From f50680b61fb61836610b3fe534e364176d907ff3 Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Mon, 8 Jul 2019 19:47:46 +0100
Subject: [PATCH] Adds a --plugins-threshold and --themes-threshold options

---
 .rubocop.yml                                |  4 ++++
 app/controllers/enumeration/cli_options.rb  | 12 ++++++++++--
 app/controllers/enumeration/enum_methods.rb |  2 ++
 app/finders/plugins/known_locations.rb      |  2 ++
 app/finders/themes/known_locations.rb       |  2 ++
 lib/wpscan/errors.rb                        |  1 +
 lib/wpscan/errors/enumeration.rb            | 21 +++++++++++++++++++++
 spec/app/controllers/enumeration_spec.rb    |  4 ++--
 8 files changed, 44 insertions(+), 4 deletions(-)
 create mode 100644 lib/wpscan/errors/enumeration.rb

diff --git a/.rubocop.yml b/.rubocop.yml
index 07b0876d..805020bd 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -10,6 +10,8 @@ LineLength:
   Max: 120
 MethodLength:
   Max: 20
+  Exclude:
+  - 'app/controllers/enumeration/cli_options.rb'
 Lint/UriEscapeUnescape:
   Enabled: false
 Metrics/AbcSize:
@@ -19,6 +21,8 @@ Metrics/BlockLength:
   - 'spec/**/*'
 Metrics/ClassLength:
   Max: 150
+  Exclude:
+  - 'app/controllers/enumeration/cli_options.rb'
 Metrics/CyclomaticComplexity:
   Max: 8
 Style/Documentation:
diff --git a/app/controllers/enumeration/cli_options.rb b/app/controllers/enumeration/cli_options.rb
index 37ea4d7c..a0ff5e5a 100644
--- a/app/controllers/enumeration/cli_options.rb
+++ b/app/controllers/enumeration/cli_options.rb
@@ -11,7 +11,6 @@ module WPScan
       end
 
       # @return [ Array<OptParseValidator::OptBase> ]
-      # rubocop:disable Metrics/MethodLength
       def cli_enum_choices
         [
           OptMultiChoices.new(
@@ -45,7 +44,6 @@ module WPScan
           )
         ]
       end
-      # rubocop:enable Metrics/MethodLength
 
       # @return [ Array<OptParseValidator::OptBase> ]
       def cli_plugins_opts
@@ -67,6 +65,11 @@ module WPScan
              'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
              'or --plugins-detection modes.'],
             choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
+          ),
+          OptInteger.new(
+            ['--plugins-threshold THRESHOLD',
+             'Raise an error when the number of detected plugins via known locations reaches the threshold. ' \
+             'Set to 0 to ignore the threshold.'], default: 100
           )
         ]
       end
@@ -91,6 +94,11 @@ module WPScan
              'Use the supplied mode to check themes versions instead of the --detection-mode ' \
              'or --themes-detection modes.'],
             choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
+          ),
+          OptInteger.new(
+            ['--themes-threshold THRESHOLD',
+             'Raise an error when the number of detected themes via known locations reaches the threshold. ' \
+             'Set to 0 to ignore the threshold.'], default: 50
           )
         ]
       end
diff --git a/app/controllers/enumeration/enum_methods.rb b/app/controllers/enumeration/enum_methods.rb
index 59a27854..f256b5c3 100644
--- a/app/controllers/enumeration/enum_methods.rb
+++ b/app/controllers/enumeration/enum_methods.rb
@@ -62,6 +62,7 @@ module WPScan
       def enum_plugins
         opts = default_opts('plugins').merge(
           list: plugins_list_from_opts(ParsedCli.options),
+          threshold: ParsedCli.plugins_threshold,
           sort: true
         )
 
@@ -108,6 +109,7 @@ module WPScan
       def enum_themes
         opts = default_opts('themes').merge(
           list: themes_list_from_opts(ParsedCli.options),
+          threshold: ParsedCli.themes_threshold,
           sort: true
         )
 
diff --git a/app/finders/plugins/known_locations.rb b/app/finders/plugins/known_locations.rb
index 1e1f548f..794560c6 100644
--- a/app/finders/plugins/known_locations.rb
+++ b/app/finders/plugins/known_locations.rb
@@ -21,6 +21,8 @@ module WPScan
 
           enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
             found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+
+            raise Error::PluginsThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
           end
 
           found
diff --git a/app/finders/themes/known_locations.rb b/app/finders/themes/known_locations.rb
index 30567caf..b7aef9e1 100644
--- a/app/finders/themes/known_locations.rb
+++ b/app/finders/themes/known_locations.rb
@@ -21,6 +21,8 @@ module WPScan
 
           enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
             found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+
+            raise Error::ThemesThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
           end
 
           found
diff --git a/lib/wpscan/errors.rb b/lib/wpscan/errors.rb
index 08469ba9..53e0599d 100644
--- a/lib/wpscan/errors.rb
+++ b/lib/wpscan/errors.rb
@@ -9,6 +9,7 @@ module WPScan
   end
 end
 
+require_relative 'errors/enumeration'
 require_relative 'errors/http'
 require_relative 'errors/update'
 require_relative 'errors/wordpress'
diff --git a/lib/wpscan/errors/enumeration.rb b/lib/wpscan/errors/enumeration.rb
new file mode 100644
index 00000000..6b015883
--- /dev/null
+++ b/lib/wpscan/errors/enumeration.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Error
+    class PluginsThresholdReached < Standard
+      def to_s
+        "The number of plugins detected reached the threshold of #{ParsedCli.plugins_threshold} " \
+        'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
+        'option to ignore the bad responses.'
+      end
+    end
+
+    class ThemesThresholdReached < Standard
+      def to_s
+        "The number of themes detected reached the threshold of #{ParsedCli.themes_threshold} " \
+        'which might indicate False Positive. It would be recommended to use the --exclude-content-based ' \
+        'option to ignore the bad responses.'
+      end
+    end
+  end
+end
diff --git a/spec/app/controllers/enumeration_spec.rb b/spec/app/controllers/enumeration_spec.rb
index 0ad85094..17d556a2 100644
--- a/spec/app/controllers/enumeration_spec.rb
+++ b/spec/app/controllers/enumeration_spec.rb
@@ -70,8 +70,8 @@ describe WPScan::Controller::Enumeration do
     it 'contains the correct options' do
       expect(controller.cli_options.map(&:to_sym)).to eql(
         %i[enumerate exclude_content_based
-           plugins_list plugins_detection plugins_version_all plugins_version_detection
-           themes_list themes_detection themes_version_all themes_version_detection
+           plugins_list plugins_detection plugins_version_all plugins_version_detection plugins_threshold
+           themes_list themes_detection themes_version_all themes_version_detection themes_threshold
            timthumbs_list timthumbs_detection
            config_backups_list config_backups_detection
            db_exports_list db_exports_detection