Detect and output parent theme

lib/common/models/wp_theme.rb

@@ -5,6 +5,7 @@ require 'wp_theme/versionable'
 require 'wp_theme/vulnerable'
 require 'wp_theme/info'
 require 'wp_theme/output'
+require 'wp_theme/childtheme'
 
 class WpTheme < WpItem
   extend WpTheme::Findable
@@ -12,6 +13,7 @@ class WpTheme < WpItem
   include WpTheme::Vulnerable
   include WpTheme::Info
   include WpTheme::Output
+  include WpTheme::Childtheme
 
   attr_writer :style_url
 

lib/common/models/wp_theme/childtheme.rb

@@ -0,0 +1,33 @@
+# encoding: UTF-8
+
+class WpTheme < WpItem
+  module Childtheme
+
+    def is_child_theme?
+      return true unless @theme_template.nil?
+      false
+    end
+
+    def get_parent_theme_style_url
+      if is_child_theme?
+        return style_url.sub("/#{name}/style.css", "/#@theme_template/style.css")
+      end
+      nil
+    end
+
+    def get_parent_theme
+      if is_child_theme?
+        base_url = @uri.clone
+        base_url.path = base_url.path.sub(/(?<url>.*\/)#{Regexp.escape(@wp_content_dir)}\/.+/, '\k<url>')
+        return WpTheme.new(base_url,
+                           {
+                               name: @theme_template,
+                               style_url: get_parent_theme_style_url,
+                               wp_content_dir: @wp_content_dir
+                           })
+      end
+      nil
+    end
+
+  end
+end

wpscan.rb

@@ -194,6 +194,16 @@ def main
       # Theme version is handled in #to_s
       puts green('[+]') + " WordPress theme in use: #{wp_theme}"
       wp_theme.output
+
+      # Check for parent Themes
+      while wp_theme.is_child_theme?
+        parent = wp_theme.get_parent_theme
+        puts
+        puts green('[+]') + " Detected parent theme: #{parent}"
+        parent.output
+        wp_theme = parent
+      end
+
     end
 
     if wpscan_options.enumerate_plugins == nil and wpscan_options.enumerate_only_vulnerable_plugins == nil