wpscan 3.8.11 → 3.8.16

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 299c8c4ad7fc7a8e9329a891e57a6d13a2872ca0a977f49fe2070e71033e48a1
4
- data.tar.gz: dcf67f4cc1770e7f97a201cc0216c7aa7fcf0d3d239834f597a822bdb30e373b
3
+ metadata.gz: 5a0b4c94506cabb2e0e6363ef3d9287d65fda78e47c6fc35272d600df532d964
4
+ data.tar.gz: 67b2b4c373efaad655a3cbb7c666e8e21ff71306611fee28efdfc70e1cb7ed44
5
5
  SHA512:
6
- metadata.gz: 57c0d2f83d1e6a9a33a79aae80bc0a6ee96ce938eb562db811ca55920607fbba71859f6f3aba8de97a9b900b853edb9bcd02672a14a4948301f0a083b835a13e
7
- data.tar.gz: 433b89aab18df530527092bb3bb499fdf8bfcbf3043a9369744ea85aa59bb8709bc0d624ed20451103138b0e2bd86c78f8c18476378899172f450be1c2968b6d
6
+ metadata.gz: cb558302c8dd13327816a1ee456763ffbbd66cefc28051ed0fd15ee1eaf41775652552a08be1af125d4d43f536f960f23fe9675b97040ef071950c230c6cf059
7
+ data.tar.gz: f89c89415dbb34b7c8a99f3876914a44a602ae23cde638b649bf1b1fa3d10bc9c0fbd19bed827f9841cb9d7324ad1e4c5b564ba3027ab94ec2ce56cc754e08c0
data/README.md CHANGED
@@ -24,10 +24,11 @@
24
24
  ## Prerequisites
25
25
 
26
26
  - (Optional but highly recommended: [RVM](https://rvm.io/rvm/install))
27
- - Ruby >= 2.3 - Recommended: latest
27
+ - Ruby >= 2.5 - Recommended: latest
28
28
  - Ruby 2.5.0 to 2.5.3 can cause an 'undefined symbol: rmpd_util_str_to_d' error in some systems, see [#1283](https://github.com/wpscanteam/wpscan/issues/1283)
29
- - Curl >= 7.21 - Recommended: latest
29
+ - Curl >= 7.72 - Recommended: latest
30
30
  - The 7.29 has a segfault
31
+ - The < 7.72 could result in `Stream error in the HTTP/2 framing layer` in some cases
31
32
  - RubyGems - Recommended: latest
32
33
  - Nokogiri might require packages to be installed via your package manager depending on your OS, see https://nokogiri.org/tutorials/installing_nokogiri.html
33
34
 
@@ -35,6 +36,10 @@
35
36
 
36
37
  When using a pentesting distubution (such as Kali Linux), it is recommended to install/update wpscan via the package manager if available.
37
38
 
39
+ ### In macOSX via Homebrew
40
+
41
+ `brew install wpscanteam/tap/wpscan`
42
+
38
43
  ### From RubyGems
39
44
 
40
45
  ```shell
@@ -47,7 +52,7 @@ On MacOSX, if a ```Gem::FilePermissionError``` is raised due to the Apple's Syst
47
52
 
48
53
  You can update the local database by using ```wpscan --update```
49
54
 
50
- Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending how WPScan was (pre)installed
55
+ Updating WPScan itself is either done via ```gem update wpscan``` or the packages manager (this is quite important for distributions such as in Kali Linux: ```apt-get update && apt-get upgrade```) depending on how WPScan was (pre)installed
51
56
 
52
57
  # Docker
53
58
 
@@ -80,9 +85,19 @@ For more options, open a terminal and type ```wpscan --help``` (if you built wps
80
85
 
81
86
  The DB is located at ~/.wpscan/db
82
87
 
83
- ## Vulnerability Database
88
+ ## Optional: WordPress Vulnerability Database API
89
+
90
+ The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
91
+
92
+ Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan.com](https://wpscan.com/).
93
+
94
+ #### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
95
+
96
+ ### How many API requests do you need?
84
97
 
85
- The WPScan CLI tool uses the [WPScan API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan](https://wpscan.com/register). Up to 50 API requests per day are given free of charge to registered users. Once the 50 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan](https://wpscan.com/).
98
+ - Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
99
+ - On average, a WordPress website has 22 installed plugins.
100
+ - The Free plan should cover around 50% of all WordPress websites.
86
101
 
87
102
  ## Load CLI options from file/s
88
103
 
@@ -8,13 +8,13 @@ module WPScan
8
8
  def cli_options
9
9
  [OptURL.new(['--url URL', 'The URL of the blog to scan'],
10
10
  required_unless: %i[update help hh version], default_protocol: 'http')] +
11
- super.drop(1) + # delete the --url from CMSScanner
11
+ super.drop(2) + # delete the --url and --force from CMSScanner
12
12
  [
13
13
  OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
14
14
  choices: %w[apache iis nginx],
15
15
  normalize: %i[downcase to_sym],
16
16
  advanced: true),
17
- OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
17
+ OptBoolean.new(['--force', 'Do not check if the target is running WordPress or returns a 403']),
18
18
  OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
19
19
  ]
20
20
  end
@@ -39,7 +39,7 @@ module WPScan
39
39
  output('@notice', msg: 'It seems like you have not updated the database for some time.')
40
40
  print '[?] Do you want to update now? [Y]es [N]o, default: [N]'
41
41
 
42
- /^y/i.match?(Readline.readline) ? true : false
42
+ /^y/i.match?(Readline.readline)
43
43
  end
44
44
 
45
45
  def update_db
@@ -7,7 +7,7 @@ module WPScan
7
7
  class KnownLocations < CMSScanner::Finders::Finder
8
8
  include CMSScanner::Finders::Finder::Enumerator
9
9
 
10
- SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE) TABLE|INSERT INTO/.freeze
10
+ SQL_PATTERN = /(?:DROP|(?:UN)?LOCK|CREATE|ALTER) (?:TABLE|DATABASE)|INSERT INTO/.freeze
11
11
 
12
12
  # @param [ Hash ] opts
13
13
  # @option opts [ String ] :list
@@ -6,6 +6,7 @@ require_relative 'interesting_findings/multisite'
6
6
  require_relative 'interesting_findings/debug_log'
7
7
  require_relative 'interesting_findings/backup_db'
8
8
  require_relative 'interesting_findings/mu_plugins'
9
+ require_relative 'interesting_findings/php_disabled'
9
10
  require_relative 'interesting_findings/registration'
10
11
  require_relative 'interesting_findings/tmm_db_migrate'
11
12
  require_relative 'interesting_findings/upload_sql_dump'
@@ -26,7 +27,7 @@ module WPScan
26
27
  %w[
27
28
  Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
28
29
  Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
29
- UploadSQLDump EmergencyPwdResetScript WPCron
30
+ UploadSQLDump EmergencyPwdResetScript WPCron PHPDisabled
30
31
  ].each do |f|
31
32
  finders << InterestingFindings.const_get(f).new(target)
32
33
  end
@@ -0,0 +1,21 @@
1
+ # frozen_string_literal: true
2
+
3
+ module WPScan
4
+ module Finders
5
+ module InterestingFindings
6
+ # See https://github.com/wpscanteam/wpscan/issues/1593
7
+ class PHPDisabled < CMSScanner::Finders::Finder
8
+ PATTERN = /\$wp_version =/.freeze
9
+
10
+ # @return [ InterestingFinding ]
11
+ def aggressive(_opts = {})
12
+ path = 'wp-includes/version.php'
13
+
14
+ return unless PATTERN.match?(target.head_and_get(path).body)
15
+
16
+ Model::PHPDisabled.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
17
+ end
18
+ end
19
+ end
20
+ end
21
+ end
@@ -132,5 +132,19 @@ module WPScan
132
132
  }
133
133
  end
134
134
  end
135
+
136
+ class PHPDisabled < InterestingFinding
137
+ # @return [ String ]
138
+ def to_s
139
+ @to_s ||= 'PHP seems to be disabled'
140
+ end
141
+
142
+ # @return [ Hash ]
143
+ def references
144
+ @references ||= {
145
+ url: ['https://github.com/wpscanteam/wpscan/issues/1593']
146
+ }
147
+ end
148
+ end
135
149
  end
136
150
  end
@@ -63,7 +63,7 @@ module WPScan
63
63
  def webshot_enabled?
64
64
  res = Browser.get(url, params: { webshot: 1, src: "http://#{default_allowed_domains.sample}" })
65
65
 
66
- /WEBSHOT_ENABLED == true/.match?(res.body) ? false : true
66
+ !/WEBSHOT_ENABLED == true/.match?(res.body)
67
67
  end
68
68
 
69
69
  # @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)
@@ -53,7 +53,9 @@ module WPScan
53
53
  #
54
54
  # @return [ Boolean ]
55
55
  def vulnerable_to?(vuln)
56
- return true unless version && vuln && vuln.fixed_in && !vuln.fixed_in.empty?
56
+ return false if version && vuln&.introduced_in && version < vuln.introduced_in
57
+
58
+ return true unless version && vuln&.fixed_in && !vuln.fixed_in.empty?
57
59
 
58
60
  version < vuln.fixed_in
59
61
  end
@@ -9,5 +9,5 @@
9
9
  <% end -%>
10
10
  <% else -%>
11
11
  <%= warning_icon %> No WPScan API Token given, as a result vulnerability data has not been output.
12
- <%= warning_icon %> You can get a free API token with 50 daily requests by registering at https://wpscan.com/register
12
+ <%= warning_icon %> You can get a free API token with 25 daily requests by registering at https://wpscan.com/register
13
13
  <% end -%>
@@ -8,6 +8,6 @@
8
8
  "requests_remaining": <%= @status['requests_remaining'].to_json %>
9
9
  <% end -%>
10
10
  <% else -%>
11
- "error": "No WPScan API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 50 daily requests by registering at https://wpscan.com/register"
11
+ "error": "No WPScan API Token given, as a result vulnerability data has not been output.\nYou can get a free API token with 25 daily requests by registering at https://wpscan.com/register"
12
12
  <% end -%>
13
13
  },
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.8.11'
5
+ VERSION = '3.8.16'
6
6
  end
@@ -21,6 +21,7 @@ module WPScan
21
21
  references: references,
22
22
  type: json_data['vuln_type'],
23
23
  fixed_in: json_data['fixed_in'],
24
+ introduced_in: json_data['introduced_in'],
24
25
  cvss: json_data['cvss']&.symbolize_keys
25
26
  )
26
27
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.11
4
+ version: 3.8.16
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-16 00:00:00.000000000 Z
11
+ date: 2021-03-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.12.1
19
+ version: 0.13.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.12.1
26
+ version: 0.13.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,42 +100,42 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.6.0
103
+ version: 1.11.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.6.0
110
+ version: 1.11.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rubocop-performance
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.9.0
117
+ version: 1.10.0
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.9.0
124
+ version: 1.10.0
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: simplecov
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 0.20.0
131
+ version: 0.21.0
132
132
  type: :development
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 0.20.0
138
+ version: 0.21.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: simplecov-lcov
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: 3.10.0
173
+ version: 3.12.0
174
174
  type: :development
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: 3.10.0
180
+ version: 3.12.0
181
181
  description: WPScan is a black box WordPress vulnerability scanner.
182
182
  email:
183
183
  - contact@wpscan.com
@@ -213,6 +213,7 @@ files:
213
213
  - app/finders/interesting_findings/full_path_disclosure.rb
214
214
  - app/finders/interesting_findings/mu_plugins.rb
215
215
  - app/finders/interesting_findings/multisite.rb
216
+ - app/finders/interesting_findings/php_disabled.rb
216
217
  - app/finders/interesting_findings/readme.rb
217
218
  - app/finders/interesting_findings/registration.rb
218
219
  - app/finders/interesting_findings/tmm_db_migrate.rb