initial commit

2012-11-26 22:30:07 +01:00
parent aebe925c95
commit 31d2ca06eb
6 changed files with 42 additions and 17 deletions
--- a/lib/wpscan/modules/wp_plugins.rb
+++ b/lib/wpscan/modules/wp_plugins.rb
@@ -22,8 +22,9 @@ module WpPlugins
  #
  # return array of WpPlugin
  def plugins_from_aggressive_detection(options)
-    options[:file]          = options[:file] || "#{DATA_DIR}/plugins.txt"
-    options[:vulns_file]    = options[:vulns_file] || "#{DATA_DIR}/plugin_vulns.xml"
+    options[:file]          = options[:file] || (options[:full] ? "#{DATA_DIR}/plugins_full.txt" : "#{DATA_DIR}/plugins.txt")
+    options[:vulns_file]    = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
+        options[:vulns_file] : DATA_DIR + "/plugin_vulns.xml"
    options[:vulns_xpath]   = "//plugin[@name='#{@name}']/vulnerability"
    options[:vulns_xpath_2] = "//plugin"
    options[:type]          = "plugins"
--- a/lib/wpscan/modules/wp_themes.rb
+++ b/lib/wpscan/modules/wp_themes.rb
@@ -19,7 +19,7 @@
 module WpThemes

  def themes_from_aggressive_detection(options)
-    options[:file]          = options[:file] || "#{DATA_DIR}/themes.txt"
+    options[:file]          = options[:file] || (options[:full] ? "#{DATA_DIR}/themes_full.txt" : "#{DATA_DIR}/themes.txt")
    options[:vulns_file]    = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
        options[:vulns_file] : DATA_DIR + "/wp_theme_vulns.xml"
    options[:vulns_xpath]   = "//theme[@name='#{@name}']/vulnerability"
--- a/lib/wpscan/wpscan_helper.rb
+++ b/lib/wpscan/wpscan_helper.rb
@@ -85,9 +85,11 @@ def help()
  puts "    u[10-20] usernames from id 10 to 20 (you must write [] chars)"
  puts "    p        plugins"
  puts "    vp       only vulnerable plugins"
+  puts "    ap       all plugins (can take a long time)"
  puts "    tt       timthumbs"
  puts "    t        themes"
  puts "    vt       only vulnerable themes"
+  puts "    at       all themes (can take a long time)"
  puts "  Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins"
  puts "  If no option is supplied, the default is 'vt,tt,u,vp'"
  puts
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -86,37 +86,53 @@ class WpscanOptions
  end

  def enumerate_plugins=(enumerate_plugins)
-    if enumerate_plugins === true and @enumerate_only_vulnerable_plugins === true
-      raise "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one"
+    if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true)
+      raise "Please choose only one plugin enumeration option"
    else
      @enumerate_plugins = enumerate_plugins
    end
  end

  def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins)
-    if enumerate_only_vulnerable_plugins === true and @enumerate_plugins === true
-      raise "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one"
+    if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true)
+      raise "Please choose only one plugin enumeration option"
    else
      @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins
    end
  end

+  def enumerate_all_plugins=(enumerate_all_plugins)
+    if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true)
+      raise "Please choose only one plugin enumeration option"
+    else
+      @enumerate_all_plugins = enumerate_all_plugins
+    end
+  end
+
  def enumerate_themes=(enumerate_themes)
-    if enumerate_themes === true and @enumerate_only_vulnerable_themes === true
-      raise "You can't enumerate themes and only vulnerable themes at the same time, please choose only one"
+    if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true)
+      raise "Please choose only one theme enumeration option"
    else
      @enumerate_themes = enumerate_themes
    end
  end

  def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
-    if enumerate_only_vulnerable_themes === true and @enumerate_themes === true
-      raise "You can't enumerate themes and only vulnerable themes at the same time, please choose only one"
+    if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true)
+      raise "Please choose only one theme enumeration option"
    else
      @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
    end
  end

+  def enumerate_all_themes=(enumerate_all_themes)
+    if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true)
+      raise "Please choose only one theme enumeration option"
+    else
+      @enumerate_all_themes = enumerate_all_themes
+    end
+  end
+
  def has_options?
    !to_h.empty?
  end
@@ -181,12 +197,16 @@ class WpscanOptions

    self.enumerate_plugins = true if value.include?('p')

+    self.enumerate_all_plugins = true if value.include?('ap')
+
    @enumerate_timthumbs = true if value.include?('tt')

    self.enumerate_only_vulnerable_themes = true if value.include?('vt')

    self.enumerate_themes = true if value.include?('t')

+    self.enumerate_all_themes = true if value.include?('at')
+
    value.grep(/^u/) do |username_enum_value|
      @enumerate_usernames = true
      # Check for usernames range