wpscan 3.8.10 → 3.8.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +21 -6
- data/app/controllers/core.rb +3 -3
- data/app/controllers/vuln_api.rb +5 -2
- data/app/finders/db_exports/known_locations.rb +1 -1
- data/app/finders/interesting_findings.rb +2 -1
- data/app/finders/interesting_findings/php_disabled.rb +21 -0
- data/app/models/interesting_finding.rb +14 -0
- data/app/models/timthumb.rb +1 -1
- data/app/views/cli/vuln_api/status.erb +4 -4
- data/app/views/json/vuln_api/status.erb +1 -1
- data/lib/wpscan/browser.rb +1 -1
- data/lib/wpscan/db/vuln_api.rb +5 -3
- data/lib/wpscan/target/platform/wordpress.rb +6 -8
- data/lib/wpscan/typhoeus/response.rb +2 -1
- data/lib/wpscan/version.rb +1 -1
- metadata +19 -18
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 021d424ab717a7f32d4ed40025ed98d1572c4ef94193c48b31228c793ef616cc
|
|
4
|
+
data.tar.gz: 0f5d3192ab56199f4ee403d6a94db378fdeba7a080fbef3a6c5aa12175d8b855
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 78c4a98e1efe92ab08fa8c2f90e0a8851b8a076cdd4ce8faf755af6316d38bf496d862aedbe3532e523333d858df8668e3258112db2416548fd96073536d14bd
|
|
7
|
+
data.tar.gz: 1f7d881cfc1aad30dfc810815d5dfa1991d85bc37970cad76757d9bde4a2d25f66c842fb87cd5b5298ddd943c702a995a63dd075fa6d427ca0691151b0d471fe
|
data/README.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<p align="center">
|
|
2
|
-
<a href="https://wpscan.
|
|
2
|
+
<a href="https://wpscan.com/">
|
|
3
3
|
<img src="https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/images/wpscan_logo.png" alt="WPScan logo">
|
|
4
4
|
</a>
|
|
5
5
|
</p>
|
|
@@ -24,10 +24,11 @@
|
|
|
24
24
|
## Prerequisites
|
|
25
25
|
|
|
26
26
|
- (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
|
|
27
|
-
- Ruby >= 2.
|
|
27
|
+
- Ruby >= 2.5 - Recommended: latest
|
|
28
28
|
- Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
|
|
29
|
-
- Curl >= 7.
|
|
29
|
+
- Curl >= 7.72 - Recommended: latest
|
|
30
30
|
- The 7.29 has a segfault
|
|
31
|
+
- The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
|
|
31
32
|
- RubyGems - Recommended: latest
|
|
32
33
|
- Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html
|
|
33
34
|
|
|
@@ -35,6 +36,10 @@
|
|
|
35
36
|
|
|
36
37
|
When using a pentesting distubution (such as Kali Linux), it is recommended to install/update wpscan via the package manager if available.
|
|
37
38
|
|
|
39
|
+
### In macOSX via Homebrew
|
|
40
|
+
|
|
41
|
+
`brew install wpscanteam/tap/wpscan`
|
|
42
|
+
|
|
38
43
|
### From RubyGems
|
|
39
44
|
|
|
40
45
|
```shell
|
|
@@ -80,9 +85,19 @@ For more options, open a terminal and type ```wpscan --help``` (if you built wps
|
|
|
80
85
|
|
|
81
86
|
The DB is located at ~/.wpscan/db
|
|
82
87
|
|
|
83
|
-
## Vulnerability Database
|
|
88
|
+
## Optional: WordPress Vulnerability Database API
|
|
89
|
+
|
|
90
|
+
The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
|
|
91
|
+
|
|
92
|
+
Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan.com](https://wpscan.com/).
|
|
93
|
+
|
|
94
|
+
#### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
|
|
95
|
+
|
|
96
|
+
### How many API requests do you need?
|
|
84
97
|
|
|
85
|
-
|
|
98
|
+
- Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
|
|
99
|
+
- On average, a WordPress website has 22 installed plugins.
|
|
100
|
+
- The Free plan should cover around 50% of all WordPress websites.
|
|
86
101
|
|
|
87
102
|
## Load CLI options from file/s
|
|
88
103
|
|
|
@@ -176,7 +191,7 @@ Example cases which do not require a commercial license, and thus fall under the
|
|
|
176
191
|
- Using WPScan to test your own systems.
|
|
177
192
|
- Any non-commercial use of WPScan.
|
|
178
193
|
|
|
179
|
-
If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us -
|
|
194
|
+
If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - contact@wpscan.com.
|
|
180
195
|
|
|
181
196
|
Free-use Terms and Conditions;
|
|
182
197
|
|
data/app/controllers/core.rb
CHANGED
|
@@ -8,13 +8,13 @@ module WPScan
|
|
|
8
8
|
def cli_options
|
|
9
9
|
[OptURL.new(['--url URL', 'The URL of the blog to scan'],
|
|
10
10
|
required_unless: %i[update help hh version], default_protocol: 'http')] +
|
|
11
|
-
super.drop(
|
|
11
|
+
super.drop(2) + # delete the --url and --force from CMSScanner
|
|
12
12
|
[
|
|
13
13
|
OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
|
|
14
14
|
choices: %w[apache iis nginx],
|
|
15
15
|
normalize: %i[downcase to_sym],
|
|
16
16
|
advanced: true),
|
|
17
|
-
OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
|
|
17
|
+
OptBoolean.new(['--force', 'Do not check if the target is running WordPress or returns a 403']),
|
|
18
18
|
OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
|
|
19
19
|
]
|
|
20
20
|
end
|
|
@@ -39,7 +39,7 @@ module WPScan
|
|
|
39
39
|
output('@notice', msg: 'It seems like you have not updated the database for some time.')
|
|
40
40
|
print '[?] Do you want to update now? [Y]es [N]o, default: [N]'
|
|
41
41
|
|
|
42
|
-
/^y/i.match?(Readline.readline)
|
|
42
|
+
/^y/i.match?(Readline.readline)
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
def update_db
|
data/app/controllers/vuln_api.rb
CHANGED
|
@@ -8,7 +8,10 @@ module WPScan
|
|
|
8
8
|
|
|
9
9
|
def cli_options
|
|
10
10
|
[
|
|
11
|
-
OptString.new(
|
|
11
|
+
OptString.new(
|
|
12
|
+
['--api-token TOKEN',
|
|
13
|
+
'The WPScan API Token to display vulnerability data, available at https://wpscan.com/profile']
|
|
14
|
+
)
|
|
12
15
|
]
|
|
13
16
|
end
|
|
14
17
|
|
|
@@ -19,7 +22,7 @@ module WPScan
|
|
|
19
22
|
|
|
20
23
|
api_status = DB::VulnApi.status
|
|
21
24
|
|
|
22
|
-
raise Error::InvalidApiToken if api_status['
|
|
25
|
+
raise Error::InvalidApiToken if api_status['status'] == 'forbidden'
|
|
23
26
|
raise Error::ApiLimitReached if api_status['requests_remaining'] == 0
|
|
24
27
|
raise api_status['http_error'] if api_status['http_error']
|
|
25
28
|
end
|
|
@@ -7,7 +7,7 @@ module WPScan
|
|
|
7
7
|
class KnownLocations < CMSScanner::Finders::Finder
|
|
8
8
|
include CMSScanner::Finders::Finder::Enumerator
|
|
9
9
|
|
|
10
|
-
SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
|
|
10
|
+
SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
|
|
11
11
|
|
|
12
12
|
# @param [ Hash ] opts
|
|
13
13
|
# @option opts [ String ] :list
|
|
@@ -6,6 +6,7 @@ require_relative 'interesting_findings/multisite'
|
|
|
6
6
|
require_relative 'interesting_findings/debug_log'
|
|
7
7
|
require_relative 'interesting_findings/backup_db'
|
|
8
8
|
require_relative 'interesting_findings/mu_plugins'
|
|
9
|
+
require_relative 'interesting_findings/php_disabled'
|
|
9
10
|
require_relative 'interesting_findings/registration'
|
|
10
11
|
require_relative 'interesting_findings/tmm_db_migrate'
|
|
11
12
|
require_relative 'interesting_findings/upload_sql_dump'
|
|
@@ -26,7 +27,7 @@ module WPScan
|
|
|
26
27
|
%w[
|
|
27
28
|
Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
|
|
28
29
|
Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
|
|
29
|
-
UploadSQLDump EmergencyPwdResetScript WPCron
|
|
30
|
+
UploadSQLDump EmergencyPwdResetScript WPCron PHPDisabled
|
|
30
31
|
].each do |f|
|
|
31
32
|
finders << InterestingFindings.const_get(f).new(target)
|
|
32
33
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module WPScan
|
|
4
|
+
module Finders
|
|
5
|
+
module InterestingFindings
|
|
6
|
+
# See https://github.com/wpscanteam/wpscan/issues/1593
|
|
7
|
+
class PHPDisabled < CMSScanner::Finders::Finder
|
|
8
|
+
PATTERN = /\$wp_version =/.freeze
|
|
9
|
+
|
|
10
|
+
# @return [ InterestingFinding ]
|
|
11
|
+
def aggressive(_opts = {})
|
|
12
|
+
path = 'wp-includes/version.php'
|
|
13
|
+
|
|
14
|
+
return unless PATTERN.match?(target.head_and_get(path).body)
|
|
15
|
+
|
|
16
|
+
Model::PHPDisabled.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -132,5 +132,19 @@ module WPScan
|
|
|
132
132
|
}
|
|
133
133
|
end
|
|
134
134
|
end
|
|
135
|
+
|
|
136
|
+
class PHPDisabled < InterestingFinding
|
|
137
|
+
# @return [ String ]
|
|
138
|
+
def to_s
|
|
139
|
+
@to_s ||= 'PHP seems to be disabled'
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
# @return [ Hash ]
|
|
143
|
+
def references
|
|
144
|
+
@references ||= {
|
|
145
|
+
url: ['https://github.com/wpscanteam/wpscan/issues/1593']
|
|
146
|
+
}
|
|
147
|
+
end
|
|
148
|
+
end
|
|
135
149
|
end
|
|
136
150
|
end
|
data/app/models/timthumb.rb
CHANGED
|
@@ -63,7 +63,7 @@ module WPScan
|
|
|
63
63
|
def webshot_enabled?
|
|
64
64
|
res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
|
|
65
65
|
|
|
66
|
-
|
|
66
|
+
!/WEBSHOT_ENABLED == true/.match?(res.body)
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
# @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
|
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
<% unless @status.empty? -%>
|
|
2
2
|
<% if @status['http_error'] -%>
|
|
3
|
-
<%= critical_icon %>
|
|
3
|
+
<%= critical_icon %> WPScan DB API, <%= @status['http_error'].to_s %>
|
|
4
4
|
<% else -%>
|
|
5
|
-
<%= info_icon %>
|
|
5
|
+
<%= info_icon %> WPScan DB API OK
|
|
6
6
|
| Plan: <%= @status['plan'] %>
|
|
7
7
|
| Requests Done (during the scan): <%= @api_requests %>
|
|
8
8
|
| Requests Remaining: <%= @status['requests_remaining'] %>
|
|
9
9
|
<% end -%>
|
|
10
10
|
<% else -%>
|
|
11
|
-
<%= warning_icon %> No
|
|
12
|
-
<%= warning_icon %> You can get a free API token with
|
|
11
|
+
<%= warning_icon %> No WPScan API Token given, as a result vulnerability data has not been output.
|
|
12
|
+
<%= warning_icon %> You can get a free API token with 25 daily requests by registering at https://wpscan.com/register
|
|
13
13
|
<% end -%>
|
|
@@ -8,6 +8,6 @@
|
|
|
8
8
|
"requests_remaining": <%= @status['requests_remaining'].to_json %>
|
|
9
9
|
<% end -%>
|
|
10
10
|
<% else -%>
|
|
11
|
-
"error": "No
|
|
11
|
+
"error": "No WPScan API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 25 daily requests by registering at https://wpscan.com/register"
|
|
12
12
|
<% end -%>
|
|
13
13
|
},
|
data/lib/wpscan/browser.rb
CHANGED
data/lib/wpscan/db/vuln_api.rb
CHANGED
|
@@ -4,7 +4,7 @@ module WPScan
|
|
|
4
4
|
module DB
|
|
5
5
|
# WPVulnDB API
|
|
6
6
|
class VulnApi
|
|
7
|
-
NON_ERROR_CODES = [200,
|
|
7
|
+
NON_ERROR_CODES = [200, 403].freeze
|
|
8
8
|
|
|
9
9
|
class << self
|
|
10
10
|
attr_accessor :token
|
|
@@ -26,7 +26,7 @@ module WPScan
|
|
|
26
26
|
# Typhoeus.get is used rather than Browser.get to avoid merging irrelevant params from the CLI
|
|
27
27
|
res = Typhoeus.get(uri.join(path), default_request_params.merge(params))
|
|
28
28
|
|
|
29
|
-
return {} if res.code == 404
|
|
29
|
+
return {} if res.code == 404 || res.code == 429
|
|
30
30
|
return JSON.parse(res.body) if NON_ERROR_CODES.include?(res.code)
|
|
31
31
|
|
|
32
32
|
raise Error::HTTP, res
|
|
@@ -34,6 +34,8 @@ module WPScan
|
|
|
34
34
|
retries ||= 0
|
|
35
35
|
|
|
36
36
|
if (retries += 1) <= 3
|
|
37
|
+
@default_request_params[:headers]['X-Retry'] = retries
|
|
38
|
+
|
|
37
39
|
sleep(1)
|
|
38
40
|
retry
|
|
39
41
|
end
|
|
@@ -68,7 +70,7 @@ module WPScan
|
|
|
68
70
|
# @return [ Hash ]
|
|
69
71
|
# @note Those params can not be overriden by CLI options
|
|
70
72
|
def self.default_request_params
|
|
71
|
-
Browser.instance.default_connect_request_params.merge(
|
|
73
|
+
@default_request_params ||= Browser.instance.default_connect_request_params.merge(
|
|
72
74
|
headers: {
|
|
73
75
|
'User-Agent' => Browser.instance.default_user_agent,
|
|
74
76
|
'Authorization' => "Token token=#{token}"
|
|
@@ -11,9 +11,10 @@ module WPScan
|
|
|
11
11
|
module WordPress
|
|
12
12
|
include CMSScanner::Target::Platform::PHP
|
|
13
13
|
|
|
14
|
-
WORDPRESS_PATTERN
|
|
15
|
-
|
|
16
|
-
|
|
14
|
+
WORDPRESS_PATTERN = %r{/(?:(?:wp-content/(?:themes|(?:mu-)?plugins|uploads))|wp-includes)/}i.freeze
|
|
15
|
+
WORDPRESS_HOSTED_PATTERN = %r{https?://s\d\.wp\.com#{WORDPRESS_PATTERN}}i.freeze
|
|
16
|
+
WP_JSON_OEMBED_PATTERN = %r{/wp-json/oembed/}i.freeze
|
|
17
|
+
WP_ADMIN_AJAX_PATTERN = %r{\\?/wp-admin\\?/admin-ajax\.php}i.freeze
|
|
17
18
|
|
|
18
19
|
# These methods are used in the associated interesting_findings finders
|
|
19
20
|
# to keep the boolean state of the finding rather than re-check the whole thing again
|
|
@@ -103,11 +104,8 @@ module WPScan
|
|
|
103
104
|
return true if /\.wordpress\.com$/i.match?(uri.host)
|
|
104
105
|
|
|
105
106
|
unless content_dir
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
uris_from_page(homepage_res, xpath) do |uri|
|
|
110
|
-
return true if uri.to_s.match?(pattern)
|
|
107
|
+
uris_from_page(homepage_res, '(//@href|//@src)[contains(., "wp.com")]') do |uri|
|
|
108
|
+
return true if uri.to_s.match?(WORDPRESS_HOSTED_PATTERN)
|
|
111
109
|
end
|
|
112
110
|
end
|
|
113
111
|
|
|
@@ -7,7 +7,8 @@ module Typhoeus
|
|
|
7
7
|
#
|
|
8
8
|
# @return [ Boolean ]
|
|
9
9
|
def from_vuln_api?
|
|
10
|
-
effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) &&
|
|
10
|
+
effective_url.start_with?(WPScan::DB::VulnApi.uri.to_s) &&
|
|
11
|
+
!effective_url.start_with?(WPScan::DB::VulnApi.uri.join('status').to_s)
|
|
11
12
|
end
|
|
12
13
|
end
|
|
13
14
|
end
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.8.
|
|
4
|
+
version: 3.8.15
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-02-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.13.1
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.13.1
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: 0.
|
|
47
|
+
version: 1.0.0
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: 0.
|
|
54
|
+
version: 1.0.0
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: rake
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -72,14 +72,14 @@ dependencies:
|
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: 3.
|
|
75
|
+
version: 3.10.0
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: 3.
|
|
82
|
+
version: 3.10.0
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: rspec-its
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,42 +100,42 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.9.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.9.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rubocop-performance
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: 1.9.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: 1.9.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: simplecov
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: 0.
|
|
131
|
+
version: 0.21.0
|
|
132
132
|
type: :development
|
|
133
133
|
prerelease: false
|
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
136
|
- - "~>"
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version: 0.
|
|
138
|
+
version: 0.21.0
|
|
139
139
|
- !ruby/object:Gem::Dependency
|
|
140
140
|
name: simplecov-lcov
|
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -170,17 +170,17 @@ dependencies:
|
|
|
170
170
|
requirements:
|
|
171
171
|
- - "~>"
|
|
172
172
|
- !ruby/object:Gem::Version
|
|
173
|
-
version: 3.
|
|
173
|
+
version: 3.11.0
|
|
174
174
|
type: :development
|
|
175
175
|
prerelease: false
|
|
176
176
|
version_requirements: !ruby/object:Gem::Requirement
|
|
177
177
|
requirements:
|
|
178
178
|
- - "~>"
|
|
179
179
|
- !ruby/object:Gem::Version
|
|
180
|
-
version: 3.
|
|
180
|
+
version: 3.11.0
|
|
181
181
|
description: WPScan is a black box WordPress vulnerability scanner.
|
|
182
182
|
email:
|
|
183
|
-
-
|
|
183
|
+
- contact@wpscan.com
|
|
184
184
|
executables:
|
|
185
185
|
- wpscan
|
|
186
186
|
extensions: []
|
|
@@ -213,6 +213,7 @@ files:
|
|
|
213
213
|
- app/finders/interesting_findings/full_path_disclosure.rb
|
|
214
214
|
- app/finders/interesting_findings/mu_plugins.rb
|
|
215
215
|
- app/finders/interesting_findings/multisite.rb
|
|
216
|
+
- app/finders/interesting_findings/php_disabled.rb
|
|
216
217
|
- app/finders/interesting_findings/readme.rb
|
|
217
218
|
- app/finders/interesting_findings/registration.rb
|
|
218
219
|
- app/finders/interesting_findings/tmm_db_migrate.rb
|
|
@@ -377,7 +378,7 @@ files:
|
|
|
377
378
|
- lib/wpscan/version.rb
|
|
378
379
|
- lib/wpscan/vulnerability.rb
|
|
379
380
|
- lib/wpscan/vulnerable.rb
|
|
380
|
-
homepage: https://wpscan.
|
|
381
|
+
homepage: https://wpscan.com/wordpress-security-scanner
|
|
381
382
|
licenses:
|
|
382
383
|
- Dual
|
|
383
384
|
metadata: {}
|