wpscan 3.8.12 → 3.8.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5f9b88c8725bd16564cbb9df4e4ac89ad7037697a30d4afdfbf80f289a851b22
-  data.tar.gz: 1c27911c57f74e294c2cd4bf8a4ae5698c789eea3bc447f53473c66ff5639edb
+  metadata.gz: 1b15205abaabe9c5d311ec5cbb471948a4c385f56bf22166800abecfa071b57a
+  data.tar.gz: f97caad190b0ceff2a35338989f701363fc33bf3ebdf65b722043b03656ac7fd
 SHA512:
-  metadata.gz: c89e1d0563f8198e224f6db3c2a2d721ecbcba039a7c2b8781f8e727520e27698469000b43b494002fd5496b41a4fe00272b0bfc1ed30c5e3ceac5f14e473a86
-  data.tar.gz: '0977ec695dfc7756e5e4e3c7936a3b3031aa9fbf9519e1f751d191959f6df95a9aadd899d0bf17844d02d88ebbad09b9868341baab88a284b3d24b541b359241'
+  metadata.gz: b77be4cc33ec3c6c7f34cf4a89cd2528dd6f0dd8dde66352f10a96ec085a760282343401e1e75d7247a2e8671257e63894752cf0174025524e0702ed8e890cab
+  data.tar.gz: 801bf830858b01d41c819cd2ebb55b9927b429be71ef661895fde00afe3e1fd2823cc70034d30769842942d173579a363c49dea295873a98f5c95d7c0d00a88f

data/app/controllers/core.rb

@@ -8,13 +8,13 @@ module WPScan
       def cli_options
         [OptURL.new(['--url URL', 'The URL of the blog to scan'],
                     required_unless: %i[update help hh version], default_protocol: 'http')] +
-          super.drop(1) + # delete the --url from CMSScanner
+          super.drop(2) + # delete the --url and --force from CMSScanner
           [
             OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
                           choices: %w[apache iis nginx],
                           normalize: %i[downcase to_sym],
                           advanced: true),
-            OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
+            OptBoolean.new(['--force', 'Do not check if the target is running WordPress or returns a 403']),
             OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
           ]
       end

data/app/finders/interesting_findings.rb

@@ -6,6 +6,7 @@ require_relative 'interesting_findings/multisite'
 require_relative 'interesting_findings/debug_log'
 require_relative 'interesting_findings/backup_db'
 require_relative 'interesting_findings/mu_plugins'
+require_relative 'interesting_findings/php_disabled'
 require_relative 'interesting_findings/registration'
 require_relative 'interesting_findings/tmm_db_migrate'
 require_relative 'interesting_findings/upload_sql_dump'
@@ -26,7 +27,7 @@ module WPScan
           %w[
             Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
             Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
-            UploadSQLDump EmergencyPwdResetScript WPCron
+            UploadSQLDump EmergencyPwdResetScript WPCron PHPDisabled
           ].each do |f|
             finders << InterestingFindings.const_get(f).new(target)
           end

data/app/finders/interesting_findings/php_disabled.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module WPScan
+  module Finders
+    module InterestingFindings
+      # See https://github.com/wpscanteam/wpscan/issues/1593
+      class PHPDisabled < CMSScanner::Finders::Finder
+        PATTERN = /\$wp_version =/.freeze
+
+        # @return [ InterestingFinding ]
+        def aggressive(_opts = {})
+          path = 'wp-includes/version.php'
+
+          return unless PATTERN.match?(target.head_and_get(path).body)
+
+          Model::PHPDisabled.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
+        end
+      end
+    end
+  end
+end

data/app/models/interesting_finding.rb

@@ -132,5 +132,19 @@ module WPScan
         }
       end
     end
+
+    class PHPDisabled < InterestingFinding
+      # @return [ String ]
+      def to_s
+        @to_s ||= 'PHP seems to be disabled'
+      end
+
+      # @return [ Hash ]
+      def references
+        @references ||= {
+          url: ['https://github.com/wpscanteam/wpscan/issues/1593']
+        }
+      end
+    end
   end
 end

data/lib/wpscan/version.rb

@@ -2,5 +2,5 @@
 
 # Version
 module WPScan
-  VERSION = '3.8.12'
+  VERSION = '3.8.13'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: wpscan
 version: !ruby/object:Gem::Version
-  version: 3.8.12
+  version: 3.8.13
 platform: ruby
 authors:
 - WPScanTeam
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-04 00:00:00.000000000 Z
+date: 2021-01-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.12.2
+        version: 0.13.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.12.2
+        version: 0.13.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0
+        version: 1.8.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.7.0
+        version: 1.8.0
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
@@ -213,6 +213,7 @@ files:
 - app/finders/interesting_findings/full_path_disclosure.rb
 - app/finders/interesting_findings/mu_plugins.rb
 - app/finders/interesting_findings/multisite.rb
+- app/finders/interesting_findings/php_disabled.rb
 - app/finders/interesting_findings/readme.rb
 - app/finders/interesting_findings/registration.rb
 - app/finders/interesting_findings/tmm_db_migrate.rb