Adds an Api Token controller

app/controllers.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'controllers/core'
+require_relative 'controllers/api_token'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'
 require_relative 'controllers/main_theme'

app/controllers/api_token.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Controller
+    # Controller to handle the API token
+    class ApiToken < CMSScanner::Controller::Base
+      def cli_options
+        [
+          OptString.new(['--api-token TOKEN', 'The API Token to display vulnerability data'])
+        ]
+      end
+
+      def before_scan(opts = {})
+        # TODO, validate the token
+        # res = browser.get()
+      end
+    end
+  end
+end

bin/wpscan

@@ -5,6 +5,7 @@ require 'wpscan'
 
 WPScan::Scan.new do |s|
   s.controllers <<
+    WPScan::Controller::ApiToken.new <<
     WPScan::Controller::CustomDirectories.new <<
     WPScan::Controller::InterestingFindings.new <<
     WPScan::Controller::WpVersion.new <<

spec/app/controllers/api_token_spec.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+describe WPScan::Controller::ApiToken do
+  subject(:controller) { described_class.new }
+  let(:target_url)     { 'http://ex.lo/' }
+  let(:cli_args)       { "--url #{target_url}" }
+
+  before do
+    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
+  end
+
+  describe '#cli_options' do
+    its(:cli_options) { should_not be_empty }
+    its(:cli_options) { should be_a Array }
+
+    it 'contains to correct options' do
+      expect(controller.cli_options.map(&:to_sym)).to eq %i[api_token]
+    end
+  end
+
+  describe '#before_scan' do
+    xit
+  end
+end