id: wp-yoast-user-enumeration

info:
  name: WordPress Yoast SEO Plugin -  User Enumeration
  author: FLX
  severity: info
  reference:
    - https://developer.yoast.com/features/xml-sitemaps/functional-specification/
  metadata:
    verified: true
    max-request: 1
    google-query: inurl:"/author-sitemap.xml"
  tags: wp,wp-plugin,wordpress,username,disclosure

http:
  - raw:
      - |
        @timeout: 15s
        GET /author-sitemap.xml HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<?xml"
          - "<lastmod>"
          - "<loc>"
        condition: and

      - type: word
        part: header
        words:
          - "application/xml"
          - "text/xml"

      - type: status
        status:
          - 200
# digest: 490a00463044022047ff660cb9bf3356e8492c2525614a375bb960108ec4935be7d35cde6224149202203d96ace3f2c72c5618a2af1c6138367709ce3adfd90f34ab3eda2f35d82ff160:922c64590222798bb761d5b6d8e72950