cms_scanner 0.0.39.4 → 0.0.40

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 58b52cb634c4d75bf219bc8d20c80e5fee5c2c50
-  data.tar.gz: e52cef2bc43b496dcecd1c62a0aa9c553491d5c2
+  metadata.gz: 9c4b37ccad3760d463de8eaebf2bd9dd3c11df74
+  data.tar.gz: e532f0a510747d99cebe122f00ffc209c90e4861
 SHA512:
-  metadata.gz: 5ff2b8e58f3f41adc33d35b99966c27cd065eb1685f9c9dc2ff25fd9f8106d395b3d0dc2a9c268bf97caa14854b5ce84613ea647081c104012c9d3faaf188242
-  data.tar.gz: 6185217fb45afbd258990731cc9b25ee3d91de3ceb6f130ba47ab93aec3d41518adc17f00175d950bfc2f6407b508147f5d0055dc7c5d5e850623d28949ca0d3
+  metadata.gz: 5fbb20fc97d62e99224db5142a05c35ab2092e41394759b87d1724a6acf4c832252de936f56f3f5da643e07ec4c3fd15a16fbeacbd3a6dd634995b8424654403
+  data.tar.gz: e92192374822ccecbee941488b0ec5cda5a92061f6b6fd6a9a9fe3c358d602d3de427e8d3ab602e26280bb0e599f094a82c468906b0f723b69ea85978c40b413

data/app/controllers/core/cli_options.rb

@@ -48,7 +48,8 @@ module CMSScanner
           OptPositiveInteger.new(['--request-timeout SECONDS', 'The request timeout in seconds'],
                                  default: 60),
           OptPositiveInteger.new(['--connect-timeout SECONDS', 'The connection timeout in seconds'],
-                                 default: 30)
+                                 default: 30),
+          OptBoolean.new(['--disable-tls-checks', 'Disables SSL/TLS certificate verification'])
         ] + cli_browser_proxy_options + cli_browser_cookies_options + cli_browser_cache_options
       end
 

data/app/finders/interesting_findings/xml_rpc.rb

@@ -18,6 +18,7 @@ module CMSScanner
           url = target.homepage_res.headers['X-Pingback']
 
           return unless target.in_scope?(url)
+
           potential_urls << url
 
           NS::XMLRPC.new(url, confidence: 30, found_by: 'Headers (Passive Detection)')
@@ -29,6 +30,7 @@ module CMSScanner
             url = tag.attribute('href').to_s
 
             next unless target.in_scope?(url)
+
             potential_urls << url
 
             return NS::XMLRPC.new(url, confidence: 30,

data/app/models.rb

@@ -4,3 +4,4 @@ require_relative 'models/fantastico_fileslist'
 require_relative 'models/headers'
 require_relative 'models/xml_rpc'
 require_relative 'models/version'
+require_relative 'models/user'

data/app/models/headers.rb

@@ -5,6 +5,7 @@ module CMSScanner
     def entries
       res = NS::Browser.get(url)
       return [] unless res&.headers
+
       res.headers
     end
 

data/app/models/robots_txt.rb

@@ -9,6 +9,7 @@ module CMSScanner
 
       entries.each do |entry|
         next unless entry =~ /\A(?:dis)?allow:\s*(.+)\z/i
+
         match = Regexp.last_match(1)
         next if match == '/'
 

data/app/models/user.rb

@@ -0,0 +1,31 @@
+module CMSScanner
+  # User
+  class User
+    include Finders::Finding
+
+    attr_accessor :password
+    attr_reader :id, :username
+
+    # @param [ String ] username
+    # @param [ Hash ] opts
+    # @option opts [ Integer ] :id
+    # @option opts [ String ] :password
+    def initialize(username, opts = {})
+      @username = username
+      @password = opts[:password]
+      @id       = opts[:id]
+
+      parse_finding_options(opts)
+    end
+
+    def ==(other)
+      return false unless self.class == other.class
+
+      username == other.username
+    end
+
+    def to_s
+      username
+    end
+  end
+end

data/app/models/xml_rpc.rb

@@ -1,35 +1,69 @@
 module CMSScanner
   # XML RPC
   class XMLRPC < InterestingFinding
-    # @param [ String ] method
-    # @param [ Array ] params
-    # @param [ Hash ] request_params
-    #
-    # @return [ Typhoeus::Response ]
-    def call(method, params = [], request_params = {})
-      NS::Browser.post(url, request_params.merge(body: request_body(method, params)))
+    # @return [ Browser ]
+    def browser
+      @browser ||= NS::Browser.instance
     end
 
-    # Might be better to use Nokogiri to create the XML body ?
-    #
-    # @param [ String ] method
-    # @param [ Array ] params
-    #
-    # @return [ String ] The body of the XML RPC request
-    def request_body(method, params = [])
-      p_body = ''
+    # @return [ Array<String> ]
+    def available_methods
+      return @available_methods if @available_methods
 
-      params.each { |p| p_body << "<param><value><string>#{p}</string></value></param>" }
+      @available_methods = []
+
+      res = method_call('system.listMethods').run
+      doc = Nokogiri::XML.parse(res.body)
+
+      doc.search('methodResponse params param value array data value string').each do |s|
+        @available_methods << s.text
+      end
+
+      @available_methods
+    end
 
-      body = '<?xml version="1.0"?><methodCall>'
-      body << "<methodName>#{method}</methodName>"
-      body << "<params>#{p_body}</params>" unless p_body.length.zero?
-      body << '</methodCall>'
+    # @return [ Boolean ] Whether or not the XMLRPC is enabled
+    def enabled?
+      !available_methods.empty?
     end
 
-    # Use the system.listMethods to get the list of available methods ?
-    # def entries
+    # @param [ String ] method_name
+    # @param [ Array ] method_params
+    # @param [ Hash ] request_params
     #
-    # end
+    # @return [ Typhoeus::Request ]
+    def method_call(method_name, method_params = [], request_params = {})
+      browser.forge_request(
+        url,
+        request_params.merge(
+          method: :post,
+          body: ::XMLRPC::Create.new.methodCall(method_name, *method_params)
+        )
+      )
+    end
+
+    # @param [ Array<Array> ] methods_and_params
+    # @param [ Hash ] request_params
+    #
+    # Example of methods_and_params:
+    # [
+    #   [method1, param1, param2],
+    #   [method2, param1],
+    #   [method3]
+    # ]
+    #
+    # @return [ Typhoeus::Request ]
+    def multi_call(methods_and_params = [], request_params = {})
+      browser.forge_request(
+        url,
+        request_params.merge(
+          method: :post,
+          body: ::XMLRPC::Create.new.methodCall(
+            'system.multicall',
+            methods_and_params.collect { |m| { methodName: m[0], params: m[1..-1] } }
+          )
+        )
+      )
+    end
   end
 end

data/cms_scanner.gemspec

@@ -32,23 +32,24 @@ Gem::Specification.new do |s|
   s.require_path          = 'lib'
 
   s.add_dependency 'nokogiri', '~> 1.8.0'
-  s.add_dependency 'opt_parse_validator', '~> 0.0.16.1'
+  s.add_dependency 'opt_parse_validator', '~> 0.0.16.2'
   s.add_dependency 'public_suffix', '~> 3.0.0'
-  s.add_dependency 'ruby-progressbar', '~> 1.9.0'
+  s.add_dependency 'ruby-progressbar', '~> 1.10.0'
   s.add_dependency 'typhoeus', '~> 1.3.0'
-  s.add_dependency 'yajl-ruby', '~> 1.3.0' # Better JSON parser regarding memory usage
+  s.add_dependency 'xmlrpc', '~> 0.3'
+  s.add_dependency 'yajl-ruby', '~> 1.4.1' # Better JSON parser regarding memory usage
 
   # Already required by opt_parse_validator
   # so version restriction loosen to avoid potential future conflicts
-  s.add_dependency 'activesupport', '~> 5.1'
+  s.add_dependency 'activesupport', '~> 5.2'
   s.add_dependency 'addressable',   '~> 2.5'
 
   s.add_development_dependency 'bundler',   '~> 1.6'
   s.add_development_dependency 'coveralls', '~> 0.8.0'
-  s.add_development_dependency 'rake',      '~> 12.0'
-  s.add_development_dependency 'rspec',     '~> 3.7.0'
+  s.add_development_dependency 'rake',      '~> 12.3'
+  s.add_development_dependency 'rspec',     '~> 3.8.0'
   s.add_development_dependency 'rspec-its', '~> 1.2.0'
-  s.add_development_dependency 'rubocop',   '~> 0.57.2'
-  s.add_development_dependency 'simplecov', '~> 0.14.0' # Can't update to 0.15 as it breaks coveralls dep
-  s.add_development_dependency 'webmock',   '~> 3.3.0'
+  s.add_development_dependency 'rubocop',   '~> 0.59.1'
+  s.add_development_dependency 'simplecov', '~> 0.16.1'
+  s.add_development_dependency 'webmock',   '~> 3.4.2'
 end

data/lib/cms_scanner.rb

@@ -5,7 +5,6 @@ require 'yajl/json_gem'
 require 'public_suffix'
 require 'addressable/uri'
 require 'ruby-progressbar'
-require 'ruby-progressbar/outputs/null'
 require 'opt_parse_validator'
 require 'active_support/concern'
 require 'active_support/inflector'
@@ -14,11 +13,13 @@ require 'erb'
 require 'uri'
 require 'fileutils'
 require 'pathname'
+require 'xmlrpc/client'
 # Monkey Patches
-require 'cms_scanner/typhoeus/response'
-require 'cms_scanner/typhoeus/hydra'
-require 'cms_scanner/public_suffix/domain'
-require 'cms_scanner/numeric'
+require 'cms_scanner/typhoeus/response' # Adds a Response#html using Nokogiri to parse the body
+require 'cms_scanner/typhoeus/hydra' # https://github.com/typhoeus/typhoeus/issues/439
+require 'cms_scanner/public_suffix/domain' # Adds a Domain#match method and logic, used in scope stuff
+require 'cms_scanner/numeric' # Adds a Numeric#bytes_to_human
+require 'cms_scanner/progressbar_null_output'
 # Custom Libs
 require 'cms_scanner/helper'
 require 'cms_scanner/exit_code'

data/lib/cms_scanner/browser.rb

@@ -46,13 +46,17 @@ module CMSScanner
     # @return [ Hash ]
     def default_request_params
       params = {
-        # Disable SSL-Certificate checks, see http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
-        ssl_verifypeer: false, ssl_verifyhost: 0,
         headers: { 'User-Agent' => user_agent }.merge(headers || {}),
         accept_encoding: 'gzip, deflate',
         method: :get
       }
 
+      if disable_tls_checks
+        # See http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html
+        params[:ssl_verifypeer] = false
+        params[:ssl_verifyhost] = 0
+      end
+
       typhoeus_to_browser_opts.each do |typhoeus_opt, browser_opt|
         attr_value = public_send(browser_opt)
         params[typhoeus_opt] = attr_value unless attr_value.nil?

data/lib/cms_scanner/browser/options.rb

@@ -6,6 +6,7 @@ module CMSScanner
       cookie_jar
       cookie_string
       connect_timeout
+      disable_tls_checks
       headers
       http_auth
       max_threads
@@ -62,6 +63,7 @@ module CMSScanner
 
       File.open(user_agents_list).each do |line|
         next if line == "\n" || line[0, 1] == '#'
+
         @user_agents << line.chomp
       end
 

data/lib/cms_scanner/finders/base_finders.rb

@@ -18,6 +18,7 @@ module CMSScanner
         symbols = %i[passive aggressive]
 
         return symbols if mode.nil? || mode == :mixed
+
         symbols.include?(mode) ? [*mode] : []
       end
 

data/lib/cms_scanner/finders/finder.rb

@@ -1,6 +1,7 @@
 require 'cms_scanner/finders/finder/smart_url_checker'
 require 'cms_scanner/finders/finder/enumerator'
 require 'cms_scanner/finders/finder/fingerprinter'
+require 'cms_scanner/finders/finder/breadth_first_dictionary_attack'
 
 module CMSScanner
   module Finders
@@ -32,9 +33,9 @@ module CMSScanner
       # @return [ ProgressBar::Base ]
       def create_progress_bar(opts = {})
         bar_opts          = { format: '%t %a <%B> (%c / %C) %P%% %e' }
-        bar_opts[:output] = ProgressBar::Outputs::Null unless opts[:show_progression]
+        bar_opts[:output] = ProgressBarNullOutput unless opts[:show_progression]
 
-        @progress_bar = ProgressBar.create(bar_opts.merge(opts))
+        @progress_bar = ::ProgressBar.create(bar_opts.merge(opts))
       end
 
       # @return [ Browser ]

data/lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb

@@ -0,0 +1,102 @@
+module CMSScanner
+  module Finders
+    class Finder
+      # Module to provide an easy way to perform password attacks
+      module BreadthFirstDictionaryAttack
+        # @param [ Array<CMSScanner::User> ] users
+        # @param [ Array<String> ] passwords
+        # @param [ Hash ] opts
+        # @option opts [ Boolean ] :show_progression
+        #
+        # @yield [ CMSScanner::User ] When a valid combination is found
+        #
+        # TODO: Make rubocop happy about metrics etc
+        #
+        # rubocop:disable all
+        def attack(users, passwords, opts = {})
+          create_progress_bar(total: users.size * passwords.size, show_progression: opts[:show_progression])
+          queue_count = 0
+
+          passwords.each_with_index do |password, password_index|
+            remaining_users = users.select { |u| u.password.nil? }
+
+            break if remaining_users.empty?
+
+            remaining_users.each do |user|
+              request = login_request(user.username, password)
+
+              request.on_complete do |res|
+                progress_bar.title = "Trying #{user.username} / #{password}"
+                progress_bar.increment
+
+                if valid_credentials?(res)
+                  user.password = password
+
+                  yield user
+
+                  offset = progress_bar.total - progress_bar.progress < hydra.max_concurrency ? 2 : 1
+
+                  progress_bar.total -= passwords.size - password_index - offset
+                elsif errored_response?(res)
+                  output_error(res)
+                end
+              end
+
+              hydra.queue(request)
+              queue_count += 1
+
+              if queue_count >= hydra.max_concurrency
+                hydra.run
+                queue_count = 0
+              end
+            end
+          end
+
+          hydra.run
+          progress_bar.stop
+        end
+        # rubocop:enable all
+
+        # @param [ String ] username
+        # param [ String ] password
+        #
+        # @return [ Typhoeus::Request ]
+        def login_request(username, password)
+          # To Implement in the finder related to the attack
+        end
+
+        # @param [ Typhoeus::Response ] response
+        #
+        # @return [ Boolean ] Whether or not credentials related to the request are valid
+        def valid_credentials?(response)
+          # To Implement in the finder related to the attack
+        end
+
+        # @param [ Typhoeus::Response ] response
+        #
+        # @return [ Boolean ] Whether or not something wrong happened
+        #                     other than wrong credentials
+        def errored_response?(response)
+          # To Implement in the finder related to the attack
+        end
+
+        protected
+
+        # @param [ Typhoeus::Response ] response
+        def output_error(response)
+          error = if response.timed_out?
+                    'Request timed out.'
+                  elsif response.code.zero?
+                    "No response from remote server. WAF/IPS? (#{response.return_message})"
+                  elsif response.code.to_s =~ /^50/
+                    'Server error, try reducing the number of threads.'
+                  else
+                    "Unknown response received Code: #{response.code}\nBody: #{response.body}"
+                  end
+
+          progress_bar.log("Error: #{error}")
+        end
+      end
+    end
+  end
+end

data/lib/cms_scanner/formatter.rb

@@ -111,6 +111,7 @@ module CMSScanner
           tpl = tpl.delete('@')
         else
           raise 'The controller_name can not be nil' unless controller_name
+
           tpl = "#{controller_name}/#{tpl}"
         end
 

data/lib/cms_scanner/progressbar_null_output.rb

@@ -0,0 +1,21 @@
+require 'ruby-progressbar/outputs/null'
+
+module CMSScanner
+  # Adds the feature to log message sent to #log
+  # So they can be retrieved at some point, like after a password attack with a JSON output
+  # which won't display the progressbar but still call #log for errors etc
+  class ProgressBarNullOutput < ::ProgressBar::Outputs::Null
+    # @retutn [ Array<String> ]
+    def logs
+      @logs ||= []
+    end
+
+    # Override of parent method
+    # @return [ Array<String> ] return the logs when no string provided
+    def log(string = nil)
+      return logs if string.nil?
+
+      logs << string
+    end
+  end
+end

data/lib/cms_scanner/target.rb

@@ -80,36 +80,33 @@ module CMSScanner
 
     # @param [ Typhoeus::Response, String ] page
     # @param [ String ] xpath
-    # @param [ Array<String> ] attributes
     #
     # @yield [ String, Nokogiri::XML::Element ] The url and its associated tag
     #
     # @return [ Array<String> ] The absolute URLs detected in the response's body from the HTML tags
-    def urls_from_page(page = nil, xpath = '//link|//script|//style|//img|//a', attributes = %w[href src])
+    def urls_from_page(page = nil, xpath = '//@href|//@src|//@data-src')
       page    = NS::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
       found   = []
 
-      page.html.xpath(xpath).each do |tag|
-        attributes.each do |attribute|
-          attr_value = tag[attribute]
+      page.html.xpath(xpath).each do |node|
+        attr_value = node.text.to_s
 
-          next unless attr_value && !attr_value.empty?
+        next unless attr_value && !attr_value.empty?
 
-          tag_uri = begin
-                      uri.join(attr_value.strip)
-                    rescue StandardError
-                      # Skip potential malformed URLs etc.
-                      next
-                    end
+        node_uri = begin
+                     uri.join(attr_value.strip)
+                   rescue StandardError
+                     # Skip potential malformed URLs etc.
+                     next
+                   end
 
-          tag_uri_string = tag_uri.to_s
+        node_uri_string = node_uri.to_s
 
-          next unless tag_uri.host
+        next unless node_uri.host
 
-          yield tag_uri_string, tag if block_given? && !found.include?(tag_uri_string)
+        yield node_uri_string, node.parent if block_given? && !found.include?(node_uri_string)
 
-          found << tag_uri_string
-        end
+        found << node_uri_string
       end
 
       found.uniq

data/lib/cms_scanner/target/hashes.rb

@@ -38,7 +38,7 @@ module CMSScanner
     def homepage_or_404?(page)
       md5sum = self.class.page_hash(page)
 
-      md5sum == homepage_hash || md5sum == error_404_hash
+      [homepage_hash, error_404_hash].include?(md5sum)
     end
   end
 end

data/lib/cms_scanner/target/scope.rb

@@ -17,15 +17,14 @@ module CMSScanner
 
     # @param [ Typhoeus::Response ] res
     # @param [ String ] xpath
-    # @param [ Array<String> ] attributes
     #
     # @yield [ String, Nokogiri::XML::Element ] The in scope url and its associated tag
     #
     # @return [ Array<String> ] The in scope absolute URLs detected in the response's body
-    def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w[href src])
+    def in_scope_urls(res, xpath = '//@href|//@src|//@data-src')
       found = []
 
-      urls_from_page(res, xpath, attributes) do |url, tag|
+      urls_from_page(res, xpath) do |url, tag|
         next unless in_scope?(url)
 
         yield url, tag if block_given?

data/lib/cms_scanner/target/server/generic.rb

@@ -61,6 +61,7 @@ module CMSScanner
             entry = node.text.to_s
 
             next if entry =~ ignore
+
             found << entry
           end
 

data/lib/cms_scanner/typhoeus/response.rb

@@ -1,9 +1,14 @@
 module Typhoeus
   # Custom Response class
   class Response
-    # @return [ Nokogiri::HTML ] The response's body parsed by Nokogiri
+    # @return [ Nokogiri::HTML ] The response's body parsed by Nokogiri::HTML
     def html
       @html ||= Nokogiri::HTML(body.encode('UTF-8', invalid: :replace, undef: :replace))
     end
+
+    # @return [ Nokogiri::XML ] The response's body parsed by Nokogiri::XML
+    def xml
+      @xml ||= Nokogiri::XML(body.encode('UTF-8', invalid: :replace, undef: :replace))
+    end
   end
 end

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.39.4'.freeze
+  VERSION = '0.0.40'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.39.4
+  version: 0.0.40
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-09-20 00:00:00.000000000 Z
+date: 2018-09-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.16.1
+        version: 0.0.16.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.16.1
+        version: 0.0.16.2
 - !ruby/object:Gem::Dependency
   name: public_suffix
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.9.0
+        version: 1.10.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.9.0
+        version: 1.10.0
 - !ruby/object:Gem::Dependency
   name: typhoeus
   requirement: !ruby/object:Gem::Requirement
@@ -80,34 +80,48 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.3.0
+- !ruby/object:Gem::Dependency
+  name: xmlrpc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
 - !ruby/object:Gem::Dependency
   name: yajl-ruby
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.4.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.4.1
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.1'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.1'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -156,28 +170,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.7.0
+        version: 3.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.7.0
+        version: 3.8.0
 - !ruby/object:Gem::Dependency
   name: rspec-its
   requirement: !ruby/object:Gem::Requirement
@@ -198,42 +212,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.57.2
+        version: 0.59.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.57.2
+        version: 0.59.1
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.14.0
+        version: 0.16.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.14.0
+        version: 0.16.1
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: 3.4.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.0
+        version: 3.4.2
 description: Framework to provide an easy way to implement CMS Scanners
 email:
 - team@wpscan.org
@@ -265,6 +279,7 @@ files:
 - app/models/headers.rb
 - app/models/interesting_finding.rb
 - app/models/robots_txt.rb
+- app/models/user.rb
 - app/models/version.rb
 - app/models/xml_rpc.rb
 - app/user_agents.txt
@@ -317,6 +332,7 @@ files:
 - lib/cms_scanner/finders.rb
 - lib/cms_scanner/finders/base_finders.rb
 - lib/cms_scanner/finders/finder.rb
+- lib/cms_scanner/finders/finder/breadth_first_dictionary_attack.rb
 - lib/cms_scanner/finders/finder/enumerator.rb
 - lib/cms_scanner/finders/finder/fingerprinter.rb
 - lib/cms_scanner/finders/finder/smart_url_checker.rb
@@ -333,6 +349,7 @@ files:
 - lib/cms_scanner/formatter/buffer.rb
 - lib/cms_scanner/helper.rb
 - lib/cms_scanner/numeric.rb
+- lib/cms_scanner/progressbar_null_output.rb
 - lib/cms_scanner/public_suffix/domain.rb
 - lib/cms_scanner/references.rb
 - lib/cms_scanner/target.rb