Ready for 2.9.4 release #1187

Multiple Features

.dockerignore

@@ -1,15 +1,18 @@
-git/
-bundle/
-.idea/
-.yardoc/
-cache/
-coverage/
-spec/
-dev/
 .*
-**/*.md
+bin/
+dev/
+spec/
 *.md
 Dockerfile
+
+## TEMP
+.idea/
+.yardoc/
+bundle/
+cache/
+coverage/
+git/
+**/*.md
 **/*.orig
 *.orig
 CREDITS

.gitignore

@@ -1,15 +1,21 @@
-cache
-coverage
+# WPScan (If not using ~/.wpscan/)
+cache/
+data/
+log.txt
+output.txt
+
+# WPScan (Deployment)
+debug.log
+rspec_results.html
+wordlist.txt
+
+# OS/IDE Rubbish
+coverage/
+.yardoc/
+.idea/
+*.sublime-*
+.*.swp
+.ash_history
 .bundle
 .DS_Store
-.DS_Store?
-*.sublime-*
-.idea
-.*.swp
-Gemfile.lock
-log.txt
-.yardoc
-debug.log
-wordlist.txt
-rspec_results.html
-data/
+.DS_Store?

.ruby-version

@@ -1 +1 @@
-2.3.1
+2.5.1

.travis.yml

@@ -10,11 +10,23 @@ rvm:
   - 2.2.4
   - 2.3.0
   - 2.3.1
+  - 2.3.2
+  - 2.3.3
+  - 2.4.1
+  - 2.4.2
+  - 2.5.0
+  - 2.5.1
+  - ruby-head
 before_install:
+  - "env"
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
+  - "gem install bundler"
+  - "gem regenerate_binstubs"
+  - "bundle --version"
 before_script:
-  - "unzip -o $TRAVIS_BUILD_DIR/data.zip -d $TRAVIS_BUILD_DIR"
-script: bundle exec rspec
+  - "unzip -o $TRAVIS_BUILD_DIR/data.zip -d $HOME/.wpscan/"
+script:
+  - "bundle exec rspec"
 notifications:
   email:
     - team@wpscan.org

CHANGELOG.md

@@ -1,6 +1,56 @@
 # Changelog
 ## Master
-[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.9.2...master)
+[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.9.4...master)
+
+## Version 2.9.4
+Released: 2018-06-15
+
+* Updated dependencies and required ruby version
+* Improved CLI output
+* Only show readme.html output when wp <= 4.8 #1127
+* Cleanup README.md
+* Fix bug "undefined method 'identifier' for nil:NilClass" #1149
+* Since WP 4.7 readme.html only shows major version #1152
+* Add checks for humans.txt and security.text (Thank you @g0tmi1k!)
+* Add offline database update support (Thank you @g0tmi1k!)
+* Check for API access and /wp-json/'s users output (Thank you @g0tmi1k!)
+* Add RSS author information (Thank you @g0tmi1k!)
+* Check HTTP status of each value in /robots.txt (Thank you @g0tmi1k!)
+* Follow any redirections (e.g. http -> https) (Thank you @g0tmi1k!)
+* Lots of other enhancements by @g0tmi1k & WPScan Team
+* Database export file enumeration.
+
+WPScan Database Statistics:
+* Total tracked wordpresses: 319
+* Total tracked plugins: 74896
+* Total tracked themes: 16666
+* Total vulnerable wordpresses: 305
+* Total vulnerable plugins: 1645
+* Total vulnerable themes: 286
+* Total wordpress vulnerabilities: 8327
+* Total plugin vulnerabilities: 2603
+* Total theme vulnerabilities: 352
+
+## Version 2.9.3
+Released: 2017-07-19
+
+* Updated dependencies and required ruby version
+* Made some changes so wpscan works in ruby 2.4
+* Added a Gemfile.lock to lock all dependencies
+* You can now pass a wordlist from stdin via "--wordlist -"
+* Improved version detection regexes
+* Added an optional paramter to --log to specify a filename
+
+WPScan Database Statistics:
+* Total tracked wordpresses: 251
+* Total tracked plugins: 68818
+* Total tracked themes: 15132
+* Total vulnerable wordpresses: 243
+* Total vulnerable plugins: 1527
+* Total vulnerable themes: 280
+* Total wordpress vulnerabilities: 5263
+* Total plugin vulnerabilities: 2406
+* Total theme vulnerabilities: 349
 
 ## Version 2.9.2
 Released: 2016-11-15

CREDITS

@@ -1,21 +0,0 @@
-**CREDITS**
-
-This file is used to state the individual WPScan Team members (core developers) and give credit to WPScan's other contributors. If you feel your name should be in here email team@wpscan.org.
-
-*WPScan Team*
-
-Erwan.LR - @erwan_lr - (Project Developer)
-Christian Mehlmauer - @_FireFart_ - (Project Developer)
-Peter van der Laan - pvdl - (Project Developer)
-Ryan Dewhurst - @ethicalhack3r (Project Lead)
-
-*Other Contributors*
-
-Henri Salo AKA fgeek - Reported lots of vulnerabilities
-Alip AKA Undead - alip.aswalid at gmail.com
-michee08 - Reported and gave potential solutions to bugs
-Callum Pember - Implemented proxy support - callumpember at gmail.com
-g0tmi1k - Additional timthumb checks + bug reports
-Melvin Lammerts - Reported a couple of fake vulnerabilities - melvin at 12k.nl
-Paolo Perego - @thesp0nge - Basic authentication
-Gianluca Brindisi - @gbrindisi - Ex Project Developer

Dockerfile

@@ -1,24 +1,37 @@
-FROM ruby:2.3-slim
-MAINTAINER WPScan Team <team@wpscan.org>
+FROM ruby:2.5-alpine
+LABEL maintainer="WPScan Team <team@wpscan.org>"
 
-RUN DEBIAN_FRONTEND=noninteractive && \
-  rm -rf /var/lib/apt/lists/* && \
-  apt-get update && \
-  apt-get --no-install-recommends -qq -y install curl git ca-certificates openssl libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev build-essential procps
+ARG BUNDLER_ARGS="--jobs=8 --without test"
 
-RUN useradd -d /wpscan wpscan
+# Add a new user
+RUN adduser -h /wpscan -g WPScan -D wpscan
+
+# Setup gems
 RUN echo "gem: --no-ri --no-rdoc" > /etc/gemrc
-RUN mkdir /wpscan
 
+COPY Gemfile /wpscan
+COPY Gemfile.lock /wpscan
+
+# Runtime dependencies
+RUN apk add --no-cache libcurl procps && \
+  # build dependencies
+  apk add --no-cache --virtual build-deps alpine-sdk ruby-dev libffi-dev zlib-dev && \
+  bundle install --system --gemfile=/wpscan/Gemfile $BUNDLER_ARGS && \
+  apk del --no-cache build-deps
+
+# Copy over data & set permissions
 COPY . /wpscan
-
-WORKDIR /wpscan
-
-RUN bundle install --without test
 RUN chown -R wpscan:wpscan /wpscan
 
+# Switch directory
+WORKDIR /wpscan
+
+# Switch users
 USER wpscan
+
+# Update WPScan
 RUN /wpscan/wpscan.rb --update --verbose --no-color
 
+# Run WPScan
 ENTRYPOINT ["/wpscan/wpscan.rb"]
 CMD ["--help"]

Gemfile

@@ -1,15 +1,16 @@
 source 'https://rubygems.org'
 
-gem 'typhoeus', '>=1.0.0'
-gem 'nokogiri', '>=1.6.7.2'
-gem 'addressable'
-gem 'yajl-ruby' # Better JSON parser regarding memory usage
+gem 'addressable', '>=2.5.0'
+gem 'nokogiri', '>=1.7.0.1'
+gem 'ruby-progressbar', '>=1.8.1'
+gem 'rubyzip', '>=1.2.1'
 gem 'terminal-table', '>=1.6.0'
-gem 'ruby-progressbar', '>=1.6.0'
+gem 'typhoeus', '>=1.1.2'
+gem 'yajl-ruby', '>=1.3.0' # Better JSON parser regarding memory usage
 
 group :test do
-  gem 'webmock', '>=1.17.2'
-  gem 'simplecov'
-  gem 'rspec', '>=3.3.0'
-  gem 'rspec-its'
+  gem 'webmock', '>=2.3.2'
+  gem 'simplecov', '>=0.13.0'
+  gem 'rspec', '>=3.5.0'
+  gem 'rspec-its', '>=1.2.0'
 end

Gemfile.lock

@@ -0,0 +1,71 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.3)
+    docile (1.3.1)
+    ethon (0.11.0)
+      ffi (>= 1.3.0)
+    ffi (1.9.25)
+    hashdiff (0.3.7)
+    json (2.1.0)
+    mini_portile2 (2.3.0)
+    nokogiri (1.8.2)
+      mini_portile2 (~> 2.3.0)
+    public_suffix (3.0.2)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-its (1.2.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    ruby-progressbar (1.9.0)
+    rubyzip (1.2.1)
+    safe_yaml (1.0.4)
+    simplecov (0.16.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    typhoeus (1.3.0)
+      ethon (>= 0.9.0)
+    unicode-display_width (1.4.0)
+    webmock (3.4.2)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+    yajl-ruby (1.4.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  addressable (>= 2.5.0)
+  nokogiri (>= 1.7.0.1)
+  rspec (>= 3.5.0)
+  rspec-its (>= 1.2.0)
+  ruby-progressbar (>= 1.8.1)
+  rubyzip (>= 1.2.1)
+  simplecov (>= 0.13.0)
+  terminal-table (>= 1.6.0)
+  typhoeus (>= 1.1.2)
+  webmock (>= 2.3.2)
+  yajl-ruby (>= 1.3.0)
+
+BUNDLED WITH
+   1.16.2

LICENSE

@@ -1,6 +1,6 @@
 WPScan Public Source License
 
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2016 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team.
 
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 
@@ -8,7 +8,7 @@ Cases that include commercialization of WPScan require a commercial, non-free li
 
 1.1 “License” means this document.
 1.2 “Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
-1.3 “WPScan Team” means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
+1.3 “WPScan Team” means WPScan’s core developers.
 
 2. Commercialization
 

README.md

@@ -3,14 +3,13 @@
 
 [![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
 [![Code Climate](https://img.shields.io/codeclimate/github/wpscanteam/wpscan.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
-[![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/wpscan.svg)](https://gemnasium.com/wpscanteam/wpscan)
 [![Docker Pulls](https://img.shields.io/docker/pulls/wpscanteam/wpscan.svg)](https://hub.docker.com/r/wpscanteam/wpscan/)
 
 # LICENSE
 
 ## WPScan Public Source License
 
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2016 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team.
 
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 
@@ -95,11 +94,53 @@ WPScan comes pre-installed on the following Linux distributions:
 - [SamuraiWTF](http://samurai.inguardians.com/)
 - [BlackArch](http://blackarch.org/)
 
+On macOS WPScan is packaged by [Homebrew](https://brew.sh/) as [`wpscan`](http://braumeister.org/formula/wpscan).
+
 Windows is not supported
 
+We suggest you use our official Docker image from https://hub.docker.com/r/wpscanteam/wpscan/ to avoid installation problems.
+
+# DOCKER
+## Install Docker
+[https://docs.docker.com/engine/installation/](https://docs.docker.com/engine/installation/)
+
+## Get the image
+Pull the repo with `docker pull wpscanteam/wpscan`
+
+## Start WPScan
+
+```
+docker run -it --rm wpscanteam/wpscan -u https://yourblog.com [options]
+```
+
+For the available Options, please see https://github.com/wpscanteam/wpscan#wpscan-arguments
+
+If you run the git version of wpscan we included some binstubs in ./bin for easier start of wpscan.
+
+## Examples
+
+Mount a local wordlist to the docker container and start a bruteforce attack for user admin
+
+```
+docker run -it --rm -v ~/wordlists:/wordlists wpscanteam/wpscan --url https://yourblog.com --wordlist /wordlists/crackstation.txt --username admin
+```
+
+(This mounts the host directory `~/wordlists` to the container in the path `/wordlists`)
+
+Use logfile option
+```
+# the file must exist prior to starting the container, otherwise docker will create a directory with the filename
+touch ~/FILENAME
+docker run -it --rm -v ~/FILENAME:/wpscan/output.txt wpscanteam/wpscan --url https://yourblog.com --log /wpscan/output.txt
+```
+
+Published on https://hub.docker.com/r/wpscanteam/wpscan/
+
+# Manual install
+
 ## Prerequisites
 
-- Ruby >= 2.1.9 - Recommended: 2.3.1
+- Ruby >= 2.1.9 - Recommended: 2.5.1
 - Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
 - RubyGems      - Recommended: latest
 - Git
@@ -110,7 +151,7 @@ Windows is not supported
 
 ### Installing dependencies on Debian
 
-    sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
+    sudo apt-get install gcc git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
 
 ### Installing dependencies on Fedora
 
@@ -121,11 +162,11 @@ Windows is not supported
     pacman -Syu ruby
     pacman -Syu libyaml
 
-### Installing dependencies on Mac OSX
+### Installing dependencies on macOS
 
 Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See [http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error](http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error)
 
-## Installing with RVM (recommended)
+## Installing with RVM (recommended when doing a manual install)
 
 If you are using GNOME Terminal, there are some steps required before executing the commands. See here for more information:
 https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
@@ -136,10 +177,9 @@ https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
     curl -sSL https://get.rvm.io | bash -s stable
     source ~/.rvm/scripts/rvm
     echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
-    rvm install 2.3.1
-    rvm use 2.3.1 --default
+    rvm install 2.5.1
+    rvm use 2.5.1 --default
     echo "gem: --no-ri --no-rdoc" > ~/.gemrc
-    gem install bundler
     git clone https://github.com/wpscanteam/wpscan.git
     cd wpscan
     gem install bundler
@@ -151,54 +191,8 @@ https://rvm.io/integration/gnome-terminal#integrating-rvm-with-gnome-terminal
     cd wpscan
     sudo gem install bundler && bundle install --without test
 
-# DOCKER
-Pull the repo with `docker pull wpscanteam/wpscan`
-
-## Start WPScan
-
-```
-docker run --rm wpscanteam/wpscan -u http://yourblog.com [options]
-```
-
-For the available Options, please see https://github.com/wpscanteam/wpscan#wpscan-arguments
-
-Published on https://hub.docker.com/r/wpscanteam/wpscan/
-
 # KNOWN ISSUES
 
-  - Typhoeus segmentation fault
-
-      Update cURL to version => 7.21 (may have to install from source)
-
-  - Proxy not working
-
-      Update cURL to version => 7.21.7 (may have to install from source).
-
-      Installation from sources :
-
-        Grab the sources from http://curl.haxx.se/download.html
-        Decompress the archive
-        Open the folder with the extracted files
-        Run ./configure
-        Run make
-        Run sudo make install
-        Run sudo ldconfig
-
-
-  - cannot load such file -- readline:
-
-        sudo aptitude install libreadline5-dev libncurses5-dev
-
-      Then, open the directory of the readline gem (you have to locate it)
-
-        cd ~/.rvm/src/ruby-XXXX/ext/readline
-        ruby extconf.rb
-        make
-        make install
-
-
-      See [http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/](http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/) for more details
-
   - no such file to load -- rubygems
 
       ```update-alternatives --config ruby```
@@ -236,7 +230,7 @@ Published on https://hub.docker.com/r/wpscanteam/wpscan/
     --follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not
     --batch                             Never ask for user input, use the default behaviour.
     --no-color                          Do not use colors in the output.
-    --log                               Creates a log.txt file with WPScan's output.
+    --log [filename]                    Creates a log.txt file with WPScan's output if no filename is supplied. Otherwise the filename is used for logging.
     --no-banner                         Prevents the WPScan banner from being displayed.
     --disable-accept-header             Prevents WPScan sending the Accept HTTP header.
     --disable-referer                   Prevents setting the Referer header.
@@ -250,6 +244,7 @@ Published on https://hub.docker.com/r/wpscanteam/wpscan/
     --proxy-auth <username:password>    Supply the proxy login credentials.
     --basic-auth <username:password>    Set the HTTP Basic authentication.
     --wordlist | -w <wordlist>          Supply a wordlist for the password brute forcer.
+                                        If the "-" option is supplied, the wordlist is expected via STDIN.
     --username | -U <username>          Only brute force the supplied username.
     --usernames     <path-to-file>      Only brute force the usernames from the file.
     --cache-dir       <cache-directory> Set the cache directory.
@@ -257,7 +252,6 @@ Published on https://hub.docker.com/r/wpscanteam/wpscan/
     --request-timeout <request-timeout> Request Timeout.
     --connect-timeout <connect-timeout> Connect Timeout.
     --threads  | -t <number of threads> The number of threads to use when multi-threading requests.
-    --max-threads     <max-threads>     Maximum Threads.
     --throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.
     --help     | -h                     This help screen.
     --verbose  | -v                     Verbose output.
@@ -273,6 +267,10 @@ Do wordlist password brute force on enumerated users using 50 threads...
 
 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50```
 
+Do wordlist password brute force on enumerated users using STDIN as the wordlist...
+
+```crunch 5 13 -f charset.lst mixalpha | ruby wpscan.rb --url www.example.com --wordlist -```
+
 Do wordlist password brute force on the 'admin' username only...
 
 ```ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin```

bin/rspec

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+# always rebuild and include all GEMs
+docker build --build-arg "BUNDLER_ARGS=--jobs=8" -t wpscan:rspec .
+# update all gems (this updates Gemfile.lock on the host)
+# this also needs some build dependencies
+docker run --rm -u root -v $DIR/../Gemfile.lock:/wpscan/Gemfile.lock --entrypoint "" wpscan:rspec sh -c 'apk add --no-cache alpine-sdk ruby-dev libffi-dev zlib-dev && bundle update'
+# rebuild image with latest GEMs
+docker build --build-arg "BUNDLER_ARGS=--jobs=8" -t wpscan:rspec .
+# run spec
+docker run --rm -v $DIR/../:/wpscan --entrypoint "" wpscan:rspec rspec
+

bin/update_gems

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+docker run --rm -v "$DIR/../":/usr/src/app -w /usr/src/app ruby:2.5-alpine /bin/sh -c "gem install bundler; bundle lock --update"

bin/wpscan

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+docker build -q -t wpscan:git .
+docker run -it --rm wpscan:git "$@"
+

bin/wpscan-dev

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+  DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+done
+DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+cd $DIR/../
+if [[ -n "$WPSCAN_BUILD" ]]; then
+  docker build -q -t wpscan:git .
+fi
+docker run -it --rm -v $DIR/../:/wpscan wpscan:git "$@"
+

data/.gitignore

@@ -1,2 +0,0 @@
-*
-!.gitignore

lib/common/browser.rb

@@ -126,7 +126,7 @@ class Browser
   def merge_request_params(params = {})
     if @proxy
       params.merge!(proxy: @proxy)
-      params.merge!(proxyauth: @proxy_auth) if @proxy_auth
+      params.merge!(proxyuserpwd: @proxy_auth) if @proxy_auth
     end
 
     if @basic_auth

lib/common/browser/options.rb

@@ -20,7 +20,7 @@ class Browser
       elsif auth =~ /\ABasic [a-zA-Z0-9=]+\z/
         @basic_auth = auth
       else
-       raise 'Invalid basic authentication format, "login:password" or "Basic base_64_encoded" expected'
+        raise "Invalid basic authentication format, \"login:password\" or \"Basic base_64_encoded\" expected. Your input: #{auth}"
      end
     end
 

lib/common/cache_file_store.rb

@@ -26,6 +26,10 @@ class CacheFileStore
     unless Dir.exist?(@storage_path)
       FileUtils.mkdir_p(@storage_path)
     end
+
+    unless Pathname.new(@storage_path).writable?
+      fail "#{@storage_path} is not writable"
+    end
   end
 
   def clean

lib/common/collections/wp_items/detectable.rb

@@ -95,7 +95,7 @@ class WpItems < Array
         code = tag.text.to_s
         next if code.empty?
 
-        if ! code.valid_encoding?
+        if !code.valid_encoding?
           code = code.encode('UTF-16be', :invalid => :replace, :replace => '?').encode('UTF-8')
         end
 

lib/common/collections/wp_users/output.rb

@@ -9,7 +9,7 @@ class WpUsers < WpItems
     # @return [ void ]
     def output(options = {})
       rows     = []
-      headings = ['Id', 'Login', 'Name']
+      headings = ['ID', 'Login', 'Name']
       headings << 'Password' if options[:show_password]
 
       remove_junk_from_display_names

lib/common/common_helper.rb

@@ -1,36 +1,34 @@
 # encoding: UTF-8
 
-LIB_DIR              = File.expand_path(File.join(__dir__, '..'))
-ROOT_DIR             = File.expand_path(File.join(LIB_DIR, '..')) # expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
-DATA_DIR             = File.join(ROOT_DIR, 'data')
-CONF_DIR             = File.join(ROOT_DIR, 'conf')
-CACHE_DIR            = File.join(ROOT_DIR, 'cache')
-WPSCAN_LIB_DIR       = File.join(LIB_DIR, 'wpscan')
-UPDATER_LIB_DIR      = File.join(LIB_DIR, 'updater')
-COMMON_LIB_DIR       = File.join(LIB_DIR, 'common')
-MODELS_LIB_DIR       = File.join(COMMON_LIB_DIR, 'models')
-COLLECTIONS_LIB_DIR  = File.join(COMMON_LIB_DIR, 'collections')
+# Location directories
+LIB_DIR              = File.expand_path(File.join(__dir__, '..')) # wpscan/lib/
+ROOT_DIR             = File.expand_path(File.join(LIB_DIR, '..')) # wpscan/ - expand_path is used to get "wpscan/" instead of "wpscan/lib/../"
+USER_DIR             = File.expand_path(Dir.home) # ~/
 
-LOG_FILE             = File.join(ROOT_DIR, 'log.txt')
+# Core WPScan directories
+CACHE_DIR            = File.join(USER_DIR, '.wpscan/cache') # ~/.wpscan/cache/
+DATA_DIR             = File.join(USER_DIR, '.wpscan/data') # ~/.wpscan/data/
+CONF_DIR             = File.join(USER_DIR, '.wpscan/conf') # ~/.wpscan/conf/ - Not used ATM (only ref via ./spec/ for travis)
+COMMON_LIB_DIR       = File.join(LIB_DIR, 'common') # wpscan/lib/common/
+WPSCAN_LIB_DIR       = File.join(LIB_DIR, 'wpscan') # wpscan/lib/wpscan/
+MODELS_LIB_DIR       = File.join(COMMON_LIB_DIR, 'models') # wpscan/lib/common/models/
 
-# Plugins directories
-COMMON_PLUGINS_DIR   = File.join(COMMON_LIB_DIR, 'plugins')
-WPSCAN_PLUGINS_DIR   = File.join(WPSCAN_LIB_DIR, 'plugins') # Not used ATM
+# Core WPScan files
+DEFAULT_LOG_FILE     = File.join(USER_DIR, '.wpscan/log.txt')  # ~/.wpscan/log.txt
+DATA_FILE            = File.join(ROOT_DIR, 'data.zip') # wpscan/data.zip
 
-# Data files
-WORDPRESSES_FILE  = File.join(DATA_DIR, 'wordpresses.json')
-PLUGINS_FILE      = File.join(DATA_DIR, 'plugins.json')
-THEMES_FILE       = File.join(DATA_DIR, 'themes.json')
-WP_VERSIONS_FILE  = File.join(DATA_DIR, 'wp_versions.xml')
-LOCAL_FILES_FILE  = File.join(DATA_DIR, 'local_vulnerable_files.xml')
-WP_VERSIONS_XSD   = File.join(DATA_DIR, 'wp_versions.xsd')
-LOCAL_FILES_XSD   = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
-USER_AGENTS_FILE  = File.join(DATA_DIR, 'user-agents.txt')
-LAST_UPDATE_FILE  = File.join(DATA_DIR, '.last_update')
+# WPScan Data files (data.zip)
+LAST_UPDATE_FILE    = File.join(DATA_DIR, '.last_update') # ~/.wpscan/data/.last_update
+PLUGINS_FILE        = File.join(DATA_DIR, 'plugins.json') # ~/.wpscan/data/plugins.json
+THEMES_FILE         = File.join(DATA_DIR, 'themes.json') # ~/.wpscan/data/themes.json
+TIMTHUMBS_FILE      = File.join(DATA_DIR, 'timthumbs.txt') # ~/.wpscan/data/timthumbs.txt
+USER_AGENTS_FILE    = File.join(DATA_DIR, 'user-agents.txt') # ~/.wpscan/data/user-agents.txt
+WORDPRESSES_FILE    = File.join(DATA_DIR, 'wordpresses.json') # ~/.wpscan/data/wordpresses.json
+WP_VERSIONS_FILE    = File.join(DATA_DIR, 'wp_versions.xml') # ~/.wpscan/data/wp_versions.xml
 
 MIN_RUBY_VERSION = '2.1.9'
 
-WPSCAN_VERSION = '2.9.2'
+WPSCAN_VERSION = '2.9.4'
 
 $LOAD_PATH.unshift(LIB_DIR)
 $LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -50,6 +48,7 @@ def windows?
 end
 
 require 'environment'
+require 'zip'
 
 def escape_glob(s)
   s.gsub(/[\\\{\}\[\]\*\?]/) { |x| '\\' + x }
@@ -78,13 +77,39 @@ def add_trailing_slash(url)
   url =~ /\/$/ ? url : "#{url}/"
 end
 
-def missing_db_file?
+def missing_db_files?
   DbUpdater::FILES.each do |db_file|
     return true unless File.exist?(File.join(DATA_DIR, db_file))
   end
   false
 end
 
+# Find data.zip?
+def has_db_zip?
+  return File.exist?(DATA_FILE)
+end
+
+# Extract data.zip
+def extract_db_zip
+  # Create data folder
+  FileUtils.mkdir_p(DATA_DIR)
+
+  Zip::File.open(DATA_FILE) do |zip_file|
+    zip_file.each do |f|
+      # Feedback to the user
+      #puts "[+] Extracting: #{File.basename(f.name)}"
+      f_path = File.join(DATA_DIR, File.basename(f.name))
+
+      # Delete if already there
+      #puts "[+] Deleting: #{File.basename(f.name)}" if File.exist?(f_path)
+      FileUtils.rm(f_path) if File.exist?(f_path)
+
+      # Extract
+      zip_file.extract(f, f_path)
+    end
+  end
+end
+
 def last_update
   date = nil
   if File.exists?(LAST_UPDATE_FILE)
@@ -94,9 +119,12 @@ def last_update
   date
 end
 
+# Was it 5 days ago?
 def update_required?
   date = last_update
-  (true if date.nil?) or (date < 5.days.ago)
+  day_seconds = 24 * 60 * 60
+  five_days_ago = Time.now - (5 * day_seconds)
+  (true if date.nil?) or (date < five_days_ago)
 end
 
 # Define colors
@@ -159,7 +187,7 @@ def banner
   puts '        WordPress Security Scanner by the WPScan Team '
   puts "                       Version #{WPSCAN_VERSION}"
   puts '          Sponsored by Sucuri - https://sucuri.net'
-  puts '   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_'
+  puts '      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_'
   puts '_______________________________________________________________'
   puts
 end
@@ -251,14 +279,26 @@ end
 # @return [ String ] A random user-agent from data/user-agents.txt
 def get_random_user_agent
   user_agents = []
+
+  # If we can't access the file, die
+  raise('[ERROR] Missing user-agent data. Please re-run with just --update.') unless File.exist?(USER_AGENTS_FILE)
+
+  # Read in file
   f = File.open(USER_AGENTS_FILE, 'r')
+
+  # Read every line in the file
   f.each_line do |line|
-    # ignore comments
+    # Remove any End of Line issues, and leading/trailing spaces
+    line = line.strip.chomp
+    # Ignore empty files and comments
     next if line.empty? or line =~ /^\s*(#|\/\/)/
+    # Add to array
     user_agents << line.strip
   end
+  # Close file handler
   f.close
-  # return ransom user-agent
+
+  # Return random user-agent
   user_agents.sample
 end
 
@@ -272,3 +312,21 @@ end
 def url_encode(str)
   CGI.escape(str).gsub("+", "%20")
 end
+
+# Check valid JSON?
+def valid_json?(json)
+    JSON.parse(json)
+    return true
+  rescue JSON::ParserError => e
+    return false
+end
+
+# Get the HTTP response code
+def get_http_status(url)
+  Browser.get(url.to_s).code
+end
+
+# Check to see if we need a "s"
+def grammar_s(size)
+  size.to_i >= 2 ? "s" : ""
+end

lib/common/db_updater.rb

@@ -13,8 +13,13 @@ class DbUpdater
   def initialize(repo_directory)
     @repo_directory = repo_directory
 
-    fail "#{repo_directory} is not writable" unless \
-      Pathname.new(repo_directory).writable?
+    unless Dir.exist?(@repo_directory)
+      FileUtils.mkdir_p(@repo_directory)
+    end
+
+    unless Pathname.new(@repo_directory).writable?
+      fail "#{@repo_directory} is not writable"
+    end
   end
 
   # @return [ Hash ] The params for Typhoeus::Request
@@ -83,7 +88,7 @@ class DbUpdater
   def update(verbose = false)
     FILES.each do |filename|
       begin
-        puts "[+] Checking #{filename}" if verbose
+        puts "[+] Checking: #{filename}" if verbose
         db_checksum = remote_file_checksum(filename)
 
         # Checking if the file needs to be updated
@@ -95,7 +100,7 @@ class DbUpdater
         puts '  [i] Needs to be updated' if verbose
         create_backup(filename)
         puts '  [i] Backup Created' if verbose
-        puts '  [i] Downloading new file' if verbose
+        puts "  [i] Downloading new file: #{remote_file_url(filename)}" if verbose
         dl_checksum = download(filename)
         puts "  [i] Downloaded File Checksum: #{dl_checksum}" if verbose
         puts "  [i] Database File Checksum  : #{db_checksum}" if verbose

lib/common/hacks.rb

@@ -21,7 +21,7 @@ end
 def puts(o = '')
   if $log && o.respond_to?(:gsub)
     temp = o.gsub(/\e\[\d+m/, '') # remove color for logging
-    File.open(LOG_FILE, 'a+') { |f| f.puts(temp) }
+    File.open($log, 'a+') { |f| f.puts(temp) }
   end
 
   super(o)
@@ -35,16 +35,3 @@ class Numeric
     s.sub(/\.?0*$/, ' ' + units[e])
   end
 end
-
-# time calculations
-class Fixnum
-  SECONDS_IN_DAY = 24 * 60 * 60
-
-  def days
-    self * SECONDS_IN_DAY
-  end
-
-  def ago
-    Time.now - self
-  end
-end

lib/common/models/wp_item.rb

@@ -51,7 +51,7 @@ class WpItem
   end
 
   def last_updated
-    db_data['last_ipdated']
+    db_data['last_updated']
   end
 
   def popular?

lib/common/models/wp_item/infos.rb

@@ -5,27 +5,6 @@ class WpItem
   # @uri is used instead of #uri to avoid the presence of the :path into it
   module Infos
 
-    # @return [ Boolean ]
-    def has_readme?
-      !readme_url.nil?
-    end
-
-    # @return [ String,nil ] The url to the readme file, nil if not found
-    def readme_url
-      # See https://github.com/wpscanteam/wpscan/pull/737#issuecomment-66375445
-      # for any question about the order
-      %w{readme.txt README.txt Readme.txt ReadMe.txt README.TXT readme.TXT}.each do |readme|
-        url = @uri.merge(readme).to_s
-        return url if url_is_200?(url)
-      end
-      nil
-    end
-
-    # @return [ Boolean ]
-    def has_changelog?
-      url_is_200?(changelog_url)
-    end
-
     # Checks if the url status code is 200
     #
     # @param [ String ] url
@@ -35,9 +14,34 @@ class WpItem
       Browser.get(url).code == 200
     end
 
+    # @return [ Boolean ]
+    def has_readme?
+      !readme_url.nil?
+    end
+
+    # @return [ String,nil ] The url to the readme file, nil if not found
+    def readme_url
+      # See https://github.com/wpscanteam/wpscan/pull/737#issuecomment-66375445
+      # for any question about the order
+      %w{readme.txt README.txt README.md readme.md Readme.txt}.each do |readme|
+        url = @uri.merge(readme).to_s
+        return url if url_is_200?(url)
+      end
+      nil
+    end
+
+    # @return [ Boolean ]
+    def has_changelog?
+      !changelog_url.nil?
+    end
+
     # @return [ String ] The url to the changelog file
     def changelog_url
-      @uri.merge('changelog.txt').to_s
+      %w{changelog.txt CHANGELOG.md changelog.md}.each do |changelog|
+        url = @uri.merge(changelog).to_s
+        return url if url_is_200?(url)
+      end
+      nil
     end
 
     # @return [ Boolean ]

lib/common/models/wp_item/output.rb

@@ -23,7 +23,7 @@ class WpItem
 
       if version.nil? && vulnerabilities.length > 0
         puts
-        puts warning('We could not determine a version so all vulnerabilities are printed out')
+        puts warning('We could not determine the version installed. All of the past known vulnerabilities will be output to allow you to do your own manual investigation.')
       end
 
       vulnerabilities.output

lib/common/models/wp_theme/findable.rb

@@ -30,7 +30,7 @@ class WpTheme < WpItem
       response = Browser.get_and_follow_location(target_uri.to_s)
 
       # https + domain is optional because of relative links
-      return unless response.body =~ %r{(?:https?://[^"']+/)?([^/\s]+)/themes/([^"'/]+)[^"']*/style.css}i
+      return unless response.body =~ %r{(?:https?://[^"']+/)?([^"'/\s]+)/themes/([^"'/]+)[^"']*/style\.css}i
 
       new(
         target_uri,

lib/common/models/wp_user/brute_forcable.rb

@@ -28,9 +28,18 @@ class WpUser < WpItem
       queue_count  = 0
       found        = false
 
-      create_progress_bar(count_file_lines(wordlist)+1, options)
+      if wordlist == '-'
+        words = ARGF
+        passwords_size = 10
+        options[:starting_at] = 0
+      else
+        words = File.open(wordlist)
+        passwords_size = count_file_lines(wordlist)+1
+      end
 
-      File.open(wordlist).each do |password|
+      create_progress_bar(passwords_size, options)
+
+      words.each do |password|
         password.chomp!
 
         # A successfull login will redirect us to the redirect_to parameter
@@ -43,7 +52,13 @@ class WpUser < WpItem
         request = login_request(password, redirect_url)
 
         request.on_complete do |response|
-          progress_bar.progress += 1 if options[:show_progression] && !found
+          if options[:show_progression] && !found
+            progress_bar.progress += 1
+            percentage = progress_bar.progress.fdiv(progress_bar.total)
+            if options[:starting_at] && percentage >= 0.8
+              progress_bar.total *= 2
+            end
+          end
 
           progress_bar.log("  Trying Username: #{login} Password: #{password}") if options[:verbose]
 
@@ -79,7 +94,8 @@ class WpUser < WpItem
         @progress_bar = ProgressBar.create(
           format: '%t %a <%B> (%c / %C) %P%% %e',
           title: "  Brute Forcing '#{login}'",
-          total: passwords_size
+          total: passwords_size,
+          starting_at: options[:starting_at]
         )
       end
     end
@@ -118,7 +134,7 @@ class WpUser < WpItem
       elsif response.code.to_s =~ /^50/
         progression = critical('ERROR: Server error, try reducing the number of threads or use the --throttle option.')
       else
-        progression = critical("ERROR: We received an unknown response for #{password}...")
+        progression = critical("ERROR: We received an unknown response for login: #{login} and password: #{password}")
         verbose     = critical("  Code: #{response.code}\n    Body: #{response.body}\n")
       end
 

lib/common/models/wp_version/findable.rb

@@ -168,11 +168,14 @@ class WpVersion < WpItem
     #
     # @return [ String ] The version number
     def find_from_readme(target_uri)
-      scan_url(
+      version = scan_url(
         target_uri,
         %r{<br />\sversion #{version_pattern}}i,
         'readme.html'
       )
+
+      # Since WP >= 4.7, the Readme only contains the major version
+      VersionCompare.lesser?(version, '4.7') ? version : nil
     end
 
     # Attempts to find the WordPress version from the sitemap.xml file.

lib/environment.rb

@@ -14,16 +14,15 @@ Encoding.default_external = Encoding::UTF_8
 
 begin
   # Standard libs
+  require 'readline'
   require 'bundler/setup' unless kali_linux?
   require 'getoptlong'
   require 'optparse' # Will replace getoptlong
   require 'uri'
   require 'time'
   require 'resolv'
-  require 'xmlrpc/client'
   require 'digest/md5'
   require 'digest/sha1'
-  require 'readline'
   require 'base64'
   require 'rbconfig'
   require 'pp'

lib/wpscan/web_site.rb

@@ -1,11 +1,19 @@
 # encoding: UTF-8
 
-require 'web_site/robots_txt'
+require 'web_site/humans_txt'
 require 'web_site/interesting_headers'
+require 'web_site/robots_txt'
+require 'web_site/security_txt'
+require 'web_site/sitemap'
+require 'web_site/sql_file_export'
 
 class WebSite
-  include WebSite::RobotsTxt
+  include WebSite::HumansTxt
   include WebSite::InterestingHeaders
+  include WebSite::RobotsTxt
+  include WebSite::SecurityTxt
+  include WebSite::Sitemap
+  include WebSite::SqlFileExport
 
   attr_reader :uri
 
@@ -121,13 +129,6 @@ class WebSite
     @error_404_hash
   end
 
-  # Will try to find the rss url in the homepage
-  # Only the first one found is returned
-  def rss_url
-    homepage_body = Browser.get(@uri.to_s).body
-    homepage_body[%r{<link .* type="application/rss\+xml" .* href="([^"]+)" />}, 1]
-  end
-
   # Only the first 700 bytes are checked to avoid the download
   # of the whole file which can be very huge (like 2 Go)
   #

lib/wpscan/web_site/humans_txt.rb

@@ -0,0 +1,13 @@
+# encoding: UTF-8
+
+class WebSite
+  module HumansTxt
+
+    # Gets the humans.txt URL
+    # @return [ String ]
+    def humans_url
+      @uri.clone.merge('humans.txt').to_s
+    end
+
+  end
+end

lib/wpscan/web_site/robots_txt.rb

@@ -18,49 +18,53 @@ class WebSite
     # Parse robots.txt
     # @return [ Array ] URLs generated from robots.txt
     def parse_robots_txt
-      return unless has_robots?
-
       return_object = []
+
+      # Make request
       response = Browser.get(robots_url.to_s)
       body = response.body
+
       # Get all allow and disallow urls
       entries = body.scan(/^(?:dis)?allow:\s*(.*)$/i)
+
+      # Did we get something?
       if entries
-        entries.flatten!
-        entries.compact.sort!
-        entries.uniq!
+        # Remove any rubbish
+        entries = clean_uri(entries)
+
+        # Sort
+        entries.sort!
+
+        # Wordpress URL
         wordpress_path = @uri.path
+
+        # Each "boring" value as defined below, remove
         RobotsTxt.known_dirs.each do |d|
           entries.delete(d)
-          # also delete when wordpress is installed in subdir
+          # Also delete when wordpress is installed in subdir
           dir_with_subdir = "#{wordpress_path}/#{d}".gsub(/\/+/, '/')
           entries.delete(dir_with_subdir)
         end
 
-        entries.each do |d|
-          begin
-            temp = @uri.clone
-            temp.path = d.strip
-          rescue URI::Error
-            temp = d.strip
-          end
-          return_object << temp.to_s
-        end
+        # Convert to full URIs
+        return_object = full_uri(entries)
       end
-      return_object
+      return return_object
     end
 
     protected
 
+    # Useful ~ "function do_robots()" -> https://github.com/WordPress/WordPress/blob/master/wp-includes/functions.php
+    #
     # @return [ Array ]
     def self.known_dirs
       %w{
         /
         /wp-admin/
+        /wp-admin/admin-ajax.php
         /wp-includes/
         /wp-content/
       }
     end
-
   end
 end

lib/wpscan/web_site/security_txt.rb

@@ -0,0 +1,13 @@
+# encoding: UTF-8
+
+class WebSite
+  module SecurityTxt
+
+    # Gets the security.txt URL
+    # @return [ String ]
+    def security_url
+      @uri.clone.merge('.well-known/security.txt').to_s
+    end
+
+  end
+end

lib/wpscan/web_site/sitemap.rb

@@ -0,0 +1,53 @@
+# encoding: UTF-8
+
+class WebSite
+  module Sitemap
+
+    # Checks if a sitemap.txt file exists
+    # @return [ Boolean ]
+    def has_sitemap?
+      # Make the request
+      response = Browser.get(sitemap_url)
+
+      # Make sure its HTTP 200
+      return false unless response.code == 200
+
+      # Is there a sitemap value?
+      result = response.body.scan(/^sitemap\s*:\s*(.*)$/i)
+      return true if result[0]
+      return false
+    end
+
+    # Get the robots.txt URL
+    # @return [ String ]
+    def sitemap_url
+      @uri.clone.merge('robots.txt').to_s
+    end
+
+    # Parse robots.txt
+    # @return [ Array ] URLs generated from robots.txt
+    def parse_sitemap
+      return_object = []
+
+      # Make request
+      response = Browser.get(sitemap_url.to_s)
+
+      # Get all allow and disallow urls
+      entries = response.body.scan(/^sitemap\s*:\s*(.*)$/i)
+
+      # Did we get something?
+      if entries
+        # Remove any rubbish
+        entries = clean_uri(entries)
+
+        # Sort
+        entries.sort!
+
+        # Convert to full URIs
+        return_object = full_uri(entries)
+      end
+      return return_object
+    end
+
+  end
+end

lib/wpscan/web_site/sql_file_export.rb

@@ -0,0 +1,35 @@
+# encoding: UTF-8
+
+class WebSite
+  module SqlFileExport
+
+    # Checks if a .sql file exists
+    # @return [ Array ]
+    def sql_file_export
+      export_files = []
+
+      self.sql_file_export_urls.each do |url|
+        response = Browser.get(url)
+        export_files << url if response.code == 200 && response.body =~ /INSERT INTO/
+      end
+
+      export_files
+    end
+
+    # Gets a .sql export file URL
+    # @return [ Array ]
+    def sql_file_export_urls
+      urls  = []
+      host  = @uri.host[/(^[\w|-]+)/,1]
+
+      files = ["#{host}.sql", "#{host}.sql.gz", "#{host}.zip", 'db.sql', 'site.sql', 'database.sql', 
+        'data.sql', 'backup.sql', 'dump.sql', 'db_backup.sql', 'dbdump.sql', 'wordpress.sql', 'mysql.sql']
+
+      files.each do |file|
+        urls << @uri.clone.merge(file).to_s
+      end
+
+      urls
+    end
+  end
+end

lib/wpscan/wp_target.rb

@@ -1,22 +1,26 @@
 # encoding: UTF-8
 
 require 'web_site'
-require 'wp_target/wp_readme'
-require 'wp_target/wp_registrable'
+require 'wp_target/wp_api'
 require 'wp_target/wp_config_backup'
-require 'wp_target/wp_must_use_plugins'
-require 'wp_target/wp_login_protection'
 require 'wp_target/wp_custom_directories'
 require 'wp_target/wp_full_path_disclosure'
+require 'wp_target/wp_login_protection'
+require 'wp_target/wp_must_use_plugins'
+require 'wp_target/wp_readme'
+require 'wp_target/wp_registrable'
+require 'wp_target/wp_rss'
 
 class WpTarget < WebSite
-  include WpTarget::WpReadme
-  include WpTarget::WpRegistrable
+  include WpTarget::WpAPI
   include WpTarget::WpConfigBackup
-  include WpTarget::WpMustUsePlugins
-  include WpTarget::WpLoginProtection
   include WpTarget::WpCustomDirectories
   include WpTarget::WpFullPathDisclosure
+  include WpTarget::WpLoginProtection
+  include WpTarget::WpMustUsePlugins
+  include WpTarget::WpReadme
+  include WpTarget::WpRegistrable
+  include WpTarget::WpRSS
 
   attr_reader :verbose
 
@@ -155,6 +159,21 @@ class WpTarget < WebSite
     resp.code == 200 && resp.body[%r{by interconnect}i]
   end
 
+  # Script used to recover locked out admin users
+  # http://yoast.com/emergency-wordpress-access/
+  # https://codex.wordpress.org/User:MichaelH/Orphaned_Plugins_needing_Adoption/Emergency
+  #
+  # @return [ String ]
+  def emergency_url
+    @uri.merge('emergency.php').to_s
+  end
+
+  # @return [ Boolean ]
+  def emergency_exists?
+    resp = Browser.get(emergency_url)
+    resp.code == 200 && resp.body[%r{password}i]
+  end
+
   def upload_directory_listing_enabled?
     directory_listing_enabled?(upload_dir_url)
   end

lib/wpscan/wp_target/wp_api.rb

@@ -0,0 +1,86 @@
+# encoding: UTF-8
+
+class WpTarget < WebSite
+  module WpAPI
+
+    # Checks to see if the REST API is enabled
+    #
+    # This by default in a WordPress installation since 4.5+
+    # @return [ Boolean ]
+    def has_api?(url)
+      # Make the request
+      response = Browser.get(url)
+
+      # Able to view the output?
+      if valid_json?(response.body) && response.body != ''
+        # Read in JSON
+        data = JSON.parse(response.body)
+
+        # If there is nothing there, return false
+        if data.empty?
+          return false
+        # WAF/API disabled response
+        elsif data.include?('message') and data['message'] =~ /Only authenticated users can access the REST API/
+          return false
+        # Success!
+        elsif response.code == 200
+          return true
+        end
+      end
+
+      # Something went wrong
+      return false
+    end
+
+    # @return [ String ] The API/JSON URL
+    def json_url
+      @uri.merge('/wp-json/').to_s
+    end
+
+    # @return [ String ] The API/JSON URL to show users
+    def json_users_url
+      @uri.merge('/wp-json/wp/v2/users').to_s
+    end
+
+    # @return [ String ] The API/JSON URL to show users
+    def json_get_users(url)
+      # Variables
+      users = []
+
+      # Make the request
+      response = Browser.get(url)
+
+      # If not HTTP 200, return false
+      return false unless response.code == 200
+
+      # Able to view the output?
+      return false unless valid_json?(response.body)
+
+      # Read in JSON
+      data = JSON.parse(response.body)
+
+      # If there is nothing there, return false
+      return false if data.empty?
+
+      # Add to array
+      data.each do |child|
+        row = [ child['id'], child['name'], child['link'] ]
+        users << row
+      end
+
+      # Sort and uniq
+      users = users.sort.uniq
+
+      if users and users.size >= 1
+        # Feedback
+        grammar = grammar_s(users.size)
+        puts warning("#{users.size} user#{grammar} exposed via API: #{json_users_url}")
+
+        # Print results
+        table = Terminal::Table.new(headings: ['ID', 'Name', 'URL'],
+                                    rows: users)
+        puts table
+      end
+    end
+  end
+end

lib/wpscan/wp_target/wp_rss.rb

@@ -0,0 +1,68 @@
+# encoding: UTF-8
+
+class WpTarget < WebSite
+  module WpRSS
+
+    # Checks to see if there is an rss feed
+    # Will try to find the rss url in the homepage
+    # Only the first one found is returned
+    #
+    # This file comes by default in a WordPress installation
+    #
+    # @return [ Boolean ]
+    def rss_url
+      homepage_body = Browser.get(@uri.to_s).body
+      # Format: <link rel="alternate" type="application/rss+xml" title=".*" href=".*" />
+      homepage_body[%r{<link\s*.*\s*type=['|"]application\/rss\+xml['|"]\s*.*\stitle=".*" href=['|"]([^"]+)['|"]\s*\/?>}i, 1]
+    end
+
+
+    # Gets all the authors from the RSS feed
+    #
+    # @return [ string ]
+    def rss_authors(url)
+      # Variables
+      users = []
+
+      # Make the request
+      response = Browser.get(url, followlocation: true)
+
+      # Valid repose to view? HTTP 200?
+      return false unless response.code == 200
+
+      # Get output
+      data = response.body
+
+      # If there is nothing there, return false
+      return false if data.empty?
+
+      # Read in RSS/XML
+      xml = Nokogiri::XML(data)
+
+      begin
+        # Look for <dc:creator> item
+        xml.xpath('//item/dc:creator').each do |node|
+          #Format: <dc:creator><![CDATA[.*]]></dc:creator>
+          users << [%r{.*}i.match(node).to_s]
+        end
+      rescue
+        puts critical("Missing Author field. Maybe non-standard WordPress RSS feed?")
+        return false
+      end
+
+      # Sort and uniq
+      users = users.sort_by { |user| user.to_s.downcase }.uniq
+
+      if users and users.size >= 1
+        # Feedback
+        grammar = grammar_s(users.size)
+        puts warning("Detected #{users.size} user#{grammar} from RSS feed:")
+
+        # Print results
+        table = Terminal::Table.new(headings: ['Name'],
+                                    rows: users)
+        puts table
+      end
+    end
+  end
+end

lib/wpscan/wpscan_helper.rb

@@ -28,9 +28,12 @@ def usage
   puts '-Enumerate installed themes ...'
   puts "ruby #{script_name} --url www.example.com --enumerate t"
   puts
-  puts '-Enumerate users ...'
+  puts '-Enumerate users (from 1 - 10)...'
   puts "ruby #{script_name} --url www.example.com --enumerate u"
   puts
+  puts '-Enumerate users (from 1 - 20)...'
+  puts "ruby #{script_name} --url www.example.com --enumerate u[1-20]"
+  puts
   puts '-Enumerate installed timthumbs ...'
   puts "ruby #{script_name} --url www.example.com --enumerate tt"
   puts
@@ -46,7 +49,7 @@ def usage
   puts '-Use custom plugins directory ...'
   puts "ruby #{script_name} -u www.example.com --wp-plugins-dir wp-content/custom-plugins"
   puts
-  puts '-Update the DB ...'
+  puts '-Update the Database ...'
   puts "ruby #{script_name} --update"
   puts
   puts '-Debug output ...'
@@ -89,7 +92,7 @@ def help
   puts '--follow-redirection                If the target url has a redirection, it will be followed without asking if you wanted to do so or not'
   puts '--batch                             Never ask for user input, use the default behaviour.'
   puts '--no-color                          Do not use colors in the output.'
-  puts '--log                               Creates a log.txt file with WPScan\'s output.'
+  puts '--log [filename]                    Creates a log.txt file with WPScan\'s output if no filename is supplied. Otherwise the filename is used for logging.'
   puts '--no-banner                         Prevents the WPScan banner from being displayed.'
   puts '--disable-accept-header             Prevents WPScan sending the Accept HTTP header.'
   puts '--disable-referer                   Prevents setting the Referer header.'
@@ -110,7 +113,6 @@ def help
   puts '--request-timeout <request-timeout> Request Timeout.'
   puts '--connect-timeout <connect-timeout> Connect Timeout.'
   puts '--threads  | -t <number of threads> The number of threads to use when multi-threading requests.'
-  puts '--max-threads     <max-threads>     Maximum Threads.'
   puts '--throttle        <milliseconds>    Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.'
   puts '--help     | -h                     This help screen.'
   puts '--verbose  | -v                     Verbose output.'
@@ -118,6 +120,58 @@ def help
   puts
 end
 
+
+def clean_uri(entries)
+  # Extract elements
+  entries.flatten!
+  # Remove any leading/trailing spaces
+  entries.collect{|x| x.strip || x }
+  # End Of Line issues
+  entries.collect{|x| x.chomp! || x }
+  # Remove nil's
+  entries.compact
+  # Unique values only
+  entries.uniq!
+
+  return entries
+end
+
+# Return the full URL
+def full_uri(entries)
+  return_object = []
+  # Each value now, try and make it a full URL
+  entries.each do |d|
+    begin
+      temp = @uri.clone
+      temp.path = d.strip
+    rescue URI::Error
+      temp = d.strip
+    end
+    return_object << temp.to_s
+  end
+
+  return return_object
+end
+
+# Parse humans.txt
+# @return [ Array ] URLs generated from humans.txt
+def parse_txt(url)
+  return_object = []
+  response = Browser.get(url.to_s)
+  body = response.body
+
+  # Get all non-comments
+  entries = body.split(/\n/)
+
+  # Did we get something?
+  if entries
+    # Remove any rubbish
+    entries = clean_uri(entries)
+  end
+  return return_object
+end
+
+
 # Hook to check if the target if down during the scan
 # And have the number of requests performed to display at the end of the scan
 # The target is considered down after 30 requests with status = 0
@@ -136,3 +190,4 @@ Typhoeus.on_complete do |response|
 
   sleep(Browser.instance.throttle)
 end
+

lib/wpscan/wpscan_options.rb

@@ -75,7 +75,7 @@ class WpscanOptions
   end
 
   def wordlist=(wordlist)
-    if File.exists?(wordlist)
+    if File.exists?(wordlist) || wordlist == '-'
       @wordlist = wordlist
     else
       raise "The file #{wordlist} does not exist"
@@ -152,11 +152,6 @@ class WpscanOptions
     end
   end
 
-  def basic_auth=(basic_auth)
-    raise 'Invalid basic authentication format, login:password expected' if basic_auth.index(':').nil?
-    @basic_auth = "Basic #{Base64.encode64(basic_auth).chomp}"
-  end
-
   def debug_output=(debug_output)
     Typhoeus::Config.verbose = debug_output
   end
@@ -282,11 +277,10 @@ class WpscanOptions
       ['--cache-ttl', GetoptLong::REQUIRED_ARGUMENT],
       ['--request-timeout', GetoptLong::REQUIRED_ARGUMENT],
       ['--connect-timeout', GetoptLong::REQUIRED_ARGUMENT],
-      ['--max-threads', GetoptLong::REQUIRED_ARGUMENT],
       ['--batch', GetoptLong::NO_ARGUMENT],
       ['--no-color', GetoptLong::NO_ARGUMENT],
       ['--cookie', GetoptLong::REQUIRED_ARGUMENT],
-      ['--log', GetoptLong::NO_ARGUMENT],
+      ['--log', GetoptLong::OPTIONAL_ARGUMENT],
       ['--no-banner', GetoptLong::NO_ARGUMENT],
       ['--throttle', GetoptLong::REQUIRED_ARGUMENT],
       ['--disable-accept-header', GetoptLong::NO_ARGUMENT],

spec/lib/common/browser_spec.rb

@@ -168,7 +168,7 @@ describe Browser do
         it 'sets the proxy_auth' do
           browser.proxy      = proxy
           browser.proxy_auth = 'user:pass'
-          @expected          = proxy_expectation.merge(proxyauth: 'user:pass')
+          @expected          = proxy_expectation.merge(proxyuserpwd: 'user:pass')
         end
       end
     end

spec/lib/common/models/wp_theme/findable_spec.rb

@@ -45,9 +45,18 @@ describe 'WpTheme::Findable' do
 
     # FIXME: the style_url should be checked in WpTheme for absolute / relative
     context 'when relative url is used' do
-      it 'returns the WpTheme' do
-        @file = 'relative_urls.html'
-        @expected = WpTheme.new(uri, name: 'theme_name')
+      context 'when leading slash' do
+        it 'returns the WpTheme' do
+          @file = 'relative_urls.html'
+          @expected = WpTheme.new(uri, name: 'theme_name')
+        end
+      end
+
+      context 'when no leading slash' do
+        it 'returns the WpTheme' do
+          @file = 'relative_urls_missing_slash.html'
+          @expected = WpTheme.new(uri, name: 'theme_name')
+        end
       end
     end
 

spec/lib/common/models/wp_version/findable_spec.rb

@@ -134,6 +134,13 @@ describe 'WpVersion::Findable' do
       @fixture  = '/3.3.2.html'
       @expected = '3.3.2'
     end
+
+    context 'when version >= 4.7' do
+      it 'returns nil' do
+        @fixture  = '/4.7.2.html'
+        @expected = nil
+      end
+    end
   end
 
   describe '::find_from_links_opml' do

spec/lib/wpscan/web_site_spec.rb

@@ -207,18 +207,6 @@ describe 'WebSite' do
     end
   end
 
-  describe '#rss_url' do
-    it 'returns nil if the url is not found' do
-      stub_request(:get, web_site.url).to_return(body: 'No RSS link in this body !')
-      expect(web_site.rss_url).to be_nil
-    end
-
-    it "returns 'http://lamp-wp/wordpress-3.5/?feed=rss2'" do
-      stub_request_to_fixture(url: web_site.url, fixture: fixtures_dir + '/rss_url/wordpress-3.5.htm')
-      expect(web_site.rss_url).to be === 'http://lamp-wp/wordpress-3.5/?feed=rss2'
-    end
-  end
-
   describe '::has_log?' do
     let(:log_url) { web_site.uri.merge('log.txt').to_s }
     let(:pattern) { %r{PHP Fatal error} }

spec/lib/wpscan/wp_target_spec.rb

@@ -192,4 +192,27 @@ describe WpTarget do
     end
   end
 
+  describe '#emergency_url' do
+    it 'returns the correct url' do
+      expect(wp_target.emergency_url).to eq 'http://example.localhost/emergency.php'
+    end
+  end
+
+  describe '#emergency_exists?' do
+    it 'returns true' do
+      stub_request(:any, wp_target.emergency_url).to_return(status: 200, body: 'enter your password here')
+      expect(wp_target.emergency_exists?).to be_truthy
+    end
+
+    it 'returns false' do
+      stub_request(:any, wp_target.emergency_url).to_return(status: 500)
+      expect(wp_target.emergency_exists?).to be_falsey
+    end
+
+    it 'returns false' do
+      stub_request(:any, wp_target.emergency_url).to_return(status: 500, body: 'enter your password here')
+      expect(wp_target.emergency_exists?).to be_falsey
+    end
+  end
+
 end

spec/lib/wpscan/wpscan_options_spec.rb

@@ -186,23 +186,6 @@ describe 'WpscanOptions' do
     end
   end
 
-  describe '#basic_auth=' do
-    context 'invalid format' do
-      it 'should raise an error if the : is missing' do
-        expect { @wpscan_options.basic_auth = 'helloworld' }.to raise_error(
-          RuntimeError, 'Invalid basic authentication format, login:password expected'
-        )
-      end
-    end
-
-    context 'valid format' do
-      it "should add the 'Basic' word and do the encode64. See RFC 2617" do
-        @wpscan_options.basic_auth = 'Aladdin:open sesame'
-        expect(@wpscan_options.basic_auth).to eq 'Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
-      end
-    end
-  end
-
   describe '#has_options?' do
     it 'should return false' do
       expect(@wpscan_options.has_options?).to be_falsey

spec/samples/common/models/wp_item/versionable/wp-maintenance-mode.txt

@@ -0,0 +1,413 @@
+=== WP Maintenance Mode ===
+Contributors: Designmodo, GeorgeJipa
+Plugin Name: WP Maintenance Mode
+Plugin URI: http://designmodo.com/
+Author: Designmodo
+Author URI: http://designmodo.com/
+Tags: maintenance mode, admin, administration, unavailable, coming soon, multisite, landing page, under construction, contact form, subscribe, countdown
+Requires at least: 3.5
+Tested up to: 4.7
+License: GPL-2.0+
+
+Adds a splash page to your site that lets visitors know your site is down for maintenance. It's perfect for a coming soon page.
+
+== Description ==
+
+Add a maintenance page to your blog that lets visitors know your blog is down for maintenance, or add a coming soon page for a new website. User with admin rights gets full access to the blog including the front end.
+
+Activate the plugin and your blog is in maintenance-mode, works and only registered users with enough rights can see the front end. You can use a date with a countdown timer for visitor information or set a value and unit for information.
+Also works with WordPress Multisite installs (each blog from the network has it's own maintenance settings).
+
+= Features =
+
+* Fully customizable (change colors, texts and backgrounds);
+* Subscription form (export emails to .csv file);
+* Countdown timer (remaining time);
+* Contact form (receive emails from visitors);
+* Coming soon page;
+* Landing page templates;
+* WordPress multisite;
+* Responsive design;
+* Social media icons;
+* Works with any WordPress theme;
+* SEO options;
+* Exclude URLs from maintenance.
+
+= Bugs, technical hints or contribute =
+
+Please give us feedback, contribute and file technical bugs on [GitHub Repo](https://github.com/Designmodocom/WP-Maintenance-Mode).
+
+= Credits =
+
+Developed by [Designmodo](http://designmodo.com) & [StrictThemes – WordPress Themes](http://strictthemes.com/)
+
+== Installation ==
+
+1. Unpack the download package
+2. Upload all files to the `/wp-content/plugins/` directory, include folders
+3. Activate the plugin through the 'Plugins' menu in WordPress
+4. Go to `Settings` page, where you can change what settings you need (pay attention to **Exclude** option!)
+
+== Screenshots ==
+
+1. Maintenance Mode example
+2. Maintenance Mode example #2
+3. Contact form
+4. Dashboard General settings
+5. Dashboard Design settings
+6. Dashboard Modules settings
+
+== Frequently Asked Questions ==
+
+= How to use plugin filters =
+See [GitHub Repo] (https://github.com/Designmodocom/WP-Maintenance-Mode) FAQ.
+
+= Cache Plugin Support =
+WP Maintenance Mode can be unstable due the cache plugins, we recommend to deactivate any cache plugin when maintenance mode is active.
+
+= Exclude list =
+If you change your login url, please add the new slug (url: http://domain.com/newlogin, then you should add: newlogin) to Exclude list from plugin settings -> General Tab.
+
+== Changelog ==
+
+= 2.0.9 (29/11/2016) =
+* new hook (`wpmm_after_body`) in maintenance mode template (thanks @ [Karolína Vyskočilová](https://github.com/vyskoczilova))
+* pt_PT (portuguese) language update (thanks @ [Pedro Mendonça](https://github.com/pedro-mendonca))
+* maintenance mode template can also be loaded from theme/child-theme folder (thanks @ [Florian Tiar](https://github.com/Mahjouba91) and [Lachlan Heywood](https://github.com/lachieh))
+* new hooks for contact form (if you want to add new fields): `wpmm_contact_form_start`, `wpmm_contact_form_before_message`, `wpmm_contact_form_after_message`, `wpmm_contact_form_end`
+* new hook for contact form validation (if you want to validate new fields): `wpmm_contact_validation`
+* new hooks for contact form template (if you want to display new fields): `wpmm_contact_template_start`, `wpmm_contact_template_before_message`, `wpmm_contact_template_after_message`, `wpmm_contact_template_end`
+* some javascript improvements
+* small css fix for contact form (thanks @ [frontenddev](https://wordpress.org/support/topic/please-fix-modal-window-of-contact-form/))
+
+= 2.0.8 (09/09/2016) =
+* add wp_scripts() function (in helpers.php) to maintain backward compatibility (for those with WP < 4.2.0)
+* css fix for subscribe button on maintenance page
+* fix multisite administrator access issue
+* pt_PT (portuguese) language update (thanks @ Pedro Mendonça)
+* new hooks for Contact module: `wpmm_contact_template`, `wpmm_contact_subject`, `wpmm_contact_headers`
+* jQuery (google cdn) path fix when SCRIPT_DEBUG is true
+
+= 2.0.7 (06/07/2016) =
+* reset_settings _wpnonce check (thanks # Wordfence)
+* modules > google analytics code sanitization (thanks @ Wordfence)
+* move sidebar banners from our servers to plugin folder... as WordPress staff requested
+* Subscribe button error on Mobile version (thanks @ Hostílio Thumbo)
+* replace $wp_scripts global with wp_scripts() function
+* de_DE language file update (thanks @ tt22tt)
+
+= 2.0.6 (20/06/2016) =
+* notifications update
+* languages update
+
+= 2.0.5 (17/06/2016) =
+* roles (array) fix
+
+= 2.0.4 (17/06/2016) =
+* fixed issue: responsive subscribe form
+* fixed issue: jQuery was loaded from a different folder on some WP installations
+* fixed issue: errors after update (strstr on empty strings because of saving empty lines on exclude list)
+* fixed issue: if "Redirection" from "General" tab is active, also redirects ajax calls
+* fixed issue: settings page title was wrong placed
+* "contact" feature update - nice email template + reply-to email header
+* refactoring for some methods
+* all assets are now minified
+* rewrite count db records function (used on subscribers count)
+* compatible with https://github.com/afragen/github-updater
+* compatible with wp-cli http://wp-cli.org/
+* improved responsivity
+* improved roles access; now you can set multiple roles (editor, author, subscriber, contributor) and administrator will always have access to backend and frontend
+* it_IT translation by benedettogit (https://github.com/benedettogit)
+* updated all language files (need help for 100% translation)
+
+
+= 2.0.3 (07/10/2014) =
+* WP_Super_Cache issue was fixed
+* fixed "Subscribe" button issue on Safari mobile
+* fixed color of subscribe-success message (same color as subscribe_text)
+* "Social networks" module edits: settings for links target + a new social network: linkedin
+* new module "Google Analytics"
+* loginform shortcode reintroduced
+* dashboard link on maintenance page reintroduced
+* the content editor accepts new css inline properties: min-height, max-height, min-width, max-width. Use them wisely! :)
+* Settings & sidebar view + old translation files edited
+* Update from old version 1.x to 2.x issue was fixed
+* Translate on activation issue was fixed
+* de_DE translation by Frank Bültge (http://bueltge.github.io/)
+* pt_PT translation (100% translated) by Pedro Mendonça (http://www.pedromendonca.pt)
+* ru_RU translation (100% translated) by affectiosus (https://github.com/affectiosus)
+* nl_NL translation by dhunink (https://github.com/dhunink)
+* es_ES translation (100% translated) by Erick Ruiz de Chavez (http://erickruizdechavez.com/)
+* fr_FR translation by Florian TIAR (https://github.com/Mahjouba91)
+* pt_BR translation by Jonatas Araújo (http://www.designworld.com.br/)
+* sv_SE translation by Andréas Lundgren (http://adevade.com/)
+
+= 2.0.2 (04/09/2014) =
+* Removed "Author Link" option from General
+* Countdown - save details fix
+
+= 2.0.1 (02/09/2014) =
+* Reintroduced some deprecated actions from old version (but still available in next 4 releases, after that will be removed) and replaced with new ones:
+- `wm_head` -> `wpmm_head`
+- `wm_footer` -> `wpmm_footer`
+* Multisite settings link fix
+* WP_Maintenance_Mode: init (array checking for custom_css arrays, move delete cache part into a helper, etc.), add_subscriber, send_contact, redirect fixes & optimizations
+* WP_Maintenance_Mode_Admin: save_plugin_settings fixes, delete_cache (new method)
+* Settings & Maintenance views fixes
+* Readme.txt changes
+
+= 2.0.0 (01/09/2014) =
+* Changed design and functionality, new features
+* Changed multisite behaviour: now you can activate maintenance individually (each blog from the network has it's own maintenance settings)
+* Removed actions: `wm_header`, `wm_footer`, `wm_content`
+* Removed filters: `wm_header`
+* Removed [loginform] shortcode
+* Some filters are deprecated (but still available in next 4 releases, after that will be removed) and replaced with new ones:
+- `wm_heading` -> `wpmm_heading`,
+- `wp_maintenance_mode_status_code` -> `wpmm_status_code`
+- `wm_title` -> `wpmm_meta_title`
+- `wm_meta_author` -> `wpmm_meta_author`
+- `wm_meta_description` -> `wpmm_meta_description`
+- `wm_meta_keywords` -> `wpmm_meta_keywords`
+* Added new filters:
+- `wpmm_backtime` - can be used to change the backtime from page header
+- `wpmm_meta_robots` - can be used to change `Robots Meta Tag` option (from General)
+- `wpmm_text` - can be used to change `Text` option (from Design > Content)
+- `wpmm_scripts` - can be used to embed new javascripts files
+- `wpmm_styles` - can be used to embed new css files
+- `wpmm_search_bots` - if you have `Bypass for Search Bots` option (from General) activated, it can be used to add new bots (useragents)
+* Removed themes and now we have a "Design" & "Modules" tabs, where the look and functionality of the maintenance page can be changed as you need
+
+= 07/07/2014 =
+* Switch to new owner, contributor
+
+= 1.8.11 (07/25/2013) =
+* Fixes for php notices in scrict mode
+* Alternative for check url, if curl is not installed
+
+= 1.8.10 (07/18/2013) =
+* Add check for urls, Performance topics
+* Change default setting of 'Support Link' to false
+* Fix network settings php notices
+
+= 1.8.9 (06/20/2013) =
+* Allow empty header, title, heading string
+* Small code changes
+* Add Support function
+* Remove preview, will include later in a new release with extra settings page
+
+= 1.8.8 (06/05/2013) =
+* Fix path to localized flash content
+* Fix preview function
+* Add ukrainian translation
+* Add czech translation
+* Fix exclude function for IP
+* Security fix for save status via Ajax
+
+= 1.8.7 (04/07/2013) =
+* Add RTL support for splash page
+* Add Filter Hook `wp_maintenance_mode_status_code` Status Code; default is 503
+* Add support for custom splash page; leave a file with this name `wp-maintenance-mode.php`  in the wp-content; the plugin use this file
+  The plugin checks in `WP_CONTENT_DIR . '/wp-maintenance-mode.php'`
+* Small minor changes
+* Add filter for more date on splash page
+
+= 1.8.6 (02/22/2013) =
+* Remove log inside console for JS
+* Add support for time inside the countdown
+* Add filter hook `wm_meta_author`for the meta data author
+* Add filter hook `wm_meta_description` for custom description
+* Add filter hook `wm_meta_keywords`for custom meta keys
+
+= 1.8.5 (01/24/2013) =
+* Added new settings for hide, view notices about the active maintenance mode
+* Changes on source, codex
+* Fix PHP Notices [Support Thread](http://wordpress.org/support/topic/error-message-in-settings-1)
+* Change default settings, added ajax
+* Fix Preview function
+* Fix uninstall in WPMU
+* Small updates on styles for login form
+
+= 1.8.4 (12/06/2012) =
+* Fix for include JS in frontend to use countdown
+* Small mini fix for a php notice
+* Add charset on spalsh page for strange databases
+* Enhanced default exclude adresses
+* Add shortcode `[loginform]` for easy use a login form in splash page
+* Test with WordPress 3.5
+
+= 1.8.3 =
+* Fix for the forgotten update of JS-files; slow SVN :(
+* Minor Fixes
+
+= 1.8.2 =
+* Add different access for Frontend and Backend
+* Add Rewrite after Login for Frontend Access
+* Different small changes
+* Test for WP 3.5
+
+= 1.8.1 =
+* Add option for value of robots meta tag
+* Add option for optional admin login
+
+= 1.8.0 =
+* Include all scripts in backend via function
+* Update datepicker and countdown js
+* Supportet IP as exclude for see the frontend
+* Add support for flish cache od WP Super Cache and W3 Total Cache plugins
+* Fix for changes in WP 3.3 Multisite
+
+= 1.7.1 (12/05/2011) =
+* fix for WP smaller 3.2* on Network
+
+= 1.7.0 (12/02/2011) =
+* add functionalities to use in WP Multisite
+* remove message in header, current is not fixed the ticked in core and the message on Admin Bar an Notice is enough
+* check on WP 3.3RC1
+
+= 1.6.10 (08/30/2011) =
+* add hint in Admin Bar, if active
+* small changes for WP Codex
+
+= 1.6.9 (06/13/2011) =
+* Small fix for empty string on custom design
+
+= 1.6.8 (04/05/2011) =
+* Small changes on check for datepicker
+* Fix for Design monster
+
+= 1.6.7 (01/05/2011) =
+* Bugfix: new check for files for different themes; hope this fix the server errors
+* Bugfix: fix add default settings
+* Maintenance: different changes on the syntax
+* Feature: add check for Super Admin on WP Multisite; has allways the rights for access
+* Feature: now it is possible to exclude feed from maintenance mode
+* Maintenance: check with 3.0.4 and 3.1-RC2
+* Maintenance: update language file: .pot, de_DE
+* Bugfix: JavaScript error on Bulk Actions on plugins fixed
+* Maintenance: fix all notice, if set no values
+
+= 1.6.6. (10/09/2010) =
+* Maintenance: many changes on the code; $locale and hook in side frontend
+* Maintenance: change attribute_escaped to esc_attr with custom method for WP smaller 2.8
+* Maintenance: Update german language files
+* Feature: Shortcodes is now possible in the "Text" option
+* Feature: no cache header rewrite
+
+= 1.6.5 (09/16/2010) =
+* add new design "Chemistry" by [elmastudio.de](http://www.elmastudio.de/ "elmastudio.de")
+* changes for include methods od class for preview
+* changes the possibility for include of language specific flash files
+
+= 1.6.4 (09/13/2010) =
+* add preview functions
+* bugfix for list in wp-admin/plugins.php
+* remove datepicker.regional - dont work fine
+* different small changes
+* new language file .pot
+* add flash file and change on plugin for style "Animate" for spanish language
+
+= 1.6.3 (07/27/2010) =
+* bugfix to include stylesheet on maintenance mode message
+
+= 1.6.2 (07/08/2010) =
+* add functions for hint in the new UI of WP 3.0
+* add more WP Codex standard source
+* fix strings in the language and languages files
+* add datetimepicker-de
+
+= 1.6.1 (06/18/2010) =
+* fix a problem with https://; see [Ticket #13941](http://core.trac.wordpress.org/ticket/13941)
+
+= 1.6 (05/17/2010) =
+* bugfix for exclude sites
+
+= 1.5.9 (05/07/2010) =
+* change different points
+* add possibility to wotk with MySQLDumper
+
+= 1.5.8 (21/03/2010)=
+* fix exclude error
+* add textareas for heading and header fields
+
+= 1.5.7 (03/18/2010) =
+* block admin-area via role
+* add message for registered users with not enough rights
+* add message on login-page
+* different changes
+
+= 1.5.6 (02/25/2010) =
+* changes on css, site.php and different syntax on the plugin
+
+= 1.5.5 (02/23/2010) =
+* SORRY, small bug for the url to jQuery
+
+= 1.5.4 (02/23/2010) =
+* add time for countdown
+* changes for WP 3.0
+* changees on rights to see frontend
+
+= 1.5.3 (01/05/2010) =
+* Fix for JavaScript with WordPress 2.9
+* Add new custom fields for fronted: title, header, heading
+* Fix for setting userrole to see frontend
+* Change laguage files
+
+= 1.5.2 (01/04/2010) =
+* add user-role setting
+* correctly the de_DE language file
+
+= 1.5.1 (10/04/2009) =
+* add small fix
+* add language files (en_ES, ro_RO)
+
+= 1.5.0 (09/28/2009) =
+* add countdown
+* change options
+* change default options
+* add field for own adress to excerpt of the maintenance mode
+* etc.
+
+= 1.4.9 (07/09/2009) =
+* also ready for WordPress 2.6
+* add romanian language files
+* add italian language file by [Gianni Diurno](http://gidibao.net/ "Gianni Diurno")
+
+= 1.4.8 (03/09/2009) =
+* add design "Damask" by [Fabian Letscher](http://fabianletscher.de/ "Fabian Letscher")
+* add design "Lego" by [Alex Frison](http://www.afrison.com/ "Alex Frison")
+
+= 1.4.7 (26/08/2009) =
+* change doc-type to utf-8 without BOM
+
+= v1.4.6 (24/08/2009) =
+* add design "Animate (Flash)" by [Sebastian Schmiedel](http://www.cayou-media.de/ "Sebastian Schmiedel")
+* add new hook for add content `wm_content` to include flash on content
+* add frensh language files
+
+= v1.4.5 (19/08/2009) =
+* fix html string in text on frontend
+* add design "Paint" by [Marvin Labod](http://bugeyes.de/ "Marvin Labod")
+* add turkey language files
+
+= v1.4.4 (18/08/2009) =
+* add design "Chastely" by [Florian Andreas Vogelmaier](http://fv-web.de/ "Florian Andreas Vogelmaier")
+* add design "Only Typo" by [Robert Pfotenhauer](http://krautsuppe.de/ "Robert Pfotenhauer")
+
+= v1.4.3 (13/08/2009) =
+* add option for the Text
+* add option for active maintenance mode
+* add design "The FF Error" by [Thomas Meschke](http://www.lokalnetz.com/ "Thomas Meschke")
+* add design "Monster" by [Sebastian Sebald](http://www.backseatsurfer.de "Sebastian Sebald")
+
+= v1.4.2 (10/08/2009) =
+* add design "The Sun" by [Nicki Steiger](http://mynicki.net/ "Nicki Steiger")
+* now it is possible to add own css and add in settings the url to the css-file
+
+= v1.4.1 (07/08/2009) =
+* small html-fix
+
+= v1.4 (06/08/2009) =
+* complety new code
+* options menu
+* new designs by [David Hellmann](http://www.davidhellmann.com/ "David Hellmann")

spec/samples/common/models/wp_theme/findable/css_link/relative_urls.html

@@ -1 +1 @@
-<html><head><title>Test</title><link rel="stylesheet" type="text/css" href="/wp-content/themes/theme_name/style.css" /></head><body></body></html>
+<html><head><title>Test</title><link rel="stylesheet" type="text/css" href="/wp-content/themes/theme_name/style.css" /></head><body></body></html>

spec/samples/common/models/wp_theme/findable/css_link/relative_urls_missing_slash.html

@@ -0,0 +1 @@
+<html><head><title>Test</title><link rel="stylesheet" type="text/css" href="wp-content/themes/theme_name/style.css" /></head><body></body></html>

spec/samples/common/models/wp_version/findable/readme/4.7.2.html

@@ -0,0 +1,99 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta name="viewport" content="width=device-width" />
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>WordPress &#8250; ReadMe</title>
+  <link rel="stylesheet" href="wp-admin/css/install.css?ver=20100228" type="text/css" />
+</head>
+<body>
+<h1 id="logo">
+  <a href="https://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
+  <br /> Version 4.7
+</h1>
+<p style="text-align: center">Semantic Personal Publishing Platform</p>
+
+<h2>First Things First</h2>
+<p>Welcome. WordPress is a very special project to me. Every developer and contributor adds something unique to the mix, and together we create something beautiful that I&#8217;m proud to be a part of. Thousands of hours have gone into WordPress, and we&#8217;re dedicated to making it better every day. Thank you for making it part of your world.</p>
+<p style="text-align: right">&#8212; Matt Mullenweg</p>
+
+<h2>Installation: Famous 5-minute install</h2>
+<ol>
+  <li>Unzip the package in an empty directory and upload everything.</li>
+  <li>Open <span class="file"><a href="wp-admin/install.php">wp-admin/install.php</a></span> in your browser. It will take you through the process to set up a <code>wp-config.php</code> file with your database connection details.
+    <ol>
+      <li>If for some reason this doesn&#8217;t work, don&#8217;t worry. It doesn&#8217;t work on all web hosts. Open up <code>wp-config-sample.php</code> with a text editor like WordPad or similar and fill in your database connection details.</li>
+      <li>Save the file as <code>wp-config.php</code> and upload it.</li>
+      <li>Open <span class="file"><a href="wp-admin/install.php">wp-admin/install.php</a></span> in your browser.</li>
+    </ol>
+  </li>
+  <li>Once the configuration file is set up, the installer will set up the tables needed for your blog. If there is an error, double check your <code>wp-config.php</code> file, and try again. If it fails again, please go to the <a href="https://wordpress.org/support/" title="WordPress support">support forums</a> with as much data as you can gather.</li>
+  <li><strong>If you did not enter a password, note the password given to you.</strong> If you did not provide a username, it will be <code>admin</code>.</li>
+  <li>The installer should then send you to the <a href="wp-login.php">login page</a>. Sign in with the username and password you chose during the installation. If a password was generated for you, you can then click on &#8220;Profile&#8221; to change the password.</li>
+</ol>
+
+<h2>Updating</h2>
+<h3>Using the Automatic Updater</h3>
+<p>If you are updating from version 2.7 or higher, you can use the automatic updater:</p>
+<ol>
+  <li>Open <span class="file"><a href="wp-admin/update-core.php">wp-admin/update-core.php</a></span> in your browser and follow the instructions.</li>
+  <li>You wanted more, perhaps? That&#8217;s it!</li>
+</ol>
+
+<h3>Updating Manually</h3>
+<ol>
+  <li>Before you update anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</li>
+  <li>Delete your old WordPress files, saving ones you&#8217;ve modified.</li>
+  <li>Upload the new files.</li>
+  <li>Point your browser to <span class="file"><a href="wp-admin/upgrade.php">/wp-admin/upgrade.php</a>.</span></li>
+</ol>
+
+<h2>Migrating from other systems</h2>
+<p>WordPress can <a href="https://codex.wordpress.org/Importing_Content">import from a number of systems</a>. First you need to get WordPress installed and working as described above, before using <a href="wp-admin/import.php" title="Import to WordPress">our import tools</a>.</p>
+
+<h2>System Requirements</h2>
+<ul>
+  <li><a href="https://secure.php.net/">PHP</a> version <strong>5.2.4</strong> or higher.</li>
+  <li><a href="https://www.mysql.com/">MySQL</a> version <strong>5.0</strong> or higher.</li>
+</ul>
+
+<h3>Recommendations</h3>
+<ul>
+  <li><a href="https://secure.php.net/">PHP</a> version <strong>7</strong> or higher.</li>
+  <li><a href="https://www.mysql.com/">MySQL</a> version <strong>5.6</strong> or higher.</li>
+  <li>The <a href="https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html">mod_rewrite</a> Apache module.</li>
+  <li><a href="https://wordpress.org/news/2016/12/moving-toward-ssl/">HTTPS</a> support.</li>
+  <li>A link to <a href="https://wordpress.org/">wordpress.org</a> on your site.</li>
+</ul>
+
+<h2>Online Resources</h2>
+<p>If you have any questions that aren&#8217;t addressed in this document, please take advantage of WordPress&#8217; numerous online resources:</p>
+<dl>
+  <dt><a href="https://codex.wordpress.org/">The WordPress Codex</a></dt>
+    <dd>The Codex is the encyclopedia of all things WordPress. It is the most comprehensive source of information for WordPress available.</dd>
+  <dt><a href="https://wordpress.org/news/">The WordPress Blog</a></dt>
+    <dd>This is where you&#8217;ll find the latest updates and news related to WordPress. Recent WordPress news appears in your administrative dashboard by default.</dd>
+  <dt><a href="https://planet.wordpress.org/">WordPress Planet</a></dt>
+    <dd>The WordPress Planet is a news aggregator that brings together posts from WordPress blogs around the web.</dd>
+  <dt><a href="https://wordpress.org/support/">WordPress Support Forums</a></dt>
+    <dd>If you&#8217;ve looked everywhere and still can&#8217;t find an answer, the support forums are very active and have a large community ready to help. To help them help you be sure to use a descriptive thread title and describe your question in as much detail as possible.</dd>
+  <dt><a href="https://codex.wordpress.org/IRC">WordPress <abbr title="Internet Relay Chat">IRC</abbr> Channel</a></dt>
+    <dd>There is an online chat channel that is used for discussion among people who use WordPress and occasionally support topics. The above wiki page should point you in the right direction. (<a href="irc://irc.freenode.net/wordpress">irc.freenode.net #wordpress</a>)</dd>
+</dl>
+
+<h2>Final Notes</h2>
+<ul>
+  <li>If you have any suggestions, ideas, or comments, or if you (gasp!) found a bug, join us in the <a href="https://wordpress.org/support/">Support Forums</a>.</li>
+  <li>WordPress has a robust plugin <abbr title="application programming interface">API</abbr> that makes extending the code easy. If you are a developer interested in utilizing this, see the <a href="https://developer.wordpress.org/plugins/">Plugin Developer Handbook</a>. You shouldn&#8217;t modify any of the core code.</li>
+</ul>
+
+<h2>Share the Love</h2>
+<p>WordPress has no multi-million dollar marketing campaign or celebrity sponsors, but we do have something even better&#8212;you. If you enjoy WordPress please consider telling a friend, setting it up for someone less knowledgable than yourself, or writing the author of a media article that overlooks us.</p>
+
+<p>WordPress is the official continuation of <a href="http://cafelog.com/">b2/caf&#233;log</a>, which came from Michel V. The work has been continued by the <a href="https://wordpress.org/about/">WordPress developers</a>. If you would like to support WordPress, please consider <a href="https://wordpress.org/donate/" title="Donate to WordPress">donating</a>.</p>
+
+<h2>License</h2>
+<p>WordPress is free software, and is released under the terms of the <abbr title="GNU General Public License">GPL</abbr> version 2 or (at your option) any later version. See <a href="license.txt">license.txt</a>.</p>
+
+</body>
+</html>

spec/shared_examples/browser/options.rb

@@ -3,14 +3,14 @@
 shared_examples 'Browser::Options' do
 
   describe '#basic_auth=' do
-    let(:exception) { 'Invalid basic authentication format, "login:password" or "Basic base_64_encoded" expected' }
+    let(:exception) { /^Invalid basic authentication format, "login:password" or "Basic base_64_encoded" expected. Your input: .+$/ }
 
     after do
       if @expected
         browser.basic_auth = @auth
         expect(browser.basic_auth).to eq @expected
       else
-        expect { browser.basic_auth = @auth }.to raise_error(exception)
+        expect { browser.basic_auth = @auth }.to raise_error(RuntimeError, exception)
       end
     end
 

spec/shared_examples/web_site/humans_txt.rb

@@ -0,0 +1,108 @@
+# encoding: UTF-8
+
+shared_examples 'WebSite::HumansTxt' do
+  let(:known_dirs) { WebSite::HumansTxt.known_dirs }
+
+  describe '#humans_url' do
+    it 'returns the correct url' do
+      expect(web_site.humans_url).to eql 'http://example.localhost/humans.txt'
+    end
+  end
+
+  describe '#has_humans?' do
+    it 'returns true' do
+      stub_request(:get, web_site.humans_url).to_return(status: 200)
+      expect(web_site.has_humans?).to be_truthy
+    end
+
+    it 'returns false' do
+      stub_request(:get, web_site.humans_url).to_return(status: 404)
+      expect(web_site.has_humans?).to be_falsey
+    end
+  end
+
+  describe '#parse_humans_txt' do
+
+    context 'installed in root' do
+      after :each do
+        stub_request_to_fixture(url: web_site.humans_url, fixture: @fixture)
+        humans = web_site.parse_humans_txt
+        expect(humans).to match_array @expected
+      end
+
+      it 'returns an empty Array (empty humans.txt)' do
+        @fixture = fixtures_dir + '/humans_txt/empty_humans.txt'
+        @expected = []
+      end
+
+      it 'returns an empty Array (invalid humans.txt)' do
+        @fixture = fixtures_dir + '/humans_txt/invalid_humans.txt'
+        @expected = []
+      end
+
+      it 'returns some urls and some strings' do
+        @fixture = fixtures_dir + '/humans_txt/invalid_humans_2.txt'
+        @expected = %w(
+          /ÖÜ()=?
+          http://10.0.0.0/wp-includes/
+          http://example.localhost/asdf/
+          wooooza
+        )
+      end
+
+      it 'returns an Array of urls (valid humans.txt)' do
+        @fixture = fixtures_dir + '/humans_txt/humans.txt'
+        @expected = %w(
+          http://example.localhost/wordpress/admin/
+          http://example.localhost/wordpress/wp-admin/
+          http://example.localhost/wordpress/secret/
+          http://example.localhost/Wordpress/wp-admin/
+          http://example.localhost/wp-admin/tralling-space/
+          http://example.localhost/asdf/
+        )
+      end
+
+      it 'removes duplicate entries from humans.txt test 1' do
+        @fixture = fixtures_dir + '/humans_txt/humans_duplicate_1.txt'
+        @expected = %w(
+          http://example.localhost/wordpress/
+          http://example.localhost/wordpress/admin/
+          http://example.localhost/wordpress/wp-admin/
+          http://example.localhost/wordpress/secret/
+          http://example.localhost/Wordpress/wp-admin/
+          http://example.localhost/wp-admin/tralling-space/
+          http://example.localhost/asdf/
+        )
+      end
+
+      it 'removes duplicate entries from humans.txt test 2' do
+        @fixture = fixtures_dir + '/humans_txt/humans_duplicate_2.txt'
+        @expected = nil
+      end
+    end
+
+    context 'installed in sub directory' do
+      it 'returns an Array of urls (valid humans.txt, WP installed in subdir)' do
+        web_site_sub = WebSite.new('http://example.localhost/wordpress/')
+        fixture = fixtures_dir + '/humans_txt/humans.txt'
+        expected = %w(
+            http://example.localhost/wordpress/admin/
+            http://example.localhost/wordpress/secret/
+            http://example.localhost/Wordpress/wp-admin/
+            http://example.localhost/wp-admin/tralling-space/
+            http://example.localhost/asdf/
+          )
+        stub_request_to_fixture(url: web_site_sub.humans_url, fixture: fixture)
+        humans = web_site_sub.parse_humans_txt
+        expect(humans).to match_array expected
+      end
+    end
+  end
+
+  describe '#known_dirs' do
+    it 'does not contain duplicates' do
+      expect(known_dirs.flatten.uniq.length).to eq known_dirs.length
+    end
+  end
+
+end

spec/shared_examples/web_site/security_txt.rb

@@ -0,0 +1,108 @@
+# encoding: UTF-8
+
+shared_examples 'WebSite::SecurityTxt' do
+  let(:known_dirs) { WebSite::SecurityTxt.known_dirs }
+
+  describe '#security_url' do
+    it 'returns the correct url' do
+      expect(web_site.security_url).to eql 'http://example.localhost/security.txt'
+    end
+  end
+
+  describe '#has_security?' do
+    it 'returns true' do
+      stub_request(:get, web_site.security_url).to_return(status: 200)
+      expect(web_site.has_security?).to be_truthy
+    end
+
+    it 'returns false' do
+      stub_request(:get, web_site.security_url).to_return(status: 404)
+      expect(web_site.has_security?).to be_falsey
+    end
+  end
+
+  describe '#parse_security_txt' do
+
+    context 'installed in root' do
+      after :each do
+        stub_request_to_fixture(url: web_site.security_url, fixture: @fixture)
+        security = web_site.parse_security_txt
+        expect(security).to match_array @expected
+      end
+
+      it 'returns an empty Array (empty security.txt)' do
+        @fixture = fixtures_dir + '/security_txt/empty_security.txt'
+        @expected = []
+      end
+
+      it 'returns an empty Array (invalid security.txt)' do
+        @fixture = fixtures_dir + '/security_txt/invalid_security.txt'
+        @expected = []
+      end
+
+      it 'returns some urls and some strings' do
+        @fixture = fixtures_dir + '/security_txt/invalid_security_2.txt'
+        @expected = %w(
+          /ÖÜ()=?
+          http://10.0.0.0/wp-includes/
+          http://example.localhost/asdf/
+          wooooza
+        )
+      end
+
+      it 'returns an Array of urls (valid security.txt)' do
+        @fixture = fixtures_dir + '/security_txt/security.txt'
+        @expected = %w(
+          http://example.localhost/wordpress/admin/
+          http://example.localhost/wordpress/wp-admin/
+          http://example.localhost/wordpress/secret/
+          http://example.localhost/Wordpress/wp-admin/
+          http://example.localhost/wp-admin/tralling-space/
+          http://example.localhost/asdf/
+        )
+      end
+
+      it 'removes duplicate entries from security.txt test 1' do
+        @fixture = fixtures_dir + '/security_txt/security_duplicate_1.txt'
+        @expected = %w(
+          http://example.localhost/wordpress/
+          http://example.localhost/wordpress/admin/
+          http://example.localhost/wordpress/wp-admin/
+          http://example.localhost/wordpress/secret/
+          http://example.localhost/Wordpress/wp-admin/
+          http://example.localhost/wp-admin/tralling-space/
+          http://example.localhost/asdf/
+        )
+      end
+
+      it 'removes duplicate entries from security.txt test 2' do
+        @fixture = fixtures_dir + '/security_txt/security_duplicate_2.txt'
+        @expected = nil
+      end
+    end
+
+    context 'installed in sub directory' do
+      it 'returns an Array of urls (valid security.txt, WP installed in subdir)' do
+        web_site_sub = WebSite.new('http://example.localhost/wordpress/')
+        fixture = fixtures_dir + '/security_txt/security.txt'
+        expected = %w(
+            http://example.localhost/wordpress/admin/
+            http://example.localhost/wordpress/secret/
+            http://example.localhost/Wordpress/wp-admin/
+            http://example.localhost/wp-admin/tralling-space/
+            http://example.localhost/asdf/
+          )
+        stub_request_to_fixture(url: web_site_sub.security_url, fixture: fixture)
+        security = web_site_sub.parse_security_txt
+        expect(security).to match_array expected
+      end
+    end
+  end
+
+  describe '#known_dirs' do
+    it 'does not contain duplicates' do
+      expect(known_dirs.flatten.uniq.length).to eq known_dirs.length
+    end
+  end
+
+end

spec/shared_examples/wp_item_infos.rb

@@ -16,7 +16,7 @@ shared_examples 'WpItem::Infos' do
     end
 
     context 'when the file exists' do
-      %w{readme.txt README.TXT}.each do |readme|
+      %w{readme.txt readme.md}.each do |readme|
         it 'returns the correct url' do
           url       = uri.merge(readme).to_s
           @expected = url
@@ -48,25 +48,42 @@ shared_examples 'WpItem::Infos' do
   end
 
   describe '#changelog_url' do
-    it 'returns the correct url' do
-      expect(subject.changelog_url).to eq changelog_url
+    after { expect(subject.changelog_url).to eql @expected }
+
+    it 'returns nil' do
+      stub_request(:get, /.*/).to_return(status: 404)
+      @expected = nil
+    end
+
+    context 'when the file exists' do
+      %w{changelog.txt CHANGELOG.md}.each do |changelog|
+        it 'returns the correct url' do
+          url       = uri.merge(changelog).to_s
+          @expected = url
+
+          stub_request(:get, %r{^(?!#{url})}).to_return(status: 404)
+          stub_request(:get, url).to_return(status: 200)
+        end
+      end
     end
   end
 
   describe '#has_changelog?' do
-    after :each do
-      stub_request(:get, subject.changelog_url).to_return(status: @status)
+    after do
+      allow(subject).to receive_messages(changelog_url: @stub)
       expect(subject.has_changelog?).to eql @expected
     end
 
-    it 'returns true on a 200' do
-      @status   = 200
-      @expected = true
+    context 'when changelog_url is nil'
+    it 'returns false' do
+      @stub     = nil
+      @expected = false
     end
 
-    it 'returns false otherwise' do
-      @status   = 404
-      @expected = false
+    context 'when changelog_url is not nil'
+    it 'returns true' do
+      @stub     = uri.merge('changelog.txt').to_s
+      @expected = true
     end
   end
 

spec/shared_examples/wp_item_versionable.rb

@@ -138,6 +138,13 @@ shared_examples 'WpItem::Versionable' do
             @expected = nil
           end
         end
+
+        #  context 'when parsing the changelog for version numbers with dates' do
+        #   it 'returns it' do
+        #     @file     = '/wp-maintenance-mode.txt'
+        #     @expected = '2.0.9'
+        #   end
+        # end
       end
     end
   end

spec/shared_examples/wp_item_vulnerable.rb

@@ -13,7 +13,7 @@ shared_examples 'WpItem::Vulnerable' do
     let(:empty_file) { MODELS_FIXTURES + '/wp_item/vulnerable/empty.json' }
 
     before do
-      stub_request(:get, /.*\/readme\.txt/i)
+      stub_request(:get, /.*\/readme\.(?:txt|md)/i)
       stub_request(:get, /.*\/style\.css/i)
     end
 
@@ -94,7 +94,7 @@ shared_examples 'WpItem::Vulnerable' do
 
     context 'no version found in wp_item' do
       before do
-        stub_request(:get, /.*\/readme\.txt/i).to_return(status: 404)
+        stub_request(:get, /.*\/readme\.(?:txt|md)/i).to_return(status: 404)
         stub_request(:get, /.*\/style\.css/i).to_return(status: 404)
       end
 

wpscan.rb

@@ -8,19 +8,55 @@ $exit_code = 0
 require File.join(__dir__, 'lib', 'wpscan', 'wpscan_helper')
 
 def main
-  # delete old logfile, check if it is a symlink first.
-  File.delete(LOG_FILE) if File.exist?(LOG_FILE) and !File.symlink?(LOG_FILE)
-
   begin
     wpscan_options = WpscanOptions.load_from_arguments
+    date = last_update
 
     $log = wpscan_options.log
 
+    # some sanity checks
+    if $log
+      if $log.empty?
+        $log = DEFAULT_LOG_FILE
+      end
+
+      # translate to full path if no starting / detected
+      if $log !~ /^#{File::SEPARATOR}/
+        $log = File.join(ROOT_DIR, $log)
+      end
+
+      # check if file exists and has a size greater zero
+      if File.exist?($log) && File.size?($log)
+        puts notice("The supplied log file #{$log} already exists. If you continue the new output will be appended.")
+        print '[?] Do you want to continue? [Y]es [N]o, default: [N] >'
+        if Readline.readline !~ /^y/i
+          # unset logging so puts will try to log to the file
+          $log = nil
+          puts notice('Scan aborted')
+          exit(1)
+        end
+      end
+
+      # check if we can write the file
+      begin
+        File.open($log, 'a')
+      rescue SystemCallError => e
+        # unset logging so puts will try to log to the file
+        temp = $log
+        $log = nil
+        puts critical("Error with logfile #{temp}:")
+        puts critical(e)
+        exit(1)
+      end
+    end
+
     banner() unless wpscan_options.no_banner # called after $log set
 
     unless wpscan_options.has_options?
       # first parameter only url?
       if ARGV.length == 1
+        puts
+        puts notice("Please use '-u #{ARGV[0]}' next time")
         wpscan_options.url = ARGV[0]
       else
         usage()
@@ -39,8 +75,7 @@ def main
 
     if wpscan_options.version
       puts "Current version: #{WPSCAN_VERSION}"
-      date = last_update
-      puts "Last DB update: #{date.strftime('%Y-%m-%d')}" unless date.nil?
+      puts "Last database update: #{date.strftime('%Y-%m-%d')}" unless date.nil?
       exit(0)
     end
 
@@ -50,28 +85,44 @@ def main
       wpscan_options.to_h.merge(max_threads: wpscan_options.threads)
     )
 
-    # check if db file needs upgrade and we are not running in batch mode
-    # also no need to check if the user supplied the --update switch
-    if update_required? && !wpscan_options.batch && !wpscan_options.update
-      puts notice('It seems like you have not updated the database for some time.')
-      print '[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]'
-      if (input = Readline.readline) =~ /^y/i
+    # Check if database needs upgrade (if its older than 5 days) and we are not running in --batch mode
+    # Also no need to check if the user supplied the --update switch
+    if update_required? and not wpscan_options.batch and not wpscan_options.update
+      # Banner
+      puts
+      puts notice('It seems like you have not updated the database for some time')
+      puts notice("Last database update: #{date.strftime('%Y-%m-%d')}") unless date.nil?
+
+      # User prompt
+      print '[?] Do you want to update now? [Y]es  [N]o  [A]bort update, default: [N] > '
+      if (input = Readline.readline) =~ /^a/i
+        puts 'Update aborted'
+      elsif input =~ /^y/i
         wpscan_options.update = true
-      elsif input =~ /^a/i
-        puts 'Scan aborted'
-        exit(1)
-      else
-        if missing_db_file?
-          puts critical('You can not run a scan without any databases. Extract the data.zip file.')
+      end
+
+      # Is there a database to go on with?
+      if missing_db_files? and not wpscan_options.update
+        # Check for data.zip
+        if has_db_zip?
+          puts notice('Extracting the Database ...')
+          # Extract data.zip
+          extract_db_zip
+          puts notice('Extraction completed')
+        # Missing, so can't go on!
+        else
+          puts critical('You can not run a scan without any databases')
           exit(1)
         end
       end
     end
 
+    # Should we update?
     if wpscan_options.update
       puts notice('Updating the Database ...')
       DbUpdater.new(DATA_DIR).update(wpscan_options.verbose)
-      puts notice('Update completed.')
+      puts notice('Update completed')
+
       # Exit program if only option --update is used
       exit(0) unless wpscan_options.url
     end
@@ -87,12 +138,18 @@ def main
     end
 
     if wp_target.ssl_error?
-      raise "The target site returned an SSL/TLS error. You can try again using the --disable-tls-checks option.\nError: #{wp_target.get_root_path_return_code}\nSee here for a detailed explanation of the error: http://www.rubydoc.info/github/typhoeus/ethon/Ethon/Easy:return_code"
+      raise "The target site returned an SSL/TLS error. You can try again using --disable-tls-checks\nError: #{wp_target.get_root_path_return_code}\nSee here for a detailed explanation of the error: http://www.rubydoc.info/github/typhoeus/ethon/Ethon/Easy:return_code"
     end
 
     # Remote website up?
     unless wp_target.online?
-      raise "The WordPress URL supplied '#{wp_target.uri}' seems to be down. Maybe the site is blocking wpscan so you can try the --random-agent parameter."
+      if wpscan_options.user_agent
+        puts info("User-Agent: #{wpscan_options.user_agent}")
+        raise "The WordPress URL supplied '#{wp_target.uri}' seems to be down. Maybe the site is blocking the user-agent?"
+      else
+        raise "The WordPress URL supplied '#{wp_target.uri}' seems to be down. Maybe the site is blocking the wpscan user-agent, so you can try --random-agent"
+      end
+
     end
 
     if wpscan_options.proxy
@@ -112,7 +169,7 @@ def main
           puts "Following redirection #{redirection}"
         else
           puts notice("The remote host tried to redirect to: #{redirection}")
-          print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
+          print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N] >'
         end
         if wpscan_options.follow_redirection || !wpscan_options.batch
           if wpscan_options.follow_redirection || (input = Readline.readline) =~ /^y/i
@@ -141,7 +198,7 @@ def main
     # Remote website is wordpress?
     unless wpscan_options.force
       unless wp_target.wordpress?
-        raise 'The remote website is up, but does not seem to be running WordPress.'
+        raise 'The remote website is up, but does not seem to be running WordPress. If you are sure, use --force'
       end
     end
 
@@ -163,36 +220,9 @@ def main
     start_memory = get_memory_usage unless windows?
     puts info("URL: #{wp_target.url}")
     puts info("Started: #{start_time.asctime}")
+    puts info("User-Agent: #{wpscan_options.user_agent}") if wpscan_options.verbose and wpscan_options.user_agent
     puts
 
-    if wp_target.has_robots?
-      puts info("robots.txt available under: '#{wp_target.robots_url}'")
-
-      wp_target.parse_robots_txt.each do |dir|
-        puts info("Interesting entry from robots.txt: #{dir}")
-      end
-    end
-
-    if wp_target.has_readme?
-      puts warning("The WordPress '#{wp_target.readme_url}' file exists exposing a version number")
-    end
-
-    if wp_target.has_full_path_disclosure?
-      puts warning("Full Path Disclosure (FPD) in '#{wp_target.full_path_disclosure_url}': #{wp_target.full_path_disclosure_data}")
-    end
-
-    if wp_target.has_debug_log?
-      puts critical("Debug log file found: #{wp_target.debug_log_url}")
-    end
-
-    wp_target.config_backup.each do |file_url|
-      puts critical("A wp-config.php backup file has been found in: '#{file_url}'")
-    end
-
-    if wp_target.search_replace_db_2_exists?
-      puts critical("searchreplacedb2.php has been found in: '#{wp_target.search_replace_db_2_url}'")
-    end
-
     wp_target.interesting_headers.each do |header|
       output = info('Interesting header: ')
 
@@ -205,6 +235,66 @@ def main
       end
     end
 
+    if wp_target.has_robots?
+      code = get_http_status(wp_target.robots_url)
+      puts info("robots.txt available under: #{wp_target.robots_url}   [HTTP #{code}]")
+
+      wp_target.parse_robots_txt.each do |dir|
+        code = get_http_status(dir)
+        puts info("Interesting entry from robots.txt: #{dir}   [HTTP #{code}]")
+      end
+    end
+
+    if wp_target.has_sitemap?
+      code = get_http_status(wp_target.sitemap_url)
+      puts info("Sitemap found: #{wp_target.sitemap_url}   [HTTP #{code}]")
+
+      wp_target.parse_sitemap.each do |dir|
+        code = get_http_status(dir)
+        puts info("Sitemap entry: #{dir}   [HTTP #{code}]")
+      end
+    end
+
+    code = get_http_status(wp_target.humans_url)
+    if code == 200
+      puts info("humans.txt available under: #{wp_target.humans_url}   [HTTP #{code}]")
+
+      parse_txt(wp_target.humans_url).each do |dir|
+        puts info("Entry from humans.txt: #{dir}")
+      end
+    end
+
+    code = get_http_status(wp_target.security_url)
+    if code == 200
+      puts info("security.txt available under: #{wp_target.security_url}   [HTTP #{code}]")
+
+      parse_txt(wp_target.security_url).each do |dir|
+        puts info("Entry from security.txt: #{dir}")
+      end
+    end
+
+    unless wp_target.sql_file_export.empty?
+      wp_target.sql_file_export.each do |file|
+        puts critical("SQL export file found: #{file}")
+      end
+    end
+
+    if wp_target.has_debug_log?
+      puts critical("Debug log file found: #{wp_target.debug_log_url}")
+    end
+
+    wp_target.config_backup.each do |file_url|
+      puts critical("A wp-config.php backup file has been found in: #{file_url}")
+    end
+
+    if wp_target.search_replace_db_2_exists?
+      puts critical("searchreplacedb2.php has been found in: #{wp_target.search_replace_db_2_url}")
+    end
+
+    if wp_target.emergency_exists?
+      puts critical("emergency.php has been found in: #{wp_target.emergency_url}")
+    end
+
     if wp_target.multisite?
       puts info('This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)')
     end
@@ -213,12 +303,35 @@ def main
       puts info("This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)")
     end
 
-    if wp_target.registration_enabled?
-      puts warning("Registration is enabled: #{wp_target.registration_url}")
+    if wp_target.has_xml_rpc?
+      code = get_http_status(wp_target.xml_rpc_url)
+      puts info("XML-RPC Interface available under: #{wp_target.xml_rpc_url}   [HTTP #{code}]")
     end
 
-    if wp_target.has_xml_rpc?
-      puts info("XML-RPC Interface available under: #{wp_target.xml_rpc_url}")
+    # Test to see if MAIN API URL gives anything back
+    if wp_target.has_api?(wp_target.json_url)
+      code = get_http_status(wp_target.json_url)
+      puts info("API exposed: #{wp_target.json_url}   [HTTP #{code}]")
+
+      # Test to see if USER API URL gives anything back
+      if wp_target.has_api?(wp_target.json_users_url)
+        # Print users from JSON
+        wp_target.json_get_users(wp_target.json_users_url)
+      end
+    end
+
+    # Get RSS
+    rss = wp_target.rss_url
+    if rss
+      code = get_http_status(rss)
+      puts info("Found an RSS Feed: #{rss}   [HTTP #{code}]")
+
+      # Print users from RSS feed
+      wp_target.rss_authors(rss)
+    end
+
+    if wp_target.has_full_path_disclosure?
+      puts warning("Full Path Disclosure (FPD) in '#{wp_target.full_path_disclosure_url}': #{wp_target.full_path_disclosure_data}")
     end
 
     if wp_target.upload_directory_listing_enabled?
@@ -233,13 +346,20 @@ def main
       show_progression: true,
       exclude_content: wpscan_options.exclude_content_based
     }
+    
+    puts
+    puts info('Enumerating WordPress version ...')
+    if (wp_version = wp_target.version(WP_VERSIONS_FILE))
+      if wp_target.has_readme? && VersionCompare::lesser?(wp_version.identifier, '4.7')
+        puts warning("The WordPress '#{wp_target.readme_url}' file exists exposing a version number")
+      end
 
-    if wp_version = wp_target.version(WP_VERSIONS_FILE)
       wp_version.output(wpscan_options.verbose)
     else
       puts
       puts notice('WordPress version can not be detected')
     end
+    
 
     if wp_theme = wp_target.theme
       puts
@@ -258,7 +378,7 @@ def main
         parent.output(wpscan_options.verbose)
         wp_theme = parent
       end
-
+      
     end
 
     if wpscan_options.enumerate_plugins == nil and wpscan_options.enumerate_only_vulnerable_plugins == nil
@@ -267,14 +387,11 @@ def main
 
       wp_plugins = WpPlugins.passive_detection(wp_target)
       if !wp_plugins.empty?
-        if wp_plugins.size == 1
-          puts " | #{wp_plugins.size} plugin found:"
-        else
-          puts " | #{wp_plugins.size} plugins found:"
-        end
+        grammar = grammar_s(wp_plugins.size)
+        puts " | #{wp_plugins.size} plugin#{grammar} found:"
         wp_plugins.output(wpscan_options.verbose)
       else
-        puts info('No plugins found')
+        puts info('No plugins found passively')
       end
     end
 
@@ -306,12 +423,14 @@ def main
 
       puts
       if !wp_plugins.empty?
-        puts info("We found #{wp_plugins.size} plugins:")
+        grammar = grammar_s(wp_plugins.size)
+        puts info("We found #{wp_plugins.size} plugin#{grammar}:")
 
         wp_plugins.output(wpscan_options.verbose)
       else
         puts info('No plugins found')
       end
+      
     end
 
     # Enumerate installed themes
@@ -341,12 +460,14 @@ def main
       )
       puts
       if !wp_themes.empty?
-        puts info("We found #{wp_themes.size} themes:")
+        grammar = grammar_s(wp_themes.size)
+        puts info("We found #{wp_themes.size} theme#{grammar}:")
 
         wp_themes.output(wpscan_options.verbose)
       else
         puts info('No themes found')
       end
+      
     end
 
     if wpscan_options.enumerate_timthumbs
@@ -356,18 +477,20 @@ def main
 
       wp_timthumbs = WpTimthumbs.aggressive_detection(wp_target,
         enum_options.merge(
-          file: DATA_DIR + '/timthumbs.txt',
+          file: TIMTHUMBS_FILE,
           theme_name: wp_theme ? wp_theme.name : nil
         )
       )
       puts
       if !wp_timthumbs.empty?
-        puts info("We found #{wp_timthumbs.size} timthumb file/s:")
+        grammar = grammar_s(wp_timthumbs.size)
+        puts info("We found #{wp_timthumbs.size} timthumb file#{grammar}:")
 
         wp_timthumbs.output(wpscan_options.verbose)
       else
         puts info('No timthumb files found')
       end
+      
     end
 
     # If we haven't been supplied a username/usernames list, enumerate them...
@@ -395,7 +518,8 @@ def main
           exit(1)
         end
       else
-        puts info("Identified the following #{wp_users.size} user/s:")
+        grammar = grammar_s(wp_users.size)
+        puts info("We identified the following #{wp_users.size} user#{grammar}:")
         wp_users.output(margin_left: ' ' * 4)
         if wp_users[0].login == "admin"
            puts warning("Default first WordPress username 'admin' is still used")
@@ -405,10 +529,12 @@ def main
     else
       wp_users = WpUsers.new
 
+      # Username file?
       if wpscan_options.usernames
         File.open(wpscan_options.usernames).each do |username|
           wp_users << WpUser.new(wp_target.uri, login: username.chomp)
         end
+      # Single username?
       else
         wp_users << WpUser.new(wp_target.uri, login: wpscan_options.username)
       end
@@ -418,7 +544,6 @@ def main
     bruteforce = true
     if wpscan_options.wordlist
       if wp_target.has_login_protection?
-
         protection_plugin = wp_target.login_protection_plugin()
 
         puts
@@ -444,6 +569,7 @@ def main
       else
         puts critical('Brute forcing aborted')
       end
+      
     end
 
     stop_time   = Time.now
@@ -452,9 +578,9 @@ def main
 
     puts
     puts info("Finished: #{stop_time.asctime}")
-    puts info("Requests Done: #{@total_requests_done}")
-    puts info("Memory used: #{used_memory.bytes_to_human}") unless windows?
     puts info("Elapsed time: #{Time.at(elapsed).utc.strftime('%H:%M:%S')}")
+    puts info("Requests made: #{@total_requests_done}")
+    puts info("Memory used: #{used_memory.bytes_to_human}") unless windows?
 
   # do nothing on interrupt
   rescue Interrupt
@@ -464,13 +590,18 @@ def main
     puts critical(e.message)
 
     if e.file
+      puts critical("Current Version: #{WPSCAN_VERSION}")
       puts critical('Downloaded File Content:')
-      puts e.file[0..500]
+      puts e.file[0..500] # print first 500 chars
       puts '.........'
+      puts e.file[-500..-1] || e.file # print last 500 chars or the whole file if it's < 500
       puts
     end
 
-    puts critical('Please submit this info as an Github issue')
+    puts critical('Some hints to help you with this issue:')
+    puts critical('-) Try updating again using --verbose')
+    puts critical('-) If you see SSL/TLS related error messages you have to fix your local TLS setup')
+    puts critical('-) Windows is still not supported')
     exit(1)
   rescue => e
     puts
@@ -482,10 +613,13 @@ def main
     end
     exit(1)
   ensure
-    # Ensure a clean abort of Hydra
-    # See https://github.com/wpscanteam/wpscan/issues/461#issuecomment-42735615
-    Browser.instance.hydra.abort
-    Browser.instance.hydra.run
+    # Make sure there was an argument
+    if ARGV.length != 0
+      # Ensure a clean abort of Hydra
+      # See https://github.com/wpscanteam/wpscan/issues/461#issuecomment-42735615
+      Browser.instance.hydra.abort
+      Browser.instance.hydra.run
+    end
   end
 end