Bumps version

Update rubocop requirement from ~> 0.62.0 to ~> 0.63.0

.rspec

@@ -1,2 +1,3 @@
 --color
 --fail-fast
+--require spec_helper

.ruby-version

@@ -1 +1 @@
-2.5.3
+2.6.0

.simplecov

@@ -0,0 +1,4 @@
+SimpleCov.start do
+  add_filter '/spec/'
+  add_filter 'helper'
+end

.travis.yml

@@ -20,10 +20,11 @@ rvm:
   - 2.5.1
   - 2.5.2
   - 2.5.3
+  - 2.6.0
   - ruby-head
 before_install:
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
-  - "gem update --system"
+  - gem update --system
 matrix:
   allow_failures:
     - rvm: ruby-head

LICENSE

@@ -1,14 +1,14 @@
 WPScan Public Source License
 
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2019 WPScan Team.
 
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 
 1. Definitions
 
-1.1 “License” means this document.
-1.2 “Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
-1.3 “WPScan Team” means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
+1.1 "License" means this document.
+1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
+1.3 "WPScan Team" means WPScan’s core developers.
 
 2. Commercialization
 
@@ -59,7 +59,7 @@ WPScan is provided under an AS-IS basis and without any support, updates or main
 
 8. Disclaimer of Warranty
 
-WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
+WPScan is provided under this License on an "as is" basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
 
 9. Limitation of Liability
 

README.md

@@ -7,23 +7,28 @@
 
 # INSTALL
 
-## Prerequisites:
+## Prerequisites
 
+- (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
 - Ruby >= 2.3 - Recommended: latest
-- Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
+  - Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
+- Curl >= 7.21  - Recommended: latest
+  - The 7.29 has a segfault
 - RubyGems      - Recommended: latest
 
-### From RubyGems:
+### From RubyGems (Recommended)
 
-```
+```shell
 gem install wpscan
 ```
 
-### From sources:
+On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
+
+### From sources (NOT Recommended)
 
 Prerequisites: Git
 
-```
+```shell
 git clone https://github.com/wpscanteam/wpscan
 
 cd wpscan/
@@ -31,10 +36,30 @@ cd wpscan/
 bundle install && rake install
 ```
 
+# Updating
+
+You can update the local database by using ```wpscan --update```
+
+Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending how WPScan was (pre)installed
+
 # Docker
 
 Pull the repo with ```docker pull wpscanteam/wpscan```
 
+Enumerating usernames
+
+```shell
+docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u
+```
+
+Enumerating a range of usernames
+
+```shell
+docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-100
+```
+
+** replace u1-100 with a range of your choice.
+
 # Usage
 
 ```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
@@ -46,29 +71,45 @@ The DB is located at ~/.wpscan/db
 
 WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
 
-* ~/.wpscan/cli_options.json
-* ~/.wpscan/cli_options.yml
-* pwd/.wpscan/cli_options.json
-* pwd/.wpscan/cli_options.yml
+- ~/.wpscan/cli_options.json
+- ~/.wpscan/cli_options.yml
+- pwd/.wpscan/cli_options.json
+- pwd/.wpscan/cli_options.yml
 
 If those files exist, options from them will be loaded and overridden if found twice.
 
 e.g:
 
 ~/.wpscan/cli_options.yml:
-```
+
+```yml
 proxy: 'http://127.0.0.1:8080'
 verbose: true
 ```
 
 pwd/.wpscan/cli_options.yml:
-```
+
+```yml
 proxy: 'socks5://127.0.0.1:9090'
 url: 'http://target.tld'
 ```
 
 Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
 
+Enumerating usernames
+
+```shell
+wpscan --url https://target.tld/ --enumerate u
+```
+
+Enumerating a range of usernames
+
+```shell
+wpscan --url https://target.tld/ --enumerate u1-100
+```
+
+** replace u1-100 with a range of your choice.
+
 # PROJECT HOME
 
 [https://wpscan.org](https://wpscan.org)
@@ -81,7 +122,7 @@ Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v
 
 ## WPScan Public Source License
 
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2019 WPScan Team.
 
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 
@@ -91,7 +132,7 @@ Cases that include commercialization of WPScan require a commercial, non-free li
 
 1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
 
-1.3 "WPScan Team" means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
+1.3 "WPScan Team" means WPScan’s core developers.
 
 ### 2. Commercialization
 
@@ -99,30 +140,28 @@ A commercial use is one intended for commercial advantage or monetary compensati
 
 Example cases of commercialization are:
 
- - Using WPScan to provide commercial managed/Software-as-a-Service services.
- - Distributing WPScan as a commercial product or as part of one.
- - Using WPScan as a value added service/product.
+- Using WPScan to provide commercial managed/Software-as-a-Service services.
+- Distributing WPScan as a commercial product or as part of one.
+- Using WPScan as a value added service/product.
 
 Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
 
- - Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
- - Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
- - Using WPScan to test your own systems.
- - Any non-commercial use of WPScan.
+- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
+- Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
+- Using WPScan to test your own systems.
+- Any non-commercial use of WPScan.
 
 If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
 
-We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
-
 Free-use Terms and Conditions;
 
 ### 3. Redistribution
 
 Redistribution is permitted under the following conditions:
 
- - Unmodified License is provided with WPScan.
- - Unmodified Copyright notices are provided with WPScan.
- - Does not conflict with the commercialization clause.
+- Unmodified License is provided with WPScan.
+- Unmodified Copyright notices are provided with WPScan.
+- Does not conflict with the commercialization clause.
 
 ### 4. Copying
 

app/controllers/core.rb

@@ -71,7 +71,7 @@ module WPScan
           exit(WPScan::ExitCode::VULNERABLE)
         end
 
-        raise NotWordPressError unless target.wordpress? || parsed_options[:force]
+        raise NotWordPressError unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
       end
 
       # Loads the related server module in the target

app/controllers/enumeration/cli_options.rb

@@ -98,7 +98,7 @@ module WPScan
         [
           OptFilePath.new(
             ['--timthumbs-list FILE-PATH', 'List of timthumbs\' location to use'],
-            exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt'), advanced: true
+            exists: true, default: DB_DIR.join('timthumbs-v3.txt').to_s, advanced: true
           ),
           OptChoice.new(
             ['--timthumbs-detection MODE',
@@ -113,7 +113,7 @@ module WPScan
         [
           OptFilePath.new(
             ['--config-backups-list FILE-PATH', 'List of config backups\' filenames to use'],
-            exists: true, default: File.join(DB_DIR, 'config_backups.txt'), advanced: true
+            exists: true, default: DB_DIR.join('config_backups.txt').to_s, advanced: true
           ),
           OptChoice.new(
             ['--config-backups-detection MODE',
@@ -128,7 +128,7 @@ module WPScan
         [
           OptFilePath.new(
             ['--db-exports-list FILE-PATH', 'List of DB exports\' paths to use'],
-            exists: true, default: File.join(DB_DIR, 'db_exports.txt'), advanced: true
+            exists: true, default: DB_DIR.join('db_exports.txt').to_s, advanced: true
           ),
           OptChoice.new(
             ['--db-exports-detection MODE',

app/controllers/enumeration/enum_methods.rb

@@ -3,9 +3,10 @@ module WPScan
     # Enumeration Methods
     class Enumeration < CMSScanner::Controller::Base
       # @param [ String ] type (plugins or themes)
+      # @param [ Symbol ] detection_mode
       #
       # @return [ String ] The related enumration message depending on the parsed_options and type supplied
-      def enum_message(type)
+      def enum_message(type, detection_mode)
         return unless %w[plugins themes].include?(type)
 
         details = if parsed_options[:enumerate][:"vulnerable_#{type}"]
@@ -16,7 +17,20 @@ module WPScan
                     'Most Popular'
                   end
 
-        "Enumerating #{details} #{type.capitalize}"
+        "Enumerating #{details} #{type.capitalize} #{enum_detection_message(detection_mode)}"
+      end
+
+      # @param [ Symbol ] detection_mode
+      #
+      # @return [ String ]
+      def enum_detection_message(detection_mode)
+        detection_method = if detection_mode == :mixed
+                             'Passive and Aggressive'
+                           else
+                             detection_mode.to_s.capitalize
+                           end
+
+        "(via #{detection_method} Methods)"
       end
 
       # @param [ String ] type (plugins, themes etc)
@@ -49,12 +63,15 @@ module WPScan
           sort: true
         )
 
-        output('@info', msg: enum_message('plugins')) if user_interaction?
+        output('@info', msg: enum_message('plugins', opts[:mode])) if user_interaction?
         # Enumerate the plugins & find their versions to avoid doing that when #version
         # is called in the view
         plugins = target.plugins(opts)
 
-        output('@info', msg: 'Checking Plugin Versions') if user_interaction? && !plugins.empty?
+        if user_interaction? && !plugins.empty?
+          output('@info',
+                 msg: "Checking Plugin Versions #{enum_detection_message(opts[:version_detection][:mode])}")
+        end
 
         plugins.each(&:version)
 
@@ -92,12 +109,15 @@ module WPScan
           sort: true
         )
 
-        output('@info', msg: enum_message('themes')) if user_interaction?
+        output('@info', msg: enum_message('themes', opts[:mode])) if user_interaction?
         # Enumerate the themes & find their versions to avoid doing that when #version
         # is called in the view
         themes = target.themes(opts)
 
-        output('@info', msg: 'Checking Theme Versions') if user_interaction? && !themes.empty?
+        if user_interaction? && !themes.empty?
+          output('@info',
+                 msg: "Checking Theme Versions #{enum_detection_message(opts[:version_detection][:mode])}")
+        end
 
         themes.each(&:version)
 
@@ -125,21 +145,21 @@ module WPScan
       def enum_timthumbs
         opts = default_opts('timthumbs').merge(list: parsed_options[:timthumbs_list])
 
-        output('@info', msg: 'Enumerating Timthumbs') if user_interaction?
+        output('@info', msg: "Enumerating Timthumbs #{enum_detection_message(opts[:mode])}") if user_interaction?
         output('timthumbs', timthumbs: target.timthumbs(opts))
       end
 
       def enum_config_backups
         opts = default_opts('config_backups').merge(list: parsed_options[:config_backups_list])
 
-        output('@info', msg: 'Enumerating Config Backups') if user_interaction?
+        output('@info', msg: "Enumerating Config Backups #{enum_detection_message(opts[:mode])}") if user_interaction?
         output('config_backups', config_backups: target.config_backups(opts))
       end
 
       def enum_db_exports
         opts = default_opts('db_exports').merge(list: parsed_options[:db_exports_list])
 
-        output('@info', msg: 'Enumerating DB Exports') if user_interaction?
+        output('@info', msg: "Enumerating DB Exports #{enum_detection_message(opts[:mode])}") if user_interaction?
         output('db_exports', db_exports: target.db_exports(opts))
       end
 
@@ -147,7 +167,9 @@ module WPScan
         opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias])
 
         if user_interaction?
-          output('@info', msg: 'Enumerating Medias (Permalink setting must be set to "Plain" for those to be detected)')
+          output('@info',
+                 msg: "Enumerating Medias #{enum_detection_message(opts[:mode])} "\
+                      '(Permalink setting must be set to "Plain" for those to be detected)')
         end
 
         output('medias', medias: target.medias(opts))
@@ -166,7 +188,7 @@ module WPScan
           list: parsed_options[:users_list]
         )
 
-        output('@info', msg: 'Enumerating Users') if user_interaction?
+        output('@info', msg: "Enumerating Users #{enum_detection_message(opts[:mode])}") if user_interaction?
         output('users', users: target.users(opts))
       end
 

app/controllers/password_attack.rb

@@ -65,8 +65,12 @@ module WPScan
         when :wp_login
           WPScan::Finders::Passwords::WpLogin.new(target)
         when :xmlrpc
+          raise XMLRPCNotDetected unless xmlrpc
+
           WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
         when :xmlrpc_multicall
+          raise XMLRPCNotDetected unless xmlrpc
+
           WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
         end
       end

app/finders/interesting_findings.rb

@@ -1,4 +1,5 @@
 require_relative 'interesting_findings/readme'
+require_relative 'interesting_findings/wp_cron'
 require_relative 'interesting_findings/multisite'
 require_relative 'interesting_findings/debug_log'
 require_relative 'interesting_findings/backup_db'
@@ -23,7 +24,7 @@ module WPScan
           %w[
             Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
             Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
-            UploadSQLDump EmergencyPwdResetScript
+            UploadSQLDump EmergencyPwdResetScript WPCron
           ].each do |f|
             finders << InterestingFindings.const_get(f).new(target)
           end

app/finders/interesting_findings/debug_log.rb

@@ -11,7 +11,8 @@ module WPScan
 
           WPScan::DebugLog.new(
             target.url(path),
-            confidence: 100, found_by: DIRECT_ACCESS
+            confidence: 100, found_by: DIRECT_ACCESS,
+            references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
           )
         end
       end

app/finders/interesting_findings/full_path_disclosure.rb

@@ -14,7 +14,8 @@ module WPScan
             target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,
-            interesting_entries: fpd_entries
+            interesting_entries: fpd_entries,
+            references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' }
           )
         end
       end

app/finders/interesting_findings/wp_cron.rb

@@ -0,0 +1,31 @@
+module WPScan
+  module Finders
+    module InterestingFindings
+      # wp-cron.php finder
+      class WPCron < CMSScanner::Finders::Finder
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          res = Browser.get(wp_cron_url)
+
+          return unless res.code == 200
+
+          WPScan::WPCron.new(
+            wp_cron_url,
+            confidence: 60,
+            found_by: DIRECT_ACCESS,
+            references: {
+              url: [
+                'https://www.iplocation.net/defend-wordpress-from-ddos',
+                'https://github.com/wpscanteam/wpscan/issues/1299'
+              ]
+            }
+          )
+        end
+
+        def wp_cron_url
+          @wp_cron_url ||= target.url('wp-cron.php')
+        end
+      end
+    end
+  end
+end

app/finders/users/oembed_api.rb

@@ -14,29 +14,35 @@ module WPScan
 
         # @param [ Hash ] opts
         #
-        # TODO: make this code pretty :x
-        #
         # @return [ Array<User> ]
         def aggressive(_opts = {})
-          found        = []
-          found_by_msg = 'Oembed API - %s (Aggressive Detection)'
-
           oembed_data = JSON.parse(Browser.get(api_url).body)
+          details     = user_details_from_oembed_data(oembed_data)
+
+          return [] unless details
+
+          [CMSScanner::User.new(details[0],
+                                found_by: format(found_by_msg, details[1]),
+                                confidence: details[2],
+                                interesting_entries: [api_url])]
+        rescue JSON::ParserError
+          []
+        end
+
+        def user_details_from_oembed_data(oembed_data)
+          return unless oembed_data
 
           if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
             details = [Regexp.last_match[1], 'Author URL', 90]
           elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?
-            details = [oembed_data['author_name'].delete(' '), 'Author Name', 70]
+            details = [oembed_data['author_name'], 'Author Name', 70]
           end
 
-          return unless details
+          details
+        end
 
-          found << CMSScanner::User.new(details[0],
-                                        found_by: format(found_by_msg, details[1]),
-                                        confidence: details[2],
-                                        interesting_entries: [api_url])
-        rescue JSON::ParserError
-          found
+        def found_by_msg
+          'Oembed API - %s (Aggressive Detection)'
         end
 
         # @return [ String ] The URL of the API listing the Users

app/finders/users/wp_json_api.rb

@@ -4,20 +4,29 @@ module WPScan
       # WP JSON API
       #
       # Since 4.7 - Need more investigation as it seems WP 4.7.1 reduces the exposure, see https://github.com/wpscanteam/wpscan/issues/1038)
+      # For the pagination, see https://github.com/wpscanteam/wpscan/issues/1285
       #
       class WpJsonApi < CMSScanner::Finders::Finder
+        MAX_PER_PAGE = 100 # See https://developer.wordpress.org/rest-api/using-the-rest-api/pagination/
+
         # @param [ Hash ] opts
         #
         # @return [ Array<User> ]
         def aggressive(_opts = {})
-          found = []
+          found        = []
+          current_page = 0
 
-          JSON.parse(Browser.get(api_url).body)&.each do |user|
-            found << CMSScanner::User.new(user['slug'],
-                                          id: user['id'],
-                                          found_by: found_by,
-                                          confidence: 100,
-                                          interesting_entries: [api_url])
+          loop do
+            current_page += 1
+
+            res = Typhoeus.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
+
+            total_pages ||= res.headers['X-WP-TotalPages'].to_i
+
+            users_in_page = users_from_response(res)
+            found        += users_in_page
+
+            break if current_page >= total_pages || users_in_page.empty?
           end
 
           found
@@ -25,6 +34,23 @@ module WPScan
           found
         end
 
+        # @param [ Typhoeus::Response ] response
+        #
+        # @return [ Array<User> ] The users from the response
+        def users_from_response(response)
+          found = []
+
+          JSON.parse(response.body)&.each do |user|
+            found << CMSScanner::User.new(user['slug'],
+                                          id: user['id'],
+                                          found_by: found_by,
+                                          confidence: 100,
+                                          interesting_entries: [response.effective_url])
+          end
+
+          found
+        end
+
         # @return [ String ] The URL of the API listing the Users
         def api_url
           @api_url ||= target.url('wp-json/wp/v2/users/')

app/models/interesting_finding.rb

@@ -42,4 +42,7 @@ module WPScan
 
   class UploadSQLDump < InterestingFinding
   end
+
+  class WPCron < InterestingFinding
+  end
 end

app/models/wp_version.rb

@@ -53,7 +53,12 @@ module WPScan
 
     # @return [ String ]
     def release_date
-      @release_date ||= db_data['release_date']
+      @release_date ||= db_data['release_date'] || 'Unknown'
+    end
+
+    # @return [ String ]
+    def status
+      @status ||= db_data['status'] || 'Unknown'
     end
   end
 end

app/views/cli/wp_version/version.erb

@@ -1,5 +1,5 @@
 <% if @version -%>
-<%= info_icon %> WordPress version <%= @version.number %> identified (Released on <%= @version.release_date %>).
+<%= info_icon %> WordPress version <%= @version.number %> identified (<%= @version.status.capitalize %>, released on <%= @version.release_date %>).
 <%= render('@finding', item: @version) -%>
 <% else -%>
 <%= notice_icon %> The WordPress version could not be detected.

app/views/json/wp_version/version.erb

@@ -2,6 +2,7 @@
 "version": {
   "number": <%= @version.number.to_json %>,
   "release_date": <%= @version.release_date.to_json %>,
+  "status": <%= @version.status.to_json %>,
   <%= render('@finding', item: @version) -%>
 },
 <% else -%>

lib/wpscan.rb

@@ -16,9 +16,7 @@ require 'securerandom'
 require 'wpscan/helper'
 require 'wpscan/db'
 require 'wpscan/version'
-require 'wpscan/errors/wordpress'
-require 'wpscan/errors/http'
-require 'wpscan/errors/update'
+require 'wpscan/errors'
 require 'wpscan/browser'
 require 'wpscan/target'
 require 'wpscan/finders'
@@ -35,7 +33,7 @@ module WPScan
   include CMSScanner
 
   APP_DIR = Pathname.new(__FILE__).dirname.join('..', 'app').expand_path
-  DB_DIR  = File.join(Dir.home, '.wpscan', 'db')
+  DB_DIR  = Pathname.new(Dir.home).join('.wpscan', 'db')
 
   # Override, otherwise it would be returned as 'wp_scan'
   #

lib/wpscan/browser.rb

@@ -5,7 +5,7 @@ module WPScan
 
     # @return [ String ] The path to the user agents list
     def user_agents_list
-      @user_agents_list ||= File.join(DB_DIR, 'user-agents.txt')
+      @user_agents_list ||= DB_DIR.join('user-agents.txt').to_s
     end
 
     # @return [ String ]

lib/wpscan/db/dynamic_finders/base.rb

@@ -4,7 +4,7 @@ module WPScan
       class Base
         # @return [ String ]
         def self.db_file
-          @db_file ||= File.join(DB_DIR, 'dynamic_finders.yml')
+          @db_file ||= DB_DIR.join('dynamic_finders.yml').to_s
         end
 
         # @return [ Hash ]

lib/wpscan/db/fingerprints.rb

@@ -33,7 +33,7 @@ module WPScan
 
       # @return [ String ]
       def self.wp_fingerprints_path
-        @wp_fingerprints_path ||= File.join(DB_DIR, 'wp_fingerprints.json')
+        @wp_fingerprints_path ||= DB_DIR.join('wp_fingerprints.json').to_s
       end
 
       # @return [ Hash ]

lib/wpscan/db/plugin.rb

@@ -4,7 +4,7 @@ module WPScan
     class Plugin < WpItem
       # @return [ String ]
       def self.db_file
-        @db_file ||= File.join(DB_DIR, 'plugins.json')
+        @db_file ||= DB_DIR.join('plugins.json').to_s
       end
     end
   end

lib/wpscan/db/theme.rb

@@ -4,7 +4,7 @@ module WPScan
     class Theme < WpItem
       # @return [ String ]
       def self.db_file
-        @db_file ||= File.join(DB_DIR, 'themes.json')
+        @db_file ||= DB_DIR.join('themes.json').to_s
       end
     end
   end

lib/wpscan/db/updater.rb

@@ -15,11 +15,11 @@ module WPScan
       attr_reader :repo_directory
 
       def initialize(repo_directory)
-        @repo_directory = repo_directory
+        @repo_directory = Pathname.new(repo_directory).expand_path
 
-        FileUtils.mkdir_p(repo_directory) unless Dir.exist?(repo_directory)
+        FileUtils.mkdir_p(repo_directory.to_s) unless Dir.exist?(repo_directory.to_s)
 
-        raise "#{repo_directory} is not writable" unless Pathname.new(repo_directory).writable?
+        raise "#{repo_directory} is not writable" unless repo_directory.writable?
 
         delete_old_files
       end
@@ -41,7 +41,7 @@ module WPScan
 
       # @return [ String ]
       def last_update_file
-        @last_update_file ||= File.join(repo_directory, '.last_update')
+        @last_update_file ||= repo_directory.join('.last_update').to_s
       end
 
       # @return [ Boolean ]
@@ -54,7 +54,7 @@ module WPScan
       # @return [ Boolean ]
       def missing_files?
         FILES.each do |file|
-          return true unless File.exist?(File.join(repo_directory, file))
+          return true unless File.exist?(repo_directory.join(file))
         end
         false
       end
@@ -85,16 +85,18 @@ module WPScan
         res.body.chomp
       end
 
+      # @return [ String ]
       def local_file_path(filename)
-        File.join(repo_directory, filename.to_s)
+        repo_directory.join(filename.to_s).to_s
       end
 
       def local_file_checksum(filename)
         Digest::SHA512.file(local_file_path(filename)).hexdigest
       end
 
+      # @return [ String ]
       def backup_file_path(filename)
-        File.join(repo_directory, "#{filename}.back")
+        repo_directory.join("#{filename}.back").to_s
       end
 
       def create_backup(filename)

lib/wpscan/db/wp_version.rb

@@ -4,7 +4,7 @@ module WPScan
     class Version < WpItem
       # @return [ String ]
       def self.db_file
-        @db_file ||= File.join(DB_DIR, 'wordpresses.json')
+        @db_file ||= DB_DIR.join('wordpresses.json').to_s
       end
     end
   end

lib/wpscan/errors.rb

@@ -0,0 +1,9 @@
+module WPScan
+  class Error < StandardError
+  end
+end
+
+require_relative 'errors/http'
+require_relative 'errors/update'
+require_relative 'errors/wordpress'
+require_relative 'errors/xmlrpc'

lib/wpscan/errors/http.rb

@@ -1,6 +1,6 @@
 module WPScan
   # HTTP Error
-  class HTTPError < StandardError
+  class HTTPError < Error
     attr_reader :response
 
     # @param [ Typhoeus::Response ] res

lib/wpscan/errors/update.rb

@@ -1,6 +1,6 @@
 module WPScan
   # Error raised when there is a missing  DB file and --no-update supplied
-  class MissingDatabaseFile < StandardError
+  class MissingDatabaseFile < Error
     def to_s
       'Update required, you can not run a scan if a database file is missing.'
     end

lib/wpscan/errors/wordpress.rb

@@ -1,20 +1,20 @@
 module WPScan
   # WordPress hosted (*.wordpress.com)
-  class WordPressHostedError < StandardError
+  class WordPressHostedError < Error
     def to_s
       'Scanning *.wordpress.com hosted blogs is not supported.'
     end
   end
 
   # Not WordPress Error
-  class NotWordPressError < StandardError
+  class NotWordPressError < Error
     def to_s
       'The remote website is up, but does not seem to be running WordPress.'
     end
   end
 
   # Invalid Wp Version (used in the WpVersion#new)
-  class InvalidWordPressVersion < StandardError
+  class InvalidWordPressVersion < Error
     def to_s
       'The WordPress version is invalid'
     end

lib/wpscan/errors/xmlrpc.rb

@@ -0,0 +1,8 @@
+module WPScan
+  # XML-RPC Not Detected
+  class XMLRPCNotDetected < Error
+    def to_s
+      'The XML-RPC Interface was not detected.'
+    end
+  end
+end

lib/wpscan/target/platform/wordpress.rb

@@ -18,10 +18,10 @@ module WPScan
         alias registration_enabled? registration_enabled
         alias mu_plugins? mu_plugins
 
+        # @param [ Symbol ] detection_mode
+        #
         # @return [ Boolean ]
-        def wordpress?
-          # res = Browser.get(url)
-
+        def wordpress?(detection_mode)
           in_scope_urls(homepage_res) do |url|
             return true if Addressable::URI.parse(url).path.match(WORDPRESS_PATTERN)
           end
@@ -32,6 +32,14 @@ module WPScan
 
           return true unless comments_from_page(/wordpress/i, homepage_res).empty?
 
+          if %i[mixed aggressive].include?(detection_mode)
+            %w[wp-admin/install.php wp-login.php].each do |path|
+              in_scope_urls(Browser.get_and_follow_location(url(path))).each do |url|
+                return true if Addressable::URI.parse(url).path.match(WORDPRESS_PATTERN)
+              end
+            end
+          end
+
           false
         end
 

lib/wpscan/version.rb

@@ -1,4 +1,4 @@
 # Version
 module WPScan
-  VERSION = '3.3.3'.freeze
+  VERSION = '3.4.5'.freeze
 end

spec/app/controllers/aliases_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Controller::Aliases do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }

spec/app/controllers/core_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Controller::Core do
   subject(:core)       { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }
@@ -167,7 +165,7 @@ describe WPScan::Controller::Core do
 
         before do
           expect(core).to receive(:load_server_module)
-          expect(core.target).to receive(:wordpress?).and_return(true)
+          expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true)
         end
 
         it 'calls the formatter when started and finished to update the db' do
@@ -210,7 +208,7 @@ describe WPScan::Controller::Core do
 
         context 'when wordpress' do
           it 'does not raise an error' do
-            expect(core.target).to receive(:wordpress?).and_return(true)
+            expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true)
 
             expect { core.before_scan }.to_not raise_error
           end
@@ -218,7 +216,7 @@ describe WPScan::Controller::Core do
 
         context 'when not wordpress' do
           it 'raises an error' do
-            expect(core.target).to receive(:wordpress?).and_return(false)
+            expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false)
 
             expect { core.before_scan }.to raise_error(WPScan::NotWordPressError)
           end
@@ -239,7 +237,7 @@ describe WPScan::Controller::Core do
     context 'when wordpress' do
       before do
         expect(core).to receive(:load_server_module)
-        expect(core.target).to receive(:wordpress?).and_return(true)
+        expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true)
       end
 
       it 'does not raise any error' do
@@ -250,7 +248,7 @@ describe WPScan::Controller::Core do
     context 'when not wordpress' do
       before do
         expect(core).to receive(:load_server_module)
-        expect(core.target).to receive(:wordpress?).and_return(false)
+        expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false)
       end
 
       context 'when no --force' do

spec/app/controllers/custom_directories_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Controller::CustomDirectories do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }

spec/app/controllers/enumeration_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Controller::Enumeration do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://wp.lab/' }
@@ -16,10 +14,11 @@ describe WPScan::Controller::Enumeration do
   end
 
   describe '#enum_message' do
-    after { expect(controller.enum_message(type)).to eql @expected }
+    after { expect(controller.enum_message(type, detection_mode)).to eql @expected }
 
     context 'when type argument is incorrect' do
-      let(:type) { 'spec' }
+      let(:type)           { 'spec' }
+      let(:detection_mode) { :mixed }
 
       it 'returns nil' do
         @expected = nil
@@ -28,29 +27,32 @@ describe WPScan::Controller::Enumeration do
 
     %w[plugins themes].each do |t|
       context "type = #{t}" do
-        let(:type) { t }
+        let(:type)           { t }
+        let(:detection_mode) { :mixed }
 
         context 'when vulnerable' do
           let(:cli_args) { "#{super()} -e v#{type[0]}" }
 
           it 'returns the expected string' do
-            @expected = "Enumerating Vulnerable #{type.capitalize}"
+            @expected = "Enumerating Vulnerable #{type.capitalize} (via Passive and Aggressive Methods)"
           end
         end
 
         context 'when all' do
-          let(:cli_args) { "#{super()} -e a#{type[0]}" }
+          let(:cli_args)       { "#{super()} -e a#{type[0]}" }
+          let(:detection_mode) { :passive }
 
           it 'returns the expected string' do
-            @expected = "Enumerating All #{type.capitalize}"
+            @expected = "Enumerating All #{type.capitalize} (via Passive Methods)"
           end
         end
 
         context 'when most popular' do
-          let(:cli_args) { "#{super()} -e #{type[0]}" }
+          let(:cli_args)       { "#{super()} -e #{type[0]}" }
+          let(:detection_mode) { :aggressive }
 
           it 'returns the expected string' do
-            @expected = "Enumerating Most Popular #{type.capitalize}"
+            @expected = "Enumerating Most Popular #{type.capitalize} (via Aggressive Methods)"
           end
         end
       end

spec/app/controllers/password_attack_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Controller::PasswordAttack do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }
@@ -68,25 +66,49 @@ describe WPScan::Controller::PasswordAttack do
       end
 
       context 'when xmlrpc' do
-        before do
-          expect(controller.target).to receive(:xmlrpc).and_return(WPScan::XMLRPC.new("#{target_url}/xmlrpc.php"))
-        end
+        context 'when xmlrpc not detected on target' do
+          before do
+            expect(controller.target).to receive(:xmlrpc).and_return(nil)
+          end
 
-        context 'when single xmlrpc' do
-          let(:attack) { 'xmlrpc' }
+          context 'when single xmlrpc' do
+            let(:attack) { 'xmlrpc' }
 
-          it 'returns the correct object' do
-            expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
-            expect(controller.attacker.target).to be_a WPScan::XMLRPC
+            it 'raises an error' do
+              expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected)
+            end
+          end
+
+          context 'when xmlrpc-multicall' do
+            let(:attack) { 'xmlrpc-multicall' }
+
+            it 'raises an error' do
+              expect { controller.attacker }.to raise_error(WPScan::XMLRPCNotDetected)
+            end
           end
         end
 
-        context 'when xmlrpc-multicall' do
-          let(:attack) { 'xmlrpc-multicall' }
+        context 'when xmlrpc detected on target' do
+          before do
+            expect(controller.target).to receive(:xmlrpc).and_return(WPScan::XMLRPC.new("#{target_url}/xmlrpc.php"))
+          end
 
-          it 'returns the correct object' do
-            expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
-            expect(controller.attacker.target).to be_a WPScan::XMLRPC
+          context 'when single xmlrpc' do
+            let(:attack) { 'xmlrpc' }
+
+            it 'returns the correct object' do
+              expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPC
+              expect(controller.attacker.target).to be_a WPScan::XMLRPC
+            end
+          end
+
+          context 'when xmlrpc-multicall' do
+            let(:attack) { 'xmlrpc-multicall' }
+
+            it 'returns the correct object' do
+              expect(controller.attacker).to be_a WPScan::Finders::Passwords::XMLRPCMulticall
+              expect(controller.attacker.target).to be_a WPScan::XMLRPC
+            end
           end
         end
       end

spec/app/controllers/wp_version_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 def it_calls_the_formatter_with_the_correct_parameter(version)
   it 'calls the formatter with the correct parameter' do
     expect(controller.formatter).to receive(:output)

spec/app/finders/config_backups/known_filenames_spec.rb

@@ -1,11 +1,9 @@
-require 'spec_helper'
-
 describe WPScan::Finders::ConfigBackups::KnownFilenames do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'config_backups') }
-  let(:opts)       { { list: File.join(WPScan::DB_DIR, 'config_backups.txt') } }
+  let(:fixtures)   { FINDERS_FIXTURES.join('config_backups') }
+  let(:opts)       { { list: WPScan::DB_DIR.join('config_backups.txt').to_s } }
 
   describe '#aggressive' do
     before do
@@ -25,7 +23,7 @@ describe WPScan::Finders::ConfigBackups::KnownFilenames do
 
     context 'when some files exist' do
       let(:files) { ['%23wp-config.php%23', 'wp-config.bak'] }
-      let(:config_backup) { File.read(File.join(fixtures, 'wp-config.php')) }
+      let(:config_backup) { File.read(fixtures.join('wp-config.php')) }
 
       before do
         files.each do |file|

spec/app/finders/config_backups_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::ConfigBackups::Base do
   subject(:config_backups) { described_class.new(target) }
   let(:target)             { WPScan::Target.new(url) }

spec/app/finders/db_exports/known_locations_spec.rb

@@ -1,11 +1,9 @@
-require 'spec_helper'
-
 describe WPScan::Finders::DbExports::KnownLocations do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://ex.lo/aa/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'db_exports') }
-  let(:opts)       { { list: File.join(WPScan::DB_DIR, 'db_exports.txt') } }
+  let(:fixtures)   { FINDERS_FIXTURES.join('db_exports') }
+  let(:opts)       { { list: WPScan::DB_DIR.join('db_exports.txt').to_s } }
 
   describe '#potential_urls' do
     before do
@@ -42,7 +40,7 @@ describe WPScan::Finders::DbExports::KnownLocations do
 
     context 'when some files exist' do
       let(:files) { %w[ex.sql backups/db_backup.sql] }
-      let(:db_export) { File.read(File.join(fixtures, 'dump.sql')) }
+      let(:db_export) { File.read(fixtures.join('dump.sql')) }
 
       before do
         files.each do |file|

spec/app/finders/db_exports_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::DbExports::Base do
   subject(:db_exports) { described_class.new(target) }
   let(:target)         { WPScan::Target.new(url) }

spec/app/finders/interesting_findings/backup_db_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::BackupDB do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'backup_db') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'backup_db') }
   let(:wp_content) { 'wp-content' }
   let(:dir_url)    { target.url("#{wp_content}/backup-db/") }
 
@@ -53,7 +51,7 @@ describe WPScan::Finders::InterestingFindings::BackupDB do
       end
 
       context 'when directory listing enabled' do
-        let(:body) { File.read(File.join(fixtures, 'dir_listing.html')) }
+        let(:body) { File.read(fixtures.join('dir_listing.html')) }
 
         it 'returns the expected interesting_findings attribute' do
           @expected_entries = %w[sqldump.sql test.txt]

spec/app/finders/interesting_findings/debug_log_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::DebugLog do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'debug_log') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'debug_log') }
   let(:wp_content) { 'wp-content' }
   let(:log_url)    { target.url("#{wp_content}/debug.log") }
 
@@ -20,7 +18,7 @@ describe WPScan::Finders::InterestingFindings::DebugLog do
     end
 
     context 'when a log file' do
-      let(:body) { File.read(File.join(fixtures, 'debug.log')) }
+      let(:body) { File.read(fixtures.join('debug.log')) }
 
       it 'returns the InterestingFinding' do
         expect(finder.aggressive).to eql WPScan::DebugLog.new(

spec/app/finders/interesting_findings/duplicator_installer_log_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::DuplicatorInstallerLog do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'duplicator_installer_log') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'duplicator_installer_log') }
   let(:filename)   { 'installer-log.txt' }
   let(:log_url)    { target.url(filename) }
 
@@ -21,7 +19,7 @@ describe WPScan::Finders::InterestingFindings::DuplicatorInstallerLog do
     end
 
     context 'when the body matches' do
-      let(:body) { File.read(File.join(fixtures, filename)) }
+      let(:body) { File.read(fixtures.join(filename)) }
 
       it 'returns the InterestingFinding' do
         expect(finder.aggressive).to eql WPScan::DuplicatorInstallerLog.new(

spec/app/finders/interesting_findings/emergency_pwd_reset_script_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::EmergencyPwdResetScript do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'emergency_pwd_reset_script') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'emergency_pwd_reset_script') }
 
   describe '#aggressive' do
     xit

spec/app/finders/interesting_findings/full_path_disclosure_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::FullPathDisclosure do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'fpd') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'fpd') }
   let(:file_url)   { target.url('wp-includes/rss-functions.php') }
 
   describe '#aggressive' do
@@ -20,7 +18,7 @@ describe WPScan::Finders::InterestingFindings::FullPathDisclosure do
     end
 
     context 'when a log file' do
-      let(:body) { File.read(File.join(fixtures, 'rss_functions.php')) }
+      let(:body) { File.read(fixtures.join('rss_functions.php')) }
 
       it 'returns the InterestingFinding' do
         found = finder.aggressive

spec/app/finders/interesting_findings/mu_plugins_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::MuPlugins do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'mu_plugins') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'mu_plugins') }
 
   describe '#passive' do
     xit

spec/app/finders/interesting_findings/multisite_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::Multisite do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'multisite') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'multisite') }
 
   describe '#aggressive' do
     xit

spec/app/finders/interesting_findings/readme_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::Readme do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'readme') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'readme') }
 
   describe '#aggressive' do
     before do
@@ -22,7 +20,7 @@ describe WPScan::Finders::InterestingFindings::Readme do
     # TODO: case when multiple files are present ? (should return only the first one found)
     context 'when a file exists' do
       let(:file)   { finder.potential_files.sample }
-      let(:readme) { File.read(File.join(fixtures, 'readme-3.9.2.html')) }
+      let(:readme) { File.read(fixtures.join('readme-3.9.2.html')) }
 
       before { stub_request(:get, target.url(file)).to_return(body: readme) }
 

spec/app/finders/interesting_findings/registration_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::Registration do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'registration') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'registration') }
 
   describe '#aggressive' do
     xit

spec/app/finders/interesting_findings/tmm_db_migrate_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::TmmDbMigrate do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'tmm_db_migrate') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'tmm_db_migrate') }
 
   describe '#aggressive' do
     xit

spec/app/finders/interesting_findings/upload_direcrory_listing_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::UploadDirectoryListing do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'upload_directory_listing') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'upload_directory_listing') }
   let(:wp_content) { 'wp-content' }
 
   describe '#aggressive' do

spec/app/finders/interesting_findings/upload_sql_dump_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::UploadSQLDump do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'interesting_findings', 'upload_sql_dump') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('interesting_findings', 'upload_sql_dump') }
   let(:wp_content) { 'wp-content' }
 
   describe '#aggressive' do
@@ -23,7 +21,7 @@ describe WPScan::Finders::InterestingFindings::UploadSQLDump do
     context 'when a 200' do
       before do
         stub_request(:get, finder.dump_url)
-          .to_return(status: 200, body: File.read(File.join(fixtures, fixture)))
+          .to_return(status: 200, body: File.read(fixtures.join(fixture)))
       end
 
       context 'when the body does not match a SQL dump' do

spec/app/finders/interesting_findings/wp_cron_spec.rb

@@ -0,0 +1,30 @@
+describe WPScan::Finders::InterestingFindings::WPCron do
+  subject(:finder) { described_class.new(target) }
+  let(:target)     { WPScan::Target.new(url) }
+  let(:url)        { 'http://ex.lo/' }
+  let(:wp_content) { 'wp-content' }
+
+  before { expect(target).to receive(:sub_dir).at_least(1).and_return(false) }
+
+  describe '#aggressive' do
+    before { stub_request(:get, finder.wp_cron_url).to_return(status: status) }
+
+    context 'when 200' do
+      let(:status) { 200 }
+
+      it 'returns the InterestingFinding' do
+        expect(finder.aggressive).to eql WPScan::WPCron.new(
+          finder.wp_cron_url,
+          confidence: 60,
+          found_by: described_class::DIRECT_ACCESS
+        )
+      end
+    end
+
+    context 'otherwise' do
+      let(:status) { 403 }
+
+      its(:aggressive) { should be_nil }
+    end
+  end
+end

spec/app/finders/interesting_findings_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::InterestingFindings::Base do
   subject(:files) { described_class.new(target) }
   let(:target)    { WPScan::Target.new(url) }

spec/app/finders/main_theme/css_style_spec.rb

@@ -1,14 +1,12 @@
-require 'spec_helper'
-
 describe WPScan::Finders::MainTheme::CssStyle do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'main_theme', 'css_style') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('main_theme', 'css_style') }
 
   describe '#passive' do
     after do
-      stub_request(:get, url).to_return(body: File.read(File.join(fixtures, fixture)))
+      stub_request(:get, url).to_return(body: File.read(fixtures.join(fixture)))
       expect(finder.passive).to eql @expected
     end
 

spec/app/finders/main_theme/urls_in_homepage_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::MainTheme::UrlsInHomepage do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'main_theme', 'urls_in_homepage') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('main_theme', 'urls_in_homepage') }
 
   it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
     let(:type)                { 'themes' }
@@ -17,7 +15,7 @@ describe WPScan::Finders::MainTheme::UrlsInHomepage do
   describe '#passive' do
     before do
       stub_request(:get, /.*.css/)
-      stub_request(:get, target.url).to_return(body: File.read(File.join(fixtures, 'found.html')))
+      stub_request(:get, target.url).to_return(body: File.read(fixtures.join('found.html')))
     end
 
     it 'returns the expected Themes' do

spec/app/finders/main_theme/woo_framework_meta_generator_spec.rb

@@ -1,14 +1,12 @@
-require 'spec_helper'
-
 describe WPScan::Finders::MainTheme::WooFrameworkMetaGenerator do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'main_theme', 'woo_framework_meta_generator') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('main_theme', 'woo_framework_meta_generator') }
 
   describe '#passive' do
     after do
-      stub_request(:get, url).to_return(body: File.read(File.join(fixtures, @file)))
+      stub_request(:get, url).to_return(body: File.read(fixtures.join(@file)))
 
       expect(finder.passive).to eql @expected
     end

spec/app/finders/main_theme_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::MainTheme::Base do
   subject(:main_theme) { described_class.new(target) }
   let(:target)         { WPScan::Target.new(url) }

spec/app/finders/medias/attachment_brute_forcing_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Medias::AttachmentBruteForcing do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'medias', 'attachment_brute_forcing') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('medias', 'attachment_brute_forcing') }
 
   describe '#aggressive' do
     xit

spec/app/finders/medias_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Medias::Base do
   subject(:media) { described_class.new(target) }
   let(:target)    { WPScan::Target.new(url) }

spec/app/finders/plugin_version/readme_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::PluginVersion::Readme do
   subject(:finder) { described_class.new(plugin) }
   let(:plugin)     { WPScan::Plugin.new('spec', target) }
   let(:target)     { WPScan::Target.new('http://wp.lab/') }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'plugin_version', 'readme') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('plugin_version', 'readme') }
 
   def version(number, found_by, confidence)
     WPScan::Version.new(
@@ -28,7 +26,7 @@ describe WPScan::Finders::PluginVersion::Readme do
 
     after do
       stub_request(:get, /.*/).to_return(status: 404)
-      stub_request(:get, readme_url).to_return(body: File.read(File.join(fixtures, @file)))
+      stub_request(:get, readme_url).to_return(body: File.read(fixtures.join(@file)))
 
       expect(finder.aggressive).to eql @expected
     end

spec/app/finders/plugin_version_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 # If this file is tested alone (rspec path-to-this-file), then there will be an error about
 # constants not being intilialized. This is due to the Dynamic Finders.
 

spec/app/finders/plugins/body_pattern_spec.rb

@@ -1,11 +1,9 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::BodyPattern do
   it_behaves_like WPScan::Finders::DynamicFinder::WpItems::Finder do
     subject(:finder) { described_class.new(target) }
     let(:target)     { WPScan::Target.new(url) }
     let(:url)        { 'http://wp.lab/' }
-    let(:fixtures)   { File.join(DYNAMIC_FINDERS_FIXTURES, 'plugin_version') }
+    let(:fixtures)   { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
 
     let(:expected_all) { df_expected_all['plugins'] }
     let(:item_class)   { WPScan::Plugin }

spec/app/finders/plugins/comment_spec.rb

@@ -1,11 +1,9 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::Comment do
   it_behaves_like WPScan::Finders::DynamicFinder::WpItems::Finder do
     subject(:finder) { described_class.new(target) }
     let(:target)     { WPScan::Target.new(url) }
     let(:url)        { 'http://wp.lab/' }
-    let(:fixtures)   { File.join(DYNAMIC_FINDERS_FIXTURES, 'plugin_version') }
+    let(:fixtures)   { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
 
     let(:expected_all) { df_expected_all['plugins'] }
     let(:item_class)   { WPScan::Plugin }

spec/app/finders/plugins/config_parser_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::ConfigParser do
   xit
 
@@ -7,7 +5,7 @@ describe WPScan::Finders::Plugins::ConfigParser do
   #  subject(:finder) { described_class.new(target) }
   #  let(:target)     { WPScan::Target.new(url) }
   #  let(:url)        { 'http://wp.lab/' }
-  #  let(:fixtures)   { File.join(DYNAMIC_FINDERS_FIXTURES, 'plugin_version') }
+  #  let(:fixtures)   { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
   #
   #  let(:expected_all) { df_expected_all['plugins'] }
   #  let(:item_class)   { WPScan::Plugin }

spec/app/finders/plugins/header_pattern_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::HeaderPattern do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(DYNAMIC_FINDERS_FIXTURES, 'plugin_version') }
+  let(:fixtures)   { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
 
   def plugin(slug)
     WPScan::Plugin.new(slug, target)
@@ -31,7 +29,7 @@ describe WPScan::Finders::Plugins::HeaderPattern do
     context 'when headers' do
       before { expect(target).to receive(:content_dir).and_return('wp-content') }
 
-      let(:headers) { JSON.parse(File.read(File.join(fixtures, 'header_pattern_passive_all.html'))) }
+      let(:headers) { JSON.parse(File.read(fixtures.join('header_pattern_passive_all.html'))) }
 
       it 'returns the expected plugins' do
         @expected = []

spec/app/finders/plugins/javascript_var_spec.rb

@@ -1,11 +1,9 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::JavascriptVar do
   it_behaves_like WPScan::Finders::DynamicFinder::WpItems::Finder do
     subject(:finder) { described_class.new(target) }
     let(:target)     { WPScan::Target.new(url) }
     let(:url)        { 'http://wp.lab/' }
-    let(:fixtures)   { File.join(DYNAMIC_FINDERS_FIXTURES, 'plugin_version') }
+    let(:fixtures)   { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
 
     let(:expected_all) { df_expected_all['plugins'] }
     let(:item_class)   { WPScan::Plugin }

spec/app/finders/plugins/known_locations_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::KnownLocations do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'plugins', 'known_locations') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('plugins', 'known_locations') }
 
   describe '#aggressive' do
     xit

spec/app/finders/plugins/query_parameter_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::QueryParameter do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(DYNAMIC_FINDERS_FIXTURES, 'plugin_version') }
+  let(:fixtures)   { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
 
   describe '#passive' do
     its(:passive) { should be nil }

spec/app/finders/plugins/urls_in_homepage_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::UrlsInHomepage do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'plugins', 'urls_in_homepage') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('plugins', 'urls_in_homepage') }
 
   it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
     let(:type)                { 'plugins' }
@@ -17,7 +15,7 @@ describe WPScan::Finders::Plugins::UrlsInHomepage do
   describe '#passive' do
     before do
       stub_request(:get, finder.target.url)
-        .to_return(body: File.read(File.join(fixtures, 'found.html')))
+        .to_return(body: File.read(fixtures.join('found.html')))
 
       expect(finder.target).to receive(:content_dir).at_least(1).and_return('wp-content')
     end

spec/app/finders/plugins/xpath_spec.rb

@@ -1,11 +1,9 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::Xpath do
   it_behaves_like WPScan::Finders::DynamicFinder::WpItems::Finder do
     subject(:finder)   { described_class.new(target) }
     let(:target)       { WPScan::Target.new(url) }
     let(:url)          { 'http://wp.lab/' }
-    let(:fixtures)     { File.join(DYNAMIC_FINDERS_FIXTURES, 'plugin_version') }
+    let(:fixtures)     { DYNAMIC_FINDERS_FIXTURES.join('plugin_version') }
 
     let(:expected_all) { df_expected_all['plugins'] }
     let(:item_class)   { WPScan::Plugin }

spec/app/finders/plugins_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Plugins::Base do
   subject(:plugins) { described_class.new(target) }
   let(:target)      { WPScan::Target.new(url) }

spec/app/finders/theme_version/style_spec.rb

@@ -1,13 +1,11 @@
-require 'spec_helper'
-
 describe WPScan::Finders::ThemeVersion::Style do
   subject(:finder) { described_class.new(theme) }
   let(:theme)      { WPScan::Theme.new('spec', target) }
   let(:target)     { WPScan::Target.new('http://wp.lab/') }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'theme_version', 'style') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('theme_version', 'style') }
 
   before :all do
-    Typhoeus::Config.cache = WPScan::Cache::Typhoeus.new(File.join(SPECS, 'cache'))
+    Typhoeus::Config.cache = WPScan::Cache::Typhoeus.new(SPECS.join('cache'))
   end
 
   before do
@@ -79,7 +77,7 @@ describe WPScan::Finders::ThemeVersion::Style do
       'no_version' => nil
     }.each do |file, expected_version|
       context "when #{file}" do
-        let(:style_body) { File.new(File.join(fixtures, "#{file}.css")) }
+        let(:style_body) { File.new(fixtures.join("#{file}.css")) }
 
         it 'returns the expected version' do
           expected = if expected_version

spec/app/finders/theme_version/woo_framework_meta_generator_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::ThemeVersion::WooFrameworkMetaGenerator do
   subject(:finder) { described_class.new(theme) }
   let(:theme)      { WPScan::Theme.new(slug, target) }
   let(:target)     { WPScan::Target.new('http://wp.lab/') }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'theme_version', 'woo_framework_meta_generator') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('theme_version', 'woo_framework_meta_generator') }
 
   before do
     expect(target).to receive(:content_dir).and_return('wp-content')
@@ -13,7 +11,7 @@ describe WPScan::Finders::ThemeVersion::WooFrameworkMetaGenerator do
 
   describe '#passive' do
     after do
-      stub_request(:get, target.url).to_return(body: File.read(File.join(fixtures, 'editorial-1.3.5.html')))
+      stub_request(:get, target.url).to_return(body: File.read(fixtures.join('editorial-1.3.5.html')))
 
       expect(finder.passive).to eql @expected
     end

spec/app/finders/theme_version_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::ThemeVersion::Base do
   subject(:theme_version) { described_class.new(theme) }
   let(:theme)             { WPScan::Plugin.new(slug, target) }

spec/app/finders/themes/known_locations_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Themes::KnownLocations do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'themes', 'known_locations') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('themes', 'known_locations') }
 
   describe '#aggressive' do
     xit

spec/app/finders/themes/urls_in_homepage_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Themes::UrlsInHomepage do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'themes', 'urls_in_homepage') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('themes', 'urls_in_homepage') }
 
   it_behaves_like 'App::Finders::WpItems::URLsInHomepage' do
     let(:type)                { 'themes' }

spec/app/finders/themes_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Themes::Base do
   subject(:themes) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/timthumb_version/bad_request_spec.rb

@@ -1,13 +1,11 @@
-require 'spec_helper'
-
 describe WPScan::Finders::TimthumbVersion::BadRequest do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Timthumb.new(url) }
   let(:url)        { 'http://ex.lo/timthumb.php' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'timthumb_version', 'bad_request') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('timthumb_version', 'bad_request') }
 
   describe '#aggressive' do
-    before { stub_request(:get, url).to_return(body: File.read(File.join(fixtures, file))) }
+    before { stub_request(:get, url).to_return(body: File.read(fixtures.join(file))) }
     after  { expect(finder.aggressive).to eql @expected }
 
     context 'when no version' do

spec/app/finders/timthumb_version_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::TimthumbVersion::Base do
   subject(:timthumb_version) { described_class.new(target) }
   let(:target)               { WPScan::Timthumb.new(url) }

spec/app/finders/timthumbs/known_locations_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Timthumbs::KnownLocations do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'timthumbs', 'known_locations') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('timthumbs', 'known_locations') }
 
   describe '#aggressive' do
     xit

spec/app/finders/timthumbs_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Timthumbs::Base do
   subject(:timthumb) { described_class.new(target) }
   let(:target)       { WPScan::Target.new(url) }

spec/app/finders/users/author_id_brute_forcing_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::AuthorIdBruteForcing do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'users', 'author_id_brute_forcing') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'author_id_brute_forcing') }
 
   describe '#aggressive' do
     xit
@@ -26,7 +24,7 @@ describe WPScan::Finders::Users::AuthorIdBruteForcing do
       '2.9.2', '2.9.2-permalink'
     ].each do |file|
       it "returns 'admin' from #{file}.html" do
-        body = File.read(File.join(fixtures, "#{file}.html"))
+        body = File.read(fixtures.join("#{file}.html"))
         res = Typhoeus::Response.new(body: body)
 
         expect(finder.username_from_response(res)).to eql 'admin'
@@ -42,7 +40,7 @@ describe WPScan::Finders::Users::AuthorIdBruteForcing do
         '2.9.2', '2.9.2-permalink'
       ].each do |file|
         it "returns 'admin display_name' from #{file}.html" do
-          body = File.read(File.join(fixtures, "#{file}.html"))
+          body = File.read(fixtures.join("#{file}.html"))
 
           expect(finder.display_name_from_body(body)).to eql 'admin display_name'
         end
@@ -52,7 +50,7 @@ describe WPScan::Finders::Users::AuthorIdBruteForcing do
     context 'when no display_name' do
       ['4.1.1', '3.0', '2.9.2'].each do |file|
         it "returns nil for #{file}-empty.html" do
-          body = File.read(File.join(fixtures, "#{file}-empty.html"))
+          body = File.read(fixtures.join("#{file}-empty.html"))
 
           expect(finder.display_name_from_body(body)).to eql nil
         end

spec/app/finders/users/author_posts_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::AuthorPosts do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'users', 'author_posts') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'author_posts') }
 
   describe '#passive' do
     xit
@@ -12,7 +10,7 @@ describe WPScan::Finders::Users::AuthorPosts do
 
   describe '#potential_usernames' do
     it 'returns the expected usernames' do
-      res = Typhoeus::Response.new(body: File.read(File.join(fixtures, 'potential_usernames.html')))
+      res = Typhoeus::Response.new(body: File.read(fixtures.join('potential_usernames.html')))
 
       results = finder.potential_usernames(res)
 

spec/app/finders/users/login_error_messages_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::LoginErrorMessages do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'users', 'login_error_messages') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'login_error_messages') }
 
   describe '#aggressive' do
     xit

spec/app/finders/users/oembed_api_spec.rb

@@ -1,12 +1,63 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::OembedApi do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'users', 'oembed_api') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'oembed_api') }
 
   describe '#aggressive' do
-    xit
+    before do
+      allow(target).to receive(:sub_dir).and_return(false)
+      stub_request(:get, finder.api_url).to_return(body: body)
+    end
+
+    context 'when not a JSON response' do
+      let(:body) { '' }
+
+      its(:aggressive) { should eql([]) }
+    end
+
+    context 'when a JSON response' do
+      context 'when 404' do
+        let(:body) { File.read(fixtures.join('404.json')) }
+
+        its(:aggressive) { should eql([]) }
+      end
+
+      context 'when 200' do
+        context 'when author_url present' do
+          let(:body) { File.read(fixtures.join('200_author_url.json')) }
+
+          it 'returns the expected array of users' do
+            users = finder.aggressive
+
+            expect(users.size).to eql 1
+
+            user = users.first
+
+            expect(user.username).to eql 'admin'
+            expect(user.confidence).to eql 90
+            expect(user.found_by).to eql 'Oembed API - Author URL (Aggressive Detection)'
+            expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json']
+          end
+        end
+
+        context 'when author_url not present but author_name' do
+          let(:body) { File.read(fixtures.join('200_author_name.json')) }
+
+          it 'returns the expected array of users' do
+            users = finder.aggressive
+
+            expect(users.size).to eql 1
+
+            user = users.first
+
+            expect(user.username).to eql 'admin sa'
+            expect(user.confidence).to eql 70
+            expect(user.found_by).to eql 'Oembed API - Author Name (Aggressive Detection)'
+            expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/oembed/1.0/embed?url=http://wp.lab/&format=json']
+          end
+        end
+      end
+    end
   end
 end

spec/app/finders/users/rss_generator_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::RSSGenerator do
   subject(:finder)  { described_class.new(target) }
   let(:target)      { WPScan::Target.new(url) }
   let(:url)         { 'http://ex.lo/' }
-  let(:fixtures)    { Pathname.new(FINDERS_FIXTURES).join('users', 'rss_generator') }
+  let(:fixtures)    { FINDERS_FIXTURES.join('users', 'rss_generator') }
   let(:rss_fixture) { File.read(fixtures.join('feed.xml')) }
 
   describe '#passive, #aggressive' do
@@ -41,7 +39,7 @@ describe WPScan::Finders::Users::RSSGenerator do
     end
 
     context 'when RSS link in homepage' do
-      let(:homepage_fixture) { File.join(fixtures, 'homepage_links.html') }
+      let(:homepage_fixture) { fixtures.join('homepage_links.html') }
 
       it 'returns the expected from #passive' do
         stub_request(:get, target.url('feed/')).to_return(body: rss_fixture)

spec/app/finders/users/wp_json_api_spec.rb

@@ -1,46 +1,80 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::WpJsonApi do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }
   let(:url)        { 'http://wp.lab/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'users', 'wp_json_api') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('users', 'wp_json_api') }
 
   describe '#aggressive' do
-    before do
-      # allow(target).to receive(:content_dir).and_return('wp-content')
-      allow(target).to receive(:sub_dir).and_return(false)
-      stub_request(:get, finder.api_url).to_return(body: body)
-    end
+    before { allow(target).to receive(:sub_dir).and_return(false) }
 
-    context 'when not a JSON response' do
-      let(:body) { '' }
+    context 'when only one page of results' do
+      before do
+        stub_request(:get, finder.api_url)
+          .with(query: { page: 1, per_page: 100 })
+          .to_return(body: body, headers: {})
+      end
 
-      its(:aggressive) { should eql([]) }
-    end
-
-    context 'when a JSON response' do
-      context 'when unauthorised' do
-        let(:body) { File.read(File.join(fixtures, '401.json')) }
+      context 'when not a JSON response' do
+        let(:body) { '' }
 
         its(:aggressive) { should eql([]) }
       end
 
-      context 'when limited exposure (WP >= 4.7.1)' do
-        let(:body) { File.read(File.join(fixtures, '4.7.2.json')) }
+      context 'when a JSON response' do
+        context 'when unauthorised' do
+          let(:body) { File.read(fixtures.join('401.json')) }
 
-        it 'returns the expected array of users' do
-          users = finder.aggressive
-
-          expect(users.size).to eql 1
-
-          user = users.first
-
-          expect(user.id).to eql 1
-          expect(user.username).to eql 'admin'
-          expect(user.confidence).to eql 100
-          expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/wp/v2/users/']
+          its(:aggressive) { should eql([]) }
         end
+
+        context 'when limited exposure (WP >= 4.7.1)' do
+          let(:body) { File.read(fixtures.join('4.7.2.json')) }
+
+          it 'returns the expected array of users' do
+            users = finder.aggressive
+
+            expect(users.size).to eql 1
+
+            user = users.first
+
+            expect(user.id).to eql 1
+            expect(user.username).to eql 'admin'
+            expect(user.confidence).to eql 100
+            expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/wp/v2/users/?page=1&per_page=100']
+          end
+        end
+      end
+    end
+
+    context 'when multiple pages of results' do
+      before do
+        stub_request(:get, finder.api_url)
+          .with(query: { page: 1, per_page: 100 })
+          .to_return(body: File.read(fixtures.join('4.7.2.json')), headers: { 'X-WP-TotalPages' => 2 })
+
+        stub_request(:get, finder.api_url)
+          .with(query: { page: 2, per_page: 100 })
+          .to_return(body: File.read(fixtures.join('4.7.2-2.json')), headers: { 'X-WP-TotalPages' => 2 })
+      end
+
+      it 'returns the expected array of users' do
+        users = finder.aggressive
+
+        expect(users.size).to eql 2
+
+        user = users.first
+
+        expect(user.id).to eql 1
+        expect(user.username).to eql 'admin'
+        expect(user.confidence).to eql 100
+        expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/wp/v2/users/?page=1&per_page=100']
+
+        user = users.second
+
+        expect(user.id).to eql 20
+        expect(user.username).to eql 'user'
+        expect(user.confidence).to eql 100
+        expect(user.interesting_entries).to eql ['http://wp.lab/wp-json/wp/v2/users/?page=2&per_page=100']
       end
     end
   end

spec/app/finders/users/yoast_seo_author_sitemap_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::YoastSeoAuthorSitemap do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url) }

spec/app/finders/users_spec.rb

@@ -1,5 +1,3 @@
-require 'spec_helper'
-
 describe WPScan::Finders::Users::Base do
   subject(:user) { described_class.new(target) }
   let(:target)   { WPScan::Target.new(url) }

spec/app/finders/wp_version/atom_generator_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::WpVersion::AtomGenerator do
   subject(:finder)   { described_class.new(target) }
   let(:target)       { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)          { 'http://ex.lo/' }
-  let(:fixtures)     { Pathname.new(FINDERS_FIXTURES).join('wp_version', 'atom_generator') }
+  let(:fixtures)     { FINDERS_FIXTURES.join('wp_version', 'atom_generator') }
   let(:atom_fixture) { File.read(fixtures.join('feed', 'atom')) }
 
   describe '#passive, #aggressive' do
@@ -38,7 +36,7 @@ describe WPScan::Finders::WpVersion::AtomGenerator do
     end
 
     context 'when atom links in homepage' do
-      let(:homepage_fixture) { File.join(fixtures, 'links.html') }
+      let(:homepage_fixture) { fixtures.join('links.html') }
 
       it 'returns the expected from #passive' do
         stub_request(:get, target.url('?feed=atom')).to_return(body: atom_fixture)

spec/app/finders/wp_version/rdf_generator_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::WpVersion::RDFGenerator do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'wp_version', 'rdf_generator') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('wp_version', 'rdf_generator') }
 
   xit
 end

spec/app/finders/wp_version/readme_spec.rb

@@ -1,14 +1,12 @@
-require 'spec_helper'
-
 describe WPScan::Finders::WpVersion::Readme do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'wp_version', 'readme') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('wp_version', 'readme') }
   let(:readme_url) { url + 'readme.html' }
 
   describe '#aggressive' do
-    before { stub_request(:get, readme_url).to_return(body: File.read(File.join(fixtures, file))) }
+    before { stub_request(:get, readme_url).to_return(body: File.read(fixtures.join(file))) }
 
     after do
       expect(target).to receive(:sub_dir).and_return(false)

spec/app/finders/wp_version/rss_generator_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::WpVersion::RSSGenerator do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'wp_version', 'rss_generator') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('wp_version', 'rss_generator') }
 
   xit
 end

spec/app/finders/wp_version/unique_fingerprinting_spec.rb

@@ -1,10 +1,8 @@
-require 'spec_helper'
-
 describe WPScan::Finders::WpVersion::UniqueFingerprinting do
   subject(:finder) { described_class.new(target) }
   let(:target)     { WPScan::Target.new(url).extend(CMSScanner::Target::Server::Apache) }
   let(:url)        { 'http://ex.lo/' }
-  let(:fixtures)   { File.join(FINDERS_FIXTURES, 'wp_version', 'unique_fingerprinting') }
+  let(:fixtures)   { FINDERS_FIXTURES.join('wp_version', 'unique_fingerprinting') }
 
   xit
 end