Stats

Document Homebrew package in README

.dockerignore

@@ -16,3 +16,6 @@ CREDITS
 data.zip
 DISCLAIMER.txt
 example.conf.json
+bin/
+log.txt
+

.gitignore

@@ -1,3 +1,4 @@
+.ash_history
 cache
 coverage
 .bundle
@@ -6,10 +7,10 @@ coverage
 *.sublime-*
 .idea
 .*.swp
-Gemfile.lock
 log.txt
 .yardoc
 debug.log
 wordlist.txt
 rspec_results.html
 data/
+vendor/

.ruby-version

@@ -1 +1 @@
-2.3.1
+2.4.1

.travis.yml

@@ -10,11 +10,18 @@ rvm:
   - 2.2.4
   - 2.3.0
   - 2.3.1
+  - 2.3.2
+  - 2.3.3
+  - 2.4.1
 before_install:
+  - "env"
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
+  - "gem install bundler"
+  - "bundler --version"
 before_script:
   - "unzip -o $TRAVIS_BUILD_DIR/data.zip -d $TRAVIS_BUILD_DIR"
-script: bundle exec rspec
+script:
+  - "bundle exec rspec"
 notifications:
   email:
     - team@wpscan.org

CHANGELOG.md

@@ -1,6 +1,27 @@
 # Changelog
 ## Master
-[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.9.2...master)
+[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.9.3...master)
+
+## Version 2.9.3
+Released: 2017-07-19
+
+* Updated dependencies and required ruby version
+* Made some changes so wpscan works in ruby 2.4
+* Added a Gemfile.lock to lock all dependencies
+* You can now pass a wordlist from stdin via "--wordlist -"
+* Improved version detection regexes
+* Added an optional paramter to --log to specify a filename
+
+WPScan Database Statistics:
+* Total tracked wordpresses: 251
+* Total tracked plugins: 68818
+* Total tracked themes: 15132
+* Total vulnerable wordpresses: 243
+* Total vulnerable plugins: 1527
+* Total vulnerable themes: 280
+* Total wordpress vulnerabilities: 5263
+* Total plugin vulnerabilities: 2406
+* Total theme vulnerabilities: 349
 
 ## Version 2.9.2
 Released: 2016-11-15

Dockerfile

@@ -1,24 +1,29 @@
-FROM ruby:2.3-slim
+FROM ruby:2.4-alpine
 MAINTAINER WPScan Team <team@wpscan.org>
 
-RUN DEBIAN_FRONTEND=noninteractive && \
+ARG BUNDLER_ARGS="--jobs=8 --without test"
-  rm -rf /var/lib/apt/lists/* && \
-  apt-get update && \
-  apt-get --no-install-recommends -qq -y install curl git ca-certificates openssl libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev build-essential procps
 
-RUN useradd -d /wpscan wpscan
+RUN adduser -h /wpscan -g WPScan -D wpscan
 RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
-RUN mkdir /wpscan
+
+COPY Gemfile /wpscan
+COPY Gemfile.lock /wpscan
+
+# runtime dependencies
+RUN apk add --no-cache libcurl procps && \
+  # build dependencies
+  apk add --no-cache --virtual build-deps alpine-sdk ruby-dev libffi-dev zlib-dev && \
+  bundle install --system --gemfile=/wpscan/Gemfile $BUNDLER_ARGS && \
+  apk del --no-cache build-deps
 
 COPY . /wpscan
-
-WORKDIR /wpscan
-
-RUN bundle install --without test
 RUN chown -R wpscan:wpscan /wpscan
 
 USER wpscan
+
 RUN /wpscan/wpscan.rb --update --verbose --no-color
 
+WORKDIR /wpscan
+
 ENTRYPOINT ["/wpscan/wpscan.rb"]
 CMD ["--help"]

Gemfile

@@ -1,15 +1,15 @@
 source 'https://rubygems.org'
 
-gem 'typhoeus', '>=1.0.0'
+gem 'typhoeus', '>=1.1.2'
-gem 'nokogiri', '>=1.6.7.2'
+gem 'nokogiri', '>=1.7.0.1'
-gem 'addressable'
+gem 'addressable', '>=2.5.0'
-gem 'yajl-ruby' # Better JSON parser regarding memory usage
+gem 'yajl-ruby', '>=1.3.0' # Better JSON parser regarding memory usage
 gem 'terminal-table', '>=1.6.0'
-gem 'ruby-progressbar', '>=1.6.0'
+gem 'ruby-progressbar', '>=1.8.1'
 
 group :test do
-  gem 'webmock', '>=1.17.2'
+  gem 'webmock', '>=2.3.2'
-  gem 'simplecov'
+  gem 'simplecov', '>=0.13.0'
-  gem 'rspec', '>=3.3.0'
+  gem 'rspec', '>=3.5.0'
-  gem 'rspec-its'
+  gem 'rspec-its', '>=1.2.0'
 end

Gemfile.lock

@@ -0,0 +1,69 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.1)
+      public_suffix (~> 2.0, >= 2.0.2)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    ethon (0.10.1)
+      ffi (>= 1.3.0)
+    ffi (1.9.18)
+    hashdiff (0.3.4)
+    json (2.1.0)
+    mini_portile2 (2.2.0)
+    nokogiri (1.8.0)
+      mini_portile2 (~> 2.2.0)
+    public_suffix (2.0.5)
+    rspec (3.6.0)
+      rspec-core (~> 3.6.0)
+      rspec-expectations (~> 3.6.0)
+      rspec-mocks (~> 3.6.0)
+    rspec-core (3.6.0)
+      rspec-support (~> 3.6.0)
+    rspec-expectations (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-its (1.2.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-support (3.6.0)
+    ruby-progressbar (1.8.1)
+    safe_yaml (1.0.4)
+    simplecov (0.14.1)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.1)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    typhoeus (1.1.2)
+      ethon (>= 0.9.0)
+    unicode-display_width (1.3.0)
+    webmock (3.0.1)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+    yajl-ruby (1.3.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  addressable (>= 2.5.0)
+  nokogiri (>= 1.7.0.1)
+  rspec (>= 3.5.0)
+  rspec-its (>= 1.2.0)
+  ruby-progressbar (>= 1.8.1)
+  simplecov (>= 0.13.0)
+  terminal-table (>= 1.6.0)
+  typhoeus (>= 1.1.2)
+  webmock (>= 2.3.2)
+  yajl-ruby (>= 1.3.0)
+
+BUNDLED WITH
+   1.14.6

README.md

@@ -95,11 +95,49 @@ WPScan comes pre-installed on the following Linux distributions:
 - [SamuraiWTF](http://samurai.inguardians.com/)
 - [BlackArch](http://blackarch.org/)
 
+On macOS WPScan is packaged by [Homebrew](https://brew.sh/) as [`wpscan`](http://braumeister.org/formula/wpscan).
+
 Windows is not supported
 
+We suggest you use our official Docker image from https://hub.docker.com/r/wpscanteam/wpscan/ to avoid installation problems.
+
+# DOCKER
+Pull the repo with `docker pull wpscanteam/wpscan`
+
+## Start WPScan
+
+```
+docker run -it --rm wpscanteam/wpscan -u https://yourblog.com [options]
+```
+
+For the available Options, please see https://github.com/wpscanteam/wpscan#wpscan-arguments
+
+If you run the git version of wpscan we included some binstubs in ./bin for easier start of wpscan.
+
+## Examples
+
+Mount a local wordlist to the docker container and start a bruteforce attack for user admin
+
+```
+docker run -it --rm -v ~/wordlists:/wordlists wpscanteam/wpscan --url https://yourblog.com --wordlist /wordlists/crackstation.txt --username admin
+```
+
+Use logfile option
+```
+# the file must exist prior to starting the container, otherwise docker will create a directory with the filename
+touch ~/FILENAME
+docker run -it --rm -v ~/FILENAME:/wpscan/output.txt wpscanteam/wpscan --url https://yourblog.com --log /wpscan/output.txt
+```
+
+(This mounts the host directory `~/wordlists` to the container in the path `/wordlists`)
+
+Published on https://hub.docker.com/r/wpscanteam/wpscan/
+
+# Manual install
+
 ## Prerequisites
 
-- Ruby >= 2.1.9 - Recommended: 2.3.1
+- Ruby >= 2.1.9 - Recommended: 2.4.1
 - Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
 - RubyGems      - Recommended: latest
 - Git
@@ -110,7 +148,7 @@ Windows is not supported
 
 ### Installing dependencies on Debian
 
-    sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
+    sudo apt-get install gcc git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
 
 ### Installing dependencies on Fedora
 
@@ -121,11 +159,11 @@ Windows is not supported
     pacman -Syu ruby
     pacman -Syu libyaml
 
-### Installing dependencies on Mac OSX
+### Installing dependencies on macOS
 
 Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See [http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error](http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error)
 
-## Installing with RVM (recommended)
+## Installing with RVM (recommended when doing a manual install)
 
 If you are using GNOME Terminal, there are some steps required before executing the commands. See here for more information:
 https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
@@ -136,10 +174,9 @@ https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
     curl -sSL https://get.rvm.io | bash -s stable
     source ~/.rvm/scripts/rvm
     echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
-    rvm install 2.3.1
+    rvm install 2.4.1
-    rvm use 2.3.1 --default
+    rvm use 2.4.1 --default
     echo "gem: --no-ri --no-rdoc" > ~/.gemrc
-    gem install bundler
     git clone https://github.com/wpscanteam/wpscan.git
     cd wpscan
     gem install bundler
@@ -151,19 +188,6 @@ https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
     cd wpscan
     sudo gem install bundler && bundle install --without test
 
-# DOCKER
-Pull the repo with `docker pull wpscanteam/wpscan`
-
-## Start WPScan
-
-```
-docker run --rm wpscanteam/wpscan -u http://yourblog.com [options]
-```
-
-For the available Options, please see https://github.com/wpscanteam/wpscan#wpscan-arguments
-
-Published on https://hub.docker.com/r/wpscanteam/wpscan/
-
 # KNOWN ISSUES
 
   - Typhoeus segmentation fault
@@ -236,7 +260,7 @@ Published on https://hub.docker.com/r/wpscanteam/wpscan/
     --follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not
     --batch                             Never ask for user input, use the default behaviour.
     --no-color                          Do not use colors in the output.
-    --log                               Creates a log.txt file with WPScan's output.
+    --log [filename]                    Creates a log.txt file with WPScan's output if no filename is supplied. Otherwise the filename is used for logging.
     --no-banner                         Prevents the WPScan banner from being displayed.
     --disable-accept-header             Prevents WPScan sending the Accept HTTP header.
     --disable-referer                   Prevents setting the Referer header.
@@ -250,6 +274,7 @@ Published on https://hub.docker.com/r/wpscanteam/wpscan/
     --proxy-auth <username:password>    Supply the proxy login credentials.
     --basic-auth <username:password>    Set the HTTP Basic authentication.
     --wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.
+                                        If the "-" option is supplied, the wordlist is expected via STDIN.
     --username | -U <username>          Only brute force the supplied username.
     --usernames     <path-to-file>      Only brute force the usernames from the file.
     --cache-dir       <cache-directory> Set the cache directory.
@@ -273,6 +298,10 @@ Do wordlist password brute force on enumerated users using 50 threads...
 
 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50```
 
+Do wordlist password brute force on enumerated users using STDIN as the wordlist...
+
+```crunch 5 13 -f charset.lst mixalpha | ruby wpscan.rb --url www.example.com --wordlist -```
+
 Do wordlist password brute force on the 'admin' username only...
 
 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin```

bin/rspec

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+# always rebuild and include all GEMs
+docker build --build-arg "BUNDLER_ARGS=--jobs=8" -t wpscan:rspec .
+# update all gems (this updates Gemfile.lock on the host)
+# this also needs some build dependencies
+docker run --rm -u root -v $DIR/../Gemfile.lock:/wpscan/Gemfile.lock --entrypoint "" wpscan:rspec sh -c 'apk add --no-cache alpine-sdk ruby-dev libffi-dev zlib-dev && bundle update'
+# rebuild image with latest GEMs
+docker build --build-arg "BUNDLER_ARGS=--jobs=8" -t wpscan:rspec .
+# run spec
+docker run --rm -v $DIR/../:/wpscan --entrypoint "" wpscan:rspec rspec
+

bin/update_gems

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+docker run -it --rm -v "$DIR/../":/wpscan -w /wpscan ruby:2.4 bundle update

bin/wpscan

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+docker build -q -t wpscan:git .
+docker run -it --rm wpscan:git "$@"
+

bin/wpscan-dev

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+if [[ -n "$WPSCAN_BUILD" ]]; then
+  docker build -q -t wpscan:git .
+fi
+docker run -it --rm -v $DIR/../:/wpscan wpscan:git "$@"
+

lib/common/browser/options.rb

@@ -20,7 +20,7 @@ class Browser
       elsif auth =~ /\ABasic [a-zA-Z0-9=]+\z/
         @basic_auth = auth
       else
-       raise 'Invalid basic authentication format, "login:password" or "Basic base_64_encoded" expected'
+        raise "Invalid basic authentication format, \"login:password\" or \"Basic base_64_encoded\" expected. Your input: #{auth}"
      end
     end
 

lib/common/common_helper.rb

@@ -11,7 +11,7 @@ COMMON_LIB_DIR       = File.join(LIB_DIR, 'common')
 MODELS_LIB_DIR       = File.join(COMMON_LIB_DIR, 'models')
 COLLECTIONS_LIB_DIR  = File.join(COMMON_LIB_DIR, 'collections')
 
-LOG_FILE             = File.join(ROOT_DIR, 'log.txt')
+DEFAULT_LOG_FILE     = File.join(ROOT_DIR, 'log.txt')
 
 # Plugins directories
 COMMON_PLUGINS_DIR   = File.join(COMMON_LIB_DIR, 'plugins')
@@ -30,7 +30,7 @@ LAST_UPDATE_FILE  = File.join(DATA_DIR, '.last_update')
 
 MIN_RUBY_VERSION = '2.1.9'
 
-WPSCAN_VERSION = '2.9.2'
+WPSCAN_VERSION = '2.9.3'
 
 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -96,7 +96,9 @@ end
 
 def update_required?
   date = last_update
-  (true if date.nil?) or (date < 5.days.ago)
+  day_seconds = 24 * 60 * 60
+  five_days_ago = Time.now - (5 * day_seconds)
+  (true if date.nil?) or (date < five_days_ago)
 end
 
 # Define colors

lib/common/hacks.rb

@@ -21,7 +21,7 @@ end
 def puts(o = '')
   if $log && o.respond_to?(:gsub)
     temp = o.gsub(/\e\[\d+m/, '') # remove color for logging
-    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
+    File.open($log, 'a+') { |f| f.puts(temp) }
   end
 
   super(o)
@@ -35,16 +35,3 @@ class Numeric
     s.sub(/\.?0*$/, ' ' + units[e])
   end
 end
-
-# time calculations
-class Fixnum
-  SECONDS_IN_DAY = 24 * 60 * 60
-
-  def days
-    self * SECONDS_IN_DAY
-  end
-
-  def ago
-    Time.now - self
-  end
-end

lib/common/models/wp_item.rb

@@ -51,7 +51,7 @@ class WpItem
   end
 
   def last_updated
-    db_data['last_ipdated']
+    db_data['last_updated']
   end
 
   def popular?

lib/common/models/wp_user/brute_forcable.rb

@@ -28,9 +28,18 @@ class WpUser < WpItem
       queue_count  = 0
       found        = false
 
-      create_progress_bar(count_file_lines(wordlist)+1, options)
+      if wordlist == '-'
+        words = ARGF
+        passwords_size = 10
+        options[:starting_at] = 0
+      else
+        words = File.open(wordlist)
+        passwords_size = count_file_lines(wordlist)+1
+      end
 
-      File.open(wordlist).each do |password|
+      create_progress_bar(passwords_size, options)
+
+      words.each do |password|
         password.chomp!
 
         # A successfull login will redirect us to the redirect_to parameter
@@ -43,7 +52,13 @@ class WpUser < WpItem
         request = login_request(password, redirect_url)
 
         request.on_complete do |response|
-          progress_bar.progress += 1 if options[:show_progression] && !found
+          if options[:show_progression] && !found
+            progress_bar.progress += 1
+            percentage = progress_bar.progress.fdiv(progress_bar.total)
+            if options[:starting_at] && percentage >= 0.8
+              progress_bar.total *= 2
+            end
+          end
 
           progress_bar.log("  Trying Username: #{login} Password: #{password}") if options[:verbose]
 
@@ -79,7 +94,8 @@ class WpUser < WpItem
         @progress_bar = ProgressBar.create(
           format: '%t %a <%B> (%c / %C) %P%% %e',
           title: "  Brute Forcing '#{login}'",
-          total: passwords_size
+          total: passwords_size,
+          starting_at: options[:starting_at]
         )
       end
     end
@@ -118,7 +134,7 @@ class WpUser < WpItem
       elsif response.code.to_s =~ /^50/
         progression = critical('ERROR: Server error, try reducing the number of threads or use the --throttle option.')
       else
-        progression = critical("ERROR: We received an unknown response for #{password}...")
+        progression = critical("ERROR: We received an unknown response for login: #{login} and password: #{password}")
         verbose     = critical("  Code: #{response.code}\n    Body: #{response.body}\n")
       end
 

lib/environment.rb

@@ -14,16 +14,15 @@ Encoding.default_external = Encoding::UTF_8
 
 begin
   # Standard libs
+  require 'readline'
   require 'bundler/setup' unless kali_linux?
   require 'getoptlong'
   require 'optparse' # Will replace getoptlong
   require 'uri'
   require 'time'
   require 'resolv'
-  require 'xmlrpc/client'
   require 'digest/md5'
   require 'digest/sha1'
-  require 'readline'
   require 'base64'
   require 'rbconfig'
   require 'pp'

lib/wpscan/wp_target.rb

@@ -155,6 +155,21 @@ class WpTarget < WebSite
     resp.code == 200 && resp.body[%r{by interconnect}i]
   end
 
+  # Script used to recover locked out admin users
+  # http://yoast.com/emergency-wordpress-access/
+  # https://codex.wordpress.org/User:MichaelH/Orphaned_Plugins_needing_Adoption/Emergency
+  #
+  # @return [ String ]
+  def emergency_url
+    @uri.merge('emergency.php').to_s
+  end
+
+  # @return [ Boolean ]
+  def emergency_exists?
+    resp = Browser.get(emergency_url)
+    resp.code == 200 && resp.body[%r{password}i]
+  end
+
   def upload_directory_listing_enabled?
     directory_listing_enabled?(upload_dir_url)
   end

lib/wpscan/wpscan_helper.rb

@@ -89,7 +89,7 @@ def help
   puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
   puts '--batch                             Never ask for user input, use the default behaviour.'
   puts '--no-color                          Do not use colors in the output.'
-  puts '--log                               Creates a log.txt file with WPScan\'s output.'
+  puts '--log [filename]                    Creates a log.txt file with WPScan\'s output if no filename is supplied. Otherwise the filename is used for logging.'
   puts '--no-banner                         Prevents the WPScan banner from being displayed.'
   puts '--disable-accept-header             Prevents WPScan sending the Accept HTTP header.'
   puts '--disable-referer                   Prevents setting the Referer header.'

lib/wpscan/wpscan_options.rb

@@ -75,7 +75,7 @@ class WpscanOptions
   end
 
   def wordlist=(wordlist)
-    if File.exists?(wordlist)
+    if File.exists?(wordlist) || wordlist == '-'
       @wordlist = wordlist
     else
       raise "The file #{wordlist} does not exist"
@@ -152,11 +152,6 @@ class WpscanOptions
     end
   end
 
-  def basic_auth=(basic_auth)
-    raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil?
-    @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
-  end
-
   def debug_output=(debug_output)
     Typhoeus::Config.verbose = debug_output
   end
@@ -286,7 +281,7 @@ class WpscanOptions
       ['--batch', GetoptLong::NO_ARGUMENT],
       ['--no-color', GetoptLong::NO_ARGUMENT],
       ['--cookie', GetoptLong::REQUIRED_ARGUMENT],
-      ['--log', GetoptLong::NO_ARGUMENT],
+      ['--log', GetoptLong::OPTIONAL_ARGUMENT],
       ['--no-banner', GetoptLong::NO_ARGUMENT],
       ['--throttle', GetoptLong::REQUIRED_ARGUMENT],
       ['--disable-accept-header', GetoptLong::NO_ARGUMENT],

spec/lib/wpscan/wp_target_spec.rb

@@ -192,4 +192,27 @@ describe WpTarget do
     end
   end
 
+  describe '#emergency_url' do
+    it 'returns the correct url' do
+      expect(wp_target.emergency_url).to eq 'http://example.localhost/emergency.php'
+    end
+  end
+
+  describe '#emergency_exists?' do
+    it 'returns true' do
+      stub_request(:any, wp_target.emergency_url).to_return(status: 200, body: 'enter your password here')
+      expect(wp_target.emergency_exists?).to be_truthy
+    end
+
+    it 'returns false' do
+      stub_request(:any, wp_target.emergency_url).to_return(status: 500)
+      expect(wp_target.emergency_exists?).to be_falsey
+    end
+
+    it 'returns false' do
+      stub_request(:any, wp_target.emergency_url).to_return(status: 500, body: 'enter your password here')
+      expect(wp_target.emergency_exists?).to be_falsey
+    end
+  end
+
 end

spec/lib/wpscan/wpscan_options_spec.rb

@@ -186,23 +186,6 @@ describe 'WpscanOptions' do
     end
   end
 
-  describe '#basic_auth=' do
-    context 'invalid format' do
-      it 'should raise an error if the : is missing' do
-        expect { @wpscan_options.basic_auth = 'helloworld' }.to raise_error(
-          RuntimeError, 'Invalid basic authentication format, login:password expected'
-        )
-      end
-    end
-
-    context 'valid format' do
-      it "should add the 'Basic' word and do the encode64. See RFC 2617" do
-        @wpscan_options.basic_auth = 'Aladdin:open sesame'
-        expect(@wpscan_options.basic_auth).to eq 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
-      end
-    end
-  end
-
   describe '#has_options?' do
     it 'should return false' do
       expect(@wpscan_options.has_options?).to be_falsey

spec/samples/common/models/wp_item/versionable/wp-maintenance-mode.txt

@@ -0,0 +1,413 @@
+=== WP Maintenance Mode ===
+Contributors: Designmodo, GeorgeJipa
+Plugin Name: WP Maintenance Mode
+Plugin URI: http://designmodo.com/
+Author: Designmodo
+Author URI: http://designmodo.com/
+Tags: maintenance mode, admin, administration, unavailable, coming soon, multisite, landing page, under construction, contact form, subscribe, countdown
+Requires at least: 3.5
+Tested up to: 4.7
+License: GPL-2.0+
+
+Adds a splash page to your site that lets visitors know your site is down for maintenance. It's perfect for a coming soon page.
+
+== Description ==
+
+Add a maintenance page to your blog that lets visitors know your blog is down for maintenance, or add a coming soon page for a new website. User with admin rights gets full access to the blog including the front end.
+
+Activate the plugin and your blog is in maintenance-mode, works and only registered users with enough rights can see the front end. You can use a date with a countdown timer for visitor information or set a value and unit for information.
+Also works with WordPress Multisite installs (each blog from the network has it's own maintenance settings).
+
+= Features =
+
+* Fully customizable (change colors, texts and backgrounds);
+* Subscription form (export emails to .csv file);
+* Countdown timer (remaining time);
+* Contact form (receive emails from visitors);
+* Coming soon page;
+* Landing page templates;
+* WordPress multisite;
+* Responsive design;
+* Social media icons;
+* Works with any WordPress theme;
+* SEO options;
+* Exclude URLs from maintenance.
+
+= Bugs, technical hints or contribute =
+
+Please give us feedback, contribute and file technical bugs on [GitHub Repo](https://github.com/Designmodocom/WP-Maintenance-Mode).
+
+= Credits =
+
+Developed by [Designmodo](http://designmodo.com) & [StrictThemes – WordPress Themes](http://strictthemes.com/)
+
+== Installation ==
+
+1. Unpack the download package
+2. Upload all files to the `/wp-content/plugins/` directory, include folders
+3. Activate the plugin through the 'Plugins' menu in WordPress
+4. Go to `Settings` page, where you can change what settings you need (pay attention to **Exclude** option!)
+
+== Screenshots ==
+
+1. Maintenance Mode example
+2. Maintenance Mode example #2
+3. Contact form
+4. Dashboard General settings
+5. Dashboard Design settings
+6. Dashboard Modules settings
+
+== Frequently Asked Questions ==
+
+= How to use plugin filters =
+See [GitHub Repo] (https://github.com/Designmodocom/WP-Maintenance-Mode) FAQ.
+
+= Cache Plugin Support =
+WP Maintenance Mode can be unstable due the cache plugins, we recommend to deactivate any cache plugin when maintenance mode is active.
+
+= Exclude list =
+If you change your login url, please add the new slug (url: http://domain.com/newlogin, then you should add: newlogin) to Exclude list from plugin settings -> General Tab.
+
+== Changelog ==
+
+= 2.0.9 (29/11/2016) =
+* new hook (`wpmm_after_body`) in maintenance mode template (thanks @ [Karolína Vyskočilová](https://github.com/vyskoczilova))
+* pt_PT (portuguese) language update (thanks @ [Pedro Mendonça](https://github.com/pedro-mendonca))
+* maintenance mode template can also be loaded from theme/child-theme folder (thanks @ [Florian Tiar](https://github.com/Mahjouba91) and [Lachlan Heywood](https://github.com/lachieh))
+* new hooks for contact form (if you want to add new fields): `wpmm_contact_form_start`, `wpmm_contact_form_before_message`, `wpmm_contact_form_after_message`, `wpmm_contact_form_end`
+* new hook for contact form validation (if you want to validate new fields): `wpmm_contact_validation`
+* new hooks for contact form template (if you want to display new fields): `wpmm_contact_template_start`, `wpmm_contact_template_before_message`, `wpmm_contact_template_after_message`, `wpmm_contact_template_end`
+* some javascript improvements
+* small css fix for contact form (thanks @ [frontenddev](https://wordpress.org/support/topic/please-fix-modal-window-of-contact-form/))
+
+= 2.0.8 (09/09/2016) =
+* add wp_scripts() function (in helpers.php) to maintain backward compatibility (for those with WP < 4.2.0)
+* css fix for subscribe button on maintenance page
+* fix multisite administrator access issue
+* pt_PT (portuguese) language update (thanks @ Pedro Mendonça)
+* new hooks for Contact module: `wpmm_contact_template`, `wpmm_contact_subject`, `wpmm_contact_headers`
+* jQuery (google cdn) path fix when SCRIPT_DEBUG is true
+
+= 2.0.7 (06/07/2016) =
+* reset_settings _wpnonce check (thanks # Wordfence)
+* modules > google analytics code sanitization (thanks @ Wordfence)
+* move sidebar banners from our servers to plugin folder... as WordPress staff requested
+* Subscribe button error on Mobile version (thanks @ Hostílio Thumbo)
+* replace $wp_scripts global with wp_scripts() function
+* de_DE language file update (thanks @ tt22tt)
+
+= 2.0.6 (20/06/2016) =
+* notifications update
+* languages update
+
+= 2.0.5 (17/06/2016) =
+* roles (array) fix
+
+= 2.0.4 (17/06/2016) =
+* fixed issue: responsive subscribe form
+* fixed issue: jQuery was loaded from a different folder on some WP installations
+* fixed issue: errors after update (strstr on empty strings because of saving empty lines on exclude list)
+* fixed issue: if "Redirection" from "General" tab is active, also redirects ajax calls
+* fixed issue: settings page title was wrong placed
+* "contact" feature update - nice email template + reply-to email header
+* refactoring for some methods
+* all assets are now minified
+* rewrite count db records function (used on subscribers count)
+* compatible with https://github.com/afragen/github-updater
+* compatible with wp-cli http://wp-cli.org/
+* improved responsivity
+* improved roles access; now you can set multiple roles (editor, author, subscriber, contributor) and administrator will always have access to backend and frontend
+* it_IT translation by benedettogit (https://github.com/benedettogit)
+* updated all language files (need help for 100% translation)
+
+
+= 2.0.3 (07/10/2014) =
+* WP_Super_Cache issue was fixed
+* fixed "Subscribe" button issue on Safari mobile
+* fixed color of subscribe-success message (same color as subscribe_text)
+* "Social networks" module edits: settings for links target + a new social network: linkedin
+* new module "Google Analytics"
+* loginform shortcode reintroduced
+* dashboard link on maintenance page reintroduced
+* the content editor accepts new css inline properties: min-height, max-height, min-width, max-width. Use them wisely! :)
+* Settings & sidebar view + old translation files edited
+* Update from old version 1.x to 2.x issue was fixed
+* Translate on activation issue was fixed
+* de_DE translation by Frank Bültge (http://bueltge.github.io/)
+* pt_PT translation (100% translated) by Pedro Mendonça (http://www.pedromendonca.pt)
+* ru_RU translation (100% translated) by affectiosus (https://github.com/affectiosus)
+* nl_NL translation by dhunink (https://github.com/dhunink)
+* es_ES translation (100% translated) by Erick Ruiz de Chavez (http://erickruizdechavez.com/)
+* fr_FR translation by Florian TIAR (https://github.com/Mahjouba91)
+* pt_BR translation by Jonatas Araújo (http://www.designworld.com.br/)
+* sv_SE translation by Andréas Lundgren (http://adevade.com/)
+
+= 2.0.2 (04/09/2014) =
+* Removed "Author Link" option from General
+* Countdown - save details fix
+
+= 2.0.1 (02/09/2014) =
+* Reintroduced some deprecated actions from old version (but still available in next 4 releases, after that will be removed) and replaced with new ones:
+- `wm_head` -> `wpmm_head`
+- `wm_footer` -> `wpmm_footer`
+* Multisite settings link fix
+* WP_Maintenance_Mode: init (array checking for custom_css arrays, move delete cache part into a helper, etc.), add_subscriber, send_contact, redirect fixes & optimizations
+* WP_Maintenance_Mode_Admin: save_plugin_settings fixes, delete_cache (new method)
+* Settings & Maintenance views fixes
+* Readme.txt changes
+
+= 2.0.0 (01/09/2014) =
+* Changed design and functionality, new features
+* Changed multisite behaviour: now you can activate maintenance individually (each blog from the network has it's own maintenance settings)
+* Removed actions: `wm_header`, `wm_footer`, `wm_content`
+* Removed filters: `wm_header`
+* Removed [loginform] shortcode
+* Some filters are deprecated (but still available in next 4 releases, after that will be removed) and replaced with new ones:
+- `wm_heading` -> `wpmm_heading`,
+- `wp_maintenance_mode_status_code` -> `wpmm_status_code`
+- `wm_title` -> `wpmm_meta_title`
+- `wm_meta_author` -> `wpmm_meta_author`
+- `wm_meta_description` -> `wpmm_meta_description`
+- `wm_meta_keywords` -> `wpmm_meta_keywords`
+* Added new filters:
+- `wpmm_backtime` - can be used to change the backtime from page header
+- `wpmm_meta_robots` - can be used to change `Robots Meta Tag` option (from General)
+- `wpmm_text` - can be used to change `Text` option (from Design > Content)
+- `wpmm_scripts` - can be used to embed new javascripts files
+- `wpmm_styles` - can be used to embed new css files
+- `wpmm_search_bots` - if you have `Bypass for Search Bots` option (from General) activated, it can be used to add new bots (useragents)
+* Removed themes and now we have a "Design" & "Modules" tabs, where the look and functionality of the maintenance page can be changed as you need
+
+= 07/07/2014 =
+* Switch to new owner, contributor
+
+= 1.8.11 (07/25/2013) =
+* Fixes for php notices in scrict mode
+* Alternative for check url, if curl is not installed
+
+= 1.8.10 (07/18/2013) =
+* Add check for urls, Performance topics
+* Change default setting of 'Support Link' to false
+* Fix network settings php notices
+
+= 1.8.9 (06/20/2013) =
+* Allow empty header, title, heading string
+* Small code changes
+* Add Support function
+* Remove preview, will include later in a new release with extra settings page
+
+= 1.8.8 (06/05/2013) =
+* Fix path to localized flash content
+* Fix preview function
+* Add ukrainian translation
+* Add czech translation
+* Fix exclude function for IP
+* Security fix for save status via Ajax
+
+= 1.8.7 (04/07/2013) =
+* Add RTL support for splash page
+* Add Filter Hook `wp_maintenance_mode_status_code` Status Code; default is 503
+* Add support for custom splash page; leave a file with this name `wp-maintenance-mode.php`  in the wp-content; the plugin use this file
+  The plugin checks in `WP_CONTENT_DIR . '/wp-maintenance-mode.php'`
+* Small minor changes
+* Add filter for more date on splash page
+
+= 1.8.6 (02/22/2013) =
+* Remove log inside console for JS
+* Add support for time inside the countdown
+* Add filter hook `wm_meta_author`for the meta data author
+* Add filter hook `wm_meta_description` for custom description
+* Add filter hook `wm_meta_keywords`for custom meta keys
+
+= 1.8.5 (01/24/2013) =
+* Added new settings for hide, view notices about the active maintenance mode
+* Changes on source, codex
+* Fix PHP Notices [Support Thread](http://wordpress.org/support/topic/error-message-in-settings-1)
+* Change default settings, added ajax
+* Fix Preview function
+* Fix uninstall in WPMU
+* Small updates on styles for login form
+
+= 1.8.4 (12/06/2012) =
+* Fix for include JS in frontend to use countdown
+* Small mini fix for a php notice
+* Add charset on spalsh page for strange databases
+* Enhanced default exclude adresses
+* Add shortcode `[loginform]` for easy use a login form in splash page
+* Test with WordPress 3.5
+
+= 1.8.3 =
+* Fix for the forgotten update of JS-files; slow SVN :(
+* Minor Fixes
+
+= 1.8.2 =
+* Add different access for Frontend and Backend
+* Add Rewrite after Login for Frontend Access
+* Different small changes
+* Test for WP 3.5
+
+= 1.8.1 =
+* Add option for value of robots meta tag
+* Add option for optional admin login
+
+= 1.8.0 =
+* Include all scripts in backend via function
+* Update datepicker and countdown js
+* Supportet IP as exclude for see the frontend
+* Add support for flish cache od WP Super Cache and W3 Total Cache plugins
+* Fix for changes in WP 3.3 Multisite
+
+= 1.7.1 (12/05/2011) =
+* fix for WP smaller 3.2* on Network
+
+= 1.7.0 (12/02/2011) =
+* add functionalities to use in WP Multisite
+* remove message in header, current is not fixed the ticked in core and the message on Admin Bar an Notice is enough
+* check on WP 3.3RC1
+
+= 1.6.10 (08/30/2011) =
+* add hint in Admin Bar, if active
+* small changes for WP Codex
+
+= 1.6.9 (06/13/2011) =
+* Small fix for empty string on custom design
+
+= 1.6.8 (04/05/2011) =
+* Small changes on check for datepicker
+* Fix for Design monster
+
+= 1.6.7 (01/05/2011) =
+* Bugfix: new check for files for different themes; hope this fix the server errors
+* Bugfix: fix add default settings
+* Maintenance: different changes on the syntax
+* Feature: add check for Super Admin on WP Multisite; has allways the rights for access
+* Feature: now it is possible to exclude feed from maintenance mode
+* Maintenance: check with 3.0.4 and 3.1-RC2
+* Maintenance: update language file: .pot, de_DE
+* Bugfix: JavaScript error on Bulk Actions on plugins fixed
+* Maintenance: fix all notice, if set no values
+
+= 1.6.6. (10/09/2010) =
+* Maintenance: many changes on the code; $locale and hook in side frontend
+* Maintenance: change attribute_escaped to esc_attr with custom method for WP smaller 2.8
+* Maintenance: Update german language files
+* Feature: Shortcodes is now possible in the "Text" option
+* Feature: no cache header rewrite
+
+= 1.6.5 (09/16/2010) =
+* add new design "Chemistry" by [elmastudio.de](http://www.elmastudio.de/ "elmastudio.de")
+* changes for include methods od class for preview
+* changes the possibility for include of language specific flash files
+
+= 1.6.4 (09/13/2010) =
+* add preview functions
+* bugfix for list in wp-admin/plugins.php
+* remove datepicker.regional - dont work fine
+* different small changes
+* new language file .pot
+* add flash file and change on plugin for style "Animate" for spanish language
+
+= 1.6.3 (07/27/2010) =
+* bugfix to include stylesheet on maintenance mode message
+
+= 1.6.2 (07/08/2010) =
+* add functions for hint in the new UI of WP 3.0
+* add more WP Codex standard source
+* fix strings in the language and languages files
+* add datetimepicker-de
+
+= 1.6.1 (06/18/2010) =
+* fix a problem with https://; see [Ticket #13941](http://core.trac.wordpress.org/ticket/13941)
+
+= 1.6 (05/17/2010) =
+* bugfix for exclude sites
+
+= 1.5.9 (05/07/2010) =
+* change different points
+* add possibility to wotk with MySQLDumper
+
+= 1.5.8 (21/03/2010)=
+* fix exclude error
+* add textareas for heading and header fields
+
+= 1.5.7 (03/18/2010) =
+* block admin-area via role
+* add message for registered users with not enough rights
+* add message on login-page
+* different changes
+
+= 1.5.6 (02/25/2010) =
+* changes on css, site.php and different syntax on the plugin
+
+= 1.5.5 (02/23/2010) =
+* SORRY, small bug for the url to jQuery
+
+= 1.5.4 (02/23/2010) =
+* add time for countdown
+* changes for WP 3.0
+* changees on rights to see frontend
+
+= 1.5.3 (01/05/2010) =
+* Fix for JavaScript with WordPress 2.9
+* Add new custom fields for fronted: title, header, heading
+* Fix for setting userrole to see frontend
+* Change laguage files
+
+= 1.5.2 (01/04/2010) =
+* add user-role setting
+* correctly the de_DE language file
+
+= 1.5.1 (10/04/2009) =
+* add small fix
+* add language files (en_ES, ro_RO)
+
+= 1.5.0 (09/28/2009) =
+* add countdown
+* change options
+* change default options
+* add field for own adress to excerpt of the maintenance mode
+* etc.
+
+= 1.4.9 (07/09/2009) =
+* also ready for WordPress 2.6
+* add romanian language files
+* add italian language file by [Gianni Diurno](http://gidibao.net/ "Gianni Diurno")
+
+= 1.4.8 (03/09/2009) =
+* add design "Damask" by [Fabian Letscher](http://fabianletscher.de/ "Fabian Letscher")
+* add design "Lego" by [Alex Frison](http://www.afrison.com/ "Alex Frison")
+
+= 1.4.7 (26/08/2009) =
+* change doc-type to utf-8 without BOM
+
+= v1.4.6 (24/08/2009) =
+* add design "Animate (Flash)" by [Sebastian Schmiedel](http://www.cayou-media.de/ "Sebastian Schmiedel")
+* add new hook for add content `wm_content` to include flash on content
+* add frensh language files
+
+= v1.4.5 (19/08/2009) =
+* fix html string in text on frontend
+* add design "Paint" by [Marvin Labod](http://bugeyes.de/ "Marvin Labod")
+* add turkey language files
+
+= v1.4.4 (18/08/2009) =
+* add design "Chastely" by [Florian Andreas Vogelmaier](http://fv-web.de/ "Florian Andreas Vogelmaier")
+* add design "Only Typo" by [Robert Pfotenhauer](http://krautsuppe.de/ "Robert Pfotenhauer")
+
+= v1.4.3 (13/08/2009) =
+* add option for the Text
+* add option for active maintenance mode
+* add design "The FF Error" by [Thomas Meschke](http://www.lokalnetz.com/ "Thomas Meschke")
+* add design "Monster" by [Sebastian Sebald](http://www.backseatsurfer.de "Sebastian Sebald")
+
+= v1.4.2 (10/08/2009) =
+* add design "The Sun" by [Nicki Steiger](http://mynicki.net/ "Nicki Steiger")
+* now it is possible to add own css and add in settings the url to the css-file
+
+= v1.4.1 (07/08/2009) =
+* small html-fix
+
+= v1.4 (06/08/2009) =
+* complety new code
+* options menu
+* new designs by [David Hellmann](http://www.davidhellmann.com/ "David Hellmann")

spec/shared_examples/browser/options.rb

@@ -3,14 +3,14 @@
 shared_examples 'Browser::Options' do
 
   describe '#basic_auth=' do
-    let(:exception) { 'Invalid basic authentication format, "login:password" or "Basic base_64_encoded" expected' }
+    let(:exception) { /^Invalid basic authentication format, "login:password" or "Basic base_64_encoded" expected. Your input: .+$/ }
 
     after do
       if @expected
         browser.basic_auth = @auth
         expect(browser.basic_auth).to eq @expected
       else
-        expect { browser.basic_auth = @auth }.to raise_error(exception)
+        expect { browser.basic_auth = @auth }.to raise_error(RuntimeError, exception)
       end
     end
 

spec/shared_examples/wp_item_versionable.rb

@@ -138,6 +138,13 @@ shared_examples 'WpItem::Versionable' do
             @expected = nil
           end
         end
+
+        #  context 'when parsing the changelog for version numbers with dates' do
+        #   it 'returns it' do
+        #     @file     = '/wp-maintenance-mode.txt'
+        #     @expected = '2.0.9'
+        #   end
+        # end
       end
     end
   end

wpscan.rb

@@ -8,14 +8,47 @@ $exit_code = 0
 require File.join(__dir__, 'lib', 'wpscan', 'wpscan_helper')
 
 def main
-  # delete old logfile, check if it is a symlink first.
-  File.delete(LOG_FILE) if File.exist?(LOG_FILE) and !File.symlink?(LOG_FILE)
-
   begin
     wpscan_options = WpscanOptions.load_from_arguments
 
     $log = wpscan_options.log
 
+    # some sanity checks
+    if $log
+      if $log.empty?
+        $log = DEFAULT_LOG_FILE
+      end
+
+      # translate to full path if no starting / detected
+      if $log !~ /^#{File::SEPARATOR}/
+        $log = File.join(ROOT_DIR, $log)
+      end
+
+      # check if file exists and has a size greater zero
+      if File.exist?($log) && File.size?($log)
+        puts notice("The supplied log file #{$log} already exists. If you continue the new output will be appended.")
+        print '[?] Do you want to continue? [Y]es [N]o, default: [N]'
+        if Readline.readline !~ /^y/i
+          # unset logging so puts will try to log to the file
+          $log = nil
+          puts notice('Scan aborted')
+          exit(1)
+        end
+      end
+
+      # check if we can write the file
+      begin
+        File.open($log, 'a')
+      rescue SystemCallError => e
+        # unset logging so puts will try to log to the file
+        temp = $log
+        $log = nil
+        puts critical("Error with logfile #{temp}:")
+        puts critical(e)
+        exit(1)
+      end
+    end
+
     banner() unless wpscan_options.no_banner # called after $log set
 
     unless wpscan_options.has_options?
@@ -193,6 +226,10 @@ def main
       puts critical("searchreplacedb2.php has been found in: '#{wp_target.search_replace_db_2_url}'")
     end
 
+    if wp_target.emergency_exists?
+      puts critical("emergency.php has been found in: '#{wp_target.emergency_url}'")
+    end
+
     wp_target.interesting_headers.each do |header|
       output = info('Interesting header: ')
 
@@ -470,7 +507,10 @@ def main
       puts
     end
 
-    puts critical('Please submit this info as an Github issue')
+    puts critical('Some hints to help you with this issue:')
+    puts critical('-) Try updating again')
+    puts critical('-) If you see SSL/TLS related error messages you have to fix your local TLS setup')
+    puts critical('-) Windows is still not supported')
     exit(1)
   rescue => e
     puts