RubyGems - wpscan - Versions diffs - 3.8.28 → 4.0.0 - Mend

wpscan 3.8.28 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

checksums.yaml +4 -4
data/README.md +104 -30
data/app/app.rb +26 -0
data/app/controllers/aliases.rb +2 -2
data/app/controllers/authenticated_inventory.rb +43 -0
data/app/controllers/core/cli_options.rb +151 -0
data/app/controllers/core.rb +200 -25
data/app/controllers/custom_directories.rb +1 -1
data/app/controllers/enumeration/cli_options.rb +21 -31
data/app/controllers/enumeration/enum_methods.rb +145 -38
data/app/controllers/enumeration.rb +26 -3
data/app/controllers/interesting_findings.rb +25 -0
data/app/controllers/main_theme.rb +1 -1
data/app/controllers/password_attack.rb +14 -6
data/app/controllers/vuln_api.rb +9 -3
data/app/controllers/wp_version.rb +1 -1
data/app/controllers.rb +1 -0
data/app/finders/backup_folders/known_locations.rb +66 -0
data/app/finders/backup_folders.rb +19 -0
data/app/finders/config_backups/known_filenames.rb +6 -4
data/app/finders/config_backups.rb +1 -1
data/app/finders/db_exports/known_locations.rb +16 -14
data/app/finders/db_exports.rb +1 -1
data/app/finders/interesting_findings/backup_db.rb +1 -1
data/app/finders/interesting_findings/debug_log.rb +1 -1
data/app/finders/interesting_findings/duplicator_installer_log.rb +1 -1
data/app/finders/interesting_findings/emergency_pwd_reset_script.rb +1 -1
data/app/finders/interesting_findings/fantastico_fileslist.rb +21 -0
data/app/finders/interesting_findings/full_path_disclosure.rb +1 -1
data/app/finders/interesting_findings/headers.rb +17 -0
data/app/finders/interesting_findings/mu_plugins.rb +1 -1
data/app/finders/interesting_findings/multisite.rb +1 -1
data/app/finders/interesting_findings/php_disabled.rb +2 -2
data/app/finders/interesting_findings/readme.rb +1 -1
data/app/finders/interesting_findings/registration.rb +1 -1
data/app/finders/interesting_findings/robots_txt.rb +20 -0
data/app/finders/interesting_findings/search_replace_db_2.rb +19 -0
data/app/finders/interesting_findings/tmm_db_migrate.rb +1 -1
data/app/finders/interesting_findings/upload_directory_listing.rb +1 -1
data/app/finders/interesting_findings/upload_sql_dump.rb +2 -2
data/app/finders/interesting_findings/wp_cron.rb +1 -1
data/app/finders/interesting_findings/xml_rpc.rb +61 -0
data/app/finders/interesting_findings.rb +13 -4
data/app/finders/main_theme/css_style_in_homepage.rb +1 -1
data/app/finders/main_theme/urls_in_homepage.rb +3 -7
data/app/finders/main_theme/woo_framework_meta_generator.rb +4 -4
data/app/finders/main_theme.rb +1 -1
data/app/finders/medias/attachment_brute_forcing.rb +2 -2
data/app/finders/medias.rb +1 -1
data/app/finders/passwords/wp_login.rb +2 -2
data/app/finders/passwords/xml_rpc.rb +2 -2
data/app/finders/passwords/xml_rpc_multicall.rb +1 -1
data/app/finders/plugin_version/readme.rb +1 -1
data/app/finders/plugin_version.rb +1 -1
data/app/finders/plugins/known_locations.rb +17 -7
data/app/finders/plugins/urls_in_homepage.rb +3 -7
data/app/finders/plugins/wp_json_api.rb +85 -0
data/app/finders/plugins.rb +2 -1
data/app/finders/theme_version/style.rb +1 -1
data/app/finders/theme_version/woo_framework_meta_generator.rb +1 -1
data/app/finders/theme_version.rb +1 -1
data/app/finders/themes/known_locations.rb +12 -6
data/app/finders/themes/urls_in_homepage.rb +3 -7
data/app/finders/themes/wp_json_api.rb +74 -0
data/app/finders/themes.rb +2 -1
data/app/finders/timthumb_version/bad_request.rb +1 -1
data/app/finders/timthumb_version.rb +1 -1
data/app/finders/timthumbs/known_locations.rb +6 -4
data/app/finders/timthumbs.rb +1 -1
data/app/finders/users/author_id_brute_forcing.rb +11 -7
data/app/finders/users/author_posts.rb +1 -1
data/app/finders/users/author_sitemap.rb +1 -1
data/app/finders/users/login_error_messages.rb +1 -1
data/app/finders/users/oembed_api.rb +3 -1
data/app/finders/users/wp_json_api.rb +11 -7
data/app/finders/users.rb +1 -1
data/app/finders/wp_version/atom_generator.rb +1 -1
data/app/finders/wp_version/rdf_generator.rb +1 -1
data/app/finders/wp_version/readme.rb +1 -1
data/app/finders/wp_version/rss_generator.rb +1 -1
data/app/finders/wp_version/unique_fingerprinting.rb +2 -2
data/app/finders/wp_version.rb +1 -1
data/app/finders.rb +1 -0
data/app/formatters/cli.rb +79 -0
data/app/formatters/cli_no_color.rb +9 -0
data/app/formatters/cli_no_colour.rb +17 -0
data/app/formatters/json.rb +14 -0
data/app/formatters/jsonl.rb +29 -0
data/app/formatters/sarif.rb +311 -0
data/app/models/backup_folder.rb +39 -0
data/app/models/fantastico_fileslist.rb +34 -0
data/app/models/headers.rb +44 -0
data/app/models/interesting_finding.rb +41 -2
data/app/models/plugin.rb +8 -2
data/app/models/robots_txt.rb +31 -0
data/app/models/search_replace_db_2.rb +17 -0
data/app/models/theme.rb +9 -2
data/app/models/timthumb.rb +2 -2
data/app/models/user.rb +35 -0
data/app/models/version.rb +49 -0
data/app/models/wp_item/wordpress_org_data.rb +55 -0
data/app/models/wp_item.rb +109 -9
data/app/models/wp_version.rb +2 -2
data/app/models/xml_rpc.rb +73 -3
data/app/models.rb +2 -1
data/app/user_agents.txt +46 -0
data/app/views/cli/core/banner.erb +3 -3
data/app/views/cli/core/finished.erb +15 -0
data/app/views/cli/core/help.erb +4 -0
data/app/views/cli/core/started.erb +11 -0
data/app/views/cli/enumeration/backup_folders.erb +11 -0
data/app/views/cli/enumeration/plugin.erb +13 -0
data/app/views/cli/enumeration/plugins.erb +1 -12
data/app/views/cli/enumeration/theme.erb +4 -0
data/app/views/cli/enumeration/themes.erb +1 -3
data/app/views/cli/enumeration/user.erb +4 -0
data/app/views/cli/enumeration/users.erb +1 -3
data/app/views/cli/finding.erb +1 -1
data/app/views/cli/interesting_findings/_array.erb +10 -0
data/app/views/cli/interesting_findings/findings.erb +23 -0
data/app/views/cli/scan_aborted.erb +5 -0
data/app/views/cli/update_aborted.erb +5 -0
data/app/views/cli/vuln_api/status.erb +2 -0
data/app/views/cli/vulnerability.erb +6 -0
data/app/views/cli/wp_item.erb +4 -1
data/app/views/json/core/banner.erb +2 -8
data/app/views/json/core/finished.erb +13 -0
data/app/views/json/core/help.erb +4 -0
data/app/views/json/core/started.erb +10 -0
data/app/views/json/enumeration/backup_folders.erb +11 -0
data/app/views/json/enumeration/plugin.erb +15 -0
data/app/views/json/enumeration/theme.erb +5 -0
data/app/views/json/enumeration/user.erb +6 -0
data/app/views/json/finding.erb +8 -2
data/app/views/json/interesting_findings/findings.erb +24 -0
data/app/views/json/notice.erb +1 -0
data/app/views/json/scan_aborted.erb +5 -0
data/app/views/json/update_aborted.erb +5 -0
data/app/views/json/vuln_api/status.erb +2 -0
data/app/views/json/wp_item.erb +4 -1
data/bin/wpscan +1 -0
data/lib/opt_parse_validator/config_files_loader_merger/base.rb +26 -0
data/lib/opt_parse_validator/config_files_loader_merger/json.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger/yml.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger.rb +62 -0
data/lib/opt_parse_validator/errors.rb +9 -0
data/lib/opt_parse_validator/hacks.rb +19 -0
data/lib/opt_parse_validator/opts/alias.rb +28 -0
data/lib/opt_parse_validator/opts/array.rb +34 -0
data/lib/opt_parse_validator/opts/base.rb +142 -0
data/lib/opt_parse_validator/opts/boolean.rb +19 -0
data/lib/opt_parse_validator/opts/choice.rb +43 -0
data/lib/opt_parse_validator/opts/credentials.rb +15 -0
data/lib/opt_parse_validator/opts/directory_path.rb +17 -0
data/lib/opt_parse_validator/opts/file_path.rb +34 -0
data/lib/opt_parse_validator/opts/headers.rb +33 -0
data/lib/opt_parse_validator/opts/integer.rb +15 -0
data/lib/opt_parse_validator/opts/integer_range.rb +37 -0
data/lib/opt_parse_validator/opts/multi_choices.rb +135 -0
data/lib/opt_parse_validator/opts/path.rb +78 -0
data/lib/opt_parse_validator/opts/positive_integer.rb +16 -0
data/lib/opt_parse_validator/opts/proxy.rb +7 -0
data/lib/opt_parse_validator/opts/regexp.rb +14 -0
data/lib/opt_parse_validator/opts/smart_list.rb +30 -0
data/lib/opt_parse_validator/opts/string.rb +8 -0
data/lib/opt_parse_validator/opts/uri.rb +41 -0
data/lib/opt_parse_validator/opts/url.rb +11 -0
data/lib/opt_parse_validator/opts.rb +9 -0
data/lib/opt_parse_validator/version.rb +6 -0
data/lib/opt_parse_validator.rb +161 -0
data/lib/wpscan/browser/actions.rb +48 -0
data/lib/wpscan/browser/options.rb +92 -0
data/lib/wpscan/browser.rb +87 -2
data/lib/wpscan/browser_authenticator.rb +64 -0
data/lib/wpscan/cache/file_store.rb +77 -0
data/lib/wpscan/cache/typhoeus.rb +25 -0
data/lib/wpscan/controller.rb +100 -4
data/lib/wpscan/controllers.rb +78 -3
data/lib/wpscan/db/dynamic_finders/base.rb +3 -7
data/lib/wpscan/db/dynamic_finders/plugin.rb +2 -2
data/lib/wpscan/db/dynamic_finders/wordpress.rb +1 -1
data/lib/wpscan/db/fingerprints.rb +2 -2
data/lib/wpscan/db/updater.rb +23 -13
data/lib/wpscan/db/vuln_api.rb +19 -7
data/lib/wpscan/db/wp_item.rb +2 -2
data/lib/wpscan/errors/enumeration.rb +4 -4
data/lib/wpscan/errors/http.rb +82 -3
data/lib/wpscan/errors/saml.rb +28 -0
data/lib/wpscan/errors/scan.rb +14 -0
data/lib/wpscan/errors/update.rb +11 -3
data/lib/wpscan/errors/vuln_api.rb +24 -0
data/lib/wpscan/errors/wordpress.rb +2 -2
data/lib/wpscan/errors/wp_auth.rb +37 -0
data/lib/wpscan/errors.rb +4 -3
data/lib/wpscan/exit_code.rb +25 -0
data/lib/wpscan/finders/base_finders.rb +45 -0
data/lib/wpscan/finders/dynamic_finder/finder.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/comment.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +3 -5
data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +3 -3
data/lib/wpscan/finders/dynamic_finder/wp_version.rb +1 -1
data/lib/wpscan/finders/finder/breadth_first_dictionary_attack.rb +257 -0
data/lib/wpscan/finders/finder/enumerator.rb +77 -0
data/lib/wpscan/finders/finder/fingerprinter.rb +48 -0
data/lib/wpscan/finders/finder/smart_url_checker/findings.rb +33 -0
data/lib/wpscan/finders/finder/smart_url_checker.rb +60 -0
data/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb +1 -1
data/lib/wpscan/finders/finder.rb +78 -0
data/lib/wpscan/finders/finding.rb +54 -0
data/lib/wpscan/finders/findings.rb +33 -0
data/lib/wpscan/finders/independent_finder.rb +33 -0
data/lib/wpscan/finders/independent_finders.rb +26 -0
data/lib/wpscan/finders/same_type_finder.rb +19 -0
data/lib/wpscan/finders/same_type_finders.rb +28 -0
data/lib/wpscan/finders/unique_finder.rb +19 -0
data/lib/wpscan/finders/unique_finders.rb +47 -0
data/lib/wpscan/finders.rb +11 -12
data/lib/wpscan/formatter/buffer.rb +17 -0
data/lib/wpscan/formatter.rb +152 -0
data/lib/wpscan/helper.rb +7 -1
data/lib/wpscan/http_status_tracking.rb +128 -0
data/lib/wpscan/numeric.rb +13 -0
data/lib/wpscan/parsed_cli.rb +31 -2
data/lib/wpscan/progressbar_null_output.rb +23 -0
data/lib/wpscan/public_suffix/domain.rb +44 -0
data/lib/wpscan/references.rb +118 -4
data/lib/wpscan/scan.rb +127 -0
data/lib/wpscan/target/hashes.rb +45 -0
data/lib/wpscan/target/platform/php.rb +124 -0
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +3 -3
data/lib/wpscan/target/platform/wordpress.rb +7 -8
data/lib/wpscan/target/platform.rb +3 -0
data/lib/wpscan/target/scope.rb +103 -0
data/lib/wpscan/target/server/apache.rb +27 -0
data/lib/wpscan/target/server/generic.rb +72 -0
data/lib/wpscan/target/server/iis.rb +29 -0
data/lib/wpscan/target/server/nginx.rb +27 -0
data/lib/wpscan/target/server.rb +6 -0
data/lib/wpscan/target.rb +129 -9
data/lib/wpscan/typhoeus/hydra.rb +12 -0
data/lib/wpscan/typhoeus/response.rb +24 -1
data/lib/wpscan/version.rb +1 -1
data/lib/wpscan/vulnerability.rb +49 -3
data/lib/wpscan/vulnerability_filter.rb +68 -0
data/lib/wpscan/vulnerable.rb +13 -1
data/lib/wpscan/web_site.rb +152 -0
data/lib/wpscan.rb +126 -29
metadata +362 -20

data/app/finders/themes/known_locations.rb CHANGED Viewed

@@ -4,8 +4,8 @@ module WPScan
   module Finders
     module Themes
       # Known Locations Themes Finder
-      class KnownLocations < CMSScanner::Finders::Finder
-        include CMSScanner::Finders::Finder::Enumerator
+      class KnownLocations < WPScan::Finders::Finder
+        include WPScan::Finders::Finder::Enumerator
         # @return [ Array<Integer> ]
         def valid_response_codes
@@ -14,22 +14,28 @@ module WPScan
         # @param [ Hash ] opts
         # @option opts [ String ] :list
+        # @option opts [ Findings ] :found Shared findings collection; see
+        #   {Plugins::KnownLocations#aggressive} for the streaming rationale.
         #
         # @return [ Array<Theme> ]
         def aggressive(opts = {})
-          found = []
+          shared = opts[:found]
+          local  = shared ? nil : []
+          count  = 0
           enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, slug|
             finding_opts = opts.merge(found_by: found_by,
                                       confidence: 80,
                                       interesting_entries: ["#{res.effective_url}, status: #{res.code}"])
-            found << Model::Theme.new(slug, target, finding_opts)
+            theme = Model::Theme.new(slug, target, finding_opts)
+            (shared || local) << theme
+            count += 1
-            raise Error::ThemesThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
+            raise Error::ThemesThresholdReached if opts[:threshold].positive? && count >= opts[:threshold]
           end
-          found
+          local || []
         end
         # @param [ Hash ] opts

data/app/finders/themes/urls_in_homepage.rb CHANGED Viewed

@@ -4,20 +4,16 @@ module WPScan
   module Finders
     module Themes
       # URLs In Homepage Finder
-      class UrlsInHomepage < CMSScanner::Finders::Finder
+      class UrlsInHomepage < WPScan::Finders::Finder
         include WpItems::UrlsInPage
         # @param [ Hash ] opts
         #
         # @return [ Array<Theme> ]
         def passive(opts = {})
-          found = []
-          (items_from_links('themes') + items_from_codes('themes')).uniq.sort.each do |slug|
-            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+          (items_from_links('themes') + items_from_codes('themes')).uniq.sort.map do |slug|
+            Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
           end
-          found
         end
         # @return [ Typhoeus::Response ]

data/app/finders/themes/wp_json_api.rb ADDED Viewed

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+module WPScan
+  module Finders
+    module Themes
+      # Authenticated theme inventory via the WordPress REST API
+      # endpoint /wp-json/wp/v2/themes (WP >= 5.7).
+      #
+      # Requires admin credentials with the switch_themes capability.
+      class WpJsonApi < WPScan::Finders::Finder
+        FOUND_BY = 'WP REST API (Authenticated)'
+        # @param [ Hash ] opts
+        # @option opts [ String ] :userpwd "user:password" credentials for Basic Auth
+        #
+        # @return [ Array<Model::Theme> ]
+        def aggressive(opts = {})
+          response = Browser.get(api_url, userpwd: opts[:userpwd], headers: { 'Accept' => 'application/json' })
+          raise Error::WpAuthFailed.new(response.code, api_url) if [401, 403].include?(response.code)
+          raise Error::WpAuthEndpointUnavailable.new(response.code, api_url) unless response.code == 200
+          themes_from_response(response)
+        rescue JSON::ParserError, TypeError
+          []
+        end
+        # @param [ Typhoeus::Response ] response
+        #
+        # @return [ Array<Model::Theme> ]
+        def themes_from_response(response)
+          json = JSON.parse(response.body)
+          return [] unless json.is_a?(Enumerable)
+          json.filter_map { |entry| build_theme(entry, response.effective_url) }
+        end
+        # @return [ String ] The REST API URL for the themes endpoint
+        def api_url
+          @api_url ||= target.url('wp-json/wp/v2/themes')
+        end
+        private
+        # @param [ Hash ] entry
+        # @param [ String ] effective_url
+        #
+        # @return [ Model::Theme, nil ]
+        def build_theme(entry, effective_url)
+          slug = entry['stylesheet']
+          return nil if slug.nil? || slug.to_s.empty?
+          theme = Model::Theme.new(
+            slug,
+            target,
+            confidence: 100,
+            found_by: FOUND_BY,
+            interesting_entries: [effective_url]
+          )
+          version = entry['version']
+          theme.instance_variable_set(
+            :@version,
+            version && !version.to_s.empty? ? Model::Version.new(version, confidence: 100, found_by: FOUND_BY) : false
+          )
+          theme.instance_variable_set(:@wp_json_active, entry['status'] == 'active')
+          theme
+        end
+      end
+    end
+  end
+end

data/app/finders/themes.rb CHANGED Viewed

@@ -3,13 +3,14 @@
 require_relative 'themes/urls_in_homepage'
 require_relative 'themes/urls_in_404_page'
 require_relative 'themes/known_locations'
+require_relative 'themes/wp_json_api' # Authenticated, used by AuthenticatedInventory controller
 module WPScan
   module Finders
     module Themes
       # Themes Finder
       class Base
-        include CMSScanner::Finders::SameTypeFinder
+        include WPScan::Finders::SameTypeFinder
         # @param [ WPScan::Target ] target
         def initialize(target)

data/app/finders/timthumb_version/bad_request.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module WPScan
     module TimthumbVersion
       # Timthumb Version Finder from the body of a bad request
       # See https://code.google.com/p/timthumb/source/browse/trunk/timthumb.php#435
-      class BadRequest < CMSScanner::Finders::Finder
+      class BadRequest < WPScan::Finders::Finder
         # @return [ Version ]
         def aggressive(_opts = {})
           return unless Browser.get(target.url).body =~ /(TimThumb version\s*: ([^<]+))/

data/app/finders/timthumb_version.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module WPScan
     module TimthumbVersion
       # Timthumb Version Finder
       class Base
-        include CMSScanner::Finders::UniqueFinder
+        include WPScan::Finders::UniqueFinder
         # @param [ Model::Timthumb ] target
         def initialize(target)

data/app/finders/timthumbs/known_locations.rb CHANGED Viewed

@@ -6,8 +6,8 @@ module WPScan
       # Known Locations Timthumbs Finder
       # Note: A vulnerable version, 2.8.13 can be found here:
       # https://github.com/GabrielGil/TimThumb/blob/980c3d6a823477761570475e8b83d3e9fcd2d7ae/timthumb.php
-      class KnownLocations < CMSScanner::Finders::Finder
-        include CMSScanner::Finders::Finder::Enumerator
+      class KnownLocations < WPScan::Finders::Finder
+        include WPScan::Finders::Finder::Enumerator
         # @return [ Array<Integer> ]
         def valid_response_codes
@@ -37,8 +37,10 @@ module WPScan
         def target_urls(opts = {})
           urls = {}
-          File.open(opts[:list]).each_with_index do |path, index|
-            urls[target.url(path.chomp)] = index
+          File.open(opts[:list]) do |f|
+            f.each_with_index do |path, index|
+              urls[target.url(path.chomp)] = index
+            end
           end
           # Add potential timthumbs located in the main theme

data/app/finders/timthumbs.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module WPScan
     module Timthumbs
       # Timthumbs Finder
       class Base
-        include CMSScanner::Finders::SameTypeFinder
+        include WPScan::Finders::SameTypeFinder
         # @param [ WPScan::Target ] target
         def initialize(target)

data/app/finders/users/author_id_brute_forcing.rb CHANGED Viewed

@@ -4,8 +4,8 @@ module WPScan
   module Finders
     module Users
       # Author Id Brute Forcing
-      class AuthorIdBruteForcing < CMSScanner::Finders::Finder
-        include CMSScanner::Finders::Finder::Enumerator
+      class AuthorIdBruteForcing < WPScan::Finders::Finder
+        include WPScan::Finders::Finder::Enumerator
         # @return [ Array<Integer> ]
         def valid_response_codes
@@ -14,10 +14,13 @@ module WPScan
         # @param [ Hash ] opts
         # @option opts [ Range ] :range Mandatory
+        # @option opts [ Findings ] :found Shared findings collection; see
+        #   {Plugins::KnownLocations#aggressive} for the streaming rationale.
         #
         # @return [ Array<User> ]
         def aggressive(opts = {})
-          found = []
+          shared       = opts[:found]
+          local        = shared ? nil : []
           found_by_msg = 'Author Id Brute Forcing - %s (Aggressive Detection)'
           enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, id|
@@ -25,15 +28,16 @@ module WPScan
             next unless username
-            found << Model::User.new(
+            user = Model::User.new(
               username,
               id: id,
               found_by: format(found_by_msg, found_by),
               confidence: confidence
             )
+            (shared || local) << user
           end
-          found
+          local || []
         end
         # @param [ Hash ] opts
@@ -55,7 +59,7 @@ module WPScan
         end
         def full_request_params
-          { followlocation: true }
+          { followlocation: true, maxredirs: 10 }
         end
         # @param [ Typhoeus::Response ] res
@@ -68,7 +72,7 @@ module WPScan
           username = display_name_from_body(res.body)
-          return username, 'Display Name', 50 if username
+          [username, 'Display Name', 50] if username
         end
         # @param [ String, Addressable::URI ] uri

data/app/finders/users/author_posts.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module WPScan
   module Finders
     module Users
       # Author Posts
-      class AuthorPosts < CMSScanner::Finders::Finder
+      class AuthorPosts < WPScan::Finders::Finder
         # @param [ Hash ] opts
         #
         # @return [ Array<User> ]

data/app/finders/users/author_sitemap.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module WPScan
     module Users
       # Since WP 5.5, /wp-sitemap-users-1.xml is generated and contains
       # the usernames of accounts who made a post
-      class AuthorSitemap < CMSScanner::Finders::Finder
+      class AuthorSitemap < WPScan::Finders::Finder
         # @param [ Hash ] opts
         #
         # @return [ Array<User> ]

data/app/finders/users/login_error_messages.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module WPScan
       #   WP >= 3.1 - The password you entered for the username admin is incorrect.
       # Non existent username: Invalid username.
       #
-      class LoginErrorMessages < CMSScanner::Finders::Finder
+      class LoginErrorMessages < WPScan::Finders::Finder
         # @param [ Hash ] opts
         # @option opts [ String ] :list
         #

data/app/finders/users/oembed_api.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module WPScan
     module Users
       # Since WP 4.4, the oembed API can disclose a user
       # https://github.com/wpscanteam/wpscan/issues/1049
-      class OembedApi < CMSScanner::Finders::Finder
+      class OembedApi < WPScan::Finders::Finder
         # @param [ Hash ] opts
         #
         # @return [ Array<User> ]
@@ -36,6 +36,8 @@ module WPScan
           oembed_data = oembed_data.first if oembed_data.is_a?(Array)
+          oembed_data = {} unless oembed_data.is_a?(Hash)
           if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
             details = [Regexp.last_match[1], 'Author URL', 90]
           elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?

data/app/finders/users/wp_json_api.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module WPScan
       # Since 4.7 - Need more investigation as it seems WP 4.7.1 reduces the exposure, see https://github.com/wpscanteam/wpscan/issues/1038)
       # For the pagination, see https://github.com/wpscanteam/wpscan/issues/1285
       #
-      class WpJsonApi < CMSScanner::Finders::Finder
+      class WpJsonApi < WPScan::Finders::Finder
         MAX_PER_PAGE = 100 # See https://developer.wordpress.org/rest-api/using-the-rest-api/pagination/
         # @param [ Hash ] opts
@@ -42,12 +42,16 @@ module WPScan
         def users_from_response(response)
           found = []
-          JSON.parse(response.body)&.each do |user|
-            found << Model::User.new(user['slug'],
-                                     id: user['id'],
-                                     found_by: found_by,
-                                     confidence: 100,
-                                     interesting_entries: [response.effective_url])
+          json = JSON.parse(response.body)
+          if json.is_a?(Enumerable)
+            json.each do |user|
+              found << Model::User.new(user['slug'],
+                                       id: user['id'],
+                                       found_by: found_by,
+                                       confidence: 100,
+                                       interesting_entries: [response.effective_url])
+            end
           end
           found

data/app/finders/users.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module WPScan
     module Users
       # Users Finder
       class Base
-        include CMSScanner::Finders::SameTypeFinder
+        include WPScan::Finders::SameTypeFinder
         # @param [ WPScan::Target ] target
         def initialize(target)

data/app/finders/wp_version/atom_generator.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module WPScan
   module Finders
     module WpVersion
       # Atom Generator Version Finder
-      class AtomGenerator < CMSScanner::Finders::Finder
+      class AtomGenerator < WPScan::Finders::Finder
         include Finder::WpVersion::SmartURLChecker
         def process_urls(urls, _opts = {})

data/app/finders/wp_version/rdf_generator.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module WPScan
   module Finders
     module WpVersion
       # RDF Generator Version Finder
-      class RDFGenerator < CMSScanner::Finders::Finder
+      class RDFGenerator < WPScan::Finders::Finder
         include Finder::WpVersion::SmartURLChecker
         def process_urls(urls, _opts = {})

data/app/finders/wp_version/readme.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module WPScan
   module Finders
     module WpVersion
       # Readme Version Finder
-      class Readme < CMSScanner::Finders::Finder
+      class Readme < WPScan::Finders::Finder
         # @return [ WpVersion ]
         def aggressive(_opts = {})
           readme_url = target.url('readme.html') # Maybe move this into the Target ?

data/app/finders/wp_version/rss_generator.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module WPScan
   module Finders
     module WpVersion
       # RSS Generator Version Finder
-      class RSSGenerator < CMSScanner::Finders::Finder
+      class RSSGenerator < WPScan::Finders::Finder
         include Finder::WpVersion::SmartURLChecker
         def process_urls(urls, _opts = {})

data/app/finders/wp_version/unique_fingerprinting.rb CHANGED Viewed

@@ -4,8 +4,8 @@ module WPScan
   module Finders
     module WpVersion
       # Unique Fingerprinting Version Finder
-      class UniqueFingerprinting < CMSScanner::Finders::Finder
-        include CMSScanner::Finders::Finder::Fingerprinter
+      class UniqueFingerprinting < WPScan::Finders::Finder
+        include WPScan::Finders::Finder::Fingerprinter
         # @return [ WpVersion ]
         def aggressive(opts = {})

data/app/finders/wp_version.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module WPScan
     module WpVersion
       # Wp Version Finder
       class Base
-        include CMSScanner::Finders::UniqueFinder
+        include WPScan::Finders::UniqueFinder
         # @param [ WPScan::Target ] target
         def initialize(target)

data/app/finders.rb CHANGED Viewed

@@ -8,6 +8,7 @@ require_relative 'finders/timthumb_version'
 require_relative 'finders/timthumbs'
 require_relative 'finders/config_backups'
 require_relative 'finders/db_exports'
+require_relative 'finders/backup_folders'
 require_relative 'finders/medias'
 require_relative 'finders/users'
 require_relative 'finders/plugins'

data/app/formatters/cli.rb ADDED Viewed

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+module WPScan
+  module Formatter
+    # CLI Formatter
+    class Cli < Base
+      def streams?
+        true
+      end
+      # ANSI sequence to clear the current line and return to column 0.
+      # Emitted at the start of each streamed enumeration finding so the
+      # ruby-progressbar line (which redraws via \r and leaves its previous
+      # render visible when interleaved with foreign output) gets wiped
+      # before the finding prints. No-op on non-TTY stdout so file/pipe
+      # output stays clean.
+      def bar_clear
+        $stdout.tty? ? "\e[2K\r" : ''
+      end
+      # @return [ String ]
+      def info_icon
+        green('[+]')
+      end
+      # @return [ String ]
+      def notice_icon
+        blue('[i]')
+      end
+      # @return [ String ]
+      def warning_icon
+        amber('[!]')
+      end
+      # @return [ String ]
+      def critical_icon
+        red('[!]')
+      end
+      # @param [ String ] text
+      # @return [ String ]
+      def bold(text)
+        colorize(text, 1)
+      end
+      # @param [ String ] text
+      # @return [ String ]
+      def red(text)
+        colorize(text, 31)
+      end
+      # @param [ String ] text
+      # @return [ String ]
+      def green(text)
+        colorize(text, 32)
+      end
+      # @param [ String ] text
+      # @return [ String ]
+      def amber(text)
+        colorize(text, 33)
+      end
+      # @param [ String ] text
+      # @return [ String ]
+      def blue(text)
+        colorize(text, 34)
+      end
+      # @param [ String ] text
+      # @param [ Integer ] color_code
+      # @return [ String ]
+      def colorize(text, color_code)
+        "\e[#{color_code}m#{text}\e[0m"
+      end
+    end
+  end
+end

data/app/formatters/cli_no_color.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+module WPScan
+  module Formatter
+    # Because Reason https://github.com/wpscanteam/WPScan/issues/56
+    class CliNoColor < CliNoColour
+    end
+  end
+end

data/app/formatters/cli_no_colour.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module WPScan
+  module Formatter
+    # CLI No Colour Formatter
+    class CliNoColour < Cli
+      # Override to get the cli views
+      def format
+        'cli'
+      end
+      def colorize(text, _color_code)
+        text
+      end
+    end
+  end
+end

data/app/formatters/json.rb ADDED Viewed

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+module WPScan
+  module Formatter
+    # JSON Formatter
+    class Json < Base
+      include Buffer
+      def beautify
+        puts JSON.pretty_generate(JSON.parse("{#{buffer.chomp.chomp(',')}}"))
+      end
+    end
+  end
+end

data/app/formatters/jsonl.rb ADDED Viewed

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module WPScan
+  module Formatter
+    # JSON Lines formatter — streams one self-contained JSON object per
+    # template render as the scan progresses. Reuses every app/views/json/*.erb
+    # template via base_format, so output content matches `-f json` but is
+    # emitted incrementally and can be piped directly into tools like `jq`.
+    class Jsonl < Base
+      def base_format
+        'json'
+      end
+      def streams?
+        true
+      end
+      def output(tpl, vars = {}, controller_name = nil)
+        rendered = render(tpl, vars, controller_name)
+                   .encode('UTF-8', invalid: :replace, undef: :replace)
+        fragment = rendered.strip.chomp(',')
+        return if fragment.empty?
+        $stdout.puts JSON.generate(JSON.parse("{#{fragment}}"))
+        $stdout.flush
+      end
+    end
+  end
+end