Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wpscanteam
GitHub Repository: wpscanteam/wpscan
 Path: blob/master/app/controllers/enumeration/cli_options.rb
485 views
1
# frozen_string_literal: true

2


3
module WPScan

4
  module Controller

5
    # Enumeration CLI Options

6
    class Enumeration < CMSScanner::Controller::Base

7
      def cli_options

8
        cli_enum_choices + cli_plugins_opts + cli_themes_opts +

9
          cli_timthumbs_opts + cli_config_backups_opts + cli_db_exports_opts +

10
          cli_medias_opts + cli_users_opts

11
      end

12


13
      # @return [ Array<OptParseValidator::OptBase> ]

14
      def cli_enum_choices

15
        [

16
          OptMultiChoices.new(

17
            ['-e', '--enumerate [OPTS]', 'Enumeration Process'],

18
            choices: {

19
              vp: OptBoolean.new(['--vulnerable-plugins']),

20
              ap: OptBoolean.new(['--all-plugins']),

21
              p: OptBoolean.new(['--popular-plugins']),

22
              vt: OptBoolean.new(['--vulnerable-themes']),

23
              at: OptBoolean.new(['--all-themes']),

24
              t: OptBoolean.new(['--popular-themes']),

25
              tt: OptBoolean.new(['--timthumbs']),

26
              cb: OptBoolean.new(['--config-backups']),

27
              dbe: OptBoolean.new(['--db-exports']),

28
              u: OptIntegerRange.new(['--users', 'User IDs range. e.g: u1-5'], value_if_empty: '1-10'),

29
              m: OptIntegerRange.new(['--medias',

30
                                      'Media IDs range. e.g m1-15',

31
                                      'Note: Permalink setting must be set to "Plain" for those to be detected'],

32
                                     value_if_empty: '1-100')

33
            },

34
            value_if_empty: 'vp,vt,tt,cb,dbe,u,m',

35
            incompatible: [%i[vp ap p], %i[vt at t]],

36
            default: { all_plugins: true, config_backups: true }

37
          ),

38
          OptRegexp.new(

39
            [

40
              '--exclude-content-based REGEXP_OR_STRING',

41
              'Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.',

42
              'Both the headers and body are checked. Regexp delimiters are not required.'

43
            ], options: Regexp::IGNORECASE

44
          )

45
        ]

46
      end

47


48
      # @return [ Array<OptParseValidator::OptBase> ]

49
      def cli_plugins_opts

50
        [

51
          OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate'], advanced: true),

52
          OptChoice.new(

53
            ['--plugins-detection MODE',

54
             'Use the supplied mode to enumerate Plugins.'],

55
            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :passive

56
          ),

57
          OptBoolean.new(

58
            ['--plugins-version-all',

59
             'Check all the plugins version locations according to the choosen mode (--detection-mode, ' \

60
             '--plugins-detection and --plugins-version-detection)'],

61
            advanced: true

62
          ),

63
          OptChoice.new(

64
            ['--plugins-version-detection MODE',

65
             'Use the supplied mode to check plugins\' versions.'],

66
            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed

67
          ),

68
          OptInteger.new(

69
            ['--plugins-threshold THRESHOLD',

70
             'Raise an error when the number of detected plugins via known locations reaches the threshold. ' \

71
             'Set to 0 to ignore the threshold.'], default: 100, advanced: true

72
          )

73
        ]

74
      end

75


76
      # @return [ Array<OptParseValidator::OptBase> ]

77
      def cli_themes_opts

78
        [

79
          OptSmartList.new(['--themes-list LIST', 'List of themes to enumerate'], advanced: true),

80
          OptChoice.new(

81
            ['--themes-detection MODE',

82
             'Use the supplied mode to enumerate Themes, instead of the global (--detection-mode) mode.'],

83
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true

84
          ),

85
          OptBoolean.new(

86
            ['--themes-version-all',

87
             'Check all the themes version locations according to the choosen mode (--detection-mode, ' \

88
             '--themes-detection and --themes-version-detection)'],

89
            advanced: true

90
          ),

91
          OptChoice.new(

92
            ['--themes-version-detection MODE',

93
             'Use the supplied mode to check themes versions instead of the --detection-mode ' \

94
             'or --themes-detection modes.'],

95
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true

96
          ),

97
          OptInteger.new(

98
            ['--themes-threshold THRESHOLD',

99
             'Raise an error when the number of detected themes via known locations reaches the threshold. ' \

100
             'Set to 0 to ignore the threshold.'], default: 20, advanced: true

101
          )

102
        ]

103
      end

104


105
      # @return [ Array<OptParseValidator::OptBase> ]

106
      def cli_timthumbs_opts

107
        [

108
          OptFilePath.new(

109
            ['--timthumbs-list FILE-PATH', 'List of timthumbs\' location to use'],

110
            exists: true, default: DB_DIR.join('timthumbs-v3.txt').to_s, advanced: true

111
          ),

112
          OptChoice.new(

113
            ['--timthumbs-detection MODE',

114
             'Use the supplied mode to enumerate Timthumbs, instead of the global (--detection-mode) mode.'],

115
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true

116
          )

117
        ]

118
      end

119


120
      # @return [ Array<OptParseValidator::OptBase> ]

121
      def cli_config_backups_opts

122
        [

123
          OptFilePath.new(

124
            ['--config-backups-list FILE-PATH', 'List of config backups\' filenames to use'],

125
            exists: true, default: DB_DIR.join('config_backups.txt').to_s, advanced: true

126
          ),

127
          OptChoice.new(

128
            ['--config-backups-detection MODE',

129
             'Use the supplied mode to enumerate Config Backups, instead of the global (--detection-mode) mode.'],

130
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true

131
          )

132
        ]

133
      end

134


135
      # @return [ Array<OptParseValidator::OptBase> ]

136
      def cli_db_exports_opts

137
        [

138
          OptFilePath.new(

139
            ['--db-exports-list FILE-PATH', 'List of DB exports\' paths to use'],

140
            exists: true, default: DB_DIR.join('db_exports.txt').to_s, advanced: true

141
          ),

142
          OptChoice.new(

143
            ['--db-exports-detection MODE',

144
             'Use the supplied mode to enumerate DB Exports, instead of the global (--detection-mode) mode.'],

145
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true

146
          )

147
        ]

148
      end

149


150
      # @return [ Array<OptParseValidator::OptBase> ]

151
      def cli_medias_opts

152
        [

153
          OptChoice.new(

154
            ['--medias-detection MODE',

155
             'Use the supplied mode to enumerate Medias, instead of the global (--detection-mode) mode.'],

156
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true

157
          )

158
        ]

159
      end

160


161
      # @return [ Array<OptParseValidator::OptBase> ]

162
      def cli_users_opts

163
        [

164
          OptSmartList.new(

165
            ['--users-list LIST',

166
             'List of users to check during the users enumeration from the Login Error Messages'],

167
            advanced: true

168
          ),

169
          OptChoice.new(

170
            ['--users-detection MODE',

171
             'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],

172
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true

173
          ),

174
          OptRegexp.new(

175
            [

176
              '--exclude-usernames REGEXP_OR_STRING',

177
              'Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.'

178
            ], options: Regexp::IGNORECASE

179
          )

180
        ]

181
      end

182
    end

183
  end

184
end

185


186