verbose output

2013-12-08 00:52:07 +01:00
parent 1e1fdee5a7
commit c107422353
9 changed files with 29 additions and 20 deletions
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -177,3 +177,10 @@ end
 def count_file_lines(file)
  `wc -l #{file.shellescape}`.split[0].to_i
 end
+
+# Truncates a string to a specific length and adds ... at the end
+def truncate(input, size, trailing = '...')
+  padded_length = size - trailing.length - 2 # ... + space + index 0
+  return input if input.nil? or size <= trailing.length or size <= 0 or input.length <= size
+  return "#{input[0...padded_length]}#{trailing}"
+end
--- a/lib/common/models/vulnerability/output.rb
+++ b/lib/common/models/vulnerability/output.rb
@@ -4,7 +4,7 @@ class Vulnerability
  module Output

    # output the vulnerability
-    def output
+    def output(verbose = false)
      puts ' |'
      puts ' | ' + red("* Title: #{title}")
      references.each do |key, urls|
--- a/lib/common/models/wp_item/output.rb
+++ b/lib/common/models/wp_item/output.rb
@@ -4,7 +4,7 @@ class WpItem
  module Output

    # @return [ Void ]
-    def output
+    def output(verbose = false)
      puts
      puts " | Name: #{self}" #this will also output the version number if detected
      puts " | Location: #{url}"
@@ -14,7 +14,7 @@ class WpItem
      puts " | Changelog: #{changelog_url}" if has_changelog?

 			if respond_to?(:additional_output)
-				additional_output
+				additional_output(verbose)
 			end

      vulnerabilities.output
--- a/lib/common/models/wp_theme/output.rb
+++ b/lib/common/models/wp_theme/output.rb
@@ -4,17 +4,19 @@ class WpTheme
  module Output

    # @return [ Void ]
-    def additional_output
+    def additional_output(verbose = false)
      puts " | Style URL: #{style_url}"
      puts " | Theme Name: #@theme_name" if @theme_name
      puts " | Theme URI: #@theme_uri" if @theme_uri
-      puts " | Description: #@theme_description" if @theme_description
+      theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
+      puts " | Description: #{theme_desc}"
      puts " | Author: #@theme_author" if @theme_author
      puts " | Author URI: #@theme_author_uri" if @theme_author_uri
-      puts " | Template: #@theme_template" if @theme_template
-      puts " | License: #@theme_license" if @theme_license_uri
-      puts " | Tags: #@theme_tags" if @theme_tags
-      puts " | Text Domain: #@theme_text_domain" if @theme_text_domain
+      puts " | Template: #@theme_template" if @theme_template and verbose
+      puts " | License: #@theme_license" if @theme_license and verbose
+      puts " | License URI: #@theme_license_uri" if @theme_license_uri and verbose
+      puts " | Tags: #@theme_tags" if @theme_tags and verbose
+      puts " | Text Domain: #@theme_text_domain" if @theme_text_domain and verbose
    end

  end
--- a/lib/common/models/wp_timthumb/output.rb
+++ b/lib/common/models/wp_timthumb/output.rb
@@ -3,7 +3,7 @@
 class WpTimthumb < WpItem
  module Output

-    def output
+    def output(verbose = false)
      puts ' | ' + red('[!]') + " #{self}"
    end

--- a/lib/common/models/wp_version/output.rb
+++ b/lib/common/models/wp_version/output.rb
@@ -3,7 +3,7 @@
 class WpVersion < WpItem
  module Output

-    def output
+    def output(verbose = false)
      puts green('[+]') + " WordPress version #{self.number} identified from #{self.found_from}"

      vulnerabilities = self.vulnerabilities
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -186,21 +186,21 @@ def main
    }

    if wp_version = wp_target.version(WP_VERSIONS_FILE)
-      wp_version.output
+      wp_version.output(wpscan_options.verbose)
    end

    if wp_theme = wp_target.theme
      puts
      # Theme version is handled in #to_s
      puts green('[+]') + " WordPress theme in use: #{wp_theme}"
-      wp_theme.output
+      wp_theme.output(wpscan_options.verbose)

      # Check for parent Themes
      while wp_theme.is_child_theme?
        parent = wp_theme.get_parent_theme
        puts
        puts green('[+]') + " Detected parent theme: #{parent}"
-        parent.output
+        parent.output(wpscan_options.verbose)
        wp_theme = parent
      end

@@ -214,7 +214,7 @@ def main
      if !wp_plugins.empty?
        puts " |  #{wp_plugins.size} plugins found:"

-        wp_plugins.output
+        wp_plugins.output(wpscan_options.verbose)
      else
        puts 'No plugins found'
      end
@@ -236,7 +236,7 @@ def main
      if !wp_plugins.empty?
        puts green('[+]') + " We found #{wp_plugins.size} plugins:"

-        wp_plugins.output
+        wp_plugins.output(wpscan_options.verbose)
      else
        puts 'No plugins found'
      end
@@ -258,7 +258,7 @@ def main
      if !wp_themes.empty?
        puts green('[+]') + " We found #{wp_themes.size} themes:"

-        wp_themes.output
+        wp_themes.output(wpscan_options.verbose)
      else
        puts 'No themes found'
      end
@@ -280,7 +280,7 @@ def main
        puts green('[+]') + " We found #{wp_timthumbs.size} timthumb file/s:"
        puts

-        wp_timthumbs.output
+        wp_timthumbs.output(wpscan_options.verbose)

        puts
        puts red(' * Reference: http://www.exploit-db.com/exploits/17602/')