RubyGems - wpscan - Versions diffs - 3.4.5 → 3.5.0 - Mend

wpscan 3.4.5 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (140) hide show

checksums.yaml +5 -5
data/README.md +21 -14
data/app/app.rb +2 -0
data/app/controllers.rb +2 -0
data/app/controllers/aliases.rb +2 -0
data/app/controllers/core.rb +6 -4
data/app/controllers/custom_directories.rb +3 -1
data/app/controllers/enumeration.rb +6 -0
data/app/controllers/enumeration/cli_options.rb +2 -0
data/app/controllers/enumeration/enum_methods.rb +2 -0
data/app/controllers/main_theme.rb +2 -0
data/app/controllers/password_attack.rb +6 -4
data/app/controllers/wp_version.rb +2 -0
data/app/finders.rb +2 -0
data/app/finders/config_backups.rb +2 -0
data/app/finders/config_backups/known_filenames.rb +4 -3
data/app/finders/db_exports.rb +2 -0
data/app/finders/db_exports/known_locations.rb +15 -3
data/app/finders/interesting_findings.rb +2 -0
data/app/finders/interesting_findings/backup_db.rb +5 -4
data/app/finders/interesting_findings/debug_log.rb +3 -1
data/app/finders/interesting_findings/duplicator_installer_log.rb +6 -5
data/app/finders/interesting_findings/emergency_pwd_reset_script.rb +6 -4
data/app/finders/interesting_findings/full_path_disclosure.rb +3 -1
data/app/finders/interesting_findings/mu_plugins.rb +4 -2
data/app/finders/interesting_findings/multisite.rb +3 -1
data/app/finders/interesting_findings/readme.rb +8 -6
data/app/finders/interesting_findings/registration.rb +3 -1
data/app/finders/interesting_findings/tmm_db_migrate.rb +4 -2
data/app/finders/interesting_findings/upload_directory_listing.rb +3 -1
data/app/finders/interesting_findings/upload_sql_dump.rb +8 -10
data/app/finders/interesting_findings/wp_cron.rb +3 -1
data/app/finders/main_theme.rb +2 -0
data/app/finders/main_theme/css_style.rb +3 -1
data/app/finders/main_theme/urls_in_homepage.rb +3 -1
data/app/finders/main_theme/woo_framework_meta_generator.rb +3 -1
data/app/finders/medias.rb +2 -0
data/app/finders/medias/attachment_brute_forcing.rb +3 -1
data/app/finders/passwords.rb +2 -0
data/app/finders/passwords/wp_login.rb +4 -1
data/app/finders/passwords/xml_rpc.rb +2 -0
data/app/finders/passwords/xml_rpc_multicall.rb +4 -2
data/app/finders/plugin_version.rb +4 -2
data/app/finders/plugin_version/readme.rb +9 -5
data/app/finders/plugins.rb +2 -0
data/app/finders/plugins/body_pattern.rb +3 -1
data/app/finders/plugins/comment.rb +3 -1
data/app/finders/plugins/config_parser.rb +3 -1
data/app/finders/plugins/header_pattern.rb +3 -1
data/app/finders/plugins/javascript_var.rb +3 -1
data/app/finders/plugins/known_locations.rb +10 -8
data/app/finders/plugins/query_parameter.rb +2 -0
data/app/finders/plugins/urls_in_homepage.rb +3 -1
data/app/finders/plugins/xpath.rb +3 -1
data/app/finders/theme_version.rb +4 -2
data/app/finders/theme_version/style.rb +3 -1
data/app/finders/theme_version/woo_framework_meta_generator.rb +3 -1
data/app/finders/themes.rb +2 -0
data/app/finders/themes/known_locations.rb +12 -10
data/app/finders/themes/urls_in_homepage.rb +3 -1
data/app/finders/timthumb_version.rb +3 -1
data/app/finders/timthumb_version/bad_request.rb +3 -1
data/app/finders/timthumbs.rb +2 -0
data/app/finders/timthumbs/known_locations.rb +12 -3
data/app/finders/users.rb +2 -0
data/app/finders/users/author_id_brute_forcing.rb +3 -1
data/app/finders/users/author_posts.rb +3 -1
data/app/finders/users/login_error_messages.rb +3 -1
data/app/finders/users/oembed_api.rb +6 -4
data/app/finders/users/rss_generator.rb +7 -5
data/app/finders/users/wp_json_api.rb +16 -6
data/app/finders/users/yoast_seo_author_sitemap.rb +6 -4
data/app/finders/wp_items.rb +2 -0
data/app/finders/wp_items/urls_in_homepage.rb +2 -0
data/app/finders/wp_version.rb +2 -0
data/app/finders/wp_version/atom_generator.rb +2 -0
data/app/finders/wp_version/rdf_generator.rb +2 -0
data/app/finders/wp_version/readme.rb +4 -2
data/app/finders/wp_version/rss_generator.rb +2 -0
data/app/finders/wp_version/unique_fingerprinting.rb +3 -1
data/app/models.rb +8 -0
data/app/models/config_backup.rb +6 -2
data/app/models/db_export.rb +6 -2
data/app/models/interesting_finding.rb +36 -32
data/app/models/media.rb +6 -2
data/app/models/plugin.rb +25 -17
data/app/models/theme.rb +83 -75
data/app/models/timthumb.rb +58 -54
data/app/models/wp_item.rb +140 -128
data/app/models/wp_version.rb +47 -44
data/app/models/xml_rpc.rb +18 -14
data/app/views/cli/wp_item.erb +0 -3
data/app/views/json/wp_item.erb +0 -1
data/bin/wpscan +1 -0
data/lib/wpscan.rb +2 -0
data/lib/wpscan/browser.rb +2 -0
data/lib/wpscan/controller.rb +2 -0
data/lib/wpscan/controllers.rb +2 -0
data/lib/wpscan/db.rb +2 -0
data/lib/wpscan/db/dynamic_finders/base.rb +2 -0
data/lib/wpscan/db/dynamic_finders/plugin.rb +4 -5
data/lib/wpscan/db/dynamic_finders/theme.rb +2 -0
data/lib/wpscan/db/dynamic_finders/wordpress.rb +2 -0
data/lib/wpscan/db/fingerprints.rb +2 -0
data/lib/wpscan/db/plugin.rb +2 -0
data/lib/wpscan/db/plugins.rb +2 -0
data/lib/wpscan/db/theme.rb +2 -0
data/lib/wpscan/db/themes.rb +2 -0
data/lib/wpscan/db/updater.rb +4 -2
data/lib/wpscan/db/wp_item.rb +2 -0
data/lib/wpscan/db/wp_items.rb +2 -0
data/lib/wpscan/db/wp_version.rb +2 -0
data/lib/wpscan/errors.rb +7 -1
data/lib/wpscan/errors/http.rb +27 -23
data/lib/wpscan/errors/update.rb +8 -4
data/lib/wpscan/errors/wordpress.rb +24 -14
data/lib/wpscan/errors/xmlrpc.rb +8 -4
data/lib/wpscan/finders.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/finder.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/body_pattern.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/comment.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/config_parser.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/finder.rb +4 -2
data/lib/wpscan/finders/dynamic_finder/version/header_pattern.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/query_parameter.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/version/xpath.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/wp_item_version.rb +2 -0
data/lib/wpscan/finders/dynamic_finder/wp_items/finder.rb +4 -2
data/lib/wpscan/finders/dynamic_finder/wp_version.rb +4 -2
data/lib/wpscan/finders/finder/wp_version/smart_url_checker.rb +4 -2
data/lib/wpscan/helper.rb +2 -0
data/lib/wpscan/references.rb +2 -0
data/lib/wpscan/target.rb +12 -1
data/lib/wpscan/target/platform/wordpress.rb +15 -1
data/lib/wpscan/target/platform/wordpress/custom_directories.rb +23 -3
data/lib/wpscan/version.rb +3 -1
data/lib/wpscan/vulnerability.rb +2 -0
data/lib/wpscan/vulnerable.rb +2 -0
metadata +35 -8

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7706d292cdec1a8266440da57fcf2efb491b89ab
-  data.tar.gz: 72b9bb343646c020a70dd4da8adf4856f65fee29
+SHA256:
+  metadata.gz: f64d1fca83669eeb095fb99cbcbbc2a57a8967ef680bda9d754074b771bfc8dd
+  data.tar.gz: f6835052a919b6dcbefade7ec3e47e0719bdad7192e91061b742082031378886
 SHA512:
-  metadata.gz: 7718c6dc510391992368a474a5ce8b5bf1577e3d1f49738484491d1181489880d4a54f89edacf40ef533ddd9a1cb5757543ec8a777fe7e6c36e40de047b9d4bb
-  data.tar.gz: 5820861b4a255e169c03f3af862b45ab39847320a09a511476051a2cefa99a094ac1e26dffc8d1102b544fd0f50132b4e98838433857c7fb200816a20cd8234f
+  metadata.gz: 148e26a2d52135e120e47cc557c7fe79a1f96c42ad3f15f6ac92eb020900fcea1dc94056c2cf8a0731fe4d60541a79e1d1353e5fd597464b92ae3dad8f18cbad
+  data.tar.gz: fcb7e45a14d14728824761e075d55a76174972be46311957cb724c85b29a05b460a80fa21012c832585fc3351ab4a34a8932c777b34fc3c7c12a5dc708ead417

data/README.md CHANGED Viewed

@@ -1,9 +1,24 @@
-![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png "WPScan - WordPress Security Scanner")
-[![Gem Version](https://badge.fury.io/rb/wpscan.svg)](https://badge.fury.io/rb/wpscan)
-[![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
-[![Code Climate](https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
-[![Patreon Donate](https://img.shields.io/badge/patreon-donate-green.svg)](https://www.patreon.com/wpscan)
+<p align="center">
+  <a href="https://wpscan.org/">
+    <img src="https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png" alt="WPScan logo">
+  </a>
+</p>
+<h3 align="center">WPScan</h3>
+<p align="center">
+  WordPress Vulnerability Scanner
+  <br>
+  <br>
+  <a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress plugin" target="_blank">WordPress Plugin</a>
+</p>
+<p align="center">
+  <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
+  <a href="https://travis-ci.org/wpscanteam/wpscan" target="_blank"><img src="https://travis-ci.org/wpscanteam/wpscan.svg?branch=master"></a>
+  <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
+  <a href="https://www.patreon.com/wpscan" target="_blank"><img src="https://img.shields.io/badge/patreon-donate-green.svg"></a>
+</p>
 # INSTALL
@@ -110,14 +125,6 @@ wpscan --url https://target.tld/ --enumerate u1-100
 ** replace u1-100 with a range of your choice.
-# PROJECT HOME
-[https://wpscan.org](https://wpscan.org)
-# VULNERABILITY DATABASE
-[https://wpvulndb.com](https://wpvulndb.com)
 # LICENSE
 ## WPScan Public Source License

data/app/app.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'models'
 require_relative 'finders'
 require_relative 'controllers'

data/app/controllers.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'controllers/core'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'

data/app/controllers/aliases.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Controller to add the aliases in the CLI

data/app/controllers/core.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Specific Core controller to include WordPress checks
@@ -25,7 +27,7 @@ module WPScan
       # @return [ Boolean ]
       def update_db_required?
         if local_db.missing_files?
-          raise MissingDatabaseFile if parsed_options[:update] == false
+          raise Error::MissingDatabaseFile if parsed_options[:update] == false
           return true
         end
@@ -62,7 +64,7 @@ module WPScan
       # Raises errors if the target is hosted on wordpress.com or is not running WordPress
       # Also check if the homepage_url is still the install url
       def check_wordpress_state
-        raise WordPressHostedError if target.wordpress_hosted?
+        raise Error::WordPressHosted if target.wordpress_hosted?
         if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i
@@ -71,7 +73,7 @@ module WPScan
           exit(WPScan::ExitCode::VULNERABLE)
         end
-        raise NotWordPressError unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
+        raise Error::NotWordPress unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
       end
       # Loads the related server module in the target
@@ -95,7 +97,7 @@ module WPScan
         mod = CMSScanner::Target::Server.const_get(server)
         target.extend mod
-        WPScan::WpItem.include mod
+        Model::WpItem.include mod
         server
       end

data/app/controllers/custom_directories.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Controller to ensure that the wp-content and wp-plugins
@@ -16,7 +18,7 @@ module WPScan
         return if target.content_dir
-        raise 'Unable to identify the wp-content dir, please supply it with --wp-content-dir'
+        raise Error::WpContentDirNotDetected
       end
     end
   end

data/app/controllers/enumeration.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'enumeration/cli_options'
 require_relative 'enumeration/enum_methods'
@@ -8,6 +10,10 @@ module WPScan
       def before_scan
         DB::DynamicFinders::Plugin.create_versions_finders
         DB::DynamicFinders::Theme.create_versions_finders
+        # Force the Garbage Collector to run due to the above method being
+        # quite heavy in objects allocation
+        GC.start
       end
       def run

data/app/controllers/enumeration/cli_options.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Enumeration CLI Options

data/app/controllers/enumeration/enum_methods.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Enumeration Methods

data/app/controllers/main_theme.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Main Theme Controller

data/app/controllers/password_attack.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Password Attack Controller
@@ -52,7 +54,7 @@ module WPScan
         @attacker ||= attacker_from_cli_options || attacker_from_automatic_detection
       end
-      # @return [ WPScan::XMLRPC ]
+      # @return [ Model::XMLRPC ]
       def xmlrpc
         @xmlrpc ||= target.xmlrpc
       end
@@ -65,11 +67,11 @@ module WPScan
         when :wp_login
           WPScan::Finders::Passwords::WpLogin.new(target)
         when :xmlrpc
-          raise XMLRPCNotDetected unless xmlrpc
+          raise Error::XMLRPCNotDetected unless xmlrpc
           WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
         when :xmlrpc_multicall
-          raise XMLRPCNotDetected unless xmlrpc
+          raise Error::XMLRPCNotDetected unless xmlrpc
           WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
         end
@@ -95,7 +97,7 @@ module WPScan
         return target.users unless parsed_options[:usernames]
         parsed_options[:usernames].reduce([]) do |acc, elem|
-          acc << CMSScanner::User.new(elem.chomp)
+          acc << Model::User.new(elem.chomp)
         end
       end

data/app/controllers/wp_version.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Controller
     # Wp Version Controller

data/app/finders.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'finders/interesting_findings'
 require_relative 'finders/wp_items'
 require_relative 'finders/wp_version'

data/app/finders/config_backups.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'config_backups/known_filenames'
 module WPScan

data/app/finders/config_backups/known_filenames.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module ConfigBackups
@@ -13,11 +15,10 @@ module WPScan
         def aggressive(opts = {})
           found = []
-          enumerate(potential_urls(opts), opts) do |res|
-            # Might need to improve that
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
             next unless res.body =~ /define/i && res.body !~ /<\s?html/i
-            found << WPScan::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+            found << Model::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
           end
           found

data/app/finders/db_exports.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'db_exports/known_locations'
 module WPScan

data/app/finders/db_exports/known_locations.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module DbExports
@@ -6,6 +8,8 @@ module WPScan
       class KnownLocations < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
+        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
         # @param [ Hash ] opts
         # @option opts [ String ] :list
         # @option opts [ Boolean ] :show_progression
@@ -14,15 +18,23 @@ module WPScan
         def aggressive(opts = {})
           found = []
-          enumerate(potential_urls(opts), opts) do |res|
-            next unless res.code == 200 && res.body =~ /INSERT INTO/
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
+            if res.effective_url.end_with?('.zip')
+              next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
+            else
+              next unless res.body =~ SQL_PATTERN
+            end
-            found << WPScan::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+            found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
           end
           found
         end
+        def full_request_params
+          @full_request_params ||= { headers: { 'Range' => 'bytes=0-3000' } }
+        end
         # @param [ Hash ] opts
         # @option opts [ String ] :list Mandatory
         #

data/app/finders/interesting_findings.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require_relative 'interesting_findings/readme'
 require_relative 'interesting_findings/wp_cron'
 require_relative 'interesting_findings/multisite'

data/app/finders/interesting_findings/backup_db.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -6,13 +8,12 @@ module WPScan
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
           path = 'wp-content/backup-db/'
-          url  = target.url(path)
-          res  = Browser.get(url)
+          res  = target.head_and_get(path, [200, 403])
           return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
-          WPScan::BackupDB.new(
-            url,
+          Model::BackupDB.new(
+            target.url(path),
             confidence: 70,
             found_by: DIRECT_ACCESS,
             interesting_entries: target.directory_listing_entries(path),

data/app/finders/interesting_findings/debug_log.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -9,7 +11,7 @@ module WPScan
           return unless target.debug_log?(path)
-          WPScan::DebugLog.new(
+          Model::DebugLog.new(
             target.url(path),
             confidence: 100, found_by: DIRECT_ACCESS,
             references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }

data/app/finders/interesting_findings/duplicator_installer_log.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -5,13 +7,12 @@ module WPScan
       class DuplicatorInstallerLog < CMSScanner::Finders::Finder
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          url = target.url('installer-log.txt')
-          res = Browser.get(url)
+          path = 'installer-log.txt'
-          return unless res.body =~ /DUPLICATOR INSTALL-LOG/
+          return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/
-          WPScan::DuplicatorInstallerLog.new(
-            url,
+          Model::DuplicatorInstallerLog.new(
+            target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,
             references: { url: 'https://www.exploit-db.com/ghdb/3981/' }

data/app/finders/interesting_findings/emergency_pwd_reset_script.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -5,13 +7,13 @@ module WPScan
       class EmergencyPwdResetScript < CMSScanner::Finders::Finder
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          url  = target.url('/emergency.php')
-          res  = Browser.get(url)
+          path = 'emergency.php'
+          res  = target.head_and_get(path)
           return unless res.code == 200 && !target.homepage_or_404?(res)
-          WPScan::EmergencyPwdResetScript.new(
-            url,
+          Model::EmergencyPwdResetScript.new(
+            target.url(path),
             confidence: res.body =~ /password/i ? 100 : 40,
             found_by: DIRECT_ACCESS,
             references: {

data/app/finders/interesting_findings/full_path_disclosure.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -10,7 +12,7 @@ module WPScan
           return if fpd_entries.empty?
-          WPScan::FullPathDisclosure.new(
+          Model::FullPathDisclosure.new(
             target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,

data/app/finders/interesting_findings/mu_plugins.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -12,7 +14,7 @@ module WPScan
             url = target.url('wp-content/mu-plugins/')
-            return WPScan::MuPlugins.new(
+            return Model::MuPlugins.new(
               url,
               confidence: 70,
               found_by: 'URLs In Homepage (Passive Detection)',
@@ -35,7 +37,7 @@ module WPScan
           target.mu_plugins = true
-          WPScan::MuPlugins.new(
+          Model::MuPlugins.new(
             url,
             confidence: 80,
             found_by: DIRECT_ACCESS,

data/app/finders/interesting_findings/multisite.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module WPScan
   module Finders
     module InterestingFindings
@@ -15,7 +17,7 @@ module WPScan
           target.multisite = true
-          WPScan::Multisite.new(
+          Model::Multisite.new(
             url,
             confidence: 100,
             found_by: DIRECT_ACCESS,