garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #454 --batch option added

Browse Source
This commit is contained in:
erwanlr
2014-04-11 16:45:44 +02:00
parent 3749ef8433
commit 85421f9b4b
3 changed files with 19 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/wpscan/wpscan_helper.rb
View File

@@ -101,5 +101,6 @@ def help
puts '--max-threads <max-threads> Maximum Threads' puts '--max-threads <max-threads> Maximum Threads'
puts '--help | -h This help screen.' puts '--help | -h This help screen.'
puts '--verbose | -v Verbose output.' puts '--verbose | -v Verbose output.'
puts '--batch Never ask for user input, use the default behaviour.'
puts puts
end end

4
lib/wpscan/wpscan_options.rb
View File

@@ -3,6 +3,7 @@
class WpscanOptions class WpscanOptions
ACCESSOR_OPTIONS = [ ACCESSOR_OPTIONS = [
:batch,
:enumerate_plugins, :enumerate_plugins,
:enumerate_only_vulnerable_plugins, :enumerate_only_vulnerable_plugins,
:enumerate_all_plugins, :enumerate_all_plugins,
@@ -255,7 +256,8 @@ class WpscanOptions
['--cache-ttl', GetoptLong::REQUIRED_ARGUMENT], ['--cache-ttl', GetoptLong::REQUIRED_ARGUMENT],
['--request-timeout', GetoptLong::REQUIRED_ARGUMENT], ['--request-timeout', GetoptLong::REQUIRED_ARGUMENT],
['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT], ['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT],
['--max-threads', GetoptLong::REQUIRED_ARGUMENT] ['--max-threads', GetoptLong::REQUIRED_ARGUMENT],
['--batch', GetoptLong::NO_ARGUMENT]
) )
end end

28
wpscan.rb
View File

@@ -70,16 +70,18 @@ def main
puts puts
else else
puts "The remote host tried to redirect us to: #{redirection}" puts "The remote host tried to redirect us to: #{redirection}"
print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N] ' puts '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
end end
if wpscan_options.follow_redirection or (input = Readline.readline) =~ /^y/i unless wpscan_options.batch
wpscan_options.url = redirection if wpscan_options.follow_redirection || (input = Readline.readline) =~ /^y/i
wp_target = WpTarget.new(redirection, wpscan_options.to_h) wpscan_options.url = redirection
else wp_target = WpTarget.new(redirection, wpscan_options.to_h)
if input =~ /^a/i else
puts 'Scan aborted' if input =~ /^a/i
exit(0) puts 'Scan aborted'
exit(0)
end
end end
end end
end end
@@ -102,8 +104,8 @@ def main
unless wp_target.wp_plugins_dir_exists? unless wp_target.wp_plugins_dir_exists?
puts "The plugins directory '#{wp_target.wp_plugins_dir}' does not exist." puts "The plugins directory '#{wp_target.wp_plugins_dir}' does not exist."
puts 'You can specify one per command line option (don\'t forget to include the wp-content directory if needed)' puts 'You can specify one per command line option (don\'t forget to include the wp-content directory if needed)'
print '[?] Continue? [Y]es [N]o, default: [N] ' puts '[?] Continue? [Y]es [N]o, default: [N]'
unless Readline.readline =~ /^y/i if wpscan_options.batch || Readline.readline !~ /^y/i
exit(0) exit(0)
end end
end end
@@ -330,11 +332,11 @@ def main
puts puts
puts "#{red('[!]')} The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!" puts "#{red('[!]')} The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!"
print '[?] Do you want to start the brute force anyway ? [Y]es [N]o, default: [N] ' puts '[?] Do you want to start the brute force anyway ? [Y]es [N]o, default: [N]'
bruteforce = false if Readline.readline !~ /^y/i bruteforce = false if wpscan_options.batch || Readline.readline !~ /^y/i
end end
puts
if bruteforce if bruteforce
puts "#{green('[+]')} Starting the password brute forcer" puts "#{green('[+]')} Starting the password brute forcer"