changed some colors

lib/common/common_helper.rb

@@ -109,6 +109,22 @@ def blue(text)
   colorize(text, 34)
 end
 
+def critical(text)
+  red(text)
+end
+
+def warning(text)
+  amber(text)
+end
+
+def info(text)
+  green(text)
+end
+
+def notice(text)
+  blue(text)
+end
+
 # our 1337 banner
 def banner
   puts '_______________________________________________________________'

lib/common/models/vulnerability/output.rb

@@ -6,7 +6,7 @@ class Vulnerability
     # output the vulnerability
     def output(verbose = false)
       puts
-      puts "#{red('[!]')} Title: #{title}"
+      puts "#{critical('[!]')} Title: #{title}"
       references.each do |key, urls|
         methodname = "url_#{key}"
         urls.each do |u|
@@ -15,7 +15,7 @@ class Vulnerability
         end
       end
       if !fixed_in.nil?
-         puts "#{blue('[i]')} Fixed in: #{fixed_in}"
+         puts "#{notice('[i]')} Fixed in: #{fixed_in}"
       end
     end
   end

lib/common/models/wp_item/output.rb

@@ -6,19 +6,19 @@ class WpItem
     # @return [ Void ]
     def output(verbose = false)
       puts
-      puts "#{green('[+]')} Name: #{self}" #this will also output the version number if detected
+      puts "#{info('[+]')} Name: #{self}" #this will also output the version number if detected
       puts " |  Location: #{url}"
       #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
       puts " |  Readme: #{readme_url}" if has_readme?
       puts " |  Changelog: #{changelog_url}" if has_changelog?
-      puts "#{red('[!]')} Directory listing is enabled: #{url}" if has_directory_listing?
+      puts "#{warning('[!]')} Directory listing is enabled: #{url}" if has_directory_listing?
-      puts "#{red('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log?
+      puts "#{warning('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log?
 
       additional_output(verbose) if respond_to?(:additional_output)
 
       if version.nil? && vulnerabilities.length > 0
         puts
-        puts "#{amber('[+]')} We could not determine a version so all vulnerabilities are printed out"
+        puts "#{warning('[+]')} We could not determine a version so all vulnerabilities are printed out"
       end
 
       vulnerabilities.output

lib/common/models/wp_timthumb/output.rb

@@ -5,7 +5,7 @@ class WpTimthumb < WpItem
 
     def output(verbose = false)
       puts
-      puts "#{green('[+]')} #{self}" #this will also output the version number if detected
+      puts "#{info('[+]')} #{self}" #this will also output the version number if detected
 
       vulnerabilities.output
     end

lib/common/models/wp_user/brute_forcable.rb

@@ -103,19 +103,19 @@ class WpUser < WpItem
     # @return [ Boolean ]
     def valid_password?(response, password, redirect_url, options = {})
       if response.code == 302 && response.headers_hash && response.headers_hash['Location'] == redirect_url
-        progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
+        progression = "#{info('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
         valid       = true
       elsif response.body =~ /login_error/i
         verbose = "\n  Incorrect login and/or password."
       elsif response.timed_out?
-        progression = "#{red('ERROR:')} Request timed out."
+        progression = "#{critical('ERROR:')} Request timed out."
       elsif response.code == 0
-        progression = "#{red('ERROR:')} No response from remote server. WAF/IPS?"
+        progression = "#{critical('ERROR:')} No response from remote server. WAF/IPS?"
       elsif response.code.to_s =~ /^50/
-        progression = "#{red('ERROR:')} Server error, try reducing the number of threads."
+        progression = "#{critical('ERROR:')} Server error, try reducing the number of threads."
       else
-        progression = "#{red('ERROR:')} We received an unknown response for #{password}..."
+        progression = "#{critical('ERROR:')} We received an unknown response for #{password}..."
-        verbose     = red("    Code: #{response.code}\n    Body: #{response.body}\n")
+        verbose     = critical("    Code: #{response.code}\n    Body: #{response.body}\n")
       end
 
       puts "\n  " + progression if progression && options[:show_progression]

lib/common/models/wp_version/output.rb

@@ -5,12 +5,12 @@ class WpVersion < WpItem
 
     def output(verbose = false)
       puts
-      puts "#{green('[+]')} WordPress version #{self.number} identified from #{self.found_from}"
+      puts "#{info('[+]')} WordPress version #{self.number} identified from #{self.found_from}"
 
       vulnerabilities = self.vulnerabilities
 
       unless vulnerabilities.empty?
-        puts "#{red('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number"
+        puts "#{critical('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number"
 
         vulnerabilities.output
       end

stop_user_enumeration_bypass.rb

@@ -37,7 +37,7 @@ end
 begin
   parser.parse!
 
-  fail "#{red('The target URL must be supplied')}\n\n#{parser}" unless ARGV[0]
+  fail "#{critical('The target URL must be supplied')}\n\n#{parser}" unless ARGV[0]
 
   uri = URI.parse(add_trailing_slash(add_http_protocol(ARGV[0]))).to_s
 
@@ -68,8 +68,8 @@ rescue => e
   puts e.message
 
   if @opts[:verbose]
-    puts red('Trace:')
+    puts critical('Trace:')
-    puts red(e.backtrace.join("\n"))
+    puts critical(e.backtrace.join("\n"))
   end
   exit(1)
 end

wpscan.rb

@@ -44,9 +44,9 @@ def main
     )
 
     if wpscan_options.update || missing_db_file?
-      puts "#{blue('[i]')} Updating the Database ..."
+      puts "#{notice('[i]')} Updating the Database ..."
       DbUpdater.new(DATA_DIR).update(wpscan_options.verbose)
-      puts "#{blue('[i]')} Update completed."
+      puts "#{notice('[i]')} Update completed."
       # Exit program if only option --update is used
       exit(0) unless wpscan_options.url
     end
@@ -75,7 +75,7 @@ def main
       if wpscan_options.follow_redirection
         puts "Following redirection #{redirection}"
       else
-        puts "#{blue('[i]')} The remote host tried to redirect to: #{redirection}"
+        puts "#{notice('[i]')} The remote host tried to redirect to: #{redirection}"
         print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
       end
       if wpscan_options.follow_redirection || !wpscan_options.batch
@@ -98,7 +98,7 @@ def main
     # Remote website is wordpress?
     unless wpscan_options.force
       unless wp_target.wordpress?
-        raise "#{red('[!]')} The remote website is up, but does not seem to be running WordPress."
+        raise "#{critical('[!]')} The remote website is up, but does not seem to be running WordPress."
       end
     end
 
@@ -118,44 +118,44 @@ def main
     # Output runtime data
     start_time   = Time.now
     start_memory = get_memory_usage
-    puts "#{green('[+]')} URL: #{wp_target.url}"
+    puts "#{info('[+]')} URL: #{wp_target.url}"
-    puts "#{green('[+]')} Started: #{start_time.asctime}"
+    puts "#{info('[+]')} Started: #{start_time.asctime}"
     puts
 
     if wp_target.wordpress_hosted?
-      puts "#{red('[!]')} We do not support scanning *.wordpress.com hosted blogs"
+      puts "#{critical('[!]')} We do not support scanning *.wordpress.com hosted blogs"
     end
 
     if wp_target.has_robots?
-      puts "#{green('[+]')} robots.txt available under: '#{wp_target.robots_url}'"
+      puts "#{info('[+]')} robots.txt available under: '#{wp_target.robots_url}'"
 
       wp_target.parse_robots_txt.each do |dir|
-        puts "#{green('[+]')} Interesting entry from robots.txt: #{dir}"
+        puts "#{info('[+]')} Interesting entry from robots.txt: #{dir}"
       end
     end
 
     if wp_target.has_readme?
-      puts "#{red('[!]')} The WordPress '#{wp_target.readme_url}' file exists"
+      puts "#{warning('[!]')} The WordPress '#{wp_target.readme_url}' file exists"
     end
 
     if wp_target.has_full_path_disclosure?
-      puts "#{red('[!]')} Full Path Disclosure (FPD) in: '#{wp_target.full_path_disclosure_url}'"
+      puts "#{warning('[!]')} Full Path Disclosure (FPD) in: '#{wp_target.full_path_disclosure_url}'"
     end
 
     if wp_target.has_debug_log?
-      puts "#{red('[!]')} Debug log file found: #{wp_target.debug_log_url}"
+      puts "#{critical('[!]')} Debug log file found: #{wp_target.debug_log_url}"
     end
 
     wp_target.config_backup.each do |file_url|
-      puts "#{red('[!]')} A wp-config.php backup file has been found in: '#{file_url}'"
+      puts "#{critical('[!]')} A wp-config.php backup file has been found in: '#{file_url}'"
     end
 
     if wp_target.search_replace_db_2_exists?
-      puts "#{red('[!]')} searchreplacedb2.php has been found in: '#{wp_target.search_replace_db_2_url}'"
+      puts "#{critical('[!]')} searchreplacedb2.php has been found in: '#{wp_target.search_replace_db_2_url}'"
     end
 
     wp_target.interesting_headers.each do |header|
-      output = "#{green('[+]')} Interesting header: "
+      output = "#{info('[+]')} Interesting header: "
 
       if header[1].class == Array
         header[1].each do |value|
@@ -167,32 +167,32 @@ def main
     end
 
     if wp_target.multisite?
-      puts "#{green('[+]')} This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)"
+      puts "#{info('[+]')} This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)"
     end
 
     if wp_target.has_must_use_plugins?
-      puts "#{green('[+]')} This site has must use plugins (http://codex.wordpress.org/Must_Use_Plugins)"
+      puts "#{info('[+]')} This site has must use plugins (http://codex.wordpress.org/Must_Use_Plugins)"
     end
 
     if wp_target.registration_enabled?
-      puts "#{amber('[+]')} Registration is enabled: #{wp_target.registration_url}"
+      puts "#{warning('[+]')} Registration is enabled: #{wp_target.registration_url}"
     end
 
     if wp_target.has_xml_rpc?
-      puts "#{green('[+]')} XML-RPC Interface available under: #{wp_target.xml_rpc_url}"
+      puts "#{info('[+]')} XML-RPC Interface available under: #{wp_target.xml_rpc_url}"
     end
 
     if wp_target.upload_directory_listing_enabled?
-      puts "#{red('[!]')} Upload directory has directory listing enabled: #{wp_target.upload_dir_url}"
+      puts "#{warning('[!]')} Upload directory has directory listing enabled: #{wp_target.upload_dir_url}"
     end
 
     if wp_target.has_malwares?
       malwares = wp_target.malwares
-      puts "#{red('[!]')} #{malwares.size} malware(s) found:"
+      puts "#{critical('[!]')} #{malwares.size} malware(s) found:"
 
       malwares.each do |malware_url|
         puts
-        puts ' | ' + red("#{malware_url}")
+        puts ' | ' + critical("#{malware_url}")
       end
       puts
     end
@@ -206,20 +206,20 @@ def main
       wp_version.output(wpscan_options.verbose)
     else
       puts
-      puts "#{blue('[i]')} WordPress version can not be detected"
+      puts "#{notice('[i]')} WordPress version can not be detected"
     end
 
     if wp_theme = wp_target.theme
       puts
       # Theme version is handled in #to_s
-      puts "#{green('[+]')} WordPress theme in use: #{wp_theme}"
+      puts "#{info('[+]')} WordPress theme in use: #{wp_theme}"
       wp_theme.output(wpscan_options.verbose)
 
       # Check for parent Themes
       while wp_theme.is_child_theme?
         parent = wp_theme.get_parent_theme
         puts
-        puts "#{green('[+]')} Detected parent theme: #{parent}"
+        puts "#{info('[+]')} Detected parent theme: #{parent}"
         parent.output(wpscan_options.verbose)
         wp_theme = parent
       end
@@ -228,7 +228,7 @@ def main
 
     if wpscan_options.enumerate_plugins == nil and wpscan_options.enumerate_only_vulnerable_plugins == nil
       puts
-      puts "#{green('[+]')} Enumerating plugins from passive detection ..."
+      puts "#{info('[+]')} Enumerating plugins from passive detection ..."
 
       wp_plugins = WpPlugins.passive_detection(wp_target)
       if !wp_plugins.empty?
@@ -236,14 +236,14 @@ def main
 
         wp_plugins.output(wpscan_options.verbose)
       else
-        puts "#{green('[+]')} No plugins found"
+        puts "#{info('[+]')} No plugins found"
       end
     end
 
     # Enumerate the installed plugins
     if wpscan_options.enumerate_plugins or wpscan_options.enumerate_only_vulnerable_plugins or wpscan_options.enumerate_all_plugins
       puts
-      puts "#{green('[+]')} Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..."
+      puts "#{info('[+]')} Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..."
       puts
 
       wp_plugins = WpPlugins.aggressive_detection(wp_target,
@@ -254,18 +254,18 @@ def main
       )
       puts
       if !wp_plugins.empty?
-        puts "#{green('[+]')} We found #{wp_plugins.size} plugins:"
+        puts "#{info('[+]')} We found #{wp_plugins.size} plugins:"
 
         wp_plugins.output(wpscan_options.verbose)
       else
-        puts "#{green('[+]')} No plugins found"
+        puts "#{info('[+]')} No plugins found"
       end
     end
 
     # Enumerate installed themes
     if wpscan_options.enumerate_themes or wpscan_options.enumerate_only_vulnerable_themes or wpscan_options.enumerate_all_themes
       puts
-      puts "#{green('[+]')} Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..."
+      puts "#{info('[+]')} Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..."
       puts
 
       wp_themes = WpThemes.aggressive_detection(wp_target,
@@ -276,17 +276,17 @@ def main
       )
       puts
       if !wp_themes.empty?
-        puts "#{green('[+]')} We found #{wp_themes.size} themes:"
+        puts "#{info('[+]')} We found #{wp_themes.size} themes:"
 
         wp_themes.output(wpscan_options.verbose)
       else
-        puts "#{green('[+]')} No themes found"
+        puts "#{info('[+]')} No themes found"
       end
     end
 
     if wpscan_options.enumerate_timthumbs
       puts
-      puts "#{green('[+]')} Enumerating timthumb files ..."
+      puts "#{info('[+]')} Enumerating timthumb files ..."
       puts
 
       wp_timthumbs = WpTimthumbs.aggressive_detection(wp_target,
@@ -297,21 +297,21 @@ def main
       )
       puts
       if !wp_timthumbs.empty?
-        puts "#{green('[+]')} We found #{wp_timthumbs.size} timthumb file/s:"
+        puts "#{info('[+]')} We found #{wp_timthumbs.size} timthumb file/s:"
 
         wp_timthumbs.output(wpscan_options.verbose)
       else
-        puts "#{green('[+]')} No timthumb files found"
+        puts "#{info('[+]')} No timthumb files found"
       end
     end
 
     # If we haven't been supplied a username, enumerate them...
     if !wpscan_options.username and wpscan_options.wordlist or wpscan_options.enumerate_usernames
       puts
-      puts "#{green('[+]')} Enumerating usernames ..."
+      puts "#{info('[+]')} Enumerating usernames ..."
 
       if wp_target.has_plugin?('stop-user-enumeration')
-        puts "#{red('[!]')} Stop User Enumeration plugin detected, results might be empty. " \
+        puts "#{warning('[!]')} Stop User Enumeration plugin detected, results might be empty. " \
              "However a bypass exists, see stop_user_enumeration_bypass.rb in #{File.expand_path(File.dirname(__FILE__))}"
       end
 
@@ -323,7 +323,7 @@ def main
       )
 
       if wp_users.empty?
-        puts "#{green('[+]')} We did not enumerate any usernames"
+        puts "#{info('[+]')} We did not enumerate any usernames"
 
         if wpscan_options.wordlist
           puts 'Try supplying your own username with the --username option'
@@ -331,7 +331,7 @@ def main
           exit(1)
         end
       else
-        puts "#{green('[+]')} Identified the following #{wp_users.size} user/s:"
+        puts "#{info('[+]')} Identified the following #{wp_users.size} user/s:"
         wp_users.output(margin_left: ' ' * 4)
       end
 
@@ -348,14 +348,14 @@ def main
         protection_plugin = wp_target.login_protection_plugin()
 
         puts
-        puts "#{red('[!]')} The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!"
+        puts "#{warning('[!]')} The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!"
         puts '[?] Do you want to start the brute force anyway ? [Y]es [N]o, default: [N]'
 
         bruteforce = false if wpscan_options.batch || Readline.readline !~ /^y/i
       end
 
       if bruteforce
-        puts "#{green('[+]')} Starting the password brute forcer"
+        puts "#{info('[+]')} Starting the password brute forcer"
 
         begin
           wp_users.brute_force(
@@ -368,7 +368,7 @@ def main
           wp_users.output(show_password: true, margin_left: ' ' * 2)
         end
       else
-        puts "#{red('[!]')} Brute forcing aborted"
+        puts "#{critical('[!]')} Brute forcing aborted"
       end
     end
 
@@ -377,20 +377,20 @@ def main
     used_memory = get_memory_usage - start_memory
 
     puts
-    puts green("[+] Finished: #{stop_time.asctime}")
+    puts info("[+] Finished: #{stop_time.asctime}")
-    puts green("[+] Memory used: #{used_memory.bytes_to_human}")
+    puts info("[+] Memory used: #{used_memory.bytes_to_human}")
-    puts green("[+] Elapsed time: #{Time.at(elapsed).utc.strftime('%H:%M:%S')}")
+    puts info("[+] Elapsed time: #{Time.at(elapsed).utc.strftime('%H:%M:%S')}")
     exit(0) # must exit!
 
   rescue SystemExit, Interrupt
 
   rescue => e
     puts
-    puts red(e.message)
+    puts critical(e.message)
 
     if wpscan_options && wpscan_options.verbose
-      puts red('Trace:')
+      puts critical('Trace:')
-      puts red(e.backtrace.join("\n"))
+      puts critical(e.backtrace.join("\n"))
     end
     exit(1)
   ensure