wpscan 3.8.5 → 3.8.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 374d883728b24244fefce17ac5dc35d2fb8ae1d34b161e46cfbe4019d6bcb93e
-  data.tar.gz: e38d72546d42547c7bfe79d1883db8e7d12dc04ccfc181c572c8b395661d6b65
+  metadata.gz: f98f734f7109df65f502a120586451cb9cdcd1f741a03db2d664e5e2b0ebde05
+  data.tar.gz: da340ec87c3ac0603b0ffe9fb518067c9cea0596d59bedc15e0dabd7f7e7cfb1
 SHA512:
-  metadata.gz: 8b44e8757063dfc2e9aef1a0144c07fb8e5bb4f102e7681442fbdf1b86883bc2677030564b193388f174ddb743fc4dd6ed94e7d40827e8fe28883787a7cf2ca0
-  data.tar.gz: e8149cb867feb810b996bf3df2ce1df85b7ab8e329c5b8577eb7cf9d516887935f6f6802411adbca4552ba9ac1999dcd1f32ecd4489076123dab75171865c91c
+  metadata.gz: 6d45b4fbc1a60f0f804b4fe59815da1ca324693c1546cd1cd91b75fea0aab363fef93ab240ef1009417e8cb7b5230642b6ff464acd90a0bbb917f0ecce915171
+  data.tar.gz: 4e0c504291a53f475f834f6b36a14e6634fca79f5cfc03c2375815a509c154047c8da98e25da026d30edd8c4e3bbb2ded4a29d4a678d0e2fe5d10646a6f09f9b

data/app/finders/main_theme/urls_in_homepage.rb

@@ -13,7 +13,7 @@ module WPScan
         def passive(opts = {})
           found = []
 
-          slugs = items_from_links('themes', false) + items_from_codes('themes', false)
+          slugs = items_from_links('themes', uniq: false) + items_from_codes('themes', uniq: false)
 
           slugs.each_with_object(Hash.new(0)) { |slug, counts| counts[slug] += 1 }.each do |slug, occurences|
             found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))

data/app/finders/users.rb

@@ -6,6 +6,7 @@ require_relative 'users/oembed_api'
 require_relative 'users/rss_generator'
 require_relative 'users/author_id_brute_forcing'
 require_relative 'users/login_error_messages'
+require_relative 'users/author_sitemap'
 require_relative 'users/yoast_seo_author_sitemap'
 
 module WPScan
@@ -22,6 +23,7 @@ module WPScan
             Users::WpJsonApi.new(target) <<
             Users::OembedApi.new(target) <<
             Users::RSSGenerator.new(target) <<
+            Users::AuthorSitemap.new(target) <<
             Users::YoastSeoAuthorSitemap.new(target) <<
             Users::AuthorIdBruteForcing.new(target) <<
             Users::LoginErrorMessages.new(target)

data/app/finders/users/author_sitemap.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module Users
+      # Since WP 5.5, /wp-sitemap-users-1.xml is generated and contains
+      # the usernames of accounts who made a post
+      class AuthorSitemap < CMSScanner::Finders::Finder
+        # @param [ Hash ] opts
+        #
+        # @return [ Array<User> ]
+        def aggressive(_opts = {})
+          found = []
+
+          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
+            username = user_tag.text.to_s[%r{/author/([^/]+)/}, 1]
+
+            next unless username && !username.strip.empty?
+
+            found << Model::User.new(username,
+                                     found_by: found_by,
+                                     confidence: 100,
+                                     interesting_entries: [sitemap_url])
+          end
+
+          found
+        end
+
+        # @return [ String ] The URL of the sitemap
+        def sitemap_url
+          @sitemap_url ||= target.url('wp-sitemap-users-1.xml')
+        end
+      end
+    end
+  end
+end

data/app/finders/users/yoast_seo_author_sitemap.rb

@@ -5,27 +5,7 @@ module WPScan
     module Users
       # The YOAST SEO plugin has an author-sitemap.xml which can leak usernames
       # See https://github.com/wpscanteam/wpscan/issues/1228
-      class YoastSeoAuthorSitemap < CMSScanner::Finders::Finder
-        # @param [ Hash ] opts
-        #
-        # @return [ Array<User> ]
-        def aggressive(_opts = {})
-          found = []
-
-          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
-            username = user_tag.text.to_s[%r{/author/([^/]+)/}, 1]
-
-            next unless username && !username.strip.empty?
-
-            found << Model::User.new(username,
-                                     found_by: found_by,
-                                     confidence: 100,
-                                     interesting_entries: [sitemap_url])
-          end
-
-          found
-        end
-
+      class YoastSeoAuthorSitemap < AuthorSitemap
         # @return [ String ] The URL of the author-sitemap
         def sitemap_url
           @sitemap_url ||= target.url('author-sitemap.xml')

data/app/finders/wp_items/urls_in_page.rb

@@ -9,7 +9,7 @@ module WPScan
         # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
         #
         # @return [ Array<String> ] The plugins/themes detected in the href, src attributes of the page
-        def items_from_links(type, uniq = true)
+        def items_from_links(type, uniq: true)
           found = []
           xpath = format(
             '(//@href|//@src|//@data-src)[contains(., "%s")]',
@@ -31,7 +31,7 @@ module WPScan
         # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
         #
         # @return [Array<String> ] The plugins/themes detected in the javascript/style of the homepage
-        def items_from_codes(type, uniq = true)
+        def items_from_codes(type, uniq: true)
           found = []
 
           page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|

data/lib/wpscan/db/dynamic_finders/base.rb

@@ -31,7 +31,7 @@ module WPScan
 
           finder_configs(
             finder_class,
-            Regexp.last_match[1] == 'aggressive'
+            aggressive: Regexp.last_match[1] == 'aggressive'
           )
         end
 

data/lib/wpscan/db/dynamic_finders/plugin.rb

@@ -16,7 +16,7 @@ module WPScan
         # @param [ Symbol ] finder_class
         # @param [ Boolean ] aggressive
         # @return [ Hash ]
-        def self.finder_configs(finder_class, aggressive = false)
+        def self.finder_configs(finder_class, aggressive: false)
           configs = {}
 
           return configs unless allowed_classes.include?(finder_class)

data/lib/wpscan/db/dynamic_finders/wordpress.rb

@@ -24,7 +24,7 @@ module WPScan
         # @param [ Symbol ] finder_class
         # @param [ Boolean ] aggressive
         # @return [ Hash ]
-        def self.finder_configs(finder_class, aggressive = false)
+        def self.finder_configs(finder_class, aggressive: false)
           configs = {}
 
           return configs unless allowed_classes.include?(finder_class)

data/lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.8.5'
+  VERSION = '3.8.6'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.8.5
+  version: 3.8.6
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-07-25 00:00:00.000000000 Z
+date: 2020-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.88.0
+        version: 0.89.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.88.0
+        version: 0.89.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -258,6 +258,7 @@ files:
 - app/finders/users.rb
 - app/finders/users/author_id_brute_forcing.rb
 - app/finders/users/author_posts.rb
+- app/finders/users/author_sitemap.rb
 - app/finders/users/login_error_messages.rb
 - app/finders/users/oembed_api.rb
 - app/finders/users/rss_generator.rb