Fixes #1628

2021-04-26 17:48:25 +02:00
6 changed files with 11 additions and 36 deletions
--- a/app/controllers/aliases.rb
+++ b/app/controllers/aliases.rb
@@ -6,8 +6,7 @@ module WPScan
    class Aliases < CMSScanner::Controller::Base
      def cli_options
        [
-          OptAlias.new(['--stealthy'],
+          OptAlias.new(['--stealthy'], alias_for: '--random-user-agent --detection-mode passive')
                       alias_for: '--random-user-agent --detection-mode passive --plugins-version-detection passive')
        ]
      end
    end
--- a/app/controllers/enumeration/cli_options.rb
+++ b/app/controllers/enumeration/cli_options.rb
@@ -32,8 +32,7 @@ module WPScan
                                     value_if_empty: '1-100')
            },
            value_if_empty: 'vp,vt,tt,cb,dbe,u,m',
-            incompatible: [%i[vp ap p], %i[vt at t]],
+            incompatible: [%i[vp ap p], %i[vt at t]]
            default: { all_plugins: true, config_backups: true }
          ),
          OptRegexp.new(
            [
@@ -52,7 +51,7 @@ module WPScan
          OptChoice.new(
            ['--plugins-detection MODE',
             'Use the supplied mode to enumerate Plugins.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :passive
+            choices: %w[mixed passive aggressive], normalize: :to_sym
          ),
          OptBoolean.new(
            ['--plugins-version-all',
@@ -63,7 +62,7 @@ module WPScan
          OptChoice.new(
            ['--plugins-version-detection MODE',
             'Use the supplied mode to check plugins\' versions.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
+            choices: %w[mixed passive aggressive], normalize: :to_sym
          ),
          OptInteger.new(
            ['--plugins-threshold THRESHOLD',
--- a/app/controllers/enumeration/enum_methods.rb
+++ b/app/controllers/enumeration/enum_methods.rb
@@ -200,7 +200,7 @@ module WPScan
      # If the --enumerate is used, the default value is handled by the Option
      # However, when using --passwords alone, the default has to be set by the code below
      def enum_users_range
-        ParsedCli.enumerate[:users] || cli_enum_choices[0].choices[:u].validate(nil)
+        ParsedCli.enumerate&.dig(:users) || cli_enum_choices[0].choices[:u].validate(nil)
      end
    end
  end
--- a/lib/wpscan/version.rb
+++ b/lib/wpscan/version.rb
@@ -2,5 +2,5 @@
 # Version
 module WPScan
-  VERSION = '3.8.17'
+  VERSION = '3.9.0-dev'
 end
--- a/spec/app/controllers/aliases_spec.rb
+++ b/spec/app/controllers/aliases_spec.rb
@@ -21,9 +21,7 @@ describe WPScan::Controller::Aliases do
  describe 'parsed_options' do
    context 'when no --stealthy supplied' do
      it 'contains the correct options' do
-        expect(WPScan::ParsedCli.options).to include(
+        expect(WPScan::ParsedCli.options).to include(detection_mode: :mixed)
          detection_mode: :mixed, plugins_version_detection: :mixed
        )
      end
    end
@@ -31,9 +29,7 @@ describe WPScan::Controller::Aliases do
      let(:cli_args) { "#{super()} --stealthy" }
      it 'contains the correct options' do
-        expect(WPScan::ParsedCli.options).to include(
+        expect(WPScan::ParsedCli.options).to include(random_user_agent: true, detection_mode: :passive)
          random_user_agent: true, detection_mode: :passive, plugins_version_detection: :passive
        )
      end
    end
  end
--- a/spec/app/controllers/enumeration_spec.rb
+++ b/spec/app/controllers/enumeration_spec.rb
@@ -29,7 +29,7 @@ describe WPScan::Controller::Enumeration do
        let(:type)           { t }
        let(:detection_mode) { :mixed }
-        context 'when vulnerable' do
+        context 'when vulnerable and mixed detection' do
          let(:cli_args) { "#{super()} -e v#{type[0]}" }
          it 'returns the expected string' do
@@ -37,7 +37,7 @@ describe WPScan::Controller::Enumeration do
          end
        end
-        context 'when all' do
+        context 'when all and passive detection' do
          let(:cli_args)       { "#{super()} -e a#{type[0]}" }
          let(:detection_mode) { :passive }
@@ -46,7 +46,7 @@ describe WPScan::Controller::Enumeration do
          end
        end
-        context 'when most popular' do
+        context 'when most popular and aggressive detection' do
          let(:cli_args)       { "#{super()} -e #{type[0]}" }
          let(:detection_mode) { :aggressive }
@@ -58,14 +58,6 @@ describe WPScan::Controller::Enumeration do
    end
  end
  describe '#default_opts' do
    context 'when no --enumerate' do
      it 'contains the correct version_detection' do
        expect(controller.default_opts('plugins')[:version_detection]).to include(mode: :mixed)
      end
    end
  end
  describe '#cli_options' do
    it 'contains the correct options' do
      expect(controller.cli_options.map(&:to_sym)).to eql(
@@ -104,17 +96,6 @@ describe WPScan::Controller::Enumeration do
  describe '#run' do
    context 'when no :enumerate' do
      before do
        expect(controller).to receive(:enum_plugins)
        expect(controller).to receive(:enum_config_backups)
        expect(WPScan::ParsedCli.plugins_detection).to eql :passive
      end
      it 'calls enum_plugins and enum_config_backups' do
        controller.run
      end
      context 'when --passwords supplied but no --username or --usernames' do
        let(:cli_args) { "#{super()} --passwords some-file.txt" }