wpscan 3.1.0 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 247fd91f253010fbefa767737b15d9abce9abdc5
-  data.tar.gz: bf4527c1501a3b641a4a242043baf8d302e0e5e8
+  metadata.gz: 2cd042a221b0b46139937c959bd6428d4bedd1a2
+  data.tar.gz: dd5575dbaf1929427b82e8fa85496941eb3da313
 SHA512:
-  metadata.gz: 6f7ae471f65c4abab39653e95153a10c5893f7995f64b403bb9e4bac6748e93394daa4db9e4e2175293165dee60813a168af7f8043cbd249232a1b6abec00cfd
-  data.tar.gz: 86c27e7770b2674f286fcf55d49fe6b0cb2540d0a24a790e80c268b9901ab00cfd0d0e793ae294aebda586f414212a5077a1f58b489b272413c672833118dcab
+  metadata.gz: ebe332bbc3f165474bfef341caf390d9ade882270ebaf68a901a4a8379decdc482cba640461aa8ff545b9ee05f9d2b84c6cec29a6f11129b2a50363eaf416f95
+  data.tar.gz: 225ef4a7706c4a44bd70a5c5da2b420a8d0f73d1bae8b52f613d1eb054fb469a86c60860189324a1e1f2505e129038b2bb521315485dd366830a86d8536556bd

data/README.md

@@ -113,7 +113,9 @@ Pull the repo with ```docker pull wpscanteam/wpscan-v3```
 
 # Usage
 
-Open a terminal and type ```wpscan --help``` (if you built wpscan from the source, you should type the command outside of the git repo)
+```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
+
+For more options, open a terminal and type ```wpscan --help``` (if you built wpscan from the source, you should type the command outside of the git repo)
 
 The DB is located at ~/.wpscan/db
 

data/app/controllers/aliases.rb

@@ -4,7 +4,8 @@ module WPScan
     class Aliases < CMSScanner::Controller::Base
       def cli_options
         [
-          OptAlias.new(['--stealthy'], alias_for: '--random-user-agent --detection-mode passive')
+          OptAlias.new(['--stealthy'],
+                       alias_for: '--random-user-agent --detection-mode passive --plugins-version-detection passive')
         ]
       end
     end

data/app/controllers/enumeration/cli_options.rb

@@ -26,7 +26,8 @@ module WPScan
               m:  OptIntegerRange.new(['--medias', 'Media ids range. e.g m1-15'], value_if_empty: '1-100')
             },
             value_if_empty: 'vp,vt,tt,cb,u,m',
-            incompatible: [%i[vp ap p], %i[vt at t]]
+            incompatible: [%i[vp ap p], %i[vt at t]],
+            default: { all_plugins: true, config_backups: true }
           ),
           OptRegexp.new(
             [
@@ -46,7 +47,7 @@ module WPScan
           OptChoice.new(
             ['--plugins-detection MODE',
              'Use the supplied mode to enumerate Plugins, instead of the global (--detection-mode) mode.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :passive
           ),
           OptBoolean.new(
             ['--plugins-version-all',
@@ -57,7 +58,7 @@ module WPScan
             ['--plugins-version-detection MODE',
              'Use the supplied mode to check plugins versions instead of the --detection-mode ' \
              'or --plugins-detection modes.'],
-            choices: %w[mixed passive aggressive], normalize: :to_sym
+            choices: %w[mixed passive aggressive], normalize: :to_sym, default: :mixed
           )
         ]
       end

data/app/controllers/enumeration/enum_methods.rb

@@ -164,7 +164,7 @@ module WPScan
       # If the --enumerate is used, the default value is handled by the Option
       # However, when using --passwords alone, the default has to be set by the code below
       def enum_users_range
-        parsed_options[:enumerate] ? parsed_options[:enumerate][:users] : cli_enum_choices[0].choices[:u].validate(nil)
+        parsed_options[:enumerate][:users] || cli_enum_choices[0].choices[:u].validate(nil)
       end
     end
   end

data/lib/wpscan/finders/dynamic_finder/version/config_parser.rb

@@ -20,7 +20,9 @@ module WPScan
 
             parsers.each do |parser|
               begin
-                return parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)
+                parsed = parser.respond_to?(:safe_load) ? parser.safe_load(body) : parser.load(body)
+
+                return parsed if parsed.is_a?(Hash)
               rescue StandardError
                 next
               end

data/lib/wpscan/finders/dynamic_finder/version/javascript_var.rb

@@ -39,7 +39,7 @@ module WPScan
           def version_number_from_match_data(match_data)
             if self.class::VERSION_KEY
               begin
-                json = JSON.parse("{#{match_data[:json].strip.tr("'", '"')}}")
+                json = JSON.parse("{#{match_data[:json].strip.chomp(',').tr("'", '"')}}")
               rescue JSON::ParserError
                 return
               end

data/lib/wpscan/version.rb

@@ -1,4 +1,4 @@
 # Version
 module WPScan
-  VERSION = '3.1.0'.freeze
+  VERSION = '3.2.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.2.0
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-16 00:00:00.000000000 Z
+date: 2018-02-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.1'
+- !ruby/object:Gem::Dependency
+  name: opt_parse_validator
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.15.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.15.2
 - !ruby/object:Gem::Dependency
   name: yajl-ruby
   requirement: !ruby/object:Gem::Requirement