Class: Object

add_http_protocol(url) click to toggle source

Add protocol

# File lib/common_helper.rb, line 42
def add_http_protocol(url)
  if url !~ /^https?:/
    url = "http://#{url}"
  end
  url
end

add_trailing_slash(url) click to toggle source

# File lib/common_helper.rb, line 49
def add_trailing_slash(url)
  url = "#{url}/" if url !~ /\/$/
  url
end

banner() click to toggle source

our 1337 banner

# File lib/common_helper.rb, line 80
def banner()
  puts '____________________________________________________'
  puts " __          _______   _____                  "
  puts " \\ \\        / /  __ \\ / ____|                 "
  puts "  \\ \\  /\\  / /| |__) | (___   ___  __ _ _ __  "
  puts "   \\ \\/  \\/ / |  ___/ \\___ \\ / __|/ _` | '_ \\ "
  puts "    \\  /\\  /  | |     ____) | (__| (_| | | | |"
  puts "     \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_| v#{WPSCAN_VERSION}r#{REVISION}"
  puts
  puts "    WordPress Security Scanner by the WPScan Team"
  puts " Sponsored by the RandomStorm Open Source Initiative"
  puts '_____________________________________________________'
  puts
  if RUBY_VERSION < "1.9"
    puts "[WARNING] Ruby < 1.9 not officially supported, please upgrade."
    puts
  end
end

help() click to toggle source

command help

# File lib/wpscan/wpscan_helper.rb, line 68
def help()
  puts "Help :"
  puts
  puts "Some values are settable in conf/browser.conf.json :"
  puts "  user-agent, proxy, threads, cache timeout and request timeout"
  puts
  puts "--update   Update to the latest revision"
  puts "--url   | -u <target url>  The WordPress URL/domain to scan."
  puts "--force | -f Forces WPScan to not check if the remote site is running WordPress."
  puts "--enumerate | -e [option(s)]  Enumeration."
  puts "  option :"
  puts "    u        usernames from id 1 to 10"
  puts "    u[10-20] usernames from id 10 to 20 (you must write [] chars)"
  puts "    p        plugins"
  puts "    p!       only vulnerable plugins"
  puts "    t        timthumbs"
  puts "    T        themes"
  puts "    T!       only vulnerable themes"
  puts "  Multiple values are allowed : '-e tp' will enumerate timthumbs and plugins"
  puts "  If no option is supplied, the default is 'tup!'"
  puts
  puts "--config-file | -c <config file> Use the specified config file"
  puts "--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not"
  puts "--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed"
  puts "--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed"
  puts "--proxy  Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json)."
  puts "         HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used"
  puts "--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute."
  puts "--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)"
  puts "--username | -U <username>  Only brute force the supplied username."
  puts "--help     | -h This help screen."
  puts "--verbose  | -v Verbose output."
  puts
end

require_files_from_directory(absolute_dir_path, files_pattern = "*.rb") click to toggle source

TODO : add an exclude pattern ?

# File lib/common_helper.rb, line 33
def require_files_from_directory(absolute_dir_path, files_pattern = "*.rb")
  Dir[File.join(absolute_dir_path, files_pattern)].sort.each do |f|
    f = File.expand_path(f)
    require f
    #puts "require #{f}" # Used for debug
  end
end

usage() click to toggle source

wpscan usage

# File lib/wpscan/wpscan_helper.rb, line 24
def usage()
  script_name = $0
  puts "--help or -h for further help."
  puts
  puts "Examples :"
  puts
  puts "-Do 'non-intrusive' checks ..."
  puts "ruby #{script_name} --url www.example.com"
  puts
  puts "-Do wordlist password brute force on enumerated users using 50 threads ..."
  puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50"
  puts
  puts "-Do wordlist password brute force on the 'admin' username only ..."
  puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin"
  puts
  puts "-Enumerate installed plugins ..."
  puts "ruby #{script_name} --url www.example.com --enumerate p"
  puts
  puts "-Enumerate installed themes ..."
  puts "ruby #{script_name} --url www.example.com --enumerate T"
  puts
  puts "-Enumerate users ..."
  puts "ruby #{script_name} --url www.example.com --enumerate u"
  puts
  puts "-Enumerate installed timthumbs ..."
  puts "ruby #{script_name} --url www.example.com --enumerate t"
  puts
  puts "-Use a HTTP proxy ..."
  puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118"
  puts
  puts "-Use a SOCKS5 proxy ..."
  puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000"
  puts
  puts "-Use custom content directory ..."
  puts "ruby #{script_name} -u www.example.com --wp-content-dir custom-content"
  puts
  puts "-Update ..."
  puts "ruby #{script_name} --update"
  puts
  puts "See README for further information."
  puts
end

Home Classes Methods

In Files

Parent

Methods

Files

Class/Module Index

Object

Constants

Public Instance Methods