Bumps version

.dockerignore

@@ -12,5 +12,5 @@ spec/
 Dockerfile
 **/*.orig
 *.orig
-bin/wpscan-docker*
+bin/wpscan-*
 .wpscan/

.gitignore

@@ -21,3 +21,6 @@ doc/
 # Old files from v2
 cache/
 data/
+
+# Profiling reports
+bin/memprof*.report

.rubocop.yml

@@ -22,7 +22,5 @@ Metrics/CyclomaticComplexity:
   Max: 8
 Style/Documentation:
   Enabled: false
-Style/FrozenStringLiteralComment:
-  Enabled: false
 Style/FormatStringToken:
   Enabled: false

.ruby-version

@@ -1 +1 @@
-2.6.0
+2.6.2

.travis.yml

@@ -20,7 +20,11 @@ rvm:
   - 2.5.1
   - 2.5.2
   - 2.5.3
+  - 2.5.4
+  - 2.5.5
   - 2.6.0
+  - 2.6.1
+  - 2.6.2
   - ruby-head
 before_install:
   - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"

Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.5.1-alpine AS builder
+FROM ruby:2.6.2-alpine3.9 AS builder
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 
 ARG BUNDLER_ARGS="--jobs=8 --without test development"
@@ -19,7 +19,7 @@ RUN rake install --trace
 RUN chmod -R a+r /usr/local/bundle
 
 
-FROM ruby:2.5-alpine
+FROM ruby:2.6.2-alpine3.9
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 
 RUN adduser -h /wpscan -g WPScan -D wpscan

Gemfile

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 gemspec

README.md

@@ -1,9 +1,24 @@
-![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png "WPScan - WordPress Security Scanner")
+<p align="center">
+  <a href="https://wpscan.org/">
+    <img src="https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png" alt="WPScan logo">
+  </a>
+</p>
 
-[![Gem Version](https://badge.fury.io/rb/wpscan.svg)](https://badge.fury.io/rb/wpscan)
+<h3 align="center">WPScan</h3>
-[![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
+
-[![Code Climate](https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
+<p align="center">
-[![Patreon Donate](https://img.shields.io/badge/patreon-donate-green.svg)](https://www.patreon.com/wpscan)
+  WordPress Vulnerability Scanner
+  <br>
+  <br>
+  <a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress plugin" target="_blank">WordPress Plugin</a>
+</p>
+
+<p align="center">
+  <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
+  <a href="https://travis-ci.org/wpscanteam/wpscan" target="_blank"><img src="https://travis-ci.org/wpscanteam/wpscan.svg?branch=master"></a>
+  <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
+  <a href="https://www.patreon.com/wpscan" target="_blank"><img src="https://img.shields.io/badge/patreon-donate-green.svg"></a>
+</p>
 
 # INSTALL
 
@@ -110,14 +125,6 @@ wpscan --url https://target.tld/ --enumerate u1-100
 
 ** replace u1-100 with a range of your choice.
 
-# PROJECT HOME
-
-[https://wpscan.org](https://wpscan.org)
-
-# VULNERABILITY DATABASE
-
-[https://wpvulndb.com](https://wpvulndb.com)
-
 # LICENSE
 
 ## WPScan Public Source License

app/app.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'models'
 require_relative 'finders'
 require_relative 'controllers'

app/controllers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'controllers/core'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'

app/controllers/aliases.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Controller
     # Controller to add the aliases in the CLI

app/controllers/core.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Controller
     # Specific Core controller to include WordPress checks
@@ -25,7 +27,7 @@ module WPScan
       # @return [ Boolean ]
       def update_db_required?
         if local_db.missing_files?
-          raise MissingDatabaseFile if parsed_options[:update] == false
+          raise Error::MissingDatabaseFile if parsed_options[:update] == false
 
           return true
         end
@@ -62,7 +64,7 @@ module WPScan
       # Raises errors if the target is hosted on wordpress.com or is not running WordPress
       # Also check if the homepage_url is still the install url
       def check_wordpress_state
-        raise WordPressHostedError if target.wordpress_hosted?
+        raise Error::WordPressHosted if target.wordpress_hosted?
 
         if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i
 
@@ -71,7 +73,7 @@ module WPScan
           exit(WPScan::ExitCode::VULNERABLE)
         end
 
-        raise NotWordPressError unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
+        raise Error::NotWordPress unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
       end
 
       # Loads the related server module in the target
@@ -95,7 +97,7 @@ module WPScan
         mod = CMSScanner::Target::Server.const_get(server)
 
         target.extend mod
-        WPScan::WpItem.include mod
+        Model::WpItem.include mod
 
         server
       end

app/controllers/custom_directories.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Controller
     # Controller to ensure that the wp-content and wp-plugins
@@ -16,7 +18,7 @@ module WPScan
 
         return if target.content_dir
 
-        raise 'Unable to identify the wp-content dir, please supply it with --wp-content-dir'
+        raise Error::WpContentDirNotDetected
       end
     end
   end

app/controllers/enumeration.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'enumeration/cli_options'
 require_relative 'enumeration/enum_methods'
 
@@ -8,6 +10,10 @@ module WPScan
       def before_scan
         DB::DynamicFinders::Plugin.create_versions_finders
         DB::DynamicFinders::Theme.create_versions_finders
+
+        # Force the Garbage Collector to run due to the above method being
+        # quite heavy in objects allocation
+        GC.start
       end
 
       def run

app/controllers/enumeration/cli_options.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Controller
     # Enumeration CLI Options

app/controllers/enumeration/enum_methods.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Controller
     # Enumeration Methods

app/controllers/main_theme.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Controller
     # Main Theme Controller

app/controllers/password_attack.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Controller
     # Password Attack Controller
@@ -52,7 +54,7 @@ module WPScan
         @attacker ||= attacker_from_cli_options || attacker_from_automatic_detection
       end
 
-      # @return [ WPScan::XMLRPC ]
+      # @return [ Model::XMLRPC ]
       def xmlrpc
         @xmlrpc ||= target.xmlrpc
       end
@@ -65,11 +67,11 @@ module WPScan
         when :wp_login
           WPScan::Finders::Passwords::WpLogin.new(target)
         when :xmlrpc
-          raise XMLRPCNotDetected unless xmlrpc
+          raise Error::XMLRPCNotDetected unless xmlrpc
 
           WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
         when :xmlrpc_multicall
-          raise XMLRPCNotDetected unless xmlrpc
+          raise Error::XMLRPCNotDetected unless xmlrpc
 
           WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
         end
@@ -95,7 +97,7 @@ module WPScan
         return target.users unless parsed_options[:usernames]
 
         parsed_options[:usernames].reduce([]) do |acc, elem|
-          acc << CMSScanner::User.new(elem.chomp)
+          acc << Model::User.new(elem.chomp)
         end
       end
 

app/controllers/wp_version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Controller
     # Wp Version Controller

app/finders.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'finders/interesting_findings'
 require_relative 'finders/wp_items'
 require_relative 'finders/wp_version'

app/finders/config_backups.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'config_backups/known_filenames'
 
 module WPScan

app/finders/config_backups/known_filenames.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module ConfigBackups
@@ -13,11 +15,10 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(potential_urls(opts), opts) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
-            # Might need to improve that
             next unless res.body =~ /define/i && res.body !~ /<\s?html/i
 
-            found << WPScan::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+            found << Model::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
           end
 
           found

app/finders/db_exports.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'db_exports/known_locations'
 
 module WPScan

app/finders/db_exports/known_locations.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module DbExports
@@ -6,6 +8,8 @@ module WPScan
       class KnownLocations < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
 
+        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
+
         # @param [ Hash ] opts
         # @option opts [ String ] :list
         # @option opts [ Boolean ] :show_progression
@@ -14,15 +18,23 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(potential_urls(opts), opts) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
-            next unless res.code == 200 && res.body =~ /INSERT INTO/
+            if res.effective_url.end_with?('.zip')
+              next unless res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
+            else
+              next unless res.body =~ SQL_PATTERN
+            end
 
-            found << WPScan::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+            found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
           end
 
           found
         end
 
+        def full_request_params
+          @full_request_params ||= { headers: { 'Range' => 'bytes=0-3000' } }
+        end
+
         # @param [ Hash ] opts
         # @option opts [ String ] :list Mandatory
         #

app/finders/interesting_findings.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'interesting_findings/readme'
 require_relative 'interesting_findings/wp_cron'
 require_relative 'interesting_findings/multisite'

app/finders/interesting_findings/backup_db.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -6,13 +8,12 @@ module WPScan
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
           path = 'wp-content/backup-db/'
-          url  = target.url(path)
+          res  = target.head_and_get(path, [200, 403])
-          res  = Browser.get(url)
 
           return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
 
-          WPScan::BackupDB.new(
+          Model::BackupDB.new(
-            url,
+            target.url(path),
             confidence: 70,
             found_by: DIRECT_ACCESS,
             interesting_entries: target.directory_listing_entries(path),

app/finders/interesting_findings/debug_log.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -9,7 +11,7 @@ module WPScan
 
           return unless target.debug_log?(path)
 
-          WPScan::DebugLog.new(
+          Model::DebugLog.new(
             target.url(path),
             confidence: 100, found_by: DIRECT_ACCESS,
             references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }

app/finders/interesting_findings/duplicator_installer_log.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -5,13 +7,12 @@ module WPScan
       class DuplicatorInstallerLog < CMSScanner::Finders::Finder
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          url = target.url('installer-log.txt')
+          path = 'installer-log.txt'
-          res = Browser.get(url)
 
-          return unless res.body =~ /DUPLICATOR INSTALL-LOG/
+          return unless target.head_and_get(path).body =~ /DUPLICATOR INSTALL-LOG/
 
-          WPScan::DuplicatorInstallerLog.new(
+          Model::DuplicatorInstallerLog.new(
-            url,
+            target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,
             references: { url: 'https://www.exploit-db.com/ghdb/3981/' }

app/finders/interesting_findings/emergency_pwd_reset_script.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -5,13 +7,13 @@ module WPScan
       class EmergencyPwdResetScript < CMSScanner::Finders::Finder
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          url  = target.url('/emergency.php')
+          path = 'emergency.php'
-          res  = Browser.get(url)
+          res  = target.head_and_get(path)
 
           return unless res.code == 200 && !target.homepage_or_404?(res)
 
-          WPScan::EmergencyPwdResetScript.new(
+          Model::EmergencyPwdResetScript.new(
-            url,
+            target.url(path),
             confidence: res.body =~ /password/i ? 100 : 40,
             found_by: DIRECT_ACCESS,
             references: {

app/finders/interesting_findings/full_path_disclosure.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -10,7 +12,7 @@ module WPScan
 
           return if fpd_entries.empty?
 
-          WPScan::FullPathDisclosure.new(
+          Model::FullPathDisclosure.new(
             target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/mu_plugins.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -12,7 +14,7 @@ module WPScan
 
             url = target.url('wp-content/mu-plugins/')
 
-            return WPScan::MuPlugins.new(
+            return Model::MuPlugins.new(
               url,
               confidence: 70,
               found_by: 'URLs In Homepage (Passive Detection)',
@@ -35,7 +37,7 @@ module WPScan
 
           target.mu_plugins = true
 
-          WPScan::MuPlugins.new(
+          Model::MuPlugins.new(
             url,
             confidence: 80,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/multisite.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -15,7 +17,7 @@ module WPScan
 
           target.multisite = true
 
-          WPScan::Multisite.new(
+          Model::Multisite.new(
             url,
             confidence: 100,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/readme.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -5,14 +7,14 @@ module WPScan
       class Readme < CMSScanner::Finders::Finder
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          potential_files.each do |file|
+          potential_files.each do |path|
-            url = target.url(file)
+            res = target.head_and_get(path)
-            res = Browser.get(url)
 
-            if res.code == 200 && res.body =~ /wordpress/i
+            next unless res.code == 200 && res.body =~ /wordpress/i
-              return WPScan::Readme.new(url, confidence: 100, found_by: DIRECT_ACCESS)
+
-            end
+            return Model::Readme.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
           end
+
           nil
         end
 

app/finders/interesting_findings/registration.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -18,7 +20,7 @@ module WPScan
 
           target.registration_enabled = true
 
-          WPScan::Registration.new(
+          Model::Registration.new(
             res.effective_url,
             confidence: 100,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/tmm_db_migrate.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -7,11 +9,11 @@ module WPScan
         def aggressive(_opts = {})
           path = 'wp-content/uploads/tmm_db_migrate/tmm_db_migrate.zip'
           url  = target.url(path)
-          res  = Browser.get(url)
+          res  = browser.forge_request(url, target.head_or_get_request_params).run
 
           return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
 
-          WPScan::TmmDbMigrate.new(
+          Model::TmmDbMigrate.new(
             url,
             confidence: 100,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/upload_directory_listing.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -11,7 +13,7 @@ module WPScan
 
           url = target.url(path)
 
-          WPScan::UploadDirectoryListing.new(
+          Model::UploadDirectoryListing.new(
             url,
             confidence: 100,
             found_by: DIRECT_ACCESS,

app/finders/interesting_findings/upload_sql_dump.rb

@@ -1,27 +1,25 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
       # UploadSQLDump finder
       class UploadSQLDump < CMSScanner::Finders::Finder
-        SQL_PATTERN = /(?:(?:(?:DROP|CREATE) TABLE)|INSERT INTO)/.freeze
+        SQL_PATTERN = /(?:DROP|CREATE|(?:UN)?LOCK) TABLE|INSERT INTO/.freeze
 
         # @return [ InterestingFinding ]
         def aggressive(_opts = {})
-          url = dump_url
+          path = 'wp-content/uploads/dump.sql'
-          res = Browser.get(url)
+          res  = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })
 
-          return unless res.code == 200 && res.body =~ SQL_PATTERN
+          return unless res.body =~ SQL_PATTERN
 
-          WPScan::UploadSQLDump.new(
+          Model::UploadSQLDump.new(
-            url,
+            target.url(path),
             confidence: 100,
             found_by: DIRECT_ACCESS
           )
         end
-
-        def dump_url
-          target.url('wp-content/uploads/dump.sql')
-        end
       end
     end
   end

app/finders/interesting_findings/wp_cron.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module InterestingFindings
@@ -9,7 +11,7 @@ module WPScan
 
           return unless res.code == 200
 
-          WPScan::WPCron.new(
+          Model::WPCron.new(
             wp_cron_url,
             confidence: 60,
             found_by: DIRECT_ACCESS,

app/finders/main_theme.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'main_theme/css_style'
 require_relative 'main_theme/woo_framework_meta_generator'
 require_relative 'main_theme/urls_in_homepage'

app/finders/main_theme/css_style.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module MainTheme
@@ -6,7 +8,7 @@ module WPScan
         include Finders::WpItems::URLsInHomepage
 
         def create_theme(slug, style_url, opts)
-          WPScan::Theme.new(
+          Model::Theme.new(
             slug,
             target,
             opts.merge(found_by: found_by, confidence: 70, style_url: style_url)

app/finders/main_theme/urls_in_homepage.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module MainTheme
@@ -14,7 +16,7 @@ module WPScan
           slugs = items_from_links('themes', false) + items_from_codes('themes', false)
 
           slugs.each_with_object(Hash.new(0)) { |slug, counts| counts[slug] += 1 }.each do |slug, occurences|
-            found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))
+            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))
           end
 
           found

app/finders/main_theme/woo_framework_meta_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module MainTheme
@@ -10,7 +12,7 @@ module WPScan
         def passive(opts = {})
           return unless target.homepage_res.body =~ PATTERN
 
-          WPScan::Theme.new(
+          Model::Theme.new(
             Regexp.last_match[1],
             target,
             opts.merge(found_by: found_by, confidence: 80)

app/finders/medias.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'medias/attachment_brute_forcing'
 
 module WPScan

app/finders/medias/attachment_brute_forcing.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Medias
@@ -15,7 +17,7 @@ module WPScan
           enumerate(target_urls(opts), opts) do |res|
             next unless res.code == 200
 
-            found << WPScan::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
+            found << Model::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
           end
 
           found

app/finders/passwords.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'passwords/wp_login'
 require_relative 'passwords/xml_rpc'
 require_relative 'passwords/xml_rpc_multicall'

app/finders/passwords/wp_login.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Passwords
@@ -10,7 +12,8 @@ module WPScan
         end
 
         def valid_credentials?(response)
-          response.code == 302
+          response.code == 302 &&
+            response.headers['Set-Cookie']&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
         end
 
         def errored_response?(response)

app/finders/passwords/xml_rpc.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Passwords

app/finders/passwords/xml_rpc_multicall.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Passwords
@@ -20,13 +22,13 @@ module WPScan
           target.multi_call(methods).run
         end
 
-        # @param [ Array<CMSScanner::User> ] users
+        # @param [ Array<Model::User> ] users
         # @param [ Array<String> ] passwords
         # @param [ Hash ] opts
         # @option opts [ Boolean ] :show_progression
         # @option opts [ Integer ] :multicall_max_passwords
         #
-        # @yield [ CMSScanner::User ] When a valid combination is found
+        # @yield [ Model::User ] When a valid combination is found
         #
         # TODO: Make rubocop happy about metrics etc
         #

app/finders/plugin_version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'plugin_version/readme'
 
 module WPScan
@@ -7,7 +9,7 @@ module WPScan
       class Base
         include CMSScanner::Finders::UniqueFinder
 
-        # @param [ WPScan::Plugin ] plugin
+        # @param [ Model::Plugin ] plugin
         def initialize(plugin)
           finders << PluginVersion::Readme.new(plugin)
 
@@ -16,7 +18,7 @@ module WPScan
 
         # Load the finders associated with the plugin
         #
-        # @param [ WPScan::Plugin ] plugin
+        # @param [ Model::Plugin ] plugin
         def load_specific_finders(plugin)
           module_name = plugin.classify
 

app/finders/plugin_version/readme.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module PluginVersion
@@ -7,21 +9,23 @@ module WPScan
         def aggressive(_opts = {})
           found_by_msg = 'Readme - %s (Aggressive Detection)'
 
-          WPScan::WpItem::READMES.each do |file|
+          # The target(plugin)#readme_url can't be used directly here
-            url = target.url(file)
+          # as if the --detection-mode is passive, it will always return nil
-            res = Browser.get(url)
+          Model::WpItem::READMES.each do |file|
+            res = target.head_and_get(file)
 
             next unless res.code == 200 && !(numbers = version_numbers(res.body)).empty?
 
             return numbers.reduce([]) do |a, e|
-              a << WPScan::Version.new(
+              a << Model::Version.new(
                 e[0],
                 found_by: format(found_by_msg, e[1]),
                 confidence: e[2],
-                interesting_entries: [url]
+                interesting_entries: [res.effective_url]
               )
             end
           end
+
           nil
         end
 

app/finders/plugins.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'plugins/urls_in_homepage'
 require_relative 'plugins/known_locations'
 # From the DynamicFinders

app/finders/plugins/body_pattern.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Plugins
@@ -15,7 +17,7 @@ module WPScan
         def process_response(opts, response, slug, klass, config)
           return unless response.body =~ config['pattern']
 
-          Plugin.new(
+          Model::Plugin.new(
             slug,
             target,
             opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

app/finders/plugins/comment.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Plugins
@@ -18,7 +20,7 @@ module WPScan
 
             next unless comment =~ config['pattern']
 
-            return Plugin.new(
+            return Model::Plugin.new(
               slug,
               target,
               opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

app/finders/plugins/config_parser.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Plugins
@@ -19,7 +21,7 @@ module WPScan
           # when checking for plugins
           #
 
-          Plugin.new(
+          Model::Plugin.new(
             slug,
             target,
             opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

app/finders/plugins/header_pattern.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Plugins
@@ -18,7 +20,7 @@ module WPScan
             configs.each do |klass, config|
               next unless headers[config['header']] && headers[config['header']].to_s =~ config['pattern']
 
-              found << Plugin.new(
+              found << Model::Plugin.new(
                 slug,
                 target,
                 opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

app/finders/plugins/javascript_var.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Plugins
@@ -16,7 +18,7 @@ module WPScan
           response.html.xpath(config['xpath'] || '//script[not(@src)]').each do |node|
             next if config['pattern'] && !node.text.match(config['pattern'])
 
-            return Plugin.new(
+            return Model::Plugin.new(
               slug,
               target,
               opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

app/finders/plugins/known_locations.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Plugins
@@ -5,6 +7,11 @@ module WPScan
       class KnownLocations < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
 
+        # @return [ Array<Integer> ]
+        def valid_response_codes
+          @valid_response_codes ||= [200, 401, 403, 301, 500].freeze
+        end
+
         # @param [ Hash ] opts
         # @option opts [ String ] :list
         #
@@ -12,12 +19,8 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(target_urls(opts), opts) do |res, slug|
+          enumerate(target_urls(opts), opts.merge(check_full_response: [200, 401, 403, 500])) do |_res, slug|
-            # TODO: follow the location (from enumerate()) and remove the 301 here ?
+            found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
-            # As a result, it might remove false positive due to redirection to the homepage
-            next unless [200, 401, 403, 301].include?(res.code)
-
-            found << WPScan::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
           end
 
           found
@@ -30,10 +33,9 @@ module WPScan
         def target_urls(opts = {})
           slugs       = opts[:list] || DB::Plugins.vulnerable_slugs
           urls        = {}
-          plugins_url = target.plugins_url
 
           slugs.each do |slug|
-            urls["#{plugins_url}#{URI.encode(slug)}/"] = slug
+            urls[target.plugin_url(slug)] = slug
           end
 
           urls

app/finders/plugins/query_parameter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Plugins

app/finders/plugins/urls_in_homepage.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Plugins
@@ -14,7 +16,7 @@ module WPScan
           found = []
 
           (items_from_links('plugins') + items_from_codes('plugins')).uniq.sort.each do |slug|
-            found << Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+            found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
           end
 
           found

app/finders/plugins/xpath.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Plugins
@@ -16,7 +18,7 @@ module WPScan
           response.html.xpath(config['xpath']).each do |node|
             next if config['pattern'] && !node.text.match(config['pattern'])
 
-            return Plugin.new(
+            return Model::Plugin.new(
               slug,
               target,
               opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)

app/finders/theme_version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'theme_version/style'
 require_relative 'theme_version/woo_framework_meta_generator'
 
@@ -8,7 +10,7 @@ module WPScan
       class Base
         include CMSScanner::Finders::UniqueFinder
 
-        # @param [ WPScan::Theme ] theme
+        # @param [ Model::Theme ] theme
         def initialize(theme)
           finders <<
             ThemeVersion::Style.new(theme) <<
@@ -19,7 +21,7 @@ module WPScan
 
         # Load the finders associated with the theme
         #
-        # @param [ WPScan::Theme ] theme
+        # @param [ Model::Theme ] theme
         def load_specific_finders(theme)
           module_name = theme.classify
 

app/finders/theme_version/style.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module ThemeVersion
@@ -30,7 +32,7 @@ module WPScan
         def style_version
           return unless Browser.get(target.style_url).body =~ /Version:[\t ]*(?!trunk)([0-9a-z\.-]+)/i
 
-          WPScan::Version.new(
+          Model::Version.new(
             Regexp.last_match[1],
             found_by: found_by,
             confidence: 80,

app/finders/theme_version/woo_framework_meta_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module ThemeVersion
@@ -11,7 +13,7 @@ module WPScan
 
           return unless Regexp.last_match[1] == target.slug
 
-          WPScan::Version.new(Regexp.last_match[2], found_by: found_by, confidence: 80)
+          Model::Version.new(Regexp.last_match[2], found_by: found_by, confidence: 80)
         end
       end
     end

app/finders/themes.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'themes/urls_in_homepage'
 require_relative 'themes/known_locations'
 

app/finders/themes/known_locations.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Themes
@@ -5,6 +7,11 @@ module WPScan
       class KnownLocations < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
 
+        # @return [ Array<Integer> ]
+        def valid_response_codes
+          @valid_response_codes ||= [200, 401, 403, 301, 500].freeze
+        end
+
         # @param [ Hash ] opts
         # @option opts [ String ] :list
         #
@@ -12,12 +19,8 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(target_urls(opts), opts) do |res, slug|
+          enumerate(target_urls(opts), opts.merge(check_full_response: [200, 401, 403, 500])) do |_res, slug|
-            # TODO: follow the location (from enumerate()) and remove the 301 here ?
+            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
-            # As a result, it might remove false positive due to redirection to the homepage
-            next unless [200, 401, 403, 301].include?(res.code)
-
-            found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
           end
 
           found
@@ -28,12 +31,11 @@ module WPScan
         #
         # @return [ Hash ]
         def target_urls(opts = {})
-          slugs       = opts[:list] || DB::Themes.vulnerable_slugs
+          slugs = opts[:list] || DB::Themes.vulnerable_slugs
-          urls        = {}
+          urls  = {}
-          themes_url  = target.url('wp-content/themes/')
 
           slugs.each do |slug|
-            urls["#{themes_url}#{URI.encode(slug)}/"] = slug
+            urls[target.theme_url(slug)] = slug
           end
 
           urls

app/finders/themes/urls_in_homepage.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Themes
@@ -12,7 +14,7 @@ module WPScan
           found = []
 
           (items_from_links('themes') + items_from_codes('themes')).uniq.sort.each do |slug|
-            found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
           end
 
           found

app/finders/timthumb_version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'timthumb_version/bad_request'
 
 module WPScan
@@ -7,7 +9,7 @@ module WPScan
       class Base
         include CMSScanner::Finders::UniqueFinder
 
-        # @param [ WPScan::Timthumb ] target
+        # @param [ Model::Timthumb ] target
         def initialize(target)
           finders << TimthumbVersion::BadRequest.new(target)
         end

app/finders/timthumb_version/bad_request.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module TimthumbVersion
@@ -8,7 +10,7 @@ module WPScan
         def aggressive(_opts = {})
           return unless Browser.get(target.url).body =~ /(TimThumb version\s*: ([^<]+))/
 
-          WPScan::Version.new(
+          Model::Version.new(
             Regexp.last_match[2],
             found_by: 'Bad Request (Aggressive Detection)',
             confidence: 90,

app/finders/timthumbs.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'timthumbs/known_locations'
 
 module WPScan

app/finders/timthumbs/known_locations.rb

@@ -1,10 +1,19 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Timthumbs
       # Known Locations Timthumbs Finder
+      # Note: A vulnerable version, 2.8.13 can be found here:
+      # https://github.com/GabrielGil/TimThumb/blob/980c3d6a823477761570475e8b83d3e9fcd2d7ae/timthumb.php
       class KnownLocations < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
 
+        # @return [ Array<Integer> ]
+        def valid_response_codes
+          @valid_response_codes ||= [400]
+        end
+
         # @param [ Hash ] opts
         # @option opts [ String ] :list Mandatory
         #
@@ -12,10 +21,10 @@ module WPScan
         def aggressive(opts = {})
           found = []
 
-          enumerate(target_urls(opts), opts) do |res|
+          enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
-            next unless res.code == 400 && res.body =~ /no image specified/i
+            next unless res.body =~ /no image specified/i
 
-            found << WPScan::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
+            found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
           end
 
           found

app/finders/users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'users/author_posts'
 require_relative 'users/wp_json_api'
 require_relative 'users/oembed_api'

app/finders/users/author_id_brute_forcing.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Users
@@ -18,7 +20,7 @@ module WPScan
 
             next unless username
 
-            found << CMSScanner::User.new(
+            found << Model::User.new(
               username,
               id: id,
               found_by: format(found_by_msg, found_by),

app/finders/users/author_posts.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Users
@@ -10,7 +12,7 @@ module WPScan
           found_by_msg = 'Author Posts - %s (Passive Detection)'
 
           usernames(opts).reduce([]) do |a, e|
-            a << CMSScanner::User.new(
+            a << Model::User.new(
               e[0],
               found_by: format(found_by_msg, e[1]),
               confidence: e[2]

app/finders/users/login_error_messages.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Users
@@ -24,7 +26,7 @@ module WPScan
 
             next unless error =~ /The password you entered for the username|Incorrect Password/i
 
-            found << CMSScanner::User.new(username, found_by: found_by, confidence: 100)
+            found << Model::User.new(username, found_by: found_by, confidence: 100)
           end
 
           found

app/finders/users/oembed_api.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Users
@@ -21,10 +23,10 @@ module WPScan
 
           return [] unless details
 
-          [CMSScanner::User.new(details[0],
+          [Model::User.new(details[0],
-                                found_by: format(found_by_msg, details[1]),
+                           found_by: format(found_by_msg, details[1]),
-                                confidence: details[2],
+                           confidence: details[2],
-                                interesting_entries: [api_url])]
+                           interesting_entries: [api_url])]
         rescue JSON::ParserError
           []
         end

app/finders/users/rss_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Users
@@ -17,20 +19,20 @@ module WPScan
 
             begin
               res.xml.xpath('//item/dc:creator').each do |node|
-                potential_username = node.text.to_s
+                username = node.text.to_s
 
                 # Ignoring potential username longer than 60 characters and containing accents
                 # as they are considered invalid. See https://github.com/wpscanteam/wpscan/issues/1215
-                next if potential_username.length > 60 || potential_username =~ /[^\x00-\x7F]/
+                next if username.strip.empty? || username.length > 60 || username =~ /[^\x00-\x7F]/
 
-                potential_usernames << potential_username
+                potential_usernames << username
               end
             rescue Nokogiri::XML::XPath::SyntaxError
               next
             end
 
-            potential_usernames.uniq.each do |potential_username|
+            potential_usernames.uniq.each do |username|
-              found << CMSScanner::User.new(potential_username, found_by: found_by, confidence: 50)
+              found << Model::User.new(username, found_by: found_by, confidence: 50)
             end
 
             break

app/finders/users/wp_json_api.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Users
@@ -41,11 +43,11 @@ module WPScan
           found = []
 
           JSON.parse(response.body)&.each do |user|
-            found << CMSScanner::User.new(user['slug'],
+            found << Model::User.new(user['slug'],
-                                          id: user['id'],
+                                     id: user['id'],
-                                          found_by: found_by,
+                                     found_by: found_by,
-                                          confidence: 100,
+                                     confidence: 100,
-                                          interesting_entries: [response.effective_url])
+                                     interesting_entries: [response.effective_url])
           end
 
           found
@@ -53,7 +55,15 @@ module WPScan
 
         # @return [ String ] The URL of the API listing the Users
         def api_url
-          @api_url ||= target.url('wp-json/wp/v2/users/')
+          return @api_url if @api_url
+
+          target.in_scope_urls(target.homepage_res, "//link[@rel='https://api.w.org/']/@href").each do |url, _tag|
+            uri = Addressable::URI.parse(url.strip)
+
+            return @api_url = uri.join('wp/v2/users/').to_s if uri.path.include?('wp-json')
+          end
+
+          @api_url = target.url('wp-json/wp/v2/users/')
         end
       end
     end

app/finders/users/yoast_seo_author_sitemap.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module Users
@@ -15,10 +17,10 @@ module WPScan
 
             next unless username && !username.strip.empty?
 
-            found << CMSScanner::User.new(username,
+            found << Model::User.new(username,
-                                          found_by: found_by,
+                                     found_by: found_by,
-                                          confidence: 100,
+                                     confidence: 100,
-                                          interesting_entries: [sitemap_url])
+                                     interesting_entries: [sitemap_url])
           end
 
           found

app/finders/wp_items.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require_relative 'wp_items/urls_in_homepage'

app/finders/wp_items/urls_in_homepage.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module WpItems

app/finders/wp_version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require_relative 'wp_version/rss_generator'
 require_relative 'wp_version/atom_generator'
 require_relative 'wp_version/rdf_generator'

app/finders/wp_version/atom_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module WpVersion

app/finders/wp_version/rdf_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module WpVersion

app/finders/wp_version/readme.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module WpVersion
@@ -13,9 +15,9 @@ module WPScan
 
           number = Regexp.last_match(1)
 
-          return unless WPScan::WpVersion.valid?(number)
+          return unless Model::WpVersion.valid?(number)
 
-          WPScan::WpVersion.new(
+          Model::WpVersion.new(
             number,
             found_by: 'Readme (Aggressive Detection)',
             # Since WP 4.7, the Readme only contains the major version (ie 4.7, 4.8 etc)

app/finders/wp_version/rss_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module WpVersion

app/finders/wp_version/unique_fingerprinting.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module WPScan
   module Finders
     module WpVersion
@@ -11,7 +13,7 @@ module WPScan
             hydra.abort
             progress_bar.finish
 
-            return WPScan::WpVersion.new(
+            return Model::WpVersion.new(
               version_number,
               found_by: 'Unique Fingerprinting (Aggressive Detection)',
               confidence: 100,

app/models.rb

@@ -1,3 +1,11 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Model
+    include CMSScanner::Model
+  end
+end
+
 require_relative 'models/interesting_finding'
 require_relative 'models/wp_version'
 require_relative 'models/xml_rpc'

app/models/config_backup.rb

@@ -1,5 +1,9 @@
+# frozen_string_literal: true
+
 module WPScan
-  # Config Backup
+  module Model
-  class ConfigBackup < InterestingFinding
+    # Config Backup
+    class ConfigBackup < InterestingFinding
+    end
   end
 end

app/models/db_export.rb

@@ -1,5 +1,9 @@
+# frozen_string_literal: true
+
 module WPScan
-  # DB Export
+  module Model
-  class DbExport < InterestingFinding
+    # DB Export
+    class DbExport < InterestingFinding
+    end
   end
 end

app/models/interesting_finding.rb

@@ -1,48 +1,52 @@
+# frozen_string_literal: true
+
 module WPScan
-  # Custom class to include the WPScan::References module
+  module Model
-  class InterestingFinding < CMSScanner::InterestingFinding
+    # Custom class to include the WPScan::References module
-    include References
+    class InterestingFinding < CMSScanner::Model::InterestingFinding
-  end
+      include References
+    end
 
-  #
+    #
-  # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
+    # Empty classes for the #type to be correctly displayed (as taken from the self.class from the parent)
-  #
+    #
-  class BackupDB < InterestingFinding
+    class BackupDB < InterestingFinding
-  end
+    end
 
-  class DebugLog < InterestingFinding
+    class DebugLog < InterestingFinding
-  end
+    end
 
-  class DuplicatorInstallerLog < InterestingFinding
+    class DuplicatorInstallerLog < InterestingFinding
-  end
+    end
 
-  class EmergencyPwdResetScript < InterestingFinding
+    class EmergencyPwdResetScript < InterestingFinding
-  end
+    end
 
-  class FullPathDisclosure < InterestingFinding
+    class FullPathDisclosure < InterestingFinding
-  end
+    end
 
-  class MuPlugins < InterestingFinding
+    class MuPlugins < InterestingFinding
-  end
+    end
 
-  class Multisite < InterestingFinding
+    class Multisite < InterestingFinding
-  end
+    end
 
-  class Readme < InterestingFinding
+    class Readme < InterestingFinding
-  end
+    end
 
-  class Registration < InterestingFinding
+    class Registration < InterestingFinding
-  end
+    end
 
-  class TmmDbMigrate < InterestingFinding
+    class TmmDbMigrate < InterestingFinding
-  end
+    end
 
-  class UploadDirectoryListing < InterestingFinding
+    class UploadDirectoryListing < InterestingFinding
-  end
+    end
 
-  class UploadSQLDump < InterestingFinding
+    class UploadSQLDump < InterestingFinding
-  end
+    end
 
-  class WPCron < InterestingFinding
+    class WPCron < InterestingFinding
+    end
   end
 end

app/models/media.rb

@@ -1,5 +1,9 @@
+# frozen_string_literal: true
+
 module WPScan
-  # Media
+  module Model
-  class Media < InterestingFinding
+    # Media
+    class Media < InterestingFinding
+    end
   end
 end

app/models/plugin.rb

@@ -1,25 +1,33 @@
+# frozen_string_literal: true
+
 module WPScan
-  # WordPress Plugin
+  module Model
-  class Plugin < WpItem
+    # WordPress Plugin
-    # See WpItem
+    class Plugin < WpItem
-    def initialize(slug, blog, opts = {})
+      # See WpItem
-      super(slug, blog, opts)
+      def initialize(slug, blog, opts = {})
+        super(slug, blog, opts)
 
-      @uri = Addressable::URI.parse(blog.url("wp-content/plugins/#{slug}/"))
+        # To be used by #head_and_get
-    end
+        # If custom wp-content, it will be replaced by blog#url
+        @path_from_blog = "wp-content/plugins/#{slug}/"
 
-    # @return [ JSON ]
+        @uri = Addressable::URI.parse(blog.url(path_from_blog))
-    def db_data
+      end
-      DB::Plugin.db_data(slug)
-    end
 
-    # @param [ Hash ] opts
+      # @return [ JSON ]
-    #
+      def db_data
-    # @return [ WPScan::Version, false ]
+        @db_data ||= DB::Plugin.db_data(slug)
-    def version(opts = {})
+      end
-      @version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
 
-      @version
+      # @param [ Hash ] opts
+      #
+      # @return [ Model::Version, false ]
+      def version(opts = {})
+        @version = Finders::PluginVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
+
+        @version
+      end
     end
   end
 end

app/models/theme.rb

@@ -1,99 +1,107 @@
+# frozen_string_literal: true
+
 module WPScan
-  # WordPress Theme
+  module Model
-  class Theme < WpItem
+    # WordPress Theme
-    attr_reader :style_url, :style_name, :style_uri, :author, :author_uri, :template, :description,
+    class Theme < WpItem
-                :license, :license_uri, :tags, :text_domain
+      attr_reader :style_url, :style_name, :style_uri, :author, :author_uri, :template, :description,
+                  :license, :license_uri, :tags, :text_domain
 
-    # See WpItem
+      # See WpItem
-    def initialize(slug, blog, opts = {})
+      def initialize(slug, blog, opts = {})
-      super(slug, blog, opts)
+        super(slug, blog, opts)
 
-      @uri       = Addressable::URI.parse(blog.url("wp-content/themes/#{slug}/"))
+        # To be used by #head_and_get
-      @style_url = opts[:style_url] || url('style.css')
+        # If custom wp-content, it will be replaced by blog#url
+        @path_from_blog = "wp-content/themes/#{slug}/"
 
-      parse_style
+        @uri       = Addressable::URI.parse(blog.url(path_from_blog))
-    end
+        @style_url = opts[:style_url] || url('style.css')
 
-    # @return [ JSON ]
+        parse_style
-    def db_data
-      DB::Theme.db_data(slug)
-    end
-
-    # @param [ Hash ] opts
-    #
-    # @return [ WPScan::Version, false ]
-    def version(opts = {})
-      @version = Finders::ThemeVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
-
-      @version
-    end
-
-    # @return [ Theme ]
-    def parent_theme
-      return unless template
-      return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
-
-      opts = detection_opts.merge(
-        style_url: url(Regexp.last_match[1]),
-        found_by: 'Parent Themes (Passive Detection)',
-        confidence: 100
-      ).merge(version_detection: version_detection_opts)
-
-      self.class.new(template, blog, opts)
-    end
-
-    # @param [ Integer ] depth
-    #
-    # @retun [ Array<Theme> ]
-    def parent_themes(depth = 3)
-      theme  = self
-      found  = []
-
-      (1..depth).each do |_|
-        parent = theme.parent_theme
-
-        break unless parent
-
-        found << parent
-        theme = parent
       end
 
-      found
+      # @return [ JSON ]
-    end
+      def db_data
-
+        @db_data ||= DB::Theme.db_data(slug)
-    def style_body
-      @style_body ||= Browser.get(style_url).body
-    end
-
-    def parse_style
-      {
-        style_name: 'Theme Name',
-        style_uri: 'Theme URI',
-        author: 'Author',
-        author_uri: 'Author URI',
-        template: 'Template',
-        description: 'Description',
-        license: 'License',
-        license_uri: 'License URI',
-        tags: 'Tags',
-        text_domain: 'Text Domain'
-      }.each do |attribute, tag|
-        instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
       end
-    end
 
-    # @param [ String ] bofy
+      # @param [ Hash ] opts
-    # @param [ String ] tag
+      #
-    #
+      # @return [ Model::Version, false ]
-    # @return [ String ]
+      def version(opts = {})
-    def parse_style_tag(body, tag)
+        @version = Finders::ThemeVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
-      value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
 
-      value && !value.strip.empty? ? value.strip : nil
+        @version
-    end
+      end
 
-    def ==(other)
+      # @return [ Theme ]
-      super(other) && style_url == other.style_url
+      def parent_theme
+        return unless template
+        return unless style_body =~ /^@import\surl\(["']?([^"'\)]+)["']?\);\s*$/i
+
+        opts = detection_opts.merge(
+          style_url: url(Regexp.last_match[1]),
+          found_by: 'Parent Themes (Passive Detection)',
+          confidence: 100
+        ).merge(version_detection: version_detection_opts)
+
+        self.class.new(template, blog, opts)
+      end
+
+      # @param [ Integer ] depth
+      #
+      # @retun [ Array<Theme> ]
+      def parent_themes(depth = 3)
+        theme  = self
+        found  = []
+
+        (1..depth).each do |_|
+          parent = theme.parent_theme
+
+          break unless parent
+
+          found << parent
+          theme = parent
+        end
+
+        found
+      end
+
+      def style_body
+        @style_body ||= Browser.get(style_url).body
+      end
+
+      def parse_style
+        {
+          style_name: 'Theme Name',
+          style_uri: 'Theme URI',
+          author: 'Author',
+          author_uri: 'Author URI',
+          template: 'Template',
+          description: 'Description',
+          license: 'License',
+          license_uri: 'License URI',
+          tags: 'Tags',
+          text_domain: 'Text Domain'
+        }.each do |attribute, tag|
+          instance_variable_set(:"@#{attribute}", parse_style_tag(style_body, tag))
+        end
+      end
+
+      # @param [ String ] bofy
+      # @param [ String ] tag
+      #
+      # @return [ String ]
+      def parse_style_tag(body, tag)
+        value = body[/^\s*#{Regexp.escape(tag)}:[\t ]*([^\r\n]+)/i, 1]
+
+        value && !value.strip.empty? ? value.strip : nil
+      end
+
+      def ==(other)
+        super(other) && style_url == other.style_url
+      end
     end
   end
 end

app/models/timthumb.rb

@@ -1,71 +1,75 @@
+# frozen_string_literal: true
+
 module WPScan
-  # Timthumb
+  module Model
-  class Timthumb < InterestingFinding
+    # Timthumb
-    include Vulnerable
+    class Timthumb < InterestingFinding
+      include Vulnerable
 
-    attr_reader :version_detection_opts
+      attr_reader :version_detection_opts
 
-    # @param [ String ] url
+      # @param [ String ] url
-    # @param [ Hash ] opts
+      # @param [ Hash ] opts
-    # @option opts [ Symbol ] :mode The mode to use to detect the version
+      # @option opts [ Symbol ] :mode The mode to use to detect the version
-    def initialize(url, opts = {})
+      def initialize(url, opts = {})
-      super(url, opts)
+        super(url, opts)
 
-      @version_detection_opts = opts[:version_detection] || {}
+        @version_detection_opts = opts[:version_detection] || {}
-    end
+      end
 
-    # @param [ Hash ] opts
+      # @param [ Hash ] opts
-    #
+      #
-    # @return [ WPScan::Version, false ]
+      # @return [ Model::Version, false ]
-    def version(opts = {})
+      def version(opts = {})
-      @version = Finders::TimthumbVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
+        @version = Finders::TimthumbVersion::Base.find(self, version_detection_opts.merge(opts)) if @version.nil?
 
-      @version
+        @version
-    end
+      end
 
-    # @return [ Array<Vulnerability> ]
+      # @return [ Array<Vulnerability> ]
-    def vulnerabilities
+      def vulnerabilities
-      vulns = []
+        vulns = []
 
-      vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
+        vulns << rce_webshot_vuln if version == false || version > '1.35' && version < '2.8.14' && webshot_enabled?
-      vulns << rce_132_vuln if version == false || version < '1.33'
+        vulns << rce_132_vuln if version == false || version < '1.33'
 
-      vulns
+        vulns
-    end
+      end
 
-    # @return [ Vulnerability ] The RCE in the <= 1.32
+      # @return [ Vulnerability ] The RCE in the <= 1.32
-    def rce_132_vuln
+      def rce_132_vuln
-      Vulnerability.new(
+        Vulnerability.new(
-        'Timthumb <= 1.32 Remote Code Execution',
+          'Timthumb <= 1.32 Remote Code Execution',
-        { exploitdb: ['17602'] },
+          { exploitdb: ['17602'] },
-        'RCE',
+          'RCE',
-        '1.33'
+          '1.33'
-      )
+        )
-    end
+      end
 
-    # @return [ Vulnerability ] The RCE due to the WebShot in the > 1.35 (or >= 2.0) and <= 2.8.13
+      # @return [ Vulnerability ] The RCE due to the WebShot in the > 1.35 (or >= 2.0) and <= 2.8.13
-    def rce_webshot_vuln
+      def rce_webshot_vuln
-      Vulnerability.new(
+        Vulnerability.new(
-        'Timthumb <= 2.8.13 WebShot Remote Code Execution',
+          'Timthumb <= 2.8.13 WebShot Remote Code Execution',
-        {
+          {
-          url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
+            url: ['http://seclists.org/fulldisclosure/2014/Jun/117', 'https://github.com/wpscanteam/wpscan/issues/519'],
-          cve: '2014-4663'
+            cve: '2014-4663'
-        },
+          },
-        'RCE',
+          'RCE',
-        '2.8.14'
+          '2.8.14'
-      )
+        )
-    end
+      end
 
-    # @return [ Boolean ]
+      # @return [ Boolean ]
-    def webshot_enabled?
+      def webshot_enabled?
-      res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
+        res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
 
-      res.body =~ /WEBSHOT_ENABLED == true/ ? false : true
+        res.body =~ /WEBSHOT_ENABLED == true/ ? false : true
-    end
+      end
 
-    # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
+      # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
-    def default_allowed_domains
+      def default_allowed_domains
-      %w[flickr.com picasa.com img.youtube.com upload.wikimedia.org]
+        %w[flickr.com picasa.com img.youtube.com upload.wikimedia.org]
+      end
     end
   end
 end

app/models/wp_item.rb

@@ -1,158 +1,170 @@
+# frozen_string_literal: true
+
 module WPScan
-  # WpItem (superclass of Plugin & Theme)
+  module Model
-  class WpItem
+    # WpItem (superclass of Plugin & Theme)
-    include Vulnerable
+    class WpItem
-    include Finders::Finding
+      include Vulnerable
-    include CMSScanner::Target::Platform::PHP
+      include Finders::Finding
-    include CMSScanner::Target::Server::Generic
+      include CMSScanner::Target::Platform::PHP
+      include CMSScanner::Target::Server::Generic
 
-    READMES    = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
+      READMES = %w[readme.txt README.txt README.md readme.md Readme.txt].freeze
-    CHANGELOGS = %w[changelog.txt CHANGELOG.md changelog.md].freeze
 
-    attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :db_data
+      attr_reader :uri, :slug, :detection_opts, :version_detection_opts, :blog, :path_from_blog, :db_data
 
-    delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, to: :blog
+      delegate :homepage_res, :xpath_pattern_from_page, :in_scope_urls, :head_or_get_params, to: :blog
 
-    # @param [ String ] slug The plugin/theme slug
+      # @param [ String ] slug The plugin/theme slug
-    # @param [ Target ] blog The targeted blog
+      # @param [ Target ] blog The targeted blog
-    # @param [ Hash ] opts
+      # @param [ Hash ] opts
-    # @option opts [ Symbol ] :mode The detection mode to use
+      # @option opts [ Symbol ] :mode The detection mode to use
-    # @option opts [ Hash ]   :version_detection The options to use when looking for the version
+      # @option opts [ Hash ]   :version_detection The options to use when looking for the version
-    # @option opts [ String ] :url The URL of the item
+      # @option opts [ String ] :url The URL of the item
-    def initialize(slug, blog, opts = {})
+      def initialize(slug, blog, opts = {})
-      @slug  = URI.decode(slug)
+        @slug  = URI.decode(slug)
-      @blog  = blog
+        @blog  = blog
-      @uri   = Addressable::URI.parse(opts[:url]) if opts[:url]
+        @uri   = Addressable::URI.parse(opts[:url]) if opts[:url]
 
-      @detection_opts         = { mode: opts[:mode] }
+        @detection_opts         = { mode: opts[:mode] }
-      @version_detection_opts = opts[:version_detection] || {}
+        @version_detection_opts = opts[:version_detection] || {}
 
-      parse_finding_options(opts)
+        parse_finding_options(opts)
-    end
-
-    # @return [ Array<Vulnerabily> ]
-    def vulnerabilities
-      return @vulnerabilities if @vulnerabilities
-
-      @vulnerabilities = []
-
-      [*db_data['vulnerabilities']].each do |json_vuln|
-        vulnerability = Vulnerability.load_from_json(json_vuln)
-        @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
       end
 
-      @vulnerabilities
+      # @return [ Array<Vulnerabily> ]
-    end
+      def vulnerabilities
+        return @vulnerabilities if @vulnerabilities
 
-    # Checks if the wp_item is vulnerable to a specific vulnerability
+        @vulnerabilities = []
-    #
-    # @param [ Vulnerability ] vuln Vulnerability to check the item against
-    #
-    # @return [ Boolean ]
-    def vulnerable_to?(vuln)
-      return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
 
-      version < vuln.fixed_in
+        [*db_data['vulnerabilities']].each do |json_vuln|
-    end
+          vulnerability = Vulnerability.load_from_json(json_vuln)
+          @vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
+        end
 
-    # @return [ String ]
+        @vulnerabilities
-    def latest_version
+      end
-      @latest_version ||= db_data['latest_version'] ? WPScan::Version.new(db_data['latest_version']) : nil
-    end
 
-    # Not used anywhere ATM
+      # Checks if the wp_item is vulnerable to a specific vulnerability
-    # @return [ Boolean ]
+      #
-    def popular?
+      # @param [ Vulnerability ] vuln Vulnerability to check the item against
-      @popular ||= db_data['popular']
+      #
-    end
+      # @return [ Boolean ]
+      def vulnerable_to?(vuln)
+        return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
 
-    # @return [ String ]
+        version < vuln.fixed_in
-    def last_updated
+      end
-      @last_updated ||= db_data['last_updated']
-    end
 
-    # @return [ Boolean ]
+      # @return [ String ]
-    def outdated?
+      def latest_version
-      @outdated ||= if version && latest_version
+        @latest_version ||= db_data['latest_version'] ? Model::Version.new(db_data['latest_version']) : nil
-                      version < latest_version
+      end
-                    else
-                      false
-                    end
-    end
 
-    # URI.encode is preferered over Addressable::URI.encode as it will encode
+      # Not used anywhere ATM
-    # leading # character:
+      # @return [ Boolean ]
-    # URI.encode('#t#') => %23t%23
+      def popular?
-    # Addressable::URI.encode('#t#') => #t%23
+        @popular ||= db_data['popular']
-    #
+      end
-    # @param [ String ] path Optional path to merge with the uri
-    #
-    # @return [ String ]
-    def url(path = nil)
-      return unless @uri
-      return @uri.to_s unless path
 
-      @uri.join(URI.encode(path)).to_s
+      # @return [ String ]
-    end
+      def last_updated
+        @last_updated ||= db_data['last_updated']
+      end
 
-    # @return [ Boolean ]
+      # @return [ Boolean ]
-    def ==(other)
+      def outdated?
-      self.class == other.class && slug == other.slug
+        @outdated ||= if version && latest_version
-    end
+                        version < latest_version
+                      else
+                        false
+                      end
+      end
 
-    def to_s
+      # URI.encode is preferered over Addressable::URI.encode as it will encode
-      slug
+      # leading # character:
-    end
+      # URI.encode('#t#') => %23t%23
+      # Addressable::URI.encode('#t#') => #t%23
+      #
+      # @param [ String ] path Optional path to merge with the uri
+      #
+      # @return [ String ]
+      def url(path = nil)
+        return unless @uri
+        return @uri.to_s unless path
 
-    # @return [ Symbol ] The Class symbol associated to the item
+        @uri.join(URI.encode(path)).to_s
-    def classify
+      end
-      @classify ||= classify_slug(slug)
-    end
 
-    # @return [ String ] The readme url if found
+      # @return [ Boolean ]
-    def readme_url
+      def ==(other)
-      return if detection_opts[:mode] == :passive
+        self.class == other.class && slug == other.slug
+      end
+
+      def to_s
+        slug
+      end
+
+      # @return [ Symbol ] The Class symbol associated to the item
+      def classify
+        @classify ||= classify_slug(slug)
+      end
+
+      # @return [ String, False ] The readme url if found, false otherwise
+      def readme_url
+        return if detection_opts[:mode] == :passive
+
+        return @readme_url unless @readme_url.nil?
 
-      if @readme_url.nil?
         READMES.each do |path|
-          return @readme_url = url(path) if Browser.get(url(path)).code == 200
+          t_url = url(path)
+
+          return @readme_url = t_url if Browser.forge_request(t_url, blog.head_or_get_params).run.code == 200
         end
+
+        @readme_url = false
       end
 
-      @readme_url
+      # @param [ String ] path
-    end
+      # @param [ Hash ] params The request params
+      #
+      # @return [ Boolean ]
+      def directory_listing?(path = nil, params = {})
+        return if detection_opts[:mode] == :passive
 
-    # @return [ String, false ] The changelog urr if found
+        super(path, params)
-    def changelog_url
-      return if detection_opts[:mode] == :passive
-
-      if @changelog_url.nil?
-        CHANGELOGS.each do |path|
-          return @changelog_url = url(path) if Browser.get(url(path)).code == 200
-        end
       end
 
-      @changelog_url
+      # @param [ String ] path
-    end
+      # @param [ Hash ] params The request params
+      #
+      # @return [ Boolean ]
+      def error_log?(path = 'error_log', params = {})
+        return if detection_opts[:mode] == :passive
 
-    # @param [ String ] path
+        super(path, params)
-    # @param [ Hash ] params The request params
+      end
-    #
-    # @return [ Boolean ]
-    def directory_listing?(path = nil, params = {})
-      return if detection_opts[:mode] == :passive
 
-      super(path, params)
+      # See CMSScanner::Target#head_and_get
-    end
+      #
+      # This is used by the error_log? above in the super()
+      # to have the correct path (ie readme.txt checked from the plugin/theme location
+      # and not from the blog root). Could also be used in finders
+      #
+      # @param [ String ] path
+      # @param [ Array<String> ] codes
+      # @param [ Hash ] params The requests params
+      # @option params [ Hash ] :head Request params for the HEAD
+      # @option params [ hash ] :get Request params for the GET
+      #
+      # @return [ Typhoeus::Response ]
+      def head_and_get(path, codes = [200], params = {})
+        final_path = +@path_from_blog
+        final_path << URI.encode(path) unless path.nil?
 
-    # @param [ String ] path
+        blog.head_and_get(final_path, codes, params)
-    # @param [ Hash ] params The request params
+      end
-    #
-    # @return [ Boolean ]
-    def error_log?(path = 'error_log', params = {})
-      return if detection_opts[:mode] == :passive
-
-      super(path, params)
     end
   end
 end

app/models/wp_version.rb

@@ -1,64 +1,67 @@
+# frozen_string_literal: true
+
 module WPScan
-  # WP Version
+  module Model
-  class WpVersion < CMSScanner::Version
+    # WP Version
-    include Vulnerable
+    class WpVersion < CMSScanner::Model::Version
+      include Vulnerable
 
-    def initialize(number, opts = {})
+      def initialize(number, opts = {})
-      raise InvalidWordPressVersion unless WpVersion.valid?(number.to_s)
+        raise Error::InvalidWordPressVersion unless WpVersion.valid?(number.to_s)
 
-      super(number, opts)
+        super(number, opts)
-    end
+      end
 
-    # @param [ String ] number
+      # @param [ String ] number
-    #
+      #
-    # @return [ Boolean ] true if the number is a valid WP version, false otherwise
+      # @return [ Boolean ] true if the number is a valid WP version, false otherwise
-    def self.valid?(number)
+      def self.valid?(number)
-      all.include?(number)
+        all.include?(number)
-    end
+      end
 
-    # @return [ Array<String> ] All the version numbers
+      # @return [ Array<String> ] All the version numbers
-    def self.all
+      def self.all
-      return @all_numbers if @all_numbers
+        return @all_numbers if @all_numbers
 
-      @all_numbers = []
+        @all_numbers = []
 
-      DB::Fingerprints.wp_fingerprints.each_value do |fp|
+        DB::Fingerprints.wp_fingerprints.each_value do |fp|
-        fp.each_value do |versions|
+          @all_numbers << fp.values
-          versions.each do |version|
-            @all_numbers << version unless @all_numbers.include?(version)
-          end
         end
+
+        # @all_numbers.flatten.uniq.sort! {} doesn't produce the same result here.
+        @all_numbers.flatten!
+        @all_numbers.uniq!
+        @all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
       end
 
-      @all_numbers.sort! { |a, b| Gem::Version.new(b) <=> Gem::Version.new(a) }
+      # @return [ JSON ]
-    end
+      def db_data
-
+        @db_data ||= DB::Version.db_data(number)
-    # @return [ JSON ]
-    def db_data
-      DB::Version.db_data(number)
-    end
-
-    # @return [ Array<Vulnerability> ]
-    def vulnerabilities
-      return @vulnerabilities if @vulnerabilities
-
-      @vulnerabilities = []
-
-      [*db_data['vulnerabilities']].each do |json_vuln|
-        @vulnerabilities << Vulnerability.load_from_json(json_vuln)
       end
 
-      @vulnerabilities
+      # @return [ Array<Vulnerability> ]
-    end
+      def vulnerabilities
+        return @vulnerabilities if @vulnerabilities
 
-    # @return [ String ]
+        @vulnerabilities = []
-    def release_date
-      @release_date ||= db_data['release_date'] || 'Unknown'
-    end
 
-    # @return [ String ]
+        [*db_data['vulnerabilities']].each do |json_vuln|
-    def status
+          @vulnerabilities << Vulnerability.load_from_json(json_vuln)
-      @status ||= db_data['status'] || 'Unknown'
+        end
+
+        @vulnerabilities
+      end
+
+      # @return [ String ]
+      def release_date
+        @release_date ||= db_data['release_date'] || 'Unknown'
+      end
+
+      # @return [ String ]
+      def status
+        @status ||= db_data['status'] || 'Unknown'
+      end
     end
   end
 end

app/models/xml_rpc.rb

@@ -1,19 +1,23 @@
-module WPScan
+# frozen_string_literal: true
-  # Override of the CMSScanner::XMLRPC to include the references
-  class XMLRPC < CMSScanner::XMLRPC
-    include References # To be able to use the :wpvulndb reference if needed
 
-    # @return [ Hash ]
+module WPScan
-    def references
+  module Model
-      {
+    # Override of the CMSScanner::XMLRPC to include the references
-        url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'],
+    class XMLRPC < CMSScanner::Model::XMLRPC
-        metasploit: [
+      include References # To be able to use the :wpvulndb reference if needed
-          'auxiliary/scanner/http/wordpress_ghost_scanner',
+
-          'auxiliary/dos/http/wordpress_xmlrpc_dos',
+      # @return [ Hash ]
-          'auxiliary/scanner/http/wordpress_xmlrpc_login',
+      def references
-          'auxiliary/scanner/http/wordpress_pingback_access'
+        {
-        ]
+          url: ['http://codex.wordpress.org/XML-RPC_Pingback_API'],
-      }
+          metasploit: [
+            'auxiliary/scanner/http/wordpress_ghost_scanner',
+            'auxiliary/dos/http/wordpress_xmlrpc_dos',
+            'auxiliary/scanner/http/wordpress_xmlrpc_login',
+            'auxiliary/scanner/http/wordpress_pingback_access'
+          ]
+        }
+      end
     end
   end
 end

app/views/cli/wp_item.erb

@@ -8,9 +8,6 @@
 <% if @wp_item.readme_url -%>
  | Readme: <%= @wp_item.readme_url %>
 <% end -%>
-<% if @wp_item.changelog_url -%>
- | Changelog: <%= @wp_item.changelog_url %>
-<% end -%>
 <% if @wp_item.latest_version && @wp_item.outdated? -%>
  | <%= warning_icon %> The version is out of date, the latest version is <%= @wp_item.latest_version %>
 <% end -%>

app/views/json/wp_item.erb

@@ -4,6 +4,5 @@
 "last_updated": <%= @wp_item.last_updated.to_json %>,
 "outdated": <%= @wp_item.outdated?.to_json %>,
 "readme_url": <%= @wp_item.readme_url.to_json %>,
-"changelog_url": <%= @wp_item.changelog_url.to_json %>,
 "directory_listing": <%= @wp_item.directory_listing?.to_json %>,
 "error_log_url": <% if @wp_item.error_log? %><%= @wp_item.url('error_log').to_json %><% else %>null<% end %>

bin/wpscan

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'wpscan'