Top Level Namespace
Defined Under Namespace
Modules: Ethon, Terminal, Typhoeus, URI Classes: Array, Browser, CacheFileStore, CheckerPlugin, CustomOptionParser, File, GenerateList, GitUpdater, ListGeneratorPlugin, Plugin, Plugins, StatsPlugin, SvnParser, SvnUpdater, TyphoeusCache, Updater, UpdaterFactory, Vulnerabilities, Vulnerability, WebSite, WpItem, WpItems, WpPlugin, WpPlugins, WpTarget, WpTheme, WpThemes, WpTimthumb, WpTimthumbs, WpUser, WpUsers, WpVersion, WpscanOptions
Constant Summary
- LIB_DIR =
File.(File.dirname(__FILE__) + '/..')
- ROOT_DIR =
expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
File.(LIB_DIR + '/..')
- DATA_DIR =
ROOT_DIR + '/data'
- CONF_DIR =
ROOT_DIR + '/conf'
- CACHE_DIR =
ROOT_DIR + '/cache'
- WPSCAN_LIB_DIR =
LIB_DIR + '/wpscan'
- WPSTOOLS_LIB_DIR =
LIB_DIR + '/wpstools'
- UPDATER_LIB_DIR =
LIB_DIR + '/updater'
- COMMON_LIB_DIR =
LIB_DIR + '/common'
- MODELS_LIB_DIR =
COMMON_LIB_DIR + '/models'
- COLLECTIONS_LIB_DIR =
COMMON_LIB_DIR + '/collections'
- LOG_FILE =
ROOT_DIR + '/log.txt'
- COMMON_PLUGINS_DIR =
Plugins directories
COMMON_LIB_DIR + '/plugins'
- WPSCAN_PLUGINS_DIR =
Not used ATM
WPSCAN_LIB_DIR + '/plugins'
- WPSTOOLS_PLUGINS_DIR =
WPSTOOLS_LIB_DIR + '/plugins'
- PLUGINS_FILE =
Data files
DATA_DIR + '/plugins.txt'
- PLUGINS_FULL_FILE =
DATA_DIR + '/plugins_full.txt'
- PLUGINS_VULNS_FILE =
DATA_DIR + '/plugin_vulns.xml'
- THEMES_FILE =
DATA_DIR + '/themes.txt'
- THEMES_FULL_FILE =
DATA_DIR + '/themes_full.txt'
- THEMES_VULNS_FILE =
DATA_DIR + '/theme_vulns.xml'
- WP_VULNS_FILE =
DATA_DIR + '/wp_vulns.xml'
- WP_VERSIONS_FILE =
DATA_DIR + '/wp_versions.xml'
- LOCAL_FILES_FILE =
DATA_DIR + '/local_vulnerable_files.xml'
- VULNS_XSD =
DATA_DIR + '/vuln.xsd'
- WP_VERSIONS_XSD =
DATA_DIR + '/wp_versions.xsd'
- LOCAL_FILES_XSD =
DATA_DIR + '/local_vulnerable_files.xsd'
- WPSCAN_VERSION =
'2.1'
- REVISION =
'NA'
Instance Method Summary (collapse)
-
- (Object) add_http_protocol(url)
Add protocol.
- - (Object) add_trailing_slash(url)
-
- (Object) banner
our 1337 banner.
- - (Object) colorize(text, color_code)
- - (Object) green(text)
-
- (Object) help
command help.
-
- (Object) puts(o = '')
Override for puts to enable logging.
- - (Object) red(text)
- - (Object) redefine_constant(constant, value)
-
- (Object) require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
TODO : add an exclude pattern ?.
-
- (Object) usage
wpscan usage.
- - (Object) xml(file)
Instance Method Details
- (Object) add_http_protocol(url)
Add protocol
59 60 61 |
# File 'lib/common/common_helper.rb', line 59 def add_http_protocol(url) url =~ /^https?:/ ? url : "http://#{url}" end |
- (Object) add_trailing_slash(url)
63 64 65 |
# File 'lib/common/common_helper.rb', line 63 def add_trailing_slash(url) url =~ /\/$/ ? url : "#{url}/" end |
- (Object) banner
our 1337 banner
78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
# File 'lib/common/common_helper.rb', line 78 def puts '____________________________________________________' puts ' __ _______ _____ ' puts ' \\ \\ / / __ \\ / ____| ' puts ' \\ \\ /\\ / /| |__) | (___ ___ __ _ _ __ ' puts ' \\ \\/ \\/ / | ___/ \\___ \\ / __|/ _` | \'_ \\ ' puts ' \\ /\\ / | | ____) | (__| (_| | | | |' puts " \\/ \\/ |_| |_____/ \\___|\\__,_|_| |_| v#{WPSCAN_VERSION}r#{REVISION}" puts puts ' WordPress Security Scanner by the WPScan Team' puts ' Sponsored by the RandomStorm Open Source Initiative' puts '_____________________________________________________' puts end |
- (Object) colorize(text, color_code)
93 94 95 |
# File 'lib/common/common_helper.rb', line 93 def colorize(text, color_code) "\e[#{color_code}m#{text}\e[0m" end |
- (Object) green(text)
101 102 103 |
# File 'lib/common/common_helper.rb', line 101 def green(text) colorize(text, 32) end |
- (Object) help
command help
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'lib/wpscan/wpscan_helper.rb', line 57 def help puts 'Help :' puts puts 'Some values are settable in conf/browser.conf.json :' puts ' user-agent, proxy, proxy-auth, threads, cache timeout and request timeout' puts puts '--update Update to the latest revision' puts '--url | -u <target url> The WordPress URL/domain to scan.' puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.' puts '--enumerate | -e [option(s)] Enumeration.' puts ' option :' puts ' u usernames from id 1 to 10' puts ' u[10-20] usernames from id 10 to 20 (you must write [] chars)' puts ' p plugins' puts ' vp only vulnerable plugins' puts ' ap all plugins (can take a long time)' puts ' tt timthumbs' puts ' t themes' puts ' vt only vulnerable themes' puts ' at all themes (can take a long time)' puts ' Multiple values are allowed : "-e t,p" will enumerate timthumbs and plugins' puts ' If no option is supplied, the default is "vt,tt,u,vp"' puts puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied' puts ' You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)' puts '--config-file | -c <config file> Use the specified config file' puts '--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not' puts '--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed' puts '--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed' puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).' puts ' HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used' puts '--proxy-auth <username:password> Supply the proxy login credentials (will override the one from conf/browser.conf.json).' puts '--basic-auth <username:password> Set the HTTP Basic authentication' puts '--wordlist | -w <wordlist> Supply a wordlist for the password bruter and do the brute.' puts '--threads | -t <number of threads> The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)' puts '--username | -U <username> Only brute force the supplied username.' puts '--help | -h This help screen.' puts '--verbose | -v Verbose output.' puts end |
- (Object) puts(o = '')
Override for puts to enable logging
65 66 67 68 69 70 71 72 |
# File 'lib/common/hacks.rb', line 65 def puts(o = '') # remove color for logging if o.respond_to?(:gsub) temp = o.gsub(/\e\[\d+m(.*)?\e\[0m/, '\1') File.open(LOG_FILE, 'a+') { |f| f.puts(temp) } end super(o) end |
- (Object) red(text)
97 98 99 |
# File 'lib/common/common_helper.rb', line 97 def red(text) colorize(text, 31) end |
- (Object) redefine_constant(constant, value)
111 112 113 114 |
# File 'lib/common/common_helper.rb', line 111 def redefine_constant(constant, value) Object.send(:remove_const, constant) Object.const_set(constant, value) end |
- (Object) require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
TODO : add an exclude pattern ?
45 46 47 48 49 50 51 52 53 54 |
# File 'lib/common/common_helper.rb', line 45 def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb') files = Dir[File.join(absolute_dir_path, files_pattern)] # Files in the root dir are loaded first, then thoses in the subdirectories files.sort_by { |file| [file.count("/"), file] }.each do |f| f = File.(f) #puts "require #{f}" # Used for debug require f end end |
- (Object) usage
wpscan usage
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'lib/wpscan/wpscan_helper.rb', line 8 def usage script_name = $0 puts puts 'Examples :' puts puts '-Further help ...' puts "ruby #{script_name} --help" puts puts "-Do 'non-intrusive' checks ..." puts "ruby #{script_name} --url www.example.com" puts puts '-Do wordlist password brute force on enumerated users using 50 threads ...' puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50" puts puts "-Do wordlist password brute force on the 'admin' username only ..." puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin" puts puts '-Enumerate installed plugins ...' puts "ruby #{script_name} --url www.example.com --enumerate p" puts puts '-Enumerate installed themes ...' puts "ruby #{script_name} --url www.example.com --enumerate t" puts puts '-Enumerate users ...' puts "ruby #{script_name} --url www.example.com --enumerate u" puts puts '-Enumerate installed timthumbs ...' puts "ruby #{script_name} --url www.example.com --enumerate tt" puts puts '-Use a HTTP proxy ...' puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118" puts puts '-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)' puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000" puts puts '-Use custom content directory ...' puts "ruby #{script_name} -u www.example.com --wp-content-dir custom-content" puts puts '-Use custom plugins directory ...' puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins" puts puts '-Update ...' puts "ruby #{script_name} --update" puts puts 'See README for further information.' puts end |
- (Object) xml(file)
105 106 107 108 109 |
# File 'lib/common/common_helper.rb', line 105 def xml(file) Nokogiri::XML(File.open(file)) do |config| config.noblanks end end |