RubyGems - wpscan - Versions diffs - 3.8.28 → 4.0.0 - Mend

wpscan 3.8.28 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

checksums.yaml +4 -4
data/README.md +104 -30
data/app/app.rb +26 -0
data/app/controllers/aliases.rb +2 -2
data/app/controllers/authenticated_inventory.rb +43 -0
data/app/controllers/core/cli_options.rb +151 -0
data/app/controllers/core.rb +200 -25
data/app/controllers/custom_directories.rb +1 -1
data/app/controllers/enumeration/cli_options.rb +21 -31
data/app/controllers/enumeration/enum_methods.rb +145 -38
data/app/controllers/enumeration.rb +26 -3
data/app/controllers/interesting_findings.rb +25 -0
data/app/controllers/main_theme.rb +1 -1
data/app/controllers/password_attack.rb +14 -6
data/app/controllers/vuln_api.rb +9 -3
data/app/controllers/wp_version.rb +1 -1
data/app/controllers.rb +1 -0
data/app/finders/backup_folders/known_locations.rb +66 -0
data/app/finders/backup_folders.rb +19 -0
data/app/finders/config_backups/known_filenames.rb +6 -4
data/app/finders/config_backups.rb +1 -1
data/app/finders/db_exports/known_locations.rb +16 -14
data/app/finders/db_exports.rb +1 -1
data/app/finders/interesting_findings/backup_db.rb +1 -1
data/app/finders/interesting_findings/debug_log.rb +1 -1
data/app/finders/interesting_findings/duplicator_installer_log.rb +1 -1
data/app/finders/interesting_findings/emergency_pwd_reset_script.rb +1 -1
data/app/finders/interesting_findings/fantastico_fileslist.rb +21 -0
data/app/finders/interesting_findings/full_path_disclosure.rb +1 -1
data/app/finders/interesting_findings/headers.rb +17 -0
data/app/finders/interesting_findings/mu_plugins.rb +1 -1
data/app/finders/interesting_findings/multisite.rb +1 -1
data/app/finders/interesting_findings/php_disabled.rb +2 -2
data/app/finders/interesting_findings/readme.rb +1 -1
data/app/finders/interesting_findings/registration.rb +1 -1
data/app/finders/interesting_findings/robots_txt.rb +20 -0
data/app/finders/interesting_findings/search_replace_db_2.rb +19 -0
data/app/finders/interesting_findings/tmm_db_migrate.rb +1 -1
data/app/finders/interesting_findings/upload_directory_listing.rb +1 -1
data/app/finders/interesting_findings/upload_sql_dump.rb +2 -2
data/app/finders/interesting_findings/wp_cron.rb +1 -1
data/app/finders/interesting_findings/xml_rpc.rb +61 -0
data/app/finders/interesting_findings.rb +13 -4
data/app/finders/main_theme/css_style_in_homepage.rb +1 -1
data/app/finders/main_theme/urls_in_homepage.rb +3 -7
data/app/finders/main_theme/woo_framework_meta_generator.rb +4 -4
data/app/finders/main_theme.rb +1 -1
data/app/finders/medias/attachment_brute_forcing.rb +2 -2
data/app/finders/medias.rb +1 -1
data/app/finders/passwords/wp_login.rb +2 -2
data/app/finders/passwords/xml_rpc.rb +2 -2
data/app/finders/passwords/xml_rpc_multicall.rb +1 -1
data/app/finders/plugin_version/readme.rb +1 -1
data/app/finders/plugin_version.rb +1 -1
data/app/finders/plugins/known_locations.rb +17 -7
data/app/finders/plugins/urls_in_homepage.rb +3 -7
data/app/finders/plugins/wp_json_api.rb +85 -0
data/app/finders/plugins.rb +2 -1
data/app/finders/theme_version/style.rb +1 -1
data/app/finders/theme_version/woo_framework_meta_generator.rb +1 -1
data/app/finders/theme_version.rb +1 -1
data/app/finders/themes/known_locations.rb +12 -6
data/app/finders/themes/urls_in_homepage.rb +3 -7
data/app/finders/themes/wp_json_api.rb +74 -0
data/app/finders/themes.rb +2 -1
data/app/finders/timthumb_version/bad_request.rb +1 -1
data/app/finders/timthumb_version.rb +1 -1
data/app/finders/timthumbs/known_locations.rb +6 -4
data/app/finders/timthumbs.rb +1 -1
data/app/finders/users/author_id_brute_forcing.rb +11 -7
data/app/finders/users/author_posts.rb +1 -1
data/app/finders/users/author_sitemap.rb +1 -1
data/app/finders/users/login_error_messages.rb +1 -1
data/app/finders/users/oembed_api.rb +3 -1
data/app/finders/users/wp_json_api.rb +11 -7
data/app/finders/users.rb +1 -1
data/app/finders/wp_version/atom_generator.rb +1 -1
data/app/finders/wp_version/rdf_generator.rb +1 -1
data/app/finders/wp_version/readme.rb +1 -1
data/app/finders/wp_version/rss_generator.rb +1 -1
data/app/finders/wp_version/unique_fingerprinting.rb +2 -2
data/app/finders/wp_version.rb +1 -1
data/app/finders.rb +1 -0
data/app/formatters/cli.rb +79 -0
data/app/formatters/cli_no_color.rb +9 -0
data/app/formatters/cli_no_colour.rb +17 -0
data/app/formatters/json.rb +14 -0
data/app/formatters/jsonl.rb +29 -0
data/app/formatters/sarif.rb +311 -0
data/app/models/backup_folder.rb +39 -0
data/app/models/fantastico_fileslist.rb +34 -0
data/app/models/headers.rb +44 -0
data/app/models/interesting_finding.rb +41 -2
data/app/models/plugin.rb +8 -2
data/app/models/robots_txt.rb +31 -0
data/app/models/search_replace_db_2.rb +17 -0
data/app/models/theme.rb +9 -2
data/app/models/timthumb.rb +2 -2
data/app/models/user.rb +35 -0
data/app/models/version.rb +49 -0
data/app/models/wp_item/wordpress_org_data.rb +55 -0
data/app/models/wp_item.rb +109 -9
data/app/models/wp_version.rb +2 -2
data/app/models/xml_rpc.rb +73 -3
data/app/models.rb +2 -1
data/app/user_agents.txt +46 -0
data/app/views/cli/core/banner.erb +3 -3
data/app/views/cli/core/finished.erb +15 -0
data/app/views/cli/core/help.erb +4 -0
data/app/views/cli/core/started.erb +11 -0
data/app/views/cli/enumeration/backup_folders.erb +11 -0
data/app/views/cli/enumeration/plugin.erb +13 -0
data/app/views/cli/enumeration/plugins.erb +1 -12
data/app/views/cli/enumeration/theme.erb +4 -0
data/app/views/cli/enumeration/themes.erb +1 -3
data/app/views/cli/enumeration/user.erb +4 -0
data/app/views/cli/enumeration/users.erb +1 -3
data/app/views/cli/finding.erb +1 -1
data/app/views/cli/interesting_findings/_array.erb +10 -0
data/app/views/cli/interesting_findings/findings.erb +23 -0
data/app/views/cli/scan_aborted.erb +5 -0
data/app/views/cli/update_aborted.erb +5 -0
data/app/views/cli/vuln_api/status.erb +2 -0
data/app/views/cli/vulnerability.erb +6 -0
data/app/views/cli/wp_item.erb +4 -1
data/app/views/json/core/banner.erb +2 -8
data/app/views/json/core/finished.erb +13 -0
data/app/views/json/core/help.erb +4 -0
data/app/views/json/core/started.erb +10 -0
data/app/views/json/enumeration/backup_folders.erb +11 -0
data/app/views/json/enumeration/plugin.erb +15 -0
data/app/views/json/enumeration/theme.erb +5 -0
data/app/views/json/enumeration/user.erb +6 -0
data/app/views/json/finding.erb +8 -2
data/app/views/json/interesting_findings/findings.erb +24 -0
data/app/views/json/notice.erb +1 -0
data/app/views/json/scan_aborted.erb +5 -0
data/app/views/json/update_aborted.erb +5 -0
data/app/views/json/vuln_api/status.erb +2 -0
data/app/views/json/wp_item.erb +4 -1
data/bin/wpscan +1 -0
data/lib/opt_parse_validator/config_files_loader_merger/base.rb +26 -0
data/lib/opt_parse_validator/config_files_loader_merger/json.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger/yml.rb +17 -0
data/lib/opt_parse_validator/config_files_loader_merger.rb +62 -0
data/lib/opt_parse_validator/errors.rb +9 -0
data/lib/opt_parse_validator/hacks.rb +19 -0
data/lib/opt_parse_validator/opts/alias.rb +28 -0
data/lib/opt_parse_validator/opts/array.rb +34 -0
data/lib/opt_parse_validator/opts/base.rb +142 -0
data/lib/opt_parse_validator/opts/boolean.rb +19 -0
data/lib/opt_parse_validator/opts/choice.rb +43 -0
data/lib/opt_parse_validator/opts/credentials.rb +15 -0
data/lib/opt_parse_validator/opts/directory_path.rb +17 -0
data/lib/opt_parse_validator/opts/file_path.rb +34 -0
data/lib/opt_parse_validator/opts/headers.rb +33 -0
data/lib/opt_parse_validator/opts/integer.rb +15 -0
data/lib/opt_parse_validator/opts/integer_range.rb +37 -0
data/lib/opt_parse_validator/opts/multi_choices.rb +135 -0
data/lib/opt_parse_validator/opts/path.rb +78 -0
data/lib/opt_parse_validator/opts/positive_integer.rb +16 -0
data/lib/opt_parse_validator/opts/proxy.rb +7 -0
data/lib/opt_parse_validator/opts/regexp.rb +14 -0
data/lib/opt_parse_validator/opts/smart_list.rb +30 -0
data/lib/opt_parse_validator/opts/string.rb +8 -0
data/lib/opt_parse_validator/opts/uri.rb +41 -0
data/lib/opt_parse_validator/opts/url.rb +11 -0
data/lib/opt_parse_validator/opts.rb +9 -0
data/lib/opt_parse_validator/version.rb +6 -0
data/lib/opt_parse_validator.rb +161 -0
data/lib/wpscan/browser/actions.rb +48 -0
data/lib/wpscan/browser/options.rb +92 -0
data/lib/wpscan/browser.rb +87 -2
data/lib/wpscan/browser_authenticator.rb +64 -0
data/lib/wpscan/cache/file_store.rb +77 -0
data/lib/wpscan/cache/typhoeus.rb +25 -0
data/lib/wpscan/controller.rb +100 -4
data/lib/wpscan/controllers.rb +78 -3
data/lib/wpscan/db/dynamic_finders/base.rb +3 -7
data/lib/wpscan/db/dynamic_finders/plugin.rb +2 -2
data/lib/wpscan/db/dynamic_finders/wordpress.rb +1 -1
data/lib/wpscan/db/fingerprints.rb +2 -2
data/lib/wpscan/db/updater.rb +23 -13
data/lib/wpscan/db/vuln_api.rb +19 -7
data/lib/wpscan/db/wp_item.rb +2 -2
data/lib/wpscan/errors/enumeration.rb +4 -4
data/lib/wpscan/errors/http.rb +82 -3
data/lib/wpscan/errors/saml.rb +28 -0
data/lib/wpscan/errors/scan.rb +14 -0
data/lib/wpscan/errors/update.rb +11 -3
data/lib/wpscan/errors/vuln_api.rb +24 -0
data/lib/wpscan/errors/wordpress.rb +2 -2
data/lib/wpscan/errors/wp_auth.rb +37 -0
data/lib/wpscan/errors.rb +4 -3
data/lib/wpscan/exit_code.rb +25 -0
data/lib/wpscan/finders/base_finders.rb +45 -0
data/lib/wpscan/finders/dynamic_finder/finder.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/comment.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +3 -5
data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +1 -1
data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +3 -3
data/lib/wpscan/finders/dynamic_finder/wp_version.rb +1 -1
data/lib/wpscan/finders/finder/breadth_first_dictionary_attack.rb +257 -0
data/lib/wpscan/finders/finder/enumerator.rb +77 -0
data/lib/wpscan/finders/finder/fingerprinter.rb +48 -0
data/lib/wpscan/finders/finder/smart_url_checker/findings.rb +33 -0
data/lib/wpscan/finders/finder/smart_url_checker.rb +60 -0
data/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb +1 -1
data/lib/wpscan/finders/finder.rb +78 -0
data/lib/wpscan/finders/finding.rb +54 -0
data/lib/wpscan/finders/findings.rb +33 -0
data/lib/wpscan/finders/independent_finder.rb +33 -0
data/lib/wpscan/finders/independent_finders.rb +26 -0
data/lib/wpscan/finders/same_type_finder.rb +19 -0
data/lib/wpscan/finders/same_type_finders.rb +28 -0
data/lib/wpscan/finders/unique_finder.rb +19 -0
data/lib/wpscan/finders/unique_finders.rb +47 -0
data/lib/wpscan/finders.rb +11 -12
data/lib/wpscan/formatter/buffer.rb +17 -0
data/lib/wpscan/formatter.rb +152 -0
data/lib/wpscan/helper.rb +7 -1
data/lib/wpscan/http_status_tracking.rb +128 -0
data/lib/wpscan/numeric.rb +13 -0
data/lib/wpscan/parsed_cli.rb +31 -2
data/lib/wpscan/progressbar_null_output.rb +23 -0
data/lib/wpscan/public_suffix/domain.rb +44 -0
data/lib/wpscan/references.rb +118 -4
data/lib/wpscan/scan.rb +127 -0
data/lib/wpscan/target/hashes.rb +45 -0
data/lib/wpscan/target/platform/php.rb +124 -0
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +3 -3
data/lib/wpscan/target/platform/wordpress.rb +7 -8
data/lib/wpscan/target/platform.rb +3 -0
data/lib/wpscan/target/scope.rb +103 -0
data/lib/wpscan/target/server/apache.rb +27 -0
data/lib/wpscan/target/server/generic.rb +72 -0
data/lib/wpscan/target/server/iis.rb +29 -0
data/lib/wpscan/target/server/nginx.rb +27 -0
data/lib/wpscan/target/server.rb +6 -0
data/lib/wpscan/target.rb +129 -9
data/lib/wpscan/typhoeus/hydra.rb +12 -0
data/lib/wpscan/typhoeus/response.rb +24 -1
data/lib/wpscan/version.rb +1 -1
data/lib/wpscan/vulnerability.rb +49 -3
data/lib/wpscan/vulnerability_filter.rb +68 -0
data/lib/wpscan/vulnerable.rb +13 -1
data/lib/wpscan/web_site.rb +152 -0
data/lib/wpscan.rb +126 -29
metadata +362 -20

data/app/models/wp_item/wordpress_org_data.rb ADDED Viewed

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+module WPScan
+  module Model
+    class WpItem
+      # Fetches and exposes the public wordpress.org info API response for a
+      # plugin or theme. The HTTP call is performed at most once per item.
+      module WordpressOrgData
+        # Timeout (in seconds) for the wordpress.org API lookup. Kept low so a
+        # slow or unreachable wordpress.org does not noticeably stall the scan.
+        WORDPRESS_ORG_API_TIMEOUT = 5
+        # @return [ String, nil ] The wordpress.org API URL returning info for
+        #   this item. Subclasses override this; nil disables the lookup.
+        def wordpress_org_api_url
+          nil
+        end
+        # @return [ Hash ] Empty hash if the item is not on wordpress.org or the
+        #   lookup fails.
+        def wordpress_org_data
+          return @wordpress_org_data if defined?(@wordpress_org_data)
+          @wordpress_org_data = fetch_wordpress_org_data
+        end
+        # Number of active installs as reported by the wordpress.org API.
+        # See https://codex.wordpress.org/WordPress.org_API
+        #
+        # @return [ Integer, nil ]
+        def active_installs
+          wordpress_org_data['active_installs']
+        end
+        private
+        # @return [ Hash ]
+        def fetch_wordpress_org_data
+          url = wordpress_org_api_url
+          return {} unless url
+          res = Browser.get(url, connecttimeout: WORDPRESS_ORG_API_TIMEOUT, timeout: WORDPRESS_ORG_API_TIMEOUT)
+          return {} unless res.code == 200
+          data = JSON.parse(res.body)
+          data.is_a?(Hash) ? data : {}
+        rescue StandardError
+          {}
+        end
+      end
+      include WordpressOrgData
+    end
+  end
+end

data/app/models/wp_item.rb CHANGED Viewed

@@ -6,8 +6,8 @@ module WPScan
     class WpItem
       include Vulnerable
       include Finders::Finding
-      include CMSScanner::Target::Platform::PHP
-      include CMSScanner::Target::Server::Generic
+      include WPScan::Target::Platform::PHP
+      include WPScan::Target::Server::Generic
       # Most common readme filenames, based on checking all public plugins and themes.
       READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
@@ -71,9 +71,109 @@ module WPScan
         @popular ||= metadata['popular'] ? true : false
       end
-      # @return [ String ]
+      # @return [ String, nil ]
       def last_updated
-        @last_updated ||= metadata['last_updated']
+        resolve_last_updated unless defined?(@last_updated)
+        @last_updated
+      end
+      # @return [ String, nil ] 'db', 'wordpress.org', or nil when last_updated is unknown
+      def last_updated_source
+        resolve_last_updated unless defined?(@last_updated_source)
+        @last_updated_source
+      end
+      # WordPress.org takes precedence over local DB metadata since the WPScan
+      # DB is not synced in real time and may be stale.
+      def resolve_last_updated
+        if (api_value = wordpress_org_data['last_updated'])
+          @last_updated        = api_value
+          @last_updated_source = 'WordPress.org'
+        elsif (db_value = metadata['last_updated'])
+          @last_updated        = db_value
+          @last_updated_source = 'db'
+        else
+          @last_updated        = nil
+          @last_updated_source = nil
+        end
+      end
+      # @return [ String, nil ] Human-friendly relative time hint for last_updated
+      #   (e.g. "3 months ago"). nil when last_updated cannot be parsed.
+      def last_updated_relative
+        @last_updated_relative ||= relative_time_for(last_updated)
+      end
+      # Parenthesized annotation appended to the CLI "Last Updated" line, e.g.
+      # " (3 months ago, per wordpress.org)". Empty string when there is nothing
+      # to annotate.
+      #
+      # @return [ String ]
+      def last_updated_cli_suffix
+        parts = []
+        parts << last_updated_relative if last_updated_relative
+        parts << 'per WordPress.org' if last_updated_source == 'WordPress.org'
+        parts.empty? ? '' : " (#{parts.join(', ')})"
+      end
+      # ISO 8601 (UTC) representation of last_updated, used by the JSON output so
+      # downstream consumers always see a consistent format regardless of whether
+      # the value came from the local DB or the wordpress.org API.
+      #
+      # @return [ String, nil ]
+      def last_updated_iso
+        return @last_updated_iso if defined?(@last_updated_iso)
+        @last_updated_iso = parse_last_updated&.iso8601
+      end
+      # Friendly representation of last_updated, used in CLI output, matching the
+      # wordpress.org API style (e.g. "2026-04-14 12:01pm GMT"). Falls back to the
+      # raw string when the value cannot be parsed.
+      #
+      # @return [ String, nil ]
+      def last_updated_display
+        return @last_updated_display if defined?(@last_updated_display)
+        time = parse_last_updated
+        @last_updated_display = time ? time.strftime('%Y-%m-%d %-l:%M%P GMT') : last_updated
+      end
+      # @return [ Time, nil ] last_updated parsed as UTC Time, or nil
+      def parse_last_updated
+        value = last_updated
+        return nil if value.nil? || value.to_s.strip.empty?
+        Time.parse(value.to_s).utc
+      rescue ArgumentError, TypeError
+        nil
+      end
+      # @param [ String, nil ] value A timestamp parseable by Time.parse
+      # @return [ String, nil ]
+      def relative_time_for(value)
+        return nil if value.nil? || value.to_s.strip.empty?
+        time  = Time.parse(value.to_s).utc
+        delta = Time.now.utc - time
+        return 'in the future' if delta.negative?
+        seconds = delta.to_i
+        case seconds
+        when 0...60        then 'just now'
+        when 60...3600     then pluralize_unit(seconds / 60, 'minute')
+        when 3600...86_400 then pluralize_unit(seconds / 3600, 'hour')
+        when 86_400...2_592_000 then pluralize_unit(seconds / 86_400, 'day')
+        when 2_592_000...31_536_000 then pluralize_unit(seconds / 2_592_000, 'month')
+        else pluralize_unit(seconds / 31_536_000, 'year')
+        end
+      rescue ArgumentError, TypeError
+        nil
+      end
+      # @return [ String ]
+      def pluralize_unit(count, unit)
+        "#{count} #{unit}#{'s' if count != 1} ago"
       end
       # @return [ Boolean ]
@@ -133,9 +233,9 @@ module WPScan
       #
       # @return [ Boolean ]
       def directory_listing?(path = nil, params = {})
-        return if detection_opts[:mode] == :passive
+        return false if detection_opts[:mode] == :passive
-        super(path, params)
+        super
       end
       # @param [ String ] path
@@ -143,12 +243,12 @@ module WPScan
       #
       # @return [ Boolean ]
       def error_log?(path = 'error_log', params = {})
-        return if detection_opts[:mode] == :passive
+        return false if detection_opts[:mode] == :passive
-        super(path, params)
+        super
       end
-      # See CMSScanner::Target#head_and_get
+      # See WPScan::Target#head_and_get
       #
       # This is used by the error_log? above in the super()
       # to have the correct path (ie readme.txt checked from the plugin/theme location

data/app/models/wp_version.rb CHANGED Viewed

@@ -3,13 +3,13 @@
 module WPScan
   module Model
     # WP Version
-    class WpVersion < CMSScanner::Model::Version
+    class WpVersion < WPScan::Model::Version
       include Vulnerable
       def initialize(number, opts = {})
         raise Error::InvalidWordPressVersion unless WpVersion.valid?(number.to_s)
-        super(number, opts)
+        super
       end
       # @param [ String ] number

data/app/models/xml_rpc.rb CHANGED Viewed

@@ -2,9 +2,79 @@
 module WPScan
   module Model
-    # Override of the CMSScanner::XMLRPC to include the references
-    class XMLRPC < CMSScanner::Model::XMLRPC
-      include References # To be able to use the :wpvulndb reference if needed
+    # XML-RPC interface.
+    class XMLRPC < InterestingFinding
+      include References
+      # @return [ String ]
+      def to_s
+        @to_s ||= "XML-RPC seems to be enabled: #{url}"
+      end
+      # @return [ Browser ]
+      def browser
+        @browser ||= WPScan::Browser.instance
+      end
+      # @return [ Array<String> ]
+      def available_methods
+        return @available_methods if @available_methods
+        @available_methods = []
+        res = method_call('system.listMethods').run
+        doc = Nokogiri::XML.parse(res.body)
+        doc.search('methodResponse params param value array data value string').each do |s|
+          @available_methods << s.text
+        end
+        @available_methods
+      end
+      # @return [ Boolean ] Whether or not the XMLRPC is enabled
+      def enabled?
+        !available_methods.empty?
+      end
+      # @param [ String ] method_name
+      # @param [ Array ] method_params
+      # @param [ Hash ] request_params
+      #
+      # @return [ Typhoeus::Request ]
+      def method_call(method_name, method_params = [], request_params = {})
+        browser.forge_request(
+          url,
+          request_params.merge(
+            method: :post,
+            body: ::XMLRPC::Create.new.methodCall(method_name, *method_params)
+          )
+        )
+      end
+      # @param [ Array<Array> ] methods_and_params
+      # @param [ Hash ] request_params
+      #
+      # Example of methods_and_params:
+      # [
+      #   [method1, param1, param2],
+      #   [method2, param1],
+      #   [method3]
+      # ]
+      #
+      # @return [ Typhoeus::Request ]
+      def multi_call(methods_and_params = [], request_params = {})
+        browser.forge_request(
+          url,
+          request_params.merge(
+            method: :post,
+            body: ::XMLRPC::Create.new.methodCall(
+              'system.multicall',
+              methods_and_params.collect { |m| { methodName: m[0], params: m[1..] } }
+            )
+          )
+        )
+      end
       # @return [ Hash ]
       def references

data/app/models.rb CHANGED Viewed

@@ -2,7 +2,6 @@
 module WPScan
   module Model
-    include CMSScanner::Model
   end
 end
@@ -10,9 +9,11 @@ require_relative 'models/interesting_finding'
 require_relative 'models/wp_version'
 require_relative 'models/xml_rpc'
 require_relative 'models/wp_item'
+require_relative 'models/wp_item/wordpress_org_data'
 require_relative 'models/timthumb'
 require_relative 'models/media'
 require_relative 'models/plugin'
 require_relative 'models/theme'
 require_relative 'models/config_backup'
 require_relative 'models/db_export'
+require_relative 'models/backup_folder'

data/app/user_agents.txt ADDED Viewed

@@ -0,0 +1,46 @@
+# Windows
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5
+Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1
+Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)
+Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
+Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0
+Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1
+Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
+Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
+Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)
+Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
+Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
+# MAC
+Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
+Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
+Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
+# Linux
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1
+Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24
+Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9
+Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0
+Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
+Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00
+Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0
+# iPad
+Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53
+Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53
+Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25
+# iPhone
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_3 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B511 Safari/9537.53
+Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53

data/app/views/cli/core/banner.erb CHANGED Viewed

@@ -6,9 +6,9 @@ _______________________________________________________________
             \  /\  /  | |     ____) | (__| (_| | | | |
              \/  \/   |_|    |_____/ \___|\__,_|_| |_|
-         WordPress Security Scanner by the WPScan Team
+                  WordPress Security Scanner
                          Version <%= WPScan::VERSION %>
-<%= ' ' * ((63 - WPScan::DB::Sponsor.text.length)/2) + WPScan::DB::Sponsor.text %>
-       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
+                    An Automattic endeavor
+                    https://automattic.com
 _______________________________________________________________

data/app/views/cli/core/finished.erb ADDED Viewed

@@ -0,0 +1,15 @@
+<%= info_icon %> Finished: <%= @stop_time.asctime %>
+<%= info_icon %> Requests Done: <%= @requests_done %>
+<%= info_icon %> Cached Requests: <%= @cached_requests %>
+<% if @response_status_codes && !@response_status_codes.empty? -%>
+<%= info_icon %> Most response codes received: <%= @response_status_codes.map { |label, count| "#{label}: #{count}" }.join(', ') %>
+<% end -%>
+<% if @response_status_codes_warnings && !@response_status_codes_warnings.empty? -%>
+<% @response_status_codes_warnings.each do |warning| -%>
+<%= warning_icon %> <%= warning %>
+<% end -%>
+<% end -%>
+<%= info_icon %> Data Sent: <%= @data_sent.bytes_to_human %>
+<%= info_icon %> Data Received: <%= @data_received.bytes_to_human %>
+<%= info_icon %> Memory used: <%= @used_memory.bytes_to_human %>
+<%= info_icon %> Elapsed time: <%= Time.at(@elapsed).utc.strftime('%H:%M:%S') %>

data/app/views/cli/core/help.erb ADDED Viewed

@@ -0,0 +1,4 @@
+<%= @help %>
+<% if @simple -%>
+[!] To see full list of options use --hh.
+<% end -%>

data/app/views/cli/core/started.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<%= info_icon %> URL: <%= @url %> [<%= @ip %>]
+<% if @url != @effective_url -%>
+<%= info_icon %> Effective URL: <%= @effective_url %>
+<% end -%>
+<%= info_icon %> Started: <%= @start_time.asctime %>
+<%= info_icon %> Command Line: wpscan <%= @command_line %>
+<%= info_icon %> Hostname: <%= @hostname %>
+<% if WPScan::ParsedCli.exclude_vulns && !WPScan::ParsedCli.exclude_vulns.empty? -%>
+<%= warning_icon %> Excluded vulnerabilities: <%= Array(WPScan::ParsedCli.exclude_vulns).join(', ') %>
+<% end -%>

data/app/views/cli/enumeration/backup_folders.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<% if @backup_folders.empty? -%>
+<%= notice_icon %> No Backup Folders Found.
+<% else -%>
+<%= notice_icon %> Backup Folder(s) Identified:
+<% @backup_folders.each do |backup_folder| -%>
+<% icon = backup_folder.severity == :high ? critical_icon : warning_icon -%>
+<%= icon %> <%= backup_folder %>
+<%= render('@finding', item: backup_folder) -%>
+<% end -%>
+<% end %>

data/app/views/cli/enumeration/plugin.erb ADDED Viewed

@@ -0,0 +1,13 @@
+<%= bar_clear -%>
+<%= info_icon %> <%= @plugin %>
+<%= render('@wp_item', wp_item: @plugin) -%>
+ |
+<%= render('@finding', item: @plugin) -%>
+ |
+<% if @plugin.version -%>
+ | Version: <%= @plugin.version %> (<%= @plugin.version.confidence %>% confidence)
+<%= render('@finding', item: @plugin.version) -%>
+<% else -%>
+ | The version could not be determined.
+<% end -%>

data/app/views/cli/enumeration/plugins.erb CHANGED Viewed

@@ -4,17 +4,6 @@
 <% else -%>
 <%= notice_icon %> Plugin(s) Identified:
 <% @plugins.each do |plugin| -%>
-<%= info_icon %> <%= plugin %>
-<%= render('@wp_item', wp_item: plugin) -%>
- |
-<%= render('@finding', item: plugin) -%>
- |
-<% if plugin.version -%>
- | Version: <%= plugin.version %> (<%= plugin.version.confidence %>% confidence)
-<%= render('@finding', item: plugin.version) -%>
-<% else -%>
- | The version could not be determined.
-<% end -%>
+<%= render('plugin', plugin: plugin) -%>
 <% end -%>
 <% end %>

data/app/views/cli/enumeration/theme.erb ADDED Viewed

@@ -0,0 +1,4 @@
+<%= bar_clear -%>
+<%= info_icon %> <%= @theme %>
+<%= render('@theme', theme: @theme, show_parents: false) -%>

data/app/views/cli/enumeration/themes.erb CHANGED Viewed

@@ -4,8 +4,6 @@
 <% else -%>
 <%= notice_icon %> Theme(s) Identified:
 <% @themes.each do |theme| -%>
-<%= info_icon %> <%= theme %>
-<%= render('@theme', theme: theme, show_parents: false) -%>
+<%= render('theme', theme: theme) -%>
 <% end -%>
 <% end %>

data/app/views/cli/enumeration/user.erb ADDED Viewed

@@ -0,0 +1,4 @@
+<%= bar_clear -%>
+<%= info_icon %> <%= @user %>
+<%= render('@finding', item: @user) -%>

data/app/views/cli/enumeration/users.erb CHANGED Viewed

@@ -4,8 +4,6 @@
 <% else -%>
 <%= notice_icon %> User(s) Identified:
 <% @users.each do |user| -%>
-<%= info_icon %> <%= user %>
-<%= render('@finding', item: user) -%>
+<%= render('user', user: user) -%>
 <% end -%>
 <% end %>

data/app/views/cli/finding.erb CHANGED Viewed

@@ -18,7 +18,7 @@
 <% end -%>
 <% end -%>
 <% end -%>
-<% if @item.respond_to?(:vulnerabilities) && !(vulns = @item.vulnerabilities).empty? -%>
+<% if @item.respond_to?(:filtered_vulnerabilities) && !(vulns = @item.filtered_vulnerabilities).empty? -%>
 <% vulns_size = vulns.size -%>
  |
  | <%= critical_icon %> <%= vulns_size %> <%= vulns_size == 1 ? 'vulnerability' : 'vulnerabilities' %> identified:

data/app/views/cli/interesting_findings/_array.erb ADDED Viewed

@@ -0,0 +1,10 @@
+<% unless @a.empty? -%>
+<% if @a.size == 1 -%>
+ | <%= @s %>: <%= @a.first %>
+<% else -%>
+ | <%= @p %>:
+<% @a.each do |line| -%>
+ |  - <%= line %>
+<% end -%>
+<% end -%>
+<% end -%>

data/app/views/cli/interesting_findings/findings.erb ADDED Viewed

@@ -0,0 +1,23 @@
+<% unless @findings.empty? -%>
+Interesting Finding(s):
+<% @findings.each do |finding| -%>
+<%= info_icon %> <%= finding %>
+<%= render('_array', a: finding.interesting_entries, s: 'Interesting Entry', p: 'Interesting Entries') -%>
+ | Found By: <%= finding.found_by %>
+<% if finding.confidence > 0 -%>
+ | Confidence: <%= finding.confidence %>%
+<% end -%>
+<% unless (confirmed = finding.confirmed_by).empty? -%>
+<% if confirmed.size == 1 -%>
+ | Confirmed By: <%= confirmed.first.found_by %><% if confirmed.first.confidence > 0 %>, <%= confirmed.first.confidence %>% confidence<% end %>
+<% else -%>
+ | Confirmed By:
+<% confirmed.each do |c| -%>
+ |  - <%= c.found_by %><% if c.confidence > 0 %>, <%= c.confidence %>% confidence<% end %>
+<% end -%>
+<% end -%>
+<% end -%>
+<%= render('_array', a: finding.references_urls, s: 'Reference', p: 'References') -%>
+<% end -%>
+<% end %>

data/app/views/cli/scan_aborted.erb ADDED Viewed

@@ -0,0 +1,5 @@
+Scan Aborted: <%= @reason %>
+<% if @verbose -%>
+Trace: <%= @trace.join("\n") %>
+<% end %>

data/app/views/cli/update_aborted.erb ADDED Viewed

@@ -0,0 +1,5 @@
+Update Aborted: <%= @reason %>
+<% if @verbose -%>
+Trace: <%= @trace.join("\n") %>
+<% end %>

data/app/views/cli/vuln_api/status.erb CHANGED Viewed

@@ -1,6 +1,8 @@
 <% unless @status.empty? -%>
 <% if @status['http_error'] -%>
 <%= critical_icon %> WPScan DB API, <%= @status['http_error'].to_s %>
+<% elsif @status['parse_error'] -%>
+<%= critical_icon %> WPScan DB API returned an invalid response. Please check your network/proxy configuration or try again later.
 <% else -%>
 <%= info_icon %> WPScan DB API OK
  | Plan: <%= @status['plan'] %>

data/app/views/cli/vulnerability.erb CHANGED Viewed

@@ -1,10 +1,16 @@
  | <%= critical_icon %> Title: <%= @v.title %>
+<% if @v.uuid -%>
+ |     UUID: <%= @v.uuid %>
+<% end -%>
 <% if @v.cvss -%>
  |     CVSS: <%= @v.cvss[:score] %> (<%= @v.cvss[:vector] %>)
 <% end -%>
 <% if @v.fixed_in -%>
  |     Fixed in: <%= @v.fixed_in %>
 <% end -%>
+<% if @v.poc -%>
+ |     PoC: available
+<% end -%>
 <% unless (references = @v.references_urls).empty? -%>
 <% if references.size == 1 -%>
  |     Reference: <%= references.first %>

data/app/views/cli/wp_item.erb CHANGED Viewed

@@ -3,7 +3,10 @@
  | Latest Version: <%= @wp_item.latest_version %><% if @wp_item.version %> (up to date)<% end %>
 <% end -%>
 <% if @wp_item.last_updated -%>
- | Last Updated: <%= @wp_item.last_updated %>
+ | Last Updated: <%= @wp_item.last_updated_display %><%= @wp_item.last_updated_cli_suffix %>
+<% end -%>
+<% if @wp_item.active_installs -%>
+ | Active Installs: <%= ActiveSupport::NumberHelper.number_to_delimited(@wp_item.active_installs) %> (per WordPress.org)
 <% end -%>
 <% if @wp_item.readme_url -%>
  | Readme: <%= @wp_item.readme_url %>

data/app/views/json/core/banner.erb CHANGED Viewed

@@ -1,11 +1,5 @@
 "banner": {
-"description": "WordPress Security Scanner by the WPScan Team",
+"description": "WordPress Security Scanner",
   "version": <%= WPScan::VERSION.to_json %>,
-  "authors": [
-    "@_WPScan_",
-    "@ethicalhack3r",
-    "@erwan_lr",
-    "@firefart"
-  ],
-  "sponsor": <%= WPScan::DB::Sponsor.text.to_json %>
+  "sponsor": "An Automattic endeavor"
 },

data/app/views/json/core/finished.erb ADDED Viewed

@@ -0,0 +1,13 @@
+"stop_time": <%= @stop_time.to_i %>,
+"elapsed": <%= @elapsed.to_i %>,
+"requests_done": <%= @requests_done.to_i %>,
+"cached_requests": <%= @cached_requests.to_i %>,
+"response_status_codes": <%= @response_status_codes.to_json %>,
+"response_status_codes_warning": <%= @response_status_codes_warning %>,
+"response_status_codes_warnings": <%= @response_status_codes_warnings.to_json %>,
+"data_sent": <%= @data_sent.to_i %>,
+"data_sent_humanised": <%= @data_sent.bytes_to_human.to_json %>,
+"data_received": <%= @data_received.to_i %>,
+"data_received_humanised": <%= @data_received.bytes_to_human.to_json %>,
+"used_memory": <%= @used_memory.to_i %>,
+"used_memory_humanised": <%= @used_memory.bytes_to_human.to_json %>,

data/app/views/json/core/help.erb ADDED Viewed

@@ -0,0 +1,4 @@
+"help": <%= @help.to_s.to_json %>,
+<% if @simple -%>
+"full_help": "To see full list of options use --hh.",
+<% end -%>

data/app/views/json/core/started.erb ADDED Viewed

@@ -0,0 +1,10 @@
+"start_time": <%= @start_time.to_i %>,
+"start_memory": <%= @start_memory.to_i %>,
+"command_line": <%= "wpscan #{@command_line}".to_json %>,
+"hostname": <%= @hostname.to_s.to_json %>,
+"target_url": <%= @url.to_s.to_json %>,
+"target_ip": <%= @ip.to_s.to_json %>,
+"effective_url": <%= @effective_url.to_s.to_json %>,
+<% if WPScan::ParsedCli.exclude_vulns && !WPScan::ParsedCli.exclude_vulns.empty? -%>
+"excluded_vulnerabilities": <%= Array(WPScan::ParsedCli.exclude_vulns).to_json %>,
+<% end -%>