Uses an enumerator to read wordlist during pwd attack. Fixes #1518

spec/app/controllers/password_attack_spec.rb

@@ -21,7 +21,7 @@ describe WPScan::Controller::PasswordAttack do
 
   describe '#users' do
     context 'when no --usernames' do
-      it 'calles target.users' do
+      it 'calls target.users' do
         expect(controller.target).to receive(:users)
         controller.users
       end
@@ -40,10 +40,6 @@ describe WPScan::Controller::PasswordAttack do
     end
   end
 
-  describe '#passwords' do
-    xit
-  end
-
   describe '#run' do
     context 'when no --passwords is supplied' do
       it 'does not run the attacker' do

spec/app/finders/passwords/xml_rpc_spec.rb

@@ -24,11 +24,13 @@ describe WPScan::Finders::Passwords::XMLRPC do
     </methodResponse>'
 
   describe '#attack' do
+    let(:wordlist_path) { FINDERS_FIXTURES.join('passwords.txt').to_s }
+
     context 'when no valid credentials' do
       before do
         stub_request(:post, url).to_return(status: status, body: RESPONSE_403_BODY)
 
-        finder.attack(users, %w[pwd])
+        finder.attack(users, wordlist_path)
       end
 
       let(:users) { %w[admin].map { |username| WPScan::Model::User.new(username) } }

spec/fixtures/finders/passwords.txt

@@ -0,0 +1 @@
+pwd