wpscan 3.0.8 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE +1 -1
  3. data/README.md +1 -1
  4. data/app/controllers.rb +1 -0
  5. data/app/controllers/aliases.rb +12 -0
  6. data/app/controllers/core.rb +3 -5
  7. data/app/controllers/enumeration.rb +2 -28
  8. data/app/controllers/enumeration/enum_methods.rb +12 -2
  9. data/app/controllers/wp_version.rb +4 -0
  10. data/app/finders/main_theme/css_style.rb +2 -2
  11. data/app/finders/main_theme/urls_in_homepage.rb +3 -3
  12. data/app/finders/plugin_version.rb +1 -8
  13. data/app/finders/plugins.rb +13 -4
  14. data/app/finders/plugins/body_pattern.rb +27 -0
  15. data/app/finders/plugins/comment.rb +31 -0
  16. data/app/finders/plugins/config_parser.rb +31 -0
  17. data/app/finders/plugins/header_pattern.rb +41 -0
  18. data/app/finders/plugins/javascript_var.rb +29 -0
  19. data/app/finders/plugins/known_locations.rb +5 -5
  20. data/app/finders/plugins/query_parameter.rb +25 -0
  21. data/app/finders/plugins/urls_in_homepage.rb +4 -8
  22. data/app/finders/plugins/xpath.rb +29 -0
  23. data/app/finders/theme_version.rb +1 -1
  24. data/app/finders/theme_version/woo_framework_meta_generator.rb +2 -2
  25. data/app/finders/themes/known_locations.rb +5 -5
  26. data/app/finders/themes/urls_in_homepage.rb +2 -2
  27. data/app/finders/users/login_error_messages.rb +1 -4
  28. data/app/finders/users/wp_json_api.rb +2 -2
  29. data/app/finders/wp_items/urls_in_homepage.rb +1 -1
  30. data/app/finders/wp_version.rb +21 -18
  31. data/app/models/plugin.rb +4 -4
  32. data/app/models/theme.rb +6 -6
  33. data/app/models/timthumb.rb +1 -3
  34. data/app/models/wp_item.rb +15 -15
  35. data/app/views/json/enumeration/plugins.erb +1 -1
  36. data/app/views/json/enumeration/themes.erb +1 -1
  37. data/app/views/json/wp_item.erb +1 -1
  38. data/bin/wpscan +2 -1
  39. data/lib/wpscan/db.rb +14 -10
  40. data/lib/wpscan/db/dynamic_finders/base.rb +41 -0
  41. data/lib/wpscan/db/dynamic_finders/plugin.rb +111 -0
  42. data/lib/wpscan/db/dynamic_finders/theme.rb +16 -0
  43. data/lib/wpscan/db/dynamic_finders/wordpress.rb +75 -0
  44. data/lib/wpscan/db/updater.rb +2 -2
  45. data/lib/wpscan/finders.rb +13 -1
  46. data/lib/wpscan/finders/dynamic_finder/finder.rb +66 -0
  47. data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +28 -0
  48. data/lib/wpscan/finders/dynamic_finder/version/comment.rb +16 -0
  49. data/lib/wpscan/finders/dynamic_finder/version/config_parser.rb +52 -0
  50. data/lib/wpscan/finders/dynamic_finder/version/finder.rb +29 -0
  51. data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +28 -0
  52. data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +56 -0
  53. data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +62 -0
  54. data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +34 -0
  55. data/lib/wpscan/finders/dynamic_finder/wp_item_version.rb +42 -0
  56. data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +96 -0
  57. data/lib/wpscan/finders/dynamic_finder/wp_version.rb +60 -0
  58. data/lib/wpscan/helper.rb +11 -0
  59. data/lib/wpscan/target/platform/wordpress/custom_directories.rb +16 -1
  60. data/lib/wpscan/version.rb +1 -1
  61. metadata +32 -24
  62. data/app/finders/plugin_version/layer_slider/translation_file.rb +0 -40
  63. data/app/finders/plugin_version/revslider/release_log.rb +0 -35
  64. data/app/finders/plugin_version/shareaholic/meta_tag.rb +0 -27
  65. data/app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb +0 -27
  66. data/app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb +0 -31
  67. data/app/finders/plugin_version/w3_total_cache/headers.rb +0 -28
  68. data/app/finders/plugins/comments.rb +0 -31
  69. data/app/finders/plugins/headers.rb +0 -36
  70. data/app/finders/wp_version/homepage_stylesheet_numbers.rb +0 -59
  71. data/app/finders/wp_version/install_stylesheet_numbers.rb +0 -16
  72. data/app/finders/wp_version/meta_generator.rb +0 -27
  73. data/app/finders/wp_version/opml_generator.rb +0 -23
  74. data/app/finders/wp_version/sitemap_generator.rb +0 -23
  75. data/app/finders/wp_version/upgrade_stylesheet_numbers.rb +0 -13
  76. data/lib/wpscan/db/dynamic_finders.rb +0 -55
  77. data/lib/wpscan/finders/finder/plugin_version/comments.rb +0 -27
@@ -0,0 +1,56 @@
1
+ module WPScan
2
+ module Finders
3
+ module DynamicFinder
4
+ module Version
5
+ # Version finder using JavaScript Variable method
6
+ class JavascriptVar < WPScan::Finders::DynamicFinder::Version::Finder
7
+ # @return [ Hash ]
8
+ def self.child_class_constants
9
+ @child_class_constants ||= super().merge(
10
+ XPATH: '//script[not(@src)]', VERSION_KEY: nil,
11
+ PATTERN: nil, CONFIDENCE: 60
12
+ )
13
+ end
14
+
15
+ # @param [ Typhoeus::Response ] response
16
+ # @param [ Hash ] opts
17
+ # @return [ Version ]
18
+ def find(response, _opts = {})
19
+ target.xpath_pattern_from_page(
20
+ self.class::XPATH, self.class::PATTERN, response
21
+ ) do |match_data, _node|
22
+ next unless (version_number = version_number_from_match_data(match_data))
23
+
24
+ # If the text to be output in the interesting_entries is > 50 chars,
25
+ # get 20 chars before and after (when possible) the detected version instead
26
+ match = match_data.to_s
27
+ match = match[/.*?(.{,20}#{Regexp.escape(version_number)}.{,20}).*/, 1] if match.size > 50
28
+
29
+ return create_version(
30
+ version_number,
31
+ interesting_entries: ["#{response.effective_url}, Match: '#{match.strip}'"]
32
+ )
33
+ end
34
+ nil
35
+ end
36
+
37
+ # @param [ MatchData ] match_data
38
+ # @return [ String ]
39
+ def version_number_from_match_data(match_data)
40
+ if self.class::VERSION_KEY
41
+ begin
42
+ json = JSON.parse("{#{match_data[:json].strip.tr("'", '"')}}")
43
+ rescue JSON::ParserError
44
+ return
45
+ end
46
+
47
+ json.dig(*self.class::VERSION_KEY.split(':'))
48
+ else
49
+ match_data[:v]
50
+ end
51
+ end
52
+ end
53
+ end
54
+ end
55
+ end
56
+ end
@@ -0,0 +1,62 @@
1
+ module WPScan
2
+ module Finders
3
+ module DynamicFinder
4
+ module Version
5
+ # Version finder using QueryParameter method
6
+ class QueryParameter < WPScan::Finders::DynamicFinder::Version::Finder
7
+ # @return [ Hash ]
8
+ def self.child_class_constants
9
+ @child_class_constants ||= super().merge(
10
+ XPATH: nil, FILES: nil, PATTERN: /(?:v|ver|version)\=(?<v>\d+\.[\.\d]+)/i, CONFIDENCE_PER_OCCURENCE: 10
11
+ )
12
+ end
13
+
14
+ # @param [ Typhoeus::Response ] response
15
+ # @param [ Hash ] opts
16
+ # @return [ Array<Version>, nil ]
17
+ def find(response, _opts = {})
18
+ found = []
19
+
20
+ scan_response(response).each do |version_number, occurences|
21
+ found << create_version(
22
+ version_number,
23
+ confidence: self.class::CONFIDENCE_PER_OCCURENCE * occurences.size,
24
+ interesting_entries: occurences
25
+ )
26
+ end
27
+
28
+ found.compact
29
+ end
30
+
31
+ # @param [ Typhoeus::Response ] response
32
+ # @return [ Hash ]
33
+ def scan_response(response)
34
+ found = {}
35
+
36
+ target.in_scope_urls(response, xpath) do |url, _tag|
37
+ uri = Addressable::URI.parse(url)
38
+
39
+ next unless uri.path =~ path_pattern && uri.query&.match(self.class::PATTERN)
40
+ version = Regexp.last_match[:v].to_s
41
+
42
+ found[version] ||= []
43
+ found[version] << url
44
+ end
45
+
46
+ found
47
+ end
48
+
49
+ # @return [ String ]
50
+ def xpath
51
+ @xpath ||= self.class::XPATH || '//link[@href]|//script[@src]'
52
+ end
53
+
54
+ # @return [ Regexp ]
55
+ def path_pattern
56
+ @path_pattern ||= %r{/(?:#{self.class::FILES.join('|')})\z}i
57
+ end
58
+ end
59
+ end
60
+ end
61
+ end
62
+ end
@@ -0,0 +1,34 @@
1
+ module WPScan
2
+ module Finders
3
+ module DynamicFinder
4
+ module Version
5
+ # Version finder using Xpath method
6
+ class Xpath < WPScan::Finders::DynamicFinder::Version::Finder
7
+ # @return [ Hash ]
8
+ def self.child_class_constants
9
+ @child_class_constants ||= super().merge(
10
+ XPATH: nil, PATTERN: /\A(?<v>\d+\.[\.\d]+)/, CONFIDENCE: 60
11
+ )
12
+ end
13
+
14
+ # @param [ Typhoeus::Response ] response
15
+ # @param [ Hash ] opts
16
+ # @return [ Version ]
17
+ def find(response, _opts = {})
18
+ target.xpath_pattern_from_page(
19
+ self.class::XPATH, self.class::PATTERN, response
20
+ ) do |match_data, _node|
21
+ next unless match_data[:v]
22
+
23
+ return create_version(
24
+ match_data[:v],
25
+ interesting_entries: ["#{response.effective_url}, Match: '#{match_data}'"]
26
+ )
27
+ end
28
+ nil
29
+ end
30
+ end
31
+ end
32
+ end
33
+ end
34
+ end
@@ -0,0 +1,42 @@
1
+ module WPScan
2
+ module Finders
3
+ module DynamicFinder
4
+ module WpItemVersion
5
+ class BodyPattern < WPScan::Finders::DynamicFinder::Version::BodyPattern
6
+ end
7
+
8
+ class Comment < WPScan::Finders::DynamicFinder::Version::Comment
9
+ end
10
+
11
+ class ConfigParser < WPScan::Finders::DynamicFinder::Version::ConfigParser
12
+ end
13
+
14
+ class HeaderPattern < WPScan::Finders::DynamicFinder::Version::HeaderPattern
15
+ end
16
+
17
+ class JavascriptVar < WPScan::Finders::DynamicFinder::Version::JavascriptVar
18
+ end
19
+
20
+ class QueryParameter < WPScan::Finders::DynamicFinder::Version::QueryParameter
21
+ # @return [ Regexp ]
22
+ def path_pattern
23
+ # TODO: consider the target.blog.themes_dir if the target is a Theme (maybe implement a WpItem#item_dir ?)
24
+ @path_pattern ||= %r{
25
+ #{Regexp.escape(target.blog.plugins_dir)}/
26
+ #{Regexp.escape(target.slug)}/
27
+ (?:#{self.class::FILES.join('|')})\z
28
+ }ix
29
+ end
30
+
31
+ def xpath
32
+ @xpath ||= self.class::XPATH ||
33
+ "//link[contains(@href,'#{target.slug}')]|//script[contains(@src,'#{target.slug}')]"
34
+ end
35
+ end
36
+
37
+ class Xpath < WPScan::Finders::DynamicFinder::Version::Xpath
38
+ end
39
+ end
40
+ end
41
+ end
42
+ end
@@ -0,0 +1,96 @@
1
+ module WPScan
2
+ module Finders
3
+ module DynamicFinder
4
+ module WpItems
5
+ # Not really a dynamic finder in itself (hence not a child class of DynamicFinder::Finder)
6
+ # but will use the dynamic finder DB configs to find collections of
7
+ # WpItems (such as Plugins and Themes)
8
+ #
9
+ # Also used to factorise some code used between such finders.
10
+ # The #process_response should be implemented in each child class, or the
11
+ # #passive and #aggressive overriden
12
+ class Finder < CMSScanner::Finders::Finder
13
+ # @return [ Hash ] The related dynamic finder passive configurations
14
+ # for the current class (all its usefullness comes from child classes)
15
+ def passive_configs
16
+ # So far only the Plugins have dynamic finders so using DB:: DynamicFinders::Plugin
17
+ # is ok. However, when Themes have some, will need to create other child classes for them
18
+
19
+ method = "passive_#{self.class.to_s.demodulize.underscore}_finder_configs".to_sym
20
+
21
+ DB::DynamicFinders::Plugin.public_send(method)
22
+ end
23
+
24
+ # @param [ Hash ] opts
25
+ #
26
+ # @return [ Array<Plugin>, Array<Theme> ]
27
+ def passive(opts = {})
28
+ found = []
29
+
30
+ passive_configs.each do |slug, configs|
31
+ configs.each do |klass, config|
32
+ item = process_response(opts, target.homepage_res, slug, klass, config)
33
+
34
+ found << item if item.is_a?(WpItem)
35
+ end
36
+ end
37
+
38
+ found
39
+ end
40
+
41
+ # @return [ Hash ] The related dynamic finder passive configurations
42
+ # for the current class (all its usefullness comes from child classes)
43
+ def aggressive_configs
44
+ # So far only the Plugins have dynamic finders so using DB:: DynamicFinders::Plugin
45
+ # is ok. However, when Themes have some, will need to create other child classes for them
46
+
47
+ method = "aggressive_#{self.class.to_s.demodulize.underscore}_finder_configs".to_sym
48
+
49
+ DB::DynamicFinders::Plugin.public_send(method)
50
+ end
51
+
52
+ # @param [ Hash ] opts
53
+ #
54
+ # @return [ Array<Plugin>, Array<Theme> ]
55
+ def aggressive(_opts = {})
56
+ # Disable this as it would make quite a lot of extra requests just to find plugins/themes
57
+ # Kept the original method below for future implementation
58
+ end
59
+
60
+ # @param [ Hash ] opts
61
+ #
62
+ # @return [ Array<Plugin>, Array<Theme> ]
63
+ def aggressive_(opts = {})
64
+ found = []
65
+
66
+ aggressive_configs.each do |slug, configs|
67
+ configs.each do |klass, config|
68
+ path = aggressive_path(slug, config)
69
+ response = Browser.get(target.url(path))
70
+
71
+ item = process_response(opts, response, slug, klass, config)
72
+
73
+ found << item if item.is_a?(WpItem)
74
+ end
75
+ end
76
+
77
+ found
78
+ end
79
+
80
+ # @param [ String ] slug
81
+ # @param [ Hash ] config from the YAML file with he 'path' key
82
+ #
83
+ # @return [ String ] The path related to the aggresive configuration
84
+ # ie config['path'] if it's an absolute path (like /file.txt)
85
+ # or the path from inside the related plugin directory
86
+ def aggressive_path(slug, config)
87
+ return config['path'] if config['path'][0] == '/'
88
+
89
+ # No need to set the correct plugins dir, it will be handled by target.url()
90
+ "wp-content/plugins/#{slug}/#{config['path']}"
91
+ end
92
+ end
93
+ end
94
+ end
95
+ end
96
+ end
@@ -0,0 +1,60 @@
1
+ module WPScan
2
+ module Finders
3
+ module DynamicFinder
4
+ module WpVersion
5
+ module Finder
6
+ def create_version(number, finding_opts)
7
+ return unless WPScan::WpVersion.valid?(number)
8
+
9
+ WPScan::WpVersion.new(number, version_finding_opts(finding_opts))
10
+ end
11
+ end
12
+
13
+ class BodyPattern < WPScan::Finders::DynamicFinder::Version::BodyPattern
14
+ include Finder
15
+ end
16
+
17
+ class Comment < WPScan::Finders::DynamicFinder::Version::Comment
18
+ include Finder
19
+ end
20
+
21
+ class HeaderPattern < WPScan::Finders::DynamicFinder::Version::HeaderPattern
22
+ include Finder
23
+ end
24
+
25
+ class JavascriptVar < WPScan::Finders::DynamicFinder::Version::JavascriptVar
26
+ include Finder
27
+ end
28
+
29
+ class QueryParameter < WPScan::Finders::DynamicFinder::Version::QueryParameter
30
+ include Finder
31
+
32
+ # @return [ Hash ]
33
+ def self.child_class_constants
34
+ @child_class_constants ||= super().merge(PATTERN: /ver\=(?<v>\d+\.[\.\d]+)/i)
35
+ end
36
+ end
37
+
38
+ class WpItemQueryParameter < QueryParameter
39
+ def xpath
40
+ @xpath ||= self.class::XPATH ||
41
+ "//link[contains(@href,'#{target.plugins_dir}') or contains(@href,'#{target.themes_dir}')]|" \
42
+ "//script[contains(@src,'#{target.plugins_dir}') or contains(@src,'#{target.themes_dir}')]"
43
+ end
44
+
45
+ def path_pattern
46
+ @pattern ||= %r{
47
+ (?:#{Regexp.escape(target.plugins_dir)}|#{Regexp.escape(target.themes_dir)})/
48
+ [^/]+/
49
+ .*\.(?:css|js)\z
50
+ }ix
51
+ end
52
+ end
53
+
54
+ class Xpath < WPScan::Finders::DynamicFinder::Version::Xpath
55
+ include Finder
56
+ end
57
+ end
58
+ end
59
+ end
60
+ end
data/lib/wpscan/helper.rb CHANGED
@@ -3,3 +3,14 @@ def read_json_file(file)
3
3
  rescue StandardError => e
4
4
  raise "JSON parsing error in #{file} #{e}"
5
5
  end
6
+
7
+ # @return [ Symbol ]
8
+ # @note As a class can not start with a digit or underscore, a D_ is
9
+ # put as a prefix in such case. Ugly but well :x
10
+ # Not only used to classify slugs though, but Dynamic Finder names as well
11
+ def classify_slug(slug)
12
+ classified = slug.to_s.tr('-', '_').camelize.to_s
13
+ classified = "D_#{classified}" if classified[0] =~ /\d/
14
+
15
+ classified.to_sym
16
+ end
@@ -50,8 +50,23 @@ module WPScan
50
50
  plugins_uri.to_s
51
51
  end
52
52
 
53
+ # @return [ String ]
54
+ def themes_dir
55
+ @themes_dir ||= "#{content_dir}/themes"
56
+ end
57
+
58
+ # @return [ Addressable::URI ]
59
+ def themes_uri
60
+ uri.join("#{themes_dir}/")
61
+ end
62
+
63
+ # @return [ String ]
64
+ def themes_url
65
+ themes_uri.to_s
66
+ end
67
+
53
68
  # TODO: Factorise the code and the content_dir one ?
54
- # @return [ String, False ] The sub_dir is found, false otherwise
69
+ # @return [ String, False ] String of the sub_dir found, false otherwise
55
70
  # @note: nil can not be returned here, otherwise if there is no sub_dir
56
71
  # the check would be done each time
57
72
  def sub_dir
@@ -1,4 +1,4 @@
1
1
  # Version
2
2
  module WPScan
3
- VERSION = '3.0.8'.freeze
3
+ VERSION = '3.1.0'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.8
4
+ version: 3.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-11-09 00:00:00.000000000 Z
11
+ date: 2018-01-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.0.38.1
19
+ version: 0.0.39.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.0.38.1
26
+ version: 0.0.39.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activesupport
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.51.0
131
+ version: 0.52.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.51.0
138
+ version: 0.52.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: simplecov
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -156,14 +156,14 @@ dependencies:
156
156
  requirements:
157
157
  - - "~>"
158
158
  - !ruby/object:Gem::Version
159
- version: 1.22.0
159
+ version: 3.2.0
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
164
  - - "~>"
165
165
  - !ruby/object:Gem::Version
166
- version: 1.22.0
166
+ version: 3.2.0
167
167
  description: WPScan is a black box WordPress vulnerability scanner.
168
168
  email:
169
169
  - team@wpscan.org
@@ -176,6 +176,7 @@ files:
176
176
  - README.md
177
177
  - app/app.rb
178
178
  - app/controllers.rb
179
+ - app/controllers/aliases.rb
179
180
  - app/controllers/brute_force.rb
180
181
  - app/controllers/core.rb
181
182
  - app/controllers/custom_directories.rb
@@ -207,18 +208,17 @@ files:
207
208
  - app/finders/medias.rb
208
209
  - app/finders/medias/attachment_brute_forcing.rb
209
210
  - app/finders/plugin_version.rb
210
- - app/finders/plugin_version/layer_slider/translation_file.rb
211
211
  - app/finders/plugin_version/readme.rb
212
- - app/finders/plugin_version/revslider/release_log.rb
213
- - app/finders/plugin_version/shareaholic/meta_tag.rb
214
- - app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb
215
- - app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb
216
- - app/finders/plugin_version/w3_total_cache/headers.rb
217
212
  - app/finders/plugins.rb
218
- - app/finders/plugins/comments.rb
219
- - app/finders/plugins/headers.rb
213
+ - app/finders/plugins/body_pattern.rb
214
+ - app/finders/plugins/comment.rb
215
+ - app/finders/plugins/config_parser.rb
216
+ - app/finders/plugins/header_pattern.rb
217
+ - app/finders/plugins/javascript_var.rb
220
218
  - app/finders/plugins/known_locations.rb
219
+ - app/finders/plugins/query_parameter.rb
221
220
  - app/finders/plugins/urls_in_homepage.rb
221
+ - app/finders/plugins/xpath.rb
222
222
  - app/finders/theme_version.rb
223
223
  - app/finders/theme_version/style.rb
224
224
  - app/finders/theme_version/woo_framework_meta_generator.rb
@@ -239,16 +239,10 @@ files:
239
239
  - app/finders/wp_items/urls_in_homepage.rb
240
240
  - app/finders/wp_version.rb
241
241
  - app/finders/wp_version/atom_generator.rb
242
- - app/finders/wp_version/homepage_stylesheet_numbers.rb
243
- - app/finders/wp_version/install_stylesheet_numbers.rb
244
- - app/finders/wp_version/meta_generator.rb
245
- - app/finders/wp_version/opml_generator.rb
246
242
  - app/finders/wp_version/rdf_generator.rb
247
243
  - app/finders/wp_version/readme.rb
248
244
  - app/finders/wp_version/rss_generator.rb
249
- - app/finders/wp_version/sitemap_generator.rb
250
245
  - app/finders/wp_version/unique_fingerprinting.rb
251
- - app/finders/wp_version/upgrade_stylesheet_numbers.rb
252
246
  - app/models.rb
253
247
  - app/models/config_backup.rb
254
248
  - app/models/interesting_finding.rb
@@ -304,7 +298,10 @@ files:
304
298
  - lib/wpscan/controller.rb
305
299
  - lib/wpscan/controllers.rb
306
300
  - lib/wpscan/db.rb
307
- - lib/wpscan/db/dynamic_finders.rb
301
+ - lib/wpscan/db/dynamic_finders/base.rb
302
+ - lib/wpscan/db/dynamic_finders/plugin.rb
303
+ - lib/wpscan/db/dynamic_finders/theme.rb
304
+ - lib/wpscan/db/dynamic_finders/wordpress.rb
308
305
  - lib/wpscan/db/fingerprints.rb
309
306
  - lib/wpscan/db/plugin.rb
310
307
  - lib/wpscan/db/plugins.rb
@@ -318,7 +315,18 @@ files:
318
315
  - lib/wpscan/errors/update.rb
319
316
  - lib/wpscan/errors/wordpress.rb
320
317
  - lib/wpscan/finders.rb
321
- - lib/wpscan/finders/finder/plugin_version/comments.rb
318
+ - lib/wpscan/finders/dynamic_finder/finder.rb
319
+ - lib/wpscan/finders/dynamic_finder/version/body_pattern.rb
320
+ - lib/wpscan/finders/dynamic_finder/version/comment.rb
321
+ - lib/wpscan/finders/dynamic_finder/version/config_parser.rb
322
+ - lib/wpscan/finders/dynamic_finder/version/finder.rb
323
+ - lib/wpscan/finders/dynamic_finder/version/header_pattern.rb
324
+ - lib/wpscan/finders/dynamic_finder/version/javascript_var.rb
325
+ - lib/wpscan/finders/dynamic_finder/version/query_parameter.rb
326
+ - lib/wpscan/finders/dynamic_finder/version/xpath.rb
327
+ - lib/wpscan/finders/dynamic_finder/wp_item_version.rb
328
+ - lib/wpscan/finders/dynamic_finder/wp_items/finder.rb
329
+ - lib/wpscan/finders/dynamic_finder/wp_version.rb
322
330
  - lib/wpscan/finders/finder/wp_version/smart_url_checker.rb
323
331
  - lib/wpscan/helper.rb
324
332
  - lib/wpscan/references.rb