From 85421f9b4b76e8773244e34bb0c9c55ee17fca92 Mon Sep 17 00:00:00 2001 From: erwanlr Date: Fri, 11 Apr 2014 16:45:44 +0200 Subject: [PATCH] Fix #454 --batch option added --- lib/wpscan/wpscan_helper.rb | 1 + lib/wpscan/wpscan_options.rb | 4 +++- wpscan.rb | 28 +++++++++++++++------------- 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/lib/wpscan/wpscan_helper.rb b/lib/wpscan/wpscan_helper.rb index 9eecb126..5da0350a 100644 --- a/lib/wpscan/wpscan_helper.rb +++ b/lib/wpscan/wpscan_helper.rb @@ -101,5 +101,6 @@ def help puts '--max-threads Maximum Threads' puts '--help | -h This help screen.' puts '--verbose | -v Verbose output.' + puts '--batch Never ask for user input, use the default behaviour.' puts end diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb index a7af28a3..4a58e350 100644 --- a/lib/wpscan/wpscan_options.rb +++ b/lib/wpscan/wpscan_options.rb @@ -3,6 +3,7 @@ class WpscanOptions ACCESSOR_OPTIONS = [ + :batch, :enumerate_plugins, :enumerate_only_vulnerable_plugins, :enumerate_all_plugins, @@ -255,7 +256,8 @@ class WpscanOptions ['--cache-ttl', GetoptLong::REQUIRED_ARGUMENT], ['--request-timeout', GetoptLong::REQUIRED_ARGUMENT], ['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT], - ['--max-threads', GetoptLong::REQUIRED_ARGUMENT] + ['--max-threads', GetoptLong::REQUIRED_ARGUMENT], + ['--batch', GetoptLong::NO_ARGUMENT] ) end diff --git a/wpscan.rb b/wpscan.rb index 693c978f..3ac41f0a 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -70,16 +70,18 @@ def main puts else puts "The remote host tried to redirect us to: #{redirection}" - print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N] ' + puts '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]' end - if wpscan_options.follow_redirection or (input = Readline.readline) =~ /^y/i - wpscan_options.url = redirection - wp_target = WpTarget.new(redirection, wpscan_options.to_h) - else - if input =~ /^a/i - puts 'Scan aborted' - exit(0) + unless wpscan_options.batch + if wpscan_options.follow_redirection || (input = Readline.readline) =~ /^y/i + wpscan_options.url = redirection + wp_target = WpTarget.new(redirection, wpscan_options.to_h) + else + if input =~ /^a/i + puts 'Scan aborted' + exit(0) + end end end end @@ -102,8 +104,8 @@ def main unless wp_target.wp_plugins_dir_exists? puts "The plugins directory '#{wp_target.wp_plugins_dir}' does not exist." puts 'You can specify one per command line option (don\'t forget to include the wp-content directory if needed)' - print '[?] Continue? [Y]es [N]o, default: [N] ' - unless Readline.readline =~ /^y/i + puts '[?] Continue? [Y]es [N]o, default: [N]' + if wpscan_options.batch || Readline.readline !~ /^y/i exit(0) end end @@ -330,11 +332,11 @@ def main puts puts "#{red('[!]')} The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!" - print '[?] Do you want to start the brute force anyway ? [Y]es [N]o, default: [N] ' + puts '[?] Do you want to start the brute force anyway ? [Y]es [N]o, default: [N]' - bruteforce = false if Readline.readline !~ /^y/i + bruteforce = false if wpscan_options.batch || Readline.readline !~ /^y/i end - puts + if bruteforce puts "#{green('[+]')} Starting the password brute forcer"