Bumps the version

Update changelog
Add statistics to changelog #740
2014-12-19 17:26:11 +01:00 · 2014-12-19 13:25:59 +01:00 · 2014-12-19 12:57:55 +01:00 · 2014-12-19 12:53:42 +01:00 · 2014-12-19 12:20:47 +01:00 · 2014-12-19 12:19:20 +01:00
172 changed files with 2025 additions and 80599 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,4 @@ log.txt
 debug.log
 wordlist.txt
 rspec_results.html
+data/
--- a/.ruby-gemset
+++ b/.ruby-gemset
@@ -0,0 +1 @@
+wpscan
--- a/.ruby-version
+++ b/.ruby-version
@@ -0,0 +1 @@
+2.1.5
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,7 +5,14 @@ rvm:
  - 2.0.0
  - 2.1.0
  - 2.1.1
+  - 2.1.2
+  - 2.1.3
+  - 2.1.4
+  - 2.1.5
 script: bundle exec rspec
 notifications:
  email:
    - wpscanteam@gmail.com
+matrix:
+  allow_failures:
+    - rvm: 1.9.2
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,135 @@
 # Changelog
 ## Master
-[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.4...master)
+[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.6...master)
+
+## Version 2.6
+Released: 2014-12-19
+
+New
+* Updates the readmes to reflect the new --usernames option
+* Improves plugin/theme version detection by looking at the "Version:"
+* Solution to avoid mandatory blank newline at the end of the wordlist
+* Add check for valid credentials
+* Add Sucuri sponsor to banner
+* Add protocol to sucuri url in banner
+* Add response code to proxy error output
+* Add a statement about mendatory newlines at the end of list
+* Give warning if default username 'admin' is still used
+* License amendment to make it more clear about value added usage
+
+Removed
+* remove malwares
+* remove malware folder
+* Removes the theme version check from the readme, unrealistic scenario
+
+General core
+* Update to Ruby 2.1.5 and travis
+* Prevent parent theme infinite loop
+* Fixes the progressbar being overriden by next brute forcing attempts
+
+Fixed issues
+* Fix UTF-8 encode on security db file download
+* Fix #703 - Disable logging by default. Implement log option.
+* Fix #705 - Installation instructions for Ubuntu < 14.04 apparently incomplete
+* Fix #717 - Expand on readme.html finding output
+* Fix #716 - Adds the --version in the help
+* Fix #715 - Add new updating info to docs
+* Fix #727 - WpItems detection: Perform the passive check and filter only vulnerable results at the end if required
+* Fix #737 - Adds some readme files to check for plugin versions
+* Fix #739 - Adds the --usernames option
+
+WPScan Database Statistics:
+* Total vulnerable versions: 88
+* Total vulnerable plugins: 901
+* Total vulnerable themes: 313
+* Total version vulnerabilities: 1050
+* Total plugin vulnerabilities: 1355
+* Total theme vulnerabilities: 349
+
+## Version 2.5.1
+Released: 2014-09-29
+
+Fixes reference URL to WPVDB
+
+## Version 2.5
+Released: 2014-09-26 (@ BruCON 2014)
+
+New
+* Exit program after --update
+* Detect directory listing in upload folder
+* Be more verbose when no version can be detected
+* Added detection for Yoast Wordpress SEO plugin
+* Also ensure to not process empty Location headers
+* Ensures a nil location is not processed when enumerating usernames
+* Fix #626 - Detect 'Must_Use_Plugins'
+* better username extraction
+* Add a --cookie option. Ref #485
+* Add a --no-color option
+* Output: Give 'Fixed in' an informational tag
+* Added ArchAssault distro - WPScan comes pre-installed with this distro
+* Layout changes with new colors
+
+Removed
+* Removes the source code updaters
+* Removes the ListGenerator plugin from WPStools
+* Removes all files from data/
+
+General core
+* Update docs to reflect new updating logic
+* Little output change and coloring
+* Adds a missing verbose output
+* Re-build redirection url if begin with slash '/'
+* Fixes the remove_conditional_comments function
+* Ensures to give a string to Typhoeus
+* Fix wpstools check-vuln-ref-urls
+* Fix rspecs for new json
+* Only output if different from style_url
+* Add exception so 'ruby wpscan.rb http://domain.com' is detected
+* Added make to Debian installation, which is needed in minimal installation.
+* Add build-essentials requirement to Ubuntu > 14.04
+* Updated installation instr. for GNU/Linux Debian.
+* Changes VersionCompare#is_newer_or_same? by lesser_or_equal?
+* Fixes the location of the robots.txt check
+* Updates the recommended ruby version
+* Rspec 3.0 support
+* Adds ruby 2.1.2 to Travis
+* Updated ruby-progressbar to 1.5.0
+
+WordPress Fingerprints
+* Adds WP 4.0 fingerprints
+* Adds WP 3.9.2, 3.8.4 & 3.7.4 fingerprints - Ref #652
+* Adds 3.9.1 fingerprints
+
+Fixed issues
+* Fix #689 - Adds config file to check
+* Fix #694 - Output Arrays
+* Fix #693 - Adds pathname require statement
+* Fix #657 - generate method
+* Fix #685 - Potenial fix for 'marshal data too short' error
+* Fix #686 - Adds specs for relative URI in Location headers
+* Fix #435 - Update license
+* Fix #674 - Improves the Plugins & Themes passive detection
+* Fix #673 - Problem with the output
+* Fix #661 - Don't hash directories named like a file
+* Fix #653 - Fix for infinite loop in wpstools
+* Fix #625 - Only parse styles when needed
+* Fix #481 - Fix for Jetpack plugin false positive
+* Fix #480 - Properly removes the colour sequence from log
+* Fix #472 - WPScan stops after redirection if not WordPress website
+* Fix #464 - Readmes updated to reflect recent changes about the config file & batch mode
+
+Vulnerabilities
+* geoplaces4 also uses name GeoPlaces4beta
+* Added metasploit module's
+* Added some timthumb detections
+
+WPScan Database Statistics:
+* Total vulnerable versions: 87
+* Total vulnerable plugins: 854
+* Total vulnerable themes: 303
+* Total version vulnerabilities: 752
+* Total plugin vulnerabilities: 1351
+* Total theme vulnerabilities: 345

 ## Version 2.4
 Released: 2014-04-17
@@ -12,7 +141,6 @@ New
 * Switch over to nist - Fix #301
 * New choice added when a redirection is detected - Fix #438

-
 Removed
 * Removed 'Total WordPress Sites in the World' counter from stats
 * Old wpscan repo links removed - Fix #440
--- a/7
+++ b/7
@@ -11,10 +11,11 @@ Ryan Dewhurst - @ethicalhack3r (Project Lead)

 *Other Contributors*

+Henri Salo AKA fgeek - Reported lots of vulnerabilities
 Alip AKA Undead - alip.aswalid at gmail.com
-michee08 - Reported and gave potential solutions to bugs.
+michee08 - Reported and gave potential solutions to bugs
 Callum Pember - Implemented proxy support - callumpember at gmail.com
-g0tmi1k - Additional timthumb checks + bug reports.
+g0tmi1k - Additional timthumb checks + bug reports
 Melvin Lammerts - Reported a couple of fake vulnerabilities - melvin at 12k.nl
 Paolo Perego - @thesp0nge - Basic authentication
-Gianluca Brindisi - @gbrindisi - Project Developer
+Gianluca Brindisi - @gbrindisi - Project Developer
--- a/DISCLAIMER.txt
+++ b/DISCLAIMER.txt
@@ -0,0 +1,2 @@
+WPScan is not responsible for misuse or for any damage that you may cause!
+You agree that you use this software at your own risk.
--- a/19
+++ b/19
@@ -1,13 +1,14 @@
-source "https://rubygems.org"
+source 'https://rubygems.org'

-gem "typhoeus", "~>0.6.8"
-gem "nokogiri"
-gem "json"
-gem "terminal-table"
-gem "ruby-progressbar", "~>1.4.2"
+gem 'typhoeus', '~>0.6.8'
+gem 'nokogiri'
+gem 'json'
+gem 'terminal-table'
+gem 'ruby-progressbar', '>=1.6.0'

 group :test do
-  gem "webmock", ">=1.17.2"
-  gem "simplecov"
-  gem "rspec", :require => "spec"
+  gem 'webmock', '>=1.17.2'
+  gem 'simplecov'
+  gem 'rspec', '>=3.0'
+  gem 'rspec-its'
 end
--- a/30
+++ b/30
@@ -1,15 +1,21 @@
-WPScan - WordPress Security Scanner
-Copyright (C) 2012-2013
+The WPScan software and its data (henceforth both referred to simply as "WPScan") is dual-licensed - copyright 2011-2014 The WPScan Team.

-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
+Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, the system can be used under the terms of the GNU General Public License.

-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
+Cases of commercialization are:

-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
+- Using WPScan to provide commercial managed/Software-as-a-Service services.
+- Distributing WPScan as a commercial product or as part of one.
+- Using WPScan as a value added service/product.
+
+Cases which do not require a commercial license, and thus fall under the terms of GNU General Public License, include (but are not limited to):
+
+- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit. So long as that does not conflict with the commercialization clause.
+- Using WPScan to test your own systems.
+- Any non-commercial use of WPScan.
+
+If you need to acquire a commercial license or are unsure about whether you need to acquire a commercial license, please get in touch, we will be happy to clarify things for you and work with you to accommodate your requirements.
+
+wpscanteam at gmail.com
+
+You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
--- a/107
+++ b/107
@@ -9,23 +9,27 @@ __________________________________________________

 ==LICENSE==

-WPScan - WordPress Security Scanner
-Copyright (C) 2011-2013 The WPScan Team
+The WPScan software and its data (henceforth both referred to simply as "WPScan") is dual-licensed - copyright 2011-2014 The WPScan Team.

-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
+Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, the system can be used under the terms of the GNU General Public License.

-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
+Cases of commercialization are:

-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
+- Using WPScan to provide commercial managed/Software-as-a-Service services.
+- Distributing WPScan as a commercial product or as part of one.
+- Using WPScan as a value added service/product.

-ryandewhurst at gmail
+Cases which do not require a commercial license, and thus fall under the terms of GNU General Public License, include (but are not limited to):
+
+- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit. So long as that does not conflict with the commercialization clause.
+- Using WPScan to test your own systems.
+- Any non-commercial use of WPScan.
+
+If you need to acquire a commercial license or are unsure about whether you need to acquire a commercial license, please get in touch, we will be happy to clarify things for you and work with you to accommodate your requirements.
+
+wpscanteam at gmail.com
+
+You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

 ==INSTALL==

@@ -40,17 +44,38 @@ ryandewhurst at gmail
  Prerequisites:

   * Windows not supported
-   * Ruby >= 1.9.2 - Recommended: 1.9.3
+   * Ruby >= 1.9.2 - Recommended: 2.1.4
   * Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
   * RubyGems      - Recommended: latest
   * Git

-  -> Installing on Debian/Ubuntu:
+   Windows is not supported.

-    sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+   If installed from Github update the code base with git pull. The databases are updated with wpscan.rb --update.
+
+  -> Installing on Ubuntu:
+
+    Before Ubuntu 14.04:
+
+        sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+        git clone https://github.com/wpscanteam/wpscan.git
+        cd wpscan
+        sudo gem install bundler && bundle install --without test
+
+    From Ubuntu 14.04:
+
+        sudo apt-get install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
+        git clone https://github.com/wpscanteam/wpscan.git
+        cd wpscan
+        sudo gem install bundler && bundle install --without test
+
+  -> Installing on Debian:
+
+    sudo apt-get install git ruby ruby-dev libcurl4-gnutls-dev make
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
-    sudo gem install bundler && bundle install --without test
+    sudo gem install bundler
+    bundle install --without test --path vendor/bundle

  -> Installing on Fedora:

@@ -79,6 +104,20 @@ ryandewhurst at gmail
    cd wpscan
    sudo gem install bundler && sudo bundle install --without test

+  -> Installing with RVM:
+
+    cd ~
+    curl -sSL https://get.rvm.io | bash -s stable
+    source ~/.rvm/scripts/rvm
+    echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
+    rvm install 2.1.4
+    rvm use 2.1.4 --default
+    echo "gem: --no-ri --no-rdoc" > ~/.gemrc
+    gem install bundler
+    git clone https://github.com/wpscanteam/wpscan.git
+    cd wpscan
+    bundle install --without test
+
 ==KNOWN ISSUES==

  - Typhoeus segmentation fault:
@@ -117,7 +156,7 @@ ryandewhurst at gmail

 ==WPSCAN ARGUMENTS==

--update   Update to the latest revision
+--update   Update the databases.

 --url   | -u <target url>  The WordPress URL/domain to scan.

@@ -159,12 +198,14 @@ ryandewhurst at gmail

 --basic-auth <username:password>  Set the HTTP Basic authentication.

--wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
+--wordlist | -w <wordlist>  Supply a wordlist for the password brute forcer.

 --threads  | -t <number of threads>  The number of threads to use when multi-threading requests.

 --username | -U <username>  Only brute force the supplied username.

+--usernames  <path-to-file>  Only brute force the usernames from the file.
+
 --cache-ttl <cache-ttl>  Typhoeus cache TTL.

 --request-timeout <request-timeout>  Request Timeout.
@@ -181,6 +222,8 @@ ryandewhurst at gmail

 --no-color Do not use colors in the output.

+--log Save STDOUT to log.txt
+
 ==WPSCAN EXAMPLES==

 Do 'non-intrusive' checks...
@@ -207,7 +250,7 @@ Use custom content directory...

  ruby wpscan.rb -u www.example.com --wp-content-dir custom-content

-Update WPScan...
+Update WPScan's databases...

  ruby wpscan.rb --update

@@ -218,22 +261,14 @@ Debug output...
 ==WPSTOOLS ARGUMENTS==

 -v, --verbose                                                Verbose output
-    --check-vuln-ref-urls, --cvru                            Check all the vulnerabilities reference urls for 404
-    --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY   Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
-    --generate-plugin-list, --gpl [NUMBER_OF_PAGES]          Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
-    --generate-full-plugin-list, --gfpl                      Generate a new full data/plugins.txt file
-    --generate-theme-list, --gtl [NUMBER_OF_PAGES]           Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)
-    --generate-full-theme-list, --gftl                       Generate a new full data/themes.txt file
-    --generate-all, --ga                                     Generate a new full plugins, full themes, popular plugins and popular themes list
-s, --stats                                                  Show WpScan Database statistics
-    --spellcheck, --sc                                       Check all files for common spelling mistakes.
+--check-vuln-ref-urls, --cvru                            Check all the vulnerabilities reference urls for 404
+--check-local-vulnerable-files, --clvf LOCAL_DIRECTORY   Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
+s, --stats                                                  Show WpScan Database statistics.
+--spellcheck, --sc                                       Check all files for common spelling mistakes.

 ==WPSTOOLS EXAMPLES==

- Generate a new 'most popular' plugin list, up to 150 pages ...
-ruby wpstools.rb --generate-plugin-list 150
-
- Locally scan a wordpress installation for vulnerable files or shells :
+Locally scan a wordpress installation for vulnerable files or shells:
 ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/

 ===PROJECT HOME===
@@ -252,8 +287,6 @@ https://github.com/wpscanteam/wpscan/issues

 http://rdoc.info/github/wpscanteam/wpscan/frames

-===SPONSOR===
+===SPECIAL THANKS===

-WPScan is sponsored by the RandomStorm Open Source Initiative.
-
-Visit RandomStorm at http://www.randomstorm.com
+RandomStorm - https://www.randomstorm.com
--- a/README.md
+++ b/README.md
@@ -1,26 +1,33 @@
-![alt text](http://dvwa.co.uk/images/wpscan_logo_407x80.png "WPScan - WordPress Security Scanner")
+![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/wpscan_logo_407x80.png "WPScan - WordPress Security Scanner")

-[![Build Status](https://travis-ci.org/wpscanteam/wpscan.png?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
+
+[![Build Status](https://travis-ci.org/wpscanteam/CMSScanner.svg?branch=master)](https://travis-ci.org/wpscanteam/CMSScanner)
+[![Code Climate](https://img.shields.io/codeclimate/github/wpscanteam/wpscan.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
+[![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/wpscan.svg)](https://gemnasium.com/wpscanteam/wpscan)

 #### LICENSE

-WPScan - WordPress Security Scanner
-Copyright (C), 2011-2013 The WPScan Team
+The WPScan software and its data (henceforth both referred to simply as "WPScan") is dual-licensed - copyright 2011-2014 The WPScan Team.

-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
+Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, the system can be used under the terms of the GNU General Public License.

-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
+Cases of commercialization are:

-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
+- Using WPScan to provide commercial managed/Software-as-a-Service services.
+- Distributing WPScan as a commercial product or as part of one.
+- Using WPScan as a value added service/product.

-ryandewhurst at gmail
+Cases which do not require a commercial license, and thus fall under the terms of GNU General Public License, include (but are not limited to):
+
+- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit. So long as that does not conflict with the commercialization clause.
+- Using WPScan to test your own systems.
+- Any non-commercial use of WPScan.
+
+If you need to acquire a commercial license or are unsure about whether you need to acquire a commercial license, please get in touch, we will be happy to clarify things for you and work with you to accommodate your requirements.
+
+wpscanteam at gmail.com
+
+You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

 #### INSTALL

@@ -34,57 +41,76 @@ WPScan comes pre-installed on the following Linux distributions:

 Prerequisites:

- Windows not supported
- Ruby >= 1.9.2 - Recommended: 1.9.3
+- Ruby >= 1.9.2 - Recommended: 2.1.4
 - Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
 - RubyGems      - Recommended: latest
 - Git

-*Installing on Debian/Ubuntu:*
+Windows is not supported.
+If installed from Github update the code base with ```git pull```. The databases are updated with ```wpscan.rb --update```.

-```sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev```
+####Installing on Ubuntu:

-```git clone https://github.com/wpscanteam/wpscan.git```
+Before Ubuntu 14.04:

-```cd wpscan```
+    sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+    git clone https://github.com/wpscanteam/wpscan.git
+    cd wpscan
+    sudo gem install bundler && bundle install --without test

-```sudo gem install bundler && bundle install --without test```
+From Ubuntu 14.04:

-*Installing on Fedora:*
+    sudo apt-get install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
+    git clone https://github.com/wpscanteam/wpscan.git
+    cd wpscan
+    sudo gem install bundler && bundle install --without test

-```sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel```
+####Installing on Debian:

-```git clone https://github.com/wpscanteam/wpscan.git```
+    sudo apt-get install git ruby ruby-dev libcurl4-gnutls-dev make
+    git clone https://github.com/wpscanteam/wpscan.git
+    cd wpscan
+    sudo gem install bundler
+    bundle install --without test --path vendor/bundle

-```cd wpscan```
+####Installing on Fedora:

-```sudo gem install bundler && bundle install --without test```
+    sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel
+    git clone https://github.com/wpscanteam/wpscan.git
+    cd wpscan
+    sudo gem install bundler && bundle install --without test

-*Installing on Archlinux:*
+####Installing on Archlinux:

-```pacman -Syu ruby```
+    pacman -Syu ruby
+    pacman -Syu libyaml
+    git clone https://github.com/wpscanteam/wpscan.git
+    cd wpscan
+    sudo gem install bundler && bundle install --without test
+    gem install typhoeus
+    gem install nokogiri

-```pacman -Syu libyaml```
+####Installing on Mac OSX:

-```git clone https://github.com/wpscanteam/wpscan.git```
+Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See [http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error](http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error)

-```cd wpscan```
+    git clone https://github.com/wpscanteam/wpscan.git
+    cd wpscan
+    sudo gem install bundler && sudo bundle install --without test

-```sudo gem install bundler && bundle install --without test```
+####Installing with RVM:

-```gem install typhoeus```
-
-```gem install nokogiri```
-
-*Installing on Mac OSX:*
-
-Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error
-
-```git clone https://github.com/wpscanteam/wpscan.git```
-
-```cd wpscan```
-
-```sudo gem install bundler && sudo bundle install --without test```
+    cd ~
+    curl -sSL https://get.rvm.io | bash -s stable
+    source ~/.rvm/scripts/rvm
+    echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
+    rvm install 2.1.4
+    rvm use 2.1.4 --default
+    echo "gem: --no-ri --no-rdoc" > ~/.gemrc
+    gem install bundler
+    git clone https://github.com/wpscanteam/wpscan.git
+    cd wpscan
+    bundle install --without test

 #### KNOWN ISSUES

@@ -97,7 +123,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
      Update cURL to version => 7.21.7 (may have to install from source).

      Installation from sources :
-      ```
+
        Grab the sources from http://curl.haxx.se/download.html
        Decompress the archive
        Open the folder with the extracted files
@@ -105,21 +131,21 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
        Run make
        Run sudo make install
        Run sudo ldconfig
-      ```
+

  - cannot load such file -- readline:

-      ```sudo aptitude install libreadline5-dev libncurses5-dev```
+        sudo aptitude install libreadline5-dev libncurses5-dev

      Then, open the directory of the readline gem (you have to locate it)
-      ```
+
        cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
        ruby extconf.rb
        make
        make install
-      ```

-      See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
+
+      See [http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/](http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/) for more details

  - no such file to load -- rubygems

@@ -127,11 +153,11 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install

      And select your ruby version

-      See https://github.com/wpscanteam/wpscan/issues/148
+      See [https://github.com/wpscanteam/wpscan/issues/148](https://github.com/wpscanteam/wpscan/issues/148)

 #### WPSCAN ARGUMENTS

-    --update   Update to the latest revision
+    --update   Update the databases.

    --url   | -u <target url>  The WordPress URL/domain to scan.

@@ -173,12 +199,14 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install

    --basic-auth <username:password>  Set the HTTP Basic authentication.

-    --wordlist | -w <wordlist>  Supply a wordlist for the password bruter and do the brute.
+    --wordlist | -w <wordlist>  Supply a wordlist for the password brute forcer.

    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests.

    --username | -U <username>  Only brute force the supplied username.

+    --usernames  <path-to-file>  Only brute force the usernames from the file.
+
    --cache-ttl <cache-ttl>  Typhoeus cache TTL.

    --request-timeout <request-timeout>  Request Timeout.
@@ -195,6 +223,8 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install

    --no-color Do not use colors in the output.

+    --log Save STDOUT to log.txt
+
 #### WPSCAN EXAMPLES

 Do 'non-intrusive' checks...
@@ -221,7 +251,7 @@ Use custom content directory...

 ```ruby wpscan.rb -u www.example.com --wp-content-dir custom-content```

-Update WPScan...
+Update WPScan's databases...

 ```ruby wpscan.rb --update```

@@ -234,41 +264,36 @@ Debug output...
    -v, --verbose                                                Verbose output
        --check-vuln-ref-urls, --cvru                            Check all the vulnerabilities reference urls for 404
        --check-local-vulnerable-files, --clvf LOCAL_DIRECTORY   Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
-        --generate-plugin-list, --gpl [NUMBER_OF_PAGES]          Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)
-        --generate-full-plugin-list, --gfpl                      Generate a new full data/plugins.txt file
-        --generate-theme-list, --gtl [NUMBER_OF_PAGES]           Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)
-        --generate-full-theme-list, --gftl                       Generate a new full data/themes.txt file
-        --generate-all, --ga                                     Generate a new full plugins, full themes, popular plugins and popular themes list
    -s, --stats                                                  Show WpScan Database statistics.
        --spellcheck, --sc                                       Check all files for common spelling mistakes.


 #### WPSTOOLS EXAMPLES

-Generate a new 'most popular' plugin list, up to 150 pages...
+Locally scan a wordpress installation for vulnerable files or shells:

-```ruby wpstools.rb --generate-plugin-list 150```
-
-Locally scan a wordpress installation for vulnerable files or shells :
 ```ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/```

-
 #### PROJECT HOME

-www.wpscan.org
+[http://www.wpscan.org](http://www.wpscan.org)
+
+#### VULNERABILITY DATABASE
+
+[https://www.wpvulndb.com](https://www.wpvulndb.com)

 #### GIT REPOSITORY

-https://github.com/wpscanteam/wpscan
+[https://github.com/wpscanteam/wpscan](https://github.com/wpscanteam/wpscan)

 #### ISSUES

-https://github.com/wpscanteam/wpscan/issues
+[https://github.com/wpscanteam/wpscan/issues](https://github.com/wpscanteam/wpscan/issues)

 #### DEVELOPER DOCUMENTATION

-http://rdoc.info/github/wpscanteam/wpscan/frames
+[http://rdoc.info/github/wpscanteam/wpscan/frames](http://rdoc.info/github/wpscanteam/wpscan/frames)

-#### SPONSOR
+#### SPECIAL THANKS

-WPScan is sponsored by the [RandomStorm](http://www.randomstorm.com) Open Source Initiative.
+[RandomStorm](https://www.randomstorm.com)
--- a/data.zip
+++ b/data.zip
--- a/data/.gitignore
+++ b/data/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
--- a/data/local_vulnerable_files.xml
+++ b/data/local_vulnerable_files.xml
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-  Only he following extensions are scanned : js, php, swf, html, htm
-  If you want to add one, modify the variable file_extension_to_scan, line 191 in wpstools.rb
-->
-
-<hashes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-        xsi:noNamespaceSchemaLocation="local_vulnerable_files.xsd">
-
-  <hash sha1="17c372678aafb3bc1a7b37320b5cc1d8af433527">
-    <title>XSS in swfupload.swf</title>
-    <file>swfupload.swf</file>
-    <reference>http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html</reference>
-  </hash>
-
-  <hash sha1="775dc1089829ef07838406def28a4d8bfef69d66">
-    <title>Arbitrary File Upload Vulnerability</title>
-    <file>php.php</file>
-    <reference>http://packetstormsecurity.com/files/119241/wpvalums-shell.txt</reference>
-  </hash>
-
-  <!-- This one a is the same as above, but the postSize verification has been removed -->
-  <hash sha1="5e8f0d5a917d2937318a9bafd0529135bd473e70">
-    <title>Arbitrary File Upload Vulnerability</title>
-    <file>php.php</file>
-    <reference>http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt</reference>
-  </hash>
-
-  <hash sha1="3f9ad05b05b65ee2b6efa1373f708293dd2005c7">
-    <title>Arbitrary File Upload Vulnerability</title>
-    <file>uploadify.php</file>
-    <reference>http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt</reference>
-  </hash>
-
-  <hash sha1="ac638cc38f011b74a8d9a4e7d3d60358e472166c">
-    <title>Inline phpinfo()</title>
-    <file>phpinfo.php</file>
-    <reference>http://php.net/manual/en/function.phpinfo.php</reference>
-  </hash>
-
-  <hash sha1="012ee25cceff745e681fbb3697a06f3712f55554">
-    <title>phpinfo()</title>
-    <file>phpinfo.php</file>
-    <reference>http://php.net/manual/en/function.phpinfo.php</reference>
-  </hash>
-
-</hashes>
--- a/data/local_vulnerable_files.xsd
+++ b/data/local_vulnerable_files.xsd
@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
-
-  <xs:simpleType name="stringtype">
-    <xs:restriction base="xs:string">
-      <xs:whiteSpace value="preserve" />
-      <xs:minLength value="1" />
-      <xs:pattern value="[^\s].+[^\s]|[^\s]"/>
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:simpleType name="uritype">
-    <xs:restriction base="xs:anyURI">
-      <xs:minLength value="1" />
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:simpleType name="sha1type">
-    <xs:restriction base="stringtype">
-      <xs:pattern value="[0-9a-f]{40}"/>
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:complexType name="hashtype">
-    <xs:sequence minOccurs="1" maxOccurs="1">
-      <xs:element name="title" type="stringtype"/>
-      <xs:element name="file" type="stringtype"/>
-      <xs:element name="reference" type="uritype"/>
-    </xs:sequence>
-    <xs:attribute type="sha1type" name="sha1" use="required"/>
-  </xs:complexType>
-
-  <xs:element name="hashes">
-    <xs:complexType>
-      <xs:sequence>
-        <xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
-      </xs:sequence>
-    </xs:complexType>
-  </xs:element>
-
-</xs:schema>
--- a/data/malwares.txt
+++ b/data/malwares.txt
@@ -1,3 +0,0 @@
-http://.*\.rr\.nu
-http://www\.thesea\.org/media\.php
-
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
--- a/data/plugins.txt
+++ b/data/plugins.txt
--- a/data/plugins_full.txt
+++ b/data/plugins_full.txt
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
--- a/data/themes.txt
+++ b/data/themes.txt
@@ -1,299 +0,0 @@
-aadya
-abaris
-academica
-adamos
-adelle
-adventure
-advertica-lite
-aldehyde
-alexandria
-analytical-lite
-apprise
-arcade-basic
-asteria-lite
-atahualpa
-attitude
-base-wp
-beach
-bearded
-bizark
-bizflare
-bizkit
-biznez-lite
-bizstudio-lite
-blackbird
-blankslate
-blox
-boldr-lite
-boot-store
-bootstrap-ultimate
-bouquet
-bresponzive
-brightnews
-briks
-business-lite
-business-pro
-busiprof
-butterbelly
-buzz
-capture
-careta
-catch-box
-catch-everest
-catch-evolution
-catch-kathmandu
-celestial-lite
-chaostheory
-church
-circumference-lite
-cirrus
-clean-retina
-coller
-colorway
-contango
-coraline
-corpo
-count-down
-crangasi
-custom-community
-customizr
-cyberchimps
-dark-tt
-dazzling
-decode
-designfolio
-desk-mess-mirrored
-destro
-discover
-dms
-duena
-dusk-to-dawn
-duster
-dw-minion
-dw-timeline
-dw-wallpress
-eclipse
-engrave-lite
-enough
-esell
-esplanade
-esquire
-evolve
-expert
-expound
-family
-faq
-fashionistas
-fifteen
-fine
-firmasite
-flat
-flounder
-focus
-forever
-formation
-fresh-lite
-frisco-for-buddypress
-frontier
-fruitful
-gamepress
-govpress
-graphene
-graphy
-gridster-lite
-hatch
-hazen
-health-center-lite
-hemingway
-hiero
-highwind
-hueman
-i-transform
-iconic-one
-ifeature
-ignite
-imprint
-independent-publisher
-infinite
-infoway
-inkness
-inkzine
-interface
-intuition
-invert-lite
-iribbon
-isis
-italian-restaurant
-itek
-jbst
-jbst-masonary
-journal-lite
-justwrite
-kavya
-klasik
-landscape
-leatherdiary
-lingonberry
-looki-lite
-lupercalia
-madeini
-magazine-basic
-magazine-style
-magazino
-mantra
-market
-marketer
-match
-matheson
-max-magazine
-meadowhill
-mesocolumn
-mh-magazine-lite
-midnightcity
-minima-lite
-minimatica
-minimize
-mn-flow
-modern-business
-monaco
-montezuma
-naturefox
-neighborly
-neuro
-newgamer
-news-flash
-newspress-lite
-next-saturday
-nictitate
-omega
-one-page
-onetone
-openstrap
-opulus-sombre
-origami
-origin
-oxygen
-p2
-padhang
-pagelines
-papercuts
-parabola
-parallax
-parament
-phonix
-pilcrow
-pilot-fish
-pinbin
-pinboard
-pink-touch-2
-pisces
-platform
-point
-portfolio-press
-pr-news
-preference-lite
-presentation-lite
-preus
-primo-lite
-promax
-quark
-radiant
-radiate
-raindrops
-rambo
-raptor
-raven
-ready-review
-resolution
-responsive
-restaurante
-restaurateur
-restimpo
-reviewgine-affiliate
-rewind
-ridizain
-road-fighter
-sampression-lite
-seismic-manhattan
-sensitive
-sequel
-shamatha
-shopping
-siempel
-silver-quantum
-simple-catch
-simply-vision
-singl
-sixteen
-skt-full-width
-sliding-door
-smpl-skeleton
-snaps
-snapshot
-sneak-lite
-sorbet
-spacious
-sparkling
-spartan
-spasalon
-sporty
-spun
-squirrel
-stairway
-stargazer
-start-point
-steira
-storefront-paper
-story
-suevafree
-suffusion
-sugar-and-spice
-sundance
-sunrain
-sunspot
-superhero
-supernova
-surfarama
-swift-basic
-taraza
-tatva-lite
-teal
-tempera
-temptation
-terrifico
-the-newswire
-thematic
-theron-lite
-tiny-forge
-tonal
-tonic
-travelify
-twentyeleven
-twentyfourteen
-twentyten
-twentythirteen
-twentytwelve
-typal-makewp005
-unite
-untitled
-vantage
-venom
-viper
-virtue
-vision
-visual
-vryn-restaurant
-ward
-weaver-ii
-wilson
-wp-creativix
-wp-opulus
-wp-simple
-wpchimp-countdown
-wpstart
-writr
-x2
-xin-magazine
-yoko
-zeedynamic
-zeeflow
--- a/data/themes_full.txt
+++ b/data/themes_full.txt
--- a/data/timthumbs.txt
+++ b/data/timthumbs.txt
--- a/data/user-agents.txt
+++ b/data/user-agents.txt
@@ -1,36 +0,0 @@
-# Windows
-Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5
-Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0 Safari/534.14
-Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.27 (KHTML, like Gecko) Chrome/12.0.712.0 Safari/534.27
-Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1
-Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)
-Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
-Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
-Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
-Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6
-Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
-Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0
-Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1
-Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
-Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
-Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0)
-Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00
-Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
-
-# MAC
-Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13
-Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.5; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
-Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
-Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3
-Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3
-Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2; rv:10.0.1) Gecko/20100101 Firefox/10.0.1
-Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10
-
-# Linux
-Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.20 Safari/535.1
-Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24
-Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100915 Gentoo Firefox/3.6.9
-Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0
-Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
-Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00
-Mozilla/5.0 (X11; U; Linux x86_64; us; rv:1.9.1.19) Gecko/20110430 shadowfox/7.0 (like Firefox/7.0
--- a/data/vuln.xsd
+++ b/data/vuln.xsd
@@ -1,109 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
-
-  <xs:simpleType name="stringtype">
-    <xs:restriction base="xs:string">
-      <xs:whiteSpace value="preserve" />
-      <xs:minLength value="1" />
-      <xs:pattern value="[^\s].+[^\s]|[^\s]"/>
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:simpleType name="inttype">
-    <xs:restriction base="xs:positiveInteger" />
-  </xs:simpleType>
-
-  <xs:simpleType name="uritype">
-    <xs:restriction base="xs:anyURI">
-      <xs:minLength value="1" />
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:simpleType name="cvetype">
-    <xs:restriction base="xs:token">
-      <xs:pattern value="[0-9]{4}-[0-9]{4,}"/>
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:simpleType name="typetype">
-    <xs:restriction base="stringtype">
-      <xs:enumeration value="SQLI"/>
-      <xs:enumeration value="MULTI"/>
-      <xs:enumeration value="REDIRECT"/>
-      <xs:enumeration value="RCE"/>
-      <xs:enumeration value="RFI"/>
-      <xs:enumeration value="LFI"/>
-      <xs:enumeration value="UPLOAD"/>
-      <xs:enumeration value="UNKNOWN"/>
-      <xs:enumeration value="XSS"/>
-      <xs:enumeration value="CSRF"/>
-      <xs:enumeration value="SSRF"/>
-      <xs:enumeration value="AUTHBYPASS"/>
-      <xs:enumeration value="BYPASS"/>
-      <xs:enumeration value="FPD"/>
-      <xs:enumeration value="XXE"/>
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:complexType name="itemtype">
-    <xs:sequence minOccurs="1" maxOccurs="unbounded">
-      <xs:element name="vulnerability" type="vulntype" />
-    </xs:sequence>
-    <xs:attribute type="stringtype" name="name" use="required"/>
-  </xs:complexType>
-
-  <xs:complexType name="wordpresstype">
-    <xs:sequence minOccurs="1" maxOccurs="unbounded">
-      <xs:element name="vulnerability" type="vulntype"/>
-    </xs:sequence>
-    <xs:attribute type="stringtype" name="version" use="required"/>
-  </xs:complexType>
-
-  <xs:complexType name="vulntype">
-    <xs:sequence minOccurs="1" maxOccurs="unbounded">
-      <xs:choice>
-        <xs:element name="title" type="stringtype"/>
-        <xs:element name="type" type="typetype"/>
-        <xs:element name="fixed_in" type="stringtype"/>
-        <xs:element name="references" type="referencetype"/>
-      </xs:choice>
-    </xs:sequence>
-  </xs:complexType>
-
-  <xs:complexType name="referencetype">
-    <xs:sequence minOccurs="1" maxOccurs="unbounded">
-      <xs:choice>
-        <xs:element name="url" type="uritype" minOccurs="0" maxOccurs="unbounded"/>
-        <xs:element name="cve" type="cvetype" minOccurs="0" maxOccurs="unbounded"/>
-        <xs:element name="secunia" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
-        <xs:element name="osvdb" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
-        <xs:element name="metasploit" type="stringtype" minOccurs="0" maxOccurs="unbounded"/>
-        <xs:element name="exploitdb" type="inttype" minOccurs="0" maxOccurs="unbounded"/>
-      </xs:choice>
-    </xs:sequence>
-  </xs:complexType>
-
-  <xs:element name="vulnerabilities">
-    <xs:complexType>
-      <xs:choice>
-        <xs:element name="plugin" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
-        <xs:element name="theme" type="itemtype" maxOccurs="unbounded" minOccurs="0"/>
-        <xs:element name="wordpress" type="wordpresstype" maxOccurs="unbounded" minOccurs="0"/>
-      </xs:choice>
-    </xs:complexType>
-    <xs:unique name="uniquePlugin">
-      <xs:selector xpath="plugin"/>
-      <xs:field xpath="@name"/>
-    </xs:unique>
-    <xs:unique name="uniqueTheme">
-      <xs:selector xpath="theme"/>
-      <xs:field xpath="@name"/>
-    </xs:unique>
-    <xs:unique name="uniqueWordpress">
-      <xs:selector xpath="wordpress"/>
-      <xs:field xpath="@version"/>
-    </xs:unique>
-  </xs:element>
-
-</xs:schema>
--- a/data/wp_versions.xml
+++ b/data/wp_versions.xml
@@ -1,224 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-  This file contains identification data to identify WordPress versions.
-  http://wordpress.org/download/release-archive/
-
-  Position is important, DO NOT change anything unless you know what you are doing :p
-->
-
-<wp-versions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-             xsi:noNamespaceSchemaLocation="wp_versions.xsd">
-
-  <file src="readme.html">
-    <hash md5="cdbf9b18e3729b3553437fc4e9b6baad">
-      <version>3.9.1</version>
-    </hash>
-    <hash md5="84b54c54aa48ae72e633685c17e67457">
-      <version>3.9</version>
-    </hash>
-    <hash md5="c6de8fc70a18be7e5c36198cd0f99a64">
-      <version>3.8.3</version>
-    </hash>
-    <hash md5="e01a2663475f6a7a8363a7c75a73fe23">
-      <version>3.8.2</version>
-    </hash>
-    <hash md5="0d0eb101038124a108f608d419387b92">
-      <version>3.8.1</version>
-    </hash>
-    <hash md5="38ee273095b8f25b9ffd5ce5018fc4f0">
-      <version>3.8</version>
-    </hash>
-    <hash md5="813e06052daa0692036e60d76d7141d3">
-      <version>3.7.3</version>
-    </hash>
-    <hash md5="b3a05c7a344c2f53cb6b680fd65a91e8">
-      <version>3.7.2</version>
-    </hash>
-    <hash md5="e82f4fe7d3c1166afb4c00856b875f16">
-      <version>3.6.1</version>
-    </hash>
-    <hash md5="477f1e652f31dae76a38e3559c91deb9">
-      <version>3.6</version>
-    </hash>
-    <hash md5="caf7946275c3e885419b1d36b22cb5f3">
-      <version>3.5.2</version>
-    </hash>
-    <hash md5="05d50a04ef19bd4b0a280362469bf22f">
-      <version>3.5.1</version>
-    </hash>
-    <hash md5="066cfc0f9b29ae6d491aa342ebfb1b71">
-      <version>3.5</version>
-    </hash>
-    <hash md5="36b2b72a0f22138a921a38db890d18c1">
-      <version>3.3.3</version>
-    </hash>
-    <hash md5="628419c327ca5ed8685ae3af6f753eb8">
-      <version>3.3.2</version>
-    </hash>
-    <hash md5="c1ed266e26a829b772362d5135966bc3">
-      <version>3.3.1</version>
-    </hash>
-    <hash md5="9ea06ab0184049bf4ea2410bf51ce402">
-      <version>3.0</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/css/buttons-rtl.css">
-    <hash md5="71c13ab1693b45fb3d7712e540c4dfe0">
-      <version>3.8</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/js/tinymce/wp-tinymce.js.gz">
-    <hash md5="de42820ca28cfc889f428dbef29621c3">
-      <version>3.9.1</version>
-    </hash>
-    <hash md5="1d52314b1767c557b7232ae192c80318">
-      <version>3.9</version>
-    </hash>
-    <!-- Note: 3.7.1 has no unique file (the hash below is the same than the 3.7.2) -->
-    <hash md5="44d281b0d84cc494e2b095a6d2202f4d">
-      <version>3.7.1</version>
-    </hash>
-    <hash md5="b0bcf8091516db358ee9c833afd73175">
-      <version>3.7</version>
-    </hash>
-    <hash md5="cf4bbd562430a9bcbe735062be851be1">
-      <version>3.6.1</version>
-    </hash>
-    <hash md5="42ce18e88f1c21d4e991fcd431bcb606">
-      <version>3.6</version>
-    </hash>
-    <hash md5="a58dd12608659503cf087e879e720354">
-      <version>3.5.2</version>
-    </hash>
-    <hash md5="55c80a4794624ce9b94aa3631ad46c0b">
-      <version>3.5.1</version>
-    </hash>
-    <hash md5="8e529a971610d7ebe7851339c5cb3d67">
-      <version>3.5</version>
-    </hash>
-    <hash md5="ff19e44be975f89b647274d85b70f821">
-      <version>3.4.2</version>
-    </hash>
-  </file>
-
-  <file src="wp-admin/js/customize-controls.js">
-    <hash md5="aa0d38bd6f590ad8c3126074145b1bf1">
-      <version>3.4.1</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/js/customize-preview.js">
-    <hash md5="da36bc2dfcb13350c799b62de68dfa4b">
-      <version>3.4</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/js/plupload/plupload.js">
-    <hash md5="85199c05db63fcb5880de4af8be7b571">
-      <version>3.3.2</version>
-    </hash>
-  </file>
-
-  <file src="wp-admin/js/common.js">
-    <hash md5="4516252d47a73630280869994d510180">
-      <version>3.3</version>
-    </hash>
-  </file>
-
-  <file src="wp-admin/js/wp-fullscreen.js">
-    <hash md5="5675f7793f171b6424bf72f9d7bf4d9a">
-      <version>3.2.1</version>
-    </hash>
-    <hash md5="7b423e0b7c9221092737ad5271d09863">
-      <version>3.2</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/css/admin-bar.css">
-    <hash md5="181250fab3a7e2549a7e7fa21c2e6079">
-      <version>3.1</version>
-    </hash>
-  </file>
-
-  <file src="$wp-content$/themes/twentyten/style.css">
-    <hash md5="6211e2ac1463bf99e98f28ab63e47c54">
-      <version>3.0</version>
-    </hash>
-  </file>
-
-  <file src="$wp-plugins$/akismet/readme.txt">
-    <hash md5="4d5e52da417aa0101054bd41e6243389">
-      <version>2.8.6</version>
-    </hash>
-    <hash md5="58e086dea9d24ed074fe84ba87386c69">
-      <version>2.8.5</version>
-    </hash>
-    <hash md5="48c52025b5f28731e9a0c864c189c2e7">
-      <version>2.8.2</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/js/wp-ajax-response.js">
-    <hash md5="0289d1c13821599764774d55516ab81a">
-      <version>2.7.1</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/js/thickbox/thickbox.css">
-    <hash md5="9c2bd2be0893adbe02a0f864526734c2">
-      <version>2.7</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/js/tinymce/plugins/wpeditimage/editor_plugin.js">
-    <hash md5="5b140ddf0f08034402ae78b31d8a1a28">
-      <version>2.6</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/js/tinymce/themes/advanced/js/image.js">
-    <hash md5="088245408531c58bb52cc092294cc384">
-      <version>2.5.1</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/js/tinymce/themes/advanced/js/link.js">
-    <hash md5="19c6f3118728c38eb7779aab4847d2d9">
-      <version>2.5</version>
-    </hash>
-  </file>
-
-  <file src="wp-includes/js/wp-ajax.js">
-    <hash md5="c5dbce0c3232c477033e0ce486c62755">
-      <version>2.2</version>
-    </hash>
-  </file>
-
-  <file src="$wp-content$/themes/default/style.css">
-    <hash md5="e44545f529a54de88209ce588676231c">
-      <version>2.0.1</version>
-    </hash>
-    <hash md5="f786f66d3a40846aa22dcdfeb44fa562">
-      <version>2.0</version>
-    </hash>
-  </file>
-
-  <file src="wp-layout.css">
-    <hash md5="7140e06c00ed03d2bb3dad7672557510">
-      <version>1.2.1</version>
-    </hash>
-    <hash md5="1bcc9253506c067eb130c9fc4f211a2f">
-      <version>1.2-delta</version>
-    </hash>
-  </file>
-
-  <file src="layout2b.css">
-    <hash md5="baec6b6ccbf71d8dced9f1bf67c751e1">
-      <version>0.71-gold</version>
-    </hash>
-  </file>
-
-</wp-versions>
--- a/data/wp_versions.xsd
+++ b/data/wp_versions.xsd
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
-
-  <xs:simpleType name="stringtype">
-    <xs:restriction base="xs:string">
-      <xs:whiteSpace value="preserve" />
-      <xs:minLength value="1" />
-      <xs:pattern value="[^\s].+[^\s]|[^\s]"/>
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:complexType name="filetype">
-    <xs:sequence>
-      <xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
-    </xs:sequence>
-    <xs:attribute type="stringtype" name="src" use="required"/>
-  </xs:complexType>
-
-  <xs:simpleType name="md5type">
-    <xs:restriction base="stringtype">
-      <xs:pattern value="[0-9a-f]{32}"/>
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:complexType name="hashtype">
-    <xs:sequence minOccurs="1" maxOccurs="1">
-      <xs:element name="version" type="stringtype"/>
-    </xs:sequence>
-    <xs:attribute type="md5type" name="md5" use="required"/>
-  </xs:complexType>
-
-  <xs:element name="wp-versions">
-    <xs:complexType>
-      <xs:sequence>
-        <xs:element name="file" type="filetype" maxOccurs="unbounded" minOccurs="0"/>
-      </xs:sequence>
-    </xs:complexType>
-  </xs:element>
-
-</xs:schema>
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
--- a/dev/pre-commit-hook.rb
+++ b/dev/pre-commit-hook.rb
@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby

-# ln -sf /Users/xxx/wpscan/dev/pre-commit-hook.rb /Users/xxx/wpscan/.git/hooks/pre-commit
+# from the top level dir:
+# ln -sf ../../dev/pre-commit-hook.rb .git/hooks/pre-commit

 require 'pty'
 html_path = 'rspec_results.html'
--- a/lib/common/browser.rb
+++ b/lib/common/browser.rb
@@ -16,20 +16,21 @@ class Browser
    :proxy,
    :proxy_auth,
    :request_timeout,
-    :connect_timeout
+    :connect_timeout,
+    :cookie
  ]

  @@instance = nil

  attr_reader :hydra, :cache_dir

-  attr_accessor :referer
+  attr_accessor :referer, :cookie

  # @param [ Hash ] options
  #
  # @return [ Browser ]
  def initialize(options = {})
-    @cache_dir   = options[:cache_dir]   || CACHE_DIR + '/browser'
+    @cache_dir   = options[:cache_dir] || CACHE_DIR + '/browser'

    # sets browser defaults
    browser_defaults
@@ -153,6 +154,7 @@ class Browser

    params.merge!(cookiejar: @cache_dir + '/cookie-jar')
    params.merge!(cookiefile: @cache_dir + '/cookie-jar')
+    params.merge!(cookie: @cookie) if @cookie

    params
  end
--- a/lib/common/cache_file_store.rb
+++ b/lib/common/cache_file_store.rb
@@ -9,16 +9,18 @@
 #

 require 'yaml'
+require 'fileutils'

 class CacheFileStore
-  attr_reader :storage_path, :serializer
+  attr_reader :storage_path, :cache_dir, :serializer

  # The serializer must have the 2 methods .load and .dump
  #   (Marshal and YAML have them)
  # YAML is Human Readable, contrary to Marshal which store in a binary format
  # Marshal does not need any "require"
  def initialize(storage_path, serializer = Marshal)
-    @storage_path = File.expand_path(storage_path + '/' + storage_dir)
+    @cache_dir    = File.expand_path(storage_path)
+    @storage_path = File.expand_path(File.join(storage_path, storage_dir))
    @serializer   = serializer

    # File.directory? for ruby <= 1.9 otherwise,
@@ -29,16 +31,22 @@ class CacheFileStore
  end

  def clean
-    Dir[File.join(@storage_path, '*')].each do |f|
-      File.delete(f) unless File.symlink?(f)
+    # clean old directories
+    Dir[File.join(@cache_dir, '*')].each do |f|
+      if File.directory?(f)
+        # delete directory if create time is older than 4 hours
+        FileUtils.rm_rf(f) if File.mtime(f) < (Time.now - (60*240))
+      else
+        File.delete(f) unless File.symlink?(f)
+      end
    end
  end

  def read_entry(key)
-    entry_file_path = get_entry_file_path(key)
-
-    if File.exists?(entry_file_path)
-      return @serializer.load(File.read(entry_file_path))
+    begin
+      @serializer.load(File.read(get_entry_file_path(key)))
+    rescue
+      nil
    end
  end

--- a/lib/common/collections/wp_items.rb
+++ b/lib/common/collections/wp_items.rb
@@ -14,7 +14,7 @@ class WpItems < Array
    self.wp_target = wp_target
  end

-  # @param [String,] argv
+  # @param [String] argv
  #
  # @return [ void ]
  def add(*args)
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -23,10 +23,7 @@ class WpItems < Array
        homepage_hash:   wp_target.homepage_hash,
        exclude_content: options[:exclude_content] ? %r{#{options[:exclude_content]}} : nil
      }
-
-      # If we only want the vulnerable ones, the passive detection is ignored
-      # Otherwise, a passive detection is performed, and results will be merged
-      results = options[:only_vulnerable] ? new : passive_detection(wp_target, options)
+      results          = passive_detection(wp_target, options)

      targets.each do |target_item|
        request = browser.forge_request(target_item.url, request_params)
@@ -55,8 +52,11 @@ class WpItems < Array

      # run the remaining requests
      hydra.run
+
+      results.select!(&:vulnerable?) if options[:only_vulnerable]
      results.sort!
-      results # can't just return results.sort because the #sort returns an array, and we want a WpItems
+
+      results  # can't just return results.sort as it would return an array, and we want a WpItems
    end

    # @param [ Integer ] targets_size
@@ -80,13 +80,31 @@ class WpItems < Array
    #
    # @return [ WpItems ]
    def passive_detection(wp_target, options = {})
-      results  = new(wp_target)
-      body     = Browser.get(wp_target.url).body
+      results = new(wp_target)
      # improves speed
-      body     = remove_base64_images_from_html(body)
-      names    = body.scan(passive_detection_pattern(wp_target))
+      body    = remove_base64_images_from_html(Browser.get(wp_target.url).body)
+      page    = Nokogiri::HTML(body)
+      names   = []

-      names.flatten.uniq.each { |name| results.add(name) }
+      page.css('link,script,style').each do |tag|
+        %w(href src).each do |attribute|
+          attr_value = tag.attribute(attribute).to_s
+          next unless attr_value
+
+          names << Regexp.last_match[1] if attr_value.match(attribute_pattern(wp_target))
+        end
+
+        next unless tag.name == 'script' || tag.name == 'style'
+
+        code = tag.text.to_s
+        next if code.empty?
+
+        code.scan(code_pattern(wp_target)).flatten.uniq.each do |item_name|
+          names << item_name
+        end
+      end
+
+      names.uniq.each { |name| results.add(name) }

      results.sort!
      results
@@ -97,13 +115,29 @@ class WpItems < Array
    # @param [ WpTarget ] wp_target
    #
    # @return [ Regex ]
-    def passive_detection_pattern(wp_target)
-      type   = self.to_s.gsub(/Wp/, '').downcase
-      regex1 = %r{(?:[^=:\(]+)\s?(?:=|:|\()\s?(?:"|')[^"']+\\?/}
-      regex2 = %r{\\?/}
-      regex3 = %r{\\?/([^/\\"']+)\\?(?:/|"|')}
+    def item_pattern(wp_target)
+      type = to_s.gsub(/Wp/, '').downcase
+      wp_content_dir = wp_target.wp_content_dir
+      wp_content_url = wp_target.uri.merge(wp_content_dir).to_s

-      /#{regex1}#{Regexp.escape(wp_target.wp_content_dir)}#{regex2}#{Regexp.escape(type)}#{regex3}/i
+      url = /#{wp_content_url.gsub(%r{\A(?:http|https)}, 'https?').gsub('/', '\\\\\?\/')}/i
+      content_dir = %r{(?:#{url}|\\?\/\\?\/?#{wp_content_dir})}i
+
+      %r{#{content_dir}\\?/#{type}\\?/}
+    end
+
+    # @param [ WpTarget ] wp_target
+    #
+    # @return [ Regex ]
+    def attribute_pattern(wp_target)
+      /\A#{item_pattern(wp_target)}([^\/]+)/i
+    end
+
+    # @param [ WpTarget ] wp_target
+    #
+    # @return [ Regex ]
+    def code_pattern(wp_target)
+      /["'\(]#{item_pattern(wp_target)}([^\\\/\)"']+)/i
    end

    # The default request parameters
@@ -142,16 +176,17 @@ class WpItems < Array
    # @return [ Array<WpItem> ]
    def vulnerable_targets_items(wp_target, item_class, vulns_file)
      targets = []
-      xml     = xml(vulns_file)
+      json    = json(vulns_file)

-      xml.xpath(item_xpath).each do |node|
+      [*json].each do |item|
        targets << create_item(
          item_class,
-          node.attribute('name').text,
+          item.keys.inject,
          wp_target,
          vulns_file
        )
      end
+
      targets
    end

@@ -190,6 +225,7 @@ class WpItems < Array
          )
        end
      end
+
      targets
    end

--- a/lib/common/collections/wp_plugins/detectable.rb
+++ b/lib/common/collections/wp_plugins/detectable.rb
@@ -9,9 +9,9 @@ class WpPlugins < WpItems
    end

    # @return [ String ]
-    def item_xpath
-      '//plugin'
-    end
+    # def item_xpath
+    #   '//plugin'
+    # end

    # @param [ WpTarget ] wp_target
    # @param [ Hash ] options
@@ -68,6 +68,10 @@ class WpPlugins < WpItems
        wp_plugins.add('all-in-one-seo-pack', version: $1)
      end

+      if body =~ /<!-- This site is optimized with the Yoast WordPress SEO plugin v([^\s]+) -/i
+        wp_plugins.add('wordpress-seo', version: $1)
+      end
+
      wp_plugins
    end

--- a/lib/common/collections/wp_themes/detectable.rb
+++ b/lib/common/collections/wp_themes/detectable.rb
@@ -9,9 +9,9 @@ class WpThemes < WpItems
    end

    # @return [ String ]
-    def item_xpath
-      '//theme'
-    end
+    # def item_xpath
+    #   '//theme'
+    # end

  end
 end
--- a/lib/common/collections/wp_users/output.rb
+++ b/lib/common/collections/wp_users/output.rb
@@ -38,6 +38,7 @@ class WpUsers < WpItems
      junk = get_equal_string_end(display_names)
      unless junk.nil? or junk.empty?
        self.each do |u|
+          u.display_name ||= ''
          u.display_name = u.display_name.sub(/#{Regexp.escape(junk)}$/, '')
        end
      end
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -1,40 +1,40 @@
 # encoding: UTF-8

-LIB_DIR              = File.expand_path(File.dirname(__FILE__) + '/..')
-ROOT_DIR             = File.expand_path(LIB_DIR + '/..') # expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
-DATA_DIR             = ROOT_DIR + '/data'
-CONF_DIR             = ROOT_DIR + '/conf'
-CACHE_DIR            = ROOT_DIR + '/cache'
-WPSCAN_LIB_DIR       = LIB_DIR + '/wpscan'
-WPSTOOLS_LIB_DIR     = LIB_DIR + '/wpstools'
-UPDATER_LIB_DIR      = LIB_DIR + '/updater'
-COMMON_LIB_DIR       = LIB_DIR + '/common'
-MODELS_LIB_DIR       = COMMON_LIB_DIR + '/models'
-COLLECTIONS_LIB_DIR  = COMMON_LIB_DIR + '/collections'
+LIB_DIR              = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+ROOT_DIR             = File.expand_path(File.join(LIB_DIR, '..')) # expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
+DATA_DIR             = File.join(ROOT_DIR, 'data')
+CONF_DIR             = File.join(ROOT_DIR, 'conf')
+CACHE_DIR            = File.join(ROOT_DIR, 'cache')
+WPSCAN_LIB_DIR       = File.join(LIB_DIR, 'wpscan')
+WPSTOOLS_LIB_DIR     = File.join(LIB_DIR, 'wpstools')
+UPDATER_LIB_DIR      = File.join(LIB_DIR, 'updater')
+COMMON_LIB_DIR       = File.join(LIB_DIR, 'common')
+MODELS_LIB_DIR       = File.join(COMMON_LIB_DIR, 'models')
+COLLECTIONS_LIB_DIR  = File.join(COMMON_LIB_DIR, 'collections')

-LOG_FILE             = ROOT_DIR + '/log.txt'
+LOG_FILE             = File.join(ROOT_DIR, 'log.txt')

 # Plugins directories
-COMMON_PLUGINS_DIR   = COMMON_LIB_DIR + '/plugins'
-WPSCAN_PLUGINS_DIR   = WPSCAN_LIB_DIR + '/plugins' # Not used ATM
-WPSTOOLS_PLUGINS_DIR = WPSTOOLS_LIB_DIR + '/plugins'
+COMMON_PLUGINS_DIR   = File.join(COMMON_LIB_DIR, 'plugins')
+WPSCAN_PLUGINS_DIR   = File.join(WPSCAN_LIB_DIR, 'plugins') # Not used ATM
+WPSTOOLS_PLUGINS_DIR = File.join(WPSTOOLS_LIB_DIR, 'plugins')

 # Data files
-PLUGINS_FILE        = DATA_DIR + '/plugins.txt'
-PLUGINS_FULL_FILE   = DATA_DIR + '/plugins_full.txt'
-PLUGINS_VULNS_FILE  = DATA_DIR + '/plugin_vulns.xml'
-THEMES_FILE         = DATA_DIR + '/themes.txt'
-THEMES_FULL_FILE    = DATA_DIR + '/themes_full.txt'
-THEMES_VULNS_FILE   = DATA_DIR + '/theme_vulns.xml'
-WP_VULNS_FILE       = DATA_DIR + '/wp_vulns.xml'
-WP_VERSIONS_FILE    = DATA_DIR + '/wp_versions.xml'
-LOCAL_FILES_FILE    = DATA_DIR + '/local_vulnerable_files.xml'
-VULNS_XSD           = DATA_DIR + '/vuln.xsd'
-WP_VERSIONS_XSD     = DATA_DIR + '/wp_versions.xsd'
-LOCAL_FILES_XSD     = DATA_DIR + '/local_vulnerable_files.xsd'
-USER_AGENTS_FILE    = DATA_DIR + '/user-agents.txt'
+PLUGINS_FILE        = File.join(DATA_DIR, 'plugins.txt')
+PLUGINS_FULL_FILE   = File.join(DATA_DIR, 'plugins_full.txt')
+PLUGINS_VULNS_FILE  = File.join(DATA_DIR, 'plugin_vulns.json')
+THEMES_FILE         = File.join(DATA_DIR, 'themes.txt')
+THEMES_FULL_FILE    = File.join(DATA_DIR, 'themes_full.txt')
+THEMES_VULNS_FILE   = File.join(DATA_DIR, 'theme_vulns.json')
+WP_VULNS_FILE       = File.join(DATA_DIR, 'wp_vulns.json')
+WP_VERSIONS_FILE    = File.join(DATA_DIR, 'wp_versions.xml')
+LOCAL_FILES_FILE    = File.join(DATA_DIR, 'local_vulnerable_files.xml')
+# VULNS_XSD           = File.join(DATA_DIR, 'vuln.xsd')
+WP_VERSIONS_XSD     = File.join(DATA_DIR, 'wp_versions.xsd')
+LOCAL_FILES_XSD     = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
+USER_AGENTS_FILE    = File.join(DATA_DIR, 'user-agents.txt')

-WPSCAN_VERSION       = '2.4.1'
+WPSCAN_VERSION       = '2.6'

 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -54,7 +54,7 @@ require 'environment'
 def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
  files = Dir[File.join(absolute_dir_path, files_pattern)]

-  # Files in the root dir are loaded first, then thoses in the subdirectories
+  # Files in the root dir are loaded first, then those in the subdirectories
  files.sort_by { |file| [file.count("/"), file] }.each do |f|
    f = File.expand_path(f)
    #puts "require #{f}" # Used for debug
@@ -64,14 +64,6 @@ end

 require_files_from_directory(COMMON_LIB_DIR, '**/*.rb')

-# Hook to check if the target if down during the scan
-# The target is considered down after 10 requests with status = 0
-down = 0
-Typhoeus.on_complete do |response|
-  down += 1 if response.code == 0
-  fail 'The target seems to be down' if down >= 10
-end
-
 # Add protocol
 def add_http_protocol(url)
  url =~ /^https?:/ ? url : "http://#{url}"
@@ -81,18 +73,11 @@ def add_trailing_slash(url)
  url =~ /\/$/ ? url : "#{url}/"
 end

-# loading the updater
-require_files_from_directory(UPDATER_LIB_DIR)
-@updater = UpdaterFactory.get_updater(ROOT_DIR)
-
-if @updater
-  REVISION = @updater.local_revision_number()
-else
-  REVISION = nil
-end
-
-def version
-  REVISION ? "v#{WPSCAN_VERSION}r#{REVISION}" : "v#{WPSCAN_VERSION}"
+def missing_db_file?
+  DbUpdater::FILES.each do |db_file|
+    return true unless File.exist?(File.join(DATA_DIR, db_file))
+  end
+  false
 end

 # Define colors
@@ -124,6 +109,22 @@ def blue(text)
  colorize(text, 34)
 end

+def critical(text)
+  red(text)
+end
+
+def warning(text)
+  amber(text)
+end
+
+def info(text)
+  green(text)
+end
+
+def notice(text)
+  blue(text)
+end
+
 # our 1337 banner
 def banner
  puts '_______________________________________________________________'
@@ -135,13 +136,8 @@ def banner
  puts '            \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_|'
  puts
  puts '        WordPress Security Scanner by the WPScan Team '
-  # Alignment of the version (w & w/o the Revision)
-  if REVISION
-    puts "                    Version #{version}"
-  else
-    puts "                        Version #{version}"
-  end
-  puts '     Sponsored by the RandomStorm Open Source Initiative'
+  puts "                       Version #{WPSCAN_VERSION}"
+  puts '          Sponsored by Sucuri - https://sucuri.net'
  puts '   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_'
  puts '_______________________________________________________________'
  puts
@@ -153,6 +149,17 @@ def xml(file)
  end
 end

+def json(file)
+  content = File.open(file).read
+
+  begin
+    JSON.parse(content)
+  rescue => e
+    puts "[ERROR] In JSON file parsing #{file} #{e}"
+    raise
+  end
+end
+
 def redefine_constant(constant, value)
  Object.send(:remove_const, constant)
  Object.const_set(constant, value)
@@ -229,3 +236,10 @@ def get_random_user_agent
  # return ransom user-agent
  user_agents.sample
 end
+
+# Directory listing enabled on url?
+#
+# @return [ Boolean ]
+def directory_listing_enabled?(url)
+  Browser.get(url.to_s).body[%r{<title>Index of}] ? true : false
+end
--- a/lib/common/db_updater.rb
+++ b/lib/common/db_updater.rb
@@ -0,0 +1,115 @@
+# encoding: UTF-8
+
+# DB Updater
+class DbUpdater
+  FILES = %w(
+    local_vulnerable_files.xml local_vulnerable_files.xsd
+    plugins_full.txt plugins.txt themes_full.txt themes.txt
+    timthumbs.txt user-agents.txt wp_versions.xml wp_versions.xsd
+    plugin_vulns.json theme_vulns.json wp_vulns.json
+  )
+
+  attr_reader :repo_directory
+
+  def initialize(repo_directory)
+    @repo_directory = repo_directory
+
+    fail "#{repo_directory} is not writable" unless \
+      Pathname.new(repo_directory).writable?
+  end
+
+  # @return [ Hash ] The params for Typhoeus::Request
+  def request_params
+    {
+      ssl_verifyhost: 2,
+      ssl_verifypeer: true
+    }
+  end
+
+  # @return [ String ] The raw file URL associated with the given filename
+  def remote_file_url(filename)
+    "https://raw.githubusercontent.com/wpscanteam/vulndb/master/#{filename}"
+  end
+
+  # @return [ String ] The checksum of the associated remote filename
+  def remote_file_checksum(filename)
+    url = "#{remote_file_url(filename)}.sha512"
+
+    res = Browser.get(url, request_params)
+    fail "Unable to get #{url}" unless res.code == 200
+    res.body
+  end
+
+  def local_file_path(filename)
+    File.join(repo_directory, "#{filename}")
+  end
+
+  def local_file_checksum(filename)
+    Digest::SHA512.file(local_file_path(filename)).hexdigest
+  end
+
+  def backup_file_path(filename)
+    File.join(repo_directory, "#{filename}.back")
+  end
+
+  def create_backup(filename)
+    return unless File.exist?(local_file_path(filename))
+    FileUtils.cp(local_file_path(filename), backup_file_path(filename))
+  end
+
+  def restore_backup(filename)
+    return unless File.exist?(backup_file_path(filename))
+    FileUtils.cp(backup_file_path(filename), local_file_path(filename))
+  end
+
+  def delete_backup(filename)
+    FileUtils.rm(backup_file_path(filename))
+  end
+
+  # @return [ String ] The checksum of the downloaded file
+  def download(filename)
+    file_path = local_file_path(filename)
+    file_url  = remote_file_url(filename)
+
+    res = Browser.get(file_url, request_params)
+    fail "Error while downloading #{file_url}" unless res.code == 200
+    File.open(file_path, 'wb') { |f| f.write(res.body) }
+
+    local_file_checksum(filename)
+  end
+
+  def update(verbose = false)
+    FILES.each do |filename|
+      begin
+        puts "[+] Checking #{filename}" if verbose
+        db_checksum = remote_file_checksum(filename)
+
+        # Checking if the file needs to be updated
+        if File.exist?(local_file_path(filename)) && db_checksum == local_file_checksum(filename)
+          puts '  [i] Already Up-To-Date' if verbose
+          next
+        end
+
+        puts '  [i] Needs to be updated' if verbose
+        create_backup(filename)
+        puts '  [i] Backup Created' if verbose
+        puts '  [i] Downloading new file' if verbose
+        dl_checksum = download(filename)
+        puts "  [i] Downloaded File Checksum: #{dl_checksum}" if verbose
+
+        unless dl_checksum == db_checksum
+          fail "#{filename}: checksums do not match"
+        end
+      rescue => e
+        puts '  [i] Restoring Backup due to error' if verbose
+        restore_backup(filename)
+        raise e
+      ensure
+        if File.exist?(backup_file_path(filename))
+          puts '  [i] Deleting Backup' if verbose
+          delete_backup(filename)
+        end
+      end
+    end
+  end
+end
--- a/lib/common/hacks.rb
+++ b/lib/common/hacks.rb
@@ -49,11 +49,11 @@ end

 # Override for puts to enable logging
 def puts(o = '')
-  # remove color for logging
-  if o.respond_to?(:gsub)
-    temp = o.gsub(/\e\[\d+m(.*)?\e\[0m/, '\1')
+  if $log && o.respond_to?(:gsub)
+    temp = o.gsub(/\e\[\d+m/, '') # remove color for logging
    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
  end
+  
  super(o)
 end

--- a/lib/common/models/vulnerability.rb
+++ b/lib/common/models/vulnerability.rb
@@ -35,27 +35,26 @@ class Vulnerability
  end
  # :nocov:

-  # Create the Vulnerability from the xml_node
+  # Create the Vulnerability from the json_item
  #
-  # @param [ Nokogiri::XML::Node ] xml_node
+  # @param [ Hash ] json_item
  #
  # @return [ Vulnerability ]
-  def self.load_from_xml_node(xml_node)
+  def self.load_from_json_item(json_item)
    references = {}
-    refs = xml_node.search('references')
-    if refs
-      references[:url] = refs.search('url').map(&:text)
-      references[:cve] = refs.search('cve').map(&:text)
-      references[:secunia] = refs.search('secunia').map(&:text)
-      references[:osvdb] = refs.search('osvdb').map(&:text)
-      references[:metasploit] = refs.search('metasploit').map(&:text)
-      references[:exploitdb] = refs.search('exploitdb').map(&:text)
+
+    %w(id url cve secunia osvdb metasploit exploitdb).each do |key|
+      if json_item[key]
+        json_item[key]  = [json_item[key]] if json_item[key].class != Array
+        references[key] = json_item[key]
+      end
    end
+
    new(
-      xml_node.search('title').text,
-      xml_node.search('type').text,
+      json_item['title'],
+      json_item['type'],
      references,
-      xml_node.search('fixed_in').text,
+      json_item['fixed_in'],
    )
  end

--- a/lib/common/models/vulnerability/output.rb
+++ b/lib/common/models/vulnerability/output.rb
@@ -6,7 +6,7 @@ class Vulnerability
    # output the vulnerability
    def output(verbose = false)
      puts
-      puts "#{red('[!]')} Title: #{title}"
+      puts "#{critical('[!]')} Title: #{title}"
      references.each do |key, urls|
        methodname = "url_#{key}"
        urls.each do |u|
@@ -14,8 +14,8 @@ class Vulnerability
          puts "    Reference: #{url}" if url
        end
      end
-      if !fixed_in.empty?
-         puts "#{blue('[i]')} Fixed in: #{fixed_in}"
+      if !fixed_in.nil?
+         puts "#{notice('[i]')} Fixed in: #{fixed_in}"
      end
    end
  end
--- a/lib/common/models/vulnerability/urls.rb
+++ b/lib/common/models/vulnerability/urls.rb
@@ -6,7 +6,7 @@ class Vulnerability
    def url_metasploit(module_path)
      # remove leading slash
      module_path = module_path.sub(/^\//, '')
-      "http://www.metasploit.com/modules/#{module_path}"
+      "http://www.rapid7.com/db/modules/#{module_path}"
    end

    def url_url(url)
@@ -22,12 +22,15 @@ class Vulnerability
    end

    def url_secunia(id)
-      "http://secunia.com/advisories/#{id}"
+      "https://secunia.com/advisories/#{id}"
    end

    def url_exploitdb(id)
      "http://www.exploit-db.com/exploits/#{id}/"
    end

+    def url_id(id)
+      "https://wpvulndb.com/vulnerabilities/#{id}"
+    end
  end
 end
--- a/lib/common/models/wp_item/infos.rb
+++ b/lib/common/models/wp_item/infos.rb
@@ -12,7 +12,9 @@ class WpItem

    # @return [ String,nil ] The url to the readme file, nil if not found
    def readme_url
-      %w{readme.txt README.txt}.each do |readme|
+      # See https://github.com/wpscanteam/wpscan/pull/737#issuecomment-66375445
+      # for any question about the order
+      %w{readme.txt README.txt Readme.txt ReadMe.txt README.TXT readme.TXT}.each do |readme|
        url = @uri.merge(readme).to_s
        return url if url_is_200?(url)
      end
@@ -40,7 +42,7 @@ class WpItem

    # @return [ Boolean ]
    def has_directory_listing?
-      Browser.get(@uri.to_s).body[%r{<title>Index of}] ? true : false
+      directory_listing_enabled?(@uri)
    end

    # Discover any error_log files created by WordPress
--- a/lib/common/models/wp_item/output.rb
+++ b/lib/common/models/wp_item/output.rb
@@ -6,16 +6,21 @@ class WpItem
    # @return [ Void ]
    def output(verbose = false)
      puts
-      puts "#{green('[+]')} Name: #{self}" #this will also output the version number if detected
+      puts "#{info('[+]')} Name: #{self}" #this will also output the version number if detected
      puts " |  Location: #{url}"
      #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
      puts " |  Readme: #{readme_url}" if has_readme?
      puts " |  Changelog: #{changelog_url}" if has_changelog?
-      puts "#{red('[!]')} Directory listing is enabled: #{url}" if has_directory_listing?
-      puts "#{red('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log?
+      puts "#{warning('[!]')} Directory listing is enabled: #{url}" if has_directory_listing?
+      puts "#{warning('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log?

      additional_output(verbose) if respond_to?(:additional_output)

+      if version.nil? && vulnerabilities.length > 0
+        puts
+        puts "#{warning('[+]')} We could not determine a version so all vulnerabilities are printed out"
+      end
+
      vulnerabilities.output
    end
  end
--- a/lib/common/models/wp_item/versionable.rb
+++ b/lib/common/models/wp_item/versionable.rb
@@ -13,7 +13,7 @@ class WpItem
        # This check is needed because readme_url can return nil
        if has_readme?
          response = Browser.get(readme_url)
-          @version = response.body[%r{stable tag: #{WpVersion.version_pattern}}i, 1]
+          @version = response.body[%r{(?:stable tag|version): #{WpVersion.version_pattern}}i, 1]
        end
      end
      @version
--- a/lib/common/models/wp_item/vulnerable.rb
+++ b/lib/common/models/wp_item/vulnerable.rb
@@ -2,22 +2,27 @@

 class WpItem
  module Vulnerable
-    attr_accessor :vulns_file, :vulns_xpath
+    attr_accessor :vulns_file, :identifier

    # Get the vulnerabilities associated to the WpItem
    # Filters out already fixed vulnerabilities
    #
    # @return [ Vulnerabilities ]
    def vulnerabilities
-      xml             = xml(vulns_file)
+      json            = json(vulns_file)
      vulnerabilities = Vulnerabilities.new

-      xml.xpath(vulns_xpath).each do |node|
-        vuln = Vulnerability.load_from_xml_node(node)
-        if vulnerable_to?(vuln)
-          vulnerabilities << vuln
+      json.each do |item|
+        asset = item[identifier]
+
+        if asset
+          asset['vulnerabilities'].each do |vulnerability|
+            vulnerability = Vulnerability.load_from_json_item(vulnerability)
+            vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
+          end
        end
      end
+
      vulnerabilities
    end

@@ -32,7 +37,7 @@ class WpItem
    # @return [ Boolean ]
    def vulnerable_to?(vuln)
      if version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
-        unless VersionCompare::is_newer_or_same?(vuln.fixed_in, version)
+        unless VersionCompare::lesser_or_equal?(vuln.fixed_in, version)
          return true
        end
      else
@@ -41,5 +46,4 @@ class WpItem
      return false
    end
  end
-
 end
--- a/lib/common/models/wp_plugin/vulnerable.rb
+++ b/lib/common/models/wp_plugin/vulnerable.rb
@@ -12,8 +12,8 @@ class WpPlugin < WpItem
    end

    # @return [ String ]
-    def vulns_xpath
-      "//plugin[@name='#{@name}']/vulnerability"
+    def identifier
+      @name
    end

  end
--- a/lib/common/models/wp_theme.rb
+++ b/lib/common/models/wp_theme.rb
@@ -15,15 +15,9 @@ class WpTheme < WpItem
  include WpTheme::Output
  include WpTheme::Childtheme

-  attr_writer :style_url
+  attr_accessor :referenced_url

-  def allowed_options; super << :style_url end
-
-  def initialize(*args)
-    super(*args)
-
-    parse_style
-  end
+  def allowed_options; super << :referenced_url end

  # Sets the @uri
  #
@@ -36,10 +30,7 @@ class WpTheme < WpItem

  # @return [ String ] The url to the theme stylesheet
  def style_url
-    unless @style_url
-      @style_url = uri.merge('style.css').to_s
-    end
-    @style_url
+    @uri.merge('style.css').to_s
  end

 end
--- a/lib/common/models/wp_theme/childtheme.rb
+++ b/lib/common/models/wp_theme/childtheme.rb
@@ -3,6 +3,10 @@
 class WpTheme < WpItem
  module Childtheme

+    def parent_theme_limit
+      3
+    end
+
    def is_child_theme?
      return true unless @theme_template.nil?
      false
--- a/lib/common/models/wp_theme/findable.rb
+++ b/lib/common/models/wp_theme/findable.rb
@@ -30,13 +30,13 @@ class WpTheme < WpItem
      response = Browser.get_and_follow_location(target_uri.to_s)

      # https + domain is optional because of relative links
-      matches = %r{(?:https?://[^"']+)?/([^/]+)/themes/([^"']+)/style.css}i.match(response.body)
+      matches = /(?:https?:\/\/[^"']+)?\/([^\/]+)\/themes\/([^"'\/]+)[^"']*\/style.css/i.match(response.body)
      if matches
        return new(
          target_uri,
          {
            name:           matches[2],
-            style_url:      matches[0],
+            referenced_url: matches[0],
            wp_content_dir: matches[1]
          }
        )
--- a/lib/common/models/wp_theme/output.rb
+++ b/lib/common/models/wp_theme/output.rb
@@ -5,8 +5,11 @@ class WpTheme

    # @return [ Void ]
    def additional_output(verbose = false)
+      parse_style
+      
      theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
      puts " |  Style URL: #{style_url}"
+      puts " |  Referenced style.css: #{referenced_url}" if referenced_url && referenced_url != style_url
      puts " |  Theme Name: #@theme_name" if @theme_name
      puts " |  Theme URI: #@theme_uri" if @theme_uri
      puts " |  Description: #{theme_desc}"
--- a/lib/common/models/wp_theme/versionable.rb
+++ b/lib/common/models/wp_theme/versionable.rb
@@ -2,16 +2,8 @@

 class WpTheme < WpItem
  module Versionable
-
    def version
-      unless @version
-        @version = Browser.get(style_url).body[%r{Version:\s*([^\s]+)}i, 1]
-
-        # Get Version from readme.txt
-        @version ||= super
-      end
-      @version
+      @version ||= Browser.get(style_url).body[%r{Version:\s*([^\s]+)}i, 1]
    end
-
  end
 end
--- a/lib/common/models/wp_theme/vulnerable.rb
+++ b/lib/common/models/wp_theme/vulnerable.rb
@@ -12,9 +12,8 @@ class WpTheme < WpItem
    end

    # @return [ String ]
-    def vulns_xpath
-      "//theme[@name='#{@name}']/vulnerability"
+    def identifier
+      @name
    end
-
  end
 end
--- a/lib/common/models/wp_timthumb/output.rb
+++ b/lib/common/models/wp_timthumb/output.rb
@@ -4,7 +4,10 @@ class WpTimthumb < WpItem
  module Output

    def output(verbose = false)
-      puts " | #{vulnerable? ? red('[!] Vulnerable') : green('[i] Not Vulnerable')} #{self}"
+      puts
+      puts "#{info('[+]')} #{self}" #this will also output the version number if detected
+
+      vulnerabilities.output
    end

  end
--- a/lib/common/models/wp_timthumb/vulnerable.rb
+++ b/lib/common/models/wp_timthumb/vulnerable.rb
@@ -2,8 +2,54 @@

 class WpTimthumb < WpItem
  module Vulnerable
-    def vulnerable?
-      VersionCompare.is_newer_or_same?(version, '1.34')
+    # @return [ Vulnerabilities ]
+    def vulnerabilities
+      vulns = Vulnerabilities.new
+
+      [:check_rce_132, :check_rce_webshot].each do |method|
+        vuln = self.send(method)
+
+        vulns << vuln if vuln
+      end
+      vulns
+    end
+
+    def check_rce_132
+      return rce_132_vuln unless VersionCompare.lesser_or_equal?('1.33', version)
+    end
+
+    # Vulnerable versions : > 1.35 (or >= 2.0) and < 2.8.14
+    def check_rce_webshot
+      return if VersionCompare.lesser_or_equal?('2.8.14', version) || VersionCompare.lesser_or_equal?(version, '1.35')
+
+      response = Browser.get(uri.merge('?webshot=1&src=http://' + default_allowed_domains.sample))
+
+      return rce_webshot_vuln unless response.body =~ /WEBSHOT_ENABLED == true/
+    end
+
+    # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
+    def default_allowed_domains
+      %w(flickr.com picasa.com img.youtube.com upload.wikimedia.org)
+    end
+
+    # @return [ Vulnerability ] The RCE in the <= 1.32
+    def rce_132_vuln
+      Vulnerability.new(
+        'Timthumb <= 1.32 Remote Code Execution',
+        'RCE',
+        { exploitdb: ['17602'] },
+        '1.33'
+      )
+    end
+
+    # @return [ Vulnerability ] The RCE due to the WebShot in the <= 2.8.13
+    def rce_webshot_vuln
+      Vulnerability.new(
+        'Timthumb <= 2.8.13 WebShot Remote Code Execution',
+        'RCE',
+        { url: ['http://seclists.org/fulldisclosure/2014/Jun/117'] },
+        '2.8.14'
+      )
    end
  end
 end
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -25,10 +25,10 @@ class WpUser < WpItem
      hydra        = browser.hydra
      queue_count  = 0
      found        = false
-      progress_bar = self.progress_bar(count_file_lines(wordlist), options)
+      progress_bar = self.progress_bar(count_file_lines(wordlist)+1, options)

      File.open(wordlist).each do |password|
-        password.chop!
+        password.chomp!

        # A successfull login will redirect us to the redirect_to parameter
        # Generate a random one on each request
@@ -63,6 +63,7 @@ class WpUser < WpItem

      # run all of the remaining requests
      hydra.run
+      puts if options[:show_progression] # mandatory to avoid the output of the progressbar to be overriden
    end

    # @param [ Integer ] targets_size
@@ -103,19 +104,19 @@ class WpUser < WpItem
    # @return [ Boolean ]
    def valid_password?(response, password, redirect_url, options = {})
      if response.code == 302 && response.headers_hash && response.headers_hash['Location'] == redirect_url
-        progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
+        progression = "#{info('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
        valid       = true
      elsif response.body =~ /login_error/i
        verbose = "\n  Incorrect login and/or password."
      elsif response.timed_out?
-        progression = "#{red('ERROR:')} Request timed out."
+        progression = "#{critical('ERROR:')} Request timed out."
      elsif response.code == 0
-        progression = "#{red('ERROR:')} No response from remote server. WAF/IPS?"
+        progression = "#{critical('ERROR:')} No response from remote server. WAF/IPS?"
      elsif response.code.to_s =~ /^50/
-        progression = "#{red('ERROR:')} Server error, try reducing the number of threads."
+        progression = "#{critical('ERROR:')} Server error, try reducing the number of threads."
      else
-        progression = "#{red('ERROR:')} We received an unknown response for #{password}..."
-        verbose     = red("    Code: #{response.code}\n    Body: #{response.body}\n")
+        progression = "#{critical('ERROR:')} We received an unknown response for #{password}..."
+        verbose     = critical("    Code: #{response.code}\n    Body: #{response.body}\n")
      end

      puts "\n  " + progression if progression && options[:show_progression]
--- a/lib/common/models/wp_user/existable.rb
+++ b/lib/common/models/wp_user/existable.rb
@@ -22,6 +22,8 @@ class WpUser < WpItem
      if response.code == 301 # login in location?
        location = response.headers_hash['Location']

+        return if location.nil? || location.empty?
+
        @login        = Existable.login_from_author_pattern(location)
        @display_name = Existable.display_name_from_body(
          Browser.get(location).body
@@ -66,9 +68,12 @@ class WpUser < WpItem
        title_tag.force_encoding('UTF-8') if title_tag.encoding == Encoding::ASCII_8BIT
        title_tag = Nokogiri::HTML::DocumentFragment.parse(title_tag).to_s
        # &amp; are not decoded with Nokogiri
-        title_tag.sub!('&amp;', '&')
+        title_tag.gsub!('&amp;', '&')

-        name = title_tag[%r{([^|«]+) }, 1]
+        # replace UTF chars like  &#187; with dummy character
+        title_tag.gsub!(/&#(\d+);/, '|')
+
+        name = title_tag[%r{([^|«»]+) }, 1]

        return name.strip if name
      end
--- a/lib/common/models/wp_version/findable.rb
+++ b/lib/common/models/wp_version/findable.rb
@@ -100,18 +100,6 @@ class WpVersion < WpItem
      )
    end

-    # Attempts to find the WordPress version from,
-    # the generator tag in the RSS2 feed source.
-    #
-    # Have not been able to find an example of this - Ryan
-    #def find_from_rss2_generator(target_uri)
-    #  scan_url(
-    #    target_uri,
-    #    %r{<generator>http://wordpress.org/?v=(#{WpVersion.version_pattern})</generator>}i,
-    #    'feed/rss/'
-    #  )
-    #end
-
    # Attempts to find the WordPress version from,
    # the generator tag in the Atom source.
    #
@@ -126,18 +114,6 @@ class WpVersion < WpItem
      )
    end

-    # Attempts to find the WordPress version from,
-    # the generator tag in the comment rss source.
-    #
-    # Have not been able to find an example of this - Ryan
-    #def find_from_comments_rss_generator(target_uri)
-    # scan_url(
-    # target_uri,
-    # %r{<!-- generator="WordPress/#{WpVersion.version_pattern}" -->}i,
-    # 'comments/feed/'
-    # )
-    #end
-
    # Uses data/wp_versions.xml to try to identify a
    # wordpress version.
    #
--- a/lib/common/models/wp_version/output.rb
+++ b/lib/common/models/wp_version/output.rb
@@ -5,12 +5,12 @@ class WpVersion < WpItem

    def output(verbose = false)
      puts
-      puts "#{green('[+]')} WordPress version #{self.number} identified from #{self.found_from}"
+      puts "#{info('[+]')} WordPress version #{self.number} identified from #{self.found_from}"

      vulnerabilities = self.vulnerabilities

      unless vulnerabilities.empty?
-        puts "#{red('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number"
+        puts "#{critical('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number"

        vulnerabilities.output
      end
--- a/lib/common/models/wp_version/vulnerable.rb
+++ b/lib/common/models/wp_version/vulnerable.rb
@@ -12,9 +12,14 @@ class WpVersion < WpItem
    end

    # @return [ String ]
-    def vulns_xpath
-      "//wordpress[@version='#{@number}']/vulnerability"
-    end
+    def identifier
+      @number
+    end  
+
+    # @return [ String ]
+    # def vulns_xpath
+    #   "//wordpress[@version='#{@number}']/vulnerability"
+    # end

  end
 end
--- a/lib/common/updater/git_updater.rb
+++ b/lib/common/updater/git_updater.rb
@@ -1,37 +0,0 @@
-# encoding: UTF-8
-
-require 'common/updater/updater'
-
-class GitUpdater < Updater
-
-  def is_installed?
-    %x[git #{repo_directory_arguments()} status 2>&1] =~ /On branch/ ? true : false
-  end
-
-  # Git has not a revsion number like SVN,
-  # so we will take the 7 first chars of the last commit hash
-  def local_revision_number
-    git_log = %x[git #{repo_directory_arguments()} log -1 2>&1]
-    git_log[/commit ([0-9a-z]{7})/i, 1].to_s
-  end
-
-  def update
-    %x[git #{repo_directory_arguments()} pull]
-  end
-
-  def has_local_changes?
-    %x[git #{repo_directory_arguments()} diff --exit-code 2>&1] =~ /diff/ ? true : false
-  end
-
-  def reset_head
-    %x[git #{repo_directory_arguments()} reset --hard HEAD]
-  end
-
-  protected
-  def repo_directory_arguments
-    if @repo_directory
-      return "--git-dir=\"#{@repo_directory}/.git\" --work-tree=\"#{@repo_directory}\""
-    end
-  end
-
-end
--- a/lib/common/updater/svn_updater.rb
+++ b/lib/common/updater/svn_updater.rb
@@ -1,23 +0,0 @@
-# encoding: UTF-8
-
-require 'common/updater/updater'
-
-class SvnUpdater < Updater
-
-  REVISION_PATTERN = /revision="(\d+)"/i
-  TRUNK_URL        = 'https://github.com/wpscanteam/wpscan'
-
-  def is_installed?
-    %x[svn info "#@repo_directory" --xml 2>&1] =~ /revision=/ ? true : false
-  end
-
-  def local_revision_number
-    local_revision = %x[svn info "#@repo_directory" --xml 2>&1]
-    local_revision[REVISION_PATTERN, 1].to_s
-  end
-
-  def update
-    %x[svn up "#@repo_directory"]
-  end
-
-end
--- a/lib/common/updater/updater.rb
+++ b/lib/common/updater/updater.rb
@@ -1,25 +0,0 @@
-# encoding: UTF-8
-
-# This class act as an absract one
-class Updater
-
-  attr_reader :repo_directory
-
-  # TODO : add a last '/ to repo_directory if it's not present
-  def initialize(repo_directory = nil)
-    @repo_directory = repo_directory
-  end
-
-  def is_installed?
-    raise NotImplementedError
-  end
-
-  def local_revision_number
-    raise NotImplementedError
-  end
-
-  def update
-    raise NotImplementedError
-  end
-
-end
--- a/lib/common/updater/updater_factory.rb
+++ b/lib/common/updater/updater_factory.rb
@@ -1,23 +0,0 @@
-# encoding: UTF-8
-
-class UpdaterFactory
-
-  def self.get_updater(repo_directory)
-    self.available_updaters_classes().each do |updater_symbol|
-      updater = Object.const_get(updater_symbol).new(repo_directory)
-
-      if updater.is_installed?
-        return updater
-      end
-    end
-    nil
-  end
-
-  protected
-
-  # return array of class symbols
-  def self.available_updaters_classes
-    Object.constants.grep(/^.+Updater$/)
-  end
-
-end
--- a/lib/common/version_compare.rb
+++ b/lib/common/version_compare.rb
@@ -2,14 +2,18 @@

 class VersionCompare

-  # Compares two version strings. Returns true if version1 is equal to version2
-  # or when version1 is older than version2
+  # Compares two version strings. Returns true if version1 <= version2
+  # and false otherwise
  #
  # @param [ String ] version1
  # @param [ String ] version2
  #
  # @return [ Boolean ]
-  def self.is_newer_or_same?(version1, version2)
+  def self.lesser_or_equal?(version1, version2)
+    # Prepend a '0' if the version starts with a '.'
+    version1 = "0#{version1}" if version1 && version1[0,1] == '.'
+    version2 = "0#{version2}" if version2 && version2[0,1] == '.'
+
    return true if (version1 == version2)
    # Both versions must be set
    return false unless (version1 and version2)
--- a/lib/environment.rb
+++ b/lib/environment.rb
@@ -28,6 +28,7 @@ begin
  require 'pp'
  require 'shellwords'
  require 'fileutils'
+  require 'pathname'
  # Third party libs
  require 'typhoeus'
  require 'json'
--- a/lib/wpscan/web_site.rb
+++ b/lib/wpscan/web_site.rb
@@ -52,8 +52,12 @@ class WebSite
    url ||= @uri.to_s
    response = Browser.get(url)

+    redirected_uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
    if response.code == 301 || response.code == 302
      redirection = response.headers_hash['location']
+      if redirection[0] == '/'
+        redirection = "#{redirected_uri.scheme}://#{redirected_uri.host}#{redirection}"
+      end

      # Let's check if there is a redirection in the redirection
      if other_redirection = redirection(redirection)
--- a/lib/wpscan/web_site/robots_txt.rb
+++ b/lib/wpscan/web_site/robots_txt.rb
@@ -12,9 +12,7 @@ class WebSite
    # Gets a robots.txt URL
    # @return [ String ]
    def robots_url
-      temp = @uri.clone
-      temp.path = '/robots.txt'
-      temp.to_s
+      @uri.clone.merge('robots.txt').to_s
    end


--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -1,19 +1,19 @@
 # encoding: UTF-8

 require 'web_site'
-require 'wp_target/malwares'
 require 'wp_target/wp_readme'
 require 'wp_target/wp_registrable'
 require 'wp_target/wp_config_backup'
+require 'wp_target/wp_must_use_plugins'
 require 'wp_target/wp_login_protection'
 require 'wp_target/wp_custom_directories'
 require 'wp_target/wp_full_path_disclosure'

 class WpTarget < WebSite
-  include WpTarget::Malwares
  include WpTarget::WpReadme
  include WpTarget::WpRegistrable
  include WpTarget::WpConfigBackup
+  include WpTarget::WpMustUsePlugins
  include WpTarget::WpLoginProtection
  include WpTarget::WpCustomDirectories
  include WpTarget::WpFullPathDisclosure
@@ -28,7 +28,6 @@ class WpTarget < WebSite
    @wp_plugins_dir = options[:wp_plugins_dir]
    @multisite      = nil

-    Browser.instance(options.merge(:max_threads => options[:threads]))
    Browser.instance.referer = url
  end

@@ -122,7 +121,12 @@ class WpTarget < WebSite

  # @return [ String ]
  def debug_log_url
-    @uri.merge("#{wp_content_dir()}/debug.log").to_s
+    @uri.merge("#{wp_content_dir}/debug.log").to_s
+  end
+
+  # @return [ String ]
+  def upload_dir_url
+    @uri.merge("#{wp_content_dir}/uploads/").to_s
  end

  # Script for replacing strings in wordpress databases
@@ -139,4 +143,8 @@ class WpTarget < WebSite
    resp = Browser.get(search_replace_db_2_url)
    resp.code == 200 && resp.body[%r{by interconnect}i]
  end
+
+  def upload_directory_listing_enabled?
+    directory_listing_enabled?(upload_dir_url)
+  end
 end
--- a/lib/wpscan/wp_target/malwares.rb
+++ b/lib/wpscan/wp_target/malwares.rb
@@ -1,50 +0,0 @@
-# encoding: UTF-8
-
-class WpTarget < WebSite
-  module Malwares
-    # Used as cache :
-    #   nil => malwares not checked,
-    #   [] => no malwares,
-    #   otherwise array of malwares url found
-    @malwares = nil
-
-    def has_malwares?(malwares_file_path = nil)
-      !malwares(malwares_file_path).empty?
-    end
-
-    # return array of string (url of malwares found)
-    def malwares(malwares_file_path = nil)
-      unless @malwares
-        malwares_found = []
-        malwares_file = Malwares.malwares_file(malwares_file_path)
-        index_page_body = Browser.get(@uri.to_s).body
-
-        File.open(malwares_file, 'r') do |file|
-          file.readlines.collect do |url|
-            chomped_url = url.chomp
-
-            if chomped_url.length > 0
-              malwares_found += index_page_body.scan(Malwares.malware_pattern(chomped_url))
-            end
-          end
-        end
-
-        malwares_found.flatten!
-        malwares_found.uniq!
-
-        @malwares = malwares_found
-      end
-      @malwares
-    end
-
-    def self.malwares_file(malwares_file_path)
-      malwares_file_path || DATA_DIR + '/malwares.txt'
-    end
-
-    def self.malware_pattern(url_regex)
-      # no need to escape regex here, because malware.txt contains regex
-      %r{<(?:script|iframe).* src=(?:"|')(#{url_regex}[^"']*)(?:"|')[^>]*>}i
-    end
-
-  end
-end
--- a/lib/wpscan/wp_target/wp_config_backup.rb
+++ b/lib/wpscan/wp_target/wp_config_backup.rb
@@ -40,9 +40,9 @@ class WpTarget < WebSite
    # @return [ Array ]
    def self.config_backup_files
      %w{
-        wp-config.php~ #wp-config.php# wp-config.php.save wp-config.php.swp wp-config.php.swo wp-config.php_bak
-        wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old wp-config.php.orig
-        wp-config.orig wp-config.php.original wp-config.original wp-config.txt
+        wp-config.php~ #wp-config.php# wp-config.php.save .wp-config.php.swp wp-config.php.swp wp-config.php.swo 
+        wp-config.php_bak wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old
+        wp-config.php.orig wp-config.orig wp-config.php.original wp-config.original wp-config.txt
      } # thanks to Feross.org for these
    end

--- a/lib/wpscan/wp_target/wp_must_use_plugins.rb
+++ b/lib/wpscan/wp_target/wp_must_use_plugins.rb
@@ -0,0 +1,26 @@
+# encoding: UTF-8
+
+class WpTarget < WebSite
+  module WpMustUsePlugins
+
+    # Checks to see if the must use plugin folder exists
+    #
+    # @return [ Boolean ]
+    def has_must_use_plugins?
+      response = Browser.get(must_use_url)
+
+      if response && WpTarget.valid_response_codes.include?(response.code)
+        hash = WebSite.page_hash(response.body)
+        return true if hash != error_404_hash && hash != homepage_hash
+      end
+
+      false
+    end
+
+    # @return [ String ] The must use plugins directory URL
+    def must_use_url
+      @uri.merge("#{wp_content_dir}/mu-plugins/").to_s
+    end
+
+  end
+end
--- a/lib/wpscan/wpscan_helper.rb
+++ b/lib/wpscan/wpscan_helper.rb
@@ -46,7 +46,7 @@ def usage
  puts '-Use custom plugins directory ...'
  puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins"
  puts
-  puts '-Update ...'
+  puts '-Update the DB ...'
  puts "ruby #{script_name} --update"
  puts
  puts '-Debug output ...'
@@ -62,7 +62,7 @@ def help
  puts
  puts 'Some values are settable in a config file, see the example.conf.json'
  puts
-  puts '--update                            Update to the latest revision.'
+  puts '--update                            Update to the database to the latest version.'
  puts '--url       | -u <target url>       The WordPress URL/domain to scan.'
  puts '--force     | -f                    Forces WPScan to not check if the remote site is running WordPress.'
  puts '--enumerate | -e [option(s)]        Enumeration.'
@@ -84,6 +84,7 @@ def help
  puts '                                    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).'
  puts '--config-file  | -c <config file>   Use the specified config file, see the example.conf.json.'
  puts '--user-agent   | -a <User-Agent>    Use the specified User-Agent.'
+  puts '--cookie <String>                   String to read cookies from.'
  puts '--random-agent | -r                 Use a random User-Agent.'
  puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
  puts '--batch                             Never ask for user input, use the default behaviour.'
@@ -96,8 +97,9 @@ def help
  puts '                                    If no protocol is given (format host:port), HTTP will be used.'
  puts '--proxy-auth <username:password>    Supply the proxy login credentials.'
  puts '--basic-auth <username:password>    Set the HTTP Basic authentication.'
-  puts '--wordlist | -w <wordlist>          Supply a wordlist for the password bruter and do the brute.'
+  puts '--wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.'
  puts '--username | -U <username>          Only brute force the supplied username.'
+  puts '--usernames     <path-to-file>      Only brute force the usernames from the file.'
  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
  puts '--cache-ttl       <cache-ttl>       Typhoeus cache TTL.'
  puts '--request-timeout <request-timeout> Request Timeout.'
@@ -105,5 +107,14 @@ def help
  puts '--max-threads     <max-threads>     Maximum Threads.'
  puts '--help     | -h                     This help screen.'
  puts '--verbose  | -v                     Verbose output.'
+  puts '--version                           Output the current version and exit.'
  puts
 end
+
+# Hook to check if the target if down during the scan
+# The target is considered down after 10 requests with status = 0
+down = 0
+Typhoeus.on_complete do |response|
+  down += 1 if response.code == 0
+  fail 'The target seems to be down' if down >= 10
+end
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -14,6 +14,7 @@ class WpscanOptions
    :enumerate_usernames,
    :enumerate_usernames_range,
    :no_color,
+    :log,
    :proxy,
    :proxy_auth,
    :threads,
@@ -23,12 +24,14 @@ class WpscanOptions
    :update,
    :verbose,
    :username,
+    :usernames,
    :password,
    :follow_redirection,
    :wp_content_dir,
    :wp_plugins_dir,
    :help,
    :config_file,
+    :cookie,
    :exclude_content_based,
    :basic_auth,
    :debug_output,
@@ -67,6 +70,12 @@ class WpscanOptions
    end
  end

+  def usernames=(file)
+    fail "The file #{file} does not exist" unless File.exists?(file)
+
+    @usernames = file
+  end
+
  def proxy=(proxy)
    if proxy.index(':') == nil
      raise 'Invalid proxy format. Should be host:port.'
@@ -236,6 +245,7 @@ class WpscanOptions
      ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
      ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT],
      ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT],
+      ['--usernames', GetoptLong::REQUIRED_ARGUMENT],
      ['--wordlist', '-w', GetoptLong::REQUIRED_ARGUMENT],
      ['--threads', '-t', GetoptLong::REQUIRED_ARGUMENT],
      ['--force', '-f', GetoptLong::NO_ARGUMENT],
@@ -259,7 +269,9 @@ class WpscanOptions
      ['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT],
      ['--max-threads', GetoptLong::REQUIRED_ARGUMENT],
      ['--batch', GetoptLong::NO_ARGUMENT],
-      ['--no-color', GetoptLong::NO_ARGUMENT]
+      ['--no-color', GetoptLong::NO_ARGUMENT],
+      ['--cookie', GetoptLong::REQUIRED_ARGUMENT],
+      ['--log', GetoptLong::NO_ARGUMENT]
    )
  end

--- a/lib/wpstools/plugins/checker/checker_plugin.rb
+++ b/lib/wpstools/plugins/checker/checker_plugin.rb
@@ -29,11 +29,18 @@ class CheckerPlugin < Plugin
    puts '[+] Checking vulnerabilities reference urls'

    vuln_ref_files.each do |vuln_ref_file|
-      xml = xml(vuln_ref_file)
+      json = json(vuln_ref_file)

      urls = []
-      xml.xpath('//references/url').each { |node| urls << node.text }
-
+      json.each do |asset|
+        asset[asset.keys.inject]['vulnerabilities'].each do |url|
+          unless url['url'].nil?
+            url['url'].each do |url|
+              urls << url
+            end
+          end
+        end
+      end
      urls.uniq!

      puts "[!] No URLs found in #{vuln_ref_file}!" if urls.empty?
@@ -75,17 +82,19 @@ class CheckerPlugin < Plugin
  end

  def check_local_vulnerable_files(dir_to_scan)
-    if Dir::exist?(dir_to_scan)
+    if Dir.exist?(dir_to_scan)
      xml_file               = LOCAL_FILES_FILE
      local_hashes           = {}
      file_extension_to_scan = '*.{js,php,swf,html,htm}'

      print '[+] Generating local hashes ... '

-      Dir[File::join(dir_to_scan, '**', file_extension_to_scan)].each do |filename|
+      Dir[File.join(dir_to_scan, '**', file_extension_to_scan)]
+      .select { |f| File.file?(f) }
+      .each do |filename|
        sha1sum = Digest::SHA1.file(filename).hexdigest

-        if local_hashes.has_key?(sha1sum)
+        if local_hashes.key?(sha1sum)
          local_hashes[sha1sum] << filename
        else
          local_hashes[sha1sum] = [filename]
--- a/lib/wpstools/plugins/list_generator/generate_list.rb
+++ b/lib/wpstools/plugins/list_generator/generate_list.rb
@@ -1,104 +0,0 @@
-# encoding: UTF-8
-
-# This tool generates a list to use for plugin and theme enumeration
-class GenerateList
-
-  attr_accessor :verbose
-
-  # type = themes | plugins
-  def initialize(type, verbose)
-    if type =~ /plugins/i
-      @type           = 'plugin'
-      @svn_url        = 'http://plugins.svn.wordpress.org/'
-      @popular_url    = 'http://wordpress.org/plugins/browse/popular/'
-      @popular_regex  = %r{<h3><a href="http://wordpress.org/plugins/([^/]+)/">.+</a></h3>}i
-    elsif type =~ /themes/i
-      @type           = 'theme'
-      @svn_url        = 'http://themes.svn.wordpress.org/'
-      @popular_url    = 'http://wordpress.org/themes/browse/popular/'
-      @popular_regex  = %r{<h3><a href="http://wordpress.org/themes/([^/]+)">.+</a></h3>}i
-    else
-      raise "Type #{type} not defined"
-    end
-    @verbose  = verbose
-    @browser  = Browser.instance(request_timeout: 20000, connect_timeout: 20000, max_threads: 1, cache_ttl: 0)
-  end
-
-  def set_file_name(type)
-    case @type
-    when 'plugin'
-      case type
-      when :full
-        @file_name = PLUGINS_FULL_FILE
-      when :popular
-        @file_name = PLUGINS_FILE
-      else
-        raise 'Unknown type'
-      end
-    when 'theme'
-      case type
-      when :full
-        @file_name = THEMES_FULL_FILE
-      when :popular
-        @file_name = THEMES_FILE
-      else
-        raise 'Unknown type'
-      end
-      else
-        raise "Unknown type #@type"
-    end
-  end
-
-  def generate_full_list
-    set_file_name(:full)
-    items = SvnParser.new(@svn_url).parse
-    save items
-  end
-
-  def generate_popular_list(pages)
-    set_file_name(:popular)
-    items = get_popular_items(pages)
-    save items
-  end
-
-  # Send a HTTP request to the WordPress most popular theme or plugin webpage
-  # parse the response for the names.
-  def get_popular_items(pages)
-    found_items = []
-    page_count = 1
-
-    (1...(pages.to_i + 1)).each do |page|
-      # First page has another URL
-      url = (page == 1) ? @popular_url : @popular_url + 'page/' + page.to_s + '/'
-      puts "[+] Parsing page #{page_count}" if @verbose
-      code = 0
-      while code != 200
-        puts red("[!] Retrying request for page #{page} (Code: #{code})") unless code == 0
-        request = @browser.forge_request(url)
-        response = request.run
-        code = response.code
-        sleep(5) unless code == 200
-      end
-      page_count += 1
-      found = 0
-      response.body.scan(@popular_regex).each do |item|
-        found_items << item[0]
-        found = found + 1
-      end
-      puts "[+] Found #{found} items on page #{page}" if @verbose
-    end
-
-    found_items.sort!
-    found_items.uniq
-  end
-
-  # Save the file
-  def save(items)
-    items.sort!
-    items.uniq!
-    puts "[*] We have parsed #{items.length} #{@type}s"
-    File.open(@file_name, 'w') { |f| f.puts(items) }
-    puts "New #@file_name file created"
-  end
-
-end
--- a/lib/wpstools/plugins/list_generator/list_generator_plugin.rb
+++ b/lib/wpstools/plugins/list_generator/list_generator_plugin.rb
@@ -1,53 +0,0 @@
-# encoding: UTF-8
-
-class ListGeneratorPlugin < Plugin
-
-  def initialize
-    super(author: 'WPScanTeam - @FireFart')
-
-    register_options(
-      ['--generate-plugin-list [NUMBER_OF_PAGES]', '--gpl', Integer, 'Generate a new data/plugins.txt file. (supply number of *pages* to parse, default : 150)'],
-      ['--generate-full-plugin-list', '--gfpl', 'Generate a new full data/plugins.txt file'],
-
-      ['--generate-theme-list [NUMBER_OF_PAGES]', '--gtl', Integer, 'Generate a new data/themes.txt file. (supply number of *pages* to parse, default : 20)'],
-      ['--generate-full-theme-list', '--gftl', 'Generate a new full data/themes.txt file'],
-
-      ['--generate-all', '--ga', 'Generate a new full plugins, full themes, popular plugins and popular themes list']
-    )
-  end
-
-  def run(options = {})
-    @verbose     = options[:verbose] || false
-    generate_all = options[:generate_all] || false
-
-    if options.has_key?(:generate_plugin_list) || generate_all
-      most_popular('plugin', options[:generate_plugin_list] || 150)
-    end
-
-    if options[:generate_full_plugin_list] || generate_all
-      full('plugin')
-    end
-
-    if options.has_key?(:generate_theme_list) || generate_all
-      most_popular('theme', options[:generate_theme_list] || 20)
-    end
-
-    if options[:generate_full_theme_list] || generate_all
-      full('theme')
-    end
-  end
-
-  private
-
-  def most_popular(type, number_of_pages)
-    puts "[+] Generating new most popular #{type} list"
-    puts
-    GenerateList.new(type + 's', @verbose).generate_popular_list(number_of_pages)
-  end
-
-  def full(type)
-    puts "[+] Generating new full #{type} list"
-    puts
-    GenerateList.new(type + 's', @verbose).generate_full_list
-  end
-end
--- a/lib/wpstools/plugins/list_generator/svn_parser.rb
+++ b/lib/wpstools/plugins/list_generator/svn_parser.rb
@@ -1,31 +0,0 @@
-# encoding: UTF-8
-
-# This Class Parses SVN Repositories via HTTP
-class SvnParser
-
-  attr_accessor :verbose, :svn_root, :keep_empty_dirs
-
-  def initialize(svn_root)
-    @svn_root    = svn_root
-  end
-
-  def parse
-    get_root_directories
-  end
-
-  #Private methods start here
-  private
-
-  # Gets all directories in the SVN root
-  def get_root_directories
-    dirs      = []
-    rootindex = Browser.get(@svn_root).body
-
-    rootindex.scan(%r{<li><a href=".+">(.+)/</a></li>}i).each do |dir|
-      dirs << dir[0]
-    end
-
-    dirs.sort!
-    dirs.uniq
-  end
-end
--- a/lib/wpstools/plugins/stats/stats_plugin.rb
+++ b/lib/wpstools/plugins/stats/stats_plugin.rb
@@ -48,38 +48,39 @@ class StatsPlugin < Plugin
  end

  def vuln_core_count(file=WP_VULNS_FILE)
-    xml(file).xpath('count(//wordpress)').to_i
+    json(file).size
  end

  def vuln_plugin_count(file=PLUGINS_VULNS_FILE)
-    xml(file).xpath('count(//plugin)').to_i
+    json(file).size
  end

  def vuln_theme_count(file=THEMES_VULNS_FILE)
-    xml(file).xpath('count(//theme)').to_i
+    json(file).size
  end

  def version_vulns_count(file=WP_VULNS_FILE)
-    xml(file).xpath('count(//vulnerability)').to_i
+    asset_vulns_count(json(file))
  end
+
  def fix_version_count(file=WP_VULNS_FILE)
-    xml(file).xpath('count(//fixed_in)').to_i
+    asset_fixed_in_count(json(file))
  end

  def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
-    xml(file).xpath('count(//vulnerability)').to_i
+    asset_vulns_count(json(file))
  end

  def fix_plugin_count(file=PLUGINS_VULNS_FILE)
-    xml(file).xpath('count(//fixed_in)').to_i
+    asset_fixed_in_count(json(file))
  end

  def theme_vulns_count(file=THEMES_VULNS_FILE)
-    xml(file).xpath('count(//vulnerability)').to_i
+    asset_vulns_count(json(file))
  end

  def fix_theme_count(file=THEMES_VULNS_FILE)
-    xml(file).xpath('count(//fixed_in)').to_i
+    asset_fixed_in_count(json(file))
  end

  def total_plugins(file=PLUGINS_FULL_FILE)
@@ -94,4 +95,12 @@ class StatsPlugin < Plugin
    IO.readlines(file).size
  end

+  def asset_vulns_count(json)
+    json.map { |asset| asset[asset.keys.inject]['vulnerabilities'].size }.inject(:+)
+  end
+
+  def asset_fixed_in_count(json)
+    json.map { |asset| asset[asset.keys.inject]['vulnerabilities'].map {|a| a['fixed_in'].nil? ? 0 : 1 }.inject(:+) }.inject(:+)
+  end
+
 end
--- a/lib/wpstools/wpstools_helper.rb
+++ b/lib/wpstools/wpstools_helper.rb
@@ -12,21 +12,6 @@ def usage
  puts
  puts 'Examples:'
  puts
-  puts "- Generate a new 'most popular' plugin list, up to 150 pages ..."
-  puts "ruby #{script_name} --generate-plugin-list 150"
-  puts
-  puts '- Generate a new full plugin list'
-  puts "ruby #{script_name} --generate-full-plugin-list"
-  puts
-  puts "- Generate a new 'most popular' theme list, up to 150 pages ..."
-  puts "ruby #{script_name} --generate-theme-list 150"
-  puts
-  puts '- Generate a new full theme list'
-  puts "ruby #{script_name} --generate-full-theme-list"
-  puts
-  puts '- Generate all list'
-  puts "ruby #{script_name} --generate-all"
-  puts
  puts 'Locally scan a wordpress installation for vulnerable files or shells'
  puts "ruby #{script_name} --check-local-vulnerable-files /var/www/wordpress/"
  puts
--- a/spec/lib/common/browser_spec.rb
+++ b/spec/lib/common/browser_spec.rb
@@ -25,7 +25,7 @@ describe Browser do
    json_expected_vars['max_threads'] ||= 20 # max_thread can not be nil

    instance_vars_to_check.each do |variable_name|
-      browser.send(:"#{variable_name}").should === json_expected_vars[variable_name]
+      expect(browser.send(:"#{variable_name}")).to be === json_expected_vars[variable_name]
    end
  end

@@ -50,7 +50,7 @@ describe Browser do
      let(:cache_dir) { CACHE_DIR + '/somewhere' }
      let(:options) { { cache_dir: cache_dir } }

-      after { subject.cache_dir.should == cache_dir }
+      after { expect(subject.cache_dir).to eq cache_dir }

      it 'sets @cache_dir' do
        @json_expected_vars = json_config_without_proxy
@@ -84,11 +84,11 @@ describe Browser do

  describe '::append_params_header_field' do
    after :each do
-      Browser.append_params_header_field(
+      expect(Browser.append_params_header_field(
        @params,
        @field,
        @field_value
-      ).should === @expected
+      )).to be === @expected
    end

    context 'when there is no headers' do
@@ -140,7 +140,7 @@ describe Browser do
      browser.user_agent = 'SomeUA'
      browser.cache_ttl = 250

-      browser.merge_request_params(params).should == @expected
+      expect(browser.merge_request_params(params)).to eq @expected
    end

    it 'sets the User-Agent header field and cache_ttl' do
@@ -190,18 +190,27 @@ describe Browser do
        @expected = default_expectation.merge(params)
      end
    end
+
+    context 'when @cookie' do
+      let(:cookie) { 'foor=bar;bar=foo' }
+      before       { browser.cookie = cookie }
+
+      it 'sets the cookie' do
+        @expected = default_expectation.merge(cookie: cookie)
+      end
+    end
  end

  describe '#forge_request' do
    let(:url) { 'http://example.localhost' }

    it 'returns the correct Typhoeus::Request' do
-      subject.stub(merge_request_params: { cache_ttl: 10 })
+      allow(subject).to receive_messages(merge_request_params: { cache_ttl: 10 })

      request = subject.forge_request(url)
-      request.should be_a Typhoeus::Request
-      request.url.should == url
-      request.cache_ttl.should == 10
+      expect(request).to be_a Typhoeus::Request
+      expect(request.url).to eq url
+      expect(request.cache_ttl).to eq 10
    end

  end
@@ -216,7 +225,7 @@ describe Browser do
      response1 = Browser.get(url)
      response2 = Browser.get(url)

-      response1.body.should == response2.body
+      expect(response1.body).to eq response2.body
      #WebMock.should have_requested(:get, url).times(1) # This one fail, dunno why :s (but it works without mock)
    end
  end
--- a/spec/lib/common/cache_file_store_spec.rb
+++ b/spec/lib/common/cache_file_store_spec.rb
@@ -17,33 +17,50 @@ describe CacheFileStore do

  describe '#storage_path' do
    it 'returns the storage path given in the #new' do
-      @cache.storage_path.should match(/#{cache_dir}/)
+      expect(@cache.storage_path).to match(/#{cache_dir}/)
    end
  end

  describe '#serializer' do
    it 'should return the default serializer : Marshal' do
-      @cache.serializer.should     == Marshal
-      @cache.serializer.should_not == YAML
+      expect(@cache.serializer).to     eq Marshal
+      expect(@cache.serializer).not_to eq YAML
    end
  end

  describe '#clean' do
    it "should remove all files from the cache dir (#{@cache_dir}" do
-      # let's create some files into the directory first
-      (0..5).each do |i|
-        File.new(@cache.storage_path + "/file_#{i}.txt", File::CREAT)
-      end
-
-      count_files_in_dir(@cache.storage_path, 'file_*.txt').should == 6
+      # clean is executed by other tests before
+      before = count_files_in_dir(@cache.cache_dir)
+      test_dir = File.expand_path("#{@cache.cache_dir}/test")
+      Dir.mkdir test_dir
+      #change the modification date
+      %x[ touch -t 200701310846.26 #{test_dir} ]
+      expect(count_files_in_dir(@cache.cache_dir)).to eq (before + 1)
      @cache.clean
-      count_files_in_dir(@cache.storage_path).should == 0
+      expect(count_files_in_dir(@cache.cache_dir)).to eq before
    end
  end

-  describe '#read_entry (nonexistent entry)' do
-    it 'should return nil' do
-      @cache.read_entry(Digest::SHA1.hexdigest('hello world')).should be_nil
+  describe '#read_entry' do
+    after { expect(@cache.read_entry(key)).to eq @expected }
+
+    context 'when the entry does not exist' do
+      let(:key) { Digest::SHA1.hexdigest('hello world') }
+
+      it 'should return nil' do
+        @expected = nil
+      end
+    end
+
+    context 'when the file exist but is empty (marshal data too short error)' do
+      let(:key) { 'empty-file' }
+
+      it 'returns nil' do
+        File.new(File.join(@cache.storage_path, key), File::CREAT)
+
+        @expected = nil
+      end
    end
  end

@@ -51,7 +68,7 @@ describe CacheFileStore do

    after :each do
      @cache.write_entry(@key, @data, @timeout)
-      @cache.read_entry(@key).should === @expected
+      expect(@cache.read_entry(@key)).to be === @expected
    end

    it 'should get the correct entry (string)' do
@@ -79,7 +96,7 @@ describe CacheFileStore do
        storage_dirs << CacheFileStore.new(cache_dir).storage_path
      end

-      storage_dirs.uniq.size.should == 5
+      expect(storage_dirs.uniq.size).to eq 5
    end
  end
 end
--- a/spec/lib/common/collections/wp_items_spec.rb
+++ b/spec/lib/common/collections/wp_items_spec.rb
@@ -10,20 +10,15 @@ describe WpItems do

    let(:expected) do
      {
-        request_params:                 { cache_ttl: 0, followlocation: true },
-        targets_items_from_file:        [ WpItem.new(uri, name: 'item1'),
-                                          WpItem.new(uri, name:'item-2'),
-                                          WpItem.new(uri, name: 'mr-smith')],
+        request_params:           { cache_ttl: 0, followlocation: true },
+        targets_items_from_file:  [ WpItem.new(uri, name: 'item1'),
+                                    WpItem.new(uri, name: 'item-2'),
+                                    WpItem.new(uri, name: 'mr-smith')],

-        vulnerable_targets_items:       [ WpItem.new(uri, name: 'mr-smith'),
-                                          WpItem.new(uri, name: 'neo')],
+        vulnerable_targets_items: [ WpItem.new(uri, name: 'mr-smith'),
+                                    WpItem.new(uri, name: 'neo')],

-        passive_detection: WpItems.new << WpItem.new(uri, name: 'js-source') <<
-                                          WpItem.new(uri, name: 'escaped-url') <<
-                                          WpItem.new(uri, name: 'link-tag') <<
-                                          WpItem.new(uri, name: 'script-tag') <<
-                                          WpItem.new(uri, name: 'style-tag') <<
-                                          WpItem.new(uri, name: 'style-tag-import')
+        passive_detection: (1..13).reduce(WpItems.new) { |o, i| o << WpItem.new(uri, name: "detect-me-#{i}") }
      }
    end
  end
--- a/spec/lib/common/collections/wp_plugins/detectable_spec.rb
+++ b/spec/lib/common/collections/wp_plugins/detectable_spec.rb
@@ -15,7 +15,7 @@ describe 'WpPlugins::Detectable' do
    context 'when no header' do
      it 'returns an empty WpPlugins' do
        stub_request(:get, url).to_return(status: 200)
-        subject.send(:from_header, wp_target).should == subject.new
+        expect(subject.send(:from_header, wp_target)).to eq subject.new
      end
    end

@@ -25,7 +25,7 @@ describe 'WpPlugins::Detectable' do

      after :each do
        stub_request(:get, url).to_return(status: 200, headers: headers, body: '')
-        subject.send(:from_header, wp_target).should == expected
+        expect(subject.send(:from_header, wp_target)).to eq expected
      end

      context 'when w3-total-cache detected' do
@@ -66,7 +66,7 @@ describe 'WpPlugins::Detectable' do
    context 'when no body' do
      it 'returns an empty WpPlugins' do
        stub_request(:get, url).to_return(status: 200, body: '')
-        subject.send(:from_content, wp_target).should == subject.new
+        expect(subject.send(:from_content, wp_target)).to eq subject.new
      end
    end

@@ -77,7 +77,7 @@ describe 'WpPlugins::Detectable' do
      after :each do
        stub_request(:get, url).to_return(status: 200, body: @body)
        stub_request(:get, /readme\.txt/i).to_return(status: 404)
-        subject.send(:from_content, wp_target).should == expected
+        expect(subject.send(:from_content, wp_target)).to eq expected
      end

      context 'when w3 total cache detected' do
--- a/spec/lib/common/collections/wp_plugins_spec.rb
+++ b/spec/lib/common/collections/wp_plugins_spec.rb
@@ -19,8 +19,7 @@ describe WpPlugins do
        vulnerable_targets_items:         [ WpPlugin.new(uri, name: 'mr-smith'),
                                            WpPlugin.new(uri, name: 'neo')],

-        passive_detection: WpPlugins.new << WpPlugin.new(uri, name: 'js-source') <<
-                                            WpPlugin.new(uri, name: 'escaped-url') <<
+        passive_detection: WpPlugins.new << WpPlugin.new(uri, name: 'escaped-url') <<
                                            WpPlugin.new(uri, name: 'link-tag') <<
                                            WpPlugin.new(uri, name: 'script-tag') <<
                                            WpPlugin.new(uri, name: 'style-tag') <<
--- a/spec/lib/common/collections/wp_timthumbs/detectable_spec.rb
+++ b/spec/lib/common/collections/wp_timthumbs/detectable_spec.rb
@@ -38,7 +38,7 @@ describe 'WpTimthumbs::Detectable' do

  describe '::passive_detection' do
    it 'returns an empty WpTimthumbs' do
-      subject.passive_detection(wp_target).should == subject.new
+      expect(subject.passive_detection(wp_target)).to eq subject.new
    end
  end

@@ -46,7 +46,7 @@ describe 'WpTimthumbs::Detectable' do
    after do
      targets = subject.send(:targets_items_from_file, file, wp_target)

-      targets.map { |t| t.url }.should == @expected.map { |t| t.url }
+      expect(targets.map { |t| t.url }).to eq @expected.map { |t| t.url }
    end

    context 'when an empty file' do
@@ -71,7 +71,7 @@ describe 'WpTimthumbs::Detectable' do
      theme   = 'hello-world'
      targets = subject.send(:theme_timthumbs, theme, wp_target)

-      targets.map { |t| t.url }.should == expected_targets_from_theme(theme).map { |t| t.url }
+      expect(targets.map { |t| t.url }).to eq expected_targets_from_theme(theme).map { |t| t.url }
    end
  end

@@ -81,7 +81,7 @@ describe 'WpTimthumbs::Detectable' do
    after do
      targets = subject.send(:targets_items, wp_target, options)

-      targets.map { |t| t.url }.should == @expected.sort.map { |t| t.url }
+      expect(targets.map { |t| t.url }).to eq @expected.sort.map { |t| t.url }
    end

    context 'when no :theme_name' do
--- a/spec/lib/common/collections/wp_users/detectable_spec.rb
+++ b/spec/lib/common/collections/wp_users/detectable_spec.rb
@@ -22,13 +22,13 @@ describe 'WpUsers::Detectable' do

  describe '::request_params' do
    it 'return an empty Hash' do
-      subject.request_params.should === {}
+      expect(subject.request_params).to be === {}
    end
  end

  describe '::passive_detection' do
    it 'return an empty WpUsers' do
-      subject.passive_detection(wp_target).should == subject.new
+      expect(subject.passive_detection(wp_target)).to eq subject.new
    end
  end

@@ -36,7 +36,7 @@ describe 'WpUsers::Detectable' do
    after do
      targets = subject.send(:targets_items, wp_target, options)

-      targets.should == @expected
+      expect(targets).to eq @expected
    end

    context 'when no :range' do
--- a/spec/lib/common/collections/wp_users/output_spec.rb
+++ b/spec/lib/common/collections/wp_users/output_spec.rb
@@ -25,19 +25,19 @@ describe 'WpUsers::Output' do
      subject.push(@input)
      subject.flatten!
      subject.remove_junk_from_display_names
-      subject.should === @expected
+      expect(subject).to eq @expected
    end

-    it 'should return an empty array' do
+    it 'returns an empty array' do
      @expected = @input
    end

-    it 'should return input object' do
+    it 'returns input object' do
      @input.push(WpUser.new(nil))
      @expected = @input
    end

-    it 'should return input object' do
+    it 'returns input object' do
      @input.push(WpUser.new(''))
      @expected = @input
    end
@@ -50,23 +50,37 @@ describe 'WpUsers::Output' do
      @expected.push(WpUser.new('', login: '', id: 2, display_name: 'ijrjd'))
    end

-    it 'should return unmodified input object' do
+    it 'returns unmodified input object' do
      @input.push(WpUser.new('', login: '', id: 1, display_name: 'lkjh asdfa'))
      @input.push(WpUser.new('', login: '', id: 2, display_name: 'ijrjd asdf'))
      @expected = @input
    end

-    it 'should return input object' do
+    it 'returns input object' do
      @input.push(WpUser.new('', login: '', id: 1, display_name: 'lkjh asdf'))
      @expected = @input
    end

-    it 'should return an empty display_name' do
+    it 'returns an empty display_name' do
      @input.push(WpUser.new('', login: '', id: 1, display_name: 'lkhj asdf'))
      @input.push(WpUser.new('', login: '', id: 2, display_name: 'lkhj asdf'))
      @expected = WpUsers.new(0)
      @expected.push(WpUser.new('', login: '', id: 1, display_name: ''))
      @expected.push(WpUser.new('', login: '', id: 2, display_name: ''))
    end
+
+    context 'when a user has no display_name' do
+      it 'returns an empty display_name' do
+        @input.push(WpUser.new('', login: '', id: 1, display_name: 'lkhj asdf'))
+        @input.push(WpUser.new('', login: '', id: 2, display_name: 'lkhj asdf'))
+        @input.push(WpUser.new('', login: '', id: 3))
+
+        @expected = WpUsers.new(0)
+
+        (1..3).each do |id|
+          @expected.push(WpUser.new('', login: '', id: id, display_name: ''))
+        end
+      end
+    end
  end
 end
--- a/spec/lib/common/common_helper_spec.rb
+++ b/spec/lib/common/common_helper_spec.rb
@@ -7,7 +7,7 @@ describe 'common_helper' do
    after :each do
      output = get_equal_string_end(@input)

-      output.should == @expected
+      expect(output).to eq @expected
    end

    it 'returns an empty string' do
@@ -75,7 +75,7 @@ describe 'common_helper' do
  describe '#remove_base64_images_from_html' do
    after :each do
      output = remove_base64_images_from_html(@html)
-      output.should == @expected
+      expect(output).to eq @expected
    end

    it 'removes the valid base64 image' do
@@ -92,7 +92,7 @@ describe 'common_helper' do
  describe '#truncate' do
    after :each do
      output = truncate(@input, @length, @trailing)
-      output.should == @expected
+      expect(output).to eq @expected
    end

    it 'returns nil on no input' do
--- a/spec/lib/common/custom_option_parser_spec.rb
+++ b/spec/lib/common/custom_option_parser_spec.rb
@@ -15,7 +15,7 @@ describe CustomOptionParser do
      if @exception
        expect { CustomOptionParser::option_to_symbol(@option) }.to raise_error(@exception)
      else
-        CustomOptionParser::option_to_symbol(@option).should === @expected
+        expect(CustomOptionParser::option_to_symbol(@option)).to be === @expected
      end
    end

@@ -100,7 +100,7 @@ describe CustomOptionParser do
      parser.add_option(['-v', '--verbose'])
      parser.add_option(['--url TARGET_URL'])

-      parser.symbols_used.sort.should === [:url, :verbose]
+      expect(parser.symbols_used.sort).to be === [:url, :verbose]
    end

    context 'parsing' do
@@ -118,7 +118,7 @@ describe CustomOptionParser do

      it 'should retrieve the correct argument' do
        parser.parse!(['-u', 'iam_the_target'])
-        parser.results.should === { url: 'iam_the_target' }
+        expect(parser.results).to be === { url: 'iam_the_target' }
      end
    end
  end
@@ -134,8 +134,8 @@ describe CustomOptionParser do

    context 'single option' do
      it 'should add the :url option, and retrieve the correct argument' do
-        parser.symbols_used.should === [:url]
-        parser.results(['-u', 'target.com']).should === { url: 'target.com' }
+        expect(parser.symbols_used).to be === [:url]
+        expect(parser.results(['-u', 'target.com'])).to be === { url: 'target.com' }
      end
    end

@@ -146,8 +146,8 @@ describe CustomOptionParser do
          ['--test [TEST_NUMBER]']
        ])

-        parser.symbols_used.sort.should === [:test, :url, :verbose]
-        parser.results(['-u', 'wp.com', '-v', '--test']).should === { test: nil, url: 'wp.com', verbose: true }
+        expect(parser.symbols_used.sort).to be === [:test, :url, :verbose]
+        expect(parser.results(['-u', 'wp.com', '-v', '--test'])).to be === { test: nil, url: 'wp.com', verbose: true }
      end
    end
  end
--- a/spec/lib/common/models/vulnerability_spec.rb
+++ b/spec/lib/common/models/vulnerability_spec.rb
@@ -13,41 +13,43 @@ describe Vulnerability do
    context 'w/o metasploit and fixed version modules argument' do
      subject(:vulnerability) { Vulnerability.new(title, type, references) }

-      its(:title)              { should be title }
-      its(:references)         { should be references }
-      its(:type)               { should be type }
-      its(:fixed_in)           { should be_empty }
+      its(:title)      { should be title }
+      its(:references) { should be references }
+      its(:type)       { should be type }
+      its(:fixed_in)   { should be_empty }
    end

    context 'with fixed version argument' do
-      let(:fixed_version)  { '1.0' }
-      its(:title)              { should be title }
-      its(:references)         { should be references }
-      its(:type)               { should be type }
-      its(:fixed_in)           { should be fixed_version }
+      let(:fixed_version) { '1.0' }
+
+      its(:title)      { should be title }
+      its(:references) { should be references }
+      its(:type)       { should be type }
+      its(:fixed_in)   { should be fixed_version }
    end

  end

-  describe '::load_from_xml_node' do
-    subject(:vulnerability) { Vulnerability.load_from_xml_node(node) }
-    let(:node) {
-      xml(MODELS_FIXTURES + '/vulnerability/xml_node.xml').xpath('//vulnerability')
+  describe '::load_from_json_item' do
+    subject(:vulnerability) { Vulnerability.load_from_json_item(item) }
+    let(:item) {
+      json(MODELS_FIXTURES + '/vulnerability/json_item.json')
    }

    expected_refs = {
-        :url=>['Ref 1', 'Ref 2'],
-        :cve=>['2011-001'],
-        :secunia=>['secunia'],
-        :osvdb=>['osvdb'],
-        :metasploit=>['exploit/ex1'],
-        :exploitdb=>['exploitdb']
+      'id'         => ['3911'],
+      'url'        => ['Ref 1,Ref 2'],
+      'cve'        => ['2011-001'],
+      'secunia'    => ['secunia'],
+      'osvdb'      => ['osvdb'],
+      'metasploit' => ['exploit/ex1'],
+      'exploitdb'  => ['exploitdb']
    }

-    its(:title)              { should == 'Vuln Title' }
-    its(:type)               { should == 'CSRF' }
-    its(:references)         { should ==  expected_refs}
-    its(:fixed_in)           { should == '1.0'}
+    its(:title)      { should == 'Vuln Title' }
+    its(:type)       { should == 'CSRF' }
+    its(:references) { should ==  expected_refs}
+    its(:fixed_in)   { should == '1.0'}
  end

 end
--- a/spec/lib/common/models/wp_item_spec.rb
+++ b/spec/lib/common/models/wp_item_spec.rb
@@ -11,17 +11,18 @@ describe WpItem do
  end
  it_behaves_like 'WpItem::Versionable'
  it_behaves_like 'WpItem::Vulnerable' do
-    let(:vulns_file)     { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.xml' }
-    let(:vulns_xpath)    { "//item[@name='neo']/vulnerability" }
+    let(:vulns_file)     { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' }
+    let(:identifier)    { 'neo' }
    let(:expected_refs)  { {
-        :url => ['Ref 1', 'Ref 2'],
-        :cve => ['2011-001'],
-        :secunia => ['secunia'],
-        :osvdb => ['osvdb'],
-        :metasploit => ['exploit/ex1'],
-        :exploitdb => ['exploitdb']
+        'id'  => [2993],
+        'url' => ['Ref 1,Ref 2'],
+        'cve' => ['2011-001'],
+        'secunia' => ['secunia'],
+        'osvdb' => ['osvdb'],
+        'metasploit' => ['exploit/ex1'],
+        'exploitdb' => ['exploitdb']
    } }
-    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new("I'm the one", 'XSS', expected_refs) }
+    let(:expected_vulns) { Vulnerabilities.new(1, Vulnerability.new("I'm the one", 'XSS', expected_refs)) }
  end

  subject(:wp_item) { WpItem.new(uri, options) }
@@ -30,30 +31,30 @@ describe WpItem do

  describe '#new' do
    context 'with no options' do
-      its(:wp_content_dir) { should == 'wp-content' }
-      its(:wp_plugins_dir) { should == 'wp-content/plugins' }
-      its(:uri) { should be uri }
+      its(:wp_content_dir) { is_expected.to eq 'wp-content' }
+      its(:wp_plugins_dir) { is_expected.to eq 'wp-content/plugins' }
+      its(:uri) { is_expected.to be uri }
    end

    context 'with :wp_content_dir' do
      let(:options) { { wp_content_dir: 'custom' } }

-      its(:wp_content_dir) { should == 'custom' }
-      its(:wp_plugins_dir) { should == 'custom/plugins' }
+      its(:wp_content_dir) { is_expected.to eq 'custom' }
+      its(:wp_plugins_dir) { is_expected.to eq 'custom/plugins' }
    end

    context 'with :wp_plugins_dir' do
      let(:options) { { wp_plugins_dir: 'c-plugins' } }

-      its(:wp_content_dir) { should == 'wp-content' }
-      its(:wp_plugins_dir) { should == 'c-plugins' }
+      its(:wp_content_dir) { is_expected.to eq 'wp-content' }
+      its(:wp_plugins_dir) { is_expected.to eq 'c-plugins' }
    end
  end

  describe '#set_options' do
    context 'no an allowed option' do
      it 'ignores the option' do
-        wp_item.should_not_receive(:not_allowed=)
+        expect(wp_item).not_to receive(:not_allowed=)

        wp_item.send(:set_options, { not_allowed: 'owned' })
      end
@@ -61,7 +62,7 @@ describe WpItem do

    context 'allowed option, w/o setter method' do
      it 'raises an error' do
-        wp_item.stub(:allowed_options).and_return([:no_setter])
+        allow(wp_item).to receive(:allowed_options).and_return([:no_setter])

        expect {
          wp_item.send(:set_options, { no_setter: 'hello' })
@@ -73,7 +74,7 @@ describe WpItem do
  describe '#path=' do
    after do
      wp_item.path = @path
-      wp_item.path.should == @expected
+      expect(wp_item.path).to eq @expected
    end

    context 'with default variable value' do
@@ -90,8 +91,8 @@ describe WpItem do

    context 'whith custom variable values' do
      before {
-        wp_item.stub(:wp_content_dir).and_return('custom-content')
-        wp_item.stub(:wp_plugins_dir).and_return('plugins')
+        allow(wp_item).to receive(:wp_content_dir).and_return('custom-content')
+        allow(wp_item).to receive(:wp_plugins_dir).and_return('plugins')
      }

      it 'replaces $wp-content$ by custom-content' do
@@ -117,7 +118,7 @@ describe WpItem do
        path         = 'somedir/somefile.php'
        wp_item.path = path

-        wp_item.uri.should == uri.merge(path)
+        expect(wp_item.uri).to eq uri.merge(path)
      end
    end
  end
@@ -127,7 +128,7 @@ describe WpItem do
      wp_item.name = 'a-name'
      other = WpItem.new(uri, name: 'other-name')

-      wp_item.<=>(other).should === 'a-name'.<=>('other-name')
+      expect(wp_item.<=>(other)).to be === 'a-name'.<=>('other-name')
    end
  end

@@ -137,7 +138,7 @@ describe WpItem do
        wp_item.name = 'some-name'
        other = WpItem.new(uri, name: 'some-name')

-        wp_item.should == other
+        expect(wp_item).to eq other
      end
    end

@@ -146,7 +147,7 @@ describe WpItem do
        wp_item.name = 'Test'
        other = WpItem.new(uri, name: 'hello')

-        wp_item.should_not == other
+        expect(wp_item).not_to eq other
      end
    end
  end
@@ -156,13 +157,13 @@ describe WpItem do

    context 'when the :name and :version are the same' do
      it 'is ===' do
-        WpItem.new(uri, options).should === WpItem.new(uri.merge('yo'), options)
+        expect(WpItem.new(uri, options)).to be === WpItem.new(uri.merge('yo'), options)
      end
    end

    context 'otherwise' do
      it 'is not ===' do
-        WpItem.new(uri, options).should_not === WpItem.new(uri, options.merge(version: '1.0'))
+        expect(WpItem.new(uri, options)).not_to be === WpItem.new(uri, options.merge(version: '1.0'))
      end
    end
  end
--- a/spec/lib/common/models/wp_plugin_spec.rb
+++ b/spec/lib/common/models/wp_plugin_spec.rb
@@ -6,14 +6,15 @@ describe WpPlugin do
  it_behaves_like 'WpPlugin::Vulnerable'
  it_behaves_like 'WpItem::Vulnerable' do
    let(:options)        { { name: 'white-rabbit' } }
-    let(:vulns_file)     { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.xml' }
+    let(:vulns_file)     { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' }
    let(:expected_refs)  { {
-        :url => ['Ref 1', 'Ref 2'],
-        :cve => ['2011-001'],
-        :secunia => ['secunia'],
-        :osvdb => ['osvdb'],
-        :metasploit => ['exploit/ex1'],
-        :exploitdb => ['exploitdb']
+        'id'  => [2993],
+        'url' => ['Ref 1,Ref 2'],
+        'cve' => ['2011-001'],
+        'secunia' => ['secunia'],
+        'osvdb' => ['osvdb'],
+        'metasploit' => ['exploit/ex1'],
+        'exploitdb' => ['exploitdb']
    } }
    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Follow me!', 'REDIRECT', expected_refs) }
  end
@@ -23,7 +24,7 @@ describe WpPlugin do
  let(:options)       { { name: 'plugin-name' } }

  describe '#forge_uri' do
-    its('uri.to_s') { should == 'http://example.com/wp-content/plugins/plugin-name/' }
+    its('uri.to_s') { is_expected.to eq 'http://example.com/wp-content/plugins/plugin-name/' }
  end

 end
--- a/spec/lib/common/models/wp_theme/findable_spec.rb
+++ b/spec/lib/common/models/wp_theme/findable_spec.rb
@@ -18,9 +18,9 @@ describe 'WpTheme::Findable' do
      wp_theme = WpTheme.send(:find_from_css_link, uri)

      if @expected
-        wp_theme.should be_a WpTheme
+        expect(wp_theme).to be_a WpTheme
      end
-      wp_theme.should == @expected
+      expect(wp_theme).to eq @expected
    end

    context 'when theme is not present' do
@@ -52,6 +52,13 @@ describe 'WpTheme::Findable' do
      end
    end

+    context 'when other style.css is referenced' do
+      it 'returns the WpTheme' do
+        @file = 'yootheme.html'
+        @expected = WpTheme.new(uri, name: 'yoo_solar_wp', referenced_url: '/wp-content/themes/yoo_solar_wp/styles/wood/css/style.css')
+      end
+    end
+
  end

  describe '::find_from_wooframework' do
@@ -66,9 +73,9 @@ describe 'WpTheme::Findable' do
      wp_theme = WpTheme.send(:find_from_wooframework, uri)

      if @expected
-        wp_theme.should be_a WpTheme
+        expect(wp_theme).to be_a WpTheme
      end
-      wp_theme.should == @expected
+      expect(wp_theme).to eq @expected
    end

    context 'when theme is not present' do
@@ -96,7 +103,7 @@ describe 'WpTheme::Findable' do
    # Stub all WpTheme::find_from_* to return nil
    def stub_all_to_nil
      WpTheme.methods.grep(/^find_from_/).each do |method|
-        WpTheme.stub(method).and_return(nil)
+        allow(WpTheme).to receive(method).and_return(nil)
      end
    end

@@ -120,7 +127,7 @@ describe 'WpTheme::Findable' do
      it 'returns nil' do
        stub_all_to_nil()

-        WpTheme.find(uri).should be_nil
+        expect(WpTheme.find(uri)).to be_nil
      end
    end

@@ -130,12 +137,12 @@ describe 'WpTheme::Findable' do
        stub_request(:get, /.+\/the-oracle\/style.css$/).to_return(status: 200)
        expected = WpTheme.new(uri, name: 'the-oracle')

-        WpTheme.stub(:find_from_css_link).and_return(expected)
+        allow(WpTheme).to receive(:find_from_css_link).and_return(expected)
        wp_theme = WpTheme.find(uri)

-        wp_theme.should be_a WpTheme
-        wp_theme.should == expected
-        wp_theme.found_from.should === 'css link'
+        expect(wp_theme).to be_a WpTheme
+        expect(wp_theme).to eq expected
+        expect(wp_theme.found_from).to be === 'css link'
      end
    end

--- a/spec/lib/common/models/wp_theme_spec.rb
+++ b/spec/lib/common/models/wp_theme_spec.rb
@@ -3,22 +3,19 @@
 require 'spec_helper'

 describe WpTheme do
-  before do
-    stub_request(:get, /.+\/style.css$/).to_return(status: 200)
-  end
-
  it_behaves_like 'WpTheme::Versionable'
  it_behaves_like 'WpTheme::Vulnerable'
  it_behaves_like 'WpItem::Vulnerable' do
    let(:options)        { { name: 'the-oracle' } }
-    let(:vulns_file)     { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.xml' }
+    let(:vulns_file)     { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
    let(:expected_refs)  { {
-        :url => ['Ref 1', 'Ref 2'],
-        :cve => ['2011-001'],
-        :secunia => ['secunia'],
-        :osvdb => ['osvdb'],
-        :metasploit => ['exploit/ex1'],
-        :exploitdb => ['exploitdb']
+        'id' => [2993],
+        'url' => ['Ref 1,Ref 2'],
+        'cve' => ['2011-001'],
+        'secunia' => ['secunia'],
+        'osvdb' => ['osvdb'],
+        'metasploit' => ['exploit/ex1'],
+        'exploitdb' => ['exploitdb']
    } }
    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('I see you', 'FPD', expected_refs) }
  end
@@ -29,24 +26,11 @@ describe WpTheme do
  let(:theme_path)    { 'wp-content/themes/theme-name/' }

  describe '#allowed_options' do
-    its(:allowed_options) { should include :style_url }
+    its(:allowed_options) { is_expected.to include :referenced_url }
  end

  describe '#forge_uri' do
-    its(:uri) { should == uri.merge(theme_path) }
-  end
-
-  describe '#style_url' do
-    its(:style_url) { should == uri.merge(theme_path + '/style.css').to_s }
-
-    context 'when its already set' do
-      it 'returns it instead of the default one' do
-        url                = uri.merge(theme_path + '/custom.css').to_s
-        wp_theme.style_url = url
-
-        wp_theme.style_url.should == url
-      end
-    end
+    its(:uri) { is_expected.to eq uri.merge(theme_path) }
  end

 end
--- a/spec/lib/common/models/wp_timthumb_spec.rb
+++ b/spec/lib/common/models/wp_timthumb_spec.rb
@@ -13,17 +13,19 @@ describe WpTimthumb do
  describe '#==' do
    context 'when both url are equal' do
      it 'returns true' do
-        WpTimthumb.new(uri, path: 'timtuhumb.php').
-        should ==
+        expect(WpTimthumb.new(uri, path: 'timtuhumb.php')).
+        to eq(
        WpTimthumb.new(uri, path: 'timtuhumb.php')
+        )
      end
    end

    context 'when urls are different' do
      it 'returns false' do
-        WpTimthumb.new(uri, path: 'hello/timtuhumb.php').
-        should_not ==
+        expect(WpTimthumb.new(uri, path: 'hello/timtuhumb.php')).
+        not_to eq(
        WpTimthumb.new(uri, path: 'some-dir/timtuhumb.php')
+        )
      end
    end
  end
--- a/spec/lib/common/models/wp_user_spec.rb
+++ b/spec/lib/common/models/wp_user_spec.rb
@@ -12,10 +12,10 @@ describe WpUser do

  describe '#allowed_options' do
    [:id, :login, :display_name, :password].each do |sym|
-      its(:allowed_options) { should include sym }
+      its(:allowed_options) { is_expected.to include sym }
    end

-    its(:allowed_options) { should_not include :name }
+    its(:allowed_options) { is_expected.not_to include :name }
  end

  describe '#uri' do
@@ -29,7 +29,7 @@ describe WpUser do
      it 'returns the uri to the auhor page' do
        wp_user.id = 2

-        wp_user.uri.should == uri.merge('?author=2')
+        expect(wp_user.uri).to eq uri.merge('?author=2')
      end
    end
  end
@@ -37,7 +37,7 @@ describe WpUser do
  describe '#to_s' do
    after do
      subject.id = 1
-      subject.to_s.should == @expected
+      expect(subject.to_s).to eq @expected
    end

    it 'returns @id' do
@@ -67,20 +67,20 @@ describe WpUser do
      wp_user.id = 1
      other      = WpUser.new(uri, id: 3)

-      wp_user.<=>(other).should === 1.<=>(3)
+      expect(wp_user.<=>(other)).to be === 1.<=>(3)
    end
  end

  describe '#===, #==' do
    context 'when the :id and :login are the same' do
      it 'is ===, and ==' do
-        WpUser.new(uri, id: 1, name: 'yo').should == WpUser.new(uri, id: 1, name: 'yo')
+        expect(WpUser.new(uri, id: 1, name: 'yo')).to eq WpUser.new(uri, id: 1, name: 'yo')
      end
    end

    context 'when :id and :login are different' do
      it 'is not === or ==' do
-        WpUser.new(uri, id: 1, name: 'yo').should_not == WpUser.new(uri, id: 2, name:'yo')
+        expect(WpUser.new(uri, id: 1, name: 'yo')).not_to eq WpUser.new(uri, id: 2, name:'yo')
      end
    end
  end
--- a/spec/lib/common/models/wp_version/findable_spec.rb
+++ b/spec/lib/common/models/wp_version/findable_spec.rb
@@ -26,7 +26,7 @@ describe 'WpVersion::Findable' do
        fixture = fixtures_dir + dir_name + @fixture
        stub_request_to_fixture(url: url, fixture: fixture)

-        WpVersion.send(method, uri).should == @expected
+        expect(WpVersion.send(method, uri)).to eq @expected
      end

      context 'when generator not found' do
@@ -81,7 +81,7 @@ describe 'WpVersion::Findable' do
        :find_from_advanced_fingerprinting,
        uri, wp_content_dir, wp_plugins_dir, versions_xml
      )
-      version.should == @expected
+      expect(version).to eq @expected
    end

    context 'when' do
@@ -108,7 +108,7 @@ describe 'WpVersion::Findable' do
      fixture = fixtures_dir + 'readme' + @fixture
      stub_request_to_fixture(url: url, fixture: fixture)

-      WpVersion.send(:find_from_readme, uri).should == @expected
+      expect(WpVersion.send(:find_from_readme, uri)).to eq @expected
    end

    context 'when version not found' do
@@ -138,7 +138,7 @@ describe 'WpVersion::Findable' do
      fixture = fixtures_dir + 'links_opml' + @fixture
      stub_request_to_fixture(url: url, fixture: fixture)

-      WpVersion.send(:find_from_links_opml, uri).should == @expected
+      expect(WpVersion.send(:find_from_links_opml, uri)).to eq @expected
    end

    it 'returns 3.4.2' do
@@ -158,7 +158,7 @@ describe 'WpVersion::Findable' do
    # Stub all WpVersion::find_from_* to return nil
    def stub_all_to_nil
      WpVersion.methods.grep(/^find_from_/).each do |method|
-        WpVersion.stub(method).and_return(nil)
+        allow(WpVersion).to receive(method).and_return(nil)
      end
    end

@@ -170,9 +170,9 @@ describe 'WpVersion::Findable' do
      stub_request(:get, /#{uri.to_s}.*/).to_return(status: 0)

      version = WpVersion.find(uri, wp_content_dir, wp_plugins_dir, version_xml)
-      version.should == @expected
+      expect(version).to eq @expected
      if @expected
-        version.found_from.should == @found_from
+        expect(version.found_from).to eq @found_from
      end
    end

@@ -191,7 +191,7 @@ describe 'WpVersion::Findable' do
        it "returns the correct WpVersion" do
          stub_all_to_nil()

-          WpVersion.stub(method).and_return(number)
+          allow(WpVersion).to receive(method).and_return(number)

          @expected = WpVersion.new(uri, number: number)
          @found_from = found_from
--- a/spec/lib/common/models/wp_version_spec.rb
+++ b/spec/lib/common/models/wp_version_spec.rb
@@ -6,14 +6,15 @@ describe WpVersion do
  it_behaves_like 'WpVersion::Vulnerable'
  it_behaves_like 'WpItem::Vulnerable' do
    let(:options)        { { number: '3.2' } }
-    let(:vulns_file)     { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.xml' }
+    let(:vulns_file)     { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.json' }
    let(:expected_refs)  { {
-        :url => ['Ref 1', 'Ref 2'],
-        :cve => ['2011-001'],
-        :secunia => ['secunia'],
-        :osvdb => ['osvdb'],
-        :metasploit => ['exploit/ex1'],
-        :exploitdb => ['exploitdb']
+        'id' => [2993],
+        'url' => ['Ref 1,Ref 2'],
+        'cve' => ['2011-001'],
+        'secunia' => ['secunia'],
+        'osvdb' => ['osvdb'],
+        'metasploit' => ['exploit/ex1'],
+        'exploitdb' => ['exploitdb']
    } }
    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', expected_refs) }
  end
@@ -24,7 +25,7 @@ describe WpVersion do

  describe '#allowed_options' do
    [:number, :found_from].each do |sym|
-      its(:allowed_options) { should include sym }
+      its(:allowed_options) { is_expected.to include sym }
    end
  end

--- a/spec/lib/common/plugins/plugin_spec.rb
+++ b/spec/lib/common/plugins/plugin_spec.rb
@@ -10,7 +10,7 @@ describe Plugin do
      subject(:plugin) { Plugin.new(infos) }
      let(:infos) { { author: 'John' } }

-      its(:author) { should === infos[:author] }
+      its(:author) { is_expected.to be === infos[:author] }
    end
  end

@@ -26,7 +26,7 @@ describe Plugin do
        expect { plugin.register_options(*@options) }.to raise_error(@exception)
      else
        plugin.register_options(*@options)
-        plugin.registered_options.sort.should === @expected.sort
+        expect(plugin.registered_options.sort).to be === @expected.sort
      end
    end

--- a/Show More
+++ b/Show More