Merge pull request #470 from wpscanteam/layout-423

New improved Layout (see #423)
2014-04-27 16:02:54 +02:00
parent 59225a4b9c 19e2772729
commit 603a4afaf3
6 changed files with 50 additions and 28 deletions
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -105,7 +105,7 @@ def banner
  puts '           \\  /\\  /  | |     ____) | (__| (_| | | | |'
  puts '            \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_|'
  puts
-  puts '        WordPress Security Scanner by the WPScan Team '
+  puts bold('        WordPress Security Scanner by the WPScan Team ')
  # Alignment of the version (w & w/o the Revision)
  if REVISION
    puts "                    Version #{version}"
@@ -122,6 +122,10 @@ def colorize(text, color_code)
  "\e[#{color_code}m#{text}\e[0m"
 end

+def bold(text)
+  colorize(text, 1)
+end
+
 def red(text)
  colorize(text, 31)
 end
@@ -130,6 +134,14 @@ def green(text)
  colorize(text, 32)
 end

+def amber(text)
+  colorize(text, 33)
+end
+
+def blue(text)
+  colorize(text, 34)
+end
+
 def xml(file)
  Nokogiri::XML(File.open(file)) do |config|
    config.noblanks
--- a/lib/common/models/vulnerability/output.rb
+++ b/lib/common/models/vulnerability/output.rb
@@ -5,17 +5,17 @@ class Vulnerability

    # output the vulnerability
    def output(verbose = false)
-      puts ' |'
-      puts ' | ' + red("* Title: #{title}")
+      puts
+      puts "#{red('[!]')} Title: #{title}"
      references.each do |key, urls|
        methodname = "url_#{key}"
        urls.each do |u|
          url = send(methodname, u)
-          puts ' | ' + red("* Reference: #{url}") if url
+          puts "      Reference: #{url}" if url
        end
      end
      if !fixed_in.empty?
-         puts " | * Fixed in: #{fixed_in}"
+         puts "      Fixed in: #{fixed_in}"
      end
    end
  end
--- a/lib/common/models/wp_item/output.rb
+++ b/lib/common/models/wp_item/output.rb
@@ -6,13 +6,13 @@ class WpItem
    # @return [ Void ]
    def output(verbose = false)
      puts
-      puts " | Name: #{self}" #this will also output the version number if detected
-      puts " | Location: #{url}"
+      puts "#{green('[+]')} Name: #{self}" #this will also output the version number if detected
+      puts " |  Location: #{url}"
      #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
-      puts " | Readme: #{readme_url}" if has_readme?
-      puts " | Changelog: #{changelog_url}" if has_changelog?
-      puts " | " + red('[!]') + " Directory listing is enabled: #{url}" if has_directory_listing?
-      puts " | " + red('[!]') + " An error_log file has been found: #{error_log_url}" if has_error_log?
+      puts " |  Readme: #{readme_url}" if has_readme?
+      puts " |  Changelog: #{changelog_url}" if has_changelog?
+      puts "#{red('[!]')} Directory listing is enabled: #{url}" if has_directory_listing?
+      puts "#{red('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log?

      additional_output(verbose) if respond_to?(:additional_output)

--- a/lib/common/models/wp_theme/output.rb
+++ b/lib/common/models/wp_theme/output.rb
@@ -5,18 +5,18 @@ class WpTheme

    # @return [ Void ]
    def additional_output(verbose = false)
-      puts " | Style URL: #{style_url}"
-      puts " | Theme Name: #@theme_name" if @theme_name
-      puts " | Theme URI: #@theme_uri" if @theme_uri
      theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
-      puts " | Description: #{theme_desc}"
-      puts " | Author: #@theme_author" if @theme_author
-      puts " | Author URI: #@theme_author_uri" if @theme_author_uri
-      puts " | Template: #@theme_template" if @theme_template and verbose
-      puts " | License: #@theme_license" if @theme_license and verbose
-      puts " | License URI: #@theme_license_uri" if @theme_license_uri and verbose
-      puts " | Tags: #@theme_tags" if @theme_tags and verbose
-      puts " | Text Domain: #@theme_text_domain" if @theme_text_domain and verbose
+      puts " |  Style URL: #{style_url}"
+      puts " |  Theme Name: #@theme_name" if @theme_name
+      puts " |  Theme URI: #@theme_uri" if @theme_uri
+      puts " |  Description: #{theme_desc}"
+      puts " |  Author: #@theme_author" if @theme_author
+      puts " |  Author URI: #@theme_author_uri" if @theme_author_uri
+      puts " |  Template: #@theme_template" if @theme_template and verbose
+      puts " |  License: #@theme_license" if @theme_license and verbose
+      puts " |  License URI: #@theme_license_uri" if @theme_license_uri and verbose
+      puts " |  Tags: #@theme_tags" if @theme_tags and verbose
+      puts " |  Text Domain: #@theme_text_domain" if @theme_text_domain and verbose
    end

  end
--- a/lib/common/models/wp_version/output.rb
+++ b/lib/common/models/wp_version/output.rb
@@ -5,12 +5,12 @@ class WpVersion < WpItem

    def output(verbose = false)
      puts
-      puts green('[+]') + " WordPress version #{self.number} identified from #{self.found_from}"
+      puts "#{green('[+]')} WordPress version #{self.number} identified from #{self.found_from}"

      vulnerabilities = self.vulnerabilities

      unless vulnerabilities.empty?
-        puts red('[!]') + " #{vulnerabilities.size} vulnerabilities identified from the version number"
+        puts "#{red('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number"

        vulnerabilities.output
      end
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -38,8 +38,8 @@ def main
        end
        puts @updater.update()
      else
-        puts 'Svn / Git not installed, or wpscan has not been installed with one of them.'
-        puts 'Update aborted'
+        puts '[i] Svn / Git not installed, or wpscan has not been installed with one of them.'
+        puts "#{red('[!]')} Update aborted"
      end
      exit(0)
    end
@@ -67,6 +67,16 @@ def main
      if wpscan_options.follow_redirection
        puts "Following redirection #{redirection}"
      else
+        puts "#{blue('[i]')} The remote host tried to redirect to: #{redirection}"
+        print "[?] Do you want follow the redirection ? [y/n] "
+      end
+
+      if wpscan_options.follow_redirection or Readline.readline =~ /^y/i
+        wpscan_options.url = redirection
+        wp_target = WpTarget.new(redirection, wpscan_options.to_h)
+      else
+        puts "#{red('[!]')} Scan aborted"
+        exit(0)
        puts "The remote host redirects to: #{redirection}"
        puts '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
      end
@@ -140,7 +150,7 @@ def main
    end

    wp_target.config_backup.each do |file_url|
-      puts red("[!] A wp-config.php backup file has been found in: '#{file_url}'")
+      puts "#{red('[!]')} A wp-config.php backup file has been found in: '#{file_url}'"
    end

    if wp_target.search_replace_db_2_exists?
@@ -214,7 +224,7 @@ def main

      wp_plugins = WpPlugins.passive_detection(wp_target)
      if !wp_plugins.empty?
-        puts " |  #{wp_plugins.size} plugins found:"
+        puts " |  Plugins found: #{wp_plugins.size}"

        wp_plugins.output(wpscan_options.verbose)
      else