diff --git a/README b/README index a47123b7..fa6bba36 100644 --- a/README +++ b/README @@ -132,15 +132,15 @@ ryandewhurst at gmail ap all plugins (can take a long time) tt timthumbs t themes - vp only vulnerable themes + vt only vulnerable themes at all themes (can take a long time) - Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins - If no option is supplied, the default is 'vt,tt,u,vp' + Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins + If no option is supplied, the default is "vt,tt,u,vp" ---exclude-content-based '' Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied - You do not need to provide the regexp delimiters, but you must write the quotes (simple or double) +--exclude-content-based "" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied + You do not need to provide the regexp delimiters, but you must write the quotes (simple or double) ---config-file | -c Use the specified config file +--config-file | -c Use the specified config file, see the example.conf.json --user-agent | -a Use the specified User-Agent @@ -152,31 +152,34 @@ ryandewhurst at gmail --wp-plugins-dir Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed ---proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json). - HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used +--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json). + HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used ---proxy-auth Supply the proxy login credentials (will override the one from conf/browser.conf.json). +--proxy-auth Supply the proxy login credentials. ---basic-auth Set the HTTP Basic authentication +--basic-auth Set the HTTP Basic authentication. --wordlist | -w Supply a wordlist for the password bruter and do the brute. ---threads | -t The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json) +--threads | -t The number of threads to use when multi-threading requests. --username | -U Only brute force the supplied username. ---cache-ttl Typhoeus cache TTL +--cache-ttl Typhoeus cache TTL. ---request-timeout Request Timeout +--request-timeout Request Timeout. ---connect-timeout Connect Timeout +--connect-timeout Connect Timeout. ---max-threads Maximum Threads +--max-threads Maximum Threads. --help | -h This help screen. --verbose | -v Verbose output. +--batch Never ask for user input, use the default behaviour. + + ==WPSCAN EXAMPLES== Do 'non-intrusive' checks... @@ -213,17 +216,21 @@ Debug output... ==WPSTOOLS ARGUMENTS== ---help | -h This help screen. ---Verbose | -v Verbose output. ---update | -u Update to the latest revision. ---generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150) ---gpl Alias for --generate_plugin_list ---check-local-vulnerable-files | --clvf Perform a recursive scan in the to find vulnerable files or shells +-v, --verbose Verbose output + --check-vuln-ref-urls, --cvru Check all the vulnerabilities reference urls for 404 + --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells + --generate-plugin-list, --gpl [NUMBER_OF_PAGES] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150) + --generate-full-plugin-list, --gfpl Generate a new full data/plugins.txt file + --generate-theme-list, --gtl [NUMBER_OF_PAGES] Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20) + --generate-full-theme-list, --gftl Generate a new full data/themes.txt file + --generate-all, --ga Generate a new full plugins, full themes, popular plugins and popular themes list +-s, --stats Show WpScan Database statistics + --spellcheck, --sc Check all files for common spelling mistakes. ==WPSTOOLS EXAMPLES== - Generate a new 'most popular' plugin list, up to 150 pages ... -ruby wpstools.rb --generate_plugin_list 150 +ruby wpstools.rb --generate-plugin-list 150 - Locally scan a wordpress installation for vulnerable files or shells : ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/ diff --git a/README.md b/README.md index 70f8d3ce..471e17e2 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install #### WPSCAN ARGUMENTS - --update Update to the latest revision + --update Update to the latest revision --url | -u The WordPress URL/domain to scan. @@ -148,13 +148,13 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install t themes vt only vulnerable themes at all themes (can take a long time) - Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins - If no option is supplied, the default is 'vt,tt,u,vp' + Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins + If no option is supplied, the default is "vt,tt,u,vp" - --exclude-content-based '' Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied - You do not need to provide the regexp delimiters, but you must write the quotes (simple or double) + --exclude-content-based "" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied + You do not need to provide the regexp delimiters, but you must write the quotes (simple or double) - --config-file | -c Use the specified config file + --config-file | -c Use the specified config file, see the example.conf.json --user-agent | -a Use the specified User-Agent @@ -166,31 +166,34 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install --wp-plugins-dir Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed - --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json). - HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used + --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json). + HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used - --proxy-auth Supply the proxy login credentials (will override the one from conf/browser.conf.json). + --proxy-auth Supply the proxy login credentials. - --basic-auth Set the HTTP Basic authentication + --basic-auth Set the HTTP Basic authentication. --wordlist | -w Supply a wordlist for the password bruter and do the brute. - --threads | -t The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json) + --threads | -t The number of threads to use when multi-threading requests. --username | -U Only brute force the supplied username. - --cache-ttl Typhoeus cache TTL + --cache-ttl Typhoeus cache TTL. - --request-timeout Request Timeout + --request-timeout Request Timeout. - --connect-timeout Connect Timeout + --connect-timeout Connect Timeout. - --max-threads Maximum Threads + --max-threads Maximum Threads. --help | -h This help screen. --verbose | -v Verbose output. + --batch Never ask for user input, use the default behaviour. + + #### WPSCAN EXAMPLES Do 'non-intrusive' checks... @@ -227,18 +230,23 @@ Debug output... #### WPSTOOLS ARGUMENTS - --help | -h This help screen. - --Verbose | -v Verbose output. - --update | -u Update to the latest revision. - --generate_plugin_list [number of pages] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150) - --gpl Alias for --generate_plugin_list - --check-local-vulnerable-files | --clvf Perform a recursive scan in the to find vulnerable files or shells + -v, --verbose Verbose output + --check-vuln-ref-urls, --cvru Check all the vulnerabilities reference urls for 404 + --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells + --generate-plugin-list, --gpl [NUMBER_OF_PAGES] Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150) + --generate-full-plugin-list, --gfpl Generate a new full data/plugins.txt file + --generate-theme-list, --gtl [NUMBER_OF_PAGES] Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20) + --generate-full-theme-list, --gftl Generate a new full data/themes.txt file + --generate-all, --ga Generate a new full plugins, full themes, popular plugins and popular themes list + -s, --stats Show WpScan Database statistics. + --spellcheck, --sc Check all files for common spelling mistakes. + #### WPSTOOLS EXAMPLES Generate a new 'most popular' plugin list, up to 150 pages... -```ruby wpstools.rb --generate_plugin_list 150``` +```ruby wpstools.rb --generate-plugin-list 150``` Locally scan a wordpress installation for vulnerable files or shells : ```ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/``` diff --git a/lib/wpscan/wpscan_helper.rb b/lib/wpscan/wpscan_helper.rb index 5da0350a..566046ca 100644 --- a/lib/wpscan/wpscan_helper.rb +++ b/lib/wpscan/wpscan_helper.rb @@ -60,8 +60,7 @@ end def help puts 'Help :' puts - puts 'Some values are settable in conf/browser.conf.json :' - puts ' user-agent, proxy, proxy-auth, threads, cache timeout and request timeout' + puts 'Some values are settable in a config file, see the example.conf.json' puts puts '--update Update to the latest revision' puts '--url | -u The WordPress URL/domain to scan.' @@ -82,23 +81,23 @@ def help puts puts '--exclude-content-based "" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied' puts ' You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)' - puts '--config-file | -c Use the specified config file' + puts '--config-file | -c Use the specified config file, see the example.conf.json' puts '--user-agent | -a Use the specified User-Agent' puts '--random-agent | -r Use a random User-Agent' puts '--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not' puts '--wp-content-dir WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed' puts '--wp-plugins-dir Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed' - puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).' + puts '--proxy <[protocol://]host:port> Supply a proxy.' puts ' HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used' - puts '--proxy-auth Supply the proxy login credentials (will override the one from conf/browser.conf.json).' + puts '--proxy-auth Supply the proxy login credentials.' puts '--basic-auth Set the HTTP Basic authentication' puts '--wordlist | -w Supply a wordlist for the password bruter and do the brute.' - puts '--threads | -t The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)' + puts '--threads | -t The number of threads to use when multi-threading requests.' puts '--username | -U Only brute force the supplied username.' - puts '--cache-ttl Typhoeus cache TTL' - puts '--request-timeout Request Timeout' - puts '--connect-timeout Connect Timeout' - puts '--max-threads Maximum Threads' + puts '--cache-ttl Typhoeus cache TTL.' + puts '--request-timeout Request Timeout.' + puts '--connect-timeout Connect Timeout.' + puts '--max-threads Maximum Threads.' puts '--help | -h This help screen.' puts '--verbose | -v Verbose output.' puts '--batch Never ask for user input, use the default behaviour.' diff --git a/lib/wpstools/plugins/stats/stats_plugin.rb b/lib/wpstools/plugins/stats/stats_plugin.rb index 7d47ac5d..73669022 100644 --- a/lib/wpstools/plugins/stats/stats_plugin.rb +++ b/lib/wpstools/plugins/stats/stats_plugin.rb @@ -6,7 +6,7 @@ class StatsPlugin < Plugin super(author: 'WPScanTeam - Christian Mehlmauer') register_options( - ['--stats', '--s', 'Show WpScan Database statistics'] + ['--stats', '-s', 'Show WpScan Database statistics.'] ) end