Fixes #1364

app/finders/plugin_version/readme.rb

@@ -11,7 +11,7 @@ module WPScan
 
           # The target(plugin)#readme_url can't be used directly here
           # as if the --detection-mode is passive, it will always return nil
-          Model::WpItem::READMES.each do |file|
+          target.potential_readme_filenames.each do |file|
             res = target.head_and_get(file)
 
             next unless res.code == 200 && !(numbers = version_numbers(res.body)).empty?

app/models/plugin.rb

@@ -28,6 +28,11 @@ module WPScan
 
         @version
       end
+
+      # @return [ Array<String> ]
+      def potential_readme_filenames
+        @potential_readme_filenames ||= [*(DB::DynamicFinders::Plugin.db_data.dig(slug, 'Readme', 'path') || super)]
+      end
     end
   end
 end

app/models/wp_item.rb

@@ -9,6 +9,7 @@ module WPScan
       include CMSScanner::Target::Platform::PHP
       include CMSScanner::Target::Server::Generic
 
+      # Most common readme filenames, based on checking all public plugins and themes.
       READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
 
       attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data
@@ -117,7 +118,7 @@ module WPScan
 
         return @readme_url unless @readme_url.nil?
 
-        READMES.each do |path|
+        potential_readme_filenames.each do |path|
           t_url = url(path)
 
           return @readme_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200
@@ -126,6 +127,10 @@ module WPScan
         @readme_url = false
       end
 
+      def potential_readme_filenames
+        @potential_readme_filenames ||= READMES
+      end
+
       # @param [ String ] path
       # @param [ Hash ] params The request params
       #

spec/app/models/plugin_spec.rb

@@ -60,6 +60,26 @@ describe WPScan::Model::Plugin do
     end
   end
 
+  describe 'potential_readme_filenames' do
+    context 'when not set in the DF file' do
+      its(:potential_readme_filenames) { should eql described_class::READMES }
+    end
+
+    context 'when set in the DF file' do
+      context 'as a string' do
+        let(:slug) { 'photoblocks-grid-gallery' }
+
+        its(:potential_readme_filenames) { should eql %w[README.txt] }
+      end
+
+      context 'as an array' do
+        let(:slug) { 'customerlabs-actionrecorder' }
+
+        its(:potential_readme_filenames) { should eql %w[Readme.txt Readme.md] }
+      end
+    end
+  end
+
   describe '#latest_version, #last_updated, #popular' do
     context 'when none' do
       let(:slug) { 'vulnerable-not-popular' }

spec/fixtures/db/dynamic_finders.yml

@@ -129,6 +129,8 @@ themes:
       version: true
 plugins:
   10centmail-subscription-management-and-analytics:
+    Readme:
+      path: README.txt
     MetaTag:
       class: Xpath
       xpath: //meta[@name="tencentmail-plugin-version"]/@content
@@ -7129,6 +7131,11 @@ plugins:
       - public/css/customer-chat-for-facebook-public.css
       - public/js/customer-chat-for-facebook-public.js
       version: true
+  customerlabs-actionrecorder:
+    Readme:
+      path:
+      - Readme.txt
+      - Readme.md
   customify-sites:
     TranslationFile:
       class: BodyPattern
@@ -18867,11 +18874,13 @@ plugins:
       - js/photoswipe.js
       version: true
   photoblocks-grid-gallery:
-    CorrectReadmePath:
-      class: BodyPattern
+    Readme:
       path: README.txt
-      pattern: !ruby/regexp /= (?<v>\d+\.[\.\d]+) =/
-      confidence: 80
+    QueryParameter:
+      files:
+      - public/css/photoblocks-public.css
+      - public/js/anime.min.js
+      - public/js/photoblocks.public.js
       version: true
   photonic:
     QueryParameter:

spec/fixtures/dynamic_finders/expected.yml

@@ -8776,6 +8776,7 @@ plugins:
       - http://wp.lab/wp-content/plugins/customer-chat-for-facebook/public/css/customer-chat-for-facebook-public.css?ver=1.0.3.1
       - http://wp.lab/wp-content/plugins/customer-chat-for-facebook/public/js/customer-chat-for-facebook-public.js?ver=1.0.3.1
       confidence: 20
+  customerlabs-actionrecorder: {}
   customify-sites:
     TranslationFile:
       number: 0.0.1
@@ -23332,6 +23333,14 @@ plugins:
       - 'http://wp.lab/wp-content/plugins/photoblocks-grid-gallery/README.txt, Match:
         ''= 1.1.40 ='''
       confidence: 80
+    QueryParameter:
+      number: 1.1.41
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/photoblocks-grid-gallery/public/css/photoblocks-public.css?ver=1.1.41
+      - http://wp.lab/wp-content/plugins/photoblocks-grid-gallery/public/js/anime.min.js?ver=1.1.41
+      - http://wp.lab/wp-content/plugins/photoblocks-grid-gallery/public/js/photoblocks.public.js?ver=1.1.41
+      confidence: 30
   photonic:
     QueryParameter:
       number: '1.64'

spec/fixtures/dynamic_finders/plugin_version/query_parameter_passive_all.html

@@ -8570,6 +8570,12 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/photo-swipe/js/photoswipe.js?ver=4.1.1.1"></script>
 
 
+<!-- photoblocks-grid-gallery -->
+<link rel="stylesheet" id="photoblocks-css" href="http://wp.lab/wp-content/plugins/photoblocks-grid-gallery/public/css/photoblocks-public.css?ver=1.1.41" type="text/css" media="all">
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/photoblocks-grid-gallery/public/js/anime.min.js?ver=1.1.41"></script>
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/photoblocks-grid-gallery/public/js/photoblocks.public.js?ver=1.1.41"></script>
+
+
 <!-- photonic -->
 <link rel="stylesheet" id="photonic-slideshow-css" href="http://wp.lab/wp-content/plugins/photonic/include/scripts/lightslider/css/lightslider.css?ver=1.64" type="text/css" media="all">
 <link rel="stylesheet" id="photonic-css" href="http://wp.lab/wp-content/plugins/photonic/include/css/photonic.css?ver=1.64" type="text/css" media="all">