Tried to throttle things

2015-10-07 18:50:37 +01:00
parent a76c94cccf
commit b7552ac8aa
5 changed files with 36 additions and 23 deletions
--- a/lib/wpscan/wp_target/wp_config_backup.rb
+++ b/lib/wpscan/wp_target/wp_config_backup.rb
@@ -40,7 +40,7 @@ class WpTarget < WebSite
    # @return [ Array ]
    def self.config_backup_files
      %w{
-        wp-config.php~ #wp-config.php# wp-config.php.save .wp-config.php.swp wp-config.php.swp wp-config.php.swo 
+        wp-config.php~ #wp-config.php# wp-config.php.save .wp-config.php.swp wp-config.php.swp wp-config.php.swo
        wp-config.php_bak wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old
        wp-config.php.orig wp-config.orig wp-config.php.original wp-config.original wp-config.txt
      } # thanks to Feross.org for these
--- a/lib/wpscan/wpscan_helper.rb
+++ b/lib/wpscan/wpscan_helper.rb
@@ -105,6 +105,7 @@ def help
  puts '--request-timeout <request-timeout> Request Timeout.'
  puts '--connect-timeout <connect-timeout> Connect Timeout.'
  puts '--max-threads     <max-threads>     Maximum Threads.'
+  puts '--throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --max-threads will have no effect and should be assumed to be 1.'
  puts '--help     | -h                     This help screen.'
  puts '--verbose  | -v                     Verbose output.'
  puts '--version                           Output the current version and exit.'
@@ -118,8 +119,14 @@ down                 = 0
@total_requests_done = 0

 Typhoeus.on_complete do |response|
+  next if response.cached?
+
  down += 1 if response.code == 0
  @total_requests_done += 1

  fail 'The target seems to be down' if down >= 30
+
+  next unless Browser.instance.throttle > 0
+
+  sleep(Browser.instance.throttle)
 end
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -1,7 +1,6 @@
 # encoding: UTF-8

 class WpscanOptions
-
  ACCESSOR_OPTIONS = [
    :batch,
    :enumerate_plugins,
@@ -43,7 +42,8 @@ class WpscanOptions
    :request_timeout,
    :connect_timeout,
    :max_threads,
-    :no_banner
+    :no_banner,
+    :throttle
  ]

  attr_accessor *ACCESSOR_OPTIONS
@@ -281,7 +281,8 @@ class WpscanOptions
      ['--no-color', GetoptLong::NO_ARGUMENT],
      ['--cookie', GetoptLong::REQUIRED_ARGUMENT],
      ['--log', GetoptLong::NO_ARGUMENT],
-      ['--no-banner', GetoptLong::NO_ARGUMENT]
+      ['--no-banner', GetoptLong::NO_ARGUMENT],
+      ['--throttle', GetoptLong::REQUIRED_ARGUMENT]
    )
  end