Changed enumeration options. See Issue #58. Now shows examples in help. See Issue #62

2012-11-14 20:13:02 +01:00
parent 4b2acde84a
commit c128bd5b1a
3 changed files with 30 additions and 25 deletions
--- a/lib/wpscan/wpscan_helper.rb
+++ b/lib/wpscan/wpscan_helper.rb
@@ -23,10 +23,12 @@ require_files_from_directory(WPSCAN_LIB_DIR, "**/*.rb")
 # wpscan usage
 def usage()
  script_name = $0
-  puts "--help or -h for further help."
  puts
  puts "Examples :"
  puts
+  puts "-Further help ..."
+  puts "ruby #{script_name} --help"
+  puts
  puts "-Do 'non-intrusive' checks ..."
  puts "ruby #{script_name} --url www.example.com"
  puts
@@ -40,18 +42,18 @@ def usage()
  puts "ruby #{script_name} --url www.example.com --enumerate p"
  puts
  puts "-Enumerate installed themes ..."
-  puts "ruby #{script_name} --url www.example.com --enumerate T"
+  puts "ruby #{script_name} --url www.example.com --enumerate t"
  puts
  puts "-Enumerate users ..."
  puts "ruby #{script_name} --url www.example.com --enumerate u"
  puts
  puts "-Enumerate installed timthumbs ..."
-  puts "ruby #{script_name} --url www.example.com --enumerate t"
+  puts "ruby #{script_name} --url www.example.com --enumerate tt"
  puts
  puts "-Use a HTTP proxy ..."
  puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118"
  puts
-  puts "-Use a SOCKS5 proxy ..."
+  puts "-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)"
  puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000"
  puts
  puts "-Use custom content directory ..."
@@ -82,12 +84,12 @@ def help()
  puts "    u        usernames from id 1 to 10"
  puts "    u[10-20] usernames from id 10 to 20 (you must write [] chars)"
  puts "    p        plugins"
-  puts "    p!       only vulnerable plugins"
-  puts "    t        timthumbs"
-  puts "    T        themes"
-  puts "    T!       only vulnerable themes"
-  puts "  Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins"
-  puts "  If no option is supplied, the default is 'tup!'"
+  puts "    vp       only vulnerable plugins"
+  puts "    tt       timthumbs"
+  puts "    t        themes"
+  puts "    vt       only vulnerable themes"
+  puts "  Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins"
+  puts "  If no option is supplied, the default is 'vt,tt,u,vp'"
  puts
  puts "--config-file | -c <config file> Use the specified config file"
  puts "--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not"
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -151,7 +151,7 @@ class WpscanOptions
      )
    elsif cli_option === "--enumerate" # Special cases
                                       # Default value if no argument is given
-      cli_value = "T!tup!" if cli_value.length == 0
+      cli_value = "vt,tt,u,vp" if cli_value.length == 0

      enumerate_options_from_string(cli_value)
    else
@@ -160,25 +160,28 @@ class WpscanOptions
  end

  # Will set enumerate_* from the string value
-  # IE : if value = p! => :enumerate_only_vulnerable_plugins will be set to true
-  # multiple enumeration are possible : 'up' => :enumerate_usernames and :enumerate_plugins
+  # IE : if value = vp => :enumerate_only_vulnerable_plugins will be set to true
+  # multiple enumeration are possible : 'u,p' => :enumerate_usernames and :enumerate_plugins
  # Special case for usernames, a range is possible : u[1-10] will enumerate usernames from 1 to 10
  def enumerate_options_from_string(value)
    # Usage of self is mandatory because there are overridden setters
-    self.enumerate_only_vulnerable_plugins = true if value =~ /p!/

-    self.enumerate_plugins = true if value =~ /p(?!!)/
+    value = value.split(',').map{ |c| c.downcase }

-    @enumerate_timthumbs = true if value =~ /t/
+    self.enumerate_only_vulnerable_plugins = true if value.include?('vp')

-    self.enumerate_only_vulnerable_themes = true if value =~ /T!/
+    self.enumerate_plugins = true if value.include?('p')

-    self.enumerate_themes = true if value =~ /T(?!!)/
+    @enumerate_timthumbs = true if value.include?('tt')

-    if value =~ /u/
+    self.enumerate_only_vulnerable_themes = true if value.include?('vt')
+
+    self.enumerate_themes = true if value.include?('t')
+
+    value.grep(/^u/) do |username_enum_value|
      @enumerate_usernames = true
      # Check for usernames range
-      matches = %r{\[([\d]+)-([\d]+)\]}.match(value)
+      matches = %r{\[([\d]+)-([\d]+)\]}.match(username_enum_value)
      if matches
        @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i)
      end