Updates spec for #1342

Updates class comment
Fixes #1342
2019-05-03 14:25:17 +01:00 · 2019-05-03 14:23:04 +01:00 · 2019-05-03 14:04:50 +01:00 · 2019-05-03 11:54:25 +01:00 · 2019-05-01 19:50:43 +01:00 · 2019-04-29 15:48:07 +01:00
1221 changed files with 217224 additions and 1531 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -12,5 +12,5 @@ spec/
 Dockerfile
 **/*.orig
 *.orig
-bin/wpscan-docker*
+bin/wpscan-*
 .wpscan/
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,3 +1,14 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: ''
 labels: ''
 assignees: ''
 ---
 Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.
 ### Subject of the issue
 Describe your issue here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
 title: ''
 labels: ''
 assignees: ''
 ---
 **Is your feature request related to a problem? Please describe.**
 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 **Describe the solution you'd like**
 A clear and concise description of what you want to happen.
 **Describe alternatives you've considered**
 A clear and concise description of any alternative solutions or features you've considered.
 **Additional context**
 Add any other context or screenshots about the feature request here.
--- a/.github/ISSUE_TEMPLATE/other-issue.md
+++ b/.github/ISSUE_TEMPLATE/other-issue.md
@@ -0,0 +1,10 @@
 ---
 name: Other Issue
 about: Create a report which is not a related to a Bug or Feature
 title: ''
 labels: ''
 assignees: ''
 ---
 Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,6 @@ doc/
 # Old files from v2
 cache/
 data/
 # Profiling reports
 bin/memprof*.report
--- a/.rspec
+++ b/.rspec
@@ -1,2 +1,3 @@
 --color
 --fail-fast
 --require spec_helper
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -1,5 +1,6 @@
 require: rubocop-performance
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.4
  Exclude:
  - '*.gemspec'
  - 'vendor/**/*'
@@ -22,7 +23,5 @@ Metrics/CyclomaticComplexity:
  Max: 8
 Style/Documentation:
  Enabled: false
 Style/FrozenStringLiteralComment:
  Enabled: false
 Style/FormatStringToken:
  Enabled: false
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.5.3
+2.6.2
--- a/.simplecov
+++ b/.simplecov
@@ -0,0 +1,4 @@
 SimpleCov.start do
  add_filter '/spec/'
  add_filter 'helper'
 end
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,28 +2,26 @@ language: ruby
 sudo: false
 cache: bundler
 rvm:
  - 2.3.0
  - 2.3.1
  - 2.3.2
  - 2.3.3
  - 2.3.4
  - 2.3.5
  - 2.3.6
  - 2.3.7
  - 2.3.8
  - 2.4.1
  - 2.4.2
  - 2.4.3
  - 2.4.4
  - 2.4.5
  - 2.4.6
  - 2.5.0
  - 2.5.1
  - 2.5.2
  - 2.5.3
  - 2.5.4
  - 2.5.5
  - 2.6.0
  - 2.6.1
  - 2.6.2
  - 2.6.3
  - ruby-head
 before_install:
  - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
-  - "gem update --system"
+  - gem update --system
 matrix:
  allow_failures:
    - rvm: ruby-head
--- a/7
+++ b/7
@@ -1,4 +1,4 @@
-FROM ruby:2.5.1-alpine AS builder
+FROM ruby:2.6.2-alpine3.9 AS builder
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 ARG BUNDLER_ARGS="--jobs=8 --without test development"
@@ -19,19 +19,22 @@ RUN rake install --trace
 RUN chmod -R a+r /usr/local/bundle
-FROM ruby:2.5-alpine
+FROM ruby:2.6.2-alpine3.9
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 RUN adduser -h /wpscan -g WPScan -D wpscan
 COPY --from=builder /usr/local/bundle /usr/local/bundle
 RUN chown -R wpscan:wpscan /wpscan
 # runtime dependencies
 RUN apk add --no-cache libcurl procps sqlite-libs
 WORKDIR /wpscan
 USER wpscan
 RUN /usr/local/bundle/bin/wpscan --update --verbose
 ENTRYPOINT ["/usr/local/bundle/bin/wpscan"]
--- a/4
+++ b/4
@@ -1,2 +1,6 @@
 # frozen_string_literal: true
 source 'https://rubygems.org'
 gemspec
 # gem 'cms_scanner', branch: 'xxx', git: 'https://github.com/wpscanteam/CMSScanner.git'
--- a/10
+++ b/10
@@ -1,14 +1,14 @@
 WPScan Public Source License
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2019 WPScan Team.
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
 1. Definitions
-1.1 “License” means this document.
+1.1 "License" means this document.
-1.2 “Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
+1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
-1.3 “WPScan Team” means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
+1.3 "WPScan Team" means WPScan’s core developers.
 2. Commercialization
@@ -59,7 +59,7 @@ WPScan is provided under an AS-IS basis and without any support, updates or main
 8. Disclaimer of Warranty
-WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
+WPScan is provided under this License on an "as is" basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
 9. Limitation of Liability
--- a/README.md
+++ b/README.md
@@ -1,29 +1,49 @@
-![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png "WPScan - WordPress Security Scanner")
+<p align="center">
  <a href="https://wpscan.org/">
    <img src="https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png" alt="WPScan logo">
  </a>
 </p>
-[![Gem Version](https://badge.fury.io/rb/wpscan.svg)](https://badge.fury.io/rb/wpscan)
+<h3 align="center">WPScan</h3>
-[![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
+
-[![Code Climate](https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
+<p align="center">
-[![Patreon Donate](https://img.shields.io/badge/patreon-donate-green.svg)](https://www.patreon.com/wpscan)
+  WordPress Vulnerability Scanner
  <br>
  <br>
  <a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress plugin" target="_blank">WordPress Plugin</a>
 </p>
 <p align="center">
  <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
  <a href="https://travis-ci.org/wpscanteam/wpscan" target="_blank"><img src="https://travis-ci.org/wpscanteam/wpscan.svg?branch=master"></a>
  <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
  <a href="https://www.patreon.com/wpscan" target="_blank"><img src="https://img.shields.io/badge/patreon-donate-green.svg"></a>
 </p>
 # INSTALL
-## Prerequisites:
+## Prerequisites
 - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
 - Ruby >= 2.3 - Recommended: latest
- Curl >= 7.21  - Recommended: latest - FYI the 7.29 has a segfault
+  - Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
 - Curl >= 7.21  - Recommended: latest
  - The 7.29 has a segfault
 - RubyGems      - Recommended: latest
-### From RubyGems:
+### From RubyGems (Recommended)
-```
+```shell
 gem install wpscan
 ```
-### From sources:
+On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's System Integrity Protection (SIP), either install RVM and install wpscan again, or run ```sudo gem install -n /usr/local/bin wpscan``` (see [#1286](https://github.com/wpscanteam/wpscan/issues/1286))
 ### From sources (NOT Recommended)
 Prerequisites: Git
-```
+```shell
 git clone https://github.com/wpscanteam/wpscan
 cd wpscan/
@@ -31,19 +51,28 @@ cd wpscan/
 bundle install && rake install
 ```
 # Updating
 You can update the local database by using ```wpscan --update```
 Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending how WPScan was (pre)installed
 # Docker
 Pull the repo with ```docker pull wpscanteam/wpscan```
 Enumerating usernames
-```
+
 ```shell
 docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u
 ```
 Enumerating a range of usernames
-```
+
 ```shell
 docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-100
 ```
 ** replace u1-100 with a range of your choice.
 # Usage
@@ -57,55 +86,50 @@ The DB is located at ~/.wpscan/db
 WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
-* ~/.wpscan/cli_options.json
+- ~/.wpscan/cli_options.json
-* ~/.wpscan/cli_options.yml
+- ~/.wpscan/cli_options.yml
-* pwd/.wpscan/cli_options.json
+- pwd/.wpscan/cli_options.json
-* pwd/.wpscan/cli_options.yml
+- pwd/.wpscan/cli_options.yml
 If those files exist, options from them will be loaded and overridden if found twice.
 e.g:
 ~/.wpscan/cli_options.yml:
-```
+
 ```yml
 proxy: 'http://127.0.0.1:8080'
 verbose: true
 ```
 pwd/.wpscan/cli_options.yml:
-```
+
 ```yml
 proxy: 'socks5://127.0.0.1:9090'
 url: 'http://target.tld'
 ```
 Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
 Enumerating usernames
-```
+
 ```shell
 wpscan --url https://target.tld/ --enumerate u
 ```
 Enumerating a range of usernames
-```
+
 ```shell
 wpscan --url https://target.tld/ --enumerate u1-100
 ```
 ** replace u1-100 with a range of your choice.
 # PROJECT HOME
 [https://wpscan.org](https://wpscan.org)
 # VULNERABILITY DATABASE
 [https://wpvulndb.com](https://wpvulndb.com)
 # LICENSE
 ## WPScan Public Source License
-The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2018 WPScan Team.
+The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2019 WPScan Team.
 Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
@@ -115,7 +139,7 @@ Cases that include commercialization of WPScan require a commercial, non-free li
 1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
-1.3 "WPScan Team" means WPScan’s core developers, an updated list of whom can be found within the CREDITS file.
+1.3 "WPScan Team" means WPScan’s core developers.
 ### 2. Commercialization
@@ -123,30 +147,28 @@ A commercial use is one intended for commercial advantage or monetary compensati
 Example cases of commercialization are:
- - Using WPScan to provide commercial managed/Software-as-a-Service services.
+- Using WPScan to provide commercial managed/Software-as-a-Service services.
- - Distributing WPScan as a commercial product or as part of one.
+- Distributing WPScan as a commercial product or as part of one.
- - Using WPScan as a value added service/product.
+- Using WPScan as a value added service/product.
 Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
- - Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
+- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
- - Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
+- Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
- - Using WPScan to test your own systems.
+- Using WPScan to test your own systems.
- - Any non-commercial use of WPScan.
+- Any non-commercial use of WPScan.
 If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
 We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
 Free-use Terms and Conditions;
 ### 3. Redistribution
 Redistribution is permitted under the following conditions:
- - Unmodified License is provided with WPScan.
+- Unmodified License is provided with WPScan.
- - Unmodified Copyright notices are provided with WPScan.
+- Unmodified Copyright notices are provided with WPScan.
- - Does not conflict with the commercialization clause.
+- Does not conflict with the commercialization clause.
 ### 4. Copying
--- a/app/app.rb
+++ b/app/app.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'models'
 require_relative 'finders'
 require_relative 'controllers'
--- a/app/controllers.rb
+++ b/app/controllers.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'controllers/core'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'
--- a/app/controllers/aliases.rb
+++ b/app/controllers/aliases.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Controller to add the aliases in the CLI
--- a/app/controllers/core.rb
+++ b/app/controllers/core.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Specific Core controller to include WordPress checks
@@ -25,53 +27,56 @@ module WPScan
      # @return [ Boolean ]
      def update_db_required?
        if local_db.missing_files?
-          raise MissingDatabaseFile if parsed_options[:update] == false
+          raise Error::MissingDatabaseFile if ParsedCli.update == false
          return true
        end
-        return parsed_options[:update] unless parsed_options[:update].nil?
+        return ParsedCli.update unless ParsedCli.update.nil?
        return false unless user_interaction? && local_db.outdated?
        output('@notice', msg: 'It seems like you have not updated the database for some time.')
        print '[?] Do you want to update now? [Y]es [N]o, default: [N]'
-        Readline.readline =~ /^y/i ? true : false
+        /^y/i.match?(Readline.readline) ? true : false
      end
      def update_db
        output('db_update_started')
-        output('db_update_finished', updated: local_db.update, verbose: parsed_options[:verbose])
+        output('db_update_finished', updated: local_db.update, verbose: ParsedCli.verbose)
-        exit(0) unless parsed_options[:url]
+        exit(0) unless ParsedCli.url
      end
      def before_scan
        @last_update = local_db.last_update
-        maybe_output_banner_help_and_version # From CMS Scanner
+        maybe_output_banner_help_and_version # From CMSScanner
        update_db if update_db_required?
        setup_cache
        check_target_availability
        load_server_module
        check_wordpress_state
      rescue Error::NotWordPress => e
        target.maybe_add_cookies
        raise e unless target.wordpress?(ParsedCli.detection_mode)
      end
      # Raises errors if the target is hosted on wordpress.com or is not running WordPress
      # Also check if the homepage_url is still the install url
      def check_wordpress_state
-        raise WordPressHostedError if target.wordpress_hosted?
+        raise Error::WordPressHosted if target.wordpress_hosted?
-        if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i
+        if %r{/wp-admin/install.php$}i.match?(Addressable::URI.parse(target.homepage_url).path)
          output('not_fully_configured', url: target.homepage_url)
          exit(WPScan::ExitCode::VULNERABLE)
        end
-        raise NotWordPressError unless target.wordpress? || parsed_options[:force]
+        raise Error::NotWordPress unless target.wordpress?(ParsedCli.detection_mode) || ParsedCli.force
      end
      # Loads the related server module in the target
@@ -83,7 +88,7 @@ module WPScan
        server = target.server || :Apache # Tries to auto detect the server
        # Force a specific server module to be loaded if supplied
-        case parsed_options[:server]
+        case ParsedCli.server
        when :apache
          server = :Apache
        when :iis
@@ -95,7 +100,7 @@ module WPScan
        mod = CMSScanner::Target::Server.const_get(server)
        target.extend mod
-        WPScan::WpItem.include mod
+        Model::WpItem.include mod
        server
      end
--- a/app/controllers/custom_directories.rb
+++ b/app/controllers/custom_directories.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Controller to ensure that the wp-content and wp-plugins
@@ -5,18 +7,20 @@ module WPScan
    class CustomDirectories < CMSScanner::Controller::Base
      def cli_options
        [
-          OptString.new(['--wp-content-dir DIR']),
+          OptString.new(['--wp-content-dir DIR',
-          OptString.new(['--wp-plugins-dir DIR'])
+                         'The wp-content directory if custom or not detected, such as "wp-content"']),
          OptString.new(['--wp-plugins-dir DIR',
                         'The plugins directory if custom or not detected, such as "wp-content/plugins"'])
        ]
      end
      def before_scan
-        target.content_dir = parsed_options[:wp_content_dir] if parsed_options[:wp_content_dir]
+        target.content_dir = ParsedCli.wp_content_dir if ParsedCli.wp_content_dir
-        target.plugins_dir = parsed_options[:wp_plugins_dir] if parsed_options[:wp_plugins_dir]
+        target.plugins_dir = ParsedCli.wp_plugins_dir if ParsedCli.wp_plugins_dir
-        return if target.content_dir
+        return if target.content_dir(ParsedCli.detection_mode)
-        raise 'Unable to identify the wp-content dir, please supply it with --wp-content-dir'
+        raise Error::WpContentDirNotDetected
      end
    end
  end
--- a/app/controllers/enumeration.rb
+++ b/app/controllers/enumeration.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'enumeration/cli_options'
 require_relative 'enumeration/enum_methods'
@@ -8,10 +10,14 @@ module WPScan
      def before_scan
        DB::DynamicFinders::Plugin.create_versions_finders
        DB::DynamicFinders::Theme.create_versions_finders
        # Force the Garbage Collector to run due to the above method being
        # quite heavy in objects allocation
        GC.start
      end
      def run
-        enum = parsed_options[:enumerate] || {}
+        enum = ParsedCli.enumerate || {}
        enum_plugins if enum_plugins?(enum)
        enum_themes  if enum_themes?(enum)
--- a/app/controllers/enumeration/cli_options.rb
+++ b/app/controllers/enumeration/cli_options.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Enumeration CLI Options
@@ -98,7 +100,7 @@ module WPScan
        [
          OptFilePath.new(
            ['--timthumbs-list FILE-PATH', 'List of timthumbs\' location to use'],
-            exists: true, default: File.join(DB_DIR, 'timthumbs-v3.txt'), advanced: true
+            exists: true, default: DB_DIR.join('timthumbs-v3.txt').to_s, advanced: true
          ),
          OptChoice.new(
            ['--timthumbs-detection MODE',
@@ -113,7 +115,7 @@ module WPScan
        [
          OptFilePath.new(
            ['--config-backups-list FILE-PATH', 'List of config backups\' filenames to use'],
-            exists: true, default: File.join(DB_DIR, 'config_backups.txt'), advanced: true
+            exists: true, default: DB_DIR.join('config_backups.txt').to_s, advanced: true
          ),
          OptChoice.new(
            ['--config-backups-detection MODE',
@@ -128,7 +130,7 @@ module WPScan
        [
          OptFilePath.new(
            ['--db-exports-list FILE-PATH', 'List of DB exports\' paths to use'],
-            exists: true, default: File.join(DB_DIR, 'db_exports.txt'), advanced: true
+            exists: true, default: DB_DIR.join('db_exports.txt').to_s, advanced: true
          ),
          OptChoice.new(
            ['--db-exports-detection MODE',
--- a/app/controllers/enumeration/enum_methods.rb
+++ b/app/controllers/enumeration/enum_methods.rb
@@ -1,37 +1,53 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Enumeration Methods
    class Enumeration < CMSScanner::Controller::Base
      # @param [ String ] type (plugins or themes)
      # @param [ Symbol ] detection_mode
      #
-      # @return [ String ] The related enumration message depending on the parsed_options and type supplied
+      # @return [ String ] The related enumration message depending on the ParsedCli and type supplied
-      def enum_message(type)
+      def enum_message(type, detection_mode)
        return unless %w[plugins themes].include?(type)
-        details = if parsed_options[:enumerate][:"vulnerable_#{type}"]
+        details = if ParsedCli.enumerate[:"vulnerable_#{type}"]
                    'Vulnerable'
-                  elsif parsed_options[:enumerate][:"all_#{type}"]
+                  elsif ParsedCli.enumerate[:"all_#{type}"]
                    'All'
                  else
                    'Most Popular'
                  end
-        "Enumerating #{details} #{type.capitalize}"
+        "Enumerating #{details} #{type.capitalize} #{enum_detection_message(detection_mode)}"
      end
      # @param [ Symbol ] detection_mode
      #
      # @return [ String ]
      def enum_detection_message(detection_mode)
        detection_method = if detection_mode == :mixed
                             'Passive and Aggressive'
                           else
                             detection_mode.to_s.capitalize
                           end
        "(via #{detection_method} Methods)"
      end
      # @param [ String ] type (plugins, themes etc)
      #
      # @return [ Hash ]
      def default_opts(type)
-        mode = parsed_options[:"#{type}_detection"] || parsed_options[:detection_mode]
+        mode = ParsedCli.options[:"#{type}_detection"] || ParsedCli.detection_mode
        {
          mode: mode,
-          exclude_content: parsed_options[:exclude_content_based],
+          exclude_content: ParsedCli.exclude_content_based,
          show_progression: user_interaction?,
          version_detection: {
-            mode: parsed_options[:"#{type}_version_detection"] || mode,
+            mode: ParsedCli.options[:"#{type}_version_detection"] || mode,
-            confidence_threshold: parsed_options[:"#{type}_version_all"] ? 0 : 100
+            confidence_threshold: ParsedCli.options[:"#{type}_version_all"] ? 0 : 100
          }
        }
      end
@@ -45,20 +61,23 @@ module WPScan
      def enum_plugins
        opts = default_opts('plugins').merge(
-          list: plugins_list_from_opts(parsed_options),
+          list: plugins_list_from_opts(ParsedCli.options),
          sort: true
        )
-        output('@info', msg: enum_message('plugins')) if user_interaction?
+        output('@info', msg: enum_message('plugins', opts[:mode])) if user_interaction?
        # Enumerate the plugins & find their versions to avoid doing that when #version
        # is called in the view
        plugins = target.plugins(opts)
-        output('@info', msg: 'Checking Plugin Versions') if user_interaction? && !plugins.empty?
+        if user_interaction? && !plugins.empty?
          output('@info',
                 msg: "Checking Plugin Versions #{enum_detection_message(opts[:version_detection][:mode])}")
        end
        plugins.each(&:version)
-        plugins.select!(&:vulnerable?) if parsed_options[:enumerate][:vulnerable_plugins]
+        plugins.select!(&:vulnerable?) if ParsedCli.enumerate[:vulnerable_plugins]
        output('plugins', plugins: plugins)
      end
@@ -88,20 +107,23 @@ module WPScan
      def enum_themes
        opts = default_opts('themes').merge(
-          list: themes_list_from_opts(parsed_options),
+          list: themes_list_from_opts(ParsedCli.options),
          sort: true
        )
-        output('@info', msg: enum_message('themes')) if user_interaction?
+        output('@info', msg: enum_message('themes', opts[:mode])) if user_interaction?
        # Enumerate the themes & find their versions to avoid doing that when #version
        # is called in the view
        themes = target.themes(opts)
-        output('@info', msg: 'Checking Theme Versions') if user_interaction? && !themes.empty?
+        if user_interaction? && !themes.empty?
          output('@info',
                 msg: "Checking Theme Versions #{enum_detection_message(opts[:version_detection][:mode])}")
        end
        themes.each(&:version)
-        themes.select!(&:vulnerable?) if parsed_options[:enumerate][:vulnerable_themes]
+        themes.select!(&:vulnerable?) if ParsedCli.enumerate[:vulnerable_themes]
        output('themes', themes: themes)
      end
@@ -123,31 +145,33 @@ module WPScan
      end
      def enum_timthumbs
-        opts = default_opts('timthumbs').merge(list: parsed_options[:timthumbs_list])
+        opts = default_opts('timthumbs').merge(list: ParsedCli.timthumbs_list)
-        output('@info', msg: 'Enumerating Timthumbs') if user_interaction?
+        output('@info', msg: "Enumerating Timthumbs #{enum_detection_message(opts[:mode])}") if user_interaction?
        output('timthumbs', timthumbs: target.timthumbs(opts))
      end
      def enum_config_backups
-        opts = default_opts('config_backups').merge(list: parsed_options[:config_backups_list])
+        opts = default_opts('config_backups').merge(list: ParsedCli.config_backups_list)
-        output('@info', msg: 'Enumerating Config Backups') if user_interaction?
+        output('@info', msg: "Enumerating Config Backups #{enum_detection_message(opts[:mode])}") if user_interaction?
        output('config_backups', config_backups: target.config_backups(opts))
      end
      def enum_db_exports
-        opts = default_opts('db_exports').merge(list: parsed_options[:db_exports_list])
+        opts = default_opts('db_exports').merge(list: ParsedCli.db_exports_list)
-        output('@info', msg: 'Enumerating DB Exports') if user_interaction?
+        output('@info', msg: "Enumerating DB Exports #{enum_detection_message(opts[:mode])}") if user_interaction?
        output('db_exports', db_exports: target.db_exports(opts))
      end
      def enum_medias
-        opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias])
+        opts = default_opts('medias').merge(range: ParsedCli.enumerate[:medias])
        if user_interaction?
-          output('@info', msg: 'Enumerating Medias (Permalink setting must be set to "Plain" for those to be detected)')
+          output('@info',
                 msg: "Enumerating Medias #{enum_detection_message(opts[:mode])} "\
                      '(Permalink setting must be set to "Plain" for those to be detected)')
        end
        output('medias', medias: target.medias(opts))
@@ -157,16 +181,16 @@ module WPScan
      #
      # @return [ Boolean ] Wether or not to enumerate the users
      def enum_users?(opts)
-        opts[:users] || (parsed_options[:passwords] && !parsed_options[:username] && !parsed_options[:usernames])
+        opts[:users] || (ParsedCli.passwords && !ParsedCli.username && !ParsedCli.usernames)
      end
      def enum_users
        opts = default_opts('users').merge(
          range: enum_users_range,
-          list: parsed_options[:users_list]
+          list: ParsedCli.users_list
        )
-        output('@info', msg: 'Enumerating Users') if user_interaction?
+        output('@info', msg: "Enumerating Users #{enum_detection_message(opts[:mode])}") if user_interaction?
        output('users', users: target.users(opts))
      end
@@ -174,7 +198,7 @@ module WPScan
      # If the --enumerate is used, the default value is handled by the Option
      # However, when using --passwords alone, the default has to be set by the code below
      def enum_users_range
-        parsed_options[:enumerate][:users] || cli_enum_choices[0].choices[:u].validate(nil)
+        ParsedCli.enumerate[:users] || cli_enum_choices[0].choices[:u].validate(nil)
      end
    end
  end
--- a/app/controllers/main_theme.rb
+++ b/app/controllers/main_theme.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Main Theme Controller
@@ -16,9 +18,9 @@ module WPScan
        output(
          'theme',
          theme: target.main_theme(
-            mode: parsed_options[:main_theme_detection] || parsed_options[:detection_mode]
+            mode: ParsedCli.main_theme_detection || ParsedCli.detection_mode
          ),
-          verbose: parsed_options[:verbose]
+          verbose: ParsedCli.verbose
        )
      end
    end
--- a/app/controllers/password_attack.rb
+++ b/app/controllers/password_attack.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Password Attack Controller
@@ -22,7 +24,7 @@ module WPScan
      end
      def run
-        return unless parsed_options[:passwords]
+        return unless ParsedCli.passwords
        if user_interaction?
          output('@info',
@@ -31,13 +33,13 @@ module WPScan
        attack_opts = {
          show_progression: user_interaction?,
-          multicall_max_passwords: parsed_options[:multicall_max_passwords]
+          multicall_max_passwords: ParsedCli.multicall_max_passwords
        }
        begin
          found = []
-          attacker.attack(users, passwords(parsed_options[:passwords]), attack_opts) do |user|
+          attacker.attack(users, passwords(ParsedCli.passwords), attack_opts) do |user|
            found << user
            attacker.progress_bar.log("[SUCCESS] - #{user.username} / #{user.password}")
@@ -52,21 +54,25 @@ module WPScan
        @attacker ||= attacker_from_cli_options || attacker_from_automatic_detection
      end
-      # @return [ WPScan::XMLRPC ]
+      # @return [ Model::XMLRPC ]
      def xmlrpc
        @xmlrpc ||= target.xmlrpc
      end
      # @return [ CMSScanner::Finders::Finder ]
      def attacker_from_cli_options
-        return unless parsed_options[:password_attack]
+        return unless ParsedCli.password_attack
-        case parsed_options[:password_attack]
+        case ParsedCli.password_attack
        when :wp_login
          WPScan::Finders::Passwords::WpLogin.new(target)
        when :xmlrpc
          raise Error::XMLRPCNotDetected unless xmlrpc
          WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
        when :xmlrpc_multicall
          raise Error::XMLRPCNotDetected unless xmlrpc
          WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
        end
      end
@@ -88,10 +94,10 @@ module WPScan
      # @return [ Array<Users> ] The users to brute force
      def users
-        return target.users unless parsed_options[:usernames]
+        return target.users unless ParsedCli.usernames
-        parsed_options[:usernames].reduce([]) do |acc, elem|
+        ParsedCli.usernames.reduce([]) do |acc, elem|
-          acc << CMSScanner::User.new(elem.chomp)
+          acc << Model::User.new(elem.chomp)
        end
      end
--- a/app/controllers/wp_version.rb
+++ b/app/controllers/wp_version.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Wp Version Controller
@@ -22,8 +24,8 @@ module WPScan
        output(
          'version',
          version: target.wp_version(
-            mode: parsed_options[:wp_version_detection] || parsed_options[:detection_mode],
+            mode: ParsedCli.wp_version_detection || ParsedCli.detection_mode,
-            confidence_threshold: parsed_options[:wp_version_all] ? 0 : 100,
+            confidence_threshold: ParsedCli.wp_version_all ? 0 : 100,
            show_progression: user_interaction?
          )
        )
--- a/app/finders.rb
+++ b/app/finders.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'finders/interesting_findings'
 require_relative 'finders/wp_items'
 require_relative 'finders/wp_version'
--- a/app/finders/config_backups.rb
+++ b/app/finders/config_backups.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'config_backups/known_filenames'
 module WPScan
--- a/app/finders/config_backups/known_filenames.rb
+++ b/app/finders/config_backups/known_filenames.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module ConfigBackups
@@ -13,11 +15,10 @@ module WPScan
        def aggressive(opts = {})
          found = []
-          enumerate(potential_urls(opts), opts) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
            # Might need to improve that
            next unless res.body =~ /define/i && res.body !~ /<\s?html/i
-            found << WPScan::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+            found << Model::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
          end
          found
--- a/app/finders/db_exports.rb
+++ b/app/finders/db_exports.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'db_exports/known_locations'
 module WPScan
--- a/app/finders/db_exports/known_locations.rb
+++ b/app/finders/db_exports/known_locations.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module DbExports
@@ -6,6 +8,8 @@ module WPScan
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator
        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
        # @param [ Hash ] opts
        # @option opts [ String ] :list
        # @option opts [ Boolean ] :show_progression
@@ -14,15 +18,23 @@ module WPScan
        def aggressive(opts = {})
          found = []
-          enumerate(potential_urls(opts), opts) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
-            next unless res.code == 200 && res.body =~ /INSERT INTO/
+            if res.effective_url.end_with?('.zip')
              next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
            else
              next unless res.body =~ SQL_PATTERN
            end
-            found << WPScan::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+            found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
          end
          found
        end
        def full_request_params
          @full_request_params ||= { headers: { 'Range' => 'bytes=0-3000' } }
        end
        # @param [ Hash ] opts
        # @option opts [ String ] :list Mandatory
        #
--- a/app/finders/interesting_findings.rb
+++ b/app/finders/interesting_findings.rb
@@ -1,7 +1,10 @@
 # frozen_string_literal: true
 require_relative 'interesting_findings/readme'
 require_relative 'interesting_findings/wp_cron'
 require_relative 'interesting_findings/multisite'
 require_relative 'interesting_findings/debug_log'
-require_relative 'interesting_findings/backup_db'
+require_relative 'interesting_findings/plugin_backup_folders'
 require_relative 'interesting_findings/mu_plugins'
 require_relative 'interesting_findings/registration'
 require_relative 'interesting_findings/tmm_db_migrate'
@@ -21,9 +24,9 @@ module WPScan
          super(target)
          %w[
-            Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
+            Readme DebugLog FullPathDisclosure PluginBackupFolders DuplicatorInstallerLog
            Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
-            UploadSQLDump EmergencyPwdResetScript
+            UploadSQLDump EmergencyPwdResetScript WPCron
          ].each do |f|
            finders << InterestingFindings.const_get(f).new(target)
          end
--- a/app/finders/interesting_findings/backup_db.rb
+++ b/app/finders/interesting_findings/backup_db.rb
@@ -1,25 +0,0 @@
 module WPScan
  module Finders
    module InterestingFindings
      # BackupDB finder
      class BackupDB < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
          path = 'wp-content/backup-db/'
          url  = target.url(path)
          res  = Browser.get(url)
          return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
          WPScan::BackupDB.new(
            url,
            confidence: 70,
            found_by: DIRECT_ACCESS,
            interesting_entries: target.directory_listing_entries(path),
            references: { url: 'https://github.com/wpscanteam/wpscan/issues/422' }
          )
        end
      end
    end
  end
 end
--- a/app/finders/interesting_findings/debug_log.rb
+++ b/app/finders/interesting_findings/debug_log.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -9,9 +11,10 @@ module WPScan
          return unless target.debug_log?(path)
-          WPScan::DebugLog.new(
+          Model::DebugLog.new(
            target.url(path),
-            confidence: 100, found_by: DIRECT_ACCESS
+            confidence: 100, found_by: DIRECT_ACCESS,
            references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
          )
        end
      end
--- a/app/finders/interesting_findings/duplicator_installer_log.rb
+++ b/app/finders/interesting_findings/duplicator_installer_log.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -5,13 +7,12 @@ module WPScan
      class DuplicatorInstallerLog < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
-          url = target.url('installer-log.txt')
+          path = 'installer-log.txt'
          res = Browser.get(url)
-          return unless res.body =~ /DUPLICATOR INSTALL-LOG/
+          return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/
-          WPScan::DuplicatorInstallerLog.new(
+          Model::DuplicatorInstallerLog.new(
-            url,
+            target.url(path),
            confidence: 100,
            found_by: DIRECT_ACCESS,
            references: { url: 'https://www.exploit-db.com/ghdb/3981/' }
--- a/app/finders/interesting_findings/emergency_pwd_reset_script.rb
+++ b/app/finders/interesting_findings/emergency_pwd_reset_script.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -5,14 +7,14 @@ module WPScan
      class EmergencyPwdResetScript < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
-          url  = target.url('/emergency.php')
+          path = 'emergency.php'
-          res  = Browser.get(url)
+          res  = target.head_and_get(path)
          return unless res.code == 200 && !target.homepage_or_404?(res)
-          WPScan::EmergencyPwdResetScript.new(
+          Model::EmergencyPwdResetScript.new(
-            url,
+            target.url(path),
-            confidence: res.body =~ /password/i ? 100 : 40,
+            confidence: /password/i.match?(res.body) ? 100 : 40,
            found_by: DIRECT_ACCESS,
            references: {
              url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'
--- a/app/finders/interesting_findings/full_path_disclosure.rb
+++ b/app/finders/interesting_findings/full_path_disclosure.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -10,11 +12,12 @@ module WPScan
          return if fpd_entries.empty?
-          WPScan::FullPathDisclosure.new(
+          Model::FullPathDisclosure.new(
            target.url(path),
            confidence: 100,
            found_by: DIRECT_ACCESS,
-            interesting_entries: fpd_entries
+            interesting_entries: fpd_entries,
            references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' }
          )
        end
      end
--- a/app/finders/interesting_findings/mu_plugins.rb
+++ b/app/finders/interesting_findings/mu_plugins.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -7,12 +9,14 @@ module WPScan
        def passive(_opts = {})
          pattern = %r{#{target.content_dir}/mu\-plugins/}i
-          target.in_scope_urls(target.homepage_res) do |url|
+          target.in_scope_uris(target.homepage_res) do |uri|
-            next unless Addressable::URI.parse(url).path =~ pattern
+            next unless uri.path =~ pattern
            url = target.url('wp-content/mu-plugins/')
-            return WPScan::MuPlugins.new(
+            target.mu_plugins = true
            return Model::MuPlugins.new(
              url,
              confidence: 70,
              found_by: 'URLs In Homepage (Passive Detection)',
@@ -31,11 +35,9 @@ module WPScan
          return unless [200, 401, 403].include?(res.code)
          return if target.homepage_or_404?(res)
          # TODO: add the check for --exclude-content once implemented ?
          target.mu_plugins = true
-          WPScan::MuPlugins.new(
+          Model::MuPlugins.new(
            url,
            confidence: 80,
            found_by: DIRECT_ACCESS,
--- a/app/finders/interesting_findings/multisite.rb
+++ b/app/finders/interesting_findings/multisite.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -15,7 +17,7 @@ module WPScan
          target.multisite = true
-          WPScan::Multisite.new(
+          Model::Multisite.new(
            url,
            confidence: 100,
            found_by: DIRECT_ACCESS,
--- a/app/finders/interesting_findings/plugin_backup_folders.rb
+++ b/app/finders/interesting_findings/plugin_backup_folders.rb
@@ -0,0 +1,34 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
      # Known Backup Folders from Plugin finder
      class PluginBackupFolders < CMSScanner::Finders::Finder
        PATHS = %w[wp-content/backup-db/ wp-content/backups-dup-pro/ wp-content/updraft/].freeze
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
          found = []
          PATHS.each do |path|
            res = target.head_and_get(path, [200, 403])
            next unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
            found << Model::PluginBackupFolder.new(
              target.url(path),
              confidence: 70,
              found_by: DIRECT_ACCESS,
              interesting_entries: target.directory_listing_entries(path),
              references: { url: ['https://github.com/wpscanteam/wpscan/issues/422',
                                  'https://github.com/wpscanteam/wpscan/issues/1342'] }
            )
          end
          found
        end
      end
    end
  end
 end
--- a/app/finders/interesting_findings/readme.rb
+++ b/app/finders/interesting_findings/readme.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -5,14 +7,14 @@ module WPScan
      class Readme < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
-          potential_files.each do |file|
+          potential_files.each do |path|
-            url = target.url(file)
+            res = target.head_and_get(path)
            res = Browser.get(url)
-            if res.code == 200 && res.body =~ /wordpress/i
+            next unless res.code == 200 && res.body =~ /wordpress/i
-              return WPScan::Readme.new(url, confidence: 100, found_by: DIRECT_ACCESS)
+
-            end
+            return Model::Readme.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
          end
          nil
        end
--- a/app/finders/interesting_findings/registration.rb
+++ b/app/finders/interesting_findings/registration.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -18,7 +20,7 @@ module WPScan
          target.registration_enabled = true
-          WPScan::Registration.new(
+          Model::Registration.new(
            res.effective_url,
            confidence: 100,
            found_by: DIRECT_ACCESS,
--- a/app/finders/interesting_findings/tmm_db_migrate.rb
+++ b/app/finders/interesting_findings/tmm_db_migrate.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -7,11 +9,11 @@ module WPScan
        def aggressive(_opts = {})
          path = 'wp-content/uploads/tmm_db_migrate/tmm_db_migrate.zip'
          url  = target.url(path)
-          res  = Browser.get(url)
+          res  = browser.forge_request(url, target.head_or_get_request_params).run
          return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
-          WPScan::TmmDbMigrate.new(
+          Model::TmmDbMigrate.new(
            url,
            confidence: 100,
            found_by: DIRECT_ACCESS,
--- a/app/finders/interesting_findings/upload_directory_listing.rb
+++ b/app/finders/interesting_findings/upload_directory_listing.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -11,7 +13,7 @@ module WPScan
          url = target.url(path)
-          WPScan::UploadDirectoryListing.new(
+          Model::UploadDirectoryListing.new(
            url,
            confidence: 100,
            found_by: DIRECT_ACCESS,
--- a/app/finders/interesting_findings/upload_sql_dump.rb
+++ b/app/finders/interesting_findings/upload_sql_dump.rb
@@ -1,27 +1,25 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
      # UploadSQLDump finder
      class UploadSQLDump < CMSScanner::Finders::Finder
-        SQL_PATTERN = /(?:(?:(?:DROP|CREATE) TABLE)|INSERT INTO)/.freeze
+        SQL_PATTERN = /(?:DROP|CREATE|(?:UN)?LOCK) TABLE|INSERT INTO/.freeze
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
-          url = dump_url
+          path = 'wp-content/uploads/dump.sql'
-          res = Browser.get(url)
+          res  = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })
-          return unless res.code == 200 && res.body =~ SQL_PATTERN
+          return unless res.body =~ SQL_PATTERN
-          WPScan::UploadSQLDump.new(
+          Model::UploadSQLDump.new(
-            url,
+            target.url(path),
            confidence: 100,
            found_by: DIRECT_ACCESS
          )
        end
        def dump_url
          target.url('wp-content/uploads/dump.sql')
        end
      end
    end
  end
--- a/app/finders/interesting_findings/wp_cron.rb
+++ b/app/finders/interesting_findings/wp_cron.rb
@@ -0,0 +1,33 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
      # wp-cron.php finder
      class WPCron < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
          res = Browser.get(wp_cron_url)
          return unless res.code == 200
          Model::WPCron.new(
            wp_cron_url,
            confidence: 60,
            found_by: DIRECT_ACCESS,
            references: {
              url: [
                'https://www.iplocation.net/defend-wordpress-from-ddos',
                'https://github.com/wpscanteam/wpscan/issues/1299'
              ]
            }
          )
        end
        def wp_cron_url
          @wp_cron_url ||= target.url('wp-cron.php')
        end
      end
    end
  end
 end
--- a/app/finders/main_theme.rb
+++ b/app/finders/main_theme.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'main_theme/css_style'
 require_relative 'main_theme/woo_framework_meta_generator'
 require_relative 'main_theme/urls_in_homepage'
--- a/app/finders/main_theme/css_style.rb
+++ b/app/finders/main_theme/css_style.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module MainTheme
@@ -6,7 +8,7 @@ module WPScan
        include Finders::WpItems::URLsInHomepage
        def create_theme(slug, style_url, opts)
-          WPScan::Theme.new(
+          Model::Theme.new(
            slug,
            target,
            opts.merge(found_by: found_by, confidence: 70, style_url: style_url)
@@ -18,10 +20,10 @@ module WPScan
        end
        def passive_from_css_href(res, opts)
-          target.in_scope_urls(res, '//style/@src|//link/@href') do |url|
+          target.in_scope_uris(res, '//style/@src|//link/@href') do |uri|
-            next unless Addressable::URI.parse(url).path =~ %r{/themes/([^\/]+)/style.css\z}i
+            next unless uri.path =~ %r{/themes/([^\/]+)/style.css\z}i
-            return create_theme(Regexp.last_match[1], url, opts)
+            return create_theme(Regexp.last_match[1], uri.to_s, opts)
          end
          nil
        end
--- a/app/finders/main_theme/urls_in_homepage.rb
+++ b/app/finders/main_theme/urls_in_homepage.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module MainTheme
@@ -14,7 +16,7 @@ module WPScan
          slugs = items_from_links('themes', false) + items_from_codes('themes', false)
          slugs.each_with_object(Hash.new(0)) { |slug, counts| counts[slug] += 1 }.each do |slug, occurences|
-            found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))
+            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))
          end
          found
--- a/app/finders/main_theme/woo_framework_meta_generator.rb
+++ b/app/finders/main_theme/woo_framework_meta_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module MainTheme
@@ -10,7 +12,7 @@ module WPScan
        def passive(opts = {})
          return unless target.homepage_res.body =~ PATTERN
-          WPScan::Theme.new(
+          Model::Theme.new(
            Regexp.last_match[1],
            target,
            opts.merge(found_by: found_by, confidence: 80)
--- a/app/finders/medias.rb
+++ b/app/finders/medias.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'medias/attachment_brute_forcing'
 module WPScan
--- a/app/finders/medias/attachment_brute_forcing.rb
+++ b/app/finders/medias/attachment_brute_forcing.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Medias
@@ -15,7 +17,7 @@ module WPScan
          enumerate(target_urls(opts), opts) do |res|
            next unless res.code == 200
-            found << WPScan::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
+            found << Model::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
          end
          found
--- a/app/finders/passwords.rb
+++ b/app/finders/passwords.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'passwords/wp_login'
 require_relative 'passwords/xml_rpc'
 require_relative 'passwords/xml_rpc_multicall'
--- a/app/finders/passwords/wp_login.rb
+++ b/app/finders/passwords/wp_login.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Passwords
@@ -10,7 +12,8 @@ module WPScan
        end
        def valid_credentials?(response)
-          response.code == 302
+          response.code == 302 &&
            response.headers['Set-Cookie']&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
        end
        def errored_response?(response)
--- a/app/finders/passwords/xml_rpc.rb
+++ b/app/finders/passwords/xml_rpc.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Passwords
--- a/app/finders/passwords/xml_rpc_multicall.rb
+++ b/app/finders/passwords/xml_rpc_multicall.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Passwords
@@ -20,13 +22,13 @@ module WPScan
          target.multi_call(methods).run
        end
-        # @param [ Array<CMSScanner::User> ] users
+        # @param [ Array<Model::User> ] users
        # @param [ Array<String> ] passwords
        # @param [ Hash ] opts
        # @option opts [ Boolean ] :show_progression
        # @option opts [ Integer ] :multicall_max_passwords
        #
-        # @yield [ CMSScanner::User ] When a valid combination is found
+        # @yield [ Model::User ] When a valid combination is found
        #
        # TODO: Make rubocop happy about metrics etc
        #
--- a/app/finders/plugin_version.rb
+++ b/app/finders/plugin_version.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'plugin_version/readme'
 module WPScan
@@ -7,7 +9,7 @@ module WPScan
      class Base
        include CMSScanner::Finders::UniqueFinder
-        # @param [ WPScan::Plugin ] plugin
+        # @param [ Model::Plugin ] plugin
        def initialize(plugin)
          finders << PluginVersion::Readme.new(plugin)
@@ -16,7 +18,7 @@ module WPScan
        # Load the finders associated with the plugin
        #
-        # @param [ WPScan::Plugin ] plugin
+        # @param [ Model::Plugin ] plugin
        def load_specific_finders(plugin)
          module_name = plugin.classify
--- a/app/finders/plugin_version/readme.rb
+++ b/app/finders/plugin_version/readme.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module PluginVersion
@@ -7,21 +9,23 @@ module WPScan
        def aggressive(_opts = {})
          found_by_msg = 'Readme - %s (Aggressive Detection)'
-          WPScan::WpItem::READMES.each do |file|
+          # The target(plugin)#readme_url can't be used directly here
-            url = target.url(file)
+          # as if the --detection-mode is passive, it will always return nil
-            res = Browser.get(url)
+          Model::WpItem::READMES.each do |file|
            res = target.head_and_get(file)
            next unless res.code == 200 && !(numbers = version_numbers(res.body)).empty?
            return numbers.reduce([]) do |a, e|
-              a << WPScan::Version.new(
+              a << Model::Version.new(
                e[0],
                found_by: format(found_by_msg, e[1]),
                confidence: e[2],
-                interesting_entries: [url]
+                interesting_entries: [res.effective_url]
              )
            end
          end
          nil
        end
--- a/app/finders/plugins.rb
+++ b/app/finders/plugins.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'plugins/urls_in_homepage'
 require_relative 'plugins/known_locations'
 # From the DynamicFinders
--- a/app/finders/plugins/body_pattern.rb
+++ b/app/finders/plugins/body_pattern.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
@@ -15,7 +17,7 @@ module WPScan
        def process_response(opts, response, slug, klass, config)
          return unless response.body =~ config['pattern']
-          Plugin.new(
+          Model::Plugin.new(
            slug,
            target,
            opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/plugins/comment.rb
+++ b/app/finders/plugins/comment.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
@@ -18,7 +20,7 @@ module WPScan
            next unless comment =~ config['pattern']
-            return Plugin.new(
+            return Model::Plugin.new(
              slug,
              target,
              opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/plugins/config_parser.rb
+++ b/app/finders/plugins/config_parser.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
@@ -19,7 +21,7 @@ module WPScan
          # when checking for plugins
          #
-          Plugin.new(
+          Model::Plugin.new(
            slug,
            target,
            opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/plugins/header_pattern.rb
+++ b/app/finders/plugins/header_pattern.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
@@ -18,7 +20,7 @@ module WPScan
            configs.each do |klass, config|
              next unless headers[config['header']] && headers[config['header']].to_s =~ config['pattern']
-              found << Plugin.new(
+              found << Model::Plugin.new(
                slug,
                target,
                opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/plugins/javascript_var.rb
+++ b/app/finders/plugins/javascript_var.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
@@ -16,7 +18,7 @@ module WPScan
          response.html.xpath(config['xpath'] || '//script[not(@src)]').each do |node|
            next if config['pattern'] && !node.text.match(config['pattern'])
-            return Plugin.new(
+            return Model::Plugin.new(
              slug,
              target,
              opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/plugins/known_locations.rb
+++ b/app/finders/plugins/known_locations.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
@@ -5,6 +7,11 @@ module WPScan
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator
        # @return [ Array<Integer> ]
        def valid_response_codes
          @valid_response_codes ||= [200, 401, 403, 500].freeze
        end
        # @param [ Hash ] opts
        # @option opts [ String ] :list
        #
@@ -12,12 +19,8 @@ module WPScan
        def aggressive(opts = {})
          found = []
-          enumerate(target_urls(opts), opts) do |res, slug|
+          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
-            # TODO: follow the location (from enumerate()) and remove the 301 here ?
+            found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
            # As a result, it might remove false positive due to redirection to the homepage
            next unless [200, 401, 403, 301].include?(res.code)
            found << WPScan::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
          end
          found
@@ -30,10 +33,9 @@ module WPScan
        def target_urls(opts = {})
          slugs       = opts[:list] || DB::Plugins.vulnerable_slugs
          urls        = {}
          plugins_url = target.plugins_url
          slugs.each do |slug|
-            urls["#{plugins_url}#{URI.encode(slug)}/"] = slug
+            urls[target.plugin_url(slug)] = slug
          end
          urls
--- a/app/finders/plugins/query_parameter.rb
+++ b/app/finders/plugins/query_parameter.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
--- a/app/finders/plugins/urls_in_homepage.rb
+++ b/app/finders/plugins/urls_in_homepage.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
@@ -14,7 +16,7 @@ module WPScan
          found = []
          (items_from_links('plugins') + items_from_codes('plugins')).uniq.sort.each do |slug|
-            found << Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+            found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
          end
          found
--- a/app/finders/plugins/xpath.rb
+++ b/app/finders/plugins/xpath.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
@@ -16,7 +18,7 @@ module WPScan
          response.html.xpath(config['xpath']).each do |node|
            next if config['pattern'] && !node.text.match(config['pattern'])
-            return Plugin.new(
+            return Model::Plugin.new(
              slug,
              target,
              opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/theme_version.rb
+++ b/app/finders/theme_version.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'theme_version/style'
 require_relative 'theme_version/woo_framework_meta_generator'
@@ -8,7 +10,7 @@ module WPScan
      class Base
        include CMSScanner::Finders::UniqueFinder
-        # @param [ WPScan::Theme ] theme
+        # @param [ Model::Theme ] theme
        def initialize(theme)
          finders <<
            ThemeVersion::Style.new(theme) <<
@@ -19,7 +21,7 @@ module WPScan
        # Load the finders associated with the theme
        #
-        # @param [ WPScan::Theme ] theme
+        # @param [ Model::Theme ] theme
        def load_specific_finders(theme)
          module_name = theme.classify
--- a/app/finders/theme_version/style.rb
+++ b/app/finders/theme_version/style.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module ThemeVersion
@@ -30,7 +32,7 @@ module WPScan
        def style_version
          return unless Browser.get(target.style_url).body =~ /Version:[\t ]*(?!trunk)([0-9a-z\.-]+)/i
-          WPScan::Version.new(
+          Model::Version.new(
            Regexp.last_match[1],
            found_by: found_by,
            confidence: 80,
--- a/app/finders/theme_version/woo_framework_meta_generator.rb
+++ b/app/finders/theme_version/woo_framework_meta_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module ThemeVersion
@@ -11,7 +13,7 @@ module WPScan
          return unless Regexp.last_match[1] == target.slug
-          WPScan::Version.new(Regexp.last_match[2], found_by: found_by, confidence: 80)
+          Model::Version.new(Regexp.last_match[2], found_by: found_by, confidence: 80)
        end
      end
    end
--- a/app/finders/themes.rb
+++ b/app/finders/themes.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'themes/urls_in_homepage'
 require_relative 'themes/known_locations'
--- a/app/finders/themes/known_locations.rb
+++ b/app/finders/themes/known_locations.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Themes
@@ -5,6 +7,11 @@ module WPScan
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator
        # @return [ Array<Integer> ]
        def valid_response_codes
          @valid_response_codes ||= [200, 401, 403, 500].freeze
        end
        # @param [ Hash ] opts
        # @option opts [ String ] :list
        #
@@ -12,12 +19,8 @@ module WPScan
        def aggressive(opts = {})
          found = []
-          enumerate(target_urls(opts), opts) do |res, slug|
+          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |_res, slug|
-            # TODO: follow the location (from enumerate()) and remove the 301 here ?
+            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
            # As a result, it might remove false positive due to redirection to the homepage
            next unless [200, 401, 403, 301].include?(res.code)
            found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
          end
          found
@@ -28,12 +31,11 @@ module WPScan
        #
        # @return [ Hash ]
        def target_urls(opts = {})
-          slugs       = opts[:list] || DB::Themes.vulnerable_slugs
+          slugs = opts[:list] || DB::Themes.vulnerable_slugs
-          urls        = {}
+          urls  = {}
          themes_url  = target.url('wp-content/themes/')
          slugs.each do |slug|
-            urls["#{themes_url}#{URI.encode(slug)}/"] = slug
+            urls[target.theme_url(slug)] = slug
          end
          urls
--- a/app/finders/themes/urls_in_homepage.rb
+++ b/app/finders/themes/urls_in_homepage.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Themes
@@ -12,7 +14,7 @@ module WPScan
          found = []
          (items_from_links('themes') + items_from_codes('themes')).uniq.sort.each do |slug|
-            found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
          end
          found
--- a/app/finders/timthumb_version.rb
+++ b/app/finders/timthumb_version.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'timthumb_version/bad_request'
 module WPScan
@@ -7,7 +9,7 @@ module WPScan
      class Base
        include CMSScanner::Finders::UniqueFinder
-        # @param [ WPScan::Timthumb ] target
+        # @param [ Model::Timthumb ] target
        def initialize(target)
          finders << TimthumbVersion::BadRequest.new(target)
        end
--- a/app/finders/timthumb_version/bad_request.rb
+++ b/app/finders/timthumb_version/bad_request.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module TimthumbVersion
@@ -8,7 +10,7 @@ module WPScan
        def aggressive(_opts = {})
          return unless Browser.get(target.url).body =~ /(TimThumb version\s*: ([^<]+))/
-          WPScan::Version.new(
+          Model::Version.new(
            Regexp.last_match[2],
            found_by: 'Bad Request (Aggressive Detection)',
            confidence: 90,
--- a/app/finders/timthumbs.rb
+++ b/app/finders/timthumbs.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'timthumbs/known_locations'
 module WPScan
--- a/app/finders/timthumbs/known_locations.rb
+++ b/app/finders/timthumbs/known_locations.rb
@@ -1,10 +1,19 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Timthumbs
      # Known Locations Timthumbs Finder
      # Note: A vulnerable version, 2.8.13 can be found here:
      # https://github.com/GabrielGil/TimThumb/blob/980c3d6a823477761570475e8b83d3e9fcd2d7ae/timthumb.php
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator
        # @return [ Array<Integer> ]
        def valid_response_codes
          @valid_response_codes ||= [400]
        end
        # @param [ Hash ] opts
        # @option opts [ String ] :list Mandatory
        #
@@ -12,10 +21,10 @@ module WPScan
        def aggressive(opts = {})
          found = []
-          enumerate(target_urls(opts), opts) do |res|
+          enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
-            next unless res.code == 400 && res.body =~ /no image specified/i
+            next unless res.body =~ /no image specified/i
-            found << WPScan::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
+            found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
          end
          found
--- a/app/finders/users.rb
+++ b/app/finders/users.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'users/author_posts'
 require_relative 'users/wp_json_api'
 require_relative 'users/oembed_api'
--- a/app/finders/users/author_id_brute_forcing.rb
+++ b/app/finders/users/author_id_brute_forcing.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -5,6 +7,11 @@ module WPScan
      class AuthorIdBruteForcing < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator
        # @return [ Array<Integer> ]
        def valid_response_codes
          @valid_response_codes ||= [200, 301, 302]
        end
        # @param [ Hash ] opts
        # @option opts [ Range ] :range Mandatory
        #
@@ -13,12 +20,12 @@ module WPScan
          found = []
          found_by_msg = 'Author Id Brute Forcing - %s (Aggressive Detection)'
-          enumerate(target_urls(opts), opts) do |res, id|
+          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, id|
            username, found_by, confidence = potential_username(res)
            next unless username
-            found << CMSScanner::User.new(
+            found << Model::User.new(
              username,
              id: id,
              found_by: format(found_by_msg, found_by),
@@ -47,7 +54,7 @@ module WPScan
          super(opts.merge(title: ' Brute Forcing Author IDs -'))
        end
-        def request_params
+        def full_request_params
          { followlocation: true }
        end
@@ -76,8 +83,8 @@ module WPScan
        # @return [ String, nil ] The username found
        def username_from_response(res)
          # Permalink enabled
-          target.in_scope_urls(res, '//link/@href|//a/@href') do |url|
+          target.in_scope_uris(res, '//link/@href|//a/@href') do |uri|
-            username = username_from_author_url(url)
+            username = username_from_author_url(uri.to_s)
            return username if username
          end
--- a/app/finders/users/author_posts.rb
+++ b/app/finders/users/author_posts.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -10,7 +12,7 @@ module WPScan
          found_by_msg = 'Author Posts - %s (Passive Detection)'
          usernames(opts).reduce([]) do |a, e|
-            a << CMSScanner::User.new(
+            a << Model::User.new(
              e[0],
              found_by: format(found_by_msg, e[1]),
              confidence: e[2]
@@ -43,12 +45,10 @@ module WPScan
        def potential_usernames(res)
          usernames = []
-          target.in_scope_urls(res, '//a/@href') do |url, node|
+          target.in_scope_uris(res, '//a/@href') do |uri, node|
            uri = Addressable::URI.parse(url)
            if uri.path =~ %r{/author/([^/\b]+)/?\z}i
              usernames << [Regexp.last_match[1], 'Author Pattern', 100]
-            elsif uri.query =~ /author=[0-9]+/
+            elsif /author=[0-9]+/.match?(uri.query)
              usernames << [node.text.to_s.strip, 'Display Name', 30]
            end
          end
--- a/app/finders/users/login_error_messages.rb
+++ b/app/finders/users/login_error_messages.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -24,7 +26,7 @@ module WPScan
            next unless error =~ /The password you entered for the username|Incorrect Password/i
-            found << CMSScanner::User.new(username, found_by: found_by, confidence: 100)
+            found << Model::User.new(username, found_by: found_by, confidence: 100)
          end
          found
--- a/app/finders/users/oembed_api.rb
+++ b/app/finders/users/oembed_api.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -21,10 +23,10 @@ module WPScan
          return [] unless details
-          [CMSScanner::User.new(details[0],
+          [Model::User.new(details[0],
-                                found_by: format(found_by_msg, details[1]),
+                           found_by: format(found_by_msg, details[1]),
-                                confidence: details[2],
+                           confidence: details[2],
-                                interesting_entries: [api_url])]
+                           interesting_entries: [api_url])]
        rescue JSON::ParserError
          []
        end
--- a/app/finders/users/rss_generator.rb
+++ b/app/finders/users/rss_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -17,20 +19,20 @@ module WPScan
            begin
              res.xml.xpath('//item/dc:creator').each do |node|
-                potential_username = node.text.to_s
+                username = node.text.to_s
                # Ignoring potential username longer than 60 characters and containing accents
                # as they are considered invalid. See https://github.com/wpscanteam/wpscan/issues/1215
-                next if potential_username.length > 60 || potential_username =~ /[^\x00-\x7F]/
+                next if username.strip.empty? || username.length > 60 || username =~ /[^\x00-\x7F]/
-                potential_usernames << potential_username
+                potential_usernames << username
              end
            rescue Nokogiri::XML::XPath::SyntaxError
              next
            end
-            potential_usernames.uniq.each do |potential_username|
+            potential_usernames.uniq.each do |username|
-              found << CMSScanner::User.new(potential_username, found_by: found_by, confidence: 50)
+              found << Model::User.new(username, found_by: found_by, confidence: 50)
            end
            break
--- a/app/finders/users/wp_json_api.rb
+++ b/app/finders/users/wp_json_api.rb
@@ -1,23 +1,34 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
      # WP JSON API
      #
      # Since 4.7 - Need more investigation as it seems WP 4.7.1 reduces the exposure, see https://github.com/wpscanteam/wpscan/issues/1038)
      # For the pagination, see https://github.com/wpscanteam/wpscan/issues/1285
      #
      class WpJsonApi < CMSScanner::Finders::Finder
        MAX_PER_PAGE = 100 # See https://developer.wordpress.org/rest-api/using-the-rest-api/pagination/
        # @param [ Hash ] opts
        #
        # @return [ Array<User> ]
        def aggressive(_opts = {})
-          found = []
+          found        = []
          current_page = 0
-          JSON.parse(Browser.get(api_url).body)&.each do |user|
+          loop do
-            found << CMSScanner::User.new(user['slug'],
+            current_page += 1
-                                          id: user['id'],
+
-                                          found_by: found_by,
+            res = Typhoeus.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
-                                          confidence: 100,
+
-                                          interesting_entries: [api_url])
+            total_pages ||= res.headers['X-WP-TotalPages'].to_i
            users_in_page = users_from_response(res)
            found        += users_in_page
            break if current_page >= total_pages || users_in_page.empty?
          end
          found
@@ -25,9 +36,32 @@ module WPScan
          found
        end
        # @param [ Typhoeus::Response ] response
        #
        # @return [ Array<User> ] The users from the response
        def users_from_response(response)
          found = []
          JSON.parse(response.body)&.each do |user|
            found << Model::User.new(user['slug'],
                                     id: user['id'],
                                     found_by: found_by,
                                     confidence: 100,
                                     interesting_entries: [response.effective_url])
          end
          found
        end
        # @return [ String ] The URL of the API listing the Users
        def api_url
-          @api_url ||= target.url('wp-json/wp/v2/users/')
+          return @api_url if @api_url
          target.in_scope_uris(target.homepage_res, "//link[@rel='https://api.w.org/']/@href").each do |uri|
            return @api_url = uri.join('wp/v2/users/').to_s if uri.path.include?('wp-json')
          end
          @api_url = target.url('wp-json/wp/v2/users/')
        end
      end
    end
--- a/app/finders/users/yoast_seo_author_sitemap.rb
+++ b/app/finders/users/yoast_seo_author_sitemap.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -15,10 +17,10 @@ module WPScan
            next unless username && !username.strip.empty?
-            found << CMSScanner::User.new(username,
+            found << Model::User.new(username,
-                                          found_by: found_by,
+                                     found_by: found_by,
-                                          confidence: 100,
+                                     confidence: 100,
-                                          interesting_entries: [sitemap_url])
+                                     interesting_entries: [sitemap_url])
          end
          found
--- a/app/finders/wp_items.rb
+++ b/app/finders/wp_items.rb
@@ -1 +1,3 @@
 # frozen_string_literal: true
 require_relative 'wp_items/urls_in_homepage'
--- a/app/finders/wp_items/urls_in_homepage.rb
+++ b/app/finders/wp_items/urls_in_homepage.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpItems
@@ -10,8 +12,8 @@ module WPScan
        def items_from_links(type, uniq = true)
          found = []
-          target.in_scope_urls(target.homepage_res) do |url|
+          target.in_scope_uris(target.homepage_res) do |uri|
-            next unless url =~ item_attribute_pattern(type)
+            next unless uri.to_s =~ item_attribute_pattern(type)
            found << Regexp.last_match[1]
          end
--- a/app/finders/wp_version.rb
+++ b/app/finders/wp_version.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'wp_version/rss_generator'
 require_relative 'wp_version/atom_generator'
 require_relative 'wp_version/rdf_generator'
--- a/app/finders/wp_version/atom_generator.rb
+++ b/app/finders/wp_version/atom_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpVersion
--- a/app/finders/wp_version/rdf_generator.rb
+++ b/app/finders/wp_version/rdf_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpVersion
--- a/app/finders/wp_version/readme.rb
+++ b/app/finders/wp_version/readme.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpVersion
@@ -13,9 +15,9 @@ module WPScan
          number = Regexp.last_match(1)
-          return unless WPScan::WpVersion.valid?(number)
+          return unless Model::WpVersion.valid?(number)
-          WPScan::WpVersion.new(
+          Model::WpVersion.new(
            number,
            found_by: 'Readme (Aggressive Detection)',
            # Since WP 4.7, the Readme only contains the major version (ie 4.7, 4.8 etc)
--- a/app/finders/wp_version/rss_generator.rb
+++ b/app/finders/wp_version/rss_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpVersion
--- a/app/finders/wp_version/unique_fingerprinting.rb
+++ b/app/finders/wp_version/unique_fingerprinting.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpVersion
@@ -11,7 +13,7 @@ module WPScan
            hydra.abort
            progress_bar.finish
-            return WPScan::WpVersion.new(
+            return Model::WpVersion.new(
              version_number,
              found_by: 'Unique Fingerprinting (Aggressive Detection)',
              confidence: 100,
--- a/app/models.rb
+++ b/app/models.rb
@@ -1,3 +1,11 @@
 # frozen_string_literal: true
 module WPScan
  module Model
    include CMSScanner::Model
  end
 end
 require_relative 'models/interesting_finding'
 require_relative 'models/wp_version'
 require_relative 'models/xml_rpc'
--- a/app/models/config_backup.rb
+++ b/app/models/config_backup.rb
@@ -1,5 +1,9 @@
 # frozen_string_literal: true
 module WPScan
-  # Config Backup
+  module Model
-  class ConfigBackup < InterestingFinding
+    # Config Backup
    class ConfigBackup < InterestingFinding
    end
  end
 end
--- a/app/models/db_export.rb
+++ b/app/models/db_export.rb
@@ -1,5 +1,9 @@
 # frozen_string_literal: true
 module WPScan
-  # DB Export
+  module Model
-  class DbExport < InterestingFinding
+    # DB Export
    class DbExport < InterestingFinding
    end
  end
 end
--- a/app/models/interesting_finding.rb
+++ b/app/models/interesting_finding.rb
@@ -1,45 +1,52 @@
 # frozen_string_literal: true
 module WPScan
-  # Custom class to include the WPScan::References module
+  module Model
-  class InterestingFinding < CMSScanner::InterestingFinding
+    # Custom class to include the WPScan::References module
-    include References
+    class InterestingFinding < CMSScanner::Model::InterestingFinding
-  end
+      include References
    end
-  #
+    #
-  # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
+    # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
-  #
+    #
-  class BackupDB < InterestingFinding
+    class PluginBackupFolder < InterestingFinding
-  end
+    end
-  class DebugLog < InterestingFinding
+    class DebugLog < InterestingFinding
-  end
+    end
-  class DuplicatorInstallerLog < InterestingFinding
+    class DuplicatorInstallerLog < InterestingFinding
-  end
+    end
-  class EmergencyPwdResetScript < InterestingFinding
+    class EmergencyPwdResetScript < InterestingFinding
-  end
+    end
-  class FullPathDisclosure < InterestingFinding
+    class FullPathDisclosure < InterestingFinding
-  end
+    end
-  class MuPlugins < InterestingFinding
+    class MuPlugins < InterestingFinding
-  end
+    end
-  class Multisite < InterestingFinding
+    class Multisite < InterestingFinding
-  end
+    end
-  class Readme < InterestingFinding
+    class Readme < InterestingFinding
-  end
+    end
-  class Registration < InterestingFinding
+    class Registration < InterestingFinding
-  end
+    end
-  class TmmDbMigrate < InterestingFinding
+    class TmmDbMigrate < InterestingFinding
-  end
+    end
-  class UploadDirectoryListing < InterestingFinding
+    class UploadDirectoryListing < InterestingFinding
-  end
+    end
-  class UploadSQLDump < InterestingFinding
+    class UploadSQLDump < InterestingFinding
    end
    class WPCron < InterestingFinding
    end
  end
 end
--- a/app/models/media.rb
+++ b/app/models/media.rb
@@ -1,5 +1,9 @@
 # frozen_string_literal: true
 module WPScan
-  # Media
+  module Model
-  class Media < InterestingFinding
+    # Media
    class Media < InterestingFinding
    end
  end
 end
--- a/app/models/plugin.rb
+++ b/app/models/plugin.rb
@@ -1,25 +1,33 @@
 # frozen_string_literal: true
 module WPScan
-  # WordPress Plugin
+  module Model
-  class Plugin < WpItem
+    # WordPress Plugin
-    # See WpItem
+    class Plugin < WpItem
-    def initialize(slug, blog, opts = {})
+      # See WpItem
-      super(slug, blog, opts)
+      def initialize(slug, blog, opts = {})
        super(slug, blog, opts)
-      @uri = Addressable::URI.parse(blog.url("wp-content/plugins/#{slug}/"))
+        # To be used by #head_and_get
-    end
+        # If custom wp-content, it will be replaced by blog#url
        @path_from_blog = "wp-content/plugins/#{slug}/"
-    # @return [ JSON ]
+        @uri = Addressable::URI.parse(blog.url(path_from_blog))
-    def db_data
+      end
      DB::Plugin.db_data(slug)
    end
-    # @param [ Hash ] opts
+      # @return [ JSON ]
-    #
+      def db_data
-    # @return [ WPScan::Version, false ]
+        @db_data ||= DB::Plugin.db_data(slug)
-    def version(opts = {})
+      end
      @version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
-      @version
+      # @param [ Hash ] opts
      #
      # @return [ Model::Version, false ]
      def version(opts = {})
        @version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
        @version
      end
    end
  end
 end
--- a/app/models/theme.rb
+++ b/app/models/theme.rb
@@ -1,99 +1,107 @@
 # frozen_string_literal: true
 module WPScan
-  # WordPress Theme
+  module Model
-  class Theme < WpItem
+    # WordPress Theme
-    attr_reader :style_url, :style_name, :style_uri, :author, :author_uri, :template, :description,
+    class Theme < WpItem
-                :license, :license_uri, :tags, :text_domain
+      attr_reader :style_url, :style_name, :style_uri, :author, :author_uri, :template, :description,
                  :license, :license_uri, :tags, :text_domain
-    # See WpItem
+      # See WpItem
-    def initialize(slug, blog, opts = {})
+      def initialize(slug, blog, opts = {})
-      super(slug, blog, opts)
+        super(slug, blog, opts)
-      @uri       = Addressable::URI.parse(blog.url("wp-content/themes/#{slug}/"))
+        # To be used by #head_and_get
-      @style_url = opts[:style_url] || url('style.css')
+        # If custom wp-content, it will be replaced by blog#url
        @path_from_blog = "wp-content/themes/#{slug}/"
-      parse_style
+        @uri       = Addressable::URI.parse(blog.url(path_from_blog))
-    end
+        @style_url = opts[:style_url] || url('style.css')
-    # @return [ JSON ]
+        parse_style
    def db_data
      DB::Theme.db_data(slug)
    end
    # @param [ Hash ] opts
    #
    # @return [ WPScan::Version, false ]
    def version(opts = {})
      @version = Finders::ThemeVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
      @version
    end
    # @return [ Theme ]
    def parent_theme
      return unless template
      return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
      opts = detection_opts.merge(
        style_url: url(Regexp.last_match[1]),
        found_by: 'Parent Themes (Passive Detection)',
        confidence: 100
      ).merge(version_detection: version_detection_opts)
      self.class.new(template, blog, opts)
    end
    # @param [ Integer ] depth
    #
    # @retun [ Array<Theme> ]
    def parent_themes(depth = 3)
      theme  = self
      found  = []
      (1..depth).each do |_|
        parent = theme.parent_theme
        break unless parent
        found << parent
        theme = parent
      end
-      found
+      # @return [ JSON ]
-    end
+      def db_data
-
+        @db_data ||= DB::Theme.db_data(slug)
    def style_body
      @style_body ||= Browser.get(style_url).body
    end
    def parse_style
      {
        style_name: 'Theme Name',
        style_uri: 'Theme URI',
        author: 'Author',
        author_uri: 'Author URI',
        template: 'Template',
        description: 'Description',
        license: 'License',
        license_uri: 'License URI',
        tags: 'Tags',
        text_domain: 'Text Domain'
      }.each do |attribute, tag|
        instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
      end
    end
-    # @param [ String ] bofy
+      # @param [ Hash ] opts
-    # @param [ String ] tag
+      #
-    #
+      # @return [ Model::Version, false ]
-    # @return [ String ]
+      def version(opts = {})
-    def parse_style_tag(body, tag)
+        @version = Finders::ThemeVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
      value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
-      value && !value.strip.empty? ? value.strip : nil
+        @version
-    end
+      end
-    def ==(other)
+      # @return [ Theme ]
-      super(other) && style_url == other.style_url
+      def parent_theme
        return unless template
        return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
        opts = detection_opts.merge(
          style_url: url(Regexp.last_match[1]),
          found_by: 'Parent Themes (Passive Detection)',
          confidence: 100
        ).merge(version_detection: version_detection_opts)
        self.class.new(template, blog, opts)
      end
      # @param [ Integer ] depth
      #
      # @retun [ Array<Theme> ]
      def parent_themes(depth = 3)
        theme  = self
        found  = []
        (1..depth).each do |_|
          parent = theme.parent_theme
          break unless parent
          found << parent
          theme = parent
        end
        found
      end
      def style_body
        @style_body ||= Browser.get(style_url).body
      end
      def parse_style
        {
          style_name: 'Theme Name',
          style_uri: 'Theme URI',
          author: 'Author',
          author_uri: 'Author URI',
          template: 'Template',
          description: 'Description',
          license: 'License',
          license_uri: 'License URI',
          tags: 'Tags',
          text_domain: 'Text Domain'
        }.each do |attribute, tag|
          instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
        end
      end
      # @param [ String ] bofy
      # @param [ String ] tag
      #
      # @return [ String ]
      def parse_style_tag(body, tag)
        value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
        value && !value.strip.empty? ? value.strip : nil
      end
      def ==(other)
        super(other) && style_url == other.style_url
      end
    end
  end
 end
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
erwanlr	82db02a688	Updates spec for #1342	2019-05-03 14:25:17 +01:00
erwanlr	2c07de8c6b	Updates class comment	2019-05-03 14:23:04 +01:00
erwanlr	4b0b8fa624	Fixes #1342	2019-05-03 14:04:50 +01:00
erwanlr	412f576aee	Adds DFs	2019-05-03 11:54:25 +01:00
erwanlr	ff98a7b23b	Fixes #1341	2019-05-01 19:50:43 +01:00
erwanlr	507bac8542	Merge branch 'master' of github.com:wpscanteam/wpscan	2019-04-29 15:48:07 +01:00
erwanlr	3bd6cf4805	Adds Ruby 2.6.3 to Travis	2019-04-29 15:47:55 +01:00
erwanlr	5712b31869	Updates Rubocop dep	2019-04-29 15:47:33 +01:00
Erwan	b0f9a0b18f	Update issue templates	2019-04-29 15:24:22 +02:00
Erwan	f7665b460e	Update issue templates	2019-04-29 15:20:44 +02:00
Erwan	100029b640	Delete old issue template	2019-04-29 15:18:10 +02:00
Erwan	2b89bddf0f	Update issue templates	2019-04-29 15:17:39 +02:00
erwanlr	ca46bad8ec	Bumps version	2019-04-26 11:53:00 +01:00
erwanlr	1ecd2600a3	Adds DFs	2019-04-26 10:56:26 +01:00
erwanlr	28306b126b	Adds DFs	2019-04-24 17:32:25 +01:00
erwanlr	5c842e192b	Updates deps	2019-04-24 12:42:18 +01:00
erwanlr	f9f307118d	Adds DFs	2019-04-19 10:18:52 +01:00
erwanlr	2266fa4f4b	Removes useless comment	2019-04-18 14:43:21 +01:00
erwanlr	6df2564d1a	Improves Target#wordpress_hosted?	2019-04-18 14:17:00 +01:00
erwanlr	b2a62ebd26	Fixes #1335	2019-04-18 12:26:47 +01:00
erwanlr	2fca30752a	Improves wp-content detection	2019-04-18 12:13:56 +01:00
erwanlr	210eced369	Typo in comments	2019-04-17 17:39:20 +01:00
erwanlr	08c574aff8	Improves detection of wp-content folder	2019-04-17 15:52:06 +01:00
Christian Mehlmauer	f4db2d65f1	fix #1309	2019-04-16 06:42:26 +02:00
erwanlr	23b02ade96	Adds DFs	2019-04-13 14:29:24 +01:00
erwanlr	71d35b16ac	Adds DFs	2019-04-13 14:22:42 +01:00
erwanlr	200058c52a	Adds DFs	2019-04-13 10:37:39 +01:00
erwanlr	edb5fb202a	Removes check for 301 when enumerating plugins and themes	2019-04-13 08:13:38 +01:00
erwanlr	d114c25cdb	Typo	2019-04-12 14:52:39 +01:00
erwanlr	64e469568b	Adds message help for --wp-content-dir and --wp-plugins-dir options	2019-04-12 14:07:28 +01:00
erwanlr	c63d777372	Fixes version wrongly bumped	2019-04-12 14:00:39 +01:00
erwanlr	ae343b8cb0	Checks for wp-content directly (depends on detection-mode) when not identified passively	2019-04-12 13:55:40 +01:00
Erwan	86eb5d2d57	Merge pull request #1332 from wpscanteam/dependabot/bundler/rspec-its-tw-1.3.0 Update rspec-its requirement from ~> 1.2.0 to ~> 1.3.0	2019-04-10 10:33:27 +02:00
dependabot[bot]	b562d241db	Update rspec-its requirement from ~> 1.2.0 to ~> 1.3.0 Updates the requirements on [rspec-its](https://github.com/rspec/rspec-its) to permit the latest version. - [Release notes](https://github.com/rspec/rspec-its/releases) - [Changelog](https://github.com/rspec/rspec-its/blob/master/Changelog.md) - [Commits](https://github.com/rspec/rspec-its/compare/v1.2.0...v1.3.0) Signed-off-by: dependabot[bot] <support@dependabot.com>	2019-04-10 06:07:39 +00:00
erwanlr	49b1829b78	Bumps version	2019-04-08 16:58:26 +01:00
erwanlr	1a5bf4035c	Update deps	2019-04-08 09:39:07 +01:00
erwanlr	f3810a1504	Bumps version	2019-04-07 17:45:29 +01:00
erwanlr	4831760c11	Merge branch '3.5.1'	2019-04-07 17:42:51 +01:00
erwanlr	f375d8991e	Update deps	2019-04-07 17:35:18 +01:00
erwanlr	8145a4a3a6	Fixes #1330	2019-04-07 17:06:19 +01:00
erwanlr	12c9b49d4c	Adds DFs	2019-04-06 11:34:23 +01:00
erwanlr	c8eb81161e	Uses https rather than git protocols for CMSScanner dep	2019-04-05 19:53:29 +01:00
erwanlr	8ab246a66c	Uses CMSScanner git dep	2019-04-05 19:48:22 +01:00
erwanlr	8dfc4797fa	Handles default user_agent_list via CLI option (in CMSScanner)	2019-04-05 19:30:53 +01:00
erwanlr	7888fe1176	Uses ParsedCli	2019-04-05 16:47:14 +01:00
Erwan	8a6f3056a3	Merge pull request #1329 from wpscanteam/dependabot/bundler/rubocop-tw-0.67.1 Update rubocop requirement from ~> 0.66.0 to ~> 0.67.1	2019-04-05 11:37:00 +02:00
dependabot[bot]	5fbdf9e013	Update rubocop requirement from ~> 0.66.0 to ~> 0.67.1 Updates the requirements on [rubocop](https://github.com/rubocop-hq/rubocop) to permit the latest version. - [Release notes](https://github.com/rubocop-hq/rubocop/releases) - [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.66.0...v0.67.1) Signed-off-by: dependabot[bot] <support@dependabot.com>	2019-04-05 06:16:13 +00:00
erwanlr	1da2f5e823	Sets the Target#mu_plugind to true when detected passively	2019-04-04 17:25:58 +01:00
erwanlr	888779f81b	Support of Ruby 2.3 removed as its life ended	2019-04-04 15:40:21 +01:00
erwanlr	352286e497	Adds a #maybe_add_cookies to handle website requiring a specific cookie	2019-04-03 19:08:52 +01:00
erwanlr	025ce37c05	Bumps version	2019-04-03 12:32:07 +01:00
erwanlr	d6c2c63679	Updates deps	2019-04-03 10:14:28 +01:00
erwanlr	49efbf25ea	Adds detection of Plugin/Theme via errors 500 and custom 401/403 - Fixes #1090	2019-04-03 08:22:31 +01:00
erwanlr	02cdee2776	Retains db_data for Plugin, Theme and WpVersion models	2019-04-02 17:10:07 +01:00
erwanlr	7c9d4d5b05	Updates deps	2019-04-02 11:56:59 +01:00
erwanlr	609b7551f8	Forces GC to start only after Plugin/Theme DF generation	2019-04-02 09:47:16 +01:00
erwanlr	e8f215ae00	Forces the Garbage Collector to run after creating the DFs	2019-04-01 19:39:40 +01:00
erwanlr	2e00aea16e	Mem tests	2019-04-01 12:19:40 +01:00
erwanlr	dd274d77f5	Updates deps	2019-04-01 11:15:02 +01:00
Erwan	58171a7b8c	Fixes CodeClimate URL	2019-03-30 16:00:32 +01:00
erwanlr	8b05179401	Adds DFs	2019-03-30 14:17:09 +00:00
erwanlr	51d61a7e88	Adds DFs	2019-03-30 12:15:08 +00:00
erwanlr	d653ce4e0e	Adds DFs	2019-03-30 11:11:27 +00:00
erwanlr	07b3826806	Adds DFs	2019-03-30 07:22:14 +00:00
erwanlr	1baa3e23b2	Fixes #1326	2019-03-29 08:27:18 +00:00
erwanlr	0aa1f20d47	Removes Changelog detection	2019-03-28 13:40:58 +00:00
erwanlr	1cf330b389	Merge branch 'master' into 3.5.0	2019-03-28 06:45:48 +00:00
erwanlr	1771c4b346	Updates Ruby version	2019-03-27 17:44:47 +00:00
erwanlr	4c053b4873	Updates dockerignore to ignore profiling executables as well	2019-03-27 14:25:58 +00:00
erwanlr	743ba0541b	Updates finders to use new methods	2019-03-26 21:10:14 +00:00
erwanlr	cfab2a9cd7	Uses the new CMSScanner Enumerator module	2019-03-26 17:05:19 +00:00
erwanlr	32270efd65	Updates plugin version detection via Readme	2019-03-26 09:02:23 +00:00
erwanlr	7ea1acb7c1	Fixes non detection of plugin/theme readme and changelog files due to changes in CMSSCanner	2019-03-25 21:25:00 +00:00
erwanlr	bf91f60242	Uses the new Browser#forge_request method	2019-03-25 20:42:43 +00:00
Ryan Dewhurst	660885c0b1	Try to resolve weird char after readme conversion	2019-03-25 09:49:03 +01:00
erwanlr	15fd3b969f	Uses head_and_get to check for Readme and Changelog locations	2019-03-24 22:01:19 +00:00
erwanlr	f1d15ca7f2	Updates spec for latest changes	2019-03-24 20:24:14 +00:00
erwanlr	6f4f4a5924	Typo	2019-03-24 20:15:43 +00:00
erwanlr	9af0520701	Delegates #head_and_get to #blog in WpItem models	2019-03-24 20:06:03 +00:00
erwanlr	2edeab558e	Adds ruby frozen_string_literal comment to profiling bins	2019-03-24 19:57:59 +00:00
erwanlr	87bf59f50b	Merge branch 'master' of github.com:wpscanteam/wpscan	2019-03-24 14:38:25 +00:00
erwanlr	eeb69e63f7	Adds DFs	2019-03-24 14:38:01 +00:00
erwanlr	f9435906e7	Merges with Master (and solves conflicts)	2019-03-24 13:01:29 +00:00
Ryan Dewhurst	6c8adbe50e	Remove strange char when converted to html	2019-03-23 10:37:05 +01:00
Ryan Dewhurst	23bdb6c579	Open readme links in new tab	2019-03-23 10:14:51 +01:00
Ryan Dewhurst	264411bfb9	Update README.md	2019-03-23 10:00:50 +01:00
Ryan Dewhurst	2104237584	Update README.md	2019-03-23 09:57:50 +01:00
Ryan Dewhurst	0ae2525737	Update README.md	2019-03-23 09:57:33 +01:00
Ryan Dewhurst	b12973a837	Add projects links to the top of Readme	2019-03-23 09:41:14 +01:00
erwanlr	fa0582ce0b	Uses head or get method to enumerate config backups	2019-03-22 20:35:22 +00:00
erwanlr	231f5157bf	Fixes #1322	2019-03-22 20:20:07 +00:00
erwanlr	8b18204a69	Updates memory_profiler dep, revert changes to memory allocated commit (increased retained memory too much)	2019-03-22 06:56:10 +00:00
erwanlr	95eb6a732c	Memprofiling - Increases the top to be displayed to 15	2019-03-21 20:50:57 +00:00
erwanlr	047a188b34	Uses the frozen_string_literal magic comment (will be the default in Ruby 3)	2019-03-21 17:41:29 +00:00
erwanlr	d407815c30	Adds comment about scale_bytes in memory_profiler	2019-03-21 16:54:06 +00:00
erwanlr	1f0f87633b	Reduces memory allocation with creating DFs	2019-03-21 13:52:34 +00:00
erwanlr	c15ff4e32e	Adds memprof binary - Ref #1321	2019-03-21 12:45:44 +00:00
erwanlr	72bddca314	Adds profiling binary for dev [WIP] - Ref #1321	2019-03-20 21:12:53 +00:00
erwanlr	496fc4ebee	Typo	2019-03-20 20:12:18 +00:00
erwanlr	f414e6eeb7	Better code for WpVersion#all	2019-03-20 20:10:30 +00:00
erwanlr	f09606cfa3	Fixes #1319	2019-03-20 15:42:05 +00:00
erwanlr	6304fe4c19	Fixes #1318	2019-03-20 08:41:39 +00:00
erwanlr	5f2b8f8a2e	Fixes #1317	2019-03-20 07:47:28 +00:00
erwanlr	898e8d4546	Moves Models into their own namespace - Ref #1315	2019-03-19 21:07:53 +00:00
erwanlr	f1657164d5	Errors moved into their own namespace - Ref #1315	2019-03-19 19:09:16 +00:00
erwanlr	357e13be2b	Updates cms_scanner dep	2019-03-19 18:52:18 +00:00
erwanlr	9685568c75	Updates deps	2019-03-19 10:55:50 +00:00
erwanlr	b316940790	Merge branch 'enum-head'	2019-03-18 20:40:36 +00:00
erwanlr	2ced489e1e	Updates deps	2019-03-18 20:37:24 +00:00
erwanlr	5969fe08d8	Revert changes related to the unexpected return - Ref #1314	2019-03-18 19:24:02 +00:00
erwanlr	4a427f1ff6	Adds a custom temporary Enumerator for Plugins,Themes and Timthumbs	2019-03-18 19:15:43 +00:00
erwanlr	9a3db275f3	Merge branch 'master' of github.com:wpscanteam/wpscan	2019-03-17 07:25:09 +00:00
erwanlr	475dd4d1ff	Ref #1314	2019-03-17 07:24:49 +00:00
erwanlr	57c99c4a34	Fixes #1313	2019-03-17 06:59:44 +00:00
Christian Mehlmauer	966f5691a2	update image	2019-03-16 19:48:47 +01:00
erwanlr	5088ece8a1	Updates deps	2019-03-16 12:35:19 +00:00
erwanlr	943d87fe17	Updates deps	2019-03-16 09:31:01 +00:00
erwanlr	b5363b2689	Adds DFs	2019-03-16 08:38:07 +00:00
erwanlr	c15cb16ca8	Update deps	2019-03-15 14:09:31 +00:00
erwanlr	18b7f088fc	Adds ruby versions to Travis	2019-03-15 12:47:06 +00:00
erwanlr	4f9822743c	Improves Password Attack against wp-login.php to avoid FP	2019-03-14 19:21:39 +00:00
erwanlr	e7925de5bc	Check the wp-login.php for potential redirection before using it	2019-03-14 18:06:32 +00:00
erwanlr	27fc6a7279	Updates cms_scanner dep	2019-03-14 11:55:20 +00:00
erwanlr	ab5f46e955	Adds detection of wp-content from raw JS	2019-03-14 09:14:55 +00:00
erwanlr	d30d212cc5	Updates WP DF (also check non minified file paths) - Ref #1311	2019-03-12 07:55:32 +00:00
erwanlr	adff971d62	Bumps version	2019-03-10 09:47:41 +00:00
erwanlr	23b22f71b8	Reduces confidence of wp-cron detection	2019-03-10 08:02:51 +00:00
erwanlr	fee3671e32	Adds wp-cron.php detection - Fixes #1299	2019-03-10 07:53:12 +00:00
erwanlr	26c6be7268	Fixes #1307	2019-03-10 07:11:48 +00:00
erwanlr	01c5bcf2be	Adds DFs	2019-03-09 16:19:25 +00:00
erwanlr	1ab8a5ab98	Updates deps	2019-03-07 19:37:01 +00:00
erwanlr	b54aaca28a	Adds missing lines	2019-03-04 07:40:45 +00:00
erwanlr	86a29ae000	Adds DF	2019-03-04 07:35:21 +00:00
erwanlr	a5dbee93ff	Adds DFs	2019-03-02 10:43:45 +00:00
Christian Mehlmauer	e0465e6e10	remove line	2019-02-28 08:41:19 +01:00
Christian Mehlmauer	7da48b9dd1	readme linting	2019-02-28 08:18:01 +01:00
Christian Mehlmauer	a64895c3a6	remove UTF characters from license	2019-02-28 08:13:42 +01:00
erwanlr	21f1a5d4c4	Adds DFs	2019-02-23 08:27:27 +00:00
erwanlr	d60f79ca33	Adds DFs	2019-02-16 13:20:51 +00:00
Erwan	2d5cea5033	Adds missing #to_s calls again	2019-02-11 21:14:40 +01:00
erwanlr	b0615215fe	Adds missing #to_s calls	2019-02-11 20:03:05 +00:00
erwanlr	7a0f98b2cb	Uses Pathname#join rather than File#join when possible	2019-02-11 19:56:07 +00:00
erwanlr	cdc1dab4a6	Bumps version	2019-02-11 11:48:49 +00:00
erwanlr	431739ab19	Updates Rubocop dep	2019-02-11 10:44:29 +00:00
erwanlr	1780399050	Fixes #1277	2019-02-10 15:32:30 +00:00
erwanlr	eb75d38716	Fixes #1284	2019-02-10 13:47:19 +00:00
erwanlr	06f82d78f4	Ref #1285 - Adds comment about the pagination	2019-02-10 10:49:03 +00:00
erwanlr	dee4da1c0e	Fixes #1285	2019-02-10 10:45:54 +00:00
erwanlr	e341ec7c60	Adds DFs	2019-02-10 09:44:17 +00:00
Erwan	9146609e4a	Update Readme, Fixes #1286	2019-02-03 20:46:03 +01:00
erwanlr	f90615ca41	Adds DF	2019-02-03 07:08:05 +00:00
erwanlr	8a2a6a05ff	Adds DFs	2019-01-27 10:54:13 +00:00
Erwan	5a787f8ed5	Adds a note about bug in Ruby 2.5.x, Ref #1283	2019-01-25 20:14:14 +00:00
erwanlr	a904053002	Adds DFs	2019-01-20 17:04:32 +00:00
Erwan	70ecd30dcc	Merge pull request #1276 from wpscanteam/dependabot/bundler/rubocop-tw-0.63.0 Update rubocop requirement from ~> 0.62.0 to ~> 0.63.0	2019-01-17 09:32:24 +00:00
dependabot[bot]	b0976d7e47	Update rubocop requirement from ~> 0.62.0 to ~> 0.63.0 Updates the requirements on [rubocop](https://github.com/rubocop-hq/rubocop) to permit the latest version. - [Release notes](https://github.com/rubocop-hq/rubocop/releases) - [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md) - [Commits](https://github.com/rubocop-hq/rubocop/commits/v0.63.0) Signed-off-by: dependabot[bot] <support@dependabot.com>	2019-01-17 05:54:18 +00:00
erwanlr	bb5e55016c	Adds DFs	2019-01-13 16:56:13 +00:00
erwanlr	abdf285c69	Bumps version	2019-01-11 11:53:11 +00:00
erwanlr	fd4da23d4f	Creates simplecov exetrnal config	2019-01-11 11:13:49 +00:00
erwanlr	bb8f58c83b	Updates deps	2019-01-11 11:12:34 +00:00
erwanlr	077da6ae86	Moves require spec_helper to config file	2019-01-11 11:11:56 +00:00
erwanlr	d5222d7e9a	Adds DFs	2019-01-07 14:58:03 +00:00
erwanlr	01702c127b	Tries to fix Travis again	2019-01-07 11:47:58 +00:00
Erwan	87902cbfb4	Tries to fix Travis builds	2019-01-07 10:54:05 +00:00
ethicalhack3r	fcaa393ffe	Update license	2019-01-07 10:54:24 +01:00
ethicalhack3r	18bac6e792	Update to Ruby 2.6.0	2019-01-07 10:16:32 +01:00
erwanlr	9a21efebe3	Updates DFs	2018-12-28 22:50:05 +00:00
erwanlr	357182ef17	Adds DFs	2018-12-28 22:43:41 +00:00
erwanlr	5fad540a4c	Bumps version	2018-12-28 13:35:01 +00:00
erwanlr	c1fc153420	Updates Deps, ref #1266	2018-12-28 11:17:37 +00:00
erwanlr	73a1974f85	Bumps version	2018-12-13 22:16:45 +00:00
erwanlr	dec73c21b6	Fixes #1264	2018-12-13 22:11:37 +00:00
erwanlr	46a00cc864	Adds DFs	2018-12-07 14:59:03 +00:00
erwanlr	62455be165	Deletes useless specs	2018-12-06 22:54:17 +00:00
erwanlr	17ef5ef918	Reverts spec changes	2018-12-06 22:52:10 +00:00
erwanlr	922b6fffd0	Fixes specs	2018-12-06 21:46:13 +00:00
erwanlr	b47bf006d0	Removes useless spec	2018-12-06 21:44:54 +00:00
erwanlr	d60269f4bc	Adds DFs	2018-12-06 21:41:00 +00:00
erwanlr	1ce057a78e	Adds DFs	2018-12-06 15:54:15 +00:00
erwanlr	a0fe04b990	Fixes #1260	2018-12-06 02:51:23 +00:00
erwanlr	31c9172e19	Removes false positive DFs	2018-12-03 15:37:09 +00:00
erwanlr	7f23cbef71	Adds DFs	2018-12-03 15:08:56 +00:00
Ryan Dewhurst	4884defaed	Add some references to interesting findings	2018-11-22 15:04:43 +01:00
erwanlr	3039218c40	Adds DFs	2018-11-18 11:45:58 +00:00
`@@ -1 +1,3 @@`
		`# frozen_string_literal: true`

	`require_relative 'wp_items/urls_in_homepage'`	`require_relative 'wp_items/urls_in_homepage'`