From 3959892c206ca428d9aff80834d660bb02b85dc0 Mon Sep 17 00:00:00 2001
From: ethicalhack3r <ryandewhurst@gmail.com>
Date: Thu, 31 Jul 2014 15:26:13 +0200
Subject: [PATCH] Fix wpstools check-vuln-ref-urls

---
 lib/common/common_helper.rb                    |  8 --------
 lib/wpscan/wpscan_helper.rb                    |  8 ++++++++
 lib/wpstools/plugins/checker/checker_plugin.rb | 13 ++++++++++---
 3 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/lib/common/common_helper.rb b/lib/common/common_helper.rb
index dba67dac..ad3144e0 100644
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -64,14 +64,6 @@ end
 
 require_files_from_directory(COMMON_LIB_DIR, '**/*.rb')
 
-# Hook to check if the target if down during the scan
-# The target is considered down after 10 requests with status = 0
-down = 0
-Typhoeus.on_complete do |response|
-  down += 1 if response.code == 0
-  fail 'The target seems to be down' if down >= 10
-end
-
 # Add protocol
 def add_http_protocol(url)
   url =~ /^https?:/ ? url : "http://#{url}"
diff --git a/lib/wpscan/wpscan_helper.rb b/lib/wpscan/wpscan_helper.rb
index f0e591d0..8757e6f7 100644
--- a/lib/wpscan/wpscan_helper.rb
+++ b/lib/wpscan/wpscan_helper.rb
@@ -108,3 +108,11 @@ def help
   puts '--verbose  | -v                     Verbose output.'
   puts
 end
+
+# Hook to check if the target if down during the scan
+# The target is considered down after 10 requests with status = 0
+down = 0
+Typhoeus.on_complete do |response|
+  down += 1 if response.code == 0
+  fail 'The target seems to be down' if down >= 10
+end
diff --git a/lib/wpstools/plugins/checker/checker_plugin.rb b/lib/wpstools/plugins/checker/checker_plugin.rb
index 67f6b531..8a139338 100644
--- a/lib/wpstools/plugins/checker/checker_plugin.rb
+++ b/lib/wpstools/plugins/checker/checker_plugin.rb
@@ -29,11 +29,18 @@ class CheckerPlugin < Plugin
     puts '[+] Checking vulnerabilities reference urls'
 
     vuln_ref_files.each do |vuln_ref_file|
-      xml = xml(vuln_ref_file)
+      json = json(vuln_ref_file)
 
       urls = []
-      xml.xpath('//references/url').each { |node| urls << node.text }
-
+      json.each do |asset|
+        asset[asset.keys.inject]['vulnerabilities'].each do |url|
+          unless url['url'].nil?
+            url['url'].split(',').each do |url|
+              urls << url
+            end
+          end
+        end
+      end
       urls.uniq!
 
       puts "[!] No URLs found in #{vuln_ref_file}!" if urls.empty?