Bumps version

Updates deps
Adds --exclude-usernames option
2021-03-22 17:32:20 +01:00 · 2021-03-22 16:36:27 +01:00 · 2021-03-22 16:35:33 +01:00
6 changed files with 24 additions and 4 deletions
--- a/app/controllers/enumeration/cli_options.rb
+++ b/app/controllers/enumeration/cli_options.rb
@@ -170,6 +170,12 @@ module WPScan
            ['--users-detection MODE',
             'Use the supplied mode to enumerate Users, instead of the global (--detection-mode) mode.'],
            choices: %w[mixed passive aggressive], normalize: :to_sym, advanced: true
+          ),
+          OptRegexp.new(
+            [
+              '--exclude-usernames REGEXP_OR_STRING',
+              'Exclude usernames matching the Regexp/string (case insensitive). Regexp delimiters are not required.'
+            ], options: Regexp::IGNORECASE
          )
        ]
      end
--- a/app/finders/users.rb
+++ b/app/finders/users.rb
@@ -11,6 +11,16 @@ require_relative 'users/yoast_seo_author_sitemap'

 module WPScan
  module Finders
+    # Specific Finders container to filter the usernames found
+    # and remove the ones matching ParsedCli.exclude_username if supplied
+    class UsersFinders < SameTypeFinders
+      def filter_findings
+        findings.delete_if { |user| ParsedCli.exclude_usernames.match?(user.username) } if ParsedCli.exclude_usernames
+
+        findings
+      end
+    end
+
    module Users
      # Users Finder
      class Base
@@ -28,6 +38,10 @@ module WPScan
            Users::AuthorIdBruteForcing.new(target) <<
            Users::LoginErrorMessages.new(target)
        end
+
+        def finders
+          @finders ||= Finders::UsersFinders.new
+        end
      end
    end
  end
--- a/app/finders/wp_version.rb
+++ b/app/finders/wp_version.rb
@@ -10,7 +10,7 @@ module WPScan
  module Finders
    # Specific Finders container to filter the version detected
    # and remove the one with low confidence to avoid false
-    # positive when there is not enought information to accurately
+    # positive when there is not enough information to accurately
    # determine it.
    class WpVersionFinders < UniqueFinders
      def filter_findings
--- a/lib/wpscan/version.rb
+++ b/lib/wpscan/version.rb
@@ -2,5 +2,5 @@

 # Version
 module WPScan
-  VERSION = '3.8.16'
+  VERSION = '3.8.17'
 end
--- a/spec/app/controllers/enumeration_spec.rb
+++ b/spec/app/controllers/enumeration_spec.rb
@@ -76,7 +76,7 @@ describe WPScan::Controller::Enumeration do
           config_backups_list config_backups_detection
           db_exports_list db_exports_detection
           medias_detection
-           users_list users_detection]
+           users_list users_detection exclude_usernames]
      )
    end
  end
--- a/wpscan.gemspec
+++ b/wpscan.gemspec
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
  s.executables           = ['wpscan']
  s.require_paths         = ['lib']

-  s.add_dependency 'cms_scanner', '~> 0.13.2'
+  s.add_dependency 'cms_scanner', '~> 0.13.3'

  s.add_development_dependency 'bundler',             '>= 1.6'
  s.add_development_dependency 'memory_profiler',     '~> 1.0.0'
Author	SHA1	Message	Date
erwanlr	824697490f	Bumps version	2021-03-22 17:32:20 +01:00
erwanlr	62e01cb9d6	Updates deps	2021-03-22 16:36:27 +01:00
erwanlr	87c2f82b80	Adds --exclude-usernames option	2021-03-22 16:35:33 +01:00