garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Tried to throttle things

Browse Source
This commit is contained in:
erwanlr
2015-10-07 18:50:37 +01:00
parent a76c94cccf
commit b7552ac8aa
5 changed files with 36 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/common/browser.rb
View File

@@ -17,7 +17,8 @@ class Browser
:proxy_auth, :proxy_auth,
:request_timeout, :request_timeout,
:connect_timeout, :connect_timeout,
:cookie :cookie,
:throttle
] ]
@@instance = nil @@instance = nil
@@ -71,11 +72,13 @@ class Browser
# #
def browser_defaults def browser_defaults
@max_threads = 20 @max_threads = 20
# 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled # 10 minutes, at this time the cache is cleaned before each scan.
# If this value is set to 0, the cache will be disabled
@cache_ttl = 600 @cache_ttl = 600
@request_timeout = 60 # 60s @request_timeout = 60 # 60s
@connect_timeout = 10 # 10s @connect_timeout = 10 # 10s
@user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)" @user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
@throttle = 0
end end
# #
@@ -86,7 +89,6 @@ class Browser
# #
# @return [ void ] # @return [ void ]
def load_config(config_file = nil) def load_config(config_file = nil)
if File.symlink?(config_file) if File.symlink?(config_file)
raise '[ERROR] Config file is a symlink.' raise '[ERROR] Config file is a symlink.'
else else
@@ -99,7 +101,6 @@ class Browser
self.send(:"#{option_name}=", data[option_name]) self.send(:"#{option_name}=", data[option_name])
end end
end end
end end
# @param [ String ] url # @param [ String ] url
@@ -121,11 +122,8 @@ class Browser
) )
if @proxy if @proxy
params = params.merge(proxy: @proxy) params.merge!(proxy: @proxy)
params.merge!(proxyauth: @proxy_auth) if @proxy_auth
if @proxy_auth
params = params.merge(proxyauth: @proxy_auth)
end
end end
if @basic_auth if @basic_auth
@@ -149,10 +147,10 @@ class Browser
params.merge!(connecttimeout: @connect_timeout) if @connect_timeout params.merge!(connecttimeout: @connect_timeout) if @connect_timeout
# Used to enable the cache system if :cache_ttl > 0 # Used to enable the cache system if :cache_ttl > 0
params.merge!(cache_ttl: @cache_ttl) unless params.has_key?(:cache_ttl) params.merge!(cache_ttl: @cache_ttl) unless params.key?(:cache_ttl)
# Prevent infinite self redirection # Prevent infinite self redirection
params.merge!(maxredirs: 3) unless params.has_key?(:maxredirs) params.merge!(maxredirs: 3) unless params.key?(:maxredirs)
# Disable SSL-Certificate checks # Disable SSL-Certificate checks
params.merge!(ssl_verifypeer: false) params.merge!(ssl_verifypeer: false)
@@ -180,5 +178,4 @@ class Browser
end end
params params
end end
end end

12
lib/common/browser/options.rb
View File

@@ -4,7 +4,7 @@ class Browser
module Options module Options
attr_accessor :cache_ttl, :request_timeout, :connect_timeout attr_accessor :cache_ttl, :request_timeout, :connect_timeout
attr_reader :basic_auth, :proxy, :proxy_auth attr_reader :basic_auth, :proxy, :proxy_auth, :throttle
attr_writer :user_agent attr_writer :user_agent
# Sets the Basic Authentification credentials # Sets the Basic Authentification credentials
@@ -93,6 +93,15 @@ class Browser
@connect_timeout = timeout.to_i @connect_timeout = timeout.to_i
end end
# @param [ String, Integer ] throttle
def throttle=(throttle)
@throttle = throttle.to_i.abs / 1000.0
end
def throttle!
sleep @throttle if @throttle > 0
end
protected protected
def invalid_proxy_auth_format def invalid_proxy_auth_format
@@ -110,6 +119,5 @@ class Browser
end end
end end
end end
end end
end end

7
lib/wpscan/wpscan_helper.rb
View File

@@ -105,6 +105,7 @@ def help
puts '--request-timeout <request-timeout> Request Timeout.' puts '--request-timeout <request-timeout> Request Timeout.'
puts '--connect-timeout <connect-timeout> Connect Timeout.' puts '--connect-timeout <connect-timeout> Connect Timeout.'
puts '--max-threads <max-threads> Maximum Threads.' puts '--max-threads <max-threads> Maximum Threads.'
puts '--throttle <milliseconds> Milliseconds to wait before doing another web request. If used, the --max-threads will have no effect and should be assumed to be 1.'
puts '--help | -h This help screen.' puts '--help | -h This help screen.'
puts '--verbose | -v Verbose output.' puts '--verbose | -v Verbose output.'
puts '--version Output the current version and exit.' puts '--version Output the current version and exit.'
@@ -118,8 +119,14 @@ down = 0
@total_requests_done = 0 @total_requests_done = 0
Typhoeus.on_complete do |response| Typhoeus.on_complete do |response|
next if response.cached?
down += 1 if response.code == 0 down += 1 if response.code == 0
@total_requests_done += 1 @total_requests_done += 1
fail 'The target seems to be down' if down >= 30 fail 'The target seems to be down' if down >= 30
next unless Browser.instance.throttle > 0
sleep(Browser.instance.throttle)
end end

7
lib/wpscan/wpscan_options.rb
View File

@@ -1,7 +1,6 @@
# encoding: UTF-8 # encoding: UTF-8
class WpscanOptions class WpscanOptions
ACCESSOR_OPTIONS = [ ACCESSOR_OPTIONS = [
:batch, :batch,
:enumerate_plugins, :enumerate_plugins,
@@ -43,7 +42,8 @@ class WpscanOptions
:request_timeout, :request_timeout,
:connect_timeout, :connect_timeout,
:max_threads, :max_threads,
:no_banner :no_banner,
:throttle
] ]
attr_accessor *ACCESSOR_OPTIONS attr_accessor *ACCESSOR_OPTIONS
@@ -281,7 +281,8 @@ class WpscanOptions
['--no-color', GetoptLong::NO_ARGUMENT], ['--no-color', GetoptLong::NO_ARGUMENT],
['--cookie', GetoptLong::REQUIRED_ARGUMENT], ['--cookie', GetoptLong::REQUIRED_ARGUMENT],
['--log', GetoptLong::NO_ARGUMENT], ['--log', GetoptLong::NO_ARGUMENT],
['--no-banner', GetoptLong::NO_ARGUMENT] ['--no-banner', GetoptLong::NO_ARGUMENT],
['--throttle', GetoptLong::REQUIRED_ARGUMENT]
) )
end end