Basic auth

lib/browser.rb

@@ -21,14 +21,15 @@ class Browser
   USER_AGENT_MODES = %w{ static semi-static random }
 
   ACCESSOR_OPTIONS = [
-      :user_agent,
-      :user_agent_mode,
-      :available_user_agents,
-      :proxy,
-      :proxy_auth,
-      :max_threads,
-      :cache_timeout,
-      :request_timeout
+    :user_agent,
+    :user_agent_mode,
+    :available_user_agents,
+    :proxy,
+    :proxy_auth,
+    :max_threads,
+    :cache_timeout,
+    :request_timeout,
+    :basic_auth
   ]
 
   attr_reader :hydra, :config_file
@@ -36,6 +37,7 @@ class Browser
 
   def initialize(options = {})
     @config_file = options[:config_file] || CONF_DIR + '/browser.conf.json'
+    #@basic_auth  = options[:basic_auth]
     options.delete(:config_file)
 
     load_config()
@@ -138,9 +140,9 @@ class Browser
   def setup_cache_handlers
     @hydra.cache_setter do |request|
       @cache.write_entry(
-          Browser.generate_cache_key_from_request(request),
-          request.response,
-          request.cache_timeout
+        Browser.generate_cache_key_from_request(request),
+        request.response,
+        request.cache_timeout
       )
     end
 
@@ -153,20 +155,20 @@ class Browser
 
   def get(url, params = {})
     run_request(
-        forge_request(url, params.merge(:method => :get))
+      forge_request(url, params.merge(:method => :get))
     )
   end
 
   def post(url, params = {})
     run_request(
-        forge_request(url, params.merge(:method => :post))
+      forge_request(url, params.merge(:method => :post))
     )
   end
 
   def forge_request(url, params = {})
     Typhoeus::Request.new(
-        url.to_s,
-        merge_request_params(params)
+      url.to_s,
+      merge_request_params(params)
     )
   end
 
@@ -179,6 +181,14 @@ class Browser
       end
     end
 
+    if @basic_auth
+      if !params.has_key?(:headers)
+        params = params.merge(:headers => {'Authorization' => @basic_auth})
+      elsif !params[:headers].has_key?('Authorization')
+        params[:headers]['Authorization'] = @basic_auth
+      end
+    end
+
     unless params.has_key?(:disable_ssl_host_verification)
       params = params.merge(:disable_ssl_host_verification => true)
     end

lib/wpscan/modules/web_site.rb

@@ -24,16 +24,16 @@ module WebSite
     wordpress = false
 
     response = Browser.instance.get(
-        login_url(),
-        {:follow_location => true, :max_redirects => 2}
+      login_url(),
+      {:follow_location => true, :max_redirects => 2}
     )
 
     if response.body =~ %r{WordPress}i
       wordpress = true
     else
       response = Browser.instance.get(
-          xmlrpc_url(),
-          {:follow_location => true, :max_redirects => 2}
+        xmlrpc_url(),
+        {:follow_location => true, :max_redirects => 2}
       )
 
       if response.body =~ %r{XML-RPC server accepts POST requests only}i
@@ -53,6 +53,10 @@ module WebSite
     Browser.instance.get(@uri.to_s).code != 0
   end
 
+  def has_basic_auth?
+    Browser.instance.get(@uri.to_s).code == 401
+  end
+
   # see if the remote url returns 30x redirect
   # return a string with the redirection or nil
   def redirection(url = nil)

lib/wpscan/wp_target.rb

@@ -75,7 +75,7 @@ class WpTarget
 
   # Valid HTTP return codes
   def self.valid_response_codes
-    [200, 403, 301, 302, 500]
+    [200, 301, 302, 401, 403, 500]
   end
 
   # return WpTheme

lib/wpscan/wpscan_options.rb

@@ -43,7 +43,8 @@ class WpscanOptions
     :wp_plugins_dir,
     :help,
     :config_file,
-    :exclude_content_based
+    :exclude_content_based,
+    :basic_auth
   ]
 
   attr_accessor *ACCESSOR_OPTIONS
@@ -136,6 +137,11 @@ class WpscanOptions
     end
   end
 
+  def basic_auth=(basic_auth)
+    raise "Invalid basic authentication format, login:password expected" if basic_auth.index(':').nil?
+    @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
+  end
+
   def has_options?
     !to_h.empty?
   end
@@ -225,22 +231,23 @@ class WpscanOptions
   # Even if a short option is given (IE : -u), the long one will be returned (IE : --url)
   def self.get_opt_long
     GetoptLong.new(
-        ["--url", "-u", GetoptLong::REQUIRED_ARGUMENT],
-        ["--enumerate", "-e", GetoptLong::OPTIONAL_ARGUMENT],
-        ["--username", "-U", GetoptLong::REQUIRED_ARGUMENT],
-        ["--wordlist", "-w", GetoptLong::REQUIRED_ARGUMENT],
-        ["--threads", "-t", GetoptLong::REQUIRED_ARGUMENT],
-        ["--force", "-f", GetoptLong::NO_ARGUMENT],
-        ["--help", "-h", GetoptLong::NO_ARGUMENT],
-        ["--verbose", "-v", GetoptLong::NO_ARGUMENT],
-        ["--proxy", GetoptLong::REQUIRED_ARGUMENT],
-        ["--proxy-auth", GetoptLong::REQUIRED_ARGUMENT],
-        ["--update", GetoptLong::NO_ARGUMENT],
-        ["--follow-redirection", GetoptLong::NO_ARGUMENT],
-        ["--wp-content-dir", GetoptLong::REQUIRED_ARGUMENT],
-        ["--wp-plugins-dir", GetoptLong::REQUIRED_ARGUMENT],
-        ["--config-file", "-c", GetoptLong::REQUIRED_ARGUMENT],
-        ["--exclude-content-based", GetoptLong::REQUIRED_ARGUMENT]
+      ["--url", "-u", GetoptLong::REQUIRED_ARGUMENT],
+      ["--enumerate", "-e", GetoptLong::OPTIONAL_ARGUMENT],
+      ["--username", "-U", GetoptLong::REQUIRED_ARGUMENT],
+      ["--wordlist", "-w", GetoptLong::REQUIRED_ARGUMENT],
+      ["--threads", "-t", GetoptLong::REQUIRED_ARGUMENT],
+      ["--force", "-f", GetoptLong::NO_ARGUMENT],
+      ["--help", "-h", GetoptLong::NO_ARGUMENT],
+      ["--verbose", "-v", GetoptLong::NO_ARGUMENT],
+      ["--proxy", GetoptLong::REQUIRED_ARGUMENT],
+      ["--proxy-auth", GetoptLong::REQUIRED_ARGUMENT],
+      ["--update", GetoptLong::NO_ARGUMENT],
+      ["--follow-redirection", GetoptLong::NO_ARGUMENT],
+      ["--wp-content-dir", GetoptLong::REQUIRED_ARGUMENT],
+      ["--wp-plugins-dir", GetoptLong::REQUIRED_ARGUMENT],
+      ["--config-file", "-c", GetoptLong::REQUIRED_ARGUMENT],
+      ["--exclude-content-based", GetoptLong::REQUIRED_ARGUMENT],
+      ["--basic-auth", GetoptLong::REQUIRED_ARGUMENT]
     )
   end