RubyGems - wpscan - Versions diffs - 3.8.28 → 4.0.0 - Mend

wpscan 3.8.28 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

checksums.yaml +4 -4
data/README.md +104 -30
data/app/app.rb +26 -0
data/app/controllers/aliases.rb +2 -2
data/app/controllers/authenticated_inventory.rb +43 -0
data/app/controllers/core/cli_options.rb +151 -0
data/app/controllers/core.rb +200 -25
data/app/controllers/custom_directories.rb +1 -1
data/app/controllers/enumeration/cli_options.rb +21 -31
data/app/controllers/enumeration/enum_methods.rb +145 -38
data/app/controllers/enumeration.rb +26 -3
data/app/controllers/interesting_findings.rb +25 -0
data/app/controllers/main_theme.rb +1 -1
data/app/controllers/password_attack.rb +14 -6
data/app/controllers/vuln_api.rb +9 -3
data/app/controllers/wp_version.rb +1 -1
data/app/controllers.rb +1 -0
data/app/finders/backup_folders/known_locations.rb +66 -0
data/app/finders/backup_folders.rb +19 -0
data/app/finders/config_backups/known_filenames.rb +6 -4
data/app/finders/config_backups.rb +1 -1
data/app/finders/db_exports/known_locations.rb +16 -14
data/app/finders/db_exports.rb +1 -1
data/app/finders/interesting_findings/backup_db.rb +1 -1
data/app/finders/interesting_findings/debug_log.rb +1 -1
data/app/finders/interesting_findings/duplicator_installer_log.rb +1 -1
data/app/finders/interesting_findings/emergency_pwd_reset_script.rb +1 -1
data/app/finders/interesting_findings/fantastico_fileslist.rb +21 -0
data/app/finders/interesting_findings/full_path_disclosure.rb +1 -1
data/app/finders/interesting_findings/headers.rb +17 -0
data/app/finders/interesting_findings/mu_plugins.rb +1 -1
data/app/finders/interesting_findings/multisite.rb +1 -1
data/app/finders/interesting_findings/php_disabled.rb +2 -2
data/app/finders/interesting_findings/readme.rb +1 -1
data/app/finders/interesting_findings/registration.rb +1 -1
data/app/finders/interesting_findings/robots_txt.rb +20 -0
data/app/finders/interesting_findings/search_replace_db_2.rb +19 -0
data/app/finders/interesting_findings/tmm_db_migrate.rb +1 -1
data/app/finders/interesting_findings/upload_directory_listing.rb +1 -1
data/app/finders/interesting_findings/upload_sql_dump.rb +2 -2
data/app/finders/interesting_findings/wp_cron.rb +1 -1
data/app/finders/interesting_findings/xml_rpc.rb +61 -0
data/app/finders/interesting_findings.rb +13 -4
data/app/finders/main_theme/css_style_in_homepage.rb +1 -1
data/app/finders/main_theme/urls_in_homepage.rb +3 -7
data/app/finders/main_theme/woo_framework_meta_generator.rb +4 -4
data/app/finders/main_theme.rb +1 -1
data/app/finders/medias/attachment_brute_forcing.rb +2 -2
data/app/finders/medias.rb +1 -1
data/app/finders/passwords/wp_login.rb +2 -2
data/app/finders/passwords/xml_rpc.rb +2 -2
data/app/finders/passwords/xml_rpc_multicall.rb +1 -1
data/app/finders/plugin_version/readme.rb +1 -1
data/app/finders/plugin_version.rb +1 -1
data/app/finders/plugins/known_locations.rb +17 -7
data/app/finders/plugins/urls_in_homepage.rb +3 -7
data/app/finders/plugins/wp_json_api.rb +85 -0
data/app/finders/plugins.rb +2 -1
data/app/finders/theme_version/style.rb +1 -1
data/app/finders/theme_version/woo_framework_meta_generator.rb +1 -1
data/app/finders/theme_version.rb +1 -1
data/app/finders/themes/known_locations.rb +12 -6
data/app/finders/themes/urls_in_homepage.rb +3 -7
data/app/finders/themes/wp_json_api.rb +74 -0
data/app/finders/themes.rb +2 -1
data/app/finders/timthumb_version/bad_request.rb +1 -1
data/app/finders/timthumb_version.rb +1 -1
data/app/finders/timthumbs/known_locations.rb +6 -4
data/app/finders/timthumbs.rb +1 -1
data/app/finders/users/author_id_brute_forcing.rb +11 -7
data/app/finders/users/author_posts.rb +1 -1
data/app/finders/users/author_sitemap.rb +1 -1
data/app/finders/users/login_error_messages.rb +1 -1
data/app/finders/users/oembed_api.rb +3 -1
data/app/finders/users/wp_json_api.rb +11 -7
data/app/finders/users.rb +1 -1
data/app/finders/wp_version/atom_generator.rb +1 -1
data/app/finders/wp_version/rdf_generator.rb +1 -1
data/app/finders/wp_version/readme.rb +1 -1
data/app/finders/wp_version/rss_generator.rb +1 -1
data/app/finders/wp_version/unique_fingerprinting.rb +2 -2
data/app/finders/wp_version.rb +1 -1
data/app/finders.rb +1 -0
data/app/formatters/cli.rb +79 -0
data/app/formatters/cli_no_color.rb +9 -0
data/app/formatters/cli_no_colour.rb +17 -0
data/app/formatters/json.rb +14 -0
data/app/formatters/jsonl.rb +29 -0
data/app/formatters/sarif.rb +311 -0
data/app/models/backup_folder.rb +39 -0
data/app/models/fantastico_fileslist.rb +34 -0
data/app/models/headers.rb +44 -0
data/app/models/interesting_finding.rb +41 -2
data/app/models/plugin.rb +8 -2
data/app/models/robots_txt.rb +31 -0
data/app/models/search_replace_db_2.rb +17 -0
data/app/models/theme.rb +9 -2
data/app/models/timthumb.rb +2 -2
data/app/models/user.rb +35 -0
data/app/models/version.rb +49 -0
data/app/models/wp_item/wordpress_org_data.rb +55 -0
data/app/models/wp_item.rb +109 -9
data/app/models/wp_version.rb +2 -2
data/app/models/xml_rpc.rb +73 -3
data/app/models.rb +2 -1
data/app/user_agents.txt +46 -0
data/app/views/cli/core/banner.erb +3 -3
data/app/views/cli/core/finished.erb +15 -0
data/app/views/cli/core/help.erb +4 -0
data/app/views/cli/core/started.erb +11 -0
data/app/views/cli/enumeration/backup_folders.erb +11 -0
data/app/views/cli/enumeration/plugin.erb +13 -0
data/app/views/cli/enumeration/plugins.erb +1 -12
data/app/views/cli/enumeration/theme.erb +4 -0
data/app/views/cli/enumeration/themes.erb +1 -3
data/app/views/cli/enumeration/user.erb +4 -0
data/app/views/cli/enumeration/users.erb +1 -3
data/app/views/cli/finding.erb +1 -1
data/app/views/cli/interesting_findings/_array.erb +10 -0
data/app/views/cli/interesting_findings/findings.erb +23 -0
data/app/views/cli/scan_aborted.erb +5 -0
data/app/views/cli/update_aborted.erb +5 -0
data/app/views/cli/vuln_api/status.erb +2 -0
data/app/views/cli/vulnerability.erb +6 -0
data/app/views/cli/wp_item.erb +4 -1
data/app/views/json/core/banner.erb +2 -8
data/app/views/json/core/finished.erb +13 -0
data/app/views/json/core/help.erb +4 -0
data/app/views/json/core/started.erb +10 -0
data/app/views/json/enumeration/backup_folders.erb +11 -0
data/app/views/json/enumeration/plugin.erb +15 -0
data/app/views/json/enumeration/theme.erb +5 -0
data/app/views/json/enumeration/user.erb +6 -0
data/app/views/json/finding.erb +8 -2
data/app/views/json/interesting_findings/findings.erb +24 -0
data/app/views/json/notice.erb +1 -0
data/app/views/json/scan_aborted.erb +5 -0
data/app/views/json/update_aborted.erb +5 -0
data/app/views/json/vuln_api/status.erb +2 -0
data/app/views/json/wp_item.erb +4 -1
data/bin/wpscan +1 -0
data/lib/opt_parse_validator/config_files_loader_merger/base.rb +26 -0
data/lib/opt_parse_validator/config_files_loader_merger/json.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger/yml.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger.rb +62 -0
data/lib/opt_parse_validator/errors.rb +9 -0
data/lib/opt_parse_validator/hacks.rb +19 -0
data/lib/opt_parse_validator/opts/alias.rb +28 -0
data/lib/opt_parse_validator/opts/array.rb +34 -0
data/lib/opt_parse_validator/opts/base.rb +142 -0
data/lib/opt_parse_validator/opts/boolean.rb +19 -0
data/lib/opt_parse_validator/opts/choice.rb +43 -0
data/lib/opt_parse_validator/opts/credentials.rb +15 -0
data/lib/opt_parse_validator/opts/directory_path.rb +17 -0
data/lib/opt_parse_validator/opts/file_path.rb +34 -0
data/lib/opt_parse_validator/opts/headers.rb +33 -0
data/lib/opt_parse_validator/opts/integer.rb +15 -0
data/lib/opt_parse_validator/opts/integer_range.rb +37 -0
data/lib/opt_parse_validator/opts/multi_choices.rb +135 -0
data/lib/opt_parse_validator/opts/path.rb +78 -0
data/lib/opt_parse_validator/opts/positive_integer.rb +16 -0
data/lib/opt_parse_validator/opts/proxy.rb +7 -0
data/lib/opt_parse_validator/opts/regexp.rb +14 -0
data/lib/opt_parse_validator/opts/smart_list.rb +30 -0
data/lib/opt_parse_validator/opts/string.rb +8 -0
data/lib/opt_parse_validator/opts/uri.rb +41 -0
data/lib/opt_parse_validator/opts/url.rb +11 -0
data/lib/opt_parse_validator/opts.rb +9 -0
data/lib/opt_parse_validator/version.rb +6 -0
data/lib/opt_parse_validator.rb +161 -0
data/lib/wpscan/browser/actions.rb +48 -0
data/lib/wpscan/browser/options.rb +92 -0
data/lib/wpscan/browser.rb +87 -2
data/lib/wpscan/browser_authenticator.rb +64 -0
data/lib/wpscan/cache/file_store.rb +77 -0
data/lib/wpscan/cache/typhoeus.rb +25 -0
data/lib/wpscan/controller.rb +100 -4
data/lib/wpscan/controllers.rb +78 -3
data/lib/wpscan/db/dynamic_finders/base.rb +3 -7
data/lib/wpscan/db/dynamic_finders/plugin.rb +2 -2
data/lib/wpscan/db/dynamic_finders/wordpress.rb +1 -1
data/lib/wpscan/db/fingerprints.rb +2 -2
data/lib/wpscan/db/updater.rb +23 -13
data/lib/wpscan/db/vuln_api.rb +19 -7
data/lib/wpscan/db/wp_item.rb +2 -2
data/lib/wpscan/errors/enumeration.rb +4 -4
data/lib/wpscan/errors/http.rb +82 -3
data/lib/wpscan/errors/saml.rb +28 -0
data/lib/wpscan/errors/scan.rb +14 -0
data/lib/wpscan/errors/update.rb +11 -3
data/lib/wpscan/errors/vuln_api.rb +24 -0
data/lib/wpscan/errors/wordpress.rb +2 -2
data/lib/wpscan/errors/wp_auth.rb +37 -0
data/lib/wpscan/errors.rb +4 -3
data/lib/wpscan/exit_code.rb +25 -0
data/lib/wpscan/finders/base_finders.rb +45 -0
data/lib/wpscan/finders/dynamic_finder/finder.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/comment.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +3 -5
data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +3 -3
data/lib/wpscan/finders/dynamic_finder/wp_version.rb +1 -1
data/lib/wpscan/finders/finder/breadth_first_dictionary_attack.rb +257 -0
data/lib/wpscan/finders/finder/enumerator.rb +77 -0
data/lib/wpscan/finders/finder/fingerprinter.rb +48 -0
data/lib/wpscan/finders/finder/smart_url_checker/findings.rb +33 -0
data/lib/wpscan/finders/finder/smart_url_checker.rb +60 -0
data/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb +1 -1
data/lib/wpscan/finders/finder.rb +78 -0
data/lib/wpscan/finders/finding.rb +54 -0
data/lib/wpscan/finders/findings.rb +33 -0
data/lib/wpscan/finders/independent_finder.rb +33 -0
data/lib/wpscan/finders/independent_finders.rb +26 -0
data/lib/wpscan/finders/same_type_finder.rb +19 -0
data/lib/wpscan/finders/same_type_finders.rb +28 -0
data/lib/wpscan/finders/unique_finder.rb +19 -0
data/lib/wpscan/finders/unique_finders.rb +47 -0
data/lib/wpscan/finders.rb +11 -12
data/lib/wpscan/formatter/buffer.rb +17 -0
data/lib/wpscan/formatter.rb +152 -0
data/lib/wpscan/helper.rb +7 -1
data/lib/wpscan/http_status_tracking.rb +128 -0
data/lib/wpscan/numeric.rb +13 -0
data/lib/wpscan/parsed_cli.rb +31 -2
data/lib/wpscan/progressbar_null_output.rb +23 -0
data/lib/wpscan/public_suffix/domain.rb +44 -0
data/lib/wpscan/references.rb +118 -4
data/lib/wpscan/scan.rb +127 -0
data/lib/wpscan/target/hashes.rb +45 -0
data/lib/wpscan/target/platform/php.rb +124 -0
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +3 -3
data/lib/wpscan/target/platform/wordpress.rb +7 -8
data/lib/wpscan/target/platform.rb +3 -0
data/lib/wpscan/target/scope.rb +103 -0
data/lib/wpscan/target/server/apache.rb +27 -0
data/lib/wpscan/target/server/generic.rb +72 -0
data/lib/wpscan/target/server/iis.rb +29 -0
data/lib/wpscan/target/server/nginx.rb +27 -0
data/lib/wpscan/target/server.rb +6 -0
data/lib/wpscan/target.rb +129 -9
data/lib/wpscan/typhoeus/hydra.rb +12 -0
data/lib/wpscan/typhoeus/response.rb +24 -1
data/lib/wpscan/version.rb +1 -1
data/lib/wpscan/vulnerability.rb +49 -3
data/lib/wpscan/vulnerability_filter.rb +68 -0
data/lib/wpscan/vulnerable.rb +13 -1
data/lib/wpscan/web_site.rb +152 -0
data/lib/wpscan.rb +126 -29
metadata +362 -20

data/app/formatters/sarif.rb ADDED Viewed

@@ -0,0 +1,311 @@
+# frozen_string_literal: true
+require 'digest'
+module WPScan
+  module Formatter
+    # SARIF v2.1.0 Formatter.
+    #
+    # Emits scan results in SARIF v2.1.0 format so they can be consumed by
+    # static-analysis aggregators such as GitHub Code Scanning. WPScan is a
+    # DAST tool, so findings don't have a source file + line; we follow the
+    # mapping discussed on issue #1879:
+    #
+    #   * `result.locations[].physicalLocation.artifactLocation.uri` carries
+    #     the URL where the finding was observed. SARIF explicitly allows
+    #     `uri` to be an absolute URL — see SARIF v2.1.0 §3.4.3
+    #     (https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317419).
+    #   * `result.locations[].logicalLocations[]` carries the WordPress
+    #     component identity (core / plugin <slug> / theme <slug>) decoupled
+    #     from any URL — see SARIF v2.1.0 §3.33
+    #     (https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317719).
+    #
+    # GitHub's guidance on which SARIF fields surface in Code Scanning is
+    # at https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.
+    #
+    # This formatter inherits from {Json} and reuses the JSON ERB views: the
+    # full scan is buffered as JSON during the run, then transformed into a
+    # SARIF document in {#beautify}. Reusing the JSON layer keeps the SARIF
+    # mapping in one place and lets new JSON fields flow through automatically.
+    class Sarif < Json
+      SARIF_VERSION = '2.1.0'
+      SARIF_SCHEMA  = 'https://json.schemastore.org/sarif-2.1.0.json'
+      INFO_URI      = 'https://wpscan.com/wordpress-security-scanner'
+      # Make ERB lookups fall back to the json/* views.
+      def base_format
+        'json'
+      end
+      def beautify
+        data = JSON.parse("{#{buffer.chomp.chomp(',')}}")
+        puts JSON.pretty_generate(sarif_document(data))
+      end
+      private
+      def sarif_document(data)
+        rules   = {}
+        results = []
+        collect_vulnerability_results(data, rules, results)
+        collect_interesting_finding_results(data, rules, results)
+        {
+          '$schema' => SARIF_SCHEMA,
+          'version' => SARIF_VERSION,
+          'runs' => [build_run(data, rules, results)]
+        }
+      end
+      def build_run(data, rules, results)
+        {
+          'tool' => {
+            'driver' => {
+              'name' => 'WPScan',
+              'version' => WPScan::VERSION,
+              'informationUri' => INFO_URI,
+              'rules' => rules.values
+            }
+          },
+          'invocations' => [invocation(data)].compact,
+          'results' => results,
+          'properties' => run_properties(data)
+        }.compact
+      end
+      def collect_vulnerability_results(data, rules, results)
+        components(data).each do |component|
+          Array(component[:vulnerabilities]).each do |vuln|
+            rule_id = rule_id_for(vuln)
+            rules[rule_id] ||= rule_for(vuln, rule_id)
+            results << vulnerability_result(vuln, rule_id, component)
+          end
+        end
+      end
+      def collect_interesting_finding_results(data, rules, results)
+        Array(data['interesting_findings']).each do |finding|
+          rule_id = "wpscan.interesting-finding.#{finding['type'] || 'unknown'}"
+          rules[rule_id] ||= interesting_finding_rule(rule_id, finding)
+          results << interesting_finding_result(finding, rule_id)
+        end
+      end
+      # @return [ Array<Hash> ] one entry per WordPress component observed
+      def components(data)
+        list = []
+        list << core_component(data) if data['version']
+        list << theme_component(data['main_theme']) if data['main_theme']
+        (data['themes'] || {}).each_value { |theme| list << theme_component(theme) }
+        (data['plugins'] || {}).each { |slug, plugin| list << plugin_component(slug, plugin) }
+        list
+      end
+      def core_component(data)
+        {
+          kind: 'core',
+          slug: nil,
+          version: data['version']['number'],
+          url: data['effective_url'] || data['target_url'],
+          vulnerabilities: data['version']['vulnerabilities']
+        }
+      end
+      def plugin_component(slug, plugin)
+        {
+          kind: 'plugin',
+          slug: slug,
+          version: plugin.dig('version', 'number'),
+          url: plugin['location'],
+          vulnerabilities: plugin['vulnerabilities']
+        }
+      end
+      def theme_component(theme)
+        {
+          kind: 'theme',
+          slug: theme['slug'],
+          version: theme.dig('version', 'number'),
+          url: theme['location'],
+          vulnerabilities: theme['vulnerabilities']
+        }
+      end
+      def rule_id_for(vuln)
+        cve = Array(vuln.dig('references', 'cve')).first
+        return "CVE-#{cve}" if cve
+        wpvulndb = Array(vuln.dig('references', 'wpvulndb')).first
+        return "WPVULNDB-#{wpvulndb}" if wpvulndb
+        # Stable fallback so we don't emit duplicate rule entries for the same title.
+        "wpscan.vuln.#{Digest::SHA1.hexdigest(vuln['title'].to_s)[0, 12]}"
+      end
+      def rule_for(vuln, rule_id)
+        title = vuln['title'].to_s
+        {
+          'id' => rule_id,
+          'name' => rule_id.gsub(/[^A-Za-z0-9_]/, '_'),
+          'shortDescription' => { 'text' => title },
+          'fullDescription' => { 'text' => title },
+          'helpUri' => help_uri_for(vuln),
+          'defaultConfiguration' => { 'level' => level_for(vuln) },
+          'messageStrings' => {
+            # {0} = component label (e.g. "Plugin 'foo' 1.2.3"), {1} = fix status.
+            # Title is baked in here so the rule owns its phrasing and the result
+            # message stays small (SARIF2002). Dynamic args are single-quoted per
+            # SARIF2015 and the message terminates with a period per SARIF2001.
+            'default' => { 'text' => "'{0}': #{title} ('{1}')." }
+          },
+          'properties' => rule_properties(vuln)
+        }.compact
+      end
+      def vulnerability_result(vuln, rule_id, component)
+        {
+          'ruleId' => rule_id,
+          'level' => level_for(vuln),
+          'message' => {
+            'id' => 'default',
+            'arguments' => [component_label(component), fix_status(vuln)]
+          },
+          'locations' => [location_for(component[:url], logical_location(component))]
+        }
+      end
+      def interesting_finding_rule(rule_id, finding)
+        {
+          'id' => rule_id,
+          'name' => rule_id.gsub(/[^A-Za-z0-9_]/, '_'),
+          'shortDescription' => { 'text' => "Interesting finding: #{finding['type']}" },
+          # Non-vulnerability findings (enumeration results, headers, robots.txt entries,
+          # etc.) are emitted at `note` level so they don't drown out real vulnerabilities
+          # in Code Scanning's UI — see GitHub's SARIF support guidance.
+          'defaultConfiguration' => { 'level' => 'note' },
+          'messageStrings' => {
+            # {0} = finding header (to_s), {1} = interesting entries joined,
+            # {2} = found-by strategy, {3} = confidence percentage.
+            'default' => {
+              'text' => "'{0}' — entries: '{1}'; found by: '{2}'; confidence: '{3}'."
+            }
+          },
+          'helpUri' => INFO_URI
+        }
+      end
+      def interesting_finding_result(finding, rule_id)
+        location = location_for(finding['url'], nil)
+        entries = Array(finding['interesting_entries']).join(' | ')
+        {
+          'ruleId' => rule_id,
+          'level' => 'note',
+          'message' => {
+            'id' => 'default',
+            'arguments' => [
+              finding['to_s'].to_s,
+              entries,
+              finding['found_by'].to_s,
+              finding['confidence'].to_s
+            ]
+          },
+          'locations' => location ? [location] : []
+        }
+      end
+      def location_for(url, logical)
+        physical = physical_location(url)
+        return nil if physical.nil? && logical.nil?
+        loc = {}
+        loc['physicalLocation'] = physical if physical
+        loc['logicalLocations'] = [logical] if logical
+        loc
+      end
+      def physical_location(url)
+        return nil if url.nil? || url.to_s.empty?
+        { 'artifactLocation' => { 'uri' => url.to_s } }
+      end
+      def logical_location(component)
+        fqn = case component[:kind]
+              when 'core'   then "wordpress.core@#{component[:version] || 'unknown'}"
+              when 'theme'  then "wordpress.theme.#{component[:slug]}@#{component[:version] || 'unknown'}"
+              when 'plugin' then "wordpress.plugin.#{component[:slug]}@#{component[:version] || 'unknown'}"
+              end
+        {
+          'name' => component[:slug] || component[:kind],
+          'fullyQualifiedName' => fqn,
+          'kind' => 'module'
+        }
+      end
+      # Map CVSS v3 base score to a SARIF level. Vulnerabilities without a
+      # score default to `error` since WPScan only flags entries the WPScan
+      # vulnerability database considers exploitable.
+      def level_for(vuln)
+        score = vuln.dig('cvss', 'score').to_f
+        return 'error'   if score >= 7.0
+        return 'warning' if score >= 4.0
+        return 'note'    if score.positive?
+        'error'
+      end
+      def component_label(component)
+        case component[:kind]
+        when 'core'   then "WordPress core #{component[:version]}"
+        when 'theme'  then "Theme '#{component[:slug]}' #{component[:version]}"
+        when 'plugin' then "Plugin '#{component[:slug]}' #{component[:version]}"
+        end
+      end
+      def fix_status(vuln)
+        vuln['fixed_in'] ? "fixed in #{vuln['fixed_in']}" : 'no fix available'
+      end
+      def help_uri_for(vuln)
+        wpvulndb = Array(vuln.dig('references', 'wpvulndb')).first
+        return "https://wpscan.com/vulnerability/#{wpvulndb}" if wpvulndb
+        Array(vuln.dig('references', 'url')).first
+      end
+      def rule_properties(vuln)
+        props = {}
+        props['cvss'] = vuln['cvss'] if vuln['cvss']
+        props['references'] = vuln['references'] if vuln['references'] && !vuln['references'].empty?
+        props['fixed_in'] = vuln['fixed_in'] if vuln['fixed_in']
+        props['poc'] = vuln['poc'] if vuln['poc']
+        props.empty? ? nil : props
+      end
+      def invocation(data)
+        inv = { 'executionSuccessful' => true }
+        inv['commandLine'] = "wpscan #{data['command_line']}" if data['command_line']
+        inv['hostname'] = data['hostname'] if data['hostname']
+        inv['startTimeUtc'] = to_iso8601(data['start_time']) if data['start_time']
+        inv['endTimeUtc']   = to_iso8601(data['stop_time'])  if data['stop_time']
+        inv
+      end
+      def run_properties(data)
+        props = {}
+        props['targetUrl']    = data['target_url']    if data['target_url']
+        props['effectiveUrl'] = data['effective_url'] if data['effective_url']
+        props['targetIp']     = data['target_ip']     if data['target_ip']
+        props.empty? ? nil : props
+      end
+      def to_iso8601(epoch)
+        return nil if epoch.nil? || epoch.to_i.zero?
+        Time.at(epoch.to_i).utc.strftime('%Y-%m-%dT%H:%M:%S.000Z')
+      end
+    end
+  end
+end

data/app/models/backup_folder.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+module WPScan
+  module Model
+    # BackupFolder
+    class BackupFolder < InterestingFinding
+      MAX_ENTRIES_DISPLAY = 10
+      # @return [ String ]
+      def to_s
+        msg = "Backup folder found: #{url}"
+        if interesting_entries&.any?
+          total = @interesting_entries.size
+          msg += " (#{total} #{total == 1 ? 'entry' : 'entries'})"
+        end
+        msg
+      end
+      # @return [ Symbol ]
+      def severity
+        return :high if interesting_entries&.any?
+        :medium
+      end
+      # Limit displayed entries to avoid overwhelming output
+      # @return [ Array<String> ]
+      def interesting_entries
+        return [] unless @interesting_entries
+        entries = @interesting_entries.first(MAX_ENTRIES_DISPLAY)
+        if @interesting_entries.size > MAX_ENTRIES_DISPLAY
+          entries << "... and #{@interesting_entries.size - MAX_ENTRIES_DISPLAY} more"
+        end
+        entries
+      end
+    end
+  end
+end

data/app/models/fantastico_fileslist.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+module WPScan
+  module Model
+    # Fantastico is a commercial script library that automates the installation of web applications to a website.
+    # Fantastico scripts are executed from the administration area of a website control panel such as cPanel.
+    # It creates a file named fantastico_fileslist.txt that is publicly available and contains a list of all the
+    # files from the current directory. The contents of this file may expose sensitive information to an attacker.
+    class FantasticoFileslist < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Fantastico list found: #{url}"
+      end
+      # @return [ Array<String> ] The interesting files/dirs detected
+      def interesting_entries
+        results = []
+        entries.each do |entry|
+          next unless /(?:admin|\.log|\.sql|\.db)/i.match?(entry)
+          results << entry
+        end
+        results
+      end
+      def references
+        @references ||= {
+          url: ['https://web.archive.org/web/20140518040021/http://www.acunetix.com/vulnerabilities/fantastico-fileslist/']
+        }
+      end
+    end
+  end
+end

data/app/models/headers.rb ADDED Viewed

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+module WPScan
+  module Model
+    # Interesting Headers
+    class Headers < InterestingFinding
+      # @return [ Hash ] The headers
+      def entries
+        res = WPScan::Browser.get(url)
+        return [] unless res&.headers
+        res.headers
+      end
+      # @return [ Array<String> ] The interesting headers detected
+      def interesting_entries
+        results = []
+        entries.each do |header, value|
+          next if known_headers.include?(header.downcase)
+          results << "#{header}: #{Array(value).join(', ')}"
+        end
+        results
+      end
+      # @return [ Array<String> ] Downcased known headers
+      def known_headers
+        %w[
+          age accept-ranges cache-control content-encoding content-length content-type connection date
+          etag expires keep-alive location last-modified link pragma set-cookie strict-transport-security
+          transfer-encoding vary x-cache x-content-security-policy x-content-type-options
+          x-frame-options x-language x-permitted-cross-domain-policies x-pingback x-varnish
+          x-webkit-csp x-xss-protection
+        ]
+      end
+      # @return [ String ]
+      def to_s
+        @to_s ||= 'Headers'
+      end
+    end
+  end
+end

data/app/models/interesting_finding.rb CHANGED Viewed

@@ -2,9 +2,48 @@
 module WPScan
   module Model
-    # Custom class to include the WPScan::References module
-    class InterestingFinding < CMSScanner::Model::InterestingFinding
+    # Interesting Finding base class.
+    class InterestingFinding
+      include Finders::Finding
       include References
+      attr_reader :url
+      attr_writer :to_s
+      # @param [ String ] url
+      # @param [ Hash ] opts
+      #   :to_s (override the to_s method)
+      #   See Finders::Finding for other available options
+      def initialize(url, opts = {})
+        @url  = url
+        @to_s = opts[:to_s]
+        parse_finding_options(opts)
+      end
+      # @return [ Array<String> ]
+      def entries
+        res = WPScan::Browser.get(url)
+        return [] unless res && res.headers['Content-Type'] =~ %r{\Atext/plain;}i
+        res.body.split("\n").reject { |s| s.strip.empty? }
+      end
+      # @return [ String ]
+      def to_s
+        @to_s || url
+      end
+      # @return [ String ]
+      def type
+        @type ||= self.class.to_s.demodulize.underscore
+      end
+      # @return [ Boolean ]
+      def ==(other)
+        self.class == other.class && to_s == other.to_s
+      end
     end
     class BackupDB < InterestingFinding

data/app/models/plugin.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module WPScan
     class Plugin < WpItem
       # See WpItem
       def initialize(slug, blog, opts = {})
-        super(slug, blog, opts)
+        super
         # To be used by #head_and_get
         # If custom wp-content, it will be replaced by blog#url
@@ -36,9 +36,15 @@ module WPScan
         @version
       end
+      # @return [ String ]
+      def wordpress_org_api_url
+        encoded_slug = Addressable::URI.encode_component(slug, Addressable::URI::CharacterClasses::UNRESERVED)
+        "https://api.wordpress.org/plugins/info/1.2/?action=plugin_information&request[slug]=#{encoded_slug}"
+      end
       # @return [ Array<String> ]
       def potential_readme_filenames
-        @potential_readme_filenames ||= Array((DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super))
+        @potential_readme_filenames ||= Array(DB::DynamicFinders::Plugin.df_data.dig(slug, 'Readme', 'path') || super)
       end
     end
   end

data/app/models/robots_txt.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module WPScan
+  module Model
+    # Robots.txt
+    class RobotsTxt < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "robots.txt found: #{url}"
+      end
+      # @todo Better detection, currently everything not empty or / is returned
+      #
+      # @return [ Array<String> ] The interesting Allow/Disallow rules detected
+      def interesting_entries
+        results = []
+        entries.each do |entry|
+          next unless entry =~ /\A(?:dis)?allow:\s*(.+)\z/i
+          match = Regexp.last_match(1)
+          next if match == '/'
+          results << match
+        end
+        results.uniq
+      end
+    end
+  end
+end

data/app/models/search_replace_db_2.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module WPScan
+  module Model
+    # SearchReplaceDB2
+    class SearchReplaceDB2 < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= "Search Replace DB script found: #{url}"
+      end
+      def references
+        @references ||= { url: ['https://interconnectit.com/products/search-and-replace-for-wordpress-databases/'] }
+      end
+    end
+  end
+end

data/app/models/theme.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module WPScan
       # See WpItem
       def initialize(slug, blog, opts = {})
-        super(slug, blog, opts)
+        super
         # To be used by #head_and_get
         # If custom wp-content, it will be replaced by blog#url
@@ -42,6 +42,13 @@ module WPScan
         @version
       end
+      # @return [ String ]
+      def wordpress_org_api_url
+        encoded_slug = Addressable::URI.encode_component(slug, Addressable::URI::CharacterClasses::UNRESERVED)
+        'https://api.wordpress.org/themes/info/1.2/?action=theme_information' \
+          "&request[slug]=#{encoded_slug}&request[fields][active_installs]=1&request[fields][last_updated]=1"
+      end
       # @return [ Theme ]
       def parent_theme
         return unless template
@@ -107,7 +114,7 @@ module WPScan
       end
       def ==(other)
-        super(other) && style_url == other.style_url
+        super && style_url == other.style_url
       end
     end
   end

data/app/models/timthumb.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module WPScan
       # @param [ Hash ] opts
       # @option opts [ Symbol ] :mode The mode to use to detect the version
       def initialize(url, opts = {})
-        super(url, opts)
+        super
         @version_detection_opts = opts[:version_detection] || {}
       end
@@ -63,7 +63,7 @@ module WPScan
       def webshot_enabled?
         res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
-        !/WEBSHOT_ENABLED == true/.match?(res.body)
+        !res.body.include?('WEBSHOT_ENABLED == true')
       end
       # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)

data/app/models/user.rb ADDED Viewed

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+module WPScan
+  module Model
+    # User
+    class User
+      include Finders::Finding
+      attr_accessor :password
+      attr_reader :id, :username
+      # @param [ String ] username
+      # @param [ Hash ] opts
+      # @option opts [ Integer ] :id
+      # @option opts [ String ] :password
+      def initialize(username, opts = {})
+        @username = username
+        @password = opts[:password]
+        @id       = opts[:id]
+        parse_finding_options(opts)
+      end
+      def ==(other)
+        return false unless self.class == other.class
+        username == other.username && password == other.password
+      end
+      def to_s
+        username
+      end
+    end
+  end
+end

data/app/models/version.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module WPScan
+  module Model
+    # Version
+    class Version
+      include Finders::Finding
+      attr_reader :number
+      def initialize(number, opts = {})
+        @number = number.to_s
+        @number = "0#{number}" if @number[0, 1] == '.'
+        parse_finding_options(opts)
+      end
+      # @param [ Version, String ] other
+      # rubocop:disable Style/NumericPredicate
+      def ==(other)
+        (self <=> other) == 0
+      end
+      # rubocop:enable all
+      # @param [ Version, String ] other
+      def <(other)
+        (self <=> other) == -1
+      end
+      # @param [ Version, String ] other
+      def >(other)
+        (self <=> other) == 1
+      end
+      # @param [ Version, String ] other
+      def <=>(other)
+        other = self.class.new(other) unless other.is_a?(self.class) # handle potential '.1' version
+        Gem::Version.new(number) <=> Gem::Version.new(other.number)
+      rescue ArgumentError
+        false
+      end
+      def to_s
+        number
+      end
+    end
+  end
+end