # username in location? if response.code == 301 # username in location?
username = response.headers_hash['location'][%r{/author/([^/]+)/}i, 1] username = response.headers_hash['location'][%r{/author/([^/]+)/}i, 1]
# Get the real name from the redirect site # Get the real name from the redirect site
real_name = get_real_name_from_url(response.headers_hash['location']) real_name = get_real_name_from_url(url)
elsif response.code == 200 # username in body? elsif response.code == 200 # username in body?
username = response.body[%r{posts by (.*) feed}i, 1] username = response.body[%r{posts by (.*) feed}i, 1]
real_name = get_real_name_from_response(response) real_name = get_real_name_from_response(response)
@@ -62,7 +62,7 @@ module WpUsernames
end end
def get_real_name_from_url(url) def get_real_name_from_url(url)
resp = Browser.instance.get(url, :follow_location => true, :max_redirects => 2) resp = Browser.instance.get(url, { :follow_location => true, :max_redirects => 2 })
real_name = nil real_name = nil
if resp.code == 200 if resp.code == 200
real_name = extract_real_name_from_body(resp.body) real_name = extract_real_name_from_body(resp.body)

20
lib/wpscan/wp_enumerator.rb
View File

@@ -56,7 +56,7 @@ class WpEnumerator
end end
url = "#{target[:url]}#{target[:wp_content_dir]}/#{target[:path]}" url = "#{target[:url]}#{target[:wp_content_dir]}/#{target[:path]}"
request = enum_browser.forge_request(url, :cache_timeout => 0, :follow_location => true) request = enum_browser.forge_request(url, { :cache_timeout => 0, :follow_location => true })
request_count += 1 request_count += 1
request.on_complete do |response| request.on_complete do |response|
@@ -116,17 +116,14 @@ class WpEnumerator
# We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it # We check if the plugin name from the plugin_vulns_file is already in targets, otherwise we add it
xml.xpath(options[:vulns_xpath_2]).each do |node| xml.xpath(options[:vulns_xpath_2]).each do |node|
item_name = node.attribute('name').text name = node.attribute("name").text
targets_url << {
if targets_url.grep(%r{/#{item_name}/}).empty? :url => url,
targets_url << { :path => name,
:url => url, :wp_content_dir => wp_content_dir,
:path => item_name, :name => name
:wp_content_dir => wp_content_dir, }
:name => item_name
}
end end
end
end end
targets_url.flatten! targets_url.flatten!
@@ -134,5 +131,4 @@ class WpEnumerator
# randomize the plugins array to *maybe* help in some crappy IDS/IPS/WAF detection # randomize the plugins array to *maybe* help in some crappy IDS/IPS/WAF detection
targets_url.sort_by! { rand } targets_url.sort_by! { rand }
end end
end end

16
lib/wpscan/wp_item.rb
View File

@@ -83,9 +83,19 @@ class WpItem < Vulnerable
"#@name#{' v' + item_version.strip if item_version}" "#@name#{' v' + item_version.strip if item_version}"
end end
# Object comparer # Compare
def ==(item) def ==(other)
item.name == @name other.name == self.name
end
# Compare
def ===(other)
other.name == self.name
end
# Compare
def <=>(other)
other.name <=> self.name
end end
# Url for readme.txt # Url for readme.txt

16
lib/wpscan/wp_options.rb
View File

@@ -31,22 +31,6 @@
# * +error_404_hash+ - MD5 hash of a 404 page # * +error_404_hash+ - MD5 hash of a 404 page
# * +type+ - Type: plugins, themes # * +type+ - Type: plugins, themes
class WpOptions class WpOptions
def self.get_empty_options
options = {
:url => "",
:only_vulnerable_ones => false,
:file => "",
:vulns_file => "",
:vulns_xpath => "",
:vulns_xpath_2 => "",
:wp_content_dir => "",
:show_progress_bar => true,
:error_404_hash => "",
:type => ""
}
options
end
def self.check_options(options) def self.check_options(options)
raise("url must be set") unless options[:url] != nil and options[:url].to_s.length > 0 raise("url must be set") unless options[:url] != nil and options[:url].to_s.length > 0
raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil

7
lib/wpscan/wp_plugin.rb
View File

@@ -18,8 +18,10 @@
class WpPlugin < WpItem class WpPlugin < WpItem
def initialize(options = {}) def initialize(options = {})
options[:vulns_xml] = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml' options[:vulns_xml] = options[:vulns_xml] || DATA_DIR + '/plugin_vulns.xml'
options[:vulns_xpath] = "//plugin[@name='#@name']/vulnerability" options[:vulns_xpath] = "//plugin[@name='#@name']/vulnerability"
options[:vulns_xpath_2] = "//plugin"
options[:type] = "plugins"
super(options) super(options)
end end
@@ -36,5 +38,4 @@ class WpPlugin < WpItem
def error_log_url def error_log_url
get_url.merge("error_log").to_s get_url.merge("error_log").to_s
end end
end end

9
lib/wpscan/wp_target.rb
View File

@@ -117,4 +117,13 @@ class WpTarget
@uri.merge("#{wp_content_dir()}/debug.log").to_s @uri.merge("#{wp_content_dir()}/debug.log").to_s
end end
# Should check wp-login.php if registration is enabled or not
def registration_enabled?
# TODO
end
def registration_url
# TODO
end
end end

4
lib/wpscan/wp_theme.rb
View File

@@ -24,7 +24,7 @@ class WpTheme < WpItem
def initialize(options = {}) def initialize(options = {})
options[:vulns_xml] = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml' options[:vulns_xml] = options[:vulns_xml] || DATA_DIR + '/wp_theme_vulns.xml'
options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability" options[:vulns_xpath] = "//theme[@name='#@name']/vulnerability"
@version = options[:version] @version = options[:version]
@style_url = options[:style_url] @style_url = options[:style_url]
super(options) super(options)
@@ -56,7 +56,7 @@ class WpTheme < WpItem
# Discover the wordpress theme name by parsing the css link rel # Discover the wordpress theme name by parsing the css link rel
def self.find_from_css_link(target_uri) def self.find_from_css_link(target_uri)
response = Browser.instance.get(target_uri.to_s, :follow_location => true, :max_redirects => 2) response = Browser.instance.get(target_uri.to_s, { :follow_location => true, :max_redirects => 2 })
if matches = %r{https?://[^"']+/themes/([^"']+)/style.css}i.match(response.body) if matches = %r{https?://[^"']+/themes/([^"']+)/style.css}i.match(response.body)
style_url = matches[0] style_url = matches[0]

4
lib/wpscan/wp_version.rb
View File

@@ -60,14 +60,14 @@ class WpVersion < Vulnerable
# that it is reinstated on upgrade. # that it is reinstated on upgrade.
def self.find_from_meta_generator(options) def self.find_from_meta_generator(options)
target_uri = options[:url] target_uri = options[:url]
response = Browser.instance.get(target_uri.to_s, :follow_location => true, :max_redirects => 2) response = Browser.instance.get(target_uri.to_s, { :follow_location => true, :max_redirects => 2 })
response.body[%r{name="generator" content="wordpress ([^"]+)"}i, 1] response.body[%r{name="generator" content="wordpress ([^"]+)"}i, 1]
end end
def self.find_from_rss_generator(options) def self.find_from_rss_generator(options)
target_uri = options[:url] target_uri = options[:url]
response = Browser.instance.get(target_uri.merge("feed/").to_s, :follow_location => true, :max_redirects => 2) response = Browser.instance.get(target_uri.merge("feed/").to_s, { :follow_location => true, :max_redirects => 2 })
response.body[%r{<generator>http://wordpress.org/\?v=([^<]+)</generator>}i, 1] response.body[%r{<generator>http://wordpress.org/\?v=([^<]+)</generator>}i, 1]
end end

86
spec/lib/wpscan/modules/wp_plugins_spec.rb
View File

@@ -22,19 +22,38 @@ shared_examples_for "WpPlugins" do
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_plugins' @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + '/wp_plugins'
@plugins_file = @fixtures_dir + "/plugins.txt" @plugins_file = @fixtures_dir + "/plugins.txt"
@plugin_vulns_file = @fixtures_dir + "/plugin_vulns.xml" @plugin_vulns_file = @fixtures_dir + "/plugin_vulns.xml"
@wp_url = "http://example.localhost/"
end end
before :each do before :each do
@wp_url = "http://example.localhost"
@module = WpScanModuleSpec.new(@wp_url) @module = WpScanModuleSpec.new(@wp_url)
@module.error_404_hash = Digest::MD5.hexdigest("Error 404!") @module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
@module.extend(WpPlugins) @module.extend(WpPlugins)
@options = { :url => @wp_url, @options = { :url => @wp_url,
:only_vulnerable_ones => true, :only_vulnerable_ones => false,
:show_progress_bar => false, :show_progress_bar => false,
:error_404_hash => @module.error_404_hash :error_404_hash => Digest::MD5.hexdigest("Error 404!"),
:vulns_file => @plugin_vulns_file,
:file => @plugins_file,
:type => "plugins",
:wp_content_dir => "wp-content",
:vulns_xpath_2 => "//plugin"
} }
File.exist?(@plugin_vulns_file).should == true
File.exist?(@plugins_file).should == true
target_hashes = WpEnumerator.generate_items(@options)
target_hashes.length.should > 0
@targets = []
target_hashes.each do |t|
@targets << WpPlugin.new(
:url => t[:url],
:path => "/plugins/#{t[:path]}",
:wp_content_dir => t[:wp_content_dir],
:name => t[:name])
end
@targets.length.should > 0
end end
describe "#plugins_from_passive_detection" do describe "#plugins_from_passive_detection" do
@@ -42,8 +61,7 @@ shared_examples_for "WpPlugins" do
it "should return an empty array" do it "should return an empty array" do
stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_plugins.htm')) stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_plugins.htm'))
plugins = @module.plugins_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
plugins = @module.plugins_from_passive_detection(@options)
plugins.should be_empty plugins.should be_empty
end end
@@ -66,42 +84,31 @@ shared_examples_for "WpPlugins" do
:name => plugin_name) :name => plugin_name)
end end
plugins = @module.plugins_from_passive_detection(@options) plugins = @module.plugins_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
plugins.should_not be_empty plugins.should_not be_empty
plugins.sort.should === expected_plugins.sort plugins.length.should == expected_plugins.length
plugins.sort.should == expected_plugins.sort
end end
end end
describe "#plugins_from_aggressive_detection" do describe "#plugins_from_aggressive_detection" do
before :each do before :each do
@wp_url = "http://example.localhost" stub_request(:get, @module.uri.to_s).to_return(:status => 200)
@module = WpScanModuleSpec.new(@wp_url)
@module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
@module.extend(WpPlugins)
@options = { :url => @wp_url,
:only_vulnerable_ones => true,
:show_progress_bar => false,
:error_404_hash => @module.error_404_hash,
:vulns_file => @plugin_vulns_file,
:file => @plugins_file
}
@targets_url = WpEnumerator.generate_items(@options)
# Point all targets to a 404 # Point all targets to a 404
@targets_url.each do |target| @targets.each do |target|
stub_request(:get, "#{target[:url]}#{target[:wp_content_dir]}/#{target[:path]}").to_return(:status => 404) stub_request(:get, target.get_url.to_s).to_return(:status => 404)
# to_s calls readme_url
stub_request(:get, target.readme_url.to_s).to_return(:status => 404)
end end
end end
after :each do after :each do
@passive_detection_fixture = SPEC_FIXTURES_DIR + "/empty-file" unless @passive_detection_fixture @passive_detection_fixture = SPEC_FIXTURES_DIR + "/empty-file" unless @passive_detection_fixture
stub_request_to_fixture(:url => "#{@module.uri}/".sub(/\/\/$/, "/") + "wp-content/plugins/", :fixture => @passive_detection_fixture)
stub_request_to_fixture(:url => @wp_url, :fixture => @passive_detection_fixture) detected = @module.plugins_from_aggressive_detection(@options)
detected.length.should == @expected_plugins.length
@module.plugins_from_aggressive_detection( detected.sort.should == @expected_plugins.sort
:plugins_file => @plugins_file,
:plugin_vulns_file => @plugin_vulns_file
).sort.should === @expected_plugins.sort
end end
it "should return an empty array" do it "should return an empty array" do
@@ -109,25 +116,24 @@ shared_examples_for "WpPlugins" do
end end
it "should return an array with 3 WpPlugin (1 detected from passive method)" do it "should return an array with 3 WpPlugin (1 detected from passive method)" do
@expected_plugins = []
@targets_url.sample(2).each do |target_url|
@expected_plugins << WpPlugin.new(target_url)
stub_request(:get, target_url).to_return(:status => 200)
end
@passive_detection_fixture = @fixtures_dir + "/passive_detection/one_plugin.htm" @passive_detection_fixture = @fixtures_dir + "/passive_detection/one_plugin.htm"
@expected_plugins << WpPlugin.new("http://example.localhost/wp-content/plugins/comment-info-tip/") @expected_plugins = @targets.sample(2)
new_plugin = WpPlugin.new(:url => "http://example.localhost/",
:path => "/plugins/comment-info-tip/",
:name => "comment-info-tip")
stub_request(:get, new_plugin.readme_url.to_s).to_return(:status => 200)
@expected_plugins << new_plugin
end end
# testing response codes # testing response codes
WpTarget.valid_response_codes.each do |valid_response_code| WpTarget.valid_response_codes.each do |valid_response_code|
it "should detect the plugin if the reponse.code is #{valid_response_code}" do it "should detect the plugin if the reponse.code is #{valid_response_code}" do
@expected_plugins = [] @expected_plugins = []
plugin_url = [@targets.sample(1)[0]]
plugin_url = @targets_url.sample plugin_url.should_not be_nil
@expected_plugins << WpPlugin.new(plugin_url) plugin_url.length.should == 1
stub_request(:get, plugin_url).to_return(:status => valid_response_code) @expected_plugins = plugin_url
stub_request(:get, plugin_url[0].get_url.to_s).to_return(:status => valid_response_code)
end end
end end
end end

24
spec/lib/wpscan/modules/wp_timthumbs_spec.rb
View File

@@ -19,17 +19,19 @@
shared_examples_for "WpTimthumbs" do shared_examples_for "WpTimthumbs" do
before :each do before :each do
@options = WpOptions.get_empty_options @options = {}
@url = "http://example.localhost/" @url = "http://example.localhost/"
@theme_name = "bueno" @theme_name = "bueno"
@options[:url] = @url @options[:url] = @url
@options[:wp_content_dir] = "wp-content" @options[:wp_content_dir] = "wp-content"
@options[:name] = @theme_name @options[:name] = @theme_name
@options[:error_404_hash] = "xx" @options[:error_404_hash] = "xx"
@module = WpScanModuleSpec.new(@url) @options[:show_progress_bar] = false
@fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/wp_timthumbs" @options[:only_vulnerable_ones] = false
@timthumbs_file = @fixtures_dir + "/timthumbs.txt" @module = WpScanModuleSpec.new(@url)
@targets_from_file = @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/wp_timthumbs"
@timthumbs_file = @fixtures_dir + "/timthumbs.txt"
@targets_from_file =
%w{ %w{
http://example.localhost/wp-content/plugins/fotoslide/timthumb.php http://example.localhost/wp-content/plugins/fotoslide/timthumb.php
http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php

7
spec/lib/wpscan/modules/wp_usernames_spec.rb
View File

@@ -28,7 +28,7 @@ shared_examples_for "WpUsernames" do
describe "#author_url" do describe "#author_url" do
it "should return the auhor url according to his id" do it "should return the auhor url according to his id" do
@module.author_url(1).should === "#{@target_url}?author=1" @module.author_url(1).should === "#@target_url?author=1"
end end
end end
@@ -49,7 +49,8 @@ shared_examples_for "WpUsernames" do
usernames = @module.usernames usernames = @module.usernames
usernames.should_not be_empty usernames.should_not be_empty
usernames.should === ["Youhou"] usernames.length.should == 1
usernames[0].should == "id: 3, name: Youhou"
end end
it "should return an array with 1 username (from in the body response)" do it "should return an array with 1 username (from in the body response)" do
@@ -58,7 +59,7 @@ shared_examples_for "WpUsernames" do
usernames = @module.usernames(:range => (1..2)) usernames = @module.usernames(:range => (1..2))
usernames.should_not be_empty usernames.should_not be_empty
usernames.should === ["admin"] usernames.should === ["id: 2, name: admin, real name: admin | Wordpress 3.3.2"]
end end
it "should return an array with 1 username (testing duplicates)" do it "should return an array with 1 username (testing duplicates)" do

18
spec/lib/wpscan/wp_options_spec.rb
View File

@@ -19,25 +19,9 @@
require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpOptions do describe WpOptions do
describe "#get_empty_options" do
it "should initialize an empty options hash" do
options = WpOptions.get_empty_options
options[:url].should == ""
options[:only_vulnerable_ones].should == false
options[:file].should == ""
options[:vulns_file].should == ""
options[:vulns_xpath].should == ""
options[:vulns_xpath_2].should == ""
options[:wp_content_dir].should == ""
options[:show_progress_bar].should == true
options[:error_404_hash].should == ""
options[:type].should == ""
end
end
describe "#check_options" do describe "#check_options" do
before :each do before :each do
@options = WpOptions.get_empty_options @options = {}
@options[:url] = "url" @options[:url] = "url"
@options[:only_vulnerable_ones] = false @options[:only_vulnerable_ones] = false
@options[:file] = "file" @options[:file] = "file"

8
wpscan.rb
View File

@@ -153,7 +153,7 @@ begin
puts puts
puts "[+] Enumerating plugins from passive detection ... " puts "[+] Enumerating plugins from passive detection ... "
plugins = wp_target.plugins_from_passive_detection(wp_target.wp_content_dir) plugins = wp_target.plugins_from_passive_detection(:url => wp_target.uri, :wp_content_dir => wp_target.wp_content_dir)
unless plugins.empty? unless plugins.empty?
puts "#{plugins.size} found :" puts "#{plugins.size} found :"
@@ -179,7 +179,7 @@ begin
puts "[+] Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..." puts "[+] Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..."
puts puts
options = WpOptions.get_empty_options options = {}
options[:url] = wp_target.uri options[:url] = wp_target.uri
options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_plugins || false options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_plugins || false
options[:show_progress_bar] = true options[:show_progress_bar] = true
@@ -233,7 +233,7 @@ begin
puts "[+] Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..." puts "[+] Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..."
puts puts
options = WpOptions.get_empty_options options = {}
options[:url] = wp_target.uri options[:url] = wp_target.uri
options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_themes || false options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_themes || false
options[:show_progress_bar] = true options[:show_progress_bar] = true
@@ -279,7 +279,7 @@ begin
puts "[+] Enumerating timthumb files ..." puts "[+] Enumerating timthumb files ..."
puts puts
options = WpOptions.get_empty_options options = {}
options[:url] = wp_target.uri options[:url] = wp_target.uri
options[:show_progress_bar] = true options[:show_progress_bar] = true
options[:wp_content_dir] = wp_target.wp_content_dir options[:wp_content_dir] = wp_target.wp_content_dir