check for ssl related errors. Fix #993

lib/common/browser.rb

@@ -20,7 +20,8 @@ class Browser
     :cookie,
     :throttle,
     :disable_accept_header,
-    :disable_referer
+    :disable_referer,
+    :disable_tls_checks
   ]
 
   @@instance = nil
@@ -155,8 +156,12 @@ class Browser
     params.merge!(maxredirs: 3) unless params.key?(:maxredirs)
 
     # Disable SSL-Certificate checks
-    params.merge!(ssl_verifypeer: false) unless params.key?(:ssl_verifypeer)
+    if @disable_tls_checks
-    params.merge!(ssl_verifyhost: 0) unless params.key?(:ssl_verifyhost)
+      # Cert validity check
+      params.merge!(ssl_verifypeer: 0) unless params.key?(:ssl_verifypeer)
+      # Cert hostname check
+      params.merge!(ssl_verifyhost: 0) unless params.key?(:ssl_verifyhost)
+    end
 
     params.merge!(cookiejar: @cache_dir + '/cookie-jar')
     params.merge!(cookiefile: @cache_dir + '/cookie-jar')

lib/common/browser/options.rb

@@ -3,7 +3,7 @@
 class Browser
   module Options
 
-    attr_accessor :request_timeout, :connect_timeout, :user_agent, :disable_accept_header, :disable_referer
+    attr_accessor :request_timeout, :connect_timeout, :user_agent, :disable_accept_header, :disable_referer, :disable_tls_checks
     attr_reader   :basic_auth, :cache_ttl, :proxy, :proxy_auth, :throttle
 
     # Sets the Basic Authentification credentials

lib/wpscan/web_site.rb

@@ -21,6 +21,29 @@ class WebSite
     @uri.to_s
   end
 
+  # Checks if the remote website has ssl errors
+  def ssl_error?
+    return false unless @uri.scheme == 'https'
+    c = get_root_path_return_code
+    # http://www.rubydoc.info/github/typhoeus/ethon/Ethon/Easy:return_code
+    return (
+      c == :ssl_connect_error ||
+      c == :peer_failed_verification ||
+      c == :ssl_certproblem ||
+      c == :ssl_cipher ||
+      c == :ssl_cacert ||
+      c == :ssl_cacert_badfile ||
+      c == :ssl_issuer_error ||
+      c == :ssl_crl_badfile ||
+      c == :ssl_engine_setfailed ||
+      c == :ssl_engine_notfound
+    )
+  end
+
+  def get_root_path_return_code
+    Browser.get(@uri.to_s).return_code
+  end
+
   # Checks if the remote website is up.
   def online?
     Browser.get(@uri.to_s).code != 0

lib/wpscan/wpscan_options.rb

@@ -46,7 +46,8 @@ class WpscanOptions
     :throttle,
     :disable_accept_header,
     :disable_referer,
-    :cache_dir
+    :cache_dir,
+    :disable_tls_checks
   ]
 
   attr_accessor *ACCESSOR_OPTIONS
@@ -290,7 +291,8 @@ class WpscanOptions
       ['--throttle', GetoptLong::REQUIRED_ARGUMENT],
       ['--disable-accept-header', GetoptLong::NO_ARGUMENT],
       ['--disable-referer', GetoptLong::NO_ARGUMENT],
-      ['--cache-dir', GetoptLong::REQUIRED_ARGUMENT]
+      ['--cache-dir', GetoptLong::REQUIRED_ARGUMENT],
+      ['--disable-tls-checks', GetoptLong::NO_ARGUMENT],
     )
   end
 

wpscan.rb

@@ -86,6 +86,10 @@ def main
       raise 'We do not support scanning *.wordpress.com hosted blogs'
     end
 
+    if wp_target.ssl_error?
+      raise "The target site returned an SSL/TLS error. You can try again using the --disable-tls-checks option.\nError: #{wp_target.get_root_path_return_code}\nSee here for a detailed explanation of the error: http://www.rubydoc.info/github/typhoeus/ethon/Ethon/Easy:return_code"
+    end
+
     # Remote website up?
     unless wp_target.online?
       raise "The WordPress URL supplied '#{wp_target.uri}' seems to be down. Maybe the site is blocking wpscan so you can try the --random-agent parameter."