From a2412a4665e18424a4b07e55187bb8fbe5eb19b5 Mon Sep 17 00:00:00 2001 From: Christian Mehlmauer Date: Sat, 15 Sep 2012 22:20:22 +0200 Subject: [PATCH] bugfixing --- lib/wpscan/wp_enumerator.rb | 6 +++--- lib/wpscan/wp_options.rb | 20 ++++++++++---------- lib/wpscan/wp_plugin.rb | 2 +- lib/wpscan/wpscan_options.rb | 7 ++++++- wpscan.rb | 10 ++++++---- 5 files changed, 26 insertions(+), 19 deletions(-) diff --git a/lib/wpscan/wp_enumerator.rb b/lib/wpscan/wp_enumerator.rb index bdc2b25a..30fcdd3b 100644 --- a/lib/wpscan/wp_enumerator.rb +++ b/lib/wpscan/wp_enumerator.rb @@ -79,7 +79,7 @@ class WpEnumerator plugins_file = options[:file] || "#{DATA_DIR}/plugins.txt" plugin_vulns_file = options[:vulns_file] || "#{DATA_DIR}/plugin_vulns.xml" wp_content_dir = options[:wp_content_dir] - url = options[:base_url] + url = options[:url] type = options[:type] targets_url = [] @@ -87,7 +87,7 @@ class WpEnumerator # Open and parse the 'most popular' plugin list... File.open(plugins_file, 'r') do |file| file.readlines.collect do |line| - targets_url << WpPlugin.new(:base_url => url, :path => line.strip, :wp_content_dir => wp_content_dir) + targets_url << WpPlugin.new(:url => url, :path => line.strip, :wp_content_dir => wp_content_dir) end end end @@ -102,7 +102,7 @@ class WpEnumerator if targets_url.grep(%r{/#{plugin_name}/}).empty? targets_url << WpPlugin.new( - :base_url => url, + :url => url, :path => "#{type}/#{plugin_name}", :wp_content_dir => wp_content_dir, :name => plugin_name diff --git a/lib/wpscan/wp_options.rb b/lib/wpscan/wp_options.rb index 7a750773..e956f880 100644 --- a/lib/wpscan/wp_options.rb +++ b/lib/wpscan/wp_options.rb @@ -33,7 +33,7 @@ class WpOptions def self.get_empty_options options = { :url => "", - :only_vulnerable_ones => true, + :only_vulnerable_ones => false, :file => "", :vulns_file => "", :vulns_xpath => "", @@ -46,15 +46,15 @@ class WpOptions end def self.check_options(options) - raise("url must be set") unless options[:url] - raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] - raise("file must be set") unless options[:file] - raise("vulns_file must be set") unless options[:vulns_file] - raise("vulns_xpath must be set") unless options[:vulns_xpath] - raise("wp_content_dir must be set") unless options[:wp_content_dir] - raise("show_progress_bar must be set") unless options[:show_progress_bar] - raise("error_404_hash must be set") unless options[:error_404_hash] - raise("type must be set") unless options[:type] + raise("url must be set") unless options[:url] != nil and options[:url].to_s.length > 0 + raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil + raise("file must be set") unless options[:file] != nil and options[:file].length > 0 + raise("vulns_file must be set") unless options[:vulns_file] != nil and options[:vulns_file].length > 0 + raise("vulns_xpath must be set") unless options[:vulns_xpath] != nil and options[:vulns_xpath].length > 0 + raise("wp_content_dir must be set") unless options[:wp_content_dir] != nil and options[:wp_content_dir].length > 0 + raise("show_progress_bar must be set") unless options[:show_progress_bar] != nil + raise("error_404_hash must be set") unless options[:error_404_hash] != nil and options[:error_404_hash].length > 0 + raise("type must be set") unless options[:type] != nil and options[:type].length > 0 unless options[:type] =~ /plugins/i or options[:type] =~ /themes/i raise("Unknown type #{options[:type]}") diff --git a/lib/wpscan/wp_plugin.rb b/lib/wpscan/wp_plugin.rb index 0e5177df..e9eaea6e 100644 --- a/lib/wpscan/wp_plugin.rb +++ b/lib/wpscan/wp_plugin.rb @@ -22,7 +22,7 @@ class WpPlugin < Vulnerable include WpItem def initialize(options = {}) - @base_url = options[:base_url] + @base_url = options[:url] @path = options[:path] @wp_content_dir = options[:wp_content_dir] @name = options[:name] || extract_name_from_url(get_url) diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb index d09cd1d4..e831ecd7 100644 --- a/lib/wpscan/wpscan_options.rb +++ b/lib/wpscan/wpscan_options.rb @@ -45,7 +45,12 @@ class WpscanOptions attr_accessor *ACCESSOR_OPTIONS def initialize - + @enumerate_plugins = false + @enumerate_themes = false + @enumerate_only_vulnerable_plugins = false + @enumerate_only_vulnerable_themes = false + @enumerate_timthumbs = false + @enumerate_usernames = false end def url=(url) diff --git a/wpscan.rb b/wpscan.rb index f42a0ece..0e9ac2d7 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -91,7 +91,7 @@ begin wp_theme = wp_target.theme if wp_theme theme_version = wp_theme.version - puts "[!] The WordPress theme in use is #{wp_theme}" + puts "[!] The WordPress theme in use is #{wp_theme}#{' v' + theme_version if theme_version}" theme_vulnerabilities = wp_theme.vulnerabilities unless theme_vulnerabilities.empty? @@ -180,10 +180,11 @@ begin puts options = WpOptions.get_empty_options - options[:base_url] = wp_target.uri - options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_plugins, - options[:show_progress_bar] = true, + options[:url] = wp_target.uri + options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_plugins + options[:show_progress_bar] = true options[:wp_content_dir] = wp_target.wp_content_dir + options[:error_404_hash] = wp_target.error_404_hash plugins = wp_target.plugins_from_aggressive_detection(options) unless plugins.empty? @@ -278,6 +279,7 @@ begin end # Start the brute forcer + bruteforce = false if wpscan_options.wordlist if wp_target.has_login_protection?