wpscan 3.8.21 → 3.8.24

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -5
  3. data/app/controllers/password_attack.rb +2 -1
  4. data/lib/wpscan/db/updater.rb +1 -1
  5. data/lib/wpscan/db/vuln_api.rb +1 -1
  6. data/lib/wpscan/version.rb +1 -1
  7. metadata +10 -10
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 22b6d832d1770e8cac645d0b6522acf74fb1ae7282ccd576c35dc0c2f34c91a7
4
- data.tar.gz: 53154ef76c9489dee96220ef01069802158b4087183ff8b8136d580f7dd5437e
3
+ metadata.gz: 23e760a18e71e13ba38ca87b045d98e1797681b3825f3478cd0207bd6c0df444
4
+ data.tar.gz: d0a32dd76141b699942aa8fce40b72f5c53cf43f5760e11edc366b5db7bb3185
5
5
  SHA512:
6
- metadata.gz: c0da7e059312f7480b35df4311d2297facb1c557244d4a8bdb5270e01c35e6807c4b3c5192b174089ba770921e2231fac440da6783568e0708f8ab58a720ceb7
7
- data.tar.gz: b7b8aa218b77d7f0857bf085d91a944578fbdc88d5fa7e58a59bb674b6a65f847d6e6b73b4cb4afbbc9cdc0ab90805db89bde234abf8208b92f0e97ef8aa72b8
6
+ metadata.gz: afe57fb1ec101b3ac1309812ab3504b0c1d0a27fa807d302689f23678bbdf9980c8d1389a2c9d37dfbdc93386f4448a0f8eb33e4141ec1891b5ffdca3eecdf14
7
+ data.tar.gz: b79484562638d87bbb3ffd129988f9d7c1cbb062006c24bc918852767b143a1d34a576c1e3275ff599522cbac953eb35aebeb6cd4b447dccf365335966581bff
data/README.md CHANGED
@@ -90,15 +90,12 @@ The DB is located at ~/.wpscan/db
90
90
 
91
91
  The WPScan CLI tool uses the [WordPress Vulnerability Database API](https://wpscan.com/api) to retrieve WordPress vulnerability data in real time. For WPScan to retrieve the vulnerability data an API token must be supplied via the `--api-token` option, or via a configuration file, as discussed below. An API token can be obtained by registering an account on [WPScan.com](https://wpscan.com/register).
92
92
 
93
- Up to 25 API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data. Users can upgrade to paid API usage to increase their API limits within their user profile on [WPScan.com](https://wpscan.com/).
94
-
95
- #### The Free plan allows 25 API requests per day. View the different [available API plans](https://wpscan.com/api).
93
+ Up to **25** API requests per day are given free of charge, that should be suitable to scan most WordPress websites at least once per day. When the daily 25 API requests are exhausted, WPScan will continue to work as normal but without any vulnerability data.
96
94
 
97
95
  ### How many API requests do you need?
98
96
 
99
97
  - Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
100
98
  - On average, a WordPress website has 22 installed plugins.
101
- - The Free plan should cover around 50% of all WordPress websites.
102
99
 
103
100
  ## Load CLI options from file/s
104
101
 
@@ -137,7 +134,7 @@ The feature mentioned above is useful to keep the API Token in a config file and
137
134
 
138
135
  ```yml
139
136
  cli_options:
140
- api_token: YOUR_API_TOKEN
137
+ api_token: 'YOUR_API_TOKEN'
141
138
  ```
142
139
 
143
140
  ## Load API Token From ENV (since v3.7.10)
data/app/controllers/password_attack.rb CHANGED
@@ -17,7 +17,8 @@ module WPScan
17
17
  'Maximum number of passwords to send by request with XMLRPC multicall'],
18
18
  default: 500),
19
19
  OptChoice.new(['--password-attack ATTACK',
20
- 'Force the supplied attack to be used rather than automatically determining one.'],
20
+ 'Force the supplied attack to be used rather than automatically determining one.',
21
+ 'Multicall will only work against WP < 4.4'],
21
22
  choices: %w[wp-login xmlrpc xmlrpc-multicall],
22
23
  normalize: %i[downcase underscore to_sym]),
23
24
  OptString.new(['--login-uri URI', 'The URI of the login page if different from /wp-login.php'])
data/lib/wpscan/db/updater.rb CHANGED
@@ -73,7 +73,7 @@ module WPScan
73
73
  # @return [ Hash ] The params for Typhoeus::Request
74
74
  # @note Those params can't be overriden by CLI options
75
75
  def request_params
76
- @request_params ||= Browser.instance.default_connect_request_params.merge(
76
+ @request_params ||= Browser.instance.default_request_params.merge(
77
77
  timeout: 600,
78
78
  connecttimeout: 300,
79
79
  accept_encoding: 'gzip, deflate',
data/lib/wpscan/db/vuln_api.rb CHANGED
@@ -70,7 +70,7 @@ module WPScan
70
70
  # @return [ Hash ]
71
71
  # @note Those params can not be overriden by CLI options
72
72
  def self.default_request_params
73
- @default_request_params ||= Browser.instance.default_connect_request_params.merge(
73
+ @default_request_params ||= Browser.instance.default_request_params.merge(
74
74
  headers: {
75
75
  'User-Agent' => Browser.instance.default_user_agent,
76
76
  'Authorization' => "Token token=#{token}"
data/lib/wpscan/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
 
3
3
  # Version
4
4
  module WPScan
5
- VERSION = '3.8.21'
5
+ VERSION = '3.8.24'
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wpscan
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.8.21
4
+ version: 3.8.24
5
5
  platform: ruby
6
6
  authors:
7
7
  - WPScanTeam
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-22 00:00:00.000000000 Z
11
+ date: 2023-06-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: cms_scanner
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.13.7
19
+ version: 0.13.8
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.13.7
26
+ version: 0.13.8
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 3.11.0
75
+ version: 3.12.0
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 3.11.0
82
+ version: 3.12.0
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: rspec-its
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.25.0
103
+ version: 1.26.0
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.25.0
110
+ version: 1.26.0
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rubocop-performance
113
113
  requirement: !ruby/object:Gem::Requirement
@@ -170,14 +170,14 @@ dependencies:
170
170
  requirements:
171
171
  - - "~>"
172
172
  - !ruby/object:Gem::Version
173
- version: 3.14.0
173
+ version: 3.18.1
174
174
  type: :development
175
175
  prerelease: false
176
176
  version_requirements: !ruby/object:Gem::Requirement
177
177
  requirements:
178
178
  - - "~>"
179
179
  - !ruby/object:Gem::Version
180
- version: 3.14.0
180
+ version: 3.18.1
181
181
  description: WPScan is a black box WordPress vulnerability scanner.
182
182
  email:
183
183
  - contact@wpscan.com