diff --git a/lib/wpscan/modules/brute_force.rb b/lib/wpscan/modules/brute_force.rb index e3c93357..73062035 100644 --- a/lib/wpscan/modules/brute_force.rb +++ b/lib/wpscan/modules/brute_force.rb @@ -40,7 +40,7 @@ module BruteForce queue_count += 1 # create local vars for on_complete call back, Issue 51. - username = login + username = login.name password = password # the request object diff --git a/lib/wpscan/modules/wp_usernames.rb b/lib/wpscan/modules/wp_usernames.rb index 9ff66110..db0b9536 100644 --- a/lib/wpscan/modules/wp_usernames.rb +++ b/lib/wpscan/modules/wp_usernames.rb @@ -24,7 +24,7 @@ module WpUsernames # Available options : # :range - default : 1..10 # - # returns an array of usernames (can be empty) + # returns an array of WpUser (can be empty) def usernames(options = {}) range = options[:range] || (1..10) browser = Browser.instance @@ -46,9 +46,7 @@ module WpUsernames end unless username == nil and nickname == nil - usernames << { :id => author_id, - :name => username ? username : "empty", - :nickname => nickname ? nickname : "empty"} + usernames << WpUser.new(username, author_id, nickname) end end usernames = remove_junk_from_nickname(usernames) @@ -83,14 +81,14 @@ module WpUsernames def remove_junk_from_nickname(usernames) nicknames = [] usernames.each do |u| - nickname = u[:nickname] + nickname = u.nickname unless nickname == "empty" nicknames << nickname end end junk = get_equal_string_end(nicknames) usernames.each do |u| - u[:nickname] = u[:nickname].sub(/#{Regexp.escape(junk)}$/, "") + u.nickname = u.nickname.sub(/#{Regexp.escape(junk)}$/, "") end usernames end diff --git a/lib/wpscan/wp_user.rb b/lib/wpscan/wp_user.rb new file mode 100644 index 00000000..a5b493ad --- /dev/null +++ b/lib/wpscan/wp_user.rb @@ -0,0 +1,39 @@ +#-- +# WPScan - WordPress Security Scanner +# Copyright (C) 2012 +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +#++ + +class WpUser + attr_accessor :name, :id, :nickname + + def initialize(name, id, nickname) + @name = name ? name : "empty" + @id = id ? id : "empty" + @nickname = nickname ? nickname : "empty" + end + + def <=>(item) + item.name <=> @name and item.id <=> @id and item.nickname <=> @nickname + end + + def ===(item) + item.name === @name and item.id === @id and item.nickname === @nickname + end + + def eql?(item) + item.name === @name and item.id === @id and item.nickname === @nickname + end +end \ No newline at end of file diff --git a/spec/lib/wpscan/modules/wp_usernames_spec.rb b/spec/lib/wpscan/modules/wp_usernames_spec.rb index 193e4f3c..ce319535 100644 --- a/spec/lib/wpscan/modules/wp_usernames_spec.rb +++ b/spec/lib/wpscan/modules/wp_usernames_spec.rb @@ -50,9 +50,9 @@ shared_examples_for "WpUsernames" do usernames = @module.usernames usernames.should_not be_empty usernames.length.should == 1 - usernames[0][:id].should == 3 - usernames[0][:name].should == "Youhou" - usernames[0][:nickname].should == "empty" + usernames[0].id.should == 3 + usernames[0].name.should == "Youhou" + usernames[0].nickname.should == "empty" end it "should return an array with 1 username (from in the body response)" do @@ -61,7 +61,7 @@ shared_examples_for "WpUsernames" do usernames = @module.usernames(:range => (1..2)) usernames.should_not be_empty - usernames.should === [{ :id => 2, :name => "admin", :nickname => "admin | Wordpress 3.3.2"}] + usernames.eql?([WpUser.new("admin", 2, "admin | Wordpress 3.3.2")]).should be_true end it "should return an array with 2 usernames (one is a duplicate and should not be present twice)" do @@ -73,9 +73,10 @@ shared_examples_for "WpUsernames" do usernames = @module.usernames(:range => (1..5)) usernames.should_not be_empty - expected = [{:id => 2, :name =>"admin", :nickname => "admin | Wordpress 3.3.2"}, - {:id => 4, :name => "Youhou", :nickname => "empty"}] - usernames.sort_by { |u| u[:name]}.should === expected.sort_by { |u| u[:name]} + expected = [WpUser.new("admin", 2, "admin | Wordpress 3.3.2"), + WpUser.new("Youhou", 4, "empty")] + + usernames.sort_by {|u| u.name}.eql?(expected.sort_by {|u| u.name}).should be_true end end diff --git a/wpscan.rb b/wpscan.rb index 330e9017..ee1f6d5e 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -323,15 +323,15 @@ begin puts "We found the following #{usernames.length.to_s} username/s :" puts - max_id_length = usernames.sort{|a,b| a[:id] <=> b[:id]}.last[:id].to_s.length - max_name_length = usernames.sort{|a,b| a[:name] <=> b[:name]}.last[:name].length - max_nickname_length = usernames.sort{|a,b| a[:nickname] <=> b[:nickname]}.last[:nickname].length + max_id_length = usernames.sort{|a,b| a.id <=> b.id}.last.id.to_s.length + max_name_length = usernames.sort{|a,b| a.name <=> b.name}.last.name.length + max_nickname_length = usernames.sort{|a,b| a.nickname <=> b.nickname}.last.nickname.length space = 1 usernames.each do |u| - id_string = "id: #{u[:id].to_s.ljust(max_id_length + space)}" - name_string = "name: #{u[:name].ljust(max_name_length + space)}" - nickname_string = "nickname: #{u[:nickname].ljust(max_nickname_length + space)}" + id_string = "id: #{u.id.to_s.ljust(max_id_length + space)}" + name_string = "name: #{u.name.ljust(max_name_length + space)}" + nickname_string = "nickname: #{u.nickname.ljust(max_nickname_length + space)}" puts " | #{id_string}| #{name_string}| #{nickname_string}" end end