garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Code Factoring

Browse Source
This commit is contained in:
erwanlr
2013-04-14 12:51:53 +02:00
parent 271cd71c20
commit 6cd349cb24
4 changed files with 102 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/common/collections/wp_users/brute_forcable.rb
View File

@@ -3,8 +3,19 @@
class WpUsers < WpItems class WpUsers < WpItems
module BruteForcable module BruteForcable
# Brute force each wp_user
#
# To avoid loading the wordlist each time in the wp_user instance
# It's loaded here, and given to the wp_user
#
# @param [ String, Array<String> ] wordlist
# @param [ Hash ] options See WpUser::BruteForcable#brute_force
#
# @return [ void ]
def brute_force(wordlist, options = {}) def brute_force(wordlist, options = {})
self.each { |wp_user| wp_user.brute_force(wordlist, options) } passwords = WpUser::BruteForcable.passwords_from_wordlist(wordlist)
self.each { |wp_user| wp_user.brute_force(passwords, options) }
end end
end end

54
lib/common/models/wp_user/brute_forcable.rb
View File

@@ -3,28 +3,24 @@
class WpUser < WpItem class WpUser < WpItem
module BruteForcable module BruteForcable
# @param [ String ] wordlist The wordlist path # @param [ String, Array<String> ] wordlist The wordlist path
# @param [ Hash ] options # @param [ Hash ] options
# @option options [ Boolean ] :verbose
# @option options [ Boolean ] :show_progression
# #
# @return [ void ] # @return [ void ]
def brute_force(wordlist, options = {}) def brute_force(wordlist, options = {})
hydra = Browser.instance.hydra hydra = Browser.instance.hydra
wordlist_charset = File.charset(wordlist) passwords = BruteForcable.passwords_from_wordlist(wordlist)
number_of_passwords = BruteForcable.lines_in_file(wordlist) number_of_passwords = passwords.size
login_url = @uri.merge('wp-login.php').to_s login_url = @uri.merge('wp-login.php').to_s
queue_count = 0 queue_count = 0
request_count = 0 request_count = 0
File.open(wordlist, "r:#{wordlist_charset}").each do |line| passwords.each do |password|
line.encode!('UTF-8').strip!
# ignore file comments, but will miss passwords if they start with a hash...
next if line[0, 1] == '#'
request_count += 1 request_count += 1
queue_count += 1 queue_count += 1
login = self.login login = self.login
password = line
request = Browser.instance.forge_request(login_url, request = Browser.instance.forge_request(login_url,
{ {
@@ -67,6 +63,8 @@ class WpUser < WpItem
# @param [ Typhoeus::Response ] response # @param [ Typhoeus::Response ] response
# @param [ String ] password # @param [ String ] password
# @param [ Hash ] options # @param [ Hash ] options
# @option options [ Boolean ] :verbose
# @option options [ Boolean ] :show_progression
# #
# @return [ Boolean ] # @return [ Boolean ]
def valid_password?(response, password, options = {}) def valid_password?(response, password, options = {})
@@ -92,21 +90,35 @@ class WpUser < WpItem
false false
end end
# Counts the number of lines in the wordlist # Load the passwords from the wordlist, which can be a file path or
# It can take a couple of minutes on large # an array or passwords
# wordlists, although bareable.
# #
# Each line which starts with # is ignored # File comments are ignored, but will miss passwords if they start with a hash...
# #
# @param [ String ] file_path # @param [ String, Array<String> ] wordlist
# #
# @return [ Integer ] # @return [ Array<String> ]
def self.lines_in_file(file_path) def self.passwords_from_wordlist(wordlist)
lines = 0 if wordlist.is_a?(String)
File.open(file_path, 'rb').each do |line| passwords = []
lines += 1 if line.strip[0,1] != '#' charset = File.charset(wordlist).upcase
opt = "r:#{charset}"
# To remove warning when charset = UTF-8
# Ignoring internal encoding UTF-8: it is identical to external encoding utf-8
opt += ':UTF-8' if charset != 'UTF-8'
File.open(wordlist, opt).each do |line|
next if line[0,1] == '#'
passwords << line.strip
end end
lines elsif wordlist.is_a?(Array)
passwords = wordlist
else
raise 'Invalid wordlist, expected String or Array'
end
passwords
end end
end end

82
spec/shared_examples/wp_user/brute_forcable.rb
View File

@@ -2,16 +2,57 @@
shared_examples 'WpUser::BruteForcable' do shared_examples 'WpUser::BruteForcable' do
let(:fixtures_dir) { MODELS_FIXTURES + '/wp_user/brute_forcable' } let(:fixtures_dir) { MODELS_FIXTURES + '/wp_user/brute_forcable' }
let(:wordlist) { fixtures_dir + '/wordlist-iso-8859-1.txt' } let(:wordlist_iso) { fixtures_dir + '/wordlist-iso-8859-1.txt' }
let(:wordlist_utf8) { fixtures_dir + '/wordlist-utf-8.txt' }
let(:mod) { WpUser::BruteForcable } let(:mod) { WpUser::BruteForcable }
let(:login_url) { uri.merge('wp-login.php').to_s } let(:login_url) { uri.merge('wp-login.php').to_s }
before { Browser.instance.max_threads = 1 } before { Browser.instance.max_threads = 1 }
describe '::lines_in_file' do describe '::passwords_from_wordlist' do
it 'returns 5 (1 line is a comment)' do let(:expected) { %w{password1 pa55w0rd admin root kansei£Ô} }
lines = mod.lines_in_file(wordlist) let(:exception) { 'Invalid wordlist, expected String or Array' }
lines.should == 5
after do
if @expected
mod.passwords_from_wordlist(wordlist).should == @expected
else
expect { mod.passwords_from_wordlist(wordlist) }.to raise_error(@exception)
end
end
context 'when the wordlist is a file' do
context 'when encoded with ISO-8859-1' do
let(:wordlist) { wordlist_iso }
it 'returns the expected passwords' do
@expected = expected
end
end
context 'when encoded with UTF-8' do
let(:wordlist) { wordlist_utf8 }
it 'returns the expected passwords' do
@expected = expected
end
end
end
context 'when the wordlist is an Array<String>' do
let(:wordlist) { %w{hello pwet yolo} }
it 'returns it' do
@expected = wordlist
end
end
context 'when the wordlist is invalid' do
let(:wordlist) { 200 }
it 'raises an error' do
@exception = exception
end
end end
end end
@@ -72,40 +113,13 @@ shared_examples 'WpUser::BruteForcable' do
end end
end end
describe 'wordlist charset' do
let(:expected) { %w{password1 pa55w0rd #comment admin root kansei£Ô} }
%w{wordlist-iso-8859-1.txt wordlist-utf-8.txt}.each do |file|
it 'contains the expected lines' do
file = fixtures_dir + '/' + file
charset = File.charset(file)
lines = []
File.open(file, "r:#{charset}").each do |line|
lines << line.encode!('UTF-8').strip!
end
lines.should == expected
end
end
end
describe '#brute_force' do describe '#brute_force' do
let(:passwords) { let(:passwords) { %w{pass1 pass2 yolo kansei£Ô} }
passwords = []
charset = File.charset(wordlist)
File.open(wordlist, "r:#{charset}").each do |line|
line.encode!('UTF-8').strip!
passwords << line unless line[0,1] == '#'
end
passwords
}
let(:login) { 'someuser' } let(:login) { 'someuser' }
after do after do
wp_user.login = login wp_user.login = login
wp_user.brute_force(wordlist) wp_user.brute_force(passwords)
wp_user.password.should == @expected wp_user.password.should == @expected
end end

5
spec/shared_examples/wp_users/brute_forcable.rb
View File

@@ -5,16 +5,19 @@ shared_examples 'WpUsers::BruteForcable' do
describe '#brute_force' do describe '#brute_force' do
let(:range) { (1..10) } let(:range) { (1..10) }
let(:wordlist) { 'somefile.txt'} let(:wordlist) { 'somefile.txt'}
let(:passwords) { %w{password 123456 0000} }
let(:brute_force_opt) { {} } let(:brute_force_opt) { {} }
it 'calls #brute_force on each wp_user' do it 'calls #brute_force on each wp_user' do
range.each do |id| range.each do |id|
wp_user = WpUser.new(uri, id: id) wp_user = WpUser.new(uri, id: id)
wp_user.should_receive(:brute_force).with(wordlist, brute_force_opt) wp_user.should_receive(:brute_force).with(passwords, brute_force_opt)
wp_users << wp_user wp_users << wp_user
end end
WpUser::BruteForcable.stub(:passwords_from_wordlist).with(wordlist).and_return(passwords)
wp_users.brute_force(wordlist, brute_force_opt) wp_users.brute_force(wordlist, brute_force_opt)
end end
end end