Class: WPScan::Finders::Users::AuthorSitemap

Inherits:

CMSScanner::Finders::Finder

Object
CMSScanner::Finders::Finder
WPScan::Finders::Users::AuthorSitemap

show all

Defined in:: app/finders/users/author_sitemap.rb

Overview

Since WP 5.5, /wp-sitemap-users-1.xml is generated and contains the usernames of accounts who made a post

Direct Known Subclasses

YoastSeoAuthorSitemap

Instance Method Summary collapse

#aggressive(_opts = {}) ⇒ Array<User>
#sitemap_url ⇒ String

The URL of the sitemap.

Instance Method Details

#aggressive(_opts = {}) ⇒ `Array<User>`

Parameters:

opts (Hash)

Returns:

(Array<User>)

# File 'app/finders/users/author_sitemap.rb', line 12

def aggressive(_opts = {})
  found = []

  Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
    username = user_tag.text.to_s[%r{/author/([^/]+)/}, 1]

    next unless username && !username.strip.empty?

    found << Model::User.new(username,
                             found_by: found_by,
                             confidence: 100,
                             interesting_entries: [sitemap_url])
  end

  found
end

#sitemap_url ⇒ `String`

Returns The URL of the sitemap.

Returns:

(String) —

The URL of the sitemap



30
31
32

# File 'app/finders/users/author_sitemap.rb', line 30

def sitemap_url
  @sitemap_url ||= target.url('wp-sitemap-users-1.xml')
end

Class: WPScan::Finders::Users::AuthorSitemap

Overview

Direct Known Subclasses

Instance Method Summary collapse

Instance Method Details

#aggressive(_opts = {}) ⇒ Array<User>

#sitemap_url ⇒ String

#aggressive(_opts = {}) ⇒ `Array<User>`

#sitemap_url ⇒ `String`