Will load the options from ARGV return WpscanOptions
# File lib/wpscan/wpscan_options.rb, line 148 def self.load_from_arguments wpscan_options = WpscanOptions.new if ARGV.length > 0 WpscanOptions.get_opt_long.each do |opt, arg| wpscan_options.set_option_from_cli(opt, arg) end end wpscan_options end
# File lib/wpscan/wpscan_options.rb, line 35 def initialize ACCESSOR_OPTIONS.each do |option| instance_variable_set("@#{option}", nil) end end
Will removed the ‘-’ or ‘–’ chars at the beginning of option and replace any remaining ‘-’ by ‘_’
param string option return string
# File lib/wpscan/wpscan_options.rb, line 246 def self.clean_option(option) cleaned_option = option.gsub(/^--?/, '') cleaned_option.gsub(/-/, '_') end
Even if a short option is given (IE : -u), the long one will be returned (IE : –url)
# File lib/wpscan/wpscan_options.rb, line 215 def self.get_opt_long GetoptLong.new( ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT], ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT], ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT], ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT], ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT], ['--force', '-f', GetoptLong::NO_ARGUMENT], ['--help', '-h', GetoptLong::NO_ARGUMENT], ['--verbose', '-v', GetoptLong::NO_ARGUMENT], ['--proxy', GetoptLong::REQUIRED_ARGUMENT], ['--proxy-auth', GetoptLong::REQUIRED_ARGUMENT], ['--update', GetoptLong::NO_ARGUMENT], ['--follow-redirection', GetoptLong::NO_ARGUMENT], ['--wp-content-dir', GetoptLong::REQUIRED_ARGUMENT], ['--wp-plugins-dir', GetoptLong::REQUIRED_ARGUMENT], ['--config-file', '-c', GetoptLong::REQUIRED_ARGUMENT], ['--exclude-content-based', GetoptLong::REQUIRED_ARGUMENT], ['--basic-auth', GetoptLong::REQUIRED_ARGUMENT] ) end
# File lib/wpscan/wpscan_options.rb, line 237 def self.is_long_option?(option) ACCESSOR_OPTIONS.include?(:"#{WpscanOptions.clean_option(option)}") end
# File lib/wpscan/wpscan_options.rb, line 251 def self.option_to_instance_variable_setter(option) cleaned_option = WpscanOptions.clean_option(option) option_syms = ACCESSOR_OPTIONS.grep(%r{^#{cleaned_option}$}) option_syms.length == 1 ? :"#{option_syms.at(0)}=" : nil end
# File lib/wpscan/wpscan_options.rb, line 123 def basic_auth=(basic_auth) raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil? @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}" end
# File lib/wpscan/wpscan_options.rb, line 91 def enumerate_all_plugins=(enumerate_all_plugins) if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true) raise 'Please choose only one plugin enumeration option' else @enumerate_all_plugins = enumerate_all_plugins end end
# File lib/wpscan/wpscan_options.rb, line 115 def enumerate_all_themes=(enumerate_all_themes) if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true) raise 'Please choose only one theme enumeration option' else @enumerate_all_themes = enumerate_all_themes end end
# File lib/wpscan/wpscan_options.rb, line 83 def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins) if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true) raise 'Please choose only one plugin enumeration option' else @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins end end
# File lib/wpscan/wpscan_options.rb, line 107 def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes) if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true) raise 'Please choose only one theme enumeration option' else @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes end end
Will set enumerate_* from the string value IE : if value = vp => :enumerate_only_vulnerable_plugins will be set to true multiple enumeration are possible : ‘u,p’ => :enumerate_usernames and :enumerate_plugins Special case for usernames, a range is possible : u will enumerate usernames from 1 to 10
# File lib/wpscan/wpscan_options.rb, line 183 def enumerate_options_from_string(value) # Usage of self is mandatory because there are overridden setters value = value.split(',').map { |c| c.downcase } self.enumerate_only_vulnerable_plugins = true if value.include?('vp') self.enumerate_plugins = true if value.include?('p') self.enumerate_all_plugins = true if value.include?('ap') @enumerate_timthumbs = true if value.include?('tt') self.enumerate_only_vulnerable_themes = true if value.include?('vt') self.enumerate_themes = true if value.include?('t') self.enumerate_all_themes = true if value.include?('at') value.grep(/^u/) do |username_enum_value| @enumerate_usernames = true # Check for usernames range matches = %r{\[([\d]+)-([\d]+)\]}.match(username_enum_value) if matches @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i) end end end
# File lib/wpscan/wpscan_options.rb, line 75 def enumerate_plugins=(enumerate_plugins) if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true) raise 'Please choose only one plugin enumeration option' else @enumerate_plugins = enumerate_plugins end end
# File lib/wpscan/wpscan_options.rb, line 99 def enumerate_themes=(enumerate_themes) if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true) raise 'Please choose only one theme enumeration option' else @enumerate_themes = enumerate_themes end end
# File lib/wpscan/wpscan_options.rb, line 128 def has_options? !to_h.empty? end
# File lib/wpscan/wpscan_options.rb, line 59 def proxy=(proxy) if proxy.index(':') == nil raise 'Invalid proxy format. Should be host:port.' else @proxy = proxy end end
# File lib/wpscan/wpscan_options.rb, line 67 def proxy_auth=(auth) if auth.index(':') == nil raise 'Invalid proxy auth format, username:password expected' else @proxy_auth = auth end end
string cli_option : –url, -u, –proxy etc string cli_value : the option value
# File lib/wpscan/wpscan_options.rb, line 162 def set_option_from_cli(cli_option, cli_value) if WpscanOptions.is_long_option?(cli_option) self.send( WpscanOptions.option_to_instance_variable_setter(cli_option), cli_value ) elsif cli_option === '--enumerate' # Special cases # Default value if no argument is given cli_value = 'vt,tt,u,vp' if cli_value.length == 0 enumerate_options_from_string(cli_value) else raise "Unknow option : #{cli_option} with value #{cli_value}" end end
# File lib/wpscan/wpscan_options.rb, line 47 def threads=(threads) @threads = threads.is_a?(Integer) ? threads : threads.to_i end
return Hash
# File lib/wpscan/wpscan_options.rb, line 133 def to_h options = {} ACCESSOR_OPTIONS.each do |option| instance_variable = instance_variable_get("@#{option}") unless instance_variable.nil? options[:"#{option}"] = instance_variable end end options end
# File lib/wpscan/wpscan_options.rb, line 41 def url=(url) raise 'Empty URL given' if !url @url = URI.parse(add_http_protocol(url)).to_s end
# File lib/wpscan/wpscan_options.rb, line 51 def wordlist=(wordlist) if File.exists?(wordlist) @wordlist = wordlist else raise "The file #{wordlist} does not exist" end end