diff --git a/lib/wpscan/wpscan_helper.rb b/lib/wpscan/wpscan_helper.rb index 6daeec1e..d95557f0 100644 --- a/lib/wpscan/wpscan_helper.rb +++ b/lib/wpscan/wpscan_helper.rb @@ -23,10 +23,12 @@ require_files_from_directory(WPSCAN_LIB_DIR, "**/*.rb") # wpscan usage def usage() script_name = $0 - puts "--help or -h for further help." puts puts "Examples :" puts + puts "-Further help ..." + puts "ruby #{script_name} --help" + puts puts "-Do 'non-intrusive' checks ..." puts "ruby #{script_name} --url www.example.com" puts @@ -40,18 +42,18 @@ def usage() puts "ruby #{script_name} --url www.example.com --enumerate p" puts puts "-Enumerate installed themes ..." - puts "ruby #{script_name} --url www.example.com --enumerate T" + puts "ruby #{script_name} --url www.example.com --enumerate t" puts puts "-Enumerate users ..." puts "ruby #{script_name} --url www.example.com --enumerate u" puts puts "-Enumerate installed timthumbs ..." - puts "ruby #{script_name} --url www.example.com --enumerate t" + puts "ruby #{script_name} --url www.example.com --enumerate tt" puts puts "-Use a HTTP proxy ..." puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118" puts - puts "-Use a SOCKS5 proxy ..." + puts "-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)" puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000" puts puts "-Use custom content directory ..." @@ -82,12 +84,12 @@ def help() puts " u usernames from id 1 to 10" puts " u[10-20] usernames from id 10 to 20 (you must write [] chars)" puts " p plugins" - puts " p! only vulnerable plugins" - puts " t timthumbs" - puts " T themes" - puts " T! only vulnerable themes" - puts " Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins" - puts " If no option is supplied, the default is 'tup!'" + puts " vp only vulnerable plugins" + puts " tt timthumbs" + puts " t themes" + puts " vt only vulnerable themes" + puts " Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins" + puts " If no option is supplied, the default is 'vt,tt,u,vp'" puts puts "--config-file | -c Use the specified config file" puts "--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not" diff --git a/lib/wpscan/wpscan_options.rb b/lib/wpscan/wpscan_options.rb index 80f3eaf7..4b0c9fba 100644 --- a/lib/wpscan/wpscan_options.rb +++ b/lib/wpscan/wpscan_options.rb @@ -151,7 +151,7 @@ class WpscanOptions ) elsif cli_option === "--enumerate" # Special cases # Default value if no argument is given - cli_value = "T!tup!" if cli_value.length == 0 + cli_value = "vt,tt,u,vp" if cli_value.length == 0 enumerate_options_from_string(cli_value) else @@ -160,25 +160,28 @@ class WpscanOptions end # Will set enumerate_* from the string value - # IE : if value = p! => :enumerate_only_vulnerable_plugins will be set to true - # multiple enumeration are possible : 'up' => :enumerate_usernames and :enumerate_plugins + # IE : if value = vp => :enumerate_only_vulnerable_plugins will be set to true + # multiple enumeration are possible : 'u,p' => :enumerate_usernames and :enumerate_plugins # Special case for usernames, a range is possible : u[1-10] will enumerate usernames from 1 to 10 def enumerate_options_from_string(value) # Usage of self is mandatory because there are overridden setters - self.enumerate_only_vulnerable_plugins = true if value =~ /p!/ - self.enumerate_plugins = true if value =~ /p(?!!)/ + value = value.split(',').map{ |c| c.downcase } - @enumerate_timthumbs = true if value =~ /t/ + self.enumerate_only_vulnerable_plugins = true if value.include?('vp') - self.enumerate_only_vulnerable_themes = true if value =~ /T!/ + self.enumerate_plugins = true if value.include?('p') - self.enumerate_themes = true if value =~ /T(?!!)/ + @enumerate_timthumbs = true if value.include?('tt') - if value =~ /u/ + self.enumerate_only_vulnerable_themes = true if value.include?('vt') + + self.enumerate_themes = true if value.include?('t') + + value.grep(/^u/) do |username_enum_value| @enumerate_usernames = true # Check for usernames range - matches = %r{\[([\d]+)-([\d]+)\]}.match(value) + matches = %r{\[([\d]+)-([\d]+)\]}.match(username_enum_value) if matches @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i) end diff --git a/spec/lib/wpscan/wpscan_options_spec.rb b/spec/lib/wpscan/wpscan_options_spec.rb index fb004108..ea896230 100644 --- a/spec/lib/wpscan/wpscan_options_spec.rb +++ b/spec/lib/wpscan/wpscan_options_spec.rb @@ -247,7 +247,7 @@ describe "WpscanOptions" do end it "should raise an error if p and p! are " do - expect { @wpscan_options.enumerate_options_from_string("pp!") }.to raise_error + expect { @wpscan_options.enumerate_options_from_string("p,vp") }.to raise_error end it "should set enumerate_plugins to true" do @@ -256,12 +256,12 @@ describe "WpscanOptions" do end it "should set enumerate_only_vulnerable_plugins to tue" do - @argument = "p!" + @argument = "vp" @expected_hash = {:enumerate_only_vulnerable_plugins => true} end it "should set enumerate_timthumbs to true" do - @argument = 't' + @argument = 'tt' @expected_hash = {:enumerate_timthumbs => true} end @@ -277,7 +277,7 @@ describe "WpscanOptions" do # Let's try some multiple choices it "should set enumerate_timthumbs to true, enumerate_usernames to true, enumerate_usernames_range to (1..2)" do - @argument = "u[1-2]t" + @argument = "u[1-2],tt" @expected_hash = { :enumerate_usernames => true, :enumerate_usernames_range => (1..2), :enumerate_timthumbs => true @@ -347,7 +347,7 @@ describe "WpscanOptions" do end it "should return {:url => 'example.com', :enumerate_plugins => true, :enumerate_timthumbs => true}" do - @argv = "-u example.com -e pt" + @argv = "-u example.com -e p,tt" @expected_hash = {:url => 'http://example.com', :enumerate_plugins => true, :enumerate_timthumbs => true} end end