From 418ff33f6df2fd0dba0ff90f97b70a4920d095e5 Mon Sep 17 00:00:00 2001
From: ethicalhack3r <ryandewhurst@gmail.com>
Date: Sat, 27 Oct 2012 17:10:38 +0200
Subject: [PATCH] Added version fingerprint from RDF and ATOM feeds. See issue
 #50. Specs added and passed.

---
 lib/wpscan/wp_version.rb                      | 54 +++++++++++-
 .../wp_version/atom-generator/3.3.2.htm       | 33 ++++++++
 .../wp_version/atom-generator/3.4-beta4.htm   | 33 ++++++++
 .../atom-generator/invalid_version.htm        | 33 ++++++++
 .../atom-generator/no-atom-generator.htm      | 32 ++++++++
 .../wp_version/atom-generator/no-version.htm  | 33 ++++++++
 .../wpscan/wp_version/rdf-generator/3.3.2.htm | 57 +++++++++++++
 .../wp_version/rdf-generator/3.4-beta4.htm    | 57 +++++++++++++
 .../rdf-generator/invalid_version.htm         | 57 +++++++++++++
 .../rdf-generator/no-rdf-generator.htm        | 56 +++++++++++++
 .../wp_version/rdf-generator/no-version.htm   | 57 +++++++++++++
 spec/lib/wpscan/wp_version_spec.rb            | 82 +++++++++++++++++++
 12 files changed, 580 insertions(+), 4 deletions(-)
 create mode 100644 spec/fixtures/wpscan/wp_version/atom-generator/3.3.2.htm
 create mode 100644 spec/fixtures/wpscan/wp_version/atom-generator/3.4-beta4.htm
 create mode 100644 spec/fixtures/wpscan/wp_version/atom-generator/invalid_version.htm
 create mode 100644 spec/fixtures/wpscan/wp_version/atom-generator/no-atom-generator.htm
 create mode 100644 spec/fixtures/wpscan/wp_version/atom-generator/no-version.htm
 create mode 100644 spec/fixtures/wpscan/wp_version/rdf-generator/3.3.2.htm
 create mode 100644 spec/fixtures/wpscan/wp_version/rdf-generator/3.4-beta4.htm
 create mode 100644 spec/fixtures/wpscan/wp_version/rdf-generator/invalid_version.htm
 create mode 100644 spec/fixtures/wpscan/wp_version/rdf-generator/no-rdf-generator.htm
 create mode 100644 spec/fixtures/wpscan/wp_version/rdf-generator/no-version.htm

diff --git a/lib/wpscan/wp_version.rb b/lib/wpscan/wp_version.rb
index cc25da8d..7d4c8cfa 100644
--- a/lib/wpscan/wp_version.rb
+++ b/lib/wpscan/wp_version.rb
@@ -62,16 +62,58 @@ class WpVersion < Vulnerable
     target_uri = options[:base_url]
     response = Browser.instance.get(target_uri.to_s, {:follow_location => true, :max_redirects => 2})
 
-    response.body[%r{name="generator" content="wordpress (#{WpVersion.version_pattern})"}i, 1]
+    response.body[%r{name="generator" content="wordpress #{WpVersion.version_pattern}"}i, 1]
   end
 
+  # Attempts to find the WordPress version from,
+  # the generator tag in the RSS feed source.
   def self.find_from_rss_generator(options)
     target_uri = options[:base_url]
     response = Browser.instance.get(target_uri.merge("feed/").to_s, {:follow_location => true, :max_redirects => 2})
 
-    response.body[%r{<generator>http://wordpress.org/\?v=(#{WpVersion.version_pattern})</generator>}i, 1]
+    response.body[%r{<generator>http://wordpress.org/\?v=#{WpVersion.version_pattern}</generator>}i, 1]
   end
 
+  # Attempts to find WordPress version from,
+  # the generator tag in the RDF feed source.
+  def self.find_from_rdf_generator(options)
+    target_uri = options[:base_url]
+    response = Browser.instance.get(target_uri.merge("feed/rdf/").to_s, {:follow_location => true, :max_redirects => 2})
+
+    response.body[%r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{WpVersion.version_pattern}" />}i, 1]  
+  end
+
+  # Attempts to find the WordPress version from,
+  # the generator tag in the RSS2 feed source.
+  #
+  # Have not been able to find an example of this - Ryan
+  #def self.find_from_rss2_generator(options)
+  #  target_uri = options[:base_url]
+  #  response = Browser.instance.get(target_uri.merge("feed/rss/").to_s, {:follow_location => true, :max_redirects => 2})
+  #
+  #  response.body[%r{<generator>http://wordpress.org/?v=(#{WpVersion.version_pattern})</generator>}i, 1]
+  #end
+
+  # Attempts to find the WordPress version from,
+  # the generator tag in the Atom source.
+  def self.find_from_atom_generator(options)
+    target_uri = options[:base_url]
+    response = Browser.instance.get(target_uri.merge("feed/atom/").to_s, {:follow_location => true, :max_redirects => 2})
+
+    response.body[%r{<generator uri="http://wordpress.org/" version="#{WpVersion.version_pattern}">WordPress</generator>}i, 1]
+  end
+
+  # Attempts to find the WordPress version from,
+  # the generator tag in the comment rss source.
+  #
+  # Have not been able to find an example of this - Ryan
+  #def self.find_from_comments_rss_generator(options)
+  #  target_uri = options[:base_url]
+  #  response = Browser.instance.get(target_uri.merge("comments/feed/").to_s, {:follow_location => true, :max_redirects => 2})
+  #
+  #  response.body[%r{<!-- generator="WordPress/#{WpVersion.version_pattern}" -->}i, 1]
+  #end
+
   # Uses data/wp_versions.xml to try to identify a
   # wordpress version.
   #
@@ -116,23 +158,27 @@ class WpVersion < Vulnerable
     nil # Otherwise the data['file'] is returned (issue #107)
   end
 
+  # Attempts to find the WordPress version from the readme.html file.
   def self.find_from_readme(options)
     target_uri = options[:base_url]
     Browser.instance.get(target_uri.merge("readme.html").to_s).body[%r{<br />\sversion #{WpVersion.version_pattern}}i, 1]
   end
 
-  # http://code.google.com/p/wpscan/issues/detail?id=109
+  # Attempts to find the WordPress version from the sitemap.xml file.
+  #
+  # See: http://code.google.com/p/wpscan/issues/detail?id=109
   def self.find_from_sitemap_generator(options)
     target_uri = options[:base_url]
     Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}i, 1]
   end
 
+  # Attempts to find the WordPress version from the p-links-opml.php file.
   def self.find_from_links_opml(options)
     target_uri = options[:base_url]
     Browser.instance.get(target_uri.merge("wp-links-opml.php").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}i, 1]
   end
 
-  # Used to check if the version is correct : must contain at least one .
+  # Used to check if the version is correct: must contain at least one dot.
   def self.version_pattern
     '([^\r\n]+[\.][^\r\n]+)'
   end
diff --git a/spec/fixtures/wpscan/wp_version/atom-generator/3.3.2.htm b/spec/fixtures/wpscan/wp_version/atom-generator/3.3.2.htm
new file mode 100644
index 00000000..59895743
--- /dev/null
+++ b/spec/fixtures/wpscan/wp_version/atom-generator/3.3.2.htm
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?><feed  xmlns="http://www.w3.org/2005/Atom"  xmlns:thr="http://purl.org/syndication/thread/1.0"  xml:lang="en-US"
+  xml:base="http://ma.tt/wp-atom.php"
+   >
+	<title type="text">Matt Mullenweg</title>
+	<subtitle type="text">Unlucky in Cards</subtitle>
+
+	<updated>2012-10-26T18:25:32Z</updated>
+
+	<link rel="alternate" type="text/html" href="http://ma.tt" />
+	<id>http://ma.tt/feed/atom/</id>
+	<link rel="self" type="application/atom+xml" href="http://ma.tt/feed/atom/" />
+
+	<generator uri="http://wordpress.org/" version="3.3.2">WordPress</generator>
+	<link rel='hub' href='http://ma.tt/?pushpress=hub' />
+		<entry>
+		<author>
+			<name>Matt</name>
+						<uri>http://ma.tt/</uri>
+					</author>
+		<title type="html"><![CDATA[New Jetpack]]></title>
+		<link rel="alternate" type="text/html" href="http://ma.tt/2012/10/new-jetpack/" />
+		<id>http://ma.tt/?p=41967</id>
+		<updated>2012-10-26T18:25:32Z</updated>
+		<published>2012-10-26T18:25:32Z</published>
+		<category scheme="http://ma.tt" term="Asides" />		<summary type="html"><![CDATA[I&#8217;m really excited abou the new Jetpack, it includes toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form.]]></summary>
+		<content type="html" xml:base="http://ma.tt/2012/10/new-jetpack/"><![CDATA[<p>I&#8217;m really excited abou the new Jetpack, it includes <a href="http://jetpack.me/2012/10/26/jetpack-1-9-toolbar-notifications/">toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form</a>.</p>
+]]></content>
+		<link rel="replies" type="text/html" href="http://ma.tt/2012/10/new-jetpack/#comments" thr:count="2"/>
+		<link rel="replies" type="application/atom+xml" href="http://ma.tt/2012/10/new-jetpack/feed/atom/" thr:count="2"/>
+		<thr:total>2</thr:total>
+	</entry>
+
+	</feed>
diff --git a/spec/fixtures/wpscan/wp_version/atom-generator/3.4-beta4.htm b/spec/fixtures/wpscan/wp_version/atom-generator/3.4-beta4.htm
new file mode 100644
index 00000000..34885b67
--- /dev/null
+++ b/spec/fixtures/wpscan/wp_version/atom-generator/3.4-beta4.htm
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?><feed  xmlns="http://www.w3.org/2005/Atom"  xmlns:thr="http://purl.org/syndication/thread/1.0"  xml:lang="en-US"
+  xml:base="http://ma.tt/wp-atom.php"
+   >
+	<title type="text">Matt Mullenweg</title>
+	<subtitle type="text">Unlucky in Cards</subtitle>
+
+	<updated>2012-10-26T18:25:32Z</updated>
+
+	<link rel="alternate" type="text/html" href="http://ma.tt" />
+	<id>http://ma.tt/feed/atom/</id>
+	<link rel="self" type="application/atom+xml" href="http://ma.tt/feed/atom/" />
+
+	<generator uri="http://wordpress.org/" version="3.4-beta4">WordPress</generator>
+	<link rel='hub' href='http://ma.tt/?pushpress=hub' />
+		<entry>
+		<author>
+			<name>Matt</name>
+						<uri>http://ma.tt/</uri>
+					</author>
+		<title type="html"><![CDATA[New Jetpack]]></title>
+		<link rel="alternate" type="text/html" href="http://ma.tt/2012/10/new-jetpack/" />
+		<id>http://ma.tt/?p=41967</id>
+		<updated>2012-10-26T18:25:32Z</updated>
+		<published>2012-10-26T18:25:32Z</published>
+		<category scheme="http://ma.tt" term="Asides" />		<summary type="html"><![CDATA[I&#8217;m really excited abou the new Jetpack, it includes toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form.]]></summary>
+		<content type="html" xml:base="http://ma.tt/2012/10/new-jetpack/"><![CDATA[<p>I&#8217;m really excited abou the new Jetpack, it includes <a href="http://jetpack.me/2012/10/26/jetpack-1-9-toolbar-notifications/">toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form</a>.</p>
+]]></content>
+		<link rel="replies" type="text/html" href="http://ma.tt/2012/10/new-jetpack/#comments" thr:count="2"/>
+		<link rel="replies" type="application/atom+xml" href="http://ma.tt/2012/10/new-jetpack/feed/atom/" thr:count="2"/>
+		<thr:total>2</thr:total>
+	</entry>
+
+	</feed>
diff --git a/spec/fixtures/wpscan/wp_version/atom-generator/invalid_version.htm b/spec/fixtures/wpscan/wp_version/atom-generator/invalid_version.htm
new file mode 100644
index 00000000..eb38e2e7
--- /dev/null
+++ b/spec/fixtures/wpscan/wp_version/atom-generator/invalid_version.htm
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?><feed  xmlns="http://www.w3.org/2005/Atom"  xmlns:thr="http://purl.org/syndication/thread/1.0"  xml:lang="en-US"
+  xml:base="http://ma.tt/wp-atom.php"
+   >
+	<title type="text">Matt Mullenweg</title>
+	<subtitle type="text">Unlucky in Cards</subtitle>
+
+	<updated>2012-10-26T18:25:32Z</updated>
+
+	<link rel="alternate" type="text/html" href="http://ma.tt" />
+	<id>http://ma.tt/feed/atom/</id>
+	<link rel="self" type="application/atom+xml" href="http://ma.tt/feed/atom/" />
+
+	<generator uri="http://wordpress.org/" version="5506">WordPress</generator>
+	<link rel='hub' href='http://ma.tt/?pushpress=hub' />
+		<entry>
+		<author>
+			<name>Matt</name>
+						<uri>http://ma.tt/</uri>
+					</author>
+		<title type="html"><![CDATA[New Jetpack]]></title>
+		<link rel="alternate" type="text/html" href="http://ma.tt/2012/10/new-jetpack/" />
+		<id>http://ma.tt/?p=41967</id>
+		<updated>2012-10-26T18:25:32Z</updated>
+		<published>2012-10-26T18:25:32Z</published>
+		<category scheme="http://ma.tt" term="Asides" />		<summary type="html"><![CDATA[I&#8217;m really excited abou the new Jetpack, it includes toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form.]]></summary>
+		<content type="html" xml:base="http://ma.tt/2012/10/new-jetpack/"><![CDATA[<p>I&#8217;m really excited abou the new Jetpack, it includes <a href="http://jetpack.me/2012/10/26/jetpack-1-9-toolbar-notifications/">toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form</a>.</p>
+]]></content>
+		<link rel="replies" type="text/html" href="http://ma.tt/2012/10/new-jetpack/#comments" thr:count="2"/>
+		<link rel="replies" type="application/atom+xml" href="http://ma.tt/2012/10/new-jetpack/feed/atom/" thr:count="2"/>
+		<thr:total>2</thr:total>
+	</entry>
+
+	</feed>
diff --git a/spec/fixtures/wpscan/wp_version/atom-generator/no-atom-generator.htm b/spec/fixtures/wpscan/wp_version/atom-generator/no-atom-generator.htm
new file mode 100644
index 00000000..ddbb741c
--- /dev/null
+++ b/spec/fixtures/wpscan/wp_version/atom-generator/no-atom-generator.htm
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?><feed  xmlns="http://www.w3.org/2005/Atom"  xmlns:thr="http://purl.org/syndication/thread/1.0"  xml:lang="en-US"
+  xml:base="http://ma.tt/wp-atom.php"
+   >
+	<title type="text">Matt Mullenweg</title>
+	<subtitle type="text">Unlucky in Cards</subtitle>
+
+	<updated>2012-10-26T18:25:32Z</updated>
+
+	<link rel="alternate" type="text/html" href="http://ma.tt" />
+	<id>http://ma.tt/feed/atom/</id>
+	<link rel="self" type="application/atom+xml" href="http://ma.tt/feed/atom/" />
+
+	<link rel='hub' href='http://ma.tt/?pushpress=hub' />
+		<entry>
+		<author>
+			<name>Matt</name>
+						<uri>http://ma.tt/</uri>
+					</author>
+		<title type="html"><![CDATA[New Jetpack]]></title>
+		<link rel="alternate" type="text/html" href="http://ma.tt/2012/10/new-jetpack/" />
+		<id>http://ma.tt/?p=41967</id>
+		<updated>2012-10-26T18:25:32Z</updated>
+		<published>2012-10-26T18:25:32Z</published>
+		<category scheme="http://ma.tt" term="Asides" />		<summary type="html"><![CDATA[I&#8217;m really excited abou the new Jetpack, it includes toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form.]]></summary>
+		<content type="html" xml:base="http://ma.tt/2012/10/new-jetpack/"><![CDATA[<p>I&#8217;m really excited abou the new Jetpack, it includes <a href="http://jetpack.me/2012/10/26/jetpack-1-9-toolbar-notifications/">toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form</a>.</p>
+]]></content>
+		<link rel="replies" type="text/html" href="http://ma.tt/2012/10/new-jetpack/#comments" thr:count="2"/>
+		<link rel="replies" type="application/atom+xml" href="http://ma.tt/2012/10/new-jetpack/feed/atom/" thr:count="2"/>
+		<thr:total>2</thr:total>
+	</entry>
+
+	</feed>
diff --git a/spec/fixtures/wpscan/wp_version/atom-generator/no-version.htm b/spec/fixtures/wpscan/wp_version/atom-generator/no-version.htm
new file mode 100644
index 00000000..e0c1008d
--- /dev/null
+++ b/spec/fixtures/wpscan/wp_version/atom-generator/no-version.htm
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?><feed  xmlns="http://www.w3.org/2005/Atom"  xmlns:thr="http://purl.org/syndication/thread/1.0"  xml:lang="en-US"
+  xml:base="http://ma.tt/wp-atom.php"
+   >
+	<title type="text">Matt Mullenweg</title>
+	<subtitle type="text">Unlucky in Cards</subtitle>
+
+	<updated>2012-10-26T18:25:32Z</updated>
+
+	<link rel="alternate" type="text/html" href="http://ma.tt" />
+	<id>http://ma.tt/feed/atom/</id>
+	<link rel="self" type="application/atom+xml" href="http://ma.tt/feed/atom/" />
+
+	<generator uri="http://wordpress.org/" version="">WordPress</generator>
+	<link rel='hub' href='http://ma.tt/?pushpress=hub' />
+		<entry>
+		<author>
+			<name>Matt</name>
+						<uri>http://ma.tt/</uri>
+					</author>
+		<title type="html"><![CDATA[New Jetpack]]></title>
+		<link rel="alternate" type="text/html" href="http://ma.tt/2012/10/new-jetpack/" />
+		<id>http://ma.tt/?p=41967</id>
+		<updated>2012-10-26T18:25:32Z</updated>
+		<published>2012-10-26T18:25:32Z</published>
+		<category scheme="http://ma.tt" term="Asides" />		<summary type="html"><![CDATA[I&#8217;m really excited abou the new Jetpack, it includes toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form.]]></summary>
+		<content type="html" xml:base="http://ma.tt/2012/10/new-jetpack/"><![CDATA[<p>I&#8217;m really excited abou the new Jetpack, it includes <a href="http://jetpack.me/2012/10/26/jetpack-1-9-toolbar-notifications/">toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form</a>.</p>
+]]></content>
+		<link rel="replies" type="text/html" href="http://ma.tt/2012/10/new-jetpack/#comments" thr:count="2"/>
+		<link rel="replies" type="application/atom+xml" href="http://ma.tt/2012/10/new-jetpack/feed/atom/" thr:count="2"/>
+		<thr:total>2</thr:total>
+	</entry>
+
+	</feed>
diff --git a/spec/fixtures/wpscan/wp_version/rdf-generator/3.3.2.htm b/spec/fixtures/wpscan/wp_version/rdf-generator/3.3.2.htm
new file mode 100644
index 00000000..8bb588ff
--- /dev/null
+++ b/spec/fixtures/wpscan/wp_version/rdf-generator/3.3.2.htm
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?><rdf:RDF
+	xmlns="http://purl.org/rss/1.0/"
+	xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+	xmlns:dc="http://purl.org/dc/elements/1.1/"
+	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
+	xmlns:admin="http://webns.net/mvcb/"
+	xmlns:content="http://purl.org/rss/1.0/modules/content/"
+	>
+<channel rdf:about="http://ma.tt">
+	<title>Matt Mullenweg</title>
+	<link>http://ma.tt</link>
+	<description>Unlucky in Cards</description>
+	<dc:date>2012-10-26T18:25:32Z</dc:date>
+	<sy:updatePeriod>hourly</sy:updatePeriod>
+	<sy:updateFrequency>1</sy:updateFrequency>
+	<sy:updateBase>2000-01-01T12:00+00:00</sy:updateBase>
+	<admin:generatorAgent rdf:resource="http://wordpress.org/?v=3.3.2" />
+	<items>
+		<rdf:Seq>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/new-jetpack/"/>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/pandora-and-artist-payments/"/>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/bitcoin-and-decentralization/"/>
+		</rdf:Seq>
+	</items>
+</channel>
+<item rdf:about="http://ma.tt/2012/10/new-jetpack/">
+	<title>New Jetpack</title>
+	<link>http://ma.tt/2012/10/new-jetpack/</link>
+	 <dc:date>2012-10-26T18:25:32Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>I&#8217;m really excited abou the new Jetpack, it includes toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form.</description>
+	<content:encoded><![CDATA[<p>I&#8217;m really excited abou the new Jetpack, it includes <a href="http://jetpack.me/2012/10/26/jetpack-1-9-toolbar-notifications/">toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form</a>.</p>
+]]></content:encoded>
+	</item>
+<item rdf:about="http://ma.tt/2012/10/pandora-and-artist-payments/">
+	<title>Pandora and Artist Payments</title>
+	<link>http://ma.tt/2012/10/pandora-and-artist-payments/</link>
+	 <dc:date>2012-10-09T22:55:07Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>Pandora and Artist Payments, about how Pandora is paying out millions of dollars to artists but is only 6.5% of the US radio listening audience, the fees the rest pay are far, far lower.</description>
+	<content:encoded><![CDATA[<p><a href="http://blog.pandora.com/pandora/archives/2012/10/pandora-and-art.html">Pandora and Artist Payments</a>, about how Pandora is paying out millions of dollars to artists but is only 6.5% of the US radio listening audience, the fees the rest pay are far, far lower.</p>
+]]></content:encoded>
+	</item>
+<item rdf:about="http://ma.tt/2012/10/bitcoin-and-decentralization/">
+	<title>Bitcoin and decentralization</title>
+	<link>http://ma.tt/2012/10/bitcoin-and-decentralization/</link>
+	 <dc:date>2012-10-06T19:53:54Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>The value of Bitcoin is in its decentralization.</description>
+	<content:encoded><![CDATA[<p><a href="http://paulbohm.com/articles/bitcoins-value-is-decentralization/">The value of Bitcoin is in its decentralization</a>.</p>
+]]></content:encoded>
+	</item>
+
+</rdf:RDF>
\ No newline at end of file
diff --git a/spec/fixtures/wpscan/wp_version/rdf-generator/3.4-beta4.htm b/spec/fixtures/wpscan/wp_version/rdf-generator/3.4-beta4.htm
new file mode 100644
index 00000000..c4fb1787
--- /dev/null
+++ b/spec/fixtures/wpscan/wp_version/rdf-generator/3.4-beta4.htm
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?><rdf:RDF
+	xmlns="http://purl.org/rss/1.0/"
+	xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+	xmlns:dc="http://purl.org/dc/elements/1.1/"
+	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
+	xmlns:admin="http://webns.net/mvcb/"
+	xmlns:content="http://purl.org/rss/1.0/modules/content/"
+	>
+<channel rdf:about="http://ma.tt">
+	<title>Matt Mullenweg</title>
+	<link>http://ma.tt</link>
+	<description>Unlucky in Cards</description>
+	<dc:date>2012-10-26T18:25:32Z</dc:date>
+	<sy:updatePeriod>hourly</sy:updatePeriod>
+	<sy:updateFrequency>1</sy:updateFrequency>
+	<sy:updateBase>2000-01-01T12:00+00:00</sy:updateBase>
+	<admin:generatorAgent rdf:resource="http://wordpress.org/?v=3.4-beta4" />
+	<items>
+		<rdf:Seq>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/new-jetpack/"/>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/pandora-and-artist-payments/"/>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/bitcoin-and-decentralization/"/>
+		</rdf:Seq>
+	</items>
+</channel>
+<item rdf:about="http://ma.tt/2012/10/new-jetpack/">
+	<title>New Jetpack</title>
+	<link>http://ma.tt/2012/10/new-jetpack/</link>
+	 <dc:date>2012-10-26T18:25:32Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>I&#8217;m really excited abou the new Jetpack, it includes toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form.</description>
+	<content:encoded><![CDATA[<p>I&#8217;m really excited abou the new Jetpack, it includes <a href="http://jetpack.me/2012/10/26/jetpack-1-9-toolbar-notifications/">toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form</a>.</p>
+]]></content:encoded>
+	</item>
+<item rdf:about="http://ma.tt/2012/10/pandora-and-artist-payments/">
+	<title>Pandora and Artist Payments</title>
+	<link>http://ma.tt/2012/10/pandora-and-artist-payments/</link>
+	 <dc:date>2012-10-09T22:55:07Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>Pandora and Artist Payments, about how Pandora is paying out millions of dollars to artists but is only 6.5% of the US radio listening audience, the fees the rest pay are far, far lower.</description>
+	<content:encoded><![CDATA[<p><a href="http://blog.pandora.com/pandora/archives/2012/10/pandora-and-art.html">Pandora and Artist Payments</a>, about how Pandora is paying out millions of dollars to artists but is only 6.5% of the US radio listening audience, the fees the rest pay are far, far lower.</p>
+]]></content:encoded>
+	</item>
+<item rdf:about="http://ma.tt/2012/10/bitcoin-and-decentralization/">
+	<title>Bitcoin and decentralization</title>
+	<link>http://ma.tt/2012/10/bitcoin-and-decentralization/</link>
+	 <dc:date>2012-10-06T19:53:54Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>The value of Bitcoin is in its decentralization.</description>
+	<content:encoded><![CDATA[<p><a href="http://paulbohm.com/articles/bitcoins-value-is-decentralization/">The value of Bitcoin is in its decentralization</a>.</p>
+]]></content:encoded>
+	</item>
+
+</rdf:RDF>
\ No newline at end of file
diff --git a/spec/fixtures/wpscan/wp_version/rdf-generator/invalid_version.htm b/spec/fixtures/wpscan/wp_version/rdf-generator/invalid_version.htm
new file mode 100644
index 00000000..2c3de494
--- /dev/null
+++ b/spec/fixtures/wpscan/wp_version/rdf-generator/invalid_version.htm
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?><rdf:RDF
+	xmlns="http://purl.org/rss/1.0/"
+	xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+	xmlns:dc="http://purl.org/dc/elements/1.1/"
+	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
+	xmlns:admin="http://webns.net/mvcb/"
+	xmlns:content="http://purl.org/rss/1.0/modules/content/"
+	>
+<channel rdf:about="http://ma.tt">
+	<title>Matt Mullenweg</title>
+	<link>http://ma.tt</link>
+	<description>Unlucky in Cards</description>
+	<dc:date>2012-10-26T18:25:32Z</dc:date>
+	<sy:updatePeriod>hourly</sy:updatePeriod>
+	<sy:updateFrequency>1</sy:updateFrequency>
+	<sy:updateBase>2000-01-01T12:00+00:00</sy:updateBase>
+	<admin:generatorAgent rdf:resource="http://wordpress.org/?v=5506" />
+	<items>
+		<rdf:Seq>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/new-jetpack/"/>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/pandora-and-artist-payments/"/>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/bitcoin-and-decentralization/"/>
+		</rdf:Seq>
+	</items>
+</channel>
+<item rdf:about="http://ma.tt/2012/10/new-jetpack/">
+	<title>New Jetpack</title>
+	<link>http://ma.tt/2012/10/new-jetpack/</link>
+	 <dc:date>2012-10-26T18:25:32Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>I&#8217;m really excited abou the new Jetpack, it includes toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form.</description>
+	<content:encoded><![CDATA[<p>I&#8217;m really excited abou the new Jetpack, it includes <a href="http://jetpack.me/2012/10/26/jetpack-1-9-toolbar-notifications/">toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form</a>.</p>
+]]></content:encoded>
+	</item>
+<item rdf:about="http://ma.tt/2012/10/pandora-and-artist-payments/">
+	<title>Pandora and Artist Payments</title>
+	<link>http://ma.tt/2012/10/pandora-and-artist-payments/</link>
+	 <dc:date>2012-10-09T22:55:07Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>Pandora and Artist Payments, about how Pandora is paying out millions of dollars to artists but is only 6.5% of the US radio listening audience, the fees the rest pay are far, far lower.</description>
+	<content:encoded><![CDATA[<p><a href="http://blog.pandora.com/pandora/archives/2012/10/pandora-and-art.html">Pandora and Artist Payments</a>, about how Pandora is paying out millions of dollars to artists but is only 6.5% of the US radio listening audience, the fees the rest pay are far, far lower.</p>
+]]></content:encoded>
+	</item>
+<item rdf:about="http://ma.tt/2012/10/bitcoin-and-decentralization/">
+	<title>Bitcoin and decentralization</title>
+	<link>http://ma.tt/2012/10/bitcoin-and-decentralization/</link>
+	 <dc:date>2012-10-06T19:53:54Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>The value of Bitcoin is in its decentralization.</description>
+	<content:encoded><![CDATA[<p><a href="http://paulbohm.com/articles/bitcoins-value-is-decentralization/">The value of Bitcoin is in its decentralization</a>.</p>
+]]></content:encoded>
+	</item>
+
+</rdf:RDF>
\ No newline at end of file
diff --git a/spec/fixtures/wpscan/wp_version/rdf-generator/no-rdf-generator.htm b/spec/fixtures/wpscan/wp_version/rdf-generator/no-rdf-generator.htm
new file mode 100644
index 00000000..6bb1523c
--- /dev/null
+++ b/spec/fixtures/wpscan/wp_version/rdf-generator/no-rdf-generator.htm
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?><rdf:RDF
+	xmlns="http://purl.org/rss/1.0/"
+	xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+	xmlns:dc="http://purl.org/dc/elements/1.1/"
+	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
+	xmlns:admin="http://webns.net/mvcb/"
+	xmlns:content="http://purl.org/rss/1.0/modules/content/"
+	>
+<channel rdf:about="http://ma.tt">
+	<title>Matt Mullenweg</title>
+	<link>http://ma.tt</link>
+	<description>Unlucky in Cards</description>
+	<dc:date>2012-10-26T18:25:32Z</dc:date>
+	<sy:updatePeriod>hourly</sy:updatePeriod>
+	<sy:updateFrequency>1</sy:updateFrequency>
+	<sy:updateBase>2000-01-01T12:00+00:00</sy:updateBase>
+	<items>
+		<rdf:Seq>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/new-jetpack/"/>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/pandora-and-artist-payments/"/>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/bitcoin-and-decentralization/"/>
+		</rdf:Seq>
+	</items>
+</channel>
+<item rdf:about="http://ma.tt/2012/10/new-jetpack/">
+	<title>New Jetpack</title>
+	<link>http://ma.tt/2012/10/new-jetpack/</link>
+	 <dc:date>2012-10-26T18:25:32Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>I&#8217;m really excited abou the new Jetpack, it includes toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form.</description>
+	<content:encoded><![CDATA[<p>I&#8217;m really excited abou the new Jetpack, it includes <a href="http://jetpack.me/2012/10/26/jetpack-1-9-toolbar-notifications/">toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form</a>.</p>
+]]></content:encoded>
+	</item>
+<item rdf:about="http://ma.tt/2012/10/pandora-and-artist-payments/">
+	<title>Pandora and Artist Payments</title>
+	<link>http://ma.tt/2012/10/pandora-and-artist-payments/</link>
+	 <dc:date>2012-10-09T22:55:07Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>Pandora and Artist Payments, about how Pandora is paying out millions of dollars to artists but is only 6.5% of the US radio listening audience, the fees the rest pay are far, far lower.</description>
+	<content:encoded><![CDATA[<p><a href="http://blog.pandora.com/pandora/archives/2012/10/pandora-and-art.html">Pandora and Artist Payments</a>, about how Pandora is paying out millions of dollars to artists but is only 6.5% of the US radio listening audience, the fees the rest pay are far, far lower.</p>
+]]></content:encoded>
+	</item>
+<item rdf:about="http://ma.tt/2012/10/bitcoin-and-decentralization/">
+	<title>Bitcoin and decentralization</title>
+	<link>http://ma.tt/2012/10/bitcoin-and-decentralization/</link>
+	 <dc:date>2012-10-06T19:53:54Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>The value of Bitcoin is in its decentralization.</description>
+	<content:encoded><![CDATA[<p><a href="http://paulbohm.com/articles/bitcoins-value-is-decentralization/">The value of Bitcoin is in its decentralization</a>.</p>
+]]></content:encoded>
+	</item>
+
+</rdf:RDF>
\ No newline at end of file
diff --git a/spec/fixtures/wpscan/wp_version/rdf-generator/no-version.htm b/spec/fixtures/wpscan/wp_version/rdf-generator/no-version.htm
new file mode 100644
index 00000000..c7c0610b
--- /dev/null
+++ b/spec/fixtures/wpscan/wp_version/rdf-generator/no-version.htm
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?><rdf:RDF
+	xmlns="http://purl.org/rss/1.0/"
+	xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+	xmlns:dc="http://purl.org/dc/elements/1.1/"
+	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
+	xmlns:admin="http://webns.net/mvcb/"
+	xmlns:content="http://purl.org/rss/1.0/modules/content/"
+	>
+<channel rdf:about="http://ma.tt">
+	<title>Matt Mullenweg</title>
+	<link>http://ma.tt</link>
+	<description>Unlucky in Cards</description>
+	<dc:date>2012-10-26T18:25:32Z</dc:date>
+	<sy:updatePeriod>hourly</sy:updatePeriod>
+	<sy:updateFrequency>1</sy:updateFrequency>
+	<sy:updateBase>2000-01-01T12:00+00:00</sy:updateBase>
+	<admin:generatorAgent rdf:resource="http://wordpress.org/?v=" />
+	<items>
+		<rdf:Seq>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/new-jetpack/"/>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/pandora-and-artist-payments/"/>
+					<rdf:li rdf:resource="http://ma.tt/2012/10/bitcoin-and-decentralization/"/>
+		</rdf:Seq>
+	</items>
+</channel>
+<item rdf:about="http://ma.tt/2012/10/new-jetpack/">
+	<title>New Jetpack</title>
+	<link>http://ma.tt/2012/10/new-jetpack/</link>
+	 <dc:date>2012-10-26T18:25:32Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>I&#8217;m really excited abou the new Jetpack, it includes toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form.</description>
+	<content:encoded><![CDATA[<p>I&#8217;m really excited abou the new Jetpack, it includes <a href="http://jetpack.me/2012/10/26/jetpack-1-9-toolbar-notifications/">toolbar notifications, mobile push for iOS, a new REST API, and fixes to the contact form</a>.</p>
+]]></content:encoded>
+	</item>
+<item rdf:about="http://ma.tt/2012/10/pandora-and-artist-payments/">
+	<title>Pandora and Artist Payments</title>
+	<link>http://ma.tt/2012/10/pandora-and-artist-payments/</link>
+	 <dc:date>2012-10-09T22:55:07Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>Pandora and Artist Payments, about how Pandora is paying out millions of dollars to artists but is only 6.5% of the US radio listening audience, the fees the rest pay are far, far lower.</description>
+	<content:encoded><![CDATA[<p><a href="http://blog.pandora.com/pandora/archives/2012/10/pandora-and-art.html">Pandora and Artist Payments</a>, about how Pandora is paying out millions of dollars to artists but is only 6.5% of the US radio listening audience, the fees the rest pay are far, far lower.</p>
+]]></content:encoded>
+	</item>
+<item rdf:about="http://ma.tt/2012/10/bitcoin-and-decentralization/">
+	<title>Bitcoin and decentralization</title>
+	<link>http://ma.tt/2012/10/bitcoin-and-decentralization/</link>
+	 <dc:date>2012-10-06T19:53:54Z</dc:date>
+	<dc:creator>Matt</dc:creator>
+			<dc:subject><![CDATA[Asides]]></dc:subject>
+	<description>The value of Bitcoin is in its decentralization.</description>
+	<content:encoded><![CDATA[<p><a href="http://paulbohm.com/articles/bitcoins-value-is-decentralization/">The value of Bitcoin is in its decentralization</a>.</p>
+]]></content:encoded>
+	</item>
+
+</rdf:RDF>
\ No newline at end of file
diff --git a/spec/lib/wpscan/wp_version_spec.rb b/spec/lib/wpscan/wp_version_spec.rb
index 9ee335bd..c183bfd0 100644
--- a/spec/lib/wpscan/wp_version_spec.rb
+++ b/spec/lib/wpscan/wp_version_spec.rb
@@ -95,6 +95,88 @@ describe WpVersion do
     end
   end
 
+  describe "#find_from_rdf_generator" do
+    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/rdf-generator" }
+
+    after :each do
+      @status_code ||= 200
+      stub_request_to_fixture(:url => @target_uri.merge("feed/rdf/").to_s, :status => @status_code, :fixture => @fixture)
+      WpVersion.find_from_rdf_generator(:base_url => @target_uri).should === @expected
+    end
+
+    it "should return nil on a 404" do
+      @status_code = 404
+      @fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/404.htm"
+      @expected = nil
+    end
+
+    it "should return nil if the rdf-generator is not found" do
+      @fixture = fixtures_dir + "/no-rdf-generator.htm"
+      @expected = nil
+    end
+
+    it "should return nil if the version is not found (but the rdf-generator is present)" do
+      @fixture = fixtures_dir + "/no-version.htm"
+      @expected = nil
+    end
+
+    it "shuld return 3.3.2" do
+      @fixture = fixtures_dir + "/3.3.2.htm"
+      @expected = "3.3.2"
+    end
+
+    it "should return 3.4-beta4" do
+      @fixture = fixtures_dir + "/3.4-beta4.htm"
+      @expected = "3.4-beta4"
+    end
+
+    it "should return nil if it's not a valid version, must contains at least one '.'" do
+      @fixture = fixtures_dir + "/invalid_version.htm"
+      @expected = nil
+    end
+  end
+
+  describe "#find_from_atom_generator" do
+    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/atom-generator" }
+
+    after :each do
+      @status_code ||= 200
+      stub_request_to_fixture(:url => @target_uri.merge("feed/atom/").to_s, :status => @status_code, :fixture => @fixture)
+      WpVersion.find_from_atom_generator(:base_url => @target_uri).should === @expected
+    end
+
+    it "should return nil on a 404" do
+      @status_code = 404
+      @fixture = SPEC_FIXTURES_WPSCAN_WP_VERSION_DIR + "/404.htm"
+      @expected = nil
+    end
+
+    it "should return nil if the atom-generator is not found" do
+      @fixture = fixtures_dir + "/no-atom-generator.htm"
+      @expected = nil
+    end
+
+    it "should return nil if the version is not found (but the atom-generator is present)" do
+      @fixture = fixtures_dir + "/no-version.htm"
+      @expected = nil
+    end
+
+    it "shuld return 3.3.2" do
+      @fixture = fixtures_dir + "/3.3.2.htm"
+      @expected = "3.3.2"
+    end
+
+    it "should return 3.4-beta4" do
+      @fixture = fixtures_dir + "/3.4-beta4.htm"
+      @expected = "3.4-beta4"
+    end
+
+    it "should return nil if it's not a valid version, must contains at least one '.'" do
+      @fixture = fixtures_dir + "/invalid_version.htm"
+      @expected = nil
+    end
+  end
+
   describe "#find_from_sitemap_generator" do
     after :each do
       stub_request(:get, @target_uri.merge("sitemap.xml").to_s).