wpscan 3.8.28 → 4.0.0

data/app/controllers/enumeration/enum_methods.rb

@@ -3,7 +3,15 @@
 module WPScan
   module Controller
     # Enumeration Methods
-    class Enumeration < CMSScanner::Controller::Base
+    class Enumeration < WPScan::Controller::Base
+      # @return [ Boolean ] Whether enumeration findings should be streamed
+      #   as they are discovered rather than batched at end of step. Streaming
+      #   requires both a streaming-capable formatter (cli, cli_no_color, jsonl)
+      #   and the user not having opted out via --no-stream.
+      def stream_findings?
+        formatter.streams? && ParsedCli.stream != false
+      end
+
       # @param [ String ] type (plugins or themes)
       # @param [ Symbol ] detection_mode
       #
@@ -11,9 +19,10 @@ module WPScan
       def enum_message(type, detection_mode)
         return unless %w[plugins themes].include?(type)
 
-        details = if ParsedCli.enumerate[:"vulnerable_#{type}"]
+        enumerate = ParsedCli.enumerate || {}
+        details = if enumerate[:"vulnerable_#{type}"]
                     'Vulnerable'
-                  elsif ParsedCli.enumerate[:"all_#{type}"]
+                  elsif enumerate[:"all_#{type}"]
                     'All'
                   else
                     'Most Popular'
@@ -52,11 +61,59 @@ module WPScan
         }
       end
 
+      # Resolves collisions between --plugins-list/--themes-list and the
+      # corresponding --enumerate choices. The list options take precedence;
+      # colliding enumerate keys are removed from the supplied hash and a
+      # notice is emitted for each ignored choice.
+      #
+      # @param [ Hash ] enum The ParsedCli.enumerate hash (mutated in place)
+      def resolve_list_enumerate_collisions(enum)
+        {
+          plugins_list: %i[vulnerable_plugins all_plugins popular_plugins],
+          themes_list: %i[vulnerable_themes all_themes popular_themes]
+        }.each do |list_opt, enum_keys|
+          next unless ParsedCli.send(list_opt)
+
+          ignored = enum_keys.select { |k| enum.key?(k) }
+          next if ignored.empty?
+
+          ignored.each { |k| enum.delete(k) }
+
+          output(
+            '@notice',
+            msg: "--#{list_opt.to_s.tr('_', '-')} provided; " \
+                 "ignoring colliding --enumerate choice(s): #{ignored.join(', ')}"
+          )
+        end
+      end
+
+      # Suppresses plugin/theme --enumerate choices and --plugins-list / --themes-list
+      # when --wp-auth was supplied, since AuthenticatedInventory already populated
+      # the target with authoritative data.
+      #
+      # @param [ Hash ] enum The enumeration hash, mutated in place.
+      def suppress_plugin_theme_choices_when_authenticated(enum)
+        return unless ParsedCli.wp_auth
+
+        suppressed = enum.keys & WP_AUTH_SUPPRESSED_CHOICES
+        suppressed.each { |k| enum.delete(k) }
+
+        lists_suppressed = %i[plugins_list themes_list].select { |opt| ParsedCli.send(opt) }
+        return if suppressed.empty? && lists_suppressed.empty?
+
+        ignored = (suppressed + lists_suppressed.map { |o| "--#{o.to_s.tr('_', '-')}" }).join(', ')
+        output('@notice',
+               msg: "--wp-auth provided; ignoring plugin/theme enumeration option(s): #{ignored} " \
+                    '(authoritative inventory already retrieved via the WP REST API).')
+      end
+
       # @param [ Hash ] opts
       #
       # @return [ Boolean ] Wether or not to enumerate the plugins
       def enum_plugins?(opts)
-        opts[:popular_plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
+        return false if ParsedCli.wp_auth
+
+        ParsedCli.plugins_list || opts[:popular_plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
       end
 
       def enum_plugins
@@ -67,20 +124,11 @@ module WPScan
         )
 
         output('@info', msg: enum_message('plugins', opts[:mode])) if user_interaction?
-        # Enumerate the plugins & find their versions to avoid doing that when #version
-        # is called in the view
-        plugins = target.plugins(opts)
-
-        if user_interaction? && !plugins.empty?
-          output('@info',
-                 msg: "Checking Plugin Versions #{enum_detection_message(opts[:version_detection][:mode])}")
-        end
-
-        plugins.each(&:version)
 
-        plugins.select!(&:vulnerable?) if ParsedCli.enumerate[:vulnerable_plugins]
-
-        output('plugins', plugins: plugins)
+        enum_wp_items(
+          'plugin', target_method: :plugins, opts: opts,
+                    only_vulnerable: ParsedCli.enumerate&.dig(:vulnerable_plugins)
+        )
       end
 
       # @param [ Hash ] opts
@@ -103,7 +151,9 @@ module WPScan
       #
       # @return [ Boolean ] Wether or not to enumerate the themes
       def enum_themes?(opts)
-        opts[:popular_themes] || opts[:all_themes] || opts[:vulnerable_themes]
+        return false if ParsedCli.wp_auth
+
+        ParsedCli.themes_list || opts[:popular_themes] || opts[:all_themes] || opts[:vulnerable_themes]
       end
 
       def enum_themes
@@ -114,20 +164,56 @@ module WPScan
         )
 
         output('@info', msg: enum_message('themes', opts[:mode])) if user_interaction?
-        # Enumerate the themes & find their versions to avoid doing that when #version
-        # is called in the view
-        themes = target.themes(opts)
 
-        if user_interaction? && !themes.empty?
-          output('@info',
-                 msg: "Checking Theme Versions #{enum_detection_message(opts[:version_detection][:mode])}")
+        enum_wp_items(
+          'theme', target_method: :themes, opts: opts,
+                   only_vulnerable: ParsedCli.enumerate&.dig(:vulnerable_themes)
+        )
+      end
+
+      # Shared plugins/themes enumeration body. Streams per-item output when
+      # the active formatter supports it (and --no-stream wasn't passed),
+      # otherwise batches the result and renders the plural view.
+      #
+      # @param [ String ] singular  'plugin' or 'theme' (view name)
+      # @param [ Symbol ] target_method  :plugins or :themes
+      # @param [ Hash ] opts  Options forwarded to the target call
+      # @param [ Boolean ] only_vulnerable  Filter to vulnerable items only
+      def enum_wp_items(singular, target_method:, opts:, only_vulnerable:)
+        stream = stream_findings?
+
+        items = target.send(target_method, opts) do |item|
+          stream_wp_item(item, singular: singular, only_vulnerable: only_vulnerable) if stream
         end
 
-        themes.each(&:version)
+        finalize_wp_items_output(items, singular: singular, opts: opts, stream: stream,
+                                        only_vulnerable: only_vulnerable)
+      end
+
+      def finalize_wp_items_output(items, singular:, opts:, stream:, only_vulnerable:)
+        plural = "#{singular}s"
+
+        if !stream && user_interaction? && !items.empty?
+          mode_msg = enum_detection_message(opts[:version_detection][:mode])
+          output('@info', msg: "Checking #{singular.capitalize} Versions #{mode_msg}")
+        end
 
-        themes.select!(&:vulnerable?) if ParsedCli.enumerate[:vulnerable_themes]
+        items.each(&:version) unless stream
+        items.select!(&:vulnerable?) if only_vulnerable
 
-        output('themes', themes: themes)
+        if stream
+          summary = items.empty? ? "No #{plural} Found." : "#{items.size} #{singular}(s) Identified."
+          output('@notice', msg: summary)
+        else
+          output(plural, plural.to_sym => items)
+        end
+      end
+
+      def stream_wp_item(item, singular:, only_vulnerable:)
+        item.version
+        return if only_vulnerable && !item.vulnerable?
+
+        output(singular, singular.to_sym => item)
       end
 
       # @param [ Hash ] opts
@@ -147,33 +233,39 @@ module WPScan
       end
 
       def enum_timthumbs
-        opts = default_opts('timthumbs').merge(list: ParsedCli.timthumbs_list)
+        opts = { list: ParsedCli.timthumbs_list, show_progression: user_interaction? }
 
-        output('@info', msg: "Enumerating Timthumbs #{enum_detection_message(opts[:mode])}") if user_interaction?
+        output('@info', msg: 'Enumerating Timthumbs') if user_interaction?
         output('timthumbs', timthumbs: target.timthumbs(opts))
       end
 
       def enum_config_backups
-        opts = default_opts('config_backups').merge(list: ParsedCli.config_backups_list)
+        opts = { list: ParsedCli.config_backups_list, show_progression: user_interaction? }
 
-        output('@info', msg: "Enumerating Config Backups #{enum_detection_message(opts[:mode])}") if user_interaction?
+        output('@info', msg: 'Enumerating Config Backups') if user_interaction?
         output('config_backups', config_backups: target.config_backups(opts))
       end
 
       def enum_db_exports
-        opts = default_opts('db_exports').merge(list: ParsedCli.db_exports_list)
+        opts = { list: ParsedCli.db_exports_list, show_progression: user_interaction? }
 
-        output('@info', msg: "Enumerating DB Exports #{enum_detection_message(opts[:mode])}") if user_interaction?
+        output('@info', msg: 'Enumerating DB Exports') if user_interaction?
         output('db_exports', db_exports: target.db_exports(opts))
       end
 
+      def enum_backup_folders
+        opts = { list: ParsedCli.backup_folders_list, show_progression: user_interaction? }
+
+        output('@info', msg: 'Enumerating Backup Folders') if user_interaction?
+        output('backup_folders', backup_folders: target.backup_folders(opts))
+      end
+
       def enum_medias
-        opts = default_opts('medias').merge(range: ParsedCli.enumerate[:medias])
+        opts = { range: ParsedCli.enumerate[:medias], show_progression: user_interaction? }
 
         if user_interaction?
           output('@info',
-                 msg: "Enumerating Medias #{enum_detection_message(opts[:mode])} "\
-                      '(Permalink setting must be set to "Plain" for those to be detected)')
+                 msg: 'Enumerating Medias (Permalink setting must be set to "Plain" for those to be detected)')
         end
 
         output('medias', medias: target.medias(opts))
@@ -193,14 +285,29 @@ module WPScan
         )
 
         output('@info', msg: "Enumerating Users #{enum_detection_message(opts[:mode])}") if user_interaction?
-        output('users', users: target.users(opts))
+
+        stream = stream_findings?
+        exclude = ParsedCli.exclude_usernames
+
+        users = target.users(opts) do |user|
+          next unless stream
+          next if exclude&.match?(user.username)
+
+          output('user', user: user)
+        end || []
+
+        if stream
+          output('@notice', msg: users.empty? ? 'No Users Found.' : "#{users.size} user(s) Identified.")
+        else
+          output('users', users: users)
+        end
       end
 
       # @return [ Range ] The user ids range to enumerate
       # If the --enumerate is used, the default value is handled by the Option
       # However, when using --passwords alone, the default has to be set by the code below
       def enum_users_range
-        ParsedCli.enumerate[:users] || cli_enum_choices[0].choices[:u].validate(nil)
+        ParsedCli.enumerate&.dig(:users) || cli_enum_choices[0].choices[:u].validate(nil)
       end
     end
   end

data/app/controllers/enumeration.rb

@@ -6,15 +6,38 @@ require_relative 'enumeration/enum_methods'
 module WPScan
   module Controller
     # Enumeration Controller
-    class Enumeration < CMSScanner::Controller::Base
+    class Enumeration < WPScan::Controller::Base
+      def before_scan
+        enum = ParsedCli.enumerate || {}
+
+        # Plugin/theme enumeration is bypassed when --wp-auth is set, so the API token
+        # requirement for `vp`/`vt` is irrelevant in that case.
+        return if ParsedCli.wp_auth
+
+        # Check if vulnerable plugin/theme enumeration is requested without an API token
+        return unless (enum[:vulnerable_plugins] || enum[:vulnerable_themes]) && DB::VulnApi.token.nil?
+
+        raise Error::ApiTokenRequiredForVulnerableEnumeration
+      end
+
+      # Plugin/theme enumeration choices skipped when --wp-auth is supplied
+      # (authoritative inventory already fetched by AuthenticatedInventory).
+      WP_AUTH_SUPPRESSED_CHOICES = %i[
+        vulnerable_plugins all_plugins popular_plugins
+        vulnerable_themes all_themes popular_themes
+      ].freeze
+
       def run
         enum = ParsedCli.enumerate || {}
 
+        resolve_list_enumerate_collisions(enum)
+        suppress_plugin_theme_choices_when_authenticated(enum)
+
         enum_plugins if enum_plugins?(enum)
         enum_themes  if enum_themes?(enum)
 
-        %i[timthumbs config_backups db_exports medias].each do |key|
-          send("enum_#{key}".to_sym) if enum.key?(key)
+        %i[timthumbs config_backups db_exports backup_folders medias].each do |key|
+          send(:"enum_#{key}") if enum.key?(key)
         end
 
         enum_users if enum_users?(enum)

data/app/controllers/interesting_findings.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Controller
+    # InterestingFindings Controller
+    class InterestingFindings < Base
+      def cli_options
+        [
+          OptChoice.new(
+            ['--interesting-findings-detection MODE',
+             'Use the supplied mode for the interesting findings detection. '],
+            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
+          )
+        ]
+      end
+
+      def run
+        mode = WPScan::ParsedCli.interesting_findings_detection || WPScan::ParsedCli.detection_mode
+        findings = target.interesting_findings(mode: mode)
+
+        output('findings', findings: findings) unless findings.empty?
+      end
+    end
+  end
+end

data/app/controllers/main_theme.rb

@@ -3,7 +3,7 @@
 module WPScan
   module Controller
     # Main Theme Controller
-    class MainTheme < CMSScanner::Controller::Base
+    class MainTheme < WPScan::Controller::Base
       def cli_options
         [
           OptChoice.new(

data/app/controllers/password_attack.rb

@@ -3,7 +3,7 @@
 module WPScan
   module Controller
     # Password Attack Controller
-    class PasswordAttack < CMSScanner::Controller::Base
+    class PasswordAttack < WPScan::Controller::Base
       def cli_options
         [
           OptFilePath.new(
@@ -21,14 +21,22 @@ module WPScan
                          'Multicall will only work against WP < 4.4'],
                         choices: %w[wp-login xmlrpc xmlrpc-multicall],
                         normalize: %i[downcase underscore to_sym]),
-          OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])
+          OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php']),
+          OptInteger.new(['--wordlist-skip N',
+                          'Skip the first N passwords in the wordlist (resume from line N+1)'],
+                         default: 0),
+          OptInteger.new(['--max-retries N',
+                          'Maximum retry attempts for failed requests due to network/proxy errors'],
+                         default: 0)
         ]
       end
 
       def attack_opts
         @attack_opts ||= {
           show_progression: user_interaction?,
-          multicall_max_passwords: ParsedCli.multicall_max_passwords
+          multicall_max_passwords: ParsedCli.multicall_max_passwords,
+          wordlist_skip: ParsedCli.wordlist_skip,
+          max_retries: ParsedCli.max_retries
         }
       end
 
@@ -56,7 +64,7 @@ module WPScan
         end
       end
 
-      # @return [ CMSScanner::Finders::Finder ] The finder used to perform the attack
+      # @return [ WPScan::Finders::Finder ] The finder used to perform the attack
       def attacker
         @attacker ||= attacker_from_cli_options || attacker_from_automatic_detection
       end
@@ -66,7 +74,7 @@ module WPScan
         @xmlrpc ||= target.xmlrpc
       end
 
-      # @return [ CMSScanner::Finders::Finder ]
+      # @return [ WPScan::Finders::Finder ]
       def attacker_from_cli_options
         return unless ParsedCli.password_attack
 
@@ -99,7 +107,7 @@ module WPScan
         end
       end
 
-      # @return [ CMSScanner::Finders::Finder ]
+      # @return [ WPScan::Finders::Finder ]
       def attacker_from_automatic_detection
         if xmlrpc_get_users_blogs_enabled?
           wp_version = target.wp_version

data/app/controllers/vuln_api.rb

@@ -3,7 +3,7 @@
 module WPScan
   module Controller
     # Controller to handle the API token
-    class VulnApi < CMSScanner::Controller::Base
+    class VulnApi < WPScan::Controller::Base
       ENV_KEY = 'WPSCAN_API_TOKEN'
 
       def cli_options
@@ -11,6 +11,12 @@ module WPScan
           OptString.new(
             ['--api-token TOKEN',
              'The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile']
+          ),
+          OptBoolean.new(
+            ['--proxy-target-only',
+             'When used with --proxy, the proxy is only applied to requests made to the target, ' \
+             'not to requests made to the WPScan API or database repository (data.wpscan.org). ' \
+             'Has no effect unless --proxy is also set.']
           )
         ]
       end
@@ -18,13 +24,13 @@ module WPScan
       def before_scan
         return unless ParsedCli.api_token || ENV.key?(ENV_KEY)
 
-        DB::VulnApi.token = ParsedCli.api_token || ENV[ENV_KEY]
+        DB::VulnApi.token = ParsedCli.api_token || ENV.fetch(ENV_KEY, nil)
 
         api_status = DB::VulnApi.status
 
         raise Error::InvalidApiToken if api_status['status'] == 'forbidden'
         raise Error::ApiLimitReached if api_status['requests_remaining'] == 0
-        raise api_status['http_error'] if api_status['http_error']
+        raise Error::ApiConnectionError, api_status['http_error'] if api_status['http_error']
       end
 
       def after_scan

data/app/controllers/wp_version.rb

@@ -3,7 +3,7 @@
 module WPScan
   module Controller
     # Wp Version Controller
-    class WpVersion < CMSScanner::Controller::Base
+    class WpVersion < WPScan::Controller::Base
       def cli_options
         [
           OptBoolean.new(['--wp-version-all', 'Check all the version locations'], advanced: true),

data/app/controllers.rb

@@ -4,6 +4,7 @@ require_relative 'controllers/core'
 require_relative 'controllers/vuln_api'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'
+require_relative 'controllers/authenticated_inventory'
 require_relative 'controllers/main_theme'
 require_relative 'controllers/enumeration'
 require_relative 'controllers/password_attack'

data/app/finders/backup_folders/known_locations.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module BackupFolders
+      # Backup Folders finder
+      class KnownLocations < Finders::Finder
+        include WPScan::Finders::Finder::Enumerator
+
+        # @return [ Array<Integer> ]
+        def valid_response_codes
+          @valid_response_codes ||= [200].freeze
+        end
+
+        # @param [ Hash ] opts
+        # @option opts [ String ] :list
+        # @option opts [ Boolean ] :show_progression
+        #
+        # @return [ Array<BackupFolder> ]
+        def aggressive(opts = {})
+          found = []
+
+          enumerate(potential_urls(opts), opts.merge(check_full_response: valid_response_codes)) do |res|
+            next if target.homepage_or_404?(res)
+
+            # Only report if directory listing is enabled (makes finding actionable)
+            next unless target.directory_listing?(res.request.url)
+
+            found << Model::BackupFolder.new(
+              res.request.url,
+              confidence: 100, # Directory listing enabled - definite finding
+              found_by: DIRECT_ACCESS,
+              interesting_entries: target.directory_listing_entries(res.request.url)
+            )
+          end
+
+          found
+        end
+
+        # @param [ Hash ] opts
+        # @option opts [ String ] :list Mandatory
+        #
+        # @return [ Hash ]
+        def potential_urls(opts = {})
+          urls = {}
+          content_base = target.content_dir || 'wp-content'
+
+          File.open(opts[:list]) do |f|
+            f.each_with_index do |line, index|
+              path = line.chomp.strip
+              next if path.empty? || path.start_with?('#')
+
+              urls[target.url("#{content_base}/#{path}")] = index
+            end
+          end
+
+          urls
+        end
+
+        def create_progress_bar(opts = {})
+          super(opts.merge(title: ' Checking Backup Folders -'))
+        end
+      end
+    end
+  end
+end

data/app/finders/backup_folders.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require_relative 'backup_folders/known_locations'
+
+module WPScan
+  module Finders
+    module BackupFolders
+      # Backup Folders Finder
+      class Base
+        include SameTypeFinder
+
+        # @param [ WPScan::Target ] target
+        def initialize(target)
+          finders << BackupFolders::KnownLocations.new(target)
+        end
+      end
+    end
+  end
+end

data/app/finders/config_backups/known_filenames.rb

@@ -4,8 +4,8 @@ module WPScan
   module Finders
     module ConfigBackups
       # Config Backup finder
-      class KnownFilenames < CMSScanner::Finders::Finder
-        include CMSScanner::Finders::Finder::Enumerator
+      class KnownFilenames < WPScan::Finders::Finder
+        include WPScan::Finders::Finder::Enumerator
 
         # @param [ Hash ] opts
         # @option opts [ String ] :list
@@ -31,8 +31,10 @@ module WPScan
         def potential_urls(opts = {})
           urls = {}
 
-          File.open(opts[:list]).each_with_index do |file, index|
-            urls[target.url(file.chomp)] = index
+          File.open(opts[:list]) do |f|
+            f.each_with_index do |file, index|
+              urls[target.url(file.chomp)] = index
+            end
           end
 
           urls

data/app/finders/config_backups.rb

@@ -7,7 +7,7 @@ module WPScan
     module ConfigBackups
       # Config Backup Finder
       class Base
-        include CMSScanner::Finders::SameTypeFinder
+        include WPScan::Finders::SameTypeFinder
 
         # @param [ WPScan::Target ] target
         def initialize(target)

data/app/finders/db_exports/known_locations.rb

@@ -4,14 +4,14 @@ module WPScan
   module Finders
     module DbExports
       # DB Exports finder
-      class KnownLocations < CMSScanner::Finders::Finder
-        include CMSScanner::Finders::Finder::Enumerator
+      class KnownLocations < WPScan::Finders::Finder
+        include WPScan::Finders::Finder::Enumerator
 
         def valid_response_codes
           @valid_response_codes ||= [200, 206].freeze
         end
 
-        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
+        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/
 
         # @param [ Hash ] opts
         # @option opts [ String ] :list
@@ -46,22 +46,24 @@ module WPScan
           urls = {}
           index = 0
 
-          File.open(opts[:list]).each do |path|
-            path.chomp!
+          File.open(opts[:list]) do |f|
+            f.each do |path|
+              path.chomp!
 
-            if path.include?('{domain_name}')
-              urls[target.url(path.gsub('{domain_name}', domain_name))] = index
+              if path.include?('{domain_name}')
+                urls[target.url(path.gsub('{domain_name}', domain_name))] = index
 
-              if domain_name != domain_name_with_sub
-                urls[target.url(path.gsub('{domain_name}', domain_name_with_sub))] = index + 1
+                if domain_name != domain_name_with_sub
+                  urls[target.url(path.gsub('{domain_name}', domain_name_with_sub))] = index + 1
 
-                index += 1
+                  index += 1
+                end
+              else
+                urls[target.url(path)] = index
               end
-            else
-              urls[target.url(path)] = index
-            end
 
-            index += 1
+              index += 1
+            end
           end
 
           urls

data/app/finders/db_exports.rb

@@ -7,7 +7,7 @@ module WPScan
     module DbExports
       # DB Exports Finder
       class Base
-        include CMSScanner::Finders::SameTypeFinder
+        include WPScan::Finders::SameTypeFinder
 
         # @param [ WPScan::Target ] target
         def initialize(target)

data/app/finders/interesting_findings/backup_db.rb

@@ -4,7 +4,7 @@ module WPScan
   module Finders
     module InterestingFindings
       # BackupDB finder
-      class BackupDB < CMSScanner::Finders::Finder
+      class BackupDB < WPScan::Finders::Finder
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
           path = 'wp-content/backup-db/'

data/app/finders/interesting_findings/debug_log.rb

@@ -4,7 +4,7 @@ module WPScan
   module Finders
     module InterestingFindings
       # debug.log finder
-      class DebugLog < CMSScanner::Finders::Finder
+      class DebugLog < WPScan::Finders::Finder
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
           path = 'wp-content/debug.log'