diff --git a/lib/common/collections/wp_items/detectable.rb b/lib/common/collections/wp_items/detectable.rb index f53353c6..d864c707 100755 --- a/lib/common/collections/wp_items/detectable.rb +++ b/lib/common/collections/wp_items/detectable.rb @@ -14,17 +14,18 @@ class WpItems < Array # @return [ WpItems ] def aggressive_detection(wp_target, options = {}) queue_count = 0 - request_count = 0 browser = Browser.instance hydra = browser.hydra targets = targets_items(wp_target, options) - targets_size = targets.size - show_progression = options[:show_progression] || false exist_options = { error_404_hash: wp_target.error_404_hash, homepage_hash: wp_target.homepage_hash, exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil } + progress_bar = ProgressBar.create(format: '%t %a <%B> (%c / %C) %P%% %e', + title: ' ', # Otherwise 'Progress' replaces the title + length: 120, + total: targets.size) if options[:show_progression] # If we only want the vulnerable ones, the passive detection is ignored # Otherwise, a passive detection is performed, and results will be merged @@ -32,11 +33,9 @@ class WpItems < Array targets.each do |target_item| request = browser.forge_request(target_item.url, request_params) - request_count += 1 request.on_complete do |response| - - print "\rChecking for #{targets_size} total ... #{(request_count * 100) / targets_size}% complete." if show_progression + progress_bar.progress += 1 if options[:show_progression] if target_item.exists?(exist_options, response) if !results.include?(target_item) diff --git a/lib/common/models/wp_user/brute_forcable.rb b/lib/common/models/wp_user/brute_forcable.rb index 8558ab68..7beecdcd 100644 --- a/lib/common/models/wp_user/brute_forcable.rb +++ b/lib/common/models/wp_user/brute_forcable.rb @@ -22,8 +22,6 @@ class WpUser < WpItem total: passwords.size) if options[:show_progression] passwords.each do |password| - queue_count += 1 - request = Browser.instance.forge_request(login_url, method: :post, body: { log: login, pwd: password }, @@ -43,6 +41,7 @@ class WpUser < WpItem end hydra.queue(request) + queue_count += 1 # it can take a long time to queue 2 million requests, # for that reason, we queue @threads, send @threads, queue @threads and so on. diff --git a/wpscan.rb b/wpscan.rb index 1b6f3be5..53a10da1 100755 --- a/wpscan.rb +++ b/wpscan.rb @@ -192,14 +192,12 @@ def main only_vulnerable: wpscan_options.enumerate_only_vulnerable_plugins || false ) ) + puts if !wp_plugins.empty? - puts - puts puts green('[+]') + " We found #{wp_plugins.size} plugins:" wp_plugins.output else - puts puts 'No plugins found :(' end end @@ -216,15 +214,12 @@ def main only_vulnerable: wpscan_options.enumerate_only_vulnerable_themes || false ) ) - + puts if !wp_themes.empty? - puts - puts puts green('[+]') + " We found #{wp_themes.size} themes:" wp_themes.output else - puts puts 'No themes found :(' end end @@ -240,8 +235,8 @@ def main theme_name: wp_theme ? wp_theme.name : nil ) ) + puts if !wp_timthumbs.empty? - puts puts green('[+]') + " We found #{wp_timthumbs.size} timthumb file/s :" puts @@ -250,7 +245,6 @@ def main puts puts red(' * Reference: http://www.exploit-db.com/exploits/17602/') else - puts puts 'No timthumb files found :(' end end @@ -266,15 +260,13 @@ def main show_progression: false ) ) - + puts if wp_users.empty? - puts puts 'We did not enumerate any usernames :(' puts 'Try supplying your own username with the --username option' puts exit(1) else - puts puts green('[+]') + " We found the following #{wp_users.size} user/s :" wp_users.output(margin_left: ' ' * 4) @@ -298,9 +290,8 @@ def main bruteforce = false if Readline.readline !~ /^y/i end - + puts if bruteforce - puts puts green('[+]') + ' Starting the password brute forcer' wp_users.brute_force(wpscan_options.wordlist, @@ -309,7 +300,6 @@ def main puts wp_users.output(show_password: true, margin_left: ' ' * 2) else - puts puts 'Brute forcing aborted' end end