Top Level Namespace

Defined Under Namespace

Modules: Terminal, Typhoeus, URI Classes: Array, Browser, CacheFileStore, CheckerPlugin, CustomOptionParser, File, GenerateList, GitUpdater, ListGeneratorPlugin, Plugin, Plugins, StatsPlugin, SvnParser, SvnUpdater, TyphoeusCache, Updater, UpdaterFactory, VersionCompare, Vulnerabilities, Vulnerability, WebSite, WpItem, WpItems, WpPlugin, WpPlugins, WpTarget, WpTheme, WpThemes, WpTimthumb, WpTimthumbs, WpUser, WpUsers, WpVersion, WpscanOptions

Constant Summary

LIB_DIR =

File.expand_path(File.dirname(__FILE__) + '/..')

ROOT_DIR = expand_path is used to get "wpscan/" instead of "wpscan/lib/../"

File.expand_path(LIB_DIR + '/..')

DATA_DIR =

ROOT_DIR + '/data'

CONF_DIR =

ROOT_DIR + '/conf'

CACHE_DIR =

ROOT_DIR + '/cache'

WPSCAN_LIB_DIR =

LIB_DIR + '/wpscan'

WPSTOOLS_LIB_DIR =

LIB_DIR + '/wpstools'

UPDATER_LIB_DIR =

LIB_DIR + '/updater'

COMMON_LIB_DIR =

LIB_DIR + '/common'

MODELS_LIB_DIR =

COMMON_LIB_DIR + '/models'

COLLECTIONS_LIB_DIR =

COMMON_LIB_DIR + '/collections'

LOG_FILE =

ROOT_DIR + '/log.txt'

COMMON_PLUGINS_DIR = Plugins directories

COMMON_LIB_DIR + '/plugins'

WPSCAN_PLUGINS_DIR = Not used ATM

WPSCAN_LIB_DIR + '/plugins'

WPSTOOLS_PLUGINS_DIR =

WPSTOOLS_LIB_DIR + '/plugins'

PLUGINS_FILE = Data files

DATA_DIR + '/plugins.txt'

PLUGINS_FULL_FILE =

DATA_DIR + '/plugins_full.txt'

PLUGINS_VULNS_FILE =

DATA_DIR + '/plugin_vulns.xml'

THEMES_FILE =

DATA_DIR + '/themes.txt'

THEMES_FULL_FILE =

DATA_DIR + '/themes_full.txt'

THEMES_VULNS_FILE =

DATA_DIR + '/theme_vulns.xml'

WP_VULNS_FILE =

DATA_DIR + '/wp_vulns.xml'

WP_VERSIONS_FILE =

DATA_DIR + '/wp_versions.xml'

LOCAL_FILES_FILE =

DATA_DIR + '/local_vulnerable_files.xml'

VULNS_XSD =

DATA_DIR + '/vuln.xsd'

WP_VERSIONS_XSD =

DATA_DIR + '/wp_versions.xsd'

LOCAL_FILES_XSD =

DATA_DIR + '/local_vulnerable_files.xsd'

WPSCAN_VERSION =

'2.1'

REVISION =

'NA'

Instance Method Summary (collapse)

- (Object) add_http_protocol(url)

Add protocol.
- (Object) add_trailing_slash(url)
- (Object) banner

our 1337 banner.
- (Object) colorize(text, color_code)
- (Object) get_equal_string_end(stringarray = [''])

Gets the string all elements in stringarray ends with.
- (Object) green(text)
- (Object) help

command help.
- (Boolean) kali_linux?
- (Object) puts(o = '')

Override for puts to enable logging.
- (Object) red(text)
- (Object) redefine_constant(constant, value)
- (Object) require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')

TODO : add an exclude pattern ?.
- (Object) usage

wpscan usage.
- (Object) xml(file)

Instance Method Details

- (`Object`) add_http_protocol(url)

Add protocol



63
64
65

# File 'lib/common/common_helper.rb', line 63

def add_http_protocol(url)
  url =~ /^https?:/ ? url : "http://#{url}"
end

- (`Object`) add_trailing_slash(url)



67
68
69

# File 'lib/common/common_helper.rb', line 67

def add_trailing_slash(url)
  url =~ /\/$/ ? url : "#{url}/"
end

our 1337 banner

# File 'lib/common/common_helper.rb', line 82

def banner
  puts '____________________________________________________'
  puts ' __          _______   _____                  '
  puts ' \\ \\        / /  __ \\ / ____|                 '
  puts '  \\ \\  /\\  / /| |__) | (___   ___  __ _ _ __  '
  puts '   \\ \\/  \\/ / |  ___/ \\___ \\ / __|/ _` | \'_ \\ '
  puts '    \\  /\\  /  | |     ____) | (__| (_| | | | |'
  puts "     \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_| v#{WPSCAN_VERSION}r#{REVISION}"
  puts
  puts '    WordPress Security Scanner by the WPScan Team'
  puts ' Sponsored by the RandomStorm Open Source Initiative'
  puts '_____________________________________________________'
  puts
end

- (`Object`) colorize(text, color_code)



97
98
99

# File 'lib/common/common_helper.rb', line 97

def colorize(text, color_code)
  "\e[#{color_code}m#{text}\e[0m"
end

- (`Object`) get_equal_string_end(stringarray = [''])

Gets the string all elements in stringarray ends with

# File 'lib/common/common_helper.rb', line 121

def get_equal_string_end(stringarray = [''])
  already_found = ''
  looping = true
  counter = -1
  # remove nils (# Issue #232)
  stringarray = stringarray.compact
  if stringarray.kind_of? Array and stringarray.length > 1
    base = stringarray.first
    while looping
      character = base[counter, 1]
      stringarray.each do |s|
        if s[counter, 1] != character
          looping = false
          break
        end
      end
      if looping == false or (counter * -1) > base.length
        break
      end
      already_found = "#{character if character}#{already_found}"
      counter -= 1
    end
  end
  already_found
end

- (`Object`) green(text)



105
106
107

# File 'lib/common/common_helper.rb', line 105

def green(text)
  colorize(text, 32)
end

- (`Object`) help

command help

# File 'lib/wpscan/wpscan_helper.rb', line 60

def help
  puts 'Help :'
  puts
  puts 'Some values are settable in conf/browser.conf.json :'
  puts '  user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'
  puts
  puts '--update   Update to the latest revision'
  puts '--url   | -u <target url>  The WordPress URL/domain to scan.'
  puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.'
  puts '--enumerate | -e [option(s)]  Enumeration.'
  puts '  option :'
  puts '    u        usernames from id 1 to 10'
  puts '    u[10-20] usernames from id 10 to 20 (you must write [] chars)'
  puts '    p        plugins'
  puts '    vp       only vulnerable plugins'
  puts '    ap       all plugins (can take a long time)'
  puts '    tt       timthumbs'
  puts '    t        themes'
  puts '    vt       only vulnerable themes'
  puts '    at       all themes (can take a long time)'
  puts '  Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins'
  puts '  If no option is supplied, the default is "vt,tt,u,vp"'
  puts
  puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied'
  puts '                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'
  puts '--config-file | -c <config file> Use the specified config file'
  puts '--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
  puts '--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'
  puts '--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
  puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).'
  puts '                                 HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'
  puts '--proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).'
  puts '--basic-auth <username:password>  Set the HTTP Basic authentication'
  puts '--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.'
  puts '--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'
  puts '--username | -U <username>  Only brute force the supplied username.'
  puts '--help     | -h This help screen.'
  puts '--verbose  | -v Verbose output.'
  puts
end

- (`Boolean`) kali_linux?

Returns:

(Boolean)



42
43
44

# File 'lib/common/common_helper.rb', line 42

def kali_linux?
  %x{uname -a}.match(/linux kali/i) ? true : false
end

- (`Object`) puts(o = '')

Override for puts to enable logging

# File 'lib/common/hacks.rb', line 51

def puts(o = '')
  # remove color for logging
  if o.respond_to?(:gsub)
    temp = o.gsub(/\e\[\d+m(.*)?\e\[0m/, '\1')
    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
  end
  super(o)
end

- (`Object`) red(text)



101
102
103

# File 'lib/common/common_helper.rb', line 101

def red(text)
  colorize(text, 31)
end

- (`Object`) redefine_constant(constant, value)

# File 'lib/common/common_helper.rb', line 115

def redefine_constant(constant, value)
  Object.send(:remove_const, constant)
  Object.const_set(constant, value)
end

- (`Object`) require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')

TODO : add an exclude pattern ?

# File 'lib/common/common_helper.rb', line 49

def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
  files = Dir[File.join(absolute_dir_path, files_pattern)]

  # Files in the root dir are loaded first, then thoses in the subdirectories
  files.sort_by { |file| [file.count("/"), file] }.each do |f|
    f = File.expand_path(f)
    #puts "require #{f}" # Used for debug
    require f
  end
end

- (`Object`) usage

wpscan usage

# File 'lib/wpscan/wpscan_helper.rb', line 8

def usage
  script_name = $0
  puts
  puts 'Examples :'
  puts
  puts '-Further help ...'
  puts "ruby #{script_name} --help"
  puts
  puts "-Do 'non-intrusive' checks ..."
  puts "ruby #{script_name} --url www.example.com"
  puts
  puts '-Do wordlist password brute force on enumerated users using 50 threads ...'
  puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50"
  puts
  puts "-Do wordlist password brute force on the 'admin' username only ..."
  puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin"
  puts
  puts '-Enumerate installed plugins ...'
  puts "ruby #{script_name} --url www.example.com --enumerate p"
  puts
  puts '-Enumerate installed themes ...'
  puts "ruby #{script_name} --url www.example.com --enumerate t"
  puts
  puts '-Enumerate users ...'
  puts "ruby #{script_name} --url www.example.com --enumerate u"
  puts
  puts '-Enumerate installed timthumbs ...'
  puts "ruby #{script_name} --url www.example.com --enumerate tt"
  puts
  puts '-Use a HTTP proxy ...'
  puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118"
  puts
  puts '-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)'
  puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000"
  puts
  puts '-Use custom content directory ...'
  puts "ruby #{script_name} -u www.example.com --wp-content-dir custom-content"
  puts
  puts '-Use custom plugins directory ...'
  puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins"
  puts
  puts '-Update ...'
  puts "ruby #{script_name} --update"
  puts
  puts '-Debug output ...'
  puts "ruby #{script_name} --url www.example.com --debug-output 2>debug.log"
  puts
  puts 'See README for further information.'
  puts
end

- (`Object`) xml(file)

# File 'lib/common/common_helper.rb', line 109

def xml(file)
  Nokogiri::XML(File.open(file)) do |config|
    config.noblanks
  end
end

Top Level Namespace

Defined Under Namespace

Constant Summary

Instance Method Summary (collapse)

Instance Method Details

- (Object) add_http_protocol(url)

- (Object) add_trailing_slash(url)

- (Object) banner

- (Object) colorize(text, color_code)

- (Object) get_equal_string_end(stringarray = [''])

- (Object) green(text)

- (Object) help

- (Boolean) kali_linux?

- (Object) puts(o = '')

- (Object) red(text)

- (Object) redefine_constant(constant, value)

- (Object) require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')

- (Object) usage

- (Object) xml(file)