Class: WpscanOptions

Inherits:
Object
  • Object
show all
Defined in:
lib/wpscan/wpscan_options.rb

Constant Summary

ACCESSOR_OPTIONS =
[
  :enumerate_plugins,
  :enumerate_only_vulnerable_plugins,
  :enumerate_all_plugins,
  :enumerate_themes,
  :enumerate_only_vulnerable_themes,
  :enumerate_all_themes,
  :enumerate_timthumbs,
  :enumerate_usernames,
  :enumerate_usernames_range,
  :proxy,
  :proxy_auth,
  :threads,
  :url,
  :wordlist,
  :force,
  :update,
  :verbose,
  :username,
  :password,
  :follow_redirection,
  :wp_content_dir,
  :wp_plugins_dir,
  :help,
  :config_file,
  :exclude_content_based,
  :basic_auth
]

Class Method Summary (collapse)

Instance Method Summary (collapse)

Constructor Details

- (WpscanOptions) initialize

A new instance of WpscanOptions



36
37
38
39
40
# File 'lib/wpscan/wpscan_options.rb', line 36

def initialize
  ACCESSOR_OPTIONS.each do |option|
    instance_variable_set("@#{option}", nil)
  end
end

Class Method Details

+ (Object) clean_option(option) (protected)

Will removed the '-' or '--' chars at the beginning of option and replace any remaining '-' by '_'

param string option return string



247
248
249
250
# File 'lib/wpscan/wpscan_options.rb', line 247

def self.clean_option(option)
  cleaned_option = option.gsub(/^--?/, '')
  cleaned_option.gsub(/-/, '_')
end

+ (Object) get_opt_long (protected)

Even if a short option is given (IE : -u), the long one will be returned (IE : --url)



216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
# File 'lib/wpscan/wpscan_options.rb', line 216

def self.get_opt_long
  GetoptLong.new(
    ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
    ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT],
    ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT],
    ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT],
    ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT],
    ['--force', '-f', GetoptLong::NO_ARGUMENT],
    ['--help', '-h', GetoptLong::NO_ARGUMENT],
    ['--verbose', '-v', GetoptLong::NO_ARGUMENT],
    ['--proxy', GetoptLong::REQUIRED_ARGUMENT],
    ['--proxy-auth', GetoptLong::REQUIRED_ARGUMENT],
    ['--update', GetoptLong::NO_ARGUMENT],
    ['--follow-redirection', GetoptLong::NO_ARGUMENT],
    ['--wp-content-dir', GetoptLong::REQUIRED_ARGUMENT],
    ['--wp-plugins-dir', GetoptLong::REQUIRED_ARGUMENT],
    ['--config-file', '-c', GetoptLong::REQUIRED_ARGUMENT],
    ['--exclude-content-based', GetoptLong::REQUIRED_ARGUMENT],
    ['--basic-auth', GetoptLong::REQUIRED_ARGUMENT]
  )
end

+ (Boolean) is_long_option?(option) (protected)

Returns:

  • (Boolean)


238
239
240
# File 'lib/wpscan/wpscan_options.rb', line 238

def self.is_long_option?(option)
  ACCESSOR_OPTIONS.include?(:#{WpscanOptions.clean_option(option)}")
end

+ (Object) load_from_arguments

Will load the options from ARGV return WpscanOptions



149
150
151
152
153
154
155
156
157
158
159
# File 'lib/wpscan/wpscan_options.rb', line 149

def self.load_from_arguments
  wpscan_options = WpscanOptions.new

  if ARGV.length > 0
    WpscanOptions.get_opt_long.each do |opt, arg|
      wpscan_options.set_option_from_cli(opt, arg)
    end
  end

  wpscan_options
end

+ (Object) option_to_instance_variable_setter(option) (protected)



252
253
254
255
256
257
# File 'lib/wpscan/wpscan_options.rb', line 252

def self.option_to_instance_variable_setter(option)
  cleaned_option = WpscanOptions.clean_option(option)
  option_syms = ACCESSOR_OPTIONS.grep(%r{^#{cleaned_option}$})

  option_syms.length == 1 ? :#{option_syms.at(0)}=" : nil
end

Instance Method Details

- (Object) basic_auth=(basic_auth)



124
125
126
127
# File 'lib/wpscan/wpscan_options.rb', line 124

def basic_auth=(basic_auth)
  raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil?
  @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
end

- (Object) enumerate_all_plugins=(enumerate_all_plugins)



92
93
94
95
96
97
98
# File 'lib/wpscan/wpscan_options.rb', line 92

def enumerate_all_plugins=(enumerate_all_plugins)
  if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true)
    raise 'Please choose only one plugin enumeration option'
  else
    @enumerate_all_plugins = enumerate_all_plugins
  end
end

- (Object) enumerate_all_themes=(enumerate_all_themes)



116
117
118
119
120
121
122
# File 'lib/wpscan/wpscan_options.rb', line 116

def enumerate_all_themes=(enumerate_all_themes)
  if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true)
    raise 'Please choose only one theme enumeration option'
  else
    @enumerate_all_themes = enumerate_all_themes
  end
end

- (Object) enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins)



84
85
86
87
88
89
90
# File 'lib/wpscan/wpscan_options.rb', line 84

def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins)
  if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true)
    raise 'Please choose only one plugin enumeration option'
  else
    @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins
  end
end

- (Object) enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)



108
109
110
111
112
113
114
# File 'lib/wpscan/wpscan_options.rb', line 108

def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
  if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true)
    raise 'Please choose only one theme enumeration option'
  else
    @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
  end
end

- (Object) enumerate_options_from_string(value)

Will set enumerate_* from the string value IE : if value = vp => :enumerate_only_vulnerable_plugins will be set to true multiple enumeration are possible : 'u,p' => :enumerate_usernames and :enumerate_plugins Special case for usernames, a range is possible : u will enumerate usernames from 1 to 10



184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# File 'lib/wpscan/wpscan_options.rb', line 184

def enumerate_options_from_string(value)
  # Usage of self is mandatory because there are overridden setters

  value = value.split(',').map { |c| c.downcase }

  self.enumerate_only_vulnerable_plugins = true if value.include?('vp')

  self.enumerate_plugins = true if value.include?('p')

  self.enumerate_all_plugins = true if value.include?('ap')

  @enumerate_timthumbs = true if value.include?('tt')

  self.enumerate_only_vulnerable_themes = true if value.include?('vt')

  self.enumerate_themes = true if value.include?('t')

  self.enumerate_all_themes = true if value.include?('at')

  value.grep(/^u/) do |username_enum_value|
    @enumerate_usernames = true
    # Check for usernames range
    matches = %r{\[([\d]+)-([\d]+)\]}.match(username_enum_value)
    if matches
      @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i)
    end
  end

end

- (Object) enumerate_plugins=(enumerate_plugins)



76
77
78
79
80
81
82
# File 'lib/wpscan/wpscan_options.rb', line 76

def enumerate_plugins=(enumerate_plugins)
  if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true)
    raise 'Please choose only one plugin enumeration option'
  else
    @enumerate_plugins = enumerate_plugins
  end
end

- (Object) enumerate_themes=(enumerate_themes)



100
101
102
103
104
105
106
# File 'lib/wpscan/wpscan_options.rb', line 100

def enumerate_themes=(enumerate_themes)
  if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true)
    raise 'Please choose only one theme enumeration option'
  else
    @enumerate_themes = enumerate_themes
  end
end

- (Boolean) has_options?

Returns:

  • (Boolean)


129
130
131
# File 'lib/wpscan/wpscan_options.rb', line 129

def has_options?
  !to_h.empty?
end

- (Object) proxy=(proxy)



60
61
62
63
64
65
66
# File 'lib/wpscan/wpscan_options.rb', line 60

def proxy=(proxy)
  if proxy.index(':') == nil
    raise 'Invalid proxy format. Should be host:port.'
  else
    @proxy = proxy
  end
end

- (Object) proxy_auth=(auth)



68
69
70
71
72
73
74
# File 'lib/wpscan/wpscan_options.rb', line 68

def proxy_auth=(auth)
  if auth.index(':') == nil
    raise 'Invalid proxy auth format, username:password expected'
  else
    @proxy_auth = auth
  end
end

- (Object) set_option_from_cli(cli_option, cli_value)

string cli_option : --url, -u, --proxy etc string cli_value : the option value



163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# File 'lib/wpscan/wpscan_options.rb', line 163

def set_option_from_cli(cli_option, cli_value)

  if WpscanOptions.is_long_option?(cli_option)
    self.send(
        WpscanOptions.option_to_instance_variable_setter(cli_option),
        cli_value
    )
  elsif cli_option === '--enumerate' # Special cases
    # Default value if no argument is given
    cli_value = 'vt,tt,u,vp' if cli_value.length == 0

    enumerate_options_from_string(cli_value)
  else
    raise "Unknow option : #{cli_option} with value #{cli_value}"
  end
end

- (Object) threads=(threads)



48
49
50
# File 'lib/wpscan/wpscan_options.rb', line 48

def threads=(threads)
  @threads = threads.is_a?(Integer) ? threads : threads.to_i
end

- (Object) to_h

return Hash



134
135
136
137
138
139
140
141
142
143
144
145
# File 'lib/wpscan/wpscan_options.rb', line 134

def to_h
  options = {}

  ACCESSOR_OPTIONS.each do |option|
    instance_variable = instance_variable_get("@#{option}")

    unless instance_variable.nil?
      options[:#{option}"] = instance_variable
    end
  end
  options
end

- (Object) url=(url)



42
43
44
45
46
# File 'lib/wpscan/wpscan_options.rb', line 42

def url=(url)
  raise 'Empty URL given' if !url

  @url = URI.parse(add_http_protocol(url)).to_s
end

- (Object) wordlist=(wordlist)



52
53
54
55
56
57
58
# File 'lib/wpscan/wpscan_options.rb', line 52

def wordlist=(wordlist)
  if File.exists?(wordlist)
    @wordlist = wordlist
  else
    raise "The file #{wordlist} does not exist"
  end
end