wpscan
wpscan copied to clipboard
wpscanteam
Resume brute force
When testing brute forcing a site, I came upon a server restart, which broke the program execution (with Server error messages). I had to manually truncate the wordlist file to resume the process. This should be avoided with a CLI argument to specify at what line to start reading for words.
Something like
./wpscan.rb --url http://wp-domain.com --wordlist 'wordlist.txt' --wordlist-seek 1234 --username admin
The argument --wordlist-seek, for example, would simply jump at the specified line in the file and start from there. Other names could be, not not limited to : --wordlist-start, --wordlist-line, --wordlist-offset, --wordlist-resume, or --wordlist-skip, etc.
Not as easy and clean as I thought :x
The File#seek only accept bytes as offset, but not a line number :/
Would need to go over each line, and skip if the line number is < the value supplied :|
@erwanlr no low-level API support line numbers anyhow. Usually, high-level API buffers text read and scan for the newline character(s) and consume the file content "line-by-line" this way. (When the buffer contains no more newline character, and EOF has not been reached, read more data and append to the buffer).
In any case, reading and seeking the wordlist file like that is faster than restarting the brute force from zero. I don't code in Ruby so I'm not much help here.
Just add a counter here that will skip until the starting line number is reached (defaults to 1 for the first line, or if the line number is not specified). And voilà!
Edit
Actually, I would lean toward using ---wordlist-skip n where n is zero-based. Then skip wordlist iterations until the progress bar's current value is greater than the argument value.
is there any movement on this? I'm having the script seem to just timeout after approx 10 hours at 4% for example. No way to resume :(
