garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #24 --exclude-content-based option added

Browse Source
This commit is contained in:
erwanlr
2012-12-06 16:50:59 -06:00
parent fb3d0dafff
commit ab59bd1eb3
6 changed files with 75 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README
View File

@@ -119,6 +119,9 @@ ryandewhurst at gmail
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp'
--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurence based on the regexp or string supplied
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
--config-file | -c <config file> Use the specified config file
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not

3
README.md
View File

@@ -126,6 +126,9 @@ Prerequisites:
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp'
--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurence based on the regexp or string supplied
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
--config-file | -c <config file> Use the specified config file
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not

19
lib/wpscan/wp_enumerator.rb
View File

@@ -42,12 +42,13 @@ class WpEnumerator
end
end
found = []
queue_count = 0
request_count = 0
enum_browser = Browser.instance
enum_hydra = enum_browser.hydra
found = []
queue_count = 0
request_count = 0
enum_browser = Browser.instance
enum_hydra = enum_browser.hydra
enumerate_size = targets.size
exclude_regexp = options[:exclude_content_based] ? %r{#{options[:exclude_content_based]}} : nil
targets.each do |target|
url = target.get_full_url
@@ -61,7 +62,13 @@ class WpEnumerator
if WpTarget.valid_response_codes.include?(response.code)
if Digest::MD5.hexdigest(response.body) != options[:error_404_hash]
found << target
if options[:exclude_content_based]
unless response.body[exclude_regexp]
found << target
end
else
found << target
end
end
end
end

2
lib/wpscan/wpscan_helper.rb
View File

@@ -93,6 +93,8 @@ def help()
puts " Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins"
puts " If no option is supplied, the default is 'vt,tt,u,vp'"
puts
puts "--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurence based on the regexp or string supplied"
puts " You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)"
puts "--config-file | -c <config file> Use the specified config file"
puts "--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not"
puts "--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed"

52
lib/wpscan/wpscan_options.rb
View File

@@ -19,30 +19,31 @@
class WpscanOptions
ACCESSOR_OPTIONS = [
:enumerate_plugins,
:enumerate_only_vulnerable_plugins,
:enumerate_all_plugins,
:enumerate_themes,
:enumerate_only_vulnerable_themes,
:enumerate_all_themes,
:enumerate_timthumbs,
:enumerate_usernames,
:enumerate_usernames_range,
:proxy,
:proxy_auth,
:threads,
:url,
:wordlist,
:force,
:update,
:verbose,
:username,
:password,
:follow_redirection,
:wp_content_dir,
:wp_plugins_dir,
:help,
:config_file
:enumerate_plugins,
:enumerate_only_vulnerable_plugins,
:enumerate_all_plugins,
:enumerate_themes,
:enumerate_only_vulnerable_themes,
:enumerate_all_themes,
:enumerate_timthumbs,
:enumerate_usernames,
:enumerate_usernames_range,
:proxy,
:proxy_auth,
:threads,
:url,
:wordlist,
:force,
:update,
:verbose,
:username,
:password,
:follow_redirection,
:wp_content_dir,
:wp_plugins_dir,
:help,
:config_file,
:exclude_content_based
]
attr_accessor *ACCESSOR_OPTIONS
@@ -238,7 +239,8 @@ class WpscanOptions
["--follow-redirection", GetoptLong::NO_ARGUMENT],
["--wp-content-dir", GetoptLong::REQUIRED_ARGUMENT],
["--wp-plugins-dir", GetoptLong::REQUIRED_ARGUMENT],
["--config-file", "-c", GetoptLong::REQUIRED_ARGUMENT]
["--config-file", "-c", GetoptLong::REQUIRED_ARGUMENT],
["--exclude-content-based", GetoptLong::REQUIRED_ARGUMENT]
)
end

48
wpscan.rb
View File

@@ -202,14 +202,16 @@ begin
puts green("[+]") + " Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..."
puts
options = {}
options[:base_url] = wp_target.uri
options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_plugins || false
options[:show_progress_bar] = true
options[:wp_content_dir] = wp_target.wp_content_dir
options[:error_404_hash] = wp_target.error_404_hash
options[:wp_plugins_dir] = wp_target.wp_plugins_dir
options[:full] = wpscan_options.enumerate_all_plugins
options = {
:base_url => wp_target.uri,
:only_vulnerable_ones => wpscan_options.enumerate_only_vulnerable_plugins || false,
:show_progress_bar => true,
:wp_content_dir => wp_target.wp_content_dir,
:error_404_hash => wp_target.error_404_hash,
:wp_plugins_dir => wp_target.wp_plugins_dir,
:full => wpscan_options.enumerate_all_plugins,
:exclude_content_based => wpscan_options.exclude_content_based
}
plugins = wp_target.plugins_from_aggressive_detection(options)
unless plugins.empty?
@@ -258,13 +260,15 @@ begin
puts green("[+]") + " Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..."
puts
options = {}
options[:base_url] = wp_target.uri
options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_themes || false
options[:show_progress_bar] = true
options[:wp_content_dir] = wp_target.wp_content_dir
options[:error_404_hash] = wp_target.error_404_hash
options[:full] = wpscan_options.enumerate_all_themes
options = {
:base_url => wp_target.uri,
:only_vulnerable_ones => wpscan_options.enumerate_only_vulnerable_themes || false,
:show_progress_bar => true,
:wp_content_dir => wp_target.wp_content_dir,
:error_404_hash => wp_target.error_404_hash,
:full => wpscan_options.enumerate_all_themes,
:exclude_content_based => wpscan_options.exclude_content_based
}
themes = wp_target.themes_from_aggressive_detection(options)
unless themes.empty?
@@ -305,11 +309,13 @@ begin
puts green("[+]") + " Enumerating timthumb files ..."
puts
options = {}
options[:base_url] = wp_target.uri
options[:show_progress_bar] = true
options[:wp_content_dir] = wp_target.wp_content_dir
options[:error_404_hash] = wp_target.error_404_hash
options = {
:base_url => wp_target.uri,
:show_progress_bar => true,
:wp_content_dir => wp_target.wp_content_dir,
:error_404_hash => wp_target.error_404_hash,
:exclude_content_based => wpscan_options.exclude_content_based
}
theme_name = wp_theme ? wp_theme.name : nil
if wp_target.has_timthumbs?(theme_name, options)
@@ -383,7 +389,7 @@ begin
puts
puts green("[+]") + " Starting the password brute forcer"
puts
wp_target.brute_force(usernames, wpscan_options.wordlist)
wp_target.brute_force(usernames, wpscan_options.wordlist)
else
puts
puts "Brute forcing aborted"