Top Level Namespace

Defined Under Namespace

Modules: Ethon, Terminal, Typhoeus, URI Classes: Array, Browser, CacheFileStore, CheckerPlugin, CustomOptionParser, File, GenerateList, GitUpdater, ListGeneratorPlugin, Plugin, Plugins, StatsPlugin, SvnParser, SvnUpdater, TyphoeusCache, Updater, UpdaterFactory, Vulnerabilities, Vulnerability, WebSite, WpItem, WpItems, WpPlugin, WpPlugins, WpTarget, WpTheme, WpThemes, WpTimthumb, WpTimthumbs, WpUser, WpUsers, WpVersion, WpscanOptions

Constant Summary

LIB_DIR =
File.expand_path(File.dirname(__FILE__) + '/..')
ROOT_DIR =

expand_path is used to get "wpscan/" instead of "wpscan/lib/../"

File.expand_path(LIB_DIR + '/..')
DATA_DIR =
ROOT_DIR + '/data'
CONF_DIR =
ROOT_DIR + '/conf'
CACHE_DIR =
ROOT_DIR + '/cache'
WPSCAN_LIB_DIR =
LIB_DIR + '/wpscan'
WPSTOOLS_LIB_DIR =
LIB_DIR + '/wpstools'
UPDATER_LIB_DIR =
LIB_DIR + '/updater'
COMMON_LIB_DIR =
LIB_DIR + '/common'
MODELS_LIB_DIR =
COMMON_LIB_DIR + '/models'
COLLECTIONS_LIB_DIR =
COMMON_LIB_DIR + '/collections'
LOG_FILE =
ROOT_DIR + '/log.txt'
COMMON_PLUGINS_DIR =

Plugins directories

COMMON_LIB_DIR + '/plugins'
WPSCAN_PLUGINS_DIR =

Not used ATM

WPSCAN_LIB_DIR + '/plugins'
WPSTOOLS_PLUGINS_DIR =
WPSTOOLS_LIB_DIR + '/plugins'
PLUGINS_FILE =

Data files

DATA_DIR + '/plugins.txt'
PLUGINS_FULL_FILE =
DATA_DIR + '/plugins_full.txt'
PLUGINS_VULNS_FILE =
DATA_DIR + '/plugin_vulns.xml'
THEMES_FILE =
DATA_DIR + '/themes.txt'
THEMES_FULL_FILE =
DATA_DIR + '/themes_full.txt'
THEMES_VULNS_FILE =
DATA_DIR + '/theme_vulns.xml'
WP_VULNS_FILE =
DATA_DIR + '/wp_vulns.xml'
WP_VERSIONS_FILE =
DATA_DIR + '/wp_versions.xml'
LOCAL_FILES_FILE =
DATA_DIR + '/local_vulnerable_files.xml'
VULNS_XSD =
DATA_DIR + '/vuln.xsd'
WP_VERSIONS_XSD =
DATA_DIR + '/wp_versions.xsd'
LOCAL_FILES_XSD =
DATA_DIR + '/local_vulnerable_files.xsd'
WPSCAN_VERSION =
'2.1'
REVISION =
'NA'

Instance Method Summary (collapse)

Instance Method Details

- (Object) add_http_protocol(url)

Add protocol



59
60
61
# File 'lib/common/common_helper.rb', line 59

def add_http_protocol(url)
  url =~ /^https?:/ ? url : "http://#{url}"
end

- (Object) add_trailing_slash(url)



63
64
65
# File 'lib/common/common_helper.rb', line 63

def add_trailing_slash(url)
  url =~ /\/$/ ? url : "#{url}/"
end

our 1337 banner



78
79
80
81
82
83
84
85
86
87
88
89
90
91
# File 'lib/common/common_helper.rb', line 78

def banner
  puts '____________________________________________________'
  puts ' __          _______   _____                  '
  puts ' \\ \\        / /  __ \\ / ____|                 '
  puts '  \\ \\  /\\  / /| |__) | (___   ___  __ _ _ __  '
  puts '   \\ \\/  \\/ / |  ___/ \\___ \\ / __|/ _` | \'_ \\ '
  puts '    \\  /\\  /  | |     ____) | (__| (_| | | | |'
  puts "     \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_| v#{WPSCAN_VERSION}r#{REVISION}"
  puts
  puts '    WordPress Security Scanner by the WPScan Team'
  puts ' Sponsored by the RandomStorm Open Source Initiative'
  puts '_____________________________________________________'
  puts
end

- (Object) colorize(text, color_code)



93
94
95
# File 'lib/common/common_helper.rb', line 93

def colorize(text, color_code)
  "\e[#{color_code}m#{text}\e[0m"
end

- (Object) green(text)



101
102
103
# File 'lib/common/common_helper.rb', line 101

def green(text)
  colorize(text, 32)
end

- (Object) help

command help



57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# File 'lib/wpscan/wpscan_helper.rb', line 57

def help
  puts 'Help :'
  puts
  puts 'Some values are settable in conf/browser.conf.json :'
  puts '  user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'
  puts
  puts '--update   Update to the latest revision'
  puts '--url   | -u <target url>  The WordPress URL/domain to scan.'
  puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.'
  puts '--enumerate | -e [option(s)]  Enumeration.'
  puts '  option :'
  puts '    u        usernames from id 1 to 10'
  puts '    u[10-20] usernames from id 10 to 20 (you must write [] chars)'
  puts '    p        plugins'
  puts '    vp       only vulnerable plugins'
  puts '    ap       all plugins (can take a long time)'
  puts '    tt       timthumbs'
  puts '    t        themes'
  puts '    vt       only vulnerable themes'
  puts '    at       all themes (can take a long time)'
  puts '  Multiple values are allowed : "-e t,p" will enumerate timthumbs and plugins'
  puts '  If no option is supplied, the default is "vt,tt,u,vp"'
  puts
  puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied'
  puts '                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'
  puts '--config-file | -c <config file> Use the specified config file'
  puts '--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
  puts '--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'
  puts '--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
  puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).'
  puts '                                 HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'
  puts '--proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).'
  puts '--basic-auth <username:password>  Set the HTTP Basic authentication'
  puts '--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.'
  puts '--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'
  puts '--username | -U <username>  Only brute force the supplied username.'
  puts '--help     | -h This help screen.'
  puts '--verbose  | -v Verbose output.'
  puts
end

- (Object) puts(o = '')

Override for puts to enable logging



65
66
67
68
69
70
71
72
# File 'lib/common/hacks.rb', line 65

def puts(o = '')
  # remove color for logging
  if o.respond_to?(:gsub)
    temp = o.gsub(/\e\[\d+m(.*)?\e\[0m/, '\1')
    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
  end
  super(o)
end

- (Object) red(text)



97
98
99
# File 'lib/common/common_helper.rb', line 97

def red(text)
  colorize(text, 31)
end

- (Object) redefine_constant(constant, value)



111
112
113
114
# File 'lib/common/common_helper.rb', line 111

def redefine_constant(constant, value)
  Object.send(:remove_const, constant)
  Object.const_set(constant, value)
end

- (Object) require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')

TODO : add an exclude pattern ?



45
46
47
48
49
50
51
52
53
54
# File 'lib/common/common_helper.rb', line 45

def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
  files = Dir[File.join(absolute_dir_path, files_pattern)]

  # Files in the root dir are loaded first, then thoses in the subdirectories
  files.sort_by { |file| [file.count("/"), file] }.each do |f|
    f = File.expand_path(f)
    #puts "require #{f}" # Used for debug
    require f
  end
end

- (Object) usage

wpscan usage



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/wpscan/wpscan_helper.rb', line 8

def usage
  script_name = $0
  puts
  puts 'Examples :'
  puts
  puts '-Further help ...'
  puts "ruby #{script_name} --help"
  puts
  puts "-Do 'non-intrusive' checks ..."
  puts "ruby #{script_name} --url www.example.com"
  puts
  puts '-Do wordlist password brute force on enumerated users using 50 threads ...'
  puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --threads 50"
  puts
  puts "-Do wordlist password brute force on the 'admin' username only ..."
  puts "ruby #{script_name} --url www.example.com --wordlist darkc0de.lst --username admin"
  puts
  puts '-Enumerate installed plugins ...'
  puts "ruby #{script_name} --url www.example.com --enumerate p"
  puts
  puts '-Enumerate installed themes ...'
  puts "ruby #{script_name} --url www.example.com --enumerate t"
  puts
  puts '-Enumerate users ...'
  puts "ruby #{script_name} --url www.example.com --enumerate u"
  puts
  puts '-Enumerate installed timthumbs ...'
  puts "ruby #{script_name} --url www.example.com --enumerate tt"
  puts
  puts '-Use a HTTP proxy ...'
  puts "ruby #{script_name} --url www.example.com --proxy 127.0.0.1:8118"
  puts
  puts '-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)'
  puts "ruby #{script_name} --url www.example.com --proxy socks5://127.0.0.1:9000"
  puts
  puts '-Use custom content directory ...'
  puts "ruby #{script_name} -u www.example.com --wp-content-dir custom-content"
  puts
  puts '-Use custom plugins directory ...'
  puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins"
  puts
  puts '-Update ...'
  puts "ruby #{script_name} --update"
  puts
  puts 'See README for further information.'
  puts
end

- (Object) xml(file)



105
106
107
108
109
# File 'lib/common/common_helper.rb', line 105

def xml(file)
  Nokogiri::XML(File.open(file)) do |config|
    config.noblanks
  end
end