WpItems agressive detection progress bar
This commit is contained in:
erwanlr
@@ -14,17 +14,18 @@ class WpItems < Array
|
|||||||
# @return [ WpItems ]
|
# @return [ WpItems ]
|
||||||
def aggressive_detection(wp_target, options = {})
|
def aggressive_detection(wp_target, options = {})
|
||||||
queue_count = 0
|
queue_count = 0
|
||||||
request_count = 0
|
|
||||||
browser = Browser.instance
|
browser = Browser.instance
|
||||||
hydra = browser.hydra
|
hydra = browser.hydra
|
||||||
targets = targets_items(wp_target, options)
|
targets = targets_items(wp_target, options)
|
||||||
targets_size = targets.size
|
|
||||||
show_progression = options[:show_progression] || false
|
|
||||||
exist_options = {
|
exist_options = {
|
||||||
error_404_hash: wp_target.error_404_hash,
|
error_404_hash: wp_target.error_404_hash,
|
||||||
homepage_hash: wp_target.homepage_hash,
|
homepage_hash: wp_target.homepage_hash,
|
||||||
exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil
|
exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil
|
||||||
}
|
}
|
||||||
|
progress_bar = ProgressBar.create(format: '%t %a <%B> (%c / %C) %P%% %e',
|
||||||
|
title: ' ', # Otherwise 'Progress' replaces the title
|
||||||
|
length: 120,
|
||||||
|
total: targets.size) if options[:show_progression]
|
||||||
|
|
||||||
# If we only want the vulnerable ones, the passive detection is ignored
|
# If we only want the vulnerable ones, the passive detection is ignored
|
||||||
# Otherwise, a passive detection is performed, and results will be merged
|
# Otherwise, a passive detection is performed, and results will be merged
|
||||||
@@ -32,11 +33,9 @@ class WpItems < Array
|
|||||||
|
|
||||||
targets.each do |target_item|
|
targets.each do |target_item|
|
||||||
request = browser.forge_request(target_item.url, request_params)
|
request = browser.forge_request(target_item.url, request_params)
|
||||||
request_count += 1
|
|
||||||
|
|
||||||
request.on_complete do |response|
|
request.on_complete do |response|
|
||||||
|
progress_bar.progress += 1 if options[:show_progression]
|
||||||
print "\rChecking for #{targets_size} total ... #{(request_count * 100) / targets_size}% complete." if show_progression
|
|
||||||
|
|
||||||
if target_item.exists?(exist_options, response)
|
if target_item.exists?(exist_options, response)
|
||||||
if !results.include?(target_item)
|
if !results.include?(target_item)
|
||||||
|
|||||||
@@ -22,8 +22,6 @@ class WpUser < WpItem
|
|||||||
total: passwords.size) if options[:show_progression]
|
total: passwords.size) if options[:show_progression]
|
||||||
|
|
||||||
passwords.each do |password|
|
passwords.each do |password|
|
||||||
queue_count += 1
|
|
||||||
|
|
||||||
request = Browser.instance.forge_request(login_url,
|
request = Browser.instance.forge_request(login_url,
|
||||||
method: :post,
|
method: :post,
|
||||||
body: { log: login, pwd: password },
|
body: { log: login, pwd: password },
|
||||||
@@ -43,6 +41,7 @@ class WpUser < WpItem
|
|||||||
end
|
end
|
||||||
|
|
||||||
hydra.queue(request)
|
hydra.queue(request)
|
||||||
|
queue_count += 1
|
||||||
|
|
||||||
# it can take a long time to queue 2 million requests,
|
# it can take a long time to queue 2 million requests,
|
||||||
# for that reason, we queue @threads, send @threads, queue @threads and so on.
|
# for that reason, we queue @threads, send @threads, queue @threads and so on.
|
||||||
|
|||||||
20
wpscan.rb
20
wpscan.rb
@@ -192,14 +192,12 @@ def main
|
|||||||
only_vulnerable: wpscan_options.enumerate_only_vulnerable_plugins || false
|
only_vulnerable: wpscan_options.enumerate_only_vulnerable_plugins || false
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
puts
|
||||||
if !wp_plugins.empty?
|
if !wp_plugins.empty?
|
||||||
puts
|
|
||||||
puts
|
|
||||||
puts green('[+]') + " We found #{wp_plugins.size} plugins:"
|
puts green('[+]') + " We found #{wp_plugins.size} plugins:"
|
||||||
|
|
||||||
wp_plugins.output
|
wp_plugins.output
|
||||||
else
|
else
|
||||||
puts
|
|
||||||
puts 'No plugins found :('
|
puts 'No plugins found :('
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@@ -216,15 +214,12 @@ def main
|
|||||||
only_vulnerable: wpscan_options.enumerate_only_vulnerable_themes || false
|
only_vulnerable: wpscan_options.enumerate_only_vulnerable_themes || false
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
puts
|
||||||
if !wp_themes.empty?
|
if !wp_themes.empty?
|
||||||
puts
|
|
||||||
puts
|
|
||||||
puts green('[+]') + " We found #{wp_themes.size} themes:"
|
puts green('[+]') + " We found #{wp_themes.size} themes:"
|
||||||
|
|
||||||
wp_themes.output
|
wp_themes.output
|
||||||
else
|
else
|
||||||
puts
|
|
||||||
puts 'No themes found :('
|
puts 'No themes found :('
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@@ -240,8 +235,8 @@ def main
|
|||||||
theme_name: wp_theme ? wp_theme.name : nil
|
theme_name: wp_theme ? wp_theme.name : nil
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
puts
|
||||||
if !wp_timthumbs.empty?
|
if !wp_timthumbs.empty?
|
||||||
puts
|
|
||||||
puts green('[+]') + " We found #{wp_timthumbs.size} timthumb file/s :"
|
puts green('[+]') + " We found #{wp_timthumbs.size} timthumb file/s :"
|
||||||
puts
|
puts
|
||||||
|
|
||||||
@@ -250,7 +245,6 @@ def main
|
|||||||
puts
|
puts
|
||||||
puts red(' * Reference: http://www.exploit-db.com/exploits/17602/')
|
puts red(' * Reference: http://www.exploit-db.com/exploits/17602/')
|
||||||
else
|
else
|
||||||
puts
|
|
||||||
puts 'No timthumb files found :('
|
puts 'No timthumb files found :('
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@@ -266,15 +260,13 @@ def main
|
|||||||
show_progression: false
|
show_progression: false
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
puts
|
||||||
if wp_users.empty?
|
if wp_users.empty?
|
||||||
puts
|
|
||||||
puts 'We did not enumerate any usernames :('
|
puts 'We did not enumerate any usernames :('
|
||||||
puts 'Try supplying your own username with the --username option'
|
puts 'Try supplying your own username with the --username option'
|
||||||
puts
|
puts
|
||||||
exit(1)
|
exit(1)
|
||||||
else
|
else
|
||||||
puts
|
|
||||||
puts green('[+]') + " We found the following #{wp_users.size} user/s :"
|
puts green('[+]') + " We found the following #{wp_users.size} user/s :"
|
||||||
|
|
||||||
wp_users.output(margin_left: ' ' * 4)
|
wp_users.output(margin_left: ' ' * 4)
|
||||||
@@ -298,9 +290,8 @@ def main
|
|||||||
|
|
||||||
bruteforce = false if Readline.readline !~ /^y/i
|
bruteforce = false if Readline.readline !~ /^y/i
|
||||||
end
|
end
|
||||||
|
puts
|
||||||
if bruteforce
|
if bruteforce
|
||||||
puts
|
|
||||||
puts green('[+]') + ' Starting the password brute forcer'
|
puts green('[+]') + ' Starting the password brute forcer'
|
||||||
|
|
||||||
wp_users.brute_force(wpscan_options.wordlist,
|
wp_users.brute_force(wpscan_options.wordlist,
|
||||||
@@ -309,7 +300,6 @@ def main
|
|||||||
puts
|
puts
|
||||||
wp_users.output(show_password: true, margin_left: ' ' * 2)
|
wp_users.output(show_password: true, margin_left: ' ' * 2)
|
||||||
else
|
else
|
||||||
puts
|
|
||||||
puts 'Brute forcing aborted'
|
puts 'Brute forcing aborted'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user