More changelog info

remove scripts before calculating hashes

.dockerignore

@@ -0,0 +1,18 @@
+git/
+bundle/
+.idea/
+.yardoc/
+cache/
+coverage/
+spec/
+dev/
+.*
+**/*.md
+*.md
+Dockerfile
+**/*.orig
+*.orig
+CREDITS
+data.zip
+DISCLAIMER.txt
+example.conf.json

.ruby-version

@@ -1 +1 @@
-2.2.3
+2.3.1

.travis.yml

@@ -2,28 +2,22 @@ language: ruby
 sudo: false
 cache: bundler
 rvm:
-  - 1.9.2
+  - 2.1.9
-  - 1.9.3
-  - 2.0.0
-  - 2.1.0
-  - 2.1.1
-  - 2.1.2
-  - 2.1.3
-  - 2.1.4
-  - 2.1.5
   - 2.2.0
   - 2.2.1
   - 2.2.2
   - 2.2.3
+  - 2.2.4
+  - 2.3.0
+  - 2.3.1
 before_install:
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
+before_script:
+  - "unzip -o $TRAVIS_BUILD_DIR/data.zip -d $TRAVIS_BUILD_DIR"
 script: bundle exec rspec
 notifications:
   email:
     - team@wpscan.org
-matrix:
-  allow_failures:
-    - rvm: 1.9.2
 # do not build gh-pages branch
 branches:
   except:

CHANGELOG.md

@@ -1,6 +1,48 @@
 # Changelog
 ## Master
-[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.9...master)
+[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.9.2...master)
+
+## Version 2.9.2
+Released: 2016-11-15
+
+* Fixed error when detecting plugins with UTF-8 characters
+* Use all possible finders to verify a detected version
+* Fix error when detecting a WordPress version not in our database
+* Added some additional clarification on error messages
+* Upgrade terminal-table gem
+* Add --cache-dir option
+* Add --disable-tls-checks options
+* Improve/add additional plugin passive detections
+* Remove scripts when calculating page hashes
+* Many other small bug fixes.
+
+WPScan Database Statistics:
+* Total tracked wordpresses: 194
+* Total tracked plugins: 63703
+* Total tracked themes: 13835
+* Total vulnerable wordpresses: 177
+* Total vulnerable plugins: 1382
+* Total vulnerable themes: 379
+* Total wordpress vulnerabilities: 2617
+* Total plugin vulnerabilities: 2190
+* Total theme vulnerabilities: 452
+
+## Version 2.9.1
+Released: 2016-05-06
+
+* Update to Ruby 2.3.1, drop older ruby support
+* New data file location
+* Added experimental Windows support
+* Display WordPress metadata on the detected version
+* Several small fixes
+
+WPScan Database Statistics:
+* Total vulnerable versions: 156
+* Total vulnerable plugins:  1324
+* Total vulnerable themes:   376
+* Total version vulnerabilities: 1998
+* Total plugin vulnerabilities:  2057
+* Total theme vulnerabilities:   449
 
 ## Version 2.9
 Released: 2015-10-15
@@ -137,7 +179,7 @@ New
 * Add Sucuri sponsor to banner
 * Add protocol to sucuri url in banner
 * Add response code to proxy error output
-* Add a statement about mendatory newlines at the end of list
+* Add a statement about mandatory newlines at the end of list
 * Give warning if default username 'admin' is still used
 * License amendment to make it more clear about value added usage
 
@@ -493,4 +535,3 @@ Fixed issues
 
 ## Version 2.1
 Released 2013-3-4
-

Dockerfile

@@ -0,0 +1,24 @@
+FROM ruby:2.3-slim
+MAINTAINER WPScan Team <team@wpscan.org>
+
+RUN DEBIAN_FRONTEND=noninteractive && \
+  rm -rf /var/lib/apt/lists/* && \
+  apt-get update && \
+  apt-get --no-install-recommends -qq -y install curl git ca-certificates openssl libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev build-essential procps
+
+RUN useradd -d /wpscan wpscan
+RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
+RUN mkdir /wpscan
+
+COPY . /wpscan
+
+WORKDIR /wpscan
+
+RUN bundle install --without test
+RUN chown -R wpscan:wpscan /wpscan
+
+USER wpscan
+RUN /wpscan/wpscan.rb --update --verbose --no-color
+
+ENTRYPOINT ["/wpscan/wpscan.rb"]
+CMD ["--help"]

Gemfile

@@ -1,12 +1,10 @@
 source 'https://rubygems.org'
 
-gem 'typhoeus', '~>0.8.0'
+gem 'typhoeus', '>=1.0.0'
-gem 'nokogiri'
+gem 'nokogiri', '>=1.6.7.2'
 gem 'addressable'
 gem 'yajl-ruby' # Better JSON parser regarding memory usage
-# TODO: update the below when terminal-table 1.5.3+ is released.
+gem 'terminal-table', '>=1.6.0'
-# (and delete the Terminal module in lib/common/hacks.rb)
-gem 'terminal-table', '~>1.4.5'
 gem 'ruby-progressbar', '>=1.6.0'
 
 group :test do

LICENSE

@@ -1,6 +1,6 @@
 WPScan Public Source License
 
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2016 WPScan Team.
 
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 
@@ -68,3 +68,7 @@ To the extent permitted under Law, WPScan is provided under an AS-IS basis. The
 10. Disclaimer
 
 Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
+
+11. Trademark
+
+The "wpscan" term is a registered trademark. This License does not grant the use of the "wpscan" trademark or the use of the WPScan logo.

README.md

@@ -4,16 +4,17 @@
 [![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
 [![Code Climate](https://img.shields.io/codeclimate/github/wpscanteam/wpscan.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
 [![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/wpscan.svg)](https://gemnasium.com/wpscanteam/wpscan)
+[![Docker Pulls](https://img.shields.io/docker/pulls/wpscanteam/wpscan.svg)](https://hub.docker.com/r/wpscanteam/wpscan/)
 
-#### LICENSE
+# LICENSE
 
-#### WPScan Public Source License
+## WPScan Public Source License
 
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2016 WPScan Team.
 
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 
-##### 1. Definitions
+### 1. Definitions
 
 1.1 "License" means this document.
 
@@ -21,7 +22,7 @@ Cases that include commercialization of WPScan require a commercial, non-free li
 
 1.3 "WPScan Team" means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
 
-##### 2. Commercialization
+### 2. Commercialization
 
 A commercial use is one intended for commercial advantage or monetary compensation.
 
@@ -44,7 +45,7 @@ We may grant commercial licenses at no monetary cost at our own discretion if th
 
 Free-use Terms and Conditions;
 
-##### 3. Redistribution
+### 3. Redistribution
 
 Redistribution is permitted under the following conditions:
 
@@ -52,35 +53,39 @@ Redistribution is permitted under the following conditions:
  - Unmodified Copyright notices are provided with WPScan.
  - Does not conflict with the commercialization clause.
 
-##### 4. Copying
+### 4. Copying
 
 Copying is permitted so long as it does not conflict with the Redistribution clause.
 
-##### 5. Modification
+### 5. Modification
 
 Modification is permitted so long as it does not conflict with the Redistribution clause.
 
-##### 6. Contributions
+### 6. Contributions
 
 Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.
 
-##### 7. Support
+### 7. Support
 
 WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.
 
-##### 8. Disclaimer of Warranty
+### 8. Disclaimer of Warranty
 
 WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
 
-##### 9. Limitation of Liability
+### 9. Limitation of Liability
 
 To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.
 
-##### 10. Disclaimer
+### 10. Disclaimer
 
 Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
 
-#### INSTALL
+### 11. Trademark
+
+The "wpscan" term is a registered trademark. This License does not grant the use of the "wpscan" trademark or the use of the WPScan logo.
+
+# INSTALL
 
 WPScan comes pre-installed on the following Linux distributions:
 
@@ -90,73 +95,49 @@ WPScan comes pre-installed on the following Linux distributions:
 - [SamuraiWTF](http://samurai.inguardians.com/)
 - [BlackArch](http://blackarch.org/)
 
-Prerequisites:
+Windows is not supported
 
-- Ruby >= 1.9.2 - Recommended: 2.2.3
+## Prerequisites
+
+- Ruby >= 2.1.9 - Recommended: 2.3.1
 - Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
 - RubyGems      - Recommended: latest
 - Git
 
-Windows is not supported.
+### Installing dependencies on Ubuntu
-If installed from Github update the code base with ```git pull```. The databases are updated with ```wpscan.rb --update```.
 
-####Installing on Ubuntu:
+    sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev
 
-Before Ubuntu 14.04:
+### Installing dependencies on Debian
 
-    sudo apt-get install libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
+    sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler && bundle install --without test
 
-From Ubuntu 14.04:
+### Installing dependencies on Fedora
 
-    sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev
+    sudo dnf install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler && bundle install --without test
 
-####Installing on Debian:
+### Installing dependencies on Arch Linux
-
-    sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler
-    bundle install --without test --path vendor/bundle
-
-####Installing on Fedora:
-
-    sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler && bundle install --without test
-
-####Installing on Archlinux:
 
     pacman -Syu ruby
     pacman -Syu libyaml
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler && bundle install --without test
-    gem install typhoeus
-    gem install nokogiri
 
-####Installing on Mac OSX:
+### Installing dependencies on Mac OSX
 
 Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See [http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error](http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error)
 
-    git clone https://github.com/wpscanteam/wpscan.git
+## Installing with RVM (recommended)
-    cd wpscan
-    sudo gem install bundler && sudo bundle install --without test
 
-####Installing with RVM:
+If you are using GNOME Terminal, there are some steps required before executing the commands. See here for more information:
+https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
 
+    # Install all prerequisites for your OS (look above)
     cd ~
+    curl -sSL https://rvm.io/mpapis.asc | gpg --import -
     curl -sSL https://get.rvm.io | bash -s stable
     source ~/.rvm/scripts/rvm
     echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
-    rvm install 2.2.3
+    rvm install 2.3.1
-    rvm use 2.2.3 --default
+    rvm use 2.3.1 --default
     echo "gem: --no-ri --no-rdoc" > ~/.gemrc
     gem install bundler
     git clone https://github.com/wpscanteam/wpscan.git
@@ -164,7 +145,26 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
     gem install bundler
     bundle install --without test
 
-#### KNOWN ISSUES
+## Installing manually (not recommended)
+
+    git clone https://github.com/wpscanteam/wpscan.git
+    cd wpscan
+    sudo gem install bundler && bundle install --without test
+
+# DOCKER
+Pull the repo with `docker pull wpscanteam/wpscan`
+
+## Start WPScan
+
+```
+docker run --rm wpscanteam/wpscan -u http://yourblog.com [options]
+```
+
+For the available Options, please see https://github.com/wpscanteam/wpscan#wpscan-arguments
+
+Published on https://hub.docker.com/r/wpscanteam/wpscan/
+
+# KNOWN ISSUES
 
   - Typhoeus segmentation fault
 
@@ -191,7 +191,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
 
       Then, open the directory of the readline gem (you have to locate it)
 
-        cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
+        cd ~/.rvm/src/ruby-XXXX/ext/readline
         ruby extconf.rb
         make
         make install
@@ -207,15 +207,12 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
 
       See [https://github.com/wpscanteam/wpscan/issues/148](https://github.com/wpscanteam/wpscan/issues/148)
 
-#### WPSCAN ARGUMENTS
+# WPSCAN ARGUMENTS
 
-    --update   Update the databases.
+    --update                            Update the database to the latest version.
-
+    --url       | -u <target url>       The WordPress URL/domain to scan.
-    --url   | -u <target url>  The WordPress URL/domain to scan.
+    --force     | -f                    Forces WPScan to not check if the remote site is running WordPress.
-
+    --enumerate | -e [option(s)]        Enumeration.
-    --force | -f Forces WPScan to not check if the remote site is running WordPress.
-
-    --enumerate | -e [option(s)]  Enumeration.
       option :
         u        usernames from id 1 to 10
         u[10-20] usernames from id 10 to 20 (you must write [] chars)
@@ -229,55 +226,44 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
       Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
       If no option is supplied, the default is "vt,tt,u,vp"
 
-    --exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
+    --exclude-content-based "<regexp or string>"
-                                                 You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
+                                        Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied.
+                                        You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).
+    --config-file  | -c <config file>   Use the specified config file, see the example.conf.json.
+    --user-agent   | -a <User-Agent>    Use the specified User-Agent.
+    --cookie <string>                   String to read cookies from.
+    --random-agent | -r                 Use a random User-Agent.
+    --follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not
+    --batch                             Never ask for user input, use the default behaviour.
+    --no-color                          Do not use colors in the output.
+    --log                               Creates a log.txt file with WPScan's output.
+    --no-banner                         Prevents the WPScan banner from being displayed.
+    --disable-accept-header             Prevents WPScan sending the Accept HTTP header.
+    --disable-referer                   Prevents setting the Referer header.
+    --disable-tls-checks                Disables SSL/TLS certificate verification.
+    --wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specify it.
+                                        Subdirectories are allowed.
+    --wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.
+                                        If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
+    --proxy <[protocol://]host:port>    Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported.
+                                        If no protocol is given (format host:port), HTTP will be used.
+    --proxy-auth <username:password>    Supply the proxy login credentials.
+    --basic-auth <username:password>    Set the HTTP Basic authentication.
+    --wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.
+    --username | -U <username>          Only brute force the supplied username.
+    --usernames     <path-to-file>      Only brute force the usernames from the file.
+    --cache-dir       <cache-directory> Set the cache directory.
+    --cache-ttl       <cache-ttl>       Typhoeus cache TTL.
+    --request-timeout <request-timeout> Request Timeout.
+    --connect-timeout <connect-timeout> Connect Timeout.
+    --threads  | -t <number of threads> The number of threads to use when multi-threading requests.
+    --max-threads     <max-threads>     Maximum Threads.
+    --throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.
+    --help     | -h                     This help screen.
+    --verbose  | -v                     Verbose output.
+    --version                           Output the current version and exit.
 
-    --config-file | -c <config file> Use the specified config file, see the example.conf.json
+# WPSCAN EXAMPLES
-
-    --user-agent | -a <User-Agent> Use the specified User-Agent
-
-    --random-agent | -r Use a random User-Agent
-
-    --follow-redirection  If the target url has a redirection, it will be followed without asking if you wanted to do so or not
-
-    --wp-content-dir <wp content dir>  WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
-
-    --wp-plugins-dir <wp plugins dir>  Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
-
-    --proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
-                                     HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
-
-    --proxy-auth <username:password>  Supply the proxy login credentials.
-
-    --basic-auth <username:password>  Set the HTTP Basic authentication.
-
-    --wordlist | -w <wordlist>  Supply a wordlist for the password brute forcer.
-
-    --threads  | -t <number of threads>  The number of threads to use when multi-threading requests.
-
-    --username | -U <username>  Only brute force the supplied username.
-
-    --usernames  <path-to-file>  Only brute force the usernames from the file.
-
-    --cache-ttl <cache-ttl>  Typhoeus cache TTL.
-
-    --request-timeout <request-timeout>  Request Timeout.
-
-    --connect-timeout <connect-timeout>  Connect Timeout.
-
-    --max-threads <max-threads>  Maximum Threads.
-
-    --help     | -h This help screen.
-
-    --verbose  | -v Verbose output.
-
-    --batch Never ask for user input, use the default behavior.
-
-    --no-color Do not use colors in the output.
-
-    --log Save STDOUT to log.txt
-
-#### WPSCAN EXAMPLES
 
 Do 'non-intrusive' checks...
 
@@ -311,26 +297,22 @@ Debug output...
 
 ```ruby wpscan.rb --url www.example.com --debug-output 2>debug.log```
 
-#### PROJECT HOME
+# PROJECT HOME
 
 [http://www.wpscan.org](http://www.wpscan.org)
 
-#### VULNERABILITY DATABASE
+# VULNERABILITY DATABASE
 
 [https://wpvulndb.com](https://wpvulndb.com)
 
-#### GIT REPOSITORY
+# GIT REPOSITORY
 
 [https://github.com/wpscanteam/wpscan](https://github.com/wpscanteam/wpscan)
 
-#### ISSUES
+# ISSUES
 
 [https://github.com/wpscanteam/wpscan/issues](https://github.com/wpscanteam/wpscan/issues)
 
-#### DEVELOPER DOCUMENTATION
+# DEVELOPER DOCUMENTATION
 
 [http://rdoc.info/github/wpscanteam/wpscan/frames](http://rdoc.info/github/wpscanteam/wpscan/frames)
-
-#### SPECIAL THANKS
-
-[RandomStorm](https://www.randomstorm.com)

dev/stats.rb

@@ -0,0 +1,19 @@
+#!/usr/bin/env ruby
+# encoding: UTF-8
+
+require File.expand_path(File.join(__dir__, '..', 'lib', 'wpscan', 'wpscan_helper'))
+
+wordpress_json = json(WORDPRESSES_FILE)
+plugins_json = json(PLUGINS_FILE)
+themes_json = json(THEMES_FILE)
+
+puts 'WPScan Database Statistics:'
+puts "* Total tracked wordpresses: #{wordpress_json.count}"
+puts "* Total tracked plugins: #{plugins_json.count}"
+puts "* Total tracked themes: #{themes_json.count}"
+puts "* Total vulnerable wordpresses: #{wordpress_json.select { |item| !wordpress_json[item]['vulnerabilities'].empty? }.count}"
+puts "* Total vulnerable plugins: #{plugins_json.select { |item| !plugins_json[item]['vulnerabilities'].empty? }.count}"
+puts "* Total vulnerable themes: #{themes_json.select { |item| !themes_json[item]['vulnerabilities'].empty? }.count}"
+puts "* Total wordpress vulnerabilities: #{wordpress_json.map {|k,v| v['vulnerabilities'].count}.inject(:+)}"
+puts "* Total plugin vulnerabilities: #{plugins_json.map {|k,v| v['vulnerabilities'].count}.inject(:+)}"
+puts "* Total theme vulnerabilities: #{themes_json.map {|k,v| v['vulnerabilities'].count}.inject(:+)}"

example.conf.json

@@ -2,8 +2,8 @@
   "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
 
     /* Uncomment the "proxy" line to use the proxy
-        SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
+       SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
-        If you do not specify the protocol, http will be used
+       If you do not specify the protocol, http will be used
     */
     //"proxy": "127.0.0.1:3128",
     //"proxy_auth": "username:password",

lib/common/browser.rb

@@ -18,7 +18,10 @@ class Browser
     :request_timeout,
     :connect_timeout,
     :cookie,
-    :throttle
+    :throttle,
+    :disable_accept_header,
+    :disable_referer,
+    :disable_tls_checks
   ]
 
   @@instance = nil
@@ -67,17 +70,23 @@ class Browser
     @@instance = nil
   end
 
+  # Override for setting the User-Agent
+  # @param [ String ] user_agent
+  def user_agent=(user_agent)
+    Typhoeus::Config.user_agent = user_agent
+  end
+
   #
   # sets browser default values
   #
   def browser_defaults
+    Typhoeus::Config.user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
     @max_threads     = 20
     # 10 minutes, at this time the cache is cleaned before each scan.
     # If this value is set to 0, the cache will be disabled
     @cache_ttl       = 600
     @request_timeout = 60 # 60s
     @connect_timeout = 10 # 10s
-    @user_agent      = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
     @throttle        = 0
   end
 
@@ -115,12 +124,6 @@ class Browser
   #
   # @return [ Hash ]
   def merge_request_params(params = {})
-    params = Browser.append_params_header_field(
-      params,
-      'User-Agent',
-      @user_agent
-    )
-
     if @proxy
       params.merge!(proxy: @proxy)
       params.merge!(proxyauth: @proxy_auth) if @proxy_auth
@@ -143,8 +146,8 @@ class Browser
     end
 
     params.merge!(referer: referer)
-    params.merge!(timeout: @request_timeout) if @request_timeout
+    params.merge!(timeout: @request_timeout) if @request_timeout && !params.key?(:timeout)
-    params.merge!(connecttimeout: @connect_timeout) if @connect_timeout
+    params.merge!(connecttimeout: @connect_timeout) if @connect_timeout && !params.key?(:connecttimeout)
 
     # Used to enable the cache system if :cache_ttl > 0
     params.merge!(cache_ttl: @cache_ttl) unless params.key?(:cache_ttl)
@@ -153,12 +156,18 @@ class Browser
     params.merge!(maxredirs: 3) unless params.key?(:maxredirs)
 
     # Disable SSL-Certificate checks
-    params.merge!(ssl_verifypeer: false)
+    if @disable_tls_checks
-    params.merge!(ssl_verifyhost: 0)
+      # Cert validity check
+      params.merge!(ssl_verifypeer: 0) unless params.key?(:ssl_verifypeer)
+      # Cert hostname check
+      params.merge!(ssl_verifyhost: 0) unless params.key?(:ssl_verifyhost)
+    end
 
     params.merge!(cookiejar: @cache_dir + '/cookie-jar')
     params.merge!(cookiefile: @cache_dir + '/cookie-jar')
     params.merge!(cookie: @cookie) if @cookie
+    params = Browser.remove_params_header_field(params, 'Accept') if @disable_accept_header
+    params = Browser.remove_params_header_field(params, 'Referer') if @disable_referer
 
     params
   end
@@ -178,4 +187,18 @@ class Browser
     end
     params
   end
+
+  # @param [ Hash ] params
+  # @param [ String ] field
+  # @param [ Mixed ] field_value
+  #
+  # @return [ Array ]
+  def self.remove_params_header_field(params = {}, field)
+    if !params.has_key?(:headers)
+      params = params.merge(:headers => { field => nil })
+    elsif !params[:headers].has_key?(field)
+      params[:headers][field] = nil
+    end
+    params
+  end
 end

lib/common/browser/options.rb

@@ -3,9 +3,8 @@
 class Browser
   module Options
 
-    attr_accessor :cache_ttl, :request_timeout, :connect_timeout
+    attr_accessor :request_timeout, :connect_timeout, :user_agent, :disable_accept_header, :disable_referer, :disable_tls_checks
-    attr_reader   :basic_auth, :proxy, :proxy_auth, :throttle
+    attr_reader   :basic_auth, :cache_ttl, :proxy, :proxy_auth, :throttle
-    attr_writer   :user_agent
 
     # Sets the Basic Authentification credentials
     # Accepted format:
@@ -25,6 +24,10 @@ class Browser
      end
     end
 
+    def cache_ttl=(ttl)
+      @cache_ttl = ttl.to_i
+    end
+
     # @return [ Integer ]
     def max_threads
       @max_threads || 1

lib/common/cache_file_store.rb

@@ -23,9 +23,7 @@ class CacheFileStore
     @storage_path = File.expand_path(File.join(storage_path, storage_dir))
     @serializer   = serializer
 
-    # File.directory? for ruby <= 1.9 otherwise,
+    unless Dir.exist?(@storage_path)
-    # it makes more sense to do Dir.exist? :/
-    unless File.directory?(@storage_path)
       FileUtils.mkdir_p(@storage_path)
     end
   end
@@ -51,7 +49,7 @@ class CacheFileStore
   end
 
   def write_entry(key, data_to_store, cache_ttl)
-    if cache_ttl > 0
+    if cache_ttl && cache_ttl > 0
       File.open(get_entry_file_path(key), 'w') do |f|
         begin
           f.write(@serializer.dump(data_to_store))

lib/common/collections/wp_items.rb

@@ -67,7 +67,7 @@ class WpItems < Array
   end
 
   protected
-  
+
   # @return [ Class ]
   def item_class
     Object.const_get(self.class.to_s.gsub(/.$/, ''))

lib/common/collections/wp_items/detectable.rb

@@ -95,6 +95,10 @@ class WpItems < Array
         code = tag.text.to_s
         next if code.empty?
 
+        if ! code.valid_encoding?
+          code = code.encode('UTF-16be', :invalid => :replace, :replace => '?').encode('UTF-8')
+        end
+
         code.scan(code_pattern(wp_target)).flatten.uniq.each do |item_name|
           names << item_name
         end
@@ -116,7 +120,7 @@ class WpItems < Array
       wp_content_dir = wp_target.wp_content_dir
       wp_content_url = wp_target.uri.merge(wp_content_dir).to_s
 
-      url = /#{wp_content_url.gsub(%r{\A(?:http|https)}, 'https?').gsub('/', '\\\\\?\/')}/i
+      url = wp_content_url.gsub(%r{\A(?:http|https)://}, '(?:https?:)?//').gsub('/', '\\\\\?\/')
       content_dir = %r{(?:#{url}|\\?\/\\?\/?#{wp_content_dir})}i
 
       %r{#{content_dir}\\?/#{type}\\?/}

lib/common/collections/wp_plugins.rb

@@ -1,8 +1,8 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'common/collections/wp_plugins/detectable'
+require 'common/collections/wp_plugins/detectable'
-
+
-class WpPlugins < WpItems
+class WpPlugins < WpItems
-  extend WpPlugins::Detectable
+  extend WpPlugins::Detectable
-
+
-end
+end

lib/common/collections/wp_plugins/detectable.rb

@@ -62,10 +62,14 @@ class WpPlugins < WpItems
         wp_plugins.add('all-in-one-seo-pack', version: $1)
       end
 
-      if body =~ /<!-- This site is optimized with the Yoast WordPress SEO plugin v([^\s]+) -/i
+      if body =~ /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([^\s]+) -/i
         wp_plugins.add('wordpress-seo', version: $1)
       end
 
+      if body =~ /<!-- Google Universal Analytics for WordPress v([^\s]+) -/i
+        wp_plugins.add('google-universal-analytics', version: $1)
+      end
+
       wp_plugins
     end
 

lib/common/collections/wp_themes.rb

@@ -1,8 +1,8 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'common/collections/wp_themes/detectable'
+require 'common/collections/wp_themes/detectable'
-
+
-class WpThemes < WpItems
+class WpThemes < WpItems
-  extend WpThemes::Detectable
+  extend WpThemes::Detectable
-
+
-end
+end

lib/common/collections/wp_timthumbs.rb

@@ -1,8 +1,8 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'common/collections/wp_timthumbs/detectable'
+require 'common/collections/wp_timthumbs/detectable'
-
+
-class WpTimthumbs < WpItems
+class WpTimthumbs < WpItems
-  extend WpTimthumbs::Detectable
+  extend WpTimthumbs::Detectable
-
+
-end
+end

lib/common/collections/wp_timthumbs/detectable.rb

@@ -41,7 +41,7 @@ class WpTimthumbs < WpItems
 
       %w{
         timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
-        scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+        scripts/timthumb.php tools/timthumb.php functions/timthumb.php thumb.php
       }.each do |path|
         wp_timthumb.path = "$wp-content$/themes/#{theme_name}/#{path}"
 

lib/common/collections/wp_users.rb

@@ -1,11 +1,11 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'common/collections/wp_users/detectable'
+require 'common/collections/wp_users/detectable'
-require 'common/collections/wp_users/output'
+require 'common/collections/wp_users/output'
-require 'common/collections/wp_users/brute_forcable'
+require 'common/collections/wp_users/brute_forcable'
-
+
-class WpUsers < WpItems
+class WpUsers < WpItems
-  extend WpUsers::Detectable
+  extend WpUsers::Detectable
-  include WpUsers::Output
+  include WpUsers::Output
-  include WpUsers::BruteForcable
+  include WpUsers::BruteForcable
-end
+end

lib/common/collections/wp_users/detectable.rb

@@ -1,34 +1,34 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpUsers < WpItems
+class WpUsers < WpItems
-  module Detectable
+  module Detectable
-
+
-    # @return [ Hash ]
+    # @return [ Hash ]
-    def request_params; {} end
+    def request_params; {} end
-
+
-    # No passive detection
+    # No passive detection
-    #
+    #
-    # @return [ WpUsers ]
+    # @return [ WpUsers ]
-    def passive_detection(wp_target, options = {})
+    def passive_detection(wp_target, options = {})
-      new
+      new
-    end
+    end
-
+
-    protected
+    protected
-
+
-    # @param [ WpTarget ] wp_target
+    # @param [ WpTarget ] wp_target
-    # @param [ Hash ] options
+    # @param [ Hash ] options
-    # @option options [ Range ] :range ((1..10))
+    # @option options [ Range ] :range ((1..10))
-    #
+    #
-    # @return [ Array<WpUser> ]
+    # @return [ Array<WpUser> ]
-    def targets_items(wp_target, options = {})
+    def targets_items(wp_target, options = {})
-      range   = options[:range] || (1..10)
+      range   = options[:range] || (1..10)
-      targets = []
+      targets = []
-
+
-      range.each do |user_id|
+      range.each do |user_id|
-        targets << WpUser.new(wp_target.uri, id: user_id)
+        targets << WpUser.new(wp_target.uri, id: user_id)
-      end
+      end
-      targets
+      targets
-    end
+    end
-
+
-  end
+  end
-end
+end

lib/common/common_helper.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-LIB_DIR              = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+LIB_DIR              = File.expand_path(File.join(__dir__, '..'))
 ROOT_DIR             = File.expand_path(File.join(LIB_DIR, '..')) # expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
 DATA_DIR             = File.join(ROOT_DIR, 'data')
 CONF_DIR             = File.join(ROOT_DIR, 'conf')
@@ -28,7 +28,9 @@ LOCAL_FILES_XSD   = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
 USER_AGENTS_FILE  = File.join(DATA_DIR, 'user-agents.txt')
 LAST_UPDATE_FILE  = File.join(DATA_DIR, '.last_update')
 
-WPSCAN_VERSION       = '2.9'
+MIN_RUBY_VERSION = '2.1.9'
+
+WPSCAN_VERSION = '2.9.2'
 
 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -42,6 +44,11 @@ def kali_linux?
   end
 end
 
+# Determins if installed on Windows OS
+def windows?
+  Gem.win_platform?
+end
+
 require 'environment'
 
 def escape_glob(s)
@@ -144,7 +151,7 @@ def banner
   puts '_______________________________________________________________'
   puts '        __          _______   _____                  '
   puts '        \\ \\        / /  __ \\ / ____|                 '
-  puts '         \\ \\  /\\  / /| |__) | (___   ___  __ _ _ __  '
+  puts '         \\ \\  /\\  / /| |__) | (___   ___  __ _ _ __ ®'
   puts '          \\ \\/  \\/ / |  ___/ \\___ \\ / __|/ _` | \'_ \\ '
   puts '           \\  /\\  /  | |     ____) | (__| (_| | | | |'
   puts '            \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_|'
@@ -223,7 +230,11 @@ end
 #
 # @return [ Integer ] The number of lines in the given file
 def count_file_lines(file)
-  `wc -l #{file.shellescape}`.split[0].to_i
+  if windows?
+    `findstr /R /N "^" #{file.shellescape} | find /C ":"`.split[0].to_i
+  else
+    `wc -l #{file.shellescape}`.split[0].to_i
+  end
 end
 
 # Truncates a string to a specific length and adds ... at the end
@@ -257,3 +268,7 @@ end
 def directory_listing_enabled?(url)
   Browser.get(url.to_s).body[%r{<title>Index of}] ? true : false
 end
+
+def url_encode(str)
+  CGI.escape(str).gsub("+", "%20")
+end

lib/common/db_updater.rb

@@ -22,13 +22,15 @@ class DbUpdater
     {
       ssl_verifyhost: 2,
       ssl_verifypeer: true,
-      accept_encoding: 'gzip, deflate'
+      accept_encoding: 'gzip, deflate',
+      timeout: 300,
+      connecttimeout: 20
     }
   end
 
   # @return [ String ] The raw file URL associated with the given filename
   def remote_file_url(filename)
-    "https://wpvulndb.com/data/#{filename}"
+    "https://data.wpscan.org/#{filename}"
   end
 
   # @return [ String ] The checksum of the associated remote filename
@@ -99,7 +101,7 @@ class DbUpdater
         puts "  [i] Database File Checksum  : #{db_checksum}" if verbose
 
         unless dl_checksum == db_checksum
-          fail "#{filename}: checksums do not match"
+          raise ChecksumError.new(File.read(local_file_path(filename))), "#{filename}: checksums do not match (local: #{dl_checksum} remote: #{db_checksum})"
         end
       rescue => e
         puts '  [i] Restoring Backup due to error' if verbose

lib/common/errors.rb

@@ -31,3 +31,11 @@ class DownloadError < HttpError
     "Unable to get #{failure_details}"
   end
 end
+
+class ChecksumError < StandardError
+  attr_reader :file
+
+  def initialize(file)
+    @file = file
+  end
+end

lib/common/hacks.rb

@@ -1,35 +1,5 @@
 # encoding: UTF-8
 
-# Since ruby 1.9.2, URI::escape is obsolete
-# See http://rosettacode.org/wiki/URL_encoding#Ruby and http://www.ruby-forum.com/topic/207489
-if RUBY_VERSION >= '1.9.2'
-  module URI
-    extend self
-
-    def escape(str)
-      URI::Parser.new.escape(str)
-    end
-    alias :encode :escape
-
-  end
-end
-
-if RUBY_VERSION < '1.9'
-  class Array
-    # Fix for grep with symbols in ruby <= 1.8.7
-    def _grep_(regexp)
-      matches = []
-      self.each do |value|
-        value = value.to_s
-        matches << value if value.match(regexp)
-      end
-      matches
-    end
-
-    alias_method :grep, :_grep_
-  end
-end
-
 # This is used in WpItem::Existable
 module Typhoeus
   class Response
@@ -57,52 +27,11 @@ def puts(o = '')
   super(o)
 end
 
-module Terminal
-  class Table
-    def render
-      separator = Separator.new(self)
-      buffer = [separator]
-      unless @title.nil?
-        buffer << Row.new(self, [title_cell_options])
-        buffer << separator
-      end
-      unless @headings.cells.empty?
-        buffer << @headings
-        buffer << separator
-      end
-      buffer += @rows
-      buffer << separator
-      buffer.map { |r| style.margin_left + r.render }.join("\n")
-    end
-    alias :to_s :render
-
-    class Style
-      @@defaults = {
-        :border_x => '-', :border_y => '|', :border_i => '+',
-        :padding_left => 1, :padding_right => 1,
-        :margin_left => '',
-        :width => nil, :alignment => nil
-      }
-
-      attr_accessor :margin_left
-      attr_accessor :border_x
-      attr_accessor :border_y
-      attr_accessor :border_i
-
-      attr_accessor :padding_left
-      attr_accessor :padding_right
-
-      attr_accessor :width
-      attr_accessor :alignment
-    end
-  end
-end
-
 class Numeric
   def bytes_to_human
     units = %w{B KB MB GB TB}
-    e = (Math.log(self)/Math.log(1024)).floor
+    e = (Math.log(abs)/Math.log(1024)).floor
-    s = '%.3f' % (to_f / 1024**e)
+    s = '%.3f' % (abs.to_f / 1024**e)
     s.sub(/\.?0*$/, ' ' + units[e])
   end
 end

lib/common/models/vulnerability.rb

@@ -1,62 +1,62 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'vulnerability/output'
+require 'vulnerability/output'
-require 'vulnerability/urls'
+require 'vulnerability/urls'
-
+
-class Vulnerability
+class Vulnerability
-  include Vulnerability::Output
+  include Vulnerability::Output
-  include Vulnerability::Urls
+  include Vulnerability::Urls
-
+
-  attr_accessor :title, :references, :type, :fixed_in
+  attr_accessor :title, :references, :type, :fixed_in
-
+
-  #
+  #
-  # @param [ String ] title The title of the vulnerability
+  # @param [ String ] title The title of the vulnerability
-  # @param [ String ] type  The type of the vulnerability
+  # @param [ String ] type  The type of the vulnerability
-  # @param [ Hash ] references References
+  # @param [ Hash ] references References
-  # @param [ String ] fixed_in  Vuln fixed in Version X
+  # @param [ String ] fixed_in  Vuln fixed in Version X
-  #
+  #
-  # @return [ Vulnerability ]
+  # @return [ Vulnerability ]
-  def initialize(title, type, references = {}, fixed_in = '')
+  def initialize(title, type, references = {}, fixed_in = '')
-    @title              = title
+    @title              = title
-    @type               = type
+    @type               = type
-    @references         = references
+    @references         = references
-    @fixed_in           = fixed_in
+    @fixed_in           = fixed_in
-  end
+  end
-
+
-  # @param [ Vulnerability ] other
+  # @param [ Vulnerability ] other
-  #
+  #
-  # @return [ Boolean ]
+  # @return [ Boolean ]
-  # :nocov:
+  # :nocov:
-  def ==(other)
+  def ==(other)
-    title == other.title &&
+    title == other.title &&
-        type == other.type &&
+        type == other.type &&
-        references == other.references &&
+        references == other.references &&
-        fixed_in == other.fixed_in
+        fixed_in == other.fixed_in
-  end
+  end
-  # :nocov:
+  # :nocov:
-
+
-  # Create the Vulnerability from the json_item
+  # Create the Vulnerability from the json_item
-  #
+  #
-  # @param [ Hash ] json_item
+  # @param [ Hash ] json_item
-  #
+  #
-  # @return [ Vulnerability ]
+  # @return [ Vulnerability ]
-  def self.load_from_json_item(json_item)
+  def self.load_from_json_item(json_item)
-    references = {}
+    references = {}
-    references['id'] = [json_item['id']]
+    references['id'] = [json_item['id']]
-
+
-    %w(url cve secunia osvdb metasploit exploitdb).each do |key|
+    %w(url cve secunia osvdb metasploit exploitdb).each do |key|
-      if json_item['references'][key]
+      if json_item['references'][key]
-        json_item['references'][key] = [json_item['references'][key]] if json_item['references'][key].class != Array
+        json_item['references'][key] = [json_item['references'][key]] if json_item['references'][key].class != Array
-        references[key] = json_item['references'][key]
+        references[key] = json_item['references'][key]
-      end
+      end
-    end
+    end
-
+
-    new(
+    new(
-      json_item['title'],
+      json_item['title'],
-      json_item['type'],
+      json_item['type'],
-      references,
+      references,
-      json_item['fixed_in']
+      json_item['fixed_in']
-    )
+    )
-  end
+  end
-
+
-end
+end

lib/common/models/wp_item.rb

@@ -1,123 +1,121 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'wp_item/findable'
+require 'wp_item/findable'
-require 'wp_item/versionable'
+require 'wp_item/versionable'
-require 'wp_item/vulnerable'
+require 'wp_item/vulnerable'
-require 'wp_item/existable'
+require 'wp_item/existable'
-require 'wp_item/infos'
+require 'wp_item/infos'
-require 'wp_item/output'
+require 'wp_item/output'
-
+
-class WpItem
+class WpItem
-
+
-  extend  WpItem::Findable
+  extend  WpItem::Findable
-  include WpItem::Versionable
+  include WpItem::Versionable
-  include WpItem::Vulnerable
+  include WpItem::Vulnerable
-  include WpItem::Existable
+  include WpItem::Existable
-  include WpItem::Infos
+  include WpItem::Infos
-  include WpItem::Output
+  include WpItem::Output
-
+
-  attr_reader   :path
+  attr_reader   :path
-  attr_accessor :name, :wp_content_dir, :wp_plugins_dir
+  attr_accessor :name, :wp_content_dir, :wp_plugins_dir
-
+
-  # @return [ Array ]
+  # @return [ Array ]
-  # Make it private ?
+  # Make it private ?
-  def allowed_options
+  def allowed_options
-    [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :db_file]
+    [:name, :wp_content_dir, :wp_plugins_dir, :path, :version, :db_file]
-  end
+  end
-
+
-  # @param [ URI ] target_base_uri
+  # @param [ URI ] target_base_uri
-  # @param [ Hash ] options See allowed_option
+  # @param [ Hash ] options See allowed_option
-  #
+  #
-  # @return [ WpItem ]
+  # @return [ WpItem ]
-  def initialize(target_base_uri, options = {})
+  def initialize(target_base_uri, options = {})
-    options[:wp_content_dir] ||= 'wp-content'
+    options[:wp_content_dir] ||= 'wp-content'
-    options[:wp_plugins_dir] ||= options[:wp_content_dir] + '/plugins'
+    options[:wp_plugins_dir] ||= options[:wp_content_dir] + '/plugins'
-
+
-    set_options(options)
+    set_options(options)
-    forge_uri(target_base_uri)
+    forge_uri(target_base_uri)
-  end
+  end
-
+
-  def identifier
+  def identifier
-    @identifier ||= name
+    @identifier ||= name
-  end
+  end
-
+
-  # @return [ Hash ]
+  # @return [ Hash ]
-  def db_data
+  def db_data
-    @db_data ||= json(db_file)[identifier] || {}
+    @db_data ||= json(db_file)[identifier] || {}
-  end
+  end
-
+
-  def latest_version
+  def latest_version
-    db_data['latest_version']
+    db_data['latest_version']
-  end
+  end
-
+
-  def last_updated
+  def last_updated
-    db_data['last_ipdated']
+    db_data['last_ipdated']
-  end
+  end
-
+
-  def popular?
+  def popular?
-    db_data['popular']
+    db_data['popular']
-  end
+  end
-
+
-  # @param [ Hash ] options
+  # @param [ Hash ] options
-  #
+  #
-  # @return [ void ]
+  # @return [ void ]
-  def set_options(options)
+  def set_options(options)
-    allowed_options.each do |allowed_option|
+    allowed_options.each do |allowed_option|
-      if options.has_key?(allowed_option)
+      if options.has_key?(allowed_option)
-        method = :"#{allowed_option}="
+        method = :"#{allowed_option}="
-
+
-        if self.respond_to?(method)
+        if self.respond_to?(method)
-          self.send(method, options[allowed_option])
+          self.send(method, options[allowed_option])
-        else
+        else
-          raise "#{self.class} does not respond to #{method}"
+          raise "#{self.class} does not respond to #{method}"
-        end
+        end
-      end
+      end
-    end
+    end
-  end
+  end
-  private :set_options
+  private :set_options
-
+
-  # @param [ URI ] target_base_uri
+  # @param [ URI ] target_base_uri
-  #
+  #
-  # @return [ void ]
+  # @return [ void ]
-  def forge_uri(target_base_uri)
+  def forge_uri(target_base_uri)
-    @uri = target_base_uri
+    @uri = target_base_uri
-  end
+  end
-
+
-  # @return [ URI ] The uri to the WpItem, with the path if present
+  # @return [ URI ] The uri to the WpItem, with the path if present
-  def uri
+  def uri
-    path ? @uri.merge(path) : @uri
+    path ? @uri.merge(path) : @uri
-  end
+  end
-
+
-  # @return [ String ] The url to the WpItem
+  # @return [ String ] The url to the WpItem
-  def url; uri.to_s end
+  def url; uri.to_s end
-
+
-  # Sets the path
+  # Sets the path
-  #
+  #
-  # Variable, such as $wp-plugins$ and $wp-content$ can be used
+  # Variable, such as $wp-plugins$ and $wp-content$ can be used
-  # and will be replace by their value
+  # and will be replace by their value
-  #
+  #
-  # @param [ String ] path
+  # @param [ String ] path
-  #
+  #
-  # @return [ void ]
+  # @return [ void ]
-  def path=(path)
+  def path=(path)
-    @path = URI.encode(
+    @path = path.gsub(/\$wp-plugins\$/i, wp_plugins_dir).gsub(/\$wp-content\$/i, wp_content_dir)
-      path.gsub(/\$wp-plugins\$/i, wp_plugins_dir).gsub(/\$wp-content\$/i, wp_content_dir)
+  end
-    )
+
-  end
+  # @param [ WpItem ] other
-
+  def <=>(other)
-  # @param [ WpItem ] other
+    name <=> other.name
-  def <=>(other)
+  end
-    name <=> other.name
+
-  end
+  # @param [ WpItem ] other
-
+  def ==(other)
-  # @param [ WpItem ] other
+    name === other.name
-  def ==(other)
+  end
-    name === other.name
+
-  end
+  # @param [ WpItem ] other
-
+  def ===(other)
-  # @param [ WpItem ] other
+    self == other && version === other.version
-  def ===(other)
+  end
-    self == other && version === other.version
+
-  end
+end
-
-end

lib/common/models/wp_item/existable.rb

@@ -1,50 +1,50 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpItem
+class WpItem
-  module Existable
+  module Existable
-
+
-    # Check the existence of the WpItem
+    # Check the existence of the WpItem
-    # If the response is supplied, it's used for the verification
+    # If the response is supplied, it's used for the verification
-    # Otherwise a new request is done
+    # Otherwise a new request is done
-    #
+    #
-    # @param [ Hash ] options See exists_from_response?
+    # @param [ Hash ] options See exists_from_response?
-    # @param [ Typhoeus::Response ] response
+    # @param [ Typhoeus::Response ] response
-    #
+    #
-    # @return [ Boolean ]
+    # @return [ Boolean ]
-    def exists?(options = {}, response = nil)
+    def exists?(options = {}, response = nil)
-      unless response
+      unless response
-        response = Browser.get(url)
+        response = Browser.get(url)
-      end
+      end
-      exists_from_response?(response, options)
+      exists_from_response?(response, options)
-    end
+    end
-
+
-    protected
+    protected
-
+
-    # @param [ Typhoeus::Response ] response
+    # @param [ Typhoeus::Response ] response
-    # @param [ options ] options
+    # @param [ options ] options
-    #
+    #
-    # @option options [ Hash ] :error_404_hash  The hash of the error 404 page
+    # @option options [ Hash ] :error_404_hash  The hash of the error 404 page
-    # @option options [ Hash ] :homepage_hash   The hash of the homepage
+    # @option options [ Hash ] :homepage_hash   The hash of the homepage
-    # @option options [ Hash ] :exclude_content A regexp with the pattern to exclude from the body of the response
+    # @option options [ Hash ] :exclude_content A regexp with the pattern to exclude from the body of the response
-    #
+    #
-    # @return [ Boolean ]
+    # @return [ Boolean ]
-    def exists_from_response?(response, options = {})
+    def exists_from_response?(response, options = {})
-      # 301 included as some items do a self-redirect
+      # 301 included as some items do a self-redirect
-      # Redirects to the 404 and homepage should be ignored (unless dynamic content is used)
+      # Redirects to the 404 and homepage should be ignored (unless dynamic content is used)
-      # by the page hashes (error_404_hash & homepage_hash)
+      # by the page hashes (error_404_hash & homepage_hash)
-      if [200, 401, 403, 301].include?(response.code)
+      if [200, 401, 403, 301].include?(response.code)
-        if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash])
+        if response.has_valid_hash?(options[:error_404_hash], options[:homepage_hash])
-          if options[:exclude_content]
+          if options[:exclude_content]
-            unless response.body.match(options[:exclude_content])
+            unless response.body.match(options[:exclude_content])
-              return true
+              return true
-            end
+            end
-          else
+          else
-            return true
+            return true
-          end
+          end
-        end
+        end
-      end
+      end
-      false
+      false
-    end
+    end
-
+
-  end
+  end
-end
+end

lib/common/models/wp_item/findable.rb

@@ -1,19 +1,18 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpItem
+class WpItem
-  attr_reader :found_from
+  attr_reader :found_from
-
+
-  # Sets the found_from attribute
+  # Sets the found_from attribute
-  #
+  #
-  # @param [ String ] method The method which found the WpItem
+  # @param [ String ] method The method which found the WpItem
-  #
+  #
-  # @return [ void ]
+  # @return [ void ]
-  def found_from=(method)
+  def found_from=(method)
-    found       = method[%r{find_from_(.*)}, 1]
+    @found_from = method.to_s.gsub(/find_from_/, '').gsub(/_/, ' ')
-    @found_from = found.gsub('_', ' ') if found
+  end
-  end
+
-
+  module Findable
-  module Findable
+
-
+  end
-  end
+end
-end

lib/common/models/wp_item/vulnerable.rb

@@ -1,44 +1,44 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpItem
+class WpItem
-  module Vulnerable
+  module Vulnerable
-    attr_accessor :db_file, :identifier
+    attr_accessor :db_file, :identifier
-
+
-    # Get the vulnerabilities associated to the WpItem
+    # Get the vulnerabilities associated to the WpItem
-    # Filters out already fixed vulnerabilities
+    # Filters out already fixed vulnerabilities
-    #
+    #
-    # @return [ Vulnerabilities ]
+    # @return [ Vulnerabilities ]
-    def vulnerabilities
+    def vulnerabilities
-      return @vulnerabilities if @vulnerabilities
+      return @vulnerabilities if @vulnerabilities
-
+
-      @vulnerabilities = Vulnerabilities.new
+      @vulnerabilities = Vulnerabilities.new
-
+
-      [*db_data['vulnerabilities']].each do |vulnerability|
+      [*db_data['vulnerabilities']].each do |vulnerability|
-        vulnerability = Vulnerability.load_from_json_item(vulnerability)
+        vulnerability = Vulnerability.load_from_json_item(vulnerability)
-        @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
+        @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
-      end
+      end
-
+
-      @vulnerabilities
+      @vulnerabilities
-    end
+    end
-
+
-    def vulnerable?
+    def vulnerable?
-      vulnerabilities.empty? ? false : true
+      vulnerabilities.empty? ? false : true
-    end
+    end
-
+
-    # Checks if a item is vulnerable to a specific vulnerability
+    # Checks if a item is vulnerable to a specific vulnerability
-    #
+    #
-    # @param [ Vulnerability ] vuln Vulnerability to check the item against
+    # @param [ Vulnerability ] vuln Vulnerability to check the item against
-    #
+    #
-    # @return [ Boolean ]
+    # @return [ Boolean ]
-    def vulnerable_to?(vuln)
+    def vulnerable_to?(vuln)
-      if version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
+      if version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
-        unless VersionCompare::lesser_or_equal?(vuln.fixed_in, version)
+        unless VersionCompare::lesser_or_equal?(vuln.fixed_in, version)
-          return true
+          return true
-        end
+        end
-      else
+      else
-        return true
+        return true
-      end
+      end
-      return false
+      return false
-    end
+    end
-  end
+  end
-end
+end

lib/common/models/wp_plugin.rb

@@ -1,16 +1,16 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpPlugin < WpItem
+class WpPlugin < WpItem
-  # Sets the @uri
+  # Sets the @uri
-  #
+  #
-  # @param [ URI ] target_base_uri The URI of the wordpress blog
+  # @param [ URI ] target_base_uri The URI of the wordpress blog
-  #
+  #
-  # @return [ void ]
+  # @return [ void ]
-  def forge_uri(target_base_uri)
+  def forge_uri(target_base_uri)
-    @uri = target_base_uri.merge(URI.encode(wp_plugins_dir + '/' + name + '/'))
+    @uri = target_base_uri.merge("#{wp_plugins_dir}/#{url_encode(name)}/")
-  end
+  end
-
+
-  def db_file
+  def db_file
-    @db_file ||= PLUGINS_FILE
+    @db_file ||= PLUGINS_FILE
-  end
+  end
-end
+end

lib/common/models/wp_theme.rb

@@ -1,37 +1,37 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'wp_theme/findable'
+require 'wp_theme/findable'
-require 'wp_theme/versionable'
+require 'wp_theme/versionable'
-require 'wp_theme/info'
+require 'wp_theme/info'
-require 'wp_theme/output'
+require 'wp_theme/output'
-require 'wp_theme/childtheme'
+require 'wp_theme/childtheme'
-
+
-class WpTheme < WpItem
+class WpTheme < WpItem
-  extend WpTheme::Findable
+  extend WpTheme::Findable
-  include WpTheme::Versionable
+  include WpTheme::Versionable
-  include WpTheme::Info
+  include WpTheme::Info
-  include WpTheme::Output
+  include WpTheme::Output
-  include WpTheme::Childtheme
+  include WpTheme::Childtheme
-
+
-  attr_accessor :referenced_url
+  attr_accessor :referenced_url
-
+
-  def allowed_options; super << :referenced_url end
+  def allowed_options; super << :referenced_url end
-
+
-  # Sets the @uri
+  # Sets the @uri
-  #
+  #
-  # @param [ URI ] target_base_uri The URI of the wordpress blog
+  # @param [ URI ] target_base_uri The URI of the wordpress blog
-  #
+  #
-  # @return [ void ]
+  # @return [ void ]
-  def forge_uri(target_base_uri)
+  def forge_uri(target_base_uri)
-    @uri = target_base_uri.merge(URI.encode(wp_content_dir + '/themes/' + name + '/'))
+    @uri = target_base_uri.merge("#{wp_content_dir}/themes/#{url_encode(name)}/")
-  end
+  end
-
+
-  # @return [ String ] The url to the theme stylesheet
+  # @return [ String ] The url to the theme stylesheet
-  def style_url
+  def style_url
-    @uri.merge('style.css').to_s
+    @uri.merge('style.css').to_s
-  end
+  end
-
+
-  def db_file
+  def db_file
-    @db_file ||= THEMES_FILE
+    @db_file ||= THEMES_FILE
-  end
+  end
-end
+end

lib/common/models/wp_theme/findable.rb

@@ -1,64 +1,64 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpTheme < WpItem
+class WpTheme < WpItem
-  module Findable
+  module Findable
-
+
-    # Find the main theme of the blog
+    # Find the main theme of the blog
-    #
+    #
-    # @param [ URI ] target_uri
+    # @param [ URI ] target_uri
-    #
+    #
-    # @return [ WpTheme ]
+    # @return [ WpTheme ]
-    def find(target_uri)
+    def find(target_uri)
-      methods.grep(/^find_from_/).each do |method|
+      methods.grep(/^find_from_/).each do |method|
-        if wp_theme = self.send(method, target_uri)
+        if wp_theme = self.send(method, target_uri)
-          wp_theme.found_from = method
+          wp_theme.found_from = method.to_s
-
+
-          return wp_theme
+          return wp_theme
-        end
+        end
-      end
+      end
-      nil
+      nil
-    end
+    end
-
+
-    protected
+    protected
-
+
-    # Discover the wordpress theme by parsing the css link rel
+    # Discover the wordpress theme by parsing the css link rel
-    #
+    #
-    # @param [ URI ] target_uri
+    # @param [ URI ] target_uri
-    #
+    #
-    # @return [ WpTheme ]
+    # @return [ WpTheme ]
-    def find_from_css_link(target_uri)
+    def find_from_css_link(target_uri)
-      response = Browser.get_and_follow_location(target_uri.to_s)
+      response = Browser.get_and_follow_location(target_uri.to_s)
-
+
-      # https + domain is optional because of relative links
+      # https + domain is optional because of relative links
-      return unless response.body =~ %r{(?:https?://[^"']+/)?([^/\s]+)/themes/([^"'/]+)[^"']*/style.css}i
+      return unless response.body =~ %r{(?:https?://[^"']+/)?([^/\s]+)/themes/([^"'/]+)[^"']*/style.css}i
-
+
-      new(
+      new(
-        target_uri,
+        target_uri,
-        name:           Regexp.last_match[2],
+        name:           Regexp.last_match[2],
-        referenced_url: Regexp.last_match[0],
+        referenced_url: Regexp.last_match[0],
-        wp_content_dir: Regexp.last_match[1]
+        wp_content_dir: Regexp.last_match[1]
-      )
+      )
-    end
+    end
-
+
-    # @param [ URI ] target_uri
+    # @param [ URI ] target_uri
-    #
+    #
-    # @return [ WpTheme ]
+    # @return [ WpTheme ]
-    def find_from_wooframework(target_uri)
+    def find_from_wooframework(target_uri)
-      body = Browser.get(target_uri.to_s).body
+      body = Browser.get(target_uri.to_s).body
-      regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}
+      regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}
-
+
-      if matches = regexp.match(body)
+      if matches = regexp.match(body)
-        woo_theme_name = matches[1]
+        woo_theme_name = matches[1]
-        woo_theme_version = matches[2]
+        woo_theme_version = matches[2]
-        #woo_framework_version = matches[3] # Not used at this time
+        #woo_framework_version = matches[3] # Not used at this time
-
+
-        return new(
+        return new(
-          target_uri,
+          target_uri,
-          name:    woo_theme_name,
+          name:    woo_theme_name,
-          version: woo_theme_version
+          version: woo_theme_version
-        )
+        )
-      end
+      end
-    end
+    end
-
+
-  end
+  end
-end
+end

lib/common/models/wp_theme/output.rb

@@ -6,13 +6,13 @@ class WpTheme
     # @return [ Void ]
     def additional_output(verbose = false)
       parse_style
-      
+
       theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
       puts " |  Style URL: #{style_url}"
       puts " |  Referenced style.css: #{referenced_url}" if referenced_url && referenced_url != style_url
       puts " |  Theme Name: #{@theme_name}" if @theme_name
       puts " |  Theme URI: #{@theme_uri}" if @theme_uri
-      puts " |  Description: #{theme_desc}"
+      puts " |  Description: #{theme_desc}" if theme_desc
       puts " |  Author: #{@theme_author}" if @theme_author
       puts " |  Author URI: #{@theme_author_uri}" if @theme_author_uri
       puts " |  Template: #{@theme_template}" if @theme_template and verbose

lib/common/models/wp_theme/versionable.rb

@@ -1,9 +1,9 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpTheme < WpItem
+class WpTheme < WpItem
-  module Versionable
+  module Versionable
-    def version
+    def version
-      @version ||= Browser.get(style_url).body[%r{Version:\s*(?!trunk)([0-9a-z\.-]+)}i, 1]
+      @version ||= Browser.get(style_url).body[%r{Version:\s*(?!trunk)([0-9a-z\.-]+)}i, 1]
-    end
+    end
-  end
+  end
-end
+end

lib/common/models/wp_timthumb.rb

@@ -1,20 +1,20 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'wp_timthumb/versionable'
+require 'wp_timthumb/versionable'
-require 'wp_timthumb/existable'
+require 'wp_timthumb/existable'
-require 'wp_timthumb/output'
+require 'wp_timthumb/output'
-require 'wp_timthumb/vulnerable'
+require 'wp_timthumb/vulnerable'
-
+
-class WpTimthumb < WpItem
+class WpTimthumb < WpItem
-  include WpTimthumb::Versionable
+  include WpTimthumb::Versionable
-  include WpTimthumb::Existable
+  include WpTimthumb::Existable
-  include WpTimthumb::Output
+  include WpTimthumb::Output
-  include WpTimthumb::Vulnerable
+  include WpTimthumb::Vulnerable
-
+
-  # @param [ WpTimthumb ] other
+  # @param [ WpTimthumb ] other
-  #
+  #
-  # @return [ Boolean ]
+  # @return [ Boolean ]
-  def ==(other)
+  def ==(other)
-    url == other.url
+    url == other.url
-  end
+  end
-end
+end

lib/common/models/wp_timthumb/versionable.rb

@@ -1,24 +1,24 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpTimthumb < WpItem
+class WpTimthumb < WpItem
-  module Versionable
+  module Versionable
-
+
-    # Get the version from the body of an invalid request
+    # Get the version from the body of an invalid request
-    # See https://code.google.com/p/timthumb/source/browse/trunk/timthumb.php#426
+    # See https://code.google.com/p/timthumb/source/browse/trunk/timthumb.php#426
-    #
+    #
-    # @return [ String ] The version
+    # @return [ String ] The version
-    def version
+    def version
-      unless @version
+      unless @version
-        response = Browser.get(url)
+        response = Browser.get(url)
-        @version = response.body[%r{TimThumb version\s*: ([^<]+)} , 1]
+        @version = response.body[%r{TimThumb version\s*: ([^<]+)} , 1]
-      end
+      end
-      @version
+      @version
-    end
+    end
-
+
-    # @return [ String ]
+    # @return [ String ]
-    def to_s
+    def to_s
-      "#{url}#{ ' v' + version if version}"
+      "#{url}#{ ' v' + version if version}"
-    end
+    end
-
+
-  end
+  end
-end
+end

lib/common/models/wp_user/brute_forcable.rb

@@ -3,6 +3,8 @@
 class WpUser < WpItem
   module BruteForcable
 
+    attr_reader :progress_bar
+
     # Brute force the user with the wordlist supplied
     #
     # It can take a long time to queue 2 million requests,
@@ -25,7 +27,8 @@ class WpUser < WpItem
       hydra        = browser.hydra
       queue_count  = 0
       found        = false
-      progress_bar = self.progress_bar(count_file_lines(wordlist)+1, options)
+
+      create_progress_bar(count_file_lines(wordlist)+1, options)
 
       File.open(wordlist).each do |password|
         password.chomp!
@@ -42,7 +45,7 @@ class WpUser < WpItem
         request.on_complete do |response|
           progress_bar.progress += 1 if options[:show_progression] && !found
 
-          puts "\n  Trying Username : #{login} Password : #{password}" if options[:verbose]
+          progress_bar.log("  Trying Username: #{login} Password: #{password}") if options[:verbose]
 
           if valid_password?(response, password, redirect_url, options)
             found         = true
@@ -57,7 +60,7 @@ class WpUser < WpItem
         if queue_count >= browser.max_threads
           hydra.run
           queue_count = 0
-          puts "Sent #{browser.max_threads} requests ..." if options[:verbose]
+          progress_bar.log("  Sent #{browser.max_threads} request/s ...") if options[:verbose]
         end
       end
 
@@ -71,9 +74,9 @@ class WpUser < WpItem
     #
     # @return [ ProgressBar ]
     # :nocov:
-    def progress_bar(passwords_size, options)
+    def create_progress_bar(passwords_size, options)
       if options[:show_progression]
-        ProgressBar.create(
+        @progress_bar = ProgressBar.create(
           format: '%t %a <%B> (%c / %C) %P%% %e',
           title: "  Brute Forcing '#{login}'",
           total: passwords_size
@@ -107,20 +110,20 @@ class WpUser < WpItem
         progression = "#{info('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
         valid       = true
       elsif response.body =~ /login_error/i
-        verbose = "\n  Incorrect login and/or password."
+        verbose = "Incorrect login and/or password."
       elsif response.timed_out?
         progression = critical('ERROR: Request timed out.')
       elsif response.code == 0
         progression = critical("ERROR: No response from remote server. WAF/IPS? (#{response.return_message})")
       elsif response.code.to_s =~ /^50/
-        progression = critical('ERROR: Server error, try reducing the number of threads.')
+        progression = critical('ERROR: Server error, try reducing the number of threads or use the --throttle option.')
       else
         progression = critical("ERROR: We received an unknown response for #{password}...")
-        verbose     = critical("    Code: #{response.code}\n    Body: #{response.body}\n")
+        verbose     = critical("  Code: #{response.code}\n    Body: #{response.body}\n")
       end
 
-      puts "\n  " + progression if progression && options[:show_progression]
+      progress_bar.log("  #{progression}") if progression && options[:show_progression]
-      puts verbose if verbose && options[:verbose]
+      progress_bar.log("  #{verbose}") if verbose && options[:verbose]
 
       valid || false
     end

lib/common/models/wp_user/existable.rb

@@ -1,86 +1,86 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-class WpUser < WpItem
+class WpUser < WpItem
-  module Existable
+  module Existable
-
+
-    # @param [ Typhoeus::Response ] response
+    # @param [ Typhoeus::Response ] response
-    # @param [ Hash ] options
+    # @param [ Hash ] options
-    #
+    #
-    # @return [ Boolean ]
+    # @return [ Boolean ]
-    def exists_from_response?(response, options = {})
+    def exists_from_response?(response, options = {})
-      load_from_response(response)
+      load_from_response(response)
-
+
-      @login ? true : false
+      @login ? true : false
-    end
+    end
-
+
-    # Load the login and display_name from the response
+    # Load the login and display_name from the response
-    #
+    #
-    # @param [ Typhoeus::Response ] response
+    # @param [ Typhoeus::Response ] response
-    #
+    #
-    # @return [ void ]
+    # @return [ void ]
-    def load_from_response(response)
+    def load_from_response(response)
-      if response.code == 301 # login in location?
+      if response.code == 301 # login in location?
-        location = response.headers_hash['Location']
+        location = response.headers_hash['Location']
-
+
-        return if location.nil? || location.empty?
+        return if location.nil? || location.empty?
-
+
-        @login        = Existable.login_from_author_pattern(location)
+        @login        = Existable.login_from_author_pattern(location)
-        @display_name = Existable.display_name_from_body(
+        @display_name = Existable.display_name_from_body(
-          Browser.get(location).body
+          Browser.get(location).body
-        )
+        )
-      elsif response.code == 200 # login in body?
+      elsif response.code == 200 # login in body?
-        @login        = Existable.login_from_body(response.body)
+        @login        = Existable.login_from_body(response.body)
-        @display_name = Existable.display_name_from_body(response.body)
+        @display_name = Existable.display_name_from_body(response.body)
-      end
+      end
-    end
+    end
-    private :load_from_response
+    private :load_from_response
-
+
-    # @param [ String ] text
+    # @param [ String ] text
-    #
+    #
-    # @return [ String ] The login
+    # @return [ String ] The login
-    def self.login_from_author_pattern(text)
+    def self.login_from_author_pattern(text)
-      return unless text =~ %r{/author/([^/\b"']+)/?}i
+      return unless text =~ %r{/author/([^/\b"']+)/?}i
-
+
-      Regexp.last_match[1].force_encoding('UTF-8')
+      Regexp.last_match[1].force_encoding('UTF-8')
-    end
+    end
-
+
-    # @param [ String ] body
+    # @param [ String ] body
-    #
+    #
-    # @return [ String ] The login
+    # @return [ String ] The login
-    def self.login_from_body(body)
+    def self.login_from_body(body)
-      # Feed URL with Permalinks
+      # Feed URL with Permalinks
-      login = WpUser::Existable.login_from_author_pattern(body)
+      login = WpUser::Existable.login_from_author_pattern(body)
-
+
-      unless login
+      unless login
-        # No Permalinks
+        # No Permalinks
-        login = body[%r{<body class="archive author author-([^\s]+)[ "]}i, 1]
+        login = body[%r{<body class="archive author author-([^\s]+)[ "]}i, 1]
-        login ? login.force_encoding('UTF-8') : nil
+        login ? login.force_encoding('UTF-8') : nil
-      end
+      end
-
+
-      login
+      login
-    end
+    end
-
+
-    # @note Some bodies are encoded in ASCII-8BIT, and Nokogiri doesn't support it
+    # @note Some bodies are encoded in ASCII-8BIT, and Nokogiri doesn't support it
-    #   So it's forced to UTF-8 when this encoding is detected
+    #   So it's forced to UTF-8 when this encoding is detected
-    #
+    #
-    # @param [ String ] body
+    # @param [ String ] body
-    #
+    #
-    # @return [ String ] The display_name
+    # @return [ String ] The display_name
-    def self.display_name_from_body(body)
+    def self.display_name_from_body(body)
-      if title_tag = body[%r{<title>([^<]+)</title>}i, 1]
+      if title_tag = body[%r{<title>([^<]+)</title>}i, 1]
-        title_tag.force_encoding('UTF-8') if title_tag.encoding == Encoding::ASCII_8BIT
+        title_tag.force_encoding('UTF-8') if title_tag.encoding == Encoding::ASCII_8BIT
-        title_tag = Nokogiri::HTML::DocumentFragment.parse(title_tag).to_s
+        title_tag = Nokogiri::HTML::DocumentFragment.parse(title_tag).to_s
-        # &amp; are not decoded with Nokogiri
+        # &amp; are not decoded with Nokogiri
-        title_tag.gsub!('&amp;', '&')
+        title_tag.gsub!('&amp;', '&')
-
+
-        # replace UTF chars like  &#187; with dummy character
+        # replace UTF chars like  &#187; with dummy character
-        title_tag.gsub!(/&#(\d+);/, '|')
+        title_tag.gsub!(/&#(\d+);/, '|')
-
+
-        name = title_tag[%r{([^|«»]+) }, 1]
+        name = title_tag[%r{([^|«»]+) }, 1]
-
+
-        return name.strip if name
+        return name.strip if name
-      end
+      end
-    end
+    end
-
+
-  end
+  end
-end
+end

lib/common/models/wp_version.rb

@@ -1,38 +1,51 @@
-# encoding: UTF-8
+# encoding: UTF-8
-
+
-require 'wp_version/findable'
+require 'wp_version/findable'
-require 'wp_version/output'
+require 'wp_version/output'
-
+
-class WpVersion < WpItem
+class WpVersion < WpItem
-  extend  WpVersion::Findable
+  extend  WpVersion::Findable
-  include WpVersion::Output
+  include WpVersion::Output
-
+
-  # The version number
+  # The version number
-  attr_accessor :number
+  attr_accessor :number, :metadata
-  alias_method :version, :number # Needed to have the right behaviour in Vulnerable#vulnerable_to?
+  alias_method :version, :number # Needed to have the right behaviour in Vulnerable#vulnerable_to?
-
+
-  # @return [ Array ]
+  # @return [ Array ]
-  def allowed_options; super << :number << :found_from end
+  def allowed_options; super << :number << :found_from end
-
+
-  def identifier
+  def identifier
-    @identifier ||= number
+    @identifier ||= number
-  end
+  end
-
+
-  def db_file
+  def db_file
-    @db_file ||= WORDPRESSES_FILE
+    @db_file ||= WORDPRESSES_FILE
-  end
+  end
-
+
-  # @param [ WpVersion ] other
+  # @param [ WpVersion ] other
-  #
+  #
-  # @return [ Boolean ]
+  # @return [ Boolean ]
-  def ==(other)
+  def ==(other)
-    number == other.number
+    number == other.number
-  end
+  end
-
+
-  # @return [ Array<String> ] All the stable versions from version_file
+  # @return [ Array<String> ] All the stable versions from version_file
-  def self.all(versions_file = WP_VERSIONS_FILE)
+  def self.all(versions_file = WP_VERSIONS_FILE)
-    Nokogiri.XML(File.open(versions_file)).css('version').reduce([]) do |a, node|
+    Nokogiri.XML(File.open(versions_file)).css('version').reduce([]) do |a, node|
-      a << node.text.to_s
+      a << node.text.to_s
-    end
+    end
-  end
+  end
-end
+
+  # @return [ Hash ] Metadata for specific WP version from WORDPRESSES_FILE
+  def metadata(version)
+    json = json(db_file)
+
+    metadata = {}
+    temp = json[version]
+    if !temp.nil?
+      metadata[:release_date]  = temp['release_date']
+      metadata[:changelog_url] = temp['changelog_url']
+    end
+    metadata
+  end
+end

lib/common/models/wp_version/findable.rb

@@ -12,6 +12,7 @@ class WpVersion < WpItem
     #
     # @return [ WpVersion ]
     def find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+      versions = {}
       methods.grep(/^find_from_/).each do |method|
 
         if method === :find_from_advanced_fingerprinting
@@ -21,9 +22,21 @@ class WpVersion < WpItem
         end
 
         if version
-          return new(target_uri, number: version, found_from: method)
+          if versions.key?(version)
+            versions[version] << method.to_s
+          else
+            versions[version] = [ method.to_s ]
+          end
         end
       end
+
+      if versions.length > 0
+        determined_version = versions.max_by { |k, v| v.length }
+        if determined_version
+          return new(target_uri, number: determined_version[0], found_from: determined_version[1].join(', '))
+        end
+      end
+
       nil
     end
 
@@ -114,34 +127,6 @@ class WpVersion < WpItem
       )
     end
 
-    def find_from_stylesheets_numbers(target_uri)
-      wp_versions = WpVersion.all
-      found       = {}
-      pattern     = /\bver=([0-9\.]+)/i
-
-      Nokogiri::HTML(Browser.get(target_uri.to_s).body).css('link,script').each do |tag|
-        %w(href src).each do |attribute|
-          attr_value = tag.attribute(attribute).to_s
-
-          next if attr_value.nil? || attr_value.empty?
-
-          uri = Addressable::URI.parse(attr_value)
-          next unless uri.query && uri.query.match(pattern)
-
-          version = Regexp.last_match[1].to_s
-
-          found[version] ||= 0
-          found[version] += 1
-        end
-      end
-
-      found.delete_if { |v, _| !wp_versions.include?(v) }
-
-      best_guess = found.sort_by(&:last).last
-      # best_guess[0]: version number, [1] numbers of occurences
-      best_guess && best_guess[1] > 1 ? best_guess[0] : nil
-    end
-
     # Uses data/wp_versions.xml to try to identify a
     # wordpress version.
     #
@@ -158,8 +143,6 @@ class WpVersion < WpItem
     def find_from_advanced_fingerprinting(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
       xml     = xml(versions_xml)
 
-      # This wp_item will take care of encoding the path
-      # and replace variables like $wp-content$ & $wp-plugins$
       wp_item = WpItem.new(target_uri,
                            wp_content_dir: wp_content_dir,
                            wp_plugins_dir: wp_plugins_dir)
@@ -218,5 +201,37 @@ class WpVersion < WpItem
       )
     end
 
+    def find_from_stylesheets_numbers(target_uri)
+      wp_versions = WpVersion.all
+      found       = {}
+      pattern     = /\bver=([0-9\.]+)/i
+
+      Nokogiri::HTML(Browser.get(target_uri.to_s).body).css('link,script').each do |tag|
+        %w(href src).each do |attribute|
+          attr_value = tag.attribute(attribute).to_s
+
+          next if attr_value.nil? || attr_value.empty?
+
+          begin
+            uri = Addressable::URI.parse(attr_value)
+          rescue Addressable::URI::InvalidURIError
+            next
+          end
+
+          next unless uri.query && uri.query.match(pattern)
+
+          version = Regexp.last_match[1].to_s
+
+          found[version] ||= 0
+          found[version] += 1
+        end
+      end
+
+      found.delete_if { |v, _| !wp_versions.include?(v) }
+
+      best_guess = found.sort_by(&:last).last
+      # best_guess[0]: version number, [1] numbers of occurences
+      best_guess && best_guess[1] > 1 ? best_guess[0] : nil
+    end
   end
 end

lib/common/models/wp_version/output.rb

@@ -4,8 +4,16 @@ class WpVersion < WpItem
   module Output
 
     def output(verbose = false)
+      metadata = self.metadata(self.number)
+
       puts
-      puts info("WordPress version #{self.number} identified from #{self.found_from}")
+      if verbose
+        puts info("WordPress version #{self.number} identified from #{self.found_from}")
+        puts " | Released: #{metadata[:release_date]}"
+        puts " | Changelog: #{metadata[:changelog_url]}"
+      else
+        puts info("WordPress version #{self.number} #{"(Released on #{metadata[:release_date]}) identified from #{self.found_from}" if metadata[:release_date]}")
+      end
 
       vulnerabilities = self.vulnerabilities
 

lib/environment.rb

@@ -3,8 +3,9 @@
 require 'rubygems'
 
 version = RUBY_VERSION.dup
-if Gem::Version.create(version) < Gem::Version.create(1.9)
+
-  puts "Ruby >= 1.9 required to run wpscan (You have #{version})"
+if Gem::Version.create(version) < Gem::Version.create(MIN_RUBY_VERSION)
+  puts "Ruby >= #{MIN_RUBY_VERSION} required to run wpscan (You have #{version})"
   exit(1)
 end
 
@@ -29,6 +30,7 @@ begin
   require 'shellwords'
   require 'fileutils'
   require 'pathname'
+  require 'cgi'
   # Third party libs
   require 'typhoeus'
   require 'yajl/json_gem'

lib/wpscan/web_site.rb

@@ -21,6 +21,29 @@ class WebSite
     @uri.to_s
   end
 
+  # Checks if the remote website has ssl errors
+  def ssl_error?
+    return false unless @uri.scheme == 'https'
+    c = get_root_path_return_code
+    # http://www.rubydoc.info/github/typhoeus/ethon/Ethon/Easy:return_code
+    return (
+      c == :ssl_connect_error ||
+      c == :peer_failed_verification ||
+      c == :ssl_certproblem ||
+      c == :ssl_cipher ||
+      c == :ssl_cacert ||
+      c == :ssl_cacert_badfile ||
+      c == :ssl_issuer_error ||
+      c == :ssl_crl_badfile ||
+      c == :ssl_engine_setfailed ||
+      c == :ssl_engine_notfound
+    )
+  end
+
+  def get_root_path_return_code
+    Browser.get(@uri.to_s).return_code
+  end
+
   # Checks if the remote website is up.
   def online?
     Browser.get(@uri.to_s).code != 0
@@ -68,15 +91,18 @@ class WebSite
   end
 
   # Compute the MD5 of the page
-  # Comments are deleted from the page to avoid cache generation details
+  # Comments and scripts are deleted from the page to avoid cache generation details
   #
   # @param [ String, Typhoeus::Response ] page The url of the response of the page
   #
   # @return [ String ] The MD5 hash of the page
   def self.page_hash(page)
     page = Browser.get(page, { followlocation: true, cache_ttl: 0 }) unless page.is_a?(Typhoeus::Response)
-
+    # remove comments
-    Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
+    page = page.body.gsub(/<!--.*?-->/m, '')
+    # remove javascript stuff
+    page = page.gsub(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/m, '')
+    Digest::MD5.hexdigest(page)
   end
 
   def homepage_hash

lib/wpscan/wp_target.rb

@@ -135,6 +135,11 @@ class WpTarget < WebSite
     @uri.merge("#{wp_content_dir}/uploads/").to_s
   end
 
+  # @return [ String ]
+  def includes_dir_url
+    @uri.merge("wp-includes/").to_s
+  end
+
   # Script for replacing strings in wordpress databases
   # reveals database credentials after hitting submit
   # http://interconnectit.com/124/search-and-replace-for-wordpress-databases/
@@ -153,4 +158,8 @@ class WpTarget < WebSite
   def upload_directory_listing_enabled?
     directory_listing_enabled?(upload_dir_url)
   end
+
+  def include_directory_listing_enabled?
+    directory_listing_enabled?(includes_dir_url)
+  end
 end

lib/wpscan/wp_target/wp_config_backup.rb

@@ -14,7 +14,7 @@ class WpTarget < WebSite
       queue_count = 0
 
       backups.each do |file|
-        file_url = @uri.merge(URI.escape(file)).to_s
+        file_url = @uri.merge(url_encode(file)).to_s
         request = browser.forge_request(file_url)
 
         request.on_complete do |response|

lib/wpscan/wpscan_helper.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-require File.expand_path(File.dirname(__FILE__) + '/../common/common_helper')
+require File.expand_path(File.join(__dir__, '..', 'common', 'common_helper'))
 
 require_files_from_directory(WPSCAN_LIB_DIR, '**/*.rb')
 
@@ -62,7 +62,7 @@ def help
   puts
   puts 'Some values are settable in a config file, see the example.conf.json'
   puts
-  puts '--update                            Update to the database to the latest version.'
+  puts '--update                            Update the database to the latest version.'
   puts '--url       | -u <target url>       The WordPress URL/domain to scan.'
   puts '--force     | -f                    Forces WPScan to not check if the remote site is running WordPress.'
   puts '--enumerate | -e [option(s)]        Enumeration.'
@@ -84,12 +84,17 @@ def help
   puts '                                    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).'
   puts '--config-file  | -c <config file>   Use the specified config file, see the example.conf.json.'
   puts '--user-agent   | -a <User-Agent>    Use the specified User-Agent.'
-  puts '--cookie <String>                   String to read cookies from.'
+  puts '--cookie <string>                   String to read cookies from.'
   puts '--random-agent | -r                 Use a random User-Agent.'
   puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
   puts '--batch                             Never ask for user input, use the default behaviour.'
   puts '--no-color                          Do not use colors in the output.'
-  puts '--wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it.'
+  puts '--log                               Creates a log.txt file with WPScan\'s output.'
+  puts '--no-banner                         Prevents the WPScan banner from being displayed.'
+  puts '--disable-accept-header             Prevents WPScan sending the Accept HTTP header.'
+  puts '--disable-referer                   Prevents setting the Referer header.'
+  puts '--disable-tls-checks                Disables SSL/TLS certificate verification.'
+  puts '--wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specify it.'
   puts '                                    Subdirectories are allowed.'
   puts '--wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.'
   puts '                                    If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
@@ -100,10 +105,11 @@ def help
   puts '--wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.'
   puts '--username | -U <username>          Only brute force the supplied username.'
   puts '--usernames     <path-to-file>      Only brute force the usernames from the file.'
-  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
+  puts '--cache-dir       <cache-directory> Set the cache directory.'
   puts '--cache-ttl       <cache-ttl>       Typhoeus cache TTL.'
   puts '--request-timeout <request-timeout> Request Timeout.'
   puts '--connect-timeout <connect-timeout> Connect Timeout.'
+  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
   puts '--max-threads     <max-threads>     Maximum Threads.'
   puts '--throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.'
   puts '--help     | -h                     This help screen.'

lib/wpscan/wpscan_options.rb

@@ -43,7 +43,11 @@ class WpscanOptions
     :connect_timeout,
     :max_threads,
     :no_banner,
-    :throttle
+    :throttle,
+    :disable_accept_header,
+    :disable_referer,
+    :cache_dir,
+    :disable_tls_checks
   ]
 
   attr_accessor *ACCESSOR_OPTIONS
@@ -208,7 +212,9 @@ class WpscanOptions
 
       enumerate_options_from_string(cli_value)
     else
-      raise "Unknow option : #{cli_option} with value #{cli_value}"
+      text = "Unknown option : #{cli_option}"
+      text << " with value #{cli_value}" if (cli_value && !cli_value.empty?)
+      raise text
     end
   end
 
@@ -282,7 +288,11 @@ class WpscanOptions
       ['--cookie', GetoptLong::REQUIRED_ARGUMENT],
       ['--log', GetoptLong::NO_ARGUMENT],
       ['--no-banner', GetoptLong::NO_ARGUMENT],
-      ['--throttle', GetoptLong::REQUIRED_ARGUMENT]
+      ['--throttle', GetoptLong::REQUIRED_ARGUMENT],
+      ['--disable-accept-header', GetoptLong::NO_ARGUMENT],
+      ['--disable-referer', GetoptLong::NO_ARGUMENT],
+      ['--cache-dir', GetoptLong::REQUIRED_ARGUMENT],
+      ['--disable-tls-checks', GetoptLong::NO_ARGUMENT],
     )
   end
 

spec/lib/common/browser_spec.rb

@@ -124,11 +124,10 @@ describe Browser do
   describe '#merge_request_params' do
     let(:params)              { {} }
     let(:cookie_jar)          { CACHE_DIR + '/browser/cookie-jar' }
+    let(:user_agent)          { 'SomeUA' }
     let(:default_expectation) {
       {
         cache_ttl: 250,
-        headers: { 'User-Agent' => 'SomeUA' },
-        ssl_verifypeer: false, ssl_verifyhost: 0,
         cookiejar: cookie_jar, cookiefile: cookie_jar,
         timeout: 60, connecttimeout: 10,
         maxredirs: 3,
@@ -137,16 +136,25 @@ describe Browser do
     }
 
     after :each do
-      browser.user_agent = 'SomeUA'
+      browser.user_agent = user_agent
       browser.cache_ttl = 250
 
       expect(browser.merge_request_params(params)).to eq @expected
+      expect(Typhoeus::Config.user_agent).to eq user_agent
     end
 
     it 'sets the User-Agent header field and cache_ttl' do
       @expected = default_expectation
     end
 
+    context 'when @user_agent' do
+      let(:user_agent) { 'test' }
+
+      it 'sets the User-Agent' do
+        @expected = default_expectation
+      end
+    end
+
     context 'when @proxy' do
       let(:proxy) { '127.0.0.1:9050' }
       let(:proxy_expectation) { default_expectation.merge(proxy: proxy) }
@@ -177,7 +185,7 @@ describe Browser do
       it 'appends the basic_auth' do
         browser.basic_auth  = 'user:pass'
         @expected           = default_expectation.merge(
-          headers: default_expectation[:headers].merge('Authorization' => 'Basic ' + Base64.encode64('user:pass').chomp)
+          headers: { 'Authorization' => 'Basic ' + Base64.encode64('user:pass').chomp }
         )
       end
     end
@@ -206,6 +214,13 @@ describe Browser do
         @expected = default_expectation.merge(cookie: cookie)
       end
     end
+
+    context 'when @disable_tls_checks' do
+      it 'disables tls checks' do
+        browser.disable_tls_checks = true
+        @expected = default_expectation.merge(ssl_verifypeer: 0, ssl_verifyhost: 0)
+      end
+    end
   end
 
   describe '#forge_request' do

spec/lib/common/collections/wp_items_spec.rb

@@ -18,7 +18,7 @@ describe WpItems do
         vulnerable_targets_items: [ WpItem.new(uri, name: 'mr-smith'),
                                     WpItem.new(uri, name: 'neo')],
 
-        passive_detection: (1..13).reduce(WpItems.new) { |o, i| o << WpItem.new(uri, name: "detect-me-#{i}") }
+        passive_detection: (1..15).reduce(WpItems.new) { |o, i| o << WpItem.new(uri, name: "detect-me-#{i}") }
       }
     end
   end

spec/lib/common/collections/wp_plugins/detectable_spec.rb

@@ -100,6 +100,13 @@ describe 'WpPlugins::Detectable' do
           expected.add('all-in-one-seo-pack', version: '2.0.3.1')
         end
       end
+
+      context 'when google-universal-analytics detected' do
+        it 'returns google-universal-analytics' do
+          @body = '<!-- Google Universal Analytics for WordPress v2.4.2 -->'
+          expected.add('google-universal-analytics', version: '2.4.2')
+        end
+      end
     end
   end
 

spec/lib/common/collections/wp_timthumbs/detectable_spec.rb

@@ -26,10 +26,10 @@ describe 'WpTimthumbs::Detectable' do
 
   def expected_targets_from_theme(theme_name)
     expected = []
-    %w{
+    %w(
       timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
-      scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+      scripts/timthumb.php tools/timthumb.php functions/timthumb.php thumb.php
-    }.each do |file|
+    ).each do |file|
       path = "$wp-content$/themes/#{theme_name}/#{file}"
       expected << WpTimthumb.new(uri, path: path)
     end
@@ -46,7 +46,7 @@ describe 'WpTimthumbs::Detectable' do
     after do
       targets = subject.send(:targets_items_from_file, file, wp_target)
 
-      expect(targets.map { |t| t.url }).to eq @expected.map { |t| t.url }
+      expect(targets.map(&:url)).to eq @expected.map(&:url)
     end
 
     context 'when an empty file' do
@@ -71,7 +71,7 @@ describe 'WpTimthumbs::Detectable' do
       theme   = 'hello-world'
       targets = subject.send(:theme_timthumbs, theme, wp_target)
 
-      expect(targets.map { |t| t.url }).to eq expected_targets_from_theme(theme).map { |t| t.url }
+      expect(targets.map(&:url)).to eq expected_targets_from_theme(theme).map(&:url)
     end
   end
 
@@ -81,7 +81,7 @@ describe 'WpTimthumbs::Detectable' do
     after do
       targets = subject.send(:targets_items, wp_target, options)
 
-      expect(targets.map { |t| t.url }).to eq @expected.sort.map { |t| t.url }
+      expect(targets.map(&:url)).to match_array(@expected.map(&:url))
     end
 
     context 'when no :theme_name' do
@@ -101,7 +101,7 @@ describe 'WpTimthumbs::Detectable' do
     end
 
     context 'when :theme_name' do
-      let(:theme)   { 'theme-name'}
+      let(:theme) { 'theme-name' }
 
       context 'when no :file' do
         let(:options) { { theme_name: theme } }

spec/lib/common/models/wp_item_spec.rb

@@ -105,11 +105,6 @@ describe WpItem do
         @expected = 'plugins/readme.txt'
       end
     end
-
-    it 'also encodes chars' do
-      @path     = 'some dir with spaces'
-      @expected = 'some%20dir%20with%20spaces'
-    end
   end
 
   describe '#uri' do

spec/lib/common/models/wp_version/findable_spec.rb

@@ -159,6 +159,22 @@ describe 'WpVersion::Findable' do
     end
   end
 
+  describe '::find_from_stylesheets_numbers' do
+    after do
+      fixture = fixtures_dir + 'stylesheet_numbers' + @fixture
+      stub_request_to_fixture(url: uri, fixture: fixture)
+
+      expect(WpVersion.send(:find_from_stylesheets_numbers, uri)).to eq @expected
+    end
+
+    context 'invalid url' do
+      it 'returns nil' do
+        @fixture = '/invalid_url.html'
+        @expected = nil
+      end
+    end
+  end
+
   describe '::find' do
     # Stub all WpVersion::find_from_* to return nil
     def stub_all_to_nil

spec/lib/common/version_compare_spec.rb

@@ -160,6 +160,11 @@ describe 'VersionCompare' do
         @version1 = '.47'
         @version2 = '.50.3'
       end
+
+      it 'returns true' do
+        @version1 = '2.5.9'
+        @version2 = '2.5.10'
+      end
     end
 
     context 'version checked is older' do

spec/lib/wpscan/web_site_spec.rb

@@ -176,6 +176,17 @@ describe 'WebSite' do
         @expected = "yolo\n\n\nworld!"
       end
     end
+
+    context 'when there are scripts' do
+      let(:page) {
+        body = "yolo\n\n<script type=\"text/javascript\">alert('Hi');</script>\nworld!"
+        Typhoeus::Response.new(body: body)
+      }
+
+      it 'removes them' do
+        @expected = "yolo\n\n\nworld!"
+      end
+    end
   end
 
   describe '#homepage_hash' do

spec/lib/wpscan/wp_target_spec.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
+require File.expand_path(File.join(__dir__, 'wpscan_helper'))
 
 describe WpTarget do
   subject(:wp_target) { WpTarget.new(target_url, options) }

spec/lib/wpscan/wpscan_options_spec.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
+require File.expand_path(File.join(__dir__, 'wpscan_helper'))
 
 describe 'WpscanOptions' do
 

spec/samples/common/collections/wp_items/detectable/passive_detection.html

@@ -19,6 +19,8 @@
 
   <script type='text/javascript' src='//wp-content/items/detect-me-5/main.js'></script>
 
+  <link rel='stylesheet' id='ai1ec_style-css'  href='//example.com/wp-content/items/detect-me-15/test.css' type='text/css' media='all' />
+
   <style type="text/css">
     #fancybox-loading.fancybox-ie div {
       background: transparent;
@@ -32,6 +34,7 @@
     @import url('/wp-content/items/detect-me-8/css/datatables.css?ver=1.9.4');
     @import url(/wp-content/items/detect-me-9/css/datatables.css?ver=1.9.4);
     @import url(//wp-content/items/detect-me-10/css/datatables.css?ver=1.9.4);
+    @import url(//example.com/wp-content/items/detect-me-14/css/datatables.css?ver=1.9.4);
     /* ]]> */
   </style>
 

spec/samples/common/models/wp_version/findable/stylesheet_numbers/invalid_url.html

@@ -0,0 +1,8 @@
+<script src="//use.typekit.net/h3 {
+    font-family: &#039;Century Gothic&#039;, CenturyGothic, AppleGothic, sans-serif;
+    font-size: 14px;
+    font-style: normal;
+    font-variant: normal;
+    font-weight: 500;
+    line-height: 15px;.js"></script><script>try{Typekit.load();}catch(e){}</script>
+  

spec/shared_examples/wp_item_findable_found_from.rb

@@ -7,12 +7,6 @@ shared_examples 'WpItem::Findable#Found_From=' do
       subject.found_from = @method
       expect(subject.found_from).to eq @expected
     end
-    context 'when the pattern is not found' do
-      it 'returns nil' do
-        @method   = 'I_do_not_match'
-        @expected = nil
-      end
-    end
 
     it 'replaces _ by space' do
       @method   = 'find_from_some_detection_method'

spec/shared_examples/wp_target/wp_config_backup.rb

@@ -10,7 +10,7 @@ shared_examples 'WpTarget::WpConfigBackup' do
     # set all @config_backup_files to point to a 404
     before :each do
       config_backup_files.each do |backup_file|
-        file_url = wp_target.uri.merge(URI.escape(backup_file)).to_s
+        file_url = wp_target.uri.merge(url_encode(backup_file)).to_s
 
         stub_request(:get, file_url).to_return(status: 404)
       end
@@ -24,7 +24,7 @@ shared_examples 'WpTarget::WpConfigBackup' do
       expected = []
 
       config_backup_files.sample(1).each do |backup_file|
-        file_url = wp_target.uri.merge(URI.escape(backup_file)).to_s
+        file_url = wp_target.uri.merge(url_encode(backup_file)).to_s
         expected << file_url
 
         stub_request_to_fixture(url: file_url, fixture: fixtures_dir + '/wp-config.php')
@@ -40,7 +40,7 @@ shared_examples 'WpTarget::WpConfigBackup' do
       expected = []
 
       config_backup_files.sample(2).each do |backup_file|
-        file_url = wp_target.uri.merge(URI.escape(backup_file)).to_s
+        file_url = wp_target.uri.merge(url_encode(backup_file)).to_s
         expected << file_url
 
         stub_request_to_fixture(url: file_url, fixture: fixtures_dir + '/wp-config.php')

spec/spec_helper.rb

@@ -7,7 +7,7 @@ require 'simplecov' if RUBY_VERSION >= '1.9'
 
 RSpec::Expectations.configuration.warn_about_potential_false_positives = false
 
-require File.expand_path(File.dirname(__FILE__) + '/../lib/common/common_helper')
+require File.expand_path(File.join(__dir__, '..', 'lib', 'common', 'common_helper'))
 
 SPEC_DIR                      = ROOT_DIR + '/spec'
 SPEC_LIB_DIR                  = SPEC_DIR + '/lib'