diff --git a/lib/wpscan/wp_enumerator.rb b/lib/wpscan/wp_enumerator.rb index fd02289e..996d2dfd 100644 --- a/lib/wpscan/wp_enumerator.rb +++ b/lib/wpscan/wp_enumerator.rb @@ -29,7 +29,7 @@ class WpEnumerator # * * +:path+ - Path to plugin # * +type+ - "plugins" or "themes", item to enumerate # * +filename+ - filename in the data directory with paths - # * +show_progress_bar+ - Show a progress bar during enumeration + # * +show_progression+ - Show a progress bar during enumeration def self.enumerate(options = {}, items = nil) WpOptions.check_options(options) @@ -42,13 +42,14 @@ class WpEnumerator end end - found = [] - queue_count = 0 - request_count = 0 - enum_browser = Browser.instance - enum_hydra = enum_browser.hydra - enumerate_size = targets.size - exclude_regexp = options[:exclude_content_based] ? %r{#{options[:exclude_content_based]}} : nil + found = [] + queue_count = 0 + request_count = 0 + enum_browser = Browser.instance + enum_hydra = enum_browser.hydra + enumerate_size = targets.size + exclude_regexp = options[:exclude_content_based] ? %r{#{options[:exclude_content_based]}} : nil + show_progression = options[:show_progression] || false targets.each do |target| url = target.get_full_url @@ -59,7 +60,7 @@ class WpEnumerator request.on_complete do |response| page_hash = Digest::MD5.hexdigest(response.body) - print "\rChecking for #{enumerate_size} total #{options[:type]}... #{(request_count * 100) / enumerate_size}% complete." if options[:show_progress_bar] + print "\rChecking for #{enumerate_size} total #{options[:type]}... #{(request_count * 100) / enumerate_size}% complete." if show_progression if WpTarget.valid_response_codes.include?(response.code) if page_hash != options[:error_404_hash] and page_hash != options[:homepage_hash] diff --git a/lib/wpscan/wp_options.rb b/lib/wpscan/wp_options.rb index c68320ff..281ffeed 100644 --- a/lib/wpscan/wp_options.rb +++ b/lib/wpscan/wp_options.rb @@ -27,7 +27,7 @@ # * +vulns_xpath+ - XPath for vulnerability XML file # * +vulns_xpath_2+ - XPath for vulnerability XML file # * +wp_content_dir+ - Name of the wp-content directory -# * +show_progress_bar+ - Show a progress bar during enumeration +# * +show_progression+ - Show a progress bar during enumeration # * +error_404_hash+ - MD5 hash of a 404 page # * +type+ - Type: plugins, themes class WpOptions @@ -39,7 +39,7 @@ class WpOptions raise("vulns_xpath must be set") unless options[:vulns_xpath] != nil and options[:vulns_xpath].length > 0 raise("vulns_xpath_2 must be set") unless options[:vulns_xpath_2] != nil and options[:vulns_xpath_2].length > 0 raise("wp_content_dir must be set") unless options[:wp_content_dir] != nil and options[:wp_content_dir].length > 0 - raise("show_progress_bar must be set") unless options[:show_progress_bar] != nil + raise("show_progression must be set") unless options[:show_progression] != nil raise("error_404_hash must be set") unless options[:error_404_hash] != nil and options[:error_404_hash].length > 0 raise("type must be set") unless options[:type] != nil and options[:type].length > 0 diff --git a/spec/lib/wpscan/modules/wp_plugins_spec.rb b/spec/lib/wpscan/modules/wp_plugins_spec.rb index 2a1003e6..77e03c77 100644 --- a/spec/lib/wpscan/modules/wp_plugins_spec.rb +++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb @@ -35,7 +35,7 @@ shared_examples_for "WpPlugins" do @options = { :base_url => @wp_url, :only_vulnerable_ones => false, - :show_progress_bar => false, + :show_progression => false, :error_404_hash => @module.error_404_hash, :homepage_hash => @module.homepage_hash, :vulns_file => @plugin_vulns_file, diff --git a/spec/lib/wpscan/modules/wp_themes_spec.rb b/spec/lib/wpscan/modules/wp_themes_spec.rb index 79072983..0a36d911 100644 --- a/spec/lib/wpscan/modules/wp_themes_spec.rb +++ b/spec/lib/wpscan/modules/wp_themes_spec.rb @@ -31,15 +31,16 @@ shared_examples_for "WpThemes" do @module.error_404_hash = Digest::MD5.hexdigest("Error 404!") @module.extend(WpThemes) - @options = {:base_url => @wp_url, - :only_vulnerable_ones => false, - :show_progress_bar => false, - :error_404_hash => Digest::MD5.hexdigest("Error 404!"), - :vulns_file => @theme_vulns_file, - :file => @themes_file, - :type => "themes", - :wp_content_dir => "wp-content", - :vulns_xpath_2 => "//theme" + @options = { + :base_url => @wp_url, + :only_vulnerable_ones => false, + :show_progression => false, + :error_404_hash => Digest::MD5.hexdigest("Error 404!"), + :vulns_file => @theme_vulns_file, + :file => @themes_file, + :type => "themes", + :wp_content_dir => "wp-content", + :vulns_xpath_2 => "//theme" } File.exist?(@theme_vulns_file).should == true File.exist?(@themes_file).should == true diff --git a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb index 8c8a849e..56a952a8 100644 --- a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb +++ b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb @@ -19,35 +19,34 @@ shared_examples_for "WpTimthumbs" do before :each do - @options = {} - @url = "http://example.localhost/" - @theme_name = "bueno" - @options[:base_url] = @url - @options[:wp_content_dir] = "wp-content" - @options[:name] = @theme_name - @options[:error_404_hash] = "xx" - @options[:show_progress_bar] = false + @options = {} + @url = "http://example.localhost/" + @theme_name = "bueno" + @options[:base_url] = @url + @options[:wp_content_dir] = "wp-content" + @options[:name] = @theme_name + @options[:error_404_hash] = "xx" + @options[:show_progression] = false @options[:only_vulnerable_ones] = false - @options[:vulns_file] = "xx" - @options[:type] = "timthumbs" - @module = WpScanModuleSpec.new(@url) - @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/wp_timthumbs" - @timthumbs_file = @fixtures_dir + "/timthumbs.txt" - @targets_from_file = - %w{ + @options[:vulns_file] = "xx" + @options[:type] = "timthumbs" + @module = WpScanModuleSpec.new(@url) + @fixtures_dir = SPEC_FIXTURES_WPSCAN_MODULES_DIR + "/wp_timthumbs" + @timthumbs_file = @fixtures_dir + "/timthumbs.txt" + @targets_from_file = %w{ http://example.localhost/wp-content/plugins/fotoslide/timthumb.php http://example.localhost/wp-content/plugins/feature-slideshow/timthumb.php } @targets_from_theme = - [ - "http://example.localhost/wp-content/themes/" + @theme_name + "/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/lib/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/inc/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/includes/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/scripts/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/tools/timthumb.php", - "http://example.localhost/wp-content/themes/" + @theme_name + "/functions/timthumb.php" - ] + [ + "http://example.localhost/wp-content/themes/" + @theme_name + "/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/lib/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/inc/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/includes/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/scripts/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/tools/timthumb.php", + "http://example.localhost/wp-content/themes/" + @theme_name + "/functions/timthumb.php" + ] @module.extend(WpTimthumbs) end diff --git a/spec/lib/wpscan/wp_options_spec.rb b/spec/lib/wpscan/wp_options_spec.rb index 0e5a18b9..17df6626 100644 --- a/spec/lib/wpscan/wp_options_spec.rb +++ b/spec/lib/wpscan/wp_options_spec.rb @@ -21,17 +21,17 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper') describe WpOptions do describe "#check_options" do before :each do - @options = {} - @options[:base_url] = "url" + @options = {} + @options[:base_url] = "url" @options[:only_vulnerable_ones] = false - @options[:file] = "file" - @options[:vulns_file] = "vulns_file" - @options[:vulns_xpath] = "vulns_xpath" - @options[:vulns_xpath_2] = "vulns_xpath_2" - @options[:wp_content_dir] = "wp_content_dir" - @options[:show_progress_bar] = true - @options[:error_404_hash] = "error_404_hash" - @options[:type] = "type" + @options[:file] = "file" + @options[:vulns_file] = "vulns_file" + @options[:vulns_xpath] = "vulns_xpath" + @options[:vulns_xpath_2] = "vulns_xpath_2" + @options[:wp_content_dir] = "wp_content_dir" + @options[:show_progression] = true + @options[:error_404_hash] = "error_404_hash" + @options[:type] = "type" @message = "" end @@ -105,9 +105,9 @@ describe WpOptions do @message = "wp_content_dir must be set" end - it "should raise an exception (show_progress_bar nil)" do - @options[:show_progress_bar] = nil - @message = "show_progress_bar must be set" + it "should raise an exception (show_progression nil)" do + @options[:show_progression] = nil + @message = "show_progression must be set" end it "should raise an exception (error_404_hash empty)" do @@ -135,4 +135,4 @@ describe WpOptions do @message = "Unknown type unknown" end end -end \ No newline at end of file +end diff --git a/wpscan.rb b/wpscan.rb index 24432ef7..5a8a7f3a 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -213,7 +213,7 @@ begin options = { :base_url => wp_target.uri, :only_vulnerable_ones => wpscan_options.enumerate_only_vulnerable_plugins || false, - :show_progress_bar => true, + :show_progression => true, :wp_content_dir => wp_target.wp_content_dir, :error_404_hash => wp_target.error_404_hash, :homepage_hash => wp_target.homepage_hash, @@ -272,7 +272,7 @@ begin options = { :base_url => wp_target.uri, :only_vulnerable_ones => wpscan_options.enumerate_only_vulnerable_themes || false, - :show_progress_bar => true, + :show_progression => true, :wp_content_dir => wp_target.wp_content_dir, :error_404_hash => wp_target.error_404_hash, :homepage_hash => wp_target.homepage_hash, @@ -321,7 +321,7 @@ begin options = { :base_url => wp_target.uri, - :show_progress_bar => true, + :show_progression => true, :wp_content_dir => wp_target.wp_content_dir, :error_404_hash => wp_target.error_404_hash, :homepage_hash => wp_target.homepage_hash,