Bumps version

Update rubocop requirement from ~> 0.66.0 to ~> 0.67.1

.rubocop.yml

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.4
   Exclude:
   - '*.gemspec'
   - 'vendor/**/*'

.travis.yml

@@ -2,20 +2,12 @@ language: ruby
 sudo: false
 cache: bundler
 rvm:
-  - 2.3.0
-  - 2.3.1
-  - 2.3.2
-  - 2.3.3
-  - 2.3.4
-  - 2.3.5
-  - 2.3.6
-  - 2.3.7
-  - 2.3.8
   - 2.4.1
   - 2.4.2
   - 2.4.3
   - 2.4.4
   - 2.4.5
+  - 2.4.6
   - 2.5.0
   - 2.5.1
   - 2.5.2

Gemfile

@@ -2,3 +2,5 @@
 
 source 'https://rubygems.org'
 gemspec
+
+# gem 'cms_scanner', branch: 'xxx', git: 'https://github.com/wpscanteam/CMSScanner.git'

app/controllers/core.rb

@@ -27,38 +27,41 @@ module WPScan
       # @return [ Boolean ]
       def update_db_required?
         if local_db.missing_files?
-          raise Error::MissingDatabaseFile if parsed_options[:update] == false
+          raise Error::MissingDatabaseFile if ParsedCli.update == false
 
           return true
         end
 
-        return parsed_options[:update] unless parsed_options[:update].nil?
+        return ParsedCli.update unless ParsedCli.update.nil?
 
         return false unless user_interaction? && local_db.outdated?
 
         output('@notice', msg: 'It seems like you have not updated the database for some time.')
         print '[?] Do you want to update now? [Y]es [N]o, default: [N]'
 
-        Readline.readline =~ /^y/i ? true : false
+        /^y/i.match?(Readline.readline) ? true : false
       end
 
       def update_db
         output('db_update_started')
-        output('db_update_finished', updated: local_db.update, verbose: parsed_options[:verbose])
+        output('db_update_finished', updated: local_db.update, verbose: ParsedCli.verbose)
 
-        exit(0) unless parsed_options[:url]
+        exit(0) unless ParsedCli.url
       end
 
       def before_scan
         @last_update = local_db.last_update
 
-        maybe_output_banner_help_and_version # From CMS Scanner
+        maybe_output_banner_help_and_version # From CMSScanner
 
         update_db if update_db_required?
         setup_cache
         check_target_availability
         load_server_module
         check_wordpress_state
+      rescue Error::NotWordPress => e
+        target.maybe_add_cookies
+        raise e unless target.wordpress?(ParsedCli.detection_mode)
       end
 
       # Raises errors if the target is hosted on wordpress.com or is not running WordPress
@@ -66,14 +69,14 @@ module WPScan
       def check_wordpress_state
         raise Error::WordPressHosted if target.wordpress_hosted?
 
-        if Addressable::URI.parse(target.homepage_url).path =~ %r{/wp-admin/install.php$}i
+        if %r{/wp-admin/install.php$}i.match?(Addressable::URI.parse(target.homepage_url).path)
 
           output('not_fully_configured', url: target.homepage_url)
 
           exit(WPScan::ExitCode::VULNERABLE)
         end
 
-        raise Error::NotWordPress unless target.wordpress?(parsed_options[:detection_mode]) || parsed_options[:force]
+        raise Error::NotWordPress unless target.wordpress?(ParsedCli.detection_mode) || ParsedCli.force
       end
 
       # Loads the related server module in the target
@@ -85,7 +88,7 @@ module WPScan
         server = target.server || :Apache # Tries to auto detect the server
 
         # Force a specific server module to be loaded if supplied
-        case parsed_options[:server]
+        case ParsedCli.server
         when :apache
           server = :Apache
         when :iis

app/controllers/custom_directories.rb

@@ -13,8 +13,8 @@ module WPScan
       end
 
       def before_scan
-        target.content_dir = parsed_options[:wp_content_dir] if parsed_options[:wp_content_dir]
-        target.plugins_dir = parsed_options[:wp_plugins_dir] if parsed_options[:wp_plugins_dir]
+        target.content_dir = ParsedCli.wp_content_dir if ParsedCli.wp_content_dir
+        target.plugins_dir = ParsedCli.wp_plugins_dir if ParsedCli.wp_plugins_dir
 
         return if target.content_dir
 

app/controllers/enumeration.rb

@@ -17,7 +17,7 @@ module WPScan
       end
 
       def run
-        enum = parsed_options[:enumerate] || {}
+        enum = ParsedCli.enumerate || {}
 
         enum_plugins if enum_plugins?(enum)
         enum_themes  if enum_themes?(enum)

app/controllers/enumeration/enum_methods.rb

@@ -7,13 +7,13 @@ module WPScan
       # @param [ String ] type (plugins or themes)
       # @param [ Symbol ] detection_mode
       #
-      # @return [ String ] The related enumration message depending on the parsed_options and type supplied
+      # @return [ String ] The related enumration message depending on the ParsedCli and type supplied
       def enum_message(type, detection_mode)
         return unless %w[plugins themes].include?(type)
 
-        details = if parsed_options[:enumerate][:"vulnerable_#{type}"]
+        details = if ParsedCli.enumerate[:"vulnerable_#{type}"]
                     'Vulnerable'
-                  elsif parsed_options[:enumerate][:"all_#{type}"]
+                  elsif ParsedCli.enumerate[:"all_#{type}"]
                     'All'
                   else
                     'Most Popular'
@@ -39,15 +39,15 @@ module WPScan
       #
       # @return [ Hash ]
       def default_opts(type)
-        mode = parsed_options[:"#{type}_detection"] || parsed_options[:detection_mode]
+        mode = ParsedCli.options[:"#{type}_detection"] || ParsedCli.detection_mode
 
         {
           mode: mode,
-          exclude_content: parsed_options[:exclude_content_based],
+          exclude_content: ParsedCli.exclude_content_based,
           show_progression: user_interaction?,
           version_detection: {
-            mode: parsed_options[:"#{type}_version_detection"] || mode,
-            confidence_threshold: parsed_options[:"#{type}_version_all"] ? 0 : 100
+            mode: ParsedCli.options[:"#{type}_version_detection"] || mode,
+            confidence_threshold: ParsedCli.options[:"#{type}_version_all"] ? 0 : 100
           }
         }
       end
@@ -61,7 +61,7 @@ module WPScan
 
       def enum_plugins
         opts = default_opts('plugins').merge(
-          list: plugins_list_from_opts(parsed_options),
+          list: plugins_list_from_opts(ParsedCli.options),
           sort: true
         )
 
@@ -77,7 +77,7 @@ module WPScan
 
         plugins.each(&:version)
 
-        plugins.select!(&:vulnerable?) if parsed_options[:enumerate][:vulnerable_plugins]
+        plugins.select!(&:vulnerable?) if ParsedCli.enumerate[:vulnerable_plugins]
 
         output('plugins', plugins: plugins)
       end
@@ -107,7 +107,7 @@ module WPScan
 
       def enum_themes
         opts = default_opts('themes').merge(
-          list: themes_list_from_opts(parsed_options),
+          list: themes_list_from_opts(ParsedCli.options),
           sort: true
         )
 
@@ -123,7 +123,7 @@ module WPScan
 
         themes.each(&:version)
 
-        themes.select!(&:vulnerable?) if parsed_options[:enumerate][:vulnerable_themes]
+        themes.select!(&:vulnerable?) if ParsedCli.enumerate[:vulnerable_themes]
 
         output('themes', themes: themes)
       end
@@ -145,28 +145,28 @@ module WPScan
       end
 
       def enum_timthumbs
-        opts = default_opts('timthumbs').merge(list: parsed_options[:timthumbs_list])
+        opts = default_opts('timthumbs').merge(list: ParsedCli.timthumbs_list)
 
         output('@info', msg: "Enumerating Timthumbs #{enum_detection_message(opts[:mode])}") if user_interaction?
         output('timthumbs', timthumbs: target.timthumbs(opts))
       end
 
       def enum_config_backups
-        opts = default_opts('config_backups').merge(list: parsed_options[:config_backups_list])
+        opts = default_opts('config_backups').merge(list: ParsedCli.config_backups_list)
 
         output('@info', msg: "Enumerating Config Backups #{enum_detection_message(opts[:mode])}") if user_interaction?
         output('config_backups', config_backups: target.config_backups(opts))
       end
 
       def enum_db_exports
-        opts = default_opts('db_exports').merge(list: parsed_options[:db_exports_list])
+        opts = default_opts('db_exports').merge(list: ParsedCli.db_exports_list)
 
         output('@info', msg: "Enumerating DB Exports #{enum_detection_message(opts[:mode])}") if user_interaction?
         output('db_exports', db_exports: target.db_exports(opts))
       end
 
       def enum_medias
-        opts = default_opts('medias').merge(range: parsed_options[:enumerate][:medias])
+        opts = default_opts('medias').merge(range: ParsedCli.enumerate[:medias])
 
         if user_interaction?
           output('@info',
@@ -181,13 +181,13 @@ module WPScan
       #
       # @return [ Boolean ] Wether or not to enumerate the users
       def enum_users?(opts)
-        opts[:users] || (parsed_options[:passwords] && !parsed_options[:username] && !parsed_options[:usernames])
+        opts[:users] || (ParsedCli.passwords && !ParsedCli.username && !ParsedCli.usernames)
       end
 
       def enum_users
         opts = default_opts('users').merge(
           range: enum_users_range,
-          list: parsed_options[:users_list]
+          list: ParsedCli.users_list
         )
 
         output('@info', msg: "Enumerating Users #{enum_detection_message(opts[:mode])}") if user_interaction?
@@ -198,7 +198,7 @@ module WPScan
       # If the --enumerate is used, the default value is handled by the Option
       # However, when using --passwords alone, the default has to be set by the code below
       def enum_users_range
-        parsed_options[:enumerate][:users] || cli_enum_choices[0].choices[:u].validate(nil)
+        ParsedCli.enumerate[:users] || cli_enum_choices[0].choices[:u].validate(nil)
       end
     end
   end

app/controllers/main_theme.rb

@@ -18,9 +18,9 @@ module WPScan
         output(
           'theme',
           theme: target.main_theme(
-            mode: parsed_options[:main_theme_detection] || parsed_options[:detection_mode]
+            mode: ParsedCli.main_theme_detection || ParsedCli.detection_mode
           ),
-          verbose: parsed_options[:verbose]
+          verbose: ParsedCli.verbose
         )
       end
     end

app/controllers/password_attack.rb

@@ -24,7 +24,7 @@ module WPScan
       end
 
       def run
-        return unless parsed_options[:passwords]
+        return unless ParsedCli.passwords
 
         if user_interaction?
           output('@info',
@@ -33,13 +33,13 @@ module WPScan
 
         attack_opts = {
           show_progression: user_interaction?,
-          multicall_max_passwords: parsed_options[:multicall_max_passwords]
+          multicall_max_passwords: ParsedCli.multicall_max_passwords
         }
 
         begin
           found = []
 
-          attacker.attack(users, passwords(parsed_options[:passwords]), attack_opts) do |user|
+          attacker.attack(users, passwords(ParsedCli.passwords), attack_opts) do |user|
             found << user
 
             attacker.progress_bar.log("[SUCCESS] - #{user.username} / #{user.password}")
@@ -61,9 +61,9 @@ module WPScan
 
       # @return [ CMSScanner::Finders::Finder ]
       def attacker_from_cli_options
-        return unless parsed_options[:password_attack]
+        return unless ParsedCli.password_attack
 
-        case parsed_options[:password_attack]
+        case ParsedCli.password_attack
         when :wp_login
           WPScan::Finders::Passwords::WpLogin.new(target)
         when :xmlrpc
@@ -94,9 +94,9 @@ module WPScan
 
       # @return [ Array<Users> ] The users to brute force
       def users
-        return target.users unless parsed_options[:usernames]
+        return target.users unless ParsedCli.usernames
 
-        parsed_options[:usernames].reduce([]) do |acc, elem|
+        ParsedCli.usernames.reduce([]) do |acc, elem|
           acc << Model::User.new(elem.chomp)
         end
       end

app/controllers/wp_version.rb

@@ -24,8 +24,8 @@ module WPScan
         output(
           'version',
           version: target.wp_version(
-            mode: parsed_options[:wp_version_detection] || parsed_options[:detection_mode],
-            confidence_threshold: parsed_options[:wp_version_all] ? 0 : 100,
+            mode: ParsedCli.wp_version_detection || ParsedCli.detection_mode,
+            confidence_threshold: ParsedCli.wp_version_all ? 0 : 100,
             show_progression: user_interaction?
           )
         )

app/finders/interesting_findings/emergency_pwd_reset_script.rb

@@ -14,7 +14,7 @@ module WPScan
 
           Model::EmergencyPwdResetScript.new(
             target.url(path),
-            confidence: res.body =~ /password/i ? 100 : 40,
+            confidence: /password/i.match?(res.body) ? 100 : 40,
             found_by: DIRECT_ACCESS,
             references: {
               url: 'https://codex.wordpress.org/Resetting_Your_Password#Using_the_Emergency_Password_Reset_Script'

app/finders/interesting_findings/mu_plugins.rb

@@ -14,6 +14,8 @@ module WPScan
 
             url = target.url('wp-content/mu-plugins/')
 
+            target.mu_plugins = true
+
             return Model::MuPlugins.new(
               url,
               confidence: 70,
@@ -33,8 +35,6 @@ module WPScan
           return unless [200, 401, 403].include?(res.code)
           return if target.homepage_or_404?(res)
 
-          # TODO: add the check for --exclude-content once implemented ?
-
           target.mu_plugins = true
 
           Model::MuPlugins.new(

app/finders/users/author_id_brute_forcing.rb

@@ -7,6 +7,11 @@ module WPScan
       class AuthorIdBruteForcing < CMSScanner::Finders::Finder
         include CMSScanner::Finders::Finder::Enumerator
 
+        # @return [ Array<Integer> ]
+        def valid_response_codes
+          @valid_response_codes ||= [200, 301, 302]
+        end
+
         # @param [ Hash ] opts
         # @option opts [ Range ] :range Mandatory
         #
@@ -15,7 +20,7 @@ module WPScan
           found = []
           found_by_msg = 'Author Id Brute Forcing - %s (Aggressive Detection)'
 
-          enumerate(target_urls(opts), opts) do |res, id|
+          enumerate(target_urls(opts), opts.merge(check_full_response: true)) do |res, id|
             username, found_by, confidence = potential_username(res)
 
             next unless username
@@ -49,7 +54,7 @@ module WPScan
           super(opts.merge(title: ' Brute Forcing Author IDs -'))
         end
 
-        def request_params
+        def full_request_params
           { followlocation: true }
         end
 

app/finders/users/author_posts.rb

@@ -50,7 +50,7 @@ module WPScan
 
             if uri.path =~ %r{/author/([^/\b]+)/?\z}i
               usernames << [Regexp.last_match[1], 'Author Pattern', 100]
-            elsif uri.query =~ /author=[0-9]+/
+            elsif /author=[0-9]+/.match?(uri.query)
               usernames << [node.text.to_s.strip, 'Display Name', 30]
             end
           end

app/models/timthumb.rb

@@ -63,7 +63,7 @@ module WPScan
       def webshot_enabled?
         res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
 
-        res.body =~ /WEBSHOT_ENABLED == true/ ? false : true
+        /WEBSHOT_ENABLED == true/.match?(res.body) ? false : true
       end
 
       # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)

lib/wpscan.rb

@@ -19,6 +19,7 @@ require 'wpscan/helper'
 require 'wpscan/db'
 require 'wpscan/version'
 require 'wpscan/errors'
+require 'wpscan/parsed_cli'
 require 'wpscan/browser'
 require 'wpscan/target'
 require 'wpscan/finders'

lib/wpscan/browser.rb

@@ -5,11 +5,6 @@ module WPScan
   class Browser < CMSScanner::Browser
     extend Actions
 
-    # @return [ String ] The path to the user agents list
-    def user_agents_list
-      @user_agents_list ||= DB_DIR.join('user-agents.txt').to_s
-    end
-
     # @return [ String ]
     def default_user_agent
       "WPScan v#{VERSION} (https://wpscan.org/)"

lib/wpscan/db/updater.rb

@@ -8,11 +8,11 @@ module WPScan
       # /!\ Might want to also update the Enumeration#cli_options when some filenames are changed here
       FILES = %w[
         plugins.json themes.json wordpresses.json
-        timthumbs-v3.txt user-agents.txt config_backups.txt
-        db_exports.txt dynamic_finders.yml wp_fingerprints.json LICENSE
+        timthumbs-v3.txt config_backups.txt db_exports.txt
+        dynamic_finders.yml wp_fingerprints.json LICENSE
       ].freeze
 
-      OLD_FILES = %w[wordpress.db dynamic_finders_01.yml].freeze
+      OLD_FILES = %w[wordpress.db user-agents.txt dynamic_finders_01.yml].freeze
 
       attr_reader :repo_directory
 

lib/wpscan/parsed_cli.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module WPScan
+  # To be able to use ParsedCli directly, rather than having to access it via WPscan::ParsedCli
+  class ParsedCli < CMSScanner::ParsedCli
+  end
+end

lib/wpscan/target/platform/wordpress.rb

@@ -45,13 +45,41 @@ module WPScan
           false
         end
 
+        COOKIE_PATTERNS = {
+          'vjs' => /createCookie\('vjs','(?<c_value>\d+)',\d+\);/i
+        }.freeze
+
+        # Sometimes there is a mechanism in place on the blog, which requires a specific
+        # cookie and value to be added to requests. Lets try to detect and add them
+        def maybe_add_cookies
+          COOKIE_PATTERNS.each do |cookie_key, pattern|
+            next unless homepage_res.body =~ pattern
+
+            browser = Browser.instance
+
+            cookie_string = "#{cookie_key}=#{Regexp.last_match[:c_value]}"
+
+            cookie_string += "; #{browser.cookie_string}" if browser.cookie_string
+
+            browser.cookie_string = cookie_string
+
+            # Force recheck of the homepage when retying wordpress?
+            # No need to clear the cache, as the request (which will contain the cookies)
+            # will be different
+            @homepage_res = nil
+            @homepage_url = nil
+
+            break
+          end
+        end
+
         # @return [ String ]
         def registration_url
           multisite? ? url('wp-signup.php') : url('wp-login.php?action=register')
         end
 
         def wordpress_hosted?
-          uri.host =~ /\.wordpress\.com$/i ? true : false
+          /\.wordpress\.com$/i.match?(uri.host) ? true : false
         end
 
         # @param [ String ] username

lib/wpscan/target/platform/wordpress/custom_directories.rb

@@ -112,9 +112,9 @@ module WPScan
         def url(path = nil)
           return @uri.to_s unless path
 
-          if path =~ %r{wp\-content/plugins}i
+          if %r{wp\-content/plugins}i.match?(path)
             path = +path.gsub('wp-content/plugins', plugins_dir)
-          elsif path =~ /wp\-content/i
+          elsif /wp\-content/i.match?(path)
             path = +path.gsub('wp-content', content_dir)
           elsif path[0] != '/' && sub_dir
             path = "#{sub_dir}/#{path}"

lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.5.0'
+  VERSION = '3.5.2'
 end

spec/app/controllers/aliases_spec.rb

@@ -3,12 +3,10 @@
 describe WPScan::Controller::Aliases do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }
-  let(:parsed_options) { rspec_parsed_options(cli_args) }
   let(:cli_args)       { "--url #{target_url}" }
 
   before do
-    WPScan::Browser.reset
-    described_class.parsed_options = parsed_options
+    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
   end
 
   describe '#cli_options' do
@@ -22,14 +20,18 @@ describe WPScan::Controller::Aliases do
 
   describe 'parsed_options' do
     context 'when no --stealthy supplied' do
-      its(:parsed_options) { should eql parsed_options }
+      it 'contains the correct options' do
+        expect(WPScan::ParsedCli.options).to include(
+          detection_mode: :mixed, plugins_version_detection: :mixed
+        )
+      end
     end
 
     context 'when --stealthy supplied' do
       let(:cli_args) { "#{super()} --stealthy" }
 
       it 'contains the correct options' do
-        expect(controller.parsed_options).to include(
+        expect(WPScan::ParsedCli.options).to include(
           random_user_agent: true, detection_mode: :passive, plugins_version_detection: :passive
         )
       end

spec/app/controllers/core_spec.rb

@@ -3,13 +3,11 @@
 describe WPScan::Controller::Core do
   subject(:core)       { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }
-  let(:parsed_options) { rspec_parsed_options(cli_args) }
   let(:cli_args)       { "--url #{target_url}" }
 
   before do
-    WPScan::Browser.reset
     described_class.reset
-    described_class.parsed_options = parsed_options
+    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
   end
 
   describe '#cli_options' do
@@ -140,7 +138,7 @@ describe WPScan::Controller::Core do
 
       expect(core.formatter).to receive(:output).with('banner', hash_including(verbose: nil), 'core')
 
-      expect(core).to receive(:update_db_required?).and_return(false) unless parsed_options[:update]
+      expect(core).to receive(:update_db_required?).and_return(false) unless WPScan::ParsedCli.update
     end
 
     context 'when --update' do
@@ -218,7 +216,7 @@ describe WPScan::Controller::Core do
 
         context 'when not wordpress' do
           it 'raises an error' do
-            expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false)
+            expect(core.target).to receive(:wordpress?).twice.with(:mixed).and_return(false)
 
             expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress)
           end
@@ -250,12 +248,26 @@ describe WPScan::Controller::Core do
     context 'when not wordpress' do
       before do
         expect(core).to receive(:load_server_module)
-        expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false)
       end
 
       context 'when no --force' do
-        it 'raises an error' do
-          expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress)
+        before { expect(core.target).to receive(:maybe_add_cookies) }
+
+        context 'when no cookies added or still not wordpress after being added' do
+          it 'raises an error' do
+            expect(core.target).to receive(:wordpress?).twice.with(:mixed).and_return(false)
+
+            expect { core.before_scan }.to raise_error(WPScan::Error::NotWordPress)
+          end
+        end
+
+        context 'when the added cookies solved it' do
+          it 'does not raise an error' do
+            expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false).ordered
+            expect(core.target).to receive(:wordpress?).with(:mixed).and_return(true).ordered
+
+            expect { core.before_scan }.to_not raise_error
+          end
         end
       end
 
@@ -263,6 +275,8 @@ describe WPScan::Controller::Core do
         let(:cli_args) { "#{super()} --force" }
 
         it 'does not raise any error' do
+          expect(core.target).to receive(:wordpress?).with(:mixed).and_return(false)
+
           expect { core.before_scan }.to_not raise_error
         end
       end

spec/app/controllers/custom_directories_spec.rb

@@ -3,12 +3,10 @@
 describe WPScan::Controller::CustomDirectories do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }
-  let(:parsed_options) { rspec_parsed_options(cli_args) }
   let(:cli_args)       { "--url #{target_url}" }
 
   before do
-    WPScan::Browser.reset
-    described_class.parsed_options = parsed_options
+    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
   end
 
   describe '#cli_options' do
@@ -34,7 +32,7 @@ describe WPScan::Controller::CustomDirectories do
 
       it 'does not raise any error' do
         expect { controller.before_scan }.to_not raise_error
-        expect(controller.target.content_dir).to eq parsed_options[:wp_content_dir]
+        expect(controller.target.content_dir).to eq WPScan::ParsedCli.wp_content_dir
       end
     end
   end

spec/app/controllers/enumeration_spec.rb

@@ -3,16 +3,13 @@
 describe WPScan::Controller::Enumeration do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://wp.lab/' }
-  let(:parsed_options) { rspec_parsed_options(cli_args) }
   let(:cli_args)       { "--url #{target_url}" }
 
   before do
-    WPScan::Browser.reset
-
     ## For the --passwords options
     allow_any_instance_of(OptParseValidator::OptPath).to receive(:check_file)
 
-    described_class.parsed_options = parsed_options
+    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
   end
 
   describe '#enum_message' do
@@ -120,7 +117,7 @@ describe WPScan::Controller::Enumeration do
         expect(controller).to receive(:enum_plugins)
         expect(controller).to receive(:enum_config_backups)
 
-        expect(parsed_options[:plugins_detection]).to eql :passive
+        expect(WPScan::ParsedCli.plugins_detection).to eql :passive
       end
 
       it 'calls enum_plugins and enum_config_backups' do

spec/app/controllers/password_attack_spec.rb

@@ -3,12 +3,10 @@
 describe WPScan::Controller::PasswordAttack do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }
-  let(:parsed_options) { rspec_parsed_options(cli_args) }
   let(:cli_args)       { "--url #{target_url}" }
 
   before do
-    WPScan::Browser.reset
-    described_class.parsed_options = parsed_options
+    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
   end
 
   describe '#cli_options' do

spec/app/controllers/wp_version_spec.rb

@@ -24,12 +24,10 @@ end
 describe WPScan::Controller::WpVersion do
   subject(:controller) { described_class.new }
   let(:target_url)     { 'http://ex.lo/' }
-  let(:parsed_options) { rspec_parsed_options(cli_args) }
   let(:cli_args)       { "--url #{target_url}" }
 
   before do
-    WPScan::Browser.reset
-    described_class.parsed_options = parsed_options
+    WPScan::ParsedCli.options = rspec_parsed_options(cli_args)
   end
 
   describe '#cli_options' do
@@ -46,8 +44,8 @@ describe WPScan::Controller::WpVersion do
       expect(controller.target).to receive(:wp_version)
         .with(
           hash_including(
-            mode: parsed_options[:wp_version_detection] || parsed_options[:detection_mode],
-            confidence_threshold: parsed_options[:wp_version_all] ? 0 : 100
+            mode: WPScan::ParsedCli.wp_version_detection || WPScan::ParsedCli.detection_mode,
+            confidence_threshold: WPScan::ParsedCli.wp_version_all ? 0 : 100
           )
         ).and_return(stubbed)
     end

spec/app/views_spec.rb

@@ -16,7 +16,7 @@ describe 'App::Views' do
       let(:parsed_options) { { url: target_url, format: formatter.to_s.underscore.dasherize } }
 
       before do
-        controller.class.parsed_options = parsed_options
+        WPScan::ParsedCli.options = parsed_options
         # Resets the formatter to ensure the correct one is loaded
         controller.class.class_variable_set(:@@formatter, nil)
       end

spec/fixtures/db/dynamic_finders.yml

@@ -874,6 +874,12 @@ plugins:
       path: languages/at.pot
       pattern: !ruby/regexp '/Project\-Id\-Version: WordPress Blank Pot v(?<v>\d+\.[\.\d]+)/i'
       version: true
+  admin-atlex-cloud:
+    TranslationFile:
+      class: BodyPattern
+      path: languages/ru_RU.pot
+      pattern: !ruby/regexp '/ct\-Id\-Version: Admin Atlex Cloud Plugin (?<v>\d+\.[\.\d]+)/i'
+      version: true
   admin-bar:
     TranslationFile:
       class: BodyPattern
@@ -2236,6 +2242,11 @@ plugins:
       path: languages/authors-autocomplete-meta-box-es_ES.po
       pattern: !ruby/regexp /\-Version:\ Authors Autocomplete Meta Box (?<v>\d+\.[\.\d]+)/i
       version: true
+  authors-list:
+    QueryParameter:
+      files:
+      - css/authors-list.css
+      version: true
   auto-animateimage:
     QueryParameter:
       files:
@@ -2785,6 +2796,21 @@ plugins:
       path: changelog.txt
       pattern: !ruby/regexp /^(?<v>\d+\.[\.\d]+) \- \d+/
       version: true
+  bdtask-booking365:
+    QueryParameter:
+      files:
+      - public/css/msbdt-bootstrap.css
+      - public/css/msbdt-ui.css
+      - public/font-awesome/css/font-awesome.min.css
+      - public/css/msbdt-custom-style.css
+      - public/css/msbdt-public.css
+      - public/js/msbdt-bootstrap.min.js
+      - public/js/msbdt-jquery.slimscroll.min.js
+      - public/js/msbdt-public.js
+      - public/ajax/msbdt-public-service-display-ajax.js
+      - public/ajax/multi-appointment-select-disable-date-agnist-doctor-ajax.js
+      - public/ajax/msbdt-public-professional-display-ajax.js
+      version: true
   bdwebteam-recent-post-tabs-widget:
     QueryParameter:
       files:
@@ -5432,6 +5458,12 @@ plugins:
       path: config.js
       key: version
       version: true
+  clust-client-portal:
+    TranslationFile:
+      class: BodyPattern
+      path: languages/clust-wp-portal.pot
+      pattern: !ruby/regexp '/Project\-Id\-Version: Clust Client Portal (?<v>\d+\.[\.\d]+)/i'
+      version: true
   cm-idin:
     QueryParameter:
       files:
@@ -6326,6 +6358,18 @@ plugins:
       files:
       - css/cresta-whatsapp-chat-front-css.css
       version: true
+  crm-hubspot-learndash-integration:
+    ChangeLog:
+      class: BodyPattern
+      path: CHANGELOG.md
+      pattern: !ruby/regexp /\#\# (?<v>\d+\.[\.\d]+)/
+      version: true
+  crm-salesforce-learndash-integration:
+    ChangeLog:
+      class: BodyPattern
+      path: CHANGELOG.md
+      pattern: !ruby/regexp /\#\# (?<v>\d+\.[\.\d]+)/
+      version: true
   cronycle-content:
     QueryParameter:
       files:
@@ -6423,6 +6467,16 @@ plugins:
       path: languages/et-csv.pot
       pattern: !ruby/regexp '/"Project\-Id\-Version: et\-csv (?<v>\d+\.[\.\d]+)/i'
       version: true
+  curatewp-related-posts:
+    QueryParameter:
+      files:
+      - assets/dist/layouts.build.css
+      version: true
+    TranslationFile:
+      class: BodyPattern
+      path: languages/cwprp-en_US.po
+      pattern: !ruby/regexp '/ct\-Id\-Version: CurateWP \- Related Posts (?<v>\d+\.[\.\d]+)/i'
+      version: true
   currencyr:
     TranslationFile:
       class: BodyPattern
@@ -7319,6 +7373,13 @@ plugins:
       files:
       - js/gtm4wp-form-move-tracker.js
       version: true
+  dvk-conf:
+    QueryParameter:
+      files:
+      - public/css/dvk-conf-public.css
+      - public/js/dvk-conf-public.js
+      - public//js/cookie.js
+      version: true
   dvk-social-sharing:
     QueryParameter:
       files:
@@ -8904,6 +8965,12 @@ plugins:
       - public/css/exxica-social-marketing-public.css
       - public/js/exxica-social-marketing-public.js
       version: true
+  ezycookie:
+    QueryParameter:
+      files:
+      - public/css/ezycookie-public.css
+      - public/js/ezycookie-public.js
+      version: true
   f1press:
     QueryParameter:
       files:
@@ -12157,6 +12224,12 @@ plugins:
       path: languages/import-html-pages.pot
       pattern: !ruby/regexp /"Project\-Id\-Version:\ HTML Import 2 (?<v>\d+\.[\.\d]+)/i
       version: true
+  import-shopify-to-woocommerce:
+    ChangeLog:
+      class: BodyPattern
+      path: CHANGELOG.txt
+      pattern: !ruby/regexp /\/\*+\s*(?<v>\d+\.[\.\d]+) \- [\d\.]{8,}\s*\*+\//i
+      version: true
   import-spreadsheets-from-microsoft-excel:
     ChangeLog:
       class: BodyPattern
@@ -14885,6 +14958,12 @@ plugins:
       path: changelog.txt
       pattern: !ruby/regexp /^(?<v>\d+\.[\.\d]+)(?!.*\d+\.[\.\d]+)/mi
       version: true
+  mas-static-content:
+    TranslationFile:
+      class: BodyPattern
+      path: languages/mas-static-content.pot
+      pattern: !ruby/regexp '/"Project\-Id\-Version: MAS Static Content (?<v>\d+\.[\.\d]+)/i'
+      version: true
   masburti-flickr-gallery:
     TranslationFile:
       class: BodyPattern
@@ -20926,6 +21005,12 @@ plugins:
       - css/search-google.css
       - js/search-google.js
       version: true
+  search-in-place:
+    QueryParameter:
+      files:
+      - css/codepeople_shearch_in_place.css
+      - js/codepeople_shearch_in_place.js
+      version: true
   search-live:
     QueryParameter:
       files:
@@ -22049,6 +22134,12 @@ plugins:
       path: languages/simple-user-listing.pot
       pattern: !ruby/regexp '/Project\-Id\-Version: Simple User Listing (?<v>\d+\.[\.\d]+)/i'
       version: true
+  simple-widget-title-links:
+    TranslationFile:
+      class: BodyPattern
+      path: languages/simple-widget-title-links.pot
+      pattern: !ruby/regexp '/t\-Id\-Version: Simple Widget Title Links (?<v>\d+\.[\.\d]+)/i'
+      version: true
   simple-word-count-and-reading-time:
     QueryParameter:
       files:
@@ -23002,6 +23093,19 @@ plugins:
       - assets/css/sports-address-book.css
       - assets/js/sports-address-book.js
       version: true
+  sports-leagues:
+    QueryParameter:
+      files:
+      - public/css/styles.css
+      - vendor/world-flags-sprite/stylesheets/flags32.css
+      - vendor/world-flags-sprite/stylesheets/flags16.css
+      - public/js/sl-public.js
+      version: true
+    ChangeLog:
+      class: BodyPattern
+      path: changelog.txt
+      pattern: !ruby/regexp /^= (?<v>\d+\.[\.\d]+)/i
+      version: true
   sportspress:
     QueryParameter:
       files:
@@ -25181,6 +25285,12 @@ plugins:
       - nyams_ultimate_button.css
       - nyams_ultimate_button.js
       version: true
+  ultimate-bulk-seo-noindex-nofollow:
+    QueryParameter:
+      files:
+      - public/css/bulk-seo-noindex-public.css
+      - public/js/bulk-seo-noindex-public.js
+      version: true
   ultimate-elements-elementor-page-builder:
     ChangeLog:
       class: BodyPattern
@@ -26867,6 +26977,12 @@ plugins:
       - css/customstyle.css
       - js/tab-active.js
       version: true
+  wg-responsive-slider:
+    ChangeLog:
+      class: BodyPattern
+      path: ChangeLog.txt
+      pattern: !ruby/regexp /Version (?<v>\d+\.[\.\d]+)/i
+      version: true
   wgauge:
     QueryParameter:
       files:
@@ -27467,6 +27583,12 @@ plugins:
       path: CHANGELOG.txt
       pattern: !ruby/regexp /\/\*+\s*(?<v>\d+\.[\.\d]+) \- [\d\.]{8,}\s*\*+\//i
       version: true
+  woo-lucky-wheel:
+    ChangeLog:
+      class: BodyPattern
+      path: changelog.txt
+      pattern: !ruby/regexp /(?<v>\d+\.[\.\d]+)/
+      version: true
   woo-manual-orders:
     ChangeLog:
       class: BodyPattern
@@ -28806,6 +28928,11 @@ plugins:
       path: languages/wp-affiliate-linker.pot
       pattern: !ruby/regexp '/Project\-Id\-Version: WP Affiliate Linker (?<v>\d+\.[\.\d]+)/i'
       version: true
+  wp-ai-manager:
+    QueryParameter:
+      files:
+      - public/js/wp-ai-manager-scroll.js
+      version: true
   wp-airbnb-review-slider:
     QueryParameter:
       files:
@@ -28860,6 +28987,13 @@ plugins:
       files:
       - css/skin-standard.css
       version: true
+  wp-attention-click:
+    QueryParameter:
+      files:
+      - public/assets/css/wpac.min.css
+      - public/assets/js/wpac-plugins.min.js
+      - public/assets/js/wpac.min.js
+      version: true
   wp-author-box:
     QueryParameter:
       files:
@@ -30011,6 +30145,12 @@ plugins:
       - imageviewer/imageviewer.js
       - wp-imageviewer-init.js
       version: true
+  wp-inquiries:
+    QueryParameter:
+      files:
+      - "/css/wp-inquiries.css"
+      - "/js/wp-inquiries.js"
+      version: true
   wp-installer:
     ChangeLog:
       class: BodyPattern

spec/fixtures/db/user-agents.txt

@@ -1,3 +0,0 @@
-# Coments should be ignored
-UA-1
-UA-2

spec/fixtures/dynamic_finders/expected.yml

@@ -1001,6 +1001,13 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/adl-team/languages/at.pot, Match: ''Project-Id-Version:
         WordPress Blank Pot v1.0.0'''
+  admin-atlex-cloud:
+    TranslationFile:
+      number: 1.0.0
+      found_by: Translation File (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/admin-atlex-cloud/languages/ru_RU.pot, Match:
+        ''ct-Id-Version: Admin Atlex Cloud Plugin 1.0.0'''
   admin-bar:
     TranslationFile:
       number: '1.0'
@@ -2717,6 +2724,13 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/authors-autocomplete-meta-box/languages/authors-autocomplete-meta-box-es_ES.po,
         Match: ''-Version: Authors Autocomplete Meta Box 1.2'''
+  authors-list:
+    QueryParameter:
+      number: 1.0.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/authors-list/css/authors-list.css?ver=1.0.0
+      confidence: 10
   auto-animateimage:
     QueryParameter:
       number: '0.6'
@@ -3403,6 +3417,23 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/bbpressmoderation/changelog.txt, Match:
         ''1.8.3 - 18'''
+  bdtask-booking365:
+    QueryParameter:
+      number: 1.0.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/css/msbdt-bootstrap.css?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/css/msbdt-ui.css?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/font-awesome/css/font-awesome.min.css?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/css/msbdt-custom-style.css?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/css/msbdt-public.css?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/js/msbdt-bootstrap.min.js?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/js/msbdt-jquery.slimscroll.min.js?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/js/msbdt-public.js?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/ajax/msbdt-public-service-display-ajax.js?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/ajax/multi-appointment-select-disable-date-agnist-doctor-ajax.js?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/bdtask-booking365/public/ajax/msbdt-public-professional-display-ajax.js?ver=1.0.0
+      confidence: 100
   bdwebteam-recent-post-tabs-widget:
     QueryParameter:
       number: 1.0.2
@@ -6679,6 +6710,13 @@ plugins:
       found_by: Config File (Aggressive Detection)
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/cloudflare/config.js, Match: ''3.3.2'''
+  clust-client-portal:
+    TranslationFile:
+      number: '1.0'
+      found_by: Translation File (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/clust-client-portal/languages/clust-wp-portal.pot,
+        Match: ''Project-Id-Version: Clust Client Portal 1.0'''
   cm-idin:
     QueryParameter:
       number: 1.0.1
@@ -7796,6 +7834,20 @@ plugins:
       interesting_entries:
       - http://wp.lab/wp-content/plugins/cresta-whatsapp-chat/css/cresta-whatsapp-chat-front-css.css?ver=1.0.0
       confidence: 10
+  crm-hubspot-learndash-integration:
+    ChangeLog:
+      number: 1.0.1
+      found_by: Change Log (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/crm-hubspot-learndash-integration/CHANGELOG.md,
+        Match: ''## 1.0.1'''
+  crm-salesforce-learndash-integration:
+    ChangeLog:
+      number: 1.0.0
+      found_by: Change Log (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/crm-salesforce-learndash-integration/CHANGELOG.md,
+        Match: ''## 1.0.0'''
   cronycle-content:
     QueryParameter:
       number: 1.0.0
@@ -7917,6 +7969,19 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/csv-exporter-for-terms/languages/et-csv.pot,
         Match: ''"Project-Id-Version: et-csv 1.0.0'''
+  curatewp-related-posts:
+    QueryParameter:
+      number: 1.0.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/curatewp-related-posts/assets/dist/layouts.build.css?ver=1.0.0
+      confidence: 10
+    TranslationFile:
+      number: 1.0.0
+      found_by: Translation File (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/curatewp-related-posts/languages/cwprp-en_US.po,
+        Match: ''ct-Id-Version: CurateWP - Related Posts 1.0.0'''
   currencyr:
     TranslationFile:
       number: 1.0.4
@@ -8984,6 +9049,15 @@ plugins:
       confidence: 10
       interesting_entries:
       - http://wp.lab/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.7.2
+  dvk-conf:
+    QueryParameter:
+      number: 0.0.3
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/dvk-conf/public/css/dvk-conf-public.css?ver=0.0.3
+      - http://wp.lab/wp-content/plugins/dvk-conf/public/js/dvk-conf-public.js?ver=0.0.3
+      - http://wp.lab/wp-content/plugins/dvk-conf/public//js/cookie.js?ver=0.0.3
+      confidence: 30
   dvk-social-sharing:
     QueryParameter:
       number: 1.3.2
@@ -10932,6 +11006,14 @@ plugins:
       interesting_entries:
       - http://wp.lab/wp-content/plugins/exxica-social-marketing/public/css/exxica-social-marketing-public.css?ver=1.3.3
       - http://wp.lab/wp-content/plugins/exxica-social-marketing/public/js/exxica-social-marketing-public.js?ver=1.3.3
+  ezycookie:
+    QueryParameter:
+      number: 1.0.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/ezycookie/public/css/ezycookie-public.css?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/ezycookie/public/js/ezycookie-public.js?ver=1.0.0
+      confidence: 20
   f1press:
     QueryParameter:
       number: '2.0'
@@ -14958,6 +15040,13 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/import-html-pages/languages/import-html-pages.pot,
         Match: ''"Project-Id-Version: HTML Import 2 2.6'''
+  import-shopify-to-woocommerce:
+    ChangeLog:
+      number: 1.0.2
+      found_by: Change Log (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/import-shopify-to-woocommerce/CHANGELOG.txt,
+        Match: ''/**1.0.2 - 2019.04.05**/'''
   import-spreadsheets-from-microsoft-excel:
     ChangeLog:
       number: '10.1'
@@ -18341,6 +18430,13 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/marketpress-product-importer/changelog.txt,
         Match: ''1.1.1'''
+  mas-static-content:
+    TranslationFile:
+      number: 1.0.0
+      found_by: Translation File (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/mas-static-content/languages/mas-static-content.pot,
+        Match: ''"Project-Id-Version: MAS Static Content 1.0.0'''
   masburti-flickr-gallery:
     TranslationFile:
       number: '1.1'
@@ -25922,6 +26018,14 @@ plugins:
       - http://wp.lab/wp-content/plugins/search-google/css/search-google.css?ver=1.9
       - http://wp.lab/wp-content/plugins/search-google/js/search-google.js?ver=1.9
       confidence: 20
+  search-in-place:
+    QueryParameter:
+      number: 1.0.36
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/search-in-place/css/codepeople_shearch_in_place.css?ver=1.0.36
+      - http://wp.lab/wp-content/plugins/search-in-place/js/codepeople_shearch_in_place.js?ver=1.0.36
+      confidence: 20
   search-live:
     QueryParameter:
       number: 1.8.2
@@ -27354,6 +27458,13 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/simple-user-listing/languages/simple-user-listing.pot,
         Match: ''Project-Id-Version: Simple User Listing 1.8.4'''
+  simple-widget-title-links:
+    TranslationFile:
+      number: 1.0.0
+      found_by: Translation File (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/simple-widget-title-links/languages/simple-widget-title-links.pot,
+        Match: ''t-Id-Version: Simple Widget Title Links 1.0.0'''
   simple-word-count-and-reading-time:
     QueryParameter:
       number: '1.0'
@@ -28565,6 +28676,22 @@ plugins:
       - http://wp.lab/wp-content/plugins/sports-address-book/assets/css/sports-address-book.css?ver=1.1.3
       - http://wp.lab/wp-content/plugins/sports-address-book/assets/js/sports-address-book.js?ver=1.1.3
       confidence: 20
+  sports-leagues:
+    QueryParameter:
+      number: 0.5.3
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/sports-leagues/public/css/styles.css?ver=0.5.3
+      - http://wp.lab/wp-content/plugins/sports-leagues/vendor/world-flags-sprite/stylesheets/flags32.css?ver=0.5.3
+      - http://wp.lab/wp-content/plugins/sports-leagues/vendor/world-flags-sprite/stylesheets/flags16.css?ver=0.5.3
+      - http://wp.lab/wp-content/plugins/sports-leagues/public/js/sl-public.js?ver=0.5.3
+      confidence: 40
+    ChangeLog:
+      number: 0.5.3
+      found_by: Change Log (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/sports-leagues/changelog.txt, Match: ''=
+        0.5.3'''
   sportspress:
     QueryParameter:
       number: 2.5.4
@@ -31267,6 +31394,14 @@ plugins:
       - http://wp.lab/wp-content/plugins/ultimate-back-to-top/nyams_ultimate_button.css?ver=1.0
       - http://wp.lab/wp-content/plugins/ultimate-back-to-top/nyams_ultimate_button.js?ver=1.0
       confidence: 20
+  ultimate-bulk-seo-noindex-nofollow:
+    QueryParameter:
+      number: 1.0.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/ultimate-bulk-seo-noindex-nofollow/public/css/bulk-seo-noindex-public.css?ver=1.0.0
+      - http://wp.lab/wp-content/plugins/ultimate-bulk-seo-noindex-nofollow/public/js/bulk-seo-noindex-public.js?ver=1.0.0
+      confidence: 20
   ultimate-elements-elementor-page-builder:
     ChangeLog:
       number: '1.0'
@@ -33365,6 +33500,13 @@ plugins:
       - http://wp.lab/wp-content/plugins/wext-woocommerce-product-tab/css/customstyle.css?ver=1.0
       - http://wp.lab/wp-content/plugins/wext-woocommerce-product-tab/js/tab-active.js?ver=1.0
       confidence: 20
+  wg-responsive-slider:
+    ChangeLog:
+      number: 1.0.0
+      found_by: Change Log (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/wg-responsive-slider/ChangeLog.txt, Match:
+        ''Version 1.0.0'''
   wgauge:
     QueryParameter:
       number: 1.0.0
@@ -34109,6 +34251,12 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/woo-lookbook/CHANGELOG.txt, Match: ''/**1.0.5.2
         - 2018.10.17**/'''
+  woo-lucky-wheel:
+    ChangeLog:
+      number: 1.0.7
+      found_by: Change Log (Aggressive Detection)
+      interesting_entries:
+      - 'http://wp.lab/wp-content/plugins/woo-lucky-wheel/changelog.txt, Match: ''1.0.7'''
   woo-manual-orders:
     ChangeLog:
       number: 1.0.3
@@ -35717,6 +35865,13 @@ plugins:
       interesting_entries:
       - 'http://wp.lab/wp-content/plugins/wp-affiliate-linker/languages/wp-affiliate-linker.pot,
         Match: ''Project-Id-Version: WP Affiliate Linker 1.0.2'''
+  wp-ai-manager:
+    QueryParameter:
+      number: 1.0.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/wp-ai-manager/public/js/wp-ai-manager-scroll.js?ver=1.0.0
+      confidence: 10
   wp-airbnb-review-slider:
     QueryParameter:
       number: '1.2'
@@ -35787,6 +35942,15 @@ plugins:
       interesting_entries:
       - http://wp.lab/wp-content/plugins/wp-associate-post-r2/css/skin-standard.css?ver=1.2
       confidence: 10
+  wp-attention-click:
+    QueryParameter:
+      number: '0.6'
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/wp-attention-click/public/assets/css/wpac.min.css?ver=0.6
+      - http://wp.lab/wp-content/plugins/wp-attention-click/public/assets/js/wpac-plugins.min.js?ver=0.6
+      - http://wp.lab/wp-content/plugins/wp-attention-click/public/assets/js/wpac.min.js?ver=0.6
+      confidence: 30
   wp-author-box:
     QueryParameter:
       number: 1.0.0
@@ -37230,6 +37394,14 @@ plugins:
       - http://wp.lab/wp-content/plugins/wp-imageviewer/imageviewer/imageviewer.js?ver=1.0.1
       - http://wp.lab/wp-content/plugins/wp-imageviewer/wp-imageviewer-init.js?ver=1.0.1
       confidence: 30
+  wp-inquiries:
+    QueryParameter:
+      number: 0.1.0
+      found_by: Query Parameter (Passive Detection)
+      interesting_entries:
+      - http://wp.lab/wp-content/plugins/wp-inquiries//css/wp-inquiries.css?ver=0.1.0
+      - http://wp.lab/wp-content/plugins/wp-inquiries//js/wp-inquiries.js?ver=0.1.0
+      confidence: 20
   wp-installer:
     ChangeLog:
       number: '1.0'

spec/fixtures/dynamic_finders/plugin_version/admin-atlex-cloud/translation_file/languages/ru_RU.pot

@@ -0,0 +1,146 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2019 Atlex
+# This file is distributed under the same license as the PACKAGE package.
+# Atlex developer@atlex.ru, 2019.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: Admin Atlex Cloud Plugin 1.0.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-03-05 21:53+0400\n"
+"PO-Revision-Date: 2019-03-20 21:53+0400\n"
+"Last-Translator: ATLEX developer@atlex.ru\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: ru_RU\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+
+#msgfmt ru_RU.pot --output-file=ru_RU.mo
+
+msgid "Host"
+msgstr "Адрес"
+
+msgid "Cloud Adapter"
+msgstr "Тип Адаптера"
+
+msgid "Project"
+msgstr "Проект"
+
+msgid "User"
+msgstr "Пользователь"
+
+msgid "Password"
+msgstr "Пароль"
+
+msgid "Backup Container"
+msgstr "Удаленный Контейнер"
+
+msgid "Local Directory"
+msgstr "Локальный Каталог"
+
+msgid "Save"
+msgstr "Сохранить"
+
+msgid "Atlex Cloud Settings"
+msgstr "Настройки Облака Атлекс"
+
+msgid "Cloud Tools"
+msgstr "Инструменты Облака"
+
+msgid "Settings"
+msgstr "Настройки"
+
+msgid "Atlex Cloud"
+msgstr "Атлекс Облако"
+
+msgid "Atlex Settings"
+msgstr "Атлекс Настройки"
+
+msgid "Backup Batabase"
+msgstr "Резервная Копия Базы Данных"
+
+msgid "Archive Name"
+msgstr "Имя Архива"
+
+msgid "Backup"
+msgstr "Резервная Копия"
+
+msgid "Remote Archive"
+msgstr "Удаленный Архив"
+
+msgid "Restore"
+msgstr "Восстановить"
+
+msgid "Delete"
+msgstr "Удалить"
+
+msgid "Backup Wordpress Files"
+msgstr "Резервная Копия Wordpress Файлов"
+
+msgid "Wordpress Directory"
+msgstr "Директория Wordpress"
+
+msgid "Cloud Directory Name"
+msgstr "Имя каталога в облаке"
+
+msgid "Remote Directories Archive"
+msgstr "Удаленный Архив Каталогов"
+
+msgid "Download"
+msgstr "Скачать"
+
+msgid "You need configurate cloud setting for connection"
+msgstr "Вам необходимо настроить параметры облака для подключения"
+
+msgid "Loading"
+msgstr "Загружается"
+
+msgid "Do you want to delete sql archive from cloud?"
+msgstr "Вы хотите удалить архив sql из облака?"
+
+msgid "Do you want to restore database from sql archive?"
+msgstr "Хотите восстановить базу данных из sql архива?"
+
+msgid "Do you want to delete files archive from cloud?"
+msgstr "Хотите удалить архив файлов из облака?"
+
+msgid "File success downloaded to "
+msgstr "Файл успешно загружен в "
+
+msgid "Error on connection"
+msgstr "Ошибка при подключении"
+
+msgid "Successfully connected"
+msgstr "Успешное подключение"
+
+msgid "Use CDN for Mediafiles"
+msgstr "Использовать CDN для Медиафайлов"
+
+msgid "CDN Mediafiles Status"
+msgstr "CDN Статус Медиафайлов"
+
+msgid "Synchronization process"
+msgstr "Процесс Синхронизации"
+
+msgid "Cloud Public URL"
+msgstr "URL-адрес public облака"
+
+msgid "Synchronized"
+msgstr "Синхронизирован"
+
+msgid "Synchronization Off"
+msgstr "Выключено"
+
+msgid "Started Mediafiles Synchronization Process"
+msgstr "Запущен процесс синхронизации медиафайлов"
+
+msgid "Synchronize Again"
+msgstr "Синхронизировать Повторно"
+
+
+
+
+

spec/fixtures/dynamic_finders/plugin_version/clust-client-portal/translation_file/languages/clust-wp-portal.pot

@@ -0,0 +1,126 @@
+# Copyright (C) 2019 Clust
+# This file is distributed under the same license as the Clust Client Portal plugin.
+msgid ""
+msgstr ""
+"Project-Id-Version: Clust Client Portal 1.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/clust-client-portal\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2019-03-19T22:16:02+00:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"X-Generator: WP-CLI 2.1.0\n"
+"X-Domain: clust-client-portal\n"
+
+#. Plugin Name of the plugin
+#: clust-client-portal.php:54
+#: clust-client-portal.php:55
+msgid "Clust Client Portal"
+msgstr ""
+
+#. Plugin URI of the plugin
+msgid "https://www.clustdoc.com"
+msgstr ""
+
+#. Description of the plugin
+msgid "Ads a media button to the Classic Wordpress Editor for inserting Clust iframe"
+msgstr ""
+
+#. Author of the plugin
+msgid "Clust"
+msgstr ""
+
+#: clust-client-portal.php:71
+msgid "Insert a Clust portal"
+msgstr ""
+
+#: clust-client-portal.php:72
+msgid "Select a template to add to your post page"
+msgstr ""
+
+#: clust-client-portal.php:78
+msgid "Can't find your form? Make sure it is active."
+msgstr ""
+
+#: clust-client-portal.php:80
+msgid "Enter the URL of the page that will host this portal"
+msgstr ""
+
+#: clust-client-portal.php:83
+msgid "Enter the height of your portal"
+msgstr ""
+
+#: clust-client-portal.php:86
+msgid "Select the main color of your portal"
+msgstr ""
+
+#: clust-client-portal.php:89
+msgid "Includes header"
+msgstr ""
+
+#: clust-client-portal.php:91
+msgid "Includes logo"
+msgstr ""
+
+#: clust-client-portal.php:93
+msgid "Insert"
+msgstr ""
+
+#: clust-client-portal.php:97
+msgid "Insert Clust Portal"
+msgstr ""
+
+#: clust-client-portal.php:135
+msgid "Error: API Token hasn't been set yet. Go to plugin's options page."
+msgstr ""
+
+#: clust-client-portal.php:139
+#: clust-client-portal.php:143
+msgid "Error: no options were found"
+msgstr ""
+
+#: options.php:77
+msgid "Clust Client Portal - Options"
+msgstr ""
+
+#: options.php:88
+msgid "Embed a Clust client portal on your website"
+msgstr ""
+
+#: options.php:89
+msgid "Enter below your Clust API Key and validate. Once that's done, Go to your wordpress Page or Post to add you portal using the Clust Portal inserter button."
+msgstr ""
+
+#: options.php:92
+msgid "Validate"
+msgstr ""
+
+#: options.php:95
+msgid "Where can I find my key?"
+msgstr ""
+
+#: options.php:97
+msgid "Use a test key"
+msgstr ""
+
+#: options.php:107
+msgid "What is Clust?"
+msgstr ""
+
+#: options.php:109
+msgid "Clust is the No 1 documents collection forr small businesses. Thousands of modern businesses around the world to collect, approve and share useful information with their clients"
+msgstr ""
+
+#: options.php:117
+msgid "New to Clust? Get 20% off!"
+msgstr ""
+
+#: options.php:119
+msgid "Register today and get a 20% discount on your Clust account forever."
+msgstr ""
+
+#: options.php:122
+msgid "Signup and grab API key."
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/crm-hubspot-learndash-integration/change_log/CHANGELOG.md

@@ -0,0 +1,9 @@
+# Changelog
+
+## 1.0.1
+
+- Typo in plugin name
+
+## 1.0.0
+
+- Initial

spec/fixtures/dynamic_finders/plugin_version/crm-salesforce-learndash-integration/change_log/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+## 1.0.0
+
+- Initial

spec/fixtures/dynamic_finders/plugin_version/curatewp-related-posts/translation_file/languages/cwprp-en_US.po

@@ -0,0 +1,108 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: CurateWP - Related Posts 1.0.0\n"
+"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/curatewp-related-posts\n"
+"Last-Translator: JR Tashjian <jr@curatewp.com>\n"
+"Language-Team: CurateWP <info@curatewp.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2019-04-05T06:39:43+00:00\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Language: \n"
+"X-Generator: WP-CLI 2.1.0\n"
+"X-Domain: cwprp\n"
+
+#. Plugin Name of the plugin
+msgid "CurateWP - Related Posts"
+msgstr ""
+
+#. Plugin URI of the plugin
+msgid "https://curatewp.com/"
+msgstr ""
+
+#. Description of the plugin
+msgid "Display related posts within the current post, in a widget, and in your theme."
+msgstr ""
+
+#. Author of the plugin
+msgid "JR Tashjian"
+msgstr ""
+
+#. Author URI of the plugin
+msgid "https://jrtashjian.com"
+msgstr ""
+
+#: includes/Widget.php:31
+msgid "A section of related posts."
+msgstr ""
+
+#: includes/Widget.php:33
+msgid "Related Posts (CurateWP)"
+msgstr ""
+
+#: includes/Widget.php:139
+msgid "Title:"
+msgstr ""
+
+#: includes/Widget.php:148
+msgid "Description:"
+msgstr ""
+
+#: includes/Widget.php:156
+msgid "Number of posts to show:"
+msgstr ""
+
+#: includes/Widget.php:167
+#: assets/src/block.js:80
+msgid "Order by"
+msgstr ""
+
+#. translators: label for ordering posts by date in descending order.
+#: includes/Widget.php:174
+#: assets/src/block.js:85
+msgid "Newest to Oldest"
+msgstr ""
+
+#. translators: label for ordering posts by date in ascending order.
+#: includes/Widget.php:177
+#: assets/src/block.js:90
+msgid "Oldest to Newest"
+msgstr ""
+
+#. translators: label for ordering posts by title in ascending order.
+#: includes/Widget.php:180
+#: assets/src/block.js:95
+msgid "A → Z"
+msgstr ""
+
+#. translators: label for ordering posts by title in descending order.
+#: includes/Widget.php:183
+#: assets/src/block.js:100
+msgid "Z → A"
+msgstr ""
+
+#. translators: label for randomly ordering posts.
+#: includes/Widget.php:186
+#: assets/src/block.js:105
+msgid "Random"
+msgstr ""
+
+#: includes/Widget.php:198
+#: assets/src/block.js:120
+msgid "In Category"
+msgstr ""
+
+#: includes/Widget.php:208
+#: assets/src/block.js:126
+msgid "In Tag"
+msgstr ""
+
+#: includes/Core.php:184
+msgid "CurateWP"
+msgstr ""
+
+#. Translators: this message outputs a minimum PHP requirement.
+#: curatewp-related-posts.php:53
+msgid "Your version of PHP (%s) is below the minimum version of PHP required by CurateWP - Related Posts (5.6). Please contact your host and request that your version be upgraded to 5.6 or later."
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/import-shopify-to-woocommerce/change_log/CHANGELOG.txt

@@ -0,0 +1,6 @@
+/**1.0.2 - 2019.04.05**/
+- Updated: Add usage guide video
+
+/**1.0.1 - 2019.04.04**/
+- Updated: Make admin notices dismissible
+- Updated: Optimize UX

spec/fixtures/dynamic_finders/plugin_version/mas-static-content/translation_file/languages/mas-static-content.pot

@@ -0,0 +1,143 @@
+# Copyright (C) 2019 MadrasThemes
+# This file is distributed under the same license as the MAS Static Content package.
+msgid ""
+msgstr ""
+"Project-Id-Version: MAS Static Content 1.0.0\n"
+"Report-Msgid-Bugs-To: "
+"https://github.com/madrasthemes/mas-static-content/issues\n"
+"POT-Creation-Date: 2019-04-01 09:23:46+00:00\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"PO-Revision-Date: 2019-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <EMAIL@ADDRESS>\n"
+"X-Generator: grunt-wp-i18n 1.0.3\n"
+
+#: includes/class-mas-static-content-post-types.php:51
+msgid "Static Contents"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:52
+msgid "Static Content"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:53
+msgid "All Static Contents"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:55
+msgid "Add New"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:56
+msgid "Add new static content"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:57
+msgid "Edit"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:58
+msgid "Edit static content"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:59
+msgid "New static content"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:60
+msgid "View static content"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:61
+msgid "View static contents"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:62
+msgid "Search static contents"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:63
+msgid "No static contents found"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:64
+msgid "No static contents found in trash"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:65
+msgid "Parent static content"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:66
+msgid "Static Content image"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:67
+msgid "Set static content image"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:68
+msgid "Remove static content image"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:69
+msgid "Use as static content image"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:70
+msgid "Insert into static content"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:71
+msgid "Uploaded to this static content"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:72
+msgid "Filter static contents"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:73
+msgid "Static Contents navigation"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:74
+msgid "Static Contents list"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:76
+msgid "This is where you can add new static contents to your site."
+msgstr ""
+
+#: includes/class-mas-static-content.php:48
+#: includes/class-mas-static-content.php:55
+msgid "Cheatin&#8217; huh?"
+msgstr ""
+
+#. Plugin Name of the plugin/theme
+msgid "MAS Static Content"
+msgstr ""
+
+#. Plugin URI of the plugin/theme
+msgid "https://github.com/madrasthemes/mas-static-content"
+msgstr ""
+
+#. Description of the plugin/theme
+msgid ""
+"This plugin helps to create a custom post type static content and use it "
+"with shortcode."
+msgstr ""
+
+#. Author of the plugin/theme
+msgid "MadrasThemes"
+msgstr ""
+
+#. Author URI of the plugin/theme
+msgid "https://madrasthemes.com/"
+msgstr ""
+
+#: includes/class-mas-static-content-post-types.php:54
+msgctxt "Admin menu name"
+msgid "Static Contents"
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/query_parameter_passive_all.html

@@ -963,6 +963,10 @@
 <link rel="stylesheet" id="author_recommended_posts-public-css" href="http://wp.lab/wp-content/plugins/author-recommended-posts/css/public.css?ver=1.0.3" type="text/css" media="screen">
 
 
+<!-- authors-list -->
+<link rel="stylesheet" id="authors-list-css-css" href="http://wp.lab/wp-content/plugins/authors-list/css/authors-list.css?ver=1.0.0" type="text/css" media="all">
+
+
 <!-- auto-animateimage -->
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/auto-animateimage/animate-image.min.js?ver=0.6"></script>
 
@@ -1195,6 +1199,20 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/bbpress-topic-location/_inc/js/bbptl.js?ver=1.0.7"></script>
 
 
+<!-- bdtask-booking365 -->
+<link rel="stylesheet" id="msbdt-bootstrap-style-css" href="http://wp.lab/wp-content/plugins/bdtask-booking365/public/css/msbdt-bootstrap.css?ver=1.0.0" type="text/css" media="all">
+<link rel="stylesheet" id="msbdt-ui-style-css" href="http://wp.lab/wp-content/plugins/bdtask-booking365/public/css/msbdt-ui.css?ver=1.0.0" type="text/css" media="all">
+<link rel="stylesheet" id="msbdt-fontawesome-css" href="http://wp.lab/wp-content/plugins/bdtask-booking365/public/font-awesome/css/font-awesome.min.css?ver=1.0.0" type="text/css" media="all">
+<link rel="stylesheet" id="msbdt-custom-css" href="http://wp.lab/wp-content/plugins/bdtask-booking365/public/css/msbdt-custom-style.css?ver=1.0.0" type="text/css" media="all">
+<link rel="stylesheet" id="msbdt-css" href="http://wp.lab/wp-content/plugins/bdtask-booking365/public/css/msbdt-public.css?ver=1.0.0" type="text/css" media="all">
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/bdtask-booking365/public/js/msbdt-bootstrap.min.js?ver=1.0.0"></script>
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/bdtask-booking365/public/js/msbdt-jquery.slimscroll.min.js?ver=1.0.0"></script>
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/bdtask-booking365/public/js/msbdt-public.js?ver=1.0.0"></script>
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/bdtask-booking365/public/ajax/msbdt-public-service-display-ajax.js?ver=1.0.0"></script>
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/bdtask-booking365/public/ajax/multi-appointment-select-disable-date-agnist-doctor-ajax.js?ver=1.0.0"></script>
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/bdtask-booking365/public/ajax/msbdt-public-professional-display-ajax.js?ver=1.0.0"></script>
+
+
 <!-- bdwebteam-recent-post-tabs-widget -->
 <link rel="stylesheet" id="bdwebteam-recent-post-tabs-widget-css" href="http://wp.lab/wp-content/plugins/bdwebteam-recent-post-tabs-widget/css/bdwebteam-recent-tabs-widget.css?ver=1.0.2" type="text/css" media="screen">
 
@@ -2954,6 +2972,10 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/cryptoniq-lite/assets/js/cryptoniq.engine.js?ver=1.0"></script>
 
 
+<!-- curatewp-related-posts -->
+<link rel="stylesheet" id="cwprp-layouts-css" href="http://wp.lab/wp-content/plugins/curatewp-related-posts/assets/dist/layouts.build.css?ver=1.0.0" type="text/css" media="all">
+
+
 <!-- custom-color-palette -->
 <link rel="stylesheet" id="themezee-custom-color-palette-css" href="http://wp.lab/wp-content/plugins/custom-color-palette/assets/css/custom-color-palette.css?ver=1.0" type="text/css" media="all">
 
@@ -3158,6 +3180,12 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.7.2"></script>
 
 
+<!-- dvk-conf -->
+<link rel="stylesheet" id="dvk-conf-css" href="http://wp.lab/wp-content/plugins/dvk-conf/public/css/dvk-conf-public.css?ver=0.0.3" type="text/css" media="all">
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/dvk-conf/public/js/dvk-conf-public.js?ver=0.0.3"></script>
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/dvk-conf/public//js/cookie.js?ver=0.0.3"></script>
+
+
 <!-- dvk-social-sharing -->
 <link rel="stylesheet" id="dvk-social-sharing-css" href="http://wp.lab/wp-content/plugins/dvk-social-sharing/assets/css/styles.min.css?ver=1.3.2" type="text/css" media="all">
 
@@ -3809,6 +3837,11 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/exxica-social-marketing/public/js/exxica-social-marketing-public.js?ver=1.3.3"></script>
 
 
+<!-- ezycookie -->
+<link rel="stylesheet" id="ezycookie-css" href="http://wp.lab/wp-content/plugins/ezycookie/public/css/ezycookie-public.css?ver=1.0.0" type="text/css" media="all">
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/ezycookie/public/js/ezycookie-public.js?ver=1.0.0"></script>
+
+
 <!-- f1press -->
 <link rel="stylesheet" id="F1Press-css" href="http://wp.lab/wp-content/plugins/f1press/style.css?ver=2.0" type="text/css" media="all">
 
@@ -9511,6 +9544,11 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/search-google/js/search-google.js?ver=1.9"></script>
 
 
+<!-- search-in-place -->
+<link rel="stylesheet" id="codepeople-search-in-place-style-css" href="http://wp.lab/wp-content/plugins/search-in-place/css/codepeople_shearch_in_place.css?ver=1.0.36" type="text/css" media="all">
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/search-in-place/js/codepeople_shearch_in_place.js?ver=1.0.36"></script>
+
+
 <!-- search-live -->
 <link rel="stylesheet" id="search-live-css" href="http://wp.lab/wp-content/plugins/search-live/css/search-live.css?ver=1.8.2" type="text/css" media="all">
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/search-live/js/jquery.typewatch.min.js?ver=1.8.2"></script>
@@ -10568,6 +10606,13 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/sports-address-book/assets/js/sports-address-book.js?ver=1.1.3"></script>
 
 
+<!-- sports-leagues -->
+<link rel="stylesheet" id="sl_styles-css" href="http://wp.lab/wp-content/plugins/sports-leagues/public/css/styles.css?ver=0.5.3" type="text/css" media="all">
+<link rel="stylesheet" id="sl_flags-css" href="http://wp.lab/wp-content/plugins/sports-leagues/vendor/world-flags-sprite/stylesheets/flags32.css?ver=0.5.3" type="text/css" media="all">
+<link rel="stylesheet" id="sl_flags_16-css" href="http://wp.lab/wp-content/plugins/sports-leagues/vendor/world-flags-sprite/stylesheets/flags16.css?ver=0.5.3" type="text/css" media="all">
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/sports-leagues/public/js/sl-public.js?ver=0.5.3"></script>
+
+
 <!-- sportspress -->
 <link rel="stylesheet" id="sportspress-general-css" href="//wp.lab/wp-content/plugins/sportspress/assets/css/sportspress.css?ver=2.5.4" type="text/css" media="all">
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/sportspress/assets/js/sportspress.js?ver=2.5.4"></script>
@@ -11580,6 +11625,11 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/ultimate-back-to-top/nyams_ultimate_button.js?ver=1.0"></script>
 
 
+<!-- ultimate-bulk-seo-noindex-nofollow -->
+<link rel="stylesheet" id="bulk-seo-noindex-css" href="http://wp.lab/wp-content/plugins/ultimate-bulk-seo-noindex-nofollow/public/css/bulk-seo-noindex-public.css?ver=1.0.0" type="text/css" media="all">
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/ultimate-bulk-seo-noindex-nofollow/public/js/bulk-seo-noindex-public.js?ver=1.0.0"></script>
+
+
 <!-- ultimate-form-builder-lite -->
 <link rel="stylesheet" id="ufbl-custom-select-css-css" href="http://wp.lab/wp-content/plugins/ultimate-form-builder-lite/css/jquery.selectbox.css?ver=1.3.7" type="text/css" media="all">
 <link rel="stylesheet" id="ufbl-front-css-css" href="http://wp.lab/wp-content/plugins/ultimate-form-builder-lite/css/frontend.css?ver=1.3.7" type="text/css" media="all">
@@ -12930,6 +12980,10 @@
 <link rel="stylesheet" id="wp-affiliate-disclosure-css" href="http://wp.lab/wp-content/plugins/wp-affiliate-disclosure/assets/css/core.css?ver=1.0.0" type="text/css" media="all">
 
 
+<!-- wp-ai-manager -->
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/wp-ai-manager/public/js/wp-ai-manager-scroll.js?ver=1.0.0"></script>
+
+
 <!-- wp-airbnb-review-slider -->
 <link rel="stylesheet" id="wpairbnb_w3-css" href="http://wp.lab/wp-content/plugins/wp-airbnb-review-slider/public/css/wpairbnb_w3.css?ver=1.2" type="text/css" media="all">
 <link rel="stylesheet" id="unslider-css" href="http://wp.lab/wp-content/plugins/wp-airbnb-review-slider/public/css/wprs_unslider.css?ver=1.2" type="text/css" media="all">
@@ -12976,6 +13030,12 @@
 <link rel="stylesheet" id="wp-associate-post-r2-css" href="http://wp.lab/wp-content/plugins/wp-associate-post-r2/css/skin-standard.css?ver=1.2" type="text/css" media="all">
 
 
+<!-- wp-attention-click -->
+<link rel="stylesheet" id="wpac-css-css" href="http://wp.lab/wp-content/plugins/wp-attention-click/public/assets/css/wpac.min.css?ver=0.6" type="text/css" media="all">
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/wp-attention-click/public/assets/js/wpac-plugins.min.js?ver=0.6"></script>
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/wp-attention-click/public/assets/js/wpac.min.js?ver=0.6"></script>
+
+
 <!-- wp-author-box -->
 <link rel="stylesheet" id="wp-author-box-css" href="http://wp.lab/wp-content/plugins/wp-author-box/public/css/wp-author-box-public.css?ver=1.0.0" type="text/css" media="all">
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/wp-author-box/public/js/wp-author-box-public.js?ver=1.0.0"></script>
@@ -13586,6 +13646,11 @@
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/wp-imageviewer/wp-imageviewer-init.js?ver=1.0.1"></script>
 
 
+<!-- wp-inquiries -->
+<link rel="stylesheet" id="wp-inquiries-css" href="http://wp.lab/wp-content/plugins/wp-inquiries//css/wp-inquiries.css?ver=0.1.0" type="text/css" media="all">
+<script type="text/javascript" src="http://wp.lab/wp-content/plugins/wp-inquiries//js/wp-inquiries.js?ver=0.1.0"></script>
+
+
 <!-- wp-insurance -->
 <script type="text/javascript" src="http://wp.lab/wp-content/plugins/wp-insurance/assets/js/popper.min.js?ver=1.0.0"></script>
 

spec/fixtures/dynamic_finders/plugin_version/simple-widget-title-links/translation_file/languages/simple-widget-title-links.pot

@@ -0,0 +1,34 @@
+# Copyright (C) 2019 Tourbillon Labs
+# This file is distributed under the GPL-2.0+.
+msgid ""
+msgstr ""
+"Project-Id-Version: Simple Widget Title Links 1.0.0\n"
+"Report-Msgid-Bugs-To: "
+"https://wordpress.org/support/plugin/simple-widget-title-links\n"
+"POT-Creation-Date: 2019-03-29 06:12:43+00:00\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"PO-Revision-Date: 2019-MO-DA HO:MI+ZONE\n"
+"Last-Translator: Tourbillon Labs <hello@tourbillonlabs.com>\n"
+"X-Generator: grunt-wp-i18n 1.0.3\n"
+
+#: src/UI/Admin.php:59 src/UI/Admin.php:59
+msgid "Open in new window/tab"
+msgstr ""
+
+#: src/UI/Admin.php:83 src/UI/Admin.php:83
+msgid "rel=\"nofollow\""
+msgstr ""
+
+#: src/UI/Admin.php:107 src/UI/Admin.php:107
+msgid "Title Link:"
+msgstr ""
+
+#. Plugin Name of the plugin/theme
+msgid "Simple Widget Title Links"
+msgstr ""
+
+#. Description of the plugin/theme
+msgid "Provides link support for widget titles without the need for markup or code."
+msgstr ""

spec/fixtures/dynamic_finders/plugin_version/sports-leagues/change_log/changelog.txt

@@ -0,0 +1,16 @@
+== Changelog ==
+
+= 0.5.3 - 2019-04-05 =
+* improvements at edit Standing Page
+* added team main color option
+* added players list game section
+* added game team stats
+* improved game slim layout
+* improved tournament header block
+* added option to switch to alternative theme layout
+* added link to recalculate index tables
+* added layout for twentysixteen theme
+* minor fixes and style improvements
+
+= 0.5.2 - 2019-04-02 =
+* Initial public release

spec/fixtures/dynamic_finders/plugin_version/wg-responsive-slider/change_log/ChangeLog.txt

@@ -0,0 +1,4 @@
+Version 1.0.0 / (2019.03.20)
+============================
+- Initial release 
+

spec/fixtures/dynamic_finders/plugin_version/woo-lucky-wheel/change_log/changelog.txt

@@ -0,0 +1,72 @@
+**v1.0.7 - 2019.03.30**
+- Fixed: Error when updating WooCommerce
+- Updated: Able to dismiss ask-for-review message permanently
+
+**v1.0.6 - 2019.03.20**
+- Fixed: Can not save settings when installing new in previous version
+- Fixed: Warning message when save settings
+- Updated: Make clicking "no thanks" have the same setting with "If customers close and not spin, show popup again after" option
+
+**v1.0.5 - 2019.01.14**
+- Fixed: Option Show only on Homepage, Blog page and Shop page
+- Fixed: Blurry text on mobile
+- Added: Mailchimp API
+- Added: Unique coupon include/exclude products/categories
+- Added: Custom css field
+- Added: Option to show full wheel on desktop
+- Added: Preview emails
+- Added: Preview wheel
+- Added: Ajax endpoint
+- Updated: Shorten coupon code
+- Updated: All wheel slices labels is editable
+- Updated: Optimize getting data
+- Updated: Class support
+
+**v1.0.4.5 - 2018.11.21**
+- Updated: Class support
+
+**v1.0.4.4 - 2018.11.10**
+- Updated: Class support
+
+**v1.0.4.3 - 2018.10.17**
+- Updated: Class support
+
+**v1.0.4.2 - 2018.10.15**
+- Fixed: Class support
+- Fixed: Translate warning message
+
+**v1.0.4.1 - 2018.09.19**
+- Fixed: Coupon select
+
+**v1.0.4 - 2018.09.08**
+- Fixed: Ajax search product
+- Fixed: Some texts not translated
+- Added: Slices text color option
+- Added: Option to set time to show popup again when customers close and do not spin
+- Added: GDPR checkbox
+
+**v1.0.3.1 - 2018.05.11**
+- Updated: Class support
+
+**v1.0.3 - 2018.04.26**
+- Added: Select Google fonts
+- Added: Class woocommerce-lucky-wheel-popup-icon to embed in elsewhere
+- Fixed: Responsive on mobile
+
+**v1.0.2.1 - 2018.04.11**
+- Fixed: Class support
+- Updated: Remove CSS, JS
+
+**v1.0.2-2018.04.04**
+- Added: Existing coupon
+- Changed: Spinning speed
+- Changed: Wheel settings(back end)
+
+**v1.0.1-2018.03.27**
+- Added: Automatically show wheel
+- Added: Auto generate slices color
+- Added: Custom award type
+- Added: Villatheme support
+
+**v1.0.0-2018.03.09**
+- First release.

spec/fixtures/target/platform/wordpress/maybe_add_cookies/vjs.html

@@ -0,0 +1,24 @@
+<html>
+<head>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<meta name="robots" content="noindex">
+</head>
+<body>
+<script>
+function createCookie(name,value,days) {
+    if (days) {
+        var date = new Date();
+        date.setTime(date.getTime()+(days*24*60*60*1000));
+        var expires = "; expires="+date.toGMTString();
+    }
+    else var expires = "";
+    document.cookie = name+"="+value+expires+"; path=/";
+}
+
+createCookie('vjs','2420671338',60);
+</script><form id="repost" method="post" action=""></form>
+<script>
+if((document.cookie.indexOf('vjs=') !== -1))
+location.reload();
+</script>
+<h1>Access to this website is possible only using browser with JavaScript and Cookies enabled.</h1>

spec/lib/browser_spec.rb

@@ -2,20 +2,9 @@
 
 describe WPScan::Browser do
   subject(:browser) { described_class.instance(options) }
-  before            { described_class.reset }
   let(:options)     { {} }
 
-  describe '#user_agents_list' do
-    context 'when not set' do
-      its(:user_agents_list) { should eql WPScan::DB_DIR.join('user-agents.txt').to_s }
-    end
-
-    context 'when set' do
-      let(:options) { super().merge(user_agents_list: 'test.txt') }
-
-      its(:user_agents_list) { should eql 'test.txt' }
-    end
-  end
+  before            { described_class.reset }
 
   describe '#user_agent' do
     context 'when not set' do

spec/shared_examples/target/platform/wordpress.rb

@@ -68,6 +68,76 @@ shared_examples WPScan::Target::Platform::WordPress do
     end
   end
 
+  describe '#maybe_add_cookies' do
+    let(:fixtures) { super().join('maybe_add_cookies') }
+    let(:browser)  { WPScan::Browser.instance }
+
+    context 'when nothing matches' do
+      it 'does nothing' do
+        stub_request(:get, target.url).to_return(body: 'nothing there')
+
+        subject.maybe_add_cookies
+
+        expect(browser.cookie_string).to eql nil
+        expect(subject.homepage_res.body).to eql 'nothing there'
+      end
+    end
+
+    context 'when matches' do
+      before do
+        stub_request(:get, target.url)
+          .to_return(
+            { body: File.read(fixtures.join("#{cookie}.html")) },
+            body: 'Cookies Accepted!' # if we put {} there, ruobop not happy!
+          )
+      end
+
+      {
+        'vjs' => 'vjs=2420671338'
+      }.each do |key, expected_cookie_string|
+        context "when #{key} match" do
+          let(:cookie) { key }
+
+          context 'when the browser does not have a cookie_string already' do
+            before do
+              subject.maybe_add_cookies
+
+              # This one does not work, opened an issue
+              # https://github.com/bblimke/webmock/issues/813
+              # stub_request(:get, target.url)
+              #  .with(headers: { 'Cookie' => expected_cookie_string })
+              #  .to_return(body: 'Cookies Accepted!')
+            end
+
+            it 'sets the correct cookies, reset the homepage_res' do
+              expect(browser.cookie_string).to eql expected_cookie_string
+              expect(subject.homepage_res.body).to eql 'Cookies Accepted!'
+            end
+          end
+
+          context 'when the browser has cookie_string already' do
+            before do
+              browser.cookie_string = 'key=no-override'
+
+              subject.maybe_add_cookies
+
+              # This one does not work, opened an issue
+              # https://github.com/bblimke/webmock/issues/813
+              # stub_request(:get, target.url)
+              #  .with(headers: { 'Cookie' => "#{expected_cookie_string}; key=no-override" })
+              #  .to_return(body: 'Cookies Accepted!')
+            end
+
+            it 'sets the correct cookies, reset the homepage_res' do
+              expect(browser.cookie_string).to eql "#{expected_cookie_string}; key=no-override"
+              expect(subject.homepage_res.body).to eql 'Cookies Accepted!'
+            end
+          end
+        end
+      end
+    end
+  end
+
   describe '#wordpress_hosted?' do
     its(:wordpress_hosted?) { should be false }
 

wpscan.gemspec

@@ -7,7 +7,7 @@ Gem::Specification.new do |s|
   s.name                  = 'wpscan'
   s.version               = WPScan::VERSION
   s.platform              = Gem::Platform::RUBY
-  s.required_ruby_version = '>= 2.3'
+  s.required_ruby_version = '>= 2.4'
   s.authors               = ['WPScanTeam']
   s.date                  = Time.now.utc.strftime('%Y-%m-%d')
   s.email                 = ['team@wpscan.org']
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   s.executables           = ['wpscan']
   s.require_paths         = ['lib']
 
-  s.add_dependency 'cms_scanner', '~> 0.0.43.2'
+  s.add_dependency 'cms_scanner', '~> 0.0.44.1'
 
   s.add_development_dependency 'bundler',   '>= 1.6'
   s.add_development_dependency 'coveralls', '~> 0.8.0'
@@ -29,7 +29,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rake', '~> 12.3'
   s.add_development_dependency 'rspec', '~> 3.8.0'
   s.add_development_dependency 'rspec-its', '~> 1.2.0'
-  s.add_development_dependency 'rubocop', '~> 0.66.0'
+  s.add_development_dependency 'rubocop', '~> 0.67.1'
   s.add_development_dependency 'simplecov', '~> 0.16.1'
   s.add_development_dependency 'stackprof', '~> 0.2.12'
   s.add_development_dependency 'webmock', '~> 3.5.1'