bugfixing

lib/wpscan/wp_enumerator.rb

@@ -79,7 +79,7 @@ class WpEnumerator
     plugins_file      = options[:file] || "#{DATA_DIR}/plugins.txt"
     plugin_vulns_file = options[:vulns_file] || "#{DATA_DIR}/plugin_vulns.xml"
     wp_content_dir    = options[:wp_content_dir]
-    url               = options[:base_url]
+    url               = options[:url]
     type              = options[:type]
     targets_url       = []
 
@@ -87,7 +87,7 @@ class WpEnumerator
       # Open and parse the 'most popular' plugin list...
       File.open(plugins_file, 'r') do |file|
         file.readlines.collect do |line|
-          targets_url << WpPlugin.new(:base_url => url, :path => line.strip, :wp_content_dir => wp_content_dir)
+          targets_url << WpPlugin.new(:url => url, :path => line.strip, :wp_content_dir => wp_content_dir)
         end
       end
     end
@@ -102,7 +102,7 @@ class WpEnumerator
 
       if targets_url.grep(%r{/#{plugin_name}/}).empty?
         targets_url << WpPlugin.new(
-            :base_url       => url,
+            :url            => url,
             :path           => "#{type}/#{plugin_name}",
             :wp_content_dir => wp_content_dir,
             :name           => plugin_name

lib/wpscan/wp_options.rb

@@ -33,7 +33,7 @@ class WpOptions
   def self.get_empty_options
     options = {
         :url                  => "",
-        :only_vulnerable_ones => true,
+        :only_vulnerable_ones => false,
         :file                 => "",
         :vulns_file           => "",
         :vulns_xpath          => "",
@@ -46,15 +46,15 @@ class WpOptions
   end
 
   def self.check_options(options)
-    raise("url must be set")                  unless options[:url]
+    raise("url must be set")                  unless options[:url] != nil and options[:url].to_s.length > 0
-    raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones]
+    raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil
-    raise("file must be set")                 unless options[:file]
+    raise("file must be set")                 unless options[:file] != nil and options[:file].length > 0
-    raise("vulns_file must be set")           unless options[:vulns_file]
+    raise("vulns_file must be set")           unless options[:vulns_file] != nil and options[:vulns_file].length > 0
-    raise("vulns_xpath must be set")          unless options[:vulns_xpath]
+    raise("vulns_xpath must be set")          unless options[:vulns_xpath] != nil and options[:vulns_xpath].length > 0
-    raise("wp_content_dir must be set")       unless options[:wp_content_dir]
+    raise("wp_content_dir must be set")       unless options[:wp_content_dir] != nil and options[:wp_content_dir].length > 0
-    raise("show_progress_bar must be set")    unless options[:show_progress_bar]
+    raise("show_progress_bar must be set")    unless options[:show_progress_bar] != nil
-    raise("error_404_hash must be set")       unless options[:error_404_hash]
+    raise("error_404_hash must be set")       unless options[:error_404_hash] != nil and options[:error_404_hash].length > 0
-    raise("type must be set")                 unless options[:type]
+    raise("type must be set")                 unless options[:type] != nil and options[:type].length > 0
 
     unless options[:type] =~ /plugins/i or options[:type] =~ /themes/i
       raise("Unknown type #{options[:type]}")

lib/wpscan/wp_plugin.rb

@@ -22,7 +22,7 @@ class WpPlugin < Vulnerable
   include WpItem
 
   def initialize(options = {})
-    @base_url       = options[:base_url]
+    @base_url       = options[:url]
     @path           = options[:path]
     @wp_content_dir = options[:wp_content_dir]
     @name           = options[:name] || extract_name_from_url(get_url)

lib/wpscan/wpscan_options.rb

@@ -45,7 +45,12 @@ class WpscanOptions
   attr_accessor *ACCESSOR_OPTIONS
 
   def initialize
-
+    @enumerate_plugins = false
+    @enumerate_themes = false
+    @enumerate_only_vulnerable_plugins = false
+    @enumerate_only_vulnerable_themes = false
+    @enumerate_timthumbs = false
+    @enumerate_usernames = false
   end
 
   def url=(url)

wpscan.rb

@@ -91,7 +91,7 @@ begin
   wp_theme = wp_target.theme
   if wp_theme
     theme_version = wp_theme.version
-    puts "[!] The WordPress theme in use is #{wp_theme}"
+    puts "[!] The WordPress theme in use is #{wp_theme}#{' v' + theme_version if theme_version}"
 
     theme_vulnerabilities = wp_theme.vulnerabilities
     unless theme_vulnerabilities.empty?
@@ -180,10 +180,11 @@ begin
     puts
 
     options = WpOptions.get_empty_options
-    options[:base_url]              = wp_target.uri
+    options[:url]                   = wp_target.uri
-    options[:only_vulnerable_ones]  = wpscan_options.enumerate_only_vulnerable_plugins,
+    options[:only_vulnerable_ones]  = wpscan_options.enumerate_only_vulnerable_plugins
-    options[:show_progress_bar]     = true,
+    options[:show_progress_bar]     = true
     options[:wp_content_dir]        = wp_target.wp_content_dir
+    options[:error_404_hash]        = wp_target.error_404_hash
 
     plugins = wp_target.plugins_from_aggressive_detection(options)
     unless plugins.empty?
@@ -278,6 +279,7 @@ begin
   end
 
   # Start the brute forcer
+  bruteforce = false
   if wpscan_options.wordlist
     if wp_target.has_login_protection?