RubyGems - wpscan - Versions diffs - 3.0 - Mend

wpscan 3.0

Files changed (180) hide show

checksums.yaml +7 -0
data/Gemfile.lock +139 -0
data/LICENSE +74 -0
data/README.md +146 -0
data/app/app.rb +3 -0
data/app/controllers.rb +6 -0
data/app/controllers/brute_force.rb +126 -0
data/app/controllers/core.rb +104 -0
data/app/controllers/custom_directories.rb +23 -0
data/app/controllers/enumeration.rb +53 -0
data/app/controllers/enumeration/cli_options.rb +126 -0
data/app/controllers/enumeration/enum_methods.rb +157 -0
data/app/controllers/main_theme.rb +27 -0
data/app/controllers/wp_version.rb +30 -0
data/app/finders.rb +13 -0
data/app/finders/config_backups.rb +17 -0
data/app/finders/config_backups/known_filenames.rb +46 -0
data/app/finders/interesting_findings.rb +33 -0
data/app/finders/interesting_findings/backup_db.rb +25 -0
data/app/finders/interesting_findings/debug_log.rb +20 -0
data/app/finders/interesting_findings/duplicator_installer_log.rb +23 -0
data/app/finders/interesting_findings/full_path_disclosure.rb +23 -0
data/app/finders/interesting_findings/mu_plugins.rb +48 -0
data/app/finders/interesting_findings/multisite.rb +29 -0
data/app/finders/interesting_findings/readme.rb +26 -0
data/app/finders/interesting_findings/registration.rb +31 -0
data/app/finders/interesting_findings/tmm_db_migrate.rb +24 -0
data/app/finders/interesting_findings/upload_directory_listing.rb +24 -0
data/app/finders/interesting_findings/upload_sql_dump.rb +28 -0
data/app/finders/main_theme.rb +22 -0
data/app/finders/main_theme/css_style.rb +43 -0
data/app/finders/main_theme/urls_in_homepage.rb +25 -0
data/app/finders/main_theme/woo_framework_meta_generator.rb +22 -0
data/app/finders/medias.rb +17 -0
data/app/finders/medias/attachment_brute_forcing.rb +44 -0
data/app/finders/plugin_version.rb +44 -0
data/app/finders/plugin_version/layer_slider/translation_file.rb +40 -0
data/app/finders/plugin_version/readme.rb +79 -0
data/app/finders/plugin_version/revslider/release_log.rb +35 -0
data/app/finders/plugin_version/sitepress_multilingual_cms/meta_generator.rb +27 -0
data/app/finders/plugin_version/sitepress_multilingual_cms/version_parameter.rb +31 -0
data/app/finders/plugin_version/w3_total_cache/headers.rb +28 -0
data/app/finders/plugins.rb +24 -0
data/app/finders/plugins/comments.rb +31 -0
data/app/finders/plugins/headers.rb +36 -0
data/app/finders/plugins/known_locations.rb +48 -0
data/app/finders/plugins/urls_in_homepage.rb +29 -0
data/app/finders/theme_version.rb +41 -0
data/app/finders/theme_version/style.rb +43 -0
data/app/finders/theme_version/woo_framework_meta_generator.rb +19 -0
data/app/finders/themes.rb +20 -0
data/app/finders/themes/known_locations.rb +48 -0
data/app/finders/themes/urls_in_homepage.rb +23 -0
data/app/finders/timthumb_version.rb +17 -0
data/app/finders/timthumb_version/bad_request.rb +21 -0
data/app/finders/timthumbs.rb +17 -0
data/app/finders/timthumbs/known_locations.rb +56 -0
data/app/finders/users.rb +24 -0
data/app/finders/users/author_id_brute_forcing.rb +111 -0
data/app/finders/users/author_posts.rb +61 -0
data/app/finders/users/login_error_messages.rb +50 -0
data/app/finders/users/wp_json_api.rb +31 -0
data/app/finders/wp_items.rb +1 -0
data/app/finders/wp_items/urls_in_homepage.rb +68 -0
data/app/finders/wp_version.rb +34 -0
data/app/finders/wp_version/atom_generator.rb +40 -0
data/app/finders/wp_version/meta_generator.rb +27 -0
data/app/finders/wp_version/opml_generator.rb +23 -0
data/app/finders/wp_version/rdf_generator.rb +38 -0
data/app/finders/wp_version/readme.rb +28 -0
data/app/finders/wp_version/rss_generator.rb +43 -0
data/app/finders/wp_version/sitemap_generator.rb +23 -0
data/app/finders/wp_version/stylesheets.rb +55 -0
data/app/finders/wp_version/unique_fingerprinting.rb +64 -0
data/app/models.rb +10 -0
data/app/models/config_backup.rb +5 -0
data/app/models/interesting_finding.rb +6 -0
data/app/models/media.rb +5 -0
data/app/models/plugin.rb +25 -0
data/app/models/theme.rb +99 -0
data/app/models/timthumb.rb +74 -0
data/app/models/user.rb +31 -0
data/app/models/wp_item.rb +142 -0
data/app/models/wp_version.rb +49 -0
data/app/models/xml_rpc.rb +19 -0
data/app/views/cli/brute_force/error.erb +1 -0
data/app/views/cli/brute_force/found.erb +2 -0
data/app/views/cli/brute_force/users.erb +9 -0
data/app/views/cli/core/banner.erb +14 -0
data/app/views/cli/core/db_update_finished.erb +8 -0
data/app/views/cli/core/db_update_started.erb +1 -0
data/app/views/cli/core/not_fully_configured.erb +1 -0
data/app/views/cli/enumeration/config_backups.erb +11 -0
data/app/views/cli/enumeration/medias.erb +11 -0
data/app/views/cli/enumeration/plugins.erb +35 -0
data/app/views/cli/enumeration/themes.erb +11 -0
data/app/views/cli/enumeration/timthumbs.erb +18 -0
data/app/views/cli/enumeration/users.erb +11 -0
data/app/views/cli/finding.erb +32 -0
data/app/views/cli/info.erb +1 -0
data/app/views/cli/main_theme/theme.erb +6 -0
data/app/views/cli/notice.erb +1 -0
data/app/views/cli/theme.erb +64 -0
data/app/views/cli/usage.erb +3 -0
data/app/views/cli/vulnerability.erb +14 -0
data/app/views/cli/wp_version/version.erb +6 -0
data/app/views/json/brute_force/users.erb +10 -0
data/app/views/json/core/banner.erb +12 -0
data/app/views/json/core/db_update_finished.erb +2 -0
data/app/views/json/core/db_update_started.erb +1 -0
data/app/views/json/core/not_fully_configured.erb +1 -0
data/app/views/json/enumeration/config_backups.erb +10 -0
data/app/views/json/enumeration/medias.erb +10 -0
data/app/views/json/enumeration/plugins.erb +25 -0
data/app/views/json/enumeration/themes.erb +10 -0
data/app/views/json/enumeration/timthumbs.erb +19 -0
data/app/views/json/enumeration/users.erb +11 -0
data/app/views/json/finding.erb +26 -0
data/app/views/json/main_theme/theme.erb +7 -0
data/app/views/json/theme.erb +38 -0
data/app/views/json/wp_version/version.erb +8 -0
data/bin/wpscan +15 -0
data/coverage/assets/0.10.0/application.css +799 -0
data/coverage/assets/0.10.0/application.js +1707 -0
data/coverage/assets/0.10.0/colorbox/border.png +0 -0
data/coverage/assets/0.10.0/colorbox/controls.png +0 -0
data/coverage/assets/0.10.0/colorbox/loading.gif +0 -0
data/coverage/assets/0.10.0/colorbox/loading_background.png +0 -0
data/coverage/assets/0.10.0/favicon_green.png +0 -0
data/coverage/assets/0.10.0/favicon_red.png +0 -0
data/coverage/assets/0.10.0/favicon_yellow.png +0 -0
data/coverage/assets/0.10.0/loading.gif +0 -0
data/coverage/assets/0.10.0/magnify.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_flat_75_ffffff_40x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_65_ffffff_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_75_dadada_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_222222_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_2e83ff_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_454545_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_888888_256x240.png +0 -0
data/coverage/assets/0.10.0/smoothness/images/ui-icons_cd0a0a_256x240.png +0 -0
data/coverage/index.html +27510 -0
data/lib/wpscan.rb +44 -0
data/lib/wpscan/browser.rb +16 -0
data/lib/wpscan/controller.rb +8 -0
data/lib/wpscan/controllers.rb +8 -0
data/lib/wpscan/db.rb +28 -0
data/lib/wpscan/db/dynamic_finders.rb +63 -0
data/lib/wpscan/db/plugin.rb +11 -0
data/lib/wpscan/db/plugins.rb +11 -0
data/lib/wpscan/db/schema.rb +39 -0
data/lib/wpscan/db/theme.rb +11 -0
data/lib/wpscan/db/themes.rb +11 -0
data/lib/wpscan/db/updater.rb +148 -0
data/lib/wpscan/db/wp_item.rb +18 -0
data/lib/wpscan/db/wp_items.rb +21 -0
data/lib/wpscan/db/wp_version.rb +11 -0
data/lib/wpscan/errors/http.rb +34 -0
data/lib/wpscan/errors/update.rb +8 -0
data/lib/wpscan/errors/wordpress.rb +22 -0
data/lib/wpscan/finders.rb +14 -0
data/lib/wpscan/finders/finder/plugin_version/comments.rb +25 -0
data/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb +23 -0
data/lib/wpscan/helper.rb +6 -0
data/lib/wpscan/references.rb +31 -0
data/lib/wpscan/target.rb +81 -0
data/lib/wpscan/target/platform/wordpress.rb +74 -0
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +93 -0
data/lib/wpscan/version.rb +4 -0
data/lib/wpscan/vulnerability.rb +25 -0
data/lib/wpscan/vulnerable.rb +10 -0
data/wpscan-v3.sublime-project +8 -0
data/wpscan-v3.sublime-workspace +895 -0
data/wpscan.gemspec +55 -0
metadata +419 -0

data/app/controllers/main_theme.rb ADDED

@@ -0,0 +1,27 @@
+module WPScan
+  module Controller
+    # Main Theme Controller
+    class MainTheme < CMSScanner::Controller::Base
+      def cli_options
+        [
+          OptChoice.new(
+            ['--main-theme-detection MODE',
+             'Use the supplied mode for the Main theme detection, instead of the global (--detection-mode) mode.'],
+            choices: %w(mixed passive aggressive),
+            normalize: :to_sym
+          )
+        ]
+      end
+      def run
+        output(
+          'theme',
+          theme: target.main_theme(
+            mode: parsed_options[:main_theme_detection] || parsed_options[:detection_mode]
+          ),
+          verbose: parsed_options[:verbose]
+        )
+      end
+    end
+  end
+end

data/app/controllers/wp_version.rb ADDED

@@ -0,0 +1,30 @@
+module WPScan
+  module Controller
+    # Wp Version Controller
+    class WpVersion < CMSScanner::Controller::Base
+      def cli_options
+        [
+          OptBoolean.new(['--wp-version-all', 'Check all the version locations']),
+          OptChoice.new(
+            ['--wp-version-detection MODE',
+             'Use the supplied mode for the WordPress version detection, ' \
+             'instead of the global (--detection-mode) mode.'],
+            choices: %w(mixed passive aggressive),
+            normalize: :to_sym
+          )
+        ]
+      end
+      def run
+        output(
+          'version',
+          version: target.wp_version(
+            mode: parsed_options[:wp_version_detection] || parsed_options[:detection_mode],
+            confidence_threshold: parsed_options[:wp_version_all] ? 0 : 100,
+            show_progression: user_interaction?
+          )
+        )
+      end
+    end
+  end
+end

data/app/finders.rb ADDED

@@ -0,0 +1,13 @@
+require_relative 'finders/interesting_findings'
+require_relative 'finders/wp_items'
+require_relative 'finders/wp_version'
+require_relative 'finders/main_theme'
+require_relative 'finders/timthumb_version'
+require_relative 'finders/timthumbs'
+require_relative 'finders/config_backups'
+require_relative 'finders/medias'
+require_relative 'finders/users'
+require_relative 'finders/plugins'
+require_relative 'finders/plugin_version'
+require_relative 'finders/theme_version'
+require_relative 'finders/themes'

data/app/finders/config_backups.rb ADDED

@@ -0,0 +1,17 @@
+require_relative 'config_backups/known_filenames'
+module WPScan
+  module Finders
+    module ConfigBackups
+      # Config Backup Finder
+      class Base
+        include CMSScanner::Finders::SameTypeFinder
+        # @param [ WPScan::Target ] target
+        def initialize(target)
+          finders << ConfigBackups::KnownFilenames.new(target)
+        end
+      end
+    end
+  end
+end

data/app/finders/config_backups/known_filenames.rb ADDED

@@ -0,0 +1,46 @@
+module WPScan
+  module Finders
+    module ConfigBackups
+      # Config Backup finder
+      class KnownFilenames < CMSScanner::Finders::Finder
+        include CMSScanner::Finders::Finder::Enumerator
+        # @param [ Hash ] opts
+        # @option opts [ String ] :list
+        # @option opts [ Boolean ] :show_progression
+        #
+        # @return [ Array<InterestingFinding> ]
+        def aggressive(opts = {})
+          found = []
+          enumerate(potential_urls(opts), opts) do |res|
+            # Might need to improve that
+            next unless res.body =~ /define/i && res.body !~ /<\s?html/i
+            found << WPScan::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+          end
+          found
+        end
+        # @param [ Hash ] opts
+        # @option opts [ String ] :list Mandatory
+        #
+        # @return [ Hash ]
+        def potential_urls(opts = {})
+          urls = {}
+          File.open(opts[:list]).each_with_index do |file, index|
+            urls[target.url(file.chomp)] = index
+          end
+          urls
+        end
+        def create_progress_bar(opts = {})
+          super(opts.merge(title: ' Checking Config Backups -'))
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings.rb ADDED

@@ -0,0 +1,33 @@
+require_relative 'interesting_findings/readme'
+require_relative 'interesting_findings/multisite'
+require_relative 'interesting_findings/debug_log'
+require_relative 'interesting_findings/backup_db'
+require_relative 'interesting_findings/mu_plugins'
+require_relative 'interesting_findings/registration'
+require_relative 'interesting_findings/tmm_db_migrate'
+require_relative 'interesting_findings/upload_sql_dump'
+require_relative 'interesting_findings/full_path_disclosure'
+require_relative 'interesting_findings/duplicator_installer_log'
+require_relative 'interesting_findings/upload_directory_listing'
+module WPScan
+  module Finders
+    module InterestingFindings
+      # Interesting Files Finder
+      class Base < CMSScanner::Finders::InterestingFindings::Base
+        # @param [ WPScan::Target ] target
+        def initialize(target)
+          super(target)
+          %w(
+            Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
+            Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
+            UploadSQLDump
+          ).each do |f|
+            finders << InterestingFindings.const_get(f).new(target)
+          end
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings/backup_db.rb ADDED

@@ -0,0 +1,25 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # BackupDB finder
+      class BackupDB < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          path = 'wp-content/backup-db/'
+          url  = target.url(path)
+          res  = Browser.get(url)
+          return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
+          WPScan::InterestingFinding.new(
+            url,
+            confidence: 70,
+            found_by: DIRECT_ACCESS,
+            interesting_entries: target.directory_listing_entries(path),
+            references: { url: 'https://github.com/wpscanteam/wpscan/issues/422' }
+          )
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings/debug_log.rb ADDED

@@ -0,0 +1,20 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # debug.log finder
+      class DebugLog < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          path = 'wp-content/debug.log'
+          return unless target.debug_log?(path)
+          WPScan::InterestingFinding.new(
+            target.url(path),
+            confidence: 100, found_by: DIRECT_ACCESS
+          )
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings/duplicator_installer_log.rb ADDED

@@ -0,0 +1,23 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # DuplicatorInstallerLog finder
+      class DuplicatorInstallerLog < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          url = target.url('installer-log.txt')
+          res = Browser.get(url)
+          return unless res.body =~ /DUPLICATOR INSTALL-LOG/
+          WPScan::InterestingFinding.new(
+            url,
+            confidence: 100,
+            found_by: DIRECT_ACCESS,
+            references: { url: 'https://www.exploit-db.com/ghdb/3981/' }
+          )
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings/full_path_disclosure.rb ADDED

@@ -0,0 +1,23 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # Full Path Disclosure finder
+      class FullPathDisclosure < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          path        = 'wp-includes/rss-functions.php'
+          fpd_entries = target.full_path_disclosure_entries(path)
+          return if fpd_entries.empty?
+          WPScan::InterestingFinding.new(
+            target.url(path),
+            confidence: 100,
+            found_by: DIRECT_ACCESS,
+            interesting_entries: fpd_entries
+          )
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings/mu_plugins.rb ADDED

@@ -0,0 +1,48 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # Must Use Plugins Directory checker
+      class MuPlugins < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def passive(_opts = {})
+          pattern = %r{#{target.content_dir}/mu\-plugins/}i
+          target.in_scope_urls(target.homepage_res) do |url|
+            next unless Addressable::URI.parse(url).path =~ pattern
+            url = target.url('wp-content/mu-plugins/')
+            return WPScan::InterestingFinding.new(
+              url,
+              confidence: 70,
+              found_by: 'URLs In Homepage (Passive Detection)',
+              to_s: "This site has 'Must Use Plugins': #{url}",
+              references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
+            )
+          end
+          nil
+        end
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          url = target.url('wp-content/mu-plugins/')
+          res = Browser.get_and_follow_location(url)
+          return unless [200, 401, 403].include?(res.code)
+          return if target.homepage_or_404?(res)
+          # TODO: add the check for --exclude-content once implemented ?
+          target.mu_plugins = true
+          WPScan::InterestingFinding.new(
+            url,
+            confidence: 80,
+            found_by: DIRECT_ACCESS,
+            to_s: "This site has 'Must Use Plugins': #{url}",
+            references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
+          )
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings/multisite.rb ADDED

@@ -0,0 +1,29 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # Multisite checker
+      class Multisite < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          url      = target.url('wp-signup.php')
+          res      = Browser.get(url)
+          location = res.headers_hash['location']
+          return unless [200, 302].include?(res.code)
+          return if res.code == 302 && location =~ /wp-login\.php\?action=register/
+          return unless res.code == 200 || res.code == 302 && location =~ /wp-signup\.php/
+          target.multisite = true
+          WPScan::InterestingFinding.new(
+            url,
+            confidence: 100,
+            found_by: DIRECT_ACCESS,
+            to_s: 'This site seems to be a multisite',
+            references: { url: 'http://codex.wordpress.org/Glossary#Multisite' }
+          )
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings/readme.rb ADDED

@@ -0,0 +1,26 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # Readme.html finder
+      class Readme < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          potential_files.each do |file|
+            url = target.url(file)
+            res = Browser.get(url)
+            if res.code == 200 && res.body =~ /wordpress/i
+              return WPScan::InterestingFinding.new(url, confidence: 100, found_by: DIRECT_ACCESS)
+            end
+          end
+          nil
+        end
+        # @retun [ Array<String> ] The list of potential readme files
+        def potential_files
+          %w(readme.html olvasdel.html lisenssi.html liesmich.html)
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings/registration.rb ADDED

@@ -0,0 +1,31 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # Registration Enabled checker
+      class Registration < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def passive(_opts = {})
+          # Maybe check in the homepage if there is the registration url ?
+        end
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          res = Browser.get_and_follow_location(target.registration_url)
+          return unless res.code == 200
+          return if res.html.css('form#setupform').empty? &&
+                    res.html.css('form#registerform').empty?
+          target.registration_enabled = true
+          WPScan::InterestingFinding.new(
+            res.effective_url,
+            confidence: 100,
+            found_by: DIRECT_ACCESS,
+            to_s: "Registration is enabled: #{res.effective_url}"
+          )
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings/tmm_db_migrate.rb ADDED

@@ -0,0 +1,24 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # Tmm DB Migrate finder
+      class TmmDbMigrate < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          path = 'wp-content/uploads/tmm_db_migrate/tmm_db_migrate.zip'
+          url  = target.url(path)
+          res  = Browser.get(url)
+          return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
+          WPScan::InterestingFinding.new(
+            url,
+            confidence: 100,
+            found_by: DIRECT_ACCESS,
+            references: { packetstorm: 131_957 }
+          )
+        end
+      end
+    end
+  end
+end

data/app/finders/interesting_findings/upload_directory_listing.rb ADDED

@@ -0,0 +1,24 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # UploadDirectoryListing finder
+      class UploadDirectoryListing < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          path = 'wp-content/uploads/'
+          return unless target.directory_listing?(path)
+          url = target.url(path)
+          WPScan::InterestingFinding.new(
+            url,
+            confidence: 100,
+            found_by: DIRECT_ACCESS,
+            to_s: "Upload directory has listing enabled: #{url}"
+          )
+        end
+      end
+    end
+  end
+end