Wp/WpTask contructor arguments where modified to allow multiple argum…

…ent when calling Wp or any class that extends it
atarantini · Aug 7, 2011 · 6a540e0 · 6a540e0
1 parent da7b2b7
commit 6a540e0
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 36 deletions.
diff --git a/wpbf.py b/wpbf.py
@@ -115,24 +115,22 @@ def run(self):
             logger.info("Check if proxy is well configured and running")
         sys.exit(0)
 
-    # load fingerprint task into queue
-    if args.nofingerprint:
-        task_queue.put(wptask.WpTaskFingerprint(config.wp_base_url, config.script_path, config.proxy))
-
     # check for Login LockDown plugin
     logger.debug("Checking for Login LockDown plugin")
     if wp.check_loginlockdown():
         logger.warning("Login LockDown plugin is active, bruteforce will be useless")
         sys.exit(0)
 
+    # load fingerprint task into queue
+    if args.nofingerprint:
+        task_queue.put(wptask.WpTaskFingerprint(config.wp_base_url, config.script_path, config.proxy))
+
     # load plugin scan tasks into queue
     if args.pluginscan:
         plugins_list = [plugin.strip() for plugin in open(config.plugins_list, "r").readlines()]
         logger.info("%s plugins will be tested", str(len(plugins_list)))
         for plugin in plugins_list:
-            plugin_task = wptask.WpTaskPluginCheck(config.wp_base_url, config.script_path, config.proxy)
-            plugin_task.setPluginName(plugin)
-            task_queue.put(plugin_task)
+            task_queue.put(wptask.WpTaskPluginCheck(config.wp_base_url, config.script_path, config.proxy, name=plugin))
 
     # load wordlist into queue
     wordlist = [config.username]    # add username to the wordlist
@@ -153,10 +151,7 @@ def run(self):
     [wordlist.append(u) for u in usernames]
     for username in usernames:
         for password in wordlist:
-            login_task = wptask.WpTaskLogin(config.wp_base_url, config.script_path, config.proxy)
-            login_task.setUsername(username)
-            login_task.setPassword(password)
-            task_queue.put(login_task)
+            task_queue.put(wptask.WpTaskLogin(config.wp_base_url, config.script_path, config.proxy, username=username, password=password))
     del wordlist
 
     # start workers

diff --git a/wplib.py b/wplib.py
@@ -79,10 +79,10 @@ class Wp:
     _login_url = ''
     _proxy = None
     _version = None
-
+    _arguments = _keywords = []
     _cache = {}
 
-    def __init__(self, base_url, login_script_path="wp-login.php", proxy=None):
+    def __init__(self, base_url, login_script_path="wp-login.php", proxy=None, *arguments, **keywords):
         # Basic filters for the base url
         self._base_url = base_url
         if self._base_url[0:7] != 'http://':
@@ -93,6 +93,8 @@ def __init__(self, base_url, login_script_path="wp-login.php", proxy=None):
         self._login_script_path = login_script_path.lstrip("/")
         self._proxy = proxy
         self._login_url = urllib.basejoin(self._base_url, self._login_script_path)
+        self._arguments = arguments
+        self._keywords = keywords
 
         self.logger = logging.getLogger("wpbf")
 

diff --git a/wptask.py b/wptask.py
@@ -29,40 +29,32 @@ def __str__(self):
         return 'Stop all tasks!'
 
 class WpTaskFingerprint(Wp, WpTask):
-    """Perform WordPress fingerprint and, is positive, log the results"""
+    """Perform WordPress fingerprint and. If positive, log the results"""
     def run(self):
         self.logger.info("WordPress version: %s", self.fingerprint())
 
 class WpTaskLogin(Wp, WpTask):
-    """Perform WordPress login. If login is positive, will return true or false otherwise.
-
-    Note that username and password must be set invoking setUsername and setPassword methods.
     """
-    _username = ""
-    _password = ""
-
-    def setUsername(self, username):
-        self._username = username
-
-    def setPassword(self, password):
-        self._password = password
+    Perform WordPress login. If login is positive, will log the username and password combination
 
+    username -- string representing a username
+    password -- string representing a password
+    """
     def run(self):
-        if self.login(self._username, self._password):
+        if self._keywords.has_key('username') and self._keywords.has_key('password') and self.login(self._keywords['username'], self._keywords['password']):
             # username and password found: log data and stop all tasks
-            self.logger.info("Password '%s' found for username '%s' on %s", self._password, self._username, self.get_login_url())
+            self.logger.info("Password '%s' found for username '%s' on %s", self._keywords['password'], self._keywords['username'], self.get_login_url())
             raise WpTaskStop
+            return True
+        return False
 
 class WpTaskPluginCheck(Wp, WpTask):
-    """Check if a plugin exists
-
-    Note that plugin name must be set invoking setPluginName method. TODO: Refactor this!
     """
-    _plugin = ""
-
-    def setPluginName(self, plugin):
-        self._plugin = plugin
+    Check if a plugin exists. If not 404 error is found and request is completed, the 
+    plugin name will be logged
 
+    name -- string representing the plugin name/directory
+    """
     def run(self):
-        if self.check_plugin(self._plugin):
-            self.logger.info("Plugin '%s' was found", self._plugin)
+        if self._keywords.has_key('name') and self.check_plugin(self._keywords['name']):
+            self.logger.info("Plugin '%s' was found", self._keywords['name'])