class WpscanOptions

Constants

ACCESSOR_OPTIONS

Public Class Methods

load_from_arguments() click to toggle source

Will load the options from ARGV return WpscanOptions

# File lib/wpscan/wpscan_options.rb, line 148
def self.load_from_arguments
  wpscan_options = WpscanOptions.new

  if ARGV.length > 0
    WpscanOptions.get_opt_long.each do |opt, arg|
      wpscan_options.set_option_from_cli(opt, arg)
    end
  end

  wpscan_options
end
new() click to toggle source
# File lib/wpscan/wpscan_options.rb, line 35
def initialize
  ACCESSOR_OPTIONS.each do |option|
    instance_variable_set("@#{option}", nil)
  end
end

Protected Class Methods

clean_option(option) click to toggle source

Will removed the ‘-’ or ‘–’ chars at the beginning of option and replace any remaining ‘-’ by ‘_’

param string option return string

# File lib/wpscan/wpscan_options.rb, line 246
def self.clean_option(option)
  cleaned_option = option.gsub(/^--?/, '')
  cleaned_option.gsub(/-/, '_')
end
get_opt_long() click to toggle source

Even if a short option is given (IE : -u), the long one will be returned (IE : –url)

# File lib/wpscan/wpscan_options.rb, line 215
def self.get_opt_long
  GetoptLong.new(
    ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
    ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT],
    ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT],
    ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT],
    ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT],
    ['--force', '-f', GetoptLong::NO_ARGUMENT],
    ['--help', '-h', GetoptLong::NO_ARGUMENT],
    ['--verbose', '-v', GetoptLong::NO_ARGUMENT],
    ['--proxy', GetoptLong::REQUIRED_ARGUMENT],
    ['--proxy-auth', GetoptLong::REQUIRED_ARGUMENT],
    ['--update', GetoptLong::NO_ARGUMENT],
    ['--follow-redirection', GetoptLong::NO_ARGUMENT],
    ['--wp-content-dir', GetoptLong::REQUIRED_ARGUMENT],
    ['--wp-plugins-dir', GetoptLong::REQUIRED_ARGUMENT],
    ['--config-file', '-c', GetoptLong::REQUIRED_ARGUMENT],
    ['--exclude-content-based', GetoptLong::REQUIRED_ARGUMENT],
    ['--basic-auth', GetoptLong::REQUIRED_ARGUMENT]
  )
end
is_long_option?(option) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 237
def self.is_long_option?(option)
  ACCESSOR_OPTIONS.include?(:"#{WpscanOptions.clean_option(option)}")
end
option_to_instance_variable_setter(option) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 251
def self.option_to_instance_variable_setter(option)
  cleaned_option = WpscanOptions.clean_option(option)
  option_syms = ACCESSOR_OPTIONS.grep(%r{^#{cleaned_option}$})

  option_syms.length == 1 ? :"#{option_syms.at(0)}=" : nil
end

Public Instance Methods

basic_auth=(basic_auth) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 123
def basic_auth=(basic_auth)
  raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil?
  @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
end
enumerate_all_plugins=(enumerate_all_plugins) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 91
def enumerate_all_plugins=(enumerate_all_plugins)
  if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true)
    raise 'Please choose only one plugin enumeration option'
  else
    @enumerate_all_plugins = enumerate_all_plugins
  end
end
enumerate_all_themes=(enumerate_all_themes) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 115
def enumerate_all_themes=(enumerate_all_themes)
  if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true)
    raise 'Please choose only one theme enumeration option'
  else
    @enumerate_all_themes = enumerate_all_themes
  end
end
enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 83
def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins)
  if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true)
    raise 'Please choose only one plugin enumeration option'
  else
    @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins
  end
end
enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 107
def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
  if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true)
    raise 'Please choose only one theme enumeration option'
  else
    @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
  end
end
enumerate_options_from_string(value) click to toggle source

Will set enumerate_* from the string value IE : if value = vp => :enumerate_only_vulnerable_plugins will be set to true multiple enumeration are possible : ‘u,p’ => :enumerate_usernames and :enumerate_plugins Special case for usernames, a range is possible : u will enumerate usernames from 1 to 10

# File lib/wpscan/wpscan_options.rb, line 183
def enumerate_options_from_string(value)
  # Usage of self is mandatory because there are overridden setters

  value = value.split(',').map { |c| c.downcase }

  self.enumerate_only_vulnerable_plugins = true if value.include?('vp')

  self.enumerate_plugins = true if value.include?('p')

  self.enumerate_all_plugins = true if value.include?('ap')

  @enumerate_timthumbs = true if value.include?('tt')

  self.enumerate_only_vulnerable_themes = true if value.include?('vt')

  self.enumerate_themes = true if value.include?('t')

  self.enumerate_all_themes = true if value.include?('at')

  value.grep(/^u/) do |username_enum_value|
    @enumerate_usernames = true
    # Check for usernames range
    matches = %r{\[([\d]+)-([\d]+)\]}.match(username_enum_value)
    if matches
      @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i)
    end
  end

end
enumerate_plugins=(enumerate_plugins) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 75
def enumerate_plugins=(enumerate_plugins)
  if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true)
    raise 'Please choose only one plugin enumeration option'
  else
    @enumerate_plugins = enumerate_plugins
  end
end
enumerate_themes=(enumerate_themes) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 99
def enumerate_themes=(enumerate_themes)
  if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true)
    raise 'Please choose only one theme enumeration option'
  else
    @enumerate_themes = enumerate_themes
  end
end
has_options?() click to toggle source
# File lib/wpscan/wpscan_options.rb, line 128
def has_options?
  !to_h.empty?
end
proxy=(proxy) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 59
def proxy=(proxy)
  if proxy.index(':') == nil
    raise 'Invalid proxy format. Should be host:port.'
  else
    @proxy = proxy
  end
end
proxy_auth=(auth) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 67
def proxy_auth=(auth)
  if auth.index(':') == nil
    raise 'Invalid proxy auth format, username:password expected'
  else
    @proxy_auth = auth
  end
end
set_option_from_cli(cli_option, cli_value) click to toggle source

string cli_option : –url, -u, –proxy etc string cli_value : the option value

# File lib/wpscan/wpscan_options.rb, line 162
def set_option_from_cli(cli_option, cli_value)

  if WpscanOptions.is_long_option?(cli_option)
    self.send(
        WpscanOptions.option_to_instance_variable_setter(cli_option),
        cli_value
    )
  elsif cli_option === '--enumerate' # Special cases
    # Default value if no argument is given
    cli_value = 'vt,tt,u,vp' if cli_value.length == 0

    enumerate_options_from_string(cli_value)
  else
    raise "Unknow option : #{cli_option} with value #{cli_value}"
  end
end
threads=(threads) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 47
def threads=(threads)
  @threads = threads.is_a?(Integer) ? threads : threads.to_i
end
to_h() click to toggle source

return Hash

# File lib/wpscan/wpscan_options.rb, line 133
def to_h
  options = {}

  ACCESSOR_OPTIONS.each do |option|
    instance_variable = instance_variable_get("@#{option}")

    unless instance_variable.nil?
      options[:"#{option}"] = instance_variable
    end
  end
  options
end
url=(url) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 41
def url=(url)
  raise 'Empty URL given' if !url

  @url = URI.parse(add_http_protocol(url)).to_s
end
wordlist=(wordlist) click to toggle source
# File lib/wpscan/wpscan_options.rb, line 51
def wordlist=(wordlist)
  if File.exists?(wordlist)
    @wordlist = wordlist
  else
    raise "The file #{wordlist} does not exist"
  end
end