class Object

Constants

CACHE_DIR
COMMON_LIB_DIR
COMON_PLUGINS_DIR

Plugins directories

CONF_DIR
DATA_DIR
LIB_DIR
LOCAL_FILES_FILE
LOCAL_FILES_XSD
LOG_FILE
PLUGINS_FILE

Data files

PLUGINS_FULL_FILE
PLUGINS_VULNS_FILE
REVISION
ROOT_DIR
THEMES_FILE
THEMES_FULL_FILE
THEMES_VULNS_FILE
UPDATER_LIB_DIR
VULNS_XSD
WPSCAN_LIB_DIR
WPSCAN_PLUGINS_DIR
WPSCAN_VERSION
WPSTOOLS_LIB_DIR
WPSTOOLS_PLUGINS_DIR
WP_VERSIONS_FILE
WP_VERSIONS_XSD
WP_VULNS_FILE

Public Instance Methods

add_http_protocol(url) click to toggle source

Add protocol

# File lib/common_helper.rb, line 65
def add_http_protocol(url)
  url =~ %r^https?:/ ? url : "http://#{url}"
end
add_trailing_slash(url) click to toggle source 
# File lib/common_helper.rb, line 69
def add_trailing_slash(url)
  url =~ %r\/$/ ? url : "#{url}/"
end
banner() click to toggle source

our 1337 banner

colorize(text, color_code) click to toggle source 
# File lib/common_helper.rb, line 154
def colorize(text, color_code)
  "\e[#{color_code}m#{text}\e[0m"
end
get_equal_string_end(stringarray = ['']) click to toggle source

Gets the string all elements in stringarray ends with

# File lib/common_helper.rb, line 74
def get_equal_string_end(stringarray = [''])
  already_found = ''
  looping = true
  counter = -1
  if stringarray.kind_of? Array and stringarray.length > 1
    base = stringarray[0]
    while looping
      character = base[counter, 1]
      stringarray.each do |s|
        if s[counter, 1] != character
          looping = false
          break
        end
      end
      if looping == false or (counter * -1) > base.length
        break
      end
      already_found = "#{character if character}#{already_found}"
      counter -= 1
    end
  end
  already_found
end
get_metasploit_url(module_path) click to toggle source 
# File lib/common_helper.rb, line 166
def get_metasploit_url(module_path)
  # remove leading slash
  module_path = module_path.sub(%r^\//, '')
  "http://www.metasploit.com/modules/#{module_path}"
end
green(text) click to toggle source 
# File lib/common_helper.rb, line 162
def green(text)
  colorize(text, 32)
end
help() click to toggle source

command help

# File lib/wpscan/wpscan_helper.rb, line 73
def help
  puts 'Help :'
  puts
  puts 'Some values are settable in conf/browser.conf.json :'
  puts '  user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'
  puts
  puts '--update   Update to the latest revision'
  puts '--url   | -u <target url>  The WordPress URL/domain to scan.'
  puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.'
  puts '--enumerate | -e [option(s)]  Enumeration.'
  puts '  option :'
  puts '    u        usernames from id 1 to 10'
  puts '    u[10-20] usernames from id 10 to 20 (you must write [] chars)'
  puts '    p        plugins'
  puts '    vp       only vulnerable plugins'
  puts '    ap       all plugins (can take a long time)'
  puts '    tt       timthumbs'
  puts '    t        themes'
  puts '    vt       only vulnerable themes'
  puts '    at       all themes (can take a long time)'
  puts '  Multiple values are allowed : "-e t,p" will enumerate timthumbs and plugins'
  puts '  If no option is supplied, the default is "vt,tt,u,vp"'
  puts
  puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurence based on the regexp or string supplied'
  puts '                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'
  puts '--config-file | -c <config file> Use the specified config file'
  puts '--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
  puts '--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'
  puts '--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
  puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).'
  puts '                                 HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'
  puts '--proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).'
  puts '--basic-auth <username:password>  Set the HTTP Basic authentification'
  puts '--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.'
  puts '--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'
  puts '--username | -U <username>  Only brute force the supplied username.'
  puts '--help     | -h This help screen.'
  puts '--verbose  | -v Verbose output.'
  puts
end
output_vulnerabilities(vulns) click to toggle source 
# File wpscan.rb, line 24
def output_vulnerabilities(vulns)
  vulns.each do |vulnerability|
    puts
    puts ' | ' + red("* Title: #{vulnerability.title}")
    vulnerability.references.each do |r|
      puts ' | ' + red("* Reference: #{r}")
    end
    vulnerability.metasploit_modules.each do |m|
      puts ' | ' + red("* Metasploit module: #{get_metasploit_url(m)}")
    end
  end
end
puts(o = '') click to toggle source

Override for puts to enable logging

# File lib/common_helper.rb, line 173
def puts(o = '')
  # remove color for logging
  if o.respond_to?('gsub')
    temp = o.gsub(%r\e\[\d+m(.*)?\e\[0m/, '\1')
    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
  end
  super(o)
end
red(text) click to toggle source 
# File lib/common_helper.rb, line 158
def red(text)
  colorize(text, 31)
end
require_files_from_directory(absolute_dir_path, files_pattern = '*.rb') click to toggle source

TODO : add an exclude pattern ?

# File lib/common_helper.rb, line 53
def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
  Dir[File.join(absolute_dir_path, files_pattern)].sort.each do |f|
    f = File.expand_path(f)
    require f
    #puts "require #{f}" # Used for debug
  end
end
usage() click to toggle source

wpscan usage

# File lib/wpscan/wpscan_helper.rb, line 24
def usage
  script_name = $0
  puts
  puts 'Examples :'
  puts
  puts '-Further help ...'
  puts "ruby #{script_name} --help"
  puts
  puts "-Do 'non-intrusive' checks ..."
  puts "ruby #{script_name} --url www.example.com"
  puts
  puts '-Do wordlist password brute force on enumerated users using 50 threads ...'
  puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50"
  puts
  puts "-Do wordlist password brute force on the 'admin' username only ..."
  puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin"
  puts
  puts '-Enumerate installed plugins ...'
  puts "ruby #{script_name} --url www.example.com --enumerate p"
  puts
  puts '-Enumerate installed themes ...'
  puts "ruby #{script_name} --url www.example.com --enumerate t"
  puts
  puts '-Enumerate users ...'
  puts "ruby #{script_name} --url www.example.com --enumerate u"
  puts
  puts '-Enumerate installed timthumbs ...'
  puts "ruby #{script_name} --url www.example.com --enumerate tt"
  puts
  puts '-Use a HTTP proxy ...'
  puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118"
  puts
  puts '-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)'
  puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000"
  puts
  puts '-Use custom content directory ...'
  puts "ruby #{script_name} -u www.example.com --wp-content-dir custom-content"
  puts
  puts '-Use custom plugins directory ...'
  puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins"
  puts
  puts '-Update ...'
  puts "ruby #{script_name} --update"
  puts
  puts 'See README for further information.'
  puts
end