Stats

Document Homebrew package in README

.dockerignore

@@ -0,0 +1,21 @@
+git/
+bundle/
+.idea/
+.yardoc/
+cache/
+coverage/
+spec/
+dev/
+.*
+**/*.md
+*.md
+Dockerfile
+**/*.orig
+*.orig
+CREDITS
+data.zip
+DISCLAIMER.txt
+example.conf.json
+bin/
+log.txt
+

.gitignore

@@ -1,3 +1,4 @@
+.ash_history
 cache
 coverage
 .bundle
@@ -6,10 +7,10 @@ coverage
 *.sublime-*
 .idea
 .*.swp
-Gemfile.lock
 log.txt
 .yardoc
 debug.log
 wordlist.txt
 rspec_results.html
 data/
+vendor/

.ruby-version

@@ -1 +1 @@
-2.3.1
+2.4.1

.travis.yml

@@ -2,8 +2,7 @@ language: ruby
 sudo: false
 cache: bundler
 rvm:
-  # Still not in Travis :(
-  # - 2.1.9
+  - 2.1.9
   - 2.2.0
   - 2.2.1
   - 2.2.2
@@ -11,9 +10,18 @@ rvm:
   - 2.2.4
   - 2.3.0
   - 2.3.1
+  - 2.3.2
+  - 2.3.3
+  - 2.4.1
 before_install:
+  - "env"
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
-script: bundle exec rspec
+  - "gem install bundler"
+  - "bundler --version"
+before_script:
+  - "unzip -o $TRAVIS_BUILD_DIR/data.zip -d $TRAVIS_BUILD_DIR"
+script:
+  - "bundle exec rspec"
 notifications:
   email:
     - team@wpscan.org

CHANGELOG.md

@@ -1,6 +1,52 @@
 # Changelog
 ## Master
-[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.9.1...master)
+[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.9.3...master)
+
+## Version 2.9.3
+Released: 2017-07-19
+
+* Updated dependencies and required ruby version
+* Made some changes so wpscan works in ruby 2.4
+* Added a Gemfile.lock to lock all dependencies
+* You can now pass a wordlist from stdin via "--wordlist -"
+* Improved version detection regexes
+* Added an optional paramter to --log to specify a filename
+
+WPScan Database Statistics:
+* Total tracked wordpresses: 251
+* Total tracked plugins: 68818
+* Total tracked themes: 15132
+* Total vulnerable wordpresses: 243
+* Total vulnerable plugins: 1527
+* Total vulnerable themes: 280
+* Total wordpress vulnerabilities: 5263
+* Total plugin vulnerabilities: 2406
+* Total theme vulnerabilities: 349
+
+## Version 2.9.2
+Released: 2016-11-15
+
+* Fixed error when detecting plugins with UTF-8 characters
+* Use all possible finders to verify a detected version
+* Fix error when detecting a WordPress version not in our database
+* Added some additional clarification on error messages
+* Upgrade terminal-table gem
+* Add --cache-dir option
+* Add --disable-tls-checks options
+* Improve/add additional plugin passive detections
+* Remove scripts when calculating page hashes
+* Many other small bug fixes.
+
+WPScan Database Statistics:
+* Total tracked wordpresses: 194
+* Total tracked plugins: 63703
+* Total tracked themes: 13835
+* Total vulnerable wordpresses: 177
+* Total vulnerable plugins: 1382
+* Total vulnerable themes: 379
+* Total wordpress vulnerabilities: 2617
+* Total plugin vulnerabilities: 2190
+* Total theme vulnerabilities: 452
 
 ## Version 2.9.1
 Released: 2016-05-06

Dockerfile

@@ -0,0 +1,29 @@
+FROM ruby:2.4-alpine
+MAINTAINER WPScan Team <team@wpscan.org>
+
+ARG BUNDLER_ARGS="--jobs=8 --without test"
+
+RUN adduser -h /wpscan -g WPScan -D wpscan
+RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
+
+COPY Gemfile /wpscan
+COPY Gemfile.lock /wpscan
+
+# runtime dependencies
+RUN apk add --no-cache libcurl procps && \
+  # build dependencies
+  apk add --no-cache --virtual build-deps alpine-sdk ruby-dev libffi-dev zlib-dev && \
+  bundle install --system --gemfile=/wpscan/Gemfile $BUNDLER_ARGS && \
+  apk del --no-cache build-deps
+
+COPY . /wpscan
+RUN chown -R wpscan:wpscan /wpscan
+
+USER wpscan
+
+RUN /wpscan/wpscan.rb --update --verbose --no-color
+
+WORKDIR /wpscan
+
+ENTRYPOINT ["/wpscan/wpscan.rb"]
+CMD ["--help"]

Gemfile

@@ -1,18 +1,15 @@
 source 'https://rubygems.org'
 
-gem 'typhoeus', '>=0.8.0'
-gem 'nokogiri', '>=1.6.7.1'
-gem 'addressable'
-gem 'yajl-ruby' # Better JSON parser regarding memory usage
-# TODO: update the below when terminal-table 1.5.3+ is released.
-# See issue #841 for details
-# (and delete the Terminal module in lib/common/hacks.rb)
-gem 'terminal-table', '~>1.4.5'
-gem 'ruby-progressbar', '>=1.6.0'
+gem 'typhoeus', '>=1.1.2'
+gem 'nokogiri', '>=1.7.0.1'
+gem 'addressable', '>=2.5.0'
+gem 'yajl-ruby', '>=1.3.0' # Better JSON parser regarding memory usage
+gem 'terminal-table', '>=1.6.0'
+gem 'ruby-progressbar', '>=1.8.1'
 
 group :test do
-  gem 'webmock', '>=1.17.2'
-  gem 'simplecov'
-  gem 'rspec', '>=3.3.0'
-  gem 'rspec-its'
+  gem 'webmock', '>=2.3.2'
+  gem 'simplecov', '>=0.13.0'
+  gem 'rspec', '>=3.5.0'
+  gem 'rspec-its', '>=1.2.0'
 end

Gemfile.lock

@@ -0,0 +1,69 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.1)
+      public_suffix (~> 2.0, >= 2.0.2)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    ethon (0.10.1)
+      ffi (>= 1.3.0)
+    ffi (1.9.18)
+    hashdiff (0.3.4)
+    json (2.1.0)
+    mini_portile2 (2.2.0)
+    nokogiri (1.8.0)
+      mini_portile2 (~> 2.2.0)
+    public_suffix (2.0.5)
+    rspec (3.6.0)
+      rspec-core (~> 3.6.0)
+      rspec-expectations (~> 3.6.0)
+      rspec-mocks (~> 3.6.0)
+    rspec-core (3.6.0)
+      rspec-support (~> 3.6.0)
+    rspec-expectations (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-its (1.2.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-support (3.6.0)
+    ruby-progressbar (1.8.1)
+    safe_yaml (1.0.4)
+    simplecov (0.14.1)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.1)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    typhoeus (1.1.2)
+      ethon (>= 0.9.0)
+    unicode-display_width (1.3.0)
+    webmock (3.0.1)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+    yajl-ruby (1.3.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  addressable (>= 2.5.0)
+  nokogiri (>= 1.7.0.1)
+  rspec (>= 3.5.0)
+  rspec-its (>= 1.2.0)
+  ruby-progressbar (>= 1.8.1)
+  simplecov (>= 0.13.0)
+  terminal-table (>= 1.6.0)
+  typhoeus (>= 1.1.2)
+  webmock (>= 2.3.2)
+  yajl-ruby (>= 1.3.0)
+
+BUNDLED WITH
+   1.14.6

LICENSE

@@ -68,3 +68,7 @@ To the extent permitted under Law, WPScan is provided under an AS-IS basis. The
 10. Disclaimer
 
 Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
+
+11. Trademark
+
+The "wpscan" term is a registered trademark. This License does not grant the use of the "wpscan" trademark or the use of the WPScan logo.

README.md

@@ -4,16 +4,17 @@
 [![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
 [![Code Climate](https://img.shields.io/codeclimate/github/wpscanteam/wpscan.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
 [![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/wpscan.svg)](https://gemnasium.com/wpscanteam/wpscan)
+[![Docker Pulls](https://img.shields.io/docker/pulls/wpscanteam/wpscan.svg)](https://hub.docker.com/r/wpscanteam/wpscan/)
 
-#### LICENSE
+# LICENSE
 
-#### WPScan Public Source License
+## WPScan Public Source License
 
 The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2016 WPScan Team.
 
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 
-##### 1. Definitions
+### 1. Definitions
 
 1.1 "License" means this document.
 
@@ -21,7 +22,7 @@ Cases that include commercialization of WPScan require a commercial, non-free li
 
 1.3 "WPScan Team" means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
 
-##### 2. Commercialization
+### 2. Commercialization
 
 A commercial use is one intended for commercial advantage or monetary compensation.
 
@@ -44,7 +45,7 @@ We may grant commercial licenses at no monetary cost at our own discretion if th
 
 Free-use Terms and Conditions;
 
-##### 3. Redistribution
+### 3. Redistribution
 
 Redistribution is permitted under the following conditions:
 
@@ -52,35 +53,39 @@ Redistribution is permitted under the following conditions:
  - Unmodified Copyright notices are provided with WPScan.
  - Does not conflict with the commercialization clause.
 
-##### 4. Copying
+### 4. Copying
 
 Copying is permitted so long as it does not conflict with the Redistribution clause.
 
-##### 5. Modification
+### 5. Modification
 
 Modification is permitted so long as it does not conflict with the Redistribution clause.
 
-##### 6. Contributions
+### 6. Contributions
 
 Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.
 
-##### 7. Support
+### 7. Support
 
 WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.
 
-##### 8. Disclaimer of Warranty
+### 8. Disclaimer of Warranty
 
 WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
 
-##### 9. Limitation of Liability
+### 9. Limitation of Liability
 
 To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.
 
-##### 10. Disclaimer
+### 10. Disclaimer
 
 Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
 
-#### INSTALL
+### 11. Trademark
+
+The "wpscan" term is a registered trademark. This License does not grant the use of the "wpscan" trademark or the use of the WPScan logo.
+
+# INSTALL
 
 WPScan comes pre-installed on the following Linux distributions:
 
@@ -90,82 +95,100 @@ WPScan comes pre-installed on the following Linux distributions:
 - [SamuraiWTF](http://samurai.inguardians.com/)
 - [BlackArch](http://blackarch.org/)
 
-Prerequisites:
+On macOS WPScan is packaged by [Homebrew](https://brew.sh/) as [`wpscan`](http://braumeister.org/formula/wpscan).
 
-- Ruby >= 2.1.9 - Recommended: 2.3.1
+Windows is not supported
+
+We suggest you use our official Docker image from https://hub.docker.com/r/wpscanteam/wpscan/ to avoid installation problems.
+
+# DOCKER
+Pull the repo with `docker pull wpscanteam/wpscan`
+
+## Start WPScan
+
+```
+docker run -it --rm wpscanteam/wpscan -u https://yourblog.com [options]
+```
+
+For the available Options, please see https://github.com/wpscanteam/wpscan#wpscan-arguments
+
+If you run the git version of wpscan we included some binstubs in ./bin for easier start of wpscan.
+
+## Examples
+
+Mount a local wordlist to the docker container and start a bruteforce attack for user admin
+
+```
+docker run -it --rm -v ~/wordlists:/wordlists wpscanteam/wpscan --url https://yourblog.com --wordlist /wordlists/crackstation.txt --username admin
+```
+
+Use logfile option
+```
+# the file must exist prior to starting the container, otherwise docker will create a directory with the filename
+touch ~/FILENAME
+docker run -it --rm -v ~/FILENAME:/wpscan/output.txt wpscanteam/wpscan --url https://yourblog.com --log /wpscan/output.txt
+```
+
+(This mounts the host directory `~/wordlists` to the container in the path `/wordlists`)
+
+Published on https://hub.docker.com/r/wpscanteam/wpscan/
+
+# Manual install
+
+## Prerequisites
+
+- Ruby >= 2.1.9 - Recommended: 2.4.1
 - Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
 - RubyGems      - Recommended: latest
 - Git
 
-Windows is not supported.
-If installed from Github update the code base with ```git pull```. The databases are updated with ```wpscan.rb --update```.
+### Installing dependencies on Ubuntu
 
-####Installing on Ubuntu:
+    sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev
 
-Before Ubuntu 14.04:
+### Installing dependencies on Debian
 
-    sudo apt-get install libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler && bundle install --without test
+    sudo apt-get install gcc git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
 
-From Ubuntu 14.04:
-
-    sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler && bundle install --without test
-
-####Installing on Debian:
-
-    sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler
-    bundle install --without test --path vendor/bundle
-
-####Installing on Fedora:
+### Installing dependencies on Fedora
 
     sudo dnf install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler && bundle install --without test
 
-####Installing on Archlinux:
+### Installing dependencies on Arch Linux
 
     pacman -Syu ruby
     pacman -Syu libyaml
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler && bundle install --without test
-    gem install typhoeus
-    gem install nokogiri
 
-####Installing on Mac OSX:
+### Installing dependencies on macOS
 
 Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See [http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error](http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error)
 
-    git clone https://github.com/wpscanteam/wpscan.git
-    cd wpscan
-    sudo gem install bundler && sudo bundle install --without test
+## Installing with RVM (recommended when doing a manual install)
 
-####Installing with RVM (recommended):
+If you are using GNOME Terminal, there are some steps required before executing the commands. See here for more information:
+https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
 
     # Install all prerequisites for your OS (look above)
     cd ~
+    curl -sSL https://rvm.io/mpapis.asc | gpg --import -
     curl -sSL https://get.rvm.io | bash -s stable
     source ~/.rvm/scripts/rvm
     echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
-    rvm install 2.3.1
-    rvm use 2.3.1 --default
+    rvm install 2.4.1
+    rvm use 2.4.1 --default
     echo "gem: --no-ri --no-rdoc" > ~/.gemrc
-    gem install bundler
     git clone https://github.com/wpscanteam/wpscan.git
     cd wpscan
     gem install bundler
     bundle install --without test
 
-#### KNOWN ISSUES
+## Installing manually (not recommended)
+
+    git clone https://github.com/wpscanteam/wpscan.git
+    cd wpscan
+    sudo gem install bundler && bundle install --without test
+
+# KNOWN ISSUES
 
   - Typhoeus segmentation fault
 
@@ -208,7 +231,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
 
       See [https://github.com/wpscanteam/wpscan/issues/148](https://github.com/wpscanteam/wpscan/issues/148)
 
-#### WPSCAN ARGUMENTS
+# WPSCAN ARGUMENTS
 
     --update                            Update the database to the latest version.
     --url       | -u <target url>       The WordPress URL/domain to scan.
@@ -232,12 +255,17 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
                                         You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).
     --config-file  | -c <config file>   Use the specified config file, see the example.conf.json.
     --user-agent   | -a <User-Agent>    Use the specified User-Agent.
-    --cookie <String>                   String to read cookies from.
+    --cookie <string>                   String to read cookies from.
     --random-agent | -r                 Use a random User-Agent.
     --follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not
     --batch                             Never ask for user input, use the default behaviour.
     --no-color                          Do not use colors in the output.
-    --wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it.
+    --log [filename]                    Creates a log.txt file with WPScan's output if no filename is supplied. Otherwise the filename is used for logging.
+    --no-banner                         Prevents the WPScan banner from being displayed.
+    --disable-accept-header             Prevents WPScan sending the Accept HTTP header.
+    --disable-referer                   Prevents setting the Referer header.
+    --disable-tls-checks                Disables SSL/TLS certificate verification.
+    --wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specify it.
                                         Subdirectories are allowed.
     --wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.
                                         If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
@@ -246,19 +274,21 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
     --proxy-auth <username:password>    Supply the proxy login credentials.
     --basic-auth <username:password>    Set the HTTP Basic authentication.
     --wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.
+                                        If the "-" option is supplied, the wordlist is expected via STDIN.
     --username | -U <username>          Only brute force the supplied username.
     --usernames     <path-to-file>      Only brute force the usernames from the file.
-    --threads  | -t <number of threads> The number of threads to use when multi-threading requests.
+    --cache-dir       <cache-directory> Set the cache directory.
     --cache-ttl       <cache-ttl>       Typhoeus cache TTL.
     --request-timeout <request-timeout> Request Timeout.
     --connect-timeout <connect-timeout> Connect Timeout.
+    --threads  | -t <number of threads> The number of threads to use when multi-threading requests.
     --max-threads     <max-threads>     Maximum Threads.
     --throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.
     --help     | -h                     This help screen.
     --verbose  | -v                     Verbose output.
     --version                           Output the current version and exit.
 
-#### WPSCAN EXAMPLES
+# WPSCAN EXAMPLES
 
 Do 'non-intrusive' checks...
 
@@ -268,6 +298,10 @@ Do wordlist password brute force on enumerated users using 50 threads...
 
 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50```
 
+Do wordlist password brute force on enumerated users using STDIN as the wordlist...
+
+```crunch 5 13 -f charset.lst mixalpha | ruby wpscan.rb --url www.example.com --wordlist -```
+
 Do wordlist password brute force on the 'admin' username only...
 
 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin```
@@ -292,26 +326,22 @@ Debug output...
 
 ```ruby wpscan.rb --url www.example.com --debug-output 2>debug.log```
 
-#### PROJECT HOME
+# PROJECT HOME
 
 [http://www.wpscan.org](http://www.wpscan.org)
 
-#### VULNERABILITY DATABASE
+# VULNERABILITY DATABASE
 
 [https://wpvulndb.com](https://wpvulndb.com)
 
-#### GIT REPOSITORY
+# GIT REPOSITORY
 
 [https://github.com/wpscanteam/wpscan](https://github.com/wpscanteam/wpscan)
 
-#### ISSUES
+# ISSUES
 
 [https://github.com/wpscanteam/wpscan/issues](https://github.com/wpscanteam/wpscan/issues)
 
-#### DEVELOPER DOCUMENTATION
+# DEVELOPER DOCUMENTATION
 
 [http://rdoc.info/github/wpscanteam/wpscan/frames](http://rdoc.info/github/wpscanteam/wpscan/frames)
-
-#### SPECIAL THANKS
-
-[RandomStorm](https://www.randomstorm.com)

bin/rspec

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+# always rebuild and include all GEMs
+docker build --build-arg "BUNDLER_ARGS=--jobs=8" -t wpscan:rspec .
+# update all gems (this updates Gemfile.lock on the host)
+# this also needs some build dependencies
+docker run --rm -u root -v $DIR/../Gemfile.lock:/wpscan/Gemfile.lock --entrypoint "" wpscan:rspec sh -c 'apk add --no-cache alpine-sdk ruby-dev libffi-dev zlib-dev && bundle update'
+# rebuild image with latest GEMs
+docker build --build-arg "BUNDLER_ARGS=--jobs=8" -t wpscan:rspec .
+# run spec
+docker run --rm -v $DIR/../:/wpscan --entrypoint "" wpscan:rspec rspec
+

bin/update_gems

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+docker run -it --rm -v "$DIR/../":/wpscan -w /wpscan ruby:2.4 bundle update

bin/wpscan

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+docker build -q -t wpscan:git .
+docker run -it --rm wpscan:git "$@"
+

bin/wpscan-dev

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+if [[ -n "$WPSCAN_BUILD" ]]; then
+  docker build -q -t wpscan:git .
+fi
+docker run -it --rm -v $DIR/../:/wpscan wpscan:git "$@"
+

dev/stats.rb

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 # encoding: UTF-8
 
-require File.dirname(__FILE__) + '/../lib/wpscan/wpscan_helper'
+require File.expand_path(File.join(__dir__, '..', 'lib', 'wpscan', 'wpscan_helper'))
 
 wordpress_json = json(WORDPRESSES_FILE)
 plugins_json = json(PLUGINS_FILE)
@@ -14,6 +14,6 @@ puts "* Total tracked themes: #{themes_json.count}"
 puts "* Total vulnerable wordpresses: #{wordpress_json.select { |item| !wordpress_json[item]['vulnerabilities'].empty? }.count}"
 puts "* Total vulnerable plugins: #{plugins_json.select { |item| !plugins_json[item]['vulnerabilities'].empty? }.count}"
 puts "* Total vulnerable themes: #{themes_json.select { |item| !themes_json[item]['vulnerabilities'].empty? }.count}"
-puts "* Total wordpress vulnerabilities: #{}"
-puts "* Total plugin vulnerabilities: #{}"
-puts "* Total theme vulnerabilities: #{}"
+puts "* Total wordpress vulnerabilities: #{wordpress_json.map {|k,v| v['vulnerabilities'].count}.inject(:+)}"
+puts "* Total plugin vulnerabilities: #{plugins_json.map {|k,v| v['vulnerabilities'].count}.inject(:+)}"
+puts "* Total theme vulnerabilities: #{themes_json.map {|k,v| v['vulnerabilities'].count}.inject(:+)}"

example.conf.json

@@ -2,8 +2,8 @@
   "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
 
     /* Uncomment the "proxy" line to use the proxy
-        SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
-        If you do not specify the protocol, http will be used
+       SOCKS proxies (4, 4A, 5) are supported, ie : "proxy": "socks5://127.0.0.1:9000"
+       If you do not specify the protocol, http will be used
     */
     //"proxy": "127.0.0.1:3128",
     //"proxy_auth": "username:password",

lib/common/browser.rb

@@ -18,7 +18,10 @@ class Browser
     :request_timeout,
     :connect_timeout,
     :cookie,
-    :throttle
+    :throttle,
+    :disable_accept_header,
+    :disable_referer,
+    :disable_tls_checks
   ]
 
   @@instance = nil
@@ -67,17 +70,23 @@ class Browser
     @@instance = nil
   end
 
+  # Override for setting the User-Agent
+  # @param [ String ] user_agent
+  def user_agent=(user_agent)
+    Typhoeus::Config.user_agent = user_agent
+  end
+
   #
   # sets browser default values
   #
   def browser_defaults
+    Typhoeus::Config.user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
     @max_threads     = 20
     # 10 minutes, at this time the cache is cleaned before each scan.
     # If this value is set to 0, the cache will be disabled
     @cache_ttl       = 600
     @request_timeout = 60 # 60s
     @connect_timeout = 10 # 10s
-    @user_agent      = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
     @throttle        = 0
   end
 
@@ -115,12 +124,6 @@ class Browser
   #
   # @return [ Hash ]
   def merge_request_params(params = {})
-    params = Browser.append_params_header_field(
-      params,
-      'User-Agent',
-      @user_agent
-    )
-
     if @proxy
       params.merge!(proxy: @proxy)
       params.merge!(proxyauth: @proxy_auth) if @proxy_auth
@@ -153,12 +156,18 @@ class Browser
     params.merge!(maxredirs: 3) unless params.key?(:maxredirs)
 
     # Disable SSL-Certificate checks
-    params.merge!(ssl_verifypeer: false) unless params.key?(:ssl_verifypeer)
-    params.merge!(ssl_verifyhost: 0) unless params.key?(:ssl_verifyhost)
+    if @disable_tls_checks
+      # Cert validity check
+      params.merge!(ssl_verifypeer: 0) unless params.key?(:ssl_verifypeer)
+      # Cert hostname check
+      params.merge!(ssl_verifyhost: 0) unless params.key?(:ssl_verifyhost)
+    end
 
     params.merge!(cookiejar: @cache_dir + '/cookie-jar')
     params.merge!(cookiefile: @cache_dir + '/cookie-jar')
     params.merge!(cookie: @cookie) if @cookie
+    params = Browser.remove_params_header_field(params, 'Accept') if @disable_accept_header
+    params = Browser.remove_params_header_field(params, 'Referer') if @disable_referer
 
     params
   end
@@ -178,4 +187,18 @@ class Browser
     end
     params
   end
+
+  # @param [ Hash ] params
+  # @param [ String ] field
+  # @param [ Mixed ] field_value
+  #
+  # @return [ Array ]
+  def self.remove_params_header_field(params = {}, field)
+    if !params.has_key?(:headers)
+      params = params.merge(:headers => { field => nil })
+    elsif !params[:headers].has_key?(field)
+      params[:headers][field] = nil
+    end
+    params
+  end
 end

lib/common/browser/options.rb

@@ -3,9 +3,8 @@
 class Browser
   module Options
 
-    attr_accessor :request_timeout, :connect_timeout
+    attr_accessor :request_timeout, :connect_timeout, :user_agent, :disable_accept_header, :disable_referer, :disable_tls_checks
     attr_reader   :basic_auth, :cache_ttl, :proxy, :proxy_auth, :throttle
-    attr_writer   :user_agent
 
     # Sets the Basic Authentification credentials
     # Accepted format:
@@ -21,7 +20,7 @@ class Browser
       elsif auth =~ /\ABasic [a-zA-Z0-9=]+\z/
         @basic_auth = auth
       else
-       raise 'Invalid basic authentication format, "login:password" or "Basic base_64_encoded" expected'
+        raise "Invalid basic authentication format, \"login:password\" or \"Basic base_64_encoded\" expected. Your input: #{auth}"
      end
     end
 

lib/common/collections/wp_items/detectable.rb

@@ -95,6 +95,10 @@ class WpItems < Array
         code = tag.text.to_s
         next if code.empty?
 
+        if ! code.valid_encoding?
+          code = code.encode('UTF-16be', :invalid => :replace, :replace => '?').encode('UTF-8')
+        end
+
         code.scan(code_pattern(wp_target)).flatten.uniq.each do |item_name|
           names << item_name
         end
@@ -116,7 +120,7 @@ class WpItems < Array
       wp_content_dir = wp_target.wp_content_dir
       wp_content_url = wp_target.uri.merge(wp_content_dir).to_s
 
-      url = /#{wp_content_url.gsub(%r{\A(?:http|https)}, 'https?').gsub('/', '\\\\\?\/')}/i
+      url = wp_content_url.gsub(%r{\A(?:http|https)://}, '(?:https?:)?//').gsub('/', '\\\\\?\/')
       content_dir = %r{(?:#{url}|\\?\/\\?\/?#{wp_content_dir})}i
 
       %r{#{content_dir}\\?/#{type}\\?/}

lib/common/collections/wp_plugins/detectable.rb

@@ -62,10 +62,14 @@ class WpPlugins < WpItems
         wp_plugins.add('all-in-one-seo-pack', version: $1)
       end
 
-      if body =~ /<!-- This site is optimized with the Yoast WordPress SEO plugin v([^\s]+) -/i
+      if body =~ /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([^\s]+) -/i
         wp_plugins.add('wordpress-seo', version: $1)
       end
 
+      if body =~ /<!-- Google Universal Analytics for WordPress v([^\s]+) -/i
+        wp_plugins.add('google-universal-analytics', version: $1)
+      end
+
       wp_plugins
     end
 

lib/common/collections/wp_timthumbs/detectable.rb

@@ -41,7 +41,7 @@ class WpTimthumbs < WpItems
 
       %w{
         timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
-        scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+        scripts/timthumb.php tools/timthumb.php functions/timthumb.php thumb.php
       }.each do |path|
         wp_timthumb.path = "$wp-content$/themes/#{theme_name}/#{path}"
 

lib/common/common_helper.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-LIB_DIR              = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+LIB_DIR              = File.expand_path(File.join(__dir__, '..'))
 ROOT_DIR             = File.expand_path(File.join(LIB_DIR, '..')) # expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
 DATA_DIR             = File.join(ROOT_DIR, 'data')
 CONF_DIR             = File.join(ROOT_DIR, 'conf')
@@ -11,7 +11,7 @@ COMMON_LIB_DIR       = File.join(LIB_DIR, 'common')
 MODELS_LIB_DIR       = File.join(COMMON_LIB_DIR, 'models')
 COLLECTIONS_LIB_DIR  = File.join(COMMON_LIB_DIR, 'collections')
 
-LOG_FILE             = File.join(ROOT_DIR, 'log.txt')
+DEFAULT_LOG_FILE     = File.join(ROOT_DIR, 'log.txt')
 
 # Plugins directories
 COMMON_PLUGINS_DIR   = File.join(COMMON_LIB_DIR, 'plugins')
@@ -30,7 +30,7 @@ LAST_UPDATE_FILE  = File.join(DATA_DIR, '.last_update')
 
 MIN_RUBY_VERSION = '2.1.9'
 
-WPSCAN_VERSION = '2.9.1'
+WPSCAN_VERSION = '2.9.3'
 
 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -96,7 +96,9 @@ end
 
 def update_required?
   date = last_update
-  (true if date.nil?) or (date < 5.days.ago)
+  day_seconds = 24 * 60 * 60
+  five_days_ago = Time.now - (5 * day_seconds)
+  (true if date.nil?) or (date < five_days_ago)
 end
 
 # Define colors
@@ -151,7 +153,7 @@ def banner
   puts '_______________________________________________________________'
   puts '        __          _______   _____                  '
   puts '        \\ \\        / /  __ \\ / ____|                 '
-  puts '         \\ \\  /\\  / /| |__) | (___   ___  __ _ _ __  '
+  puts '         \\ \\  /\\  / /| |__) | (___   ___  __ _ _ __ ®'
   puts '          \\ \\/  \\/ / |  ___/ \\___ \\ / __|/ _` | \'_ \\ '
   puts '           \\  /\\  /  | |     ____) | (__| (_| | | | |'
   puts '            \\/  \\/   |_|    |_____/ \\___|\\__,_|_| |_|'

lib/common/db_updater.rb

@@ -101,7 +101,7 @@ class DbUpdater
         puts "  [i] Database File Checksum  : #{db_checksum}" if verbose
 
         unless dl_checksum == db_checksum
-          fail "#{filename}: checksums do not match (local: #{dl_checksum} remote: #{db_checksum})"
+          raise ChecksumError.new(File.read(local_file_path(filename))), "#{filename}: checksums do not match (local: #{dl_checksum} remote: #{db_checksum})"
         end
       rescue => e
         puts '  [i] Restoring Backup due to error' if verbose

lib/common/errors.rb

@@ -31,3 +31,11 @@ class DownloadError < HttpError
     "Unable to get #{failure_details}"
   end
 end
+
+class ChecksumError < StandardError
+  attr_reader :file
+
+  def initialize(file)
+    @file = file
+  end
+end

lib/common/hacks.rb

@@ -21,53 +21,12 @@ end
 def puts(o = '')
   if $log && o.respond_to?(:gsub)
     temp = o.gsub(/\e\[\d+m/, '') # remove color for logging
-    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
+    File.open($log, 'a+') { |f| f.puts(temp) }
   end
 
   super(o)
 end
 
-module Terminal
-  class Table
-    def render
-      separator = Separator.new(self)
-      buffer = [separator]
-      unless @title.nil?
-        buffer << Row.new(self, [title_cell_options])
-        buffer << separator
-      end
-      unless @headings.cells.empty?
-        buffer << @headings
-        buffer << separator
-      end
-      buffer += @rows
-      buffer << separator
-      buffer.map { |r| style.margin_left + r.render }.join("\n")
-    end
-    alias :to_s :render
-
-    class Style
-      @@defaults = {
-        :border_x => '-', :border_y => '|', :border_i => '+',
-        :padding_left => 1, :padding_right => 1,
-        :margin_left => '',
-        :width => nil, :alignment => nil
-      }
-
-      attr_accessor :margin_left
-      attr_accessor :border_x
-      attr_accessor :border_y
-      attr_accessor :border_i
-
-      attr_accessor :padding_left
-      attr_accessor :padding_right
-
-      attr_accessor :width
-      attr_accessor :alignment
-    end
-  end
-end
-
 class Numeric
   def bytes_to_human
     units = %w{B KB MB GB TB}
@@ -76,16 +35,3 @@ class Numeric
     s.sub(/\.?0*$/, ' ' + units[e])
   end
 end
-
-# time calculations
-class Fixnum
-  SECONDS_IN_DAY = 24 * 60 * 60
-
-  def days
-    self * SECONDS_IN_DAY
-  end
-
-  def ago
-    Time.now - self
-  end
-end

lib/common/models/wp_item.rb

@@ -51,7 +51,7 @@ class WpItem
   end
 
   def last_updated
-    db_data['last_ipdated']
+    db_data['last_updated']
   end
 
   def popular?

lib/common/models/wp_item/findable.rb

@@ -9,8 +9,7 @@ class WpItem
   #
   # @return [ void ]
   def found_from=(method)
-    found       = method[%r{find_from_(.*)}, 1]
-    @found_from = found.gsub('_', ' ') if found
+    @found_from = method.to_s.gsub(/find_from_/, '').gsub(/_/, ' ')
   end
 
   module Findable

lib/common/models/wp_theme/findable.rb

@@ -11,7 +11,7 @@ class WpTheme < WpItem
     def find(target_uri)
       methods.grep(/^find_from_/).each do |method|
         if wp_theme = self.send(method, target_uri)
-          wp_theme.found_from = method
+          wp_theme.found_from = method.to_s
 
           return wp_theme
         end

lib/common/models/wp_user/brute_forcable.rb

@@ -28,9 +28,18 @@ class WpUser < WpItem
       queue_count  = 0
       found        = false
 
-      create_progress_bar(count_file_lines(wordlist)+1, options)
+      if wordlist == '-'
+        words = ARGF
+        passwords_size = 10
+        options[:starting_at] = 0
+      else
+        words = File.open(wordlist)
+        passwords_size = count_file_lines(wordlist)+1
+      end
 
-      File.open(wordlist).each do |password|
+      create_progress_bar(passwords_size, options)
+
+      words.each do |password|
         password.chomp!
 
         # A successfull login will redirect us to the redirect_to parameter
@@ -43,7 +52,13 @@ class WpUser < WpItem
         request = login_request(password, redirect_url)
 
         request.on_complete do |response|
-          progress_bar.progress += 1 if options[:show_progression] && !found
+          if options[:show_progression] && !found
+            progress_bar.progress += 1
+            percentage = progress_bar.progress.fdiv(progress_bar.total)
+            if options[:starting_at] && percentage >= 0.8
+              progress_bar.total *= 2
+            end
+          end
 
           progress_bar.log("  Trying Username: #{login} Password: #{password}") if options[:verbose]
 
@@ -79,7 +94,8 @@ class WpUser < WpItem
         @progress_bar = ProgressBar.create(
           format: '%t %a <%B> (%c / %C) %P%% %e',
           title: "  Brute Forcing '#{login}'",
-          total: passwords_size
+          total: passwords_size,
+          starting_at: options[:starting_at]
         )
       end
     end
@@ -118,7 +134,7 @@ class WpUser < WpItem
       elsif response.code.to_s =~ /^50/
         progression = critical('ERROR: Server error, try reducing the number of threads or use the --throttle option.')
       else
-        progression = critical("ERROR: We received an unknown response for #{password}...")
+        progression = critical("ERROR: We received an unknown response for login: #{login} and password: #{password}")
         verbose     = critical("  Code: #{response.code}\n    Body: #{response.body}\n")
       end
 

lib/common/models/wp_version.rb

@@ -41,8 +41,11 @@ class WpVersion < WpItem
     json = json(db_file)
 
     metadata = {}
-    metadata[:release_date]  = json[version]['release_date']
-    metadata[:changelog_url] = json[version]['changelog_url']
+    temp = json[version]
+    if !temp.nil?
+      metadata[:release_date]  = temp['release_date']
+      metadata[:changelog_url] = temp['changelog_url']
+    end
     metadata
   end
 end

lib/common/models/wp_version/findable.rb

@@ -12,6 +12,7 @@ class WpVersion < WpItem
     #
     # @return [ WpVersion ]
     def find(target_uri, wp_content_dir, wp_plugins_dir, versions_xml)
+      versions = {}
       methods.grep(/^find_from_/).each do |method|
 
         if method === :find_from_advanced_fingerprinting
@@ -21,9 +22,21 @@ class WpVersion < WpItem
         end
 
         if version
-          return new(target_uri, number: version, found_from: method)
+          if versions.key?(version)
+            versions[version] << method.to_s
+          else
+            versions[version] = [ method.to_s ]
+          end
         end
       end
+
+      if versions.length > 0
+        determined_version = versions.max_by { |k, v| v.length }
+        if determined_version
+          return new(target_uri, number: determined_version[0], found_from: determined_version[1].join(', '))
+        end
+      end
+
       nil
     end
 
@@ -199,7 +212,12 @@ class WpVersion < WpItem
 
           next if attr_value.nil? || attr_value.empty?
 
-          uri = Addressable::URI.parse(attr_value)
+          begin
+            uri = Addressable::URI.parse(attr_value)
+          rescue Addressable::URI::InvalidURIError
+            next
+          end
+
           next unless uri.query && uri.query.match(pattern)
 
           version = Regexp.last_match[1].to_s

lib/common/models/wp_version/output.rb

@@ -12,7 +12,7 @@ class WpVersion < WpItem
         puts " | Released: #{metadata[:release_date]}"
         puts " | Changelog: #{metadata[:changelog_url]}"
       else
-        puts info("WordPress version #{self.number} identified from #{self.found_from} #{"(Released on #{metadata[:release_date]})" if metadata[:release_date]}")
+        puts info("WordPress version #{self.number} #{"(Released on #{metadata[:release_date]}) identified from #{self.found_from}" if metadata[:release_date]}")
       end
 
       vulnerabilities = self.vulnerabilities

lib/environment.rb

@@ -14,16 +14,15 @@ Encoding.default_external = Encoding::UTF_8
 
 begin
   # Standard libs
+  require 'readline'
   require 'bundler/setup' unless kali_linux?
   require 'getoptlong'
   require 'optparse' # Will replace getoptlong
   require 'uri'
   require 'time'
   require 'resolv'
-  require 'xmlrpc/client'
   require 'digest/md5'
   require 'digest/sha1'
-  require 'readline'
   require 'base64'
   require 'rbconfig'
   require 'pp'

lib/wpscan/web_site.rb

@@ -21,6 +21,29 @@ class WebSite
     @uri.to_s
   end
 
+  # Checks if the remote website has ssl errors
+  def ssl_error?
+    return false unless @uri.scheme == 'https'
+    c = get_root_path_return_code
+    # http://www.rubydoc.info/github/typhoeus/ethon/Ethon/Easy:return_code
+    return (
+      c == :ssl_connect_error ||
+      c == :peer_failed_verification ||
+      c == :ssl_certproblem ||
+      c == :ssl_cipher ||
+      c == :ssl_cacert ||
+      c == :ssl_cacert_badfile ||
+      c == :ssl_issuer_error ||
+      c == :ssl_crl_badfile ||
+      c == :ssl_engine_setfailed ||
+      c == :ssl_engine_notfound
+    )
+  end
+
+  def get_root_path_return_code
+    Browser.get(@uri.to_s).return_code
+  end
+
   # Checks if the remote website is up.
   def online?
     Browser.get(@uri.to_s).code != 0
@@ -68,15 +91,18 @@ class WebSite
   end
 
   # Compute the MD5 of the page
-  # Comments are deleted from the page to avoid cache generation details
+  # Comments and scripts are deleted from the page to avoid cache generation details
   #
   # @param [ String, Typhoeus::Response ] page The url of the response of the page
   #
   # @return [ String ] The MD5 hash of the page
   def self.page_hash(page)
     page = Browser.get(page, { followlocation: true, cache_ttl: 0 }) unless page.is_a?(Typhoeus::Response)
-
-    Digest::MD5.hexdigest(page.body.gsub(/<!--.*?-->/m, ''))
+    # remove comments
+    page = page.body.gsub(/<!--.*?-->/m, '')
+    # remove javascript stuff
+    page = page.gsub(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/m, '')
+    Digest::MD5.hexdigest(page)
   end
 
   def homepage_hash

lib/wpscan/wp_target.rb

@@ -155,6 +155,21 @@ class WpTarget < WebSite
     resp.code == 200 && resp.body[%r{by interconnect}i]
   end
 
+  # Script used to recover locked out admin users
+  # http://yoast.com/emergency-wordpress-access/
+  # https://codex.wordpress.org/User:MichaelH/Orphaned_Plugins_needing_Adoption/Emergency
+  #
+  # @return [ String ]
+  def emergency_url
+    @uri.merge('emergency.php').to_s
+  end
+
+  # @return [ Boolean ]
+  def emergency_exists?
+    resp = Browser.get(emergency_url)
+    resp.code == 200 && resp.body[%r{password}i]
+  end
+
   def upload_directory_listing_enabled?
     directory_listing_enabled?(upload_dir_url)
   end

lib/wpscan/wpscan_helper.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-require File.expand_path(File.dirname(__FILE__) + '/../common/common_helper')
+require File.expand_path(File.join(__dir__, '..', 'common', 'common_helper'))
 
 require_files_from_directory(WPSCAN_LIB_DIR, '**/*.rb')
 
@@ -84,12 +84,17 @@ def help
   puts '                                    You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).'
   puts '--config-file  | -c <config file>   Use the specified config file, see the example.conf.json.'
   puts '--user-agent   | -a <User-Agent>    Use the specified User-Agent.'
-  puts '--cookie <String>                   String to read cookies from.'
+  puts '--cookie <string>                   String to read cookies from.'
   puts '--random-agent | -r                 Use a random User-Agent.'
   puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
   puts '--batch                             Never ask for user input, use the default behaviour.'
   puts '--no-color                          Do not use colors in the output.'
-  puts '--wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it.'
+  puts '--log [filename]                    Creates a log.txt file with WPScan\'s output if no filename is supplied. Otherwise the filename is used for logging.'
+  puts '--no-banner                         Prevents the WPScan banner from being displayed.'
+  puts '--disable-accept-header             Prevents WPScan sending the Accept HTTP header.'
+  puts '--disable-referer                   Prevents setting the Referer header.'
+  puts '--disable-tls-checks                Disables SSL/TLS certificate verification.'
+  puts '--wp-content-dir <wp content dir>   WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specify it.'
   puts '                                    Subdirectories are allowed.'
   puts '--wp-plugins-dir <wp plugins dir>   Same thing than --wp-content-dir but for the plugins directory.'
   puts '                                    If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed'
@@ -100,10 +105,11 @@ def help
   puts '--wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.'
   puts '--username | -U <username>          Only brute force the supplied username.'
   puts '--usernames     <path-to-file>      Only brute force the usernames from the file.'
-  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
+  puts '--cache-dir       <cache-directory> Set the cache directory.'
   puts '--cache-ttl       <cache-ttl>       Typhoeus cache TTL.'
   puts '--request-timeout <request-timeout> Request Timeout.'
   puts '--connect-timeout <connect-timeout> Connect Timeout.'
+  puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
   puts '--max-threads     <max-threads>     Maximum Threads.'
   puts '--throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.'
   puts '--help     | -h                     This help screen.'

lib/wpscan/wpscan_options.rb

@@ -43,7 +43,11 @@ class WpscanOptions
     :connect_timeout,
     :max_threads,
     :no_banner,
-    :throttle
+    :throttle,
+    :disable_accept_header,
+    :disable_referer,
+    :cache_dir,
+    :disable_tls_checks
   ]
 
   attr_accessor *ACCESSOR_OPTIONS
@@ -71,7 +75,7 @@ class WpscanOptions
   end
 
   def wordlist=(wordlist)
-    if File.exists?(wordlist)
+    if File.exists?(wordlist) || wordlist == '-'
       @wordlist = wordlist
     else
       raise "The file #{wordlist} does not exist"
@@ -148,11 +152,6 @@ class WpscanOptions
     end
   end
 
-  def basic_auth=(basic_auth)
-    raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil?
-    @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
-  end
-
   def debug_output=(debug_output)
     Typhoeus::Config.verbose = debug_output
   end
@@ -208,7 +207,9 @@ class WpscanOptions
 
       enumerate_options_from_string(cli_value)
     else
-      raise "Unknow option : #{cli_option} with value #{cli_value}"
+      text = "Unknown option : #{cli_option}"
+      text << " with value #{cli_value}" if (cli_value && !cli_value.empty?)
+      raise text
     end
   end
 
@@ -280,9 +281,13 @@ class WpscanOptions
       ['--batch', GetoptLong::NO_ARGUMENT],
       ['--no-color', GetoptLong::NO_ARGUMENT],
       ['--cookie', GetoptLong::REQUIRED_ARGUMENT],
-      ['--log', GetoptLong::NO_ARGUMENT],
+      ['--log', GetoptLong::OPTIONAL_ARGUMENT],
       ['--no-banner', GetoptLong::NO_ARGUMENT],
-      ['--throttle', GetoptLong::REQUIRED_ARGUMENT]
+      ['--throttle', GetoptLong::REQUIRED_ARGUMENT],
+      ['--disable-accept-header', GetoptLong::NO_ARGUMENT],
+      ['--disable-referer', GetoptLong::NO_ARGUMENT],
+      ['--cache-dir', GetoptLong::REQUIRED_ARGUMENT],
+      ['--disable-tls-checks', GetoptLong::NO_ARGUMENT],
     )
   end
 

spec/lib/common/browser_spec.rb

@@ -124,11 +124,10 @@ describe Browser do
   describe '#merge_request_params' do
     let(:params)              { {} }
     let(:cookie_jar)          { CACHE_DIR + '/browser/cookie-jar' }
+    let(:user_agent)          { 'SomeUA' }
     let(:default_expectation) {
       {
         cache_ttl: 250,
-        headers: { 'User-Agent' => 'SomeUA' },
-        ssl_verifypeer: false, ssl_verifyhost: 0,
         cookiejar: cookie_jar, cookiefile: cookie_jar,
         timeout: 60, connecttimeout: 10,
         maxredirs: 3,
@@ -137,16 +136,25 @@ describe Browser do
     }
 
     after :each do
-      browser.user_agent = 'SomeUA'
+      browser.user_agent = user_agent
       browser.cache_ttl = 250
 
       expect(browser.merge_request_params(params)).to eq @expected
+      expect(Typhoeus::Config.user_agent).to eq user_agent
     end
 
     it 'sets the User-Agent header field and cache_ttl' do
       @expected = default_expectation
     end
 
+    context 'when @user_agent' do
+      let(:user_agent) { 'test' }
+
+      it 'sets the User-Agent' do
+        @expected = default_expectation
+      end
+    end
+
     context 'when @proxy' do
       let(:proxy) { '127.0.0.1:9050' }
       let(:proxy_expectation) { default_expectation.merge(proxy: proxy) }
@@ -177,7 +185,7 @@ describe Browser do
       it 'appends the basic_auth' do
         browser.basic_auth  = 'user:pass'
         @expected           = default_expectation.merge(
-          headers: default_expectation[:headers].merge('Authorization' => 'Basic ' + Base64.encode64('user:pass').chomp)
+          headers: { 'Authorization' => 'Basic ' + Base64.encode64('user:pass').chomp }
         )
       end
     end
@@ -206,6 +214,13 @@ describe Browser do
         @expected = default_expectation.merge(cookie: cookie)
       end
     end
+
+    context 'when @disable_tls_checks' do
+      it 'disables tls checks' do
+        browser.disable_tls_checks = true
+        @expected = default_expectation.merge(ssl_verifypeer: 0, ssl_verifyhost: 0)
+      end
+    end
   end
 
   describe '#forge_request' do

spec/lib/common/collections/wp_items_spec.rb

@@ -18,7 +18,7 @@ describe WpItems do
         vulnerable_targets_items: [ WpItem.new(uri, name: 'mr-smith'),
                                     WpItem.new(uri, name: 'neo')],
 
-        passive_detection: (1..13).reduce(WpItems.new) { |o, i| o << WpItem.new(uri, name: "detect-me-#{i}") }
+        passive_detection: (1..15).reduce(WpItems.new) { |o, i| o << WpItem.new(uri, name: "detect-me-#{i}") }
       }
     end
   end

spec/lib/common/collections/wp_plugins/detectable_spec.rb

@@ -100,6 +100,13 @@ describe 'WpPlugins::Detectable' do
           expected.add('all-in-one-seo-pack', version: '2.0.3.1')
         end
       end
+
+      context 'when google-universal-analytics detected' do
+        it 'returns google-universal-analytics' do
+          @body = '<!-- Google Universal Analytics for WordPress v2.4.2 -->'
+          expected.add('google-universal-analytics', version: '2.4.2')
+        end
+      end
     end
   end
 

spec/lib/common/collections/wp_timthumbs/detectable_spec.rb

@@ -28,7 +28,7 @@ describe 'WpTimthumbs::Detectable' do
     expected = []
     %w(
       timthumb.php lib/timthumb.php inc/timthumb.php includes/timthumb.php
-      scripts/timthumb.php tools/timthumb.php functions/timthumb.php
+      scripts/timthumb.php tools/timthumb.php functions/timthumb.php thumb.php
     ).each do |file|
       path = "$wp-content$/themes/#{theme_name}/#{file}"
       expected << WpTimthumb.new(uri, path: path)

spec/lib/common/models/wp_version/findable_spec.rb

@@ -159,6 +159,22 @@ describe 'WpVersion::Findable' do
     end
   end
 
+  describe '::find_from_stylesheets_numbers' do
+    after do
+      fixture = fixtures_dir + 'stylesheet_numbers' + @fixture
+      stub_request_to_fixture(url: uri, fixture: fixture)
+
+      expect(WpVersion.send(:find_from_stylesheets_numbers, uri)).to eq @expected
+    end
+
+    context 'invalid url' do
+      it 'returns nil' do
+        @fixture = '/invalid_url.html'
+        @expected = nil
+      end
+    end
+  end
+
   describe '::find' do
     # Stub all WpVersion::find_from_* to return nil
     def stub_all_to_nil

spec/lib/common/version_compare_spec.rb

@@ -160,6 +160,11 @@ describe 'VersionCompare' do
         @version1 = '.47'
         @version2 = '.50.3'
       end
+
+      it 'returns true' do
+        @version1 = '2.5.9'
+        @version2 = '2.5.10'
+      end
     end
 
     context 'version checked is older' do

spec/lib/wpscan/web_site_spec.rb

@@ -176,6 +176,17 @@ describe 'WebSite' do
         @expected = "yolo\n\n\nworld!"
       end
     end
+
+    context 'when there are scripts' do
+      let(:page) {
+        body = "yolo\n\n<script type=\"text/javascript\">alert('Hi');</script>\nworld!"
+        Typhoeus::Response.new(body: body)
+      }
+
+      it 'removes them' do
+        @expected = "yolo\n\n\nworld!"
+      end
+    end
   end
 
   describe '#homepage_hash' do

spec/lib/wpscan/wp_target_spec.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
+require File.expand_path(File.join(__dir__, 'wpscan_helper'))
 
 describe WpTarget do
   subject(:wp_target) { WpTarget.new(target_url, options) }
@@ -192,4 +192,27 @@ describe WpTarget do
     end
   end
 
+  describe '#emergency_url' do
+    it 'returns the correct url' do
+      expect(wp_target.emergency_url).to eq 'http://example.localhost/emergency.php'
+    end
+  end
+
+  describe '#emergency_exists?' do
+    it 'returns true' do
+      stub_request(:any, wp_target.emergency_url).to_return(status: 200, body: 'enter your password here')
+      expect(wp_target.emergency_exists?).to be_truthy
+    end
+
+    it 'returns false' do
+      stub_request(:any, wp_target.emergency_url).to_return(status: 500)
+      expect(wp_target.emergency_exists?).to be_falsey
+    end
+
+    it 'returns false' do
+      stub_request(:any, wp_target.emergency_url).to_return(status: 500, body: 'enter your password here')
+      expect(wp_target.emergency_exists?).to be_falsey
+    end
+  end
+
 end

spec/lib/wpscan/wpscan_options_spec.rb

@@ -1,6 +1,6 @@
 # encoding: UTF-8
 
-require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
+require File.expand_path(File.join(__dir__, 'wpscan_helper'))
 
 describe 'WpscanOptions' do
 
@@ -186,23 +186,6 @@ describe 'WpscanOptions' do
     end
   end
 
-  describe '#basic_auth=' do
-    context 'invalid format' do
-      it 'should raise an error if the : is missing' do
-        expect { @wpscan_options.basic_auth = 'helloworld' }.to raise_error(
-          RuntimeError, 'Invalid basic authentication format, login:password expected'
-        )
-      end
-    end
-
-    context 'valid format' do
-      it "should add the 'Basic' word and do the encode64. See RFC 2617" do
-        @wpscan_options.basic_auth = 'Aladdin:open sesame'
-        expect(@wpscan_options.basic_auth).to eq 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
-      end
-    end
-  end
-
   describe '#has_options?' do
     it 'should return false' do
       expect(@wpscan_options.has_options?).to be_falsey

spec/samples/common/collections/wp_items/detectable/passive_detection.html

@@ -19,6 +19,8 @@
 
   <script type='text/javascript' src='//wp-content/items/detect-me-5/main.js'></script>
 
+  <link rel='stylesheet' id='ai1ec_style-css'  href='//example.com/wp-content/items/detect-me-15/test.css' type='text/css' media='all' />
+
   <style type="text/css">
     #fancybox-loading.fancybox-ie div {
       background: transparent;
@@ -32,6 +34,7 @@
     @import url('/wp-content/items/detect-me-8/css/datatables.css?ver=1.9.4');
     @import url(/wp-content/items/detect-me-9/css/datatables.css?ver=1.9.4);
     @import url(//wp-content/items/detect-me-10/css/datatables.css?ver=1.9.4);
+    @import url(//example.com/wp-content/items/detect-me-14/css/datatables.css?ver=1.9.4);
     /* ]]> */
   </style>
 

spec/samples/common/models/wp_item/versionable/wp-maintenance-mode.txt

@@ -0,0 +1,413 @@
+=== WP Maintenance Mode ===
+Contributors: Designmodo, GeorgeJipa
+Plugin Name: WP Maintenance Mode
+Plugin URI: http://designmodo.com/
+Author: Designmodo
+Author URI: http://designmodo.com/
+Tags: maintenance mode, admin, administration, unavailable, coming soon, multisite, landing page, under construction, contact form, subscribe, countdown
+Requires at least: 3.5
+Tested up to: 4.7
+License: GPL-2.0+
+
+Adds a splash page to your site that lets visitors know your site is down for maintenance. It's perfect for a coming soon page.
+
+== Description ==
+
+Add a maintenance page to your blog that lets visitors know your blog is down for maintenance, or add a coming soon page for a new website. User with admin rights gets full access to the blog including the front end.
+
+Activate the plugin and your blog is in maintenance-mode, works and only registered users with enough rights can see the front end. You can use a date with a countdown timer for visitor information or set a value and unit for information.
+Also works with WordPress Multisite installs (each blog from the network has it's own maintenance settings).
+
+= Features =
+
+* Fully customizable (change colors, texts and backgrounds);
+* Subscription form (export emails to .csv file);
+* Countdown timer (remaining time);
+* Contact form (receive emails from visitors);
+* Coming soon page;
+* Landing page templates;
+* WordPress multisite;
+* Responsive design;
+* Social media icons;
+* Works with any WordPress theme;
+* SEO options;
+* Exclude URLs from maintenance.
+
+= Bugs, technical hints or contribute =
+
+Please give us feedback, contribute and file technical bugs on [GitHub Repo](https://github.com/Designmodocom/WP-Maintenance-Mode).
+
+= Credits =
+
+Developed by [Designmodo](http://designmodo.com) & [StrictThemes – WordPress Themes](http://strictthemes.com/)
+
+== Installation ==
+
+1. Unpack the download package
+2. Upload all files to the `/wp-content/plugins/` directory, include folders
+3. Activate the plugin through the 'Plugins' menu in WordPress
+4. Go to `Settings` page, where you can change what settings you need (pay attention to **Exclude** option!)
+
+== Screenshots ==
+
+1. Maintenance Mode example
+2. Maintenance Mode example #2
+3. Contact form
+4. Dashboard General settings
+5. Dashboard Design settings
+6. Dashboard Modules settings
+
+== Frequently Asked Questions ==
+
+= How to use plugin filters =
+See [GitHub Repo] (https://github.com/Designmodocom/WP-Maintenance-Mode) FAQ.
+
+= Cache Plugin Support =
+WP Maintenance Mode can be unstable due the cache plugins, we recommend to deactivate any cache plugin when maintenance mode is active.
+
+= Exclude list =
+If you change your login url, please add the new slug (url: http://domain.com/newlogin, then you should add: newlogin) to Exclude list from plugin settings -> General Tab.
+
+== Changelog ==
+
+= 2.0.9 (29/11/2016) =
+* new hook (`wpmm_after_body`) in maintenance mode template (thanks @ [Karolína Vyskočilová](https://github.com/vyskoczilova))
+* pt_PT (portuguese) language update (thanks @ [Pedro Mendonça](https://github.com/pedro-mendonca))
+* maintenance mode template can also be loaded from theme/child-theme folder (thanks @ [Florian Tiar](https://github.com/Mahjouba91) and [Lachlan Heywood](https://github.com/lachieh))
+* new hooks for contact form (if you want to add new fields): `wpmm_contact_form_start`, `wpmm_contact_form_before_message`, `wpmm_contact_form_after_message`, `wpmm_contact_form_end`
+* new hook for contact form validation (if you want to validate new fields): `wpmm_contact_validation`
+* new hooks for contact form template (if you want to display new fields): `wpmm_contact_template_start`, `wpmm_contact_template_before_message`, `wpmm_contact_template_after_message`, `wpmm_contact_template_end`
+* some javascript improvements
+* small css fix for contact form (thanks @ [frontenddev](https://wordpress.org/support/topic/please-fix-modal-window-of-contact-form/))
+
+= 2.0.8 (09/09/2016) =
+* add wp_scripts() function (in helpers.php) to maintain backward compatibility (for those with WP < 4.2.0)
+* css fix for subscribe button on maintenance page
+* fix multisite administrator access issue
+* pt_PT (portuguese) language update (thanks @ Pedro Mendonça)
+* new hooks for Contact module: `wpmm_contact_template`, `wpmm_contact_subject`, `wpmm_contact_headers`
+* jQuery (google cdn) path fix when SCRIPT_DEBUG is true
+
+= 2.0.7 (06/07/2016) =
+* reset_settings _wpnonce check (thanks # Wordfence)
+* modules > google analytics code sanitization (thanks @ Wordfence)
+* move sidebar banners from our servers to plugin folder... as WordPress staff requested
+* Subscribe button error on Mobile version (thanks @ Hostílio Thumbo)
+* replace $wp_scripts global with wp_scripts() function
+* de_DE language file update (thanks @ tt22tt)
+
+= 2.0.6 (20/06/2016) =
+* notifications update
+* languages update
+
+= 2.0.5 (17/06/2016) =
+* roles (array) fix
+
+= 2.0.4 (17/06/2016) =
+* fixed issue: responsive subscribe form
+* fixed issue: jQuery was loaded from a different folder on some WP installations
+* fixed issue: errors after update (strstr on empty strings because of saving empty lines on exclude list)
+* fixed issue: if "Redirection" from "General" tab is active, also redirects ajax calls
+* fixed issue: settings page title was wrong placed
+* "contact" feature update - nice email template + reply-to email header
+* refactoring for some methods
+* all assets are now minified
+* rewrite count db records function (used on subscribers count)
+* compatible with https://github.com/afragen/github-updater
+* compatible with wp-cli http://wp-cli.org/
+* improved responsivity
+* improved roles access; now you can set multiple roles (editor, author, subscriber, contributor) and administrator will always have access to backend and frontend
+* it_IT translation by benedettogit (https://github.com/benedettogit)
+* updated all language files (need help for 100% translation)
+
+
+= 2.0.3 (07/10/2014) =
+* WP_Super_Cache issue was fixed
+* fixed "Subscribe" button issue on Safari mobile
+* fixed color of subscribe-success message (same color as subscribe_text)
+* "Social networks" module edits: settings for links target + a new social network: linkedin
+* new module "Google Analytics"
+* loginform shortcode reintroduced
+* dashboard link on maintenance page reintroduced
+* the content editor accepts new css inline properties: min-height, max-height, min-width, max-width. Use them wisely! :)
+* Settings & sidebar view + old translation files edited
+* Update from old version 1.x to 2.x issue was fixed
+* Translate on activation issue was fixed
+* de_DE translation by Frank Bültge (http://bueltge.github.io/)
+* pt_PT translation (100% translated) by Pedro Mendonça (http://www.pedromendonca.pt)
+* ru_RU translation (100% translated) by affectiosus (https://github.com/affectiosus)
+* nl_NL translation by dhunink (https://github.com/dhunink)
+* es_ES translation (100% translated) by Erick Ruiz de Chavez (http://erickruizdechavez.com/)
+* fr_FR translation by Florian TIAR (https://github.com/Mahjouba91)
+* pt_BR translation by Jonatas Araújo (http://www.designworld.com.br/)
+* sv_SE translation by Andréas Lundgren (http://adevade.com/)
+
+= 2.0.2 (04/09/2014) =
+* Removed "Author Link" option from General
+* Countdown - save details fix
+
+= 2.0.1 (02/09/2014) =
+* Reintroduced some deprecated actions from old version (but still available in next 4 releases, after that will be removed) and replaced with new ones:
+- `wm_head` -> `wpmm_head`
+- `wm_footer` -> `wpmm_footer`
+* Multisite settings link fix
+* WP_Maintenance_Mode: init (array checking for custom_css arrays, move delete cache part into a helper, etc.), add_subscriber, send_contact, redirect fixes & optimizations
+* WP_Maintenance_Mode_Admin: save_plugin_settings fixes, delete_cache (new method)
+* Settings & Maintenance views fixes
+* Readme.txt changes
+
+= 2.0.0 (01/09/2014) =
+* Changed design and functionality, new features
+* Changed multisite behaviour: now you can activate maintenance individually (each blog from the network has it's own maintenance settings)
+* Removed actions: `wm_header`, `wm_footer`, `wm_content`
+* Removed filters: `wm_header`
+* Removed [loginform] shortcode
+* Some filters are deprecated (but still available in next 4 releases, after that will be removed) and replaced with new ones:
+- `wm_heading` -> `wpmm_heading`,
+- `wp_maintenance_mode_status_code` -> `wpmm_status_code`
+- `wm_title` -> `wpmm_meta_title`
+- `wm_meta_author` -> `wpmm_meta_author`
+- `wm_meta_description` -> `wpmm_meta_description`
+- `wm_meta_keywords` -> `wpmm_meta_keywords`
+* Added new filters:
+- `wpmm_backtime` - can be used to change the backtime from page header
+- `wpmm_meta_robots` - can be used to change `Robots Meta Tag` option (from General)
+- `wpmm_text` - can be used to change `Text` option (from Design > Content)
+- `wpmm_scripts` - can be used to embed new javascripts files
+- `wpmm_styles` - can be used to embed new css files
+- `wpmm_search_bots` - if you have `Bypass for Search Bots` option (from General) activated, it can be used to add new bots (useragents)
+* Removed themes and now we have a "Design" & "Modules" tabs, where the look and functionality of the maintenance page can be changed as you need
+
+= 07/07/2014 =
+* Switch to new owner, contributor
+
+= 1.8.11 (07/25/2013) =
+* Fixes for php notices in scrict mode
+* Alternative for check url, if curl is not installed
+
+= 1.8.10 (07/18/2013) =
+* Add check for urls, Performance topics
+* Change default setting of 'Support Link' to false
+* Fix network settings php notices
+
+= 1.8.9 (06/20/2013) =
+* Allow empty header, title, heading string
+* Small code changes
+* Add Support function
+* Remove preview, will include later in a new release with extra settings page
+
+= 1.8.8 (06/05/2013) =
+* Fix path to localized flash content
+* Fix preview function
+* Add ukrainian translation
+* Add czech translation
+* Fix exclude function for IP
+* Security fix for save status via Ajax
+
+= 1.8.7 (04/07/2013) =
+* Add RTL support for splash page
+* Add Filter Hook `wp_maintenance_mode_status_code` Status Code; default is 503
+* Add support for custom splash page; leave a file with this name `wp-maintenance-mode.php`  in the wp-content; the plugin use this file
+  The plugin checks in `WP_CONTENT_DIR . '/wp-maintenance-mode.php'`
+* Small minor changes
+* Add filter for more date on splash page
+
+= 1.8.6 (02/22/2013) =
+* Remove log inside console for JS
+* Add support for time inside the countdown
+* Add filter hook `wm_meta_author`for the meta data author
+* Add filter hook `wm_meta_description` for custom description
+* Add filter hook `wm_meta_keywords`for custom meta keys
+
+= 1.8.5 (01/24/2013) =
+* Added new settings for hide, view notices about the active maintenance mode
+* Changes on source, codex
+* Fix PHP Notices [Support Thread](http://wordpress.org/support/topic/error-message-in-settings-1)
+* Change default settings, added ajax
+* Fix Preview function
+* Fix uninstall in WPMU
+* Small updates on styles for login form
+
+= 1.8.4 (12/06/2012) =
+* Fix for include JS in frontend to use countdown
+* Small mini fix for a php notice
+* Add charset on spalsh page for strange databases
+* Enhanced default exclude adresses
+* Add shortcode `[loginform]` for easy use a login form in splash page
+* Test with WordPress 3.5
+
+= 1.8.3 =
+* Fix for the forgotten update of JS-files; slow SVN :(
+* Minor Fixes
+
+= 1.8.2 =
+* Add different access for Frontend and Backend
+* Add Rewrite after Login for Frontend Access
+* Different small changes
+* Test for WP 3.5
+
+= 1.8.1 =
+* Add option for value of robots meta tag
+* Add option for optional admin login
+
+= 1.8.0 =
+* Include all scripts in backend via function
+* Update datepicker and countdown js
+* Supportet IP as exclude for see the frontend
+* Add support for flish cache od WP Super Cache and W3 Total Cache plugins
+* Fix for changes in WP 3.3 Multisite
+
+= 1.7.1 (12/05/2011) =
+* fix for WP smaller 3.2* on Network
+
+= 1.7.0 (12/02/2011) =
+* add functionalities to use in WP Multisite
+* remove message in header, current is not fixed the ticked in core and the message on Admin Bar an Notice is enough
+* check on WP 3.3RC1
+
+= 1.6.10 (08/30/2011) =
+* add hint in Admin Bar, if active
+* small changes for WP Codex
+
+= 1.6.9 (06/13/2011) =
+* Small fix for empty string on custom design
+
+= 1.6.8 (04/05/2011) =
+* Small changes on check for datepicker
+* Fix for Design monster
+
+= 1.6.7 (01/05/2011) =
+* Bugfix: new check for files for different themes; hope this fix the server errors
+* Bugfix: fix add default settings
+* Maintenance: different changes on the syntax
+* Feature: add check for Super Admin on WP Multisite; has allways the rights for access
+* Feature: now it is possible to exclude feed from maintenance mode
+* Maintenance: check with 3.0.4 and 3.1-RC2
+* Maintenance: update language file: .pot, de_DE
+* Bugfix: JavaScript error on Bulk Actions on plugins fixed
+* Maintenance: fix all notice, if set no values
+
+= 1.6.6. (10/09/2010) =
+* Maintenance: many changes on the code; $locale and hook in side frontend
+* Maintenance: change attribute_escaped to esc_attr with custom method for WP smaller 2.8
+* Maintenance: Update german language files
+* Feature: Shortcodes is now possible in the "Text" option
+* Feature: no cache header rewrite
+
+= 1.6.5 (09/16/2010) =
+* add new design "Chemistry" by [elmastudio.de](http://www.elmastudio.de/ "elmastudio.de")
+* changes for include methods od class for preview
+* changes the possibility for include of language specific flash files
+
+= 1.6.4 (09/13/2010) =
+* add preview functions
+* bugfix for list in wp-admin/plugins.php
+* remove datepicker.regional - dont work fine
+* different small changes
+* new language file .pot
+* add flash file and change on plugin for style "Animate" for spanish language
+
+= 1.6.3 (07/27/2010) =
+* bugfix to include stylesheet on maintenance mode message
+
+= 1.6.2 (07/08/2010) =
+* add functions for hint in the new UI of WP 3.0
+* add more WP Codex standard source
+* fix strings in the language and languages files
+* add datetimepicker-de
+
+= 1.6.1 (06/18/2010) =
+* fix a problem with https://; see [Ticket #13941](http://core.trac.wordpress.org/ticket/13941)
+
+= 1.6 (05/17/2010) =
+* bugfix for exclude sites
+
+= 1.5.9 (05/07/2010) =
+* change different points
+* add possibility to wotk with MySQLDumper
+
+= 1.5.8 (21/03/2010)=
+* fix exclude error
+* add textareas for heading and header fields
+
+= 1.5.7 (03/18/2010) =
+* block admin-area via role
+* add message for registered users with not enough rights
+* add message on login-page
+* different changes
+
+= 1.5.6 (02/25/2010) =
+* changes on css, site.php and different syntax on the plugin
+
+= 1.5.5 (02/23/2010) =
+* SORRY, small bug for the url to jQuery
+
+= 1.5.4 (02/23/2010) =
+* add time for countdown
+* changes for WP 3.0
+* changees on rights to see frontend
+
+= 1.5.3 (01/05/2010) =
+* Fix for JavaScript with WordPress 2.9
+* Add new custom fields for fronted: title, header, heading
+* Fix for setting userrole to see frontend
+* Change laguage files
+
+= 1.5.2 (01/04/2010) =
+* add user-role setting
+* correctly the de_DE language file
+
+= 1.5.1 (10/04/2009) =
+* add small fix
+* add language files (en_ES, ro_RO)
+
+= 1.5.0 (09/28/2009) =
+* add countdown
+* change options
+* change default options
+* add field for own adress to excerpt of the maintenance mode
+* etc.
+
+= 1.4.9 (07/09/2009) =
+* also ready for WordPress 2.6
+* add romanian language files
+* add italian language file by [Gianni Diurno](http://gidibao.net/ "Gianni Diurno")
+
+= 1.4.8 (03/09/2009) =
+* add design "Damask" by [Fabian Letscher](http://fabianletscher.de/ "Fabian Letscher")
+* add design "Lego" by [Alex Frison](http://www.afrison.com/ "Alex Frison")
+
+= 1.4.7 (26/08/2009) =
+* change doc-type to utf-8 without BOM
+
+= v1.4.6 (24/08/2009) =
+* add design "Animate (Flash)" by [Sebastian Schmiedel](http://www.cayou-media.de/ "Sebastian Schmiedel")
+* add new hook for add content `wm_content` to include flash on content
+* add frensh language files
+
+= v1.4.5 (19/08/2009) =
+* fix html string in text on frontend
+* add design "Paint" by [Marvin Labod](http://bugeyes.de/ "Marvin Labod")
+* add turkey language files
+
+= v1.4.4 (18/08/2009) =
+* add design "Chastely" by [Florian Andreas Vogelmaier](http://fv-web.de/ "Florian Andreas Vogelmaier")
+* add design "Only Typo" by [Robert Pfotenhauer](http://krautsuppe.de/ "Robert Pfotenhauer")
+
+= v1.4.3 (13/08/2009) =
+* add option for the Text
+* add option for active maintenance mode
+* add design "The FF Error" by [Thomas Meschke](http://www.lokalnetz.com/ "Thomas Meschke")
+* add design "Monster" by [Sebastian Sebald](http://www.backseatsurfer.de "Sebastian Sebald")
+
+= v1.4.2 (10/08/2009) =
+* add design "The Sun" by [Nicki Steiger](http://mynicki.net/ "Nicki Steiger")
+* now it is possible to add own css and add in settings the url to the css-file
+
+= v1.4.1 (07/08/2009) =
+* small html-fix
+
+= v1.4 (06/08/2009) =
+* complety new code
+* options menu
+* new designs by [David Hellmann](http://www.davidhellmann.com/ "David Hellmann")

spec/samples/common/models/wp_version/findable/stylesheet_numbers/invalid_url.html

@@ -0,0 +1,8 @@
+<script src="//use.typekit.net/h3 {
+    font-family: &#039;Century Gothic&#039;, CenturyGothic, AppleGothic, sans-serif;
+    font-size: 14px;
+    font-style: normal;
+    font-variant: normal;
+    font-weight: 500;
+    line-height: 15px;.js"></script><script>try{Typekit.load();}catch(e){}</script>
+