Basic auth

lib/browser.rb

@@ -28,7 +28,8 @@ class Browser
     :proxy_auth,
     :max_threads,
     :cache_timeout,
-      :request_timeout
+    :request_timeout,
+    :basic_auth
   ]
 
   attr_reader :hydra, :config_file
@@ -36,6 +37,7 @@ class Browser
 
   def initialize(options = {})
     @config_file = options[:config_file] || CONF_DIR + '/browser.conf.json'
+    #@basic_auth  = options[:basic_auth]
     options.delete(:config_file)
 
     load_config()
@@ -179,6 +181,14 @@ class Browser
       end
     end
 
+    if @basic_auth
+      if !params.has_key?(:headers)
+        params = params.merge(:headers => {'Authorization' => @basic_auth})
+      elsif !params[:headers].has_key?('Authorization')
+        params[:headers]['Authorization'] = @basic_auth
+      end
+    end
+
     unless params.has_key?(:disable_ssl_host_verification)
       params = params.merge(:disable_ssl_host_verification => true)
     end

lib/wpscan/modules/web_site.rb

@@ -53,6 +53,10 @@ module WebSite
     Browser.instance.get(@uri.to_s).code != 0
   end
 
+  def has_basic_auth?
+    Browser.instance.get(@uri.to_s).code == 401
+  end
+
   # see if the remote url returns 30x redirect
   # return a string with the redirection or nil
   def redirection(url = nil)

lib/wpscan/wp_target.rb

@@ -75,7 +75,7 @@ class WpTarget
 
   # Valid HTTP return codes
   def self.valid_response_codes
-    [200, 403, 301, 302, 500]
+    [200, 301, 302, 401, 403, 500]
   end
 
   # return WpTheme

lib/wpscan/wpscan_options.rb

@@ -43,7 +43,8 @@ class WpscanOptions
     :wp_plugins_dir,
     :help,
     :config_file,
-    :exclude_content_based
+    :exclude_content_based,
+    :basic_auth
   ]
 
   attr_accessor *ACCESSOR_OPTIONS
@@ -136,6 +137,11 @@ class WpscanOptions
     end
   end
 
+  def basic_auth=(basic_auth)
+    raise "Invalid basic authentication format, login:password expected" if basic_auth.index(':').nil?
+    @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
+  end
+
   def has_options?
     !to_h.empty?
   end
@@ -240,7 +246,8 @@ class WpscanOptions
       ["--wp-content-dir", GetoptLong::REQUIRED_ARGUMENT],
       ["--wp-plugins-dir", GetoptLong::REQUIRED_ARGUMENT],
       ["--config-file", "-c", GetoptLong::REQUIRED_ARGUMENT],
-        ["--exclude-content-based", GetoptLong::REQUIRED_ARGUMENT]
+      ["--exclude-content-based", GetoptLong::REQUIRED_ARGUMENT],
+      ["--basic-auth", GetoptLong::REQUIRED_ARGUMENT]
     )
   end
 

spec/lib/browser_spec.rb

@@ -235,6 +235,24 @@ describe Browser do
 
       @browser.merge_request_params(:headers => {'accept' => 'text/html'}).should == expected_params
     end
+
+    it "should merge the basic-auth" do
+      @browser.basic_auth = "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
+      expected_params = {
+        :disable_ssl_host_verification => true,
+        :disable_ssl_peer_verification => true,
+        :headers                       => {
+          "Authorization" => "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==",
+          "user-agent"    => @browser.user_agent
+        },
+        :cache_timeout                 => @json_config_without_proxy['cache_timeout']
+      }
+
+      @browser.merge_request_params().should == expected_params
+
+      expected_params[:headers].merge!("user-agent" => "Fake FF")
+      @browser.merge_request_params(:headers => {"user-agent" => "Fake FF"}).should == expected_params
+    end
   end
 
   describe "#merge_request_params with proxy" do

spec/lib/wpscan/modules/web_site_spec.rb

@@ -75,6 +75,18 @@ shared_examples_for "WebSite" do
     end
   end
 
+  describe "#has_basic_auth?" do
+    it "should detect that the wpsite is basic auth protected" do
+      stub_request(:get, "http://example.localhost/").to_return(:status => 401)
+      @module.should have_basic_auth
+    end
+
+    it "should not have a basic auth for a 200" do
+      stub_request(:get, "http://example.localhost/").to_return(:status => 200)
+      @module.should_not have_basic_auth
+    end
+  end
+
   describe "#redirection" do
     it "should return nil if no redirection detected" do
       stub_request(:get, @module.url).to_return(:status => 200, :body => '')

spec/lib/wpscan/wpscan_options_spec.rb

@@ -197,17 +197,20 @@ describe "WpscanOptions" do
     end
   end
 
-  describe "#to_h" do
+  describe "#basic_auth=" do
-    it "should return an empty hash" do
+    context "invalid format" do
-      @wpscan_options.to_h.should be_a Hash
+      it "should raise an error if the : is missing" do
-      @wpscan_options.to_h.should be_empty
+        expect { @wpscan_options.basic_auth = "helloworld" }.to raise_error(
+          RuntimeError, "Invalid basic authentication format, login:password expected"
+        )
+      end
     end
 
-    it "should return a hash with :verbose = true" do
+    context "valid format" do
-      expected = {:verbose => true}
+      it "should add the 'Basic' word and do the encode64. See RFC 2617" do
-      @wpscan_options.verbose = true
+        @wpscan_options.basic_auth = "Aladdin:open sesame"
-
+        @wpscan_options.basic_auth.should == "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
-      @wpscan_options.to_h.should === expected
+      end
     end
   end
 
@@ -222,6 +225,20 @@ describe "WpscanOptions" do
     end
   end
 
+  describe "#to_h" do
+    it "should return an empty hash" do
+      @wpscan_options.to_h.should be_a Hash
+      @wpscan_options.to_h.should be_empty
+    end
+
+    it "should return a hash with :verbose = true" do
+      expected = {:verbose => true}
+      @wpscan_options.verbose = true
+
+      @wpscan_options.to_h.should === expected
+    end
+  end
+
   describe "#clean_option" do
     after :each do
       WpscanOptions.clean_option(@option).should === @expected