garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix #796

Browse Source
This commit is contained in:
Christian Mehlmauer
2015-05-12 21:28:12 +02:00
parent b5d5c4177d
commit b931df654d
7 changed files with 75 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/common/common_helper.rb
View File

@@ -116,19 +116,21 @@ def blue(text)
end
def critical(text)
red(text)
$exit_code += 1
"#{red('[!]')} #{text}"
end
def warning(text)
amber(text)
$exit_code += 1
"#{amber('[!]')} #{text}"
end
def info(text)
green(text)
"#{green('[+]')} #{text}"
end
def notice(text)
blue(text)
"#{blue('[i]')} #{text}"
end
# our 1337 banner

4
lib/common/models/vulnerability/output.rb
View File

@@ -6,7 +6,7 @@ class Vulnerability
# output the vulnerability
def output(verbose = false)
puts
puts "#{critical('[!]')} Title: #{title}"
puts critical("Title: #{title}")
references.each do |key, urls|
methodname = "url_#{key}"
urls.each do |u|
@@ -15,7 +15,7 @@ class Vulnerability
end
end
if !fixed_in.nil?
puts "#{notice('[i]')} Fixed in: #{fixed_in}"
puts notice("Fixed in: #{fixed_in}")
end
end
end

8
lib/common/models/wp_item/output.rb
View File

@@ -6,19 +6,19 @@ class WpItem
# @return [ Void ]
def output(verbose = false)
puts
puts "#{info('[+]')} Name: #{self}" #this will also output the version number if detected
puts info("Name: #{self}") #this will also output the version number if detected
puts " | Location: #{url}"
#puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
puts " | Readme: #{readme_url}" if has_readme?
puts " | Changelog: #{changelog_url}" if has_changelog?
puts "#{warning('[!]')} Directory listing is enabled: #{url}" if has_directory_listing?
puts "#{warning('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log?
puts warning("Directory listing is enabled: #{url}") if has_directory_listing?
puts warning("An error_log file has been found: #{error_log_url}") if has_error_log?
additional_output(verbose) if respond_to?(:additional_output)
if version.nil? && vulnerabilities.length > 0
puts
puts "#{warning('[+]')} We could not determine a version so all vulnerabilities are printed out"
puts warning('We could not determine a version so all vulnerabilities are printed out')
end
vulnerabilities.output

2
lib/common/models/wp_timthumb/output.rb
View File

@@ -5,7 +5,7 @@ class WpTimthumb < WpItem
def output(verbose = false)
puts
puts "#{info('[+]')} #{self}" #this will also output the version number if detected
puts info("#{self}") #this will also output the version number if detected
vulnerabilities.output
end

8
lib/common/models/wp_user/brute_forcable.rb
View File

@@ -109,13 +109,13 @@ class WpUser < WpItem
elsif response.body =~ /login_error/i
verbose = "\n Incorrect login and/or password."
elsif response.timed_out?
progression = "#{critical('ERROR:')} Request timed out."
progression = critical('ERROR: Request timed out.')
elsif response.code == 0
progression = "#{critical('ERROR:')} No response from remote server. WAF/IPS? (#{response.return_message})"
progression = critical("ERROR: No response from remote server. WAF/IPS? (#{response.return_message})")
elsif response.code.to_s =~ /^50/
progression = "#{critical('ERROR:')} Server error, try reducing the number of threads."
progression = critical('ERROR: Server error, try reducing the number of threads.')
else
progression = "#{critical('ERROR:')} We received an unknown response for #{password}..."
progression = critical("ERROR: We received an unknown response for #{password}...")
verbose = critical(" Code: #{response.code}\n Body: #{response.body}\n")
end

6
lib/common/models/wp_version/output.rb
View File

@@ -5,15 +5,15 @@ class WpVersion < WpItem
def output(verbose = false)
puts
puts "#{info('[+]')} WordPress version #{self.number} identified from #{self.found_from}"
puts info("WordPress version #{self.number} identified from #{self.found_from}")
vulnerabilities = self.vulnerabilities
unless vulnerabilities.empty?
if vulnerabilities.size == 1
puts "#{critical('[!]')} #{vulnerabilities.size} vulnerability identified from the version number"
puts critical("#{vulnerabilities.size} vulnerability identified from the version number")
else
puts "#{critical('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number"
puts critical("#{vulnerabilities.size} vulnerabilities identified from the version number")
end
vulnerabilities.output
end