WpItems agressive detection progress bar

2013-04-14 18:01:24 +02:00
parent 446910767b
commit df5b8b9c35
3 changed files with 11 additions and 23 deletions
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -14,17 +14,18 @@ class WpItems < Array
    # @return [ WpItems ]
    def aggressive_detection(wp_target, options = {})
      queue_count      = 0
-      request_count    = 0
      browser          = Browser.instance
      hydra            = browser.hydra
      targets          = targets_items(wp_target, options)
-      targets_size     = targets.size
-      show_progression = options[:show_progression] || false
      exist_options    = {
        error_404_hash:  wp_target.error_404_hash,
        homepage_hash:   wp_target.homepage_hash,
        exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil
      }
+      progress_bar     = ProgressBar.create(format: '%t %a <%B> (%c / %C) %P%% %e',
+                                            title: '  ', # Otherwise 'Progress' replaces the title
+                                            length: 120,
+                                            total: targets.size) if options[:show_progression]

      # If we only want the vulnerable ones, the passive detection is ignored
      # Otherwise, a passive detection is performed, and results will be merged
@@ -32,11 +33,9 @@ class WpItems < Array

      targets.each do |target_item|
        request = browser.forge_request(target_item.url, request_params)
-        request_count += 1

        request.on_complete do |response|
-
-          print "\rChecking for #{targets_size} total ... #{(request_count * 100) / targets_size}% complete." if show_progression
+          progress_bar.progress += 1 if options[:show_progression]

          if target_item.exists?(exist_options, response)
            if !results.include?(target_item)
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -22,8 +22,6 @@ class WpUser < WpItem
                                        total: passwords.size) if options[:show_progression]

      passwords.each do |password|
-        queue_count += 1
-
        request = Browser.instance.forge_request(login_url,
          method: :post,
          body: { log: login, pwd: password },
@@ -43,6 +41,7 @@ class WpUser < WpItem
        end

        hydra.queue(request)
+        queue_count += 1

        # it can take a long time to queue 2 million requests,
        # for that reason, we queue @threads, send @threads, queue @threads and so on.
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -192,14 +192,12 @@ def main
          only_vulnerable: wpscan_options.enumerate_only_vulnerable_plugins || false
        )
      )
+      puts
      if !wp_plugins.empty?
-        puts
-        puts
        puts green('[+]') + " We found #{wp_plugins.size} plugins:"

        wp_plugins.output
      else
-        puts
        puts 'No plugins found :('
      end
    end
@@ -216,15 +214,12 @@ def main
          only_vulnerable: wpscan_options.enumerate_only_vulnerable_themes || false
        )
      )
-
+      puts
      if !wp_themes.empty?
-        puts
-        puts
        puts green('[+]') + " We found #{wp_themes.size} themes:"

        wp_themes.output
      else
-        puts
        puts 'No themes found :('
      end
    end
@@ -240,8 +235,8 @@ def main
          theme_name: wp_theme ? wp_theme.name : nil
        )
      )
-      if !wp_timthumbs.empty?
      puts
+      if !wp_timthumbs.empty?
        puts green('[+]') + " We found #{wp_timthumbs.size} timthumb file/s :"
        puts

@@ -250,7 +245,6 @@ def main
        puts
        puts red(' * Reference: http://www.exploit-db.com/exploits/17602/')
      else
-        puts
        puts 'No timthumb files found :('
      end
    end
@@ -266,15 +260,13 @@ def main
          show_progression: false
        )
      )
-
-      if wp_users.empty?
      puts
+      if wp_users.empty?
        puts 'We did not enumerate any usernames :('
        puts 'Try supplying your own username with the --username option'
        puts
        exit(1)
      else
-        puts
        puts green('[+]') + " We found the following #{wp_users.size} user/s :"

        wp_users.output(margin_left: ' ' * 4)
@@ -298,9 +290,8 @@ def main

        bruteforce = false if Readline.readline !~ /^y/i
      end
-
-      if bruteforce
      puts
+      if bruteforce
        puts green('[+]') + ' Starting the password brute forcer'

        wp_users.brute_force(wpscan_options.wordlist,
@@ -309,7 +300,6 @@ def main
        puts
        wp_users.output(show_password: true, margin_left: ' ' * 2)
      else
-        puts
        puts 'Brute forcing aborted'
      end
    end