Class: WPScan::Finders::Users::AuthorSitemap

Inherits:

CMSScanner::Finders::Finder

• Object
• CMSScanner::Finders::Finder
• WPScan::Finders::Users::AuthorSitemap

Defined in:

app/finders/users/author_sitemap.rb

Overview

Since WP 5.5, /wp-sitemap-users-1.xml is generated and contains the usernames of accounts who made a post

Direct Known Subclasses

YoastSeoAuthorSitemap

Instance Method Summary

• #aggressive(_opts = {}) ⇒ Array<User>
• #sitemap_url ⇒ String

  The URL of the sitemap.

Instance Method Details

#aggressive(_opts = {}) ⇒ Array<User>

Parameters:

• opts (Hash)

Returns:

• (Array<User>)

# File 'app/finders/users/author_sitemap.rb', line 12

def aggressive(_opts = {})
  found = []

  Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
    username = user_tag.text.to_s[%r{/author/([^/]+)/}, 1]

    next unless username && !username.strip.empty?

    found << Model::User.new(username,
                             found_by: found_by,
                             confidence: 100,
                             interesting_entries: [sitemap_url])
  end

  found
end

#sitemap_url ⇒ String

Returns The URL of the sitemap.

Returns:

• (String) —

  The URL of the sitemap

# File 'app/finders/users/author_sitemap.rb', line 30

def sitemap_url
  @sitemap_url ||= target.url('wp-sitemap-users-1.xml')
end