Complexity reduced

2013-04-17 15:40:09 +02:00
parent 4c57a00660
commit 662d94e958
2 changed files with 43 additions and 29 deletions
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -17,15 +17,12 @@ class WpItems < Array
      browser          = Browser.instance
      hydra            = browser.hydra
      targets          = targets_items(wp_target, options)
      progress_bar     = progress_bar(targets.size, options)
      exist_options    = {
        error_404_hash:  wp_target.error_404_hash,
        homepage_hash:   wp_target.homepage_hash,
        exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil
      }
      progress_bar     = ProgressBar.create(format: '%t %a <%B> (%c / %C) %P%% %e',
                                            title: '  ', # Used to craete a left margin
                                            length: 120,
                                            total: targets.size) if options[:show_progression]
      # If we only want the vulnerable ones, the passive detection is ignored
      # Otherwise, a passive detection is performed, and results will be merged
@@ -58,6 +55,23 @@ class WpItems < Array
      results # can't just return results.sort because the #sort returns an array, and we want a WpItems
    end
    # @param [ Integer ] targets_size
    # @param [ Hash ] options
    #
    # @return [ ProgressBar ]
    # :nocov:
    def progress_bar(targets_size, options)
      if options[:show_progression]
        ProgressBar.create(
          format: '%t %a <%B> (%c / %C) %P%% %e',
          title: '  ', # Used to craete a left margin
          length: 120,
          total: targets_size
        )
      end
    end
    # :nocov:
    # @param [ WpTarget ] wp_target
    # @param [ Hash ] options
    #
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -25,7 +25,7 @@ class WpUser < WpItem
      passwords    = BruteForcable.passwords_from_wordlist(wordlist)
      queue_count  = 0
      found        = false
-      progress_bar = self.progress_bar(passwords.size) if options[:show_progression]
+      progress_bar = self.progress_bar(passwords.size, options)
      passwords.each do |password|
        request = login_request(password)
@@ -56,17 +56,20 @@ class WpUser < WpItem
      hydra.run
    end
-    # @param [ Integer ] password_size
+    # @param [ Integer ] targets_size
    # @param [ Hash ] options
    #
    # @return [ ProgressBar ]
    # :nocov:
-    def progress_bar(passwords_size)
+    def progress_bar(passwords_size, options)
-      ProgressBar.create(
+      if options[:show_progression]
-        format: '%t %a <%B> (%c / %C) %P%% %e',
+        ProgressBar.create(
-        title: "  Brute Forcing '#{login}'",
+          format: '%t %a <%B> (%c / %C) %P%% %e',
-        length: 120,
+          title: "  Brute Forcing '#{login}'",
-        total: passwords_size
+          length: 120,
-      )
+          total: passwords_size
        )
      end
    end
    # :nocov:
@@ -90,28 +93,25 @@ class WpUser < WpItem
    # @return [ Boolean ]
    def valid_password?(response, password, options = {})
      if response.code == 302
-        puts "\n  " + green('[SUCCESS]') + " Login : #{login} Password : #{password}\n\n" if options[:show_progression]
+        progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
-        return true
+        valid       = true
      elsif response.body =~ /login_error/i
-        puts "\n  Incorrect login and/or password." if options[:verbose]
+        verbose = "\n  Incorrect login and/or password."
      elsif response.timed_out?
-        puts "\n  " + red('ERROR:') + ' Request timed out.' if options[:show_progression]
+        progression = "#{red('ERROR:')} Request timed out."
      elsif response.code == 0
-        puts "\n  " + red('ERROR:') + ' No response from remote server. WAF/IPS?' if options[:show_progression]
+        progression = "#{red('ERROR:')} No response from remote server. WAF/IPS?"
      elsif response.code.to_s =~ /^50/
-        puts "\n  " + red('ERROR:') + ' Server error, try reducing the number of threads.' if options[:show_progression]
+        progression = "#{red('ERROR:')} Server error, try reducing the number of threads."
      else
-        puts "\n  " + red('ERROR:') + " We received an unknown response for #{password}..." if options[:show_progression]
+        progression = "#{red('ERROR:')} We received an unknown response for #{password}..."
-
+        verbose     = red("    Code: #{response.code}\n    Body: #{response.body}\n")
        # :nocov:
        if options[:verbose]
          puts red("    Code: #{response.code}")
          puts red("    Body: #{response.body}")
          puts
        end
        # :nocov:
      end
-      false
+
      puts "\n  " + progression if progression && options[:show_progression]
      puts verbose if verbose && options[:verbose]
      valid || false
    end
    # Load the passwords from the wordlist, which can be a file path or