Fixes #1307

app/controllers/password_attack.rb

@@ -65,8 +65,12 @@ module WPScan
         when :wp_login
           WPScan::Finders::Passwords::WpLogin.new(target)
         when :xmlrpc
+          raise XMLRPCNotDetected unless xmlrpc
+
           WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
         when :xmlrpc_multicall
+          raise XMLRPCNotDetected unless xmlrpc
+
           WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
         end
       end

lib/wpscan/errors.rb

@@ -6,3 +6,4 @@ end
 require_relative 'errors/http'
 require_relative 'errors/update'
 require_relative 'errors/wordpress'
+require_relative 'errors/xmlrpc'

lib/wpscan/errors/xmlrpc.rb

@@ -0,0 +1,8 @@
+module WPScan
+  # XML-RPC Not Detected
+  class XMLRPCNotDetected < Error
+    def to_s
+      'The XML-RPC Interface was not detected.'
+    end
+  end
+end

spec/app/controllers/password_attack_spec.rb

@@ -66,25 +66,49 @@ describe WPScan::Controller::PasswordAttack do
       end
 
       context 'when xmlrpc' do
-        before do
+        context 'when xmlrpc not detected on target' do
-          expect(controller.target).to receive(:xmlrpc).and_return(WPScan::XMLRPC.new("#{target_url}/xmlrpc.php"))
+          before do
-        end
+            expect(controller.target).to receive(:xmlrpc).and_return(nil)
+          end
 
-        context 'when single xmlrpc' do
+          context 'when single xmlrpc' do
-          let(:attack) { 'xmlrpc' }
+            let(:attack) { 'xmlrpc' }
 
-          it 'returns the correct object' do
+            it 'raises an error' do
-            expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
+              expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected)
-            expect(controller.attacker.target).to be_a WPScan::XMLRPC
+            end
+          end
+
+          context 'when xmlrpc-multicall' do
+            let(:attack) { 'xmlrpc-multicall' }
+
+            it 'raises an error' do
+              expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected)
+            end
           end
         end
 
-        context 'when xmlrpc-multicall' do
+        context 'when xmlrpc detected on target' do
-          let(:attack) { 'xmlrpc-multicall' }
+          before do
+            expect(controller.target).to receive(:xmlrpc).and_return(WPScan::XMLRPC.new("#{target_url}/xmlrpc.php"))
+          end
 
-          it 'returns the correct object' do
+          context 'when single xmlrpc' do
-            expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
+            let(:attack) { 'xmlrpc' }
-            expect(controller.attacker.target).to be_a WPScan::XMLRPC
+
+            it 'returns the correct object' do
+              expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
+              expect(controller.attacker.target).to be_a WPScan::XMLRPC
+            end
+          end
+
+          context 'when xmlrpc-multicall' do
+            let(:attack) { 'xmlrpc-multicall' }
+
+            it 'returns the correct object' do
+              expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
+              expect(controller.attacker.target).to be_a WPScan::XMLRPC
+            end
           end
         end
       end