wpscan 3.8.16 → 3.8.17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a0b4c94506cabb2e0e6363ef3d9287d65fda78e47c6fc35272d600df532d964
-  data.tar.gz: 67b2b4c373efaad655a3cbb7c666e8e21ff71306611fee28efdfc70e1cb7ed44
+  metadata.gz: 8fd0e8ef31b7a0ec70d1b93c3c70a2e2d62278e7f8e1fd5bdf01ddcc86056a34
+  data.tar.gz: c6309c4e33474ad9b8f27db9c8fe7ac11439dbd131bf5931fd21457b8477e390
 SHA512:
-  metadata.gz: cb558302c8dd13327816a1ee456763ffbbd66cefc28051ed0fd15ee1eaf41775652552a08be1af125d4d43f536f960f23fe9675b97040ef071950c230c6cf059
-  data.tar.gz: f89c89415dbb34b7c8a99f3876914a44a602ae23cde638b649bf1b1fa3d10bc9c0fbd19bed827f9841cb9d7324ad1e4c5b564ba3027ab94ec2ce56cc754e08c0
+  metadata.gz: 7d647b59ec39d73f08bd72cf090ae324c91a28e9799d6e65070f3c97bdd279f007ccf561bd23787553770bd49957ddc133592484a79cac9bc99b53049f8e4d90
+  data.tar.gz: ac0aa133d13b5365b25714222fa46684a6380cd9dc25832ba90c27e28303d18d133adf768f11777af9eb653e4ee4fbd945e56982943798135a77cf232e218802

data/app/controllers/enumeration/cli_options.rb

@@ -170,6 +170,12 @@ module WPScan
             ['--users-detection MODE',
              'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],
             choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
+          ),
+          OptRegexp.new(
+            [
+              '--exclude-usernames REGEXP_OR_STRING',
+              'Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.'
+            ], options: Regexp::IGNORECASE
           )
         ]
       end

data/app/finders/users.rb

@@ -11,6 +11,16 @@ require_relative 'users/yoast_seo_author_sitemap'
 
 module WPScan
   module Finders
+    # Specific Finders container to filter the usernames found
+    # and remove the ones matching ParsedCli.exclude_username if supplied
+    class UsersFinders < SameTypeFinders
+      def filter_findings
+        findings.delete_if { |user| ParsedCli.exclude_usernames.match?(user.username) } if ParsedCli.exclude_usernames
+
+        findings
+      end
+    end
+
     module Users
       # Users Finder
       class Base
@@ -28,6 +38,10 @@ module WPScan
             Users::AuthorIdBruteForcing.new(target) <<
             Users::LoginErrorMessages.new(target)
         end
+
+        def finders
+          @finders ||= Finders::UsersFinders.new
+        end
       end
     end
   end

data/app/finders/wp_version.rb

@@ -10,7 +10,7 @@ module WPScan
   module Finders
     # Specific Finders container to filter the version detected
     # and remove the one with low confidence to avoid false
-    # positive when there is not enought information to accurately
+    # positive when there is not enough information to accurately
     # determine it.
     class WpVersionFinders < UniqueFinders
       def filter_findings

data/lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.8.16'
+  VERSION = '3.8.17'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.8.16
+  version: 3.8.17
 platform: ruby
 authors:
 - WPScanTeam
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.13.2
+        version: 0.13.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.13.2
+        version: 0.13.3
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement