wpscan 3.8.12 → 3.8.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1b15205abaabe9c5d311ec5cbb471948a4c385f56bf22166800abecfa071b57a
|
|
4
|
+
data.tar.gz: f97caad190b0ceff2a35338989f701363fc33bf3ebdf65b722043b03656ac7fd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b77be4cc33ec3c6c7f34cf4a89cd2528dd6f0dd8dde66352f10a96ec085a760282343401e1e75d7247a2e8671257e63894752cf0174025524e0702ed8e890cab
|
|
7
|
+
data.tar.gz: 801bf830858b01d41c819cd2ebb55b9927b429be71ef661895fde00afe3e1fd2823cc70034d30769842942d173579a363c49dea295873a98f5c95d7c0d00a88f
|
data/app/controllers/core.rb
CHANGED
|
@@ -8,13 +8,13 @@ module WPScan
|
|
|
8
8
|
def cli_options
|
|
9
9
|
[OptURL.new(['--url URL', 'The URL of the blog to scan'],
|
|
10
10
|
required_unless: %i[update help hh version], default_protocol: 'http')] +
|
|
11
|
-
super.drop(
|
|
11
|
+
super.drop(2) + # delete the --url and --force from CMSScanner
|
|
12
12
|
[
|
|
13
13
|
OptChoice.new(['--server SERVER', 'Force the supplied server module to be loaded'],
|
|
14
14
|
choices: %w[apache iis nginx],
|
|
15
15
|
normalize: %i[downcase to_sym],
|
|
16
16
|
advanced: true),
|
|
17
|
-
OptBoolean.new(['--force', 'Do not check if the target is running WordPress']),
|
|
17
|
+
OptBoolean.new(['--force', 'Do not check if the target is running WordPress or returns a 403']),
|
|
18
18
|
OptBoolean.new(['--[no-]update', 'Whether or not to update the Database'])
|
|
19
19
|
]
|
|
20
20
|
end
|
|
@@ -6,6 +6,7 @@ require_relative 'interesting_findings/multisite'
|
|
|
6
6
|
require_relative 'interesting_findings/debug_log'
|
|
7
7
|
require_relative 'interesting_findings/backup_db'
|
|
8
8
|
require_relative 'interesting_findings/mu_plugins'
|
|
9
|
+
require_relative 'interesting_findings/php_disabled'
|
|
9
10
|
require_relative 'interesting_findings/registration'
|
|
10
11
|
require_relative 'interesting_findings/tmm_db_migrate'
|
|
11
12
|
require_relative 'interesting_findings/upload_sql_dump'
|
|
@@ -26,7 +27,7 @@ module WPScan
|
|
|
26
27
|
%w[
|
|
27
28
|
Readme DebugLog FullPathDisclosure BackupDB DuplicatorInstallerLog
|
|
28
29
|
Multisite MuPlugins Registration UploadDirectoryListing TmmDbMigrate
|
|
29
|
-
UploadSQLDump EmergencyPwdResetScript WPCron
|
|
30
|
+
UploadSQLDump EmergencyPwdResetScript WPCron PHPDisabled
|
|
30
31
|
].each do |f|
|
|
31
32
|
finders << InterestingFindings.const_get(f).new(target)
|
|
32
33
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module WPScan
|
|
4
|
+
module Finders
|
|
5
|
+
module InterestingFindings
|
|
6
|
+
# See https://github.com/wpscanteam/wpscan/issues/1593
|
|
7
|
+
class PHPDisabled < CMSScanner::Finders::Finder
|
|
8
|
+
PATTERN = /\$wp_version =/.freeze
|
|
9
|
+
|
|
10
|
+
# @return [ InterestingFinding ]
|
|
11
|
+
def aggressive(_opts = {})
|
|
12
|
+
path = 'wp-includes/version.php'
|
|
13
|
+
|
|
14
|
+
return unless PATTERN.match?(target.head_and_get(path).body)
|
|
15
|
+
|
|
16
|
+
Model::PHPDisabled.new(target.url(path), confidence: 100, found_by: DIRECT_ACCESS)
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -132,5 +132,19 @@ module WPScan
|
|
|
132
132
|
}
|
|
133
133
|
end
|
|
134
134
|
end
|
|
135
|
+
|
|
136
|
+
class PHPDisabled < InterestingFinding
|
|
137
|
+
# @return [ String ]
|
|
138
|
+
def to_s
|
|
139
|
+
@to_s ||= 'PHP seems to be disabled'
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
# @return [ Hash ]
|
|
143
|
+
def references
|
|
144
|
+
@references ||= {
|
|
145
|
+
url: ['https://github.com/wpscanteam/wpscan/issues/1593']
|
|
146
|
+
}
|
|
147
|
+
end
|
|
148
|
+
end
|
|
135
149
|
end
|
|
136
150
|
end
|
data/lib/wpscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wpscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.8.
|
|
4
|
+
version: 3.8.13
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- WPScanTeam
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-01-
|
|
11
|
+
date: 2021-01-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cms_scanner
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.13.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.13.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: 1.8.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: 1.8.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rubocop-performance
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -213,6 +213,7 @@ files:
|
|
|
213
213
|
- app/finders/interesting_findings/full_path_disclosure.rb
|
|
214
214
|
- app/finders/interesting_findings/mu_plugins.rb
|
|
215
215
|
- app/finders/interesting_findings/multisite.rb
|
|
216
|
+
- app/finders/interesting_findings/php_disabled.rb
|
|
216
217
|
- app/finders/interesting_findings/readme.rb
|
|
217
218
|
- app/finders/interesting_findings/registration.rb
|
|
218
219
|
- app/finders/interesting_findings/tmm_db_migrate.rb
|