RubyGems - wpscan - Versions diffs - 3.8.28 → 4.0.0 - Mend

wpscan 3.8.28 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

checksums.yaml +4 -4
data/README.md +104 -30
data/app/app.rb +26 -0
data/app/controllers/aliases.rb +2 -2
data/app/controllers/authenticated_inventory.rb +43 -0
data/app/controllers/core/cli_options.rb +151 -0
data/app/controllers/core.rb +200 -25
data/app/controllers/custom_directories.rb +1 -1
data/app/controllers/enumeration/cli_options.rb +21 -31
data/app/controllers/enumeration/enum_methods.rb +145 -38
data/app/controllers/enumeration.rb +26 -3
data/app/controllers/interesting_findings.rb +25 -0
data/app/controllers/main_theme.rb +1 -1
data/app/controllers/password_attack.rb +14 -6
data/app/controllers/vuln_api.rb +9 -3
data/app/controllers/wp_version.rb +1 -1
data/app/controllers.rb +1 -0
data/app/finders/backup_folders/known_locations.rb +66 -0
data/app/finders/backup_folders.rb +19 -0
data/app/finders/config_backups/known_filenames.rb +6 -4
data/app/finders/config_backups.rb +1 -1
data/app/finders/db_exports/known_locations.rb +16 -14
data/app/finders/db_exports.rb +1 -1
data/app/finders/interesting_findings/backup_db.rb +1 -1
data/app/finders/interesting_findings/debug_log.rb +1 -1
data/app/finders/interesting_findings/duplicator_installer_log.rb +1 -1
data/app/finders/interesting_findings/emergency_pwd_reset_script.rb +1 -1
data/app/finders/interesting_findings/fantastico_fileslist.rb +21 -0
data/app/finders/interesting_findings/full_path_disclosure.rb +1 -1
data/app/finders/interesting_findings/headers.rb +17 -0
data/app/finders/interesting_findings/mu_plugins.rb +1 -1
data/app/finders/interesting_findings/multisite.rb +1 -1
data/app/finders/interesting_findings/php_disabled.rb +2 -2
data/app/finders/interesting_findings/readme.rb +1 -1
data/app/finders/interesting_findings/registration.rb +1 -1
data/app/finders/interesting_findings/robots_txt.rb +20 -0
data/app/finders/interesting_findings/search_replace_db_2.rb +19 -0
data/app/finders/interesting_findings/tmm_db_migrate.rb +1 -1
data/app/finders/interesting_findings/upload_directory_listing.rb +1 -1
data/app/finders/interesting_findings/upload_sql_dump.rb +2 -2
data/app/finders/interesting_findings/wp_cron.rb +1 -1
data/app/finders/interesting_findings/xml_rpc.rb +61 -0
data/app/finders/interesting_findings.rb +13 -4
data/app/finders/main_theme/css_style_in_homepage.rb +1 -1
data/app/finders/main_theme/urls_in_homepage.rb +3 -7
data/app/finders/main_theme/woo_framework_meta_generator.rb +4 -4
data/app/finders/main_theme.rb +1 -1
data/app/finders/medias/attachment_brute_forcing.rb +2 -2
data/app/finders/medias.rb +1 -1
data/app/finders/passwords/wp_login.rb +2 -2
data/app/finders/passwords/xml_rpc.rb +2 -2
data/app/finders/passwords/xml_rpc_multicall.rb +1 -1
data/app/finders/plugin_version/readme.rb +1 -1
data/app/finders/plugin_version.rb +1 -1
data/app/finders/plugins/known_locations.rb +17 -7
data/app/finders/plugins/urls_in_homepage.rb +3 -7
data/app/finders/plugins/wp_json_api.rb +85 -0
data/app/finders/plugins.rb +2 -1
data/app/finders/theme_version/style.rb +1 -1
data/app/finders/theme_version/woo_framework_meta_generator.rb +1 -1
data/app/finders/theme_version.rb +1 -1
data/app/finders/themes/known_locations.rb +12 -6
data/app/finders/themes/urls_in_homepage.rb +3 -7
data/app/finders/themes/wp_json_api.rb +74 -0
data/app/finders/themes.rb +2 -1
data/app/finders/timthumb_version/bad_request.rb +1 -1
data/app/finders/timthumb_version.rb +1 -1
data/app/finders/timthumbs/known_locations.rb +6 -4
data/app/finders/timthumbs.rb +1 -1
data/app/finders/users/author_id_brute_forcing.rb +11 -7
data/app/finders/users/author_posts.rb +1 -1
data/app/finders/users/author_sitemap.rb +1 -1
data/app/finders/users/login_error_messages.rb +1 -1
data/app/finders/users/oembed_api.rb +3 -1
data/app/finders/users/wp_json_api.rb +11 -7
data/app/finders/users.rb +1 -1
data/app/finders/wp_version/atom_generator.rb +1 -1
data/app/finders/wp_version/rdf_generator.rb +1 -1
data/app/finders/wp_version/readme.rb +1 -1
data/app/finders/wp_version/rss_generator.rb +1 -1
data/app/finders/wp_version/unique_fingerprinting.rb +2 -2
data/app/finders/wp_version.rb +1 -1
data/app/finders.rb +1 -0
data/app/formatters/cli.rb +79 -0
data/app/formatters/cli_no_color.rb +9 -0
data/app/formatters/cli_no_colour.rb +17 -0
data/app/formatters/json.rb +14 -0
data/app/formatters/jsonl.rb +29 -0
data/app/formatters/sarif.rb +311 -0
data/app/models/backup_folder.rb +39 -0
data/app/models/fantastico_fileslist.rb +34 -0
data/app/models/headers.rb +44 -0
data/app/models/interesting_finding.rb +41 -2
data/app/models/plugin.rb +8 -2
data/app/models/robots_txt.rb +31 -0
data/app/models/search_replace_db_2.rb +17 -0
data/app/models/theme.rb +9 -2
data/app/models/timthumb.rb +2 -2
data/app/models/user.rb +35 -0
data/app/models/version.rb +49 -0
data/app/models/wp_item/wordpress_org_data.rb +55 -0
data/app/models/wp_item.rb +109 -9
data/app/models/wp_version.rb +2 -2
data/app/models/xml_rpc.rb +73 -3
data/app/models.rb +2 -1
data/app/user_agents.txt +46 -0
data/app/views/cli/core/banner.erb +3 -3
data/app/views/cli/core/finished.erb +15 -0
data/app/views/cli/core/help.erb +4 -0
data/app/views/cli/core/started.erb +11 -0
data/app/views/cli/enumeration/backup_folders.erb +11 -0
data/app/views/cli/enumeration/plugin.erb +13 -0
data/app/views/cli/enumeration/plugins.erb +1 -12
data/app/views/cli/enumeration/theme.erb +4 -0
data/app/views/cli/enumeration/themes.erb +1 -3
data/app/views/cli/enumeration/user.erb +4 -0
data/app/views/cli/enumeration/users.erb +1 -3
data/app/views/cli/finding.erb +1 -1
data/app/views/cli/interesting_findings/_array.erb +10 -0
data/app/views/cli/interesting_findings/findings.erb +23 -0
data/app/views/cli/scan_aborted.erb +5 -0
data/app/views/cli/update_aborted.erb +5 -0
data/app/views/cli/vuln_api/status.erb +2 -0
data/app/views/cli/vulnerability.erb +6 -0
data/app/views/cli/wp_item.erb +4 -1
data/app/views/json/core/banner.erb +2 -8
data/app/views/json/core/finished.erb +13 -0
data/app/views/json/core/help.erb +4 -0
data/app/views/json/core/started.erb +10 -0
data/app/views/json/enumeration/backup_folders.erb +11 -0
data/app/views/json/enumeration/plugin.erb +15 -0
data/app/views/json/enumeration/theme.erb +5 -0
data/app/views/json/enumeration/user.erb +6 -0
data/app/views/json/finding.erb +8 -2
data/app/views/json/interesting_findings/findings.erb +24 -0
data/app/views/json/notice.erb +1 -0
data/app/views/json/scan_aborted.erb +5 -0
data/app/views/json/update_aborted.erb +5 -0
data/app/views/json/vuln_api/status.erb +2 -0
data/app/views/json/wp_item.erb +4 -1
data/bin/wpscan +1 -0
data/lib/opt_parse_validator/config_files_loader_merger/base.rb +26 -0
data/lib/opt_parse_validator/config_files_loader_merger/json.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger/yml.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger.rb +62 -0
data/lib/opt_parse_validator/errors.rb +9 -0
data/lib/opt_parse_validator/hacks.rb +19 -0
data/lib/opt_parse_validator/opts/alias.rb +28 -0
data/lib/opt_parse_validator/opts/array.rb +34 -0
data/lib/opt_parse_validator/opts/base.rb +142 -0
data/lib/opt_parse_validator/opts/boolean.rb +19 -0
data/lib/opt_parse_validator/opts/choice.rb +43 -0
data/lib/opt_parse_validator/opts/credentials.rb +15 -0
data/lib/opt_parse_validator/opts/directory_path.rb +17 -0
data/lib/opt_parse_validator/opts/file_path.rb +34 -0
data/lib/opt_parse_validator/opts/headers.rb +33 -0
data/lib/opt_parse_validator/opts/integer.rb +15 -0
data/lib/opt_parse_validator/opts/integer_range.rb +37 -0
data/lib/opt_parse_validator/opts/multi_choices.rb +135 -0
data/lib/opt_parse_validator/opts/path.rb +78 -0
data/lib/opt_parse_validator/opts/positive_integer.rb +16 -0
data/lib/opt_parse_validator/opts/proxy.rb +7 -0
data/lib/opt_parse_validator/opts/regexp.rb +14 -0
data/lib/opt_parse_validator/opts/smart_list.rb +30 -0
data/lib/opt_parse_validator/opts/string.rb +8 -0
data/lib/opt_parse_validator/opts/uri.rb +41 -0
data/lib/opt_parse_validator/opts/url.rb +11 -0
data/lib/opt_parse_validator/opts.rb +9 -0
data/lib/opt_parse_validator/version.rb +6 -0
data/lib/opt_parse_validator.rb +161 -0
data/lib/wpscan/browser/actions.rb +48 -0
data/lib/wpscan/browser/options.rb +92 -0
data/lib/wpscan/browser.rb +87 -2
data/lib/wpscan/browser_authenticator.rb +64 -0
data/lib/wpscan/cache/file_store.rb +77 -0
data/lib/wpscan/cache/typhoeus.rb +25 -0
data/lib/wpscan/controller.rb +100 -4
data/lib/wpscan/controllers.rb +78 -3
data/lib/wpscan/db/dynamic_finders/base.rb +3 -7
data/lib/wpscan/db/dynamic_finders/plugin.rb +2 -2
data/lib/wpscan/db/dynamic_finders/wordpress.rb +1 -1
data/lib/wpscan/db/fingerprints.rb +2 -2
data/lib/wpscan/db/updater.rb +23 -13
data/lib/wpscan/db/vuln_api.rb +19 -7
data/lib/wpscan/db/wp_item.rb +2 -2
data/lib/wpscan/errors/enumeration.rb +4 -4
data/lib/wpscan/errors/http.rb +82 -3
data/lib/wpscan/errors/saml.rb +28 -0
data/lib/wpscan/errors/scan.rb +14 -0
data/lib/wpscan/errors/update.rb +11 -3
data/lib/wpscan/errors/vuln_api.rb +24 -0
data/lib/wpscan/errors/wordpress.rb +2 -2
data/lib/wpscan/errors/wp_auth.rb +37 -0
data/lib/wpscan/errors.rb +4 -3
data/lib/wpscan/exit_code.rb +25 -0
data/lib/wpscan/finders/base_finders.rb +45 -0
data/lib/wpscan/finders/dynamic_finder/finder.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/comment.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +3 -5
data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +3 -3
data/lib/wpscan/finders/dynamic_finder/wp_version.rb +1 -1
data/lib/wpscan/finders/finder/breadth_first_dictionary_attack.rb +257 -0
data/lib/wpscan/finders/finder/enumerator.rb +77 -0
data/lib/wpscan/finders/finder/fingerprinter.rb +48 -0
data/lib/wpscan/finders/finder/smart_url_checker/findings.rb +33 -0
data/lib/wpscan/finders/finder/smart_url_checker.rb +60 -0
data/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb +1 -1
data/lib/wpscan/finders/finder.rb +78 -0
data/lib/wpscan/finders/finding.rb +54 -0
data/lib/wpscan/finders/findings.rb +33 -0
data/lib/wpscan/finders/independent_finder.rb +33 -0
data/lib/wpscan/finders/independent_finders.rb +26 -0
data/lib/wpscan/finders/same_type_finder.rb +19 -0
data/lib/wpscan/finders/same_type_finders.rb +28 -0
data/lib/wpscan/finders/unique_finder.rb +19 -0
data/lib/wpscan/finders/unique_finders.rb +47 -0
data/lib/wpscan/finders.rb +11 -12
data/lib/wpscan/formatter/buffer.rb +17 -0
data/lib/wpscan/formatter.rb +152 -0
data/lib/wpscan/helper.rb +7 -1
data/lib/wpscan/http_status_tracking.rb +128 -0
data/lib/wpscan/numeric.rb +13 -0
data/lib/wpscan/parsed_cli.rb +31 -2
data/lib/wpscan/progressbar_null_output.rb +23 -0
data/lib/wpscan/public_suffix/domain.rb +44 -0
data/lib/wpscan/references.rb +118 -4
data/lib/wpscan/scan.rb +127 -0
data/lib/wpscan/target/hashes.rb +45 -0
data/lib/wpscan/target/platform/php.rb +124 -0
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +3 -3
data/lib/wpscan/target/platform/wordpress.rb +7 -8
data/lib/wpscan/target/platform.rb +3 -0
data/lib/wpscan/target/scope.rb +103 -0
data/lib/wpscan/target/server/apache.rb +27 -0
data/lib/wpscan/target/server/generic.rb +72 -0
data/lib/wpscan/target/server/iis.rb +29 -0
data/lib/wpscan/target/server/nginx.rb +27 -0
data/lib/wpscan/target/server.rb +6 -0
data/lib/wpscan/target.rb +129 -9
data/lib/wpscan/typhoeus/hydra.rb +12 -0
data/lib/wpscan/typhoeus/response.rb +24 -1
data/lib/wpscan/version.rb +1 -1
data/lib/wpscan/vulnerability.rb +49 -3
data/lib/wpscan/vulnerability_filter.rb +68 -0
data/lib/wpscan/vulnerable.rb +13 -1
data/lib/wpscan/web_site.rb +152 -0
data/lib/wpscan.rb +126 -29
metadata +362 -20

data/lib/wpscan/target/server/generic.rb ADDED Viewed

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+module WPScan
+  class Target < WebSite
+    module Server
+      # Generic Server methods
+      module Generic
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        #
+        # @return [ Symbol ] The detected remote server (:Apache, :IIS, :Nginx)
+        def server(path = nil, params = {})
+          headers = headers(path, params)
+          return unless headers
+          case headers[:server]
+          when /\Aapache/i
+            :Apache
+          when /\AMicrosoft-IIS/i
+            :IIS
+          when /\Anginx/
+            :Nginx
+          end
+        end
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        #
+        # @return [ Hash ] The headers
+        def headers(path = nil, params = {})
+          # The HEAD method might be rejected by some servers ... maybe switch to GET ?
+          WPScan::Browser.head(url(path), params).headers
+        end
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        #
+        # @return [ Boolean ] true if url(path) has the directory
+        #                          listing enabled, false otherwise
+        def directory_listing?(path = nil, params = {})
+          res = WPScan::Browser.get(url(path), params)
+          res.code == 200 && res.body.include?('<h1>Index of')
+        end
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        # @param [ String ] selector
+        # @param [ Regexp ] ignore
+        #
+        # @return [ Array<String> ] The first level of directories/files listed,
+        #                           or an empty array if none
+        def directory_listing_entries(path = nil, params = {}, selector = 'pre a', ignore = /parent directory/i)
+          return [] unless directory_listing?(path, params)
+          found = []
+          WPScan::Browser.get(url(path), params).html.css(selector).each do |node|
+            entry = node.text.to_s
+            next if entry&.match?(ignore)
+            found << entry
+          end
+          found
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/target/server/iis.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module WPScan
+  class Target < WebSite
+    module Server
+      # Some IIS specific implementation
+      module IIS
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        #
+        # @return [ Symbol ] :IIS
+        def server(_path = nil, _params = {})
+          :IIS
+        end
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        #
+        # @return [ Boolean ] true if url(path) has the directory
+        #                          listing enabled, false otherwise
+        def directory_listing?(path = nil, params = {})
+          res = WPScan::Browser.get(url(path), params)
+          res.code == 200 && res.body =~ %r{<H1>#{uri.host} - /} ? true : false
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/target/server/nginx.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+module WPScan
+  class Target < WebSite
+    module Server
+      # Some Nginx specific implementation
+      module Nginx
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        #
+        # @return [ Symbol ] :Nginx
+        def server(_path = nil, _params = {})
+          :Nginx
+        end
+        # @param [ String ] path
+        # @param [ Hash ] params The request params
+        #
+        # @return [ Array<String> ] The first level of directories/files listed,
+        #                           or an empty array if none
+        def directory_listing_entries(path = nil, params = {})
+          super(path, params, 'pre a', /\A\.\./i)
+        end
+      end
+    end
+  end
+end

data/lib/wpscan/target/server.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+require 'wpscan/target/server/generic'
+require 'wpscan/target/server/apache'
+require 'wpscan/target/server/iis'
+require 'wpscan/target/server/nginx'

data/lib/wpscan/target.rb CHANGED Viewed

@@ -1,12 +1,28 @@
 # frozen_string_literal: true
+require 'wpscan/web_site'
+require 'wpscan/target/platform'
+require 'wpscan/target/server'
+require 'wpscan/target/scope'
+require 'wpscan/target/hashes'
 require 'wpscan/target/platform/wordpress'
 module WPScan
-  # Includes the WordPress Platform
-  class Target < CMSScanner::Target
+  # Target to Scan (WordPress).
+  class Target < WebSite
+    include Server::Generic
     include Platform::WordPress
+    # @param [ String ] url
+    # @param [ Hash ] opts
+    # @option opts [ Array<PublicSuffix::Domain, String> ] :scope
+    def initialize(url, opts = {})
+      super
+      scope << uri.host
+      Array(opts[:scope]).each { |s| scope << s }
+    end
     # @return [ Hash ]
     def head_or_get_request_params
       @head_or_get_request_params ||= if Browser.head(url).code == 405
@@ -30,9 +46,100 @@ module WPScan
       false
     end
+    # @param [ Hash ] opts
+    #
+    # @return [ Findings ]
+    def interesting_findings(opts = {})
+      @interesting_findings ||= WPScan::Finders::InterestingFindings::Base.find(self, opts)
+    end
     # @return [ XMLRPC, nil ]
     def xmlrpc
-      @xmlrpc ||= interesting_findings&.select { |f| f.is_a?(Model::XMLRPC) }&.first
+      @xmlrpc ||= interesting_findings&.grep(Model::XMLRPC)&.first
+    end
+    # @return [ Regexp ] The pattern related to the target url, also matches escaped /, such as
+    #                    in JSON JS data: http:\/\/t.com\/
+    def url_pattern
+      @url_pattern ||= Regexp.new(Regexp.escape(url).gsub(/https?/i, 'https?').gsub('/', '\\\\\?/'), Regexp::IGNORECASE)
+    end
+    # @param [ String ] xpath
+    # @param [ Regexp ] pattern
+    # @param [ Typhoeus::Response, String ] page
+    #
+    # @return [ Array<Array<MatchData, Nokogiri::XML::Element>> ]
+    # @yield  [ MatchData, Nokogiri::XML::Element ]
+    def xpath_pattern_from_page(xpath, pattern, page = nil)
+      page    = WPScan::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
+      matches = []
+      page.html.xpath(xpath).each do |node|
+        next unless node.text.strip =~ pattern
+        yield Regexp.last_match, node if block_given?
+        matches << [Regexp.last_match, node]
+      end
+      matches
+    end
+    # @param [ Regexp ] pattern
+    # @param [ Typhoeus::Response, String ] page
+    #
+    # @return [ Array<Array<MatchData, Nokogiri::XML::Comment>> ]
+    # @yield  [ MatchData, Nokogiri::XML::Comment ]
+    def comments_from_page(pattern, page = nil)
+      xpath_pattern_from_page('//comment()', pattern, page) do |match, node|
+        yield match, node if block_given?
+      end
+    end
+    # @param [ Regexp ] pattern
+    # @param [ Typhoeus::Response, String ] page
+    #
+    # @return [ Array<Array<MatchData, Nokogiri::XML::Element>> ]
+    # @yield  [ MatchData, Nokogiri::XML::Element ]
+    def javascripts_from_page(pattern, page = nil)
+      xpath_pattern_from_page('//script', pattern, page) do |match, node|
+        yield match, node if block_given?
+      end
+    end
+    # @param [ Typhoeus::Response, String ] page
+    # @param [ String ] xpath
+    #
+    # @yield [ Addressable::URI, Nokogiri::XML::Element ] The url and its associated tag
+    #
+    # @return [ Array<Addressable::URI> ] The absolute URIs detected in the response's body from the HTML tags
+    #
+    # @note It is highly recommended to use the xpath parameter to focus on the uris needed, as this method can be quite
+    #       time consuming when there are a lof of uris to check
+    def uris_from_page(page = nil, xpath = '//@href|//@src|//@data-src')
+      page  = WPScan::Browser.get(url(page)) unless page.is_a?(Typhoeus::Response)
+      found = []
+      page.html.xpath(xpath).each do |node|
+        attr_value = node.text.to_s
+        next unless attr_value && !attr_value.empty?
+        node_uri = begin
+          uri.join(attr_value.strip)
+        rescue StandardError
+          # Skip potential malformed URLs etc.
+          next
+        end
+        next unless node_uri.host
+        yield node_uri, node.parent if block_given? && !found.include?(node_uri)
+        found << node_uri
+      end
+      found.uniq
     end
     # @param [ Hash ] opts
@@ -54,17 +161,21 @@ module WPScan
     end
     # @param [ Hash ] opts
+    # @yield [ Plugin ] Optional block called as each plugin is first
+    #                   discovered (used to stream findings).
     #
     # @return [ Array<Plugin> ]
-    def plugins(opts = {})
-      @plugins ||= Finders::Plugins::Base.find(self, opts)
+    def plugins(opts = {}, &)
+      @plugins ||= Finders::Plugins::Base.find(self, opts, &)
     end
     # @param [ Hash ] opts
+    # @yield [ Theme ] Optional block called as each theme is first
+    #                  discovered (used to stream findings).
     #
     # @return [ Array<Theme> ]
-    def themes(opts = {})
-      @themes ||= Finders::Themes::Base.find(self, opts)
+    def themes(opts = {}, &)
+      @themes ||= Finders::Themes::Base.find(self, opts, &)
     end
     # @param [ Hash ] opts
@@ -88,6 +199,13 @@ module WPScan
       @db_exports ||= Finders::DbExports::Base.find(self, opts)
     end
+    # @param [ Hash ] opts
+    #
+    # @return [ Array<BackupFolder> ]
+    def backup_folders(opts = {})
+      @backup_folders ||= Finders::BackupFolders::Base.find(self, opts)
+    end
     # @param [ Hash ] opts
     #
     # @return [ Array<Media> ]
@@ -96,10 +214,12 @@ module WPScan
     end
     # @param [ Hash ] opts
+    # @yield [ User ] Optional block called as each user is first
+    #                 discovered (used to stream findings).
     #
     # @return [ Array<User> ]
-    def users(opts = {})
-      @users ||= Finders::Users::Base.find(self, opts)
+    def users(opts = {}, &)
+      @users ||= Finders::Users::Base.find(self, opts, &)
     end
   end
 end

data/lib/wpscan/typhoeus/hydra.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+module Typhoeus
+  # Ensure a clean abort of hydra
+  # See https://github.com/typhoeus/typhoeus/issues/439
+  class Hydra
+    def abort
+      super
+      run
+    end
+  end
+end

data/lib/wpscan/typhoeus/response.rb CHANGED Viewed

@@ -3,10 +3,33 @@
 module Typhoeus
   # Custom Response class
   class Response
-    # @note: Ignores requests done to the /status endpoint of the API
+    # @return [ Nokogiri::XML ] The response's body parsed by Nokogiri::HTML
+    def html
+      @html ||= Nokogiri::HTML(body.encode('UTF-8', invalid: :replace, undef: :replace))
+    end
+    # @return [ Nokogiri::XML ] The response's body parsed by Nokogiri::XML
+    def xml
+      @xml ||= Nokogiri::XML(body.encode('UTF-8', invalid: :replace, undef: :replace))
+    end
+    # Override of the original to ensure an integer is returned
+    # @return [ Integer ]
+    def request_size
+      super || 0
+    end
+    # @return [ Integer ]
+    def size
+      (body.nil? ? 0 : body.size) + (response_headers.nil? ? 0 : response_headers.size)
+    end
+    # @note Ignores requests done to the /status endpoint of the WPScan Vuln API.
     #
     # @return [ Boolean ]
     def from_vuln_api?
+      return false unless effective_url
       effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) &&
         !effective_url.start_with?(WPScan::DB::VulnApi.uri.join('status').to_s)
     end

data/lib/wpscan/version.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 # Version
 module WPScan
-  VERSION = '3.8.28'
+  VERSION = '4.0.0'
 end

data/lib/wpscan/vulnerability.rb CHANGED Viewed

@@ -1,10 +1,41 @@
 # frozen_string_literal: true
 module WPScan
-  # Specific implementation
-  class Vulnerability < CMSScanner::Vulnerability
+  # Vulnerability model.
+  class Vulnerability
     include References
+    attr_reader :title, :type, :fixed_in, :introduced_in, :cvss, :poc, :uuid
+    # @param [ String ] title
+    # @param [ Hash ] references
+    # @option references [ Array<String>, String ] :cve
+    # @option references [ Array<String>, String ] :secunia
+    # @option references [ Array<String>, String ] :osvdb
+    # @option references [ Array<String>, String ] :exploitdb
+    # @option references [ Array<String> ] :url URL(s) to related advisories etc
+    # @option references [ Array<String>, String ] :metasploit The related metasploit module(s)
+    # @option references [ Array<String> ] :youtube
+    # @param [ String ] type
+    # @param [ String ] fixed_in
+    # @param [ String ] introduced_in
+    # @param [ HashSymbol ] cvss
+    # @option cvss [ String ] :score
+    # @option cvss [ String ] :vector
+    # rubocop:disable Metrics/ParameterLists
+    def initialize(title, references: {}, type: nil, fixed_in: nil, introduced_in: nil, cvss: nil, poc: nil, uuid: nil)
+      # rubocop:enable Metrics/ParameterLists
+      @title         = title
+      @type          = type
+      @fixed_in      = fixed_in
+      @introduced_in = introduced_in
+      @cvss          = { score: cvss[:score], vector: cvss[:vector] } if cvss
+      @poc           = poc
+      @uuid          = uuid
+      self.references = references
+    end
     # @param [ Hash ] json_data
     # @return [ Vulnerability ]
     def self.load_from_json(json_data)
@@ -22,8 +53,23 @@ module WPScan
         type: json_data['vuln_type'],
         fixed_in: json_data['fixed_in'],
         introduced_in: json_data['introduced_in'],
-        cvss: json_data['cvss']&.symbolize_keys
+        cvss: json_data['cvss']&.symbolize_keys,
+        poc: json_data['poc'],
+        uuid: json_data['id'].to_s # The 'id' field IS the UUID in WPScan API
       )
     end
+    # @param [ Vulnerability ] other
+    #
+    # @return [ Boolean ]
+    def ==(other)
+      title == other.title &&
+        type == other.type &&
+        references == other.references &&
+        fixed_in == other.fixed_in &&
+        cvss == other.cvss &&
+        poc == other.poc &&
+        uuid == other.uuid
+    end
   end
 end

data/lib/wpscan/vulnerability_filter.rb ADDED Viewed

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+module WPScan
+  # Filter for excluding specific vulnerabilities by UUID
+  class VulnerabilityFilter
+    attr_reader :excluded_uuids, :excluded_count
+    # @param [ Array<String>, String, nil ] uuids UUID identifiers to exclude
+    def initialize(uuids = nil)
+      @excluded_uuids = normalize_uuids(uuids)
+      @excluded_count = 0
+    end
+    # Filter vulnerabilities, removing those with excluded UUIDs
+    #
+    # @param [ Array<Vulnerability> ] vulnerabilities
+    # @return [ Array<Vulnerability> ] Filtered vulnerabilities
+    def filter(vulnerabilities)
+      return vulnerabilities if excluded_uuids.empty?
+      vulnerabilities.reject do |vuln|
+        should_exclude?(vuln).tap do |excluded|
+          @excluded_count += 1 if excluded
+        end
+      end
+    end
+    # Check if a vulnerability should be excluded
+    #
+    # @param [ Vulnerability ] vulnerability
+    # @return [ Boolean ]
+    def should_exclude?(vulnerability)
+      return false if excluded_uuids.empty?
+      return false unless vulnerability.uuid
+      # Check UUID match (case-insensitive)
+      excluded_uuids.include?(vulnerability.uuid.downcase)
+    end
+    # Reset the excluded count
+    def reset_count!
+      @excluded_count = 0
+    end
+    # Check if any UUIDs are being excluded
+    #
+    # @return [ Boolean ]
+    def excluding?
+      !excluded_uuids.empty?
+    end
+    private
+    # Normalize UUIDs
+    #
+    # @param [ Array<String>, String, nil ] uuids
+    # @return [ Array<String> ] Normalized UUIDs
+    def normalize_uuids(uuids)
+      return [] if uuids.nil?
+      # Convert string to array if needed
+      uuids = uuids.is_a?(String) ? uuids.split(',') : Array(uuids)
+      # Normalize each UUID (trim whitespace, lowercase, remove duplicates)
+      uuids.map { |u| u.to_s.strip.downcase }.reject(&:empty?).uniq
+    end
+  end
+end

data/lib/wpscan/vulnerable.rb CHANGED Viewed

@@ -4,9 +4,21 @@ module WPScan
   # Module to include in vulnerable WP item such as WpVersion.
   # the vulnerabilities method should be implemented
   module Vulnerable
+    # @return [ VulnerabilityFilter, nil ]
+    def vulnerability_filter
+      @vulnerability_filter ||= VulnerabilityFilter.new(ParsedCli.exclude_vulns) if ParsedCli.exclude_vulns
+    end
+    # @return [ Array<Vulnerability> ] Filtered vulnerabilities
+    def filtered_vulnerabilities
+      return vulnerabilities unless vulnerability_filter
+      vulnerability_filter.filter(vulnerabilities)
+    end
     # @return [ Boolean ]
     def vulnerable?
-      !vulnerabilities.empty?
+      !filtered_vulnerabilities.empty?
     end
   end
 end

data/lib/wpscan/web_site.rb ADDED Viewed

@@ -0,0 +1,152 @@
+# frozen_string_literal: true
+module WPScan
+  # WebSite Implementation
+  class WebSite
+    attr_reader :uri, :opts
+    # @param [ String ] site_url
+    # @param [ Hash ] opts
+    def initialize(site_url, opts = {})
+      self.url = site_url
+      @opts    = opts
+    end
+    def url=(site_url)
+      new_url = site_url.dup
+      # Add a trailing slash to the URL
+      new_url << '/' if new_url[-1, 1] != '/'
+      # Use the validator to ensure the URL has a correct format
+      OptParseValidator::OptURL.new([]).validate(new_url)
+      @uri = Addressable::URI.parse(new_url).normalize
+    end
+    # @param [ String ] path Optional path to merge with the uri
+    #
+    # @return [ String ]
+    def url(path = nil)
+      return @uri.to_s unless path
+      @uri.join(Addressable::URI.encode(path).gsub('#', '%23')).to_s
+    end
+    # @return [ String ] The IP address of the target
+    def ip
+      @ip ||= IPSocket.getaddress(uri.host)
+    rescue SocketError
+      'Unknown'
+    end
+    attr_writer :homepage_res
+    # @return [ Typhoeus::Response ]
+    #
+    # As webmock does not support redirects mocking, coverage is ignored
+    # :nocov:
+    def homepage_res
+      @homepage_res ||= WPScan::Browser.get_and_follow_location(url)
+    end
+    # :nocov:
+    # @return [ String ]
+    def homepage_url
+      @homepage_url ||= homepage_res.effective_url
+    end
+    # Discards the cached homepage response and URL so the next access refetches.
+    # Used after mutating cookies/auth state mid-scan.
+    def reset_homepage_cache!
+      @homepage_res = nil
+      @homepage_url = nil
+    end
+    # @return [ Typhoeus::Response ]
+    def error_404_res
+      @error_404_res ||= WPScan::Browser.get_and_follow_location(error_404_url)
+    end
+    # @return [ String ] The URL of an unlikely existant page
+    def error_404_url
+      @error_404_url ||= uri.join("#{Digest::MD5.hexdigest(rand(999_999).to_s)[0..6]}.html").to_s
+    end
+    # Checks if the remote website is up.
+    #
+    # @param [ String ] path
+    #
+    # @return [ Boolean ]
+    def online?(path = nil)
+      WPScan::Browser.get(url(path)).code.nonzero? ? true : false
+    end
+    # @param [ String ] path
+    #
+    # @return [ Boolean ]
+    def http_auth?(path = nil)
+      WPScan::Browser.get(url(path)).code == 401
+    end
+    # @param [ String ] path
+    #
+    # @return [ Boolean ]
+    def access_forbidden?(path = nil)
+      WPScan::Browser.get(url(path)).code == 403
+    end
+    # @param [ String ] path
+    #
+    # @return [ Boolean ]
+    def proxy_auth?(path = nil)
+      WPScan::Browser.get(url(path)).code == 407
+    end
+    # @param [ String ] url
+    #
+    # @return [ String ] The redirection url or nil
+    #
+    # As webmock does not support redirects mocking, coverage is ignored
+    # :nocov:
+    def redirection(url = nil)
+      url ||= @uri.to_s
+      return unless [301, 302].include?(WPScan::Browser.get(url).code)
+      res = WPScan::Browser.get(url, followlocation: true, maxredirs: 10)
+      res.effective_url == url ? nil : res.effective_url
+    end
+    # :nocov:
+    # @return [ Hash ] The Typhoeus params to use to perform head requests
+    def head_or_get_params
+      @head_or_get_params ||= if [0, 405, 501].include?(WPScan::Browser.head(homepage_url).code)
+                                { method: :get, maxfilesize: 1 }
+                              else
+                                { method: :head }
+                              end
+    end
+    # Perform a HEAD request to the path provided, then if its response code
+    # is in the array of codes given, a GET is done and the response returned. Otherwise the
+    # HEAD response is returned.
+    #
+    # @param [ String ] path
+    # @param [ Array<String> ] codes
+    # @param [ Hash ] params The requests params
+    # @option params [ Hash ] :head Request params for the HEAD
+    # @option params [ hash ] :get Request params for the GET
+    #
+    # @return [ Typhoeus::Response ]
+    def head_and_get(path, codes = [200], params = {})
+      url_to_get  = url(path)
+      head_params = (params[:head] || {}).merge(head_or_get_params)
+      head_res = WPScan::Browser.forge_request(url_to_get, head_params).run
+      codes.include?(head_res.code) ? WPScan::Browser.get(url_to_get, params[:get] || {}) : head_res
+    end
+  end
+end