garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #24 --exclude-content-based option added

Browse Source
This commit is contained in:
erwanlr
2012-12-06 16:50:59 -06:00
parent fb3d0dafff
commit ab59bd1eb3
6 changed files with 75 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README
View File

@@ -119,6 +119,9 @@ ryandewhurst at gmail
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp' If no option is supplied, the default is 'vt,tt,u,vp'
--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurence based on the regexp or string supplied
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
--config-file | -c <config file> Use the specified config file --config-file | -c <config file> Use the specified config file
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not

3
README.md
View File

@@ -126,6 +126,9 @@ Prerequisites:
Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
If no option is supplied, the default is 'vt,tt,u,vp' If no option is supplied, the default is 'vt,tt,u,vp'
--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurence based on the regexp or string supplied
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
--config-file | -c <config file> Use the specified config file --config-file | -c <config file> Use the specified config file
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not --follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not

19
lib/wpscan/wp_enumerator.rb
View File

@@ -42,12 +42,13 @@ class WpEnumerator
end end
end end
found = [] found = []
queue_count = 0 queue_count = 0
request_count = 0 request_count = 0
enum_browser = Browser.instance enum_browser = Browser.instance
enum_hydra = enum_browser.hydra enum_hydra = enum_browser.hydra
enumerate_size = targets.size enumerate_size = targets.size
exclude_regexp = options[:exclude_content_based] ? %r{#{options[:exclude_content_based]}} : nil
targets.each do |target| targets.each do |target|
url = target.get_full_url url = target.get_full_url
@@ -61,7 +62,13 @@ class WpEnumerator
if WpTarget.valid_response_codes.include?(response.code) if WpTarget.valid_response_codes.include?(response.code)
if Digest::MD5.hexdigest(response.body) != options[:error_404_hash] if Digest::MD5.hexdigest(response.body) != options[:error_404_hash]
found << target if options[:exclude_content_based]
unless response.body[exclude_regexp]
found << target
end
else
found << target
end
end end
end end
end end

2
lib/wpscan/wpscan_helper.rb
View File

@@ -93,6 +93,8 @@ def help()
puts " Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins" puts " Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins"
puts " If no option is supplied, the default is 'vt,tt,u,vp'" puts " If no option is supplied, the default is 'vt,tt,u,vp'"
puts puts
puts "--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurence based on the regexp or string supplied"
puts " You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)"
puts "--config-file | -c <config file> Use the specified config file" puts "--config-file | -c <config file> Use the specified config file"
puts "--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not" puts "--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not"
puts "--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed" puts "--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed"

52
lib/wpscan/wpscan_options.rb
View File

@@ -19,30 +19,31 @@
class WpscanOptions class WpscanOptions
ACCESSOR_OPTIONS = [ ACCESSOR_OPTIONS = [
:enumerate_plugins, :enumerate_plugins,
:enumerate_only_vulnerable_plugins, :enumerate_only_vulnerable_plugins,
:enumerate_all_plugins, :enumerate_all_plugins,
:enumerate_themes, :enumerate_themes,
:enumerate_only_vulnerable_themes, :enumerate_only_vulnerable_themes,
:enumerate_all_themes, :enumerate_all_themes,
:enumerate_timthumbs, :enumerate_timthumbs,
:enumerate_usernames, :enumerate_usernames,
:enumerate_usernames_range, :enumerate_usernames_range,
:proxy, :proxy,
:proxy_auth, :proxy_auth,
:threads, :threads,
:url, :url,
:wordlist, :wordlist,
:force, :force,
:update, :update,
:verbose, :verbose,
:username, :username,
:password, :password,
:follow_redirection, :follow_redirection,
:wp_content_dir, :wp_content_dir,
:wp_plugins_dir, :wp_plugins_dir,
:help, :help,
:config_file :config_file,
:exclude_content_based
] ]
attr_accessor *ACCESSOR_OPTIONS attr_accessor *ACCESSOR_OPTIONS
@@ -238,7 +239,8 @@ class WpscanOptions
["--follow-redirection", GetoptLong::NO_ARGUMENT], ["--follow-redirection", GetoptLong::NO_ARGUMENT],
["--wp-content-dir", GetoptLong::REQUIRED_ARGUMENT], ["--wp-content-dir", GetoptLong::REQUIRED_ARGUMENT],
["--wp-plugins-dir", GetoptLong::REQUIRED_ARGUMENT], ["--wp-plugins-dir", GetoptLong::REQUIRED_ARGUMENT],
["--config-file", "-c", GetoptLong::REQUIRED_ARGUMENT] ["--config-file", "-c", GetoptLong::REQUIRED_ARGUMENT],
["--exclude-content-based", GetoptLong::REQUIRED_ARGUMENT]
) )
end end

48
wpscan.rb
View File

@@ -202,14 +202,16 @@ begin
puts green("[+]") + " Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..." puts green("[+]") + " Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..."
puts puts
options = {} options = {
options[:base_url] = wp_target.uri :base_url => wp_target.uri,
options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_plugins || false :only_vulnerable_ones => wpscan_options.enumerate_only_vulnerable_plugins || false,
options[:show_progress_bar] = true :show_progress_bar => true,
options[:wp_content_dir] = wp_target.wp_content_dir :wp_content_dir => wp_target.wp_content_dir,
options[:error_404_hash] = wp_target.error_404_hash :error_404_hash => wp_target.error_404_hash,
options[:wp_plugins_dir] = wp_target.wp_plugins_dir :wp_plugins_dir => wp_target.wp_plugins_dir,
options[:full] = wpscan_options.enumerate_all_plugins :full => wpscan_options.enumerate_all_plugins,
:exclude_content_based => wpscan_options.exclude_content_based
}
plugins = wp_target.plugins_from_aggressive_detection(options) plugins = wp_target.plugins_from_aggressive_detection(options)
unless plugins.empty? unless plugins.empty?
@@ -258,13 +260,15 @@ begin
puts green("[+]") + " Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..." puts green("[+]") + " Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..."
puts puts
options = {} options = {
options[:base_url] = wp_target.uri :base_url => wp_target.uri,
options[:only_vulnerable_ones] = wpscan_options.enumerate_only_vulnerable_themes || false :only_vulnerable_ones => wpscan_options.enumerate_only_vulnerable_themes || false,
options[:show_progress_bar] = true :show_progress_bar => true,
options[:wp_content_dir] = wp_target.wp_content_dir :wp_content_dir => wp_target.wp_content_dir,
options[:error_404_hash] = wp_target.error_404_hash :error_404_hash => wp_target.error_404_hash,
options[:full] = wpscan_options.enumerate_all_themes :full => wpscan_options.enumerate_all_themes,
:exclude_content_based => wpscan_options.exclude_content_based
}
themes = wp_target.themes_from_aggressive_detection(options) themes = wp_target.themes_from_aggressive_detection(options)
unless themes.empty? unless themes.empty?
@@ -305,11 +309,13 @@ begin
puts green("[+]") + " Enumerating timthumb files ..." puts green("[+]") + " Enumerating timthumb files ..."
puts puts
options = {} options = {
options[:base_url] = wp_target.uri :base_url => wp_target.uri,
options[:show_progress_bar] = true :show_progress_bar => true,
options[:wp_content_dir] = wp_target.wp_content_dir :wp_content_dir => wp_target.wp_content_dir,
options[:error_404_hash] = wp_target.error_404_hash :error_404_hash => wp_target.error_404_hash,
:exclude_content_based => wpscan_options.exclude_content_based
}
theme_name = wp_theme ? wp_theme.name : nil theme_name = wp_theme ? wp_theme.name : nil
if wp_target.has_timthumbs?(theme_name, options) if wp_target.has_timthumbs?(theme_name, options)
@@ -383,7 +389,7 @@ begin
puts puts
puts green("[+]") + " Starting the password brute forcer" puts green("[+]") + " Starting the password brute forcer"
puts puts
wp_target.brute_force(usernames, wpscan_options.wordlist) wp_target.brute_force(usernames, wpscan_options.wordlist)
else else
puts puts
puts "Brute forcing aborted" puts "Brute forcing aborted"