Class: WpscanOptions

Inherits:
Object
  • Object
show all
Defined in:
lib/wpscan/wpscan_options.rb

Constant Summary collapse

ACCESSOR_OPTIONS =
[
  :batch,
  :enumerate_plugins,
  :enumerate_only_vulnerable_plugins,
  :enumerate_all_plugins,
  :enumerate_themes,
  :enumerate_only_vulnerable_themes,
  :enumerate_all_themes,
  :enumerate_timthumbs,
  :enumerate_usernames,
  :enumerate_usernames_range,
  :no_color,
  :log,
  :proxy,
  :proxy_auth,
  :threads,
  :url,
  :wordlist,
  :force,
  :update,
  :verbose,
  :username,
  :usernames,
  :password,
  :follow_redirection,
  :wp_content_dir,
  :wp_plugins_dir,
  :help,
  :config_file,
  :cookie,
  :exclude_content_based,
  :basic_auth,
  :debug_output,
  :version,
  :user_agent,
  :random_agent,
  :cache_ttl,
  :request_timeout,
  :connect_timeout,
  :max_threads
]

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeWpscanOptions


49
50
51
52
53
# File 'lib/wpscan/wpscan_options.rb', line 49

def initialize
  ACCESSOR_OPTIONS.each do |option|
    instance_variable_set("@#{option}", nil)
  end
end

Class Method Details

.load_from_argumentsObject

Will load the options from ARGV return WpscanOptions


176
177
178
179
180
181
182
183
184
185
186
# File 'lib/wpscan/wpscan_options.rb', line 176

def self.load_from_arguments
  wpscan_options = WpscanOptions.new

  if ARGV.length > 0
    WpscanOptions.get_opt_long.each do |opt, arg|
      wpscan_options.set_option_from_cli(opt, arg)
    end
  end

  wpscan_options
end

Instance Method Details

#basic_auth=(basic_auth) ⇒ Object


143
144
145
146
# File 'lib/wpscan/wpscan_options.rb', line 143

def basic_auth=(basic_auth)
  raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil?
  @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
end

#debug_output=(debug_output) ⇒ Object


148
149
150
# File 'lib/wpscan/wpscan_options.rb', line 148

def debug_output=(debug_output)
  Typhoeus::Config.verbose = debug_output
end

#enumerate_all_plugins=(enumerate_all_plugins) ⇒ Object


111
112
113
114
115
116
117
# File 'lib/wpscan/wpscan_options.rb', line 111

def enumerate_all_plugins=(enumerate_all_plugins)
  if enumerate_all_plugins === true and (@enumerate_plugins === true or @enumerate_only_vulnerable_plugins === true)
    raise 'Please choose only one plugin enumeration option'
  else
    @enumerate_all_plugins = enumerate_all_plugins
  end
end

#enumerate_all_themes=(enumerate_all_themes) ⇒ Object


135
136
137
138
139
140
141
# File 'lib/wpscan/wpscan_options.rb', line 135

def enumerate_all_themes=(enumerate_all_themes)
  if enumerate_all_themes === true and (@enumerate_themes === true or @enumerate_only_vulnerable_themes === true)
    raise 'Please choose only one theme enumeration option'
  else
    @enumerate_all_themes = enumerate_all_themes
  end
end

#enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins) ⇒ Object


103
104
105
106
107
108
109
# File 'lib/wpscan/wpscan_options.rb', line 103

def enumerate_only_vulnerable_plugins=(enumerate_only_vulnerable_plugins)
  if enumerate_only_vulnerable_plugins === true and (@enumerate_all_plugins === true or @enumerate_plugins === true)
    raise 'Please choose only one plugin enumeration option'
  else
    @enumerate_only_vulnerable_plugins = enumerate_only_vulnerable_plugins
  end
end

#enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes) ⇒ Object


127
128
129
130
131
132
133
# File 'lib/wpscan/wpscan_options.rb', line 127

def enumerate_only_vulnerable_themes=(enumerate_only_vulnerable_themes)
  if enumerate_only_vulnerable_themes === true and (@enumerate_all_themes === true or @enumerate_themes === true)
    raise 'Please choose only one theme enumeration option'
  else
    @enumerate_only_vulnerable_themes = enumerate_only_vulnerable_themes
  end
end

#enumerate_options_from_string(value) ⇒ Object

Will set enumerate_* from the string value IE : if value = vp => :enumerate_only_vulnerable_plugins will be set to true multiple enumeration are possible : 'u,p' => :enumerate_usernames and :enumerate_plugins Special case for usernames, a range is possible : u will enumerate usernames from 1 to 10


211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# File 'lib/wpscan/wpscan_options.rb', line 211

def enumerate_options_from_string(value)
  # Usage of self is mandatory because there are overridden setters

  value = value.split(',').map { |c| c.downcase }

  self.enumerate_only_vulnerable_plugins = true if value.include?('vp')

  self.enumerate_plugins = true if value.include?('p')

  self.enumerate_all_plugins = true if value.include?('ap')

  @enumerate_timthumbs = true if value.include?('tt')

  self.enumerate_only_vulnerable_themes = true if value.include?('vt')

  self.enumerate_themes = true if value.include?('t')

  self.enumerate_all_themes = true if value.include?('at')

  value.grep(/^u/) do |username_enum_value|
    @enumerate_usernames = true
    # Check for usernames range
    matches = %r{\[([\d]+)-([\d]+)\]}.match(username_enum_value)
    if matches
      @enumerate_usernames_range = (matches[1].to_i..matches[2].to_i)
    end
  end

end

#enumerate_plugins=(enumerate_plugins) ⇒ Object


95
96
97
98
99
100
101
# File 'lib/wpscan/wpscan_options.rb', line 95

def enumerate_plugins=(enumerate_plugins)
  if enumerate_plugins === true and (@enumerate_all_plugins === true or @enumerate_only_vulnerable_plugins === true)
    raise 'Please choose only one plugin enumeration option'
  else
    @enumerate_plugins = enumerate_plugins
  end
end

#enumerate_themes=(enumerate_themes) ⇒ Object


119
120
121
122
123
124
125
# File 'lib/wpscan/wpscan_options.rb', line 119

def enumerate_themes=(enumerate_themes)
  if enumerate_themes === true and (@enumerate_all_themes === true or @enumerate_only_vulnerable_themes === true)
    raise 'Please choose only one theme enumeration option'
  else
    @enumerate_themes = enumerate_themes
  end
end

#has_options?Boolean


152
153
154
# File 'lib/wpscan/wpscan_options.rb', line 152

def has_options?
  !to_h.empty?
end

#proxy=(proxy) ⇒ Object


79
80
81
82
83
84
85
# File 'lib/wpscan/wpscan_options.rb', line 79

def proxy=(proxy)
  if proxy.index(':') == nil
    raise 'Invalid proxy format. Should be host:port.'
  else
    @proxy = proxy
  end
end

#proxy_auth=(auth) ⇒ Object


87
88
89
90
91
92
93
# File 'lib/wpscan/wpscan_options.rb', line 87

def proxy_auth=(auth)
  if auth.index(':') == nil
    raise 'Invalid proxy auth format, username:password expected'
  else
    @proxy_auth = auth
  end
end

#random_agent=(useless) ⇒ Object


156
157
158
# File 'lib/wpscan/wpscan_options.rb', line 156

def random_agent=(useless)
  @user_agent = get_random_user_agent
end

#set_option_from_cli(cli_option, cli_value) ⇒ Object

string cli_option : –url, -u, –proxy etc string cli_value : the option value


190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
# File 'lib/wpscan/wpscan_options.rb', line 190

def set_option_from_cli(cli_option, cli_value)

  if WpscanOptions.is_long_option?(cli_option)
    self.send(
        WpscanOptions.option_to_instance_variable_setter(cli_option),
        cli_value
    )
  elsif cli_option === '--enumerate' # Special cases
    # Default value if no argument is given
    cli_value = 'vt,tt,u,vp' if cli_value.length == 0

    enumerate_options_from_string(cli_value)
  else
    raise "Unknow option : #{cli_option} with value #{cli_value}"
  end
end

#threads=(threads) ⇒ Object


61
62
63
# File 'lib/wpscan/wpscan_options.rb', line 61

def threads=(threads)
  @threads = threads.is_a?(Integer) ? threads : threads.to_i
end

#to_hObject

return Hash


161
162
163
164
165
166
167
168
169
170
171
172
# File 'lib/wpscan/wpscan_options.rb', line 161

def to_h
  options = {}

  ACCESSOR_OPTIONS.each do |option|
    instance_variable = instance_variable_get("@#{option}")

    unless instance_variable.nil?
      options[:"#{option}"] = instance_variable
    end
  end
  options
end

#url=(url) ⇒ Object


55
56
57
58
59
# File 'lib/wpscan/wpscan_options.rb', line 55

def url=(url)
  raise 'Empty URL given' if !url

  @url = URI.parse(add_http_protocol(url)).to_s
end

#usernames=(file) ⇒ Object


73
74
75
76
77
# File 'lib/wpscan/wpscan_options.rb', line 73

def usernames=(file)
  fail "The file #{file} does not exist" unless File.exists?(file)

  @usernames = file
end

#wordlist=(wordlist) ⇒ Object


65
66
67
68
69
70
71
# File 'lib/wpscan/wpscan_options.rb', line 65

def wordlist=(wordlist)
  if File.exists?(wordlist)
    @wordlist = wordlist
  else
    raise "The file #{wordlist} does not exist"
  end
end