cms_scanner 0.0.11 → 0.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b93921cef0886b572b23fb68c0eb79fc3ba4f99d
-  data.tar.gz: b77bf4aa78297bd4eee19634a8afb7a57db3b627
+  metadata.gz: 79429533403d4c37ac3c20f553e3b78de200666f
+  data.tar.gz: a295401b0ecf50612bd9c9c23f626009c03a8b76
 SHA512:
-  metadata.gz: 00c2b526a36a7cd7f5b91861ab1a9d9ec990e584f0a09101b5fb8b992c42f2e7b5fb80eb5d0b97230f6f0ad9d68543bd4c0233256f13d1a6674ce91efdc40630
-  data.tar.gz: d9375a980fac1ddaed54c144dcffcec45251a5cb9c773a2d327852ebb8cecc3c8fddd9f373dc3fa502ffeef7acf03ebd0e4884b443626026fbb45e61356b08aa
+  metadata.gz: 6fa364fe4c2c68a3ba41b833a0677f3e509b38000917ef782963d043051d5c90dc395028d284064a6be26ade3b309375cd4911edf80e0666d7f815ccf457038a
+  data.tar.gz: 9a01ac121b97750afaf2ff77e1e18ee588e037c5b4de279af36d3cd7c17bbb58ed1acc3d45d48b89b0910ff0cd7afaa831b0c36af7b3182160ace3aab486ca79

data/.rubocop.yml

@@ -6,3 +6,5 @@ MethodLength:
   Max: 15
 Metrics/AbcSize:
   Max: 20
+Metrics/CyclomaticComplexity:
+  Max: 10

data/cms_scanner.gemspec

@@ -31,7 +31,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rake', '~> 10.4'
   s.add_development_dependency 'rspec', '~> 3.2'
   s.add_development_dependency 'rspec-its', '~> 1.1'
-  s.add_development_dependency 'bundler', '~> 1.7'
+  s.add_development_dependency 'bundler', '~> 1.6'
   s.add_development_dependency 'rubocop', '~> 0.28'
   s.add_development_dependency 'webmock', '~> 1.20'
   s.add_development_dependency 'simplecov', '~> 0.9'

data/lib/cms_scanner/finders/finder.rb

@@ -13,6 +13,11 @@ module CMSScanner
         @target = target
       end
 
+      # @return [ String ] The titleize name of the finder
+      def titleize
+        self.class.to_s.demodulize.underscore.titleize
+      end
+
       # @param [ Hash ] _opts
       def passive(_opts = {})
       end
@@ -22,8 +27,13 @@ module CMSScanner
       end
 
       def found_by
-        "#{self.class.to_s.demodulize.underscore.titleize} " \
-        "(#{caller_locations(1, 1)[0].label.capitalize} Detection)"
+        caller_locations.each do |call|
+          label = call.label
+
+          next unless label == 'aggressive' || label == 'passive'
+
+          return "#{titleize} (#{label.capitalize} Detection)"
+        end
       end
     end
   end

data/lib/cms_scanner/finders/finder/smart_url_checker.rb

@@ -24,20 +24,7 @@ module CMSScanner
         #
         # @return [ Array<String> ]
         def passive_urls(_opts = {})
-          urls     = []
-          homepage = NS::Browser.get_and_follow_location(target.url).html
-
-          homepage.xpath(passive_urls_xpath).each do |node|
-            url = node['href'].strip
-            # case of relative URLs
-            url = target.url(url) unless url =~ /\Ahttps?:/i
-
-            next unless target.in_scope?(url)
-
-            urls << url
-          end
-
-          urls.uniq
+          target.in_scope_urls(NS::Browser.get_and_follow_location(target.url), passive_urls_xpath)
         end
 
         # @return [ String ]
@@ -62,12 +49,6 @@ module CMSScanner
         def aggressive_urls(_opts = {})
           fail NotImplementedError
         end
-
-        # @return [ String ]
-        def found_by
-          "#{self.class.to_s.demodulize.underscore.titleize} " \
-          "(#{caller_locations[7].label.capitalize} Detection)"
-        end
       end
     end
   end

data/lib/cms_scanner/finders/finder/smart_url_checker/findings.rb

@@ -20,7 +20,7 @@ module CMSScanner
               return self
             end
 
-            super(finding) if finding # prevent nil values to be added
+            super(finding)
           end
         end
       end

data/lib/cms_scanner/target.rb

@@ -2,6 +2,7 @@ require 'cms_scanner/web_site'
 require 'cms_scanner/target/platform'
 require 'cms_scanner/target/server'
 require 'cms_scanner/target/scope'
+require 'cms_scanner/target/hashes'
 
 module CMSScanner
   # Target to Scan
@@ -18,28 +19,6 @@ module CMSScanner
       [*opts[:scope]].each { |s| scope << s }
     end
 
-    # @return [ Array<PublicSuffix::Domain, String> ]
-    def scope
-      @scope ||= Scope.new
-    end
-
-    # // are handled by Addressable::URI, but worngly :/
-    # e.g: Addressable::URI.parse('//file').host => file
-    #
-    # Idea: parse the // with PublicSuffix to see if a valid
-    #       domain is used
-    #
-    # @param [ String ] url
-    #
-    # @return [ Boolean ] true if the url given is in scope
-    def in_scope?(url)
-      return true if url[0, 1] == '/' && url[1, 1] != '/'
-
-      scope.include?(Addressable::URI.parse(url).host)
-    rescue
-      false
-    end
-
     # TODO: add a force option to re-call the #find rather than return the @interesting_files ?
     #
     # @param [ Hash ] opts

data/lib/cms_scanner/target/hashes.rb

@@ -0,0 +1,39 @@
+module CMSScanner
+  # Scope system logic
+  class Target < WebSite
+    # @note Comments are deleted to avoid cache generation details
+    #
+    # @param [ Typhoeus::Response, String ] page
+    #
+    # @return [ String ] The md5sum of the page
+    def self.page_hash(page)
+      page = NS::Browser.get(page, followlocation: true) unless page.is_a?(Typhoeus::Response)
+
+      Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
+    end
+
+    # @return [ String ] The hash of the homepage
+    def homepage_hash
+      @homepage_hash ||= Target.page_hash(url)
+    end
+
+    # @note This is used to detect potential custom 404 responding with a 200
+    # @return [ String ] The hash of a 404
+    def error_404_hash
+      @error_404_hash ||= Target.page_hash(non_existant_page_url)
+    end
+
+    # @return [ String ] The URL of an unlikely existant page
+    def non_existant_page_url
+      uri.join(Digest::MD5.hexdigest(rand(999_999_999).to_s) + '.html').to_s
+    end
+
+    # @param [ Typhoeus::Response, String ] page
+    # @return [ Boolean ] Wether or not the page is a the homepage or a 404 based on its md5sum
+    def homepage_or_404?(page)
+      md5sum = Target.page_hash(page)
+
+      md5sum == homepage_hash || md5sum == error_404_hash
+    end
+  end
+end

data/lib/cms_scanner/target/scope.rb

@@ -1,5 +1,55 @@
 module CMSScanner
+  # Scope system logic
   class Target < WebSite
+    # @return [ Array<PublicSuffix::Domain, String> ]
+    def scope
+      @scope ||= Scope.new
+    end
+
+    # // are handled by Addressable::URI, but worngly :/
+    # e.g: Addressable::URI.parse('//file').host => file
+    #
+    # Idea: parse the // with PublicSuffix to see if a valid
+    #       domain is used
+    #
+    # @param [ String ] url
+    #
+    # @return [ Boolean ] true if the url given is in scope
+    def in_scope?(url)
+      url.strip!
+
+      return true if url[0, 1] == '/' && url[1, 1] != '/'
+
+      scope.include?(Addressable::URI.parse(url).host)
+    rescue
+      false
+    end
+
+    # @param [ Typhoeus::Response ] res
+    # @param [ String ] xpath
+    # @param [ Array<String> ] attributes
+    #
+    # @return [ Array<String> ] The in scope URLs detected in the response's body
+    def in_scope_urls(res, xpath = '//link|//script|//style|//img|//a', attributes = %w(href src))
+      found = []
+
+      res.html.xpath(xpath).each do |tag|
+        attributes.each do |attribute|
+          next unless in_scope?(tag[attribute])
+
+          attr_value = tag[attribute].strip
+
+          # Relative URL case (The // case is currently ignored by in_scope?)
+          attr_value = uri.join(attr_value).to_s unless attr_value =~ /\Ahttps?/i
+
+          yield attr_value if block_given? && !found.include?(attr_value)
+          found << attr_value
+        end
+      end
+
+      found.uniq
+    end
+
     # Scope Implementation
     class Scope
       # @return [ Array<PublicSuffix::Domain ] The valid domains in scope

data/lib/cms_scanner/version.rb

@@ -1,4 +1,4 @@
 # Version
 module CMSScanner
-  VERSION = '0.0.11'
+  VERSION = '0.0.12'
 end

data/spec/fixtures/target/scope/index.html

@@ -0,0 +1,20 @@
+<a href="http://e.org/f.txt">Link</a>
+<a href="http://e.org/f.txt">Link</a> <!-- Duplicates should be ignored -->
+
+<script src=" https://cdn.e.org/f2.js  "></script> <!-- head & tail spaces should be removed -->
+
+<script src="/script/s.js"></script>
+
+<link rel="alternate" type="application/rss+xml" title="Spec" href="http://wp-lamp/robots.txt" />
+
+<link rel="canonical" href="https://duckduckgo.com/">
+
+<img src="http://out.of.scope.com/img.jpg" width="1000" height="288" alt="" />
+
+<a href="">Empty Link</a>
+
+<link rel="alternate" type="application/rss+xml" title="WordPress 4.1 &raquo; Feed" href="http://e.org/feed" />
+
+<img src="//img.jpg" width="" height="" alt="" /> <!-- currently this should not be detected -->
+
+<img src="//out.of.scope.com/img.jpg" width="" height="" alt="" />

data/spec/lib/finders/finder/smart_url_checker/findings_spec.rb

@@ -1,9 +1,39 @@
 require 'spec_helper'
+require 'dummy_finding'
 
 describe CMSScanner::Finders::Finder::SmartURLChecker::Findings do
   subject(:findings) { described_class.new }
+  let(:finding)      { CMSScanner::DummyFinding }
 
-  describe '<<' do
-    xit
+  describe '#<<' do
+    after { expect(findings).to eq @expected }
+
+    context 'when no findings already in' do
+      it 'adds it' do
+        findings << finding.new('empty-test')
+        @expected = [finding.new('empty-test')]
+      end
+    end
+
+    context 'when findings already in' do
+      let(:confirmed) { finding.new('confirmed', interesting_entries: entries) }
+      let(:entries)   { %w(e1 e2) }
+
+      before { findings << finding.new('test') << confirmed }
+
+      it 'adds a confirmed result correctly' do
+        confirmed_dup = confirmed.dup
+        confirmed_dup.confidence = 100
+        confirmed_dup.interesting_entries = %w(e2 e3)
+
+        findings << confirmed_dup
+
+        confirmed.confirmed_by = confirmed_dup
+
+        @expected = [] << finding.new('test') << confirmed
+
+        expect(findings[1].interesting_entries).to eql(%w(e1 e2 e3))
+      end
+    end
   end
 end

data/spec/lib/finders/finder/smart_url_checker_spec.rb

@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+describe CMSScanner::Finders::Finder::SmartURLChecker do
+  # Dummy class to test the module
+  class DummyFinder < CMSScanner::Finders::Finder
+    include CMSScanner::Finders::Finder::SmartURLChecker
+  end
+
+  subject(:finder) { DummyFinder.new(target) }
+  let(:target)     { CMSScanner::Target.new('http://e.org') }
+
+  before { stub_request(:get, target.url) }
+
+  context 'when methods are not implemented' do
+    it 'raises errors' do
+      expect { finder.process_urls([]) }.to raise_error NotImplementedError
+      expect { finder.passive }.to raise_error NotImplementedError
+      expect { finder.aggressive_urls }.to raise_error NotImplementedError
+    end
+  end
+
+  describe '#aggressive' do
+    before { expect(finder).to receive(:aggressive_urls).and_return(%w(u1 u2 u3)) }
+
+    after do
+      expect(finder).to receive(:process_urls).with(@expected_urls, mode: mode)
+      finder.aggressive(mode: mode)
+    end
+
+    context 'when :mode = :mixed' do
+      before { expect(finder).to receive(:passive_urls).and_return(%w(u2)) }
+
+      let(:mode) { :mixed }
+
+      it 'calls #process_urls with the correct argument' do
+        @expected_urls = %w(u1 u3)
+      end
+    end
+
+    [:passive, :aggressive].each do |m|
+      context "when :mode = #{m}" do
+        let(:mode) { m }
+
+        it 'calls #process_urls with the correct argument' do
+          @expected_urls = %w(u1 u2 u3)
+        end
+      end
+    end
+  end
+end

data/spec/lib/target/hashes_spec.rb

@@ -0,0 +1,90 @@
+require 'spec_helper'
+
+describe CMSScanner::Target do
+  subject(:target) { described_class.new(url) }
+  let(:url)        { 'http://e.org' }
+
+  def md5sum(body)
+    Digest::MD5.hexdigest(body)
+  end
+
+  describe '#page_hash' do
+    after { expect(described_class.page_hash(page)).to eql @expected }
+
+    context 'when the page is an url' do
+      let(:page) { 'http://e.org/somepage.php' }
+
+      it 'returns the MD5 hash of the page' do
+        body = 'Hello World !'
+
+        stub_request(:get, page).to_return(body: body)
+
+        @expected = md5sum(body)
+      end
+    end
+
+    context 'when the page is a Typhoeus::Response' do
+      let(:page) { Typhoeus::Response.new(body: 'Hello Example!') }
+
+      it 'returns the correct hash' do
+        @expected = md5sum('Hello Example!')
+      end
+    end
+
+    context 'when there are comments' do
+      let(:page) do
+        body = "yolo\n\n<!--I should <script>no longer be</script> there -->\nworld!"
+        Typhoeus::Response.new(body: body)
+      end
+
+      it 'removes them' do
+        @expected = md5sum("yolo\n\n\nworld!")
+      end
+    end
+  end
+
+  describe '#homepage_hash' do
+    it 'returns the MD5 hash of the homepage' do
+      body = 'Hello World'
+
+      stub_request(:get, target.url).to_return(body: body)
+
+      expect(target.homepage_hash).to eql md5sum(body)
+    end
+  end
+
+  describe '#error_404_hash' do
+    it 'returns the md5sum of the 404 page' do
+      stub_request(:any, /.*/).to_return(status: 404, body: '404 page !')
+
+      expect(target.error_404_hash).to eql md5sum('404 page !')
+    end
+  end
+
+  describe '#homepage_or_404?' do
+    let(:page_url) { target.url('page') }
+
+    before do
+      expect(target).to receive(:homepage_hash).and_return(md5sum('Home'))
+      expect(target).to receive(:error_404_hash).and_return(md5sum('Custom 404'))
+
+      stub_request(:get, page_url).to_return(body: body)
+    end
+
+    context 'when hashes do not match' do
+      let(:body) { 'Page!' }
+
+      it 'returns false' do
+        expect(target.homepage_or_404?(page_url)).to eql false
+      end
+    end
+
+    context 'when hashes match' do
+      let(:body) { 'Custom 404' }
+
+      it 'returns true' do
+        expect(target.homepage_or_404?(page_url)).to eql true
+      end
+    end
+  end
+end

data/spec/lib/target/scope_spec.rb

@@ -0,0 +1,101 @@
+require 'spec_helper'
+
+describe CMSScanner::Target do
+  subject(:target) { described_class.new(url, opts) }
+  let(:url)        { 'http://e.org' }
+  let(:fixtures)   { File.join(FIXTURES, 'target', 'scope') }
+  let(:opts)       { { scope: nil } }
+
+  describe '#scope' do
+    let(:default_domains) { [PublicSuffix.parse('e.org')] }
+
+    context 'when none supplied' do
+      its('scope.domains') { should eq default_domains }
+    end
+
+    context 'when scope provided' do
+      let(:opts) { super().merge(scope: ['*.e.org']) }
+
+      its('scope.domains') { should eq default_domains << PublicSuffix.parse(opts[:scope].first) }
+
+      context 'when invalid domains provided' do
+        let(:opts) { super().merge(scope: ['wp-lamp', '192.168.1.12']) }
+
+        it 'adds them in the invalid_domains attribute' do
+          expect(target.scope.domains).to eq default_domains
+          expect(target.scope.invalid_domains).to eq opts[:scope]
+        end
+      end
+    end
+  end
+
+  describe '#in_scope?' do
+    context 'when default scope (target domain)' do
+      [nil, '', 'http://out-of-scope.com', '//jquery.com/j.js'].each do |url|
+        it "returns false for #{url}" do
+          expect(target.in_scope?(url)).to eql false
+        end
+      end
+
+      %w(https://e.org/file.txt http://e.org/ /relative).each do |url|
+        it "returns true for #{url}" do
+          expect(target.in_scope?(url)).to eql true
+        end
+      end
+    end
+
+    context 'when custom scope' do
+      let(:opts) { { scope: ['*.e.org', '192.168.1.12'] } }
+
+      [nil, '', 'http://out-of-scope.com', '//jquery.com/j.js', 'http://192.168.1.2/'].each do |url|
+        it "returns false for #{url}" do
+          expect(target.in_scope?(url)).to eql false
+        end
+      end
+
+      %w(https://cdn.e.org/file.txt http://www.e.org/ https://192.168.1.12/home).each do |url|
+        it "returns true for #{url}" do
+          expect(target.in_scope?(url)).to eql true
+        end
+      end
+    end
+  end
+
+  describe '#in_scope_urls' do
+    let(:res) { Typhoeus::Response.new(body: File.open(File.join(fixtures, 'index.html'))) }
+
+    context 'when block given' do
+      it 'yield the url' do
+        expect { |b| target.in_scope_urls(res, &b) }
+          .to yield_successive_args('http://e.org/f.txt', 'http://e.org/script/s.js', 'http://e.org/feed')
+      end
+    end
+
+    context 'when xpath argument given' do
+      it 'returns the expected array' do
+        xpath = '//link[@rel="alternate" and @type="application/rss+xml"]'
+
+        expect(target.in_scope_urls(res, xpath)).to eql(%w(http://e.org/feed))
+      end
+    end
+
+    context 'when no block given' do
+      after { expect(target.in_scope_urls(res)).to eql @expected }
+
+      context 'when default scope' do
+        it 'returns the expected array' do
+          @expected = %w(http://e.org/f.txt http://e.org/script/s.js http://e.org/feed)
+        end
+      end
+
+      context 'when supplied scope' do
+        let(:opts) { super().merge(scope: ['*.e.org', 'wp-lamp']) }
+
+        it 'returns the expected array' do
+          @expected = %w(http://e.org/f.txt https://cdn.e.org/f2.js http://e.org/script/s.js
+                         http://wp-lamp/robots.txt http://e.org/feed)
+        end
+      end
+    end
+  end
+end

data/spec/lib/target_spec.rb

@@ -1,64 +1,8 @@
 require 'spec_helper'
 
 describe CMSScanner::Target do
-  subject(:target) { described_class.new(url, opts) }
+  subject(:target) { described_class.new(url) }
   let(:url)        { 'http://e.org' }
-  let(:opts)       { { scope: nil } }
-
-  describe '#scope' do
-    let(:default_domains) { [PublicSuffix.parse('e.org')] }
-
-    context 'when none supplied' do
-      its('scope.domains') { should eq default_domains }
-    end
-
-    context 'when scope provided' do
-      let(:opts) { super().merge(scope: ['*.e.org']) }
-
-      its('scope.domains') { should eq default_domains << PublicSuffix.parse(opts[:scope].first) }
-
-      context 'when invalid domains provided' do
-        let(:opts) { super().merge(scope: ['wp-lamp', '192.168.1.12']) }
-
-        it 'adds them in the invalid_domains attribute' do
-          expect(target.scope.domains).to eq default_domains
-          expect(target.scope.invalid_domains).to eq opts[:scope]
-        end
-      end
-    end
-  end
-
-  describe '#in_scope?' do
-    context 'when default scope (target domain)' do
-      [nil, '', 'http://out-of-scope.com', '//jquery.com/j.js'].each do |url|
-        it "returns false for #{url}" do
-          expect(target.in_scope?(url)).to eql false
-        end
-      end
-
-      %w(https://e.org/file.txt http://e.org/ /relative).each do |url|
-        it "returns true for #{url}" do
-          expect(target.in_scope?(url)).to eql true
-        end
-      end
-    end
-
-    context 'when custom scope' do
-      let(:opts) { { scope: ['*.e.org', '192.168.1.12'] } }
-
-      [nil, '', 'http://out-of-scope.com', '//jquery.com/j.js', 'http://192.168.1.2/'].each do |url|
-        it "returns false for #{url}" do
-          expect(target.in_scope?(url)).to eql false
-        end
-      end
-
-      %w(https://cdn.e.org/file.txt http://www.e.org/ https://192.168.1.12/home).each do |url|
-        it "returns true for #{url}" do
-          expect(target.in_scope?(url)).to eql true
-        end
-      end
-    end
-  end
 
   describe '#interesting_files' do
     before do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cms_scanner
 version: !ruby/object:Gem::Version
-  version: 0.0.11
+  version: 0.0.12
 platform: ruby
 authors:
 - WPScanTeam - Erwan Le Rousseau
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-03 00:00:00.000000000 Z
+date: 2015-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: opt_parse_validator
@@ -142,14 +142,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '1.6'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
@@ -240,9 +240,6 @@ files:
 - app/views/json/interesting_files/findings.erb
 - app/views/json/scan_aborted.erb
 - cms_scanner.gemspec
-- examples/views/cli/wp_custom/test.erb
-- examples/views/json/wp_custom/test.erb
-- examples/wpscan.rb
 - lib/cms_scanner.rb
 - lib/cms_scanner/browser.rb
 - lib/cms_scanner/browser/actions.rb
@@ -267,6 +264,7 @@ files:
 - lib/cms_scanner/formatter/buffer.rb
 - lib/cms_scanner/public_suffix/domain.rb
 - lib/cms_scanner/target.rb
+- lib/cms_scanner/target/hashes.rb
 - lib/cms_scanner/target/platform.rb
 - lib/cms_scanner/target/platform/php.rb
 - lib/cms_scanner/target/scope.rb
@@ -312,6 +310,7 @@ files:
 - spec/fixtures/output.txt
 - spec/fixtures/target/platform/php/debug_log/debug.log
 - spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
+- spec/fixtures/target/scope/index.html
 - spec/fixtures/target/server/apache/directory_listing/2.2.16.html
 - spec/fixtures/target/server/generic/server/apache/basic.txt
 - spec/fixtures/target/server/generic/server/iis/basic.txt
@@ -332,6 +331,7 @@ files:
 - spec/lib/controllers_spec.rb
 - spec/lib/finders/confidence_spec.rb
 - spec/lib/finders/finder/smart_url_checker/findings_spec.rb
+- spec/lib/finders/finder/smart_url_checker_spec.rb
 - spec/lib/finders/findings_spec.rb
 - spec/lib/finders/independent_finders_spec.rb
 - spec/lib/finders/unique_finder_spec.rb
@@ -339,7 +339,9 @@ files:
 - spec/lib/formatter_spec.rb
 - spec/lib/public_suffix/domain_spec.rb
 - spec/lib/sub_scanner_spec.rb
+- spec/lib/target/hashes_spec.rb
 - spec/lib/target/platforms_spec.rb
+- spec/lib/target/scope_spec.rb
 - spec/lib/target/servers_spec.rb
 - spec/lib/target_spec.rb
 - spec/lib/web_site_spec.rb
@@ -423,6 +425,7 @@ test_files:
 - spec/fixtures/output.txt
 - spec/fixtures/target/platform/php/debug_log/debug.log
 - spec/fixtures/target/platform/php/fpd/wp_rss_functions.php
+- spec/fixtures/target/scope/index.html
 - spec/fixtures/target/server/apache/directory_listing/2.2.16.html
 - spec/fixtures/target/server/generic/server/apache/basic.txt
 - spec/fixtures/target/server/generic/server/iis/basic.txt
@@ -443,6 +446,7 @@ test_files:
 - spec/lib/controllers_spec.rb
 - spec/lib/finders/confidence_spec.rb
 - spec/lib/finders/finder/smart_url_checker/findings_spec.rb
+- spec/lib/finders/finder/smart_url_checker_spec.rb
 - spec/lib/finders/findings_spec.rb
 - spec/lib/finders/independent_finders_spec.rb
 - spec/lib/finders/unique_finder_spec.rb
@@ -450,7 +454,9 @@ test_files:
 - spec/lib/formatter_spec.rb
 - spec/lib/public_suffix/domain_spec.rb
 - spec/lib/sub_scanner_spec.rb
+- spec/lib/target/hashes_spec.rb
 - spec/lib/target/platforms_spec.rb
+- spec/lib/target/scope_spec.rb
 - spec/lib/target/servers_spec.rb
 - spec/lib/target_spec.rb
 - spec/lib/web_site_spec.rb

data/examples/views/cli/wp_custom/test.erb

@@ -1 +0,0 @@
-Testing! --wpscan-option = <%= @option %>

data/examples/views/json/wp_custom/test.erb

@@ -1 +0,0 @@
-"--wpscan-option": <%= @option.to_json %>,

data/examples/wpscan.rb

@@ -1,29 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'cms_scanner'
-
-# Custom WPScan Scanner
-module WPScan
-  include CMSScanner
-
-  module Controller
-    # Custom WPScan Controller
-    class WpCustom < CMSScanner::Controller::Base
-      def cli_options
-        [
-          OptString.new(['--wpscan-option VALUE'])
-        ]
-      end
-
-      def run
-        output('test', option: parsed_options[:wpscan_option])
-      end
-    end
-  end
-end
-
-WPScan::Scan.new do |s|
-  s.controllers << WPScan::Controller::WpCustom.new
-  s.views_directories << Pathname.new(__FILE__).dirname.join('views').to_s
-  s.run
-end