Bumps version

Added username enumeration instructions

.rspec

@@ -1,2 +1,3 @@
 --color
 --fail-fast
+--require spec_helper

.ruby-version

@@ -1 +1 @@
-2.5.3
+2.6.0

.simplecov

@@ -0,0 +1,4 @@
+SimpleCov.start do
+  add_filter '/spec/'
+  add_filter 'helper'
+end

.travis.yml

@@ -20,10 +20,11 @@ rvm:
   - 2.5.1
   - 2.5.2
   - 2.5.3
+  - 2.6.0
   - ruby-head
 before_install:
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
-  - "gem update --system"
+  - gem update --system
 matrix:
   allow_failures:
     - rvm: ruby-head

LICENSE

@@ -1,6 +1,6 @@
 WPScan Public Source License
 
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2019 WPScan Team.
 
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 
@@ -8,7 +8,7 @@ Cases that include commercialization of WPScan require a commercial, non-free li
 
 1.1 “License” means this document.
 1.2 “Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
-1.3 “WPScan Team” means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
+1.3 “WPScan Team” means WPScan’s core developers.
 
 2. Commercialization
 
@@ -29,8 +29,6 @@ Example cases which do not require a commercial license, and thus fall under the
 
 If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
 
-We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
-
 Free-use Terms and Conditions;
 
 3. Redistribution

README.md

@@ -35,6 +35,17 @@ bundle install && rake install
 
 Pull the repo with ```docker pull wpscanteam/wpscan```
 
+Enumerating usernames
+```
+docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u
+```
+
+Enumerating a range of usernames
+```
+docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-100
+```
+** replace u1-100 with a range of your choice.
+
 # Usage
 
 ```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
@@ -69,6 +80,19 @@ url: 'http://target.tld'
 
 Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
 
+
+Enumerating usernames
+```
+wpscan --url https://target.tld/ --enumerate u
+```
+
+Enumerating a range of usernames
+```
+wpscan --url https://target.tld/ --enumerate u1-100
+```
+** replace u1-100 with a range of your choice.
+
+
 # PROJECT HOME
 
 [https://wpscan.org](https://wpscan.org)
@@ -81,7 +105,7 @@ Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v
 
 ## WPScan Public Source License
 
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2019 WPScan Team.
 
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 
@@ -91,7 +115,7 @@ Cases that include commercialization of WPScan require a commercial, non-free li
 
 1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
 
-1.3 "WPScan Team" means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
+1.3 "WPScan Team" means WPScan’s core developers.
 
 ### 2. Commercialization
 
@@ -112,8 +136,6 @@ Example cases which do not require a commercial license, and thus fall under the
 
 If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
 
-We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
-
 Free-use Terms and Conditions;
 
 ### 3. Redistribution

app/finders/interesting_findings/backup_db.rb

@@ -11,7 +11,7 @@ module WPScan
 
           return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
 
-          WPScan::InterestingFinding.new(
+          WPScan::BackupDB.new(
             url,
             confidence: 70,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/debug_log.rb

@@ -9,9 +9,10 @@ module WPScan
 
           return unless target.debug_log?(path)
 
-          WPScan::InterestingFinding.new(
+          WPScan::DebugLog.new(
             target.url(path),
-            confidence: 100, found_by: DIRECT_ACCESS
+            confidence: 100, found_by: DIRECT_ACCESS,
+            references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
           )
         end
       end

app/finders/interesting_findings/duplicator_installer_log.rb

@@ -10,7 +10,7 @@ module WPScan
 
           return unless res.body =~ /DUPLICATOR INSTALL-LOG/
 
-          WPScan::InterestingFinding.new(
+          WPScan::DuplicatorInstallerLog.new(
             url,
             confidence: 100,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/emergency_pwd_reset_script.rb

@@ -10,7 +10,7 @@ module WPScan
 
           return unless res.code == 200 && !target.homepage_or_404?(res)
 
-          WPScan::InterestingFinding.new(
+          WPScan::EmergencyPwdResetScript.new(
             url,
             confidence: res.body =~ /password/i ? 100 : 40,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/full_path_disclosure.rb

@@ -10,11 +10,12 @@ module WPScan
 
           return if fpd_entries.empty?
 
-          WPScan::InterestingFinding.new(
+          WPScan::FullPathDisclosure.new(
             target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,
-            interesting_entries: fpd_entries
+            interesting_entries: fpd_entries,
+            references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' }
           )
         end
       end

app/finders/interesting_findings/mu_plugins.rb

@@ -12,7 +12,7 @@ module WPScan
 
             url = target.url('wp-content/mu-plugins/')
 
-            return WPScan::InterestingFinding.new(
+            return WPScan::MuPlugins.new(
               url,
               confidence: 70,
               found_by: 'URLs In Homepage (Passive Detection)',
@@ -35,7 +35,7 @@ module WPScan
 
           target.mu_plugins = true
 
-          WPScan::InterestingFinding.new(
+          WPScan::MuPlugins.new(
             url,
             confidence: 80,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/multisite.rb

@@ -15,7 +15,7 @@ module WPScan
 
           target.multisite = true
 
-          WPScan::InterestingFinding.new(
+          WPScan::Multisite.new(
             url,
             confidence: 100,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/readme.rb

@@ -10,7 +10,7 @@ module WPScan
             res = Browser.get(url)
 
             if res.code == 200 && res.body =~ /wordpress/i
-              return WPScan::InterestingFinding.new(url, confidence: 100, found_by: DIRECT_ACCESS)
+              return WPScan::Readme.new(url, confidence: 100, found_by: DIRECT_ACCESS)
             end
           end
           nil

app/finders/interesting_findings/registration.rb

@@ -18,7 +18,7 @@ module WPScan
 
           target.registration_enabled = true
 
-          WPScan::InterestingFinding.new(
+          WPScan::Registration.new(
             res.effective_url,
             confidence: 100,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/tmm_db_migrate.rb

@@ -11,7 +11,7 @@ module WPScan
 
           return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
 
-          WPScan::InterestingFinding.new(
+          WPScan::TmmDbMigrate.new(
             url,
             confidence: 100,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/upload_directory_listing.rb

@@ -11,7 +11,7 @@ module WPScan
 
           url = target.url(path)
 
-          WPScan::InterestingFinding.new(
+          WPScan::UploadDirectoryListing.new(
             url,
             confidence: 100,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/upload_sql_dump.rb

@@ -3,7 +3,7 @@ module WPScan
     module InterestingFindings
       # UploadSQLDump finder
       class UploadSQLDump < CMSScanner::Finders::Finder
-        SQL_PATTERN = /(?:(?:(?:DROP|CREATE) TABLE)|INSERT INTO)/
+        SQL_PATTERN = /(?:(?:(?:DROP|CREATE) TABLE)|INSERT INTO)/.freeze
 
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
@@ -12,7 +12,7 @@ module WPScan
 
           return unless res.code == 200 && res.body =~ SQL_PATTERN
 
-          WPScan::InterestingFinding.new(
+          WPScan::UploadSQLDump.new(
             url,
             confidence: 100,
             found_by: DIRECT_ACCESS

app/finders/main_theme/woo_framework_meta_generator.rb

@@ -3,9 +3,9 @@ module WPScan
     module MainTheme
       # From the WooFramework meta generators
       class WooFrameworkMetaGenerator < CMSScanner::Finders::Finder
-        THEME_PATTERN     = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?"\s+/?>}
+        THEME_PATTERN     = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?"\s+/?>}.freeze
-        FRAMEWORK_PATTERN = %r{<meta name="generator" content="WooFramework\s?([^"]+)?"\s+/?>}
+        FRAMEWORK_PATTERN = %r{<meta name="generator" content="WooFramework\s?([^"]+)?"\s+/?>}.freeze
-        PATTERN           = /#{THEME_PATTERN}\s+#{FRAMEWORK_PATTERN}/i
+        PATTERN           = /#{THEME_PATTERN}\s+#{FRAMEWORK_PATTERN}/i.freeze
 
         def passive(opts = {})
           return unless target.homepage_res.body =~ PATTERN

app/finders/users.rb

@@ -4,6 +4,7 @@ require_relative 'users/oembed_api'
 require_relative 'users/rss_generator'
 require_relative 'users/author_id_brute_forcing'
 require_relative 'users/login_error_messages'
+require_relative 'users/yoast_seo_author_sitemap.rb'
 
 module WPScan
   module Finders
@@ -19,6 +20,7 @@ module WPScan
             Users::WpJsonApi.new(target) <<
             Users::OembedApi.new(target) <<
             Users::RSSGenerator.new(target) <<
+            Users::YoastSeoAuthorSitemap.new(target) <<
             Users::AuthorIdBruteForcing.new(target) <<
             Users::LoginErrorMessages.new(target)
         end

app/finders/users/oembed_api.rb

@@ -14,29 +14,35 @@ module WPScan
 
         # @param [ Hash ] opts
         #
-        # TODO: make this code pretty :x
-        #
         # @return [ Array<User> ]
         def aggressive(_opts = {})
-          found        = []
-          found_by_msg = 'Oembed API - %s (Aggressive Detection)'
-
           oembed_data = JSON.parse(Browser.get(api_url).body)
+          details     = user_details_from_oembed_data(oembed_data)
+
+          return [] unless details
+
+          [CMSScanner::User.new(details[0],
+                                found_by: format(found_by_msg, details[1]),
+                                confidence: details[2],
+                                interesting_entries: [api_url])]
+        rescue JSON::ParserError
+          []
+        end
+
+        def user_details_from_oembed_data(oembed_data)
+          return unless oembed_data
 
           if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
             details = [Regexp.last_match[1], 'Author URL', 90]
           elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?
-            details = [oembed_data['author_name'].delete(' '), 'Author Name', 70]
+            details = [oembed_data['author_name'], 'Author Name', 70]
           end
 
-          return unless details
+          details
+        end
 
-          found << CMSScanner::User.new(details[0],
+        def found_by_msg
-                                        found_by: format(found_by_msg, details[1]),
+          'Oembed API - %s (Aggressive Detection)'
-                                        confidence: details[2],
-                                        interesting_entries: [api_url])
-        rescue JSON::ParserError
-          found
         end
 
         # @return [ String ] The URL of the API listing the Users

app/finders/users/yoast_seo_author_sitemap.rb

@@ -0,0 +1,34 @@
+module WPScan
+  module Finders
+    module Users
+      # The YOAST SEO plugin has an author-sitemap.xml which can leak usernames
+      # See https://github.com/wpscanteam/wpscan/issues/1228
+      class YoastSeoAuthorSitemap < CMSScanner::Finders::Finder
+        # @param [ Hash ] opts
+        #
+        # @return [ Array<User> ]
+        def aggressive(_opts = {})
+          found = []
+
+          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
+            username = user_tag.text.to_s[%r{/author/([^\/]+)/}, 1]
+
+            next unless username && !username.strip.empty?
+
+            found << CMSScanner::User.new(username,
+                                          found_by: found_by,
+                                          confidence: 100,
+                                          interesting_entries: [sitemap_url])
+          end
+
+          found
+        end
+
+        # @return [ String ] The URL of the author-sitemap
+        def sitemap_url
+          @sitemap_url ||= target.url('author-sitemap.xml')
+        end
+      end
+    end
+  end
+end

app/models/interesting_finding.rb

@@ -3,4 +3,43 @@ module WPScan
   class InterestingFinding < CMSScanner::InterestingFinding
     include References
   end
+
+  #
+  # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
+  #
+  class BackupDB < InterestingFinding
+  end
+
+  class DebugLog < InterestingFinding
+  end
+
+  class DuplicatorInstallerLog < InterestingFinding
+  end
+
+  class EmergencyPwdResetScript < InterestingFinding
+  end
+
+  class FullPathDisclosure < InterestingFinding
+  end
+
+  class MuPlugins < InterestingFinding
+  end
+
+  class Multisite < InterestingFinding
+  end
+
+  class Readme < InterestingFinding
+  end
+
+  class Registration < InterestingFinding
+  end
+
+  class TmmDbMigrate < InterestingFinding
+  end
+
+  class UploadDirectoryListing < InterestingFinding
+  end
+
+  class UploadSQLDump < InterestingFinding
+  end
 end

app/models/wp_version.rb

@@ -53,7 +53,12 @@ module WPScan
 
     # @return [ String ]
     def release_date
-      @release_date ||= db_data['release_date']
+      @release_date ||= db_data['release_date'] || 'Unknown'
+    end
+
+    # @return [ String ]
+    def status
+      @status ||= db_data['status'] || 'Unknown'
     end
   end
 end

app/views/cli/wp_version/version.erb

@@ -1,5 +1,5 @@
 <% if @version -%>
-<%= info_icon %> WordPress version <%= @version.number %> identified (Released on <%= @version.release_date %>).
+<%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.capitalize %>, released on <%= @version.release_date %>).
 <%= render('@finding', item: @version) -%>
 <% else -%>
 <%= notice_icon %> The WordPress version could not be detected.

app/views/json/wp_version/version.erb

@@ -2,6 +2,7 @@
 "version": {
   "number": <%= @version.number.to_json %>,
   "release_date": <%= @version.release_date.to_json %>,
+  "status": <%= @version.status.to_json %>,
   <%= render('@finding', item: @version) -%>
 },
 <% else -%>

lib/wpscan.rb

@@ -16,9 +16,7 @@ require 'securerandom'
 require 'wpscan/helper'
 require 'wpscan/db'
 require 'wpscan/version'
-require 'wpscan/errors/wordpress'
+require 'wpscan/errors'
-require 'wpscan/errors/http'
-require 'wpscan/errors/update'
 require 'wpscan/browser'
 require 'wpscan/target'
 require 'wpscan/finders'

lib/wpscan/db/updater.rb

@@ -60,12 +60,11 @@ module WPScan
       end
 
       # @return [ Hash ] The params for Typhoeus::Request
+      # @note Those params can't be overriden by CLI options
       def request_params
         {
-          ssl_verifyhost: 2,
+          timeout: 600,
-          ssl_verifypeer: true,
+          connecttimeout: 300,
-          timeout: 300,
-          connecttimeout: 120,
           accept_encoding: 'gzip, deflate',
           cache_ttl: 0
         }

lib/wpscan/errors.rb

@@ -0,0 +1,8 @@
+module WPScan
+  class Error < StandardError
+  end
+end
+
+require_relative 'errors/http'
+require_relative 'errors/update'
+require_relative 'errors/wordpress'

lib/wpscan/errors/http.rb

@@ -1,6 +1,6 @@
 module WPScan
   # HTTP Error
-  class HTTPError < StandardError
+  class HTTPError < Error
     attr_reader :response
 
     # @param [ Typhoeus::Response ] res

lib/wpscan/errors/update.rb

@@ -1,6 +1,6 @@
 module WPScan
   # Error raised when there is a missing  DB file and --no-update supplied
-  class MissingDatabaseFile < StandardError
+  class MissingDatabaseFile < Error
     def to_s
       'Update required, you can not run a scan if a database file is missing.'
     end

lib/wpscan/errors/wordpress.rb

@@ -1,20 +1,20 @@
 module WPScan
   # WordPress hosted (*.wordpress.com)
-  class WordPressHostedError < StandardError
+  class WordPressHostedError < Error
     def to_s
       'Scanning *.wordpress.com hosted blogs is not supported.'
     end
   end
 
   # Not WordPress Error
-  class NotWordPressError < StandardError
+  class NotWordPressError < Error
     def to_s
       'The remote website is up, but does not seem to be running WordPress.'
     end
   end
 
   # Invalid Wp Version (used in the WpVersion#new)
-  class InvalidWordPressVersion < StandardError
+  class InvalidWordPressVersion < Error
     def to_s
       'The WordPress version is invalid'
     end

lib/wpscan/target/platform/wordpress.rb

@@ -9,7 +9,7 @@ module WPScan
       module WordPress
         include CMSScanner::Target::Platform::PHP
 
-        WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|(?:mu\-)?plugins|uploads))|wp-includes)/}i
+        WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|(?:mu\-)?plugins|uploads))|wp-includes)/}i.freeze
 
         # These methods are used in the associated interesting_findings finders
         # to keep the boolean state of the finding rather than re-check the whole thing again
@@ -41,7 +41,7 @@ module WPScan
         end
 
         def wordpress_hosted?
-          uri.host =~ /wordpress.com$/i ? true : false
+          uri.host =~ /\.wordpress\.com$/i ? true : false
         end
 
         # @param [ String ] username

lib/wpscan/version.rb

@@ -1,4 +1,4 @@
 # Version
 module WPScan
-  VERSION = '3.3.2'.freeze
+  VERSION = '3.4.3'.freeze
 end

spec/app/controllers/aliases_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Controller::Aliases do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }

spec/app/controllers/core_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Controller::Core do
   subject(:core)       { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }

spec/app/controllers/custom_directories_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Controller::CustomDirectories do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }

spec/app/controllers/enumeration_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Controller::Enumeration do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://wp.lab/' }

spec/app/controllers/password_attack_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Controller::PasswordAttack do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }

spec/app/controllers/wp_version_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 def it_calls_the_formatter_with_the_correct_parameter(version)
   it 'calls the formatter with the correct parameter' do
     expect(controller.formatter).to receive(:output)

spec/app/finders/config_backups/known_filenames_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::ConfigBackups::KnownFilenames do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/config_backups_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::ConfigBackups::Base do
   subject(:config_backups) { described_class.new(target) }
   let(:target)             { WPScan::Target.new(url) }

spec/app/finders/db_exports/known_locations_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::DbExports::KnownLocations do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/db_exports_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::DbExports::Base do
   subject(:db_exports) { described_class.new(target) }
   let(:target)         { WPScan::Target.new(url) }

spec/app/finders/interesting_findings/backup_db_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::BackupDB do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
@@ -37,7 +35,7 @@ describe WPScan::Finders::InterestingFindings::BackupDB do
       after do
         found = finder.aggressive
 
-        expect(found).to eql WPScan::InterestingFinding.new(
+        expect(found).to eql WPScan::BackupDB.new(
           dir_url,
           confidence: 70,
           found_by: described_class::DIRECT_ACCESS

spec/app/finders/interesting_findings/debug_log_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::DebugLog do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
@@ -23,7 +21,7 @@ describe WPScan::Finders::InterestingFindings::DebugLog do
       let(:body) { File.read(File.join(fixtures, 'debug.log')) }
 
       it 'returns the InterestingFinding' do
-        expect(finder.aggressive).to eql WPScan::InterestingFinding.new(
+        expect(finder.aggressive).to eql WPScan::DebugLog.new(
           log_url,
           confidence: 100,
           found_by: described_class::DIRECT_ACCESS

spec/app/finders/interesting_findings/duplicator_installer_log_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::DuplicatorInstallerLog do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
@@ -24,7 +22,7 @@ describe WPScan::Finders::InterestingFindings::DuplicatorInstallerLog do
       let(:body) { File.read(File.join(fixtures, filename)) }
 
       it 'returns the InterestingFinding' do
-        expect(finder.aggressive).to eql WPScan::InterestingFinding.new(
+        expect(finder.aggressive).to eql WPScan::DuplicatorInstallerLog.new(
           log_url,
           confidence: 100,
           found_by: described_class::DIRECT_ACCESS

spec/app/finders/interesting_findings/emergency_pwd_reset_script_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::EmergencyPwdResetScript do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/interesting_findings/full_path_disclosure_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::FullPathDisclosure do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
@@ -25,7 +23,7 @@ describe WPScan::Finders::InterestingFindings::FullPathDisclosure do
       it 'returns the InterestingFinding' do
         found = finder.aggressive
 
-        expect(found).to eql WPScan::InterestingFinding.new(
+        expect(found).to eql WPScan::FullPathDisclosure.new(
           file_url,
           confidence: 100,
           found_by: described_class::DIRECT_ACCESS

spec/app/finders/interesting_findings/mu_plugins_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::MuPlugins do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/interesting_findings/multisite_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::Multisite do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/interesting_findings/readme_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::Readme do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
@@ -27,7 +25,7 @@ describe WPScan::Finders::InterestingFindings::Readme do
       before { stub_request(:get, target.url(file)).to_return(body: readme) }
 
       it 'returns the expected InterestingFinding' do
-        expected = WPScan::InterestingFinding.new(
+        expected = WPScan::Readme.new(
           target.url(file),
           confidence: 100,
           found_by: described_class::DIRECT_ACCESS

spec/app/finders/interesting_findings/registration_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::Registration do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/interesting_findings/tmm_db_migrate_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::TmmDbMigrate do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/interesting_findings/upload_direcrory_listing_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::UploadDirectoryListing do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/interesting_findings/upload_sql_dump_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::UploadSQLDump do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
@@ -38,7 +36,7 @@ describe WPScan::Finders::InterestingFindings::UploadSQLDump do
         let(:fixture) { 'dump.sql' }
 
         it 'returns the interesting findings' do
-          @expected = WPScan::InterestingFinding.new(
+          @expected = WPScan::UploadSQLDump.new(
             finder.dump_url,
             confidence: 100,
             found_by: described_class::DIRECT_ACCESS

spec/app/finders/interesting_findings_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::Base do
   subject(:files) { described_class.new(target) }
   let(:target)    { WPScan::Target.new(url) }

spec/app/finders/main_theme/css_style_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::MainTheme::CssStyle do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/main_theme/urls_in_homepage_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::MainTheme::UrlsInHomepage do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/main_theme/woo_framework_meta_generator_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::MainTheme::WooFrameworkMetaGenerator do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/main_theme_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::MainTheme::Base do
   subject(:main_theme) { described_class.new(target) }
   let(:target)         { WPScan::Target.new(url) }

spec/app/finders/medias/attachment_brute_forcing_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Medias::AttachmentBruteForcing do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/medias_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Medias::Base do
   subject(:media) { described_class.new(target) }
   let(:target)    { WPScan::Target.new(url) }

spec/app/finders/plugin_version/readme_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::PluginVersion::Readme do
   subject(:finder) { described_class.new(plugin) }
   let(:plugin)     { WPScan::Plugin.new('spec', target) }

spec/app/finders/plugin_version_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 # If this file is tested alone (rspec path-to-this-file), then there will be an error about
 # constants not being intilialized. This is due to the Dynamic Finders.
 

spec/app/finders/plugins/body_pattern_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::BodyPattern do
   it_behaves_like WPScan::Finders::DynamicFinder::WpItems::Finder do
     subject(:finder) { described_class.new(target) }

spec/app/finders/plugins/comment_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::Comment do
   it_behaves_like WPScan::Finders::DynamicFinder::WpItems::Finder do
     subject(:finder) { described_class.new(target) }

spec/app/finders/plugins/config_parser_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::ConfigParser do
   xit
 

spec/app/finders/plugins/header_pattern_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::HeaderPattern do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/plugins/javascript_var_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::JavascriptVar do
   it_behaves_like WPScan::Finders::DynamicFinder::WpItems::Finder do
     subject(:finder) { described_class.new(target) }

spec/app/finders/plugins/known_locations_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::KnownLocations do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/plugins/query_parameter_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::QueryParameter do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/plugins/urls_in_homepage_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::UrlsInHomepage do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/plugins/xpath_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::Xpath do
   it_behaves_like WPScan::Finders::DynamicFinder::WpItems::Finder do
     subject(:finder)   { described_class.new(target) }

spec/app/finders/plugins_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::Base do
   subject(:plugins) { described_class.new(target) }
   let(:target)      { WPScan::Target.new(url) }

spec/app/finders/theme_version/style_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::ThemeVersion::Style do
   subject(:finder) { described_class.new(theme) }
   let(:theme)      { WPScan::Theme.new('spec', target) }

spec/app/finders/theme_version/woo_framework_meta_generator_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::ThemeVersion::WooFrameworkMetaGenerator do
   subject(:finder) { described_class.new(theme) }
   let(:theme)      { WPScan::Theme.new(slug, target) }

spec/app/finders/theme_version_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::ThemeVersion::Base do
   subject(:theme_version) { described_class.new(theme) }
   let(:theme)             { WPScan::Plugin.new(slug, target) }

spec/app/finders/themes/known_locations_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Themes::KnownLocations do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/themes/urls_in_homepage_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Themes::UrlsInHomepage do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/themes_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Themes::Base do
   subject(:themes) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/timthumb_version/bad_request_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::TimthumbVersion::BadRequest do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Timthumb.new(url) }

spec/app/finders/timthumb_version_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::TimthumbVersion::Base do
   subject(:timthumb_version) { described_class.new(target) }
   let(:target)               { WPScan::Timthumb.new(url) }

spec/app/finders/timthumbs/known_locations_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Timthumbs::KnownLocations do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/timthumbs_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Timthumbs::Base do
   subject(:timthumb) { described_class.new(target) }
   let(:target)       { WPScan::Target.new(url) }

spec/app/finders/users/author_id_brute_forcing_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::AuthorIdBruteForcing do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/users/author_posts_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::AuthorPosts do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/users/login_error_messages_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::LoginErrorMessages do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/users/oembed_api_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::OembedApi do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
@@ -7,6 +5,59 @@ describe WPScan::Finders::Users::OembedApi do
   let(:fixtures)   { File.join(FINDERS_FIXTURES, 'users', 'oembed_api') }
 
   describe '#aggressive' do
-    xit
+    before do
+      allow(target).to receive(:sub_dir).and_return(false)
+      stub_request(:get, finder.api_url).to_return(body: body)
+    end
+
+    context 'when not a JSON response' do
+      let(:body) { '' }
+
+      its(:aggressive) { should eql([]) }
+    end
+
+    context 'when a JSON response' do
+      context 'when 404' do
+        let(:body) { File.read(File.join(fixtures, '404.json')) }
+
+        its(:aggressive) { should eql([]) }
+      end
+
+      context 'when 200' do
+        context 'when author_url present' do
+          let(:body) { File.read(File.join(fixtures, '200_author_url.json')) }
+
+          it 'returns the expected array of users' do
+            users = finder.aggressive
+
+            expect(users.size).to eql 1
+
+            user = users.first
+
+            expect(user.username).to eql 'admin'
+            expect(user.confidence).to eql 90
+            expect(user.found_by).to eql 'Oembed API - Author URL (Aggressive Detection)'
+            expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json']
+          end
+        end
+
+        context 'when author_url not present but author_name' do
+          let(:body) { File.read(File.join(fixtures, '200_author_name.json')) }
+
+          it 'returns the expected array of users' do
+            users = finder.aggressive
+
+            expect(users.size).to eql 1
+
+            user = users.first
+
+            expect(user.username).to eql 'admin sa'
+            expect(user.confidence).to eql 70
+            expect(user.found_by).to eql 'Oembed API - Author Name (Aggressive Detection)'
+            expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json']
+          end
+        end
+      end
+    end
   end
 end

spec/app/finders/users/rss_generator_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::RSSGenerator do
   subject(:finder)  { described_class.new(target) }
   let(:target)      { WPScan::Target.new(url) }

spec/app/finders/users/wp_json_api_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::WpJsonApi do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
@@ -8,7 +6,6 @@ describe WPScan::Finders::Users::WpJsonApi do
 
   describe '#aggressive' do
     before do
-      # allow(target).to receive(:content_dir).and_return('wp-content')
       allow(target).to receive(:sub_dir).and_return(false)
       stub_request(:get, finder.api_url).to_return(body: body)
     end

spec/app/finders/users/yoast_seo_author_sitemap_spec.rb

@@ -0,0 +1,46 @@
+describe WPScan::Finders::Users::YoastSeoAuthorSitemap do
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { WPScan::Target.new(url) }
+  let(:url)        { 'http://wp.lab/' }
+  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'yoast_seo_author_sitemap') }
+
+  describe '#aggressive' do
+    before do
+      allow(target).to receive(:sub_dir).and_return(false)
+
+      stub_request(:get, finder.sitemap_url).to_return(body: body)
+    end
+
+    context 'when not an XML response' do
+      let(:body) { '' }
+
+      its(:aggressive) { should eql([]) }
+    end
+
+    context 'when an XML response' do
+      context 'when no usernames disclosed' do
+        let(:body) { File.read(fixtures.join('no_usernames.xml')) }
+
+        its(:aggressive) { should eql([]) }
+      end
+
+      context 'when usernames disclosed' do
+        let(:body) { File.read(fixtures.join('usernames.xml')) }
+
+        it 'returns the expected array of users' do
+          users = finder.aggressive
+
+          expect(users.size).to eql 2
+
+          expect(users.first.username).to eql 'editor'
+          expect(users.first.confidence).to eql 100
+          expect(users.first.interesting_entries).to eql ['http://wp.lab/author-sitemap.xml']
+
+          expect(users.last.username).to eql 'admin'
+          expect(users.last.confidence).to eql 100
+          expect(users.last.interesting_entries).to eql ['http://wp.lab/author-sitemap.xml']
+        end
+      end
+    end
+  end
+end

spec/app/finders/users_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::Base do
   subject(:user) { described_class.new(target) }
   let(:target)   { WPScan::Target.new(url) }
@@ -8,7 +6,8 @@ describe WPScan::Finders::Users::Base do
   describe '#finders' do
     it 'contains the expected finders' do
       expect(user.finders.map { |f| f.class.to_s.demodulize })
-        .to eq %w[AuthorPosts WpJsonApi OembedApi RSSGenerator AuthorIdBruteForcing LoginErrorMessages]
+        .to eq %w[AuthorPosts WpJsonApi OembedApi RSSGenerator YoastSeoAuthorSitemap
+                  AuthorIdBruteForcing LoginErrorMessages]
     end
   end
 end

spec/app/finders/wp_version/atom_generator_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::WpVersion::AtomGenerator do
   subject(:finder)   { described_class.new(target) }
   let(:target)       { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/wp_version/rdf_generator_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::WpVersion::RDFGenerator do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/wp_version/readme_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::WpVersion::Readme do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/wp_version/rss_generator_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::WpVersion::RSSGenerator do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/wp_version/unique_fingerprinting_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::WpVersion::UniqueFingerprinting do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }

spec/app/finders/wp_version_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 # If this file is tested alone (rspec path-to-this-file), then there will be an error about
 # constants not being intilialized. This is due to the Dynamic Finders.
 

spec/app/models/interesting_finding_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::InterestingFinding do
   it_behaves_like WPScan::References do
     subject(:finding) { described_class.new('http://e.org/file.php', opts) }