From b7552ac8aa9620624c7cadff461f8449100fcd7f Mon Sep 17 00:00:00 2001 From: erwanlr Date: Wed, 7 Oct 2015 18:50:37 +0100 Subject: [PATCH] Tried to throttle things --- lib/common/browser.rb | 31 +++++++++++------------- lib/common/browser/options.rb | 12 +++++++-- lib/wpscan/wp_target/wp_config_backup.rb | 2 +- lib/wpscan/wpscan_helper.rb | 7 ++++++ lib/wpscan/wpscan_options.rb | 7 +++--- 5 files changed, 36 insertions(+), 23 deletions(-) diff --git a/lib/common/browser.rb b/lib/common/browser.rb index 443b3c01..8992a102 100644 --- a/lib/common/browser.rb +++ b/lib/common/browser.rb @@ -17,7 +17,8 @@ class Browser :proxy_auth, :request_timeout, :connect_timeout, - :cookie + :cookie, + :throttle ] @@instance = nil @@ -70,12 +71,14 @@ class Browser # sets browser default values # def browser_defaults - @max_threads = 20 - # 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled - @cache_ttl = 600 + @max_threads = 20 + # 10 minutes, at this time the cache is cleaned before each scan. + # If this value is set to 0, the cache will be disabled + @cache_ttl = 600 @request_timeout = 60 # 60s @connect_timeout = 10 # 10s - @user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)" + @user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)" + @throttle = 0 end # @@ -86,7 +89,6 @@ class Browser # # @return [ void ] def load_config(config_file = nil) - if File.symlink?(config_file) raise '[ERROR] Config file is a symlink.' else @@ -99,7 +101,6 @@ class Browser self.send(:"#{option_name}=", data[option_name]) end end - end # @param [ String ] url @@ -121,11 +122,8 @@ class Browser ) if @proxy - params = params.merge(proxy: @proxy) - - if @proxy_auth - params = params.merge(proxyauth: @proxy_auth) - end + params.merge!(proxy: @proxy) + params.merge!(proxyauth: @proxy_auth) if @proxy_auth end if @basic_auth @@ -135,7 +133,7 @@ class Browser @basic_auth ) end - + if vhost params = Browser.append_params_header_field( params, @@ -143,16 +141,16 @@ class Browser vhost ) end - + params.merge!(referer: referer) params.merge!(timeout: @request_timeout) if @request_timeout params.merge!(connecttimeout: @connect_timeout) if @connect_timeout # Used to enable the cache system if :cache_ttl > 0 - params.merge!(cache_ttl: @cache_ttl) unless params.has_key?(:cache_ttl) + params.merge!(cache_ttl: @cache_ttl) unless params.key?(:cache_ttl) # Prevent infinite self redirection - params.merge!(maxredirs: 3) unless params.has_key?(:maxredirs) + params.merge!(maxredirs: 3) unless params.key?(:maxredirs) # Disable SSL-Certificate checks params.merge!(ssl_verifypeer: false) @@ -180,5 +178,4 @@ class Browser end params end - end diff --git a/lib/common/browser/options.rb b/lib/common/browser/options.rb index 1d7d8994..f1355735 100644 --- a/lib/common/browser/options.rb +++ b/lib/common/browser/options.rb @@ -4,7 +4,7 @@ class Browser module Options attr_accessor :cache_ttl, :request_timeout, :connect_timeout - attr_reader :basic_auth, :proxy, :proxy_auth + attr_reader :basic_auth, :proxy, :proxy_auth, :throttle attr_writer :user_agent # Sets the Basic Authentification credentials @@ -93,6 +93,15 @@ class Browser @connect_timeout = timeout.to_i end + # @param [ String, Integer ] throttle + def throttle=(throttle) + @throttle = throttle.to_i.abs / 1000.0 + end + + def throttle! + sleep @throttle if @throttle > 0 + end + protected def invalid_proxy_auth_format @@ -110,6 +119,5 @@ class Browser end end end - end end diff --git a/lib/wpscan/wp_target/wp_config_backup.rb b/lib/wpscan/wp_target/wp_config_backup.rb index 8f35705e..12c6b568 100644 --- a/lib/wpscan/wp_target/wp_config_backup.rb +++ b/lib/wpscan/wp_target/wp_config_backup.rb @@ -40,7 +40,7 @@ class WpTarget < WebSite # @return [ Array ] def self.config_backup_files %w{ - wp-config.php~ #wp-config.php# wp-config.php.save .wp-config.php.swp wp-config.php.swp wp-config.php.swo + wp-config.php~ #wp-config.php# wp-config.php.save .wp-config.php.swp wp-config.php.swp wp-config.php.swo wp-config.php_bak wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig wp-config.orig wp-config.php.original wp-config.original wp-config.txt } # thanks to Feross.org for these diff --git a/lib/wpscan/wpscan_helper.rb b/lib/wpscan/wpscan_helper.rb index 9968aa32..74c592f5 100644 --- a/lib/wpscan/wpscan_helper.rb +++ b/lib/wpscan/wpscan_helper.rb @@ -105,6 +105,7 @@ def help puts '--request-timeout Request Timeout.' puts '--connect-timeout Connect Timeout.' puts '--max-threads Maximum Threads.' + puts '--throttle Milliseconds to wait before doing another web request. If used, the --max-threads will have no effect and should be assumed to be 1.' puts '--help | -h This help screen.' puts '--verbose | -v Verbose output.' puts '--version Output the current version and exit.' @@ -118,8 +119,14 @@ down = 0 @total_requests_done = 0 Typhoeus.on_complete do |response| + next if response.cached? + down += 1 if response.code == 0 @total_requests_done += 1 fail 'The target seems to be down' if down >= 30 + + next unless Browser.instance.throttle > 0 + + sleep(Browser.instance.throttle) end diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb index 7a354df5..269538c6 100644 --- a/lib/wpscan/wpscan_options.rb +++ b/lib/wpscan/wpscan_options.rb @@ -1,7 +1,6 @@ # encoding: UTF-8 class WpscanOptions - ACCESSOR_OPTIONS = [ :batch, :enumerate_plugins, @@ -43,7 +42,8 @@ class WpscanOptions :request_timeout, :connect_timeout, :max_threads, - :no_banner + :no_banner, + :throttle ] attr_accessor *ACCESSOR_OPTIONS @@ -281,7 +281,8 @@ class WpscanOptions ['--no-color', GetoptLong::NO_ARGUMENT], ['--cookie', GetoptLong::REQUIRED_ARGUMENT], ['--log', GetoptLong::NO_ARGUMENT], - ['--no-banner', GetoptLong::NO_ARGUMENT] + ['--no-banner', GetoptLong::NO_ARGUMENT], + ['--throttle', GetoptLong::REQUIRED_ARGUMENT] ) end