1
# frozen_string_literal: true
2

3
module WPScan
4
  module Finders
5
    module Users
6
      # Author Posts
7
      class AuthorPosts < CMSScanner::Finders::Finder
8
        # @param [ Hash ] opts
9
        #
10
        # @return [ Array<User> ]
11
        def passive(opts = {})
12
          found_by_msg = 'Author Posts - %s (Passive Detection)'
13

14
          usernames(opts).reduce([]) do |a, e|
15
            a << Model::User.new(
16
              e[0],
17
              found_by: format(found_by_msg, e[1]),
18
              confidence: e[2]
19
            )
20
          end
21
        end
22

23
        # @param [ Hash ] opts
24
        #
25
        # @return [ Array<Array>> ]
26
        def usernames(_opts = {})
27
          found = potential_usernames(target.homepage_res)
28

29
          return found unless found.empty?
30

31
          target.homepage_res.html.css('header.entry-header a').each do |post_url_node|
32
            url = post_url_node['href']
33

34
            next if url.nil? || url.empty?
35

36
            found += potential_usernames(Browser.get(url))
37
          end
38

39
          found.compact.uniq
40
        end
41

42
        # @param [ Typhoeus::Response ] res
43
        #
44
        # @return [ Array<Array> ]
45
        def potential_usernames(res)
46
          usernames = []
47

48
          target.in_scope_uris(res, '//a/@href[contains(., "author")]') do |uri, node|
49
            if uri.path =~ %r{/author/([^/\b]+)/?\z}i
50
              usernames << [Regexp.last_match[1], 'Author Pattern', 100]
51
            elsif /author=[0-9]+/.match?(uri.query)
52
              usernames << [node.text.to_s.strip, 'Display Name', 30]
53
            end
54
          end
55

56
          usernames.uniq
57
        end
58
      end
59
    end
60
  end
61
end
62

63