Merge pull request #833 from stefancastille/master

Adds a --vhost option (Virtualhost support)

lib/common/browser.rb

@@ -24,7 +24,7 @@ class Browser
 
   attr_reader :hydra, :cache_dir
 
-  attr_accessor :referer, :cookie
+  attr_accessor :referer, :cookie, :vhost
 
   # @param [ Hash ] options
   #
@@ -136,6 +136,14 @@ class Browser
       )
     end
     
+    if vhost
+      params = Browser.append_params_header_field(
+        params,
+        'Host',
+        vhost
+      )
+    end
+    
     params.merge!(referer: referer)
     params.merge!(timeout: @request_timeout) if @request_timeout
     params.merge!(connecttimeout: @connect_timeout) if @connect_timeout

lib/wpscan/wp_target.rb

@@ -28,8 +28,13 @@ class WpTarget < WebSite
     @wp_content_dir = options[:wp_content_dir]
     @wp_plugins_dir = options[:wp_plugins_dir]
     @multisite      = nil
+    @vhost = options[:vhost]
 
     Browser.instance.referer = url
+    if @vhost
+      Browser.instance.vhost = @vhost
+    end
+
   end
 
   # check if the target website is

lib/wpscan/wpscan_options.rb

@@ -19,6 +19,7 @@ class WpscanOptions
     :proxy_auth,
     :threads,
     :url,
+    :vhost,
     :wordlist,
     :force,
     :update,
@@ -61,6 +62,10 @@ class WpscanOptions
     @url = URI.parse(add_http_protocol(url)).to_s
   end
 
+  def vhost=(vhost)
+    @vhost = vhost
+  end
+
   def threads=(threads)
     @threads = threads.is_a?(Integer) ? threads : threads.to_i
   end
@@ -246,6 +251,7 @@ class WpscanOptions
   def self.get_opt_long
     GetoptLong.new(
       ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
+      ['--vhost',GetoptLong::OPTIONAL_ARGUMENT],
       ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT],
       ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT],
       ['--usernames', GetoptLong::REQUIRED_ARGUMENT],