Adds the --usernames option - Fixes #739

2014-12-10 17:58:51 +01:00
parent e3ac331a71
commit 607a5b3fda
3 changed files with 20 additions and 4 deletions
--- a/lib/wpscan/wpscan_helper.rb
+++ b/lib/wpscan/wpscan_helper.rb
@@ -99,6 +99,7 @@ def help
  puts '--basic-auth <username:password>    Set the HTTP Basic authentication.'
  puts '--wordlist | -w <wordlist>          Supply a wordlist for the password bruter and do the brute.'
  puts '--username | -U <username>          Only brute force the supplied username.'
+  puts '--usernames     <path-to-file>      Only brute force the usernames from the file.'
  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
  puts '--cache-ttl       <cache-ttl>       Typhoeus cache TTL.'
  puts '--request-timeout <request-timeout> Request Timeout.'
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -23,6 +23,7 @@ class WpscanOptions
    :update,
    :verbose,
    :username,
+    :usernames,
    :password,
    :follow_redirection,
    :wp_content_dir,
@@ -68,6 +69,12 @@ class WpscanOptions
    end
  end

+  def usernames=(file)
+    fail "The file #{file} does not exist" unless File.exists?(file)
+
+    @usernames = file
+  end
+
  def proxy=(proxy)
    if proxy.index(':') == nil
      raise 'Invalid proxy format. Should be host:port.'
@@ -237,6 +244,7 @@ class WpscanOptions
      ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
      ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT],
      ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT],
+      ['--usernames', GetoptLong::REQUIRED_ARGUMENT],
      ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT],
      ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT],
      ['--force', '-f', GetoptLong::NO_ARGUMENT],
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -303,8 +303,8 @@ def main
      end
    end

-    # If we haven't been supplied a username, enumerate them...
-    if !wpscan_options.username and wpscan_options.wordlist or wpscan_options.enumerate_usernames
+    # If we haven't been supplied a username/usernames list, enumerate them...
+    if !wpscan_options.username && !wpscan_options.usernames && wpscan_options.wordlist || wpscan_options.enumerate_usernames
      puts
      puts "#{info('[+]')} Enumerating usernames ..."

@@ -337,8 +337,15 @@ def main
      end

    else
-      # FIXME : Change the .username to .login (and also the --username in the CLI)
-      wp_users = WpUsers.new << WpUser.new(wp_target.uri, login: wpscan_options.username)
+      wp_users = WpUsers.new
+
+      if wpscan_options.usernames
+        File.open(wpscan_options.usernames).each do |username|
+          wp_users << WpUser.new(wp_target.uri, login: username.chomp)
+        end
+      else
+        wp_users << WpUser.new(wp_target.uri, login: wpscan_options.username)
+      end
    end

    # Start the brute forcer