Reduces time to detect non WP sites when there are a lof of links in pages

erwanlr · erwanlr · commit 7d2b8a2a8bdc · 2020-02-12T19:50:00.000Z
diff --git a/app/controllers/custom_directories.rb b/app/controllers/custom_directories.rb
@@ -18,9 +18,7 @@ def before_scan
         target.content_dir = ParsedCli.wp_content_dir if ParsedCli.wp_content_dir
         target.plugins_dir = ParsedCli.wp_plugins_dir if ParsedCli.wp_plugins_dir
 
-        return if target.content_dir
-
-        raise Error::WpContentDirNotDetected
+        raise Error::WpContentDirNotDetected unless target.content_dir
       end
     end
   end
diff --git a/lib/wpscan/target/platform/wordpress.rb b/lib/wpscan/target/platform/wordpress.rb
@@ -44,7 +44,7 @@ def wordpress?(detection_mode)
         # @param [ Typhoeus::Response ] response
         # @return [ Boolean ]
         def wordpress_from_meta_comments_or_scripts?(response)
-          in_scope_uris(response) do |uri|
+          in_scope_uris(response, '//link/@href|//script/@src|//img/@src') do |uri|
             return true if WORDPRESS_PATTERN.match?(uri.path) || WP_JSON_OEMBED_PATTERN.match?(uri.path)
           end
 
@@ -100,8 +100,9 @@ def wordpress_hosted?
 
           unless content_dir
             pattern = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
+            xpath   = '//@href[contains(., "wp.com")]|//@src[contains(., "wp.com")]'
 
-            uris_from_page(homepage_res) do |uri|
+            uris_from_page(homepage_res, xpath) do |uri|
               return true if uri.to_s.match?(pattern)
             end
           end
