Add /.well-known/security.txt check

See https://securitytxt.org/

lib/wpscan/web_site.rb

@@ -2,11 +2,13 @@
 
 require 'web_site/robots_txt'
 require 'web_site/humans_txt'
+require 'web_site/security_txt'
 require 'web_site/interesting_headers'
 
 class WebSite
   include WebSite::RobotsTxt
   include WebSite::HumansTxt
+  include WebSite::SecurityTxt
   include WebSite::InterestingHeaders
 
   attr_reader :uri

lib/wpscan/web_site/security_txt.rb

@@ -0,0 +1,39 @@
+# encoding: UTF-8
+
+class WebSite
+  module SecurityTxt
+
+    # Checks if a security.txt file exists
+    # @return [ Boolean ]
+    def has_security?
+      Browser.get(security_url).code == 200
+    end
+
+    # Gets a security.txt URL
+    # @return [ String ]
+    def security_url
+      @uri.clone.merge('.well-known/security.txt').to_s
+    end
+
+    # Parse security.txt
+    # @return [ Array ] URLs generated from security.txt
+    def parse_security_txt
+      return unless has_security?
+
+      return_object = []
+      response = Browser.get(security_url.to_s)
+      entries = response.body.split(/\n/)
+      if entries
+        entries.flatten!
+        entries.uniq!
+
+        entries.each do |d|
+          temp = d.strip
+          return_object << temp.to_s
+        end
+      end
+      return_object
+    end
+
+  end
+end