Version 2.9 release

Fixes #873 - mu-plugins detection
Adds a reminder about updating the terminal-table version
2015-10-15 13:01:53 +02:00 · 2015-10-13 13:17:22 +01:00 · 2015-10-13 13:12:12 +01:00 · 2015-10-12 12:57:20 +01:00 · 2015-10-09 19:03:37 +02:00 · 2015-10-07 22:09:23 +01:00
219 changed files with 8127 additions and 68525 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,5 @@ log.txt
 .yardoc
 debug.log
 wordlist.txt
 rspec_results.html
 data/
--- a/.ruby-gemset
+++ b/.ruby-gemset
@@ -0,0 +1 @@
 wpscan
--- a/.ruby-version
+++ b/.ruby-version
@@ -0,0 +1 @@
 2.2.3
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,30 @@
 language: ruby
 sudo: false
 cache: bundler
 rvm:
-  - "1.9.2"
+  - 1.9.2
-  - "1.9.3"
+  - 1.9.3
-  - "2.0.0"
+  - 2.0.0
-script: bundle exec rspec --format documentation
+  - 2.1.0
  - 2.1.1
  - 2.1.2
  - 2.1.3
  - 2.1.4
  - 2.1.5
  - 2.2.0
  - 2.2.1
  - 2.2.2
  - 2.2.3
 before_install:
  - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
 script: bundle exec rspec
 notifications:
  email:
    - team@wpscan.org
 matrix:
  allow_failures:
    - rvm: 1.9.2
 # do not build gh-pages branch
 branches:
  except:
    - gh-pages
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,9 +1,372 @@
 # Changelog
 ## Master
 [Work in progress](https://github.com/wpscanteam/wpscan/compare/2.9...master)
 ## Version 2.9
 Released: 2015-10-15
 New
 * GZIP Encoding in updater
 * Adds --throttle option to throttle requests
 * Uses new API and local database file structure
 * Adds last updated and latest version to plugins and themes
 Removed
 * ArchAssault from README
 * APIv1 local databases
 General core
 * Update to Ruby 2.2.3
 * Use yajl-ruby as JSON parser
 * New dependancy for Ubuntu 14.04 (libgmp-dev)
 * Use Travis container based infra and caching
 Fixed issues
 * Fix #835 - Readme requests to wp root dir
 * Fix #836 - Critical icon output twice when the site is not running WP
 * Fix #839 - Terminal-table dependency is broken
 * Fix #841 - error: undefined method `cells' for #<Array:0x000000029cc2f8>
 * Fix #852 - GZIP Encoding in updater
 * Fix #853 - APIv2 integration
 * Fix #858 - Detection FP
 * Fix #873 - false positive "site has Must Use Plugins"
 WPScan Database Statistics:
 * Total vulnerable versions: 132
 * Total vulnerable plugins:  1170
 * Total vulnerable themes:   368
 * Total version vulnerabilities: 1476
 * Total plugin vulnerabilities:  1913
 * Total theme vulnerabilities:   450
 ## Version 2.8
 Released: 2015-06-22
 New
 * Warn the user to update his DB files
 * Added last db update to --version option (see #815)
 * Add db checksum to verbose logging during update
 * Option to hide banner
 * Continue if user chooses not to update + db exists
 * Don't update if user chooses default + no DBs exist
 * Updates request timeout values to realistic ones (and in seconds)
 Removed
 * Removed `Time.parse('2000-01-01')` expedient
 * Removed unnecessary 'return' and '()'
 * Removed debug output
 * Removed wpstools
 General core
 * Update to Ruby 2.2.2
 * Switch to mitre
 * Install bundler gem README
 * Switch from gnutls to openssl
 Fixed issues
 * Fix #789 - Add blackarch to readme
 * Fix #790 - Consider the target down after 30 requests timed out requests instead of 10
 * Fix #791 - Rogue character causing the scan of non-wordpress site to crash
 * Fix #792 - Adds the HttpError exception
 * Fix #795 - Remove GHOST warning
 * Fix #796 - Do not swallow exit code
 * Fix #797 - Increases the timeout values
 * Fix #801 - Forces UTF-8 encoding when enumerating usernames
 * Fix #803 - Increases default connect-timeout to 10s
 * Fix #804 - Updates the Theme detection pattern
 * Fix #816 - Ignores potential non version chars in theme version detection
 * Fix #819 - Removes potential spaces in robots.txt entries
 WPScan Database Statistics:
 * Total vulnerable versions: 98
 * Total vulnerable plugins:  1076
 * Total vulnerable themes:   361
 * Total version vulnerabilities: 1104
 * Total plugin vulnerabilities:  1763
 * Total theme vulnerabilities:   443
 ## Version 2.7
 Released: 2015-03-16
 New
 * Detects version in release date format
 * Copyrights updated
 * WP version detection from stylesheets
 * New license
 * Global HTTP request counter
 * Add security-protection plugin detection
 * Add GHOST warning if XMLRPC enabled
 * Update databases from wpvulndb.com
 * Enumerate usernames from WP <= 3.0 (thanks berotti3)
 Removed
 * README.txt
 General core
 * Update to Ruby 2.2.1
 * Update to Ruby 2.2.0
 * Add addressable gem
 * Update Typhoeus gem to 0.7.0
 * IDN support: encode non-ascii domain names (thanks dctabuyz)
 * Improve page hash calculation (thanks dctabuyz)
 * Version detection regex improved
 Fixed issues
 * Fix #745 - Plugin version pattern in readme.txt file not detected
 * Fix #746 - Add a global counter for all active requests to server.
 * Fix #747 - Add 'security-protection' plugin to wp_login_protection module
 * Fix #753 - undefined method `round' for "10":String for request or connect timeouts
 * Fix #760 - typhoeus issue (infinite loop)
 WPScan Database Statistics:
 * Total vulnerable versions: 89
 * Total vulnerable plugins:  953
 * Total vulnerable themes:   329
 * Total version vulnerabilities: 1070
 * Total plugin vulnerabilities:  1451
 * Total theme vulnerabilities:   378
 ## Version 2.6
 Released: 2014-12-19
 New
 * Updates the readmes to reflect the new --usernames option
 * Improves plugin/theme version detection by looking at the "Version:"
 * Solution to avoid mandatory blank newline at the end of the wordlist
 * Add check for valid credentials
 * Add Sucuri sponsor to banner
 * Add protocol to sucuri url in banner
 * Add response code to proxy error output
 * Add a statement about mendatory newlines at the end of list
 * Give warning if default username 'admin' is still used
 * License amendment to make it more clear about value added usage
 Removed
 * remove malwares
 * remove malware folder
 * Removes the theme version check from the readme, unrealistic scenario
 General core
 * Update to Ruby 2.1.5 and travis
 * Prevent parent theme infinite loop
 * Fixes the progressbar being overriden by next brute forcing attempts
 Fixed issues
 * Fix UTF-8 encode on security db file download
 * Fix #703 - Disable logging by default. Implement log option.
 * Fix #705 - Installation instructions for Ubuntu < 14.04 apparently incomplete
 * Fix #717 - Expand on readme.html finding output
 * Fix #716 - Adds the --version in the help
 * Fix #715 - Add new updating info to docs
 * Fix #727 - WpItems detection: Perform the passive check and filter only vulnerable results at the end if required
 * Fix #737 - Adds some readme files to check for plugin versions
 * Fix #739 - Adds the --usernames option
 WPScan Database Statistics:
 * Total vulnerable versions: 88
 * Total vulnerable plugins: 901
 * Total vulnerable themes: 313
 * Total version vulnerabilities: 1050
 * Total plugin vulnerabilities: 1355
 * Total theme vulnerabilities: 349
 ## Version 2.5.1
 Released: 2014-09-29
 Fixes reference URL to WPVDB
 ## Version 2.5
 Released: 2014-09-26 (@ BruCON 2014)
 New
 * Exit program after --update
 * Detect directory listing in upload folder
 * Be more verbose when no version can be detected
 * Added detection for Yoast Wordpress SEO plugin
 * Also ensure to not process empty Location headers
 * Ensures a nil location is not processed when enumerating usernames
 * Fix #626 - Detect 'Must_Use_Plugins'
 * better username extraction
 * Add a --cookie option. Ref #485
 * Add a --no-color option
 * Output: Give 'Fixed in' an informational tag
 * Added ArchAssault distro - WPScan comes pre-installed with this distro
 * Layout changes with new colors
 Removed
 * Removes the source code updaters
 * Removes the ListGenerator plugin from WPStools
 * Removes all files from data/
 General core
 * Update docs to reflect new updating logic
 * Little output change and coloring
 * Adds a missing verbose output
 * Re-build redirection url if begin with slash '/'
 * Fixes the remove_conditional_comments function
 * Ensures to give a string to Typhoeus
 * Fix wpstools check-vuln-ref-urls
 * Fix rspecs for new json
 * Only output if different from style_url
 * Add exception so 'ruby wpscan.rb http://domain.com' is detected
 * Added make to Debian installation, which is needed in minimal installation.
 * Add build-essentials requirement to Ubuntu > 14.04
 * Updated installation instr. for GNU/Linux Debian.
 * Changes VersionCompare#is_newer_or_same? by lesser_or_equal?
 * Fixes the location of the robots.txt check
 * Updates the recommended ruby version
 * Rspec 3.0 support
 * Adds ruby 2.1.2 to Travis
 * Updated ruby-progressbar to 1.5.0
 WordPress Fingerprints
 * Adds WP 4.0 fingerprints
 * Adds WP 3.9.2, 3.8.4 & 3.7.4 fingerprints - Ref #652
 * Adds 3.9.1 fingerprints
 Fixed issues
 * Fix #689 - Adds config file to check
 * Fix #694 - Output Arrays
 * Fix #693 - Adds pathname require statement
 * Fix #657 - generate method
 * Fix #685 - Potenial fix for 'marshal data too short' error
 * Fix #686 - Adds specs for relative URI in Location headers
 * Fix #435 - Update license
 * Fix #674 - Improves the Plugins & Themes passive detection
 * Fix #673 - Problem with the output
 * Fix #661 - Don't hash directories named like a file
 * Fix #653 - Fix for infinite loop in wpstools
 * Fix #625 - Only parse styles when needed
 * Fix #481 - Fix for Jetpack plugin false positive
 * Fix #480 - Properly removes the colour sequence from log
 * Fix #472 - WPScan stops after redirection if not WordPress website
 * Fix #464 - Readmes updated to reflect recent changes about the config file & batch mode
 Vulnerabilities
 * geoplaces4 also uses name GeoPlaces4beta
 * Added metasploit module's
 * Added some timthumb detections
 WPScan Database Statistics:
 * Total vulnerable versions: 87
 * Total vulnerable plugins: 854
 * Total vulnerable themes: 303
 * Total version vulnerabilities: 752
 * Total plugin vulnerabilities: 1351
 * Total theme vulnerabilities: 345
 ## Version 2.4
 Released: 2014-04-17
 New
 * '--batch' switch option added - Fix #454
 * Add random-agent
 * Added more CLI options
 * Switch over to nist - Fix #301
 * New choice added when a redirection is detected - Fix #438
 Removed
 * Removed 'Total WordPress Sites in the World' counter from stats
 * Old wpscan repo links removed - Fix #440
 * Fingerprinting Dev script removed
 * Useless code removed
 General core
 * Rspecs update
 * Forcing Travis notify the team
 * Ruby 2.1.1 added to Travis
 * Equal output layout for interaction questions
 * Only output error trace if verbose if enabled
 * Memory improvements during wp-items enumerations
 * Fixed broken link checker, fixed some broken links
 * Couple more 404s fixed
 * Themes & Plugins list updated
 WordPress Fingerprints
 * WP 3.8.2 & 3.7.2 Fingerprints added - Fix #448
 * WP 3.8.3 & 3.7.3 fingerprints
 * WP 3.9 fingerprints
 Fixed issues
 * Fix #380 - Redirects in WP 3.6-3.0
 * Fix #413 - Check the version of the Timthumbs files found
 * Fix #429 - Error WpScan Cache Browser
 * Fix #431 - Version number comparison between '2.3.3' and '0.42b'
 * Fix #439 - Detect if the target goes down during the scan
 * Fix #451 - Do not rely only on files in wp-content for fingerprinting
 * Fix #453 - Documentation or inplemention of option parameters
 * Fix #455 - Fails with a message if the target returns a 403 during the wordpress check
 Vulnerabilities
 * Update WordPress Vulnerabilities
 * Fixed some duplicate vulnerabilities
 WPScan Database Statistics:
 * Total vulnerable versions: 79; 1 is new
 * Total vulnerable plugins: 748; 55 are new
 * Total vulnerable themes: 292; 41 are new
 * Total version vulnerabilities: 617; 326 are new
 * Total plugin vulnerabilities: 1162; 146 are new
 * Total theme vulnerabilities: 330; 47 are new
 ## Version 2.3
 Released: 2014-02-11
 New
 * Brute forcing over https!
 * Detect and output parent theme!
 * Complete fingerprint script & hash search
 * New spell checker!
 * Added database modification dates in status report
 * Added 'Total WordPress Sites in the World' statistics
 * Added separator between Name and Version in Item
 * Added a "Work in progress" URL in the CHANGELOG
 Removed
 * Removed "Exiting!" sentence
 * Removed Backtrack Linux. Not maintained anymore.
 General core
 * Ruby 2.1.0 added to Travis
 * Updated the version of WebMock required
 * Better string concatenation in code (improves speed)
 * Some modifications in the output of an item
 * Output cosmetics
 * rspec-mocks version constraint released
 * Tabs replaced by spaces
 * Rspecs update
 * Indent code cleanup
 * Themes & Plugins lists regenerated
 Vulnerabilities
 * Update WordPress Vulnerabilities
 * Disabled some fake reported vulnerabilities
 * Fixed some duplicate vulnerabilities
 WPScan Database Statistics:
 * Total vulnerable versions: 78; 2 are new
 * Total vulnerable plugins: 693; 83 are new
 * Total vulnerable themes: 251; 55 are new
 * Total version vulnerabilities: 291 17 are new
 * Total plugin vulnerabilities: 1016; 236 are new
 * Total theme vulnerabilities: 283; 79 are new
 WordPress Fingerprints
 * Better fingerprints
 * WP 3.8.1 Fingerprinting
 * WP 3.8 Fingerprinting
 Fixed issues
 * Fix #404 - Brute forcing issue over https
 * Fix #398 - Removed a fake vuln in WP Super Cache
 * Fix #393 - sudo added to the bundle install cmd for Mac OSX
 * Fix #228, #327 - Infinite loop when self-redirect
 * Fix #201 - Incorrect Paramter Parsing when no url was supplied
 ## Version 2.2
 Released: 2013-11-12
-Added
+New
 * Output the vulnerability fix if available
 * Added 'WordPress Version Vulnerability' statistics
 * Added Kali Linux on the list of pre-installed Linux distributions
@@ -82,13 +445,13 @@ Vulnerabilities
 * Update timthumb due to Secunia #54801
 * Added WP vuln: 3.4 - 3.5.1 wp-admin/users.php FPD
-WPScan Databse Statistics:
+WPScan Database Statistics:
-* Total vulnerable versions: 76, 4 are new
+* Total vulnerable versions: 76; 4 are new
-* Total vulnerable plugins: 606, 197 are new
+* Total vulnerable plugins: 610; 201 are new
-* Total vulnerable themes: 194, 45 are new
+* Total vulnerable themes: 196; 47 are new
-* Total version vulnerabilities: 274, 53 are new
+* Total version vulnerabilities: 274; 53 are new
-* Total plugin vulnerabilities: 764, 270 are new
+* Total plugin vulnerabilities: 780; 286 are new
-* Total theme vulnerabilities: 198, 46 are new
+* Total theme vulnerabilities: 204; 52 are new
 Add WP Fingerprints
 * WP 3.7.1 Fingerprinting
--- a/11
+++ b/11
@@ -1,20 +1,21 @@
 **CREDITS**
-This file is to give credit to WPScan's contributors. If you feel your name should be in here, email ryandewhurst at gmail.
+This file is used to state the individual WPScan Team members (core developers) and give credit to WPScan's other contributors. If you feel your name should be in here email team@wpscan.org.
 *WPScan Team*
 Erwan.LR - @erwan_lr - (Project Developer)
 Christian Mehlmauer - @_FireFart_ - (Project Developer)
-Gianluca Brindisi - @gbrindisi (Project Developer)
+Peter van der Laan - pvdl - (Project Developer)
 Ryan Dewhurst - @ethicalhack3r (Project Lead)
 *Other Contributors*
 Henri Salo AKA fgeek - Reported lots of vulnerabilities
 Alip AKA Undead - alip.aswalid at gmail.com
-michee08 - Reported and gave potential solutions to bugs.
+michee08 - Reported and gave potential solutions to bugs
 Callum Pember - Implemented proxy support - callumpember at gmail.com
-g0tmi1k - Additional timthumb checks + bug reports.
+g0tmi1k - Additional timthumb checks + bug reports
 Melvin Lammerts - Reported a couple of fake vulnerabilities - melvin at 12k.nl
 Paolo Perego - @thesp0nge - Basic authentication
-Peter van der Laan - The Vuln Hunter and Code Cleaner
+Gianluca Brindisi - @gbrindisi - Ex Project Developer
--- a/DISCLAIMER.txt
+++ b/DISCLAIMER.txt
@@ -0,0 +1,2 @@
 WPScan is not responsible for misuse or for any damage that you may cause!
 You agree that you use this software at your own risk.
--- a/24
+++ b/24
@@ -1,15 +1,17 @@
-source "https://rubygems.org"
+source 'https://rubygems.org'
-# Seg fault in Typhoeus 0.6.3 (and ethon > 0.5.11) with rspec
+gem 'typhoeus', '~>0.8.0'
-gem "typhoeus", ">=0.6.3"
+gem 'nokogiri'
-gem "nokogiri"
+gem 'addressable'
-gem "json"
+gem 'yajl-ruby' # Better JSON parser regarding memory usage
-gem "terminal-table"
+# TODO: update the below when terminal-table 1.5.3+ is released.
-gem "ruby-progressbar", ">=1.2.0"
+# (and delete the Terminal module in lib/common/hacks.rb)
 gem 'terminal-table', '~>1.4.5'
 gem 'ruby-progressbar', '>=1.6.0'
 group :test do
-  gem "webmock", ">=1.9.3"
+  gem 'webmock', '>=1.17.2'
-  gem "simplecov"
+  gem 'simplecov'
-  gem "rspec", :require => "spec"
+  gem 'rspec', '>=3.3.0'
-  gem "rspec-mocks", "<=2.14.2" # 2.14.3 just messed around :/
+  gem 'rspec-its'
 end
--- a/79
+++ b/79
@@ -1,15 +1,70 @@
-WPScan - WordPress Security Scanner
+WPScan Public Source License
 Copyright (C) 2012-2013
-This program is free software: you can redistribute it and/or modify
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
-This program is distributed in the hope that it will be useful,
+Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
-You should have received a copy of the GNU General Public License
+1. Definitions
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
 1.1 “License” means this document.
 1.2 “Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
 1.3 “WPScan Team” means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
 2. Commercialization
 A commercial use is one intended for commercial advantage or monetary compensation.
 Example cases of commercialization are:
 - Using WPScan to provide commercial managed/Software-as-a-Service services.
 - Distributing WPScan as a commercial product or as part of one.
 - Using WPScan as a value added service/product.
 Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
 - Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
 - Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
 - Using WPScan to test your own systems.
 - Any non-commercial use of WPScan.
 If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
 We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
 Free-use Terms and Conditions;
 3. Redistribution
 Redistribution is permitted under the following conditions:
 - Unmodified License is provided with WPScan.
 - Unmodified Copyright notices are provided with WPScan.
 - Does not conflict with the commercialization clause.
 4. Copying
 Copying is permitted so long as it does not conflict with the Redistribution clause.
 5. Modification
 Modification is permitted so long as it does not conflict with the Redistribution clause.
 6. Contributions
 Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.
 7. Support
 WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.
 8. Disclaimer of Warranty
 WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
 9. Limitation of Liability
 To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.
 10. Disclaimer
 Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
--- a/239
+++ b/239
@@ -1,239 +0,0 @@
 __________________________________________________
 __          _______   _____
 \ \        / /  __ \ / ____|
  \ \  /\  / /| |__) | (___   ___  __ _ _ __
   \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
    \  /\  /  | |     ____) | (__| (_| | | | |
     \/  \/   |_|    |_____/ \___|\__,_|_| |_|
 __________________________________________________
 ==LICENSE==
 WPScan - WordPress Security Scanner
 Copyright (C) 2011-2013 The WPScan Team
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 ryandewhurst at gmail
 ==INSTALL==
  WPScan comes pre-installed on the following Linux distributions:
   * BackBox Linux
   * BackTrack Linux
   * Pentoo
   * SamuraiWTF
  Prerequisites:
   * Windows not supported
   * Ruby >= 1.9.2 - Recommended: 1.9.3
   * Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
   * RubyGems      - Recommended: latest
   * Git
  -> Installing on Debian/Ubuntu:
    sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
  -> Installing on Fedora:
    sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
  -> Installing on Archlinux:
    pacman -Syu ruby
    pacman -Syu libyaml
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
    gem install typhoeus
    gem install nokogiri
  -> Installing on Mac OS X:
    Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
 ==KNOWN ISSUES==
  - Typhoeus segmentation fault:
      Update cURL to version => 7.21 (may have to install from source)
      See http://code.google.com/p/wpscan/issues/detail?id=81
  - Proxy not working:
      Update cURL to version => 7.21.7 (may have to install from source).
      Installation from sources :
        - Grab the sources from http://curl.haxx.se/download.html
        - Decompress the archive
        - Open the folder with the extracted files
        - Run ./configure
        - Run make
        - Run sudo make install
        - Run sudo ldconfig
  - cannot load such file -- readline:
      Run sudo aptitude install libreadline5-dev libncurses5-dev
      Then, open the directory of the readline gem (you have to locate it)
      cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
      ruby extconf.rb
      make
      make install
      See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
  - no such file to load -- rubygems
      Run update-alternatives --config ruby
      And select your ruby version
      See https://github.com/wpscanteam/wpscan/issues/148
 ==WPSCAN ARGUMENTS==
 --update   Update to the latest revision
 --url   | -u <target url>  The WordPress URL/domain to scan.
 --force | -f Forces WPScan to not check if the remote site is running WordPress.
 --enumerate | -e [option(s)]  Enumeration.
  option :
    u        usernames from id 1 to 10
    u[10-20] usernames from id 10 to 20 (you must write [] chars)
    p        plugins
    vp       only vulnerable plugins
    ap       all plugins (can take a long time)
    tt       timthumbs
    t        themes
    vp       only vulnerable themes
    at       all themes (can take a long time)
  Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
  If no option is supplied, the default is 'vt,tt,u,vp'
 --exclude-content-based '<regexp or string>'  Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
                                              You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
 --config-file | -c <config file> Use the specified config file
 --follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
 --wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
 --wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
 --proxy <[protocol://]host:port>  Supply a proxy (will override the one from conf/browser.conf.json).
                                  HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
 --proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).
 --basic-auth <username:password>  Set the HTTP Basic authentication
 --wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
 --threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
 --username | -U <username>  Only brute force the supplied username.
 --help     | -h This help screen.
 --verbose  | -v Verbose output.
 ==WPSCAN EXAMPLES==
 Do 'non-intrusive' checks...
  ruby wpscan.rb --url www.example.com
 Do wordlist password brute force on enumerated users using 50 threads...
  ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
 Do wordlist password brute force on the 'admin' username only...
  ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
 Enumerate installed plugins...
  ruby wpscan.rb --url www.example.com --enumerate p
 Run all enumeration tools...
  ruby wpscan.rb --url www.example.com --enumerate
 Use custom content directory...
  ruby wpscan.rb -u www.example.com --wp-content-dir custom-content
 Update WPScan...
  ruby wpscan.rb --update
 Debug output...
  ruby wpscan.rb --url www.example.com --debug-output 2>debug.log
 ==WPSTOOLS ARGUMENTS==
 --help    | -h   This help screen.
 --Verbose | -v   Verbose output.
 --update  | -u   Update to the latest revision.
 --generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
 --gpl  Alias for --generate_plugin_list
 --check-local-vulnerable-files | --clvf <local directory>  Perform a recursive scan in the <local directory> to find vulnerable files or shells
 ==WPSTOOLS EXAMPLES==
 - Generate a new 'most popular' plugin list, up to 150 pages ...
 ruby wpstools.rb --generate_plugin_list 150
 - Locally scan a wordpress installation for vulnerable files or shells :
 ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/
 ===PROJECT HOME===
 www.wpscan.org
 ===REPOSITORY===
 https://github.com/wpscanteam/wpscan
 ===ISSUES===
 https://github.com/wpscanteam/wpscan/issues
 ===DEVELOPER DOCUMENTATION===
 http://rdoc.info/github/wpscanteam/wpscan/frames
 ===SPONSOR===
 WPScan is sponsored by the RandomStorm Open Source Initiative.
 Visit RandomStorm at http://www.randomstorm.com
--- a/README.md
+++ b/README.md
@@ -1,104 +1,181 @@
-![alt text](http://dvwa.co.uk/images/wpscan_logo_407x80.png "WPScan - WordPress Security Scanner")
+![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/wpscan_logo_407x80.png "WPScan - WordPress Security Scanner")
-[![Build Status](https://travis-ci.org/wpscanteam/wpscan.png?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
+
 [![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
 [![Code Climate](https://img.shields.io/codeclimate/github/wpscanteam/wpscan.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
 [![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/wpscan.svg)](https://gemnasium.com/wpscanteam/wpscan)
 #### LICENSE
-WPScan - WordPress Security Scanner
+#### WPScan Public Source License
 Copyright (C), 2011-2013 The WPScan Team
-This program is free software: you can redistribute it and/or modify
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
-This program is distributed in the hope that it will be useful,
+Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
-You should have received a copy of the GNU General Public License
+##### 1. Definitions
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
-ryandewhurst at gmail
+1.1 "License" means this document.
 1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
 1.3 "WPScan Team" means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
 ##### 2. Commercialization
 A commercial use is one intended for commercial advantage or monetary compensation.
 Example cases of commercialization are:
 - Using WPScan to provide commercial managed/Software-as-a-Service services.
 - Distributing WPScan as a commercial product or as part of one.
 - Using WPScan as a value added service/product.
 Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
 - Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
 - Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
 - Using WPScan to test your own systems.
 - Any non-commercial use of WPScan.
 If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
 We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
 Free-use Terms and Conditions;
 ##### 3. Redistribution
 Redistribution is permitted under the following conditions:
 - Unmodified License is provided with WPScan.
 - Unmodified Copyright notices are provided with WPScan.
 - Does not conflict with the commercialization clause.
 ##### 4. Copying
 Copying is permitted so long as it does not conflict with the Redistribution clause.
 ##### 5. Modification
 Modification is permitted so long as it does not conflict with the Redistribution clause.
 ##### 6. Contributions
 Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.
 ##### 7. Support
 WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.
 ##### 8. Disclaimer of Warranty
 WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
 ##### 9. Limitation of Liability
 To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.
 ##### 10. Disclaimer
 Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
 #### INSTALL
 WPScan comes pre-installed on the following Linux distributions:
 - [BackBox Linux](http://www.backbox.org/)
 - [BackTrack Linux](http://www.backtrack-linux.org/)
 - [Kali Linux](http://www.kali.org/)
 - [Pentoo](http://www.pentoo.ch/)
 - [SamuraiWTF](http://samurai.inguardians.com/)
 - [BlackArch](http://blackarch.org/)
 Prerequisites:
- Windows not supported
+- Ruby >= 1.9.2 - Recommended: 2.2.3
 - Ruby >= 1.9.2 - Recommended: 1.9.3
 - Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
 - RubyGems      - Recommended: latest
 - Git
-*Installing on Debian/Ubuntu:*
+Windows is not supported.
 If installed from Github update the code base with ```git pull```. The databases are updated with ```wpscan.rb --update```.
-```sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev```
+####Installing on Ubuntu:
-```git clone https://github.com/wpscanteam/wpscan.git```
+Before Ubuntu 14.04:
-```cd wpscan```
+    sudo apt-get install libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
-```sudo gem install bundler && bundle install --without test```
+From Ubuntu 14.04:
-*Installing on Fedora:*
+    sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
-```sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel```
+####Installing on Debian:
-```git clone https://github.com/wpscanteam/wpscan.git```
+    sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler
    bundle install --without test --path vendor/bundle
-```cd wpscan```
+####Installing on Fedora:
-```sudo gem install bundler && bundle install --without test```
+    sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
-*Installing on Archlinux:*
+####Installing on Archlinux:
-```pacman -Syu ruby```
+    pacman -Syu ruby
    pacman -Syu libyaml
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
    gem install typhoeus
    gem install nokogiri
-```pacman -Syu libyaml```
+####Installing on Mac OSX:
-```git clone https://github.com/wpscanteam/wpscan.git```
+Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See [http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error](http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error)
-```cd wpscan```
+    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && sudo bundle install --without test
-```sudo gem install bundler && bundle install --without test```
+####Installing with RVM:
-```gem install typhoeus```
+    cd ~
-
+    curl -sSL https://get.rvm.io | bash -s stable
-```gem install nokogiri```
+    source ~/.rvm/scripts/rvm
-
+    echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
-*Installing on Mac OSX:*
+    rvm install 2.2.3
-
+    rvm use 2.2.3 --default
-Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error
+    echo "gem: --no-ri --no-rdoc" > ~/.gemrc
-
+    gem install bundler
-```git clone https://github.com/wpscanteam/wpscan.git```
+    git clone https://github.com/wpscanteam/wpscan.git
-
+    cd wpscan
-```cd wpscan```
+    gem install bundler
-
+    bundle install --without test
 ```sudo gem install bundler && bundle install --without test```
 #### KNOWN ISSUES
  - Typhoeus segmentation fault
      Update cURL to version => 7.21 (may have to install from source)
      See http://code.google.com/p/wpscan/issues/detail?id=81
  - Proxy not working
      Update cURL to version => 7.21.7 (may have to install from source).
      Installation from sources :
-      ```
+
        Grab the sources from http://curl.haxx.se/download.html
        Decompress the archive
        Open the folder with the extracted files
@@ -106,21 +183,21 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
        Run make
        Run sudo make install
        Run sudo ldconfig
-      ```
+
  - cannot load such file -- readline:
-      ```sudo aptitude install libreadline5-dev libncurses5-dev```
+        sudo aptitude install libreadline5-dev libncurses5-dev
      Then, open the directory of the readline gem (you have to locate it)
-      ```
+
        cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
        ruby extconf.rb
        make
        make install
      ```
-      See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
+
      See [http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/](http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/) for more details
  - no such file to load -- rubygems
@@ -128,11 +205,11 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
      And select your ruby version
-      See https://github.com/wpscanteam/wpscan/issues/148
+      See [https://github.com/wpscanteam/wpscan/issues/148](https://github.com/wpscanteam/wpscan/issues/148)
 #### WPSCAN ARGUMENTS
-    --update  Update to the latest revision
+    --update   Update the databases.
    --url   | -u <target url>  The WordPress URL/domain to scan.
@@ -149,13 +226,17 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
        t        themes
        vt       only vulnerable themes
        at       all themes (can take a long time)
-    Multiple values are allowed : '-e tt,p' will enumerate timthumbs and plugins
+      Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
-    If no option is supplied, the default is 'vt,tt,u,vp'
+      If no option is supplied, the default is "vt,tt,u,vp"
-    --exclude-content-based '<regexp or string>'  Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+    --exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
-                                                  You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+                                                 You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
-    --config-file | -c <config file> Use the specified config file
+    --config-file | -c <config file> Use the specified config file, see the example.conf.json
    --user-agent | -a <User-Agent> Use the specified User-Agent
    --random-agent | -r Use a random User-Agent
    --follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
@@ -163,23 +244,39 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
    --wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
-    --proxy <[protocol://]host:port>  Supply a proxy (will override the one from conf/browser.conf.json).
+    --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
-                                      HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
+                                     HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
-    --proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).
+    --proxy-auth <username:password>  Supply the proxy login credentials.
-    --basic-auth <username:password>  Set the HTTP Basic authentication
+    --basic-auth <username:password>  Set the HTTP Basic authentication.
-    --wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
+    --wordlist | -w <wordlist>  Supply a wordlist for the password brute forcer.
-    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)
+    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests.
    --username | -U <username>  Only brute force the supplied username.
    --usernames  <path-to-file>  Only brute force the usernames from the file.
    --cache-ttl <cache-ttl>  Typhoeus cache TTL.
    --request-timeout <request-timeout>  Request Timeout.
    --connect-timeout <connect-timeout>  Connect Timeout.
    --max-threads <max-threads>  Maximum Threads.
    --help     | -h This help screen.
    --verbose  | -v Verbose output.
    --batch Never ask for user input, use the default behavior.
    --no-color Do not use colors in the output.
    --log Save STDOUT to log.txt
 #### WPSCAN EXAMPLES
 Do 'non-intrusive' checks...
@@ -206,7 +303,7 @@ Use custom content directory...
 ```ruby wpscan.rb -u www.example.com --wp-content-dir custom-content```
-Update WPScan...
+Update WPScan's databases...
 ```ruby wpscan.rb --update```
@@ -214,41 +311,26 @@ Debug output...
 ```ruby wpscan.rb --url www.example.com --debug-output 2>debug.log```
 #### WPSTOOLS ARGUMENTS
    --help    | -h   This help screen.
    --Verbose | -v   Verbose output.
    --update  | -u   Update to the latest revision.
    --generate_plugin_list [number of pages]  Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
    --gpl  Alias for --generate_plugin_list
    --check-local-vulnerable-files | --clvf <local directory>  Perform a recursive scan in the <local directory> to find vulnerable files or shells
 #### WPSTOOLS EXAMPLES
 Generate a new 'most popular' plugin list, up to 150 pages...
 ```ruby wpstools.rb --generate_plugin_list 150```
 Locally scan a wordpress installation for vulnerable files or shells :
 ```ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/```
 #### PROJECT HOME
-www.wpscan.org
+[http://www.wpscan.org](http://www.wpscan.org)
 #### VULNERABILITY DATABASE
 [https://wpvulndb.com](https://wpvulndb.com)
 #### GIT REPOSITORY
-https://github.com/wpscanteam/wpscan
+[https://github.com/wpscanteam/wpscan](https://github.com/wpscanteam/wpscan)
 #### ISSUES
-https://github.com/wpscanteam/wpscan/issues
+[https://github.com/wpscanteam/wpscan/issues](https://github.com/wpscanteam/wpscan/issues)
 #### DEVELOPER DOCUMENTATION
-http://rdoc.info/github/wpscanteam/wpscan/frames
+[http://rdoc.info/github/wpscanteam/wpscan/frames](http://rdoc.info/github/wpscanteam/wpscan/frames)
-#### SPONSOR
+#### SPECIAL THANKS
-WPScan is sponsored by the [RandomStorm](http://www.randomstorm.com) Open Source Initiative.
+[RandomStorm](https://www.randomstorm.com)
--- a/conf/browser.conf.json
+++ b/conf/browser.conf.json
@@ -1,65 +0,0 @@
 {
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
  /* Modes :
    static : will use the defined user_agent for each request
    semi-static : will randomly choose a user agent into available_user_agents before each scan
    random : each request will choose a random user agent in available_user_agents
  */
  "user_agent_mode": "static",
  /* Uncomment the "proxy" line to use the proxy
    SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
    If you do not specify the protocol, http will be used
  */
  //"proxy": "127.0.0.1:3128",
  //"proxy_auth": "username:password",
  "cache_ttl": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
  "request_timeout": 2000, // 2s
  "connect_timeout": 1000, // 1s
  "max_threads": 20,
  // Some user_agents can be found there http://techpatterns.com/downloads/firefox/useragentswitcher.xml (thx to Gianluca Brindisi)
  "available_user_agents":
  [
    // Windows
    "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5",
    "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14",
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27",
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1",
    "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)",
    "Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
    "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1",
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6",
    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1",
    "Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0",
    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1",
    "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
    "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)",
    "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)",
    "Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00",
    "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5",
    // MAC
    "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13",
    "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1",
    "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10",
    // Linux
    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1",
    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24",
    "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9",
    "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0",
    "Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0",
    "Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00",
    "Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0"
  ]
 }
--- a/data.zip
+++ b/data.zip
--- a/data/.gitignore
+++ b/data/.gitignore
@@ -0,0 +1,2 @@
 *
 !.gitignore
--- a/data/local_vulnerable_files.xml
+++ b/data/local_vulnerable_files.xml
@@ -1,48 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
  Only he following extensions are scanned : js, php, swf, html, htm
  If you want to add one, modify the variable file_extension_to_scan, line 191 in wpstools.rb
 -->
 <hashes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="local_vulnerable_files.xsd">
  <hash sha1="17c372678aafb3bc1a7b37320b5cc1d8af433527">
    <title>XSS in swfupload.swf</title>
    <file>swfupload.swf</file>
    <reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
  </hash>
  <hash sha1="775dc1089829ef07838406def28a4d8bfef69d66">
    <title>Arbitrary File Upload Vulnerability</title>
    <file>php.php</file>
    <reference>http://packetstormsecurity.com/files/119241/wpvalums-shell.txt</reference>
  </hash>
  <!-- This one a is the same as above, but the postSize verification has been removed -->
  <hash sha1="5e8f0d5a917d2937318a9bafd0529135bd473e70">
    <title>Arbitrary File Upload Vulnerability</title>
    <file>php.php</file>
    <reference>http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt</reference>
  </hash>
  <hash sha1="3f9ad05b05b65ee2b6efa1373f708293dd2005c7">
    <title>Arbitrary File Upload Vulnerability</title>
    <file>uploadify.php</file>
    <reference>http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt</reference>
  </hash>
  <hash sha1="ac638cc38f011b74a8d9a4e7d3d60358e472166c">
    <title>Inline phpinfo()</title>
    <file>phpinfo.php</file>
    <reference>http://php.net/manual/en/function.phpinfo.php</reference>
  </hash>
  <hash sha1="012ee25cceff745e681fbb3697a06f3712f55554">
    <title>phpinfo()</title>
    <file>phpinfo.php</file>
    <reference>http://php.net/manual/en/function.phpinfo.php</reference>
  </hash>
 </hashes>
--- a/data/local_vulnerable_files.xsd
+++ b/data/local_vulnerable_files.xsd
@@ -1,40 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <xs:simpleType name="stringtype">
    <xs:restriction base="xs:string">
      <xs:minLength value="1" />
    </xs:restriction>
  </xs:simpleType>
  <xs:simpleType name="uritype">
    <xs:restriction base="xs:anyURI">
      <xs:minLength value="1" />
    </xs:restriction>
  </xs:simpleType>
  <xs:simpleType name="sha1type">
    <xs:restriction base="stringtype">
      <xs:pattern value="[0-9a-f]{40}"/>
    </xs:restriction>
  </xs:simpleType>
  <xs:complexType name="hashtype">
    <xs:sequence minOccurs="1" maxOccurs="1">
      <xs:element name="title" type="stringtype"/>
      <xs:element name="file" type="stringtype"/>
      <xs:element name="reference" type="uritype"/>
    </xs:sequence>
    <xs:attribute type="sha1type" name="sha1" use="required"/>
  </xs:complexType>
  <xs:element name="hashes">
    <xs:complexType>
      <xs:sequence>
        <xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
 </xs:schema>
--- a/data/malwares.txt
+++ b/data/malwares.txt
@@ -1,3 +0,0 @@
 http://.*\.rr\.nu
 http://www\.thesea\.org/media\.php
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
--- a/data/plugins.txt
+++ b/data/plugins.txt
--- a/data/plugins_full.txt
+++ b/data/plugins_full.txt
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
--- a/data/themes.txt
+++ b/data/themes.txt
@@ -1,300 +0,0 @@
 2013-black-and-white
 academica
 accessible-zen
 adamos
 adelle
 admired
 adventure
 adventure-journal
 aldehyde
 alexandria
 alhena-lite
 analytical-lite
 andrina-lite
 annotum-base
 ascetica
 aspen
 atahualpa
 atheros
 attitude
 attorney
 autofocus
 beach
 birdsite
 birdtips
 biznez-lite
 bizstudio-lite
 bizway
 black-rider
 blackbird
 blain
 blankslate
 blogbox
 blogolife
 bold-headline
 boldr-lite
 book-lite
 boot-store
 bota
 bouquet
 bresponzive
 bueno
 business-lite
 busiprof
 buzz
 careta
 carton
 catch-box
 catch-everest
 catch-evolution
 cazuela
 celebrate
 celestial-lite
 central
 chaostheory
 cherry-blossom
 childishly-simple
 church
 clean-black
 clean-retina
 coller
 colorway
 contango
 coraline
 corpo
 custom-community
 customizr
 cyberchimps
 cycnus
 d5-business-line
 d5-design
 d5-socialia
 dailypost
 decode
 delicate
 delighted
 designfolio
 destro
 deux-milles-douze
 discover
 dms
 duena
 dusk-to-dawn
 duster
 dw-minion
 easel
 eclipse
 elegantwhite
 emphaino
 encounters-lite
 engrave-lite
 epic
 esplanade
 espressionista
 esquire
 estate
 evolve
 expound
 fashionistas
 fine
 firmasite
 fluxipress
 focus
 forever
 frisco-for-buddypress
 frontier
 fruitful
 futuristica
 gamepress
 golden-eagle-lite
 graphene
 greenpage
 gridiculous
 gridster-lite
 hannari
 hatch
 hazen
 heatmap-adaptive
 hero
 hiero
 highwind
 hostmarks
 houston
 hro
 hybrid
 iconic-one
 icy
 ifeature
 imag-mag
 impressio-lite
 impulse
 infoway
 innovative
 intuition
 irex-lite
 iribbon
 kabbo
 klasik
 koenda
 lamya
 landscape
 leaf
 litesta
 lobster
 local-business
 lugada
 luminescence-lite
 magazine
 magazine-basic
 magazine-style
 magazino
 manchester
 mantra
 marla
 max-magazine
 melany
 mh-magazine-lite
 minimatica
 minimize
 mixfolio
 modern-estate
 mon-cahier
 montezuma
 multipurpose
 my-depressive
 my-world-with-grass-and-dew
 mystique
 narga
 neuro
 newp
 next-saturday
 omega
 openstrap
 opulus-sombre
 origami
 origin
 oxygen
 p2
 p2-categories
 pagelines
 parabola
 parament
 path
 phonix
 photographic
 photolistic
 photologger
 pilcrow
 pilot-fish
 pinbin
 pinboard
 pink-touch-2
 pitch
 platform
 point
 portfolio-press
 pr-news
 prana
 preference-lite
 quark
 r2d2
 raindrops
 raptor
 raven
 response
 responsive
 restaurateur
 retro
 road-fighter
 ryu
 sampression-lite
 sensitive
 serene
 shprink-one
 silverclean-lite
 simple-and-clean
 simple-catch
 simpleo
 simplicity-lite
 simplify
 sixteen
 sliding-door
 small-business
 snaps
 snapshot
 snowblind
 socially-awkward
 spartan
 spasalon
 spine
 spun
 squirrel
 startupwp
 steira
 strapvert
 striker
 suevafree
 suffusion
 suits
 sukelius-magazine
 sundance
 sunny-blue-sky
 sunspot
 supernova
 surfarama
 sweet-tech
 swift-basic
 tampa
 target
 teal
 terrifico
 tesla
 the-bootstrap
 thematic
 themia-lite
 theron-lite
 timeturner
 tiny-forge
 tonic
 toolbox
 travel-blogger
 travelify
 tribbiani
 twentyeleven
 twentyten
 twentythirteen
 twentytwelve
 unique
 untitled
 uptown
 vantage
 viper
 virtue
 visitpress
 visual
 vortex
 voyage
 ward
 weaver-ii
 wordpost
 wp-creativix
 wp-flatthirteen
 wp-knowledge-base
 wp-opulus
 xin-magazine
 yoko
 zalive
 zbench
 zeebizzcard
 zeebusiness
 zeedynamic
 zeeflow
 zeefocus
 zeemagazine
 zeeminty
 zeenews
 zeenoble
 zeestyle
 zeesynergie
 zeetasty
 zenon-lite
--- a/data/themes_full.txt
+++ b/data/themes_full.txt
--- a/data/timthumbs.txt
+++ b/data/timthumbs.txt
--- a/data/vuln.xsd
+++ b/data/vuln.xsd
@@ -1,106 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <xs:simpleType name="stringtype">
    <xs:restriction base="xs:string">
      <xs:minLength value="1" />
    </xs:restriction>
  </xs:simpleType>
  <xs:simpleType name="inttype">
    <xs:restriction base="xs:positiveInteger" />
  </xs:simpleType>
  <xs:simpleType name="uritype">
    <xs:restriction base="xs:anyURI">
      <xs:minLength value="1" />
    </xs:restriction>
  </xs:simpleType>
  <xs:simpleType name="cvetype">
    <xs:restriction base="xs:token">
      <xs:pattern value="[0-9]{4}-[0-9]{4,}"/>
    </xs:restriction>
  </xs:simpleType>
  <xs:simpleType name="typetype">
    <xs:restriction base="stringtype">
      <xs:enumeration value="SQLI"/>
      <xs:enumeration value="MULTI"/>
      <xs:enumeration value="REDIRECT"/>
      <xs:enumeration value="RCE"/>
      <xs:enumeration value="RFI"/>
      <xs:enumeration value="LFI"/>
      <xs:enumeration value="UPLOAD"/>
      <xs:enumeration value="UNKNOWN"/>
      <xs:enumeration value="XSS"/>
      <xs:enumeration value="CSRF"/>
      <xs:enumeration value="SSRF"/>
      <xs:enumeration value="AUTHBYPASS"/>
      <xs:enumeration value="FPD"/>
      <xs:enumeration value="XXE"/>
    </xs:restriction>
  </xs:simpleType>
  <xs:complexType name="itemtype">
    <xs:sequence minOccurs="1" maxOccurs="unbounded">
      <xs:element name="vulnerability" type="vulntype" />
    </xs:sequence>
    <xs:attribute type="stringtype" name="name" use="required"/>
  </xs:complexType>
  <xs:complexType name="wordpresstype">
    <xs:sequence minOccurs="1" maxOccurs="unbounded">
      <xs:element name="vulnerability" type="vulntype"/>
    </xs:sequence>
    <xs:attribute type="stringtype" name="version" use="required"/>
  </xs:complexType>
  <xs:complexType name="vulntype">
    <xs:sequence minOccurs="1" maxOccurs="unbounded">
      <xs:choice>
        <xs:element name="title" type="stringtype"/>
        <xs:element name="type" type="typetype"/>
        <xs:element name="fixed_in" type="stringtype"/>
        <xs:element name="references" type="referencetype"/>
      </xs:choice>
    </xs:sequence>
  </xs:complexType>
  <xs:complexType name="referencetype">
    <xs:sequence minOccurs="1" maxOccurs="unbounded">
      <xs:choice>
        <xs:element name="url" type="uritype" minOccurs="0" maxOccurs="unbounded"/>
        <xs:element name="cve" type="cvetype" minOccurs="0" maxOccurs="unbounded"/>
        <xs:element name="secunia" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
        <xs:element name="osvdb" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
        <xs:element name="metasploit" type="stringtype" minOccurs="0" maxOccurs="unbounded"/>
        <xs:element name="exploitdb" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
      </xs:choice>
    </xs:sequence>
  </xs:complexType>
  <xs:element name="vulnerabilities">
    <xs:complexType>
      <xs:choice>
        <xs:element name="plugin" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
        <xs:element name="theme" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
        <xs:element name="wordpress" type="wordpresstype" maxOccurs="unbounded" minOccurs="0"/>
      </xs:choice>
    </xs:complexType>
    <xs:unique name="uniquePlugin">
      <xs:selector xpath="plugin"/>
      <xs:field xpath="@name"/>
    </xs:unique>
    <xs:unique name="uniqueTheme">
      <xs:selector xpath="theme"/>
      <xs:field xpath="@name"/>
    </xs:unique>
    <xs:unique name="uniqueWordpress">
      <xs:selector xpath="wordpress"/>
      <xs:field xpath="@version"/>
    </xs:unique>
  </xs:element>
 </xs:schema>
--- a/data/wp_versions.xml
+++ b/data/wp_versions.xml
@@ -1,223 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
  This file contains identification data to identify WordPress versions.
  http://wordpress.org/download/release-archive/
  Position is important, DO NOT change anything unless you know what you are doing :p
 -->
 <wp-versions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:noNamespaceSchemaLocation="wp_versions.xsd">
  <file src="wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin_src.js">
    <hash md5="5d01c0e812cdcd6356b78ee0cb4e5426">
      <version>3.7.1</version>
    </hash>
  </file>
  <file src="wp-includes/js/jquery/jquery.form.js">
    <hash md5="e5afd8e41d2ec22c19932b068cd90a71">
      <version>3.7</version>
    </hash>
  </file>
  <file src="wp-admin/js/common.js">
    <hash md5="03eaffeef39119f0523a49c7f9767f3b">
      <version>3.6.1</version>
    </hash>
    <hash md5="4516252d47a73630280869994d510180">
      <version>3.3</version>
    </hash>
  </file>
  <file src="wp-includes/js/jquery/jquery.js">
    <hash md5="9dcde2d5e8aeda556a0c52239fa2f44c">
      <version>3.6</version>
    </hash>
  </file>
  <file src="wp-includes/js/tinymce/tiny_mce.js">
    <hash md5="eddb5fda74d41dbdac018167536d8d53">
      <version>3.5.2</version>
    </hash>
    <hash md5="6e79ab6d786c5c95920064add33ee599">
      <version>3.5.1</version>
    </hash>
    <hash md5="55cd8e5ceca9c1763b1401164d70df50">
      <version>3.5</version>
    </hash>
  </file>
  <file src="wp-includes/js/wp-lists.js">
    <hash md5="46e1341cd4ea49f31046f7d7962adc7f">
      <version>3.4.2</version>
    </hash>
  </file>
  <file src="wp-includes/js/customize-preview.js">
    <hash md5="617d9fd858e117c7d1d087be168b5643">
      <version>3.4.1</version>
    </hash>
    <hash md5="da36bc2dfcb13350c799b62de68dfa4b">
      <version>3.4</version>
    </hash>
    <hash md5="a8a259fc5197a78ffe62d6be38dc52f8">
      <version>3.4-beta4</version>
    </hash>
  </file>
  <file src="wp-includes/js/plupload/plupload.js">
    <hash md5="85199c05db63fcb5880de4af8be7b571">
      <version>3.3.2</version>
    </hash>
  </file>
  <file src="$wp-content$/themes/twentyeleven/style.css">
    <!-- same md5 for 3.3.2 -->
    <hash md5="030d3bac906ba69e9fbc99c5bac54a8e">
      <version>3.3.1</version>
    </hash>
  </file>
  <file src="wp-admin/js/wp-fullscreen.js">
    <hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
      <version>3.2.1</version>
    </hash>
    <hash md5="7b423e0b7c9221092737ad5271d09863">
      <version>3.2</version>
    </hash>
  </file>
  <file src="wp-includes/css/admin-bar.css">
    <hash md5="181250fab3a7e2549a7e7fa21c2e6079">
      <version>3.1</version>
    </hash>
  </file>
  <file src="$wp-content$/themes/twentyten/style.css">
    <hash md5="6211e2ac1463bf99e98f28ab63e47c54">
      <version>3.0</version>
    </hash>
  </file>
  <file src="$wp-plugins$/akismet/readme.txt">
    <hash md5="4d5e52da417aa0101054bd41e6243389">
      <version>2.8.6</version>
    </hash>
    <hash md5="58e086dea9d24ed074fe84ba87386c69">
      <version>2.8.5</version>
    </hash>
    <hash md5="48c52025b5f28731e9a0c864c189c2e7">
      <version>2.8.2</version>
    </hash>
  </file>
  <file src="wp-includes/js/wp-ajax-response.js">
    <hash md5="0289d1c13821599764774d55516ab81a">
      <version>2.7.1</version>
    </hash>
  </file>
  <file src="wp-includes/js/thickbox/thickbox.css">
    <hash md5="9c2bd2be0893adbe02a0f864526734c2">
      <version>2.7</version>
    </hash>
  </file>
  <file src="wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js">
    <hash md5="5b140ddf0f08034402ae78b31d8a1a28">
      <version>2.6</version>
    </hash>
  </file>
  <file src="wp-includes/js/tinymce/themes/advanced/js/image.js">
    <hash md5="088245408531c58bb52cc092294cc384">
      <version>2.5.1</version>
    </hash>
  </file>
  <file src="wp-includes/js/tinymce/themes/advanced/js/link.js">
    <hash md5="19c6f3118728c38eb7779aab4847d2d9">
      <version>2.5</version>
    </hash>
  </file>
  <file src="wp-includes/js/wp-ajax.js">
    <hash md5="c5dbce0c3232c477033e0ce486c62755">
      <version>2.2</version>
    </hash>
  </file>
  <file src="$wp-content$/themes/default/style.css">
    <hash md5="e44545f529a54de88209ce588676231c">
      <version>2.0.1</version>
    </hash>
    <hash md5="f786f66d3a40846aa22dcdfeb44fa562">
      <version>2.0</version>
    </hash>
  </file>
  <file src="wp-layout.css">
    <hash md5="7140e06c00ed03d2bb3dad7672557510">
      <version>1.2.1</version>
    </hash>
    <hash md5="1bcc9253506c067eb130c9fc4f211a2f">
      <version>1.2-delta</version>
    </hash>
  </file>
  <file src="layout2b.css">
    <hash md5="baec6b6ccbf71d8dced9f1bf67c751e1">
      <version>0.71-gold</version>
    </hash>
  </file>
 </wp-versions>
--- a/data/wp_versions.xsd
+++ b/data/wp_versions.xsd
@@ -1,39 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
  <xs:simpleType name="stringtype">
    <xs:restriction base="xs:string">
      <xs:minLength value="1" />
    </xs:restriction>
  </xs:simpleType>
  <xs:complexType name="filetype">
    <xs:sequence>
      <xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
    </xs:sequence>
    <xs:attribute type="stringtype" name="src" use="required"/>
  </xs:complexType>
  <xs:simpleType name="md5type">
    <xs:restriction base="stringtype">
      <xs:pattern value="[0-9a-f]{32}"/>
    </xs:restriction>
  </xs:simpleType>
  <xs:complexType name="hashtype">
    <xs:sequence minOccurs="1" maxOccurs="1">
      <xs:element name="version" type="stringtype"/>
    </xs:sequence>
    <xs:attribute type="md5type" name="md5" use="required"/>
  </xs:complexType>
  <xs:element name="wp-versions">
    <xs:complexType>
      <xs:sequence>
        <xs:element name="file" type="filetype" maxOccurs="unbounded" minOccurs="0"/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
 </xs:schema>
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
--- a/dev/pre-commit-hook.rb
+++ b/dev/pre-commit-hook.rb
@@ -0,0 +1,41 @@
 #!/usr/bin/env ruby
 # from the top level dir:
 # ln -sf ../../dev/pre-commit-hook.rb .git/hooks/pre-commit
 require 'pty'
 html_path = 'rspec_results.html'
 begin
  PTY.spawn( "rspec spec --format h > #{html_path}" ) do |stdin, stdout, pid|
    begin
      stdin.each { |line| print line }
    rescue Errno::EIO => e
      puts "Error: #{e.to.s}"
      return 1
    end
  end
 rescue PTY::ChildExited
  puts 'Child process exit!'
 end
 # find out if there were any errors
 html = open(html_path).read
 examples = html.match(/(\d+) examples/)[0].to_i rescue 0
 errors = html.match(/(\d+) errors/)[0].to_i rescue 0
 if errors == 0
  errors = html.match(/(\d+) failure/)[0].to_i rescue 0
 end
 pending = html.match(/(\d+) pending/)[0].to_i rescue 0
 if errors.zero?
  puts "0 failed! #{examples} run, #{pending} pending"
  sleep 1
  exit 0
 else
  puts "\aCOMMIT FAILED!!"
  puts "View your rspec results at #{File.expand_path(html_path)}"
  puts
  puts "#{errors} failed! #{examples} run, #{pending} pending"
  exit 1
 end
--- a/example.conf.json
+++ b/example.conf.json
@@ -0,0 +1,18 @@
 {
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
    /* Uncomment the "proxy" line to use the proxy
        SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
        If you do not specify the protocol, http will be used
    */
    //"proxy": "127.0.0.1:3128",
    //"proxy_auth": "username:password",
    "cache_ttl": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
    "request_timeout": 60, // 1min
    "connect_timeout": 10, // 10s
    "max_threads": 20
 }
--- a/lib/common/browser.rb
+++ b/lib/common/browser.rb
@@ -9,30 +9,36 @@ class Browser
  include Browser::Options
  OPTIONS = [
    :available_user_agents,
    :basic_auth,
    :cache_ttl,
    :max_threads,
    :user_agent,
    :user_agent_mode,
    :proxy,
    :proxy_auth,
    :request_timeout,
-    :connect_timeout
+    :connect_timeout,
    :cookie,
    :throttle
  ]
  @@instance = nil
-  attr_reader :hydra, :config_file, :cache_dir
+  attr_reader :hydra, :cache_dir
  attr_accessor :referer, :cookie, :vhost
  # @param [ Hash ] options
  #
  # @return [ Browser ]
  def initialize(options = {})
-    @config_file = options[:config_file] || CONF_DIR + '/browser.conf.json'
+    @cache_dir   = options[:cache_dir] || CACHE_DIR + '/browser'
    @cache_dir   = options[:cache_dir]   || CACHE_DIR + '/browser'
-    load_config
+    # sets browser defaults
    browser_defaults
    # load config file
    conf = options[:config_file]
    load_config(conf) if conf
    # overrides defaults with user supplied values (overwrite values from config)
    override_config(options)
    unless @hydra
@@ -61,6 +67,20 @@ class Browser
    @@instance = nil
  end
  #
  # sets browser default values
  #
  def browser_defaults
    @max_threads     = 20
    # 10 minutes, at this time the cache is cleaned before each scan.
    # If this value is set to 0, the cache will be disabled
    @cache_ttl       = 600
    @request_timeout = 60 # 60s
    @connect_timeout = 10 # 10s
    @user_agent      = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
    @throttle        = 0
  end
  #
  # If an option was set but is not in the new config_file
  # it's value is kept
@@ -69,17 +89,14 @@ class Browser
  #
  # @return [ void ]
  def load_config(config_file = nil)
-    @config_file = config_file || @config_file
+    if File.symlink?(config_file)
    if File.symlink?(@config_file)
      raise '[ERROR] Config file is a symlink.'
    else
-      data = JSON.parse(File.read(@config_file))
+      data = JSON.parse(File.read(config_file))
    end
    OPTIONS.each do |option|
      option_name = option.to_s
      unless data[option_name].nil?
        self.send(:"#{option_name}=", data[option_name])
      end
@@ -101,15 +118,12 @@ class Browser
    params = Browser.append_params_header_field(
      params,
      'User-Agent',
-      self.user_agent
+      @user_agent
    )
    if @proxy
-      params = params.merge(proxy: @proxy)
+      params.merge!(proxy: @proxy)
-
+      params.merge!(proxyauth: @proxy_auth) if @proxy_auth
      if @proxy_auth
        params = params.merge(proxyauth: @proxy_auth)
      end
    end
    if @basic_auth
@@ -120,18 +134,23 @@ class Browser
      )
    end
-    if @request_timeout
+    if vhost
-      params = params.merge(timeout: @request_timeout)
+      params = Browser.append_params_header_field(
        params,
        'Host',
        vhost
      )
    end
-    if @connect_timeout
+    params.merge!(referer: referer)
-      params = params.merge(connecttimeout: @connect_timeout)
+    params.merge!(timeout: @request_timeout) if @request_timeout
-    end
+    params.merge!(connecttimeout: @connect_timeout) if @connect_timeout
    # Used to enable the cache system if :cache_ttl > 0
-    unless params.has_key?(:cache_ttl)
+    params.merge!(cache_ttl: @cache_ttl) unless params.key?(:cache_ttl)
-      params = params.merge(cache_ttl: @cache_ttl)
+
-    end
+    # Prevent infinite self redirection
    params.merge!(maxredirs: 3) unless params.key?(:maxredirs)
    # Disable SSL-Certificate checks
    params.merge!(ssl_verifypeer: false)
@@ -139,6 +158,7 @@ class Browser
    params.merge!(cookiejar: @cache_dir + '/cookie-jar')
    params.merge!(cookiefile: @cache_dir + '/cookie-jar')
    params.merge!(cookie: @cookie) if @cookie
    params
  end
@@ -158,5 +178,4 @@ class Browser
    end
    params
  end
 end
--- a/lib/common/browser/options.rb
+++ b/lib/common/browser/options.rb
@@ -3,10 +3,8 @@
 class Browser
  module Options
-    USER_AGENT_MODES = %w{ static semi-static random }
+    attr_accessor :cache_ttl, :request_timeout, :connect_timeout
-
+    attr_reader   :basic_auth, :proxy, :proxy_auth, :throttle
    attr_accessor :available_user_agents, :cache_ttl, :request_timeout, :connect_timeout
    attr_reader   :basic_auth, :user_agent_mode, :proxy, :proxy_auth
    attr_writer   :user_agent
    # Sets the Basic Authentification credentials
@@ -41,42 +39,6 @@ class Browser
      end
    end
    # Sets the user_agent_mode, which can be one of the following:
    #   static:      The UA is defined by the user, and will be the same in each requests
    #   semi-static: The UA is randomly chosen at the first request, and will not change
    #   random:      UA randomly chosen each request
    #
    # UA are from @available_user_agents
    #
    # @param [ String ] ua_mode
    #
    # @return [ void ]
    def user_agent_mode=(ua_mode)
      ua_mode ||= 'static'
      if USER_AGENT_MODES.include?(ua_mode)
        @user_agent_mode = ua_mode
        # For semi-static user agent mode, the user agent has to
        # be nil the first time (it will be set with the getter)
        @user_agent = nil if ua_mode === 'semi-static'
      else
        raise "Unknow user agent mode : '#{ua_mode}'"
      end
    end
    # @return [ String ] The user agent, according to the user_agent_mode
    def user_agent
      case @user_agent_mode
      when 'semi-static'
        unless @user_agent
          @user_agent = @available_user_agents.sample
        end
      when 'random'
        @user_agent = @available_user_agents.sample
      end
      @user_agent
    end
    # Sets the proxy
    # Accepted format:
    #   [protocol://]host:post
@@ -120,7 +82,7 @@ class Browser
    #
    # @return [ void ]
    def request_timeout=(timeout)
-      @request_timeout = timeout
+      @request_timeout = timeout.to_i
    end
    # Sets the connect timeout
@@ -128,7 +90,12 @@ class Browser
    #
    # @return [ void ]
    def connect_timeout=(timeout)
-      @connect_timeout = timeout
+      @connect_timeout = timeout.to_i
    end
    # @param [ String, Integer ] throttle
    def throttle=(throttle)
      @throttle = throttle.to_i.abs / 1000.0
    end
    protected
@@ -148,6 +115,5 @@ class Browser
        end
      end
    end
  end
 end
--- a/lib/common/cache_file_store.rb
+++ b/lib/common/cache_file_store.rb
@@ -9,17 +9,19 @@
 #
 require 'yaml'
 require 'fileutils'
 class CacheFileStore
-  attr_reader :storage_path, :serializer
+  attr_reader :storage_path, :cache_dir, :serializer
  # The serializer must have the 2 methods .load and .dump
  #   (Marshal and YAML have them)
  # YAML is Human Readable, contrary to Marshal which store in a binary format
  # Marshal does not need any "require"
  def initialize(storage_path, serializer = Marshal)
-    @storage_path = File.expand_path(storage_path)
+    @cache_dir    = File.expand_path(storage_path)
-    @serializer = serializer
+    @storage_path = File.expand_path(File.join(storage_path, storage_dir))
    @serializer   = serializer
    # File.directory? for ruby <= 1.9 otherwise,
    # it makes more sense to do Dir.exist? :/
@@ -29,16 +31,22 @@ class CacheFileStore
  end
  def clean
-    Dir[File.join(@storage_path, '*')].each do |f|
+    # clean old directories
-      File.delete(f) unless File.symlink?(f)
+    Dir[File.join(@cache_dir, '*')].each do |f|
      if File.directory?(f)
        # delete directory if create time is older than 4 hours
        FileUtils.rm_rf(f) if File.mtime(f) < (Time.now - (60*240))
      else
        File.delete(f) unless File.symlink?(f)
      end
    end
  end
  def read_entry(key)
-    entry_file_path = get_entry_file_path(key)
+    begin
-
+      @serializer.load(File.read(get_entry_file_path(key)))
-    if File.exists?(entry_file_path)
+    rescue
-      return @serializer.load(File.read(entry_file_path))
+      nil
    end
  end
@@ -58,4 +66,11 @@ class CacheFileStore
    File::join(@storage_path, key)
  end
  def storage_dir
    time   = Time.now
    random = (0...8).map { (65 + rand(26)).chr }.join
    Digest::MD5.hexdigest("#{time}#{random}")
  end
 end
--- a/lib/common/collections/vulnerabilities/output.rb
+++ b/lib/common/collections/vulnerabilities/output.rb
@@ -3,9 +3,9 @@
 class Vulnerabilities < Array
  module Output
-    def output
+    def output(verbose = false)
      self.each do |v|
-        v.output
+        v.output(verbose)
      end
    end
--- a/lib/common/collections/wp_items.rb
+++ b/lib/common/collections/wp_items.rb
@@ -14,7 +14,7 @@ class WpItems < Array
    self.wp_target = wp_target
  end
-  # @param [String,] argv
+  # @param [String] args
  #
  # @return [ void ]
  def add(*args)
@@ -67,6 +67,7 @@ class WpItems < Array
  end
  protected
  # @return [ Class ]
  def item_class
    Object.const_get(self.class.to_s.gsub(/.$/, ''))
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -17,15 +17,13 @@ class WpItems < Array
      hydra            = browser.hydra
      targets          = targets_items(wp_target, options)
      progress_bar     = progress_bar(targets.size, options)
      queue_count      = 0
      exist_options    = {
        error_404_hash:  wp_target.error_404_hash,
        homepage_hash:   wp_target.homepage_hash,
        exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil
      }
-
+      results          = passive_detection(wp_target, options)
      # If we only want the vulnerable ones, the passive detection is ignored
      # Otherwise, a passive detection is performed, and results will be merged
      results = options[:only_vulnerable] ? new : passive_detection(wp_target, options)
      targets.each do |target_item|
        request = browser.forge_request(target_item.url, request_params)
@@ -34,20 +32,27 @@ class WpItems < Array
          progress_bar.progress += 1 if options[:show_progression]
          if target_item.exists?(exist_options, response)
-            if !results.include?(target_item)
+            results << target_item unless results.include?(target_item)
              if !options[:only_vulnerable] || options[:only_vulnerable] && target_item.vulnerable?
                results << target_item
              end
            end
          end
        end
        hydra.queue(request)
        queue_count += 1
        if queue_count >= browser.max_threads
          hydra.run
          queue_count = 0
          puts "Sent #{browser.max_threads} requests ..." if options[:verbose]
        end
      end
      # run the remaining requests
      hydra.run
      results.select!(&:vulnerable?) if options[:type] == :vulnerable
      results.sort!
-      results # can't just return results.sort because the #sort returns an array, and we want a WpItems
+
      results  # can't just return results.sort as it would return an array, and we want a WpItems
    end
    # @param [ Integer ] targets_size
@@ -71,13 +76,31 @@ class WpItems < Array
    #
    # @return [ WpItems ]
    def passive_detection(wp_target, options = {})
-      results  = new(wp_target)
+      results = new(wp_target)
      body     = Browser.get(wp_target.url).body
      # improves speed
-      body     = remove_base64_images_from_html(body)
+      body    = remove_base64_images_from_html(Browser.get(wp_target.url).body)
-      names    = body.scan(passive_detection_pattern(wp_target))
+      page    = Nokogiri::HTML(body)
      names   = []
-      names.flatten.uniq.each { |name| results.add(name) }
+      page.css('link,script,style').each do |tag|
        %w(href src).each do |attribute|
          attr_value = tag.attribute(attribute).to_s
          next unless attr_value
          names << Regexp.last_match[1] if attr_value.match(attribute_pattern(wp_target))
        end
        next unless tag.name == 'script' || tag.name == 'style'
        code = tag.text.to_s
        next if code.empty?
        code.scan(code_pattern(wp_target)).flatten.uniq.each do |item_name|
          names << item_name
        end
      end
      names.uniq.each { |name| results.add(name) }
      results.sort!
      results
@@ -88,13 +111,29 @@ class WpItems < Array
    # @param [ WpTarget ] wp_target
    #
    # @return [ Regex ]
-    def passive_detection_pattern(wp_target)
+    def item_pattern(wp_target)
-      type   = self.to_s.gsub(/Wp/, '').downcase
+      type = to_s.gsub(/Wp/, '').downcase
-      regex1 = %r{(?:[^=:\(]+)\s?(?:=|:|\()\s?(?:"|')[^"']+\\?/}
+      wp_content_dir = wp_target.wp_content_dir
-      regex2 = %r{\\?/}
+      wp_content_url = wp_target.uri.merge(wp_content_dir).to_s
      regex3 = %r{\\?/([^/\\"']+)\\?(?:/|"|')}
-      /#{regex1}#{Regexp.escape(wp_target.wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/i
+      url = /#{wp_content_url.gsub(%r{\A(?:http|https)}, 'https?').gsub('/', '\\\\\?\/')}/i
      content_dir = %r{(?:#{url}|\\?\/\\?\/?#{wp_content_dir})}i
      %r{#{content_dir}\\?/#{type}\\?/}
    end
    # @param [ WpTarget ] wp_target
    #
    # @return [ Regex ]
    def attribute_pattern(wp_target)
      /\A#{item_pattern(wp_target)}([^\/]+)/i
    end
    # @param [ WpTarget ] wp_target
    #
    # @return [ Regex ]
    def code_pattern(wp_target)
      /["'\(]#{item_pattern(wp_target)}([^\\\/\)"']+)/i
    end
    # The default request parameters
@@ -112,15 +151,7 @@ class WpItems < Array
      item_class = self.item_class
      vulns_file = self.vulns_file
-      targets = vulnerable_targets_items(wp_target, item_class, vulns_file)
+      targets = target_items_from_type(wp_target, item_class, vulns_file, options[:type])
      unless options[:only_vulnerable]
        unless options[:file]
          raise 'A file must be supplied'
        end
        targets += targets_items_from_file(options[:file], wp_target, item_class, vulns_file)
      end
      targets.uniq! { |t| t.name }
      targets.sort_by { rand }
@@ -131,18 +162,30 @@ class WpItems < Array
    # @param [ String ] vulns_file
    #
    # @return [ Array<WpItem> ]
-    def vulnerable_targets_items(wp_target, item_class, vulns_file)
+    def target_items_from_type(wp_target, item_class, vulns_file, type)
      targets = []
-      xml     = xml(vulns_file)
+      json    = json(vulns_file)
-      xml.xpath(item_xpath).each do |node|
+      case type
      when :vulnerable
        items = json.select { |item| !json[item]['vulnerabilities'].empty? }.keys
      when :popular
        items = json.select { |item| json[item]['popular'] == true }.keys
      when :all
        items = json.keys
      else
        raise "Unknown type #{type}"
      end
      items.each do |item|
        targets << create_item(
          item_class,
-          node.attribute('name').text,
+          item,
          wp_target,
          vulns_file
        )
      end
      targets
    end
@@ -181,6 +224,7 @@ class WpItems < Array
          )
        end
      end
      targets
    end
@@ -188,6 +232,5 @@ class WpItems < Array
    def item_class
      Object.const_get(self.to_s.gsub(/.$/, ''))
    end
  end
 end
--- a/lib/common/collections/wp_items/output.rb
+++ b/lib/common/collections/wp_items/output.rb
@@ -3,8 +3,8 @@
 class WpItems < Array
  module Output
-    def output
+    def output(verbose = false)
-      self.each { |item| item.output }
+      self.each { |item| item.output(verbose) }
    end
  end
--- a/lib/common/collections/wp_plugins/detectable.rb
+++ b/lib/common/collections/wp_plugins/detectable.rb
@@ -2,15 +2,9 @@
 class WpPlugins < WpItems
  module Detectable
    # @return [ String ]
    def vulns_file
-      PLUGINS_VULNS_FILE
+      PLUGINS_FILE
    end
    # @return [ String ]
    def item_xpath
      '//plugin'
    end
    # @param [ WpTarget ] wp_target
@@ -68,6 +62,10 @@ class WpPlugins < WpItems
        wp_plugins.add('all-in-one-seo-pack', version: $1)
      end
      if body =~ /<!-- This site is optimized with the Yoast WordPress SEO plugin v([^\s]+) -/i
        wp_plugins.add('wordpress-seo', version: $1)
      end
      wp_plugins
    end
--- a/lib/common/collections/wp_themes/detectable.rb
+++ b/lib/common/collections/wp_themes/detectable.rb
@@ -5,13 +5,7 @@ class WpThemes < WpItems
    # @return [ String ]
    def vulns_file
-      THEMES_VULNS_FILE
+      THEMES_FILE
    end
    # @return [ String ]
    def item_xpath
      '//theme'
    end
  end
 end
--- a/lib/common/collections/wp_users/output.rb
+++ b/lib/common/collections/wp_users/output.rb
@@ -38,6 +38,7 @@ class WpUsers < WpItems
      junk = get_equal_string_end(display_names)
      unless junk.nil? or junk.empty?
        self.each do |u|
          u.display_name ||= ''
          u.display_name = u.display_name.sub(/#{Regexp.escape(junk)}$/, '')
        end
      end
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -1,39 +1,34 @@
 # encoding: UTF-8
-LIB_DIR              = File.expand_path(File.dirname(__FILE__) + '/..')
+LIB_DIR              = File.expand_path(File.join(File.dirname(__FILE__), '..'))
-ROOT_DIR             = File.expand_path(LIB_DIR + '/..') # expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
+ROOT_DIR             = File.expand_path(File.join(LIB_DIR, '..')) # expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
-DATA_DIR             = ROOT_DIR + '/data'
+DATA_DIR             = File.join(ROOT_DIR, 'data')
-CONF_DIR             = ROOT_DIR + '/conf'
+CONF_DIR             = File.join(ROOT_DIR, 'conf')
-CACHE_DIR            = ROOT_DIR + '/cache'
+CACHE_DIR            = File.join(ROOT_DIR, 'cache')
-WPSCAN_LIB_DIR       = LIB_DIR + '/wpscan'
+WPSCAN_LIB_DIR       = File.join(LIB_DIR, 'wpscan')
-WPSTOOLS_LIB_DIR     = LIB_DIR + '/wpstools'
+UPDATER_LIB_DIR      = File.join(LIB_DIR, 'updater')
-UPDATER_LIB_DIR      = LIB_DIR + '/updater'
+COMMON_LIB_DIR       = File.join(LIB_DIR, 'common')
-COMMON_LIB_DIR       = LIB_DIR + '/common'
+MODELS_LIB_DIR       = File.join(COMMON_LIB_DIR, 'models')
-MODELS_LIB_DIR       = COMMON_LIB_DIR + '/models'
+COLLECTIONS_LIB_DIR  = File.join(COMMON_LIB_DIR, 'collections')
 COLLECTIONS_LIB_DIR  = COMMON_LIB_DIR + '/collections'
-LOG_FILE             = ROOT_DIR + '/log.txt'
+LOG_FILE             = File.join(ROOT_DIR, 'log.txt')
 # Plugins directories
-COMMON_PLUGINS_DIR   = COMMON_LIB_DIR + '/plugins'
+COMMON_PLUGINS_DIR   = File.join(COMMON_LIB_DIR, 'plugins')
-WPSCAN_PLUGINS_DIR   = WPSCAN_LIB_DIR + '/plugins' # Not used ATM
+WPSCAN_PLUGINS_DIR   = File.join(WPSCAN_LIB_DIR, 'plugins') # Not used ATM
 WPSTOOLS_PLUGINS_DIR = WPSTOOLS_LIB_DIR + '/plugins'
 # Data files
-PLUGINS_FILE        = DATA_DIR + '/plugins.txt'
+WORDPRESSES_FILE  = File.join(DATA_DIR, 'wordpresses.json')
-PLUGINS_FULL_FILE   = DATA_DIR + '/plugins_full.txt'
+PLUGINS_FILE      = File.join(DATA_DIR, 'plugins.json')
-PLUGINS_VULNS_FILE  = DATA_DIR + '/plugin_vulns.xml'
+THEMES_FILE       = File.join(DATA_DIR, 'themes.json')
-THEMES_FILE         = DATA_DIR + '/themes.txt'
+WP_VERSIONS_FILE  = File.join(DATA_DIR, 'wp_versions.xml')
-THEMES_FULL_FILE    = DATA_DIR + '/themes_full.txt'
+LOCAL_FILES_FILE  = File.join(DATA_DIR, 'local_vulnerable_files.xml')
-THEMES_VULNS_FILE   = DATA_DIR + '/theme_vulns.xml'
+WP_VERSIONS_XSD   = File.join(DATA_DIR, 'wp_versions.xsd')
-WP_VULNS_FILE       = DATA_DIR + '/wp_vulns.xml'
+LOCAL_FILES_XSD   = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
-WP_VERSIONS_FILE    = DATA_DIR + '/wp_versions.xml'
+USER_AGENTS_FILE  = File.join(DATA_DIR, 'user-agents.txt')
-LOCAL_FILES_FILE    = DATA_DIR + '/local_vulnerable_files.xml'
+LAST_UPDATE_FILE  = File.join(DATA_DIR, '.last_update')
 VULNS_XSD           = DATA_DIR + '/vuln.xsd'
 WP_VERSIONS_XSD     = DATA_DIR + '/wp_versions.xsd'
 LOCAL_FILES_XSD     = DATA_DIR + '/local_vulnerable_files.xsd'
-WPSCAN_VERSION       = '2.2'
+WPSCAN_VERSION       = '2.9'
 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -41,7 +36,7 @@ $LOAD_PATH.unshift(MODELS_LIB_DIR)
 def kali_linux?
  begin
-    File.readlines("/etc/debian_version").grep(/^kali/i).any?
+    File.readlines('/etc/debian_version').grep(/^kali/i).any?
  rescue
    false
  end
@@ -49,14 +44,18 @@ end
 require 'environment'
 def escape_glob(s)
  s.gsub(/[\\\{\}\[\]\*\?]/) { |x| '\\' + x }
 end
 # TODO : add an exclude pattern ?
 def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
-  files = Dir[File.join(absolute_dir_path, files_pattern)]
+  files = Dir[File.join(escape_glob(absolute_dir_path), files_pattern)]
-  # Files in the root dir are loaded first, then thoses in the subdirectories
+  # Files in the root dir are loaded first, then those in the subdirectories
-  files.sort_by { |file| [file.count("/"), file] }.each do |f|
+  files.sort_by { |file| [file.count('/'), file] }.each do |f|
    f = File.expand_path(f)
-    #puts "require #{f}" # Used for debug
+    # puts "require #{f}" # Used for debug
    require f
  end
 end
@@ -72,18 +71,72 @@ def add_trailing_slash(url)
  url =~ /\/$/ ? url : "#{url}/"
 end
-# loading the updater
+def missing_db_file?
-require_files_from_directory(UPDATER_LIB_DIR)
+  DbUpdater::FILES.each do |db_file|
-@updater = UpdaterFactory.get_updater(ROOT_DIR)
+    return true unless File.exist?(File.join(DATA_DIR, db_file))
-
+  end
-if @updater
+  false
  REVISION = @updater.local_revision_number()
 else
  REVISION = nil
 end
-def version
+def last_update
-  REVISION ? "v#{WPSCAN_VERSION}r#{REVISION}" : "v#{WPSCAN_VERSION}"
+  date = nil
  if File.exists?(LAST_UPDATE_FILE)
    content = File.read(LAST_UPDATE_FILE)
    date = Time.parse(content) rescue nil
  end
  date
 end
 def update_required?
  date = last_update
  (true if date.nil?) or (date < 5.days.ago)
 end
 # Define colors
 def colorize(text, color_code)
  if $COLORSWITCH
    "#{text}"
  else
    "\e[#{color_code}m#{text}\e[0m"
  end
 end
 def bold(text)
  colorize(text, 1)
 end
 def red(text)
  colorize(text, 31)
 end
 def green(text)
  colorize(text, 32)
 end
 def amber(text)
  colorize(text, 33)
 end
 def blue(text)
  colorize(text, 34)
 end
 def critical(text)
  $exit_code += 1 if defined?($exit_code) # hack for undefined var via rspec
  "#{red('[!]')} #{text}"
 end
 def warning(text)
  $exit_code += 1 if defined?($exit_code) # hack for undefined var via rspec
  "#{amber('[!]')} #{text}"
 end
 def info(text)
  "#{green('[+]')} #{text}"
 end
 def notice(text)
  "#{blue('[i]')} #{text}"
 end
 # our 1337 banner
@@ -97,35 +150,30 @@ def banner
  puts '            \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_|'
  puts
  puts '        WordPress Security Scanner by the WPScan Team '
-  if REVISION
+  puts "                       Version #{WPSCAN_VERSION}"
-    puts "                    Version #{version}"
+  puts '          Sponsored by Sucuri - https://sucuri.net'
-  else
+  puts '   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_'
    puts "                        Version #{version}"
  end
  puts '     Sponsored by the RandomStorm Open Source Initiative'
  puts ' @_WPScan_, @ethicalhack3r, @erwan_lr, @gbrindisi, @_FireFart_'
  puts '_______________________________________________________________'
  puts
 end
 def colorize(text, color_code)
  "\e[#{color_code}m#{text}\e[0m"
 end
 def red(text)
  colorize(text, 31)
 end
 def green(text)
  colorize(text, 32)
 end
 def xml(file)
  Nokogiri::XML(File.open(file)) do |config|
    config.noblanks
  end
 end
 def json(file)
  content = File.open(file).read
  begin
    JSON.parse(content)
  rescue => e
    puts "[ERROR] In JSON file parsing #{file} #{e}"
    raise
  end
 end
 def redefine_constant(constant, value)
  Object.send(:remove_const, constant)
  Object.const_set(constant, value)
@@ -177,3 +225,35 @@ end
 def count_file_lines(file)
  `wc -l #{file.shellescape}`.split[0].to_i
 end
 # Truncates a string to a specific length and adds ... at the end
 def truncate(input, size, trailing = '...')
  size = size.to_i
  trailing ||= ''
  return input if input.nil? or size <= 0 or input.length <= size or
      trailing.length >= input.length or size-trailing.length-1 >= input.length
  return "#{input[0..size-trailing.length-1]}#{trailing}"
 end
 # Gets a random User-Agent
 #
 # @return [ String ] A random user-agent from data/user-agents.txt
 def get_random_user_agent
  user_agents = []
  f = File.open(USER_AGENTS_FILE, 'r')
  f.each_line do |line|
    # ignore comments
    next if line.empty? or line =~ /^\s*(#|\/\/)/
    user_agents << line.strip
  end
  f.close
  # return ransom user-agent
  user_agents.sample
 end
 # Directory listing enabled on url?
 #
 # @return [ Boolean ]
 def directory_listing_enabled?(url)
  Browser.get(url.to_s).body[%r{<title>Index of}] ? true : false
 end
--- a/lib/common/db_updater.rb
+++ b/lib/common/db_updater.rb
@@ -0,0 +1,119 @@
 # encoding: UTF-8
 # DB Updater
 class DbUpdater
  FILES = %w(
    local_vulnerable_files.xml local_vulnerable_files.xsd
    timthumbs.txt user-agents.txt wp_versions.xml wp_versions.xsd
    wordpresses.json plugins.json themes.json LICENSE
  )
  attr_reader :repo_directory
  def initialize(repo_directory)
    @repo_directory = repo_directory
    fail "#{repo_directory} is not writable" unless \
      Pathname.new(repo_directory).writable?
  end
  # @return [ Hash ] The params for Typhoeus::Request
  def request_params
    {
      ssl_verifyhost: 2,
      ssl_verifypeer: true,
      accept_encoding: 'gzip, deflate'
    }
  end
  # @return [ String ] The raw file URL associated with the given filename
  def remote_file_url(filename)
    "https://wpvulndb.com/data/#{filename}"
  end
  # @return [ String ] The checksum of the associated remote filename
  def remote_file_checksum(filename)
    url = "#{remote_file_url(filename)}.sha512"
    res = Browser.get(url, request_params)
    fail DownloadError, res if res.timed_out? || res.code != 200
    res.body.chomp
  end
  def local_file_path(filename)
    File.join(repo_directory, "#{filename}")
  end
  def local_file_checksum(filename)
    Digest::SHA512.file(local_file_path(filename)).hexdigest
  end
  def backup_file_path(filename)
    File.join(repo_directory, "#{filename}.back")
  end
  def create_backup(filename)
    return unless File.exist?(local_file_path(filename))
    FileUtils.cp(local_file_path(filename), backup_file_path(filename))
  end
  def restore_backup(filename)
    return unless File.exist?(backup_file_path(filename))
    FileUtils.cp(backup_file_path(filename), local_file_path(filename))
  end
  def delete_backup(filename)
    FileUtils.rm(backup_file_path(filename))
  end
  # @return [ String ] The checksum of the downloaded file
  def download(filename)
    file_path = local_file_path(filename)
    file_url  = remote_file_url(filename)
    res = Browser.get(file_url, request_params)
    fail DownloadError, res if res.timed_out? || res.code != 200
    File.open(file_path, 'wb') { |f| f.write(res.body) }
    local_file_checksum(filename)
  end
  def update(verbose = false)
    FILES.each do |filename|
      begin
        puts "[+] Checking #{filename}" if verbose
        db_checksum = remote_file_checksum(filename)
        # Checking if the file needs to be updated
        if File.exist?(local_file_path(filename)) && db_checksum == local_file_checksum(filename)
          puts '  [i] Already Up-To-Date' if verbose
          next
        end
        puts '  [i] Needs to be updated' if verbose
        create_backup(filename)
        puts '  [i] Backup Created' if verbose
        puts '  [i] Downloading new file' if verbose
        dl_checksum = download(filename)
        puts "  [i] Downloaded File Checksum: #{dl_checksum}" if verbose
        puts "  [i] Database File Checksum  : #{db_checksum}" if verbose
        unless dl_checksum == db_checksum
          fail "#{filename}: checksums do not match"
        end
      rescue => e
        puts '  [i] Restoring Backup due to error' if verbose
        restore_backup(filename)
        raise e
      ensure
        if File.exist?(backup_file_path(filename))
          puts '  [i] Deleting Backup' if verbose
          delete_backup(filename)
        end
      end
    end
    # write last_update date to file
    File.write(LAST_UPDATE_FILE, Time.now)
  end
 end
--- a/lib/common/errors.rb
+++ b/lib/common/errors.rb
@@ -0,0 +1,33 @@
 # HTTP Error
 class HttpError < StandardError
  attr_reader :response
  # @param [ Typhoeus::Response ] response
  def initialize(response)
    @response = response
  end
  def failure_details
    msg = response.effective_url
    if response.code == 0 || response.timed_out?
      msg += " (#{response.return_message})"
    else
      msg += " (status: #{response.code})"
    end
    msg
  end
  def message
    "HTTP Error: #{failure_details}"
  end
 end
 # Used in the Updater
 class DownloadError < HttpError
  def message
    "Unable to get #{failure_details}"
  end
 end
--- a/lib/common/hacks.rb
+++ b/lib/common/hacks.rb
@@ -49,11 +49,11 @@ end
 # Override for puts to enable logging
 def puts(o = '')
-  # remove color for logging
+  if $log && o.respond_to?(:gsub)
-  if o.respond_to?(:gsub)
+    temp = o.gsub(/\e\[\d+m/, '') # remove color for logging
    temp = o.gsub(/\e\[\d+m(.*)?\e\[0m/, '\1')
    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
  end
  super(o)
 end
@@ -78,7 +78,7 @@ module Terminal
    class Style
      @@defaults = {
-        :border_x => "-", :border_y => "|", :border_i => "+",
+        :border_x => '-', :border_y => '|', :border_i => '+',
        :padding_left => 1, :padding_right => 1,
        :margin_left => '',
        :width => nil, :alignment => nil
@@ -102,7 +102,20 @@ class Numeric
  def bytes_to_human
    units = %w{B KB MB GB TB}
    e = (Math.log(self)/Math.log(1024)).floor
-    s = "%.3f" % (to_f / 1024**e)
+    s = '%.3f' % (to_f / 1024**e)
    s.sub(/\.?0*$/, ' ' + units[e])
  end
 end
 # time calculations
 class Fixnum
  SECONDS_IN_DAY = 24 * 60 * 60
  def days
    self * SECONDS_IN_DAY
  end
  def ago
    Time.now - self
  end
 end
--- a/lib/common/models/vulnerability.rb
+++ b/lib/common/models/vulnerability.rb
@@ -5,7 +5,7 @@ require 'vulnerability/urls'
 class Vulnerability
  include Vulnerability::Output
-	include Vulnerability::Urls
+  include Vulnerability::Urls
  attr_accessor :title, :references, :type, :fixed_in
@@ -35,27 +35,27 @@ class Vulnerability
  end
  # :nocov:
-  # Create the Vulnerability from the xml_node
+  # Create the Vulnerability from the json_item
  #
-  # @param [ Nokogiri::XML::Node ] xml_node
+  # @param [ Hash ] json_item
  #
  # @return [ Vulnerability ]
-  def self.load_from_xml_node(xml_node)
+  def self.load_from_json_item(json_item)
-		references = {}
+    references = {}
-		refs = xml_node.search('references')
+    references['id'] = [json_item['id']]
-		if refs
+
-			references[:url] = refs.search('url').map(&:text)
+    %w(url cve secunia osvdb metasploit exploitdb).each do |key|
-			references[:cve] = refs.search('cve').map(&:text)
+      if json_item['references'][key]
-			references[:secunia] = refs.search('secunia').map(&:text)
+        json_item['references'][key] = [json_item['references'][key]] if json_item['references'][key].class != Array
-			references[:osvdb] = refs.search('osvdb').map(&:text)
+        references[key] = json_item['references'][key]
-			references[:metasploit] = refs.search('metasploit').map(&:text)
+      end
-			references[:exploitdb] = refs.search('exploitdb').map(&:text)
+    end
-		end
+
    new(
-      xml_node.search('title').text,
+      json_item['title'],
-      xml_node.search('type').text,
+      json_item['type'],
      references,
-      xml_node.search('fixed_in').text,
+      json_item['fixed_in']
    )
  end
--- a/lib/common/models/vulnerability/output.rb
+++ b/lib/common/models/vulnerability/output.rb
@@ -2,21 +2,22 @@
 class Vulnerability
  module Output
    # output the vulnerability
-    def output
+    def output(verbose = false)
-      puts ' |'
+      puts
-      puts ' | ' + red("* Title: #{title}")
+      puts critical("Title: #{title}")
      references.each do |key, urls|
-				methodname = "url_#{key}"
+        methodname = "url_#{key}"
-				urls.each do |u|
+
-					url = send(methodname, u)
+        urls.each do |u|
-					puts ' | ' + red("* Reference: #{url}") if url
+          next unless respond_to?(methodname)
-				end
+          url = send(methodname, u)
-			end
+          puts "    Reference: #{url}" if url
-      if !fixed_in.empty?
+        end
         puts " | * Fixed in: #{fixed_in}"
      end
      puts notice("Fixed in: #{fixed_in}") if fixed_in
    end
  end
 end
--- a/lib/common/models/vulnerability/urls.rb
+++ b/lib/common/models/vulnerability/urls.rb
@@ -1,33 +1,44 @@
 # encoding: UTF-8
 class Vulnerability
-	module Urls
+  module Urls
-		# @return [ String ] The url to the metasploit module page
+    # @return [ String ] The url to the metasploit module page
-		def url_metasploit(module_path)
+    def url_metasploit(module_path)
-			# remove leading slash
+      # remove leading slash
-			module_path = module_path.sub(/^\//, '')
+      module_path = module_path.sub(/^\//, '')
-			"http://www.metasploit.com/modules/#{module_path}"
+      "https://www.rapid7.com/db/modules/#{module_path}"
-		end
+    end
-		def url_url(url)
+    def url_url(url)
-			url
+      url
-		end
+    end
-		def url_cve(cve)
+    def url_cve(id)
-			"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-#{cve}"
+      "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-#{id}"
-		end
+    end
-		def url_osvdb(id)
+    def url_osvdb(id)
-			"http://osvdb.org/#{id}"
+      "http://osvdb.org/show/osvdb/#{id}"
-		end
+    end
-		def url_secunia(id)
+    def url_secunia(id)
-			"http://secunia.com/advisories/#{id}"
+      "https://secunia.com/advisories/#{id}/"
-		end
+    end
-		def url_exploitdb(id)
+    def url_exploitdb(id)
-			"http://www.exploit-db.com/exploits/#{id}/"
+      "https://www.exploit-db.com/exploits/#{id}/"
-		end
+    end
-	end
+    def url_id(id)
      "https://wpvulndb.com/vulnerabilities/#{id}"
    end
    def url_packetstorm(id)
      "http://packetstormsecurity.com/files/#{id}/"
    end
    def url_securityfocus(id)
      "http://www.securityfocus.com/bid/#{id}/"
    end
  end
 end
--- a/lib/common/models/wp_item.rb
+++ b/lib/common/models/wp_item.rb
@@ -22,7 +22,7 @@ class WpItem
  # @return [ Array ]
  # Make it private ?
  def allowed_options
-    [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :vulns_file]
+    [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :db_file]
  end
  # @param [ URI ] target_base_uri
@@ -30,7 +30,6 @@ class WpItem
  #
  # @return [ WpItem ]
  def initialize(target_base_uri, options = {})
    options[:wp_content_dir] ||= 'wp-content'
    options[:wp_plugins_dir] ||= options[:wp_content_dir] + '/plugins'
@@ -38,6 +37,27 @@ class WpItem
    forge_uri(target_base_uri)
  end
  def identifier
    @identifier ||= name
  end
  # @return [ Hash ]
  def db_data
    @db_data ||= json(db_file)[identifier] || {}
  end
  def latest_version
    db_data['latest_version']
  end
  def last_updated
    db_data['last_ipdated']
  end
  def popular?
    db_data['popular']
  end
  # @param [ Hash ] options
  #
  # @return [ void ]
--- a/lib/common/models/wp_item/existable.rb
+++ b/lib/common/models/wp_item/existable.rb
@@ -29,7 +29,10 @@ class WpItem
    #
    # @return [ Boolean ]
    def exists_from_response?(response, options = {})
-      if [200, 401, 403].include?(response.code)
+      # 301 included as some items do a self-redirect
      # Redirects to the 404 and homepage should be ignored (unless dynamic content is used)
      # by the page hashes (error_404_hash & homepage_hash)
      if [200, 401, 403, 301].include?(response.code)
        if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash])
          if options[:exclude_content]
            unless response.body.match(options[:exclude_content])
--- a/lib/common/models/wp_item/infos.rb
+++ b/lib/common/models/wp_item/infos.rb
@@ -12,7 +12,9 @@ class WpItem
    # @return [ String,nil ] The url to the readme file, nil if not found
    def readme_url
-      %w{readme.txt README.txt}.each do |readme|
+      # See https://github.com/wpscanteam/wpscan/pull/737#issuecomment-66375445
      # for any question about the order
      %w{readme.txt README.txt Readme.txt ReadMe.txt README.TXT readme.TXT}.each do |readme|
        url = @uri.merge(readme).to_s
        return url if url_is_200?(url)
      end
@@ -40,7 +42,7 @@ class WpItem
    # @return [ Boolean ]
    def has_directory_listing?
-      Browser.get(@uri.to_s).body[%r{<title>Index of}] ? true : false
+      directory_listing_enabled?(@uri)
    end
    # Discover any error_log files created by WordPress
--- a/lib/common/models/wp_item/output.rb
+++ b/lib/common/models/wp_item/output.rb
@@ -4,21 +4,29 @@ class WpItem
  module Output
    # @return [ Void ]
-    def output
+    def output(verbose = false)
      outdated = VersionCompare.lesser?(version, latest_version) if latest_version
      puts
-      puts " | Name: #{self}" #this will also output the version number if detected
+      puts info("Name: #{self}") #this will also output the version number if detected
-      puts " | Location: #{url}"
+      puts " |  Latest version: #{latest_version} #{'(up to date)' if version}" if latest_version && !outdated
-      #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
+      puts " |  Last updated: #{last_updated}" if last_updated
-      puts ' | Directory listing enabled: Yes' if has_directory_listing?
+      puts " |  Location: #{url}"
-      puts " | Readme: #{readme_url}" if has_readme?
+      puts " |  Readme: #{readme_url}" if has_readme?
-      puts " | Changelog: #{changelog_url}" if has_changelog?
+      puts " |  Changelog: #{changelog_url}" if has_changelog?
      puts warning("The version is out of date, the latest version is #{latest_version}") if latest_version && outdated
      puts warning("Directory listing is enabled: #{url}") if has_directory_listing?
      puts warning("An error_log file has been found: #{error_log_url}") if has_error_log?
      additional_output(verbose) if respond_to?(:additional_output)
      if version.nil? && vulnerabilities.length > 0
        puts
        puts warning('We could not determine a version so all vulnerabilities are printed out')
      end
      vulnerabilities.output
      if has_error_log?
        puts ' | ' + red('[!]') + " An error_log file has been found : #{error_log_url}"
      end
    end
  end
 end
--- a/lib/common/models/wp_item/versionable.rb
+++ b/lib/common/models/wp_item/versionable.rb
@@ -13,7 +13,7 @@ class WpItem
        # This check is needed because readme_url can return nil
        if has_readme?
          response = Browser.get(readme_url)
-          @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
+          @version = extract_version(response.body)
        end
      end
      @version
@@ -22,7 +22,31 @@ class WpItem
    # @return [ String ]
    def to_s
      item_version = self.version
-      "#@name#{' v' + item_version.strip if item_version}"
+      "#{@name}#{' - v' + item_version.strip if item_version}"
    end
    # Extracts the version number from a given string/body
    #
    # @return [ String ] detected version
    def extract_version(body)
      version = body[/\b(?:stable tag|version):\s*(?!trunk)([0-9a-z\.-]+)/i, 1]
      if version.nil? || version !~ /[0-9]+/
        extracted_versions = body.scan(/[=]+\s+(?:v(?:ersion)?\s*)?([0-9\.-]+)[ \ta-z0-9\(\)\.-]*[=]+/i)
        return if extracted_versions.nil? || extracted_versions.length == 0
        extracted_versions.flatten!
        # must contain at least one number
        extracted_versions = extracted_versions.select { |x| x =~ /[0-9]+/ }
        sorted = extracted_versions.sort { |x,y|
          begin
            Gem::Version.new(x) <=> Gem::Version.new(y)
          rescue
            0
          end
        }
        return sorted.last
      else
        return version
      end
    end
  end
--- a/lib/common/models/wp_item/vulnerable.rb
+++ b/lib/common/models/wp_item/vulnerable.rb
@@ -2,23 +2,23 @@
 class WpItem
  module Vulnerable
-    attr_accessor :vulns_file, :vulns_xpath
+    attr_accessor :db_file, :identifier
    # Get the vulnerabilities associated to the WpItem
    # Filters out already fixed vulnerabilities
    #
    # @return [ Vulnerabilities ]
    def vulnerabilities
-      xml             = xml(vulns_file)
+      return @vulnerabilities if @vulnerabilities
      vulnerabilities = Vulnerabilities.new
-      xml.xpath(vulns_xpath).each do |node|
+      @vulnerabilities = Vulnerabilities.new
-        vuln = Vulnerability.load_from_xml_node(node)
+
-        if vulnerable_to?(vuln)
+      [*db_data['vulnerabilities']].each do |vulnerability|
-          vulnerabilities << vuln
+        vulnerability = Vulnerability.load_from_json_item(vulnerability)
-        end
+        @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
      end
-      vulnerabilities
+
      @vulnerabilities
    end
    def vulnerable?
@@ -32,7 +32,7 @@ class WpItem
    # @return [ Boolean ]
    def vulnerable_to?(vuln)
      if version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
-        unless VersionCompare::is_newer_or_same?(vuln.fixed_in, version)
+        unless VersionCompare::lesser_or_equal?(vuln.fixed_in, version)
          return true
        end
      else
@@ -41,5 +41,4 @@ class WpItem
      return false
    end
  end
 end
--- a/lib/common/models/wp_plugin.rb
+++ b/lib/common/models/wp_plugin.rb
@@ -1,10 +1,6 @@
 # encoding: UTF-8
 require 'wp_plugin/vulnerable'
 class WpPlugin < WpItem
  include WpPlugin::Vulnerable
  # Sets the @uri
  #
  # @param [ URI ] target_base_uri The URI of the wordpress blog
@@ -14,4 +10,7 @@ class WpPlugin < WpItem
    @uri = target_base_uri.merge(URI.encode(wp_plugins_dir + '/' + name + '/'))
  end
  def db_file
    @db_file ||= PLUGINS_FILE
  end
 end
--- a/lib/common/models/wp_plugin/vulnerable.rb
+++ b/lib/common/models/wp_plugin/vulnerable.rb
@@ -1,20 +0,0 @@
 # encoding: UTF-8
 class WpPlugin < WpItem
  module Vulnerable
    # @return [ String ] The path to the file containing vulnerabilities
    def vulns_file
      unless @vulns_file
        @vulns_file = PLUGINS_VULNS_FILE
      end
      @vulns_file
    end
    # @return [ String ]
    def vulns_xpath
      "//plugin[@name='#{@name}']/vulnerability"
    end
  end
 end
--- a/lib/common/models/wp_theme.rb
+++ b/lib/common/models/wp_theme.rb
@@ -2,16 +2,20 @@
 require 'wp_theme/findable'
 require 'wp_theme/versionable'
-require 'wp_theme/vulnerable'
+require 'wp_theme/info'
 require 'wp_theme/output'
 require 'wp_theme/childtheme'
 class WpTheme < WpItem
  extend WpTheme::Findable
  include WpTheme::Versionable
-  include WpTheme::Vulnerable
+  include WpTheme::Info
  include WpTheme::Output
  include WpTheme::Childtheme
-  attr_writer :style_url
+  attr_accessor :referenced_url
-  def allowed_options; super << :style_url end
+  def allowed_options; super << :referenced_url end
  # Sets the @uri
  #
@@ -24,10 +28,10 @@ class WpTheme < WpItem
  # @return [ String ] The url to the theme stylesheet
  def style_url
-    unless @style_url
+    @uri.merge('style.css').to_s
      @style_url = uri.merge('style.css').to_s
    end
    @style_url
  end
  def db_file
    @db_file ||= THEMES_FILE
  end
 end
--- a/lib/common/models/wp_theme/childtheme.rb
+++ b/lib/common/models/wp_theme/childtheme.rb
@@ -0,0 +1,37 @@
 # encoding: UTF-8
 class WpTheme < WpItem
  module Childtheme
    def parent_theme_limit
      3
    end
    def is_child_theme?
      return true unless @theme_template.nil?
      false
    end
    def get_parent_theme_style_url
      if is_child_theme?
        return style_url.sub("/#{name}/style.css", "/#{@theme_template}/style.css")
      end
      nil
    end
    def get_parent_theme
      if is_child_theme?
        base_url = @uri.clone
        base_url.path = base_url.path.sub(/(?<url>.*\/)#{Regexp.escape(@wp_content_dir)}\/.+/, '\k<url>')
        return WpTheme.new(base_url,
                           {
                               name: @theme_template,
                               style_url: get_parent_theme_style_url,
                               wp_content_dir: @wp_content_dir
                           })
      end
      nil
    end
  end
 end
--- a/lib/common/models/wp_theme/findable.rb
+++ b/lib/common/models/wp_theme/findable.rb
@@ -30,21 +30,16 @@ class WpTheme < WpItem
      response = Browser.get_and_follow_location(target_uri.to_s)
      # https + domain is optional because of relative links
-      matches = %r{(?:https?://[^"']+)?/([^/]+)/themes/([^"']+)/style.css}i.match(response.body)
+      return unless response.body =~ %r{(?:https?://[^"']+/)?([^/\s]+)/themes/([^"'/]+)[^"']*/style.css}i
-      if matches
+
-        return new(
+      new(
-          target_uri,
+        target_uri,
-          {
+        name:           Regexp.last_match[2],
-            name:           matches[2],
+        referenced_url: Regexp.last_match[0],
-            style_url:      matches[0],
+        wp_content_dir: Regexp.last_match[1]
-            wp_content_dir: matches[1]
+      )
          }
        )
      end
    end
    # http://code.google.com/p/wpscan/issues/detail?id=141
    #
    # @param [ URI ] target_uri
    #
    # @return [ WpTheme ]
@@ -52,7 +47,6 @@ class WpTheme < WpItem
      body = Browser.get(target_uri.to_s).body
      regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}
      if matches = regexp.match(body)
        woo_theme_name = matches[1]
        woo_theme_version = matches[2]
@@ -60,10 +54,8 @@ class WpTheme < WpItem
        return new(
          target_uri,
-          {
+          name:    woo_theme_name,
-            name:    woo_theme_name,
+          version: woo_theme_version
            version: woo_theme_version
          }
        )
      end
    end
--- a/lib/common/models/wp_theme/info.rb
+++ b/lib/common/models/wp_theme/info.rb
@@ -0,0 +1,34 @@
 # encoding: UTF-8
 class WpTheme < WpItem
  module Info
    attr_reader :theme_name, :theme_uri, :theme_description,
                :theme_author, :theme_author_uri, :theme_template,
                :theme_license, :theme_license_uri, :theme_tags,
                :theme_text_domain
    def parse_style
      style = Browser.get(style_url).body
      @theme_name = parse_style_tag(style, 'Theme Name')
      @theme_uri = parse_style_tag(style, 'Theme URI')
      @theme_description = parse_style_tag(style, 'Description')
      @theme_author = parse_style_tag(style, 'Author')
      @theme_author_uri = parse_style_tag(style, 'Author URI')
      @theme_template = parse_style_tag(style, 'Template')
      @theme_license = parse_style_tag(style, 'License')
      @theme_license_uri = parse_style_tag(style, 'License URI')
      @theme_tags = parse_style_tag(style, 'Tags')
      @theme_text_domain = parse_style_tag(style, 'Text Domain')
    end
    private
    def parse_style_tag(style, tag)
      value = style[/^\s*#{Regexp.escape(tag)}:\s*(.*)/i, 1]
      return value.strip if value
      nil
    end
  end
 end
--- a/lib/common/models/wp_theme/output.rb
+++ b/lib/common/models/wp_theme/output.rb
@@ -0,0 +1,26 @@
 # encoding: UTF-8
 class WpTheme
  module Output
    # @return [ Void ]
    def additional_output(verbose = false)
      parse_style
      theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
      puts " |  Style URL: #{style_url}"
      puts " |  Referenced style.css: #{referenced_url}" if referenced_url && referenced_url != style_url
      puts " |  Theme Name: #{@theme_name}" if @theme_name
      puts " |  Theme URI: #{@theme_uri}" if @theme_uri
      puts " |  Description: #{theme_desc}"
      puts " |  Author: #{@theme_author}" if @theme_author
      puts " |  Author URI: #{@theme_author_uri}" if @theme_author_uri
      puts " |  Template: #{@theme_template}" if @theme_template and verbose
      puts " |  License: #{@theme_license}" if @theme_license and verbose
      puts " |  License URI: #{@theme_license_uri}" if @theme_license_uri and verbose
      puts " |  Tags: #{@theme_tags}" if @theme_tags and verbose
      puts " |  Text Domain: #{@theme_text_domain}" if @theme_text_domain and verbose
    end
  end
 end
--- a/lib/common/models/wp_theme/versionable.rb
+++ b/lib/common/models/wp_theme/versionable.rb
@@ -2,16 +2,8 @@
 class WpTheme < WpItem
  module Versionable
    def version
-      unless @version
+      @version ||= Browser.get(style_url).body[%r{Version:\s*(?!trunk)([0-9a-z\.-]+)}i, 1]
        @version = Browser.get(style_url).body[%r{Version:\s([^\s]+)}i, 1]
        # Get Version from readme.txt
        @version ||= super
      end
      @version
    end
  end
 end
--- a/lib/common/models/wp_theme/vulnerable.rb
+++ b/lib/common/models/wp_theme/vulnerable.rb
@@ -1,20 +0,0 @@
 # encoding: UTF-8
 class WpTheme < WpItem
  module Vulnerable
    # @return [ String ] The path to the file containing vulnerabilities
    def vulns_file
      unless @vulns_file
        @vulns_file = THEMES_VULNS_FILE
      end
      @vulns_file
    end
    # @return [ String ]
    def vulns_xpath
      "//theme[@name='#{@name}']/vulnerability"
    end
  end
 end
--- a/lib/common/models/wp_timthumb.rb
+++ b/lib/common/models/wp_timthumb.rb
@@ -3,11 +3,13 @@
 require 'wp_timthumb/versionable'
 require 'wp_timthumb/existable'
 require 'wp_timthumb/output'
 require 'wp_timthumb/vulnerable'
 class WpTimthumb < WpItem
  include WpTimthumb::Versionable
  include WpTimthumb::Existable
  include WpTimthumb::Output
  include WpTimthumb::Vulnerable
  # @param [ WpTimthumb ] other
  #
--- a/lib/common/models/wp_timthumb/output.rb
+++ b/lib/common/models/wp_timthumb/output.rb
@@ -3,8 +3,11 @@
 class WpTimthumb < WpItem
  module Output
-    def output
+    def output(verbose = false)
-      puts ' | ' + red('[!]') + " #{self}"
+      puts
      puts info("#{self}") #this will also output the version number if detected
      vulnerabilities.output
    end
  end
--- a/lib/common/models/wp_timthumb/vulnerable.rb
+++ b/lib/common/models/wp_timthumb/vulnerable.rb
@@ -0,0 +1,55 @@
 # encoding: UTF-8
 class WpTimthumb < WpItem
  module Vulnerable
    # @return [ Vulnerabilities ]
    def vulnerabilities
      vulns = Vulnerabilities.new
      [:check_rce_132, :check_rce_webshot].each do |method|
        vuln = self.send(method)
        vulns << vuln if vuln
      end
      vulns
    end
    def check_rce_132
      rce_132_vuln unless VersionCompare.lesser_or_equal?('1.33', version)
    end
    # Vulnerable versions : > 1.35 (or >= 2.0) and < 2.8.14
    def check_rce_webshot
      return if VersionCompare.lesser_or_equal?('2.8.14', version) || VersionCompare.lesser_or_equal?(version, '1.35')
      response = Browser.get(uri.merge('?webshot=1&src=http://' + default_allowed_domains.sample))
      rce_webshot_vuln unless response.body =~ /WEBSHOT_ENABLED == true/
    end
    # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
    def default_allowed_domains
      %w(flickr.com picasa.com img.youtube.com upload.wikimedia.org)
    end
    # @return [ Vulnerability ] The RCE in the <= 1.32
    def rce_132_vuln
      Vulnerability.new(
        'Timthumb <= 1.32 Remote Code Execution',
        'RCE',
        { exploitdb: ['17602'] },
        '1.33'
      )
    end
    # @return [ Vulnerability ] The RCE due to the WebShot in the <= 2.8.13
    def rce_webshot_vuln
      Vulnerability.new(
        'Timthumb <= 2.8.13 WebShot Remote Code Execution',
        'RCE',
        { url: ['http://seclists.org/fulldisclosure/2014/Jun/117'] },
        '2.8.14'
      )
    end
  end
 end
--- a/lib/common/models/wp_user.rb
+++ b/lib/common/models/wp_user.rb
@@ -12,10 +12,10 @@ class WpUser < WpItem
  # @return [ Array<Symbol> ]
  def allowed_options; [:id, :login, :display_name, :password] end
-  # @return [ URI ] The uri to the auhor page
+  # @return [ URI ] The uri to the author page
  def uri
    if id
-      return @uri.merge("?author=#{id}")
+      @uri.merge("?author=#{id}")
    else
      raise 'The id is nil'
    end
@@ -23,14 +23,39 @@ class WpUser < WpItem
  # @return [ String ]
  def login_url
-    @uri.merge('wp-login.php').to_s
+    unless @login_url
      @login_url = @uri.merge('wp-login.php').to_s
      # Let's check if the login url is redirected (to https url for example)
      if redirection = redirection(@login_url)
        @login_url = redirection
      end
    end
    @login_url
  end
  def redirection(url)
    redirection = nil
    response = Browser.get(url)
    if response.code == 301 || response.code == 302
      redirection = response.headers_hash['location']
      # Let's check if there is a redirection in the redirection
      if other_redirection = redirection(redirection)
        redirection = other_redirection
      end
    end
    redirection
  end
  # @return [ String ]
  def to_s
    s  = "#{id}"
-    s += " | #{login}" if login
+    s << " | #{login}" if login
-    s += " | #{display_name}" if display_name
+    s << " | #{display_name}" if display_name
    s
  end
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -25,16 +25,16 @@ class WpUser < WpItem
      hydra        = browser.hydra
      queue_count  = 0
      found        = false
-      progress_bar = self.progress_bar(count_file_lines(wordlist), options)
+      progress_bar = self.progress_bar(count_file_lines(wordlist)+1, options)
      File.open(wordlist).each do |password|
-        password.chop!
+        password.chomp!
        # A successfull login will redirect us to the redirect_to parameter
        # Generate a random one on each request
        unless redirect_url
          random = (0...8).map { 65.+(rand(26)).chr }.join
-          redirect_url = "#@uri#{random}/"
+          redirect_url = "#{@uri}#{random}/"
        end
        request = login_request(password, redirect_url)
@@ -63,9 +63,10 @@ class WpUser < WpItem
      # run all of the remaining requests
      hydra.run
      puts if options[:show_progression] # mandatory to avoid the output of the progressbar to be overriden
    end
-    # @param [ Integer ] targets_size
+    # @param [ Integer ] passwords_size
    # @param [ Hash ] options
    #
    # @return [ ProgressBar ]
@@ -103,19 +104,19 @@ class WpUser < WpItem
    # @return [ Boolean ]
    def valid_password?(response, password, redirect_url, options = {})
      if response.code == 302 && response.headers_hash && response.headers_hash['Location'] == redirect_url
-        progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
+        progression = "#{info('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
        valid       = true
      elsif response.body =~ /login_error/i
        verbose = "\n  Incorrect login and/or password."
      elsif response.timed_out?
-        progression = "#{red('ERROR:')} Request timed out."
+        progression = critical('ERROR: Request timed out.')
      elsif response.code == 0
-        progression = "#{red('ERROR:')} No response from remote server. WAF/IPS?"
+        progression = critical("ERROR: No response from remote server. WAF/IPS? (#{response.return_message})")
      elsif response.code.to_s =~ /^50/
-        progression = "#{red('ERROR:')} Server error, try reducing the number of threads."
+        progression = critical('ERROR: Server error, try reducing the number of threads.')
      else
-        progression = "#{red('ERROR:')} We received an unknown response for #{password}..."
+        progression = critical("ERROR: We received an unknown response for #{password}...")
-        verbose     = red("    Code: #{response.code}\n    Body: #{response.body}\n")
+        verbose     = critical("    Code: #{response.code}\n    Body: #{response.body}\n")
      end
      puts "\n  " + progression if progression && options[:show_progression]
--- a/lib/common/models/wp_user/existable.rb
+++ b/lib/common/models/wp_user/existable.rb
@@ -22,6 +22,8 @@ class WpUser < WpItem
      if response.code == 301 # login in location?
        location = response.headers_hash['Location']
        return if location.nil? || location.empty?
        @login        = Existable.login_from_author_pattern(location)
        @display_name = Existable.display_name_from_body(
          Browser.get(location).body
@@ -37,7 +39,9 @@ class WpUser < WpItem
    #
    # @return [ String ] The login
    def self.login_from_author_pattern(text)
-      text[%r{/author/([^/\b]+)/?}i, 1]
+      return unless text =~ %r{/author/([^/\b"']+)/?}i
      Regexp.last_match[1].force_encoding('UTF-8')
    end
    # @param [ String ] body
@@ -49,7 +53,8 @@ class WpUser < WpItem
      unless login
        # No Permalinks
-        login = body[%r{<body class="archive author author-([^\s]+) author-(\d+)}i, 1]
+        login = body[%r{<body class="archive author author-([^\s]+)[ "]}i, 1]
        login ? login.force_encoding('UTF-8') : nil
      end
      login
@@ -66,9 +71,12 @@ class WpUser < WpItem
        title_tag.force_encoding('UTF-8') if title_tag.encoding == Encoding::ASCII_8BIT
        title_tag = Nokogiri::HTML::DocumentFragment.parse(title_tag).to_s
        # &amp; are not decoded with Nokogiri
-        title_tag.sub!('&amp;', '&')
+        title_tag.gsub!('&amp;', '&')
-        name = title_tag[%r{([^|«]+) }, 1]
+        # replace UTF chars like  &#187; with dummy character
        title_tag.gsub!(/&#(\d+);/, '|')
        name = title_tag[%r{([^|«»]+) }, 1]
        return name.strip if name
      end
--- a/lib/common/models/wp_version.rb
+++ b/lib/common/models/wp_version.rb
@@ -1,21 +1,27 @@
 # encoding: UTF-8
 require 'wp_version/findable'
 require 'wp_version/vulnerable'
 require 'wp_version/output'
 class WpVersion < WpItem
  extend  WpVersion::Findable
  include WpVersion::Vulnerable
  include WpVersion::Output
  # The version number
  attr_accessor :number
  alias_method :version, :number # Needed to have the right behaviour in Vulnerable#vulnerable_to?
  # @return [ Array ]
  def allowed_options; super << :number << :found_from end
  def identifier
    @identifier ||= number
  end
  def db_file
    @db_file ||= WORDPRESSES_FILE
  end
  # @param [ WpVersion ] other
  #
  # @return [ Boolean ]
@@ -23,4 +29,10 @@ class WpVersion < WpItem
    number == other.number
  end
  # @return [ Array<String> ] All the stable versions from version_file
  def self.all(versions_file = WP_VERSIONS_FILE)
    Nokogiri.XML(File.open(versions_file)).css('version').reduce([]) do |a, node|
      a << node.text.to_s
    end
  end
 end
--- a/lib/common/models/wp_version/findable.rb
+++ b/lib/common/models/wp_version/findable.rb
@@ -12,7 +12,7 @@ class WpVersion < WpItem
    #
    # @return [ WpVersion ]
    def find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
-      methods.grep(/find_from_/).each do |method|
+      methods.grep(/^find_from_/).each do |method|
        if method === :find_from_advanced_fingerprinting
          version = send(method, target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
@@ -31,7 +31,7 @@ class WpVersion < WpItem
    #
    # @return [ String ]
    def version_pattern
-      '([^\r\n"\']+\.[^\r\n"\']+)'
+      '([^\r\n"\',]+\.[^\r\n"\',]+)'
    end
    protected
@@ -68,7 +68,7 @@ class WpVersion < WpItem
    def find_from_meta_generator(target_uri)
      scan_url(
        target_uri,
-        %r{name="generator" content="wordpress #{version_pattern}"}i
+        %r{name="generator" content="wordpress #{version_pattern}.*"}i
      )
    end
@@ -100,18 +100,6 @@ class WpVersion < WpItem
      )
    end
    # Attempts to find the WordPress version from,
    # the generator tag in the RSS2 feed source.
    #
    # Have not been able to find an example of this - Ryan
    #def find_from_rss2_generator(target_uri)
    #  scan_url(
    #    target_uri,
    #    %r{<generator>http://wordpress.org/?v=(#{WpVersion.version_pattern})</generator>}i,
    #    'feed/rss/'
    #  )
    #end
    # Attempts to find the WordPress version from,
    # the generator tag in the Atom source.
    #
@@ -126,17 +114,33 @@ class WpVersion < WpItem
      )
    end
-    # Attempts to find the WordPress version from,
+    def find_from_stylesheets_numbers(target_uri)
-    # the generator tag in the comment rss source.
+      wp_versions = WpVersion.all
-    #
+      found       = {}
-    # Have not been able to find an example of this - Ryan
+      pattern     = /\bver=([0-9\.]+)/i
-    #def find_from_comments_rss_generator(target_uri)
+
-    # scan_url(
+      Nokogiri::HTML(Browser.get(target_uri.to_s).body).css('link,script').each do |tag|
-    # target_uri,
+        %w(href src).each do |attribute|
-    # %r{<!-- generator="WordPress/#{WpVersion.version_pattern}" -->}i,
+          attr_value = tag.attribute(attribute).to_s
-    # 'comments/feed/'
+
-    # )
+          next if attr_value.nil? || attr_value.empty?
-    #end
+
          uri = Addressable::URI.parse(attr_value)
          next unless uri.query && uri.query.match(pattern)
          version = Regexp.last_match[1].to_s
          found[version] ||= 0
          found[version] += 1
        end
      end
      found.delete_if { |v, _| !wp_versions.include?(v) }
      best_guess = found.sort_by(&:last).last
      # best_guess[0]: version number, [1] numbers of occurences
      best_guess && best_guess[1] > 1 ? best_guess[0] : nil
    end
    # Uses data/wp_versions.xml to try to identify a
    # wordpress version.
@@ -190,8 +194,6 @@ class WpVersion < WpItem
    # Attempts to find the WordPress version from the sitemap.xml file.
    #
    # See: http://code.google.com/p/wpscan/issues/detail?id=109
    #
    # @param [ URI ] target_uri
    #
    # @return [ String ] The version number
--- a/lib/common/models/wp_version/output.rb
+++ b/lib/common/models/wp_version/output.rb
@@ -3,15 +3,18 @@
 class WpVersion < WpItem
  module Output
-    def output
+    def output(verbose = false)
-      puts green('[+]') + " WordPress version #{self.number} identified from #{self.found_from}"
+      puts
      puts info("WordPress version #{self.number} identified from #{self.found_from}")
      vulnerabilities = self.vulnerabilities
      unless vulnerabilities.empty?
-        puts
+        if vulnerabilities.size == 1
-        puts red('[!]') + " #{vulnerabilities.size} vulnerabilities identified from the version number:"
+           puts critical("#{vulnerabilities.size} vulnerability identified from the version number")
-
+        else
           puts critical("#{vulnerabilities.size} vulnerabilities identified from the version number")
        end
        vulnerabilities.output
      end
    end
--- a/lib/common/models/wp_version/vulnerable.rb
+++ b/lib/common/models/wp_version/vulnerable.rb
@@ -1,20 +0,0 @@
 # encoding: UTF-8
 class WpVersion < WpItem
  module Vulnerable
    # @return [ String ] The path to the file containing vulnerabilities
    def vulns_file
      unless @vulns_file
        @vulns_file = WP_VULNS_FILE
      end
      @vulns_file
    end
    # @return [ String ]
    def vulns_xpath
      "//wordpress[@version='#{@number}']/vulnerability"
    end
  end
 end
--- a/lib/common/typhoeus_cache.rb
+++ b/lib/common/typhoeus_cache.rb
@@ -2,25 +2,14 @@
 require 'common/cache_file_store'
 # Implementaion of a cache_key (Typhoeus::Request#hash has too many options)
 module Typhoeus
  class Request
    module Cacheable
      def cache_key
        Digest::SHA2.hexdigest("#{url}-#{options[:body]}-#{options[:method]}")[0..32]
      end
    end
  end
 end
 class TyphoeusCache < CacheFileStore
  def get(request)
-    read_entry(request.cache_key)
+    read_entry(request.hash.to_s)
  end
  def set(request, response)
-    write_entry(request.cache_key, response, request.cache_ttl)
+    write_entry(request.hash.to_s, response, request.cache_ttl)
  end
 end
--- a/lib/common/updater/git_updater.rb
+++ b/lib/common/updater/git_updater.rb
@@ -1,37 +0,0 @@
 # encoding: UTF-8
 require 'common/updater/updater'
 class GitUpdater < Updater
  def is_installed?
    %x[git #{repo_directory_arguments()} status 2>&1] =~ /On branch/ ? true : false
  end
  # Git has not a revsion number like SVN,
  # so we will take the 7 first chars of the last commit hash
  def local_revision_number
    git_log = %x[git #{repo_directory_arguments()} log -1 2>&1]
    git_log[/commit ([0-9a-z]{7})/i, 1].to_s
  end
  def update
    %x[git #{repo_directory_arguments()} pull]
  end
  def has_local_changes?
    %x[git #{repo_directory_arguments()} diff --exit-code 2>&1] =~ /diff/ ? true : false
  end
  def reset_head
    %x[git #{repo_directory_arguments()} reset --hard HEAD]
  end
  protected
  def repo_directory_arguments
    if @repo_directory
      return "--git-dir=\"#{@repo_directory}/.git\" --work-tree=\"#{@repo_directory}\""
    end
  end
 end
--- a/lib/common/updater/svn_updater.rb
+++ b/lib/common/updater/svn_updater.rb
@@ -1,23 +0,0 @@
 # encoding: UTF-8
 require 'common/updater/updater'
 class SvnUpdater < Updater
  REVISION_PATTERN = /revision="(\d+)"/i
  TRUNK_URL        = 'https://github.com/wpscanteam/wpscan'
  def is_installed?
    %x[svn info "#@repo_directory" --xml 2>&1] =~ /revision=/ ? true : false
  end
  def local_revision_number
    local_revision = %x[svn info "#@repo_directory" --xml 2>&1]
    local_revision[REVISION_PATTERN, 1].to_s
  end
  def update
    %x[svn up "#@repo_directory"]
  end
 end
--- a/lib/common/updater/updater.rb
+++ b/lib/common/updater/updater.rb
@@ -1,25 +0,0 @@
 # encoding: UTF-8
 # This class act as an absract one
 class Updater
  attr_reader :repo_directory
  # TODO : add a last '/ to repo_directory if it's not present
  def initialize(repo_directory = nil)
    @repo_directory = repo_directory
  end
  def is_installed?
    raise NotImplementedError
  end
  def local_revision_number
    raise NotImplementedError
  end
  def update
    raise NotImplementedError
  end
 end
--- a/lib/common/updater/updater_factory.rb
+++ b/lib/common/updater/updater_factory.rb
@@ -1,23 +0,0 @@
 # encoding: UTF-8
 class UpdaterFactory
  def self.get_updater(repo_directory)
    self.available_updaters_classes().each do |updater_symbol|
      updater = Object.const_get(updater_symbol).new(repo_directory)
      if updater.is_installed?
        return updater
      end
    end
    nil
  end
  protected
  # return array of class symbols
  def self.available_updaters_classes
    Object.constants.grep(/^.+Updater$/)
  end
 end
--- a/lib/common/version_compare.rb
+++ b/lib/common/version_compare.rb
@@ -2,14 +2,18 @@
 class VersionCompare
-  # Compares two version strings. Returns true if version1 is equal to version2
+  # Compares two version strings. Returns true if version1 <= version2
-  # or when version1 is older than version2
+  # and false otherwise
  #
  # @param [ String ] version1
  # @param [ String ] version2
  #
  # @return [ Boolean ]
-  def self.is_newer_or_same?(version1, version2)
+  def self.lesser_or_equal?(version1, version2)
    # Prepend a '0' if the version starts with a '.'
    version1 = prepend_zero(version1)
    version2 = prepend_zero(version2)
    return true if (version1 == version2)
    # Both versions must be set
    return false unless (version1 and version2)
@@ -22,5 +26,37 @@ class VersionCompare
      raise
    end
    return false
-	end
+  end
  # Compares two version strings. Returns true if version1 < version2
  # and false otherwise
  #
  # @param [ String ] version1
  # @param [ String ] version2
  #
  # @return [ Boolean ]
  def self.lesser?(version1, version2)
    # Prepend a '0' if the version starts with a '.'
    version1 = prepend_zero(version1)
    version2 = prepend_zero(version2)
    return false if (version1 == version2)
    # Both versions must be set
    return false unless (version1 and version2)
    return false if (version1.empty? or version2.empty?)
    begin
      return true if (Gem::Version.new(version1) < Gem::Version.new(version2))
    rescue ArgumentError => e
      # Example: ArgumentError: Malformed version number string a
      return false if e.message =~ /Malformed version number string/
      raise
    end
    return false
  end
  # @return [ String ]
  def self.prepend_zero(version)
    return nil if version.nil?
    version[0,1] == '.' ? "0#{version}" : version
  end
 end
--- a/lib/environment.rb
+++ b/lib/environment.rb
@@ -28,12 +28,14 @@ begin
  require 'pp'
  require 'shellwords'
  require 'fileutils'
  require 'pathname'
  # Third party libs
  require 'typhoeus'
-  require 'json'
+  require 'yajl/json_gem'
  require 'nokogiri'
  require 'terminal-table'
  require 'ruby-progressbar'
  require 'addressable/uri'
  # Custom libs
  require 'common/browser'
  require 'common/custom_option_parser'
--- a/lib/wpscan/web_site.rb
+++ b/lib/wpscan/web_site.rb
@@ -52,8 +52,11 @@ class WebSite
    url ||= @uri.to_s
    response = Browser.get(url)
    redirected_uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
    if response.code == 301 || response.code == 302
-      redirection = response.headers_hash['location']
+      redirection = redirected_uri.merge(response.headers_hash['location']).to_s
      return redirection if url == redirection # prevents infinite loop
      # Let's check if there is a redirection in the redirection
      if other_redirection = redirection(redirection)
@@ -71,7 +74,7 @@ class WebSite
  #
  # @return [ String ] The MD5 hash of the page
  def self.page_hash(page)
-    page = Browser.get(page) unless page.is_a?(Typhoeus::Response)
+    page = Browser.get(page, { followlocation: true, cache_ttl: 0 }) unless page.is_a?(Typhoeus::Response)
    Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
  end
--- a/lib/wpscan/web_site/robots_txt.rb
+++ b/lib/wpscan/web_site/robots_txt.rb
@@ -12,12 +12,9 @@ class WebSite
    # Gets a robots.txt URL
    # @return [ String ]
    def robots_url
-      temp = @uri.clone
+      @uri.clone.merge('robots.txt').to_s
      temp.path = '/robots.txt'
      temp.to_s
    end
    # Parse robots.txt
    # @return [ Array ] URLs generated from robots.txt
    def parse_robots_txt
@@ -31,6 +28,7 @@ class WebSite
      if entries
        entries.flatten!
        entries.compact.sort!
        entries.uniq!
        wordpress_path = @uri.path
        RobotsTxt.known_dirs.each do |d|
          entries.delete(d)
@@ -42,9 +40,9 @@ class WebSite
        entries.each do |d|
          begin
            temp = @uri.clone
-            temp.path = d
+            temp.path = d.strip
          rescue URI::Error
-            temp = d
+            temp = d.strip
          end
          return_object << temp.to_s
        end
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -1,19 +1,19 @@
 # encoding: UTF-8
 require 'web_site'
 require 'wp_target/malwares'
 require 'wp_target/wp_readme'
 require 'wp_target/wp_registrable'
 require 'wp_target/wp_config_backup'
 require 'wp_target/wp_must_use_plugins'
 require 'wp_target/wp_login_protection'
 require 'wp_target/wp_custom_directories'
 require 'wp_target/wp_full_path_disclosure'
 class WpTarget < WebSite
  include WpTarget::Malwares
  include WpTarget::WpReadme
  include WpTarget::WpRegistrable
  include WpTarget::WpConfigBackup
  include WpTarget::WpMustUsePlugins
  include WpTarget::WpLoginProtection
  include WpTarget::WpCustomDirectories
  include WpTarget::WpFullPathDisclosure
@@ -21,14 +21,20 @@ class WpTarget < WebSite
  attr_reader :verbose
  def initialize(target_url, options = {})
    raise Exception.new('target_url can not be nil or empty') if target_url.nil? || target_url == ''
    super(target_url)
    @verbose        = options[:verbose]
    @wp_content_dir = options[:wp_content_dir]
    @wp_plugins_dir = options[:wp_plugins_dir]
    @multisite      = nil
    @vhost = options[:vhost]
    Browser.instance.referer = url
    if @vhost
      Browser.instance.vhost = @vhost
    end
    Browser.instance(options.merge(:max_threads => options[:threads]))
  end
  # check if the target website is
@@ -38,7 +44,14 @@ class WpTarget < WebSite
    response = Browser.get_and_follow_location(@uri.to_s)
-    if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
+    # Note: in the future major WPScan version, change the user-agent to see
    # if the response is a 200 ?
    fail "The target is responding with a 403, this might be due to a WAF or a plugin.\n" \
          'You should try to supply a valid user-agent via the --user-agent option or use the --random-agent option' if response.code == 403
    dir = wp_content_dir ? wp_content_dir : 'wp-content'
    if response.body =~ /["'][^"']*\/#{Regexp.escape(dir)}\/[^"']*["']/i
      wordpress = true
    else
@@ -65,9 +78,7 @@ class WpTarget < WebSite
    # Let's check if the login url is redirected (to https url for example)
    redirection = redirection(url)
-    if redirection
+    url = redirection if redirection
      url = redirection
    end
    url
  end
@@ -93,7 +104,7 @@ class WpTarget < WebSite
  end
  # :nocov:
-  # The version is not yet considerated
+  # The version is not yet considered
  #
  # @param [ String ] name
  # @param [ String ] version
@@ -116,11 +127,16 @@ class WpTarget < WebSite
  # @return [ String ]
  def debug_log_url
-    @uri.merge("#{wp_content_dir()}/debug.log").to_s
+    @uri.merge("#{wp_content_dir}/debug.log").to_s
  end
  # @return [ String ]
  def upload_dir_url
    @uri.merge("#{wp_content_dir}/uploads/").to_s
  end
  # Script for replacing strings in wordpress databases
-  # reveals databse credentials after hitting submit
+  # reveals database credentials after hitting submit
  # http://interconnectit.com/124/search-and-replace-for-wordpress-databases/
  #
  # @return [ String ]
@@ -133,4 +149,8 @@ class WpTarget < WebSite
    resp = Browser.get(search_replace_db_2_url)
    resp.code == 200 && resp.body[%r{by interconnect}i]
  end
  def upload_directory_listing_enabled?
    directory_listing_enabled?(upload_dir_url)
  end
 end
--- a/lib/wpscan/wp_target/malwares.rb
+++ b/lib/wpscan/wp_target/malwares.rb
@@ -1,50 +0,0 @@
 # encoding: UTF-8
 class WpTarget < WebSite
  module Malwares
    # Used as cache :
    #   nil => malwares not checked,
    #   [] => no malwares,
    #   otherwise array of malwares url found
    @malwares = nil
    def has_malwares?(malwares_file_path = nil)
      !malwares(malwares_file_path).empty?
    end
    # return array of string (url of malwares found)
    def malwares(malwares_file_path = nil)
      unless @malwares
        malwares_found = []
        malwares_file = Malwares.malwares_file(malwares_file_path)
        index_page_body = Browser.get(@uri.to_s).body
        File.open(malwares_file, 'r') do |file|
          file.readlines.collect do |url|
            chomped_url = url.chomp
            if chomped_url.length > 0
              malwares_found += index_page_body.scan(Malwares.malware_pattern(chomped_url))
            end
          end
        end
        malwares_found.flatten!
        malwares_found.uniq!
        @malwares = malwares_found
      end
      @malwares
    end
    def self.malwares_file(malwares_file_path)
      malwares_file_path || DATA_DIR + '/malwares.txt'
    end
    def self.malware_pattern(url_regex)
      # no need to escape regex here, because malware.txt contains regex
      %r{<(?:script|iframe).* src=(?:"|')(#{url_regex}[^"']*)(?:"|')[^>]*>}i
    end
  end
 end
--- a/lib/wpscan/wp_target/wp_config_backup.rb
+++ b/lib/wpscan/wp_target/wp_config_backup.rb
@@ -40,9 +40,9 @@ class WpTarget < WebSite
    # @return [ Array ]
    def self.config_backup_files
      %w{
-        wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
+        wp-config.php~ #wp-config.php# wp-config.php.save .wp-config.php.swp wp-config.php.swp wp-config.php.swo
-        wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
+        wp-config.php_bak wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old
-        wp-config.orig wp-config.php.original wp-config.original wp-config.txt
+        wp-config.php.orig wp-config.orig wp-config.php.original wp-config.original wp-config.txt
      } # thanks to Feross.org for these
    end
--- a/lib/wpscan/wp_target/wp_custom_directories.rb
+++ b/lib/wpscan/wp_target/wp_custom_directories.rb
@@ -23,9 +23,9 @@ class WpTarget < WebSite
    # @return [ Boolean ]
    def default_wp_content_dir_exists?
      response = Browser.get(@uri.merge('wp-content').to_s)
      hash = Digest::MD5.hexdigest(response.body)
      if WpTarget.valid_response_codes.include?(response.code)
        hash = WebSite.page_hash(response)
        return true if hash != error_404_hash and hash != homepage_hash
      end
--- a/lib/wpscan/wp_target/wp_full_path_disclosure.rb
+++ b/lib/wpscan/wp_target/wp_full_path_disclosure.rb
@@ -2,19 +2,21 @@
 class WpTarget < WebSite
  module WpFullPathDisclosure
    # Check for Full Path Disclosure (FPD)
    #
    # @return [ Boolean ]
    def has_full_path_disclosure?
-      response = Browser.get(full_path_disclosure_url())
+      Browser.get(full_path_disclosure_url).body[%r/Fatal error/i] ? true : false
-      response.body[%r{Fatal error}i] ? true : false
+    end
    def full_path_disclosure_data
      return nil unless has_full_path_disclosure?
      Browser.get(full_path_disclosure_url).body[/Fatal error:.+? in (.+?) on/i, 1]
    end
    # @return [ String ]
    def full_path_disclosure_url
      @uri.merge('wp-includes/rss-functions.php').to_s
    end
  end
 end
--- a/lib/wpscan/wp_target/wp_login_protection.rb
+++ b/lib/wpscan/wp_target/wp_login_protection.rb
@@ -8,11 +8,10 @@ class WpTarget < WebSite
    @login_protection_plugin = nil
    def has_login_protection?
-      !login_protection_plugin().nil?
+      !login_protection_plugin.nil?
    end
    # Checks if a login protection plugin is enabled
    # http://code.google.com/p/wpscan/issues/detail?id=111
    # return a WpPlugin object or nil if no one is found
    def login_protection_plugin
      unless @login_protection_plugin
@@ -75,7 +74,7 @@ class WpTarget < WebSite
    # http://wordpress.org/extend/plugins/login-security-solution/
    def has_login_security_solution_protection?
-      Browser.get(login_security_solution_url()).code != 404
+      Browser.get(login_security_solution_url).code != 404
    end
    def login_security_solution_url
@@ -100,5 +99,12 @@ class WpTarget < WebSite
      plugin_url('bluetrait-event-viewer')
    end
    # https://wordpress.org/plugins/security-protection/
    def has_security_protection_protection?
      Nokogiri::HTML(Browser.get(login_url).body).css('script').each do |node|
        return true if node['src'] =~ /security-protection.js/i
      end
      false
    end
  end
 end
--- a/lib/wpscan/wp_target/wp_must_use_plugins.rb
+++ b/lib/wpscan/wp_target/wp_must_use_plugins.rb
@@ -0,0 +1,24 @@
 # encoding: UTF-8
 class WpTarget < WebSite
  module WpMustUsePlugins
    # Checks to see if the must use plugin folder exists
    #
    # @return [ Boolean ]
    def has_must_use_plugins?
      response = Browser.get(must_use_url)
      if response && [200, 401, 403].include?(response.code)
        hash = WebSite.page_hash(response)
        return true if hash != error_404_hash && hash != homepage_hash
      end
      false
    end
    # @return [ String ] The must use plugins directory URL
    def must_use_url
      @uri.merge("#{wp_content_dir}/mu-plugins/").to_s
    end
  end
 end
--- a/lib/wpscan/wp_target/wp_readme.rb
+++ b/lib/wpscan/wp_target/wp_readme.rb
@@ -10,7 +10,7 @@ class WpTarget < WebSite
    #
    # @return [ Boolean ]
    def has_readme?
-      response = Browser.get(readme_url())
+      response = Browser.get(readme_url)
      unless response.code == 404
        return response.body =~ %r{wordpress}i ? true : false
--- a/lib/wpscan/wpscan_helper.rb
+++ b/lib/wpscan/wpscan_helper.rb
@@ -46,7 +46,7 @@ def usage
  puts '-Use custom plugins directory ...'
  puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins"
  puts
-  puts '-Update ...'
+  puts '-Update the DB ...'
  puts "ruby #{script_name} --update"
  puts
  puts '-Debug output ...'
@@ -60,13 +60,12 @@ end
 def help
  puts 'Help :'
  puts
-  puts 'Some values are settable in conf/browser.conf.json :'
+  puts 'Some values are settable in a config file, see the example.conf.json'
  puts '  user-agent, proxy, proxy-auth, threads, cache timeout and request timeout'
  puts
-  puts '--update   Update to the latest revision'
+  puts '--update                            Update to the database to the latest version.'
-  puts '--url   | -u <target url>  The WordPress URL/domain to scan.'
+  puts '--url       | -u <target url>       The WordPress URL/domain to scan.'
-  puts '--force | -f Forces WPScan to not check if the remote site is running WordPress.'
+  puts '--force     | -f                    Forces WPScan to not check if the remote site is running WordPress.'
-  puts '--enumerate | -e [option(s)]  Enumeration.'
+  puts '--enumerate | -e [option(s)]        Enumeration.'
  puts '  option :'
  puts '    u        usernames from id 1 to 10'
  puts '    u[10-20] usernames from id 10 to 20 (you must write [] chars)'
@@ -80,20 +79,54 @@ def help
  puts '  Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins'
  puts '  If no option is supplied, the default is "vt,tt,u,vp"'
  puts
-  puts '--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied'
+  puts '--exclude-content-based "<regexp or string>"'
-  puts '                                             You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)'
+  puts '                                    Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied.'
-  puts '--config-file | -c <config file> Use the specified config file'
+  puts '                                    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).'
-  puts '--follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
+  puts '--config-file  | -c <config file>   Use the specified config file, see the example.conf.json.'
-  puts '--wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed'
+  puts '--user-agent   | -a <User-Agent>    Use the specified User-Agent.'
-  puts '--wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
+  puts '--cookie <String>                   String to read cookies from.'
-  puts '--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).'
+  puts '--random-agent | -r                 Use a random User-Agent.'
-  puts '                                 HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used'
+  puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
-  puts '--proxy-auth <username:password>  Supply the proxy login credentials (will override the one from conf/browser.conf.json).'
+  puts '--batch                             Never ask for user input, use the default behaviour.'
-  puts '--basic-auth <username:password>  Set the HTTP Basic authentication'
+  puts '--no-color                          Do not use colors in the output.'
-  puts '--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.'
+  puts '--wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it.'
-  puts '--threads  | -t <number of threads>  The number of threads to use when multi-threading requests. (will override the value from conf/browser.conf.json)'
+  puts '                                    Subdirectories are allowed.'
-  puts '--username | -U <username>  Only brute force the supplied username.'
+  puts '--wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.'
-  puts '--help     | -h This help screen.'
+  puts '                                    If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
-  puts '--verbose  | -v Verbose output.'
+  puts '--proxy <[protocol://]host:port>    Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported.'
  puts '                                    If no protocol is given (format host:port), HTTP will be used.'
  puts '--proxy-auth <username:password>    Supply the proxy login credentials.'
  puts '--basic-auth <username:password>    Set the HTTP Basic authentication.'
  puts '--wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.'
  puts '--username | -U <username>          Only brute force the supplied username.'
  puts '--usernames     <path-to-file>      Only brute force the usernames from the file.'
  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
  puts '--cache-ttl       <cache-ttl>       Typhoeus cache TTL.'
  puts '--request-timeout <request-timeout> Request Timeout.'
  puts '--connect-timeout <connect-timeout> Connect Timeout.'
  puts '--max-threads     <max-threads>     Maximum Threads.'
  puts '--throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.'
  puts '--help     | -h                     This help screen.'
  puts '--verbose  | -v                     Verbose output.'
  puts '--version                           Output the current version and exit.'
  puts
 end
 # Hook to check if the target if down during the scan
 # And have the number of requests performed to display at the end of the scan
 # The target is considered down after 30 requests with status = 0
 down                 = 0
@total_requests_done = 0
 Typhoeus.on_complete do |response|
  next if response.cached?
  down += 1 if response.code == 0
  @total_requests_done += 1
  fail 'The target seems to be down' if down >= 30
  next unless Browser.instance.throttle > 0
  sleep(Browser.instance.throttle)
 end
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -1,8 +1,8 @@
 # encoding: UTF-8
 class WpscanOptions
  ACCESSOR_OPTIONS = [
    :batch,
    :enumerate_plugins,
    :enumerate_only_vulnerable_plugins,
    :enumerate_all_plugins,
@@ -12,25 +12,38 @@ class WpscanOptions
    :enumerate_timthumbs,
    :enumerate_usernames,
    :enumerate_usernames_range,
    :no_color,
    :log,
    :proxy,
    :proxy_auth,
    :threads,
    :url,
    :vhost,
    :wordlist,
    :force,
    :update,
    :verbose,
    :username,
    :usernames,
    :password,
    :follow_redirection,
    :wp_content_dir,
    :wp_plugins_dir,
    :help,
    :config_file,
    :cookie,
    :exclude_content_based,
    :basic_auth,
    :debug_output,
-    :version
+    :version,
    :user_agent,
    :random_agent,
    :cache_ttl,
    :request_timeout,
    :connect_timeout,
    :max_threads,
    :no_banner,
    :throttle
  ]
  attr_accessor *ACCESSOR_OPTIONS
@@ -42,11 +55,17 @@ class WpscanOptions
  end
  def url=(url)
-    raise 'Empty URL given' if !url
+    raise  Exception.new('Empty URL given') if url.nil? || url == ''
    url = Addressable::URI.parse(url).normalize.to_s unless url.ascii_only?
    @url = URI.parse(add_http_protocol(url)).to_s
  end
  def vhost=(vhost)
    @vhost = vhost
  end
  def threads=(threads)
    @threads = threads.is_a?(Integer) ? threads : threads.to_i
  end
@@ -59,6 +78,12 @@ class WpscanOptions
    end
  end
  def usernames=(file)
    fail "The file #{file} does not exist" unless File.exists?(file)
    @usernames = file
  end
  def proxy=(proxy)
    if proxy.index(':') == nil
      raise 'Invalid proxy format. Should be host:port.'
@@ -136,6 +161,10 @@ class WpscanOptions
    !to_h.empty?
  end
  def random_agent=(useless)
    @user_agent = get_random_user_agent
  end
  # return Hash
  def to_h
    options = {}
@@ -222,11 +251,15 @@ class WpscanOptions
  def self.get_opt_long
    GetoptLong.new(
      ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
      ['--vhost',GetoptLong::OPTIONAL_ARGUMENT],
      ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT],
      ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT],
      ['--usernames', GetoptLong::REQUIRED_ARGUMENT],
      ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT],
      ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT],
      ['--force', '-f', GetoptLong::NO_ARGUMENT],
      ['--user-agent', '-a', GetoptLong::REQUIRED_ARGUMENT],
      ['--random-agent', '-r', GetoptLong::NO_ARGUMENT],
      ['--help', '-h', GetoptLong::NO_ARGUMENT],
      ['--verbose', '-v', GetoptLong::NO_ARGUMENT],
      ['--proxy', GetoptLong::REQUIRED_ARGUMENT],
@@ -239,7 +272,17 @@ class WpscanOptions
      ['--exclude-content-based', GetoptLong::REQUIRED_ARGUMENT],
      ['--basic-auth', GetoptLong::REQUIRED_ARGUMENT],
      ['--debug-output', GetoptLong::NO_ARGUMENT],
-      ['--version', GetoptLong::NO_ARGUMENT]
+      ['--version', GetoptLong::NO_ARGUMENT],
      ['--cache-ttl', GetoptLong::REQUIRED_ARGUMENT],
      ['--request-timeout', GetoptLong::REQUIRED_ARGUMENT],
      ['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT],
      ['--max-threads', GetoptLong::REQUIRED_ARGUMENT],
      ['--batch', GetoptLong::NO_ARGUMENT],
      ['--no-color', GetoptLong::NO_ARGUMENT],
      ['--cookie', GetoptLong::REQUIRED_ARGUMENT],
      ['--log', GetoptLong::NO_ARGUMENT],
      ['--no-banner', GetoptLong::NO_ARGUMENT],
      ['--throttle', GetoptLong::REQUIRED_ARGUMENT]
    )
  end
--- a/lib/wpstools/plugins/checker/checker_plugin.rb
+++ b/lib/wpstools/plugins/checker/checker_plugin.rb
@@ -1,127 +0,0 @@
 # encoding: UTF-8
 class CheckerPlugin < Plugin
  def initialize
    super(author: 'WPScanTeam - @erwanlr')
    register_options(
      ['--check-vuln-ref-urls', '--cvru', 'Check all the vulnerabilities reference urls for 404'],
      ['--check-local-vulnerable-files LOCAL_DIRECTORY', '--clvf', 'Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells']
    )
  end
  def run(options = {})
    if options[:check_vuln_ref_urls]
      check_vuln_ref_urls
    end
    if options[:check_local_vulnerable_files]
      check_local_vulnerable_files(options[:check_local_vulnerable_files])
    end
  end
  def check_vuln_ref_urls
    vuln_ref_files   = [PLUGINS_VULNS_FILE, THEMES_VULNS_FILE, WP_VULNS_FILE]
    error_codes      = [404, 500, 403]
    not_found_regexp = %r{No Results Found|error 404|ID Invalid or Not Found}i
    puts '[+] Checking vulnerabilities reference urls'
    vuln_ref_files.each do |vuln_ref_file|
      xml = xml(vuln_ref_file)
      urls = []
      xml.xpath('//reference').each { |node| urls << node.text }
      urls.uniq!
      dead_urls       = []
      queue_count     = 0
      request_count   = 0
      browser         = Browser.instance
      hydra           = browser.hydra
      number_of_urls  = urls.size
      urls.each do |url|
        request = browser.forge_request(url, { cache_ttl: 0, followlocation: true })
        request_count += 1
        request.on_complete do |response|
          print "\r  [+] Checking #{vuln_ref_file} #{number_of_urls} total ... #{(request_count * 100) / number_of_urls}% complete."
          if error_codes.include?(response.code) or not_found_regexp.match(response.body)
            dead_urls << url
          end
        end
        hydra.queue(request)
        queue_count += 1
        if queue_count == browser.max_threads
          hydra.run
          queue_count = 0
        end
      end
      hydra.run
      puts
      unless dead_urls.empty?
        dead_urls.each { |url| puts "    Not Found #{url}" }
      end
    end
  end
  def check_local_vulnerable_files(dir_to_scan)
    if Dir::exist?(dir_to_scan)
      xml_file               = LOCAL_FILES_FILE
      local_hashes           = {}
      file_extension_to_scan = '*.{js,php,swf,html,htm}'
      print '[+] Generating local hashes ... '
      Dir[File::join(dir_to_scan, '**', file_extension_to_scan)].each do |filename|
        sha1sum = Digest::SHA1.file(filename).hexdigest
        if local_hashes.has_key?(sha1sum)
          local_hashes[sha1sum] << filename
        else
          local_hashes[sha1sum] = [filename]
        end
      end
      puts 'done.'
      puts '[+] Checking for vulnerable files ...'
      xml = xml(xml_file)
      xml.xpath('//hash').each do |node|
        sha1sum = node.attribute('sha1').text
        if local_hashes.has_key?(sha1sum)
          local_filenames = local_hashes[sha1sum]
          vuln_title      = node.search('title').text
          vuln_filename   = node.search('file').text
          vuln_refrence   = node.search('reference').text
          puts "  #{vuln_filename} found :"
          puts '  | Location(s):'
          local_filenames.each do |file|
            puts "  |  - #{file}"
          end
          puts '  |'
          puts "  | Title: #{vuln_title}"
          puts "  | Refrence: #{vuln_refrence}" if !vuln_refrence.empty?
          puts
        end
      end
      puts 'done.'
    else
      puts "The supplied directory '#{dir_to_scan}' does not exist"
    end
  end
 end
--- a/lib/wpstools/plugins/list_generator/generate_list.rb
+++ b/lib/wpstools/plugins/list_generator/generate_list.rb
@@ -1,104 +0,0 @@
 # encoding: UTF-8
 # This tool generates a list to use for plugin and theme enumeration
 class GenerateList
  attr_accessor :verbose
  # type = themes | plugins
  def initialize(type, verbose)
    if type =~ /plugins/i
      @type           = 'plugin'
      @svn_url        = 'http://plugins.svn.wordpress.org/'
      @popular_url    = 'http://wordpress.org/plugins/browse/popular/'
      @popular_regex  = %r{<h3><a href="http://wordpress.org/plugins/([^/]+)/">.+</a></h3>}i
    elsif type =~ /themes/i
      @type           = 'theme'
      @svn_url        = 'http://themes.svn.wordpress.org/'
      @popular_url    = 'http://wordpress.org/themes/browse/popular/'
      @popular_regex  = %r{<h3><a href="http://wordpress.org/themes/([^/]+)">.+</a></h3>}i
    else
      raise "Type #{type} not defined"
    end
    @verbose  = verbose
    @browser  = Browser.instance(request_timeout: 20000, connect_timeout: 20000, max_threads: 1, cache_ttl: 0)
  end
  def set_file_name(type)
    case @type
    when 'plugin'
      case type
      when :full
        @file_name = PLUGINS_FULL_FILE
      when :popular
        @file_name = PLUGINS_FILE
      else
        raise 'Unknown type'
      end
    when 'theme'
      case type
      when :full
        @file_name = THEMES_FULL_FILE
      when :popular
        @file_name = THEMES_FILE
      else
        raise 'Unknown type'
      end
      else
        raise "Unknown type #@type"
    end
  end
  def generate_full_list
    set_file_name(:full)
    items = SvnParser.new(@svn_url).parse
    save items
  end
  def generate_popular_list(pages)
    set_file_name(:popular)
    items = get_popular_items(pages)
    save items
  end
  # Send a HTTP request to the WordPress most popular theme or plugin webpage
  # parse the response for the names.
  def get_popular_items(pages)
    found_items = []
    page_count = 1
    (1...(pages.to_i + 1)).each do |page|
      # First page has another URL
      url = (page == 1) ? @popular_url : @popular_url + 'page/' + page.to_s + '/'
      puts "[+] Parsing page #{page_count}" if @verbose
      code = 0
      while code != 200
        puts red("[!] Retrying request for page #{page} (Code: #{code})") unless code == 0
        request = @browser.forge_request(url)
        response = request.run
        code = response.code
        sleep(5) unless code == 200
      end
      page_count += 1
      found = 0
      response.body.scan(@popular_regex).each do |item|
        found_items << item[0]
        found = found + 1
      end
      puts "[+] Found #{found} items on page #{page}" if @verbose
    end
    found_items.sort!
    found_items.uniq
  end
  # Save the file
  def save(items)
    items.sort!
    items.uniq!
    puts "[*] We have parsed #{items.length} #{@type}s"
    File.open(@file_name, 'w') { |f| f.puts(items) }
    puts "New #@file_name file created"
  end
 end
--- a/lib/wpstools/plugins/list_generator/list_generator_plugin.rb
+++ b/lib/wpstools/plugins/list_generator/list_generator_plugin.rb
@@ -1,53 +0,0 @@
 # encoding: UTF-8
 class ListGeneratorPlugin < Plugin
  def initialize
    super(author: 'WPScanTeam - @FireFart')
    register_options(
      ['--generate-plugin-list [NUMBER_OF_PAGES]', '--gpl', Integer, 'Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)'],
      ['--generate-full-plugin-list', '--gfpl', 'Generate a new full data/plugins.txt file'],
      ['--generate-theme-list [NUMBER_OF_PAGES]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)'],
      ['--generate-full-theme-list', '--gftl', 'Generate a new full data/themes.txt file'],
      ['--generate-all', '--ga', 'Generate a new full plugins, full themes, popular plugins and popular themes list']
    )
  end
  def run(options = {})
    @verbose     = options[:verbose] || false
    generate_all = options[:generate_all] || false
    if options.has_key?(:generate_plugin_list) || generate_all
      most_popular('plugin', options[:generate_plugin_list] || 150)
    end
    if options[:generate_full_plugin_list] || generate_all
      full('plugin')
    end
    if options.has_key?(:generate_theme_list) || generate_all
      most_popular('theme', options[:generate_theme_list] || 20)
    end
    if options[:generate_full_theme_list] || generate_all
      full('theme')
    end
  end
  private
  def most_popular(type, number_of_pages)
    puts "[+] Generating new most popular #{type} list"
    puts
    GenerateList.new(type + 's', @verbose).generate_popular_list(number_of_pages)
  end
  def full(type)
    puts "[+] Generating new full #{type} list"
    puts
    GenerateList.new(type + 's', @verbose).generate_full_list
  end
 end
--- a/lib/wpstools/plugins/list_generator/svn_parser.rb
+++ b/lib/wpstools/plugins/list_generator/svn_parser.rb
@@ -1,31 +0,0 @@
 # encoding: UTF-8
 # This Class Parses SVN Repositories via HTTP
 class SvnParser
  attr_accessor :verbose, :svn_root, :keep_empty_dirs
  def initialize(svn_root)
    @svn_root    = svn_root
  end
  def parse
    get_root_directories
  end
  #Private methods start here
  private
  # Gets all directories in the SVN root
  def get_root_directories
    dirs      = []
    rootindex = Browser.get(@svn_root).body
    rootindex.scan(%r{<li><a href=".+">(.+)/</a></li>}i).each do |dir|
      dirs << dir[0]
    end
    dirs.sort!
    dirs.uniq
  end
 end
--- a/lib/wpstools/plugins/stats/stats_plugin.rb
+++ b/lib/wpstools/plugins/stats/stats_plugin.rb
@@ -1,65 +0,0 @@
 # encoding: UTF-8
 class StatsPlugin < Plugin
  def initialize
    super(author: 'WPScanTeam - Christian Mehlmauer')
    register_options(
        ['--stats', '--s', 'Show WpScan Database statistics']
    )
  end
  def run(options = {})
    if options[:stats]
      puts 'Wpscan Databse Statistics:'
      puts '--------------------------'
      puts "[#] Total vulnerable versions: #{vuln_core_count}"
      puts "[#] Total vulnerable plugins: #{vuln_plugin_count}"
      puts "[#] Total vulnerable themes: #{vuln_theme_count}"
      puts "[#] Total version vulnerabilities: #{version_vulns_count}"
      puts "[#] Total plugin vulnerabilities: #{plugin_vulns_count}"
      puts "[#] Total theme vulnerabilities: #{theme_vulns_count}"
      puts "[#] Total plugins to enumerate: #{total_plugins}"
      puts "[#] Total themes to enumerate: #{total_themes}"
      puts
    end
  end
  def vuln_core_count(file=WP_VULNS_FILE)
    xml(file).xpath('count(//wordpress)').to_i
  end
  def vuln_plugin_count(file=PLUGINS_VULNS_FILE)
    xml(file).xpath('count(//plugin)').to_i
  end
  def vuln_theme_count(file=THEMES_VULNS_FILE)
    xml(file).xpath('count(//theme)').to_i
  end
  def version_vulns_count(file=WP_VULNS_FILE)
    xml(file).xpath('count(//vulnerability)').to_i
  end
  def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
    xml(file).xpath('count(//vulnerability)').to_i
  end
  def theme_vulns_count(file=THEMES_VULNS_FILE)
    xml(file).xpath('count(//vulnerability)').to_i
  end
  def total_plugins(file=PLUGINS_FULL_FILE)
    lines_in_file(file)
  end
  def total_themes(file=THEMES_FULL_FILE)
    lines_in_file(file)
  end
  def lines_in_file(file)
    IO.readlines(file).size
  end
 end
--- a/lib/wpstools/wpstools_helper.rb
+++ b/lib/wpstools/wpstools_helper.rb
@@ -1,35 +0,0 @@
 # encoding: UTF-8
 require File.expand_path(File.dirname(__FILE__) + '/../common/common_helper')
 require_files_from_directory(WPSTOOLS_LIB_DIR)
 require_files_from_directory(WPSTOOLS_PLUGINS_DIR, '**/*.rb')
 def usage
  script_name = $0
  puts
  puts '-h for further help.'
  puts
  puts 'Examples:'
  puts
  puts "- Generate a new 'most popular' plugin list, up to 150 pages ..."
  puts "ruby #{script_name} --generate-plugin-list 150"
  puts
  puts '- Generate a new full plugin list'
  puts "ruby #{script_name} --generate-full-plugin-list"
  puts
  puts "- Generate a new 'most popular' theme list, up to 150 pages ..."
  puts "ruby #{script_name} --generate-theme-list 150"
  puts
  puts '- Generate a new full theme list'
  puts "ruby #{script_name} --generate-full-theme-list"
  puts
  puts '- Generate all list'
  puts "ruby #{script_name} --generate-all"
  puts
  puts 'Locally scan a wordpress installation for vulnerable files or shells'
  puts "ruby #{script_name} --check-local-vulnerable-files /var/www/wordpress/"
  puts
  puts 'See README for further information.'
  puts
 end
--- a/spec/lib/common/browser_spec.rb
+++ b/spec/lib/common/browser_spec.rb
@@ -6,9 +6,9 @@ describe Browser do
  it_behaves_like 'Browser::Actions'
  it_behaves_like 'Browser::Options'
-  CONFIG_FILE_WITHOUT_PROXY       = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf.json'
+  CONFIG_FILE_WITHOUT_PROXY       = SPEC_FIXTURES_CONF_DIR + '/browser.conf.json'
-  CONFIG_FILE_WITH_PROXY          = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf_proxy.json'
+  CONFIG_FILE_WITH_PROXY          = SPEC_FIXTURES_CONF_DIR + '/browser.conf_proxy.json'
-  #CONFIG_FILE_WITH_PROXY_AND_AUTH = SPEC_FIXTURES_CONF_DIR + '/browser/browser.conf_proxy_auth.json'
+  #CONFIG_FILE_WITH_PROXY_AND_AUTH = SPEC_FIXTURES_CONF_DIR + '/browser.conf_proxy_auth.json'
  subject(:browser) {
    Browser.reset
@@ -16,17 +16,16 @@ describe Browser do
  }
  let(:options) { {} }
  let(:instance_vars_to_check) {
-    ['user_agent', 'user_agent_mode', 'available_user_agents', 'proxy',
+    ['proxy', 'max_threads', 'cache_ttl', 'request_timeout', 'connect_timeout']
     'max_threads', 'cache_ttl', 'request_timeout', 'connect_timeout']
  }
  let(:json_config_without_proxy) { JSON.parse(File.read(CONFIG_FILE_WITHOUT_PROXY)) }
  let(:json_config_with_proxy)    { JSON.parse(File.read(CONFIG_FILE_WITH_PROXY)) }
  def check_instance_variables(browser, json_expected_vars)
-    json_expected_vars['max_threads'] ||= 1 # max_thread can not be nil
+    json_expected_vars['max_threads'] ||= 20 # max_thread can not be nil
    instance_vars_to_check.each do |variable_name|
-      browser.send(:"#{variable_name}").should === json_expected_vars[variable_name]
+      expect(browser.send(:"#{variable_name}")).to be === json_expected_vars[variable_name]
    end
  end
@@ -39,12 +38,6 @@ describe Browser do
  describe '::instance' do
    after { check_instance_variables(browser, @json_expected_vars) }
    context "when default config_file = #{CONFIG_FILE_WITHOUT_PROXY}" do
      it 'will check the instance vars' do
        @json_expected_vars = json_config_without_proxy
      end
    end
    context "when :config_file = #{CONFIG_FILE_WITH_PROXY}" do
      let(:options) { { config_file: CONFIG_FILE_WITH_PROXY } }
@@ -57,7 +50,7 @@ describe Browser do
      let(:cache_dir) { CACHE_DIR + '/somewhere' }
      let(:options) { { cache_dir: cache_dir } }
-      after { subject.cache_dir.should == cache_dir }
+      after { expect(subject.cache_dir).to eq cache_dir }
      it 'sets @cache_dir' do
        @json_expected_vars = json_config_without_proxy
@@ -71,7 +64,7 @@ describe Browser do
      it 'raises an error' do
        File.symlink('./testfile', config_file)
-        expect { browser.load_config(config_file) }.to raise_error("[ERROR] Config file is a symlink.")
+        expect { browser.load_config(config_file) }.to raise_error('[ERROR] Config file is a symlink.')
        File.unlink(config_file)
      end
    end
@@ -91,11 +84,11 @@ describe Browser do
  describe '::append_params_header_field' do
    after :each do
-      Browser.append_params_header_field(
+      expect(Browser.append_params_header_field(
        @params,
        @field,
        @field_value
-      ).should === @expected
+      )).to be === @expected
    end
    context 'when there is no headers' do
@@ -137,22 +130,23 @@ describe Browser do
        headers: { 'User-Agent' => 'SomeUA' },
        ssl_verifypeer: false, ssl_verifyhost: 0,
        cookiejar: cookie_jar, cookiefile: cookie_jar,
-        timeout: 2000, connecttimeout: 1000
+        timeout: 60, connecttimeout: 10,
        maxredirs: 3,
        referer: nil
      }
    }
    after :each do
-      browser.stub(user_agent: 'SomeUA')
+      browser.user_agent = 'SomeUA'
      browser.cache_ttl = 250
-      browser.merge_request_params(params).should == @expected
+      expect(browser.merge_request_params(params)).to eq @expected
    end
    it 'sets the User-Agent header field and cache_ttl' do
      @expected = default_expectation
    end
    context 'when @proxy' do
      let(:proxy) { '127.0.0.1:9050' }
      let(:proxy_expectation) { default_expectation.merge(proxy: proxy) }
@@ -171,11 +165,19 @@ describe Browser do
      end
    end
    context 'when @request_timeout' do
      it 'gives an Integer' do
        browser.request_timeout = '10'
        @expected = default_expectation.merge(timeout: 10)
      end
    end
    context 'when @basic_auth' do
      it 'appends the basic_auth' do
        browser.basic_auth  = 'user:pass'
        @expected           = default_expectation.merge(
-          headers: default_expectation[:headers].merge('Authorization' => 'Basic '+Base64.encode64('user:pass').chomp)
+          headers: default_expectation[:headers].merge('Authorization' => 'Basic ' + Base64.encode64('user:pass').chomp)
        )
      end
    end
@@ -187,18 +189,35 @@ describe Browser do
        @expected = default_expectation.merge(params)
      end
    end
    context 'when the maxredirs is alreday set' do
      let(:params) { { maxredirs: 100 } }
      it 'does not override it' do
        @expected = default_expectation.merge(params)
      end
    end
    context 'when @cookie' do
      let(:cookie) { 'foor=bar;bar=foo' }
      before       { browser.cookie = cookie }
      it 'sets the cookie' do
        @expected = default_expectation.merge(cookie: cookie)
      end
    end
  end
  describe '#forge_request' do
    let(:url) { 'http://example.localhost' }
    it 'returns the correct Typhoeus::Request' do
-      subject.stub(merge_request_params: { cache_ttl: 10 })
+      allow(subject).to receive_messages(merge_request_params: { cache_ttl: 10 })
      request = subject.forge_request(url)
-      request.should be_a Typhoeus::Request
+      expect(request).to be_a Typhoeus::Request
-      request.url.should == url
+      expect(request.url).to eq url
-      request.cache_ttl.should == 10
+      expect(request.cache_ttl).to eq 10
    end
  end
@@ -213,7 +232,7 @@ describe Browser do
      response1 = Browser.get(url)
      response2 = Browser.get(url)
-      response1.body.should == response2.body
+      expect(response1.body).to eq response2.body
      #WebMock.should have_requested(:get, url).times(1) # This one fail, dunno why :s (but it works without mock)
    end
  end
--- a/spec/lib/common/cache_file_store_spec.rb
+++ b/spec/lib/common/cache_file_store_spec.rb
@@ -17,33 +17,50 @@ describe CacheFileStore do
  describe '#storage_path' do
    it 'returns the storage path given in the #new' do
-      @cache.storage_path.should == cache_dir
+      expect(@cache.storage_path).to match(/#{cache_dir}/)
    end
  end
  describe '#serializer' do
    it 'should return the default serializer : Marshal' do
-      @cache.serializer.should == Marshal
+      expect(@cache.serializer).to     eq Marshal
-      @cache.serializer.should_not == YAML
+      expect(@cache.serializer).not_to eq YAML
    end
  end
  describe '#clean' do
    it "should remove all files from the cache dir (#{@cache_dir}" do
-      # let's create some files into the directory first
+      # clean is executed by other tests before
-      (0..5).each do |i|
+      before = count_files_in_dir(@cache.cache_dir)
-        File.new(cache_dir + "/file_#{i}.txt", File::CREAT)
+      test_dir = File.expand_path("#{@cache.cache_dir}/test")
-      end
+      Dir.mkdir test_dir
-
+      #change the modification date
-      count_files_in_dir(cache_dir, 'file_*.txt').should == 6
+      %x[ touch -t 200701310846.26 #{test_dir} ]
      expect(count_files_in_dir(@cache.cache_dir)).to eq (before + 1)
      @cache.clean
-      count_files_in_dir(cache_dir).should == 0
+      expect(count_files_in_dir(@cache.cache_dir)).to eq before
    end
  end
-  describe '#read_entry (nonexistent entry)' do
+  describe '#read_entry' do
-    it 'should return nil' do
+    after { expect(@cache.read_entry(key)).to eq @expected }
-      @cache.read_entry(Digest::SHA1.hexdigest('hello world')).should be_nil
+
    context 'when the entry does not exist' do
      let(:key) { Digest::SHA1.hexdigest('hello world') }
      it 'should return nil' do
        @expected = nil
      end
    end
    context 'when the file exist but is empty (marshal data too short error)' do
      let(:key) { 'empty-file' }
      it 'returns nil' do
        File.new(File.join(@cache.storage_path, key), File::CREAT)
        @expected = nil
      end
    end
  end
@@ -51,7 +68,7 @@ describe CacheFileStore do
    after :each do
      @cache.write_entry(@key, @data, @timeout)
-      @cache.read_entry(@key).should === @expected
+      expect(@cache.read_entry(@key)).to be === @expected
    end
    it 'should get the correct entry (string)' do
@@ -70,4 +87,16 @@ describe CacheFileStore do
    ## TODO write / read for an object
  end
  describe '#storage_dir' do
    it 'should create a unique storage dir' do
      storage_dirs = []
      (1..5).each do |_|
        storage_dirs << CacheFileStore.new(cache_dir).storage_path
      end
      expect(storage_dirs.uniq.size).to eq 5
    end
  end
 end
--- a/spec/lib/common/collections/wp_items_spec.rb
+++ b/spec/lib/common/collections/wp_items_spec.rb
@@ -10,20 +10,15 @@ describe WpItems do
    let(:expected) do
      {
-        request_params:                 { cache_ttl: 0, followlocation: true },
+        request_params:           { cache_ttl: 0, followlocation: true },
-        targets_items_from_file:        [ WpItem.new(uri, name: 'item1'),
+        targets_items_from_file:  [ WpItem.new(uri, name: 'item1'),
-                                          WpItem.new(uri, name:'item-2'),
+                                    WpItem.new(uri, name: 'item-2'),
-                                          WpItem.new(uri, name: 'mr-smith')],
+                                    WpItem.new(uri, name: 'mr-smith')],
-        vulnerable_targets_items:       [ WpItem.new(uri, name: 'mr-smith'),
+        vulnerable_targets_items: [ WpItem.new(uri, name: 'mr-smith'),
-                                          WpItem.new(uri, name: 'neo')],
+                                    WpItem.new(uri, name: 'neo')],
-        passive_detection: WpItems.new << WpItem.new(uri, name: 'js-source') <<
+        passive_detection: (1..13).reduce(WpItems.new) { |o, i| o << WpItem.new(uri, name: "detect-me-#{i}") }
                                          WpItem.new(uri, name: 'escaped-url') <<
                                          WpItem.new(uri, name: 'link-tag') <<
                                          WpItem.new(uri, name: 'script-tag') <<
                                          WpItem.new(uri, name: 'style-tag') <<
                                          WpItem.new(uri, name: 'style-tag-import')
      }
    end
  end
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`WPScan is not responsible for misuse or for any damage that you may cause!`
							`You agree that you use this software at your own risk.`
		`@@ -1,3 +0,0 @@`
			`http://.*\.rr\.nu`
			`http://www\.thesea\.org/media\.php`