Changed enumeration options. See Issue #58. Now shows examples in help. See Issue #62

lib/wpscan/wpscan_helper.rb

@@ -23,10 +23,12 @@ require_files_from_directory(WPSCAN_LIB_DIR, "**/*.rb")
 # wpscan usage
 def usage()
   script_name = $0
-  puts "--help or -h for further help."
   puts
   puts "Examples :"
   puts
+  puts "-Further help ..."
+  puts "ruby #{script_name} --help"
+  puts
   puts "-Do 'non-intrusive' checks ..."
   puts "ruby #{script_name} --url www.example.com"
   puts
@@ -40,18 +42,18 @@ def usage()
   puts "ruby #{script_name} --url www.example.com --enumerate p"
   puts
   puts "-Enumerate installed themes ..."
-  puts "ruby #{script_name} --url www.example.com --enumerate T"
+  puts "ruby #{script_name} --url www.example.com --enumerate t"
   puts
   puts "-Enumerate users ..."
   puts "ruby #{script_name} --url www.example.com --enumerate u"
   puts
   puts "-Enumerate installed timthumbs ..."
-  puts "ruby #{script_name} --url www.example.com --enumerate t"
+  puts "ruby #{script_name} --url www.example.com --enumerate tt"
   puts
   puts "-Use a HTTP proxy ..."
   puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118"
   puts
-  puts "-Use a SOCKS5 proxy ..."
+  puts "-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)"
   puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000"
   puts
   puts "-Use custom content directory ..."
@@ -82,12 +84,12 @@ def help()
   puts "    u        usernames from id 1 to 10"
   puts "    u[10-20] usernames from id 10 to 20 (you must write [] chars)"
   puts "    p        plugins"
-  puts "    p!       only vulnerable plugins"
+  puts "    vp       only vulnerable plugins"
-  puts "    t        timthumbs"
+  puts "    tt       timthumbs"
-  puts "    T        themes"
+  puts "    t        themes"
-  puts "    T!       only vulnerable themes"
+  puts "    vt       only vulnerable themes"
-  puts "  Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins"
+  puts "  Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins"
-  puts "  If no option is supplied, the default is 'tup!'"
+  puts "  If no option is supplied, the default is 'vt,tt,u,vp'"
   puts
   puts "--config-file | -c <config file> Use the specified config file"
   puts "--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not"

lib/wpscan/wpscan_options.rb

@@ -151,7 +151,7 @@ class WpscanOptions
       )
     elsif cli_option === "--enumerate" # Special cases
                                        # Default value if no argument is given
-      cli_value = "T!tup!" if cli_value.length == 0
+      cli_value = "vt,tt,u,vp" if cli_value.length == 0
 
       enumerate_options_from_string(cli_value)
     else
@@ -160,25 +160,28 @@ class WpscanOptions
   end
 
   # Will set enumerate_* from the string value
-  # IE : if value = p! => :enumerate_only_vulnerable_plugins will be set to true
+  # IE : if value = vp => :enumerate_only_vulnerable_plugins will be set to true
-  # multiple enumeration are possible : 'up' => :enumerate_usernames and :enumerate_plugins
+  # multiple enumeration are possible : 'u,p' => :enumerate_usernames and :enumerate_plugins
   # Special case for usernames, a range is possible : u[1-10] will enumerate usernames from 1 to 10
   def enumerate_options_from_string(value)
     # Usage of self is mandatory because there are overridden setters
-    self.enumerate_only_vulnerable_plugins = true if value =~ /p!/
 
-    self.enumerate_plugins = true if value =~ /p(?!!)/
+    value = value.split(',').map{ |c| c.downcase }
 
-    @enumerate_timthumbs = true if value =~ /t/
+    self.enumerate_only_vulnerable_plugins = true if value.include?('vp')
 
-    self.enumerate_only_vulnerable_themes = true if value =~ /T!/
+    self.enumerate_plugins = true if value.include?('p')
 
-    self.enumerate_themes = true if value =~ /T(?!!)/
+    @enumerate_timthumbs = true if value.include?('tt')
 
-    if value =~ /u/
+    self.enumerate_only_vulnerable_themes = true if value.include?('vt')
+
+    self.enumerate_themes = true if value.include?('t')
+
+    value.grep(/^u/) do |username_enum_value|
       @enumerate_usernames = true
       # Check for usernames range
-      matches = %r{\[([\d]+)-([\d]+)\]}.match(value)
+      matches = %r{\[([\d]+)-([\d]+)\]}.match(username_enum_value)
       if matches
         @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i)
       end

spec/lib/wpscan/wpscan_options_spec.rb

@@ -247,7 +247,7 @@ describe "WpscanOptions" do
     end
 
     it "should raise an error if p and p! are " do
-      expect { @wpscan_options.enumerate_options_from_string("pp!") }.to raise_error
+      expect { @wpscan_options.enumerate_options_from_string("p,vp") }.to raise_error
     end
 
     it "should set enumerate_plugins to true" do
@@ -256,12 +256,12 @@ describe "WpscanOptions" do
     end
 
     it "should set enumerate_only_vulnerable_plugins to tue" do
-      @argument = "p!"
+      @argument = "vp"
       @expected_hash = {:enumerate_only_vulnerable_plugins => true}
     end
 
     it "should set enumerate_timthumbs to true" do
-      @argument = 't'
+      @argument = 'tt'
       @expected_hash = {:enumerate_timthumbs => true}
     end
 
@@ -277,7 +277,7 @@ describe "WpscanOptions" do
 
     # Let's try some multiple choices
     it "should set enumerate_timthumbs to true, enumerate_usernames to true, enumerate_usernames_range to (1..2)" do
-      @argument = "u[1-2]t"
+      @argument = "u[1-2],tt"
       @expected_hash = {
           :enumerate_usernames => true, :enumerate_usernames_range => (1..2),
           :enumerate_timthumbs => true
@@ -347,7 +347,7 @@ describe "WpscanOptions" do
     end
 
     it "should return {:url => 'example.com', :enumerate_plugins => true, :enumerate_timthumbs => true}" do
-      @argv = "-u example.com -e pt"
+      @argv = "-u example.com -e p,tt"
       @expected_hash = {:url => 'http://example.com', :enumerate_plugins => true, :enumerate_timthumbs => true}
     end
   end