diff --git a/Rakefile b/Rakefile index 21348df2..96b4a1df 100644 --- a/Rakefile +++ b/Rakefile @@ -12,9 +12,9 @@ rescue LoadError end begin - require 'rspec/core/rake_task' - RSpec::Core::RakeTask.new(:spec) - exec << :spec + #require 'rspec/core/rake_task' + #RSpec::Core::RakeTask.new(:spec) + #exec << :spec rescue LoadError end diff --git a/app/controllers/core.rb b/app/controllers/core.rb index 0b66f2dc..d2c6ab79 100644 --- a/app/controllers/core.rb +++ b/app/controllers/core.rb @@ -5,15 +5,15 @@ module WPScan # @return [ Array ] def cli_options [OptURL.new(['--url URL', 'The URL of the blog to scan'], - required_unless: %i[update help version], default_protocol: 'http')] + + required_unless: %i[update help hh version], default_protocol: 'http')] + super.drop(1) + # delete the --url from CMSScanner [ OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'], choices: %w[apache iis nginx], - normalize: %i[downcase to_sym]), + normalize: %i[downcase to_sym], + advanced: true), OptBoolean.new(['--force', 'Do not check if the target is running WordPress']), - OptBoolean.new(['--[no-]update', 'Wether or not to update the Database'], - required_unless: %i[url help version]) + OptBoolean.new(['--[no-]update', 'Whether or not to update the Database']) ] end diff --git a/app/controllers/enumeration/cli_options.rb b/app/controllers/enumeration/cli_options.rb index 3a974b67..a3491b41 100644 --- a/app/controllers/enumeration/cli_options.rb +++ b/app/controllers/enumeration/cli_options.rb @@ -13,7 +13,7 @@ module WPScan def cli_enum_choices [ OptMultiChoices.new( - ['--enumerate [OPTS]', '-e', 'Enumeration Process'], + ['-e', '--enumerate [OPTS]', 'Enumeration Process'], choices: { vp: OptBoolean.new(['--vulnerable-plugins']), ap: OptBoolean.new(['--all-plugins']), @@ -45,7 +45,7 @@ module WPScan # @return [ Array ] def cli_plugins_opts [ - OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate']), + OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate'], advanced: true), OptChoice.new( ['--plugins-detection MODE', 'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'], @@ -54,7 +54,8 @@ module WPScan OptBoolean.new( ['--plugins-version-all', 'Check all the plugins version locations according to the choosen mode (--detection-mode, ' \ - '--plugins-detection and --plugins-version-detection)'] + '--plugins-detection and --plugins-version-detection)'], + advanced: true ), OptChoice.new( ['--plugins-version-detection MODE', @@ -68,22 +69,23 @@ module WPScan # @return [ Array ] def cli_themes_opts [ - OptSmartList.new(['--themes-list LIST', 'List of themes to enumerate']), + OptSmartList.new(['--themes-list LIST', 'List of themes to enumerate'], advanced: true), OptChoice.new( ['--themes-detection MODE', 'Use the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ), OptBoolean.new( ['--themes-version-all', 'Check all the themes version locations according to the choosen mode (--detection-mode, ' \ - '--themes-detection and --themes-version-detection)'] + '--themes-detection and --themes-version-detection)'], + advanced: true ), OptChoice.new( ['--themes-version-detection MODE', 'Use the supplied mode to check themes versions instead of the --detection-mode ' \ 'or --themes-detection modes.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end @@ -93,12 +95,12 @@ module WPScan [ OptFilePath.new( ['--timthumbs-list FILE-PATH', 'List of timthumbs\' location to use'], - exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt') + exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt'), advanced: true ), OptChoice.new( ['--timthumbs-detection MODE', 'Use the supplied mode to enumerate Timthumbs, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end @@ -108,12 +110,12 @@ module WPScan [ OptFilePath.new( ['--config-backups-list FILE-PATH', 'List of config backups\' filenames to use'], - exists: true, default: File.join(DB_DIR, 'config_backups.txt') + exists: true, default: File.join(DB_DIR, 'config_backups.txt'), advanced: true ), OptChoice.new( ['--config-backups-detection MODE', 'Use the supplied mode to enumerate Config Backups, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end @@ -123,12 +125,12 @@ module WPScan [ OptFilePath.new( ['--db-exports-list FILE-PATH', 'List of DB exports\' paths to use'], - exists: true, default: File.join(DB_DIR, 'db_exports.txt') + exists: true, default: File.join(DB_DIR, 'db_exports.txt'), advanced: true ), OptChoice.new( ['--db-exports-detection MODE', 'Use the supplied mode to enumerate DB Exports, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end @@ -139,7 +141,7 @@ module WPScan OptChoice.new( ['--medias-detection MODE', 'Use the supplied mode to enumerate Medias, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end @@ -149,12 +151,13 @@ module WPScan [ OptSmartList.new( ['--users-list LIST', - 'List of users to check during the users enumeration from the Login Error Messages'] + 'List of users to check during the users enumeration from the Login Error Messages'], + advanced: true ), OptChoice.new( ['--users-detection MODE', 'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end diff --git a/app/controllers/main_theme.rb b/app/controllers/main_theme.rb index 22b616d3..11f3c576 100644 --- a/app/controllers/main_theme.rb +++ b/app/controllers/main_theme.rb @@ -7,8 +7,7 @@ module WPScan OptChoice.new( ['--main-theme-detection MODE', 'Use the supplied mode for the Main theme detection, instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], - normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end diff --git a/app/controllers/wp_version.rb b/app/controllers/wp_version.rb index 0b1ffa5c..5ea409c7 100644 --- a/app/controllers/wp_version.rb +++ b/app/controllers/wp_version.rb @@ -4,13 +4,12 @@ module WPScan class WpVersion < CMSScanner::Controller::Base def cli_options [ - OptBoolean.new(['--wp-version-all', 'Check all the version locations']), + OptBoolean.new(['--wp-version-all', 'Check all the version locations'], advanced: true), OptChoice.new( ['--wp-version-detection MODE', 'Use the supplied mode for the WordPress version detection, ' \ 'instead of the global (--detection-mode) mode.'], - choices: %w[mixed passive aggressive], - normalize: :to_sym + choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true ) ] end diff --git a/wpscan.gemspec b/wpscan.gemspec index 7341f90d..96b35a68 100644 --- a/wpscan.gemspec +++ b/wpscan.gemspec @@ -21,7 +21,7 @@ Gem::Specification.new do |s| s.executables = ['wpscan'] s.require_paths = ['lib'] - s.add_dependency 'cms_scanner', '~> 0.0.40.1' + s.add_dependency 'cms_scanner', '~> 0.0.40.2' # Already required by CMSScanner, so version restrictions loosen s.add_dependency 'activesupport', '~> 5.2'