diff --git a/lib/common/common_helper.rb b/lib/common/common_helper.rb index d90fc096..d096a3dd 100644 --- a/lib/common/common_helper.rb +++ b/lib/common/common_helper.rb @@ -109,6 +109,22 @@ def blue(text) colorize(text, 34) end +def critical(text) + red(text) +end + +def warning(text) + amber(text) +end + +def info(text) + green(text) +end + +def notice(text) + blue(text) +end + # our 1337 banner def banner puts '_______________________________________________________________' diff --git a/lib/common/models/vulnerability/output.rb b/lib/common/models/vulnerability/output.rb index cd223e6c..171c7d0b 100644 --- a/lib/common/models/vulnerability/output.rb +++ b/lib/common/models/vulnerability/output.rb @@ -6,7 +6,7 @@ class Vulnerability # output the vulnerability def output(verbose = false) puts - puts "#{red('[!]')} Title: #{title}" + puts "#{critical('[!]')} Title: #{title}" references.each do |key, urls| methodname = "url_#{key}" urls.each do |u| @@ -15,7 +15,7 @@ class Vulnerability end end if !fixed_in.nil? - puts "#{blue('[i]')} Fixed in: #{fixed_in}" + puts "#{notice('[i]')} Fixed in: #{fixed_in}" end end end diff --git a/lib/common/models/wp_item/output.rb b/lib/common/models/wp_item/output.rb index 6059a5b3..d8c66e26 100644 --- a/lib/common/models/wp_item/output.rb +++ b/lib/common/models/wp_item/output.rb @@ -6,19 +6,19 @@ class WpItem # @return [ Void ] def output(verbose = false) puts - puts "#{green('[+]')} Name: #{self}" #this will also output the version number if detected + puts "#{info('[+]')} Name: #{self}" #this will also output the version number if detected puts " | Location: #{url}" #puts " | WordPress: #{wordpress_url}" if wordpress_org_item? puts " | Readme: #{readme_url}" if has_readme? puts " | Changelog: #{changelog_url}" if has_changelog? - puts "#{red('[!]')} Directory listing is enabled: #{url}" if has_directory_listing? - puts "#{red('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log? + puts "#{warning('[!]')} Directory listing is enabled: #{url}" if has_directory_listing? + puts "#{warning('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log? additional_output(verbose) if respond_to?(:additional_output) if version.nil? && vulnerabilities.length > 0 puts - puts "#{amber('[+]')} We could not determine a version so all vulnerabilities are printed out" + puts "#{warning('[+]')} We could not determine a version so all vulnerabilities are printed out" end vulnerabilities.output diff --git a/lib/common/models/wp_timthumb/output.rb b/lib/common/models/wp_timthumb/output.rb index 1dd0d388..8a87c124 100644 --- a/lib/common/models/wp_timthumb/output.rb +++ b/lib/common/models/wp_timthumb/output.rb @@ -5,7 +5,7 @@ class WpTimthumb < WpItem def output(verbose = false) puts - puts "#{green('[+]')} #{self}" #this will also output the version number if detected + puts "#{info('[+]')} #{self}" #this will also output the version number if detected vulnerabilities.output end diff --git a/lib/common/models/wp_user/brute_forcable.rb b/lib/common/models/wp_user/brute_forcable.rb index 4faecd37..e53daab5 100644 --- a/lib/common/models/wp_user/brute_forcable.rb +++ b/lib/common/models/wp_user/brute_forcable.rb @@ -103,19 +103,19 @@ class WpUser < WpItem # @return [ Boolean ] def valid_password?(response, password, redirect_url, options = {}) if response.code == 302 && response.headers_hash && response.headers_hash['Location'] == redirect_url - progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n" + progression = "#{info('[SUCCESS]')} Login : #{login} Password : #{password}\n\n" valid = true elsif response.body =~ /login_error/i verbose = "\n Incorrect login and/or password." elsif response.timed_out? - progression = "#{red('ERROR:')} Request timed out." + progression = "#{critical('ERROR:')} Request timed out." elsif response.code == 0 - progression = "#{red('ERROR:')} No response from remote server. WAF/IPS?" + progression = "#{critical('ERROR:')} No response from remote server. WAF/IPS?" elsif response.code.to_s =~ /^50/ - progression = "#{red('ERROR:')} Server error, try reducing the number of threads." + progression = "#{critical('ERROR:')} Server error, try reducing the number of threads." else - progression = "#{red('ERROR:')} We received an unknown response for #{password}..." - verbose = red(" Code: #{response.code}\n Body: #{response.body}\n") + progression = "#{critical('ERROR:')} We received an unknown response for #{password}..." + verbose = critical(" Code: #{response.code}\n Body: #{response.body}\n") end puts "\n " + progression if progression && options[:show_progression] diff --git a/lib/common/models/wp_version/output.rb b/lib/common/models/wp_version/output.rb index 5fa7f0d3..fe9feb6c 100644 --- a/lib/common/models/wp_version/output.rb +++ b/lib/common/models/wp_version/output.rb @@ -5,12 +5,12 @@ class WpVersion < WpItem def output(verbose = false) puts - puts "#{green('[+]')} WordPress version #{self.number} identified from #{self.found_from}" + puts "#{info('[+]')} WordPress version #{self.number} identified from #{self.found_from}" vulnerabilities = self.vulnerabilities unless vulnerabilities.empty? - puts "#{red('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number" + puts "#{critical('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number" vulnerabilities.output end diff --git a/stop_user_enumeration_bypass.rb b/stop_user_enumeration_bypass.rb index b55953ca..390dbeb2 100755 --- a/stop_user_enumeration_bypass.rb +++ b/stop_user_enumeration_bypass.rb @@ -37,7 +37,7 @@ end begin parser.parse! - fail "#{red('The target URL must be supplied')}\n\n#{parser}" unless ARGV[0] + fail "#{critical('The target URL must be supplied')}\n\n#{parser}" unless ARGV[0] uri = URI.parse(add_trailing_slash(add_http_protocol(ARGV[0]))).to_s @@ -68,8 +68,8 @@ rescue => e puts e.message if @opts[:verbose] - puts red('Trace:') - puts red(e.backtrace.join("\n")) + puts critical('Trace:') + puts critical(e.backtrace.join("\n")) end exit(1) end diff --git a/wpscan.rb b/wpscan.rb index c100dd0b..3e1b3822 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -44,9 +44,9 @@ def main ) if wpscan_options.update || missing_db_file? - puts "#{blue('[i]')} Updating the Database ..." + puts "#{notice('[i]')} Updating the Database ..." DbUpdater.new(DATA_DIR).update(wpscan_options.verbose) - puts "#{blue('[i]')} Update completed." + puts "#{notice('[i]')} Update completed." # Exit program if only option --update is used exit(0) unless wpscan_options.url end @@ -75,7 +75,7 @@ def main if wpscan_options.follow_redirection puts "Following redirection #{redirection}" else - puts "#{blue('[i]')} The remote host tried to redirect to: #{redirection}" + puts "#{notice('[i]')} The remote host tried to redirect to: #{redirection}" print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]' end if wpscan_options.follow_redirection || !wpscan_options.batch @@ -98,7 +98,7 @@ def main # Remote website is wordpress? unless wpscan_options.force unless wp_target.wordpress? - raise "#{red('[!]')} The remote website is up, but does not seem to be running WordPress." + raise "#{critical('[!]')} The remote website is up, but does not seem to be running WordPress." end end @@ -118,44 +118,44 @@ def main # Output runtime data start_time = Time.now start_memory = get_memory_usage - puts "#{green('[+]')} URL: #{wp_target.url}" - puts "#{green('[+]')} Started: #{start_time.asctime}" + puts "#{info('[+]')} URL: #{wp_target.url}" + puts "#{info('[+]')} Started: #{start_time.asctime}" puts if wp_target.wordpress_hosted? - puts "#{red('[!]')} We do not support scanning *.wordpress.com hosted blogs" + puts "#{critical('[!]')} We do not support scanning *.wordpress.com hosted blogs" end if wp_target.has_robots? - puts "#{green('[+]')} robots.txt available under: '#{wp_target.robots_url}'" + puts "#{info('[+]')} robots.txt available under: '#{wp_target.robots_url}'" wp_target.parse_robots_txt.each do |dir| - puts "#{green('[+]')} Interesting entry from robots.txt: #{dir}" + puts "#{info('[+]')} Interesting entry from robots.txt: #{dir}" end end if wp_target.has_readme? - puts "#{red('[!]')} The WordPress '#{wp_target.readme_url}' file exists" + puts "#{warning('[!]')} The WordPress '#{wp_target.readme_url}' file exists" end if wp_target.has_full_path_disclosure? - puts "#{red('[!]')} Full Path Disclosure (FPD) in: '#{wp_target.full_path_disclosure_url}'" + puts "#{warning('[!]')} Full Path Disclosure (FPD) in: '#{wp_target.full_path_disclosure_url}'" end if wp_target.has_debug_log? - puts "#{red('[!]')} Debug log file found: #{wp_target.debug_log_url}" + puts "#{critical('[!]')} Debug log file found: #{wp_target.debug_log_url}" end wp_target.config_backup.each do |file_url| - puts "#{red('[!]')} A wp-config.php backup file has been found in: '#{file_url}'" + puts "#{critical('[!]')} A wp-config.php backup file has been found in: '#{file_url}'" end if wp_target.search_replace_db_2_exists? - puts "#{red('[!]')} searchreplacedb2.php has been found in: '#{wp_target.search_replace_db_2_url}'" + puts "#{critical('[!]')} searchreplacedb2.php has been found in: '#{wp_target.search_replace_db_2_url}'" end wp_target.interesting_headers.each do |header| - output = "#{green('[+]')} Interesting header: " + output = "#{info('[+]')} Interesting header: " if header[1].class == Array header[1].each do |value| @@ -167,32 +167,32 @@ def main end if wp_target.multisite? - puts "#{green('[+]')} This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)" + puts "#{info('[+]')} This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)" end if wp_target.has_must_use_plugins? - puts "#{green('[+]')} This site has must use plugins (http://codex.wordpress.org/Must_Use_Plugins)" + puts "#{info('[+]')} This site has must use plugins (http://codex.wordpress.org/Must_Use_Plugins)" end if wp_target.registration_enabled? - puts "#{amber('[+]')} Registration is enabled: #{wp_target.registration_url}" + puts "#{warning('[+]')} Registration is enabled: #{wp_target.registration_url}" end if wp_target.has_xml_rpc? - puts "#{green('[+]')} XML-RPC Interface available under: #{wp_target.xml_rpc_url}" + puts "#{info('[+]')} XML-RPC Interface available under: #{wp_target.xml_rpc_url}" end if wp_target.upload_directory_listing_enabled? - puts "#{red('[!]')} Upload directory has directory listing enabled: #{wp_target.upload_dir_url}" + puts "#{warning('[!]')} Upload directory has directory listing enabled: #{wp_target.upload_dir_url}" end if wp_target.has_malwares? malwares = wp_target.malwares - puts "#{red('[!]')} #{malwares.size} malware(s) found:" + puts "#{critical('[!]')} #{malwares.size} malware(s) found:" malwares.each do |malware_url| puts - puts ' | ' + red("#{malware_url}") + puts ' | ' + critical("#{malware_url}") end puts end @@ -206,20 +206,20 @@ def main wp_version.output(wpscan_options.verbose) else puts - puts "#{blue('[i]')} WordPress version can not be detected" + puts "#{notice('[i]')} WordPress version can not be detected" end if wp_theme = wp_target.theme puts # Theme version is handled in #to_s - puts "#{green('[+]')} WordPress theme in use: #{wp_theme}" + puts "#{info('[+]')} WordPress theme in use: #{wp_theme}" wp_theme.output(wpscan_options.verbose) # Check for parent Themes while wp_theme.is_child_theme? parent = wp_theme.get_parent_theme puts - puts "#{green('[+]')} Detected parent theme: #{parent}" + puts "#{info('[+]')} Detected parent theme: #{parent}" parent.output(wpscan_options.verbose) wp_theme = parent end @@ -228,7 +228,7 @@ def main if wpscan_options.enumerate_plugins == nil and wpscan_options.enumerate_only_vulnerable_plugins == nil puts - puts "#{green('[+]')} Enumerating plugins from passive detection ..." + puts "#{info('[+]')} Enumerating plugins from passive detection ..." wp_plugins = WpPlugins.passive_detection(wp_target) if !wp_plugins.empty? @@ -236,14 +236,14 @@ def main wp_plugins.output(wpscan_options.verbose) else - puts "#{green('[+]')} No plugins found" + puts "#{info('[+]')} No plugins found" end end # Enumerate the installed plugins if wpscan_options.enumerate_plugins or wpscan_options.enumerate_only_vulnerable_plugins or wpscan_options.enumerate_all_plugins puts - puts "#{green('[+]')} Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..." + puts "#{info('[+]')} Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..." puts wp_plugins = WpPlugins.aggressive_detection(wp_target, @@ -254,18 +254,18 @@ def main ) puts if !wp_plugins.empty? - puts "#{green('[+]')} We found #{wp_plugins.size} plugins:" + puts "#{info('[+]')} We found #{wp_plugins.size} plugins:" wp_plugins.output(wpscan_options.verbose) else - puts "#{green('[+]')} No plugins found" + puts "#{info('[+]')} No plugins found" end end # Enumerate installed themes if wpscan_options.enumerate_themes or wpscan_options.enumerate_only_vulnerable_themes or wpscan_options.enumerate_all_themes puts - puts "#{green('[+]')} Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..." + puts "#{info('[+]')} Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..." puts wp_themes = WpThemes.aggressive_detection(wp_target, @@ -276,17 +276,17 @@ def main ) puts if !wp_themes.empty? - puts "#{green('[+]')} We found #{wp_themes.size} themes:" + puts "#{info('[+]')} We found #{wp_themes.size} themes:" wp_themes.output(wpscan_options.verbose) else - puts "#{green('[+]')} No themes found" + puts "#{info('[+]')} No themes found" end end if wpscan_options.enumerate_timthumbs puts - puts "#{green('[+]')} Enumerating timthumb files ..." + puts "#{info('[+]')} Enumerating timthumb files ..." puts wp_timthumbs = WpTimthumbs.aggressive_detection(wp_target, @@ -297,21 +297,21 @@ def main ) puts if !wp_timthumbs.empty? - puts "#{green('[+]')} We found #{wp_timthumbs.size} timthumb file/s:" + puts "#{info('[+]')} We found #{wp_timthumbs.size} timthumb file/s:" wp_timthumbs.output(wpscan_options.verbose) else - puts "#{green('[+]')} No timthumb files found" + puts "#{info('[+]')} No timthumb files found" end end # If we haven't been supplied a username, enumerate them... if !wpscan_options.username and wpscan_options.wordlist or wpscan_options.enumerate_usernames puts - puts "#{green('[+]')} Enumerating usernames ..." + puts "#{info('[+]')} Enumerating usernames ..." if wp_target.has_plugin?('stop-user-enumeration') - puts "#{red('[!]')} Stop User Enumeration plugin detected, results might be empty. " \ + puts "#{warning('[!]')} Stop User Enumeration plugin detected, results might be empty. " \ "However a bypass exists, see stop_user_enumeration_bypass.rb in #{File.expand_path(File.dirname(__FILE__))}" end @@ -323,7 +323,7 @@ def main ) if wp_users.empty? - puts "#{green('[+]')} We did not enumerate any usernames" + puts "#{info('[+]')} We did not enumerate any usernames" if wpscan_options.wordlist puts 'Try supplying your own username with the --username option' @@ -331,7 +331,7 @@ def main exit(1) end else - puts "#{green('[+]')} Identified the following #{wp_users.size} user/s:" + puts "#{info('[+]')} Identified the following #{wp_users.size} user/s:" wp_users.output(margin_left: ' ' * 4) end @@ -348,14 +348,14 @@ def main protection_plugin = wp_target.login_protection_plugin() puts - puts "#{red('[!]')} The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!" + puts "#{warning('[!]')} The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!" puts '[?] Do you want to start the brute force anyway ? [Y]es [N]o, default: [N]' bruteforce = false if wpscan_options.batch || Readline.readline !~ /^y/i end if bruteforce - puts "#{green('[+]')} Starting the password brute forcer" + puts "#{info('[+]')} Starting the password brute forcer" begin wp_users.brute_force( @@ -368,7 +368,7 @@ def main wp_users.output(show_password: true, margin_left: ' ' * 2) end else - puts "#{red('[!]')} Brute forcing aborted" + puts "#{critical('[!]')} Brute forcing aborted" end end @@ -377,20 +377,20 @@ def main used_memory = get_memory_usage - start_memory puts - puts green("[+] Finished: #{stop_time.asctime}") - puts green("[+] Memory used: #{used_memory.bytes_to_human}") - puts green("[+] Elapsed time: #{Time.at(elapsed).utc.strftime('%H:%M:%S')}") + puts info("[+] Finished: #{stop_time.asctime}") + puts info("[+] Memory used: #{used_memory.bytes_to_human}") + puts info("[+] Elapsed time: #{Time.at(elapsed).utc.strftime('%H:%M:%S')}") exit(0) # must exit! rescue SystemExit, Interrupt rescue => e puts - puts red(e.message) + puts critical(e.message) if wpscan_options && wpscan_options.verbose - puts red('Trace:') - puts red(e.backtrace.join("\n")) + puts critical('Trace:') + puts critical(e.backtrace.join("\n")) end exit(1) ensure