--detection-mode not used when --plugins-detection is not set

[Techbrunch]

Subject of the issue

When specifying the --detection-mode, it is not taken into account when doing plugin enumeration.

Your environment

• Version of WPScan: 3.7.11
• Version of Ruby: ruby 2.6.5p114 (2019-10-01 revision 67812) [x86_64-darwin18]

Steps to reproduce

wpscan --url http://10.10.10.88/webservices/wp/ -e vp --api-token xxx -v --detection-mode aggressive

Expected behavior

--plugins-version-detection MODE          Use the supplied mode to check plugins versions instead of the --detection-mode or --plugins-detection modes.
                                          Default: mixed
                                          Available choices: mixed, passive, aggressive

[+] Enumerating Vulnerable Plugins (via Aggressive Methods)
 Checking Known Locations - Time: 00:00:22 <==========================================================================================================================> (2254 / 2254) 100.00% Time: 00:00:22
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

Actual behavior

Output:

[+] Enumerating Vulnerable Plugins (via Passive Methods)

Workaround

wpscan --url http://10.10.10.88/webservices/wp/ -e vp --api-token xxx -v --detection-mode aggressive --plugins-detection aggressive

[erwanlr]

That's the expected behaviour. The --detection-mode is only considered for the --plugins-detection option when the latter option is not set. But, as the --plugins-detection has a default of passive, you have to explicitly set it if you want a mixed or aggressive way.

So wpscan --url http://10.10.10.88/webservices/wp/ -e vp --api-token xxx -v --plugins-detection aggressive

If it's too annoying to change it via the CLI and you always want it aggressive unless overridden via the CLI (I would recommend to set it mixed though, which is passive + aggressive), you can create a ~/.wpscan/scan.yml file with the content below:

cli_options:
  plugins_detection: mixed

Other locations/file extensions are also supported, see https://github.com/wpscanteam/wpscan#load-cli-options-from-files

[Techbrunch]

@erwanlr Shouldn't the help text be updated then ?

Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.

[erwanlr]

Which text would you suggest ?

[Techbrunch]

I have just reread your comment:

The --detection-mode is only considered for the --plugins-detection option when the latter option is not set.

The problem currently is that --detection-mode is not considered when --plugins-detectionis not set.

[erwanlr]

It is set, by the default value.

--plugins-detection MODE    Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.
                            *Default: passive*
                            Available choices: mixed, passive, aggressive

[Techbrunch]

Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.

What does this mean then ?

If that is really the intended behavior (and I don't think it should) the text should read:

Use the supplied mode to enumerate Plugins, instead of the default (passive) mode.

[erwanlr]

This was a leftover from when the option did not have a default.

I've updated the messages and this will land in the next version released.