Adds wp-cron.php detection - Fixes #1299

app/finders/interesting_findings.rb

@@ -1,4 +1,5 @@
 require_relative 'interesting_findings/readme'
+require_relative 'interesting_findings/wp_cron'
 require_relative 'interesting_findings/multisite'
 require_relative 'interesting_findings/debug_log'
 require_relative 'interesting_findings/backup_db'
@@ -23,7 +24,7 @@ module WPScan
           %w[
             Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
             Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
-            UploadSQLDump EmergencyPwdResetScript
+            UploadSQLDump EmergencyPwdResetScript WPCron
           ].each do |f|
             finders << InterestingFindings.const_get(f).new(target)
           end

app/finders/interesting_findings/wp_cron.rb

@@ -0,0 +1,31 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # wp-cron.php finder
+      class WPCron < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          res = Browser.get(wp_cron_url)
+
+          return unless res.code == 200
+
+          WPScan::WPCron.new(
+            wp_cron_url,
+            confidence: 100,
+            found_by: DIRECT_ACCESS,
+            references: {
+              url: [
+                'https://www.iplocation.net/defend-wordpress-from-ddos',
+                'https://github.com/wpscanteam/wpscan/issues/1299'
+              ]
+            }
+          )
+        end
+
+        def wp_cron_url
+          @wp_cron_url ||= target.url('wp-cron.php')
+        end
+      end
+    end
+  end
+end

app/models/interesting_finding.rb

@@ -42,4 +42,7 @@ module WPScan
 
   class UploadSQLDump < InterestingFinding
   end
+
+  class WPCron < InterestingFinding
+  end
 end

spec/app/finders/interesting_findings/wp_cron_spec.rb

@@ -0,0 +1,30 @@
+describe WPScan::Finders::InterestingFindings::WPCron do
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { WPScan::Target.new(url) }
+  let(:url)        { 'http://ex.lo/' }
+  let(:wp_content) { 'wp-content' }
+
+  before { expect(target).to receive(:sub_dir).at_least(1).and_return(false) }
+
+  describe '#aggressive' do
+    before { stub_request(:get, finder.wp_cron_url).to_return(status: status) }
+
+    context 'when 200' do
+      let(:status) { 200 }
+
+      it 'returns the InterestingFinding' do
+        expect(finder.aggressive).to eql WPScan::WPCron.new(
+          finder.wp_cron_url,
+          confidence: 100,
+          found_by: described_class::DIRECT_ACCESS
+        )
+      end
+    end
+
+    context 'otherwise' do
+      let(:status) { 403 }
+
+      its(:aggressive) { should be_nil }
+    end
+  end
+end