id: wp-yoast-user-enumeration

info:
  name: WordPress Yoast SEO Plugin -  User Enumeration
  author: FLX
  severity: info
  reference:
    - https://developer.yoast.com/features/xml-sitemaps/functional-specification/
  metadata:
    max-request: 1
    verified: true
    google-dork: inurl:"/author-sitemap.xml"
  tags: wp,wp-plugin,wordpress,username,disclosure

http:
  - raw:
      - |
        @timeout: 15s
        GET /author-sitemap.xml HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<?xml"
          - "<lastmod>"
          - "<loc>"
        condition: and

      - type: word
        part: header
        words:
          - "application/xml"
          - "text/xml"

      - type: status
        status:
          - 200