-) custom plugins directory (outside of wp-content)

-) feedback from ewanlr -) Regex fix for version detection from readme.txt due to false positives (tag-cloud-widget plugin)
2012-09-23 21:50:41 +02:00
parent 9b6a2805d7
commit a15028793e
46 changed files with 560 additions and 415 deletions
--- a/doc/WpDetector.html
+++ b/doc/WpDetector.html
@@ -236,7 +236,7 @@
  <span class="ruby-identifier">result</span> = <span class="ruby-identifier">items</span>
  <span class="ruby-keyword">if</span> <span class="ruby-identifier">items</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">items</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
-    <span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
+    <span class="ruby-identifier">result</span> = <span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>], <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
  <span class="ruby-keyword">end</span>
  <span class="ruby-identifier">enum_results</span> = <span class="ruby-constant">WpEnumerator</span>.<span class="ruby-identifier">enumerate</span>(<span class="ruby-identifier">options</span>)
@@ -303,7 +303,7 @@
  <span class="ruby-identifier">names</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
    <span class="ruby-identifier">items</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
-        <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
+        <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
        <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>,
        <span class="ruby-value">:type</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">type</span>,
        <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;#{item}/&quot;</span>,
--- a/doc/WpEnumerator.html
+++ b/doc/WpEnumerator.html
@@ -232,7 +232,7 @@
 <ul><li>
 <p><tt>targets</tt> - targets to enumerate</p>
 </li><li><ul><li>
-<p><tt>:url</tt> - Base URL</p>
+<p><tt>:base_url</tt> - Base URL</p>
 </li></ul>
 </li><li><ul><li>
 <p><tt>:wp_content</tt> - wp-content directory</p>
@@ -273,7 +273,7 @@
  <span class="ruby-identifier">enumerate_size</span> = <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">size</span>
  <span class="ruby-identifier">targets</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">target</span><span class="ruby-operator">|</span>
-    <span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_url</span>
+    <span class="ruby-identifier">url</span> = <span class="ruby-identifier">target</span>.<span class="ruby-identifier">get_full_url</span>
    <span class="ruby-identifier">request</span> = <span class="ruby-identifier">enum_browser</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">url</span>, { <span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>, <span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span> })
    <span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
@@ -342,7 +342,7 @@
  <span class="ruby-identifier">file</span>              = <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>]
  <span class="ruby-identifier">vulns_file</span>        = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
  <span class="ruby-identifier">wp_content_dir</span>    = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>]
-  <span class="ruby-identifier">url</span>               = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">url</span>               = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
  <span class="ruby-identifier">type</span>              = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
  <span class="ruby-identifier">plugins_dir</span>       = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
  <span class="ruby-identifier">targets_url</span>       = []
@@ -352,7 +352,7 @@
    <span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file</span>, <span class="ruby-string">&quot;r&quot;</span>) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">f</span><span class="ruby-operator">|</span>
      <span class="ruby-identifier">f</span>.<span class="ruby-identifier">readlines</span>.<span class="ruby-identifier">collect</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">line</span><span class="ruby-operator">|</span>
        <span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
-            <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
+            <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
            <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>,
            <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
            <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">dirname</span>(<span class="ruby-identifier">line</span>.<span class="ruby-identifier">strip</span>),
@@ -374,7 +374,7 @@
    <span class="ruby-identifier">xml</span>.<span class="ruby-identifier">xpath</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath_2</span>]).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">node</span><span class="ruby-operator">|</span>
      <span class="ruby-identifier">name</span> = <span class="ruby-identifier">node</span>.<span class="ruby-identifier">attribute</span>(<span class="ruby-string">&quot;name&quot;</span>).<span class="ruby-identifier">text</span>
      <span class="ruby-identifier">targets_url</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
-          <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
+          <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">url</span>,
          <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
          <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>,
          <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">name</span>,
--- a/doc/WpItem.html
+++ b/doc/WpItem.html
@@ -79,9 +79,9 @@
          <li><a href="#method-i-extract_name_from_url">#extract_name_from_url</a></li>
-          <li><a href="#method-i-get_sub_folder">#get_sub_folder</a></li>
+          <li><a href="#method-i-get_full_url">#get_full_url</a></li>
-          <li><a href="#method-i-get_url">#get_url</a></li>
+          <li><a href="#method-i-get_sub_folder">#get_sub_folder</a></li>
          <li><a href="#method-i-get_url_without_filename">#get_url_without_filename</a></li>
@@ -235,14 +235,27 @@
        <h3 class="section-header">Attributes</h3>
        <div id="base_url-attribute-method" class="method-detail">
          <a name="base_url"></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">base_url</span><span
              class="attribute-access-type">[R]</span>
          </div>
          <div class="method-description">
          </div>
        </div>
        <div id="name-attribute-method" class="method-detail">
          <a name="name"></a>
          <a name="name="></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">name</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
          </div>
          <div class="method-description">
@@ -255,11 +268,9 @@
        <div id="path-attribute-method" class="method-detail">
          <a name="path"></a>
          <a name="path="></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">path</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
          </div>
          <div class="method-description">
@@ -272,28 +283,9 @@
        <div id="type-attribute-method" class="method-detail">
          <a name="type"></a>
          <a name="type="></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">type</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
          </div>
          <div class="method-description">
          </div>
        </div>
        <div id="url-attribute-method" class="method-detail">
          <a name="url"></a>
          <a name="url="></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">url</span><span
              class="attribute-access-type">[RW]</span>
          </div>
          <div class="method-description">
@@ -306,11 +298,9 @@
        <div id="vulns_file-attribute-method" class="method-detail">
          <a name="vulns_file"></a>
          <a name="vulns_file="></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">vulns_file</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
          </div>
          <div class="method-description">
@@ -323,11 +313,9 @@
        <div id="vulns_xpath-attribute-method" class="method-detail">
          <a name="vulns_xpath"></a>
          <a name="vulns_xpath="></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">vulns_xpath</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
          </div>
          <div class="method-description">
@@ -340,11 +328,9 @@
        <div id="wp_content_dir-attribute-method" class="method-detail">
          <a name="wp_content_dir"></a>
          <a name="wp_content_dir="></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">wp_content_dir</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
          </div>
          <div class="method-description">
@@ -354,14 +340,12 @@
          </div>
        </div>
-        <div id="wp_plugin_dir-attribute-method" class="method-detail">
+        <div id="wp_plugins_dir-attribute-method" class="method-detail">
-          <a name="wp_plugin_dir"></a>
+          <a name="wp_plugins_dir"></a>
          <a name="wp_plugin_dir="></a>
          <div class="method-heading attribute-method-heading">
-            <span class="method-name">wp_plugin_dir</span><span
+            <span class="method-name">wp_plugins_dir</span><span
-              class="attribute-access-type">[RW]</span>
+              class="attribute-access-type">[R]</span>
          </div>
          <div class="method-description">
@@ -402,15 +386,15 @@
 <span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 25</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">options</span>)
  <span class="ruby-ivar">@type</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:type</span>]
-  <span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-string">&quot;wp-content&quot;</span>
+  <span class="ruby-ivar">@wp_content_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>] <span class="ruby-operator">?</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>) <span class="ruby-operator">:</span> <span class="ruby-string">&quot;wp-content&quot;</span>
-  <span class="ruby-ivar">@wp_plugin_dir</span>  = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-string">&quot;plugins&quot;</span>
+  <span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>] <span class="ruby-operator">||</span> <span class="ruby-node">&quot;#@wp_content_dir/plugins&quot;</span>
-  <span class="ruby-ivar">@url</span>            = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-ivar">@base_url</span>       = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
  <span class="ruby-ivar">@path</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:path</span>]
  <span class="ruby-ivar">@name</span>           = <span class="ruby-identifier">options</span>[<span class="ruby-value">:name</span>] <span class="ruby-operator">||</span> <span class="ruby-identifier">extract_name_from_url</span>
  <span class="ruby-ivar">@vulns_file</span>     = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>]
  <span class="ruby-ivar">@vulns_xpath</span>    = <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>].<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\$name\$/</span>, <span class="ruby-ivar">@name</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_xpath</span>] <span class="ruby-operator">==</span> <span class="ruby-keyword">nil</span>
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url not set&quot;</span>)            <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@url</span>
+  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url not set&quot;</span>)       <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@base_url</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;path not set&quot;</span>)           <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@path</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;wp_content_dir not set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_content_dir</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;name not set&quot;</span>)           <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@name</span>
@@ -452,7 +436,7 @@
            <div class="method-source-code" id="3C-3D-3E-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 121</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 122</span>
 <span class="ruby-keyword">def</span> <span class="ruby-operator">&lt;=&gt;</span>(<span class="ruby-identifier">other</span>)
  <span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">&lt;=&gt;</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
 <span class="ruby-keyword">end</span></pre>
@@ -485,7 +469,7 @@
            <div class="method-source-code" id="3D-3D-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 111</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 112</span>
 <span class="ruby-keyword">def</span> <span class="ruby-operator">==</span>(<span class="ruby-identifier">other</span>)
  <span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
 <span class="ruby-keyword">end</span></pre>
@@ -518,7 +502,7 @@
            <div class="method-source-code" id="3D-3D-3D-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 116</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 117</span>
 <span class="ruby-keyword">def</span> <span class="ruby-operator">===</span>(<span class="ruby-identifier">other</span>)
  <span class="ruby-identifier">other</span>.<span class="ruby-identifier">name</span> <span class="ruby-operator">==</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">name</span>
 <span class="ruby-keyword">end</span></pre>
@@ -551,7 +535,7 @@
            <div class="method-source-code" id="changelog_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 131</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 132</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">changelog_url</span>
  <span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;changelog.txt&quot;</span>)
 <span class="ruby-keyword">end</span></pre>
@@ -584,7 +568,7 @@
            <div class="method-source-code" id="directory_listing-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 94</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 95</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">directory_listing?</span>
  <span class="ruby-comment"># Need to remove to file part from the url</span>
  <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url_without_filename</span>).<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;title&gt;Index of}</span>] <span class="ruby-operator">?</span> <span class="ruby-keyword">true</span> <span class="ruby-operator">:</span> <span class="ruby-keyword">false</span>
@@ -618,9 +602,9 @@
            <div class="method-source-code" id="extract_name_from_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 100</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 101</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">extract_name_from_url</span>
-  <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
+  <span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>[<span class="ruby-regexp">%{^(https?://.*/([^/]+)/)}</span>, <span class="ruby-value">2</span>]
 <span class="ruby-keyword">end</span></pre>
            </div><!-- extract_name_from_url-source -->
@@ -632,6 +616,53 @@
        </div><!-- extract_name_from_url-method -->
        <div id="get_full_url-method" class="method-detail ">
          <a name="method-i-get_full_url"></a>
          <div class="method-heading">
            <span class="method-name">get_full_url</span><span
              class="method-args">()</span>
            <span class="method-click-advice">click to toggle source</span>
          </div>
          <div class="method-description">
            <p>Get the full url for this item</p>
            <div class="method-source-code" id="get_full_url-source">
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 57</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">get_full_url</span>
  <span class="ruby-identifier">url</span> = <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@base_url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@base_url/&quot;</span>
  <span class="ruby-comment"># remove first and last /</span>
  <span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
  <span class="ruby-comment"># remove first /</span>
  <span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
  <span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span><span class="ruby-string">&quot;plugins&quot;</span>
    <span class="ruby-comment"># plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir</span>
    <span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#@wp_plugins_dir/#{path}&quot;</span>)
  <span class="ruby-keyword">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
    <span class="ruby-comment"># timthumbs have folder in path variable</span>
    <span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
  <span class="ruby-keyword">else</span>
    <span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}&quot;</span>)
  <span class="ruby-keyword">end</span>
  <span class="ruby-identifier">ret</span>
 <span class="ruby-keyword">end</span></pre>
            </div><!-- get_full_url-source -->
          </div>
        </div><!-- get_full_url-method -->
        <div id="get_sub_folder-method" class="method-detail ">
          <a name="method-i-get_sub_folder"></a>
@@ -654,8 +685,6 @@
 <span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 43</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">get_sub_folder</span>
  <span class="ruby-keyword">case</span> <span class="ruby-ivar">@type</span>
    <span class="ruby-keyword">when</span> <span class="ruby-string">&quot;plugins&quot;</span>
      <span class="ruby-identifier">folder</span> = <span class="ruby-ivar">@wp_plugin_dir</span>
    <span class="ruby-keyword">when</span> <span class="ruby-string">&quot;themes&quot;</span>
      <span class="ruby-identifier">folder</span> = <span class="ruby-string">&quot;themes&quot;</span>
    <span class="ruby-keyword">when</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
@@ -676,50 +705,6 @@
        </div><!-- get_sub_folder-method -->
        <div id="get_url-method" class="method-detail ">
          <a name="method-i-get_url"></a>
          <div class="method-heading">
            <span class="method-name">get_url</span><span
              class="method-args">()</span>
            <span class="method-click-advice">click to toggle source</span>
          </div>
          <div class="method-description">
            <p>Get the full url for this item</p>
            <div class="method-source-code" id="get_url-source">
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 59</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url</span>
  <span class="ruby-identifier">url</span> = <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">end_with?</span>(<span class="ruby-string">&quot;/&quot;</span>) <span class="ruby-operator">?</span> <span class="ruby-ivar">@url</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">:</span> <span class="ruby-node">&quot;#@url/&quot;</span>
  <span class="ruby-comment"># remove first and last /</span>
  <span class="ruby-identifier">wp_content_dir</span> = <span class="ruby-ivar">@wp_content_dir</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/\/$/</span>, <span class="ruby-string">&quot;&quot;</span>)
  <span class="ruby-comment"># remove first /</span>
  <span class="ruby-identifier">path</span> = <span class="ruby-ivar">@path</span>.<span class="ruby-identifier">sub</span>(<span class="ruby-regexp">/^\//</span>, <span class="ruby-string">&quot;&quot;</span>)
  <span class="ruby-keyword">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;timthumbs&quot;</span>
    <span class="ruby-comment"># timthumbs have folder in path variable</span>
    <span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{path}&quot;</span>)
  <span class="ruby-keyword">else</span>
    <span class="ruby-identifier">ret</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-node">&quot;#{url}#{wp_content_dir}/#{get_sub_folder}/#{path}&quot;</span>)
  <span class="ruby-keyword">end</span>
  <span class="ruby-identifier">ret</span>
 <span class="ruby-keyword">end</span></pre>
            </div><!-- get_url-source -->
          </div>
        </div><!-- get_url-method -->
        <div id="get_url_without_filename-method" class="method-detail ">
          <a name="method-i-get_url_without_filename"></a>
@@ -739,9 +724,9 @@
            <div class="method-source-code" id="get_url_without_filename-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 75</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 76</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">get_url_without_filename</span>
-  <span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">to_s</span>
+  <span class="ruby-identifier">location_url</span> = <span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">to_s</span>
  <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">location_url</span>[<span class="ruby-regexp">%{^(https?://.*/)[^.]+\.[^/]+$}</span>, <span class="ruby-value">1</span>]
  <span class="ruby-keyword">unless</span> <span class="ruby-identifier">valid_location_url</span>
    <span class="ruby-identifier">valid_location_url</span> = <span class="ruby-identifier">add_trailing_slash</span>(<span class="ruby-identifier">location_url</span>)
@@ -777,7 +762,7 @@
            <div class="method-source-code" id="has_changelog-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 145</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 146</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">has_changelog?</span>
  <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@changelog</span>
    <span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">changelog_url</span>).<span class="ruby-identifier">code</span>
@@ -814,7 +799,7 @@
            <div class="method-source-code" id="has_readme-3F-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 136</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 137</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">has_readme?</span>
  <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@readme</span>
    <span class="ruby-identifier">status</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">readme_url</span>).<span class="ruby-identifier">code</span>
@@ -851,7 +836,7 @@
            <div class="method-source-code" id="readme_url-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 126</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 127</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">readme_url</span>
  <span class="ruby-identifier">get_url_without_filename</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>)
 <span class="ruby-keyword">end</span></pre>
@@ -884,7 +869,7 @@
            <div class="method-source-code" id="to_s-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 105</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 106</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">to_s</span>
  <span class="ruby-identifier">item_version</span> = <span class="ruby-identifier">version</span>
  <span class="ruby-node">&quot;#@name#{' v' + item_version.strip if item_version}&quot;</span>
@@ -918,10 +903,10 @@
            <div class="method-source-code" id="version-source">
 <pre>
-<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 85</span>
+<span class="ruby-comment"># File lib/wpscan/wp_item.rb, line 86</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">version</span>
  <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@version</span>
-    <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
+    <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.txt&quot;</span>).<span class="ruby-identifier">to_s</span>)
    <span class="ruby-ivar">@version</span> = <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-node">%{stable tag: #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
  <span class="ruby-keyword">end</span>
  <span class="ruby-ivar">@version</span>
--- a/doc/WpOptions.html
+++ b/doc/WpOptions.html
@@ -255,7 +255,7 @@
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_options.rb, line 34</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">check_options</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;url must be set&quot;</span>)                  <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
+  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;base_url must be set&quot;</span>)             <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>].<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;only_vulnerable_ones must be set&quot;</span>) <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:only_vulnerable_ones</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;file must be set&quot;</span>)                 <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
  <span class="ruby-identifier">raise</span>(<span class="ruby-string">&quot;vulns_file must be set&quot;</span>)           <span class="ruby-keyword">unless</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>] <span class="ruby-operator">!=</span> <span class="ruby-keyword">nil</span> <span class="ruby-keyword">and</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:vulns_file</span>].<span class="ruby-identifier">length</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
--- a/doc/WpPlugin.html
+++ b/doc/WpPlugin.html
@@ -315,7 +315,7 @@ href="http://www.exploit-db.com/ghdb/3714/">www.exploit-db.com/ghdb/3714/</a></p
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_plugin.rb, line 39</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">error_log_url</span>
-  <span class="ruby-identifier">get_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
+  <span class="ruby-identifier">get_full_url</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;error_log&quot;</span>).<span class="ruby-identifier">to_s</span>
 <span class="ruby-keyword">end</span></pre>
            </div><!-- error_log_url-source -->
--- a/doc/WpPlugins.html
+++ b/doc/WpPlugins.html
@@ -235,12 +235,12 @@
  <span class="ruby-identifier">plugins</span> = []
  <span class="ruby-identifier">result</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">r</span><span class="ruby-operator">|</span>
    <span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
-        <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">url</span>,
+        <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">base_url</span>,
        <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">path</span>,
        <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_content_dir</span>,
        <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">name</span>,
        <span class="ruby-value">:type</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
-        <span class="ruby-value">:wp_plugins_dir</span>  =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugin_dir</span>
+        <span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">r</span>.<span class="ruby-identifier">wp_plugins_dir</span>
    )
  <span class="ruby-keyword">end</span>
  <span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
@@ -285,16 +285,16 @@ plugins can be found in the source code :</p>
 <span class="ruby-comment"># File lib/wpscan/modules/wp_plugins.rb, line 51</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">plugins_from_passive_detection</span>(<span class="ruby-identifier">options</span>)
  <span class="ruby-identifier">plugins</span> = []
-  <span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>], <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
+  <span class="ruby-identifier">temp</span> = <span class="ruby-constant">WpDetector</span>.<span class="ruby-identifier">passive_detection</span>(<span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>], <span class="ruby-string">&quot;plugins&quot;</span>, <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>])
  <span class="ruby-identifier">temp</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">item</span><span class="ruby-operator">|</span>
    <span class="ruby-identifier">plugins</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpPlugin</span>.<span class="ruby-identifier">new</span>(
-        <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">url</span>,
+        <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">base_url</span>,
        <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">name</span>,
        <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">item</span>.<span class="ruby-identifier">path</span>,
        <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
        <span class="ruby-value">:type</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;plugins&quot;</span>,
-        <span class="ruby-value">:wp_plugins_dir</span>  =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugin_dir</span>]
+        <span class="ruby-value">:wp_plugins_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_plugins_dir</span>]
    )
  <span class="ruby-keyword">end</span>
  <span class="ruby-identifier">plugins</span>.<span class="ruby-identifier">sort_by</span> { <span class="ruby-operator">|</span><span class="ruby-identifier">p</span><span class="ruby-operator">|</span> <span class="ruby-identifier">p</span>.<span class="ruby-identifier">name</span> }
--- a/doc/WpTarget.html
+++ b/doc/WpTarget.html
@@ -780,7 +780,7 @@
 <span class="ruby-comment"># File lib/wpscan/wp_target.rb, line 105</span>
 <span class="ruby-keyword">def</span> <span class="ruby-identifier">wp_plugins_dir</span>
  <span class="ruby-keyword">unless</span> <span class="ruby-ivar">@wp_plugins_dir</span>
-    <span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-string">&quot;plugins&quot;</span>
+    <span class="ruby-ivar">@wp_plugins_dir</span> = <span class="ruby-node">&quot;#{wp_content_dir}/plugins&quot;</span>
  <span class="ruby-keyword">end</span>
  <span class="ruby-ivar">@wp_plugins_dir</span>
 <span class="ruby-keyword">end</span></pre>
--- a/doc/WpTheme.html
+++ b/doc/WpTheme.html
@@ -215,21 +215,6 @@
        <h3 class="section-header">Attributes</h3>
        <div id="name-attribute-method" class="method-detail">
          <a name="name"></a>
          <div class="method-heading attribute-method-heading">
            <span class="method-name">name</span><span
              class="attribute-access-type">[R]</span>
          </div>
          <div class="method-description">
          </div>
        </div>
        <div id="style_url-attribute-method" class="method-detail">
          <a name="style_url"></a>
@@ -382,7 +367,7 @@
    <span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
               <span class="ruby-value">:style_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
-               <span class="ruby-value">:url</span>             =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
+               <span class="ruby-value">:base_url</span>        =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">style_url</span>,
               <span class="ruby-value">:path</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
               <span class="ruby-value">:wp_content_dir</span>  =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
    )
@@ -431,7 +416,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=141">code.google.com/p/wp
    <span class="ruby-keyword">return</span> <span class="ruby-identifier">new</span>(<span class="ruby-value">:name</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_name</span>,
               <span class="ruby-value">:version</span>         =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">woo_theme_version</span>,
-               <span class="ruby-value">:url</span>             =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
+               <span class="ruby-value">:base_url</span>        =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">matches</span>[<span class="ruby-value">0</span>],
               <span class="ruby-value">:path</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>,
               <span class="ruby-value">:wp_content_dir</span>  =<span class="ruby-operator">&gt;</span> <span class="ruby-string">&quot;&quot;</span>
    )
--- a/doc/WpTimthumbs.html
+++ b/doc/WpTimthumbs.html
@@ -322,7 +322,7 @@
    scripts/timthumb.php tools/timthumb.php functions/timthumb.php
  }</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">file</span><span class="ruby-operator">|</span>
    <span class="ruby-identifier">targets</span> <span class="ruby-operator">&lt;&lt;</span> <span class="ruby-constant">WpItem</span>.<span class="ruby-identifier">new</span>(
-        <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>],
+        <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>],
        <span class="ruby-value">:path</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-node">&quot;themes/#{theme_name}/#{file}&quot;</span>,
        <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">options</span>[<span class="ruby-value">:wp_content_dir</span>],
        <span class="ruby-value">:name</span>           =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">theme_name</span>,
--- a/doc/WpVersion.html
+++ b/doc/WpVersion.html
@@ -293,7 +293,7 @@ etc)</p>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 39</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find</span>(<span class="ruby-identifier">target_uri</span>, <span class="ruby-identifier">wp_content_dir</span>)
  <span class="ruby-identifier">options</span> = {
-      <span class="ruby-value">:url</span>            =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
+      <span class="ruby-value">:base_url</span>       =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">target_uri</span>,
      <span class="ruby-value">:wp_content_dir</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">wp_content_dir</span>
  }
  <span class="ruby-keyword">self</span>.<span class="ruby-identifier">methods</span>.<span class="ruby-identifier">grep</span>(<span class="ruby-regexp">/find_from_/</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">method_to_call</span><span class="ruby-operator">|</span>
@@ -393,7 +393,7 @@ file across all versions of wordpress.</p>
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 94</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_advanced_fingerprinting</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
  <span class="ruby-comment"># needed for rpsec tests</span>
  <span class="ruby-identifier">version_xml</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:version_xml</span>] <span class="ruby-operator">||</span> <span class="ruby-constant">DATA_DIR</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot;/wp_versions.xml&quot;</span>
  <span class="ruby-identifier">xml</span> = <span class="ruby-constant">Nokogiri</span><span class="ruby-operator">::</span><span class="ruby-constant">XML</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">version_xml</span>)) <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">config</span><span class="ruby-operator">|</span>
@@ -451,7 +451,7 @@ upgrade.</p>
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 61</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_meta_generator</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
  <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
  <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{name=&quot;generator&quot; content=&quot;wordpress ([^&quot;]+)&quot;}</span>, <span class="ruby-value">1</span>]
@@ -487,7 +487,7 @@ upgrade.</p>
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 119</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_readme</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
  <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;readme.html&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{&lt;br /&gt;\sversion #{WpVersion.version_pattern}}</span>, <span class="ruby-value">1</span>]
 <span class="ruby-keyword">end</span></pre>
            </div><!-- find_from_readme-source -->
@@ -521,7 +521,7 @@ upgrade.</p>
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 68</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_rss_generator</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
  <span class="ruby-identifier">response</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;feed/&quot;</span>).<span class="ruby-identifier">to_s</span>, {<span class="ruby-value">:follow_location</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-keyword">true</span>, <span class="ruby-value">:max_redirects</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">2</span>})
  <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span>[<span class="ruby-regexp">%{&lt;generator&gt;http://wordpress.org/\?v=([^&lt;]+)&lt;/generator&gt;}</span>, <span class="ruby-value">1</span>]
@@ -558,7 +558,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 125</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">find_from_sitemap_generator</span>(<span class="ruby-identifier">options</span>)
-  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:url</span>]
+  <span class="ruby-identifier">target_uri</span> = <span class="ruby-identifier">options</span>[<span class="ruby-value">:base_url</span>]
  <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">get</span>(<span class="ruby-identifier">target_uri</span>.<span class="ruby-identifier">merge</span>(<span class="ruby-string">&quot;sitemap.xml&quot;</span>).<span class="ruby-identifier">to_s</span>).<span class="ruby-identifier">body</span>[<span class="ruby-node">%{generator=&quot;wordpress/#{WpVersion.version_pattern}&quot;}</span>, <span class="ruby-value">1</span>]
 <span class="ruby-keyword">end</span></pre>
            </div><!-- find_from_sitemap_generator-source -->
@@ -584,8 +584,7 @@ href="http://code.google.com/p/wpscan/issues/detail?id=109">code.google.com/p/wp
          <div class="method-description">
-            <p>Used to check if the version is correct : should be numeric with at least
+            <p>Used to check if the version is correct : must contain at least one .</p>
 one ‘.’</p>
@@ -593,7 +592,7 @@ one ‘.’</p>
 <pre>
 <span class="ruby-comment"># File lib/wpscan/wp_version.rb, line 131</span>
 <span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">version_pattern</span>
-  <span class="ruby-string">'(.*(?=.)(?=.*\d)(?=.*[.]).*)'</span>
+  <span class="ruby-string">'([^\r\n]+[\.][^\r\n]+)'</span>
 <span class="ruby-keyword">end</span></pre>
            </div><!-- version_pattern-source -->
--- a/doc/created.rid
+++ b/doc/created.rid
@@ -1,4 +1,4 @@
-Sat, 22 Sep 2012 23:49:14 +0200
+Sun, 23 Sep 2012 21:48:18 +0200
 ./CREDITS	Mon, 17 Sep 2012 20:18:24 +0200
 ./Gemfile	Sat, 22 Sep 2012 00:14:07 +0200
 ./lib/browser.rb	Sat, 22 Sep 2012 15:51:15 +0200
@@ -15,23 +15,23 @@ Sat, 22 Sep 2012 23:49:14 +0200
 ./lib/wpscan/modules/web_site.rb	Sat, 22 Sep 2012 16:18:55 +0200
 ./lib/wpscan/modules/wp_config_backup.rb	Sat, 22 Sep 2012 15:01:32 +0200
 ./lib/wpscan/modules/wp_full_path_disclosure.rb	Sat, 15 Sep 2012 08:01:17 +0200
-./lib/wpscan/modules/wp_login_protection.rb	Sat, 22 Sep 2012 16:18:32 +0200
+./lib/wpscan/modules/wp_login_protection.rb	Sun, 23 Sep 2012 19:38:40 +0200
-./lib/wpscan/modules/wp_plugins.rb	Sat, 22 Sep 2012 21:05:32 +0200
+./lib/wpscan/modules/wp_plugins.rb	Sun, 23 Sep 2012 20:20:17 +0200
 ./lib/wpscan/modules/wp_readme.rb	Sat, 15 Sep 2012 08:01:52 +0200
-./lib/wpscan/modules/wp_themes.rb	Sat, 22 Sep 2012 21:32:34 +0200
+./lib/wpscan/modules/wp_themes.rb	Sun, 23 Sep 2012 19:41:17 +0200
-./lib/wpscan/modules/wp_timthumbs.rb	Sat, 22 Sep 2012 23:24:13 +0200
+./lib/wpscan/modules/wp_timthumbs.rb	Sun, 23 Sep 2012 19:40:38 +0200
 ./lib/wpscan/modules/wp_usernames.rb	Sat, 22 Sep 2012 15:01:32 +0200
 ./lib/wpscan/msfrpc_client.rb	Fri, 21 Sep 2012 23:32:27 +0200
 ./lib/wpscan/vulnerable.rb	Sat, 22 Sep 2012 21:23:01 +0200
-./lib/wpscan/wp_detector.rb	Sat, 22 Sep 2012 21:23:10 +0200
+./lib/wpscan/wp_detector.rb	Sun, 23 Sep 2012 19:40:56 +0200
-./lib/wpscan/wp_enumerator.rb	Sat, 22 Sep 2012 23:22:53 +0200
+./lib/wpscan/wp_enumerator.rb	Sun, 23 Sep 2012 19:58:52 +0200
-./lib/wpscan/wp_item.rb	Sat, 22 Sep 2012 23:38:11 +0200
+./lib/wpscan/wp_item.rb	Sun, 23 Sep 2012 21:47:56 +0200
-./lib/wpscan/wp_options.rb	Sat, 22 Sep 2012 20:33:35 +0200
+./lib/wpscan/wp_options.rb	Sun, 23 Sep 2012 19:35:16 +0200
-./lib/wpscan/wp_plugin.rb	Sat, 22 Sep 2012 21:24:14 +0200
+./lib/wpscan/wp_plugin.rb	Sun, 23 Sep 2012 19:59:17 +0200
-./lib/wpscan/wp_target.rb	Sat, 22 Sep 2012 23:47:42 +0200
+./lib/wpscan/wp_target.rb	Sun, 23 Sep 2012 20:07:45 +0200
-./lib/wpscan/wp_theme.rb	Sat, 22 Sep 2012 21:24:57 +0200
+./lib/wpscan/wp_theme.rb	Sun, 23 Sep 2012 19:56:18 +0200
 ./lib/wpscan/wp_user.rb	Sat, 22 Sep 2012 16:12:25 +0200
-./lib/wpscan/wp_version.rb	Sat, 22 Sep 2012 21:25:11 +0200
+./lib/wpscan/wp_version.rb	Sun, 23 Sep 2012 21:26:24 +0200
 ./lib/wpscan/wp_vulnerability.rb	Sat, 22 Sep 2012 16:11:58 +0200
 ./lib/wpscan/wpscan_helper.rb	Sat, 15 Sep 2012 21:19:30 +0200
 ./lib/wpscan/wpscan_options.rb	Sat, 22 Sep 2012 15:01:32 +0200
@@ -39,5 +39,5 @@ Sat, 22 Sep 2012 23:49:14 +0200
 ./lib/wpstools/parse_svn.rb	Sat, 22 Sep 2012 16:10:30 +0200
 ./lib/wpstools/wpstools_helper.rb	Sat, 22 Sep 2012 15:00:03 +0200
 ./README	Thu, 13 Sep 2012 22:54:08 +0200
-./wpscan.rb	Sat, 22 Sep 2012 23:46:46 +0200
+./wpscan.rb	Sun, 23 Sep 2012 19:58:44 +0200
 ./wpstools.rb	Sat, 22 Sep 2012 14:59:30 +0200
--- a/doc/index.html
+++ b/doc/index.html
@@ -291,6 +291,8 @@
      <li><a href="RpcClient.html#method-i-get_exploit_info">#get_exploit_info &mdash; RpcClient</a></li>
      <li><a href="WpItem.html#method-i-get_full_url">#get_full_url &mdash; WpItem</a></li>
      <li><a href="WpUsernames.html#method-i-get_nickname_from_response">#get_nickname_from_response &mdash; WpUsernames</a></li>
      <li><a href="WpUsernames.html#method-i-get_nickname_from_url">#get_nickname_from_url &mdash; WpUsernames</a></li>
@@ -303,8 +305,6 @@
      <li><a href="WpItem.html#method-i-get_sub_folder">#get_sub_folder &mdash; WpItem</a></li>
      <li><a href="WpItem.html#method-i-get_url">#get_url &mdash; WpItem</a></li>
      <li><a href="WpItem.html#method-i-get_url_without_filename">#get_url_without_filename &mdash; WpItem</a></li>
      <li><a href="Object.html#method-i-green">#green &mdash; Object</a></li>
--- a/doc/lib/wpscan/modules/wp_plugins_rb.html
+++ b/doc/lib/wpscan/modules/wp_plugins_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 21:05:32 +0200</dd>
+      <dd class="modified-date">2012-09-23 20:20:17 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/doc/lib/wpscan/modules/wp_timthumbs_rb.html
+++ b/doc/lib/wpscan/modules/wp_timthumbs_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 23:24:13 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:40:38 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/doc/lib/wpscan/wp_detector_rb.html
+++ b/doc/lib/wpscan/wp_detector_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 21:23:10 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:40:56 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/doc/lib/wpscan/wp_enumerator_rb.html
+++ b/doc/lib/wpscan/wp_enumerator_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 23:22:53 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:58:52 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/doc/lib/wpscan/wp_options_rb.html
+++ b/doc/lib/wpscan/wp_options_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 20:33:35 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:35:16 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/doc/lib/wpscan/wp_plugin_rb.html
+++ b/doc/lib/wpscan/wp_plugin_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 21:24:14 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:59:17 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/doc/lib/wpscan/wp_target_rb.html
+++ b/doc/lib/wpscan/wp_target_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 23:47:42 +0200</dd>
+      <dd class="modified-date">2012-09-23 20:07:45 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/doc/lib/wpscan/wp_theme_rb.html
+++ b/doc/lib/wpscan/wp_theme_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 21:24:57 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:56:18 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/doc/lib/wpscan/wp_version_rb.html
+++ b/doc/lib/wpscan/wp_version_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 21:25:11 +0200</dd>
+      <dd class="modified-date">2012-09-23 21:26:24 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/doc/wpscan_rb.html
+++ b/doc/wpscan_rb.html
@@ -24,7 +24,7 @@
  <div id="metadata">
    <dl>
      <dt class="modified-date">Last Modified</dt>
-      <dd class="modified-date">2012-09-22 23:46:46 +0200</dd>
+      <dd class="modified-date">2012-09-23 19:58:44 +0200</dd>
      <dt class="requires">Requires</dt>
--- a/lib/wpscan/modules/wp_login_protection.rb
+++ b/lib/wpscan/modules/wp_login_protection.rb
@@ -38,7 +38,7 @@ module WpLoginProtection
          return @login_protection_plugin = WpPlugin.new(
              :name           => plugin_name,
-              :url            => @uri,
+              :base_url       => @uri,
              :path           => "/plugins/#{plugin_name}/",
              :wp_content_dir => @wp_content_dir
          )
@@ -68,7 +68,7 @@ module WpLoginProtection
  def better_wp_security_url
    WpPlugin.new(:wp_content_dir  => @wp_content_dir,
-                 :url             => @uri,
+                 :base_url        => @uri,
                 :path            => "/plugins/better-wp-security/",
                 :name            => "better-wp-security"
    ).get_url_without_filename
@@ -81,7 +81,7 @@ module WpLoginProtection
  def simple_login_lockdown_url
    WpPlugin.new(:wp_content_dir  => @wp_content_dir,
-                 :url             => @uri,
+                 :base_url        => @uri,
                 :path            => "/plugins/simple-login-lockdown/",
                 :name            => "simple-login-lockdown"
    ).get_url_without_filename
@@ -94,7 +94,7 @@ module WpLoginProtection
  def login_security_solution_url
    WpPlugin.new(:wp_content_dir  => @wp_content_dir,
-                 :url             => @uri,
+                 :base_url        => @uri,
                 :path            => "/plugins/login-security-solution/",
                 :name            => "login-security-solution"
    ).get_url_without_filename
@@ -107,7 +107,7 @@ module WpLoginProtection
  def limit_login_attempts_url
    WpPlugin.new(:wp_content_dir  => @wp_content_dir,
-                 :url             => @uri,
+                 :base_url        => @uri,
                 :path            => "/plugins/limit-login-attempts/",
                 :name            => "limit-login-attempts"
    ).get_url_without_filename
@@ -120,7 +120,7 @@ module WpLoginProtection
  def bluetrait_event_viewer_url
    WpPlugin.new(:wp_content_dir  => @wp_content_dir,
-                 :url             => @uri,
+                 :base_url        => @uri,
                 :path            => "/plugins/bluetrait-event-viewer/",
                 :name            => "bluetrait-event-viewer"
    ).get_url_without_filename
--- a/lib/wpscan/modules/wp_plugins.rb
+++ b/lib/wpscan/modules/wp_plugins.rb
@@ -31,12 +31,12 @@ module WpPlugins
    plugins = []
    result.each do |r|
      plugins << WpPlugin.new(
-          :url            => r.url,
+          :base_url       => r.base_url,
          :path           => r.path,
          :wp_content_dir => r.wp_content_dir,
          :name           => r.name,
          :type           => "plugins",
-          :wp_plugins_dir  => r.wp_plugin_dir
+          :wp_plugins_dir => r.wp_plugins_dir
      )
    end
    plugins.sort_by { |p| p.name }
@@ -50,16 +50,16 @@ module WpPlugins
  # return array of WpPlugin
  def plugins_from_passive_detection(options)
    plugins = []
-    temp = WpDetector.passive_detection(options[:url], "plugins", options[:wp_content_dir])
+    temp = WpDetector.passive_detection(options[:base_url], "plugins", options[:wp_content_dir])
    temp.each do |item|
      plugins << WpPlugin.new(
-          :url            => item.url,
+          :base_url       => item.base_url,
          :name           => item.name,
          :path           => item.path,
          :wp_content_dir => options[:wp_content_dir],
          :type           => "plugins",
-          :wp_plugins_dir  => options[:wp_plugin_dir]
+          :wp_plugins_dir => options[:wp_plugins_dir]
      )
    end
    plugins.sort_by { |p| p.name }
--- a/lib/wpscan/modules/wp_themes.rb
+++ b/lib/wpscan/modules/wp_themes.rb
@@ -29,7 +29,7 @@ module WpThemes
    themes = []
    result.each do |r|
      themes << WpTheme.new(
-          :url            => r.url,
+          :base_url       => r.base_url,
          :path           => r.path,
          :wp_content_dir => r.wp_content_dir,
          :name           => r.name
@@ -40,11 +40,11 @@ module WpThemes
  def themes_from_passive_detection(options)
    themes = []
-    temp = WpDetector.passive_detection(options[:url], "themes", options[:wp_content_dir])
+    temp = WpDetector.passive_detection(options[:base_url], "themes", options[:wp_content_dir])
    temp.each do |item|
      themes << WpTheme.new(
-          :url            => item.url,
+          :base_url       => item.base_url,
          :name           => item.name,
          :path           => item.path,
          :wp_content_dir => options[:wp_content_dir]
--- a/lib/wpscan/modules/wp_timthumbs.rb
+++ b/lib/wpscan/modules/wp_timthumbs.rb
@@ -55,7 +55,7 @@ module WpTimthumbs
      scripts/timthumb.php tools/timthumb.php functions/timthumb.php
    }.each do |file|
      targets << WpItem.new(
-          :url            => options[:url],
+          :base_url       => options[:base_url],
          :path           => "themes/#{theme_name}/#{file}",
          :wp_content_dir => options[:wp_content_dir],
          :name           => theme_name,
--- a/lib/wpscan/wp_detector.rb
+++ b/lib/wpscan/wp_detector.rb
@@ -23,7 +23,7 @@ class WpDetector
    result = items
    if items == nil or items.length == 0
-      result = passive_detection(options[:url], options[:type], options[:wp_content_dir])
+      result = passive_detection(options[:base_url], options[:type], options[:wp_content_dir])
    end
    enum_results = WpEnumerator.enumerate(options)
@@ -61,7 +61,7 @@ class WpDetector
    names.each do |item|
      items << WpItem.new(
-          :url            => url,
+          :base_url       => url,
          :name           => item,
          :type           => type,
          :path           => "#{item}/",
--- a/lib/wpscan/wp_enumerator.rb
+++ b/lib/wpscan/wp_enumerator.rb
@@ -24,7 +24,7 @@ class WpEnumerator
  # ==== Attributes
  #
  # * +targets+ - targets to enumerate
-  # * * +:url+ - Base URL
+  # * * +:base_url+ - Base URL
  # * * +:wp_content+ - wp-content directory
  # * * +:path+ - Path to plugin
  # * +type+ - "plugins" or "themes", item to enumerate
@@ -50,7 +50,7 @@ class WpEnumerator
    enumerate_size = targets.size
    targets.each do |target|
-      url = target.get_url
+      url = target.get_full_url
      request = enum_browser.forge_request(url, { :cache_timeout => 0, :follow_location => true })
      request_count += 1
@@ -86,7 +86,7 @@ class WpEnumerator
    file              = options[:file]
    vulns_file        = options[:vulns_file]
    wp_content_dir    = options[:wp_content_dir]
-    url               = options[:url]
+    url               = options[:base_url]
    type              = options[:type]
    plugins_dir       = options[:wp_plugins_dir]
    targets_url       = []
@@ -96,7 +96,7 @@ class WpEnumerator
      File.open(file, "r") do |f|
        f.readlines.collect do |line|
          targets_url << WpItem.new(
-              :url            => url,
+              :base_url       => url,
              :path           => line.strip,
              :wp_content_dir => wp_content_dir,
              :name           => File.dirname(line.strip),
@@ -118,7 +118,7 @@ class WpEnumerator
      xml.xpath(options[:vulns_xpath_2]).each do |node|
        name = node.attribute("name").text
        targets_url << WpItem.new(
-            :url            => url,
+            :base_url       => url,
            :path           => name,
            :wp_content_dir => wp_content_dir,
            :name           => name,
--- a/lib/wpscan/wp_item.rb
+++ b/lib/wpscan/wp_item.rb
@@ -19,20 +19,20 @@
 require "#{WPSCAN_LIB_DIR}/vulnerable"
 class WpItem < Vulnerable
-  attr_accessor :path, :url, :wp_content_dir, :name, :vulns_file, :vulns_xpath, :wp_plugin_dir, :type
+  attr_reader :base_url, :path, :wp_content_dir, :name, :vulns_file, :vulns_xpath, :wp_plugins_dir, :type
  @version = nil
  def initialize(options)
    @type           = options[:type]
-    @wp_content_dir = options[:wp_content_dir] || "wp-content"
+    @wp_content_dir = options[:wp_content_dir] ? options[:wp_content_dir].sub(/^\//, "").sub(/\/$/, "") : "wp-content"
-    @wp_plugin_dir  = options[:wp_plugins_dir] || "plugins"
+    @wp_plugins_dir = options[:wp_plugins_dir] || "#@wp_content_dir/plugins"
-    @url            = options[:url]
+    @base_url       = options[:base_url]
    @path           = options[:path]
    @name           = options[:name] || extract_name_from_url
    @vulns_file     = options[:vulns_file]
    @vulns_xpath    = options[:vulns_xpath].sub(/\$name\$/, @name) unless options[:vulns_xpath] == nil
-    raise("url not set")            unless @url
+    raise("base_url not set")       unless @base_url
    raise("path not set")           unless @path
    raise("wp_content_dir not set") unless @wp_content_dir
    raise("name not set")           unless @name
@@ -42,8 +42,6 @@ class WpItem < Vulnerable
  def get_sub_folder
    case @type
      when "plugins"
        folder = @wp_plugin_dir
      when "themes"
        folder = "themes"
      when "timthumbs"
@@ -56,13 +54,16 @@ class WpItem < Vulnerable
  end
  # Get the full url for this item
-  def get_url
+  def get_full_url
-    url = @url.to_s.end_with?("/") ? @url.to_s : "#@url/"
+    url = @base_url.to_s.end_with?("/") ? @base_url.to_s : "#@base_url/"
    # remove first and last /
    wp_content_dir = @wp_content_dir.sub(/^\//, "").sub(/\/$/, "")
    # remove first /
    path = @path.sub(/^\//, "")
-    if type == "timthumbs"
+    if type =="plugins"
      # plugins can be outside of wp-content. wp_content_dir included in wp_plugins_dir
      ret = URI.parse("#{url}#@wp_plugins_dir/#{path}")
    elsif type == "timthumbs"
      # timthumbs have folder in path variable
      ret = URI.parse("#{url}#{wp_content_dir}/#{path}")
    else
@@ -73,7 +74,7 @@ class WpItem < Vulnerable
  # Gets the full url for this item without filenames
  def get_url_without_filename
-    location_url = get_url.to_s
+    location_url = get_full_url.to_s
    valid_location_url = location_url[%r{^(https?://.*/)[^.]+\.[^/]+$}, 1]
    unless valid_location_url
      valid_location_url = add_trailing_slash(location_url)
@@ -84,7 +85,7 @@ class WpItem < Vulnerable
  # Returns version number from readme.txt if it exists
  def version
    unless @version
-      response = Browser.instance.get(get_url.merge("readme.txt").to_s)
+      response = Browser.instance.get(get_full_url.merge("readme.txt").to_s)
      @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
    end
    @version
@@ -98,7 +99,7 @@ class WpItem < Vulnerable
  # Extract item name from a url
  def extract_name_from_url
-    get_url.to_s[%r{^(https?://.*/([^/]+)/)}i, 2]
+    get_full_url.to_s[%r{^(https?://.*/([^/]+)/)}i, 2]
  end
  # To string. Adds a version number if detected
--- a/lib/wpscan/wp_options.rb
+++ b/lib/wpscan/wp_options.rb
@@ -32,7 +32,7 @@
 # * +type+ - Type: plugins, themes
 class WpOptions
  def self.check_options(options)
-    raise("url must be set")                  unless options[:url] != nil and options[:url].to_s.length > 0
+    raise("base_url must be set")             unless options[:base_url] != nil and options[:base_url].to_s.length > 0
    raise("only_vulnerable_ones must be set") unless options[:only_vulnerable_ones] != nil
    raise("file must be set")                 unless options[:file] != nil and options[:file].length > 0
    raise("vulns_file must be set")           unless options[:vulns_file] != nil and options[:vulns_file].length > 0
--- a/lib/wpscan/wp_plugin.rb
+++ b/lib/wpscan/wp_plugin.rb
@@ -37,6 +37,6 @@ class WpPlugin < WpItem
  end
  def error_log_url
-    get_url.merge("error_log").to_s
+    get_full_url.merge("error_log").to_s
  end
 end
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -104,7 +104,7 @@ class WpTarget
  def wp_plugins_dir
    unless @wp_plugins_dir
-      @wp_plugins_dir = "plugins"
+      @wp_plugins_dir = "#{wp_content_dir}/plugins"
    end
    @wp_plugins_dir
  end
--- a/lib/wpscan/wp_theme.rb
+++ b/lib/wpscan/wp_theme.rb
@@ -20,7 +20,7 @@ require "#{WPSCAN_LIB_DIR}/vulnerable"
 class WpTheme < WpItem
-  attr_reader :name, :style_url, :version
+  attr_reader :style_url, :version
  def initialize(options = {})
    options[:vulns_file]    = (options[:vulns_file] != nil and options[:vulns_file] != "") ?
@@ -67,7 +67,7 @@ class WpTheme < WpItem
      return new(:name            => theme_name,
                 :style_url       => style_url,
-                 :url             => style_url,
+                 :base_url        => style_url,
                 :path            => "",
                 :wp_content_dir  => ""
      )
@@ -87,7 +87,7 @@ class WpTheme < WpItem
      return new(:name            => woo_theme_name,
                 :version         => woo_theme_version,
-                 :url             => matches[0],
+                 :base_url        => matches[0],
                 :path            => "",
                 :wp_content_dir  => ""
      )
--- a/lib/wpscan/wp_version.rb
+++ b/lib/wpscan/wp_version.rb
@@ -38,7 +38,7 @@ class WpVersion < Vulnerable
  # (find_from_meta_generator, find_from_rss_generator etc)
  def self.find(target_uri, wp_content_dir)
    options = {
-        :url            => target_uri,
+        :base_url       => target_uri,
        :wp_content_dir => wp_content_dir
    }
    self.methods.grep(/find_from_/).each do |method_to_call|
@@ -59,14 +59,14 @@ class WpVersion < Vulnerable
  # The meta tag can be removed however it seems,
  # that it is reinstated on upgrade.
  def self.find_from_meta_generator(options)
-    target_uri = options[:url]
+    target_uri = options[:base_url]
    response = Browser.instance.get(target_uri.to_s, {:follow_location => true, :max_redirects => 2})
    response.body[%r{name="generator" content="wordpress ([^"]+)"}i, 1]
  end
  def self.find_from_rss_generator(options)
-    target_uri = options[:url]
+    target_uri = options[:base_url]
    response = Browser.instance.get(target_uri.merge("feed/").to_s, {:follow_location => true, :max_redirects => 2})
    response.body[%r{<generator>http://wordpress.org/\?v=([^<]+)</generator>}i, 1]
@@ -92,7 +92,7 @@ class WpVersion < Vulnerable
  #  /!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)
  #
  def self.find_from_advanced_fingerprinting(options)
-    target_uri = options[:url]
+    target_uri = options[:base_url]
    # needed for rpsec tests
    version_xml = options[:version_xml] || DATA_DIR + "/wp_versions.xml"
    xml = Nokogiri::XML(File.open(version_xml)) do |config|
@@ -117,18 +117,18 @@ class WpVersion < Vulnerable
  end
  def self.find_from_readme(options)
-    target_uri = options[:url]
+    target_uri = options[:base_url]
    Browser.instance.get(target_uri.merge("readme.html").to_s).body[%r{<br />\sversion #{WpVersion.version_pattern}}i, 1]
  end
  # http://code.google.com/p/wpscan/issues/detail?id=109
  def self.find_from_sitemap_generator(options)
-    target_uri = options[:url]
+    target_uri = options[:base_url]
    Browser.instance.get(target_uri.merge("sitemap.xml").to_s).body[%r{generator="wordpress/#{WpVersion.version_pattern}"}, 1]
  end
-  # Used to check if the version is correct : should be numeric with at least one '.'
+  # Used to check if the version is correct : must contain at least one .
  def self.version_pattern
-    '(.*(?=.)(?=.*\d)(?=.*[.]).*)'
+    '([^\r\n]+[\.][^\r\n]+)'
  end
 end
--- a/spec/lib/wpscan/modules/wp_login_protection_spec.rb
+++ b/spec/lib/wpscan/modules/wp_login_protection_spec.rb
@@ -100,7 +100,7 @@ shared_examples_for "WpLoginProtection" do
    it "should return a login-lockdown WpPlugin object" do
      @fixture = @fixtures_dir + "/wp-login-login_lockdown.php"
-      @plugin_expected = WpPlugin.new(:url => @module.url,
+      @plugin_expected = WpPlugin.new(:base_url => @module.url,
                                      :path => "/plugins/login-lockdown/",
                                      :name => "login-lockdown"
      )
@@ -109,7 +109,7 @@ shared_examples_for "WpLoginProtection" do
    it "should return a login-lock WpPlugin object" do
      @fixture = @fixtures_dir + "/wp-login-login_lock.php"
-      @plugin_expected = WpPlugin.new(:url => @module.url,
+      @plugin_expected = WpPlugin.new(:base_url => @module.url,
                                      :path => "/plugins/login-lock/",
                                      :name => "login-lock"
      )
--- a/spec/lib/wpscan/modules/wp_plugins_spec.rb
+++ b/spec/lib/wpscan/modules/wp_plugins_spec.rb
@@ -31,7 +31,7 @@ shared_examples_for "WpPlugins" do
    @module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
    @module.extend(WpPlugins)
-    @options = {:url => @wp_url,
+    @options = {:base_url => @wp_url,
                :only_vulnerable_ones => false,
                :show_progress_bar => false,
                :error_404_hash => Digest::MD5.hexdigest("Error 404!"),
@@ -43,27 +43,27 @@ shared_examples_for "WpPlugins" do
    }
    File.exist?(@plugin_vulns_file).should == true
    File.exist?(@plugins_file).should == true
-    @targets = [WpPlugin.new({:url => "http://example.localhost/",
+    @targets = [WpPlugin.new({:base_url => "http://example.localhost/",
                              :path => "exclude-pages/exclude_pages.php",
                              :wp_content_dir => "wp-content",
                              :name => "exclude-pages"}),
-                WpPlugin.new({:url => "http://example.localhost/",
+                WpPlugin.new({:base_url => "http://example.localhost/",
                              :path => "display-widgets/display-widgets.php",
                              :wp_content_dir => "wp-content",
                              :name => "display-widgets"}),
-                WpPlugin.new({:url => "http://example.localhost/",
+                WpPlugin.new({:base_url => "http://example.localhost/",
                              :path => "media-library",
                              :wp_content_dir => "wp-content",
                              :name => "media-library"}),
-                WpPlugin.new({:url => "http://example.localhost/",
+                WpPlugin.new({:base_url => "http://example.localhost/",
                              :path => "deans",
                              :wp_content_dir => "wp-content",
                              :name => "deans"}),
-                WpPlugin.new({:url => "http://example.localhost/",
+                WpPlugin.new({:base_url => "http://example.localhost/",
                              :path => "formidable/formidable.php",
                              :wp_content_dir => "wp-content",
                              :name => "formidable"}),
-                WpPlugin.new({:url => "http://example.localhost/",
+                WpPlugin.new({:base_url => "http://example.localhost/",
                              :path => "regenerate-thumbnails/readme.txt",
                              :wp_content_dir => "wp-content",
                              :name => "regenerate-thumbnails"})]
@@ -74,7 +74,7 @@ shared_examples_for "WpPlugins" do
    it "should return an empty array" do
      stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_plugins.htm'))
-      plugins = @module.plugins_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
+      plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
      plugins.should be_empty
    end
@@ -92,12 +92,12 @@ shared_examples_for "WpPlugins" do
      }
      expected_plugins = []
      expected_plugin_names.each do |plugin_name|
-        expected_plugins << WpPlugin.new(:url => @module.url,
+        expected_plugins << WpPlugin.new(:base_url => @module.url,
                                         :path => "/plugins/#{plugin_name}/",
                                         :name => plugin_name)
      end
-      plugins = @module.plugins_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
+      plugins = @module.plugins_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
      plugins.should_not be_empty
      plugins.length.should == expected_plugins.length
      plugins.sort.should == expected_plugins.sort
@@ -110,7 +110,7 @@ shared_examples_for "WpPlugins" do
      stub_request(:get, @module.uri.to_s).to_return(:status => 200)
      # Point all targets to a 404
      @targets.each do |target|
-        stub_request(:get, target.get_url.to_s).to_return(:status => 404)
+        stub_request(:get, target.get_full_url.to_s).to_return(:status => 404)
        # to_s calls readme_url
        stub_request(:get, target.readme_url.to_s).to_return(:status => 404)
      end
@@ -132,9 +132,9 @@ shared_examples_for "WpPlugins" do
      @passive_detection_fixture = @fixtures_dir + "/passive_detection/one_plugin.htm"
      @expected_plugins = @targets.sample(2)
      @expected_plugins.each do |p|
-        stub_request(:get, p.get_url.to_s).to_return(:status => 200)
+        stub_request(:get, p.get_full_url.to_s).to_return(:status => 200)
      end
-      new_plugin = WpPlugin.new(:url => "http://example.localhost/",
+      new_plugin = WpPlugin.new(:base_url => "http://example.localhost/",
                                :path => "/plugins/comment-info-tip/",
                                :name => "comment-info-tip")
      stub_request(:get, new_plugin.readme_url.to_s).to_return(:status => 200)
@@ -149,7 +149,7 @@ shared_examples_for "WpPlugins" do
        plugin_url.should_not be_nil
        plugin_url.length.should == 1
        @expected_plugins = plugin_url
-        stub_request(:get, plugin_url[0].get_url.to_s).to_return(:status => valid_response_code)
+        stub_request(:get, plugin_url[0].get_full_url.to_s).to_return(:status => valid_response_code)
      end
    end
  end
--- a/spec/lib/wpscan/modules/wp_themes_spec.rb
+++ b/spec/lib/wpscan/modules/wp_themes_spec.rb
@@ -31,7 +31,7 @@ shared_examples_for "WpThemes" do
    @module.error_404_hash = Digest::MD5.hexdigest("Error 404!")
    @module.extend(WpThemes)
-    @options = {:url => @wp_url,
+    @options = {:base_url => @wp_url,
                :only_vulnerable_ones => false,
                :show_progress_bar => false,
                :error_404_hash => Digest::MD5.hexdigest("Error 404!"),
@@ -43,55 +43,55 @@ shared_examples_for "WpThemes" do
    }
    File.exist?(@theme_vulns_file).should == true
    File.exist?(@themes_file).should == true
-    @targets = [WpTheme.new({:url => "http://example.localhost/",
+    @targets = [WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "zenpro/404.php",
                             :wp_content_dir => "wp-content",
                             :name => "zenpro"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "zeta-zip/404.php",
                             :wp_content_dir => "wp-content",
                             :name => "zeta-zip"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "zfirst/404.php",
                             :wp_content_dir => "wp-content",
                             :name => "zfirst"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "zgrey/404.php",
                             :wp_content_dir => "wp-content",
                             :name => "zgrey"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "zindi-ii/404.php",
                             :wp_content_dir => "wp-content",
                             :name => "zindi-ii"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "zindi/404.php",
                             :wp_content_dir => "wp-content",
                             :name => "zindi"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "zombie-apocalypse/404.php",
                             :wp_content_dir => "wp-content",
                             :name => "zombie-apocalypse"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "zsofa/404.php",
                             :wp_content_dir => "wp-content",
                             :name => "zsofa"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "zwei-seiten/404.php",
                             :wp_content_dir => "wp-content",
                             :name => "zwei-seiten"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "twentyten/404.php",
                             :wp_content_dir => "wp-content",
                             :name => "twentyten"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "shopperpress",
                             :wp_content_dir => "wp-content",
                             :name => "shopperpress"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "wise",
                             :wp_content_dir => "wp-content",
                             :name => "wise"}),
-                WpTheme.new({:url => "http://example.localhost/",
+                WpTheme.new({:base_url => "http://example.localhost/",
                             :path => "webfolio",
                             :wp_content_dir => "wp-content",
                             :name => "webfolio"})]
@@ -102,7 +102,7 @@ shared_examples_for "WpThemes" do
    it "should return an empty array" do
      stub_request_to_fixture(:url => @module.url, :fixture => File.new(passive_detection_fixtures + '/no_theme.htm'))
-      themes = @module.themes_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
+      themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
      themes.should be_empty
    end
@@ -112,12 +112,12 @@ shared_examples_for "WpThemes" do
      expected_theme_names = %w{ theme1 theme2 theme3 }
      expected_themes = []
      expected_theme_names.each do |theme_name|
-        expected_themes << WpTheme.new(:url => @module.url,
+        expected_themes << WpTheme.new(:base_url => @module.url,
                                       :path => "/themes/#{theme_name}/",
                                       :name => theme_name)
      end
-      themes = @module.themes_from_passive_detection(:url => @module.url, :wp_content_dir => "wp-content")
+      themes = @module.themes_from_passive_detection(:base_url => @module.url, :wp_content_dir => "wp-content")
      themes.should_not be_empty
      themes.length.should == expected_themes.length
      themes.sort.should == expected_themes.sort
@@ -130,7 +130,7 @@ shared_examples_for "WpThemes" do
      stub_request(:get, @module.uri.to_s).to_return(:status => 200)
      # Point all targets to a 404
      @targets.each do |target|
-        stub_request(:get, target.get_url.to_s).to_return(:status => 404)
+        stub_request(:get, target.get_full_url.to_s).to_return(:status => 404)
        # to_s calls readme_url
        stub_request(:get, target.readme_url.to_s).to_return(:status => 404)
      end
@@ -152,9 +152,9 @@ shared_examples_for "WpThemes" do
      @passive_detection_fixture = @fixtures_dir + "/passive_detection/one_theme.htm"
      @expected_themes = @targets.sample(2)
      @expected_themes.each do |p|
-        stub_request(:get, p.get_url.to_s).to_return(:status => 200)
+        stub_request(:get, p.get_full_url.to_s).to_return(:status => 200)
      end
-      new_theme = WpTheme.new(:url => "http://example.localhost/",
+      new_theme = WpTheme.new(:base_url => "http://example.localhost/",
                              :path => "/themes/custom-twentyten/",
                              :name => "custom-twentyten")
      stub_request(:get, new_theme.readme_url.to_s).to_return(:status => 200)
@@ -169,7 +169,7 @@ shared_examples_for "WpThemes" do
        theme_url.should_not be_nil
        theme_url.length.should == 1
        @expected_themes = theme_url
-        stub_request(:get, theme_url[0].get_url.to_s).to_return(:status => valid_response_code)
+        stub_request(:get, theme_url[0].get_full_url.to_s).to_return(:status => valid_response_code)
      end
    end
  end
--- a/spec/lib/wpscan/modules/wp_timthumbs_spec.rb
+++ b/spec/lib/wpscan/modules/wp_timthumbs_spec.rb
@@ -22,7 +22,7 @@ shared_examples_for "WpTimthumbs" do
    @options = {}
    @url = "http://example.localhost/"
    @theme_name = "bueno"
-    @options[:url] = @url
+    @options[:base_url] = @url
    @options[:wp_content_dir] = "wp-content"
    @options[:name] = @theme_name
    @options[:error_404_hash] = "xx"
@@ -60,7 +60,7 @@ shared_examples_for "WpTimthumbs" do
      targets.length.should > 0
      temp = []
      targets.each do |t|
-        temp << t.get_url.to_s
+        temp << t.get_full_url.to_s
      end
      temp.sort.should === @targets_from_theme.sort
    end
@@ -91,7 +91,7 @@ shared_examples_for "WpTimthumbs" do
      urls = []
      urls_hash = WpEnumerator.generate_items(@options)
      urls_hash.each do |u|
-        url = u.get_url.to_s
+        url = u.get_full_url.to_s
        urls << url
        stub_request(:get, url).to_return(:status => 404)
      end
@@ -106,7 +106,7 @@ shared_examples_for "WpTimthumbs" do
      temp = []
      timthumbs.each do |t|
-        temp << t.get_url.to_s
+        temp << t.get_full_url.to_s
      end
      temp.sort.should === expected.sort
      @module.has_timthumbs?(nil).should be_true
--- a/spec/lib/wpscan/wp_item_spec.rb
+++ b/spec/lib/wpscan/wp_item_spec.rb
@@ -19,8 +19,133 @@
 require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
 describe WpPlugin do
  describe "#initialize" do
    it "should create a correct instance" do
      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins"
      )
      instance.wp_content_dir.should == "wp-content"
      instance.base_url.should == "http://sub.example.com/path/to/wordpress/"
      instance.path.should == "test/asdf.php"
    end
  end
  describe "#get_full_url" do
    it "should return the correct url" do
      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins"
      )
      instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php"
    end
    it "should return the correct url (custom wp_content_dir)" do
      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins",
                            :wp_content_dir => "custom"
      )
      instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
    end
    it "should trim / and add missing / before concatenating url" do
      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins",
                            :wp_content_dir => "/custom/"
      )
      instance.get_full_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
    end
  end
  describe "#get_url_without_filename" do
    it "should return the correct url" do
      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins"
      )
      instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
    end
    it "should return the correct url (custom wp_content_dir)" do
      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins",
                            :wp_content_dir => "custom"
      )
      instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
    end
    it "should trim / and add missing / before concatenating url" do
      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins",
                            :wp_content_dir => "/custom/"
      )
      instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
    end
    it "should not remove the last foldername" do
      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins"
      )
      instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
    end
    it "should return the correct url (https)" do
      instance = WpItem.new(:base_url => "https://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins"
      )
      instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
    end
    it "should add the last slash if it's not present" do
      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test-one",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins"
      )
      instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/"
    end
  end
  describe "#version" do
    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' }
    before :each do
-    @instance = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "test/asdf.php",
                             :vulns_file => "XXX.xml",
                             :name => "test",
@@ -29,72 +154,6 @@ describe WpPlugin do
      )
    end
  describe "#initialize" do
    it "should create a correct instance" do
      @instance.wp_content_dir.should == "wp-content"
      @instance.url.should == "http://sub.example.com/path/to/wordpress/"
      @instance.path.should == "test/asdf.php"
    end
  end
  describe "#get_url" do
    it "should return the correct url" do
      @instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/asdf.php"
    end
    it "should return the correct url (custom wp_content_dir)" do
      @instance.wp_content_dir = "custom"
      @instance.type = "plugins"
      @instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
    end
    it "should trim / and add missing / before concatenating url" do
      @instance.wp_content_dir = "/custom/"
      @instance.url = "http://sub.example.com/path/to/wordpress"
      @instance.path = "test/asdf.php"
      @instance.type = "plugins"
      @instance.get_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/asdf.php"
    end
  end
  describe "#get_url_without_filename" do
    it "should return the correct url" do
      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
    end
    it "should return the correct url (custom wp_content_dir)" do
      @instance.wp_content_dir = "custom"
      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
    end
    it "should trim / and add missing / before concatenating url" do
      @instance.wp_content_dir = "/custom/"
      @instance.url = "http://sub.example.com/path/to/wordpress"
      @instance.path = "test/asdf.php"
      @instance.type = "plugins"
      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/"
    end
    it "should not remove the last foldername" do
      @instance.path = "test/"
      @instance.type = "plugins"
      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
    end
    it "should return the correct url (https)" do
      @instance.url = "https://sub.example.com/path/to/wordpress/"
      @instance.get_url_without_filename.to_s.should == "https://sub.example.com/path/to/wordpress/wp-content/plugins/test/"
    end
    it "should add the last slash if it's not present" do
      @instance.path = "test-one"
      @instance.type = "plugins"
      @instance.get_url_without_filename.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test-one/"
    end
  end
  describe "#version" do
    let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + '/version' }
    it "should return a version number" do
      stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1")
      @instance.version.should == "1.2.4.3.2.1"
@@ -120,6 +179,16 @@ describe WpPlugin do
  end
  describe "#directory_listing?" do
    before :each do
      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "test/asdf.php",
                             :vulns_file => "XXX.xml",
                             :name => "test",
                             :vulns_xpath => "XX",
                             :type => "plugins"
      )
    end
    it "should return true" do
      stub_request(:get, @instance.get_url_without_filename.to_s).to_return(:status => 200,
                                                                            :body => "<html><head><title>Index of asdf</title></head></html>")
@@ -140,36 +209,74 @@ describe WpPlugin do
  describe "#extract_name_from_url" do
    it "should extract the correct name" do
-      @instance.extract_name_from_url.should == "test"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins"
      )
      instance.extract_name_from_url.should == "test"
    end
    it "should extract the correct name (custom wp_content_dir)" do
-      @instance.wp_content_dir = "custom"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
-      @instance.extract_name_from_url.should == "test"
+                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins",
                            :wp_content_dir => "custom"
      )
      instance.extract_name_from_url.should == "test"
    end
    it "should extract the correct name" do
-      @instance.wp_content_dir = "/custom/"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
-      @instance.url = "http://sub.example.com/path/to/wordpress"
+                            :path => "test2/asdf.php",
-      @instance.path = "test2/asdf.php"
+                            :vulns_file => "XXX.xml",
-      @instance.type = "plugins"
+                            :name => "test",
-      @instance.extract_name_from_url.should == "test2"
+                            :vulns_xpath => "XX",
                            :type => "plugins",
                            :wp_content_dir => "/custom/"
      )
      instance.extract_name_from_url.should == "test2"
    end
    it "should extract the correct plugin name" do
-      @instance.path = "testplugin/"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
-      @instance.type = "plugins"
+                            :path => "testplugin/",
-      @instance.extract_name_from_url.should == "testplugin"
+                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins"
      )
      instance.extract_name_from_url.should == "testplugin"
    end
    it "should extract the correct theme name" do
-      @instance.path = "testtheme/"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
-      @instance.type = "plugins"
+                            :path => "testtheme/",
-      @instance.extract_name_from_url.should == "testtheme"
+                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "themes"
      )
      instance.extract_name_from_url.should == "testtheme"
    end
  end
  describe "#to_s" do
    before :each do
      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "test/asdf.php",
                             :vulns_file => "XXX.xml",
                             :name => "test",
                             :vulns_xpath => "XX",
                             :type => "plugins"
      )
    end
    it "should return the name including a version number" do
      stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200, :body => "Stable tag: 1.2.4.3.2.1")
      @instance.to_s.should == "test v1.2.4.3.2.1"
@@ -182,8 +289,18 @@ describe WpPlugin do
  end
  describe "#==" do
    before :each do
      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "test/asdf.php",
                             :vulns_file => "XXX.xml",
                             :name => "test",
                             :vulns_xpath => "XX",
                             :type => "plugins"
      )
    end
    it "should return false" do
-      instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "newname/asdf.php",
                             :type => "plugins",
                             :vulns_file => "XXX.xml",
@@ -193,7 +310,7 @@ describe WpPlugin do
    end
    it "should return true" do
-      instance2 = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "test/asdf.php",
                             :type => "plugins",
                             :vulns_file => "XXX.xml",
@@ -204,38 +321,25 @@ describe WpPlugin do
  end
  describe "#get_sub_folder" do
-    it "should return plugins" do
+    it "should return themes" do
-      item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                        :path => "test/asdf.php",
                        :vulns_file => "XXX.xml",
                        :wp_content_dir => "wp-content",
-                        :wp_plugins_dir => "plugins",
+                        :wp_plugins_dir => "wp-content/plugins",
                        :name => "test",
                        :vulns_xpath => "XX",
-                        :type => "plugins"
+                        :type => "themes"
      )
-      item.get_sub_folder.should == "plugins"
+      item.get_sub_folder.should == "themes"
    end
    it "should return custom-plugins" do
      item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
                        :path => "test/asdf.php",
                        :vulns_file => "XXX.xml",
                        :wp_content_dir => "wp-content",
                        :wp_plugins_dir => "custom-plugins",
                        :name => "test",
                        :vulns_xpath => "XX",
                        :type => "plugins"
      )
      item.get_sub_folder.should == "custom-plugins"
    end
    it "should return themes" do
-      item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                        :path => "test/asdf.php",
                        :vulns_file => "XXX.xml",
                        :wp_content_dir => "wp-content",
-                        :wp_plugins_dir => "plugins",
+                        :wp_plugins_dir => "wp-content/plugins",
                        :name => "test",
                        :vulns_xpath => "XX",
                        :type => "themes"
@@ -244,11 +348,11 @@ describe WpPlugin do
    end
    it "should return nil" do
-      item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                        :path => "test/asdf.php",
                        :vulns_file => "XXX.xml",
                        :wp_content_dir => "wp-content",
-                        :wp_plugins_dir => "plugins",
+                        :wp_plugins_dir => "wp-content/plugins",
                        :name => "test",
                        :vulns_xpath => "XX",
                        :type => "timthumbs"
@@ -257,11 +361,11 @@ describe WpPlugin do
    end
    it "should raise an exception" do
-      item = WpItem.new(:url => "http://sub.example.com/path/to/wordpress/",
+      item = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                        :path => "test/asdf.php",
                        :vulns_file => "XXX.xml",
                        :wp_content_dir => "wp-content",
-                        :wp_plugins_dir => "plugins",
+                        :wp_plugins_dir => "wp-content/plugins",
                        :name => "test",
                        :vulns_xpath => "XX",
                        :type => "type"
@@ -272,55 +376,111 @@ describe WpPlugin do
  describe "#readme_url" do
    it "should return the corrent plugin readme url" do
-      @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins"
      )
      instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/readme.txt"
    end
    it "should return the corrent plugin readme url (custom wp_content)" do
-      @instance.wp_content_dir = "custom"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
-      @instance.type = "plugins"
+                            :path => "test/asdf.php",
-      @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt"
+                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins",
                            :wp_content_dir => "custom"
      )
      instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/readme.txt"
    end
    it "should return the corrent theme readme url" do
-      @instance.path = "test/asdf.php"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
-      @instance.type = "themes"
+                            :path => "test/asdf.php",
-      @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt"
+                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "themes"
      )
      instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/readme.txt"
    end
    it "should return the corrent theme readme url (custom wp_content)" do
-      @instance.wp_content_dir = "custom"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
-      @instance.path = "test/asdf.php"
+                            :path => "test/asdf.php",
-      @instance.type = "themes"
+                            :vulns_file => "XXX.xml",
-      @instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt"
+                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "themes",
                            :wp_content_dir => "custom"
      )
      instance.readme_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/readme.txt"
    end
  end
  describe "#changelog_url" do
    it "should return the corrent plugin changelog url" do
-      @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                            :path => "test/asdf.php",
                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins"
      )
      instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/plugins/test/changelog.txt"
    end
    it "should return the corrent plugin changelog url (custom wp_content)" do
-      @instance.wp_content_dir = "custom"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
-      @instance.type = "plugins"
+                            :path => "test/asdf.php",
-      @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt"
+                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "plugins",
                            :wp_content_dir => "custom"
      )
      instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/plugins/test/changelog.txt"
    end
    it "should return the corrent theme changelog url" do
-      @instance.path = "test/asdf.php"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
-      @instance.type = "themes"
+                            :path => "test/asdf.php",
-      @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt"
+                            :vulns_file => "XXX.xml",
                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "themes"
      )
      instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/wp-content/themes/test/changelog.txt"
    end
    it "should return the corrent theme changelog url (custom wp_content)" do
-      @instance.wp_content_dir = "custom"
+      instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
-      @instance.path = "test/asdf.php"
+                            :path => "test/asdf.php",
-      @instance.type = "themes"
+                            :vulns_file => "XXX.xml",
-      @instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt"
+                            :name => "test",
                            :vulns_xpath => "XX",
                            :type => "themes",
                            :wp_content_dir => "custom"
      )
      instance.changelog_url.to_s.should == "http://sub.example.com/path/to/wordpress/custom/themes/test/changelog.txt"
    end
  end
  describe "#has_readme?" do
    before :each do
      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "test/asdf.php",
                             :vulns_file => "XXX.xml",
                             :name => "test",
                             :vulns_xpath => "XX",
                             :type => "plugins"
      )
    end
    it "should return true" do
      stub_request(:get, @instance.readme_url.to_s).to_return(:status => 200)
      @instance.has_readme?.should == true
@@ -333,6 +493,16 @@ describe WpPlugin do
  end
  describe "#has_changelog?" do
    before :each do
      @instance = WpItem.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "test/asdf.php",
                             :vulns_file => "XXX.xml",
                             :name => "test",
                             :vulns_xpath => "XX",
                             :type => "plugins"
      )
    end
    it "should return true" do
      stub_request(:get, @instance.changelog_url.to_s).to_return(:status => 200)
      @instance.has_changelog?.should == true
--- a/spec/lib/wpscan/wp_options_spec.rb
+++ b/spec/lib/wpscan/wp_options_spec.rb
@@ -22,7 +22,7 @@ describe WpOptions do
  describe "#check_options" do
    before :each do
      @options = {}
-      @options[:url] = "url"
+      @options[:base_url] = "url"
      @options[:only_vulnerable_ones] = false
      @options[:file] = "file"
      @options[:vulns_file] = "vulns_file"
@@ -40,14 +40,14 @@ describe WpOptions do
      expect { WpOptions.check_options(@options) }.to raise_error(RuntimeError, @message)
    end
-    it "should raise an exception (url empty)" do
+    it "should raise an exception (base_url empty)" do
-      @options[:url] = ""
+      @options[:base_url] = ""
-      @message = "url must be set"
+      @message = "base_url must be set"
    end
-    it "should raise an exception (url nil)" do
+    it "should raise an exception (base_url nil)" do
-      @options[:url] = nil
+      @options[:base_url] = nil
-      @message = "url must be set"
+      @message = "base_url must be set"
    end
    it "should raise an exception (only_vulnerable_ones nil)" do
--- a/spec/lib/wpscan/wp_plugin_spec.rb
+++ b/spec/lib/wpscan/wp_plugin_spec.rb
@@ -21,29 +21,29 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
 describe WpPlugin do
  describe "#initialize" do
    it "should not raise an exception" do
-      expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
+      expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
    end
    it "should not raise an exception (wp_content_dir not set)" do
-      expect { WpPlugin.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error
+      expect { WpPlugin.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error
    end
-    it "should raise an exception (url not set)" do
+    it "should raise an exception (base_url not set)" do
      expect { WpPlugin.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
    end
    it "should raise an exception (path not set)" do
-      expect { WpPlugin.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
+      expect { WpPlugin.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
    end
    it "should raise an exception (name not set)" do
-      expect { WpPlugin.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
+      expect { WpPlugin.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
    end
  end
  describe "#error_log_url" do
    it "should return a correct url" do
-      temp = WpPlugin.new(:url => "http://wordpress.com",
+      temp = WpPlugin.new(:base_url => "http://wordpress.com",
                          :path => "test/asdf.php")
      temp.error_log_url.to_s.should == "http://wordpress.com/wp-content/plugins/test/error_log"
    end
@@ -51,7 +51,7 @@ describe WpPlugin do
  describe "#error_log?" do
    before :each do
-      @temp = WpPlugin.new(:url => "http://wordpress.com",
+      @temp = WpPlugin.new(:base_url => "http://wordpress.com",
                           :path => "test/asdf.php")
    end
--- a/spec/lib/wpscan/wp_target_spec.rb
+++ b/spec/lib/wpscan/wp_target_spec.rb
@@ -27,7 +27,7 @@ describe WpTarget do
      :config_file    => SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json',
      :cache_timeout  => 0,
      :wp_content_dir => "wp-content",
-      :wp_plugins_dir => "plugins"
+      :wp_plugins_dir => "wp-content/plugins"
    }
    @wp_target = WpTarget.new("http://example.localhost/", @options)
  end
@@ -153,20 +153,25 @@ describe WpTarget do
  describe "#wp_plugins_dir" do
    after :each do
-      @wp_target.stub(:wp_content_dir => @stub_value) if @stub_value
+      @wp_target.stub(:wp_plugins_dir => @stub_value) if @stub_value
      @wp_target.wp_plugins_dir.should === @expected
    end
    it "should return the string set in the initialize method" do
-      @wp_target = WpTarget.new("http://example.localhost/", :wp_plugins_dir => "custom-plugins")
+      @wp_target = WpTarget.new("http://example.localhost/", :wp_content_dir => "asdf", :wp_plugins_dir => "custom-plugins")
      @expected  = "custom-plugins"
    end
    it "should return 'plugins'" do
-      @stub_value = "wp-content"
+      @stub_value = "plugins"
      @expected   = "plugins"
    end
    it "should return 'wp-content/plugins'" do
      @stub_value = nil
      @expected   = "wp-content/plugins"
    end
  end
  describe "#debug_log_url" do
--- a/spec/lib/wpscan/wp_theme_spec.rb
+++ b/spec/lib/wpscan/wp_theme_spec.rb
@@ -30,23 +30,23 @@ describe WpTheme do
  describe "#initialize" do
    it "should not raise an exception" do
-      expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
+      expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir", :name => "name") }.to_not raise_error
    end
    it "should not raise an exception (wp_content_dir not set)" do
-      expect { WpTheme.new(:url => "url", :path => "path", :name => "name") }.to_not raise_error
+      expect { WpTheme.new(:base_url => "url", :path => "path", :name => "name") }.to_not raise_error
    end
-    it "should raise an exception (url not set)" do
+    it "should raise an exception (base_url not set)" do
      expect { WpTheme.new(:path => "path", :wp_content_dir => "dir", :name => "name") }.to raise_error
    end
    it "should raise an exception (path not set)" do
-      expect { WpTheme.new(:url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
+      expect { WpTheme.new(:base_url => "url", :wp_content_dir => "dir", :name => "name") }.to raise_error
    end
    it "should raise an exception (name not set)" do
-      expect { WpTheme.new(:url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
+      expect { WpTheme.new(:base_url => "url", :path => "path", :wp_content_dir => "dir") }.to raise_error
    end
  end
@@ -102,12 +102,12 @@ describe WpTheme do
    it "should return a WpTheme object with .name 'Editorial' and .version '1.3.5'" do
      @fixture = fixtures_dir + "/editorial-1.3.5.html"
-      @expected_theme = WpTheme.new(:name => "Editorial", :version => "1.3.5", :url => "", :path => "", :wp_content_dir => "")
+      @expected_theme = WpTheme.new(:name => "Editorial", :version => "1.3.5", :base_url => "", :path => "", :wp_content_dir => "")
    end
    it "should return a WpTheme object with .name 'Merchant'" do
      @fixture = fixtures_dir + "/merchant-no-version.html"
-      @expected_theme = WpTheme.new(:name => "Merchant", :url => "", :path => "", :wp_content_dir => "")
+      @expected_theme = WpTheme.new(:name => "Merchant", :base_url => "", :path => "", :wp_content_dir => "")
    end
  end
@@ -151,7 +151,7 @@ describe WpTheme do
      if @fixture
        stub_request_to_fixture(:url => theme_style_url, :fixture => @fixture)
-        wp_theme = WpTheme.new(:name => 'spec-theme', :style_url => theme_style_url, :url => "", :path => "", :wp_content_dir => "")
+        wp_theme = WpTheme.new(:name => "spec-theme", :style_url => theme_style_url, :base_url => "", :path => "", :wp_content_dir => "")
        wp_theme.version.should === @expected
      end
@@ -163,7 +163,7 @@ describe WpTheme do
    end
    it "should return nil if the style_url is nil" do
-      WpTheme.new(:name => "hello-world", :url => "", :path => "", :wp_content_dir => "").version.should be_nil
+      WpTheme.new(:name => "hello-world", :base_url => "", :path => "", :wp_content_dir => "").version.should be_nil
    end
    it "should return 1.3" do
@@ -179,12 +179,12 @@ describe WpTheme do
  describe "#===" do
    it "should return false (name not equal)" do
-      instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "themes/name/asdf.php",
                             :vulns_file => "XXX.xml",
                             :version => "1.0"
      )
-      instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                              :path => "themes/newname/asdf.php",
                              :vulns_file => "XXX.xml",
                              :version => "1.0"
@@ -193,12 +193,12 @@ describe WpTheme do
    end
    it "should return false (version not equal)" do
-      instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "themes/name/asdf.php",
                             :vulns_file => "XXX.xml",
                             :version => "1.0"
      )
-      instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                              :path => "themes/name/asdf.php",
                              :vulns_file => "XXX.xml",
                              :version => "2.0"
@@ -207,12 +207,12 @@ describe WpTheme do
    end
    it "should return false (version and name not equal)" do
-      instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "themes/name/asdf.php",
                             :vulns_file => "XXX.xml",
                             :version => "1.0"
      )
-      instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                              :path => "themes/newname/asdf.php",
                              :vulns_file => "XXX.xml",
                              :version => "2.0"
@@ -221,12 +221,12 @@ describe WpTheme do
    end
    it "should return true" do
-      instance = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                             :path => "themes/test/asdf.php",
                             :vulns_file => "XXX.xml",
                             :version => "1.0"
      )
-      instance2 = WpTheme.new(:url => "http://sub.example.com/path/to/wordpress/",
+      instance2 = WpTheme.new(:base_url => "http://sub.example.com/path/to/wordpress/",
                              :path => "themes/test/asdf.php",
                              :vulns_file => "XXX.xml",
                              :version => "1.0"
--- a/spec/lib/wpscan/wp_version_spec.rb
+++ b/spec/lib/wpscan/wp_version_spec.rb
@@ -31,7 +31,7 @@ describe WpVersion do
    after :each do
      stub_request_to_fixture(:url => @target_uri.to_s, :fixture => @fixture)
-      WpVersion.find_from_meta_generator(:url => @target_uri.to_s).should === @expected
+      WpVersion.find_from_meta_generator(:base_url => @target_uri.to_s).should === @expected
    end
    it "should return nil if the meta-generator is not found" do
@@ -57,7 +57,7 @@ describe WpVersion do
      @status_code ||= 200
      stub_request_to_fixture(:url => @target_uri.merge("feed/").to_s, :status => @status_code, :fixture => @fixture)
-      WpVersion.find_from_rss_generator(:url => @target_uri).should === @expected
+      WpVersion.find_from_rss_generator(:base_url => @target_uri).should === @expected
    end
    it "should return nil on a 404" do
@@ -92,7 +92,7 @@ describe WpVersion do
      stub_request(:get, @target_uri.merge("sitemap.xml").to_s).
          to_return(:status => 200, :body => @body)
-      WpVersion.find_from_sitemap_generator(:url => @target_uri).should === @expected
+      WpVersion.find_from_sitemap_generator(:base_url => @target_uri).should === @expected
    end
    it "should return nil if the generator is not found" do
@@ -118,7 +118,7 @@ describe WpVersion do
      @status_code ||= 200
      stub_request_to_fixture(:url => @target_uri.merge("readme.html").to_s, :status => @status_code, :fixture => @fixture)
-      WpVersion.find_from_readme(:url => @target_uri).should === @expected
+      WpVersion.find_from_readme(:base_url => @target_uri).should === @expected
    end
    it "should return nil on a 404" do
@@ -145,7 +145,7 @@ describe WpVersion do
      stub_request_to_fixture(:url => @target_uri.merge("wp-admin/js/wp-fullscreen.js").to_s,
                              :status => 200,
                              :fixture => "#{fixtures_dir}/3.2.1.js")
-      version = WpVersion.find_from_advanced_fingerprinting(:url => @target_uri,
+      version = WpVersion.find_from_advanced_fingerprinting(:base_url => @target_uri,
                                                            :wp_content_dir => "wp-content",
                                                            :version_xml => "#{fixtures_dir}/wp_versions.xml")
      version.should == "3.2.1"
--- a/spec/lib/wpscan/wp_vulnerability_spec.rb
+++ b/spec/lib/wpscan/wp_vulnerability_spec.rb
@@ -4,7 +4,7 @@ describe "#vulnerabilities" do
  let(:location_url) { "http://example.localhost/" }
  let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_PLUGIN_DIR + "/vulnerabilities" }
  let(:vulns_file) { fixtures_dir + "/plugin_vulns.xml" }
-  let(:wp_plugin) { WpPlugin.new(:url => location_url,
+  let(:wp_plugin) { WpPlugin.new(:base_url => location_url,
                                 :name => "spec-plugin",
                                 :path => "plugins/spec-plugin/",
                                 :vulns_file => vulns_file)
@@ -12,7 +12,7 @@ describe "#vulnerabilities" do
  it "should return an empty array when no vulnerabilities are found" do
-    WpPlugin.new(:url => "http://example.localhost/",
+    WpPlugin.new(:base_url => "http://example.localhost/",
                 :name => "no-vulns",
                 :path => "plugins/no-vulns/",
                 :vulns_file => vulns_file).vulnerabilities.should be_empty
--- a/wpscan.rb
+++ b/wpscan.rb
@@ -154,14 +154,14 @@ begin
    puts
    puts green("[+]") + " Enumerating plugins from passive detection ... "
-    plugins = wp_target.plugins_from_passive_detection(:url => wp_target.uri, :wp_content_dir => wp_target.wp_content_dir)
+    plugins = wp_target.plugins_from_passive_detection(:base_url => wp_target.uri, :wp_content_dir => wp_target.wp_content_dir)
    unless plugins.empty?
      puts "#{plugins.size} found :"
      plugins.each do |plugin|
        puts
        puts " | Name: #{plugin.name}"
-        puts " | Location: #{plugin.get_url}"
+        puts " | Location: #{plugin.get_full_url}"
        plugin.vulnerabilities.each do |vulnerability|
          puts " |"
@@ -181,7 +181,7 @@ begin
    puts
    options = {}
-    options[:url]                   = wp_target.uri
+    options[:base_url]              = wp_target.uri
    options[:only_vulnerable_ones]  = wpscan_options.enumerate_only_vulnerable_plugins || false
    options[:show_progress_bar]     = true
    options[:wp_content_dir]        = wp_target.wp_content_dir
@@ -236,7 +236,7 @@ begin
    puts
    options = {}
-    options[:url]                   = wp_target.uri
+    options[:base_url]              = wp_target.uri
    options[:only_vulnerable_ones]  = wpscan_options.enumerate_only_vulnerable_themes || false
    options[:show_progress_bar]     = true
    options[:wp_content_dir]        = wp_target.wp_content_dir
@@ -282,7 +282,7 @@ begin
    puts
    options = {}
-    options[:url]               = wp_target.uri
+    options[:base_url]          = wp_target.uri
    options[:show_progress_bar] = true
    options[:wp_content_dir]    = wp_target.wp_content_dir
    options[:error_404_hash]    = wp_target.error_404_hash
@@ -296,7 +296,7 @@ begin
      puts
      timthumbs.each do |t|
-        puts " | " + red("[!]") + " #{t.get_url.to_s}"
+        puts " | " + red("[!]") + " #{t.get_full_url.to_s}"
      end
      puts
      puts red(" * Reference: http://www.exploit-db.com/exploits/17602/")