From 8038e2e01a5d4f6085e3b6afad82fbeca0f085ef Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Tue, 15 Apr 2014 17:02:22 +0200
Subject: [PATCH] Ref #455 - Fails with a message if the target returns a 403
 during the wordpress check

---
 lib/wpscan/wp_target.rb           | 5 +++++
 spec/lib/wpscan/wp_target_spec.rb | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb
index 4a6b73f1..e64990b1 100644
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -39,6 +39,11 @@ class WpTarget < WebSite
 
     response = Browser.get_and_follow_location(@uri.to_s)
 
+    # Note: in the future major WPScan version, change the user-agent to see
+    # if the response is a 200 ?
+    fail "The target is responding with a 403, this might be due to a WAF or a plugin\n" \
+          'You should try to supply a valid user-agent via the --user-agent option' if response.code == 403
+
     if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
       wordpress = true
     else
diff --git a/spec/lib/wpscan/wp_target_spec.rb b/spec/lib/wpscan/wp_target_spec.rb
index 57d9db87..132c80bb 100644
--- a/spec/lib/wpscan/wp_target_spec.rb
+++ b/spec/lib/wpscan/wp_target_spec.rb
@@ -97,6 +97,14 @@ describe WpTarget do
         wp_target.should_not be_wordpress
       end
     end
+
+    context 'when the response is a 403' do
+      before { stub_request(:any, /.*/).to_return(status: 403) }
+
+      it 'raises an error' do
+        expect { wp_target.wordpress? }.to raise_error
+      end
+    end
   end
 
   describe '#wordpress_hosted?' do