Bumps version

Merge branch 'master' of github.com:wpscanteam/wpscan
Better code related to CVSS
2020-04-16 11:02:15 +02:00 · 2020-04-16 10:20:09 +02:00 · 2020-04-16 10:06:28 +02:00 · 2020-04-16 09:37:15 +02:00 · 2020-04-15 17:02:44 +02:00 · 2020-04-15 14:46:06 +02:00
1713 changed files with 422715 additions and 1959 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -12,5 +12,6 @@ spec/
 Dockerfile
 **/*.orig
 *.orig
-bin/wpscan-docker*
+bin/wpscan-*
 .wpscan/
 .github/
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,3 +1,14 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: ''
 labels: ''
 assignees: ''
 ---
 Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.
 ### Subject of the issue
 Describe your issue here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
 title: ''
 labels: ''
 assignees: ''
 ---
 **Is your feature request related to a problem? Please describe.**
 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 **Describe the solution you'd like**
 A clear and concise description of what you want to happen.
 **Describe alternatives you've considered**
 A clear and concise description of any alternative solutions or features you've considered.
 **Additional context**
 Add any other context or screenshots about the feature request here.
--- a/.github/ISSUE_TEMPLATE/other-issue.md
+++ b/.github/ISSUE_TEMPLATE/other-issue.md
@@ -0,0 +1,10 @@
 ---
 name: Other Issue
 about: Create a report which is not a related to a Bug or Feature
 title: ''
 labels: ''
 assignees: ''
 ---
 Before submitting an issue, please make sure you fully read any potential error messages output and did some research on your own.
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -0,0 +1,41 @@
 name: Build
 on: [push, pull_request]
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        ruby: [2.5, 2.6, 2.7]
    steps:
    - name: Checkout code
      uses: actions/checkout@v1
    - name: Set up Ruby ${{ matrix.ruby }}
      uses: actions/setup-ruby@v1
      with:
        ruby-version: ${{ matrix.ruby }}
    - name: Install GEMs
      run: |
        gem install bundler
        bundle config force_ruby_platform true
        bundle config path vendor/bundle
        bundle install --jobs 4 --retry 3
    - name: rubocop
      run: |
        bundle exec rubocop
    - name: rspec
      run: |
        bundle exec rspec
    - name: Coveralls
      uses: coverallsapp/github-action@master
      with:
        github-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/gempush.yml
+++ b/.github/workflows/gempush.yml
@@ -0,0 +1,40 @@
 name: Ruby Gem
 on:
  release:
    types: [published]
 jobs:
  build:
    name: Build + Publish
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - name: Set up Ruby 2.6
      uses: actions/setup-ruby@v1
      with:
        ruby-version: 2.6.x
    #- name: Publish to GPR
    #  run: |
    #    mkdir -p $HOME/.gem
    #    touch $HOME/.gem/credentials
    #    chmod 0600 $HOME/.gem/credentials
    #    printf -- "---\n:github: Bearer ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
    #    gem build *.gemspec
    #    gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
    #  env:
    #    GEM_HOST_API_KEY: ${{secrets.GITHUB_TOKEN}}
    #    OWNER: wpscanteam
    - name: Publish to RubyGems
      run: |
        mkdir -p $HOME/.gem
        touch $HOME/.gem/credentials
        chmod 0600 $HOME/.gem/credentials
        printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
        gem build *.gemspec
        gem push *.gem
      env:
        GEM_HOST_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,6 @@ doc/
 # Old files from v2
 cache/
 data/
 # Profiling reports
 bin/memprof*.report
--- a/.rspec
+++ b/.rspec
@@ -1,3 +1,2 @@
 --color
 --fail-fast
 --require spec_helper
 --color
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -1,14 +1,11 @@
 require: rubocop-performance
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.5
  Exclude:
  - '*.gemspec'
  - 'vendor/**/*'
-ClassVars:
+Layout/LineLength:
  Enabled: false
 LineLength:
  Max: 120
 MethodLength:
  Max: 20
 Lint/UriEscapeUnescape:
  Enabled: false
 Metrics/AbcSize:
@@ -18,11 +15,20 @@ Metrics/BlockLength:
  - 'spec/**/*'
 Metrics/ClassLength:
  Max: 150
  Exclude:
  - 'app/controllers/enumeration/cli_options.rb'
 Metrics/CyclomaticComplexity:
  Max: 8
-Style/Documentation:
+Metrics/MethodLength:
  Max: 20
  Exclude:
  - 'app/controllers/enumeration/cli_options.rb'
 Style/ClassVars:
  Enabled: false
-Style/FrozenStringLiteralComment:
+Style/Documentation:
  Enabled: false
 Style/FormatStringToken:
  Enabled: false
 Style/NumericPredicate:
  Exclude:
  - 'app/controllers/vuln_api.rb'
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.6.0
+2.7.1
--- a/.simplecov
+++ b/.simplecov
@@ -1,4 +1,18 @@
 if ENV['GITHUB_ACTION']
  require 'simplecov-lcov'
  SimpleCov::Formatter::LcovFormatter.config do |c|
    c.single_report_path = 'coverage/lcov.info'
    c.report_with_single_file = true
  end
  SimpleCov.formatter = SimpleCov::Formatter::LcovFormatter
 end
 SimpleCov.start do
  enable_coverage :branch # Only supported for Ruby >= 2.5
  add_filter '/spec/'
  add_filter 'helper'
 end
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,36 +0,0 @@
 language: ruby
 sudo: false
 cache: bundler
 rvm:
  - 2.3.0
  - 2.3.1
  - 2.3.2
  - 2.3.3
  - 2.3.4
  - 2.3.5
  - 2.3.6
  - 2.3.7
  - 2.3.8
  - 2.4.1
  - 2.4.2
  - 2.4.3
  - 2.4.4
  - 2.4.5
  - 2.5.0
  - 2.5.1
  - 2.5.2
  - 2.5.3
  - 2.6.0
  - ruby-head
 before_install:
  - "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
  - gem update --system
 matrix:
  allow_failures:
    - rvm: ruby-head
 script:
  - bundle exec rubocop
  - bundle exec rspec
 notifications:
  email:
    - team@wpscan.org
--- a/8
+++ b/8
@@ -1,4 +1,4 @@
-FROM ruby:2.5.1-alpine AS builder
+FROM ruby:2.6.3-alpine AS builder
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 ARG BUNDLER_ARGS="--jobs=8 --without test development"
@@ -19,20 +19,22 @@ RUN rake install --trace
 RUN chmod -R a+r /usr/local/bundle
-FROM ruby:2.5-alpine
+FROM ruby:2.6.3-alpine
 LABEL maintainer="WPScan Team <team@wpscan.org>"
 RUN adduser -h /wpscan -g WPScan -D wpscan
 COPY --from=builder /usr/local/bundle /usr/local/bundle
 RUN chown -R wpscan:wpscan /wpscan
 # runtime dependencies
 RUN apk add --no-cache libcurl procps sqlite-libs
 WORKDIR /wpscan
 USER wpscan
 RUN /usr/local/bundle/bin/wpscan --update --verbose
 ENTRYPOINT ["/usr/local/bundle/bin/wpscan"]
 CMD ["--help"]
--- a/4
+++ b/4
@@ -1,2 +1,6 @@
 # frozen_string_literal: true
 source 'https://rubygems.org'
 gemspec
 # gem 'cms_scanner', branch: 'xxx', git: 'https://github.com/wpscanteam/CMSScanner.git'
--- a/2
+++ b/2
@@ -29,8 +29,6 @@ Example cases which do not require a commercial license, and thus fall under the
 If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - team@wpscan.org.
 We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
 Free-use Terms and Conditions;
 3. Redistribution
--- a/README.md
+++ b/README.md
@@ -1,9 +1,23 @@
-![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png "WPScan - WordPress Security Scanner")
+<p align="center">
  <a href="https://wpscan.org/">
    <img src="https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png" alt="WPScan logo">
  </a>
 </p>
-[![Gem Version](https://badge.fury.io/rb/wpscan.svg)](https://badge.fury.io/rb/wpscan)
+<h3 align="center">WPScan</h3>
-[![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
+
-[![Code Climate](https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
+<p align="center">
-[![Patreon Donate](https://img.shields.io/badge/patreon-donate-green.svg)](https://www.patreon.com/wpscan)
+  WordPress Security Scanner
  <br>
  <br>
  <a href="https://wpscan.org/" title="homepage" target="_blank">Homepage</a> - <a href="https://wpscan.io/" title="wpscan.io" target="_blank">WPScan.io</a> - <a href="https://wpvulndb.com/" title="vulnerability database" target="_blank">Vulnerability Database</a> - <a href="https://wordpress.org/plugins/wpscan/" title="wordpress security plugin" target="_blank">WordPress Security Plugin</a>
 </p>
 <p align="center">
  <a href="https://badge.fury.io/rb/wpscan" target="_blank"><img src="https://badge.fury.io/rb/wpscan.svg"></a>
  <a href="https://github.com/wpscanteam/wpscan/actions?query=workflow%3ABuild" target="_blank"><img src="https://github.com/wpscanteam/wpscan/workflows/Build/badge.svg"></a>
  <a href="https://codeclimate.com/github/wpscanteam/wpscan" target="_blank"><img src="https://codeclimate.com/github/wpscanteam/wpscan/badges/gpa.svg"></a>
 </p>
 # INSTALL
@@ -15,6 +29,7 @@
 - Curl >= 7.21  - Recommended: latest
  - The 7.29 has a segfault
 - RubyGems      - Recommended: latest
 - Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html
 ### From RubyGems (Recommended)
@@ -62,41 +77,65 @@ docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-1
 # Usage
-```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
+```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.
 If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
 As a result, when using the ```--enumerate``` option, don't forget to set the ```--plugins-detection``` accordingly, as its default is 'passive'.
 For more options, open a terminal and type ```wpscan --help``` (if you built wpscan from the source, you should type the command outside of the git repo)
 The DB is located at ~/.wpscan/db
 ## Vulnerability Database
 The WPScan CLI tool uses the [WPVulnDB API](https://wpvulndb.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPVulnDB](https://wpvulndb.com/users/sign_up). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPVulnDB](https://wpvulndb.com/).
 ## Load CLI options from file/s
 WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
- ~/.wpscan/cli_options.json
+- ~/.wpscan/scan.json
- ~/.wpscan/cli_options.yml
+- ~/.wpscan/scan.yml
- pwd/.wpscan/cli_options.json
+- pwd/.wpscan/scan.json
- pwd/.wpscan/cli_options.yml
+- pwd/.wpscan/scan.yml
-If those files exist, options from them will be loaded and overridden if found twice.
+If those files exist, options from the `cli_options` key will be loaded and overridden if found twice.
 e.g:
-~/.wpscan/cli_options.yml:
+~/.wpscan/scan.yml:
 ```yml
-proxy: 'http://127.0.0.1:8080'
+cli_options:
-verbose: true
+  proxy: 'http://127.0.0.1:8080'
  verbose: true
 ```
-pwd/.wpscan/cli_options.yml:
+pwd/.wpscan/scan.yml:
 ```yml
-proxy: 'socks5://127.0.0.1:9090'
+cli_options:
-url: 'http://target.tld'
+  proxy: 'socks5://127.0.0.1:9090'
  url: 'http://target.tld'
 ```
 Running ```wpscan``` in the current directory (pwd), is the same as ```wpscan -v --proxy socks5://127.0.0.1:9090 --url http://target.tld```
-Enumerating usernames
+## Save API Token in a file
 The feature mentioned above is useful to keep the API Token in a config file and not have to supply it via the CLI each time. To do so, create the ~/.wpscan/scan.yml file containing the below:
 ```yml
 cli_options:
  api_token: YOUR_API_TOKEN
 ```
 ## Load API Token From ENV (since v3.7.10)
 The API Token will be automatically loaded from the ENV variable `WPSCAN_API_TOKEN` if present. If the `--api-token` CLI option is also provided, the value from the CLI will be used.
 ## Enumerating usernames
 ```shell
 wpscan --url https://target.tld/ --enumerate u
@@ -110,14 +149,6 @@ wpscan --url https://target.tld/ --enumerate u1-100
 ** replace u1-100 with a range of your choice.
 # PROJECT HOME
 [https://wpscan.org](https://wpscan.org)
 # VULNERABILITY DATABASE
 [https://wpvulndb.com](https://wpvulndb.com)
 # LICENSE
 ## WPScan Public Source License
--- a/6
+++ b/6
@@ -6,14 +6,18 @@ exec = []
 begin
  require 'rubocop/rake_task'
  RuboCop::RakeTask.new
  exec << :rubocop
 rescue LoadError
 end
 begin
  require 'rspec/core/rake_task'
-  RSpec::Core::RakeTask.new(:spec)
+
  RSpec::Core::RakeTask.new(:spec) { |t| t.rspec_opts = %w{--tag ~slow} }
  exec << :spec
 rescue LoadError
 end
--- a/app/app.rb
+++ b/app/app.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'models'
 require_relative 'finders'
 require_relative 'controllers'
--- a/app/controllers.rb
+++ b/app/controllers.rb
@@ -1,4 +1,7 @@
 # frozen_string_literal: true
 require_relative 'controllers/core'
 require_relative 'controllers/vuln_api'
 require_relative 'controllers/custom_directories'
 require_relative 'controllers/wp_version'
 require_relative 'controllers/main_theme'
--- a/app/controllers/aliases.rb
+++ b/app/controllers/aliases.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Controller to add the aliases in the CLI
--- a/app/controllers/core.rb
+++ b/app/controllers/core.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Specific Core controller to include WordPress checks
@@ -25,53 +27,56 @@ module WPScan
      # @return [ Boolean ]
      def update_db_required?
        if local_db.missing_files?
-          raise MissingDatabaseFile if parsed_options[:update] == false
+          raise Error::MissingDatabaseFile if ParsedCli.update == false
          return true
        end
-        return parsed_options[:update] unless parsed_options[:update].nil?
+        return ParsedCli.update unless ParsedCli.update.nil?
        return false unless user_interaction? && local_db.outdated?
        output('@notice', msg: 'It seems like you have not updated the database for some time.')
        print '[?] Do you want to update now? [Y]es [N]o, default: [N]'
-        Readline.readline =~ /^y/i ? true : false
+        /^y/i.match?(Readline.readline) ? true : false
      end
      def update_db
        output('db_update_started')
-        output('db_update_finished', updated: local_db.update, verbose: parsed_options[:verbose])
+        output('db_update_finished', updated: local_db.update, verbose: ParsedCli.verbose)
-        exit(0) unless parsed_options[:url]
+        exit(0) unless ParsedCli.url
      end
      def before_scan
        @last_update = local_db.last_update
-        maybe_output_banner_help_and_version # From CMS Scanner
+        maybe_output_banner_help_and_version # From CMSScanner
        update_db if update_db_required?
        setup_cache
        check_target_availability
        load_server_module
        check_wordpress_state
      rescue Error::NotWordPress => e
        target.maybe_add_cookies
        raise e unless target.wordpress?(ParsedCli.detection_mode)
      end
      # Raises errors if the target is hosted on wordpress.com or is not running WordPress
      # Also check if the homepage_url is still the install url
      def check_wordpress_state
-        raise WordPressHostedError if target.wordpress_hosted?
+        raise Error::WordPressHosted if target.wordpress_hosted?
-        if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i
+        if %r{/wp-admin/install.php$}i.match?(Addressable::URI.parse(target.homepage_url).path)
          output('not_fully_configured', url: target.homepage_url)
          exit(WPScan::ExitCode::VULNERABLE)
        end
-        raise NotWordPressError unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
+        raise Error::NotWordPress unless target.wordpress?(ParsedCli.detection_mode) || ParsedCli.force
      end
      # Loads the related server module in the target
@@ -83,7 +88,7 @@ module WPScan
        server = target.server || :Apache # Tries to auto detect the server
        # Force a specific server module to be loaded if supplied
-        case parsed_options[:server]
+        case ParsedCli.server
        when :apache
          server = :Apache
        when :iis
@@ -95,7 +100,7 @@ module WPScan
        mod = CMSScanner::Target::Server.const_get(server)
        target.extend mod
-        WPScan::WpItem.include mod
+        Model::WpItem.include mod
        server
      end
--- a/app/controllers/custom_directories.rb
+++ b/app/controllers/custom_directories.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Controller to ensure that the wp-content and wp-plugins
@@ -5,18 +7,18 @@ module WPScan
    class CustomDirectories < CMSScanner::Controller::Base
      def cli_options
        [
-          OptString.new(['--wp-content-dir DIR']),
+          OptString.new(['--wp-content-dir DIR',
-          OptString.new(['--wp-plugins-dir DIR'])
+                         'The wp-content directory if custom or not detected, such as "wp-content"']),
          OptString.new(['--wp-plugins-dir DIR',
                         'The plugins directory if custom or not detected, such as "wp-content/plugins"'])
        ]
      end
      def before_scan
-        target.content_dir = parsed_options[:wp_content_dir] if parsed_options[:wp_content_dir]
+        target.content_dir = ParsedCli.wp_content_dir if ParsedCli.wp_content_dir
-        target.plugins_dir = parsed_options[:wp_plugins_dir] if parsed_options[:wp_plugins_dir]
+        target.plugins_dir = ParsedCli.wp_plugins_dir if ParsedCli.wp_plugins_dir
-        return if target.content_dir
+        raise Error::WpContentDirNotDetected unless target.content_dir
        raise 'Unable to identify the wp-content dir, please supply it with --wp-content-dir'
      end
    end
  end
--- a/app/controllers/enumeration.rb
+++ b/app/controllers/enumeration.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'enumeration/cli_options'
 require_relative 'enumeration/enum_methods'
@@ -5,13 +7,8 @@ module WPScan
  module Controller
    # Enumeration Controller
    class Enumeration < CMSScanner::Controller::Base
      def before_scan
        DB::DynamicFinders::Plugin.create_versions_finders
        DB::DynamicFinders::Theme.create_versions_finders
      end
      def run
-        enum = parsed_options[:enumerate] || {}
+        enum = ParsedCli.enumerate || {}
        enum_plugins if enum_plugins?(enum)
        enum_themes  if enum_themes?(enum)
--- a/app/controllers/enumeration/cli_options.rb
+++ b/app/controllers/enumeration/cli_options.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Enumeration CLI Options
@@ -9,7 +11,6 @@ module WPScan
      end
      # @return [ Array<OptParseValidator::OptBase> ]
      # rubocop:disable Metrics/MethodLength
      def cli_enum_choices
        [
          OptMultiChoices.new(
@@ -17,10 +18,10 @@ module WPScan
            choices: {
              vp: OptBoolean.new(['--vulnerable-plugins']),
              ap: OptBoolean.new(['--all-plugins']),
-              p: OptBoolean.new(['--plugins']),
+              p: OptBoolean.new(['--popular-plugins']),
              vt: OptBoolean.new(['--vulnerable-themes']),
              at: OptBoolean.new(['--all-themes']),
-              t: OptBoolean.new(['--themes']),
+              t: OptBoolean.new(['--popular-themes']),
              tt: OptBoolean.new(['--timthumbs']),
              cb: OptBoolean.new(['--config-backups']),
              dbe: OptBoolean.new(['--db-exports']),
@@ -43,7 +44,6 @@ module WPScan
          )
        ]
      end
      # rubocop:enable Metrics/MethodLength
      # @return [ Array<OptParseValidator::OptBase> ]
      def cli_plugins_opts
@@ -51,7 +51,7 @@ module WPScan
          OptSmartList.new(['--plugins-list LIST', 'List of plugins to enumerate'], advanced: true),
          OptChoice.new(
            ['--plugins-detection MODE',
-             'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'],
+             'Use the supplied mode to enumerate Plugins.'],
            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :passive
          ),
          OptBoolean.new(
@@ -62,9 +62,13 @@ module WPScan
          ),
          OptChoice.new(
            ['--plugins-version-detection MODE',
-             'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
+             'Use the supplied mode to check plugins\' versions.'],
             'or --plugins-detection modes.'],
            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
          ),
          OptInteger.new(
            ['--plugins-threshold THRESHOLD',
             'Raise an error when the number of detected plugins via known locations reaches the threshold. ' \
             'Set to 0 to ignore the threshold.'], default: 100, advanced: true
          )
        ]
      end
@@ -89,6 +93,11 @@ module WPScan
             'Use the supplied mode to check themes versions instead of the --detection-mode ' \
             'or --themes-detection modes.'],
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
          ),
          OptInteger.new(
            ['--themes-threshold THRESHOLD',
             'Raise an error when the number of detected themes via known locations reaches the threshold. ' \
             'Set to 0 to ignore the threshold.'], default: 20, advanced: true
          )
        ]
      end
--- a/app/controllers/enumeration/enum_methods.rb
+++ b/app/controllers/enumeration/enum_methods.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Enumeration Methods
@@ -5,13 +7,13 @@ module WPScan
      # @param [ String ] type (plugins or themes)
      # @param [ Symbol ] detection_mode
      #
-      # @return [ String ] The related enumration message depending on the parsed_options and type supplied
+      # @return [ String ] The related enumration message depending on the ParsedCli and type supplied
      def enum_message(type, detection_mode)
        return unless %w[plugins themes].include?(type)
-        details = if parsed_options[:enumerate][:"vulnerable_#{type}"]
+        details = if ParsedCli.enumerate[:"vulnerable_#{type}"]
                    'Vulnerable'
-                  elsif parsed_options[:enumerate][:"all_#{type}"]
+                  elsif ParsedCli.enumerate[:"all_#{type}"]
                    'All'
                  else
                    'Most Popular'
@@ -37,15 +39,15 @@ module WPScan
      #
      # @return [ Hash ]
      def default_opts(type)
-        mode = parsed_options[:"#{type}_detection"] || parsed_options[:detection_mode]
+        mode = ParsedCli.options[:"#{type}_detection"] || ParsedCli.detection_mode
        {
          mode: mode,
-          exclude_content: parsed_options[:exclude_content_based],
+          exclude_content: ParsedCli.exclude_content_based,
          show_progression: user_interaction?,
          version_detection: {
-            mode: parsed_options[:"#{type}_version_detection"] || mode,
+            mode: ParsedCli.options[:"#{type}_version_detection"] || mode,
-            confidence_threshold: parsed_options[:"#{type}_version_all"] ? 0 : 100
+            confidence_threshold: ParsedCli.options[:"#{type}_version_all"] ? 0 : 100
          }
        }
      end
@@ -54,12 +56,13 @@ module WPScan
      #
      # @return [ Boolean ] Wether or not to enumerate the plugins
      def enum_plugins?(opts)
-        opts[:plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
+        opts[:popular_plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
      end
      def enum_plugins
        opts = default_opts('plugins').merge(
-          list: plugins_list_from_opts(parsed_options),
+          list: plugins_list_from_opts(ParsedCli.options),
          threshold: ParsedCli.plugins_threshold,
          sort: true
        )
@@ -75,7 +78,7 @@ module WPScan
        plugins.each(&:version)
-        plugins.select!(&:vulnerable?) if parsed_options[:enumerate][:vulnerable_plugins]
+        plugins.select!(&:vulnerable?) if ParsedCli.enumerate[:vulnerable_plugins]
        output('plugins', plugins: plugins)
      end
@@ -89,7 +92,7 @@ module WPScan
        if opts[:enumerate][:all_plugins]
          DB::Plugins.all_slugs
-        elsif opts[:enumerate][:plugins]
+        elsif opts[:enumerate][:popular_plugins]
          DB::Plugins.popular_slugs
        else
          DB::Plugins.vulnerable_slugs
@@ -100,12 +103,13 @@ module WPScan
      #
      # @return [ Boolean ] Wether or not to enumerate the themes
      def enum_themes?(opts)
-        opts[:themes] || opts[:all_themes] || opts[:vulnerable_themes]
+        opts[:popular_themes] || opts[:all_themes] || opts[:vulnerable_themes]
      end
      def enum_themes
        opts = default_opts('themes').merge(
-          list: themes_list_from_opts(parsed_options),
+          list: themes_list_from_opts(ParsedCli.options),
          threshold: ParsedCli.themes_threshold,
          sort: true
        )
@@ -121,7 +125,7 @@ module WPScan
        themes.each(&:version)
-        themes.select!(&:vulnerable?) if parsed_options[:enumerate][:vulnerable_themes]
+        themes.select!(&:vulnerable?) if ParsedCli.enumerate[:vulnerable_themes]
        output('themes', themes: themes)
      end
@@ -135,7 +139,7 @@ module WPScan
        if opts[:enumerate][:all_themes]
          DB::Themes.all_slugs
-        elsif opts[:enumerate][:themes]
+        elsif opts[:enumerate][:popular_themes]
          DB::Themes.popular_slugs
        else
          DB::Themes.vulnerable_slugs
@@ -143,28 +147,28 @@ module WPScan
      end
      def enum_timthumbs
-        opts = default_opts('timthumbs').merge(list: parsed_options[:timthumbs_list])
+        opts = default_opts('timthumbs').merge(list: ParsedCli.timthumbs_list)
        output('@info', msg: "Enumerating Timthumbs #{enum_detection_message(opts[:mode])}") if user_interaction?
        output('timthumbs', timthumbs: target.timthumbs(opts))
      end
      def enum_config_backups
-        opts = default_opts('config_backups').merge(list: parsed_options[:config_backups_list])
+        opts = default_opts('config_backups').merge(list: ParsedCli.config_backups_list)
        output('@info', msg: "Enumerating Config Backups #{enum_detection_message(opts[:mode])}") if user_interaction?
        output('config_backups', config_backups: target.config_backups(opts))
      end
      def enum_db_exports
-        opts = default_opts('db_exports').merge(list: parsed_options[:db_exports_list])
+        opts = default_opts('db_exports').merge(list: ParsedCli.db_exports_list)
        output('@info', msg: "Enumerating DB Exports #{enum_detection_message(opts[:mode])}") if user_interaction?
        output('db_exports', db_exports: target.db_exports(opts))
      end
      def enum_medias
-        opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias])
+        opts = default_opts('medias').merge(range: ParsedCli.enumerate[:medias])
        if user_interaction?
          output('@info',
@@ -179,13 +183,13 @@ module WPScan
      #
      # @return [ Boolean ] Wether or not to enumerate the users
      def enum_users?(opts)
-        opts[:users] || (parsed_options[:passwords] && !parsed_options[:username] && !parsed_options[:usernames])
+        opts[:users] || (ParsedCli.passwords && !ParsedCli.username && !ParsedCli.usernames)
      end
      def enum_users
        opts = default_opts('users').merge(
          range: enum_users_range,
-          list: parsed_options[:users_list]
+          list: ParsedCli.users_list
        )
        output('@info', msg: "Enumerating Users #{enum_detection_message(opts[:mode])}") if user_interaction?
@@ -196,7 +200,7 @@ module WPScan
      # If the --enumerate is used, the default value is handled by the Option
      # However, when using --passwords alone, the default has to be set by the code below
      def enum_users_range
-        parsed_options[:enumerate][:users] || cli_enum_choices[0].choices[:u].validate(nil)
+        ParsedCli.enumerate[:users] || cli_enum_choices[0].choices[:u].validate(nil)
      end
    end
  end
--- a/app/controllers/main_theme.rb
+++ b/app/controllers/main_theme.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Main Theme Controller
@@ -16,9 +18,9 @@ module WPScan
        output(
          'theme',
          theme: target.main_theme(
-            mode: parsed_options[:main_theme_detection] || parsed_options[:detection_mode]
+            mode: ParsedCli.main_theme_detection || ParsedCli.detection_mode
          ),
-          verbose: parsed_options[:verbose]
+          verbose: ParsedCli.verbose
        )
      end
    end
--- a/app/controllers/password_attack.rb
+++ b/app/controllers/password_attack.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Password Attack Controller
@@ -22,7 +24,7 @@ module WPScan
      end
      def run
-        return unless parsed_options[:passwords]
+        return unless ParsedCli.passwords
        if user_interaction?
          output('@info',
@@ -31,13 +33,13 @@ module WPScan
        attack_opts = {
          show_progression: user_interaction?,
-          multicall_max_passwords: parsed_options[:multicall_max_passwords]
+          multicall_max_passwords: ParsedCli.multicall_max_passwords
        }
        begin
          found = []
-          attacker.attack(users, passwords(parsed_options[:passwords]), attack_opts) do |user|
+          attacker.attack(users, passwords(ParsedCli.passwords), attack_opts) do |user|
            found << user
            attacker.progress_bar.log("[SUCCESS] - #{user.username} / #{user.password}")
@@ -52,50 +54,63 @@ module WPScan
        @attacker ||= attacker_from_cli_options || attacker_from_automatic_detection
      end
-      # @return [ WPScan::XMLRPC ]
+      # @return [ Model::XMLRPC ]
      def xmlrpc
        @xmlrpc ||= target.xmlrpc
      end
      # @return [ CMSScanner::Finders::Finder ]
      def attacker_from_cli_options
-        return unless parsed_options[:password_attack]
+        return unless ParsedCli.password_attack
-        case parsed_options[:password_attack]
+        case ParsedCli.password_attack
        when :wp_login
-          WPScan::Finders::Passwords::WpLogin.new(target)
+          Finders::Passwords::WpLogin.new(target)
        when :xmlrpc
-          raise XMLRPCNotDetected unless xmlrpc
+          raise Error::XMLRPCNotDetected unless xmlrpc
-          WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
+          Finders::Passwords::XMLRPC.new(xmlrpc)
        when :xmlrpc_multicall
-          raise XMLRPCNotDetected unless xmlrpc
+          raise Error::XMLRPCNotDetected unless xmlrpc
-          WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
+          Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
        end
      end
      # @return [ Boolean ]
      def xmlrpc_get_users_blogs_enabled?
        if xmlrpc&.enabled? &&
           xmlrpc.available_methods.include?('wp.getUsersBlogs') &&
           xmlrpc.method_call('wp.getUsersBlogs', [SecureRandom.hex[0, 6], SecureRandom.hex[0, 4]])
                 .run.body !~ /XML\-RPC services are disabled/
          true
        else
          false
        end
      end
      # @return [ CMSScanner::Finders::Finder ]
      def attacker_from_automatic_detection
-        if xmlrpc&.enabled? && xmlrpc.available_methods.include?('wp.getUsersBlogs')
+        if xmlrpc_get_users_blogs_enabled?
          wp_version = target.wp_version
          if wp_version && wp_version < '4.4'
-            WPScan::Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
+            Finders::Passwords::XMLRPCMulticall.new(xmlrpc)
          else
-            WPScan::Finders::Passwords::XMLRPC.new(xmlrpc)
+            Finders::Passwords::XMLRPC.new(xmlrpc)
          end
        else
-          WPScan::Finders::Passwords::WpLogin.new(target)
+          Finders::Passwords::WpLogin.new(target)
        end
      end
      # @return [ Array<Users> ] The users to brute force
      def users
-        return target.users unless parsed_options[:usernames]
+        return target.users unless ParsedCli.usernames
-        parsed_options[:usernames].reduce([]) do |acc, elem|
+        ParsedCli.usernames.reduce([]) do |acc, elem|
-          acc << CMSScanner::User.new(elem.chomp)
+          acc << Model::User.new(elem.chomp)
        end
      end
--- a/app/controllers/vuln_api.rb
+++ b/app/controllers/vuln_api.rb
@@ -0,0 +1,32 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Controller to handle the API token
    class VulnApi < CMSScanner::Controller::Base
      ENV_KEY = 'WPSCAN_API_TOKEN'
      def cli_options
        [
          OptString.new(['--api-token TOKEN', 'The WPVulnDB API Token to display vulnerability data'])
        ]
      end
      def before_scan
        return unless ParsedCli.api_token || ENV.key?(ENV_KEY)
        DB::VulnApi.token = ParsedCli.api_token || ENV[ENV_KEY]
        api_status = DB::VulnApi.status
        raise Error::InvalidApiToken if api_status['error']
        raise Error::ApiLimitReached if api_status['requests_remaining'] == 0
        raise api_status['http_error'] if api_status['http_error']
      end
      def after_scan
        output('status', status: DB::VulnApi.status, api_requests: WPScan.api_requests)
      end
    end
  end
 end
--- a/app/controllers/wp_version.rb
+++ b/app/controllers/wp_version.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Controller
    # Wp Version Controller
@@ -15,15 +17,15 @@ module WPScan
      end
      def before_scan
-        WPScan::DB::DynamicFinders::Wordpress.create_versions_finders
+        DB::DynamicFinders::Wordpress.create_versions_finders
      end
      def run
        output(
          'version',
          version: target.wp_version(
-            mode: parsed_options[:wp_version_detection] || parsed_options[:detection_mode],
+            mode: ParsedCli.wp_version_detection || ParsedCli.detection_mode,
-            confidence_threshold: parsed_options[:wp_version_all] ? 0 : 100,
+            confidence_threshold: ParsedCli.wp_version_all ? 0 : 100,
            show_progression: user_interaction?
          )
        )
--- a/app/finders.rb
+++ b/app/finders.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'finders/interesting_findings'
 require_relative 'finders/wp_items'
 require_relative 'finders/wp_version'
--- a/app/finders/config_backups.rb
+++ b/app/finders/config_backups.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'config_backups/known_filenames'
 module WPScan
--- a/app/finders/config_backups/known_filenames.rb
+++ b/app/finders/config_backups/known_filenames.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module ConfigBackups
@@ -13,11 +15,10 @@ module WPScan
        def aggressive(opts = {})
          found = []
-          enumerate(potential_urls(opts), opts) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
            # Might need to improve that
            next unless res.body =~ /define/i && res.body !~ /<\s?html/i
-            found << WPScan::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+            found << Model::ConfigBackup.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
          end
          found
--- a/app/finders/db_exports.rb
+++ b/app/finders/db_exports.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'db_exports/known_locations'
 module WPScan
--- a/app/finders/db_exports/known_locations.rb
+++ b/app/finders/db_exports/known_locations.rb
@@ -1,11 +1,14 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module DbExports
      # DB Exports finder
      # See https://github.com/wpscanteam/wpscan-v3/issues/62
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator
        SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
        # @param [ Hash ] opts
        # @option opts [ String ] :list
        # @option opts [ Boolean ] :show_progression
@@ -14,22 +17,30 @@ module WPScan
        def aggressive(opts = {})
          found = []
-          enumerate(potential_urls(opts), opts) do |res|
+          enumerate(potential_urls(opts), opts.merge(check_full_response: 200)) do |res|
-            next unless res.code == 200 && res.body =~ /INSERT INTO/
+            if res.effective_url.end_with?('.zip')
              next unless %r{\Aapplication/zip}i.match?(res.headers['Content-Type'])
            else
              next unless SQL_PATTERN.match?(res.body)
            end
-            found << WPScan::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
+            found << Model::DbExport.new(res.request.url, found_by: DIRECT_ACCESS, confidence: 100)
          end
          found
        end
        def full_request_params
          @full_request_params ||= { headers: { 'Range' => 'bytes=0-3000' } }
        end
        # @param [ Hash ] opts
        # @option opts [ String ] :list Mandatory
        #
        # @return [ Hash ]
        def potential_urls(opts = {})
          urls        = {}
-          domain_name = target.uri.host[/(^[\w|-]+)/, 1]
+          domain_name = PublicSuffix.domain(target.uri.host)[/(^[\w|-]+)/, 1]
          File.open(opts[:list]).each_with_index do |path, index|
            path.gsub!('{domain_name}', domain_name)
--- a/app/finders/interesting_findings.rb
+++ b/app/finders/interesting_findings.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'interesting_findings/readme'
 require_relative 'interesting_findings/wp_cron'
 require_relative 'interesting_findings/multisite'
--- a/app/finders/interesting_findings/backup_db.rb
+++ b/app/finders/interesting_findings/backup_db.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -6,17 +8,15 @@ module WPScan
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
          path = 'wp-content/backup-db/'
-          url  = target.url(path)
+          res  = target.head_and_get(path, [200, 403])
          res  = Browser.get(url)
          return unless [200, 403].include?(res.code) && !target.homepage_or_404?(res)
-          WPScan::BackupDB.new(
+          Model::BackupDB.new(
-            url,
+            target.url(path),
            confidence: 70,
            found_by: DIRECT_ACCESS,
-            interesting_entries: target.directory_listing_entries(path),
+            interesting_entries: target.directory_listing_entries(path)
            references: { url: 'https://github.com/wpscanteam/wpscan/issues/422' }
          )
        end
      end
--- a/app/finders/interesting_findings/debug_log.rb
+++ b/app/finders/interesting_findings/debug_log.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -9,11 +11,7 @@ module WPScan
          return unless target.debug_log?(path)
-          WPScan::DebugLog.new(
+          Model::DebugLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
            target.url(path),
            confidence: 100, found_by: DIRECT_ACCESS,
            references: { url: 'https://codex.wordpress.org/Debugging_in_WordPress' }
          )
        end
      end
    end
--- a/app/finders/interesting_findings/duplicator_installer_log.rb
+++ b/app/finders/interesting_findings/duplicator_installer_log.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -5,17 +7,11 @@ module WPScan
      class DuplicatorInstallerLog < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
-          url = target.url('installer-log.txt')
+          path = 'installer-log.txt'
          res = Browser.get(url)
-          return unless res.body =~ /DUPLICATOR INSTALL-LOG/
+          return unless /DUPLICATOR INSTALL-LOG/.match?(target.head_and_get(path).body)
-          WPScan::DuplicatorInstallerLog.new(
+          Model::DuplicatorInstallerLog.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
            url,
            confidence: 100,
            found_by: DIRECT_ACCESS,
            references: { url: 'https://www.exploit-db.com/ghdb/3981/' }
          )
        end
      end
    end
--- a/app/finders/interesting_findings/emergency_pwd_reset_script.rb
+++ b/app/finders/interesting_findings/emergency_pwd_reset_script.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -5,18 +7,15 @@ module WPScan
      class EmergencyPwdResetScript < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
-          url  = target.url('/emergency.php')
+          path = 'emergency.php'
-          res  = Browser.get(url)
+          res  = target.head_and_get(path)
          return unless res.code == 200 && !target.homepage_or_404?(res)
-          WPScan::EmergencyPwdResetScript.new(
+          Model::EmergencyPwdResetScript.new(
-            url,
+            target.url(path),
-            confidence: res.body =~ /password/i ? 100 : 40,
+            confidence: /password/i.match?(res.body) ? 100 : 40,
-            found_by: DIRECT_ACCESS,
+            found_by: DIRECT_ACCESS
            references: {
              url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'
            }
          )
        end
      end
--- a/app/finders/interesting_findings/full_path_disclosure.rb
+++ b/app/finders/interesting_findings/full_path_disclosure.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -10,12 +12,11 @@ module WPScan
          return if fpd_entries.empty?
-          WPScan::FullPathDisclosure.new(
+          Model::FullPathDisclosure.new(
            target.url(path),
            confidence: 100,
            found_by: DIRECT_ACCESS,
-            interesting_entries: fpd_entries,
+            interesting_entries: fpd_entries
            references: { url: 'https://www.owasp.org/index.php/Full_Path_Disclosure' }
          )
        end
      end
--- a/app/finders/interesting_findings/mu_plugins.rb
+++ b/app/finders/interesting_findings/mu_plugins.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -7,18 +9,14 @@ module WPScan
        def passive(_opts = {})
          pattern = %r{#{target.content_dir}/mu\-plugins/}i
-          target.in_scope_urls(target.homepage_res) do |url|
+          target.in_scope_uris(target.homepage_res, '(//@href|//@src)[contains(., "mu-plugins")]') do |uri|
-            next unless Addressable::URI.parse(url).path =~ pattern
+            next unless uri.path&.match?(pattern)
            url = target.url('wp-content/mu-plugins/')
-            return WPScan::MuPlugins.new(
+            target.mu_plugins = true
-              url,
+
-              confidence: 70,
+            return Model::MuPlugins.new(url, confidence: 70, found_by: 'URLs In Homepage (Passive Detection)')
              found_by: 'URLs In Homepage (Passive Detection)',
              to_s: "This site has 'Must Use Plugins': #{url}",
              references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
            )
          end
          nil
        end
@@ -31,17 +29,9 @@ module WPScan
          return unless [200, 401, 403].include?(res.code)
          return if target.homepage_or_404?(res)
          # TODO: add the check for --exclude-content once implemented ?
          target.mu_plugins = true
-          WPScan::MuPlugins.new(
+          Model::MuPlugins.new(url, confidence: 80, found_by: DIRECT_ACCESS)
            url,
            confidence: 80,
            found_by: DIRECT_ACCESS,
            to_s: "This site has 'Must Use Plugins': #{url}",
            references: { url: 'http://codex.wordpress.org/Must_Use_Plugins' }
          )
        end
      end
    end
--- a/app/finders/interesting_findings/multisite.rb
+++ b/app/finders/interesting_findings/multisite.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -15,13 +17,7 @@ module WPScan
          target.multisite = true
-          WPScan::Multisite.new(
+          Model::Multisite.new(url, confidence: 100, found_by: DIRECT_ACCESS)
            url,
            confidence: 100,
            found_by: DIRECT_ACCESS,
            to_s: 'This site seems to be a multisite',
            references: { url: 'http://codex.wordpress.org/Glossary#Multisite' }
          )
        end
      end
    end
--- a/app/finders/interesting_findings/readme.rb
+++ b/app/finders/interesting_findings/readme.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -5,14 +7,14 @@ module WPScan
      class Readme < CMSScanner::Finders::Finder
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
-          potential_files.each do |file|
+          potential_files.each do |path|
-            url = target.url(file)
+            res = target.head_and_get(path)
            res = Browser.get(url)
-            if res.code == 200 && res.body =~ /wordpress/i
+            next unless res.code == 200 && res.body =~ /wordpress/i
-              return WPScan::Readme.new(url, confidence: 100, found_by: DIRECT_ACCESS)
+
-            end
+            return Model::Readme.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
          end
          nil
        end
--- a/app/finders/interesting_findings/registration.rb
+++ b/app/finders/interesting_findings/registration.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -18,12 +20,7 @@ module WPScan
          target.registration_enabled = true
-          WPScan::Registration.new(
+          Model::Registration.new(res.effective_url, confidence: 100, found_by: DIRECT_ACCESS)
            res.effective_url,
            confidence: 100,
            found_by: DIRECT_ACCESS,
            to_s: "Registration is enabled: #{res.effective_url}"
          )
        end
      end
    end
--- a/app/finders/interesting_findings/tmm_db_migrate.rb
+++ b/app/finders/interesting_findings/tmm_db_migrate.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -7,16 +9,11 @@ module WPScan
        def aggressive(_opts = {})
          path = 'wp-content/uploads/tmm_db_migrate/tmm_db_migrate.zip'
          url  = target.url(path)
-          res  = Browser.get(url)
+          res  = browser.forge_request(url, target.head_or_get_request_params).run
          return unless res.code == 200 && res.headers['Content-Type'] =~ %r{\Aapplication/zip}i
-          WPScan::TmmDbMigrate.new(
+          Model::TmmDbMigrate.new(url, confidence: 100, found_by: DIRECT_ACCESS)
            url,
            confidence: 100,
            found_by: DIRECT_ACCESS,
            references: { packetstorm: 131_957 }
          )
        end
      end
    end
--- a/app/finders/interesting_findings/upload_directory_listing.rb
+++ b/app/finders/interesting_findings/upload_directory_listing.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -11,12 +13,7 @@ module WPScan
          url = target.url(path)
-          WPScan::UploadDirectoryListing.new(
+          Model::UploadDirectoryListing.new(url, confidence: 100, found_by: DIRECT_ACCESS)
            url,
            confidence: 100,
            found_by: DIRECT_ACCESS,
            to_s: "Upload directory has listing enabled: #{url}"
          )
        end
      end
    end
--- a/app/finders/interesting_findings/upload_sql_dump.rb
+++ b/app/finders/interesting_findings/upload_sql_dump.rb
@@ -1,26 +1,20 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
      # UploadSQLDump finder
      class UploadSQLDump < CMSScanner::Finders::Finder
-        SQL_PATTERN = /(?:(?:(?:DROP|CREATE) TABLE)|INSERT INTO)/.freeze
+        SQL_PATTERN = /(?:DROP|CREATE|(?:UN)?LOCK) TABLE|INSERT INTO/.freeze
        # @return [ InterestingFinding ]
        def aggressive(_opts = {})
-          url = dump_url
+          path = 'wp-content/uploads/dump.sql'
-          res = Browser.get(url)
+          res  = target.head_and_get(path, [200], get: { headers: { 'Range' => 'bytes=0-3000' } })
-          return unless res.code == 200 && res.body =~ SQL_PATTERN
+          return unless SQL_PATTERN.match?(res.body)
-          WPScan::UploadSQLDump.new(
+          Model::UploadSQLDump.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
            url,
            confidence: 100,
            found_by: DIRECT_ACCESS
          )
        end
        def dump_url
          target.url('wp-content/uploads/dump.sql')
        end
      end
    end
--- a/app/finders/interesting_findings/wp_cron.rb
+++ b/app/finders/interesting_findings/wp_cron.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module InterestingFindings
@@ -9,17 +11,7 @@ module WPScan
          return unless res.code == 200
-          WPScan::WPCron.new(
+          Model::WPCron.new(wp_cron_url, confidence: 60, found_by: DIRECT_ACCESS)
            wp_cron_url,
            confidence: 60,
            found_by: DIRECT_ACCESS,
            references: {
              url: [
                'https://www.iplocation.net/defend-wordpress-from-ddos',
                'https://github.com/wpscanteam/wpscan/issues/1299'
              ]
            }
          )
        end
        def wp_cron_url
--- a/app/finders/main_theme.rb
+++ b/app/finders/main_theme.rb
@@ -1,6 +1,10 @@
-require_relative 'main_theme/css_style'
+# frozen_string_literal: true
 require_relative 'main_theme/css_style_in_homepage'
 require_relative 'main_theme/css_style_in_404_page'
 require_relative 'main_theme/woo_framework_meta_generator'
 require_relative 'main_theme/urls_in_homepage'
 require_relative 'main_theme/urls_in_404_page'
 module WPScan
  module Finders
@@ -12,9 +16,11 @@ module WPScan
        # @param [ WPScan::Target ] target
        def initialize(target)
          finders <<
-            MainTheme::CssStyle.new(target) <<
+            MainTheme::CssStyleInHomepage.new(target) <<
            MainTheme::CssStyleIn404Page.new(target) <<
            MainTheme::WooFrameworkMetaGenerator.new(target) <<
-            MainTheme::UrlsInHomepage.new(target)
+            MainTheme::UrlsInHomepage.new(target) <<
            MainTheme::UrlsIn404Page.new(target)
        end
      end
    end
--- a/app/finders/main_theme/css_style_in_404_page.rb
+++ b/app/finders/main_theme/css_style_in_404_page.rb
@@ -0,0 +1,14 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module MainTheme
      # From the CSS style in the 404 page
      class CssStyleIn404Page < CssStyleInHomepage
        def passive(opts = {})
          passive_from_css_href(target.error_404_res, opts) || passive_from_style_code(target.error_404_res, opts)
        end
      end
    end
  end
 end
--- a/app/finders/main_theme/css_style_in_homepage.rb
+++ b/app/finders/main_theme/css_style_in_homepage.rb
@@ -1,12 +1,14 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module MainTheme
-      # From the css style
+      # From the CSS style in the homepage
-      class CssStyle < CMSScanner::Finders::Finder
+      class CssStyleInHomepage < CMSScanner::Finders::Finder
-        include Finders::WpItems::URLsInHomepage
+        include Finders::WpItems::UrlsInPage # To have the item_code_pattern method available here
        def create_theme(slug, style_url, opts)
-          WPScan::Theme.new(
+          Model::Theme.new(
            slug,
            target,
            opts.merge(found_by: found_by, confidence: 70, style_url: style_url)
@@ -18,10 +20,10 @@ module WPScan
        end
        def passive_from_css_href(res, opts)
-          target.in_scope_urls(res, '//style/@src|//link/@href') do |url|
+          target.in_scope_uris(res, '//link/@href[contains(., "style.css")]') do |uri|
-            next unless Addressable::URI.parse(url).path =~ %r{/themes/([^\/]+)/style.css\z}i
+            next unless uri.path =~ %r{/themes/([^\/]+)/style.css\z}i
-            return create_theme(Regexp.last_match[1], url, opts)
+            return create_theme(Regexp.last_match[1], uri.to_s, opts)
          end
          nil
        end
--- a/app/finders/main_theme/urls_in_404_page.rb
+++ b/app/finders/main_theme/urls_in_404_page.rb
@@ -0,0 +1,15 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module MainTheme
      # URLs In 404 Page Finder
      class UrlsIn404Page < UrlsInHomepage
        # @return [ Typhoeus::Response ]
        def page_res
          @page_res ||= target.error_404_res
        end
      end
    end
  end
 end
--- a/app/finders/main_theme/urls_in_homepage.rb
+++ b/app/finders/main_theme/urls_in_homepage.rb
@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module MainTheme
      # URLs In Homepage Finder
      class UrlsInHomepage < CMSScanner::Finders::Finder
-        include WpItems::URLsInHomepage
+        include WpItems::UrlsInPage
        # @param [ Hash ] opts
        #
@@ -14,11 +16,16 @@ module WPScan
          slugs = items_from_links('themes', false) + items_from_codes('themes', false)
          slugs.each_with_object(Hash.new(0)) { |slug, counts| counts[slug] += 1 }.each do |slug, occurences|
-            found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))
+            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 2 * occurences))
          end
          found
        end
        # @return [ Typhoeus::Response ]
        def page_res
          @page_res ||= target.homepage_res
        end
      end
    end
  end
--- a/app/finders/main_theme/woo_framework_meta_generator.rb
+++ b/app/finders/main_theme/woo_framework_meta_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module MainTheme
@@ -8,9 +10,9 @@ module WPScan
        PATTERN           = /#{THEME_PATTERN}\s+#{FRAMEWORK_PATTERN}/i.freeze
        def passive(opts = {})
-          return unless target.homepage_res.body =~ PATTERN
+          return unless target.homepage_res.body =~ PATTERN || target.error_404_res.body =~ PATTERN
-          WPScan::Theme.new(
+          Model::Theme.new(
            Regexp.last_match[1],
            target,
            opts.merge(found_by: found_by, confidence: 80)
--- a/app/finders/medias.rb
+++ b/app/finders/medias.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'medias/attachment_brute_forcing'
 module WPScan
--- a/app/finders/medias/attachment_brute_forcing.rb
+++ b/app/finders/medias/attachment_brute_forcing.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Medias
@@ -15,7 +17,7 @@ module WPScan
          enumerate(target_urls(opts), opts) do |res|
            next unless res.code == 200
-            found << WPScan::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
+            found << Model::Media.new(res.effective_url, opts.merge(found_by: found_by, confidence: 100))
          end
          found
--- a/app/finders/passwords.rb
+++ b/app/finders/passwords.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'passwords/wp_login'
 require_relative 'passwords/xml_rpc'
 require_relative 'passwords/xml_rpc_multicall'
--- a/app/finders/passwords/wp_login.rb
+++ b/app/finders/passwords/wp_login.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Passwords
@@ -10,7 +12,8 @@ module WPScan
        end
        def valid_credentials?(response)
-          response.code == 302
+          response.code == 302 &&
            [*response.headers['Set-Cookie']]&.any? { |cookie| cookie =~ /wordpress_logged_in_/i }
        end
        def errored_response?(response)
--- a/app/finders/passwords/xml_rpc.rb
+++ b/app/finders/passwords/xml_rpc.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Passwords
@@ -6,7 +8,7 @@ module WPScan
        include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack
        def login_request(username, password)
-          target.method_call('wp.getUsersBlogs', [username, password])
+          target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
        end
        def valid_credentials?(response)
@@ -14,7 +16,7 @@ module WPScan
        end
        def errored_response?(response)
-          response.code != 200 && response.body !~ /login_error/i
+          response.code != 200 && response.body !~ /Incorrect username or password/i
        end
      end
    end
--- a/app/finders/passwords/xml_rpc_multicall.rb
+++ b/app/finders/passwords/xml_rpc_multicall.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Passwords
@@ -17,16 +19,16 @@ module WPScan
            end
          end
-          target.multi_call(methods).run
+          target.multi_call(methods, cache_ttl: 0).run
        end
-        # @param [ Array<CMSScanner::User> ] users
+        # @param [ Array<Model::User> ] users
        # @param [ Array<String> ] passwords
        # @param [ Hash ] opts
        # @option opts [ Boolean ] :show_progression
        # @option opts [ Integer ] :multicall_max_passwords
        #
-        # @yield [ CMSScanner::User ] When a valid combination is found
+        # @yield [ Model::User ] When a valid combination is found
        #
        # TODO: Make rubocop happy about metrics etc
        #
--- a/app/finders/plugin_version.rb
+++ b/app/finders/plugin_version.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'plugin_version/readme'
 module WPScan
@@ -7,29 +9,19 @@ module WPScan
      class Base
        include CMSScanner::Finders::UniqueFinder
-        # @param [ WPScan::Plugin ] plugin
+        # @param [ Model::Plugin ] plugin
        def initialize(plugin)
          finders << PluginVersion::Readme.new(plugin)
-          load_specific_finders(plugin)
+          create_and_load_dynamic_versions_finders(plugin)
        end
-        # Load the finders associated with the plugin
+        # Create the dynamic version finders related to the plugin and register them
        #
-        # @param [ WPScan::Plugin ] plugin
+        # @param [ Model::Plugin ] plugin
-        def load_specific_finders(plugin)
+        def create_and_load_dynamic_versions_finders(plugin)
-          module_name = plugin.classify
+          DB::DynamicFinders::Plugin.create_versions_finders(plugin.slug).each do |finder|
-
+            finders << finder.new(plugin)
          return unless Finders::PluginVersion.constants.include?(module_name)
          mod = Finders::PluginVersion.const_get(module_name)
          mod.constants.each do |constant|
            c = mod.const_get(constant)
            next unless c.is_a?(Class)
            finders << c.new(plugin)
          end
        end
      end
--- a/app/finders/plugin_version/readme.rb
+++ b/app/finders/plugin_version/readme.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module PluginVersion
@@ -7,21 +9,23 @@ module WPScan
        def aggressive(_opts = {})
          found_by_msg = 'Readme - %s (Aggressive Detection)'
-          WPScan::WpItem::READMES.each do |file|
+          # The target(plugin)#readme_url can't be used directly here
-            url = target.url(file)
+          # as if the --detection-mode is passive, it will always return nil
-            res = Browser.get(url)
+          target.potential_readme_filenames.each do |file|
            res = target.head_and_get(file)
            next unless res.code == 200 && !(numbers = version_numbers(res.body)).empty?
            return numbers.reduce([]) do |a, e|
-              a << WPScan::Version.new(
+              a << Model::Version.new(
                e[0],
                found_by: format(found_by_msg, e[1]),
                confidence: e[2],
-                interesting_entries: [url]
+                interesting_entries: [res.effective_url]
              )
            end
          end
          nil
        end
@@ -48,7 +52,7 @@ module WPScan
          number = Regexp.last_match[1]
-          number if number =~ /[0-9]+/
+          number if /[0-9]+/.match?(number)
        end
        # @param [ String ] body
@@ -64,12 +68,10 @@ module WPScan
          extracted_versions = extracted_versions.select { |x| x =~ /[0-9]+/ }
          sorted = extracted_versions.sort do |x, y|
            begin
            Gem::Version.new(x) <=> Gem::Version.new(y)
          rescue StandardError
            0
          end
          end
          sorted.last
        end
--- a/app/finders/plugins.rb
+++ b/app/finders/plugins.rb
@@ -1,4 +1,7 @@
 # frozen_string_literal: true
 require_relative 'plugins/urls_in_homepage'
 require_relative 'plugins/urls_in_404_page'
 require_relative 'plugins/known_locations'
 # From the DynamicFinders
 require_relative 'plugins/comment'
@@ -20,6 +23,7 @@ module WPScan
        def initialize(target)
          finders <<
            Plugins::UrlsInHomepage.new(target) <<
            Plugins::UrlsIn404Page.new(target) <<
            Plugins::HeaderPattern.new(target) <<
            Plugins::Comment.new(target) <<
            Plugins::Xpath.new(target) <<
--- a/app/finders/plugins/body_pattern.rb
+++ b/app/finders/plugins/body_pattern.rb
@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'BodyPattern'
-      class BodyPattern < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class BodyPattern < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 30
        # @param [ Hash ] opts The options from the #passive, #aggressive methods
@@ -13,9 +15,9 @@ module WPScan
        #
        # @return [ Plugin ] The detected plugin in the response, related to the config
        def process_response(opts, response, slug, klass, config)
-          return unless response.body =~ config['pattern']
+          return unless response.body&.match?(config['pattern'])
-          Plugin.new(
+          Model::Plugin.new(
            slug,
            target,
            opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/plugins/comment.rb
+++ b/app/finders/plugins/comment.rb
@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
      # Plugins finder from the Dynamic Finder 'Comment'
-      class Comment < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class Comment < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 30
        # @param [ Hash ] opts The options from the #passive, #aggressive methods
@@ -16,9 +18,9 @@ module WPScan
          response.html.xpath(config['xpath'] || '//comment()').each do |node|
            comment = node.text.to_s.strip
-            next unless comment =~ config['pattern']
+            next unless comment&.match?(config['pattern'])
-            return Plugin.new(
+            return Model::Plugin.new(
              slug,
              target,
              opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/plugins/config_parser.rb
+++ b/app/finders/plugins/config_parser.rb
@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'ConfigParser'
-      class ConfigParser < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class ConfigParser < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 40
        # @param [ Hash ] opts The options from the #passive, #aggressive methods
@@ -19,7 +21,7 @@ module WPScan
          # when checking for plugins
          #
-          Plugin.new(
+          Model::Plugin.new(
            slug,
            target,
            opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/plugins/header_pattern.rb
+++ b/app/finders/plugins/header_pattern.rb
@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'HeaderPattern'
-      class HeaderPattern < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class HeaderPattern < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 30
        # @param [ Hash ] opts
@@ -18,7 +20,7 @@ module WPScan
            configs.each do |klass, config|
              next unless headers[config['header']] && headers[config['header']].to_s =~ config['pattern']
-              found << Plugin.new(
+              found << Model::Plugin.new(
                slug,
                target,
                opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/plugins/javascript_var.rb
+++ b/app/finders/plugins/javascript_var.rb
@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
      # Plugins finder from the Dynamic Finder 'JavascriptVar'
-      class JavascriptVar < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class JavascriptVar < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 60
        # @param [ Hash ] opts The options from the #passive, #aggressive methods
@@ -16,7 +18,7 @@ module WPScan
          response.html.xpath(config['xpath'] || '//script[not(@src)]').each do |node|
            next if config['pattern'] && !node.text.match(config['pattern'])
-            return Plugin.new(
+            return Model::Plugin.new(
              slug,
              target,
              opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/plugins/known_locations.rb
+++ b/app/finders/plugins/known_locations.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
@@ -5,6 +7,11 @@ module WPScan
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator
        # @return [ Array<Integer> ]
        def valid_response_codes
          @valid_response_codes ||= [200, 401, 403, 500].freeze
        end
        # @param [ Hash ] opts
        # @option opts [ String ] :list
        #
@@ -12,12 +19,14 @@ module WPScan
        def aggressive(opts = {})
          found = []
-          enumerate(target_urls(opts), opts) do |res, slug|
+          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, slug|
-            # TODO: follow the location (from enumerate()) and remove the 301 here ?
+            finding_opts = opts.merge(found_by: found_by,
-            # As a result, it might remove false positive due to redirection to the homepage
+                                      confidence: 80,
-            next unless [200, 401, 403, 301].include?(res.code)
+                                      interesting_entries: ["#{res.effective_url}, status: #{res.code}"])
-            found << WPScan::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+            found << Model::Plugin.new(slug, target, finding_opts)
            raise Error::PluginsThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
          end
          found
@@ -30,10 +39,9 @@ module WPScan
        def target_urls(opts = {})
          slugs       = opts[:list] || DB::Plugins.vulnerable_slugs
          urls        = {}
          plugins_url = target.plugins_url
          slugs.each do |slug|
-            urls["#{plugins_url}#{URI.encode(slug)}/"] = slug
+            urls[target.plugin_url(slug)] = slug
          end
          urls
--- a/app/finders/plugins/query_parameter.rb
+++ b/app/finders/plugins/query_parameter.rb
@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
      # Plugins finder from Dynamic Finder 'QueryParameter'
-      class QueryParameter < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class QueryParameter < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 10
        def passive(_opts = {})
--- a/app/finders/plugins/urls_in_404_page.rb
+++ b/app/finders/plugins/urls_in_404_page.rb
@@ -0,0 +1,16 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
      # URLs In 404 Page Finder
      # Typically, the items detected from URLs like /wp-content/plugins/<slug>/
      class UrlsIn404Page < UrlsInHomepage
        # @return [ Typhoeus::Response ]
        def page_res
          @page_res ||= target.error_404_res
        end
      end
    end
  end
 end
--- a/app/finders/plugins/urls_in_homepage.rb
+++ b/app/finders/plugins/urls_in_homepage.rb
@@ -1,11 +1,12 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
      # URLs In Homepage Finder
-      # Typically, the items detected from URLs like
+      # Typically, the items detected from URLs like /wp-content/plugins/<slug>/
      # /wp-content/plugins/<slug>/
      class UrlsInHomepage < CMSScanner::Finders::Finder
-        include WpItems::URLsInHomepage
+        include WpItems::UrlsInPage
        # @param [ Hash ] opts
        #
@@ -14,11 +15,16 @@ module WPScan
          found = []
          (items_from_links('plugins') + items_from_codes('plugins')).uniq.sort.each do |slug|
-            found << Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+            found << Model::Plugin.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
          end
          found
        end
        # @return [ Typhoeus::Response ]
        def page_res
          @page_res ||= target.homepage_res
        end
      end
    end
  end
--- a/app/finders/plugins/xpath.rb
+++ b/app/finders/plugins/xpath.rb
@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Plugins
      # Plugins finder from the Dynamic Finder 'Xpath'
-      class Xpath < WPScan::Finders::DynamicFinder::WpItems::Finder
+      class Xpath < Finders::DynamicFinder::WpItems::Finder
        DEFAULT_CONFIDENCE = 40
        # @param [ Hash ] opts The options from the #passive, #aggressive methods
@@ -16,7 +18,7 @@ module WPScan
          response.html.xpath(config['xpath']).each do |node|
            next if config['pattern'] && !node.text.match(config['pattern'])
-            return Plugin.new(
+            return Model::Plugin.new(
              slug,
              target,
              opts.merge(found_by: found_by(klass), confidence: config['confidence'] || DEFAULT_CONFIDENCE)
--- a/app/finders/theme_version.rb
+++ b/app/finders/theme_version.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'theme_version/style'
 require_relative 'theme_version/woo_framework_meta_generator'
@@ -8,31 +10,21 @@ module WPScan
      class Base
        include CMSScanner::Finders::UniqueFinder
-        # @param [ WPScan::Theme ] theme
+        # @param [ Model::Theme ] theme
        def initialize(theme)
          finders <<
            ThemeVersion::Style.new(theme) <<
            ThemeVersion::WooFrameworkMetaGenerator.new(theme)
-          load_specific_finders(theme)
+          create_and_load_dynamic_versions_finders(theme)
        end
-        # Load the finders associated with the theme
+        # Create the dynamic version finders related to the theme and register them
        #
-        # @param [ WPScan::Theme ] theme
+        # @param [ Model::Theme ] theme
-        def load_specific_finders(theme)
+        def create_and_load_dynamic_versions_finders(theme)
-          module_name = theme.classify
+          DB::DynamicFinders::Theme.create_versions_finders(theme.slug).each do |finder|
-
+            finders << finder.new(theme)
          return unless Finders::ThemeVersion.constants.include?(module_name)
          mod = Finders::ThemeVersion.const_get(module_name)
          mod.constants.each do |constant|
            c = mod.const_get(constant)
            next unless c.is_a?(Class)
            finders << c.new(theme)
          end
        end
      end
--- a/app/finders/theme_version/style.rb
+++ b/app/finders/theme_version/style.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module ThemeVersion
@@ -30,7 +32,7 @@ module WPScan
        def style_version
          return unless Browser.get(target.style_url).body =~ /Version:[\t ]*(?!trunk)([0-9a-z\.-]+)/i
-          WPScan::Version.new(
+          Model::Version.new(
            Regexp.last_match[1],
            found_by: found_by,
            confidence: 80,
--- a/app/finders/theme_version/woo_framework_meta_generator.rb
+++ b/app/finders/theme_version/woo_framework_meta_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module ThemeVersion
@@ -11,7 +13,7 @@ module WPScan
          return unless Regexp.last_match[1] == target.slug
-          WPScan::Version.new(Regexp.last_match[2], found_by: found_by, confidence: 80)
+          Model::Version.new(Regexp.last_match[2], found_by: found_by, confidence: 80)
        end
      end
    end
--- a/app/finders/themes.rb
+++ b/app/finders/themes.rb
@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 require_relative 'themes/urls_in_homepage'
 require_relative 'themes/urls_in_404_page'
 require_relative 'themes/known_locations'
 module WPScan
  module Finders
    module Themes
-      # themes Finder
+      # Themes Finder
      class Base
        include CMSScanner::Finders::SameTypeFinder
@@ -12,6 +15,7 @@ module WPScan
        def initialize(target)
          finders <<
            Themes::UrlsInHomepage.new(target) <<
            Themes::UrlsIn404Page.new(target) <<
            Themes::KnownLocations.new(target)
        end
      end
--- a/app/finders/themes/known_locations.rb
+++ b/app/finders/themes/known_locations.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Themes
@@ -5,6 +7,11 @@ module WPScan
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator
        # @return [ Array<Integer> ]
        def valid_response_codes
          @valid_response_codes ||= [200, 401, 403, 500].freeze
        end
        # @param [ Hash ] opts
        # @option opts [ String ] :list
        #
@@ -12,12 +19,14 @@ module WPScan
        def aggressive(opts = {})
          found = []
-          enumerate(target_urls(opts), opts) do |res, slug|
+          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, slug|
-            # TODO: follow the location (from enumerate()) and remove the 301 here ?
+            finding_opts = opts.merge(found_by: found_by,
-            # As a result, it might remove false positive due to redirection to the homepage
+                                      confidence: 80,
-            next unless [200, 401, 403, 301].include?(res.code)
+                                      interesting_entries: ["#{res.effective_url}, status: #{res.code}"])
-            found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+            found << Model::Theme.new(slug, target, finding_opts)
            raise Error::ThemesThresholdReached if opts[:threshold].positive? && found.size >= opts[:threshold]
          end
          found
@@ -30,10 +39,9 @@ module WPScan
        def target_urls(opts = {})
          slugs = opts[:list] || DB::Themes.vulnerable_slugs
          urls  = {}
          themes_url  = target.url('wp-content/themes/')
          slugs.each do |slug|
-            urls["#{themes_url}#{URI.encode(slug)}/"] = slug
+            urls[target.theme_url(slug)] = slug
          end
          urls
--- a/app/finders/themes/urls_in_404_page.rb
+++ b/app/finders/themes/urls_in_404_page.rb
@@ -0,0 +1,15 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Themes
      # URLs In 04 Page Finder
      class UrlsIn404Page < UrlsInHomepage
        # @return [ Typhoeus::Response ]
        def page_res
          @page_res ||= target.error_404_res
        end
      end
    end
  end
 end
--- a/app/finders/themes/urls_in_homepage.rb
+++ b/app/finders/themes/urls_in_homepage.rb
@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Themes
      # URLs In Homepage Finder
      class UrlsInHomepage < CMSScanner::Finders::Finder
-        include WpItems::URLsInHomepage
+        include WpItems::UrlsInPage
        # @param [ Hash ] opts
        #
@@ -12,11 +14,16 @@ module WPScan
          found = []
          (items_from_links('themes') + items_from_codes('themes')).uniq.sort.each do |slug|
-            found << WPScan::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
+            found << Model::Theme.new(slug, target, opts.merge(found_by: found_by, confidence: 80))
          end
          found
        end
        # @return [ Typhoeus::Response ]
        def page_res
          @page_res ||= target.homepage_res
        end
      end
    end
  end
--- a/app/finders/timthumb_version.rb
+++ b/app/finders/timthumb_version.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'timthumb_version/bad_request'
 module WPScan
@@ -7,7 +9,7 @@ module WPScan
      class Base
        include CMSScanner::Finders::UniqueFinder
-        # @param [ WPScan::Timthumb ] target
+        # @param [ Model::Timthumb ] target
        def initialize(target)
          finders << TimthumbVersion::BadRequest.new(target)
        end
--- a/app/finders/timthumb_version/bad_request.rb
+++ b/app/finders/timthumb_version/bad_request.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module TimthumbVersion
@@ -8,7 +10,7 @@ module WPScan
        def aggressive(_opts = {})
          return unless Browser.get(target.url).body =~ /(TimThumb version\s*: ([^<]+))/
-          WPScan::Version.new(
+          Model::Version.new(
            Regexp.last_match[2],
            found_by: 'Bad Request (Aggressive Detection)',
            confidence: 90,
--- a/app/finders/timthumbs.rb
+++ b/app/finders/timthumbs.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'timthumbs/known_locations'
 module WPScan
--- a/app/finders/timthumbs/known_locations.rb
+++ b/app/finders/timthumbs/known_locations.rb
@@ -1,10 +1,19 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Timthumbs
      # Known Locations Timthumbs Finder
      # Note: A vulnerable version, 2.8.13 can be found here:
      # https://github.com/GabrielGil/TimThumb/blob/980c3d6a823477761570475e8b83d3e9fcd2d7ae/timthumb.php
      class KnownLocations < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator
        # @return [ Array<Integer> ]
        def valid_response_codes
          @valid_response_codes ||= [400]
        end
        # @param [ Hash ] opts
        # @option opts [ String ] :list Mandatory
        #
@@ -12,10 +21,10 @@ module WPScan
        def aggressive(opts = {})
          found = []
-          enumerate(target_urls(opts), opts) do |res|
+          enumerate(target_urls(opts), opts.merge(check_full_response: 400)) do |res|
-            next unless res.code == 400 && res.body =~ /no image specified/i
+            next unless /no image specified/i.match?(res.body)
-            found << WPScan::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
+            found << Model::Timthumb.new(res.request.url, opts.merge(found_by: found_by, confidence: 100))
          end
          found
--- a/app/finders/users.rb
+++ b/app/finders/users.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'users/author_posts'
 require_relative 'users/wp_json_api'
 require_relative 'users/oembed_api'
--- a/app/finders/users/author_id_brute_forcing.rb
+++ b/app/finders/users/author_id_brute_forcing.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -5,6 +7,11 @@ module WPScan
      class AuthorIdBruteForcing < CMSScanner::Finders::Finder
        include CMSScanner::Finders::Finder::Enumerator
        # @return [ Array<Integer> ]
        def valid_response_codes
          @valid_response_codes ||= [200, 301, 302]
        end
        # @param [ Hash ] opts
        # @option opts [ Range ] :range Mandatory
        #
@@ -13,12 +20,12 @@ module WPScan
          found = []
          found_by_msg = 'Author Id Brute Forcing - %s (Aggressive Detection)'
-          enumerate(target_urls(opts), opts) do |res, id|
+          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, id|
            username, found_by, confidence = potential_username(res)
            next unless username
-            found << CMSScanner::User.new(
+            found << Model::User.new(
              username,
              id: id,
              found_by: format(found_by_msg, found_by),
@@ -47,7 +54,7 @@ module WPScan
          super(opts.merge(title: ' Brute Forcing Author IDs -'))
        end
-        def request_params
+        def full_request_params
          { followlocation: true }
        end
@@ -64,11 +71,13 @@ module WPScan
          return username, 'Display Name', 50 if username
        end
-        # @param [ String ] url
+        # @param [ String, Addressable::URI ] uri
        #
        # @return [ String, nil ]
-        def username_from_author_url(url)
+        def username_from_author_url(uri)
-          url[%r{/author/([^/\b]+)/?}i, 1]
+          uri = Addressable::URI.parse(uri) unless uri.is_a?(Addressable::URI)
          uri.path[%r{/author/([^/\b]+)/?}i, 1]
        end
        # @param [ Typhoeus::Response ] res
@@ -76,12 +85,12 @@ module WPScan
        # @return [ String, nil ] The username found
        def username_from_response(res)
          # Permalink enabled
-          target.in_scope_urls(res, '//link/@href|//a/@href') do |url|
+          target.in_scope_uris(res, '//@href[contains(., "author/")]') do |uri|
-            username = username_from_author_url(url)
+            username = username_from_author_url(uri)
            return username if username
          end
-          # No permalink
+          # No permalink, TODO Maybe use xpath to extract the classes ?
          res.body[/<body class="archive author author-([^\s]+)[ "]/i, 1]
        end
@@ -90,9 +99,12 @@ module WPScan
        # @return [ String, nil ]
        def display_name_from_body(body)
          page = Nokogiri::HTML.parse(body)
          # WP >= 3.0
          page.css('h1.page-title span').each do |node|
-            return node.text.to_s
+            text = node.text.to_s.strip
            return text unless text.empty?
          end
          # WP < 3.0
--- a/app/finders/users/author_posts.rb
+++ b/app/finders/users/author_posts.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -10,7 +12,7 @@ module WPScan
          found_by_msg = 'Author Posts - %s (Passive Detection)'
          usernames(opts).reduce([]) do |a, e|
-            a << CMSScanner::User.new(
+            a << Model::User.new(
              e[0],
              found_by: format(found_by_msg, e[1]),
              confidence: e[2]
@@ -43,12 +45,10 @@ module WPScan
        def potential_usernames(res)
          usernames = []
-          target.in_scope_urls(res, '//a/@href') do |url, node|
+          target.in_scope_uris(res, '//a/@href[contains(., "author")]') do |uri, node|
            uri = Addressable::URI.parse(url)
            if uri.path =~ %r{/author/([^/\b]+)/?\z}i
              usernames << [Regexp.last_match[1], 'Author Pattern', 100]
-            elsif uri.query =~ /author=[0-9]+/
+            elsif /author=[0-9]+/.match?(uri.query)
              usernames << [node.text.to_s.strip, 'Display Name', 30]
            end
          end
--- a/app/finders/users/login_error_messages.rb
+++ b/app/finders/users/login_error_messages.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -22,9 +24,9 @@ module WPScan
            return found if error.empty? # Protection plugin / error disabled
-            next unless error =~ /The password you entered for the username|Incorrect Password/i
+            next unless /The password you entered for the username|Incorrect Password/i.match?(error)
-            found << CMSScanner::User.new(username, found_by: found_by, confidence: 100)
+            found << Model::User.new(username, found_by: found_by, confidence: 100)
          end
          found
--- a/app/finders/users/oembed_api.rb
+++ b/app/finders/users/oembed_api.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -21,7 +23,7 @@ module WPScan
          return [] unless details
-          [CMSScanner::User.new(details[0],
+          [Model::User.new(details[0],
                           found_by: format(found_by_msg, details[1]),
                           confidence: details[2],
                           interesting_entries: [api_url])]
@@ -32,6 +34,8 @@ module WPScan
        def user_details_from_oembed_data(oembed_data)
          return unless oembed_data
          oembed_data = oembed_data.first if oembed_data.is_a?(Array)
          if oembed_data['author_url'] =~ %r{/author/([^/]+)/?\z}
            details = [Regexp.last_match[1], 'Author URL', 90]
          elsif oembed_data['author_name'] && !oembed_data['author_name'].empty?
--- a/app/finders/users/rss_generator.rb
+++ b/app/finders/users/rss_generator.rb
@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
      # Users disclosed from the dc:creator field in the RSS
      # The names disclosed are display names, however depending on the configuration of the blog,
      # they can be the same than usernames
-      class RSSGenerator < WPScan::Finders::WpVersion::RSSGenerator
+      class RSSGenerator < Finders::WpVersion::RSSGenerator
        def process_urls(urls, _opts = {})
          found = []
@@ -17,20 +19,20 @@ module WPScan
            begin
              res.xml.xpath('//item/dc:creator').each do |node|
-                potential_username = node.text.to_s
+                username = node.text.to_s
                # Ignoring potential username longer than 60 characters and containing accents
                # as they are considered invalid. See https://github.com/wpscanteam/wpscan/issues/1215
-                next if potential_username.length > 60 || potential_username =~ /[^\x00-\x7F]/
+                next if username.strip.empty? || username.length > 60 || username =~ /[^\x00-\x7F]/
-                potential_usernames << potential_username
+                potential_usernames << username
              end
            rescue Nokogiri::XML::XPath::SyntaxError
              next
            end
-            potential_usernames.uniq.each do |potential_username|
+            potential_usernames.uniq.each do |username|
-              found << CMSScanner::User.new(potential_username, found_by: found_by, confidence: 50)
+              found << Model::User.new(username, found_by: found_by, confidence: 50)
            end
            break
--- a/app/finders/users/wp_json_api.rb
+++ b/app/finders/users/wp_json_api.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -19,7 +21,7 @@ module WPScan
          loop do
            current_page += 1
-            res = Typhoeus.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
+            res = Browser.get(api_url, params: { per_page: MAX_PER_PAGE, page: current_page })
            total_pages ||= res.headers['X-WP-TotalPages'].to_i
@@ -41,7 +43,7 @@ module WPScan
          found = []
          JSON.parse(response.body)&.each do |user|
-            found << CMSScanner::User.new(user['slug'],
+            found << Model::User.new(user['slug'],
                                     id: user['id'],
                                     found_by: found_by,
                                     confidence: 100,
@@ -53,7 +55,13 @@ module WPScan
        # @return [ String ] The URL of the API listing the Users
        def api_url
-          @api_url ||= target.url('wp-json/wp/v2/users/')
+          return @api_url if @api_url
          target.in_scope_uris(target.homepage_res, "//link[@rel='https://api.w.org/']/@href").each do |uri|
            return @api_url = uri.join('wp/v2/users/').to_s if uri.path.include?('wp-json')
          end
          @api_url = target.url('wp-json/wp/v2/users/')
        end
      end
    end
--- a/app/finders/users/yoast_seo_author_sitemap.rb
+++ b/app/finders/users/yoast_seo_author_sitemap.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module Users
@@ -15,7 +17,7 @@ module WPScan
            next unless username && !username.strip.empty?
-            found << CMSScanner::User.new(username,
+            found << Model::User.new(username,
                                     found_by: found_by,
                                     confidence: 100,
                                     interesting_entries: [sitemap_url])
--- a/app/finders/wp_items.rb
+++ b/app/finders/wp_items.rb
@@ -1 +1,3 @@
-require_relative 'wp_items/urls_in_homepage'
+# frozen_string_literal: true
 require_relative 'wp_items/urls_in_page'
--- a/app/finders/wp_items/urls_in_homepage.rb
+++ b/app/finders/wp_items/urls_in_homepage.rb
@@ -1,19 +1,27 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpItems
      # URLs In Homepage Module to use in plugins & themes finders
-      module URLsInHomepage
+      module UrlsInPage
        # @param [ String ] type plugins / themes
        # @param [ Boolean ] uniq Wether or not to apply the #uniq on the results
        #
-        # @return [Array<String> ] The plugins/themes detected in the href, src attributes of the homepage
+        # @return [ Array<String> ] The plugins/themes detected in the href, src attributes of the page
        def items_from_links(type, uniq = true)
          found = []
          xpath = format(
            '(//@href|//@src|//@data-src)[contains(., "%s")]',
            type == 'plugins' ? target.plugins_dir : target.content_dir
          )
-          target.in_scope_urls(target.homepage_res) do |url|
+          target.in_scope_uris(page_res, xpath) do |uri|
-            next unless url =~ item_attribute_pattern(type)
+            next unless uri.to_s =~ item_attribute_pattern(type)
-            found << Regexp.last_match[1]
+            slug = Regexp.last_match[1]&.strip
            found << slug unless slug&.empty?
          end
          uniq ? found.uniq.sort : found.sort
@@ -26,7 +34,7 @@ module WPScan
        def items_from_codes(type, uniq = true)
          found = []
-          target.homepage_res.html.css('script,style').each do |tag|
+          page_res.html.xpath('//script[not(@src)]|//style[not(@src)]').each do |tag|
            code = tag.text.to_s
            next if code.empty?
@@ -40,7 +48,7 @@ module WPScan
        #
        # @return [ Regexp ]
        def item_attribute_pattern(type)
-          @item_attribute_pattern ||= %r{\A#{item_url_pattern(type)}([^/]+)/}i
+          @item_attribute_pattern ||= %r{#{item_url_pattern(type)}([^/]+)/}i
        end
        # @param [ String ] type
@@ -57,7 +65,7 @@ module WPScan
          item_dir = type == 'plugins' ? target.plugins_dir : target.content_dir
          item_url = type == 'plugins' ? target.plugins_url : target.content_url
-          url = /#{item_url.gsub(/\A(?:http|https)/i, 'https?').gsub('/', '\\\\\?\/')}/i
+          url = /#{item_url.gsub(/\A(?:https?)/i, 'https?').gsub('/', '\\\\\?\/')}/i
          item_dir = %r{(?:#{url}|\\?\/#{item_dir.gsub('/', '\\\\\?\/')}\\?/)}i
          type == 'plugins' ? item_dir : %r{#{item_dir}#{type}\\?\/}i
--- a/app/finders/wp_version.rb
+++ b/app/finders/wp_version.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 require_relative 'wp_version/rss_generator'
 require_relative 'wp_version/atom_generator'
 require_relative 'wp_version/rdf_generator'
@@ -26,7 +28,7 @@ module WPScan
        # @param [ WPScan::Target ] target
        def initialize(target)
          (%w[RSSGenerator AtomGenerator RDFGenerator] +
-           WPScan::DB::DynamicFinders::Wordpress.versions_finders_configs.keys +
+           DB::DynamicFinders::Wordpress.versions_finders_configs.keys +
           %w[Readme UniqueFingerprinting]
          ).each do |finder_name|
            finders << WpVersion.const_get(finder_name.to_sym).new(target)
--- a/app/finders/wp_version/atom_generator.rb
+++ b/app/finders/wp_version/atom_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpVersion
--- a/app/finders/wp_version/rdf_generator.rb
+++ b/app/finders/wp_version/rdf_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpVersion
@@ -26,7 +28,7 @@ module WPScan
        end
        def passive_urls_xpath
-          '//a[contains(@href, "rdf")]/@href'
+          '//a[contains(@href, "/rdf")]/@href'
        end
        def aggressive_urls(_opts = {})
--- a/app/finders/wp_version/readme.rb
+++ b/app/finders/wp_version/readme.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpVersion
@@ -13,9 +15,9 @@ module WPScan
          number = Regexp.last_match(1)
-          return unless WPScan::WpVersion.valid?(number)
+          return unless Model::WpVersion.valid?(number)
-          WPScan::WpVersion.new(
+          Model::WpVersion.new(
            number,
            found_by: 'Readme (Aggressive Detection)',
            # Since WP 4.7, the Readme only contains the major version (ie 4.7, 4.8 etc)
--- a/app/finders/wp_version/rss_generator.rb
+++ b/app/finders/wp_version/rss_generator.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpVersion
--- a/app/finders/wp_version/unique_fingerprinting.rb
+++ b/app/finders/wp_version/unique_fingerprinting.rb
@@ -1,3 +1,5 @@
 # frozen_string_literal: true
 module WPScan
  module Finders
    module WpVersion
@@ -11,7 +13,7 @@ module WPScan
            hydra.abort
            progress_bar.finish
-            return WPScan::WpVersion.new(
+            return Model::WpVersion.new(
              version_number,
              found_by: 'Unique Fingerprinting (Aggressive Detection)',
              confidence: 100,
--- a/Show More
+++ b/Show More
`@@ -1 +1,3 @@`
	`require_relative 'wp_items/urls_in_homepage'`	`# frozen_string_literal: true`

		`require_relative 'wp_items/urls_in_page'`