Add protocol
# File lib/common_helper.rb, line 42 def add_http_protocol(url) url =~ %r^https?:/ ? url : "http://#{url}" end
# File lib/common_helper.rb, line 46 def add_trailing_slash(url) url =~ %r\/$/ ? url : "#{url}/" end
# File lib/common_helper.rb, line 131 def colorize(text, color_code) "\e[#{color_code}m#{text}\e[0m" end
Gets the string all elements in stringarray ends with
# File lib/common_helper.rb, line 51 def get_equal_string_end(stringarray = [""]) already_found = "" looping = true counter = -1 if stringarray.kind_of? Array and stringarray.length > 1 base = stringarray[0] while looping character = base[counter, 1] stringarray.each do |s| if s[counter, 1] != character looping = false break end end if looping == false or (counter * -1) > base.length break end already_found = "#{character if character}#{already_found}" counter -= 1 end end already_found end
# File lib/common_helper.rb, line 139 def green(text) colorize(text, 32) end
command help
# File lib/wpscan/wpscan_helper.rb, line 73 def help() puts "Help :" puts puts "Some values are settable in conf/browser.conf.json :" puts " user-agent, proxy, proxy-auth, threads, cache timeout and request timeout" puts puts "--update Update to the latest revision" puts "--url | -u <target url> The WordPress URL/domain to scan." puts "--force | -f Forces WPScan to not check if the remote site is running WordPress." puts "--enumerate | -e [option(s)] Enumeration." puts " option :" puts " u usernames from id 1 to 10" puts " u[10-20] usernames from id 10 to 20 (you must write [] chars)" puts " p plugins" puts " vp only vulnerable plugins" puts " ap all plugins (can take a long time)" puts " tt timthumbs" puts " t themes" puts " vt only vulnerable themes" puts " at all themes (can take a long time)" puts " Multiple values are allowed : '-e t,p' will enumerate timthumbs and plugins" puts " If no option is supplied, the default is 'vt,tt,u,vp'" puts puts "--exclude-content-based '<regexp or string>' Used with the enumeration option, will exclude all occurence based on the regexp or string supplied" puts " You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)" puts "--config-file | -c <config file> Use the specified config file" puts "--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not" puts "--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed" puts "--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed" puts "--proxy Supply a proxy in the format host:port or protocol://host:port (will override the one from conf/browser.conf.json)." puts " HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used" puts "--proxy-auth Supply the proxy login credentials in the format username:password (will override the one from conf/browser.conf.json)." puts "--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute." puts "--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)" puts "--username | -U <username> Only brute force the supplied username." puts "--help | -h This help screen." puts "--verbose | -v Verbose output." puts end
# File lib/common_helper.rb, line 135 def red(text) colorize(text, 31) end
TODO : add an exclude pattern ?
# File lib/common_helper.rb, line 33 def require_files_from_directory(absolute_dir_path, files_pattern = "*.rb") Dir[File.join(absolute_dir_path, files_pattern)].sort.each do |f| f = File.expand_path(f) require f #puts "require #{f}" # Used for debug end end
wpscan usage
# File lib/wpscan/wpscan_helper.rb, line 24 def usage() script_name = $0 puts puts "Examples :" puts puts "-Further help ..." puts "ruby #{script_name} --help" puts puts "-Do 'non-intrusive' checks ..." puts "ruby #{script_name} --url www.example.com" puts puts "-Do wordlist password brute force on enumerated users using 50 threads ..." puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50" puts puts "-Do wordlist password brute force on the 'admin' username only ..." puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin" puts puts "-Enumerate installed plugins ..." puts "ruby #{script_name} --url www.example.com --enumerate p" puts puts "-Enumerate installed themes ..." puts "ruby #{script_name} --url www.example.com --enumerate t" puts puts "-Enumerate users ..." puts "ruby #{script_name} --url www.example.com --enumerate u" puts puts "-Enumerate installed timthumbs ..." puts "ruby #{script_name} --url www.example.com --enumerate tt" puts puts "-Use a HTTP proxy ..." puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118" puts puts "-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)" puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000" puts puts "-Use custom content directory ..." puts "ruby #{script_name} -u www.example.com --wp-content-dir custom-content" puts puts "-Use custom plugins directory ..." puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins" puts puts "-Update ..." puts "ruby #{script_name} --update" puts puts "See README for further information." puts end