diff --git a/lib/common/browser.rb b/lib/common/browser.rb index a2663159..986fa1f4 100644 --- a/lib/common/browser.rb +++ b/lib/common/browser.rb @@ -20,7 +20,8 @@ class Browser :cookie, :throttle, :disable_accept_header, - :disable_referer + :disable_referer, + :disable_tls_checks ] @@instance = nil @@ -155,8 +156,12 @@ class Browser params.merge!(maxredirs: 3) unless params.key?(:maxredirs) # Disable SSL-Certificate checks - params.merge!(ssl_verifypeer: false) unless params.key?(:ssl_verifypeer) - params.merge!(ssl_verifyhost: 0) unless params.key?(:ssl_verifyhost) + if @disable_tls_checks + # Cert validity check + params.merge!(ssl_verifypeer: 0) unless params.key?(:ssl_verifypeer) + # Cert hostname check + params.merge!(ssl_verifyhost: 0) unless params.key?(:ssl_verifyhost) + end params.merge!(cookiejar: @cache_dir + '/cookie-jar') params.merge!(cookiefile: @cache_dir + '/cookie-jar') diff --git a/lib/common/browser/options.rb b/lib/common/browser/options.rb index 0e6defd9..ff23da18 100644 --- a/lib/common/browser/options.rb +++ b/lib/common/browser/options.rb @@ -3,7 +3,7 @@ class Browser module Options - attr_accessor :request_timeout, :connect_timeout, :user_agent, :disable_accept_header, :disable_referer + attr_accessor :request_timeout, :connect_timeout, :user_agent, :disable_accept_header, :disable_referer, :disable_tls_checks attr_reader :basic_auth, :cache_ttl, :proxy, :proxy_auth, :throttle # Sets the Basic Authentification credentials diff --git a/lib/wpscan/web_site.rb b/lib/wpscan/web_site.rb index bb520c63..ec299eff 100644 --- a/lib/wpscan/web_site.rb +++ b/lib/wpscan/web_site.rb @@ -21,6 +21,29 @@ class WebSite @uri.to_s end + # Checks if the remote website has ssl errors + def ssl_error? + return false unless @uri.scheme == 'https' + c = get_root_path_return_code + # http://www.rubydoc.info/github/typhoeus/ethon/Ethon/Easy:return_code + return ( + c == :ssl_connect_error || + c == :peer_failed_verification || + c == :ssl_certproblem || + c == :ssl_cipher || + c == :ssl_cacert || + c == :ssl_cacert_badfile || + c == :ssl_issuer_error || + c == :ssl_crl_badfile || + c == :ssl_engine_setfailed || + c == :ssl_engine_notfound + ) + end + + def get_root_path_return_code + Browser.get(@uri.to_s).return_code + end + # Checks if the remote website is up. def online? Browser.get(@uri.to_s).code != 0 diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb index 45da908f..5d94cda1 100644 --- a/lib/wpscan/wpscan_options.rb +++ b/lib/wpscan/wpscan_options.rb @@ -46,7 +46,8 @@ class WpscanOptions :throttle, :disable_accept_header, :disable_referer, - :cache_dir + :cache_dir, + :disable_tls_checks ] attr_accessor *ACCESSOR_OPTIONS @@ -290,7 +291,8 @@ class WpscanOptions ['--throttle', GetoptLong::REQUIRED_ARGUMENT], ['--disable-accept-header', GetoptLong::NO_ARGUMENT], ['--disable-referer', GetoptLong::NO_ARGUMENT], - ['--cache-dir', GetoptLong::REQUIRED_ARGUMENT] + ['--cache-dir', GetoptLong::REQUIRED_ARGUMENT], + ['--disable-tls-checks', GetoptLong::NO_ARGUMENT], ) end diff --git a/wpscan.rb b/wpscan.rb index b4d58016..fb750016 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -86,6 +86,10 @@ def main raise 'We do not support scanning *.wordpress.com hosted blogs' end + if wp_target.ssl_error? + raise "The target site returned an SSL/TLS error. You can try again using the --disable-tls-checks option.\nError: #{wp_target.get_root_path_return_code}\nSee here for a detailed explanation of the error: http://www.rubydoc.info/github/typhoeus/ethon/Ethon/Easy:return_code" + end + # Remote website up? unless wp_target.online? raise "The WordPress URL supplied '#{wp_target.uri}' seems to be down. Maybe the site is blocking wpscan so you can try the --random-agent parameter."