Stats

update data.zip
prepare release
2017-07-19 15:24:32 +02:00 · 2017-07-19 15:05:41 +02:00 · 2017-07-19 14:59:33 +02:00 · 2017-07-17 20:56:38 +02:00 · 2017-07-08 01:12:06 +02:00 · 2017-07-08 01:10:00 +02:00
146 changed files with 3029 additions and 1877 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,21 @@
 git/
 bundle/
 .idea/
 .yardoc/
 cache/
 coverage/
 spec/
 dev/
 .*
 **/*.md
 *.md
 Dockerfile
 **/*.orig
 *.orig
 CREDITS
 data.zip
 DISCLAIMER.txt
 example.conf.json
 bin/
 log.txt
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 .ash_history
 cache
 coverage
 .bundle
@@ -6,10 +7,10 @@ coverage
 *.sublime-*
 .idea
 .*.swp
 Gemfile.lock
 log.txt
 .yardoc
 debug.log
 wordlist.txt
 rspec_results.html
 data/
 vendor/
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.2.2
+2.4.1
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,26 +1,30 @@
 language: ruby
 sudo: false
 cache: bundler
 rvm:
-  - 1.9.2
+  - 2.1.9
  - 1.9.3
  - 2.0.0
  - 2.1.0
  - 2.1.1
  - 2.1.2
  - 2.1.3
  - 2.1.4
  - 2.1.5
  - 2.2.0
  - 2.2.1
  - 2.2.2
  - 2.2.3
  - 2.2.4
  - 2.3.0
  - 2.3.1
  - 2.3.2
  - 2.3.3
  - 2.4.1
 before_install:
  - "env"
  - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
-script: bundle exec rspec
+  - "gem install bundler"
  - "bundler --version"
 before_script:
  - "unzip -o $TRAVIS_BUILD_DIR/data.zip -d $TRAVIS_BUILD_DIR"
 script:
  - "bundle exec rspec"
 notifications:
  email:
-    - wpscanteam@gmail.com
+    - team@wpscan.org
 matrix:
  allow_failures:
    - rvm: 1.9.2
 # do not build gh-pages branch
 branches:
  except:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,106 @@
 # Changelog
 ## Master
-[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.8...master)
+[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.9.3...master)
 ## Version 2.9.3
 Released: 2017-07-19
 * Updated dependencies and required ruby version
 * Made some changes so wpscan works in ruby 2.4
 * Added a Gemfile.lock to lock all dependencies
 * You can now pass a wordlist from stdin via "--wordlist -"
 * Improved version detection regexes
 * Added an optional paramter to --log to specify a filename
 WPScan Database Statistics:
 * Total tracked wordpresses: 251
 * Total tracked plugins: 68818
 * Total tracked themes: 15132
 * Total vulnerable wordpresses: 243
 * Total vulnerable plugins: 1527
 * Total vulnerable themes: 280
 * Total wordpress vulnerabilities: 5263
 * Total plugin vulnerabilities: 2406
 * Total theme vulnerabilities: 349
 ## Version 2.9.2
 Released: 2016-11-15
 * Fixed error when detecting plugins with UTF-8 characters
 * Use all possible finders to verify a detected version
 * Fix error when detecting a WordPress version not in our database
 * Added some additional clarification on error messages
 * Upgrade terminal-table gem
 * Add --cache-dir option
 * Add --disable-tls-checks options
 * Improve/add additional plugin passive detections
 * Remove scripts when calculating page hashes
 * Many other small bug fixes.
 WPScan Database Statistics:
 * Total tracked wordpresses: 194
 * Total tracked plugins: 63703
 * Total tracked themes: 13835
 * Total vulnerable wordpresses: 177
 * Total vulnerable plugins: 1382
 * Total vulnerable themes: 379
 * Total wordpress vulnerabilities: 2617
 * Total plugin vulnerabilities: 2190
 * Total theme vulnerabilities: 452
 ## Version 2.9.1
 Released: 2016-05-06
 * Update to Ruby 2.3.1, drop older ruby support
 * New data file location
 * Added experimental Windows support
 * Display WordPress metadata on the detected version
 * Several small fixes
 WPScan Database Statistics:
 * Total vulnerable versions: 156
 * Total vulnerable plugins:  1324
 * Total vulnerable themes:   376
 * Total version vulnerabilities: 1998
 * Total plugin vulnerabilities:  2057
 * Total theme vulnerabilities:   449
 ## Version 2.9
 Released: 2015-10-15
 New
 * GZIP Encoding in updater
 * Adds --throttle option to throttle requests
 * Uses new API and local database file structure
 * Adds last updated and latest version to plugins and themes
 Removed
 * ArchAssault from README
 * APIv1 local databases
 General core
 * Update to Ruby 2.2.3
 * Use yajl-ruby as JSON parser
 * New dependancy for Ubuntu 14.04 (libgmp-dev)
 * Use Travis container based infra and caching
 Fixed issues
 * Fix #835 - Readme requests to wp root dir
 * Fix #836 - Critical icon output twice when the site is not running WP
 * Fix #839 - Terminal-table dependency is broken
 * Fix #841 - error: undefined method `cells' for #<Array:0x000000029cc2f8>
 * Fix #852 - GZIP Encoding in updater
 * Fix #853 - APIv2 integration
 * Fix #858 - Detection FP
 * Fix #873 - false positive "site has Must Use Plugins"
 WPScan Database Statistics:
 * Total vulnerable versions: 132
 * Total vulnerable plugins:  1170
 * Total vulnerable themes:   368
 * Total version vulnerabilities: 1476
 * Total plugin vulnerabilities:  1913
 * Total theme vulnerabilities:   450
 ## Version 2.8
 Released: 2015-06-22
@@ -79,7 +179,7 @@ Fixed issues
 * Fix #746 - Add a global counter for all active requests to server.
 * Fix #747 - Add 'security-protection' plugin to wp_login_protection module
 * Fix #753 - undefined method `round' for "10":String for request or connect timeouts
-* Fix #760 - typhoeus issue (infinite loop) 
+* Fix #760 - typhoeus issue (infinite loop)
 WPScan Database Statistics:
 * Total vulnerable versions: 89
@@ -100,7 +200,7 @@ New
 * Add Sucuri sponsor to banner
 * Add protocol to sucuri url in banner
 * Add response code to proxy error output
-* Add a statement about mendatory newlines at the end of list
+* Add a statement about mandatory newlines at the end of list
 * Give warning if default username 'admin' is still used
 * License amendment to make it more clear about value added usage
@@ -456,4 +556,3 @@ Fixed issues
 ## Version 2.1
 Released 2013-3-4
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 **CREDITS**
-This file is used to state the individual WPScan Team members (core developers) and give credit to WPScan's other contributors. If you feel your name should be in here email wpscanteam@gmail.com.
+This file is used to state the individual WPScan Team members (core developers) and give credit to WPScan's other contributors. If you feel your name should be in here email team@wpscan.org.
 *WPScan Team*
--- a/29
+++ b/29
@@ -0,0 +1,29 @@
 FROM ruby:2.4-alpine
 MAINTAINER WPScan Team <team@wpscan.org>
 ARG BUNDLER_ARGS="--jobs=8 --without test"
 RUN adduser -h /wpscan -g WPScan -D wpscan
 RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
 COPY Gemfile /wpscan
 COPY Gemfile.lock /wpscan
 # runtime dependencies
 RUN apk add --no-cache libcurl procps && \
  # build dependencies
  apk add --no-cache --virtual build-deps alpine-sdk ruby-dev libffi-dev zlib-dev && \
  bundle install --system --gemfile=/wpscan/Gemfile $BUNDLER_ARGS && \
  apk del --no-cache build-deps
 COPY . /wpscan
 RUN chown -R wpscan:wpscan /wpscan
 USER wpscan
 RUN /wpscan/wpscan.rb --update --verbose --no-color
 WORKDIR /wpscan
 ENTRYPOINT ["/wpscan/wpscan.rb"]
 CMD ["--help"]
--- a/20
+++ b/20
@@ -1,15 +1,15 @@
 source 'https://rubygems.org'
-gem 'typhoeus', '~>0.7.0'
+gem 'typhoeus', '>=1.1.2'
-gem 'nokogiri'
+gem 'nokogiri', '>=1.7.0.1'
-gem 'addressable'
+gem 'addressable', '>=2.5.0'
-gem 'json'
+gem 'yajl-ruby', '>=1.3.0' # Better JSON parser regarding memory usage
-gem 'terminal-table'
+gem 'terminal-table', '>=1.6.0'
-gem 'ruby-progressbar', '>=1.6.0'
+gem 'ruby-progressbar', '>=1.8.1'
 group :test do
-  gem 'webmock', '>=1.17.2'
+  gem 'webmock', '>=2.3.2'
-  gem 'simplecov'
+  gem 'simplecov', '>=0.13.0'
-  gem 'rspec', '>= 3.3.0'
+  gem 'rspec', '>=3.5.0'
-  gem 'rspec-its'
+  gem 'rspec-its', '>=1.2.0'
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -0,0 +1,69 @@
 GEM
  remote: https://rubygems.org/
  specs:
    addressable (2.5.1)
      public_suffix (~> 2.0, >= 2.0.2)
    crack (0.4.3)
      safe_yaml (~> 1.0.0)
    diff-lcs (1.3)
    docile (1.1.5)
    ethon (0.10.1)
      ffi (>= 1.3.0)
    ffi (1.9.18)
    hashdiff (0.3.4)
    json (2.1.0)
    mini_portile2 (2.2.0)
    nokogiri (1.8.0)
      mini_portile2 (~> 2.2.0)
    public_suffix (2.0.5)
    rspec (3.6.0)
      rspec-core (~> 3.6.0)
      rspec-expectations (~> 3.6.0)
      rspec-mocks (~> 3.6.0)
    rspec-core (3.6.0)
      rspec-support (~> 3.6.0)
    rspec-expectations (3.6.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.6.0)
    rspec-its (1.2.0)
      rspec-core (>= 3.0.0)
      rspec-expectations (>= 3.0.0)
    rspec-mocks (3.6.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.6.0)
    rspec-support (3.6.0)
    ruby-progressbar (1.8.1)
    safe_yaml (1.0.4)
    simplecov (0.14.1)
      docile (~> 1.1.0)
      json (>= 1.8, < 3)
      simplecov-html (~> 0.10.0)
    simplecov-html (0.10.1)
    terminal-table (1.8.0)
      unicode-display_width (~> 1.1, >= 1.1.1)
    typhoeus (1.1.2)
      ethon (>= 0.9.0)
    unicode-display_width (1.3.0)
    webmock (3.0.1)
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff
    yajl-ruby (1.3.0)
 PLATFORMS
  ruby
 DEPENDENCIES
  addressable (>= 2.5.0)
  nokogiri (>= 1.7.0.1)
  rspec (>= 3.5.0)
  rspec-its (>= 1.2.0)
  ruby-progressbar (>= 1.8.1)
  simplecov (>= 0.13.0)
  terminal-table (>= 1.6.0)
  typhoeus (>= 1.1.2)
  webmock (>= 2.3.2)
  yajl-ruby (>= 1.3.0)
 BUNDLED WITH
   1.14.6
--- a/8
+++ b/8
@@ -1,6 +1,6 @@
 WPScan Public Source License
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2016 WPScan Team.
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
@@ -27,7 +27,7 @@ Example cases which do not require a commercial license, and thus fall under the
 - Using WPScan to test your own systems.
 - Any non-commercial use of WPScan.
-If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - wpscanteam@gmail.com. 
+If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
 We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
@@ -68,3 +68,7 @@ To the extent permitted under Law, WPScan is provided under an AS-IS basis. The
 10. Disclaimer
 Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
 11. Trademark
 The "wpscan" term is a registered trademark. This License does not grant the use of the "wpscan" trademark or the use of the WPScan logo.
--- a/README.md
+++ b/README.md
@@ -4,16 +4,17 @@
 [![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
 [![Code Climate](https://img.shields.io/codeclimate/github/wpscanteam/wpscan.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
 [![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/wpscan.svg)](https://gemnasium.com/wpscanteam/wpscan)
 [![Docker Pulls](https://img.shields.io/docker/pulls/wpscanteam/wpscan.svg)](https://hub.docker.com/r/wpscanteam/wpscan/)
-#### LICENSE
+# LICENSE
-#### WPScan Public Source License
+## WPScan Public Source License
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2016 WPScan Team.
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
-##### 1. Definitions
+### 1. Definitions
 1.1 "License" means this document.
@@ -21,7 +22,7 @@ Cases that include commercialization of WPScan require a commercial, non-free li
 1.3 "WPScan Team" means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
-##### 2. Commercialization
+### 2. Commercialization
 A commercial use is one intended for commercial advantage or monetary compensation.
@@ -38,13 +39,13 @@ Example cases which do not require a commercial license, and thus fall under the
 - Using WPScan to test your own systems.
 - Any non-commercial use of WPScan.
-If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - wpscanteam@gmail.com.
+If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
 We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
 Free-use Terms and Conditions;
-##### 3. Redistribution
+### 3. Redistribution
 Redistribution is permitted under the following conditions:
@@ -52,35 +53,39 @@ Redistribution is permitted under the following conditions:
 - Unmodified Copyright notices are provided with WPScan.
 - Does not conflict with the commercialization clause.
-##### 4. Copying
+### 4. Copying
 Copying is permitted so long as it does not conflict with the Redistribution clause.
-##### 5. Modification
+### 5. Modification
 Modification is permitted so long as it does not conflict with the Redistribution clause.
-##### 6. Contributions
+### 6. Contributions
 Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.
-##### 7. Support
+### 7. Support
 WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.
-##### 8. Disclaimer of Warranty
+### 8. Disclaimer of Warranty
 WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
-##### 9. Limitation of Liability
+### 9. Limitation of Liability
 To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.
-##### 10. Disclaimer
+### 10. Disclaimer
 Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
-#### INSTALL
+### 11. Trademark
 The "wpscan" term is a registered trademark. This License does not grant the use of the "wpscan" trademark or the use of the WPScan logo.
 # INSTALL
 WPScan comes pre-installed on the following Linux distributions:
@@ -88,84 +93,102 @@ WPScan comes pre-installed on the following Linux distributions:
 - [Kali Linux](http://www.kali.org/)
 - [Pentoo](http://www.pentoo.ch/)
 - [SamuraiWTF](http://samurai.inguardians.com/)
 - [ArchAssault](https://archassault.org/)
 - [BlackArch](http://blackarch.org/)
-Prerequisites:
+On macOS WPScan is packaged by [Homebrew](https://brew.sh/) as [`wpscan`](http://braumeister.org/formula/wpscan).
- Ruby >= 1.9.2 - Recommended: 2.2.2
+Windows is not supported
 We suggest you use our official Docker image from https://hub.docker.com/r/wpscanteam/wpscan/ to avoid installation problems.
 # DOCKER
 Pull the repo with `docker pull wpscanteam/wpscan`
 ## Start WPScan
 ```
 docker run -it --rm wpscanteam/wpscan -u https://yourblog.com [options]
 ```
 For the available Options, please see https://github.com/wpscanteam/wpscan#wpscan-arguments
 If you run the git version of wpscan we included some binstubs in ./bin for easier start of wpscan.
 ## Examples
 Mount a local wordlist to the docker container and start a bruteforce attack for user admin
 ```
 docker run -it --rm -v ~/wordlists:/wordlists wpscanteam/wpscan --url https://yourblog.com --wordlist /wordlists/crackstation.txt --username admin
 ```
 Use logfile option
 ```
 # the file must exist prior to starting the container, otherwise docker will create a directory with the filename
 touch ~/FILENAME
 docker run -it --rm -v ~/FILENAME:/wpscan/output.txt wpscanteam/wpscan --url https://yourblog.com --log /wpscan/output.txt
 ```
 (This mounts the host directory `~/wordlists` to the container in the path `/wordlists`)
 Published on https://hub.docker.com/r/wpscanteam/wpscan/
 # Manual install
 ## Prerequisites
 - Ruby >= 2.1.9 - Recommended: 2.4.1
 - Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
 - RubyGems      - Recommended: latest
 - Git
-Windows is not supported.
+### Installing dependencies on Ubuntu
 If installed from Github update the code base with ```git pull```. The databases are updated with ```wpscan.rb --update```.
-####Installing on Ubuntu:
+    sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev
-Before Ubuntu 14.04:
+### Installing dependencies on Debian
-    sudo apt-get install libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+    sudo apt-get install gcc git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
-From Ubuntu 14.04:
+### Installing dependencies on Fedora
-    sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
+    sudo dnf install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
-####Installing on Debian:
+### Installing dependencies on Arch Linux
    sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler
    bundle install --without test --path vendor/bundle
 ####Installing on Fedora:
    sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
 ####Installing on Archlinux:
    pacman -Syu ruby
    pacman -Syu libyaml
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
    gem install typhoeus
    gem install nokogiri
-####Installing on Mac OSX:
+### Installing dependencies on macOS
 Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See [http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error](http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error)
-    git clone https://github.com/wpscanteam/wpscan.git
+## Installing with RVM (recommended when doing a manual install)
    cd wpscan
    sudo gem install bundler && sudo bundle install --without test
-####Installing with RVM:
+If you are using GNOME Terminal, there are some steps required before executing the commands. See here for more information:
 https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
    # Install all prerequisites for your OS (look above)
    cd ~
    curl -sSL https://rvm.io/mpapis.asc | gpg --import -
    curl -sSL https://get.rvm.io | bash -s stable
    source ~/.rvm/scripts/rvm
    echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
-    rvm install 2.2.2
+    rvm install 2.4.1
-    rvm use 2.2.2 --default
+    rvm use 2.4.1 --default
    echo "gem: --no-ri --no-rdoc" > ~/.gemrc
    gem install bundler
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    gem install bundler
    bundle install --without test
-#### KNOWN ISSUES
+## Installing manually (not recommended)
    git clone https://github.com/wpscanteam/wpscan.git
    cd wpscan
    sudo gem install bundler && bundle install --without test
 # KNOWN ISSUES
  - Typhoeus segmentation fault
@@ -192,7 +215,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
      Then, open the directory of the readline gem (you have to locate it)
-        cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
+        cd ~/.rvm/src/ruby-XXXX/ext/readline
        ruby extconf.rb
        make
        make install
@@ -208,15 +231,12 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
      See [https://github.com/wpscanteam/wpscan/issues/148](https://github.com/wpscanteam/wpscan/issues/148)
-#### WPSCAN ARGUMENTS
+# WPSCAN ARGUMENTS
-    --update   Update the databases.
+    --update                            Update the database to the latest version.
-
+    --url       | -u <target url>       The WordPress URL/domain to scan.
-    --url   | -u <target url>  The WordPress URL/domain to scan.
+    --force     | -f                    Forces WPScan to not check if the remote site is running WordPress.
-
+    --enumerate | -e [option(s)]        Enumeration.
    --force | -f Forces WPScan to not check if the remote site is running WordPress.
    --enumerate | -e [option(s)]  Enumeration.
      option :
        u        usernames from id 1 to 10
        u[10-20] usernames from id 10 to 20 (you must write [] chars)
@@ -230,55 +250,45 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
      Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
      If no option is supplied, the default is "vt,tt,u,vp"
-    --exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+    --exclude-content-based "<regexp or string>"
-                                                 You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+                                        Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied.
                                        You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).
    --config-file  | -c <config file>   Use the specified config file, see the example.conf.json.
    --user-agent   | -a <User-Agent>    Use the specified User-Agent.
    --cookie <string>                   String to read cookies from.
    --random-agent | -r                 Use a random User-Agent.
    --follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not
    --batch                             Never ask for user input, use the default behaviour.
    --no-color                          Do not use colors in the output.
    --log [filename]                    Creates a log.txt file with WPScan's output if no filename is supplied. Otherwise the filename is used for logging.
    --no-banner                         Prevents the WPScan banner from being displayed.
    --disable-accept-header             Prevents WPScan sending the Accept HTTP header.
    --disable-referer                   Prevents setting the Referer header.
    --disable-tls-checks                Disables SSL/TLS certificate verification.
    --wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specify it.
                                        Subdirectories are allowed.
    --wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.
                                        If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
    --proxy <[protocol://]host:port>    Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported.
                                        If no protocol is given (format host:port), HTTP will be used.
    --proxy-auth <username:password>    Supply the proxy login credentials.
    --basic-auth <username:password>    Set the HTTP Basic authentication.
    --wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.
                                        If the "-" option is supplied, the wordlist is expected via STDIN.
    --username | -U <username>          Only brute force the supplied username.
    --usernames     <path-to-file>      Only brute force the usernames from the file.
    --cache-dir       <cache-directory> Set the cache directory.
    --cache-ttl       <cache-ttl>       Typhoeus cache TTL.
    --request-timeout <request-timeout> Request Timeout.
    --connect-timeout <connect-timeout> Connect Timeout.
    --threads  | -t <number of threads> The number of threads to use when multi-threading requests.
    --max-threads     <max-threads>     Maximum Threads.
    --throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.
    --help     | -h                     This help screen.
    --verbose  | -v                     Verbose output.
    --version                           Output the current version and exit.
-    --config-file | -c <config file> Use the specified config file, see the example.conf.json
+# WPSCAN EXAMPLES
    --user-agent | -a <User-Agent> Use the specified User-Agent
    --random-agent | -r Use a random User-Agent
    --follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
    --wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
    --wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
    --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
                                     HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
    --proxy-auth <username:password>  Supply the proxy login credentials.
    --basic-auth <username:password>  Set the HTTP Basic authentication.
    --wordlist | -w <wordlist>  Supply a wordlist for the password brute forcer.
    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests.
    --username | -U <username>  Only brute force the supplied username.
    --usernames  <path-to-file>  Only brute force the usernames from the file.
    --cache-ttl <cache-ttl>  Typhoeus cache TTL.
    --request-timeout <request-timeout>  Request Timeout.
    --connect-timeout <connect-timeout>  Connect Timeout.
    --max-threads <max-threads>  Maximum Threads.
    --help     | -h This help screen.
    --verbose  | -v Verbose output.
    --batch Never ask for user input, use the default behavior.
    --no-color Do not use colors in the output.
    --log Save STDOUT to log.txt
 #### WPSCAN EXAMPLES
 Do 'non-intrusive' checks...
@@ -288,6 +298,10 @@ Do wordlist password brute force on enumerated users using 50 threads...
 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50```
 Do wordlist password brute force on enumerated users using STDIN as the wordlist...
 ```crunch 5 13 -f charset.lst mixalpha | ruby wpscan.rb --url www.example.com --wordlist -```
 Do wordlist password brute force on the 'admin' username only...
 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin```
@@ -312,26 +326,22 @@ Debug output...
 ```ruby wpscan.rb --url www.example.com --debug-output 2>debug.log```
-#### PROJECT HOME
+# PROJECT HOME
 [http://www.wpscan.org](http://www.wpscan.org)
-#### VULNERABILITY DATABASE
+# VULNERABILITY DATABASE
 [https://wpvulndb.com](https://wpvulndb.com)
-#### GIT REPOSITORY
+# GIT REPOSITORY
 [https://github.com/wpscanteam/wpscan](https://github.com/wpscanteam/wpscan)
-#### ISSUES
+# ISSUES
 [https://github.com/wpscanteam/wpscan/issues](https://github.com/wpscanteam/wpscan/issues)
-#### DEVELOPER DOCUMENTATION
+# DEVELOPER DOCUMENTATION
 [http://rdoc.info/github/wpscanteam/wpscan/frames](http://rdoc.info/github/wpscanteam/wpscan/frames)
 #### SPECIAL THANKS
 [RandomStorm](https://www.randomstorm.com)
--- a/bin/rspec
+++ b/bin/rspec
@@ -0,0 +1,21 @@
 #!/bin/bash
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
  SOURCE="$(readlink "$SOURCE")"
  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
 DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
 cd $DIR/../
 # always rebuild and include all GEMs
 docker build --build-arg "BUNDLER_ARGS=--jobs=8" -t wpscan:rspec .
 # update all gems (this updates Gemfile.lock on the host)
 # this also needs some build dependencies
 docker run --rm -u root -v $DIR/../Gemfile.lock:/wpscan/Gemfile.lock --entrypoint "" wpscan:rspec sh -c 'apk add --no-cache alpine-sdk ruby-dev libffi-dev zlib-dev && bundle update'
 # rebuild image with latest GEMs
 docker build --build-arg "BUNDLER_ARGS=--jobs=8" -t wpscan:rspec .
 # run spec
 docker run --rm -v $DIR/../:/wpscan --entrypoint "" wpscan:rspec rspec
--- a/bin/update_gems
+++ b/bin/update_gems
@@ -0,0 +1,12 @@
 #!/bin/bash
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
  SOURCE="$(readlink "$SOURCE")"
  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
 DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
 cd $DIR/../
 docker run -it --rm -v "$DIR/../":/wpscan -w /wpscan ruby:2.4 bundle update
--- a/bin/wpscan
+++ b/bin/wpscan
@@ -0,0 +1,14 @@
 #!/bin/bash
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
  SOURCE="$(readlink "$SOURCE")"
  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
 DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
 cd $DIR/../
 docker build -q -t wpscan:git .
 docker run -it --rm wpscan:git "$@"
--- a/bin/wpscan-dev
+++ b/bin/wpscan-dev
@@ -0,0 +1,16 @@
 #!/bin/bash
 SOURCE="${BASH_SOURCE[0]}"
 while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
  SOURCE="$(readlink "$SOURCE")"
  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
 done
 DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
 cd $DIR/../
 if [[ -n "$WPSCAN_BUILD" ]]; then
  docker build -q -t wpscan:git .
 fi
 docker run -it --rm -v $DIR/../:/wpscan wpscan:git "$@"
--- a/data.zip
+++ b/data.zip
--- a/dev/stats.rb
+++ b/dev/stats.rb
@@ -0,0 +1,19 @@
 #!/usr/bin/env ruby
 # encoding: UTF-8
 require File.expand_path(File.join(__dir__, '..', 'lib', 'wpscan', 'wpscan_helper'))
 wordpress_json = json(WORDPRESSES_FILE)
 plugins_json = json(PLUGINS_FILE)
 themes_json = json(THEMES_FILE)
 puts 'WPScan Database Statistics:'
 puts "* Total tracked wordpresses: #{wordpress_json.count}"
 puts "* Total tracked plugins: #{plugins_json.count}"
 puts "* Total tracked themes: #{themes_json.count}"
 puts "* Total vulnerable wordpresses: #{wordpress_json.select { |item| !wordpress_json[item]['vulnerabilities'].empty? }.count}"
 puts "* Total vulnerable plugins: #{plugins_json.select { |item| !plugins_json[item]['vulnerabilities'].empty? }.count}"
 puts "* Total vulnerable themes: #{themes_json.select { |item| !themes_json[item]['vulnerabilities'].empty? }.count}"
 puts "* Total wordpress vulnerabilities: #{wordpress_json.map {|k,v| v['vulnerabilities'].count}.inject(:+)}"
 puts "* Total plugin vulnerabilities: #{plugins_json.map {|k,v| v['vulnerabilities'].count}.inject(:+)}"
 puts "* Total theme vulnerabilities: #{themes_json.map {|k,v| v['vulnerabilities'].count}.inject(:+)}"
--- a/example.conf.json
+++ b/example.conf.json
@@ -2,8 +2,8 @@
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
    /* Uncomment the "proxy" line to use the proxy
-        SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
+       SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
-        If you do not specify the protocol, http will be used
+       If you do not specify the protocol, http will be used
    */
    //"proxy": "127.0.0.1:3128",
    //"proxy_auth": "username:password",
--- a/lib/common/browser.rb
+++ b/lib/common/browser.rb
@@ -17,14 +17,18 @@ class Browser
    :proxy_auth,
    :request_timeout,
    :connect_timeout,
-    :cookie
+    :cookie,
    :throttle,
    :disable_accept_header,
    :disable_referer,
    :disable_tls_checks
  ]
  @@instance = nil
  attr_reader :hydra, :cache_dir
-  attr_accessor :referer, :cookie
+  attr_accessor :referer, :cookie, :vhost
  # @param [ Hash ] options
  #
@@ -66,16 +70,24 @@ class Browser
    @@instance = nil
  end
  # Override for setting the User-Agent
  # @param [ String ] user_agent
  def user_agent=(user_agent)
    Typhoeus::Config.user_agent = user_agent
  end
  #
  # sets browser default values
  #
  def browser_defaults
-    @max_threads = 20
+    Typhoeus::Config.user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
-    # 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
+    @max_threads     = 20
-    @cache_ttl = 600
+    # 10 minutes, at this time the cache is cleaned before each scan.
    # If this value is set to 0, the cache will be disabled
    @cache_ttl       = 600
    @request_timeout = 60 # 60s
    @connect_timeout = 10 # 10s
-    @user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
+    @throttle        = 0
  end
  #
@@ -86,7 +98,6 @@ class Browser
  #
  # @return [ void ]
  def load_config(config_file = nil)
    if File.symlink?(config_file)
      raise '[ERROR] Config file is a symlink.'
    else
@@ -99,7 +110,6 @@ class Browser
        self.send(:"#{option_name}=", data[option_name])
      end
    end
  end
  # @param [ String ] url
@@ -114,18 +124,9 @@ class Browser
  #
  # @return [ Hash ]
  def merge_request_params(params = {})
    params = Browser.append_params_header_field(
      params,
      'User-Agent',
      @user_agent
    )
    if @proxy
-      params = params.merge(proxy: @proxy)
+      params.merge!(proxy: @proxy)
-
+      params.merge!(proxyauth: @proxy_auth) if @proxy_auth
      if @proxy_auth
        params = params.merge(proxyauth: @proxy_auth)
      end
    end
    if @basic_auth
@@ -136,23 +137,37 @@ class Browser
      )
    end
    if vhost
      params = Browser.append_params_header_field(
        params,
        'Host',
        vhost
      )
    end
    params.merge!(referer: referer)
-    params.merge!(timeout: @request_timeout) if @request_timeout
+    params.merge!(timeout: @request_timeout) if @request_timeout && !params.key?(:timeout)
-    params.merge!(connecttimeout: @connect_timeout) if @connect_timeout
+    params.merge!(connecttimeout: @connect_timeout) if @connect_timeout && !params.key?(:connecttimeout)
    # Used to enable the cache system if :cache_ttl > 0
-    params.merge!(cache_ttl: @cache_ttl) unless params.has_key?(:cache_ttl)
+    params.merge!(cache_ttl: @cache_ttl) unless params.key?(:cache_ttl)
    # Prevent infinite self redirection
-    params.merge!(maxredirs: 3) unless params.has_key?(:maxredirs)
+    params.merge!(maxredirs: 3) unless params.key?(:maxredirs)
    # Disable SSL-Certificate checks
-    params.merge!(ssl_verifypeer: false)
+    if @disable_tls_checks
-    params.merge!(ssl_verifyhost: 0)
+      # Cert validity check
      params.merge!(ssl_verifypeer: 0) unless params.key?(:ssl_verifypeer)
      # Cert hostname check
      params.merge!(ssl_verifyhost: 0) unless params.key?(:ssl_verifyhost)
    end
    params.merge!(cookiejar: @cache_dir + '/cookie-jar')
    params.merge!(cookiefile: @cache_dir + '/cookie-jar')
    params.merge!(cookie: @cookie) if @cookie
    params = Browser.remove_params_header_field(params, 'Accept') if @disable_accept_header
    params = Browser.remove_params_header_field(params, 'Referer') if @disable_referer
    params
  end
@@ -173,4 +188,17 @@ class Browser
    params
  end
  # @param [ Hash ] params
  # @param [ String ] field
  # @param [ Mixed ] field_value
  #
  # @return [ Array ]
  def self.remove_params_header_field(params = {}, field)
    if !params.has_key?(:headers)
      params = params.merge(:headers => { field => nil })
    elsif !params[:headers].has_key?(field)
      params[:headers][field] = nil
    end
    params
  end
 end
--- a/lib/common/browser/options.rb
+++ b/lib/common/browser/options.rb
@@ -3,9 +3,8 @@
 class Browser
  module Options
-    attr_accessor :cache_ttl, :request_timeout, :connect_timeout
+    attr_accessor :request_timeout, :connect_timeout, :user_agent, :disable_accept_header, :disable_referer, :disable_tls_checks
-    attr_reader   :basic_auth, :proxy, :proxy_auth
+    attr_reader   :basic_auth, :cache_ttl, :proxy, :proxy_auth, :throttle
    attr_writer   :user_agent
    # Sets the Basic Authentification credentials
    # Accepted format:
@@ -21,10 +20,14 @@ class Browser
      elsif auth =~ /\ABasic [a-zA-Z0-9=]+\z/
        @basic_auth = auth
      else
-       raise 'Invalid basic authentication format, "login:password" or "Basic base_64_encoded" expected'
+        raise "Invalid basic authentication format, \"login:password\" or \"Basic base_64_encoded\" expected. Your input: #{auth}"
     end
    end
    def cache_ttl=(ttl)
      @cache_ttl = ttl.to_i
    end
    # @return [ Integer ]
    def max_threads
      @max_threads || 1
@@ -93,6 +96,11 @@ class Browser
      @connect_timeout = timeout.to_i
    end
    # @param [ String, Integer ] throttle
    def throttle=(throttle)
      @throttle = throttle.to_i.abs / 1000.0
    end
    protected
    def invalid_proxy_auth_format
@@ -110,6 +118,5 @@ class Browser
        end
      end
    end
  end
 end
--- a/lib/common/cache_file_store.rb
+++ b/lib/common/cache_file_store.rb
@@ -23,9 +23,7 @@ class CacheFileStore
    @storage_path = File.expand_path(File.join(storage_path, storage_dir))
    @serializer   = serializer
-    # File.directory? for ruby <= 1.9 otherwise,
+    unless Dir.exist?(@storage_path)
    # it makes more sense to do Dir.exist? :/
    unless File.directory?(@storage_path)
      FileUtils.mkdir_p(@storage_path)
    end
  end
@@ -51,7 +49,7 @@ class CacheFileStore
  end
  def write_entry(key, data_to_store, cache_ttl)
-    if cache_ttl > 0
+    if cache_ttl && cache_ttl > 0
      File.open(get_entry_file_path(key), 'w') do |f|
        begin
          f.write(@serializer.dump(data_to_store))
--- a/lib/common/collections/wp_items.rb
+++ b/lib/common/collections/wp_items.rb
@@ -67,6 +67,7 @@ class WpItems < Array
  end
  protected
  # @return [ Class ]
  def item_class
    Object.const_get(self.class.to_s.gsub(/.$/, ''))
--- a/lib/common/collections/wp_items/detectable.rb
+++ b/lib/common/collections/wp_items/detectable.rb
@@ -32,11 +32,7 @@ class WpItems < Array
          progress_bar.progress += 1 if options[:show_progression]
          if target_item.exists?(exist_options, response)
-            unless results.include?(target_item)
+            results << target_item unless results.include?(target_item)
              if !options[:only_vulnerable] || options[:only_vulnerable] && target_item.vulnerable?
                results << target_item
              end
            end
          end
        end
@@ -53,7 +49,7 @@ class WpItems < Array
      # run the remaining requests
      hydra.run
-      results.select!(&:vulnerable?) if options[:only_vulnerable]
+      results.select!(&:vulnerable?) if options[:type] == :vulnerable
      results.sort!
      results  # can't just return results.sort as it would return an array, and we want a WpItems
@@ -99,6 +95,10 @@ class WpItems < Array
        code = tag.text.to_s
        next if code.empty?
        if ! code.valid_encoding?
          code = code.encode('UTF-16be', :invalid => :replace, :replace => '?').encode('UTF-8')
        end
        code.scan(code_pattern(wp_target)).flatten.uniq.each do |item_name|
          names << item_name
        end
@@ -120,7 +120,7 @@ class WpItems < Array
      wp_content_dir = wp_target.wp_content_dir
      wp_content_url = wp_target.uri.merge(wp_content_dir).to_s
-      url = /#{wp_content_url.gsub(%r{\A(?:http|https)}, 'https?').gsub('/', '\\\\\?\/')}/i
+      url = wp_content_url.gsub(%r{\A(?:http|https)://}, '(?:https?:)?//').gsub('/', '\\\\\?\/')
      content_dir = %r{(?:#{url}|\\?\/\\?\/?#{wp_content_dir})}i
      %r{#{content_dir}\\?/#{type}\\?/}
@@ -155,15 +155,7 @@ class WpItems < Array
      item_class = self.item_class
      vulns_file = self.vulns_file
-      targets = vulnerable_targets_items(wp_target, item_class, vulns_file)
+      targets = target_items_from_type(wp_target, item_class, vulns_file, options[:type])
      unless options[:only_vulnerable]
        unless options[:file]
          raise 'A file must be supplied'
        end
        targets += targets_items_from_file(options[:file], wp_target, item_class, vulns_file)
      end
      targets.uniq! { |t| t.name }
      targets.sort_by { rand }
@@ -174,14 +166,25 @@ class WpItems < Array
    # @param [ String ] vulns_file
    #
    # @return [ Array<WpItem> ]
-    def vulnerable_targets_items(wp_target, item_class, vulns_file)
+    def target_items_from_type(wp_target, item_class, vulns_file, type)
      targets = []
      json    = json(vulns_file)
-      [*json].each do |item|
+      case type
      when :vulnerable
        items = json.select { |item| !json[item]['vulnerabilities'].empty? }.keys
      when :popular
        items = json.select { |item| json[item]['popular'] == true }.keys
      when :all
        items = json.keys
      else
        raise "Unknown type #{type}"
      end
      items.each do |item|
        targets << create_item(
          item_class,
-          item.keys.inject,
+          item,
          wp_target,
          vulns_file
        )
@@ -233,6 +236,5 @@ class WpItems < Array
    def item_class
      Object.const_get(self.to_s.gsub(/.$/, ''))
    end
  end
 end
--- a/lib/common/collections/wp_plugins.rb
+++ b/lib/common/collections/wp_plugins.rb
@@ -1,8 +1,8 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'common/collections/wp_plugins/detectable'
+require 'common/collections/wp_plugins/detectable'
-
+
-class WpPlugins < WpItems
+class WpPlugins < WpItems
-  extend WpPlugins::Detectable
+  extend WpPlugins::Detectable
-
+
-end
+end
--- a/lib/common/collections/wp_plugins/detectable.rb
+++ b/lib/common/collections/wp_plugins/detectable.rb
@@ -2,17 +2,11 @@
 class WpPlugins < WpItems
  module Detectable
    # @return [ String ]
    def vulns_file
-      PLUGINS_VULNS_FILE
+      PLUGINS_FILE
    end
    # @return [ String ]
    # def item_xpath
    #   '//plugin'
    # end
    # @param [ WpTarget ] wp_target
    # @param [ Hash ] options
    #
@@ -68,10 +62,14 @@ class WpPlugins < WpItems
        wp_plugins.add('all-in-one-seo-pack', version: $1)
      end
-      if body =~ /<!-- This site is optimized with the Yoast WordPress SEO plugin v([^\s]+) -/i
+      if body =~ /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([^\s]+) -/i
        wp_plugins.add('wordpress-seo', version: $1)
      end
      if body =~ /<!-- Google Universal Analytics for WordPress v([^\s]+) -/i
        wp_plugins.add('google-universal-analytics', version: $1)
      end
      wp_plugins
    end
--- a/lib/common/collections/wp_themes.rb
+++ b/lib/common/collections/wp_themes.rb
@@ -1,8 +1,8 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'common/collections/wp_themes/detectable'
+require 'common/collections/wp_themes/detectable'
-
+
-class WpThemes < WpItems
+class WpThemes < WpItems
-  extend WpThemes::Detectable
+  extend WpThemes::Detectable
-
+
-end
+end
--- a/lib/common/collections/wp_themes/detectable.rb
+++ b/lib/common/collections/wp_themes/detectable.rb
@@ -5,13 +5,7 @@ class WpThemes < WpItems
    # @return [ String ]
    def vulns_file
-      THEMES_VULNS_FILE
+      THEMES_FILE
    end
    # @return [ String ]
    # def item_xpath
    #   '//theme'
    # end
  end
 end
--- a/lib/common/collections/wp_timthumbs.rb
+++ b/lib/common/collections/wp_timthumbs.rb
@@ -1,8 +1,8 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'common/collections/wp_timthumbs/detectable'
+require 'common/collections/wp_timthumbs/detectable'
-
+
-class WpTimthumbs < WpItems
+class WpTimthumbs < WpItems
-  extend WpTimthumbs::Detectable
+  extend WpTimthumbs::Detectable
-
+
-end
+end
--- a/lib/common/collections/wp_timthumbs/detectable.rb
+++ b/lib/common/collections/wp_timthumbs/detectable.rb
@@ -41,7 +41,7 @@ class WpTimthumbs < WpItems
      %w{
        timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
-        scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+        scripts/timthumb.php tools/timthumb.php functions/timthumb.php thumb.php
      }.each do |path|
        wp_timthumb.path = "$wp-content$/themes/#{theme_name}/#{path}"
--- a/lib/common/collections/wp_users.rb
+++ b/lib/common/collections/wp_users.rb
@@ -1,11 +1,11 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'common/collections/wp_users/detectable'
+require 'common/collections/wp_users/detectable'
-require 'common/collections/wp_users/output'
+require 'common/collections/wp_users/output'
-require 'common/collections/wp_users/brute_forcable'
+require 'common/collections/wp_users/brute_forcable'
-
+
-class WpUsers < WpItems
+class WpUsers < WpItems
-  extend WpUsers::Detectable
+  extend WpUsers::Detectable
-  include WpUsers::Output
+  include WpUsers::Output
-  include WpUsers::BruteForcable
+  include WpUsers::BruteForcable
-end
+end
--- a/lib/common/collections/wp_users/detectable.rb
+++ b/lib/common/collections/wp_users/detectable.rb
@@ -1,34 +1,34 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpUsers < WpItems
+class WpUsers < WpItems
-  module Detectable
+  module Detectable
-
+
-    # @return [ Hash ]
+    # @return [ Hash ]
-    def request_params; {} end
+    def request_params; {} end
-
+
-    # No passive detection
+    # No passive detection
-    #
+    #
-    # @return [ WpUsers ]
+    # @return [ WpUsers ]
-    def passive_detection(wp_target, options = {})
+    def passive_detection(wp_target, options = {})
-      new
+      new
-    end
+    end
-
+
-    protected
+    protected
-
+
-    # @param [ WpTarget ] wp_target
+    # @param [ WpTarget ] wp_target
-    # @param [ Hash ] options
+    # @param [ Hash ] options
-    # @option options [ Range ] :range ((1..10))
+    # @option options [ Range ] :range ((1..10))
-    #
+    #
-    # @return [ Array<WpUser> ]
+    # @return [ Array<WpUser> ]
-    def targets_items(wp_target, options = {})
+    def targets_items(wp_target, options = {})
-      range   = options[:range] || (1..10)
+      range   = options[:range] || (1..10)
-      targets = []
+      targets = []
-
+
-      range.each do |user_id|
+      range.each do |user_id|
-        targets << WpUser.new(wp_target.uri, id: user_id)
+        targets << WpUser.new(wp_target.uri, id: user_id)
-      end
+      end
-      targets
+      targets
-    end
+    end
-
+
-  end
+  end
-end
+end
--- a/lib/common/common_helper.rb
+++ b/lib/common/common_helper.rb
@@ -1,6 +1,6 @@
 # encoding: UTF-8
-LIB_DIR              = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+LIB_DIR              = File.expand_path(File.join(__dir__, '..'))
 ROOT_DIR             = File.expand_path(File.join(LIB_DIR, '..')) # expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
 DATA_DIR             = File.join(ROOT_DIR, 'data')
 CONF_DIR             = File.join(ROOT_DIR, 'conf')
@@ -11,29 +11,26 @@ COMMON_LIB_DIR       = File.join(LIB_DIR, 'common')
 MODELS_LIB_DIR       = File.join(COMMON_LIB_DIR, 'models')
 COLLECTIONS_LIB_DIR  = File.join(COMMON_LIB_DIR, 'collections')
-LOG_FILE             = File.join(ROOT_DIR, 'log.txt')
+DEFAULT_LOG_FILE     = File.join(ROOT_DIR, 'log.txt')
 # Plugins directories
 COMMON_PLUGINS_DIR   = File.join(COMMON_LIB_DIR, 'plugins')
 WPSCAN_PLUGINS_DIR   = File.join(WPSCAN_LIB_DIR, 'plugins') # Not used ATM
 # Data files
-PLUGINS_FILE        = File.join(DATA_DIR, 'plugins.txt')
+WORDPRESSES_FILE  = File.join(DATA_DIR, 'wordpresses.json')
-PLUGINS_FULL_FILE   = File.join(DATA_DIR, 'plugins_full.txt')
+PLUGINS_FILE      = File.join(DATA_DIR, 'plugins.json')
-PLUGINS_VULNS_FILE  = File.join(DATA_DIR, 'plugin_vulns.json')
+THEMES_FILE       = File.join(DATA_DIR, 'themes.json')
-THEMES_FILE         = File.join(DATA_DIR, 'themes.txt')
+WP_VERSIONS_FILE  = File.join(DATA_DIR, 'wp_versions.xml')
-THEMES_FULL_FILE    = File.join(DATA_DIR, 'themes_full.txt')
+LOCAL_FILES_FILE  = File.join(DATA_DIR, 'local_vulnerable_files.xml')
-THEMES_VULNS_FILE   = File.join(DATA_DIR, 'theme_vulns.json')
+WP_VERSIONS_XSD   = File.join(DATA_DIR, 'wp_versions.xsd')
-WP_VULNS_FILE       = File.join(DATA_DIR, 'wp_vulns.json')
+LOCAL_FILES_XSD   = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
-WP_VERSIONS_FILE    = File.join(DATA_DIR, 'wp_versions.xml')
+USER_AGENTS_FILE  = File.join(DATA_DIR, 'user-agents.txt')
-LOCAL_FILES_FILE    = File.join(DATA_DIR, 'local_vulnerable_files.xml')
+LAST_UPDATE_FILE  = File.join(DATA_DIR, '.last_update')
 # VULNS_XSD           = File.join(DATA_DIR, 'vuln.xsd')
 WP_VERSIONS_XSD     = File.join(DATA_DIR, 'wp_versions.xsd')
 LOCAL_FILES_XSD     = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
 USER_AGENTS_FILE    = File.join(DATA_DIR, 'user-agents.txt')
 LAST_UPDATE_FILE    = File.join(DATA_DIR, '.last_update')
-WPSCAN_VERSION       = '2.8'
+MIN_RUBY_VERSION = '2.1.9'
 WPSCAN_VERSION = '2.9.3'
 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -47,16 +44,25 @@ def kali_linux?
  end
 end
 # Determins if installed on Windows OS
 def windows?
  Gem.win_platform?
 end
 require 'environment'
 def escape_glob(s)
  s.gsub(/[\\\{\}\[\]\*\?]/) { |x| '\\' + x }
 end
 # TODO : add an exclude pattern ?
 def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
-  files = Dir[File.join(absolute_dir_path, files_pattern)]
+  files = Dir[File.join(escape_glob(absolute_dir_path), files_pattern)]
  # Files in the root dir are loaded first, then those in the subdirectories
  files.sort_by { |file| [file.count('/'), file] }.each do |f|
    f = File.expand_path(f)
-    #puts "require #{f}" # Used for debug
+    # puts "require #{f}" # Used for debug
    require f
  end
 end
@@ -90,7 +96,9 @@ end
 def update_required?
  date = last_update
-  (true if date.nil?) or (date < 5.days.ago)
+  day_seconds = 24 * 60 * 60
  five_days_ago = Time.now - (5 * day_seconds)
  (true if date.nil?) or (date < five_days_ago)
 end
 # Define colors
@@ -145,7 +153,7 @@ def banner
  puts '_______________________________________________________________'
  puts '        __          _______   _____                  '
  puts '        \\ \\        / /  __ \\ / ____|                 '
-  puts '         \\ \\  /\\  / /| |__) | (___   ___  __ _ _ __  '
+  puts '         \\ \\  /\\  / /| |__) | (___   ___  __ _ _ __ ®'
  puts '          \\ \\/  \\/ / |  ___/ \\___ \\ / __|/ _` | \'_ \\ '
  puts '           \\  /\\  /  | |     ____) | (__| (_| | | | |'
  puts '            \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_|'
@@ -224,7 +232,11 @@ end
 #
 # @return [ Integer ] The number of lines in the given file
 def count_file_lines(file)
-  `wc -l #{file.shellescape}`.split[0].to_i
+  if windows?
    `findstr /R /N "^" #{file.shellescape} | find /C ":"`.split[0].to_i
  else
    `wc -l #{file.shellescape}`.split[0].to_i
  end
 end
 # Truncates a string to a specific length and adds ... at the end
@@ -258,3 +270,7 @@ end
 def directory_listing_enabled?(url)
  Browser.get(url.to_s).body[%r{<title>Index of}] ? true : false
 end
 def url_encode(str)
  CGI.escape(str).gsub("+", "%20")
 end
--- a/lib/common/db_updater.rb
+++ b/lib/common/db_updater.rb
@@ -4,9 +4,8 @@
 class DbUpdater
  FILES = %w(
    local_vulnerable_files.xml local_vulnerable_files.xsd
    plugins_full.txt plugins.txt themes_full.txt themes.txt
    timthumbs.txt user-agents.txt wp_versions.xml wp_versions.xsd
-    plugin_vulns.json theme_vulns.json wp_vulns.json LICENSE
+    wordpresses.json plugins.json themes.json LICENSE
  )
  attr_reader :repo_directory
@@ -22,13 +21,16 @@ class DbUpdater
  def request_params
    {
      ssl_verifyhost: 2,
-      ssl_verifypeer: true
+      ssl_verifypeer: true,
      accept_encoding: 'gzip, deflate',
      timeout: 300,
      connecttimeout: 20
    }
  end
  # @return [ String ] The raw file URL associated with the given filename
  def remote_file_url(filename)
-    "https://wpvulndb.com/data/#{filename}"
+    "https://data.wpscan.org/#{filename}"
  end
  # @return [ String ] The checksum of the associated remote filename
@@ -99,7 +101,7 @@ class DbUpdater
        puts "  [i] Database File Checksum  : #{db_checksum}" if verbose
        unless dl_checksum == db_checksum
-          fail "#{filename}: checksums do not match"
+          raise ChecksumError.new(File.read(local_file_path(filename))), "#{filename}: checksums do not match (local: #{dl_checksum} remote: #{db_checksum})"
        end
      rescue => e
        puts '  [i] Restoring Backup due to error' if verbose
--- a/lib/common/errors.rb
+++ b/lib/common/errors.rb
@@ -31,3 +31,11 @@ class DownloadError < HttpError
    "Unable to get #{failure_details}"
  end
 end
 class ChecksumError < StandardError
  attr_reader :file
  def initialize(file)
    @file = file
  end
 end
--- a/lib/common/hacks.rb
+++ b/lib/common/hacks.rb
@@ -1,35 +1,5 @@
 # encoding: UTF-8
 # Since ruby 1.9.2, URI::escape is obsolete
 # See http://rosettacode.org/wiki/URL_encoding#Ruby and http://www.ruby-forum.com/topic/207489
 if RUBY_VERSION >= '1.9.2'
  module URI
    extend self
    def escape(str)
      URI::Parser.new.escape(str)
    end
    alias :encode :escape
  end
 end
 if RUBY_VERSION < '1.9'
  class Array
    # Fix for grep with symbols in ruby <= 1.8.7
    def _grep_(regexp)
      matches = []
      self.each do |value|
        value = value.to_s
        matches << value if value.match(regexp)
      end
      matches
    end
    alias_method :grep, :_grep_
  end
 end
 # This is used in WpItem::Existable
 module Typhoeus
  class Response
@@ -51,71 +21,17 @@ end
 def puts(o = '')
  if $log && o.respond_to?(:gsub)
    temp = o.gsub(/\e\[\d+m/, '') # remove color for logging
-    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
+    File.open($log, 'a+') { |f| f.puts(temp) }
  end
  super(o)
 end
 module Terminal
  class Table
    def render
      separator = Separator.new(self)
      buffer = [separator]
      unless @title.nil?
        buffer << Row.new(self, [title_cell_options])
        buffer << separator
      end
      unless @headings.cells.empty?
        buffer << @headings
        buffer << separator
      end
      buffer += @rows
      buffer << separator
      buffer.map { |r| style.margin_left + r.render }.join("\n")
    end
    alias :to_s :render
    class Style
      @@defaults = {
        :border_x => '-', :border_y => '|', :border_i => '+',
        :padding_left => 1, :padding_right => 1,
        :margin_left => '',
        :width => nil, :alignment => nil
      }
      attr_accessor :margin_left
      attr_accessor :border_x
      attr_accessor :border_y
      attr_accessor :border_i
      attr_accessor :padding_left
      attr_accessor :padding_right
      attr_accessor :width
      attr_accessor :alignment
    end
  end
 end
 class Numeric
  def bytes_to_human
    units = %w{B KB MB GB TB}
-    e = (Math.log(self)/Math.log(1024)).floor
+    e = (Math.log(abs)/Math.log(1024)).floor
-    s = '%.3f' % (to_f / 1024**e)
+    s = '%.3f' % (abs.to_f / 1024**e)
    s.sub(/\.?0*$/, ' ' + units[e])
  end
 end
 # time calculations
 class Fixnum
  SECONDS_IN_DAY = 24 * 60 * 60
  def days
    self * SECONDS_IN_DAY
  end
  def ago
    Time.now - self
  end
 end
--- a/lib/common/models/vulnerability.rb
+++ b/lib/common/models/vulnerability.rb
@@ -1,61 +1,62 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'vulnerability/output'
+require 'vulnerability/output'
-require 'vulnerability/urls'
+require 'vulnerability/urls'
-
+
-class Vulnerability
+class Vulnerability
-  include Vulnerability::Output
+  include Vulnerability::Output
-  include Vulnerability::Urls
+  include Vulnerability::Urls
-
+
-  attr_accessor :title, :references, :type, :fixed_in
+  attr_accessor :title, :references, :type, :fixed_in
-
+
-  #
+  #
-  # @param [ String ] title The title of the vulnerability
+  # @param [ String ] title The title of the vulnerability
-  # @param [ String ] type  The type of the vulnerability
+  # @param [ String ] type  The type of the vulnerability
-  # @param [ Hash ] references References
+  # @param [ Hash ] references References
-  # @param [ String ] fixed_in  Vuln fixed in Version X
+  # @param [ String ] fixed_in  Vuln fixed in Version X
-  #
+  #
-  # @return [ Vulnerability ]
+  # @return [ Vulnerability ]
-  def initialize(title, type, references = {}, fixed_in = '')
+  def initialize(title, type, references = {}, fixed_in = '')
-    @title              = title
+    @title              = title
-    @type               = type
+    @type               = type
-    @references         = references
+    @references         = references
-    @fixed_in           = fixed_in
+    @fixed_in           = fixed_in
-  end
+  end
-
+
-  # @param [ Vulnerability ] other
+  # @param [ Vulnerability ] other
-  #
+  #
-  # @return [ Boolean ]
+  # @return [ Boolean ]
-  # :nocov:
+  # :nocov:
-  def ==(other)
+  def ==(other)
-    title == other.title &&
+    title == other.title &&
-        type == other.type &&
+        type == other.type &&
-        references == other.references &&
+        references == other.references &&
-        fixed_in == other.fixed_in
+        fixed_in == other.fixed_in
-  end
+  end
-  # :nocov:
+  # :nocov:
-
+
-  # Create the Vulnerability from the json_item
+  # Create the Vulnerability from the json_item
-  #
+  #
-  # @param [ Hash ] json_item
+  # @param [ Hash ] json_item
-  #
+  #
-  # @return [ Vulnerability ]
+  # @return [ Vulnerability ]
-  def self.load_from_json_item(json_item)
+  def self.load_from_json_item(json_item)
-    references = {}
+    references = {}
-
+    references['id'] = [json_item['id']]
-    %w(id url cve secunia osvdb metasploit exploitdb).each do |key|
+
-      if json_item[key]
+    %w(url cve secunia osvdb metasploit exploitdb).each do |key|
-        json_item[key]  = [json_item[key]] if json_item[key].class != Array
+      if json_item['references'][key]
-        references[key] = json_item[key]
+        json_item['references'][key] = [json_item['references'][key]] if json_item['references'][key].class != Array
-      end
+        references[key] = json_item['references'][key]
-    end
+      end
-
+    end
-    new(
+
-      json_item['title'],
+    new(
-      json_item['type'],
+      json_item['title'],
-      references,
+      json_item['type'],
-      json_item['fixed_in'],
+      references,
-    )
+      json_item['fixed_in']
-  end
+    )
-
+  end
-end
+
 end
--- a/lib/common/models/vulnerability/output.rb
+++ b/lib/common/models/vulnerability/output.rb
@@ -2,22 +2,22 @@
 class Vulnerability
  module Output
    # output the vulnerability
    def output(verbose = false)
      puts
      puts critical("Title: #{title}")
      references.each do |key, urls|
        methodname = "url_#{key}"
        urls.each do |u|
          next unless respond_to?(methodname)
          url = send(methodname, u)
          puts "    Reference: #{url}" if url
        end
      end
-      unless fixed_in.nil?
+      
-        puts notice("Fixed in: #{fixed_in}")
+      puts notice("Fixed in: #{fixed_in}") if fixed_in
      end
    end
  end
 end
--- a/lib/common/models/wp_item.rb
+++ b/lib/common/models/wp_item.rb
@@ -1,103 +1,121 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'wp_item/findable'
+require 'wp_item/findable'
-require 'wp_item/versionable'
+require 'wp_item/versionable'
-require 'wp_item/vulnerable'
+require 'wp_item/vulnerable'
-require 'wp_item/existable'
+require 'wp_item/existable'
-require 'wp_item/infos'
+require 'wp_item/infos'
-require 'wp_item/output'
+require 'wp_item/output'
-
+
-class WpItem
+class WpItem
-
+
-  extend  WpItem::Findable
+  extend  WpItem::Findable
-  include WpItem::Versionable
+  include WpItem::Versionable
-  include WpItem::Vulnerable
+  include WpItem::Vulnerable
-  include WpItem::Existable
+  include WpItem::Existable
-  include WpItem::Infos
+  include WpItem::Infos
-  include WpItem::Output
+  include WpItem::Output
-
+
-  attr_reader   :path
+  attr_reader   :path
-  attr_accessor :name, :wp_content_dir, :wp_plugins_dir
+  attr_accessor :name, :wp_content_dir, :wp_plugins_dir
-
+
-  # @return [ Array ]
+  # @return [ Array ]
-  # Make it private ?
+  # Make it private ?
-  def allowed_options
+  def allowed_options
-    [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :vulns_file]
+    [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :db_file]
-  end
+  end
-
+
-  # @param [ URI ] target_base_uri
+  # @param [ URI ] target_base_uri
-  # @param [ Hash ] options See allowed_option
+  # @param [ Hash ] options See allowed_option
-  #
+  #
-  # @return [ WpItem ]
+  # @return [ WpItem ]
-  def initialize(target_base_uri, options = {})
+  def initialize(target_base_uri, options = {})
-
+    options[:wp_content_dir] ||= 'wp-content'
-    options[:wp_content_dir] ||= 'wp-content'
+    options[:wp_plugins_dir] ||= options[:wp_content_dir] + '/plugins'
-    options[:wp_plugins_dir] ||= options[:wp_content_dir] + '/plugins'
+
-
+    set_options(options)
-    set_options(options)
+    forge_uri(target_base_uri)
-    forge_uri(target_base_uri)
+  end
-  end
+
-
+  def identifier
-  # @param [ Hash ] options
+    @identifier ||= name
-  #
+  end
-  # @return [ void ]
+
-  def set_options(options)
+  # @return [ Hash ]
-    allowed_options.each do |allowed_option|
+  def db_data
-      if options.has_key?(allowed_option)
+    @db_data ||= json(db_file)[identifier] || {}
-        method = :"#{allowed_option}="
+  end
-
+
-        if self.respond_to?(method)
+  def latest_version
-          self.send(method, options[allowed_option])
+    db_data['latest_version']
-        else
+  end
-          raise "#{self.class} does not respond to #{method}"
+
-        end
+  def last_updated
-      end
+    db_data['last_updated']
-    end
+  end
-  end
+
-  private :set_options
+  def popular?
-
+    db_data['popular']
-  # @param [ URI ] target_base_uri
+  end
-  #
+
-  # @return [ void ]
+  # @param [ Hash ] options
-  def forge_uri(target_base_uri)
+  #
-    @uri = target_base_uri
+  # @return [ void ]
-  end
+  def set_options(options)
-
+    allowed_options.each do |allowed_option|
-  # @return [ URI ] The uri to the WpItem, with the path if present
+      if options.has_key?(allowed_option)
-  def uri
+        method = :"#{allowed_option}="
-    path ? @uri.merge(path) : @uri
+
-  end
+        if self.respond_to?(method)
-
+          self.send(method, options[allowed_option])
-  # @return [ String ] The url to the WpItem
+        else
-  def url; uri.to_s end
+          raise "#{self.class} does not respond to #{method}"
-
+        end
-  # Sets the path
+      end
-  #
+    end
-  # Variable, such as $wp-plugins$ and $wp-content$ can be used
+  end
-  # and will be replace by their value
+  private :set_options
-  #
+
-  # @param [ String ] path
+  # @param [ URI ] target_base_uri
-  #
+  #
-  # @return [ void ]
+  # @return [ void ]
-  def path=(path)
+  def forge_uri(target_base_uri)
-    @path = URI.encode(
+    @uri = target_base_uri
-      path.gsub(/\$wp-plugins\$/i, wp_plugins_dir).gsub(/\$wp-content\$/i, wp_content_dir)
+  end
-    )
+
-  end
+  # @return [ URI ] The uri to the WpItem, with the path if present
-
+  def uri
-  # @param [ WpItem ] other
+    path ? @uri.merge(path) : @uri
-  def <=>(other)
+  end
-    name <=> other.name
+
-  end
+  # @return [ String ] The url to the WpItem
-
+  def url; uri.to_s end
-  # @param [ WpItem ] other
+
-  def ==(other)
+  # Sets the path
-    name === other.name
+  #
-  end
+  # Variable, such as $wp-plugins$ and $wp-content$ can be used
-
+  # and will be replace by their value
-  # @param [ WpItem ] other
+  #
-  def ===(other)
+  # @param [ String ] path
-    self == other && version === other.version
+  #
-  end
+  # @return [ void ]
-
+  def path=(path)
-end
+    @path = path.gsub(/\$wp-plugins\$/i, wp_plugins_dir).gsub(/\$wp-content\$/i, wp_content_dir)
  end
  # @param [ WpItem ] other
  def <=>(other)
    name <=> other.name
  end
  # @param [ WpItem ] other
  def ==(other)
    name === other.name
  end
  # @param [ WpItem ] other
  def ===(other)
    self == other && version === other.version
  end
 end
--- a/lib/common/models/wp_item/existable.rb
+++ b/lib/common/models/wp_item/existable.rb
@@ -1,50 +1,50 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpItem
+class WpItem
-  module Existable
+  module Existable
-
+
-    # Check the existence of the WpItem
+    # Check the existence of the WpItem
-    # If the response is supplied, it's used for the verification
+    # If the response is supplied, it's used for the verification
-    # Otherwise a new request is done
+    # Otherwise a new request is done
-    #
+    #
-    # @param [ Hash ] options See exists_from_response?
+    # @param [ Hash ] options See exists_from_response?
-    # @param [ Typhoeus::Response ] response
+    # @param [ Typhoeus::Response ] response
-    #
+    #
-    # @return [ Boolean ]
+    # @return [ Boolean ]
-    def exists?(options = {}, response = nil)
+    def exists?(options = {}, response = nil)
-      unless response
+      unless response
-        response = Browser.get(url)
+        response = Browser.get(url)
-      end
+      end
-      exists_from_response?(response, options)
+      exists_from_response?(response, options)
-    end
+    end
-
+
-    protected
+    protected
-
+
-    # @param [ Typhoeus::Response ] response
+    # @param [ Typhoeus::Response ] response
-    # @param [ options ] options
+    # @param [ options ] options
-    #
+    #
-    # @option options [ Hash ] :error_404_hash  The hash of the error 404 page
+    # @option options [ Hash ] :error_404_hash  The hash of the error 404 page
-    # @option options [ Hash ] :homepage_hash   The hash of the homepage
+    # @option options [ Hash ] :homepage_hash   The hash of the homepage
-    # @option options [ Hash ] :exclude_content A regexp with the pattern to exclude from the body of the response
+    # @option options [ Hash ] :exclude_content A regexp with the pattern to exclude from the body of the response
-    #
+    #
-    # @return [ Boolean ]
+    # @return [ Boolean ]
-    def exists_from_response?(response, options = {})
+    def exists_from_response?(response, options = {})
-      # 301 included as some items do a self-redirect
+      # 301 included as some items do a self-redirect
-      # Redirects to the 404 and homepage should be ignored (unless dynamic content is used)
+      # Redirects to the 404 and homepage should be ignored (unless dynamic content is used)
-      # by the page hashes (error_404_hash & homepage_hash)
+      # by the page hashes (error_404_hash & homepage_hash)
-      if [200, 401, 403, 301].include?(response.code)
+      if [200, 401, 403, 301].include?(response.code)
-        if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash])
+        if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash])
-          if options[:exclude_content]
+          if options[:exclude_content]
-            unless response.body.match(options[:exclude_content])
+            unless response.body.match(options[:exclude_content])
-              return true
+              return true
-            end
+            end
-          else
+          else
-            return true
+            return true
-          end
+          end
-        end
+        end
-      end
+      end
-      false
+      false
-    end
+    end
-
+
-  end
+  end
-end
+end
--- a/lib/common/models/wp_item/findable.rb
+++ b/lib/common/models/wp_item/findable.rb
@@ -1,19 +1,18 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpItem
+class WpItem
-  attr_reader :found_from
+  attr_reader :found_from
-
+
-  # Sets the found_from attribute
+  # Sets the found_from attribute
-  #
+  #
-  # @param [ String ] method The method which found the WpItem
+  # @param [ String ] method The method which found the WpItem
-  #
+  #
-  # @return [ void ]
+  # @return [ void ]
-  def found_from=(method)
+  def found_from=(method)
-    found       = method[%r{find_from_(.*)}, 1]
+    @found_from = method.to_s.gsub(/find_from_/, '').gsub(/_/, ' ')
-    @found_from = found.gsub('_', ' ') if found
+  end
-  end
+
-
+  module Findable
-  module Findable
+
-
+  end
-  end
+end
 end
--- a/lib/common/models/wp_item/output.rb
+++ b/lib/common/models/wp_item/output.rb
@@ -5,12 +5,17 @@ class WpItem
    # @return [ Void ]
    def output(verbose = false)
      outdated = VersionCompare.lesser?(version, latest_version) if latest_version
      puts
      puts info("Name: #{self}") #this will also output the version number if detected
      puts " |  Latest version: #{latest_version} #{'(up to date)' if version}" if latest_version && !outdated
      puts " |  Last updated: #{last_updated}" if last_updated
      puts " |  Location: #{url}"
      #puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
      puts " |  Readme: #{readme_url}" if has_readme?
      puts " |  Changelog: #{changelog_url}" if has_changelog?
      puts warning("The version is out of date, the latest version is #{latest_version}") if latest_version && outdated
      puts warning("Directory listing is enabled: #{url}") if has_directory_listing?
      puts warning("An error_log file has been found: #{error_log_url}") if has_error_log?
--- a/lib/common/models/wp_item/versionable.rb
+++ b/lib/common/models/wp_item/versionable.rb
--- a/lib/common/models/wp_item/vulnerable.rb
+++ b/lib/common/models/wp_item/vulnerable.rb
@@ -1,51 +1,44 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpItem
+class WpItem
-  module Vulnerable
+  module Vulnerable
-    attr_accessor :vulns_file, :identifier
+    attr_accessor :db_file, :identifier
-
+
-    # Get the vulnerabilities associated to the WpItem
+    # Get the vulnerabilities associated to the WpItem
-    # Filters out already fixed vulnerabilities
+    # Filters out already fixed vulnerabilities
-    #
+    #
-    # @return [ Vulnerabilities ]
+    # @return [ Vulnerabilities ]
-    def vulnerabilities
+    def vulnerabilities
-      json            = json(vulns_file)
+      return @vulnerabilities if @vulnerabilities
-      vulnerabilities = Vulnerabilities.new
+
-
+      @vulnerabilities = Vulnerabilities.new
-      json.each do |item|
+
-        asset = item[identifier]
+      [*db_data['vulnerabilities']].each do |vulnerability|
-
+        vulnerability = Vulnerability.load_from_json_item(vulnerability)
-        next unless asset
+        @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
-
+      end
-        asset['vulnerabilities'].each do |vulnerability|
+
-          vulnerability = Vulnerability.load_from_json_item(vulnerability)
+      @vulnerabilities
-          vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
+    end
-        end
+
-
+    def vulnerable?
-        break # No need to iterate any further
+      vulnerabilities.empty? ? false : true
-      end
+    end
-
+
-      vulnerabilities
+    # Checks if a item is vulnerable to a specific vulnerability
-    end
+    #
-
+    # @param [ Vulnerability ] vuln Vulnerability to check the item against
-    def vulnerable?
+    #
-      vulnerabilities.empty? ? false : true
+    # @return [ Boolean ]
-    end
+    def vulnerable_to?(vuln)
-
+      if version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
-    # Checks if a item is vulnerable to a specific vulnerability
+        unless VersionCompare::lesser_or_equal?(vuln.fixed_in, version)
-    #
+          return true
-    # @param [ Vulnerability ] vuln Vulnerability to check the item against
+        end
-    #
+      else
-    # @return [ Boolean ]
+        return true
-    def vulnerable_to?(vuln)
+      end
-      if version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
+      return false
-        unless VersionCompare::lesser_or_equal?(vuln.fixed_in, version)
+    end
-          return true
+  end
-        end
+end
      else
        return true
      end
      return false
    end
  end
 end
--- a/lib/common/models/wp_plugin.rb
+++ b/lib/common/models/wp_plugin.rb
@@ -1,17 +1,16 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'wp_plugin/vulnerable'
+class WpPlugin < WpItem
-
+  # Sets the @uri
-class WpPlugin < WpItem
+  #
-  include WpPlugin::Vulnerable
+  # @param [ URI ] target_base_uri The URI of the wordpress blog
-
+  #
-  # Sets the @uri
+  # @return [ void ]
-  #
+  def forge_uri(target_base_uri)
-  # @param [ URI ] target_base_uri The URI of the wordpress blog
+    @uri = target_base_uri.merge("#{wp_plugins_dir}/#{url_encode(name)}/")
-  #
+  end
-  # @return [ void ]
+
-  def forge_uri(target_base_uri)
+  def db_file
-    @uri = target_base_uri.merge(URI.encode(wp_plugins_dir + '/' + name + '/'))
+    @db_file ||= PLUGINS_FILE
-  end
+  end
-
+end
 end
--- a/lib/common/models/wp_plugin/vulnerable.rb
+++ b/lib/common/models/wp_plugin/vulnerable.rb
@@ -1,20 +0,0 @@
 # encoding: UTF-8
 class WpPlugin < WpItem
  module Vulnerable
    # @return [ String ] The path to the file containing vulnerabilities
    def vulns_file
      unless @vulns_file
        @vulns_file = PLUGINS_VULNS_FILE
      end
      @vulns_file
    end
    # @return [ String ]
    def identifier
      @name
    end
  end
 end
--- a/lib/common/models/wp_theme.rb
+++ b/lib/common/models/wp_theme.rb
@@ -1,36 +1,37 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'wp_theme/findable'
+require 'wp_theme/findable'
-require 'wp_theme/versionable'
+require 'wp_theme/versionable'
-require 'wp_theme/vulnerable'
+require 'wp_theme/info'
-require 'wp_theme/info'
+require 'wp_theme/output'
-require 'wp_theme/output'
+require 'wp_theme/childtheme'
-require 'wp_theme/childtheme'
+
-
+class WpTheme < WpItem
-class WpTheme < WpItem
+  extend WpTheme::Findable
-  extend WpTheme::Findable
+  include WpTheme::Versionable
-  include WpTheme::Versionable
+  include WpTheme::Info
-  include WpTheme::Vulnerable
+  include WpTheme::Output
-  include WpTheme::Info
+  include WpTheme::Childtheme
-  include WpTheme::Output
+
-  include WpTheme::Childtheme
+  attr_accessor :referenced_url
-
+
-  attr_accessor :referenced_url
+  def allowed_options; super << :referenced_url end
-
+
-  def allowed_options; super << :referenced_url end
+  # Sets the @uri
-
+  #
-  # Sets the @uri
+  # @param [ URI ] target_base_uri The URI of the wordpress blog
-  #
+  #
-  # @param [ URI ] target_base_uri The URI of the wordpress blog
+  # @return [ void ]
-  #
+  def forge_uri(target_base_uri)
-  # @return [ void ]
+    @uri = target_base_uri.merge("#{wp_content_dir}/themes/#{url_encode(name)}/")
-  def forge_uri(target_base_uri)
+  end
-    @uri = target_base_uri.merge(URI.encode(wp_content_dir + '/themes/' + name + '/'))
+
-  end
+  # @return [ String ] The url to the theme stylesheet
-
+  def style_url
-  # @return [ String ] The url to the theme stylesheet
+    @uri.merge('style.css').to_s
-  def style_url
+  end
-    @uri.merge('style.css').to_s
+
-  end
+  def db_file
-
+    @db_file ||= THEMES_FILE
-end
+  end
 end
--- a/lib/common/models/wp_theme/findable.rb
+++ b/lib/common/models/wp_theme/findable.rb
@@ -1,64 +1,64 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpTheme < WpItem
+class WpTheme < WpItem
-  module Findable
+  module Findable
-
+
-    # Find the main theme of the blog
+    # Find the main theme of the blog
-    #
+    #
-    # @param [ URI ] target_uri
+    # @param [ URI ] target_uri
-    #
+    #
-    # @return [ WpTheme ]
+    # @return [ WpTheme ]
-    def find(target_uri)
+    def find(target_uri)
-      methods.grep(/^find_from_/).each do |method|
+      methods.grep(/^find_from_/).each do |method|
-        if wp_theme = self.send(method, target_uri)
+        if wp_theme = self.send(method, target_uri)
-          wp_theme.found_from = method
+          wp_theme.found_from = method.to_s
-
+
-          return wp_theme
+          return wp_theme
-        end
+        end
-      end
+      end
-      nil
+      nil
-    end
+    end
-
+
-    protected
+    protected
-
+
-    # Discover the wordpress theme by parsing the css link rel
+    # Discover the wordpress theme by parsing the css link rel
-    #
+    #
-    # @param [ URI ] target_uri
+    # @param [ URI ] target_uri
-    #
+    #
-    # @return [ WpTheme ]
+    # @return [ WpTheme ]
-    def find_from_css_link(target_uri)
+    def find_from_css_link(target_uri)
-      response = Browser.get_and_follow_location(target_uri.to_s)
+      response = Browser.get_and_follow_location(target_uri.to_s)
-
+
-      # https + domain is optional because of relative links
+      # https + domain is optional because of relative links
-      return unless response.body =~ %r{(?:https?://[^"']+/)?([^/\s]+)/themes/([^"'/]+)[^"']*/style.css}i
+      return unless response.body =~ %r{(?:https?://[^"']+/)?([^/\s]+)/themes/([^"'/]+)[^"']*/style.css}i
-
+
-      new(
+      new(
-        target_uri,
+        target_uri,
-        name:           Regexp.last_match[2],
+        name:           Regexp.last_match[2],
-        referenced_url: Regexp.last_match[0],
+        referenced_url: Regexp.last_match[0],
-        wp_content_dir: Regexp.last_match[1]
+        wp_content_dir: Regexp.last_match[1]
-      )
+      )
-    end
+    end
-
+
-    # @param [ URI ] target_uri
+    # @param [ URI ] target_uri
-    #
+    #
-    # @return [ WpTheme ]
+    # @return [ WpTheme ]
-    def find_from_wooframework(target_uri)
+    def find_from_wooframework(target_uri)
-      body = Browser.get(target_uri.to_s).body
+      body = Browser.get(target_uri.to_s).body
-      regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}
+      regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}
-
+
-      if matches = regexp.match(body)
+      if matches = regexp.match(body)
-        woo_theme_name = matches[1]
+        woo_theme_name = matches[1]
-        woo_theme_version = matches[2]
+        woo_theme_version = matches[2]
-        #woo_framework_version = matches[3] # Not used at this time
+        #woo_framework_version = matches[3] # Not used at this time
-
+
-        return new(
+        return new(
-          target_uri,
+          target_uri,
-          name:    woo_theme_name,
+          name:    woo_theme_name,
-          version: woo_theme_version
+          version: woo_theme_version
-        )
+        )
-      end
+      end
-    end
+    end
-
+
-  end
+  end
-end
+end
--- a/lib/common/models/wp_theme/output.rb
+++ b/lib/common/models/wp_theme/output.rb
@@ -6,13 +6,13 @@ class WpTheme
    # @return [ Void ]
    def additional_output(verbose = false)
      parse_style
-      
+
      theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
      puts " |  Style URL: #{style_url}"
      puts " |  Referenced style.css: #{referenced_url}" if referenced_url && referenced_url != style_url
      puts " |  Theme Name: #{@theme_name}" if @theme_name
      puts " |  Theme URI: #{@theme_uri}" if @theme_uri
-      puts " |  Description: #{theme_desc}"
+      puts " |  Description: #{theme_desc}" if theme_desc
      puts " |  Author: #{@theme_author}" if @theme_author
      puts " |  Author URI: #{@theme_author_uri}" if @theme_author_uri
      puts " |  Template: #{@theme_template}" if @theme_template and verbose
--- a/lib/common/models/wp_theme/versionable.rb
+++ b/lib/common/models/wp_theme/versionable.rb
@@ -1,9 +1,9 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpTheme < WpItem
+class WpTheme < WpItem
-  module Versionable
+  module Versionable
-    def version
+    def version
-      @version ||= Browser.get(style_url).body[%r{Version:\s*(?!trunk)([0-9a-z\.-]+)}i, 1]
+      @version ||= Browser.get(style_url).body[%r{Version:\s*(?!trunk)([0-9a-z\.-]+)}i, 1]
-    end
+    end
-  end
+  end
-end
+end
--- a/lib/common/models/wp_theme/vulnerable.rb
+++ b/lib/common/models/wp_theme/vulnerable.rb
@@ -1,19 +0,0 @@
 # encoding: UTF-8
 class WpTheme < WpItem
  module Vulnerable
    # @return [ String ] The path to the file containing vulnerabilities
    def vulns_file
      unless @vulns_file
        @vulns_file = THEMES_VULNS_FILE
      end
      @vulns_file
    end
    # @return [ String ]
    def identifier
      @name
    end
  end
 end
--- a/lib/common/models/wp_timthumb.rb
+++ b/lib/common/models/wp_timthumb.rb
@@ -1,20 +1,20 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'wp_timthumb/versionable'
+require 'wp_timthumb/versionable'
-require 'wp_timthumb/existable'
+require 'wp_timthumb/existable'
-require 'wp_timthumb/output'
+require 'wp_timthumb/output'
-require 'wp_timthumb/vulnerable'
+require 'wp_timthumb/vulnerable'
-
+
-class WpTimthumb < WpItem
+class WpTimthumb < WpItem
-  include WpTimthumb::Versionable
+  include WpTimthumb::Versionable
-  include WpTimthumb::Existable
+  include WpTimthumb::Existable
-  include WpTimthumb::Output
+  include WpTimthumb::Output
-  include WpTimthumb::Vulnerable
+  include WpTimthumb::Vulnerable
-
+
-  # @param [ WpTimthumb ] other
+  # @param [ WpTimthumb ] other
-  #
+  #
-  # @return [ Boolean ]
+  # @return [ Boolean ]
-  def ==(other)
+  def ==(other)
-    url == other.url
+    url == other.url
-  end
+  end
-end
+end
--- a/lib/common/models/wp_timthumb/versionable.rb
+++ b/lib/common/models/wp_timthumb/versionable.rb
@@ -1,24 +1,24 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpTimthumb < WpItem
+class WpTimthumb < WpItem
-  module Versionable
+  module Versionable
-
+
-    # Get the version from the body of an invalid request
+    # Get the version from the body of an invalid request
-    # See https://code.google.com/p/timthumb/source/browse/trunk/timthumb.php#426
+    # See https://code.google.com/p/timthumb/source/browse/trunk/timthumb.php#426
-    #
+    #
-    # @return [ String ] The version
+    # @return [ String ] The version
-    def version
+    def version
-      unless @version
+      unless @version
-        response = Browser.get(url)
+        response = Browser.get(url)
-        @version = response.body[%r{TimThumb version\s*: ([^<]+)} , 1]
+        @version = response.body[%r{TimThumb version\s*: ([^<]+)} , 1]
-      end
+      end
-      @version
+      @version
-    end
+    end
-
+
-    # @return [ String ]
+    # @return [ String ]
-    def to_s
+    def to_s
-      "#{url}#{ ' v' + version if version}"
+      "#{url}#{ ' v' + version if version}"
-    end
+    end
-
+
-  end
+  end
-end
+end
--- a/lib/common/models/wp_user.rb
+++ b/lib/common/models/wp_user.rb
--- a/lib/common/models/wp_user/brute_forcable.rb
+++ b/lib/common/models/wp_user/brute_forcable.rb
@@ -3,6 +3,8 @@
 class WpUser < WpItem
  module BruteForcable
    attr_reader :progress_bar
    # Brute force the user with the wordlist supplied
    #
    # It can take a long time to queue 2 million requests,
@@ -25,9 +27,19 @@ class WpUser < WpItem
      hydra        = browser.hydra
      queue_count  = 0
      found        = false
      progress_bar = self.progress_bar(count_file_lines(wordlist)+1, options)
-      File.open(wordlist).each do |password|
+      if wordlist == '-'
        words = ARGF
        passwords_size = 10
        options[:starting_at] = 0
      else
        words = File.open(wordlist)
        passwords_size = count_file_lines(wordlist)+1
      end
      create_progress_bar(passwords_size, options)
      words.each do |password|
        password.chomp!
        # A successfull login will redirect us to the redirect_to parameter
@@ -40,9 +52,15 @@ class WpUser < WpItem
        request = login_request(password, redirect_url)
        request.on_complete do |response|
-          progress_bar.progress += 1 if options[:show_progression] && !found
+          if options[:show_progression] && !found
            progress_bar.progress += 1
            percentage = progress_bar.progress.fdiv(progress_bar.total)
            if options[:starting_at] && percentage >= 0.8
              progress_bar.total *= 2
            end
          end
-          puts "\n  Trying Username : #{login} Password : #{password}" if options[:verbose]
+          progress_bar.log("  Trying Username: #{login} Password: #{password}") if options[:verbose]
          if valid_password?(response, password, redirect_url, options)
            found         = true
@@ -57,7 +75,7 @@ class WpUser < WpItem
        if queue_count >= browser.max_threads
          hydra.run
          queue_count = 0
-          puts "Sent #{browser.max_threads} requests ..." if options[:verbose]
+          progress_bar.log("  Sent #{browser.max_threads} request/s ...") if options[:verbose]
        end
      end
@@ -71,12 +89,13 @@ class WpUser < WpItem
    #
    # @return [ ProgressBar ]
    # :nocov:
-    def progress_bar(passwords_size, options)
+    def create_progress_bar(passwords_size, options)
      if options[:show_progression]
-        ProgressBar.create(
+        @progress_bar = ProgressBar.create(
          format: '%t %a <%B> (%c / %C) %P%% %e',
          title: "  Brute Forcing '#{login}'",
-          total: passwords_size
+          total: passwords_size,
          starting_at: options[:starting_at]
        )
      end
    end
@@ -107,20 +126,20 @@ class WpUser < WpItem
        progression = "#{info('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
        valid       = true
      elsif response.body =~ /login_error/i
-        verbose = "\n  Incorrect login and/or password."
+        verbose = "Incorrect login and/or password."
      elsif response.timed_out?
        progression = critical('ERROR: Request timed out.')
      elsif response.code == 0
        progression = critical("ERROR: No response from remote server. WAF/IPS? (#{response.return_message})")
      elsif response.code.to_s =~ /^50/
-        progression = critical('ERROR: Server error, try reducing the number of threads.')
+        progression = critical('ERROR: Server error, try reducing the number of threads or use the --throttle option.')
      else
-        progression = critical("ERROR: We received an unknown response for #{password}...")
+        progression = critical("ERROR: We received an unknown response for login: #{login} and password: #{password}")
-        verbose     = critical("    Code: #{response.code}\n    Body: #{response.body}\n")
+        verbose     = critical("  Code: #{response.code}\n    Body: #{response.body}\n")
      end
-      puts "\n  " + progression if progression && options[:show_progression]
+      progress_bar.log("  #{progression}") if progression && options[:show_progression]
-      puts verbose if verbose && options[:verbose]
+      progress_bar.log("  #{verbose}") if verbose && options[:verbose]
      valid || false
    end
--- a/lib/common/models/wp_user/existable.rb
+++ b/lib/common/models/wp_user/existable.rb
@@ -1,86 +1,86 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpUser < WpItem
+class WpUser < WpItem
-  module Existable
+  module Existable
-
+
-    # @param [ Typhoeus::Response ] response
+    # @param [ Typhoeus::Response ] response
-    # @param [ Hash ] options
+    # @param [ Hash ] options
-    #
+    #
-    # @return [ Boolean ]
+    # @return [ Boolean ]
-    def exists_from_response?(response, options = {})
+    def exists_from_response?(response, options = {})
-      load_from_response(response)
+      load_from_response(response)
-
+
-      @login ? true : false
+      @login ? true : false
-    end
+    end
-
+
-    # Load the login and display_name from the response
+    # Load the login and display_name from the response
-    #
+    #
-    # @param [ Typhoeus::Response ] response
+    # @param [ Typhoeus::Response ] response
-    #
+    #
-    # @return [ void ]
+    # @return [ void ]
-    def load_from_response(response)
+    def load_from_response(response)
-      if response.code == 301 # login in location?
+      if response.code == 301 # login in location?
-        location = response.headers_hash['Location']
+        location = response.headers_hash['Location']
-
+
-        return if location.nil? || location.empty?
+        return if location.nil? || location.empty?
-
+
-        @login        = Existable.login_from_author_pattern(location)
+        @login        = Existable.login_from_author_pattern(location)
-        @display_name = Existable.display_name_from_body(
+        @display_name = Existable.display_name_from_body(
-          Browser.get(location).body
+          Browser.get(location).body
-        )
+        )
-      elsif response.code == 200 # login in body?
+      elsif response.code == 200 # login in body?
-        @login        = Existable.login_from_body(response.body)
+        @login        = Existable.login_from_body(response.body)
-        @display_name = Existable.display_name_from_body(response.body)
+        @display_name = Existable.display_name_from_body(response.body)
-      end
+      end
-    end
+    end
-    private :load_from_response
+    private :load_from_response
-
+
-    # @param [ String ] text
+    # @param [ String ] text
-    #
+    #
-    # @return [ String ] The login
+    # @return [ String ] The login
-    def self.login_from_author_pattern(text)
+    def self.login_from_author_pattern(text)
-      return unless text =~ %r{/author/([^/\b]+)/?}i
+      return unless text =~ %r{/author/([^/\b"']+)/?}i
-
+
-      Regexp.last_match[1].force_encoding('UTF-8')
+      Regexp.last_match[1].force_encoding('UTF-8')
-    end
+    end
-
+
-    # @param [ String ] body
+    # @param [ String ] body
-    #
+    #
-    # @return [ String ] The login
+    # @return [ String ] The login
-    def self.login_from_body(body)
+    def self.login_from_body(body)
-      # Feed URL with Permalinks
+      # Feed URL with Permalinks
-      login = WpUser::Existable.login_from_author_pattern(body)
+      login = WpUser::Existable.login_from_author_pattern(body)
-
+
-      unless login
+      unless login
-        # No Permalinks
+        # No Permalinks
-        login = body[%r{<body class="archive author author-([^\s]+)[ "]}i, 1]
+        login = body[%r{<body class="archive author author-([^\s]+)[ "]}i, 1]
-        login ? login.force_encoding('UTF-8') : nil
+        login ? login.force_encoding('UTF-8') : nil
-      end
+      end
-
+
-      login
+      login
-    end
+    end
-
+
-    # @note Some bodies are encoded in ASCII-8BIT, and Nokogiri doesn't support it
+    # @note Some bodies are encoded in ASCII-8BIT, and Nokogiri doesn't support it
-    #   So it's forced to UTF-8 when this encoding is detected
+    #   So it's forced to UTF-8 when this encoding is detected
-    #
+    #
-    # @param [ String ] body
+    # @param [ String ] body
-    #
+    #
-    # @return [ String ] The display_name
+    # @return [ String ] The display_name
-    def self.display_name_from_body(body)
+    def self.display_name_from_body(body)
-      if title_tag = body[%r{<title>([^<]+)</title>}i, 1]
+      if title_tag = body[%r{<title>([^<]+)</title>}i, 1]
-        title_tag.force_encoding('UTF-8') if title_tag.encoding == Encoding::ASCII_8BIT
+        title_tag.force_encoding('UTF-8') if title_tag.encoding == Encoding::ASCII_8BIT
-        title_tag = Nokogiri::HTML::DocumentFragment.parse(title_tag).to_s
+        title_tag = Nokogiri::HTML::DocumentFragment.parse(title_tag).to_s
-        # &amp; are not decoded with Nokogiri
+        # &amp; are not decoded with Nokogiri
-        title_tag.gsub!('&amp;', '&')
+        title_tag.gsub!('&amp;', '&')
-
+
-        # replace UTF chars like  &#187; with dummy character
+        # replace UTF chars like  &#187; with dummy character
-        title_tag.gsub!(/&#(\d+);/, '|')
+        title_tag.gsub!(/&#(\d+);/, '|')
-
+
-        name = title_tag[%r{([^|«»]+) }, 1]
+        name = title_tag[%r{([^|«»]+) }, 1]
-
+
-        return name.strip if name
+        return name.strip if name
-      end
+      end
-    end
+    end
-
+
-  end
+  end
-end
+end
--- a/lib/common/models/wp_version.rb
+++ b/lib/common/models/wp_version.rb
@@ -1,33 +1,51 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'wp_version/findable'
+require 'wp_version/findable'
-require 'wp_version/vulnerable'
+require 'wp_version/output'
-require 'wp_version/output'
+
-
+class WpVersion < WpItem
-class WpVersion < WpItem
+  extend  WpVersion::Findable
-
+  include WpVersion::Output
-  extend  WpVersion::Findable
+
-  include WpVersion::Vulnerable
+  # The version number
-  include WpVersion::Output
+  attr_accessor :number, :metadata
-
+  alias_method :version, :number # Needed to have the right behaviour in Vulnerable#vulnerable_to?
-  # The version number
+
-  attr_accessor :number
+  # @return [ Array ]
-
+  def allowed_options; super << :number << :found_from end
-  # @return [ Array ]
+
-  def allowed_options; super << :number << :found_from end
+  def identifier
-
+    @identifier ||= number
-  # @param [ WpVersion ] other
+  end
-  #
+
-  # @return [ Boolean ]
+  def db_file
-  def ==(other)
+    @db_file ||= WORDPRESSES_FILE
-    number == other.number
+  end
-  end
+
-
+  # @param [ WpVersion ] other
-  # @return [ Array<String> ] All the stable versions from version_file
+  #
-  def self.all(versions_file = WP_VERSIONS_FILE)
+  # @return [ Boolean ]
-    Nokogiri.XML(File.open(versions_file)).css('version').reduce([]) do |a, node|
+  def ==(other)
-      a << node.text.to_s
+    number == other.number
-    end
+  end
-  end
+
-
+  # @return [ Array<String> ] All the stable versions from version_file
-end
+  def self.all(versions_file = WP_VERSIONS_FILE)
    Nokogiri.XML(File.open(versions_file)).css('version').reduce([]) do |a, node|
      a << node.text.to_s
    end
  end
  # @return [ Hash ] Metadata for specific WP version from WORDPRESSES_FILE
  def metadata(version)
    json = json(db_file)
    metadata = {}
    temp = json[version]
    if !temp.nil?
      metadata[:release_date]  = temp['release_date']
      metadata[:changelog_url] = temp['changelog_url']
    end
    metadata
  end
 end
--- a/lib/common/models/wp_version/findable.rb
+++ b/lib/common/models/wp_version/findable.rb
@@ -1,222 +1,237 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpVersion < WpItem
+class WpVersion < WpItem
-
+
-  module Findable
+  module Findable
-
+
-    # Find the version of the blog designated from target_uri
+    # Find the version of the blog designated from target_uri
-    #
+    #
-    # @param [ URI ] target_uri
+    # @param [ URI ] target_uri
-    # @param [ String ] wp_content_dir
+    # @param [ String ] wp_content_dir
-    # @param [ String ] wp_plugins_dir
+    # @param [ String ] wp_plugins_dir
-    #
+    #
-    # @return [ WpVersion ]
+    # @return [ WpVersion ]
-    def find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+    def find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
-      methods.grep(/^find_from_/).each do |method|
+      versions = {}
-
+      methods.grep(/^find_from_/).each do |method|
-        if method === :find_from_advanced_fingerprinting
+
-          version = send(method, target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+        if method === :find_from_advanced_fingerprinting
-        else
+          version = send(method, target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
-          version = send(method, target_uri)
+        else
-        end
+          version = send(method, target_uri)
-
+        end
-        if version
+
-          return new(target_uri, number: version, found_from: method)
+        if version
-        end
+          if versions.key?(version)
-      end
+            versions[version] << method.to_s
-      nil
+          else
-    end
+            versions[version] = [ method.to_s ]
-
+          end
-    # Used to check if the version is correct: must contain at least one dot.
+        end
-    #
+      end
-    # @return [ String ]
+
-    def version_pattern
+      if versions.length > 0
-      '([^\r\n"\']+\.[^\r\n"\']+)'
+        determined_version = versions.max_by { |k, v| v.length }
-    end
+        if determined_version
-
+          return new(target_uri, number: determined_version[0], found_from: determined_version[1].join(', '))
-    protected
+        end
-
+      end
-    # Returns the first match of <pattern> in the body of the url
+
-    #
+      nil
-    # @param [ URI ] target_uri
+    end
-    # @param [ Regex ] pattern
+
-    # @param [ String ] path
+    # Used to check if the version is correct: must contain at least one dot.
-    #
+    #
-    # @return [ String ]
+    # @return [ String ]
-    def scan_url(target_uri, pattern, path = nil)
+    def version_pattern
-      url = path ? target_uri.merge(path).to_s : target_uri.to_s
+      '([^\r\n"\',]+\.[^\r\n"\',]+)'
-      response = Browser.get_and_follow_location(url)
+    end
-
+
-      response.body[pattern, 1]
+    protected
-    end
+
-
+    # Returns the first match of <pattern> in the body of the url
-    #
+    #
-    # DO NOT Change the order of the following methods
+    # @param [ URI ] target_uri
-    # unless you know what you are doing
+    # @param [ Regex ] pattern
-    # See WpVersion.find
+    # @param [ String ] path
-    #
+    #
-
+    # @return [ String ]
-    # Attempts to find the wordpress version from,
+    def scan_url(target_uri, pattern, path = nil)
-    # the generator meta tag in the html source.
+      url = path ? target_uri.merge(path).to_s : target_uri.to_s
-    #
+      response = Browser.get_and_follow_location(url)
-    # The meta tag can be removed however it seems,
+
-    # that it is reinstated on upgrade.
+      response.body[pattern, 1]
-    #
+    end
-    # @param [ URI ] target_uri
+
-    #
+    #
-    # @return [ String ] The version number
+    # DO NOT Change the order of the following methods
-    def find_from_meta_generator(target_uri)
+    # unless you know what you are doing
-      scan_url(
+    # See WpVersion.find
-        target_uri,
+    #
-        %r{name="generator" content="wordpress #{version_pattern}"}i
+
-      )
+    # Attempts to find the wordpress version from,
-    end
+    # the generator meta tag in the html source.
-
+    #
-    # Attempts to find the WordPress version from,
+    # The meta tag can be removed however it seems,
-    # the generator tag in the RSS feed source.
+    # that it is reinstated on upgrade.
-    #
+    #
-    # @param [ URI ] target_uri
+    # @param [ URI ] target_uri
-    #
+    #
-    # @return [ String ] The version number
+    # @return [ String ] The version number
-    def find_from_rss_generator(target_uri)
+    def find_from_meta_generator(target_uri)
-      scan_url(
+      scan_url(
-        target_uri,
+        target_uri,
-        %r{<generator>http://wordpress.org/\?v=#{version_pattern}</generator>}i,
+        %r{name="generator" content="wordpress #{version_pattern}.*"}i
-        'feed/'
+      )
-      )
+    end
-    end
+
-
+    # Attempts to find the WordPress version from,
-    # Attempts to find WordPress version from,
+    # the generator tag in the RSS feed source.
-    # the generator tag in the RDF feed source.
+    #
-    #
+    # @param [ URI ] target_uri
-    # @param [ URI ] target_uri
+    #
-    #
+    # @return [ String ] The version number
-    # @return [ String ] The version number
+    def find_from_rss_generator(target_uri)
-    def find_from_rdf_generator(target_uri)
+      scan_url(
-      scan_url(
+        target_uri,
-        target_uri,
+        %r{<generator>http://wordpress.org/\?v=#{version_pattern}</generator>}i,
-        %r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{version_pattern}" />}i,
+        'feed/'
-        'feed/rdf/'
+      )
-      )
+    end
-    end
+
-
+    # Attempts to find WordPress version from,
-    # Attempts to find the WordPress version from,
+    # the generator tag in the RDF feed source.
-    # the generator tag in the Atom source.
+    #
-    #
+    # @param [ URI ] target_uri
-    # @param [ URI ] target_uri
+    #
-    #
+    # @return [ String ] The version number
-    # @return [ String ] The version number
+    def find_from_rdf_generator(target_uri)
-    def find_from_atom_generator(target_uri)
+      scan_url(
-      scan_url(
+        target_uri,
-        target_uri,
+        %r{<admin:generatorAgent rdf:resource="http://wordpress.org/\?v=#{version_pattern}" />}i,
-        %r{<generator uri="http://wordpress.org/" version="#{version_pattern}">WordPress</generator>}i,
+        'feed/rdf/'
-        'feed/atom/'
+      )
-      )
+    end
-    end
+
-
+    # Attempts to find the WordPress version from,
-    def find_from_stylesheets_numbers(target_uri)
+    # the generator tag in the Atom source.
-      wp_versions = WpVersion.all
+    #
-      found       = {}
+    # @param [ URI ] target_uri
-      pattern     = /\bver=([0-9\.]+)/i
+    #
-
+    # @return [ String ] The version number
-      Nokogiri::HTML(Browser.get(target_uri.to_s).body).css('link,script').each do |tag|
+    def find_from_atom_generator(target_uri)
-        %w(href src).each do |attribute|
+      scan_url(
-          attr_value = tag.attribute(attribute).to_s
+        target_uri,
-
+        %r{<generator uri="http://wordpress.org/" version="#{version_pattern}">WordPress</generator>}i,
-          next if attr_value.nil? || attr_value.empty?
+        'feed/atom/'
-
+      )
-          uri = Addressable::URI.parse(attr_value)
+    end
-          next unless uri.query && uri.query.match(pattern)
+
-
+    # Uses data/wp_versions.xml to try to identify a
-          version = Regexp.last_match[1].to_s
+    # wordpress version.
-
+    #
-          found[version] ||= 0
+    # It does this by using client side file hashing
-          found[version] += 1
+    #
-        end
+    # /!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)
-      end
+    #
-
+    # @param [ URI ] target_uri
-      found.delete_if { |v, _| !wp_versions.include?(v) }
+    # @param [ String ] wp_content_dir
-
+    # @param [ String ] wp_plugins_dir
-      best_guess = found.sort_by(&:last).last
+    # @param [ String ] versions_xml The path to the xml containing all versions
-      # best_guess[0]: version number, [1] numbers of occurences
+    #
-      best_guess && best_guess[1] > 1 ? best_guess[0] : nil
+    # @return [ String ] The version number
-    end
+    def find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
-
+      xml     = xml(versions_xml)
-    # Uses data/wp_versions.xml to try to identify a
+
-    # wordpress version.
+      wp_item = WpItem.new(target_uri,
-    #
+                           wp_content_dir: wp_content_dir,
-    # It does this by using client side file hashing
+                           wp_plugins_dir: wp_plugins_dir)
-    #
+
-    # /!\ Warning : this method might return false positive if the file used for fingerprinting is part of a theme (they can be updated)
+      xml.xpath('//file').each do |node|
-    #
+        wp_item.path = node.attribute('src').text
-    # @param [ URI ] target_uri
+
-    # @param [ String ] wp_content_dir
+        response = Browser.get(wp_item.url)
-    # @param [ String ] wp_plugins_dir
+        md5sum = Digest::MD5.hexdigest(response.body)
-    # @param [ String ] versions_xml The path to the xml containing all versions
+
-    #
+        node.search('hash').each do |hash|
-    # @return [ String ] The version number
+          if hash.attribute('md5').text == md5sum
-    def find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+            return hash.search('version').text
-      xml     = xml(versions_xml)
+          end
-
+        end
-      # This wp_item will take care of encoding the path
+      end
-      # and replace variables like $wp-content$ & $wp-plugins$
+      nil
-      wp_item = WpItem.new(target_uri,
+    end
-                           wp_content_dir: wp_content_dir,
+
-                           wp_plugins_dir: wp_plugins_dir)
+    # Attempts to find the WordPress version from the readme.html file.
-
+    #
-      xml.xpath('//file').each do |node|
+    # @param [ URI ] target_uri
-        wp_item.path = node.attribute('src').text
+    #
-
+    # @return [ String ] The version number
-        response = Browser.get(wp_item.url)
+    def find_from_readme(target_uri)
-        md5sum = Digest::MD5.hexdigest(response.body)
+      scan_url(
-
+        target_uri,
-        node.search('hash').each do |hash|
+        %r{<br />\sversion #{version_pattern}}i,
-          if hash.attribute('md5').text == md5sum
+        'readme.html'
-            return hash.search('version').text
+      )
-          end
+    end
-        end
+
-      end
+    # Attempts to find the WordPress version from the sitemap.xml file.
-      nil
+    #
-    end
+    # @param [ URI ] target_uri
-
+    #
-    # Attempts to find the WordPress version from the readme.html file.
+    # @return [ String ] The version number
-    #
+    def find_from_sitemap_generator(target_uri)
-    # @param [ URI ] target_uri
+      scan_url(
-    #
+        target_uri,
-    # @return [ String ] The version number
+        %r{generator="wordpress/#{version_pattern}"}i,
-    def find_from_readme(target_uri)
+        'sitemap.xml'
-      scan_url(
+      )
-        target_uri,
+    end
-        %r{<br />\sversion #{version_pattern}}i,
+
-        'readme.html'
+    # Attempts to find the WordPress version from the p-links-opml.php file.
-      )
+    #
-    end
+    # @param [ URI ] target_uri
-
+    #
-    # Attempts to find the WordPress version from the sitemap.xml file.
+    # @return [ String ] The version number
-    #
+    def find_from_links_opml(target_uri)
-    # @param [ URI ] target_uri
+      scan_url(
-    #
+        target_uri,
-    # @return [ String ] The version number
+        %r{generator="wordpress/#{version_pattern}"}i,
-    def find_from_sitemap_generator(target_uri)
+        'wp-links-opml.php'
-      scan_url(
+      )
-        target_uri,
+    end
-        %r{generator="wordpress/#{version_pattern}"}i,
+
-        'sitemap.xml'
+    def find_from_stylesheets_numbers(target_uri)
-      )
+      wp_versions = WpVersion.all
-    end
+      found       = {}
-
+      pattern     = /\bver=([0-9\.]+)/i
-    # Attempts to find the WordPress version from the p-links-opml.php file.
+
-    #
+      Nokogiri::HTML(Browser.get(target_uri.to_s).body).css('link,script').each do |tag|
-    # @param [ URI ] target_uri
+        %w(href src).each do |attribute|
-    #
+          attr_value = tag.attribute(attribute).to_s
-    # @return [ String ] The version number
+
-    def find_from_links_opml(target_uri)
+          next if attr_value.nil? || attr_value.empty?
-      scan_url(
+
-        target_uri,
+          begin
-        %r{generator="wordpress/#{version_pattern}"}i,
+            uri = Addressable::URI.parse(attr_value)
-        'wp-links-opml.php'
+          rescue Addressable::URI::InvalidURIError
-      )
+            next
-    end
+          end
-
+
-  end
+          next unless uri.query && uri.query.match(pattern)
-end
+
          version = Regexp.last_match[1].to_s
          found[version] ||= 0
          found[version] += 1
        end
      end
      found.delete_if { |v, _| !wp_versions.include?(v) }
      best_guess = found.sort_by(&:last).last
      # best_guess[0]: version number, [1] numbers of occurences
      best_guess && best_guess[1] > 1 ? best_guess[0] : nil
    end
  end
 end
--- a/lib/common/models/wp_version/output.rb
+++ b/lib/common/models/wp_version/output.rb
@@ -4,8 +4,16 @@ class WpVersion < WpItem
  module Output
    def output(verbose = false)
      metadata = self.metadata(self.number)
      puts
-      puts info("WordPress version #{self.number} identified from #{self.found_from}")
+      if verbose
        puts info("WordPress version #{self.number} identified from #{self.found_from}")
        puts " | Released: #{metadata[:release_date]}"
        puts " | Changelog: #{metadata[:changelog_url]}"
      else
        puts info("WordPress version #{self.number} #{"(Released on #{metadata[:release_date]}) identified from #{self.found_from}" if metadata[:release_date]}")
      end
      vulnerabilities = self.vulnerabilities
--- a/lib/common/models/wp_version/vulnerable.rb
+++ b/lib/common/models/wp_version/vulnerable.rb
@@ -1,25 +0,0 @@
 # encoding: UTF-8
 class WpVersion < WpItem
  module Vulnerable
    # @return [ String ] The path to the file containing vulnerabilities
    def vulns_file
      unless @vulns_file
        @vulns_file = WP_VULNS_FILE
      end
      @vulns_file
    end
    # @return [ String ]
    def identifier
      @number
    end  
    # @return [ String ]
    # def vulns_xpath
    #   "//wordpress[@version='#{@number}']/vulnerability"
    # end
  end
 end
--- a/lib/common/version_compare.rb
+++ b/lib/common/version_compare.rb
@@ -11,8 +11,8 @@ class VersionCompare
  # @return [ Boolean ]
  def self.lesser_or_equal?(version1, version2)
    # Prepend a '0' if the version starts with a '.'
-    version1 = "0#{version1}" if version1 && version1[0,1] == '.'
+    version1 = prepend_zero(version1)
-    version2 = "0#{version2}" if version2 && version2[0,1] == '.'
+    version2 = prepend_zero(version2)
    return true if (version1 == version2)
    # Both versions must be set
@@ -27,4 +27,36 @@ class VersionCompare
    end
    return false
  end
  # Compares two version strings. Returns true if version1 < version2
  # and false otherwise
  #
  # @param [ String ] version1
  # @param [ String ] version2
  #
  # @return [ Boolean ]
  def self.lesser?(version1, version2)
    # Prepend a '0' if the version starts with a '.'
    version1 = prepend_zero(version1)
    version2 = prepend_zero(version2)
    return false if (version1 == version2)
    # Both versions must be set
    return false unless (version1 and version2)
    return false if (version1.empty? or version2.empty?)
    begin
      return true if (Gem::Version.new(version1) < Gem::Version.new(version2))
    rescue ArgumentError => e
      # Example: ArgumentError: Malformed version number string a
      return false if e.message =~ /Malformed version number string/
      raise
    end
    return false
  end
  # @return [ String ]
  def self.prepend_zero(version)
    return nil if version.nil?
    version[0,1] == '.' ? "0#{version}" : version
  end
 end
--- a/lib/environment.rb
+++ b/lib/environment.rb
@@ -3,8 +3,9 @@
 require 'rubygems'
 version = RUBY_VERSION.dup
-if Gem::Version.create(version) < Gem::Version.create(1.9)
+
-  puts "Ruby >= 1.9 required to run wpscan (You have #{version})"
+if Gem::Version.create(version) < Gem::Version.create(MIN_RUBY_VERSION)
  puts "Ruby >= #{MIN_RUBY_VERSION} required to run wpscan (You have #{version})"
  exit(1)
 end
@@ -13,25 +14,25 @@ Encoding.default_external = Encoding::UTF_8
 begin
  # Standard libs
  require 'readline'
  require 'bundler/setup' unless kali_linux?
  require 'getoptlong'
  require 'optparse' # Will replace getoptlong
  require 'uri'
  require 'time'
  require 'resolv'
  require 'xmlrpc/client'
  require 'digest/md5'
  require 'digest/sha1'
  require 'readline'
  require 'base64'
  require 'rbconfig'
  require 'pp'
  require 'shellwords'
  require 'fileutils'
  require 'pathname'
  require 'cgi'
  # Third party libs
  require 'typhoeus'
-  require 'json'
+  require 'yajl/json_gem'
  require 'nokogiri'
  require 'terminal-table'
  require 'ruby-progressbar'
--- a/lib/wpscan/web_site.rb
+++ b/lib/wpscan/web_site.rb
@@ -21,6 +21,29 @@ class WebSite
    @uri.to_s
  end
  # Checks if the remote website has ssl errors
  def ssl_error?
    return false unless @uri.scheme == 'https'
    c = get_root_path_return_code
    # http://www.rubydoc.info/github/typhoeus/ethon/Ethon/Easy:return_code
    return (
      c == :ssl_connect_error ||
      c == :peer_failed_verification ||
      c == :ssl_certproblem ||
      c == :ssl_cipher ||
      c == :ssl_cacert ||
      c == :ssl_cacert_badfile ||
      c == :ssl_issuer_error ||
      c == :ssl_crl_badfile ||
      c == :ssl_engine_setfailed ||
      c == :ssl_engine_notfound
    )
  end
  def get_root_path_return_code
    Browser.get(@uri.to_s).return_code
  end
  # Checks if the remote website is up.
  def online?
    Browser.get(@uri.to_s).code != 0
@@ -68,15 +91,18 @@ class WebSite
  end
  # Compute the MD5 of the page
-  # Comments are deleted from the page to avoid cache generation details
+  # Comments and scripts are deleted from the page to avoid cache generation details
  #
  # @param [ String, Typhoeus::Response ] page The url of the response of the page
  #
  # @return [ String ] The MD5 hash of the page
  def self.page_hash(page)
    page = Browser.get(page, { followlocation: true, cache_ttl: 0 }) unless page.is_a?(Typhoeus::Response)
-
+    # remove comments
-    Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
+    page = page.body.gsub(/<!--.*?-->/m, '')
    # remove javascript stuff
    page = page.gsub(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/m, '')
    Digest::MD5.hexdigest(page)
  end
  def homepage_hash
--- a/lib/wpscan/web_site/robots_txt.rb
+++ b/lib/wpscan/web_site/robots_txt.rb
@@ -28,6 +28,7 @@ class WebSite
      if entries
        entries.flatten!
        entries.compact.sort!
        entries.uniq!
        wordpress_path = @uri.path
        RobotsTxt.known_dirs.each do |d|
          entries.delete(d)
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -28,8 +28,13 @@ class WpTarget < WebSite
    @wp_content_dir = options[:wp_content_dir]
    @wp_plugins_dir = options[:wp_plugins_dir]
    @multisite      = nil
    @vhost = options[:vhost]
    Browser.instance.referer = url
    if @vhost
      Browser.instance.vhost = @vhost
    end
  end
  # check if the target website is
@@ -44,11 +49,7 @@ class WpTarget < WebSite
    fail "The target is responding with a 403, this might be due to a WAF or a plugin.\n" \
          'You should try to supply a valid user-agent via the --user-agent option or use the --random-agent option' if response.code == 403
-    if wp_content_dir
+    dir = wp_content_dir ? wp_content_dir : 'wp-content'
      dir = wp_content_dir
    else
      dir = 'wp-content'
    end
    if response.body =~ /["'][^"']*\/#{Regexp.escape(dir)}\/[^"']*["']/i
      wordpress = true
@@ -134,6 +135,11 @@ class WpTarget < WebSite
    @uri.merge("#{wp_content_dir}/uploads/").to_s
  end
  # @return [ String ]
  def includes_dir_url
    @uri.merge("wp-includes/").to_s
  end
  # Script for replacing strings in wordpress databases
  # reveals database credentials after hitting submit
  # http://interconnectit.com/124/search-and-replace-for-wordpress-databases/
@@ -149,7 +155,26 @@ class WpTarget < WebSite
    resp.code == 200 && resp.body[%r{by interconnect}i]
  end
  # Script used to recover locked out admin users
  # http://yoast.com/emergency-wordpress-access/
  # https://codex.wordpress.org/User:MichaelH/Orphaned_Plugins_needing_Adoption/Emergency
  #
  # @return [ String ]
  def emergency_url
    @uri.merge('emergency.php').to_s
  end
  # @return [ Boolean ]
  def emergency_exists?
    resp = Browser.get(emergency_url)
    resp.code == 200 && resp.body[%r{password}i]
  end
  def upload_directory_listing_enabled?
    directory_listing_enabled?(upload_dir_url)
  end
  def include_directory_listing_enabled?
    directory_listing_enabled?(includes_dir_url)
  end
 end
--- a/lib/wpscan/wp_target/wp_config_backup.rb
+++ b/lib/wpscan/wp_target/wp_config_backup.rb
@@ -14,7 +14,7 @@ class WpTarget < WebSite
      queue_count = 0
      backups.each do |file|
-        file_url = @uri.merge(URI.escape(file)).to_s
+        file_url = @uri.merge(url_encode(file)).to_s
        request = browser.forge_request(file_url)
        request.on_complete do |response|
@@ -40,7 +40,7 @@ class WpTarget < WebSite
    # @return [ Array ]
    def self.config_backup_files
      %w{
-        wp-config.php~ #wp-config.php# wp-config.php.save .wp-config.php.swp wp-config.php.swp wp-config.php.swo 
+        wp-config.php~ #wp-config.php# wp-config.php.save .wp-config.php.swp wp-config.php.swp wp-config.php.swo
        wp-config.php_bak wp-config.bak wp-config.php.bak wp-config.save wp-config.old wp-config.php.old
        wp-config.php.orig wp-config.orig wp-config.php.original wp-config.original wp-config.txt
      } # thanks to Feross.org for these
--- a/lib/wpscan/wp_target/wp_full_path_disclosure.rb
+++ b/lib/wpscan/wp_target/wp_full_path_disclosure.rb
@@ -2,24 +2,21 @@
 class WpTarget < WebSite
  module WpFullPathDisclosure
    # Check for Full Path Disclosure (FPD)
    #
    # @return [ Boolean ]
    def has_full_path_disclosure?
-      response = Browser.get(full_path_disclosure_url)
+      Browser.get(full_path_disclosure_url).body[%r/Fatal error/i] ? true : false
      response.body[%r{Fatal error}i] ? true : false
    end
    def full_path_disclosure_data
      return nil unless has_full_path_disclosure?
-      Browser.get(full_path_disclosure_url).body[%r{<b>([^<]+\.php)</b>}, 1]
+      Browser.get(full_path_disclosure_url).body[/Fatal error:.+? in (.+?) on/i, 1]
    end
    # @return [ String ]
    def full_path_disclosure_url
      @uri.merge('wp-includes/rss-functions.php').to_s
    end
  end
 end
--- a/lib/wpscan/wp_target/wp_must_use_plugins.rb
+++ b/lib/wpscan/wp_target/wp_must_use_plugins.rb
@@ -2,14 +2,13 @@
 class WpTarget < WebSite
  module WpMustUsePlugins
    # Checks to see if the must use plugin folder exists
    #
    # @return [ Boolean ]
    def has_must_use_plugins?
      response = Browser.get(must_use_url)
-      if response && WpTarget.valid_response_codes.include?(response.code)
+      if response && [200, 401, 403].include?(response.code)
        hash = WebSite.page_hash(response)
        return true if hash != error_404_hash && hash != homepage_hash
      end
@@ -21,6 +20,5 @@ class WpTarget < WebSite
    def must_use_url
      @uri.merge("#{wp_content_dir}/mu-plugins/").to_s
    end
  end
 end
--- a/lib/wpscan/wpscan_helper.rb
+++ b/lib/wpscan/wpscan_helper.rb
@@ -1,6 +1,6 @@
 # encoding: UTF-8
-require File.expand_path(File.dirname(__FILE__) + '/../common/common_helper')
+require File.expand_path(File.join(__dir__, '..', 'common', 'common_helper'))
 require_files_from_directory(WPSCAN_LIB_DIR, '**/*.rb')
@@ -62,7 +62,7 @@ def help
  puts
  puts 'Some values are settable in a config file, see the example.conf.json'
  puts
-  puts '--update                            Update to the database to the latest version.'
+  puts '--update                            Update the database to the latest version.'
  puts '--url       | -u <target url>       The WordPress URL/domain to scan.'
  puts '--force     | -f                    Forces WPScan to not check if the remote site is running WordPress.'
  puts '--enumerate | -e [option(s)]        Enumeration.'
@@ -84,12 +84,17 @@ def help
  puts '                                    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).'
  puts '--config-file  | -c <config file>   Use the specified config file, see the example.conf.json.'
  puts '--user-agent   | -a <User-Agent>    Use the specified User-Agent.'
-  puts '--cookie <String>                   String to read cookies from.'
+  puts '--cookie <string>                   String to read cookies from.'
  puts '--random-agent | -r                 Use a random User-Agent.'
  puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
  puts '--batch                             Never ask for user input, use the default behaviour.'
  puts '--no-color                          Do not use colors in the output.'
-  puts '--wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it.'
+  puts '--log [filename]                    Creates a log.txt file with WPScan\'s output if no filename is supplied. Otherwise the filename is used for logging.'
  puts '--no-banner                         Prevents the WPScan banner from being displayed.'
  puts '--disable-accept-header             Prevents WPScan sending the Accept HTTP header.'
  puts '--disable-referer                   Prevents setting the Referer header.'
  puts '--disable-tls-checks                Disables SSL/TLS certificate verification.'
  puts '--wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specify it.'
  puts '                                    Subdirectories are allowed.'
  puts '--wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.'
  puts '                                    If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
@@ -100,11 +105,13 @@ def help
  puts '--wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.'
  puts '--username | -U <username>          Only brute force the supplied username.'
  puts '--usernames     <path-to-file>      Only brute force the usernames from the file.'
-  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
+  puts '--cache-dir       <cache-directory> Set the cache directory.'
  puts '--cache-ttl       <cache-ttl>       Typhoeus cache TTL.'
  puts '--request-timeout <request-timeout> Request Timeout.'
  puts '--connect-timeout <connect-timeout> Connect Timeout.'
  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
  puts '--max-threads     <max-threads>     Maximum Threads.'
  puts '--throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.'
  puts '--help     | -h                     This help screen.'
  puts '--verbose  | -v                     Verbose output.'
  puts '--version                           Output the current version and exit.'
@@ -118,8 +125,14 @@ down                 = 0
@total_requests_done = 0
 Typhoeus.on_complete do |response|
  next if response.cached?
  down += 1 if response.code == 0
  @total_requests_done += 1
  fail 'The target seems to be down' if down >= 30
  next unless Browser.instance.throttle > 0
  sleep(Browser.instance.throttle)
 end
--- a/lib/wpscan/wpscan_options.rb
+++ b/lib/wpscan/wpscan_options.rb
@@ -1,7 +1,6 @@
 # encoding: UTF-8
 class WpscanOptions
  ACCESSOR_OPTIONS = [
    :batch,
    :enumerate_plugins,
@@ -19,6 +18,7 @@ class WpscanOptions
    :proxy_auth,
    :threads,
    :url,
    :vhost,
    :wordlist,
    :force,
    :update,
@@ -42,7 +42,12 @@ class WpscanOptions
    :request_timeout,
    :connect_timeout,
    :max_threads,
-    :no_banner
+    :no_banner,
    :throttle,
    :disable_accept_header,
    :disable_referer,
    :cache_dir,
    :disable_tls_checks
  ]
  attr_accessor *ACCESSOR_OPTIONS
@@ -61,12 +66,16 @@ class WpscanOptions
    @url = URI.parse(add_http_protocol(url)).to_s
  end
  def vhost=(vhost)
    @vhost = vhost
  end
  def threads=(threads)
    @threads = threads.is_a?(Integer) ? threads : threads.to_i
  end
  def wordlist=(wordlist)
-    if File.exists?(wordlist)
+    if File.exists?(wordlist) || wordlist == '-'
      @wordlist = wordlist
    else
      raise "The file #{wordlist} does not exist"
@@ -143,11 +152,6 @@ class WpscanOptions
    end
  end
  def basic_auth=(basic_auth)
    raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil?
    @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
  end
  def debug_output=(debug_output)
    Typhoeus::Config.verbose = debug_output
  end
@@ -203,7 +207,9 @@ class WpscanOptions
      enumerate_options_from_string(cli_value)
    else
-      raise "Unknow option : #{cli_option} with value #{cli_value}"
+      text = "Unknown option : #{cli_option}"
      text << " with value #{cli_value}" if (cli_value && !cli_value.empty?)
      raise text
    end
  end
@@ -246,6 +252,7 @@ class WpscanOptions
  def self.get_opt_long
    GetoptLong.new(
      ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT],
      ['--vhost',GetoptLong::OPTIONAL_ARGUMENT],
      ['--enumerate', '-e', GetoptLong::OPTIONAL_ARGUMENT],
      ['--username', '-U', GetoptLong::REQUIRED_ARGUMENT],
      ['--usernames', GetoptLong::REQUIRED_ARGUMENT],
@@ -274,8 +281,13 @@ class WpscanOptions
      ['--batch', GetoptLong::NO_ARGUMENT],
      ['--no-color', GetoptLong::NO_ARGUMENT],
      ['--cookie', GetoptLong::REQUIRED_ARGUMENT],
-      ['--log', GetoptLong::NO_ARGUMENT],
+      ['--log', GetoptLong::OPTIONAL_ARGUMENT],
-      ['--no-banner', GetoptLong::NO_ARGUMENT]
+      ['--no-banner', GetoptLong::NO_ARGUMENT],
      ['--throttle', GetoptLong::REQUIRED_ARGUMENT],
      ['--disable-accept-header', GetoptLong::NO_ARGUMENT],
      ['--disable-referer', GetoptLong::NO_ARGUMENT],
      ['--cache-dir', GetoptLong::REQUIRED_ARGUMENT],
      ['--disable-tls-checks', GetoptLong::NO_ARGUMENT],
    )
  end
--- a/spec/lib/common/browser_spec.rb
+++ b/spec/lib/common/browser_spec.rb
@@ -124,11 +124,10 @@ describe Browser do
  describe '#merge_request_params' do
    let(:params)              { {} }
    let(:cookie_jar)          { CACHE_DIR + '/browser/cookie-jar' }
    let(:user_agent)          { 'SomeUA' }
    let(:default_expectation) {
      {
        cache_ttl: 250,
        headers: { 'User-Agent' => 'SomeUA' },
        ssl_verifypeer: false, ssl_verifyhost: 0,
        cookiejar: cookie_jar, cookiefile: cookie_jar,
        timeout: 60, connecttimeout: 10,
        maxredirs: 3,
@@ -137,16 +136,25 @@ describe Browser do
    }
    after :each do
-      browser.user_agent = 'SomeUA'
+      browser.user_agent = user_agent
      browser.cache_ttl = 250
      expect(browser.merge_request_params(params)).to eq @expected
      expect(Typhoeus::Config.user_agent).to eq user_agent
    end
    it 'sets the User-Agent header field and cache_ttl' do
      @expected = default_expectation
    end
    context 'when @user_agent' do
      let(:user_agent) { 'test' }
      it 'sets the User-Agent' do
        @expected = default_expectation
      end
    end
    context 'when @proxy' do
      let(:proxy) { '127.0.0.1:9050' }
      let(:proxy_expectation) { default_expectation.merge(proxy: proxy) }
@@ -177,7 +185,7 @@ describe Browser do
      it 'appends the basic_auth' do
        browser.basic_auth  = 'user:pass'
        @expected           = default_expectation.merge(
-          headers: default_expectation[:headers].merge('Authorization' => 'Basic ' + Base64.encode64('user:pass').chomp)
+          headers: { 'Authorization' => 'Basic ' + Base64.encode64('user:pass').chomp }
        )
      end
    end
@@ -206,6 +214,13 @@ describe Browser do
        @expected = default_expectation.merge(cookie: cookie)
      end
    end
    context 'when @disable_tls_checks' do
      it 'disables tls checks' do
        browser.disable_tls_checks = true
        @expected = default_expectation.merge(ssl_verifypeer: 0, ssl_verifyhost: 0)
      end
    end
  end
  describe '#forge_request' do
--- a/spec/lib/common/collections/wp_items_spec.rb
+++ b/spec/lib/common/collections/wp_items_spec.rb
@@ -18,7 +18,7 @@ describe WpItems do
        vulnerable_targets_items: [ WpItem.new(uri, name: 'mr-smith'),
                                    WpItem.new(uri, name: 'neo')],
-        passive_detection: (1..13).reduce(WpItems.new) { |o, i| o << WpItem.new(uri, name: "detect-me-#{i}") }
+        passive_detection: (1..15).reduce(WpItems.new) { |o, i| o << WpItem.new(uri, name: "detect-me-#{i}") }
      }
    end
  end
--- a/spec/lib/common/collections/wp_plugins/detectable_spec.rb
+++ b/spec/lib/common/collections/wp_plugins/detectable_spec.rb
@@ -100,6 +100,13 @@ describe 'WpPlugins::Detectable' do
          expected.add('all-in-one-seo-pack', version: '2.0.3.1')
        end
      end
      context 'when google-universal-analytics detected' do
        it 'returns google-universal-analytics' do
          @body = '<!-- Google Universal Analytics for WordPress v2.4.2 -->'
          expected.add('google-universal-analytics', version: '2.4.2')
        end
      end
    end
  end
--- a/spec/lib/common/collections/wp_plugins_spec.rb
+++ b/spec/lib/common/collections/wp_plugins_spec.rb
@@ -11,7 +11,7 @@ describe WpPlugins do
    let(:expected) do
      {
        request_params:                   { cache_ttl: 0, followlocation: true },
-        vulns_file:                       PLUGINS_VULNS_FILE,
+        vulns_file:                       PLUGINS_FILE,
        targets_items_from_file:          [ WpPlugin.new(uri, name: 'plugin1'),
                                            WpPlugin.new(uri, name:'plugin-2'),
                                            WpPlugin.new(uri, name: 'mr-smith')],
--- a/spec/lib/common/collections/wp_themes_spec.rb
+++ b/spec/lib/common/collections/wp_themes_spec.rb
@@ -13,7 +13,7 @@ describe WpThemes do
    let(:expected) do
      {
        request_params:                  { cache_ttl: 0, followlocation: true },
-        vulns_file:                      THEMES_VULNS_FILE,
+        vulns_file:                      THEMES_FILE,
        targets_items_from_file:         [ WpTheme.new(uri, name: '3colours'),
                                           WpTheme.new(uri, name:'42k'),
                                           WpTheme.new(uri, name: 'a-ri')],
--- a/spec/lib/common/collections/wp_timthumbs/detectable_spec.rb
+++ b/spec/lib/common/collections/wp_timthumbs/detectable_spec.rb
@@ -26,10 +26,10 @@ describe 'WpTimthumbs::Detectable' do
  def expected_targets_from_theme(theme_name)
    expected = []
-    %w{
+    %w(
      timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
-      scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+      scripts/timthumb.php tools/timthumb.php functions/timthumb.php thumb.php
-    }.each do |file|
+    ).each do |file|
      path = "$wp-content$/themes/#{theme_name}/#{file}"
      expected << WpTimthumb.new(uri, path: path)
    end
@@ -46,7 +46,7 @@ describe 'WpTimthumbs::Detectable' do
    after do
      targets = subject.send(:targets_items_from_file, file, wp_target)
-      expect(targets.map { |t| t.url }).to eq @expected.map { |t| t.url }
+      expect(targets.map(&:url)).to eq @expected.map(&:url)
    end
    context 'when an empty file' do
@@ -71,7 +71,7 @@ describe 'WpTimthumbs::Detectable' do
      theme   = 'hello-world'
      targets = subject.send(:theme_timthumbs, theme, wp_target)
-      expect(targets.map { |t| t.url }).to eq expected_targets_from_theme(theme).map { |t| t.url }
+      expect(targets.map(&:url)).to eq expected_targets_from_theme(theme).map(&:url)
    end
  end
@@ -81,7 +81,7 @@ describe 'WpTimthumbs::Detectable' do
    after do
      targets = subject.send(:targets_items, wp_target, options)
-      expect(targets.map { |t| t.url }).to eq @expected.sort.map { |t| t.url }
+      expect(targets.map(&:url)).to match_array(@expected.map(&:url))
    end
    context 'when no :theme_name' do
@@ -101,7 +101,7 @@ describe 'WpTimthumbs::Detectable' do
    end
    context 'when :theme_name' do
-      let(:theme)   { 'theme-name'}
+      let(:theme) { 'theme-name' }
      context 'when no :file' do
        let(:options) { { theme_name: theme } }
--- a/spec/lib/common/models/wp_item_spec.rb
+++ b/spec/lib/common/models/wp_item_spec.rb
@@ -11,11 +11,11 @@ describe WpItem do
  end
  it_behaves_like 'WpItem::Versionable'
  it_behaves_like 'WpItem::Vulnerable' do
-    let(:vulns_file)     { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' }
+    let(:db_file)       { MODELS_FIXTURES + '/wp_item/vulnerable/items_vulns.json' }
    let(:identifier)    { 'neo' }
    let(:expected_refs)  { {
        'id'  => [2993],
-        'url' => ['Ref 1,Ref 2'],
+        'url' => ['Ref 1', 'Ref 2'],
        'cve' => ['2011-001'],
        'secunia' => ['secunia'],
        'osvdb' => ['osvdb'],
@@ -105,11 +105,6 @@ describe WpItem do
        @expected = 'plugins/readme.txt'
      end
    end
    it 'also encodes chars' do
      @path     = 'some dir with spaces'
      @expected = 'some%20dir%20with%20spaces'
    end
  end
  describe '#uri' do
--- a/spec/lib/common/models/wp_plugin_spec.rb
+++ b/spec/lib/common/models/wp_plugin_spec.rb
@@ -5,11 +5,11 @@ require 'spec_helper'
 describe WpPlugin do
  it_behaves_like 'WpPlugin::Vulnerable'
  it_behaves_like 'WpItem::Vulnerable' do
-    let(:options)        { { name: 'white-rabbit' } }
+    let(:options) { { name: 'white-rabbit' } }
-    let(:vulns_file)     { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' }
+    let(:db_file) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins.json' }
    let(:expected_refs)  { {
        'id'  => [2993],
-        'url' => ['Ref 1,Ref 2'],
+        'url' => ['Ref 1', 'Ref 2'],
        'cve' => ['2011-001'],
        'secunia' => ['secunia'],
        'osvdb' => ['osvdb'],
--- a/spec/lib/common/models/wp_theme_spec.rb
+++ b/spec/lib/common/models/wp_theme_spec.rb
@@ -7,10 +7,10 @@ describe WpTheme do
  it_behaves_like 'WpTheme::Vulnerable'
  it_behaves_like 'WpItem::Vulnerable' do
    let(:options)        { { name: 'the-oracle' } }
-    let(:vulns_file)     { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
+    let(:db_file)     { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
    let(:expected_refs)  { {
        'id' => [2993],
-        'url' => ['Ref 1,Ref 2'],
+        'url' => ['Ref 1', 'Ref 2'],
        'cve' => ['2011-001'],
        'secunia' => ['secunia'],
        'osvdb' => ['osvdb'],
--- a/spec/lib/common/models/wp_version/findable_spec.rb
+++ b/spec/lib/common/models/wp_version/findable_spec.rb
@@ -65,6 +65,11 @@ describe 'WpVersion::Findable' do
          @fixture  = '/3.5_minified.html'
          @expected = '3.5'
        end
        it 'returns 3.5.1' do
          @fixture  = '/3.5.1_mobile.html'
          @expected = '3.5.1'
        end
      end
    end
@@ -154,6 +159,22 @@ describe 'WpVersion::Findable' do
    end
  end
  describe '::find_from_stylesheets_numbers' do
    after do
      fixture = fixtures_dir + 'stylesheet_numbers' + @fixture
      stub_request_to_fixture(url: uri, fixture: fixture)
      expect(WpVersion.send(:find_from_stylesheets_numbers, uri)).to eq @expected
    end
    context 'invalid url' do
      it 'returns nil' do
        @fixture = '/invalid_url.html'
        @expected = nil
      end
    end
  end
  describe '::find' do
    # Stub all WpVersion::find_from_* to return nil
    def stub_all_to_nil
--- a/spec/lib/common/models/wp_version_spec.rb
+++ b/spec/lib/common/models/wp_version_spec.rb
@@ -4,20 +4,6 @@ require 'spec_helper'
 describe WpVersion do
  it_behaves_like 'WpVersion::Vulnerable'
  it_behaves_like 'WpItem::Vulnerable' do
    let(:options)        { { number: '3.2' } }
    let(:vulns_file)     { MODELS_FIXTURES + '/wp_version/vulnerable/versions_vulns.json' }
    let(:expected_refs)  { {
        'id' => [2993],
        'url' => ['Ref 1,Ref 2'],
        'cve' => ['2011-001'],
        'secunia' => ['secunia'],
        'osvdb' => ['osvdb'],
        'metasploit' => ['exploit/ex1'],
        'exploitdb' => ['exploitdb']
    } }
    let(:expected_vulns) { Vulnerabilities.new << Vulnerability.new('Here I Am', 'SQLI', expected_refs) }
  end
  subject(:wp_version) { WpVersion.new(uri, options) }
  let(:uri)            { URI.parse('http://example.com/') }
--- a/spec/lib/common/version_compare_spec.rb
+++ b/spec/lib/common/version_compare_spec.rb
@@ -121,4 +121,127 @@ describe 'VersionCompare' do
    end
  end
  describe '::lesser?' do
    context 'version checked is newer' do
      after { expect(VersionCompare::lesser?(@version1, @version2)).to be_truthy }
      it 'returns true' do
        @version1 = '1.0'
        @version2 = '2.0'
      end
      it 'returns true' do
        @version1 = '1.0'
        @version2 = '1.1'
      end
      it 'returns true' do
        @version1 = '1.0a'
        @version2 = '1.0b'
      end
      it 'returns true' do
        @version1 = '1.0'
        @version2 = '5000000'
      end
      it 'returns true' do
        @version1 = '0'
        @version2 = '1'
      end
      it 'returns true' do
        @version1 = '0.4.2b'
        @version2 = '2.3.3'
      end
      it 'returns true' do
        @version1 = '.47'
        @version2 = '.50.3'
      end
      it 'returns true' do
        @version1 = '2.5.9'
        @version2 = '2.5.10'
      end
    end
    context 'version checked is older' do
      after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey }
      it 'returns false' do
        @version1 = '1'
        @version2 = '0'
      end
      it 'returns false' do
        @version1 = '1.0'
        @version2 = '0.5'
      end
      it 'returns false' do
        @version1 = '500000'
        @version2 = '1'
      end
      it 'returns false' do
        @version1 = '1.6.3.7.3.4'
        @version2 = '1.2.4.567.679.8.e'
      end
      it 'returns false' do
        @version1 = '.47'
        @version2 = '.46.3'
      end
    end
    context 'version checked is the same' do
      after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey }
      it 'returns true' do
        @version1 = '1'
        @version2 = '1'
      end
      it 'returns true' do
        @version1 = 'a'
        @version2 = 'a'
      end
    end
    context 'version number causes Gem::Version new Exception' do
      after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey }
      it 'returns false' do
        @version1 = 'a'
        @version2 = 'b'
      end
    end
    context 'one version number is not set' do
      after { expect(VersionCompare::lesser?(@version1, @version2)).to be_falsey }
      it 'returns false (version2 nil)' do
        @version1 = '1'
        @version2 = nil
      end
      it 'returns false (version1 nil)' do
        @version1 = nil
        @version2 = '1'
      end
      it 'returns false (version2 empty)' do
        @version1 = '1'
        @version2 = ''
      end
      it 'returns false (version1 empty)' do
        @version1 = ''
        @version2 = '1'
      end
    end
  end
 end
--- a/spec/lib/wpscan/web_site_spec.rb
+++ b/spec/lib/wpscan/web_site_spec.rb
@@ -176,6 +176,17 @@ describe 'WebSite' do
        @expected = "yolo\n\n\nworld!"
      end
    end
    context 'when there are scripts' do
      let(:page) {
        body = "yolo\n\n<script type=\"text/javascript\">alert('Hi');</script>\nworld!"
        Typhoeus::Response.new(body: body)
      }
      it 'removes them' do
        @expected = "yolo\n\n\nworld!"
      end
    end
  end
  describe '#homepage_hash' do
--- a/spec/lib/wpscan/wp_target_spec.rb
+++ b/spec/lib/wpscan/wp_target_spec.rb
@@ -1,6 +1,6 @@
 # encoding: UTF-8
-require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
+require File.expand_path(File.join(__dir__, 'wpscan_helper'))
 describe WpTarget do
  subject(:wp_target) { WpTarget.new(target_url, options) }
@@ -192,4 +192,27 @@ describe WpTarget do
    end
  end
  describe '#emergency_url' do
    it 'returns the correct url' do
      expect(wp_target.emergency_url).to eq 'http://example.localhost/emergency.php'
    end
  end
  describe '#emergency_exists?' do
    it 'returns true' do
      stub_request(:any, wp_target.emergency_url).to_return(status: 200, body: 'enter your password here')
      expect(wp_target.emergency_exists?).to be_truthy
    end
    it 'returns false' do
      stub_request(:any, wp_target.emergency_url).to_return(status: 500)
      expect(wp_target.emergency_exists?).to be_falsey
    end
    it 'returns false' do
      stub_request(:any, wp_target.emergency_url).to_return(status: 500, body: 'enter your password here')
      expect(wp_target.emergency_exists?).to be_falsey
    end
  end
 end
--- a/spec/lib/wpscan/wpscan_options_spec.rb
+++ b/spec/lib/wpscan/wpscan_options_spec.rb
@@ -1,6 +1,6 @@
 # encoding: UTF-8
-require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
+require File.expand_path(File.join(__dir__, 'wpscan_helper'))
 describe 'WpscanOptions' do
@@ -186,23 +186,6 @@ describe 'WpscanOptions' do
    end
  end
  describe '#basic_auth=' do
    context 'invalid format' do
      it 'should raise an error if the : is missing' do
        expect { @wpscan_options.basic_auth = 'helloworld' }.to raise_error(
          RuntimeError, 'Invalid basic authentication format, login:password expected'
        )
      end
    end
    context 'valid format' do
      it "should add the 'Basic' word and do the encode64. See RFC 2617" do
        @wpscan_options.basic_auth = 'Aladdin:open sesame'
        expect(@wpscan_options.basic_auth).to eq 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
      end
    end
  end
  describe '#has_options?' do
    it 'should return false' do
      expect(@wpscan_options.has_options?).to be_falsey
--- a/spec/samples/common/collections/wp_items/detectable/passive_detection.html
+++ b/spec/samples/common/collections/wp_items/detectable/passive_detection.html
@@ -19,6 +19,8 @@
  <script type='text/javascript' src='//wp-content/items/detect-me-5/main.js'></script>
  <link rel='stylesheet' id='ai1ec_style-css'  href='//example.com/wp-content/items/detect-me-15/test.css' type='text/css' media='all' />
  <style type="text/css">
    #fancybox-loading.fancybox-ie div {
      background: transparent;
@@ -32,6 +34,7 @@
    @import url('/wp-content/items/detect-me-8/css/datatables.css?ver=1.9.4');
    @import url(/wp-content/items/detect-me-9/css/datatables.css?ver=1.9.4);
    @import url(//wp-content/items/detect-me-10/css/datatables.css?ver=1.9.4);
    @import url(//example.com/wp-content/items/detect-me-14/css/datatables.css?ver=1.9.4);
    /* ]]> */
  </style>
--- a/spec/samples/common/collections/wp_items/detectable/vulns.json
+++ b/spec/samples/common/collections/wp_items/detectable/vulns.json
@@ -1,58 +1,64 @@
-[
+{
-   {
+   "mr-smith": {
-      "mr-smith":{
+      "vulnerabilities":[
-         "vulnerabilities":[
+         {
-            {
+            "id":2989,
-               "id":2989,
+            "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
-               "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
+            "references": {
-               "references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
+               "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:43:41.000Z"
            },
-            {
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "id":2990,
+            "updated_at":"2014-07-28T12:43:41.000Z"
-               "title":"Potential Authentication Cookie Forgery",
+         },
-               "references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
+         {
            "id":2990,
            "title":"Potential Authentication Cookie Forgery",
            "references": {
               "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
               "osvdb":"105620",
-               "cve":"2014-0166",
+               "cve":"2014-0166"
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:10:07.000Z",
               "fixed_in":"3.8.2"
            },
-            {
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "id":2991,
+            "updated_at":"2014-07-28T12:10:07.000Z",
-               "title":"Privilege escalation: contributors publishing posts",
+            "fixed_in":"3.8.2"
-               "references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
+         },
         {
            "id":2991,
            "title":"Privilege escalation: contributors publishing posts",
            "references": {
               "url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
               "osvdb":"105630",
-               "cve":"2014-0165",
+               "cve":"2014-0165"
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:10:07.000Z",
               "fixed_in":"3.8.2"
            },
-            {
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "id":2992,
+            "updated_at":"2014-07-28T12:10:07.000Z",
-               "title":"Plupload Unspecified XSS",
+            "fixed_in":"3.8.2"
         },
         {
            "id":2992,
            "title":"Plupload Unspecified XSS",
            "references": {
               "osvdb":"105622",
-               "secunia":"57769",
+               "secunia":"57769"
-               "created_at":"2014-07-28T12:10:07.000Z",
+            },
-               "updated_at":"2014-07-28T12:10:07.000Z",
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "fixed_in":"3.8.2"
+            "updated_at":"2014-07-28T12:10:07.000Z",
-            }
+            "fixed_in":"3.8.2"
-         ]
+         }
-      }
+      ]
   },
-   {
+   "neo": {
-      "neo":{
+      "vulnerabilities":[
-         "vulnerabilities":[
+         {
-            {
+            "id":2993,
-               "id":2993,
+            "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
-               "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
+            "references": {
-               "references":"http://seclists.org/fulldisclosure/2013/Dec/135",
+               "url": "http://seclists.org/fulldisclosure/2013/Dec/135",
-               "osvdb":"101101",
+               "osvdb":"101101"
-               "created_at":"2014-07-28T12:10:07.000Z",
+             },
-               "updated_at":"2014-07-28T12:10:07.000Z"
+            "created_at":"2014-07-28T12:10:07.000Z",
-            }
+            "updated_at":"2014-07-28T12:10:07.000Z"
-         ]
+         }
-      }
+      ]
   }
-]
+}
--- a/spec/samples/common/collections/wp_plugins/detectable/vulns.json
+++ b/spec/samples/common/collections/wp_plugins/detectable/vulns.json
@@ -1,58 +1,64 @@
-[
+{
-   {
+   "mr-smith": {
-      "mr-smith":{
+      "vulnerabilities":[
-         "vulnerabilities":[
+         {
-            {
+            "id":2989,
-               "id":2989,
+            "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
-               "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
+            "references": {
-               "references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
+              "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:43:41.000Z"
            },
-            {
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "id":2990,
+            "updated_at":"2014-07-28T12:43:41.000Z"
-               "title":"Potential Authentication Cookie Forgery",
+         },
-               "references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
+         {
-               "osvdb":"105620",
+            "id":2990,
-               "cve":"2014-0166",
+            "title":"Potential Authentication Cookie Forgery",
-               "created_at":"2014-07-28T12:10:07.000Z",
+            "references": {
-               "updated_at":"2014-07-28T12:10:07.000Z",
+              "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be"
               "fixed_in":"3.8.2"
            },
-            {
+            "osvdb":"105620",
-               "id":2991,
+            "cve":"2014-0166",
-               "title":"Privilege escalation: contributors publishing posts",
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
+            "updated_at":"2014-07-28T12:10:07.000Z",
            "fixed_in":"3.8.2"
         },
         {
            "id":2991,
            "title":"Privilege escalation: contributors publishing posts",
            "references": {
               "url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
               "osvdb":"105630",
-               "cve":"2014-0165",
+               "cve":"2014-0165"
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:10:07.000Z",
               "fixed_in":"3.8.2"
            },
-            {
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "id":2992,
+            "updated_at":"2014-07-28T12:10:07.000Z",
-               "title":"Plupload Unspecified XSS",
+            "fixed_in":"3.8.2"
         },
         {
            "id":2992,
            "title":"Plupload Unspecified XSS",
            "references": {
               "osvdb":"105622",
-               "secunia":"57769",
+               "secunia":"57769"
-               "created_at":"2014-07-28T12:10:07.000Z",
+             },
-               "updated_at":"2014-07-28T12:10:07.000Z",
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "fixed_in":"3.8.2"
+            "updated_at":"2014-07-28T12:10:07.000Z",
-            }
+            "fixed_in":"3.8.2"
-         ]
+         }
-      }
+      ]
   },
-   {
+   "neo": {
-      "neo":{
+      "vulnerabilities":[
-         "vulnerabilities":[
+         {
-            {
+            "id":2993,
-               "id":2993,
+            "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
-               "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
+            "references": {
-               "references":"http://seclists.org/fulldisclosure/2013/Dec/135",
+               "url": "http://seclists.org/fulldisclosure/2013/Dec/135",
-               "osvdb":"101101",
+                "osvdb":"101101"
-               "created_at":"2014-07-28T12:10:07.000Z",
+            },
-               "updated_at":"2014-07-28T12:10:07.000Z"
+            "created_at":"2014-07-28T12:10:07.000Z",
-            }
+            "updated_at":"2014-07-28T12:10:07.000Z"
-         ]
+         }
-      }
+      ]
   }
-]
+}
--- a/spec/samples/common/collections/wp_themes/detectable/vulns.json
+++ b/spec/samples/common/collections/wp_themes/detectable/vulns.json
@@ -1,58 +1,65 @@
-[
+{
-   {
+   "shopperpress": {
-      "shopperpress":{
+      "vulnerabilities":[
-         "vulnerabilities":[
+         {
-            {
+            "id":2989,
-               "id":2989,
+            "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
-               "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
+            "references": {
-               "references":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
+              "url": "https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com"
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:43:41.000Z"
            },
-            {
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "id":2990,
+            "updated_at":"2014-07-28T12:43:41.000Z"
-               "title":"Potential Authentication Cookie Forgery",
+         },
-               "references":"https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
+         {
-               "osvdb":"105620",
+            "id":2990,
-               "cve":"2014-0166",
+            "title":"Potential Authentication Cookie Forgery",
-               "created_at":"2014-07-28T12:10:07.000Z",
+            "references": {
-               "updated_at":"2014-07-28T12:10:07.000Z",
+               "url": "https://labs.mwrinfosecurity.com/blog/2014/04/11/wordpress-auth-cookie-forgery/,https://github.com/WordPress/WordPress/commit/78a915e0e5927cf413aa6c2cef2fca3dc587f8be",
-               "fixed_in":"3.8.2"
+                "osvdb":"105620",
                "cve":"2014-0166"
            },
-            {
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "id":2991,
+            "updated_at":"2014-07-28T12:10:07.000Z",
-               "title":"Privilege escalation: contributors publishing posts",
+            "fixed_in":"3.8.2"
-               "references":"https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
+         },
-               "osvdb":"105630",
+         {
-               "cve":"2014-0165",
+            "id":2991,
-               "created_at":"2014-07-28T12:10:07.000Z",
+            "title":"Privilege escalation: contributors publishing posts",
-               "updated_at":"2014-07-28T12:10:07.000Z",
+            "references": {
-               "fixed_in":"3.8.2"
+               "url": "https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165",
                "osvdb":"105630",
                "cve":"2014-0165"
            },
-            {
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "id":2992,
+            "updated_at":"2014-07-28T12:10:07.000Z",
-               "title":"Plupload Unspecified XSS",
+            "fixed_in":"3.8.2"
         },
         {
            "id":2992,
            "title":"Plupload Unspecified XSS",
            "references": {
               "osvdb":"105622",
-               "secunia":"57769",
+               "secunia":"57769"
-               "created_at":"2014-07-28T12:10:07.000Z",
+             },
-               "updated_at":"2014-07-28T12:10:07.000Z",
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "fixed_in":"3.8.2"
+            "updated_at":"2014-07-28T12:10:07.000Z",
-            }
+            "fixed_in":"3.8.2"
-         ]
+         }
-      }
+      ]
   },
-   {
+   "webfolio": {
-      "webfolio":{
+      "vulnerabilities":[
-         "vulnerabilities":[
+         {
-            {
+            "id":2993,
-               "id":2993,
+            "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
-               "title":"wp-admin/options-writing.php Cleartext Admin Credentials Disclosure",
+            "references": {
-               "references":"http://seclists.org/fulldisclosure/2013/Dec/135",
+               "url": "http://seclists.org/fulldisclosure/2013/Dec/135",
-               "osvdb":"101101",
+               "osvdb":"101101"
-               "created_at":"2014-07-28T12:10:07.000Z",
+            },
-               "updated_at":"2014-07-28T12:10:07.000Z"
+            "created_at":"2014-07-28T12:10:07.000Z",
-            }
+            "updated_at":"2014-07-28T12:10:07.000Z"
-         ]
+         }
-      }
+      ]
   }
-]
+}
--- a/spec/samples/common/models/vulnerability/json_item.json
+++ b/spec/samples/common/models/vulnerability/json_item.json
@@ -1,12 +1,14 @@
 {
   "id": "3911",
   "title": "Vuln Title",
-   "url": "Ref 1,Ref 2",
+   "references":{
-   "secunia": "secunia",
+      "url": "Ref 1,Ref 2",
-   "osvdb": "osvdb",
+      "secunia": "secunia",
-   "cve": "2011-001",
+      "osvdb": "osvdb",
-   "metasploit": "exploit/ex1",
+      "cve": "2011-001",
-   "exploitdb": "exploitdb",
+      "metasploit": "exploit/ex1",
      "exploitdb": "exploitdb"
   },
   "created_at": "2014-07-28T12:10:45.000Z",
   "updated_at": "2014-07-28T12:10:45.000Z",
   "type": "CSRF",
--- a/spec/samples/common/models/wp_item/error_log
+++ b/spec/samples/common/models/wp_item/error_log
--- a/spec/samples/common/models/wp_item/versionable/simple-login-lockdown-0.4.txt
+++ b/spec/samples/common/models/wp_item/versionable/simple-login-lockdown-0.4.txt
--- a/spec/samples/common/models/wp_item/versionable/trunk-version.txt
+++ b/spec/samples/common/models/wp_item/versionable/trunk-version.txt
--- a/spec/samples/common/models/wp_item/versionable/wp-maintenance-mode.txt
+++ b/spec/samples/common/models/wp_item/versionable/wp-maintenance-mode.txt
@@ -0,0 +1,413 @@
 === WP Maintenance Mode ===
 Contributors: Designmodo, GeorgeJipa
 Plugin Name: WP Maintenance Mode
 Plugin URI: http://designmodo.com/
 Author: Designmodo
 Author URI: http://designmodo.com/
 Tags: maintenance mode, admin, administration, unavailable, coming soon, multisite, landing page, under construction, contact form, subscribe, countdown
 Requires at least: 3.5
 Tested up to: 4.7
 License: GPL-2.0+
 Adds a splash page to your site that lets visitors know your site is down for maintenance. It's perfect for a coming soon page.
 == Description ==
 Add a maintenance page to your blog that lets visitors know your blog is down for maintenance, or add a coming soon page for a new website. User with admin rights gets full access to the blog including the front end.
 Activate the plugin and your blog is in maintenance-mode, works and only registered users with enough rights can see the front end. You can use a date with a countdown timer for visitor information or set a value and unit for information.
 Also works with WordPress Multisite installs (each blog from the network has it's own maintenance settings).
 = Features =
 * Fully customizable (change colors, texts and backgrounds);
 * Subscription form (export emails to .csv file);
 * Countdown timer (remaining time);
 * Contact form (receive emails from visitors);
 * Coming soon page;
 * Landing page templates;
 * WordPress multisite;
 * Responsive design;
 * Social media icons;
 * Works with any WordPress theme;
 * SEO options;
 * Exclude URLs from maintenance.
 = Bugs, technical hints or contribute =
 Please give us feedback, contribute and file technical bugs on [GitHub Repo](https://github.com/Designmodocom/WP-Maintenance-Mode).
 = Credits =
 Developed by [Designmodo](http://designmodo.com) & [StrictThemes â€“ WordPress Themes](http://strictthemes.com/)
 == Installation ==
 1. Unpack the download package
 2. Upload all files to the `/wp-content/plugins/` directory, include folders
 3. Activate the plugin through the 'Plugins' menu in WordPress
 4. Go to `Settings` page, where you can change what settings you need (pay attention to **Exclude** option!)
 == Screenshots ==
 1. Maintenance Mode example
 2. Maintenance Mode example #2
 3. Contact form
 4. Dashboard General settings
 5. Dashboard Design settings
 6. Dashboard Modules settings
 == Frequently Asked Questions ==
 = How to use plugin filters =
 See [GitHub Repo] (https://github.com/Designmodocom/WP-Maintenance-Mode) FAQ.
 = Cache Plugin Support =
 WP Maintenance Mode can be unstable due the cache plugins, we recommend to deactivate any cache plugin when maintenance mode is active.
 = Exclude list =
 If you change your login url, please add the new slug (url: http://domain.com/newlogin, then you should add: newlogin) to Exclude list from plugin settings -> General Tab.
 == Changelog ==
 = 2.0.9 (29/11/2016) =
 * new hook (`wpmm_after_body`) in maintenance mode template (thanks @ [KarolÃna VyskoÄilovÃ¡](https://github.com/vyskoczilova))
 * pt_PT (portuguese) language update (thanks @ [Pedro MendonÃ§a](https://github.com/pedro-mendonca))
 * maintenance mode template can also be loaded from theme/child-theme folder (thanks @ [Florian Tiar](https://github.com/Mahjouba91) and [Lachlan Heywood](https://github.com/lachieh))
 * new hooks for contact form (if you want to add new fields): `wpmm_contact_form_start`, `wpmm_contact_form_before_message`, `wpmm_contact_form_after_message`, `wpmm_contact_form_end`
 * new hook for contact form validation (if you want to validate new fields): `wpmm_contact_validation`
 * new hooks for contact form template (if you want to display new fields): `wpmm_contact_template_start`, `wpmm_contact_template_before_message`, `wpmm_contact_template_after_message`, `wpmm_contact_template_end`
 * some javascript improvements
 * small css fix for contact form (thanks @ [frontenddev](https://wordpress.org/support/topic/please-fix-modal-window-of-contact-form/))
 = 2.0.8 (09/09/2016) =
 * add wp_scripts() function (in helpers.php) to maintain backward compatibility (for those with WP < 4.2.0)
 * css fix for subscribe button on maintenance page
 * fix multisite administrator access issue
 * pt_PT (portuguese) language update (thanks @ Pedro MendonÃ§a)
 * new hooks for Contact module: `wpmm_contact_template`, `wpmm_contact_subject`, `wpmm_contact_headers`
 * jQuery (google cdn) path fix when SCRIPT_DEBUG is true
 = 2.0.7 (06/07/2016) =
 * reset_settings _wpnonce check (thanks # Wordfence)
 * modules > google analytics code sanitization (thanks @ Wordfence)
 * move sidebar banners from our servers to plugin folder... as WordPress staff requested
 * Subscribe button error on Mobile version (thanks @ HostÃlio Thumbo)
 * replace $wp_scripts global with wp_scripts() function
 * de_DE language file update (thanks @ tt22tt)
 = 2.0.6 (20/06/2016) =
 * notifications update
 * languages update
 = 2.0.5 (17/06/2016) =
 * roles (array) fix
 = 2.0.4 (17/06/2016) =
 * fixed issue: responsive subscribe form
 * fixed issue: jQuery was loaded from a different folder on some WP installations
 * fixed issue: errors after update (strstr on empty strings because of saving empty lines on exclude list)
 * fixed issue: if "Redirection" from "General" tab is active, also redirects ajax calls
 * fixed issue: settings page title was wrong placed
 * "contact" feature update - nice email template + reply-to email header
 * refactoring for some methods
 * all assets are now minified
 * rewrite count db records function (used on subscribers count)
 * compatible with https://github.com/afragen/github-updater
 * compatible with wp-cli http://wp-cli.org/
 * improved responsivity
 * improved roles access; now you can set multiple roles (editor, author, subscriber, contributor) and administrator will always have access to backend and frontend
 * it_IT translation by benedettogit (https://github.com/benedettogit)
 * updated all language files (need help for 100% translation)
 = 2.0.3 (07/10/2014) =
 * WP_Super_Cache issue was fixed
 * fixed "Subscribe" button issue on Safari mobile
 * fixed color of subscribe-success message (same color as subscribe_text)
 * "Social networks" module edits: settings for links target + a new social network: linkedin
 * new module "Google Analytics"
 * loginform shortcode reintroduced
 * dashboard link on maintenance page reintroduced
 * the content editor accepts new css inline properties: min-height, max-height, min-width, max-width. Use them wisely! :)
 * Settings & sidebar view + old translation files edited
 * Update from old version 1.x to 2.x issue was fixed
 * Translate on activation issue was fixed
 * de_DE translation by Frank BÃ¼ltge (http://bueltge.github.io/)
 * pt_PT translation (100% translated) by Pedro MendonÃ§a (http://www.pedromendonca.pt)
 * ru_RU translation (100% translated) by affectiosus (https://github.com/affectiosus)
 * nl_NL translation by dhunink (https://github.com/dhunink)
 * es_ES translation (100% translated) by Erick Ruiz de Chavez (http://erickruizdechavez.com/)
 * fr_FR translation by Florian TIAR (https://github.com/Mahjouba91)
 * pt_BR translation by Jonatas AraÃºjo (http://www.designworld.com.br/)
 * sv_SE translation by AndrÃ©as Lundgren (http://adevade.com/)
 = 2.0.2 (04/09/2014) =
 * Removed "Author Link" option from General
 * Countdown - save details fix
 = 2.0.1 (02/09/2014) =
 * Reintroduced some deprecated actions from old version (but still available in next 4 releases, after that will be removed) and replaced with new ones:
 - `wm_head` -> `wpmm_head`
 - `wm_footer` -> `wpmm_footer`
 * Multisite settings link fix
 * WP_Maintenance_Mode: init (array checking for custom_css arrays, move delete cache part into a helper, etc.), add_subscriber, send_contact, redirect fixes & optimizations
 * WP_Maintenance_Mode_Admin: save_plugin_settings fixes, delete_cache (new method)
 * Settings & Maintenance views fixes
 * Readme.txt changes
 = 2.0.0 (01/09/2014) =
 * Changed design and functionality, new features
 * Changed multisite behaviour: now you can activate maintenance individually (each blog from the network has it's own maintenance settings)
 * Removed actions: `wm_header`, `wm_footer`, `wm_content`
 * Removed filters: `wm_header`
 * Removed [loginform] shortcode
 * Some filters are deprecated (but still available in next 4 releases, after that will be removed) and replaced with new ones:
 - `wm_heading` -> `wpmm_heading`,
 - `wp_maintenance_mode_status_code` -> `wpmm_status_code`
 - `wm_title` -> `wpmm_meta_title`
 - `wm_meta_author` -> `wpmm_meta_author`
 - `wm_meta_description` -> `wpmm_meta_description`
 - `wm_meta_keywords` -> `wpmm_meta_keywords`
 * Added new filters:
 - `wpmm_backtime` - can be used to change the backtime from page header
 - `wpmm_meta_robots` - can be used to change `Robots Meta Tag` option (from General)
 - `wpmm_text` - can be used to change `Text` option (from Design > Content)
 - `wpmm_scripts` - can be used to embed new javascripts files
 - `wpmm_styles` - can be used to embed new css files
 - `wpmm_search_bots` - if you have `Bypass for Search Bots` option (from General) activated, it can be used to add new bots (useragents)
 * Removed themes and now we have a "Design" & "Modules" tabs, where the look and functionality of the maintenance page can be changed as you need
 = 07/07/2014 =
 * Switch to new owner, contributor
 = 1.8.11 (07/25/2013) =
 * Fixes for php notices in scrict mode
 * Alternative for check url, if curl is not installed
 = 1.8.10 (07/18/2013) =
 * Add check for urls, Performance topics
 * Change default setting of 'Support Link' to false
 * Fix network settings php notices
 = 1.8.9 (06/20/2013) =
 * Allow empty header, title, heading string
 * Small code changes
 * Add Support function
 * Remove preview, will include later in a new release with extra settings page
 = 1.8.8 (06/05/2013) =
 * Fix path to localized flash content
 * Fix preview function
 * Add ukrainian translation
 * Add czech translation
 * Fix exclude function for IP
 * Security fix for save status via Ajax
 = 1.8.7 (04/07/2013) =
 * Add RTL support for splash page
 * Add Filter Hook `wp_maintenance_mode_status_code` Status Code; default is 503
 * Add support for custom splash page; leave a file with this name `wp-maintenance-mode.php`  in the wp-content; the plugin use this file
  The plugin checks in `WP_CONTENT_DIR . '/wp-maintenance-mode.php'`
 * Small minor changes
 * Add filter for more date on splash page
 = 1.8.6 (02/22/2013) =
 * Remove log inside console for JS
 * Add support for time inside the countdown
 * Add filter hook `wm_meta_author`for the meta data author
 * Add filter hook `wm_meta_description` for custom description
 * Add filter hook `wm_meta_keywords`for custom meta keys
 = 1.8.5 (01/24/2013) =
 * Added new settings for hide, view notices about the active maintenance mode
 * Changes on source, codex
 * Fix PHP Notices [Support Thread](http://wordpress.org/support/topic/error-message-in-settings-1)
 * Change default settings, added ajax
 * Fix Preview function
 * Fix uninstall in WPMU
 * Small updates on styles for login form
 = 1.8.4 (12/06/2012) =
 * Fix for include JS in frontend to use countdown
 * Small mini fix for a php notice
 * Add charset on spalsh page for strange databases
 * Enhanced default exclude adresses
 * Add shortcode `[loginform]` for easy use a login form in splash page
 * Test with WordPress 3.5
 = 1.8.3 =
 * Fix for the forgotten update of JS-files; slow SVN :(
 * Minor Fixes
 = 1.8.2 =
 * Add different access for Frontend and Backend
 * Add Rewrite after Login for Frontend Access
 * Different small changes
 * Test for WP 3.5
 = 1.8.1 =
 * Add option for value of robots meta tag
 * Add option for optional admin login
 = 1.8.0 =
 * Include all scripts in backend via function
 * Update datepicker and countdown js
 * Supportet IP as exclude for see the frontend
 * Add support for flish cache od WP Super Cache and W3 Total Cache plugins
 * Fix for changes in WP 3.3 Multisite
 = 1.7.1 (12/05/2011) =
 * fix for WP smaller 3.2* on Network
 = 1.7.0 (12/02/2011) =
 * add functionalities to use in WP Multisite
 * remove message in header, current is not fixed the ticked in core and the message on Admin Bar an Notice is enough
 * check on WP 3.3RC1
 = 1.6.10 (08/30/2011) =
 * add hint in Admin Bar, if active
 * small changes for WP Codex
 = 1.6.9 (06/13/2011) =
 * Small fix for empty string on custom design
 = 1.6.8 (04/05/2011) =
 * Small changes on check for datepicker
 * Fix for Design monster
 = 1.6.7 (01/05/2011) =
 * Bugfix: new check for files for different themes; hope this fix the server errors
 * Bugfix: fix add default settings
 * Maintenance: different changes on the syntax
 * Feature: add check for Super Admin on WP Multisite; has allways the rights for access
 * Feature: now it is possible to exclude feed from maintenance mode
 * Maintenance: check with 3.0.4 and 3.1-RC2
 * Maintenance: update language file: .pot, de_DE
 * Bugfix: JavaScript error on Bulk Actions on plugins fixed
 * Maintenance: fix all notice, if set no values
 = 1.6.6. (10/09/2010) =
 * Maintenance: many changes on the code; $locale and hook in side frontend
 * Maintenance: change attribute_escaped to esc_attr with custom method for WP smaller 2.8
 * Maintenance: Update german language files
 * Feature: Shortcodes is now possible in the "Text" option
 * Feature: no cache header rewrite
 = 1.6.5 (09/16/2010) =
 * add new design "Chemistry" by [elmastudio.de](http://www.elmastudio.de/ "elmastudio.de")
 * changes for include methods od class for preview
 * changes the possibility for include of language specific flash files
 = 1.6.4 (09/13/2010) =
 * add preview functions
 * bugfix for list in wp-admin/plugins.php
 * remove datepicker.regional - dont work fine
 * different small changes
 * new language file .pot
 * add flash file and change on plugin for style "Animate" for spanish language
 = 1.6.3 (07/27/2010) =
 * bugfix to include stylesheet on maintenance mode message
 = 1.6.2 (07/08/2010) =
 * add functions for hint in the new UI of WP 3.0
 * add more WP Codex standard source
 * fix strings in the language and languages files
 * add datetimepicker-de
 = 1.6.1 (06/18/2010) =
 * fix a problem with https://; see [Ticket #13941](http://core.trac.wordpress.org/ticket/13941)
 = 1.6 (05/17/2010) =
 * bugfix for exclude sites
 = 1.5.9 (05/07/2010) =
 * change different points
 * add possibility to wotk with MySQLDumper
 = 1.5.8 (21/03/2010)=
 * fix exclude error
 * add textareas for heading and header fields
 = 1.5.7 (03/18/2010) =
 * block admin-area via role
 * add message for registered users with not enough rights
 * add message on login-page
 * different changes
 = 1.5.6 (02/25/2010) =
 * changes on css, site.php and different syntax on the plugin
 = 1.5.5 (02/23/2010) =
 * SORRY, small bug for the url to jQuery
 = 1.5.4 (02/23/2010) =
 * add time for countdown
 * changes for WP 3.0
 * changees on rights to see frontend
 = 1.5.3 (01/05/2010) =
 * Fix for JavaScript with WordPress 2.9
 * Add new custom fields for fronted: title, header, heading
 * Fix for setting userrole to see frontend
 * Change laguage files
 = 1.5.2 (01/04/2010) =
 * add user-role setting
 * correctly the de_DE language file
 = 1.5.1 (10/04/2009) =
 * add small fix
 * add language files (en_ES, ro_RO)
 = 1.5.0 (09/28/2009) =
 * add countdown
 * change options
 * change default options
 * add field for own adress to excerpt of the maintenance mode
 * etc.
 = 1.4.9 (07/09/2009) =
 * also ready for WordPress 2.6
 * add romanian language files
 * add italian language file by [Gianni Diurno](http://gidibao.net/ "Gianni Diurno")
 = 1.4.8 (03/09/2009) =
 * add design "Damask" by [Fabian Letscher](http://fabianletscher.de/ "Fabian Letscher")
 * add design "Lego" by [Alex Frison](http://www.afrison.com/ "Alex Frison")
 = 1.4.7 (26/08/2009) =
 * change doc-type to utf-8 without BOM
 = v1.4.6 (24/08/2009) =
 * add design "Animate (Flash)" by [Sebastian Schmiedel](http://www.cayou-media.de/ "Sebastian Schmiedel")
 * add new hook for add content `wm_content` to include flash on content
 * add frensh language files
 = v1.4.5 (19/08/2009) =
 * fix html string in text on frontend
 * add design "Paint" by [Marvin Labod](http://bugeyes.de/ "Marvin Labod")
 * add turkey language files
 = v1.4.4 (18/08/2009) =
 * add design "Chastely" by [Florian Andreas Vogelmaier](http://fv-web.de/ "Florian Andreas Vogelmaier")
 * add design "Only Typo" by [Robert Pfotenhauer](http://krautsuppe.de/ "Robert Pfotenhauer")
 = v1.4.3 (13/08/2009) =
 * add option for the Text
 * add option for active maintenance mode
 * add design "The FF Error" by [Thomas Meschke](http://www.lokalnetz.com/ "Thomas Meschke")
 * add design "Monster" by [Sebastian Sebald](http://www.backseatsurfer.de "Sebastian Sebald")
 = v1.4.2 (10/08/2009) =
 * add design "The Sun" by [Nicki Steiger](http://mynicki.net/ "Nicki Steiger")
 * now it is possible to add own css and add in settings the url to the css-file
 = v1.4.1 (07/08/2009) =
 * small html-fix
 = v1.4 (06/08/2009) =
 * complety new code
 * options menu
 * new designs by [David Hellmann](http://www.davidhellmann.com/ "David Hellmann")
--- a/spec/samples/common/models/wp_item/vulnerable/items_vulns.json
+++ b/spec/samples/common/models/wp_item/vulnerable/items_vulns.json
@@ -1,35 +1,35 @@
-[
+{
-   {
+   "not-this-one": {
-      "not-this-one":{
+      "vulnerabilities":[
-         "vulnerabilities":[
+         {
-            {
+            "id":2989,
-               "id":2989,
+            "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
-               "title":"Administrator-exploitable blind SQLi in WordPress 1.0 - 3.8.1",
+            "references": {
-               "url":"https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/,http://www.example.com",
+              "url": ["https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/" ,"http://www.example.com"]
-               "created_at":"2014-07-28T12:10:07.000Z",
+            },
-               "updated_at":"2014-07-28T12:43:41.000Z"
+            "created_at":"2014-07-28T12:10:07.000Z",
-            }
+            "updated_at":"2014-07-28T12:43:41.000Z"
-         ]
+         }
-      }
+      ]
   },
-   {
+   "neo": {
-      "neo":{
+      "vulnerabilities":[
-         "vulnerabilities":[
+         {
-            {
+            "id":2993,
-               "id":2993,
+            "title":"I'm the one",
-               "title":"I'm the one",
+            "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1", "Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb",
+               "exploitdb": ["exploitdb"]
-               "type":"XSS",
+            },
-               "fixed_in":"",
+            "type":"XSS",
-               "created_at":"2014-07-28T12:10:07.000Z",
+            "fixed_in":"",
-               "updated_at":"2014-07-28T12:10:07.000Z"
+            "created_at":"2014-07-28T12:10:07.000Z",
-            }
+            "updated_at":"2014-07-28T12:10:07.000Z"
-         ]
+         }
-      }
+      ]
   }
-]
+}
--- a/spec/samples/common/models/wp_plugin/vulnerable/plugins.json
+++ b/spec/samples/common/models/wp_plugin/vulnerable/plugins.json
@@ -0,0 +1,58 @@
 {
    "mr-smith": {
      "vulnerabilities":[
         {
            "id":2993,
            "title":"I should not appear in the results",
            "references": {
               "url": ["Ref 1","Ref 2"],
               "osvdb": ["osvdb"],
               "cve": ["2011-001"],
               "secunia": ["secunia"],
               "metasploit": ["exploit/ex1"],
               "exploitdb": ["exploitdb"]
            },
            "type":"XSS",
            "fixed_in":"",
            "created_at":"2014-07-28T12:10:07.000Z",
            "updated_at":"2014-07-28T12:10:07.000Z"
         },
         {
            "id":2989,
            "title":"Neither do I",
            "references": {
               "url": ["Ref 1" ,"Ref 2"],
               "osvdb": ["osvdb"],
               "cve": ["2011-001"],
               "secunia": ["secunia"],
               "metasploit": ["exploit/ex1"],
               "exploitdb": ["exploitdb"]
            },
            "type":"XSS",
            "fixed_in":"",
            "created_at":"2014-07-28T12:10:07.000Z",
            "updated_at":"2014-07-28T12:10:07.000Z"
         }
         ]
      },
        "white-rabbit": {
           "vulnerabilities": [
        {
           "id":2993,
           "title":"Follow me!",
           "references": {
             "url": ["Ref 1", "Ref 2"],
             "osvdb": ["osvdb"],
             "cve": ["2011-001"],
             "secunia": ["secunia"],
             "metasploit": ["exploit/ex1"],
             "exploitdb": ["exploitdb"]
           },
           "type":"REDIRECT",
           "fixed_in":"",
           "created_at":"2014-07-28T12:10:07.000Z",
           "updated_at":"2014-07-28T12:10:07.000Z"
        }
     ]
  }
 }
--- a/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json
+++ b/spec/samples/common/models/wp_plugin/vulnerable/plugins_vulns.json
@@ -1,56 +0,0 @@
 [
   {
      "mr-smith":{
         "vulnerabilities":[
            {
               "id":2989,
               "title":"I should not appear in the results",
               "url":"Ref 1,Ref 2",
               "osvdb":"osvdb",
               "cve":"2011-001",
               "secunia":"secunia",
               "metasploit":"exploit/ex1",
               "exploitdb":"exploitdb",
               "type":"XSS",
               "fixed_in":"",
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:10:07.000Z"
            },
            {
               "id":2989,
               "title":"Neither do I",
               "url":"Ref 1,Ref 2",
               "osvdb":"osvdb",
               "cve":"2011-001",
               "secunia":"secunia",
               "metasploit":"exploit/ex1",
               "exploitdb":"exploitdb",
               "type":"XSS",
               "fixed_in":"",
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:10:07.000Z"
            }
         ]
      }
   },
   {
      "white-rabbit":{
         "vulnerabilities":[
            {
               "id":2993,
               "title":"Follow me!",
               "url":"Ref 1,Ref 2",
               "osvdb":"osvdb",
               "cve":"2011-001",
               "secunia":"secunia",
               "metasploit":"exploit/ex1",
               "exploitdb":"exploitdb",
               "type":"REDIRECT",
               "fixed_in":"",
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:10:07.000Z"
            }
         ]
      }
   }
 ]
--- a/spec/samples/common/models/wp_theme/versionable/bueno-1.5.1.css
+++ b/spec/samples/common/models/wp_theme/versionable/bueno-1.5.1.css
--- a/spec/samples/common/models/wp_theme/versionable/twentyeleven-1.3.css
+++ b/spec/samples/common/models/wp_theme/versionable/twentyeleven-1.3.css
--- a/spec/samples/common/models/wp_theme/versionable/twentyeleven-unknow.css
+++ b/spec/samples/common/models/wp_theme/versionable/twentyeleven-unknow.css
--- a/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json
+++ b/spec/samples/common/models/wp_theme/vulnerable/themes_vulns.json
@@ -1,56 +1,59 @@
-[
+{
-   {
+   "mr-smith": {
-      "mr-smith":{
+      "vulnerabilities":[
-         "vulnerabilities":[
+         {
-            {
+            "id":2989,
-               "id":2989,
+            "title":"I should not appear in the results",
-               "title":"I should not appear in the results",
+            "references": {
-               "url":"Ref 1,Ref 2",
+               "url": ["Ref 1", "Ref 2"],
-               "osvdb":"osvdb",
+               "osvdb": ["osvdb"],
-               "cve":"2011-001",
+               "cve": ["2011-001"],
-               "secunia":"secunia",
+               "secunia": ["secunia"],
-               "metasploit":"exploit/ex1",
+               "metasploit": ["exploit/ex1"],
-               "exploitdb":"exploitdb",
+               "exploitdb": ["exploitdb"]
               "type":"XSS",
               "fixed_in":"",
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:10:07.000Z"
            },
-            {
+            "type":"XSS",
-               "id":2989,
+            "fixed_in":"",
-               "title":"Neither do I",
+            "created_at":"2014-07-28T12:10:07.000Z",
-               "url":"Ref 1,Ref 2",
+            "updated_at":"2014-07-28T12:10:07.000Z"
-               "osvdb":"osvdb",
+         },
-               "cve":"2011-001",
+         {
-               "secunia":"secunia",
+            "id":2989,
-               "metasploit":"exploit/ex1",
+            "title":"Neither do I",
-               "exploitdb":"exploitdb",
+            "references": {
-               "type":"XSS",
+               "url": ["Ref 1", "Ref 2"],
-               "fixed_in":"",
+               "osvdb": ["osvdb"],
-               "created_at":"2014-07-28T12:10:07.000Z",
+               "cve": ["2011-001"],
-               "updated_at":"2014-07-28T12:10:07.000Z"
+               "secunia": ["secunia"],
-            }
+               "metasploit": ["exploit/ex1"],
               "exploitdb": ["exploitdb"]
            },
            "type":"XSS",
            "fixed_in":"",
            "created_at":"2014-07-28T12:10:07.000Z",
            "updated_at":"2014-07-28T12:10:07.000Z"
         }
         ]
-      }
+      },
-   },
+      "the-oracle": {
   {
      "the-oracle":{
         "vulnerabilities":[
            {
               "id":2993,
               "title":"I see you",
-               "url":"Ref 1,Ref 2",
+               "references": {
-               "osvdb":"osvdb",
+                  "url": ["Ref 1", "Ref 2"],
-               "cve":"2011-001",
+                  "osvdb": ["osvdb"],
-               "secunia":"secunia",
+                  "cve": ["2011-001"],
-               "metasploit":"exploit/ex1",
+                  "secunia": ["secunia"],
-               "exploitdb":"exploitdb",
+                  "metasploit": ["exploit/ex1"],
                  "exploitdb": ["exploitdb"]
               },
               "type":"FPD",
               "fixed_in":"",
               "created_at":"2014-07-28T12:10:07.000Z",
               "updated_at":"2014-07-28T12:10:07.000Z"
            }
         ]
      }
   }
-]
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Christian Mehlmauer	641108e7eb	Stats	2017-07-19 15:24:32 +02:00
Christian Mehlmauer	0e87384b0a	update data.zip	2017-07-19 15:05:41 +02:00
Christian Mehlmauer	5175170c4b	prepare release	2017-07-19 14:59:33 +02:00
ethicalhack3r	79864cae7b	Add emergency.php detection #1108	2017-07-17 20:56:38 +02:00
Christian Mehlmauer	ca5f92ca61	travis	2017-07-08 01:12:06 +02:00
Christian Mehlmauer	d29de83c41	prepare release, update gems	2017-07-08 01:10:00 +02:00
Christian Mehlmauer	1f42ce6e2f	Merge pull request #1109 from zmwangx/readme-homebrew Document Homebrew package in README	2017-07-07 09:39:30 +02:00
Zhiming Wang	0dc7128582	Document Homebrew package in README Also, (Mac) OS X has been rebranded as macOS since June 2016, so rename that.	2017-07-06 20:13:57 -04:00
Christian Mehlmauer	21f4de2ec1	make logfile configurable	2017-05-31 23:16:07 +02:00
ethicalhack3r	d65567fc8f	Remove previous version detection commit #1092	2017-05-02 16:13:54 +02:00
Christian Mehlmauer	20af778fa1	fix rspecs	2017-05-02 15:37:38 +02:00
ethicalhack3r	5f77832386	Improve version detection regex. Fix #1092	2017-05-02 12:30:16 +02:00
Christian Mehlmauer	6ccfe70775	install only supported gems	2017-04-21 20:07:02 +02:00
Christian Mehlmauer	6b0f687abb	typo	2017-04-21 19:45:17 +02:00
Christian Mehlmauer	67ba526b5b	use ruby alpine image from now on	2017-04-21 19:40:25 +02:00
ethicalhack3r	e186ec7534	Update install instruction for ruby 2.4.0	2017-04-20 16:35:11 +02:00
Christian Mehlmauer	23ef1e75b3	remove unneeded statement	2017-04-12 20:26:47 +02:00
Christian Mehlmauer	8170390f92	fix rspecs	2017-04-12 20:22:47 +02:00
Christian Mehlmauer	c148295f64	use Gemfile.lock from now on	2017-04-12 20:18:13 +02:00
Christian Mehlmauer	37b99f9baa	Merge branch 'master' of github.com:wpscanteam/wpscan	2017-04-12 20:15:22 +02:00
Christian Mehlmauer	8e4643874d	more docker work	2017-04-12 20:13:49 +02:00
Ryan Dewhurst	0522023fd4	Merge pull request #1081 from jamesalbert/master --wordlist - reads stdin	2017-04-12 09:12:06 +02:00
jamesalbert	711ee730a0	updated readme	2017-04-11 09:58:43 -07:00
jamesalbert	f3bd995528	differentiate between stdin and file (estimating)	2017-04-11 03:20:11 -07:00
jamesalbert	beec0bd35a	fixed progress_bar scope	2017-04-11 03:09:24 -07:00
jamesalbert	9d7f35f3b2	tightened up the threshold	2017-04-11 02:58:47 -07:00
jamesalbert	c7488e28f7	added estimation for stdin	2017-04-11 02:55:34 -07:00
jamesalbert	9150e0ca52	reads stdin line by line	2017-04-10 02:44:43 -07:00
jamesalbert	475288deeb	--wordlist - reads stdin	2017-04-10 02:10:34 -07:00
erwanlr	82335d7399	Merge pull request #1075 from qutorial/master Preciser reporting in bruteforcing password with bad response	2017-03-25 15:42:26 +00:00
Zaur	338eacd63b	Preciser reporting in bruteforcing password with bad response When bruteforcing for multiple logins and passwords the bad response code reported might indicate a match! But the reporting for it is not clear enough. For example "Unkown response for admin" might mean a user name admin and some password or a password 'admin' for some user. This commit makes in unambiguous reporting a bad response, and naming which login and which password caused it.	2017-03-25 16:18:05 +01:00
Christian Mehlmauer	0b9b79f55f	change tag	2017-03-24 18:55:49 +01:00
Christian Mehlmauer	5303b28957	add docker examples	2017-03-23 20:09:30 +01:00
Christian Mehlmauer	11c05a3590	some more help	2017-03-11 19:49:22 +01:00
Christian Mehlmauer	862c0a9014	binstub	2017-03-03 16:21:07 +01:00
Christian Mehlmauer	487a483aa6	gitignore	2017-01-31 22:03:43 +01:00
Christian Mehlmauer	030c20a11b	travis	2017-01-31 22:02:53 +01:00
Christian Mehlmauer	ec831f7fed	wtf? it was never required?	2017-01-31 22:02:20 +01:00
Christian Mehlmauer	50fa79b331	try to fix travis	2017-01-31 21:46:07 +01:00
Christian Mehlmauer	edab0e812a	try to fix travis	2017-01-31 21:43:07 +01:00
Christian Mehlmauer	f0126ca860	try to fix travis	2017-01-31 21:36:00 +01:00
Christian Mehlmauer	01261d4d29	try to fix travis	2017-01-31 21:33:09 +01:00
Christian Mehlmauer	f97d3436a5	try to fix travis	2017-01-31 21:23:43 +01:00
Christian Mehlmauer	0bcb8b4b3b	try to fix travis	2017-01-31 21:12:42 +01:00
Christian Mehlmauer	489545dd75	try to fix travis	2017-01-31 21:08:58 +01:00
Christian Mehlmauer	f6c152f58a	update all gems to newest version	2017-01-31 20:36:32 +01:00
Christian Mehlmauer	16734418be	Merge pull request #1053 from wpscanteam/revert-1052-master Revert "Fix logic error in parsing command line args"	2017-01-29 23:16:42 +01:00
Christian Mehlmauer	b17ee20f58	Revert "Fix logic error in parsing command line args"	2017-01-29 23:16:01 +01:00
Ryan Dewhurst	aaee6f1e6d	Merge pull request #1052 from petercunha/master Fix logic error in parsing command line args	2017-01-29 21:26:58 +01:00
Peter Cunha	64d8240b8a	Fix logic error in parsing command line args	2017-01-29 14:25:25 -05:00
Christian Mehlmauer	0a6d430c9f	fix typo	2017-01-28 00:40:51 +01:00
Christian Mehlmauer	7bf0314561	try to fix travis	2017-01-17 20:47:01 +01:00
Christian Mehlmauer	409897fec4	fix travis and older ruby versions	2017-01-17 20:40:37 +01:00
Christian Mehlmauer	91b0d20665	forgot travis	2017-01-17 20:26:43 +01:00
Christian Mehlmauer	f6644eebf9	make wpscan ruby 2.4.0 compatible fixes #1044	2017-01-17 20:24:32 +01:00
Ryan Dewhurst	88bddd4f87	Merge pull request #1046 from dctabuyz/fix__require_readline 'gem install readline' issues fix	2017-01-12 12:34:50 +01:00
dctabuyz	c61b023fb7	placing `'require readline'` before `require 'bundler/setup'` fixes 'gem install readline' issues	2017-01-12 01:32:07 -05:00
Christian Mehlmauer	1b5df8751f	Merge pull request #1045 from thijskh/patch-1 Add gcc to Debian prerequisites	2017-01-11 17:51:25 +01:00
Thijs Kinkhorst	314c98f101	Add gcc to Debian prerequisites This is needed to install some gems and mirrors the fact that gcc is included in the command lines Fedora and Ubuntu (there contained in `build-essential`).	2017-01-11 17:19:27 +01:00
ethicalhack3r	8274e2efe9	Update to Ruby 2.3.3	2016-11-24 19:00:45 +01:00
ethicalhack3r	2bff063805	More changelog info	2016-11-15 20:51:38 +01:00
ethicalhack3r	53d9956829	Update data.zip	2016-11-15 20:37:54 +01:00
ethicalhack3r	6e98678c3c	Bump wpscan version	2016-11-15 20:37:07 +01:00
ethicalhack3r	f0f21f5ac2	Add stats to changelog	2016-11-15 20:35:48 +01:00
ethicalhack3r	aa233b1c4d	Add total vuln stats	2016-11-15 20:34:55 +01:00
ethicalhack3r	93f9123f45	Document missing options	2016-11-15 20:17:09 +01:00
ethicalhack3r	5c710d88e4	Update changelog	2016-11-15 20:00:54 +01:00
ethicalhack3r	ded70ff743	add R symbol	2016-11-08 14:03:33 +01:00
Christian Mehlmauer	9df7443aa4	color	2016-11-02 22:23:00 +01:00
Christian Mehlmauer	8362975691	apt tweak	2016-11-02 21:52:14 +01:00
Christian Mehlmauer	49771419ae	Merge branch 'master' of github.com:wpscanteam/wpscan	2016-11-01 19:39:24 +01:00
Christian Mehlmauer	d344f84824	remove cloudflare error handling	2016-11-01 19:38:47 +01:00
Christian Mehlmauer	89c0b8d4d0	Merge pull request #1019 from wpscanteam/hash remove scripts before calculating hashes	2016-10-26 11:48:13 +02:00
Christian Mehlmauer	3c74ee8d97	remove scripts before calculating hashes	2016-10-25 20:44:00 +02:00
ethicalhack3r	785c6efa5b	Fix typo	2016-10-14 14:52:54 +02:00
ethicalhack3r	4e2bf5322e	Markdown formating	2016-10-14 14:51:40 +02:00
ethicalhack3r	54ed148c87	Add passive detection of google-universal-analytics	2016-10-14 14:48:48 +02:00
Christian Mehlmauer	b08e298eba	Merge branch 'master' of github.com:wpscanteam/wpscan	2016-10-06 20:35:44 +02:00
Christian Mehlmauer	89e2088357	fix #1008	2016-10-06 20:35:29 +02:00
ethicalhack3r	f3cc35bd74	trademark update	2016-09-08 09:39:52 +02:00
Christian Mehlmauer	a007d283e5	rspecs	2016-09-05 23:25:33 +02:00
Christian Mehlmauer	70902aa013	Merge branch 'master' of github.com:wpscanteam/wpscan	2016-09-05 22:59:14 +02:00
Christian Mehlmauer	91151fc53b	check for ssl related errors. Fix #993	2016-09-05 22:58:56 +02:00
Christian Mehlmauer	d4ee82dac5	Update README.md	2016-08-17 18:31:35 +02:00
Christian Mehlmauer	88d3c26113	moar rspecs	2016-08-16 21:40:19 +02:00
Christian Mehlmauer	054a4ee6aa	fix #984	2016-08-16 21:20:29 +02:00
ethicalhack3r	c291022753	Improve yoast seo pasive detection regex #984	2016-08-16 17:20:52 +02:00
Christian Mehlmauer	2fc488b602	rework readme	2016-08-15 00:25:46 +02:00
Christian Mehlmauer	009ddd690e	verbose update	2016-08-13 12:52:33 +02:00
Christian Mehlmauer	88b5cd8751	readme	2016-08-13 10:30:06 +02:00
Christian Mehlmauer	cfd19d02b1	readme	2016-08-13 10:29:28 +02:00
Christian Mehlmauer	19ce30d862	trigger docker build	2016-08-13 10:27:52 +02:00
Christian Mehlmauer	c6df6e0e89	move docker stuff	2016-08-13 10:24:02 +02:00
Christian Mehlmauer	e942a5bcf6	Exit on exceptions	2016-08-12 23:56:36 +02:00
Christian Mehlmauer	c0f5163d07	handle null	2016-08-12 21:50:59 +02:00
Christian Mehlmauer	f5aa9f117f	fix #968	2016-08-12 21:29:05 +02:00
Christian Mehlmauer	498d93377d	rvm install instructions	2016-08-12 21:25:45 +02:00
Christian Mehlmauer	52242e706b	Merge branch 'master' of github.com:wpscanteam/wpscan	2016-08-12 20:55:20 +02:00
Christian Mehlmauer	22d69a1bf9	more detailed update exception	2016-08-12 20:54:24 +02:00
Ryan Dewhurst	0b1fa13696	Merge pull request #973 from pierre-dargham/feature_option_cache Enable --cache-dir option in command line parameters, which solves write permission issues when wpscan is installed in system or root-owned directories	2016-08-12 12:16:11 +02:00
Christian Mehlmauer	19b15b5327	travis	2016-08-08 22:35:20 +02:00
Christian Mehlmauer	e63e96f5ed	travis	2016-08-08 22:04:42 +02:00
Christian Mehlmauer	e8ac8f26a7	travis	2016-08-08 22:00:52 +02:00
Christian Mehlmauer	13e4327de4	travis	2016-08-08 21:57:38 +02:00
Christian Mehlmauer	c22a1ed12a	travis	2016-08-08 21:55:40 +02:00
Christian Mehlmauer	be5662b5f1	travis	2016-08-08 21:52:30 +02:00
Christian Mehlmauer	6e840ca920	fix #974	2016-08-08 21:40:36 +02:00
Pierre Dargham	8492190f4c	Allow --cache-dir option in command line parameters	2016-08-05 10:56:40 +02:00
Christian Mehlmauer	93ab6ee2a0	fucking specs	2016-08-01 22:13:38 +02:00
Christian Mehlmauer	7075e01886	Merge branch 'master' of github.com:wpscanteam/wpscan	2016-08-01 22:07:47 +02:00
Christian Mehlmauer	436a83434c	fix #972	2016-08-01 22:04:13 +02:00
pvdl	d270391b56	Fix for missing 'zlib.h' in Nokogiri	2016-07-26 19:43:45 +02:00
Christian Mehlmauer	7f2762eb6f	new options	2016-07-21 21:27:21 +02:00
Christian Mehlmauer	2cc5bb0311	fix rspecs	2016-07-21 13:57:18 +02:00
Christian Mehlmauer	d697127261	set user agent globally	2016-07-21 13:21:07 +02:00
Christian Mehlmauer	825523a851	changelog	2016-06-27 16:07:40 +02:00
Christian Mehlmauer	0f3f9cac33	more info	2016-06-24 21:17:43 +02:00
ethicalhack3r	f9b545b100	Clearer instructions	2016-06-23 13:40:15 +02:00
Christian Mehlmauer	943bfc39b3	fix for #957	2016-06-14 03:30:17 +02:00
Ryan Dewhurst	b1a8f445c6	Merge pull request #950 from anthraxx/master bump terminal-table to 1.6.0 and drop workaround	2016-06-07 09:54:42 +02:00
anthraxx	5435df4345	bump terminal-table to 1.6.0 and drop workaround	2016-06-06 19:28:40 +02:00
ethicalhack3r	8e9d29e94f	Update dependencies #939	2016-06-02 11:21:07 +02:00
ethicalhack3r	1afa761f09	RandomStorm is no more	2016-06-02 11:09:10 +02:00
Ryan Dewhurst	d626913ce9	Merge pull request #949 from wpscanteam/finders more advanced version detection	2016-06-02 11:04:38 +02:00
ethicalhack3r	9c52e4a5ee	Update dependencies #939	2016-06-02 11:03:07 +02:00
Christian Mehlmauer	72c2c1992b	rspec fixed	2016-05-31 15:23:34 +02:00
Christian Mehlmauer	e1b4b5e8e5	typo	2016-05-31 14:53:50 +02:00
Christian Mehlmauer	0243522854	more advanced version detection	2016-05-31 14:51:09 +02:00
Christian Mehlmauer	5118c68f45	fix #943	2016-05-13 21:23:22 +02:00
Christian Mehlmauer	442884b5c5	remove executable flags	2016-05-09 16:19:11 +02:00
Christian Mehlmauer	f832e27b49	correct stats an correct data files	2016-05-06 11:52:05 +02:00
ethicalhack3r	6ce29f73c5	Update with correct stat #935	2016-05-06 11:35:57 +02:00
ethicalhack3r	920338fb62	Prepare 2.9.1 release #935	2016-05-06 00:15:53 +02:00
Christian Mehlmauer	49d0a9e6d9	check directory listing in wp-includes	2016-05-05 00:01:52 +02:00
Christian Mehlmauer	fe401e622b	add stats	2016-05-04 23:09:00 +02:00
Christian Mehlmauer	6e32cb0db2	changelog	2016-05-04 22:46:02 +02:00
Ryan Dewhurst	73171eb39d	Merge pull request #929 from wpscanteam/wp_metadata WP Metadata Integration	2016-04-28 14:35:43 +02:00
ethicalhack3r	2e05f4171e	Update to Ruby 2.3.1	2016-04-28 14:04:54 +02:00
Christian Mehlmauer	75b8c303e2	more verbose error	2016-04-27 15:19:07 +02:00
Christian Mehlmauer	bd7a493f1c	travis errors	2016-04-20 20:49:17 +02:00
Christian Mehlmauer	9dada7c8f4	travis errors	2016-04-20 20:41:46 +02:00
ethicalhack3r	fe7aede458	Better output	2016-04-20 13:39:05 +02:00
ethicalhack3r	cdf2b38780	Only show changelog if verbose	2016-04-20 13:09:02 +02:00
ethicalhack3r	a09dbab6a8	Use db_file	2016-04-20 12:43:56 +02:00
ethicalhack3r	49a6d275d2	Update comment	2016-04-20 12:37:46 +02:00
ethicalhack3r	8192a4a215	Fix typo	2016-04-20 12:27:09 +02:00
ethicalhack3r	1d6593fd4d	Add WP metadata #704	2016-04-20 12:02:15 +02:00
Christian Mehlmauer	bf99e31e70	higher update timeout	2016-04-20 09:33:56 +02:00
Christian Mehlmauer	5386496bdc	move wordpress check to the top	2016-04-06 14:13:56 +02:00
Christian Mehlmauer	6451510449	new ruby version with security bugfixes released	2016-04-03 00:34:52 +02:00
Christian Mehlmauer	cd68aa719c	possible fix for timeouts	2016-04-01 11:52:13 +02:00
Christian Mehlmauer	b328dc4ff9	possible fix for #912	2016-03-11 09:28:42 +01:00
Christian Mehlmauer	1e1c79aa56	Merge pull request #909 from wpscanteam/ruby_version drop ruby 1.9 and 2.0 support, whitespaces	2016-02-26 14:08:38 +01:00
Christian Mehlmauer	08650ce156	fix travis	2016-02-25 06:39:47 +01:00
Christian Mehlmauer	a1929719f3	version 2.1.8 minimum requirement	2016-02-24 23:48:50 +01:00
Christian Mehlmauer	d34da72cd3	ruby 2.0.0 is EOL	2016-02-24 23:41:32 +01:00
Christian Mehlmauer	816b18b604	drop ruby 1.9 support, whitespaces	2016-02-23 18:07:20 +01:00
Christian Mehlmauer	a78a13bf3f	revert change	2016-02-18 00:02:55 +01:00
Christian Mehlmauer	33f8aaf1dc	Merge branch 'master' of github.com:wpscanteam/wpscan	2016-02-17 23:30:45 +01:00
Christian Mehlmauer	26ab95d822	more actual gems	2016-02-17 23:30:28 +01:00
erwanlr	cea01d8aa0	Improves brute forcer output to avoid confustions	2016-02-13 16:44:29 +00:00
Ryan Dewhurst	0e61f1e284	Merge pull request #901 from wpscanteam/new_urls add new urls	2016-02-06 22:26:25 +01:00
Christian Mehlmauer	ddef061b90	add new urls	2016-02-05 22:25:18 +01:00
erwanlr	addeab8947	Fixes #900	2016-02-04 20:37:13 +01:00
erwanlr	55dc665404	Better specs	2016-01-11 16:33:29 +00:00
erwanlr	8f8538e9e9	Changes the order of the WP version from stylesheets check - Fixes #865	2016-01-11 16:27:22 +00:00
Christian Mehlmauer	348ca55bee	copyright	2016-01-08 23:54:04 +01:00
Christian Mehlmauer	1bb5bc7f33	fix rspec	2016-01-03 21:28:02 +01:00
ethicalhack3r	3be5e1fcf5	Add Windows OS detection	2016-01-03 20:15:11 +01:00
Christian Mehlmauer	9df8cc9243	Update README.md	2016-01-02 10:57:55 +01:00
Christian Mehlmauer	e28c84aa34	Update fedore install instructions See #886	2016-01-02 10:52:23 +01:00
Christian Mehlmauer	7db6b54761	Merge pull request #894 from nonmadden/update-ruby Update to Ruby 2.3.0	2015-12-31 10:22:47 +01:00
nonmadden	e3a06f5694	Update to Ruby 2.3.0	2015-12-31 10:41:04 +07:00
erwanlr	7c5d15e098	Updates Nokogiri dep	2015-12-18 18:59:32 +01:00
ethicalhack3r	d683c0f151	Update to Ruby 2.2.4	2015-12-18 11:13:41 +01:00
erwanlr	1e67fa26ff	Fixes #890	2015-11-26 14:12:04 +00:00
erwanlr	0ae6ef59ec	Fixes an issue with --cache-ttl being a Strig instead of an integer	2015-11-26 13:52:12 +00:00
erwanlr	e27ef40e0f	Updates Nokogiri dep version	2015-11-26 11:53:13 +00:00
ethicalhack3r	380760d028	Onlt shoe theme description when there is one	2015-10-26 16:06:13 +01:00
ethicalhack3r	18cfdafc19	Fix typo in options	2015-10-15 16:28:42 +02:00
ethicalhack3r	0934a2e329	Recommend RVM in readme	2015-10-15 15:51:38 +02:00
ethicalhack3r	d1a320324e	Update reame CLI options	2015-10-15 15:49:18 +02:00
ethicalhack3r	361c96d746	Version 2.9 release	2015-10-15 13:01:53 +02:00
erwanlr	e7dbf9278d	Fixes #873 - mu-plugins detection	2015-10-13 13:17:22 +01:00
erwanlr	6564fddb27	Adds a reminder about updating the terminal-table version	2015-10-13 13:12:12 +01:00
erwanlr	d382874e86	Fixes incorrect detection of the FDP data	2015-10-12 12:57:20 +01:00
erwanlr	91b30bee9f	Updates Typhoeus dependency	2015-10-09 19:03:37 +02:00
erwanlr	7804aad776	Removes useless stuff & update the --throttle options text	2015-10-07 22:09:23 +01:00
erwanlr	b7552ac8aa	Tried to throttle things	2015-10-07 19:03:52 +01:00
erwanlr	a76c94cccf	Let's try Travis container-based infra & caching	2015-09-18 16:13:37 +02:00
Christian Mehlmauer	c0ae5c7cad	Merge pull request #864 from wpscanteam/apiv2 new dependency	2015-09-11 21:09:51 +02:00
Christian Mehlmauer	cc55b39b83	new dependency	2015-09-11 15:31:29 +02:00
ethicalhack3r	d8a6884ab6	Only show 'up to date' string when version found	2015-09-09 15:46:44 +02:00
Ryan Dewhurst	5ce3581386	Merge pull request #862 from wpscanteam/apiv2 Apiv2	2015-09-08 21:00:03 +02:00
ethicalhack3r	2208f2a8c0	Implement lesser? method #862	2015-09-08 17:54:32 +02:00
ethicalhack3r	a4a14c7e63	Better version output #862	2015-09-08 17:24:10 +02:00
erwanlr	aa464b476c	Fixes a bug where -e vp was displaying non vulnerable plugins - Ref #853	2015-09-06 15:25:29 +01:00
erwanlr	3c92712a6e	Uses yajl as JSON parser to reduce memory used	2015-09-06 14:29:41 +01:00
erwanlr	fd0c47f5d7	Adds the latest_version, last_updated and popular? attributes - Ref #853	2015-09-06 14:26:36 +01:00
erwanlr	c03a44d225	Removes useless code	2015-09-06 13:32:13 +01:00
ethicalhack3r	d31d45ba71	Remove unneede newline	2015-09-05 14:10:08 +02:00
ethicalhack3r	db528b27f4	Implement Erwan's feedback #853	2015-09-05 13:49:03 +02:00
ethicalhack3r	e6d29f6f18	New json structure implemented #853	2015-09-03 22:04:44 +02:00
Christian Mehlmauer	e4d6b988ef	forgot spec file, #858 Signed-off-by: Christian Mehlmauer <firefart@gmail.com>	2015-08-22 21:52:55 +02:00
Christian Mehlmauer	ec68291bf0	fix #858	2015-08-22 21:50:31 +02:00
ethicalhack3r	3a6a451db1	Update to Ruby 2.2.3	2015-08-21 09:41:06 +02:00
Christian Mehlmauer	7ec095d708	fix duplicate robots.txt entries	2015-08-18 15:55:10 +02:00
ethicalhack3r	57f6206aee	Implement Erwan's feedbaxk #853	2015-08-14 21:51:55 +02:00
ethicalhack3r	390f10e83f	Remove ArchAssault, 'had to close its doors'	2015-08-14 19:26:52 +02:00
ethicalhack3r	8727935cb2	Fix specs #853	2015-08-14 16:33:57 +02:00
ethicalhack3r	d0e868f556	Enable rspec fail-fast #853	2015-08-14 16:04:26 +02:00
ethicalhack3r	01c357e146	Fix specs #853	2015-08-14 16:03:21 +02:00
ethicalhack3r	a0fed4a9d0	Clean up last commit #853	2015-08-14 00:22:48 +02:00
ethicalhack3r	c4aed0ec89	Initial attempt at implementing apiv2 #853	2015-08-14 00:19:22 +02:00
erwanlr	cc737090a2	Fixes incorrect detection of the username	2015-08-13 10:27:33 +01:00
erwanlr	1652c09e95	Merge pull request #850 from mikicaivosevic/master Re-factorises a statement	2015-08-12 14:53:43 +01:00
erwanlr	2538b88579	Adds the Accept-Encoding header when updating the DBs - Fixes #852	2015-08-12 14:50:14 +01:00
Mikica Ivosevic	8c2eb63840	update wp_target.rb Refactor if else statement - wp_content_dir (credits: ethicalhack3r)	2015-07-28 12:41:09 +02:00
erwanlr	36df5ee6e4	Comments debug statement	2015-07-23 14:15:46 +01:00
erwanlr	9720b4edf1	Escapes brackets etc potentially present in Dir.pwd When using Dir.glob - Fixes #840	2015-07-23 14:15:04 +01:00
Christian Mehlmauer	13d35b7607	update email	2015-07-08 14:29:18 +02:00
Christian Mehlmauer	13c2c51cfd	update email adress	2015-07-08 13:45:47 +02:00
ethicalhack3r	f43175b0c3	Use older terminal-table gem #841	2015-07-02 10:48:34 +02:00
erwanlr	1508aba8b2	Uses terminal-table 1.5.1 - Fixes #839	2015-06-28 13:54:25 +01:00
erwanlr	5414ab05e5	Restraints terminal-table version - Ref #839	2015-06-27 09:23:26 +01:00
erwanlr	bd5d2db634	Fixes #836	2015-06-26 09:24:17 +01:00
erwanlr	3259dd29d8	Merge pull request #833 from stefancastille/master Adds a --vhost option (Virtualhost support)	2015-06-26 09:14:39 +01:00
stefancastille	6e56013a95	Update browser.rb	2015-06-25 16:18:04 +02:00
stefancastille	252f762209	Update wp_target.rb	2015-06-25 16:17:03 +02:00
stefancastille	15c0448cf1	Update wpscan_options.rb	2015-06-25 16:13:04 +02:00
erwanlr	4c800bacaa	Fixes #835	2015-06-24 11:46:06 +01:00
stefancastille	86a73229c0	Update wp_target.rb	2015-06-17 08:46:14 +02:00
stefancastille	cc41b96e88	Update wpscan_options.rb	2015-06-17 08:44:50 +02:00
stefancastille	e16c5584d1	Update wpscan_options.rb	2015-06-17 08:44:04 +02:00
stefancastille	94bab3f550	Update wpscan_options.rb Add support for virtual hosts	2015-06-17 08:42:59 +02:00
stefancastille	9d04b23fb2	Update browser.rb add support for virtual hosts	2015-06-16 17:23:25 +02:00