Uses the new CMSScanner Enumerator module

app/finders/config_backups/known_filenames.rb

@@ -5,7 +5,7 @@ module WPScan
     module ConfigBackups
       # Config Backup finder
       class KnownFilenames < CMSScanner::Finders::Finder
-        include Finders::Finder::Enumerator
+        include CMSScanner::Finders::Finder::Enumerator
 
         # @param [ Hash ] opts
         # @option opts [ String ] :list
@@ -15,21 +15,15 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(potential_urls(opts), opts) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
+            next unless res.body =~ /define/i && res.body !~ /<\s?html/i
+
             found << Model::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
           end
 
           found
         end
 
-        def valid_response?(res, _exclude_content = nil)
-          return unless res.code == 200
-
-          full_res = Browser.get(res.effective_url)
-
-          full_res.body =~ /define/i && full_res.body !~ /<\s?html/i
-        end
-
         # @param [ Hash ] opts
         # @option opts [ String ] :list Mandatory
         #

app/finders/db_exports/known_locations.rb

@@ -6,7 +6,7 @@ module WPScan
       # DB Exports finder
       # See https://github.com/wpscanteam/wpscan-v3/issues/62
       class KnownLocations < CMSScanner::Finders::Finder
-        include Finders::Finder::Enumerator
+        include CMSScanner::Finders::Finder::Enumerator
 
         SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
 
@@ -18,20 +18,21 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(potential_urls(opts), opts) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
+            if res.effective_url.end_with?('.zip')
+              next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
+            else
+              next unless res.body =~ SQL_PATTERN
+            end
+
             found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
           end
 
           found
         end
 
-        def valid_response?(res, _exclude_content = nil)
-          return false unless res.code == 200
-
-          return true if res.effective_url.end_with?('.zip') &&
-                         res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
-
-          Browser.get(res.effective_url, headers: { 'Range' => 'bytes=0-3000' }).body =~ SQL_PATTERN ? true : false
+        def full_request_params
+          @full_request_params ||= { headers: { 'Range' => 'bytes=0-3000' } }
         end
 
         # @param [ Hash ] opts

app/finders/plugins/known_locations.rb

@@ -5,7 +5,12 @@ module WPScan
     module Plugins
       # Known Locations Plugins Finder
       class KnownLocations < CMSScanner::Finders::Finder
-        include Finders::Finder::Enumerator
+        include CMSScanner::Finders::Finder::Enumerator
+
+        # @return [ Array<Integer> ]
+        def valid_response_codes
+          @valid_response_codes ||= [200, 401, 403, 301]
+        end
 
         # @param [ Hash ] opts
         # @option opts [ String ] :list
@@ -14,7 +19,7 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(target_urls(opts), opts) do |_res, slug|
+          enumerate(target_urls(opts), opts.merge(check_full_response: 200)) do |_res, slug|
             found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
           end
 

app/finders/themes/known_locations.rb

@@ -5,7 +5,12 @@ module WPScan
     module Themes
       # Known Locations Themes Finder
       class KnownLocations < CMSScanner::Finders::Finder
-        include Finders::Finder::Enumerator
+        include CMSScanner::Finders::Finder::Enumerator
+
+        # @return [ Array<Integer> ]
+        def valid_response_codes
+          @valid_response_codes ||= [200, 401, 403, 301]
+        end
 
         # @param [ Hash ] opts
         # @option opts [ String ] :list
@@ -14,7 +19,7 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(target_urls(opts), opts) do |_res, slug|
+          enumerate(target_urls(opts), opts.merge(check_full_response: 200)) do |_res, slug|
             found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
           end
 

app/finders/timthumbs/known_locations.rb

@@ -7,7 +7,12 @@ module WPScan
       # Note: A vulnerable version, 2.8.13 can be found here:
       # https://github.com/GabrielGil/TimThumb/blob/980c3d6a823477761570475e8b83d3e9fcd2d7ae/timthumb.php
       class KnownLocations < CMSScanner::Finders::Finder
-        include Finders::Finder::Enumerator
+        include CMSScanner::Finders::Finder::Enumerator
+
+        # @return [ Array<Integer> ]
+        def valid_response_codes
+          @valid_response_codes ||= [400]
+        end
 
         # @param [ Hash ] opts
         # @option opts [ String ] :list Mandatory
@@ -16,23 +21,15 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(target_urls(opts), opts) do |res|
+          enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
+            next unless res.body =~ /no image specified/i
+
             found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
           end
 
           found
         end
 
-        # @param [ Typhoeus::Response ] res
-        # @param [ Regexp, nil ] exclude_content
-        #
-        # @return [ Boolean ]
-        def valid_response?(res, _exclude_content = nil)
-          return false unless res.code == 400
-
-          Browser.get(res.effective_url).body =~ /no image specified/i ? true : false
-        end
-
         # @param [ Hash ] opts
         # @option opts [ String ] :list Mandatory
         #

app/models/plugin.rb

@@ -8,11 +8,11 @@ module WPScan
       def initialize(slug, blog, opts = {})
         super(slug, blog, opts)
 
-        @uri = Addressable::URI.parse(blog.url("wp-content/plugins/#{slug}/"))
-
         # To be used by #head_and_get
         # If custom wp-content, it will be replaced by blog#url
         @path_from_blog = "wp-content/plugins/#{slug}/"
+
+        @uri = Addressable::URI.parse(blog.url(path_from_blog))
       end
 
       # @return [ JSON ]

app/models/theme.rb

@@ -11,13 +11,13 @@ module WPScan
       def initialize(slug, blog, opts = {})
         super(slug, blog, opts)
 
-        @uri       = Addressable::URI.parse(blog.url("wp-content/themes/#{slug}/"))
-        @style_url = opts[:style_url] || url('style.css')
-
         # To be used by #head_and_get
         # If custom wp-content, it will be replaced by blog#url
         @path_from_blog = "wp-content/themes/#{slug}/"
 
+        @uri       = Addressable::URI.parse(blog.url(path_from_blog))
+        @style_url = opts[:style_url] || url('style.css')
+
         parse_style
       end
 

app/models/wp_item.rb

@@ -14,7 +14,7 @@ module WPScan
 
       attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data
 
-      delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, to: :blog
+      delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, :head_or_get_params, to: :blog
 
       # @param [ String ] slug The plugin/theme slug
       # @param [ Target ] blog The targeted blog