RubyGems - wpscan - Versions diffs - 3.4.5 → 3.5.0 - Mend

wpscan 3.4.5 → 3.5.0

Files changed (140) hide show

checksums.yaml +5 -5
data/README.md +21 -14
data/app/app.rb +2 -0
data/app/controllers.rb +2 -0
data/app/controllers/aliases.rb +2 -0
data/app/controllers/core.rb +6 -4
data/app/controllers/custom_directories.rb +3 -1
data/app/controllers/enumeration.rb +6 -0
data/app/controllers/enumeration/cli_options.rb +2 -0
data/app/controllers/enumeration/enum_methods.rb +2 -0
data/app/controllers/main_theme.rb +2 -0
data/app/controllers/password_attack.rb +6 -4
data/app/controllers/wp_version.rb +2 -0
data/app/finders.rb +2 -0
data/app/finders/config_backups.rb +2 -0
data/app/finders/config_backups/known_filenames.rb +4 -3
data/app/finders/db_exports.rb +2 -0
data/app/finders/db_exports/known_locations.rb +15 -3
data/app/finders/interesting_findings.rb +2 -0
data/app/finders/interesting_findings/backup_db.rb +5 -4
data/app/finders/interesting_findings/debug_log.rb +3 -1
data/app/finders/interesting_findings/duplicator_installer_log.rb +6 -5
data/app/finders/interesting_findings/emergency_pwd_reset_script.rb +6 -4
data/app/finders/interesting_findings/full_path_disclosure.rb +3 -1
data/app/finders/interesting_findings/mu_plugins.rb +4 -2
data/app/finders/interesting_findings/multisite.rb +3 -1
data/app/finders/interesting_findings/readme.rb +8 -6
data/app/finders/interesting_findings/registration.rb +3 -1
data/app/finders/interesting_findings/tmm_db_migrate.rb +4 -2
data/app/finders/interesting_findings/upload_directory_listing.rb +3 -1
data/app/finders/interesting_findings/upload_sql_dump.rb +8 -10
data/app/finders/interesting_findings/wp_cron.rb +3 -1
data/app/finders/main_theme.rb +2 -0
data/app/finders/main_theme/css_style.rb +3 -1
data/app/finders/main_theme/urls_in_homepage.rb +3 -1
data/app/finders/main_theme/woo_framework_meta_generator.rb +3 -1
data/app/finders/medias.rb +2 -0
data/app/finders/medias/attachment_brute_forcing.rb +3 -1
data/app/finders/passwords.rb +2 -0
data/app/finders/passwords/wp_login.rb +4 -1
data/app/finders/passwords/xml_rpc.rb +2 -0
data/app/finders/passwords/xml_rpc_multicall.rb +4 -2
data/app/finders/plugin_version.rb +4 -2
data/app/finders/plugin_version/readme.rb +9 -5
data/app/finders/plugins.rb +2 -0
data/app/finders/plugins/body_pattern.rb +3 -1
data/app/finders/plugins/comment.rb +3 -1
data/app/finders/plugins/config_parser.rb +3 -1
data/app/finders/plugins/header_pattern.rb +3 -1
data/app/finders/plugins/javascript_var.rb +3 -1
data/app/finders/plugins/known_locations.rb +10 -8
data/app/finders/plugins/query_parameter.rb +2 -0
data/app/finders/plugins/urls_in_homepage.rb +3 -1
data/app/finders/plugins/xpath.rb +3 -1
data/app/finders/theme_version.rb +4 -2
data/app/finders/theme_version/style.rb +3 -1
data/app/finders/theme_version/woo_framework_meta_generator.rb +3 -1
data/app/finders/themes.rb +2 -0
data/app/finders/themes/known_locations.rb +12 -10
data/app/finders/themes/urls_in_homepage.rb +3 -1
data/app/finders/timthumb_version.rb +3 -1
data/app/finders/timthumb_version/bad_request.rb +3 -1
data/app/finders/timthumbs.rb +2 -0
data/app/finders/timthumbs/known_locations.rb +12 -3
data/app/finders/users.rb +2 -0
data/app/finders/users/author_id_brute_forcing.rb +3 -1
data/app/finders/users/author_posts.rb +3 -1
data/app/finders/users/login_error_messages.rb +3 -1
data/app/finders/users/oembed_api.rb +6 -4
data/app/finders/users/rss_generator.rb +7 -5
data/app/finders/users/wp_json_api.rb +16 -6
data/app/finders/users/yoast_seo_author_sitemap.rb +6 -4
data/app/finders/wp_items.rb +2 -0
data/app/finders/wp_items/urls_in_homepage.rb +2 -0
data/app/finders/wp_version.rb +2 -0
data/app/finders/wp_version/atom_generator.rb +2 -0
data/app/finders/wp_version/rdf_generator.rb +2 -0
data/app/finders/wp_version/readme.rb +4 -2
data/app/finders/wp_version/rss_generator.rb +2 -0
data/app/finders/wp_version/unique_fingerprinting.rb +3 -1
data/app/models.rb +8 -0
data/app/models/config_backup.rb +6 -2
data/app/models/db_export.rb +6 -2
data/app/models/interesting_finding.rb +36 -32
data/app/models/media.rb +6 -2
data/app/models/plugin.rb +25 -17
data/app/models/theme.rb +83 -75
data/app/models/timthumb.rb +58 -54
data/app/models/wp_item.rb +140 -128
data/app/models/wp_version.rb +47 -44
data/app/models/xml_rpc.rb +18 -14
data/app/views/cli/wp_item.erb +0 -3
data/app/views/json/wp_item.erb +0 -1
data/bin/wpscan +1 -0
data/lib/wpscan.rb +2 -0
data/lib/wpscan/browser.rb +2 -0
data/lib/wpscan/controller.rb +2 -0
data/lib/wpscan/controllers.rb +2 -0
data/lib/wpscan/db.rb +2 -0
data/lib/wpscan/db/dynamic_finders/base.rb +2 -0
data/lib/wpscan/db/dynamic_finders/plugin.rb +4 -5
data/lib/wpscan/db/dynamic_finders/theme.rb +2 -0
data/lib/wpscan/db/dynamic_finders/wordpress.rb +2 -0
data/lib/wpscan/db/fingerprints.rb +2 -0
data/lib/wpscan/db/plugin.rb +2 -0
data/lib/wpscan/db/plugins.rb +2 -0
data/lib/wpscan/db/theme.rb +2 -0
data/lib/wpscan/db/themes.rb +2 -0
data/lib/wpscan/db/updater.rb +4 -2
data/lib/wpscan/db/wp_item.rb +2 -0
data/lib/wpscan/db/wp_items.rb +2 -0
data/lib/wpscan/db/wp_version.rb +2 -0
data/lib/wpscan/errors.rb +7 -1
data/lib/wpscan/errors/http.rb +27 -23
data/lib/wpscan/errors/update.rb +8 -4
data/lib/wpscan/errors/wordpress.rb +24 -14
data/lib/wpscan/errors/xmlrpc.rb +8 -4
data/lib/wpscan/finders.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/finder.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/comment.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/config_parser.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/finder.rb +4 -2
data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/wp_item_version.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +4 -2
data/lib/wpscan/finders/dynamic_finder/wp_version.rb +4 -2
data/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb +4 -2
data/lib/wpscan/helper.rb +2 -0
data/lib/wpscan/references.rb +2 -0
data/lib/wpscan/target.rb +12 -1
data/lib/wpscan/target/platform/wordpress.rb +15 -1
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +23 -3
data/lib/wpscan/version.rb +3 -1
data/lib/wpscan/vulnerability.rb +2 -0
data/lib/wpscan/vulnerable.rb +2 -0
metadata +35 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7706d292cdec1a8266440da57fcf2efb491b89ab
-  data.tar.gz: 72b9bb343646c020a70dd4da8adf4856f65fee29
+SHA256:
+  metadata.gz: f64d1fca83669eeb095fb99cbcbbc2a57a8967ef680bda9d754074b771bfc8dd
+  data.tar.gz: f6835052a919b6dcbefade7ec3e47e0719bdad7192e91061b742082031378886
 SHA512:
-  metadata.gz: 7718c6dc510391992368a474a5ce8b5bf1577e3d1f49738484491d1181489880d4a54f89edacf40ef533ddd9a1cb5757543ec8a777fe7e6c36e40de047b9d4bb
-  data.tar.gz: 5820861b4a255e169c03f3af862b45ab39847320a09a511476051a2cefa99a094ac1e26dffc8d1102b544fd0f50132b4e98838433857c7fb200816a20cd8234f
+  metadata.gz: 148e26a2d52135e120e47cc557c7fe79a1f96c42ad3f15f6ac92eb020900fcea1dc94056c2cf8a0731fe4d60541a79e1d1353e5fd597464b92ae3dad8f18cbad
+  data.tar.gz: fcb7e45a14d14728824761e075d55a76174972be46311957cb724c85b29a05b460a80fa21012c832585fc3351ab4a34a8932c777b34fc3c7c12a5dc708ead417

data/README.md CHANGED Viewed

@@ -1,9 +1,24 @@
-![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png "WPScan - WordPress Security Scanner")
-[![Gem Version](https://badge.fury.io/rb/wpscan.svg)](https://badge.fury.io/rb/wpscan)
-[![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
-[![Code Climate](https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
-[![Patreon Donate](https://img.shields.io/badge/patreon-donate-green.svg)](https://www.patreon.com/wpscan)
+<p align="center">
+  <a href="https://wpscan.org/">
+    <img src="https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png" alt="WPScan logo">
+  </a>
+</p>
+<h3 align="center">WPScan</h3>
+<p align="center">
+  WordPress Vulnerability Scanner
+  <br>
+  <br>
+  <a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress plugin" target="_blank">WordPress Plugin</a>
+</p>
+<p align="center">
+  <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
+  <a href="https://travis-ci.org/wpscanteam/wpscan" target="_blank"><img src="https://travis-ci.org/wpscanteam/wpscan.svg?branch=master"></a>
+  <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
+  <a href="https://www.patreon.com/wpscan" target="_blank"><img src="https://img.shields.io/badge/patreon-donate-green.svg"></a>
+</p>
 # INSTALL
@@ -110,14 +125,6 @@ wpscan --url https://target.tld/ --enumerate u1-100
 ** replace u1-100 with a range of your choice.
-# PROJECT HOME
-[https://wpscan.org](https://wpscan.org)
-# VULNERABILITY DATABASE
-[https://wpvulndb.com](https://wpvulndb.com)
 # LICENSE
 ## WPScan Public Source License

data/app/app.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'models'
 require_relative 'finders'
 require_relative 'controllers'

data/app/controllers.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'controllers/core'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'

data/app/controllers/aliases.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Controller to add the aliases in the CLI

data/app/controllers/core.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Specific Core controller to include WordPress checks
@@ -25,7 +27,7 @@ module WPScan
       # @return [ Boolean ]
       def update_db_required?
         if local_db.missing_files?
-          raise MissingDatabaseFile if parsed_options[:update] == false
+          raise Error::MissingDatabaseFile if parsed_options[:update] == false
           return true
         end
@@ -62,7 +64,7 @@ module WPScan
       # Raises errors if the target is hosted on wordpress.com or is not running WordPress
       # Also check if the homepage_url is still the install url
       def check_wordpress_state
-        raise WordPressHostedError if target.wordpress_hosted?
+        raise Error::WordPressHosted if target.wordpress_hosted?
         if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i
@@ -71,7 +73,7 @@ module WPScan
           exit(WPScan::ExitCode::VULNERABLE)
         end
-        raise NotWordPressError unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
+        raise Error::NotWordPress unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
       end
       # Loads the related server module in the target
@@ -95,7 +97,7 @@ module WPScan
         mod = CMSScanner::Target::Server.const_get(server)
         target.extend mod
-        WPScan::WpItem.include mod
+        Model::WpItem.include mod
         server
       end

data/app/controllers/custom_directories.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Controller to ensure that the wp-content and wp-plugins
@@ -16,7 +18,7 @@ module WPScan
         return if target.content_dir
-        raise 'Unable to identify the wp-content dir, please supply it with --wp-content-dir'
+        raise Error::WpContentDirNotDetected
       end
     end
   end

data/app/controllers/enumeration.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'enumeration/cli_options'
 require_relative 'enumeration/enum_methods'
@@ -8,6 +10,10 @@ module WPScan
       def before_scan
         DB::DynamicFinders::Plugin.create_versions_finders
         DB::DynamicFinders::Theme.create_versions_finders
+        # Force the Garbage Collector to run due to the above method being
+        # quite heavy in objects allocation
+        GC.start
       end
       def run

data/app/controllers/enumeration/cli_options.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Enumeration CLI Options

data/app/controllers/enumeration/enum_methods.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Enumeration Methods

data/app/controllers/main_theme.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Main Theme Controller

data/app/controllers/password_attack.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Password Attack Controller
@@ -52,7 +54,7 @@ module WPScan
         @attacker ||= attacker_from_cli_options || attacker_from_automatic_detection
       end
-      # @return [ WPScan::XMLRPC ]
+      # @return [ Model::XMLRPC ]
       def xmlrpc
         @xmlrpc ||= target.xmlrpc
       end
@@ -65,11 +67,11 @@ module WPScan
         when :wp_login
           WPScan::Finders::Passwords::WpLogin.new(target)
         when :xmlrpc
-          raise XMLRPCNotDetected unless xmlrpc
+          raise Error::XMLRPCNotDetected unless xmlrpc
           WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
         when :xmlrpc_multicall
-          raise XMLRPCNotDetected unless xmlrpc
+          raise Error::XMLRPCNotDetected unless xmlrpc
           WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
         end
@@ -95,7 +97,7 @@ module WPScan
         return target.users unless parsed_options[:usernames]
         parsed_options[:usernames].reduce([]) do |acc, elem|
-          acc << CMSScanner::User.new(elem.chomp)
+          acc << Model::User.new(elem.chomp)
         end
       end

data/app/controllers/wp_version.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Wp Version Controller

data/app/finders.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'finders/interesting_findings'
 require_relative 'finders/wp_items'
 require_relative 'finders/wp_version'

data/app/finders/config_backups.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'config_backups/known_filenames'
 module WPScan

data/app/finders/config_backups/known_filenames.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module ConfigBackups
@@ -13,11 +15,10 @@ module WPScan
         def aggressive(opts = {})
           found = []
-          enumerate(potential_urls(opts), opts) do |res|
-            # Might need to improve that
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
             next unless res.body =~ /define/i && res.body !~ /<\s?html/i
-            found << WPScan::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+            found << Model::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
           end
           found

data/app/finders/db_exports.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'db_exports/known_locations'
 module WPScan

data/app/finders/db_exports/known_locations.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module DbExports
@@ -6,6 +8,8 @@ module WPScan
       class KnownLocations < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
+        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
         # @param [ Hash ] opts
         # @option opts [ String ] :list
         # @option opts [ Boolean ] :show_progression
@@ -14,15 +18,23 @@ module WPScan
         def aggressive(opts = {})
           found = []
-          enumerate(potential_urls(opts), opts) do |res|
-            next unless res.code == 200 && res.body =~ /INSERT INTO/
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
+            if res.effective_url.end_with?('.zip')
+              next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
+            else
+              next unless res.body =~ SQL_PATTERN
+            end
-            found << WPScan::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+            found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
           end
           found
         end
+        def full_request_params
+          @full_request_params ||= { headers: { 'Range' => 'bytes=0-3000' } }
+        end
         # @param [ Hash ] opts
         # @option opts [ String ] :list Mandatory
         #

data/app/finders/interesting_findings.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'interesting_findings/readme'
 require_relative 'interesting_findings/wp_cron'
 require_relative 'interesting_findings/multisite'

data/app/finders/interesting_findings/backup_db.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -6,13 +8,12 @@ module WPScan
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
           path = 'wp-content/backup-db/'
-          url  = target.url(path)
-          res  = Browser.get(url)
+          res  = target.head_and_get(path, [200, 403])
           return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
-          WPScan::BackupDB.new(
-            url,
+          Model::BackupDB.new(
+            target.url(path),
             confidence: 70,
             found_by: DIRECT_ACCESS,
             interesting_entries: target.directory_listing_entries(path),

data/app/finders/interesting_findings/debug_log.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -9,7 +11,7 @@ module WPScan
           return unless target.debug_log?(path)
-          WPScan::DebugLog.new(
+          Model::DebugLog.new(
             target.url(path),
             confidence: 100, found_by: DIRECT_ACCESS,
             references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }

data/app/finders/interesting_findings/duplicator_installer_log.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -5,13 +7,12 @@ module WPScan
       class DuplicatorInstallerLog < CMSScanner::Finders::Finder
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          url = target.url('installer-log.txt')
-          res = Browser.get(url)
+          path = 'installer-log.txt'
-          return unless res.body =~ /DUPLICATOR INSTALL-LOG/
+          return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/
-          WPScan::DuplicatorInstallerLog.new(
-            url,
+          Model::DuplicatorInstallerLog.new(
+            target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,
             references: { url: 'https://www.exploit-db.com/ghdb/3981/' }

data/app/finders/interesting_findings/emergency_pwd_reset_script.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -5,13 +7,13 @@ module WPScan
       class EmergencyPwdResetScript < CMSScanner::Finders::Finder
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          url  = target.url('/emergency.php')
-          res  = Browser.get(url)
+          path = 'emergency.php'
+          res  = target.head_and_get(path)
           return unless res.code == 200 && !target.homepage_or_404?(res)
-          WPScan::EmergencyPwdResetScript.new(
-            url,
+          Model::EmergencyPwdResetScript.new(
+            target.url(path),
             confidence: res.body =~ /password/i ? 100 : 40,
             found_by: DIRECT_ACCESS,
             references: {

data/app/finders/interesting_findings/full_path_disclosure.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -10,7 +12,7 @@ module WPScan
           return if fpd_entries.empty?
-          WPScan::FullPathDisclosure.new(
+          Model::FullPathDisclosure.new(
             target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,

data/app/finders/interesting_findings/mu_plugins.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -12,7 +14,7 @@ module WPScan
             url = target.url('wp-content/mu-plugins/')
-            return WPScan::MuPlugins.new(
+            return Model::MuPlugins.new(
               url,
               confidence: 70,
               found_by: 'URLs In Homepage (Passive Detection)',
@@ -35,7 +37,7 @@ module WPScan
           target.mu_plugins = true
-          WPScan::MuPlugins.new(
+          Model::MuPlugins.new(
             url,
             confidence: 80,
             found_by: DIRECT_ACCESS,

data/app/finders/interesting_findings/multisite.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -15,7 +17,7 @@ module WPScan
           target.multisite = true
-          WPScan::Multisite.new(
+          Model::Multisite.new(
             url,
             confidence: 100,
             found_by: DIRECT_ACCESS,