RubyGems - wpscan - Versions diffs - 3.7.0 → 3.7.1 - Mend

wpscan 3.7.0 → 3.7.1

Files changed (10) hide show

checksums.yaml +4 -4
data/README.md +8 -2
data/app/controllers/enumeration/cli_options.rb +2 -2
data/app/controllers/enumeration/enum_methods.rb +4 -4
data/app/finders/passwords/xml_rpc.rb +1 -1
data/app/finders/passwords/xml_rpc_multicall.rb +1 -1
data/lib/wpscan/db/vuln_api.rb +2 -1
data/lib/wpscan/target/platform/wordpress.rb +1 -0
data/lib/wpscan/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5e98820ee111e0a41e7cdc545d73daf107fc9ac8cec61b0553d19e5e85a8fc5f
-  data.tar.gz: 72e974ecfbd200a92a123c7f315b587c3e8c20364390a202ca8b0ca978a08dfe
+  metadata.gz: 81f53ccbb472ba2f5eff49a7c422c41b7f70ace29d689620ab6ea7d51b52d9ae
+  data.tar.gz: d3f844eed945816cdc34e6e17ebf2b27f19c82c7e4f42766aaeb19793d618971
 SHA512:
-  metadata.gz: bd2778249b8afdfa8a12317ea20b2f856285a83ade81b8e7935cd83721f5763a6f39c9e1b94e7dd8cdfa9f48c0e068bdaf95f3e949506b3ae96b65a0a992b0a3
-  data.tar.gz: 7eb76604ef4f5a7b01dbc5dce70dd4cfa8f3f6d9093642615aae627dfa709dcf0a36ea9e1dae1c4208571946b4d09ca80e8f2496ddeae63660dd314e522e7fb6
+  metadata.gz: 1615d5c27b38ae8f2c157f22f8949f49484dadb2475e39f159133e289fd3f8e11986055c654dcde89a169e3a19f5dc6387b27c39c079e55d71561047e500ec75
+  data.tar.gz: 5eb01fd5777cb6c1128c9e91ca8d643decd77d46ff22a8de29cf80680ea0d60eb0934fc1aea1b16c7daaa41798a4a42a310833c061ccd6f8e94674c5e97f1b8e

data/README.md CHANGED Viewed

@@ -77,13 +77,19 @@ docker run -it --rm wpscanteam/wpscan --url https://target.tld/ --enumerate u1-1
 # Usage
-```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
+```wpscan --url blog.tld``` This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings.
+If a more stealthy approach is required, then ```wpscan --stealthy --url blog.tld``` can be used.
 As a result, when using the ```--enumerate``` option, don't forget to set the ```--plugins-detection``` accordingly, as its default is 'passive'.
 For more options, open a terminal and type ```wpscan --help``` (if you built wpscan from the source, you should type the command outside of the git repo)
 The DB is located at ~/.wpscan/db
+## Vulnerability Database
+The WPScan CLI tool uses the [WPVulnDB API](https://wpvulndb.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPVulnDB](https://wpvulndb.com/users/sign_up). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPVulnDB](https://wpvulndb.com/).
 ## Load CLI options from file/s
 WPScan can load all options (including the --url) from configuration files, the following locations are checked (order: first to last):
@@ -124,7 +130,7 @@ cli_options:
   api_token: YOUR_API_TOKEN
 ```
-Enumerating usernames
+## Enumerating usernames
 ```shell
 wpscan --url https://target.tld/ --enumerate u

data/app/controllers/enumeration/cli_options.rb CHANGED Viewed

@@ -18,10 +18,10 @@ module WPScan
             choices: {
               vp: OptBoolean.new(['--vulnerable-plugins']),
               ap: OptBoolean.new(['--all-plugins']),
-              p: OptBoolean.new(['--plugins']),
+              p: OptBoolean.new(['--popular-plugins']),
               vt: OptBoolean.new(['--vulnerable-themes']),
               at: OptBoolean.new(['--all-themes']),
-              t: OptBoolean.new(['--themes']),
+              t: OptBoolean.new(['--popular-themes']),
               tt: OptBoolean.new(['--timthumbs']),
               cb: OptBoolean.new(['--config-backups']),
               dbe: OptBoolean.new(['--db-exports']),

data/app/controllers/enumeration/enum_methods.rb CHANGED Viewed

@@ -56,7 +56,7 @@ module WPScan
       #
       # @return [ Boolean ] Wether or not to enumerate the plugins
       def enum_plugins?(opts)
-        opts[:plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
+        opts[:popular_plugins] || opts[:all_plugins] || opts[:vulnerable_plugins]
       end
       def enum_plugins
@@ -92,7 +92,7 @@ module WPScan
         if opts[:enumerate][:all_plugins]
           DB::Plugins.all_slugs
-        elsif opts[:enumerate][:plugins]
+        elsif opts[:enumerate][:popular_plugins]
           DB::Plugins.popular_slugs
         else
           DB::Plugins.vulnerable_slugs
@@ -103,7 +103,7 @@ module WPScan
       #
       # @return [ Boolean ] Wether or not to enumerate the themes
       def enum_themes?(opts)
-        opts[:themes] || opts[:all_themes] || opts[:vulnerable_themes]
+        opts[:popular_themes] || opts[:all_themes] || opts[:vulnerable_themes]
       end
       def enum_themes
@@ -139,7 +139,7 @@ module WPScan
         if opts[:enumerate][:all_themes]
           DB::Themes.all_slugs
-        elsif opts[:enumerate][:themes]
+        elsif opts[:enumerate][:popular_themes]
           DB::Themes.popular_slugs
         else
           DB::Themes.vulnerable_slugs

data/app/finders/passwords/xml_rpc.rb CHANGED Viewed

@@ -8,7 +8,7 @@ module WPScan
         include CMSScanner::Finders::Finder::BreadthFirstDictionaryAttack
         def login_request(username, password)
-          target.method_call('wp.getUsersBlogs', [username, password])
+          target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
         end
         def valid_credentials?(response)

data/app/finders/passwords/xml_rpc_multicall.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module WPScan
             end
           end
-          target.multi_call(methods).run
+          target.multi_call(methods, cache_ttl: 0).run
         end
         # @param [ Array<Model::User> ] users

data/lib/wpscan/db/vuln_api.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module WPScan
   module DB
     # WPVulnDB API
     class VulnApi
-      NON_ERROR_CODES = [200, 401, 404].freeze
+      NON_ERROR_CODES = [200, 401].freeze
       class << self
         attr_accessor :token
@@ -24,6 +24,7 @@ module WPScan
         res = Browser.get(uri.join(path), params.merge(request_params))
+        return {} if res.code == 404 # This is for API inconsistencies when dots in path
         return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)
         raise Error::HTTP, res

data/lib/wpscan/target/platform/wordpress.rb CHANGED Viewed

@@ -109,6 +109,7 @@ module WPScan
           Browser.instance.forge_request(
             login_url,
             method: :post,
+            cache_ttl: 0,
             body: { log: username, pwd: password }
           )
         end

data/lib/wpscan/version.rb CHANGED Viewed

@@ -2,5 +2,5 @@
 # Version
 module WPScan
-  VERSION = '3.7.0'
+  VERSION = '3.7.1'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.7.0
+  version: 3.7.1
 platform: ruby
 authors:
 - WPScanTeam
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-09-13 00:00:00.000000000 Z
+date: 2019-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner