1
# frozen_string_literal: true
2

3
module WPScan
4
  module Finders
5
    module Users
6
      # Since WP 5.5, /wp-sitemap-users-1.xml is generated and contains
7
      # the usernames of accounts who made a post
8
      class AuthorSitemap < CMSScanner::Finders::Finder
9
        # @param [ Hash ] opts
10
        #
11
        # @return [ Array<User> ]
12
        def aggressive(_opts = {})
13
          found = []
14

15
          Browser.get(sitemap_url).html.xpath('//url/loc').each do |user_tag|
16
            username = user_tag.text.to_s[%r{/author/([^/]+)/}, 1]
17

18
            next unless username && !username.strip.empty?
19

20
            found << Model::User.new(username,
21
                                     found_by: found_by,
22
                                     confidence: 100,
23
                                     interesting_entries: [sitemap_url])
24
          end
25

26
          found
27
        end
28

29
        # @return [ String ] The URL of the sitemap
30
        def sitemap_url
31
          @sitemap_url ||= target.url('wp-sitemap-users-1.xml')
32
        end
33
      end
34
    end
35
  end
36
end
37

38