garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Uses an enumerator to read wordlist during pwd attack. Fixes #1518

Browse Source
This commit is contained in:
erwanlr
2020-07-16 14:39:09 +02:00
parent ff574b046c
commit f65532e347
5 changed files with 7 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/controllers/password_attack.rb
View File

@@ -41,7 +41,7 @@ module WPScan
msg: "Performing password attack on #{attacker.titleize} against #{users.size} user/s") msg: "Performing password attack on #{attacker.titleize} against #{users.size} user/s")
end end
attacker.attack(users, passwords(ParsedCli.passwords), attack_opts) do |user| attacker.attack(users, ParsedCli.passwords, attack_opts) do |user|
found << user found << user
attacker.progress_bar.log("[SUCCESS] - #{user.username} / #{user.password}") attacker.progress_bar.log("[SUCCESS] - #{user.username} / #{user.password}")
@@ -122,15 +122,6 @@ module WPScan
acc << Model::User.new(elem.chomp) acc << Model::User.new(elem.chomp)
end end
end end
# @param [ String ] wordlist_path
#
# @return [ Array<String> ]
def passwords(wordlist_path)
@passwords ||= File.open(wordlist_path).reduce([]) do |acc, elem|
acc << elem.chomp
end
end
end end
end end
end end

6
spec/app/controllers/password_attack_spec.rb
View File

@@ -21,7 +21,7 @@ describe WPScan::Controller::PasswordAttack do
describe '#users' do describe '#users' do
context 'when no --usernames' do context 'when no --usernames' do
it 'calles target.users' do it 'calls target.users' do
expect(controller.target).to receive(:users) expect(controller.target).to receive(:users)
controller.users controller.users
end end
@@ -40,10 +40,6 @@ describe WPScan::Controller::PasswordAttack do
end end
end end
describe '#passwords' do
xit
end
describe '#run' do describe '#run' do
context 'when no --passwords is supplied' do context 'when no --passwords is supplied' do
it 'does not run the attacker' do it 'does not run the attacker' do

4
spec/app/finders/passwords/xml_rpc_spec.rb
View File

@@ -24,11 +24,13 @@ describe WPScan::Finders::Passwords::XMLRPC do
</methodResponse>' </methodResponse>'
describe '#attack' do describe '#attack' do
let(:wordlist_path) { FINDERS_FIXTURES.join('passwords.txt').to_s }
context 'when no valid credentials' do context 'when no valid credentials' do
before do before do
stub_request(:post, url).to_return(status: status, body: RESPONSE_403_BODY) stub_request(:post, url).to_return(status: status, body: RESPONSE_403_BODY)
finder.attack(users, %w[pwd]) finder.attack(users, wordlist_path)
end end
let(:users) { %w[admin].map { |username| WPScan::Model::User.new(username) } } let(:users) { %w[admin].map { |username| WPScan::Model::User.new(username) } }

1
spec/fixtures/finders/passwords.txt vendored Normal file
View File

@@ -0,0 +1 @@
pwd

2
wpscan.gemspec
View File

@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
s.executables = ['wpscan'] s.executables = ['wpscan']
s.require_paths = ['lib'] s.require_paths = ['lib']
s.add_dependency 'cms_scanner', '~> 0.11.0' s.add_dependency 'cms_scanner', '~> 0.12.0'
s.add_development_dependency 'bundler', '>= 1.6' s.add_development_dependency 'bundler', '>= 1.6'
s.add_development_dependency 'memory_profiler', '~> 0.9.13' s.add_development_dependency 'memory_profiler', '~> 0.9.13'