From 6565466c8537b5ef1cca14b1e6a32b77b527394c Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Sat, 15 Sep 2012 23:28:33 +0200 Subject: [PATCH] rdoc --- doc/Array.html | 2 + doc/Browser.html | 2 + doc/BruteForce.html | 2 + doc/CREDITS.html | 2 + doc/CacheFileStore.html | 2 + doc/Exploit.html | 2 + doc/Generate_List.html | 2 + doc/GitUpdater.html | 2 + doc/Malwares.html | 2 + doc/Object.html | 17 ++- doc/README.html | 2 + doc/RpcClient.html | 2 + doc/SvnUpdater.html | 2 + doc/Svn_Parser.html | 2 + doc/Updater.html | 2 + doc/UpdaterFactory.html | 2 + doc/Vulnerable.html | 2 + doc/WebSite.html | 2 + doc/WpConfigBackup.html | 2 + doc/WpDetector.html | 2 + doc/WpEnumerator.html | 2 + doc/WpFullPathDisclosure.html | 2 + doc/WpItem.html | 2 + doc/WpLoginProtection.html | 2 + doc/WpOptions.html | 30 +++--- doc/WpPlugin.html | 4 +- doc/WpPlugins.html | 11 +- doc/WpReadme.html | 2 + doc/WpTarget.html | 31 +++--- doc/WpTheme.html | 2 + doc/WpTimthumbs.html | 2 + doc/WpUsernames.html | 2 + doc/WpVersion.html | 2 + doc/WpVulnerability.html | 2 + doc/WpscanOptions.html | 125 ++++++++++++++++++---- doc/created.rid | 19 ++-- doc/index.html | 82 +++++++------- doc/lib/wpscan/modules/wp_plugins_rb.html | 2 +- doc/lib/wpscan/wp_enumerator_rb.html | 2 +- doc/lib/wpscan/wp_options_rb.html | 2 +- doc/lib/wpscan/wp_plugin_rb.html | 2 +- doc/lib/wpscan/wp_target_rb.html | 2 +- doc/lib/wpscan/wpscan_helper_rb.html | 2 +- doc/lib/wpscan/wpscan_options_rb.html | 2 +- doc/wpscan_rb.html | 2 +- 45 files changed, 290 insertions(+), 103 deletions(-) diff --git a/doc/Array.html b/doc/Array.html index a1508554..f67b8512 100644 --- a/doc/Array.html +++ b/doc/Array.html @@ -162,6 +162,8 @@
  • WpTheme
    • +
  • WpThemes
    • +
  • WpTimthumbs
  • WpUsernames
    • diff --git a/doc/Browser.html b/doc/Browser.html index a7634bc8..05663b73 100644 --- a/doc/Browser.html +++ b/doc/Browser.html @@ -180,6 +180,8 @@
  • WpTheme
    • +
  • WpThemes
    • +
  • WpTimthumbs
  • WpUsernames
    • diff --git a/doc/BruteForce.html b/doc/BruteForce.html index 9b803ce9..55887fd3 100644 --- a/doc/BruteForce.html +++ b/doc/BruteForce.html @@ -154,6 +154,8 @@
  • WpTheme
    • +
  • WpThemes
    • +
  • WpTimthumbs
  • WpUsernames
    • diff --git a/doc/CREDITS.html b/doc/CREDITS.html index e2ebc3fe..168ae32a 100644 --- a/doc/CREDITS.html +++ b/doc/CREDITS.html @@ -118,6 +118,8 @@
  • WpTheme
    • +
  • WpThemes
    • +
  • WpTimthumbs
  • WpUsernames
    • diff --git a/doc/CacheFileStore.html b/doc/CacheFileStore.html index 26dc4d7b..186a9000 100644 --- a/doc/CacheFileStore.html +++ b/doc/CacheFileStore.html @@ -168,6 +168,8 @@
  • WpTheme
    • +
  • WpThemes
    • +
  • WpTimthumbs
  • WpUsernames
    • diff --git a/doc/Exploit.html b/doc/Exploit.html index 82849496..543ea2cf 100644 --- a/doc/Exploit.html +++ b/doc/Exploit.html @@ -186,6 +186,8 @@
  • WpTheme
    • +
  • WpThemes
    • +
  • WpTimthumbs
  • WpUsernames
    • diff --git a/doc/Generate_List.html b/doc/Generate_List.html index 499fbf2a..4f9f4315 100644 --- a/doc/Generate_List.html +++ b/doc/Generate_List.html @@ -168,6 +168,8 @@
  • WpTheme
    • +
  • WpThemes
    • +
  • WpTimthumbs
  • WpUsernames
    • diff --git a/doc/GitUpdater.html b/doc/GitUpdater.html index 73e63f40..32c09d07 100644 --- a/doc/GitUpdater.html +++ b/doc/GitUpdater.html @@ -166,6 +166,8 @@
  • WpTheme
    • +
  • WpThemes
    • +
  • WpTimthumbs
  • WpUsernames
    • diff --git a/doc/Malwares.html b/doc/Malwares.html index 72ad3d74..d75003bd 100644 --- a/doc/Malwares.html +++ b/doc/Malwares.html @@ -158,6 +158,8 @@
  • WpTheme
    • +
  • WpThemes
    • +
  • WpTimthumbs
  • WpUsernames
    • diff --git a/doc/Object.html b/doc/Object.html index d078fc69..570500e4 100644 --- a/doc/Object.html +++ b/doc/Object.html @@ -176,6 +176,8 @@
  • WpTheme
    • +
  • WpThemes
    • +
  • WpTimthumbs
  • WpUsernames
    • @@ -414,7 +416,7 @@ 
    -# File lib/wpscan/wpscan_helper.rb, line 59
+# File lib/wpscan/wpscan_helper.rb, line 68
 def help()
   puts "Help :"
   puts
@@ -431,6 +433,8 @@
   puts "    p        plugins"
   puts "    p!       only vulnerable plugins"
   puts "    t        timthumbs"
+  puts "    T        themes"
+  puts "    T!       only vulnerable themes"
   puts "  Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins"
   puts "  If no option is supplied, the default is 'tup!'"
   puts
@@ -529,9 +533,18 @@
   puts "-Do wordlist password brute force on the 'admin' username only ..."
   puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin"
   puts
-  puts "-Enumerate instaled plugins ..."
+  puts "-Enumerate installed plugins ..."
   puts "ruby #{script_name} --url www.example.com --enumerate p"
   puts
+  puts "-Enumerate installed themes ..."
+  puts "ruby #{script_name} --url www.example.com --enumerate T"
+  puts
+  puts "-Enumerate users ..."
+  puts "ruby #{script_name} --url www.example.com --enumerate u"
+  puts
+  puts "-Enumerate installed timthumbs ..."
+  puts "ruby #{script_name} --url www.example.com --enumerate t"
+  puts
   puts "-Use a HTTP proxy ..."
   puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118"
   puts
diff --git a/doc/README.html b/doc/README.html
index d08a9e9a..377560ad 100644
--- a/doc/README.html
+++ b/doc/README.html
@@ -118,6 +118,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/RpcClient.html b/doc/RpcClient.html
index 48431645..ee3cf694 100644
--- a/doc/RpcClient.html
+++ b/doc/RpcClient.html
@@ -186,6 +186,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/SvnUpdater.html b/doc/SvnUpdater.html
index e689ae87..034058e3 100644
--- a/doc/SvnUpdater.html
+++ b/doc/SvnUpdater.html
@@ -164,6 +164,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/Svn_Parser.html b/doc/Svn_Parser.html
index 17c26c7f..99cfcc15 100644
--- a/doc/Svn_Parser.html
+++ b/doc/Svn_Parser.html
@@ -162,6 +162,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/Updater.html b/doc/Updater.html
index 1030d6cb..90f61dda 100644
--- a/doc/Updater.html
+++ b/doc/Updater.html
@@ -168,6 +168,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/UpdaterFactory.html b/doc/UpdaterFactory.html
index 6489bfdd..746a4695 100644
--- a/doc/UpdaterFactory.html
+++ b/doc/UpdaterFactory.html
@@ -162,6 +162,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/Vulnerable.html b/doc/Vulnerable.html
index 5adcfb0c..7e127087 100644
--- a/doc/Vulnerable.html
+++ b/doc/Vulnerable.html
@@ -160,6 +160,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WebSite.html b/doc/WebSite.html
index 47b8e1e7..47d1c6f5 100644
--- a/doc/WebSite.html
+++ b/doc/WebSite.html
@@ -158,6 +158,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpConfigBackup.html b/doc/WpConfigBackup.html
index cca1e476..80f0e063 100644
--- a/doc/WpConfigBackup.html
+++ b/doc/WpConfigBackup.html
@@ -154,6 +154,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpDetector.html b/doc/WpDetector.html
index 6366f58f..ebd52250 100644
--- a/doc/WpDetector.html
+++ b/doc/WpDetector.html
@@ -162,6 +162,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpEnumerator.html b/doc/WpEnumerator.html
index 1c7df901..1479d2a8 100644
--- a/doc/WpEnumerator.html
+++ b/doc/WpEnumerator.html
@@ -160,6 +160,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpFullPathDisclosure.html b/doc/WpFullPathDisclosure.html
index 32265f7f..2aed0957 100644
--- a/doc/WpFullPathDisclosure.html
+++ b/doc/WpFullPathDisclosure.html
@@ -154,6 +154,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpItem.html b/doc/WpItem.html
index 2985f89b..a5846a4a 100644
--- a/doc/WpItem.html
+++ b/doc/WpItem.html
@@ -166,6 +166,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpLoginProtection.html b/doc/WpLoginProtection.html
index 54b5dfab..d7effa5c 100644
--- a/doc/WpLoginProtection.html
+++ b/doc/WpLoginProtection.html
@@ -178,6 +178,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpOptions.html b/doc/WpOptions.html
index 12154175..b39660b8 100644
--- a/doc/WpOptions.html
+++ b/doc/WpOptions.html
@@ -162,6 +162,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
@@ -199,6 +201,8 @@
 
  • 
 
    vulns_xpath - XPath for vulnerability XML file
    
 
  • 
+
    vulns_xpath_2 - XPath for vulnerability XML file
    
+
  • 
 
    wp_content_dir - Name of the wp-content directory
    
 
  • 
 
    show_progress_bar - Show a progress bar during enumeration
    
@@ -247,17 +251,18 @@
             
             
    
 
    -# File lib/wpscan/wp_options.rb, line 48
+# File lib/wpscan/wp_options.rb, line 50
 def self.check_options(options)
-  raise("url must be set")                  unless options[:url]
-  raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones]
-  raise("file must be set")                 unless options[:file]
-  raise("vulns_file must be set")           unless options[:vulns_file]
-  raise("vulns_xpath must be set")          unless options[:vulns_xpath]
-  raise("wp_content_dir must be set")       unless options[:wp_content_dir]
-  raise("show_progress_bar must be set")    unless options[:show_progress_bar]
-  raise("error_404_hash must be set")       unless options[:error_404_hash]
-  raise("type must be set")                 unless options[:type]
+  raise("url must be set")                  unless options[:url] != nil and options[:url].to_s.length > 0
+  raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil
+  raise("file must be set")                 unless options[:file] != nil and options[:file].length > 0
+  raise("vulns_file must be set")           unless options[:vulns_file] != nil and options[:vulns_file].length > 0
+  raise("vulns_xpath must be set")          unless options[:vulns_xpath] != nil and options[:vulns_xpath].length > 0
+  raise("vulns_xpath_2 must be set")        unless options[:vulns_xpath_2] != nil and options[:vulns_xpath_2].length > 0
+  raise("wp_content_dir must be set")       unless options[:wp_content_dir] != nil and options[:wp_content_dir].length > 0
+  raise("show_progress_bar must be set")    unless options[:show_progress_bar] != nil
+  raise("error_404_hash must be set")       unless options[:error_404_hash] != nil and options[:error_404_hash].length > 0
+  raise("type must be set")                 unless options[:type] != nil and options[:type].length > 0
 
   unless options[:type] =~ /plugins/ or options[:type] =~ /themes/
     raise("Unknown type #{options[:type]}")
@@ -292,14 +297,15 @@
             
             
    
 
    -# File lib/wpscan/wp_options.rb, line 33
+# File lib/wpscan/wp_options.rb, line 34
 def self.get_empty_options
   options = {
       :url                  => "",
-      :only_vulnerable_ones => true,
+      :only_vulnerable_ones => false,
       :file                 => "",
       :vulns_file           => "",
       :vulns_xpath          => "",
+      :vulns_xpath_2        => "",
       :wp_content_dir       => "",
       :show_progress_bar    => true,
       :error_404_hash       => "",
diff --git a/doc/WpPlugin.html b/doc/WpPlugin.html
index 8c8437f4..2d56f801 100644
--- a/doc/WpPlugin.html
+++ b/doc/WpPlugin.html
@@ -176,6 +176,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
@@ -240,7 +242,7 @@
 
     # File lib/wpscan/wp_plugin.rb, line 24
 def initialize(options = {})
-  @base_url       = options[:base_url]
+  @base_url       = options[:url]
   @path           = options[:path]
   @wp_content_dir = options[:wp_content_dir]
   @name           = options[:name] || extract_name_from_url(get_url)
diff --git a/doc/WpPlugins.html b/doc/WpPlugins.html
index bbc8ce7d..8f521524 100644
--- a/doc/WpPlugins.html
+++ b/doc/WpPlugins.html
@@ -152,6 +152,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
@@ -218,10 +220,11 @@
 
     # File lib/wpscan/modules/wp_plugins.rb, line 24
 def plugins_from_aggressive_detection(options)
-  options[:file]        = "#{DATA_DIR}/plugins.txt"
-  options[:vulns_file]  = "#{DATA_DIR}/plugin_vulns.xml"
-  options[:vulns_xpath] = "//plugin[@name='#{@name}']/vulnerability"
-  options[:type]        = "plugins"
+  options[:file]          = "#{DATA_DIR}/plugins.txt"
+  options[:vulns_file]    = "#{DATA_DIR}/plugin_vulns.xml"
+  options[:vulns_xpath]   = "//plugin[@name='#{@name}']/vulnerability"
+  options[:vulns_xpath_2] = "//plugin"
+  options[:type]          = "plugins"
   result = WpDetector.aggressive_detection(options)
   result
 end
    
diff --git a/doc/WpReadme.html b/doc/WpReadme.html
index 8ccaeb72..795ac853 100644
--- a/doc/WpReadme.html
+++ b/doc/WpReadme.html
@@ -154,6 +154,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpTarget.html b/doc/WpTarget.html
index a96a4beb..68f4541a 100644
--- a/doc/WpTarget.html
+++ b/doc/WpTarget.html
@@ -134,6 +134,10 @@
         
         
         
+          
  • WpThemes
    • 
+        
+        
+        
           
  • BruteForce
    • 
         
         
@@ -228,6 +232,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
@@ -327,7 +333,7 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 35
+# File lib/wpscan/wp_target.rb, line 36
 def initialize(target_url, options = {})
   @uri            = URI.parse(add_trailing_slash(add_http_protocol(target_url)))
   @verbose        = options[:verbose]
@@ -365,7 +371,7 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 74
+# File lib/wpscan/wp_target.rb, line 76
 def self.valid_response_codes
   [200, 403, 301, 302]
 end
    
@@ -404,7 +410,7 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 114
+# File lib/wpscan/wp_target.rb, line 116
 def debug_log_url
   @uri.merge("#{wp_content_dir()}/debug.log").to_s
 end
    
@@ -437,7 +443,7 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 61
+# File lib/wpscan/wp_target.rb, line 63
 def error_404_hash
   unless @error_404_hash
     non_existant_page = Digest::MD5.hexdigest(rand(9999999999).to_s) + ".html"
@@ -478,7 +484,7 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 108
+# File lib/wpscan/wp_target.rb, line 110
 def has_debug_log?
   # We only get the first 700 bytes of the file to avoid loading huge file (like 2Go)
   response_body = Browser.instance.get(debug_log_url(), :headers => { "range" => "bytes=0-700"}).body
@@ -513,12 +519,13 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 49
+# File lib/wpscan/wp_target.rb, line 50
 def login_url
   url = @uri.merge("wp-login.php").to_s
 
   # Let's check if the login url is redirected (to https url for example)
-  if redirection == redirection(url)
+  redirection = redirection(url)
+  if redirection
     url = redirection
   end
 
@@ -553,7 +560,7 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 79
+# File lib/wpscan/wp_target.rb, line 81
 def theme
   WpTheme.find(@uri)
 end
    
@@ -586,7 +593,7 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 45
+# File lib/wpscan/wp_target.rb, line 46
 def url
   @uri.to_s
 end
    
@@ -619,7 +626,7 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 84
+# File lib/wpscan/wp_target.rb, line 86
 def version
   WpVersion.find(@uri)
 end
    
@@ -652,7 +659,7 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 88
+# File lib/wpscan/wp_target.rb, line 90
 def wp_content_dir
   unless @wp_content_dir
     index_body = Browser.instance.get(@uri.to_s).body
@@ -694,7 +701,7 @@
             
             
    
 
    -# File lib/wpscan/wp_target.rb, line 101
+# File lib/wpscan/wp_target.rb, line 103
 def wp_plugins_dir
   unless @wp_plugins_dir
     @wp_plugins_dir = wp_content_dir() + "/plugins"
diff --git a/doc/WpTheme.html b/doc/WpTheme.html
index ec69e685..67061b5e 100644
--- a/doc/WpTheme.html
+++ b/doc/WpTheme.html
@@ -170,6 +170,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpTimthumbs.html b/doc/WpTimthumbs.html
index fbb3598d..05b5d1b6 100644
--- a/doc/WpTimthumbs.html
+++ b/doc/WpTimthumbs.html
@@ -160,6 +160,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpUsernames.html b/doc/WpUsernames.html
index 1f6beda3..26911eff 100644
--- a/doc/WpUsernames.html
+++ b/doc/WpUsernames.html
@@ -154,6 +154,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpVersion.html b/doc/WpVersion.html
index e31487f9..d1dc0fb7 100644
--- a/doc/WpVersion.html
+++ b/doc/WpVersion.html
@@ -174,6 +174,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpVulnerability.html b/doc/WpVulnerability.html
index b3b903c7..4ac3b571 100644
--- a/doc/WpVulnerability.html
+++ b/doc/WpVulnerability.html
@@ -160,6 +160,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
diff --git a/doc/WpscanOptions.html b/doc/WpscanOptions.html
index 290fcc7d..f0ac6a8c 100644
--- a/doc/WpscanOptions.html
+++ b/doc/WpscanOptions.html
@@ -79,10 +79,14 @@
           
           
  • #enumerate_only_vulnerable_plugins=
    • 
           
+          
  • #enumerate_only_vulnerable_themes=
    • 
+          
           
  • #enumerate_options_from_string
    • 
           
           
  • #enumerate_plugins=
    • 
           
+          
  • #enumerate_themes=
    • 
+          
           
  • #has_options?
    • 
           
           
  • #proxy=
    • 
@@ -190,6 +194,8 @@
         
           
  • WpTheme
    • 
         
+          
  • WpThemes
    • 
+        
           
  • WpTimthumbs
    • 
         
           
  • WpUsernames
    • 
@@ -266,7 +272,7 @@ href="WpscanOptions.html">WpscanOptions
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 111
+# File lib/wpscan/wpscan_options.rb, line 134
 def self.load_from_arguments
   wpscan_options = WpscanOptions.new
 
@@ -307,9 +313,14 @@ href="WpscanOptions.html">WpscanOptions
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 45
+# File lib/wpscan/wpscan_options.rb, line 47
 def initialize
-
+  @enumerate_plugins = false
+  @enumerate_themes = false
+  @enumerate_only_vulnerable_plugins = false
+  @enumerate_only_vulnerable_themes = false
+  @enumerate_timthumbs = false
+  @enumerate_usernames = false
 end
    
             
    
             
@@ -349,7 +360,7 @@ any remaining ‘-’ by ‘_’
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 194
+# File lib/wpscan/wpscan_options.rb, line 221
 def self.clean_option(option)
   cleaned_option = option.gsub(/^--?/, '')
   cleaned_option.gsub(/-/, '_')
@@ -384,7 +395,7 @@ any remaining ‘-’ by ‘_’
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 166
+# File lib/wpscan/wpscan_options.rb, line 193
 def self.get_opt_long
   GetoptLong.new(
     ["--url", "-u", GetoptLong::REQUIRED_ARGUMENT],
@@ -432,7 +443,7 @@ any remaining ‘-’ by ‘_’
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 185
+# File lib/wpscan/wpscan_options.rb, line 212
 def self.is_long_option?(option)
   ACCESSOR_OPTIONS.include?(:"#{WpscanOptions.clean_option(option)}")
 end
    
@@ -465,7 +476,7 @@ any remaining ‘-’ by ‘_’
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 199
+# File lib/wpscan/wpscan_options.rb, line 226
 def self.option_to_instance_variable_setter(option)
   cleaned_option = WpscanOptions.clean_option(option)
   option_syms    = ACCESSOR_OPTIONS.grep(%{^#{cleaned_option}})
@@ -507,7 +518,7 @@ any remaining ‘-’ by ‘_’
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 83
+# File lib/wpscan/wpscan_options.rb, line 90
 def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins)
   if enumerate_only_vulnerable_plugins === true and @enumerate_plugins === true
     raise "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one"
@@ -525,6 +536,43 @@ any remaining ‘-’ by ‘_’
    
         
    
 
       
+        
    
+          
+
+          
+          
    
+            enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
+            click to toggle source
+          
    
+          
+
+          
    
+            
+            
+            
+
+            
+            
    
+
    +# File lib/wpscan/wpscan_options.rb, line 106
+def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
+  if enumerate_only_vulnerable_themes === true and @enumerate_plugins === true
+    raise "You can't enumerate themes and only vulnerable themes at the same time, please choose only one"
+  else
+    @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
+  end
+end
    
+            
    
+            
+          
    
+
+          
+
+          
+        
    
+
+      
         
    
           
 
@@ -548,7 +596,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 146
+# File lib/wpscan/wpscan_options.rb, line 169
 def enumerate_options_from_string(value)
   # Usage of self is mandatory because there are overridden setters
   self.enumerate_only_vulnerable_plugins = true if value =~ /p!/
@@ -557,6 +605,10 @@ href="http://1-10">u will enumerate usernames from 1 to 10
    
 
   @enumerate_timthumbs = true if value =~ /t/
 
+  self.enumerate_only_vulnerable_themes = true if value =~ /T!/
+
+  self.enumerate_themes = true if value =~ /T(?!!)/
+
   if value =~ /u/
     @enumerate_usernames = true
     # Check for usernames range
@@ -595,7 +647,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 75
+# File lib/wpscan/wpscan_options.rb, line 82
 def enumerate_plugins=(enumerate_plugins)
   if enumerate_plugins === true and @enumerate_only_vulnerable_plugins === true
     raise "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one"
@@ -613,6 +665,43 @@ href="http://1-10">u will enumerate usernames from 1 to 10
    
         
    
 
       
+        
    
+          
+
+          
+          
    
+            enumerate_themes=(enumerate_themes)
+            click to toggle source
+          
    
+          
+
+          
    
+            
+            
+            
+
+            
+            
    
+
    +# File lib/wpscan/wpscan_options.rb, line 98
+def enumerate_themes=(enumerate_themes)
+  if enumerate_themes === true and @enumerate_only_vulnerable_themes === true
+    raise "You can't enumerate themes and only vulnerable themes at the same time, please choose only one"
+  else
+    @enumerate_themes = enumerate_themes
+  end
+end
    
+            
    
+            
+          
    
+
+          
+
+          
+        
    
+
+      
         
    
           
 
@@ -632,7 +721,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 91
+# File lib/wpscan/wpscan_options.rb, line 114
 def has_options?
   !to_h.empty?
 end
    
@@ -665,7 +754,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 67
+# File lib/wpscan/wpscan_options.rb, line 74
 def proxy=(proxy)
   if proxy.index(':') == nil
     raise "Invalid proxy format. Should be host:port."
@@ -703,7 +792,7 @@ value
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 125
+# File lib/wpscan/wpscan_options.rb, line 148
 def set_option_from_cli(cli_option, cli_value)
 
   if WpscanOptions.is_long_option?(cli_option)
@@ -713,7 +802,7 @@ value
    
     )
   elsif cli_option === "--enumerate" # Special cases
     # Default value if no argument is given
-    cli_value = "tup!" if cli_value.length == 0
+    cli_value = "Ttup!" if cli_value.length == 0
 
     enumerate_options_from_string(cli_value)
   else
@@ -749,7 +838,7 @@ value
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 55
+# File lib/wpscan/wpscan_options.rb, line 62
 def threads=(threads)
   @threads = threads.is_a?(Integer) ? threads : threads.to_i
 end
    
@@ -782,7 +871,7 @@ value
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 96
+# File lib/wpscan/wpscan_options.rb, line 119
 def to_h
   options = {}
 
@@ -824,7 +913,7 @@ value
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 49
+# File lib/wpscan/wpscan_options.rb, line 56
 def url=(url)
   raise "Empty URL given" if !url
 
@@ -859,7 +948,7 @@ value
    
             
             
    
 
    -# File lib/wpscan/wpscan_options.rb, line 59
+# File lib/wpscan/wpscan_options.rb, line 66
 def wordlist=(wordlist)
   if File.exists?(wordlist)
     @wordlist = wordlist
diff --git a/doc/created.rid b/doc/created.rid
index 21158941..3834f6d0 100644
--- a/doc/created.rid
+++ b/doc/created.rid
@@ -1,4 +1,4 @@
-Sat, 15 Sep 2012 20:58:39 +0200
+Sat, 15 Sep 2012 23:28:11 +0200
 ./CREDITS	Thu, 13 Sep 2012 22:54:08 +0200
 ./lib/browser.rb	Sat, 15 Sep 2012 08:03:56 +0200
 ./lib/cache_file_store.rb	Sat, 15 Sep 2012 08:04:03 +0200
@@ -16,25 +16,26 @@ Sat, 15 Sep 2012 20:58:39 +0200
 ./lib/wpscan/modules/wp_full_path_disclosure.rb	Sat, 15 Sep 2012 08:01:17 +0200
 ./lib/wpscan/modules/wp_item.rb	Sat, 15 Sep 2012 20:10:43 +0200
 ./lib/wpscan/modules/wp_login_protection.rb	Sat, 15 Sep 2012 16:18:05 +0200
-./lib/wpscan/modules/wp_plugins.rb	Sat, 15 Sep 2012 20:07:26 +0200
+./lib/wpscan/modules/wp_plugins.rb	Sat, 15 Sep 2012 23:15:20 +0200
 ./lib/wpscan/modules/wp_readme.rb	Sat, 15 Sep 2012 08:01:52 +0200
+./lib/wpscan/modules/wp_themes.rb	Sat, 15 Sep 2012 23:14:57 +0200
 ./lib/wpscan/modules/wp_timthumbs.rb	Sat, 15 Sep 2012 08:01:58 +0200
 ./lib/wpscan/modules/wp_usernames.rb	Sat, 15 Sep 2012 08:02:04 +0200
 ./lib/wpscan/msfrpc_client.rb	Sat, 15 Sep 2012 08:02:28 +0200
 ./lib/wpscan/vulnerable.rb	Sat, 15 Sep 2012 08:02:37 +0200
 ./lib/wpscan/wp_detector.rb	Sat, 15 Sep 2012 20:54:19 +0200
-./lib/wpscan/wp_enumerator.rb	Sat, 15 Sep 2012 20:54:29 +0200
-./lib/wpscan/wp_options.rb	Sat, 15 Sep 2012 20:54:02 +0200
-./lib/wpscan/wp_plugin.rb	Sat, 15 Sep 2012 19:51:36 +0200
-./lib/wpscan/wp_target.rb	Sat, 15 Sep 2012 19:50:58 +0200
+./lib/wpscan/wp_enumerator.rb	Sat, 15 Sep 2012 23:27:28 +0200
+./lib/wpscan/wp_options.rb	Sat, 15 Sep 2012 23:15:59 +0200
+./lib/wpscan/wp_plugin.rb	Sat, 15 Sep 2012 22:09:03 +0200
+./lib/wpscan/wp_target.rb	Sat, 15 Sep 2012 21:29:17 +0200
 ./lib/wpscan/wp_theme.rb	Sat, 15 Sep 2012 08:02:58 +0200
 ./lib/wpscan/wp_version.rb	Sat, 15 Sep 2012 08:03:04 +0200
 ./lib/wpscan/wp_vulnerability.rb	Sat, 15 Sep 2012 08:03:09 +0200
-./lib/wpscan/wpscan_helper.rb	Sat, 15 Sep 2012 08:03:17 +0200
-./lib/wpscan/wpscan_options.rb	Sat, 15 Sep 2012 08:03:25 +0200
+./lib/wpscan/wpscan_helper.rb	Sat, 15 Sep 2012 21:19:30 +0200
+./lib/wpscan/wpscan_options.rb	Sat, 15 Sep 2012 21:55:29 +0200
 ./lib/wpstools/generate_list.rb	Sat, 15 Sep 2012 08:03:43 +0200
 ./lib/wpstools/parse_svn.rb	Sat, 15 Sep 2012 08:03:36 +0200
 ./lib/wpstools/wpstools_helper.rb	Sat, 15 Sep 2012 08:03:49 +0200
 ./README	Thu, 13 Sep 2012 22:54:08 +0200
-./wpscan.rb	Sat, 15 Sep 2012 20:54:36 +0200
+./wpscan.rb	Sat, 15 Sep 2012 22:20:21 +0200
 ./wpstools.rb	Sat, 15 Sep 2012 08:06:35 +0200
diff --git a/doc/index.html b/doc/index.html
index 8e699efc..0d12a69a 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -96,6 +96,8 @@
     
     
  • WpTheme
    • 
     
+    
  • WpThemes
    • 
+    
     
  • WpTimthumbs
    • 
     
     
  • WpUsernames
    • 
@@ -123,10 +125,10 @@
     
       
  • ::enumerate — WpEnumerator
    • 
     
-      
  • ::find — WpTheme
    • 
-    
       
  • ::find — WpVersion
    • 
     
+      
  • ::find — WpTheme
    • 
+    
       
  • ::find_from_advanced_fingerprinting — WpVersion
    • 
     
       
  • ::find_from_css_link — WpTheme
    • 
@@ -159,30 +161,30 @@
     
       
  • ::malwares_file — Malwares
    • 
     
-      
  • ::new — WpscanOptions
    • 
-    
-      
  • ::new — WpVulnerability
    • 
-    
-      
  • ::new — RpcClient
    • 
-    
-      
  • ::new — WpPlugin
    • 
-    
       
  • ::new — CacheFileStore
    • 
     
-      
  • ::new — WpVersion
    • 
-    
-      
  • ::new — Generate_List
    • 
-    
-      
  • ::new — Updater
    • 
-    
-      
  • ::new — Svn_Parser
    • 
-    
-      
  • ::new — WpTarget
    • 
-    
       
  • ::new — Exploit
    • 
     
+      
  • ::new — WpPlugin
    • 
+    
+      
  • ::new — WpVulnerability
    • 
+    
+      
  • ::new — Generate_List
    • 
+    
       
  • ::new — WpTheme
    • 
     
+      
  • ::new — WpVersion
    • 
+    
+      
  • ::new — RpcClient
    • 
+    
+      
  • ::new — Svn_Parser
    • 
+    
+      
  • ::new — WpscanOptions
    • 
+    
+      
  • ::new — WpTarget
    • 
+    
+      
  • ::new — Updater
    • 
+    
       
  • ::option_to_instance_variable_setter — WpscanOptions
    • 
     
       
  • ::passive_detection — WpDetector
    • 
@@ -231,20 +233,24 @@
     
       
  • #enumerate_only_vulnerable_plugins= — WpscanOptions
    • 
     
+      
  • #enumerate_only_vulnerable_themes= — WpscanOptions
    • 
+    
       
  • #enumerate_options_from_string — WpscanOptions
    • 
     
       
  • #enumerate_plugins= — WpscanOptions
    • 
     
+      
  • #enumerate_themes= — WpscanOptions
    • 
+    
       
  • #error_404_hash — WpTarget
    • 
     
       
  • #error_log? — WpPlugin
    • 
     
       
  • #error_log_url — WpPlugin
    • 
     
-      
  • #exploit — Exploit
    • 
-    
       
  • #exploit — RpcClient
    • 
     
+      
  • #exploit — Exploit
    • 
+    
       
  • #exploit_info — Exploit
    • 
     
       
  • #extract_name_from_url — WpItem
    • 
@@ -303,12 +309,12 @@
     
       
  • #help — Object
    • 
     
+      
  • #is_installed? — Updater
    • 
+    
       
  • #is_installed? — SvnUpdater
    • 
     
       
  • #is_installed? — GitUpdater
    • 
     
-      
  • #is_installed? — Updater
    • 
-    
       
  • #is_online? — WebSite
    • 
     
       
  • #is_wordpress? — WebSite
    • 
@@ -317,22 +323,22 @@
     
       
  • #jobs — RpcClient
    • 
     
-      
  • #kill_session — Exploit
    • 
-    
       
  • #kill_session — RpcClient
    • 
     
+      
  • #kill_session — Exploit
    • 
+    
       
  • #last_session_id — Exploit
    • 
     
       
  • #limit_login_attempts_url — WpLoginProtection
    • 
     
       
  • #load_config — Browser
    • 
     
-      
  • #local_revision_number — SvnUpdater
    • 
-    
       
  • #local_revision_number — Updater
    • 
     
       
  • #local_revision_number — GitUpdater
    • 
     
+      
  • #local_revision_number — SvnUpdater
    • 
+    
       
  • #location_uri_from_file_url — WpItem
    • 
     
       
  • #login — RpcClient
    • 
@@ -353,10 +359,10 @@
     
       
  • #meterpreter_read — Exploit
    • 
     
-      
  • #meterpreter_write — Exploit
    • 
-    
       
  • #meterpreter_write — RpcClient
    • 
     
+      
  • #meterpreter_write — Exploit
    • 
+    
       
  • #parse — Svn_Parser
    • 
     
       
  • #plugins_from_aggressive_detection — WpPlugins
    • 
@@ -387,10 +393,10 @@
     
       
  • #session_count — Exploit
    • 
     
-      
  • #sessions — Exploit
    • 
-    
       
  • #sessions — RpcClient
    • 
     
+      
  • #sessions — Exploit
    • 
+    
       
  • #set_option_from_cli — WpscanOptions
    • 
     
       
  • #simple_login_lockdown_url — WpLoginProtection
    • 
@@ -401,6 +407,8 @@
     
       
  • #theme — WpTarget
    • 
     
+      
  • #themes_from_aggressive_detection — WpThemes
    • 
+    
       
  • #threads= — WpscanOptions
    • 
     
       
  • #timthumbs — WpTimthumbs
    • 
@@ -409,14 +417,14 @@
     
       
  • #to_h — WpscanOptions
    • 
     
-      
  • #to_s — WpTheme
    • 
-    
       
  • #to_s — WpItem
    • 
     
-      
  • #update — GitUpdater
    • 
+      
  • #to_s — WpTheme
    • 
     
       
  • #update — Updater
    • 
     
+      
  • #update — GitUpdater
    • 
+    
       
  • #update — SvnUpdater
    • 
     
       
  • #url — WpTarget
    • 
@@ -431,10 +439,10 @@
     
       
  • #usernames — WpUsernames
    • 
     
-      
  • #version — WpTarget
    • 
-    
       
  • #version — WpItem
    • 
     
+      
  • #version — WpTarget
    • 
+    
       
  • #vulnerabilities — Vulnerable
    • 
     
       
  • #wordlist= — WpscanOptions
    • 
diff --git a/doc/lib/wpscan/modules/wp_plugins_rb.html b/doc/lib/wpscan/modules/wp_plugins_rb.html
index 234fd18e..5c750396 100644
--- a/doc/lib/wpscan/modules/wp_plugins_rb.html
+++ b/doc/lib/wpscan/modules/wp_plugins_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-15 20:07:26 +0200
    
+      
    2012-09-15 23:15:20 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wp_enumerator_rb.html b/doc/lib/wpscan/wp_enumerator_rb.html
index 18af2d79..dee3c4cb 100644
--- a/doc/lib/wpscan/wp_enumerator_rb.html
+++ b/doc/lib/wpscan/wp_enumerator_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-15 20:54:29 +0200
    
+      
    2012-09-15 23:27:28 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wp_options_rb.html b/doc/lib/wpscan/wp_options_rb.html
index 34342aac..b50798b1 100644
--- a/doc/lib/wpscan/wp_options_rb.html
+++ b/doc/lib/wpscan/wp_options_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-15 20:54:02 +0200
    
+      
    2012-09-15 23:15:59 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wp_plugin_rb.html b/doc/lib/wpscan/wp_plugin_rb.html
index ca38e507..80f1fac6 100644
--- a/doc/lib/wpscan/wp_plugin_rb.html
+++ b/doc/lib/wpscan/wp_plugin_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-15 19:51:36 +0200
    
+      
    2012-09-15 22:09:03 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wp_target_rb.html b/doc/lib/wpscan/wp_target_rb.html
index 3448861f..20f1b180 100644
--- a/doc/lib/wpscan/wp_target_rb.html
+++ b/doc/lib/wpscan/wp_target_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-15 19:50:58 +0200
    
+      
    2012-09-15 21:29:17 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wpscan_helper_rb.html b/doc/lib/wpscan/wpscan_helper_rb.html
index 40bdc2be..59de5d12 100644
--- a/doc/lib/wpscan/wpscan_helper_rb.html
+++ b/doc/lib/wpscan/wpscan_helper_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-15 08:03:17 +0200
    
+      
    2012-09-15 21:19:30 +0200
    
 
       
       
    Requires
    
diff --git a/doc/lib/wpscan/wpscan_options_rb.html b/doc/lib/wpscan/wpscan_options_rb.html
index 68f643af..ceb7060a 100644
--- a/doc/lib/wpscan/wpscan_options_rb.html
+++ b/doc/lib/wpscan/wpscan_options_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-15 08:03:25 +0200
    
+      
    2012-09-15 21:55:29 +0200
    
 
       
       
    Requires
    
diff --git a/doc/wpscan_rb.html b/doc/wpscan_rb.html
index 48fb3682..e3643ef6 100644
--- a/doc/wpscan_rb.html
+++ b/doc/wpscan_rb.html
@@ -24,7 +24,7 @@
   
    
     
    
       
    Last Modified
    
-      
    2012-09-15 20:54:36 +0200
    
+      
    2012-09-15 22:20:21 +0200
    
 
       
       
    Requires