-# File lib/common_helper.rb, line 106 +# File lib/common_helper.rb, line 112 def banner() puts '____________________________________________________' puts " __ _______ _____ " @@ -428,7 +426,7 @@-# File lib/common_helper.rb, line 125 +# File lib/common_helper.rb, line 131 def colorize(text, color_code) "\e[#{color_code}m#{text}\e[0m" end@@ -461,7 +459,7 @@-# File lib/common_helper.rb, line 55 +# File lib/common_helper.rb, line 51 def get_equal_string_end(stringarray = [""]) already_found = "" looping = true @@ -514,7 +512,7 @@-# File lib/common_helper.rb, line 133 +# File lib/common_helper.rb, line 139 def green(text) colorize(text, 32) end@@ -541,45 +539,28 @@-command help
+@@ -611,7 +592,7 @@-# File lib/wpscan/wpscan_helper.rb, line 71 +# File lib/wpstools/wpstools_helper.rb, line 46 def help() puts "Help :" puts - puts "Some values are settable in conf/browser.conf.json :" - puts " user-agent, proxy, threads, cache timeout and request timeout" - puts - puts "--update Update to the latest revision" - puts "--url | -u <target url> The WordPress URL/domain to scan." - puts "--force | -f Forces WPScan to not check if the remote site is running WordPress." - puts "--enumerate | -e [option(s)] Enumeration." - puts " option :" - puts " u usernames from id 1 to 10" - puts " u[10-20] usernames from id 10 to 20 (you must write [] chars)" - puts " p plugins" - puts " p! only vulnerable plugins" - puts " t timthumbs" - puts " T themes" - puts " T! only vulnerable themes" - puts " Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins" - puts " If no option is supplied, the default is 'tup!'" - puts - puts "--config-file | -c <config file> Use the specified config file" - puts "--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not" - puts "--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed" - puts "--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed" - puts "--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json)." - puts " HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used" - puts "--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute." - puts "--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)" - puts "--username | -U <username> Only brute force the supplied username." - puts "--help | -h This help screen." - puts "--verbose | -v Verbose output." + puts "--help | -h This help screen." + puts "--Verbose | -v Verbose output." + puts "--update | -u Update to the latest revision." + puts "--generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)" + puts "--gpl Alias for --generate_plugin_list" + puts "--generate_full_plugin_list Generate a new full data/plugins.txt file" + puts "--gfpl Alias for --generate_full_plugin_list" + + puts "--generate_theme_list [number of pages] Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 150)" + puts "--gtl Alias for --generate_theme_list" + puts "--generate_full_theme_list Generate a new full data/themes.txt file" + puts "--gftl Alias for --generate_full_theme_list" puts end-# File lib/common_helper.rb, line 129 +# File lib/common_helper.rb, line 135 def red(text) colorize(text, 31) end@@ -675,54 +656,31 @@-wpscan usage
+diff --git a/doc/WpDetector.html b/doc/WpDetector.html index 55fb879f..7ffb4949 100644 --- a/doc/WpDetector.html +++ b/doc/WpDetector.html @@ -132,6 +132,8 @@-# File lib/wpscan/wpscan_helper.rb, line 24 +# File lib/wpstools/wpstools_helper.rb, line 23 def usage() script_name = $0 - puts "--help or -h for further help." puts - puts "Examples :" + puts "-h for further help." puts - puts "-Do 'non-intrusive' checks ..." - puts "ruby #{script_name} --url www.example.com" + puts "Examples:" puts - puts "-Do wordlist password brute force on enumerated users using 50 threads ..." - puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50" + puts "- Generate a new 'most popular' plugin list, up to 150 pages ..." + puts "ruby " + script_name + " --generate_plugin_list 150" puts - puts "-Do wordlist password brute force on the 'admin' username only ..." - puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin" + puts "- Generate a new full plugin list" + puts "ruby " + script_name + " --generate_full_plugin_list" puts - puts "-Enumerate installed plugins ..." - puts "ruby #{script_name} --url www.example.com --enumerate p" + puts "- Generate a new 'most popular' theme list, up to 150 pages ..." + puts "ruby " + script_name + " --generate_theme_list 150" puts - puts "-Enumerate installed themes ..." - puts "ruby #{script_name} --url www.example.com --enumerate T" - puts - puts "-Enumerate users ..." - puts "ruby #{script_name} --url www.example.com --enumerate u" - puts - puts "-Enumerate installed timthumbs ..." - puts "ruby #{script_name} --url www.example.com --enumerate t" - puts - puts "-Use a HTTP proxy ..." - puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118" - puts - puts "-Use a SOCKS5 proxy ..." - puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000" - puts - puts "-Use custom content directory ..." - puts "ruby #{script_name} -u www.example.com --wp-content-dir custom-content" - puts - puts "-Use custom plugins directory ..." - puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins" - puts - puts "-Update ..." - puts "ruby #{script_name} --update" + puts "- Generate a new full theme list" + puts "ruby " + script_name + " --generate_full_theme_list" puts puts "See README for further information." puts diff --git a/doc/README.html b/doc/README.html index dba47cfd..d8d4d3ab 100644 --- a/doc/README.html +++ b/doc/README.html @@ -88,6 +88,8 @@Svn_Parser +URI +Updater UpdaterFactory @@ -183,12 +185,12 @@ directory. WPScan only supports Ruby => 1.9.-> Installing on Backtrack5 Gnome/KDE 32bit : - sudo apt-get install libcurl4-gnutls-dev + sudo apt-get install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev sudo gem install --user-install mime-types typhoeus nokogiri json -> Installing on Debian/Ubuntu : - sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby + sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev sudo gem install typhoeus nokogiri json -> Installing on other nix : (not tested) @@ -230,6 +232,8 @@ WordPress. p plugins p! only vulnerable plugins t timthumbs + T themes + T! only vulnerable themes Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins If no option is supplied, the default is 'tup!'diff --git a/doc/RpcClient.html b/doc/RpcClient.html index 1402ac61..26753652 100644 --- a/doc/RpcClient.html +++ b/doc/RpcClient.html @@ -156,6 +156,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/SvnUpdater.html b/doc/SvnUpdater.html index be911f42..4dc42843 100644 --- a/doc/SvnUpdater.html +++ b/doc/SvnUpdater.html @@ -134,6 +134,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/Svn_Parser.html b/doc/Svn_Parser.html index 42dfdb12..899038e7 100644 --- a/doc/Svn_Parser.html +++ b/doc/Svn_Parser.html @@ -132,6 +132,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/URI.html b/doc/URI.html new file mode 100644 index 00000000..b6775b6b --- /dev/null +++ b/doc/URI.html @@ -0,0 +1,254 @@ + + + + + + +Module: URI + + + + + + + + + + + ++ + ++ +++ +++ + +In Files
++++ +
+- lib/common_helper.rb
+ ++ + + + + + + + ++ +++ + + +Methods
++ +
+- ::escape
+ ++ + + + + ++++ + +Class/Module Index +
+ + ++ +
+ +- Array
+ +- Browser
+ +- BruteForce
+ +- CacheFileStore
+ +- Exploit
+ +- Generate_List
+ +- GitUpdater
+ +- Malwares
+ +- Object
+ +- RpcClient
+ +- SvnUpdater
+ +- Svn_Parser
+ +- URI
+ +- Updater
+ +- UpdaterFactory
+ +- Vulnerable
+ +- WebSite
+ +- WpConfigBackup
+ +- WpDetector
+ +- WpEnumerator
+ +- WpFullPathDisclosure
+ +- WpItem
+ +- WpLoginProtection
+ +- WpOptions
+ +- WpPlugin
+ +- WpPlugins
+ +- WpReadme
+ +- WpTarget
+ +- WpTheme
+ +- WpThemes
+ +- WpTimthumbs
+ +- WpUser
+ +- WpUsernames
+ +- WpVersion
+ +- WpVulnerability
+ +- WpscanOptions
+ +++ +URI
+ ++ ++ + + + + + + ++ ++ + + + diff --git a/doc/Updater.html b/doc/Updater.html index 590e8588..79895e03 100644 --- a/doc/Updater.html +++ b/doc/Updater.html @@ -138,6 +138,8 @@Generated with the Darkfish + Rdoc Generator 2.
+Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/UpdaterFactory.html b/doc/UpdaterFactory.html index c1759ba1..6b4c4cc7 100644 --- a/doc/UpdaterFactory.html +++ b/doc/UpdaterFactory.html @@ -132,6 +132,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/Vulnerable.html b/doc/Vulnerable.html index 4277cbe9..dc56b760 100644 --- a/doc/Vulnerable.html +++ b/doc/Vulnerable.html @@ -130,6 +130,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WebSite.html b/doc/WebSite.html index dcf80a41..920741b7 100644 --- a/doc/WebSite.html +++ b/doc/WebSite.html @@ -128,6 +128,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpConfigBackup.html b/doc/WpConfigBackup.html index dd5ec418..b60309f3 100644 --- a/doc/WpConfigBackup.html +++ b/doc/WpConfigBackup.html @@ -124,6 +124,8 @@Svn_Parser +URI +Updater UpdaterFactory @@ -227,7 +229,7 @@ %{ wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig - wp-config.orig wp-config.php.original wp-config.original + wp-config.orig wp-config.php.original wp-config.original wp-config.txt } # thanks to Feross.org for these endSvn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpEnumerator.html b/doc/WpEnumerator.html index e4aab697..28d21739 100644 --- a/doc/WpEnumerator.html +++ b/doc/WpEnumerator.html @@ -132,6 +132,8 @@Svn_Parser +URI +Updater UpdaterFactory @@ -279,9 +281,9 @@ request_count += 1 request.on_complete do |response| - if options[:show_progress_bar] - print "\rChecking for #{enumerate_size} total #{options[:type]}... #{(request_count * 100) / enumerate_size}% complete." - end + + print "\rChecking for #{enumerate_size} total #{options[:type]}... #{(request_count * 100) / enumerate_size}% complete." if options[:show_progress_bar] + if WpTarget.valid_response_codes.include?(response.code) if Digest::MD5.hexdigest(response.body) != options[:error_404_hash] found << target diff --git a/doc/WpFullPathDisclosure.html b/doc/WpFullPathDisclosure.html index cf0b7495..a188c45e 100644 --- a/doc/WpFullPathDisclosure.html +++ b/doc/WpFullPathDisclosure.html @@ -124,6 +124,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpItem.html b/doc/WpItem.html index 71de90c0..f95ca7ca 100644 --- a/doc/WpItem.html +++ b/doc/WpItem.html @@ -158,6 +158,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpLoginProtection.html b/doc/WpLoginProtection.html new file mode 100644 index 00000000..78dc3bec --- /dev/null +++ b/doc/WpLoginProtection.html @@ -0,0 +1,774 @@ + + + + + + +Module: WpLoginProtection + + + + + + + + + + + ++ + ++ +++ +++ + +In Files
++ +++ + + + + + + + ++ +++ + + +Methods
++ +
+- #better_wp_security_url
+ +- #bluetrait_event_viewer_url
+ +- #has_better_wp_security_protection?
+ +- #has_bluetrait_event_viewer_protection?
+ +- #has_limit_login_attempts_protection?
+ +- #has_login_lock_protection?
+ +- #has_login_lockdown_protection?
+ +- #has_login_protection?
+ +- #has_login_security_solution_protection?
+ +- #has_simple_login_lockdown_protection?
+ +- #limit_login_attempts_url
+ +- #login_protection_plugin
+ +- #login_security_solution_url
+ +- #simple_login_lockdown_url
+ ++ + + + + ++++ + +Class/Module Index +
+ + ++ +
+ +- Array
+ +- Browser
+ +- BruteForce
+ +- CacheFileStore
+ +- Exploit
+ +- Generate_List
+ +- GitUpdater
+ +- Malwares
+ +- Object
+ +- RpcClient
+ +- SvnUpdater
+ +- Svn_Parser
+ +- URI
+ +- Updater
+ +- UpdaterFactory
+ +- Vulnerable
+ +- WebSite
+ +- WpConfigBackup
+ +- WpDetector
+ +- WpEnumerator
+ +- WpFullPathDisclosure
+ +- WpItem
+ +- WpLoginProtection
+ +- WpOptions
+ +- WpPlugin
+ +- WpPlugins
+ +- WpReadme
+ +- WpTarget
+ +- WpTheme
+ +- WpThemes
+ +- WpTimthumbs
+ +- WpUser
+ +- WpUsernames
+ +- WpVersion
+ +- WpVulnerability
+ +- WpscanOptions
+ +++ +WpLoginProtection
+ ++ ++ + + + ++ + + + + + ++ + +++ + + + + + +Constants
++ +
+- LOGIN_PROTECTION_METHOD_PATTERN
+ + + + +++ +Public Instance Methods
+ + ++ + + ++ + ++ has_login_protection?() + click to toggle source ++ + ++ + + + + ++ + + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 25 +def has_login_protection? + !login_protection_plugin().nil? +end++ + + ++ + ++ login_protection_plugin() + click to toggle source ++ + ++ ++ + + + +Checks if a login protection plugin is enabled code.google.com/p/wpscan/issues/detail?id=111 +return a WpPlugin object or nil if no one is +found
+ + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 32 +def login_protection_plugin + unless @login_protection_plugin + protected_methods.grep(LOGIN_PROTECTION_METHOD_PATTERN).each do |symbol_to_call| + + if send(symbol_to_call) + plugin_name = symbol_to_call[LOGIN_PROTECTION_METHOD_PATTERN, 1].gsub('_', '-') + + return @login_protection_plugin = WpPlugin.new( + :name => plugin_name, + :base_url => @uri, + :path => "/plugins/#{plugin_name}/", + :wp_content_dir => @wp_content_dir + ) + end + end + @login_protection_plugin = nil + end + @login_protection_plugin +end+++ +Protected Instance Methods
+ + ++ + + ++ + ++ better_wp_security_url() + click to toggle source ++ + ++ + + + + ++ + + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 69 +def better_wp_security_url + WpPlugin.new(:wp_content_dir => @wp_content_dir, + :base_url => @uri, + :path => "/plugins/better-wp-security/", + :name => "better-wp-security" + ).get_url_without_filename +end++ + + ++ + ++ bluetrait_event_viewer_url() + click to toggle source ++ + ++ + + + + ++ + + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 121 +def bluetrait_event_viewer_url + WpPlugin.new(:wp_content_dir => @wp_content_dir, + :base_url => @uri, + :path => "/plugins/bluetrait-event-viewer/", + :name => "bluetrait-event-viewer" + ).get_url_without_filename +end++ + + ++ + ++ has_better_wp_security_protection?() + click to toggle source ++ + ++ ++ + + + +wordpress.org/extend/plugins/better-wp-security/
+ + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 65 +def has_better_wp_security_protection? + Browser.instance.get(better_wp_security_url()).code != 404 +end++ + + ++ + ++ has_bluetrait_event_viewer_protection?() + click to toggle source ++ + ++ ++ + + + +wordpress.org/extend/plugins/bluetrait-event-viewer/
+ + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 117 +def has_bluetrait_event_viewer_protection? + Browser.instance.get(bluetrait_event_viewer_url()).code != 404 +end++ + + ++ + ++ has_limit_login_attempts_protection?() + click to toggle source ++ + ++ ++ + + + +wordpress.org/extend/plugins/limit-login-attempts/
+ + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 104 +def has_limit_login_attempts_protection? + Browser.instance.get(limit_login_attempts_url()).code != 404 +end++ + + ++ + ++ has_login_lock_protection?() + click to toggle source ++ + ++ ++ + + + +wordpress.org/extend/plugins/login-lock/
+ + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 60 +def has_login_lock_protection? + Browser.instance.get(login_url()).body =~ %{LOGIN LOCK} ? true : false +end++ + + ++ + ++ has_login_lockdown_protection?() + click to toggle source ++ + ++ ++ + + + +Thanks to Alip Aswalid for providing this method. wordpress.org/extend/plugins/login-lockdown/
+ + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 55 +def has_login_lockdown_protection? + Browser.instance.get(login_url()).body =~ %{Login LockDown} ? true : false +end++ + + ++ + ++ has_login_security_solution_protection?() + click to toggle source ++ + ++ ++ + + + +wordpress.org/extend/plugins/login-security-solution/
+ + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 91 +def has_login_security_solution_protection? + Browser.instance.get(login_security_solution_url()).code != 404 +end++ + + ++ + ++ has_simple_login_lockdown_protection?() + click to toggle source ++ + ++ ++ + + + +wordpress.org/extend/plugins/simple-login-lockdown/
+ + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 78 +def has_simple_login_lockdown_protection? + Browser.instance.get(simple_login_lockdown_url()).code != 404 +end++ + + ++ + ++ limit_login_attempts_url() + click to toggle source ++ + ++ + + + + ++ + + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 108 +def limit_login_attempts_url + WpPlugin.new(:wp_content_dir => @wp_content_dir, + :base_url => @uri, + :path => "/plugins/limit-login-attempts/", + :name => "limit-login-attempts" + ).get_url_without_filename +end++ + + ++ + ++ login_security_solution_url() + click to toggle source ++ + ++ + + + + ++ + + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 95 +def login_security_solution_url + WpPlugin.new(:wp_content_dir => @wp_content_dir, + :base_url => @uri, + :path => "/plugins/login-security-solution/", + :name => "login-security-solution" + ).get_url_without_filename +end++ + + ++ + ++ simple_login_lockdown_url() + click to toggle source ++ + ++ + + + + ++ + + + +++ ++# File lib/wpscan/modules/wp_login_protection.rb, line 82 +def simple_login_lockdown_url + WpPlugin.new(:wp_content_dir => @wp_content_dir, + :base_url => @uri, + :path => "/plugins/simple-login-lockdown/", + :name => "simple-login-lockdown" + ).get_url_without_filename +end++ ++ + + + diff --git a/doc/WpOptions.html b/doc/WpOptions.html index 95da2aab..a3f8411c 100644 --- a/doc/WpOptions.html +++ b/doc/WpOptions.html @@ -130,6 +130,8 @@Generated with the Darkfish + Rdoc Generator 2.
+Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpPlugin.html b/doc/WpPlugin.html index c8b0cbd9..05bdee8f 100644 --- a/doc/WpPlugin.html +++ b/doc/WpPlugin.html @@ -134,6 +134,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpPlugins.html b/doc/WpPlugins.html index 2c845832..86dd9c48 100644 --- a/doc/WpPlugins.html +++ b/doc/WpPlugins.html @@ -124,6 +124,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpReadme.html b/doc/WpReadme.html index 2ccec6db..bb4cea15 100644 --- a/doc/WpReadme.html +++ b/doc/WpReadme.html @@ -124,6 +124,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpTarget.html b/doc/WpTarget.html index 7d61e87d..2a28d1ed 100644 --- a/doc/WpTarget.html +++ b/doc/WpTarget.html @@ -214,6 +214,8 @@Svn_Parser +URI +Updater UpdaterFactory @@ -355,6 +357,7 @@ @verbose = options[:verbose] @wp_content_dir = options[:wp_content_dir] @wp_plugins_dir = options[:wp_plugins_dir] + @multisite = nil Browser.instance(options.merge(:max_threads => options[:threads])) end @@ -387,7 +390,7 @@-# File lib/wpscan/wp_target.rb, line 76 +# File lib/wpscan/wp_target.rb, line 77 def self.valid_response_codes [200, 403, 301, 302, 500] end@@ -426,7 +429,7 @@-# File lib/wpscan/wp_target.rb, line 122 +# File lib/wpscan/wp_target.rb, line 123 def debug_log_url @uri.merge("#{wp_content_dir()}/debug.log").to_s end@@ -459,7 +462,7 @@-# File lib/wpscan/wp_target.rb, line 63 +# File lib/wpscan/wp_target.rb, line 64 def error_404_hash unless @error_404_hash non_existant_page = Digest::MD5.hexdigest(rand(9999999999).to_s) + ".html" @@ -500,7 +503,7 @@-# File lib/wpscan/wp_target.rb, line 116 +# File lib/wpscan/wp_target.rb, line 117 def has_debug_log? # We only get the first 700 bytes of the file to avoid loading huge file (like 2Go) response_body = Browser.instance.get(debug_log_url(), :headers => {"range" => "bytes=0-700"}).body @@ -535,7 +538,7 @@-# File lib/wpscan/wp_target.rb, line 161 +# File lib/wpscan/wp_target.rb, line 162 def is_multisite? unless @multisite # when multi site, there is no redirection or a redirect to the site itself @@ -583,7 +586,7 @@-# File lib/wpscan/wp_target.rb, line 50 +# File lib/wpscan/wp_target.rb, line 51 def login_url url = @uri.merge("wp-login.php").to_s @@ -624,7 +627,7 @@-# File lib/wpscan/wp_target.rb, line 139 +# File lib/wpscan/wp_target.rb, line 140 def registration_enabled? resp = Browser.instance.get(registration_url) # redirect only on non multi sites @@ -671,7 +674,7 @@-# File lib/wpscan/wp_target.rb, line 157 +# File lib/wpscan/wp_target.rb, line 158 def registration_url is_multisite? ? @uri.merge("wp-signup.php") : @uri.merge("wp-login.php?action=register") end@@ -704,7 +707,7 @@-# File lib/wpscan/wp_target.rb, line 133 +# File lib/wpscan/wp_target.rb, line 134 def search_replace_db_2_exists? resp = Browser.instance.get(search_replace_db_2_url) resp.code == 200 && resp.body[%{by interconnect}] @@ -740,7 +743,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"-# File lib/wpscan/wp_target.rb, line 129 +# File lib/wpscan/wp_target.rb, line 130 def search_replace_db_2_url @uri.merge("searchreplacedb2.php").to_s end@@ -773,7 +776,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"-# File lib/wpscan/wp_target.rb, line 81 +# File lib/wpscan/wp_target.rb, line 82 def theme WpTheme.find(@uri) end@@ -806,7 +809,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"-# File lib/wpscan/wp_target.rb, line 46 +# File lib/wpscan/wp_target.rb, line 47 def url @uri.to_s end@@ -839,7 +842,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"-# File lib/wpscan/wp_target.rb, line 86 +# File lib/wpscan/wp_target.rb, line 87 def version WpVersion.find(@uri, wp_content_dir) end@@ -872,14 +875,14 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"-# File lib/wpscan/wp_target.rb, line 90 +# File lib/wpscan/wp_target.rb, line 91 def wp_content_dir unless @wp_content_dir index_body = Browser.instance.get(@uri.to_s).body # Only use the path because domain can be text or an ip uri_path = @uri.path - if index_body[/#{Regexp.escape(uri_path)}\/wp-content\/(?:themes|plugins)\//] + if index_body[/\/wp-content\/(?:themes|plugins)\//] @wp_content_dir = "wp-content" else @wp_content_dir = index_body[/(?:href|src)\s*=\s*(?:"|').+#{Regexp.escape(uri_path)}([^"']+)\/(?:themes|plugins)\/.*(?:"|')/, 1] @@ -916,7 +919,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"-# File lib/wpscan/wp_target.rb, line 105 +# File lib/wpscan/wp_target.rb, line 106 def wp_plugins_dir unless @wp_plugins_dir @wp_plugins_dir = "#{wp_content_dir}/plugins" @@ -952,7 +955,7 @@ href="http://interconnectit.com/124/search-and-replace-for-wordpress-databases/"-# File lib/wpscan/wp_target.rb, line 112 +# File lib/wpscan/wp_target.rb, line 113 def wp_plugins_dir_exists? Browser.instance.get(@uri.merge(wp_plugins_dir)).code != 404 enddiff --git a/doc/WpTheme.html b/doc/WpTheme.html index 7998da6c..df7ec69c 100644 --- a/doc/WpTheme.html +++ b/doc/WpTheme.html @@ -138,6 +138,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpThemes.html b/doc/WpThemes.html new file mode 100644 index 00000000..edfe82a9 --- /dev/null +++ b/doc/WpThemes.html @@ -0,0 +1,316 @@ + + + + + + +Module: WpThemes + + + + + + + + + + + ++ + ++ +++ +++ + +In Files
++++ +
+- lib/wpscan/modules/wp_themes.rb
+ ++ + + + + + + + ++ +++ + + +Methods
+ ++ + + + + ++++ + +Class/Module Index +
+ + ++ +
+ +- Array
+ +- Browser
+ +- BruteForce
+ +- CacheFileStore
+ +- Exploit
+ +- Generate_List
+ +- GitUpdater
+ +- Malwares
+ +- Object
+ +- RpcClient
+ +- SvnUpdater
+ +- Svn_Parser
+ +- URI
+ +- Updater
+ +- UpdaterFactory
+ +- Vulnerable
+ +- WebSite
+ +- WpConfigBackup
+ +- WpDetector
+ +- WpEnumerator
+ +- WpFullPathDisclosure
+ +- WpItem
+ +- WpLoginProtection
+ +- WpOptions
+ +- WpPlugin
+ +- WpPlugins
+ +- WpReadme
+ +- WpTarget
+ +- WpTheme
+ +- WpThemes
+ +- WpTimthumbs
+ +- WpUser
+ +- WpUsernames
+ +- WpVersion
+ +- WpVulnerability
+ +- WpscanOptions
+ +++ +WpThemes
+ ++ ++ + + + ++ + + + + + + + + + ++ + +++ +Public Instance Methods
+ + ++ + + ++ + ++ themes_from_aggressive_detection(options) + click to toggle source ++ + ++ + + + + ++ + + + +++ ++# File lib/wpscan/modules/wp_themes.rb, line 21 +def themes_from_aggressive_detection(options) + options[:file] = options[:file] || "#{DATA_DIR}/themes.txt" + options[:vulns_file] = (options[:vulns_file] != nil and options[:vulns_file] != "") ? + options[:vulns_file] : DATA_DIR + "/wp_theme_vulns.xml" + options[:vulns_xpath] = "//theme[@name='#{@name}']/vulnerability" + options[:vulns_xpath_2] = "//theme" + options[:type] = "themes" + result = WpDetector.aggressive_detection(options) + themes = [] + result.each do |r| + themes << WpTheme.new( + :base_url => r.base_url, + :path => r.path, + :wp_content_dir => r.wp_content_dir, + :name => r.name + ) + end + themes.sort_by { |t| t.name } +end++ + + ++ + ++ themes_from_passive_detection(options) + click to toggle source ++ + ++ + + + + ++ + + + +++ ++# File lib/wpscan/modules/wp_themes.rb, line 41 +def themes_from_passive_detection(options) + themes = [] + temp = WpDetector.passive_detection(options[:base_url], "themes", options[:wp_content_dir]) + + temp.each do |item| + themes << WpTheme.new( + :base_url => item.base_url, + :name => item.name, + :path => item.path, + :wp_content_dir => options[:wp_content_dir] + ) + end + themes.sort_by { |t| t.name } +end++ ++ + + + diff --git a/doc/WpTimthumbs.html b/doc/WpTimthumbs.html index a311a682..4ee88faf 100644 --- a/doc/WpTimthumbs.html +++ b/doc/WpTimthumbs.html @@ -126,6 +126,8 @@Generated with the Darkfish + Rdoc Generator 2.
+Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpUser.html b/doc/WpUser.html new file mode 100644 index 00000000..4bf648a1 --- /dev/null +++ b/doc/WpUser.html @@ -0,0 +1,433 @@ + + + + + + +Class: WpUser + + + + + + + + + + + ++ + ++ +++ +++ + +In Files
++++ +
+- lib/wpscan/wp_user.rb
+ ++ + ++ +++ + + + + + + + + + + + +Parent
+ + + ++ + + + + ++++ + +Class/Module Index +
+ + ++ +
+ +- Array
+ +- Browser
+ +- BruteForce
+ +- CacheFileStore
+ +- Exploit
+ +- Generate_List
+ +- GitUpdater
+ +- Malwares
+ +- Object
+ +- RpcClient
+ +- SvnUpdater
+ +- Svn_Parser
+ +- URI
+ +- Updater
+ +- UpdaterFactory
+ +- Vulnerable
+ +- WebSite
+ +- WpConfigBackup
+ +- WpDetector
+ +- WpEnumerator
+ +- WpFullPathDisclosure
+ +- WpItem
+ +- WpLoginProtection
+ +- WpOptions
+ +- WpPlugin
+ +- WpPlugins
+ +- WpReadme
+ +- WpTarget
+ +- WpTheme
+ +- WpThemes
+ +- WpTimthumbs
+ +- WpUser
+ +- WpUsernames
+ +- WpVersion
+ +- WpVulnerability
+ +- WpscanOptions
+ +++ +WpUser
+ ++ ++ + + + ++ + + + + + + + ++ + +++ + + + +Attributes
+ + + + + + + + +++ +Public Class Methods
+ + + + + +++ +Public Instance Methods
+ + ++ + + ++ + + + + + + + ++ <=>(item) + click to toggle source ++ + ++ + + + + ++ + + + +++ ++# File lib/wpscan/wp_user.rb, line 28 +def <=>(item) + item.name <=> @name +end++ ++ + + + diff --git a/doc/WpUsernames.html b/doc/WpUsernames.html index 79bda99b..fb7a4cc1 100644 --- a/doc/WpUsernames.html +++ b/doc/WpUsernames.html @@ -132,6 +132,8 @@Generated with the Darkfish + Rdoc Generator 2.
+Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpVersion.html b/doc/WpVersion.html index ed12430c..1e3d4dc4 100644 --- a/doc/WpVersion.html +++ b/doc/WpVersion.html @@ -146,6 +146,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpVulnerability.html b/doc/WpVulnerability.html index 643cdf41..76baeded 100644 --- a/doc/WpVulnerability.html +++ b/doc/WpVulnerability.html @@ -130,6 +130,8 @@Svn_Parser +URI +Updater UpdaterFactory diff --git a/doc/WpscanOptions.html b/doc/WpscanOptions.html index 003b1e9c..bdc44541 100644 --- a/doc/WpscanOptions.html +++ b/doc/WpscanOptions.html @@ -164,6 +164,8 @@Svn_Parser +URI +Updater UpdaterFactory @@ -276,7 +278,7 @@ href="WpscanOptions.html">WpscanOptions@@ -359,7 +363,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 129 +# File lib/wpscan/wpscan_options.rb, line 131 def self.load_from_arguments wpscan_options = WpscanOptions.new @@ -319,7 +321,9 @@ href="WpscanOptions.html">WpscanOptions# File lib/wpscan/wpscan_options.rb, line 47 def initialize - + ACCESSOR_OPTIONS.each do |option| + instance_variable_set("@#{option}", nil) + end end-# File lib/wpscan/wpscan_options.rb, line 217 +# File lib/wpscan/wpscan_options.rb, line 219 def self.clean_option(option) cleaned_option = option.gsub(/^--?/, '') cleaned_option.gsub(/-/, '_') @@ -394,7 +398,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 189 +# File lib/wpscan/wpscan_options.rb, line 191 def self.get_opt_long GetoptLong.new( ["--url", "-u", GetoptLong::REQUIRED_ARGUMENT], @@ -442,7 +446,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 208 +# File lib/wpscan/wpscan_options.rb, line 210 def self.is_long_option?(option) ACCESSOR_OPTIONS.include?(:"#{WpscanOptions.clean_option(option)}") end@@ -475,7 +479,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 222 +# File lib/wpscan/wpscan_options.rb, line 224 def self.option_to_instance_variable_setter(option) cleaned_option = WpscanOptions.clean_option(option) option_syms = ACCESSOR_OPTIONS.grep(%{^#{cleaned_option}}) @@ -517,7 +521,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 85 +# File lib/wpscan/wpscan_options.rb, line 87 def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins) if enumerate_only_vulnerable_plugins === true and @enumerate_plugins === true raise "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one" @@ -554,7 +558,7 @@ any remaining ‘-’ by ‘_’-# File lib/wpscan/wpscan_options.rb, line 101 +# File lib/wpscan/wpscan_options.rb, line 103 def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes) if enumerate_only_vulnerable_themes === true and @enumerate_themes === true raise "You can't enumerate themes and only vulnerable themes at the same time, please choose only one" @@ -595,7 +599,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 164 +# File lib/wpscan/wpscan_options.rb, line 166 def enumerate_options_from_string(value) # Usage of self is mandatory because there are overridden setters self.enumerate_only_vulnerable_plugins = true if value =~ /p!/ @@ -647,7 +651,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 77 +# File lib/wpscan/wpscan_options.rb, line 79 def enumerate_plugins=(enumerate_plugins) if enumerate_plugins === true and @enumerate_only_vulnerable_plugins === true raise "You can't enumerate plugins and only vulnerable plugins at the same time, please choose only one" @@ -684,7 +688,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 93 +# File lib/wpscan/wpscan_options.rb, line 95 def enumerate_themes=(enumerate_themes) if enumerate_themes === true and @enumerate_only_vulnerable_themes === true raise "You can't enumerate themes and only vulnerable themes at the same time, please choose only one" @@ -721,7 +725,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 109 +# File lib/wpscan/wpscan_options.rb, line 111 def has_options? !to_h.empty? end@@ -754,7 +758,7 @@ href="http://1-10">u will enumerate usernames from 1 to 10-# File lib/wpscan/wpscan_options.rb, line 69 +# File lib/wpscan/wpscan_options.rb, line 71 def proxy=(proxy) if proxy.index(':') == nil raise "Invalid proxy format. Should be host:port." @@ -792,7 +796,7 @@ value-# File lib/wpscan/wpscan_options.rb, line 143 +# File lib/wpscan/wpscan_options.rb, line 145 def set_option_from_cli(cli_option, cli_value) if WpscanOptions.is_long_option?(cli_option) @@ -838,7 +842,7 @@ value-# File lib/wpscan/wpscan_options.rb, line 57 +# File lib/wpscan/wpscan_options.rb, line 59 def threads=(threads) @threads = threads.is_a?(Integer) ? threads : threads.to_i end@@ -871,7 +875,7 @@ value-# File lib/wpscan/wpscan_options.rb, line 114 +# File lib/wpscan/wpscan_options.rb, line 116 def to_h options = {} @@ -913,7 +917,7 @@ value-# File lib/wpscan/wpscan_options.rb, line 51 +# File lib/wpscan/wpscan_options.rb, line 53 def url=(url) raise "Empty URL given" if !url @@ -948,7 +952,7 @@ value-# File lib/wpscan/wpscan_options.rb, line 61 +# File lib/wpscan/wpscan_options.rb, line 63 def wordlist=(wordlist) if File.exists?(wordlist) @wordlist = wordlist diff --git a/doc/created.rid b/doc/created.rid index 9eb437d9..0fff15ca 100644 --- a/doc/created.rid +++ b/doc/created.rid @@ -1,43 +1,43 @@ -Mon, 24 Sep 2012 23:03:20 +0200 -./CREDITS Mon, 17 Sep 2012 20:18:24 +0200 -./Gemfile Sat, 22 Sep 2012 00:14:07 +0200 -./lib/browser.rb Sat, 22 Sep 2012 15:51:15 +0200 -./lib/cache_file_store.rb Sat, 22 Sep 2012 15:00:03 +0200 -./lib/common_helper.rb Sat, 22 Sep 2012 16:08:50 +0200 -./lib/environment.rb Sat, 22 Sep 2012 09:22:22 +0200 -./lib/updater/git_updater.rb Sat, 15 Sep 2012 08:00:23 +0200 -./lib/updater/svn_updater.rb Sat, 22 Sep 2012 15:04:12 +0200 -./lib/updater/updater.rb Sat, 15 Sep 2012 08:00:40 +0200 -./lib/updater/updater_factory.rb Sat, 15 Sep 2012 08:00:46 +0200 -./lib/wpscan/exploit.rb Fri, 21 Sep 2012 23:23:55 +0200 -./lib/wpscan/modules/brute_force.rb Sat, 22 Sep 2012 00:10:17 +0200 -./lib/wpscan/modules/malwares.rb Sat, 22 Sep 2012 15:01:32 +0200 -./lib/wpscan/modules/web_site.rb Sat, 22 Sep 2012 16:18:55 +0200 -./lib/wpscan/modules/wp_config_backup.rb Sat, 22 Sep 2012 15:01:32 +0200 -./lib/wpscan/modules/wp_full_path_disclosure.rb Sat, 15 Sep 2012 08:01:17 +0200 -./lib/wpscan/modules/wp_login_protection.rb Sun, 23 Sep 2012 19:38:40 +0200 -./lib/wpscan/modules/wp_plugins.rb Sun, 23 Sep 2012 20:20:17 +0200 -./lib/wpscan/modules/wp_readme.rb Sat, 15 Sep 2012 08:01:52 +0200 -./lib/wpscan/modules/wp_themes.rb Sun, 23 Sep 2012 19:41:17 +0200 -./lib/wpscan/modules/wp_timthumbs.rb Sun, 23 Sep 2012 19:40:38 +0200 -./lib/wpscan/modules/wp_usernames.rb Sat, 22 Sep 2012 15:01:32 +0200 -./lib/wpscan/msfrpc_client.rb Fri, 21 Sep 2012 23:32:27 +0200 -./lib/wpscan/vulnerable.rb Sat, 22 Sep 2012 21:23:01 +0200 -./lib/wpscan/wp_detector.rb Sun, 23 Sep 2012 19:40:56 +0200 -./lib/wpscan/wp_enumerator.rb Sun, 23 Sep 2012 22:46:23 +0200 -./lib/wpscan/wp_item.rb Sun, 23 Sep 2012 21:47:56 +0200 -./lib/wpscan/wp_options.rb Sun, 23 Sep 2012 19:35:16 +0200 -./lib/wpscan/wp_plugin.rb Sun, 23 Sep 2012 19:59:17 +0200 -./lib/wpscan/wp_target.rb Mon, 24 Sep 2012 22:32:05 +0200 -./lib/wpscan/wp_theme.rb Sun, 23 Sep 2012 19:56:18 +0200 -./lib/wpscan/wp_user.rb Sat, 22 Sep 2012 16:12:25 +0200 -./lib/wpscan/wp_version.rb Mon, 24 Sep 2012 18:06:00 +0200 -./lib/wpscan/wp_vulnerability.rb Sat, 22 Sep 2012 16:11:58 +0200 -./lib/wpscan/wpscan_helper.rb Sun, 23 Sep 2012 23:14:35 +0200 -./lib/wpscan/wpscan_options.rb Sat, 22 Sep 2012 15:01:32 +0200 -./lib/wpstools/generate_list.rb Sat, 22 Sep 2012 16:10:07 +0200 -./lib/wpstools/parse_svn.rb Sat, 22 Sep 2012 16:10:30 +0200 -./lib/wpstools/wpstools_helper.rb Sat, 22 Sep 2012 15:00:03 +0200 -./README Thu, 13 Sep 2012 22:54:08 +0200 -./wpscan.rb Mon, 24 Sep 2012 22:53:35 +0200 -./wpstools.rb Sat, 22 Sep 2012 14:59:30 +0200 +Tue, 23 Oct 2012 18:39:03 +0200 +./lib/environment.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/updater/updater.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/updater/svn_updater.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/updater/git_updater.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/updater/updater_factory.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/cache_file_store.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/browser.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpstools/parse_svn.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpstools/wpstools_helper.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpstools/generate_list.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wp_user.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/modules/malwares.rb Tue, 23 Oct 2012 16:21:49 +0200 +./lib/wpscan/modules/wp_full_path_disclosure.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/modules/wp_config_backup.rb Tue, 23 Oct 2012 16:18:23 +0200 +./lib/wpscan/modules/wp_themes.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/modules/web_site.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/modules/wp_plugins.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/modules/brute_force.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/modules/wp_readme.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/modules/wp_usernames.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/modules/wp_login_protection.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/modules/wp_timthumbs.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wp_enumerator.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wp_item.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/vulnerable.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wp_options.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wp_theme.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wpscan_helper.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wp_vulnerability.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/msfrpc_client.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wp_detector.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/exploit.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wp_plugin.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wp_version.rb Tue, 23 Oct 2012 12:20:01 +0200 +./lib/wpscan/wp_target.rb Tue, 23 Oct 2012 16:19:38 +0200 +./lib/wpscan/wpscan_options.rb Tue, 23 Oct 2012 15:45:42 +0200 +./lib/common_helper.rb Tue, 23 Oct 2012 18:38:13 +0200 +./README Tue, 23 Oct 2012 12:20:01 +0200 +./Gemfile Tue, 23 Oct 2012 15:34:39 +0200 +./wpscan.rb Tue, 23 Oct 2012 12:20:01 +0200 +./wpstools.rb Tue, 23 Oct 2012 12:20:01 +0200 +./CREDITS Tue, 23 Oct 2012 12:20:01 +0200 diff --git a/doc/index.html b/doc/index.html index 21ff156f..4e478009 100644 --- a/doc/index.html +++ b/doc/index.html @@ -66,6 +66,8 @@Svn_Parser +URI +Updater UpdaterFactory @@ -129,6 +131,8 @@::enumerate — WpEnumerator +::escape — URI +::find — WpTheme ::find — WpVersion @@ -167,9 +171,13 @@::malwares_file — Malwares -::new — WpPlugin +::new — WpscanOptions -::new — Generate_List +::new — RpcClient + +::new — WpVulnerability + +::new — Svn_Parser ::new — WpTarget @@ -177,24 +185,20 @@::new — Exploit -::new — WpUser - -::new — Svn_Parser - -::new — WpscanOptions - -::new — WpVulnerability - -::new — Updater - -::new — RpcClient -::new — WpTheme +::new — Generate_List +::new — WpItem +::new — WpPlugin +::new — WpVersion +::new — WpUser + +::new — Updater +::option_to_instance_variable_setter — WpscanOptions ::passive_detection — WpDetector @@ -337,10 +341,10 @@#has_options? — WpscanOptions -#has_readme? — WpItem -#has_readme? — WpReadme +#has_readme? — WpItem +#has_simple_login_lockdown_protection? — WpLoginProtection #has_timthumbs? — WpTimthumbs @@ -373,12 +377,12 @@#load_config — Browser -#local_revision_number — Updater -#local_revision_number — SvnUpdater #local_revision_number — GitUpdater +#local_revision_number — Updater +#login — RpcClient #login_protection_plugin — WpLoginProtection @@ -397,10 +401,10 @@#meterpreter_read — Exploit -#meterpreter_write — RpcClient -#meterpreter_write — Exploit +#meterpreter_write — RpcClient +#parse — Svn_Parser #plugins_from_aggressive_detection — WpPlugins @@ -419,10 +423,10 @@#read_shell — Exploit -#readme_url — WpItem -#readme_url — WpReadme +#readme_url — WpItem +#red — Object #redirection — WebSite @@ -445,10 +449,10 @@#session_count — Exploit -#sessions — Exploit -#sessions — RpcClient +#sessions — Exploit +#set_option_from_cli — WpscanOptions #simple_login_lockdown_url — WpLoginProtection @@ -471,12 +475,12 @@#to_s — WpItem +#update — GitUpdater +#update — Updater #update — SvnUpdater -#update — GitUpdater -#url — WpTarget #url= — WpscanOptions @@ -505,10 +509,10 @@#write_entry — CacheFileStore -#write_shell — RpcClient -#write_shell — Exploit +#write_shell — RpcClient +#xmlrpc_url — WebSite diff --git a/doc/lib/browser_rb.html b/doc/lib/browser_rb.html index f0096ce8..869f89d6 100644 --- a/doc/lib/browser_rb.html +++ b/doc/lib/browser_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 15:51:15 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/cache_file_store_rb.html b/doc/lib/cache_file_store_rb.html index 595a337e..d6d0dd1f 100644 --- a/doc/lib/cache_file_store_rb.html +++ b/doc/lib/cache_file_store_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 15:00:03 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/common_helper_rb.html b/doc/lib/common_helper_rb.html index 32ad0d46..32b59fe7 100644 --- a/doc/lib/common_helper_rb.html +++ b/doc/lib/common_helper_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 16:08:50 +0200
+- 2012-10-23 18:38:13 +0200
- Requires
diff --git a/doc/lib/environment_rb.html b/doc/lib/environment_rb.html index 892e4067..7595805f 100644 --- a/doc/lib/environment_rb.html +++ b/doc/lib/environment_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 09:22:22 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/updater/git_updater_rb.html b/doc/lib/updater/git_updater_rb.html index 3f2ef9da..cb8a3959 100644 --- a/doc/lib/updater/git_updater_rb.html +++ b/doc/lib/updater/git_updater_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-15 08:00:23 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/updater/svn_updater_rb.html b/doc/lib/updater/svn_updater_rb.html index c9e63ab0..5d7ab41f 100644 --- a/doc/lib/updater/svn_updater_rb.html +++ b/doc/lib/updater/svn_updater_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 15:04:12 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/updater/updater_factory_rb.html b/doc/lib/updater/updater_factory_rb.html index c21c33e8..8e9e78ff 100644 --- a/doc/lib/updater/updater_factory_rb.html +++ b/doc/lib/updater/updater_factory_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-15 08:00:46 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/updater/updater_rb.html b/doc/lib/updater/updater_rb.html index 5554be29..d7db529d 100644 --- a/doc/lib/updater/updater_rb.html +++ b/doc/lib/updater/updater_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-15 08:00:40 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/exploit_rb.html b/doc/lib/wpscan/exploit_rb.html index 53277be9..888efe73 100644 --- a/doc/lib/wpscan/exploit_rb.html +++ b/doc/lib/wpscan/exploit_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-21 23:23:55 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/modules/brute_force_rb.html b/doc/lib/wpscan/modules/brute_force_rb.html index 1c80c1ad..cf7c2420 100644 --- a/doc/lib/wpscan/modules/brute_force_rb.html +++ b/doc/lib/wpscan/modules/brute_force_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 00:10:17 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/modules/malwares_rb.html b/doc/lib/wpscan/modules/malwares_rb.html index 89020e29..9a67c28d 100644 --- a/doc/lib/wpscan/modules/malwares_rb.html +++ b/doc/lib/wpscan/modules/malwares_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 15:01:32 +0200
+- 2012-10-23 16:21:49 +0200
- Requires
diff --git a/doc/lib/wpscan/modules/web_site_rb.html b/doc/lib/wpscan/modules/web_site_rb.html index de62cc93..28b02c87 100644 --- a/doc/lib/wpscan/modules/web_site_rb.html +++ b/doc/lib/wpscan/modules/web_site_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 16:18:55 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/modules/wp_config_backup_rb.html b/doc/lib/wpscan/modules/wp_config_backup_rb.html index e6baa6c2..d5d00fec 100644 --- a/doc/lib/wpscan/modules/wp_config_backup_rb.html +++ b/doc/lib/wpscan/modules/wp_config_backup_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 15:01:32 +0200
+- 2012-10-23 16:18:23 +0200
- Requires
diff --git a/doc/lib/wpscan/modules/wp_full_path_disclosure_rb.html b/doc/lib/wpscan/modules/wp_full_path_disclosure_rb.html index f34afed0..4cb1b50b 100644 --- a/doc/lib/wpscan/modules/wp_full_path_disclosure_rb.html +++ b/doc/lib/wpscan/modules/wp_full_path_disclosure_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-15 08:01:17 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/modules/wp_login_protection_rb.html b/doc/lib/wpscan/modules/wp_login_protection_rb.html new file mode 100644 index 00000000..3161f5b7 --- /dev/null +++ b/doc/lib/wpscan/modules/wp_login_protection_rb.html @@ -0,0 +1,52 @@ + + + + + + + +File: wp_login_protection.rb [RDoc Documentation] + + + + + + + + + + +++ ++
+- Last Modified
+- 2012-10-23 12:20:01 +0200
+ + +- Requires
+- +
+ + + ++ +
++ ++ + + diff --git a/doc/lib/wpscan/modules/wp_plugins_rb.html b/doc/lib/wpscan/modules/wp_plugins_rb.html index a957f7e9..a5d45c3e 100644 --- a/doc/lib/wpscan/modules/wp_plugins_rb.html +++ b/doc/lib/wpscan/modules/wp_plugins_rb.html @@ -24,7 +24,7 @@++ +Description
+ +
- Last Modified
-- 2012-09-23 20:20:17 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/modules/wp_readme_rb.html b/doc/lib/wpscan/modules/wp_readme_rb.html index 547b53ee..0be85640 100644 --- a/doc/lib/wpscan/modules/wp_readme_rb.html +++ b/doc/lib/wpscan/modules/wp_readme_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-15 08:01:52 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/modules/wp_themes_rb.html b/doc/lib/wpscan/modules/wp_themes_rb.html new file mode 100644 index 00000000..bf09e6aa --- /dev/null +++ b/doc/lib/wpscan/modules/wp_themes_rb.html @@ -0,0 +1,52 @@ + + + + + + + +File: wp_themes.rb [RDoc Documentation] + + + + + + + + + + +++ ++
+- Last Modified
+- 2012-10-23 12:20:01 +0200
+ + +- Requires
+- +
+ + + ++ +
++ ++ + + diff --git a/doc/lib/wpscan/modules/wp_timthumbs_rb.html b/doc/lib/wpscan/modules/wp_timthumbs_rb.html index 4789dce4..ae9378b0 100644 --- a/doc/lib/wpscan/modules/wp_timthumbs_rb.html +++ b/doc/lib/wpscan/modules/wp_timthumbs_rb.html @@ -24,7 +24,7 @@++ +Description
+ +
- Last Modified
-- 2012-09-23 19:40:38 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/modules/wp_usernames_rb.html b/doc/lib/wpscan/modules/wp_usernames_rb.html index c392b132..a3fc63e6 100644 --- a/doc/lib/wpscan/modules/wp_usernames_rb.html +++ b/doc/lib/wpscan/modules/wp_usernames_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 15:01:32 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/msfrpc_client_rb.html b/doc/lib/wpscan/msfrpc_client_rb.html index 80593e0b..2cf220dc 100644 --- a/doc/lib/wpscan/msfrpc_client_rb.html +++ b/doc/lib/wpscan/msfrpc_client_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-21 23:32:27 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/vulnerable_rb.html b/doc/lib/wpscan/vulnerable_rb.html index 7c603908..83d0c7b3 100644 --- a/doc/lib/wpscan/vulnerable_rb.html +++ b/doc/lib/wpscan/vulnerable_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 21:23:01 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_detector_rb.html b/doc/lib/wpscan/wp_detector_rb.html index bdc256ac..12efba67 100644 --- a/doc/lib/wpscan/wp_detector_rb.html +++ b/doc/lib/wpscan/wp_detector_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-23 19:40:56 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_enumerator_rb.html b/doc/lib/wpscan/wp_enumerator_rb.html index f64c7577..2feb7d5d 100644 --- a/doc/lib/wpscan/wp_enumerator_rb.html +++ b/doc/lib/wpscan/wp_enumerator_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-23 22:46:23 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_item_rb.html b/doc/lib/wpscan/wp_item_rb.html new file mode 100644 index 00000000..ac08b5f5 --- /dev/null +++ b/doc/lib/wpscan/wp_item_rb.html @@ -0,0 +1,52 @@ + + + + + + + +File: wp_item.rb [RDoc Documentation] + + + + + + + + + + +++ ++
+- Last Modified
+- 2012-10-23 12:20:01 +0200
+ + +- Requires
+- +
+ + + ++ +
++ ++ + + diff --git a/doc/lib/wpscan/wp_options_rb.html b/doc/lib/wpscan/wp_options_rb.html index 2cae4d51..67824a0d 100644 --- a/doc/lib/wpscan/wp_options_rb.html +++ b/doc/lib/wpscan/wp_options_rb.html @@ -24,7 +24,7 @@++ +Description
+ +
- Last Modified
-- 2012-09-23 19:35:16 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_plugin_rb.html b/doc/lib/wpscan/wp_plugin_rb.html index 2ae3a21a..3c23e15f 100644 --- a/doc/lib/wpscan/wp_plugin_rb.html +++ b/doc/lib/wpscan/wp_plugin_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-23 19:59:17 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_target_rb.html b/doc/lib/wpscan/wp_target_rb.html index 366fa012..fa16d844 100644 --- a/doc/lib/wpscan/wp_target_rb.html +++ b/doc/lib/wpscan/wp_target_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-24 22:32:05 +0200
+- 2012-10-23 16:19:38 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_theme_rb.html b/doc/lib/wpscan/wp_theme_rb.html index 105bcd25..34abf8e9 100644 --- a/doc/lib/wpscan/wp_theme_rb.html +++ b/doc/lib/wpscan/wp_theme_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-23 19:56:18 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_user_rb.html b/doc/lib/wpscan/wp_user_rb.html new file mode 100644 index 00000000..d95b2089 --- /dev/null +++ b/doc/lib/wpscan/wp_user_rb.html @@ -0,0 +1,52 @@ + + + + + + + +File: wp_user.rb [RDoc Documentation] + + + + + + + + + + +++ ++
+- Last Modified
+- 2012-10-23 12:20:01 +0200
+ + +- Requires
+- +
+ + + ++ +
++ ++ + + diff --git a/doc/lib/wpscan/wp_version_rb.html b/doc/lib/wpscan/wp_version_rb.html index e0853401..45b08b9c 100644 --- a/doc/lib/wpscan/wp_version_rb.html +++ b/doc/lib/wpscan/wp_version_rb.html @@ -24,7 +24,7 @@++ +Description
+ +
- Last Modified
-- 2012-09-24 18:06:00 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/wp_vulnerability_rb.html b/doc/lib/wpscan/wp_vulnerability_rb.html index 9445d06b..96024e73 100644 --- a/doc/lib/wpscan/wp_vulnerability_rb.html +++ b/doc/lib/wpscan/wp_vulnerability_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 16:11:58 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/wpscan_helper_rb.html b/doc/lib/wpscan/wpscan_helper_rb.html index f501b731..3129dd86 100644 --- a/doc/lib/wpscan/wpscan_helper_rb.html +++ b/doc/lib/wpscan/wpscan_helper_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-23 23:14:35 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpscan/wpscan_options_rb.html b/doc/lib/wpscan/wpscan_options_rb.html index f62ab684..2488372b 100644 --- a/doc/lib/wpscan/wpscan_options_rb.html +++ b/doc/lib/wpscan/wpscan_options_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 15:01:32 +0200
+- 2012-10-23 15:45:42 +0200
- Requires
diff --git a/doc/lib/wpstools/generate_list_rb.html b/doc/lib/wpstools/generate_list_rb.html index 035ef828..8861b4d6 100644 --- a/doc/lib/wpstools/generate_list_rb.html +++ b/doc/lib/wpstools/generate_list_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 16:10:07 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpstools/parse_svn_rb.html b/doc/lib/wpstools/parse_svn_rb.html index 79aa1869..90522f43 100644 --- a/doc/lib/wpstools/parse_svn_rb.html +++ b/doc/lib/wpstools/parse_svn_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 16:10:30 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/lib/wpstools/wpstools_helper_rb.html b/doc/lib/wpstools/wpstools_helper_rb.html index 73ddd09c..bde27394 100644 --- a/doc/lib/wpstools/wpstools_helper_rb.html +++ b/doc/lib/wpstools/wpstools_helper_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 15:00:03 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/wpscan_rb.html b/doc/wpscan_rb.html index 7e78a657..7604844d 100644 --- a/doc/wpscan_rb.html +++ b/doc/wpscan_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-24 22:53:35 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/doc/wpstools_rb.html b/doc/wpstools_rb.html index 9a7054e5..3378a67f 100644 --- a/doc/wpstools_rb.html +++ b/doc/wpstools_rb.html @@ -24,7 +24,7 @@
- Last Modified
-- 2012-09-22 14:59:30 +0200
+- 2012-10-23 12:20:01 +0200
- Requires
diff --git a/lib/common_helper.rb b/lib/common_helper.rb index 61744862..d645ddb4 100644 --- a/lib/common_helper.rb +++ b/lib/common_helper.rb @@ -74,9 +74,11 @@ end # Since ruby 1.9.2, URI::escape is obsolete # See http://rosettacode.org/wiki/URL_encoding#Ruby and http://www.ruby-forum.com/topic/207489 -module URI - def self.escape(str) - URI.encode_www_form_component(str).gsub("+", "%20") +if RUBY_VERSION >= "1.9.2" + module URI + def self.escape(str) + URI.encode_www_form_component(str).gsub("+", "%20") + end end end diff --git a/spec/lib/wpscan/wpscan_options_spec.rb b/spec/lib/wpscan/wpscan_options_spec.rb index 86836d94..fb004108 100644 --- a/spec/lib/wpscan/wpscan_options_spec.rb +++ b/spec/lib/wpscan/wpscan_options_spec.rb @@ -25,7 +25,11 @@ describe "WpscanOptions" do end describe "#initialize" do - + it "should set all options to nil" do + WpscanOptions::ACCESSOR_OPTIONS.each do |option| + @wpscan_options.send(option).should === nil + end + end end describe "#url=" do
![[+]](./images/find.png "show/hide quicksearch"){kind=small}